From 5f8de423f190bbb79a62f804151bc24824fa32d8 Mon Sep 17 00:00:00 2001 From: "Matt A. Tobin" Date: Fri, 2 Feb 2018 04:16:08 -0500 Subject: Add m-esr52 at 52.6.0 --- security/manager/ssl/CSTrustDomain.cpp | 231 + security/manager/ssl/CSTrustDomain.h | 80 + security/manager/ssl/CertBlocklist.cpp | 671 + security/manager/ssl/CertBlocklist.h | 89 + security/manager/ssl/ContentSignatureVerifier.cpp | 562 + security/manager/ssl/ContentSignatureVerifier.h | 92 + security/manager/ssl/CryptoTask.cpp | 95 + security/manager/ssl/CryptoTask.h | 105 + security/manager/ssl/DER.jsm | 304 + security/manager/ssl/DataStorage.cpp | 940 + security/manager/ssl/DataStorage.h | 202 + security/manager/ssl/DataStorageIPCUtils.h | 21 + security/manager/ssl/LocalCertService.cpp | 501 + security/manager/ssl/LocalCertService.h | 27 + security/manager/ssl/NSSErrorsService.cpp | 206 + security/manager/ssl/NSSErrorsService.h | 49 + security/manager/ssl/PPSMContentDownloader.ipdl | 28 + security/manager/ssl/PSMContentListener.cpp | 454 + security/manager/ssl/PSMContentListener.h | 111 + security/manager/ssl/PSMRunnable.cpp | 47 + security/manager/ssl/PSMRunnable.h | 46 + security/manager/ssl/PublicKeyPinningService.cpp | 374 + security/manager/ssl/PublicKeyPinningService.h | 65 + security/manager/ssl/PublicSSL.h | 25 + .../manager/ssl/RootCertificateTelemetryUtils.cpp | 90 + .../manager/ssl/RootCertificateTelemetryUtils.h | 30 + security/manager/ssl/RootHashes.inc | 1140 + security/manager/ssl/SSLServerCertVerification.cpp | 1795 + security/manager/ssl/SSLServerCertVerification.h | 19 + security/manager/ssl/ScopedNSSTypes.h | 405 + security/manager/ssl/SecretDecoderRing.cpp | 234 + security/manager/ssl/SecretDecoderRing.h | 39 + security/manager/ssl/SharedCertVerifier.h | 36 + security/manager/ssl/SharedSSLState.cpp | 218 + security/manager/ssl/SharedSSLState.h | 87 + security/manager/ssl/StaticHPKPins.errors | 28 + security/manager/ssl/StaticHPKPins.h | 1185 + security/manager/ssl/TransportSecurityInfo.cpp | 1100 + security/manager/ssl/TransportSecurityInfo.h | 171 + security/manager/ssl/WeakCryptoOverride.cpp | 67 + security/manager/ssl/WeakCryptoOverride.h | 35 + security/manager/ssl/X509.jsm | 632 + security/manager/ssl/crashtests/398665-1.html | 1 + security/manager/ssl/crashtests/crashtests.list | 1 + security/manager/ssl/md4.c | 145 + security/manager/ssl/md4.h | 38 + security/manager/ssl/moz.build | 194 + security/manager/ssl/nsCertOverrideService.cpp | 705 + security/manager/ssl/nsCertOverrideService.h | 187 + security/manager/ssl/nsCertTree.cpp | 1451 + security/manager/ssl/nsCertTree.h | 154 + security/manager/ssl/nsClientAuthRemember.cpp | 213 + security/manager/ssl/nsClientAuthRemember.h | 155 + security/manager/ssl/nsCrypto.cpp | 113 + security/manager/ssl/nsCrypto.h | 32 + security/manager/ssl/nsCryptoHash.cpp | 438 + security/manager/ssl/nsCryptoHash.h | 56 + security/manager/ssl/nsDataSignatureVerifier.cpp | 336 + security/manager/ssl/nsDataSignatureVerifier.h | 47 + security/manager/ssl/nsIASN1Object.idl | 70 + security/manager/ssl/nsIASN1PrintableItem.idl | 15 + security/manager/ssl/nsIASN1Sequence.idl | 56 + .../manager/ssl/nsIAssociatedContentSecurity.idl | 23 + security/manager/ssl/nsIBadCertListener2.idl | 32 + security/manager/ssl/nsICertBlocklist.idl | 61 + security/manager/ssl/nsICertOverrideService.idl | 144 + security/manager/ssl/nsICertTree.idl | 37 + security/manager/ssl/nsICertificateDialogs.idl | 77 + security/manager/ssl/nsIClientAuthDialogs.idl | 47 + .../manager/ssl/nsIContentSignatureVerifier.idl | 116 + security/manager/ssl/nsIDataSignatureVerifier.idl | 40 + security/manager/ssl/nsIGenKeypairInfoDlg.idl | 34 + security/manager/ssl/nsIKeyModule.idl | 37 + security/manager/ssl/nsIKeygenThread.idl | 48 + security/manager/ssl/nsILocalCertService.idl | 69 + security/manager/ssl/nsINSSU2FToken.idl | 21 + security/manager/ssl/nsINSSVersion.idl | 27 + security/manager/ssl/nsIPK11Token.idl | 74 + security/manager/ssl/nsIPK11TokenDB.idl | 42 + security/manager/ssl/nsIPKCS11.idl | 16 + security/manager/ssl/nsIPKCS11Module.idl | 21 + security/manager/ssl/nsIPKCS11ModuleDB.idl | 35 + security/manager/ssl/nsIPKCS11Slot.idl | 44 + security/manager/ssl/nsIProtectedAuthThread.idl | 46 + security/manager/ssl/nsISSLStatus.idl | 49 + security/manager/ssl/nsISSLStatusProvider.idl | 13 + security/manager/ssl/nsISecretDecoderRing.idl | 49 + security/manager/ssl/nsISecurityUITelemetry.idl | 150 + security/manager/ssl/nsISiteSecurityService.idl | 204 + security/manager/ssl/nsITokenDialogs.idl | 30 + security/manager/ssl/nsITokenPasswordDialogs.idl | 29 + security/manager/ssl/nsIU2FToken.idl | 66 + security/manager/ssl/nsIWeakCryptoOverride.idl | 45 + security/manager/ssl/nsIX509Cert.idl | 261 + security/manager/ssl/nsIX509CertDB.idl | 431 + security/manager/ssl/nsIX509CertList.idl | 49 + security/manager/ssl/nsIX509CertValidity.idl | 70 + security/manager/ssl/nsKeyModule.cpp | 159 + security/manager/ssl/nsKeyModule.h | 63 + security/manager/ssl/nsKeygenHandler.cpp | 785 + security/manager/ssl/nsKeygenHandler.h | 82 + security/manager/ssl/nsKeygenHandlerContent.cpp | 78 + security/manager/ssl/nsKeygenHandlerContent.h | 42 + security/manager/ssl/nsKeygenThread.cpp | 254 + security/manager/ssl/nsKeygenThread.h | 72 + security/manager/ssl/nsNSSASN1Object.cpp | 430 + security/manager/ssl/nsNSSASN1Object.h | 64 + security/manager/ssl/nsNSSCallbacks.cpp | 1379 + security/manager/ssl/nsNSSCallbacks.h | 198 + security/manager/ssl/nsNSSCertHelper.cpp | 2039 + security/manager/ssl/nsNSSCertHelper.h | 23 + security/manager/ssl/nsNSSCertTrust.cpp | 233 + security/manager/ssl/nsNSSCertTrust.h | 70 + security/manager/ssl/nsNSSCertValidity.cpp | 130 + security/manager/ssl/nsNSSCertValidity.h | 42 + security/manager/ssl/nsNSSCertificate.cpp | 1635 + security/manager/ssl/nsNSSCertificate.h | 132 + security/manager/ssl/nsNSSCertificateDB.cpp | 1658 + security/manager/ssl/nsNSSCertificateDB.h | 77 + .../manager/ssl/nsNSSCertificateFakeTransport.cpp | 478 + .../manager/ssl/nsNSSCertificateFakeTransport.h | 54 + security/manager/ssl/nsNSSComponent.cpp | 2499 + security/manager/ssl/nsNSSComponent.h | 234 + security/manager/ssl/nsNSSErrors.cpp | 103 + security/manager/ssl/nsNSSHelper.h | 58 + security/manager/ssl/nsNSSIOLayer.cpp | 2731 + security/manager/ssl/nsNSSIOLayer.h | 263 + security/manager/ssl/nsNSSModule.cpp | 348 + security/manager/ssl/nsNSSShutDown.cpp | 288 + security/manager/ssl/nsNSSShutDown.h | 271 + security/manager/ssl/nsNSSU2FToken.cpp | 752 + security/manager/ssl/nsNSSU2FToken.h | 44 + security/manager/ssl/nsNSSVersion.cpp | 92 + security/manager/ssl/nsNSSVersion.h | 27 + security/manager/ssl/nsNTLMAuthModule.cpp | 1179 + security/manager/ssl/nsNTLMAuthModule.h | 44 + security/manager/ssl/nsPK11TokenDB.cpp | 498 + security/manager/ssl/nsPK11TokenDB.h | 71 + security/manager/ssl/nsPKCS11Slot.cpp | 569 + security/manager/ssl/nsPKCS11Slot.h | 88 + security/manager/ssl/nsPKCS12Blob.cpp | 644 + security/manager/ssl/nsPKCS12Blob.h | 87 + security/manager/ssl/nsProtectedAuthThread.cpp | 146 + security/manager/ssl/nsProtectedAuthThread.h | 56 + security/manager/ssl/nsRandomGenerator.cpp | 55 + security/manager/ssl/nsRandomGenerator.h | 30 + security/manager/ssl/nsSSLSocketProvider.cpp | 68 + security/manager/ssl/nsSSLSocketProvider.h | 29 + security/manager/ssl/nsSSLStatus.cpp | 379 + security/manager/ssl/nsSSLStatus.h | 74 + security/manager/ssl/nsSTSPreloadList.errors | 10853 ++++ security/manager/ssl/nsSTSPreloadList.inc | 62431 +++++++++++++++++++ security/manager/ssl/nsSecureBrowserUIImpl.cpp | 1191 + security/manager/ssl/nsSecureBrowserUIImpl.h | 96 + security/manager/ssl/nsSecurityHeaderParser.cpp | 244 + security/manager/ssl/nsSecurityHeaderParser.h | 74 + security/manager/ssl/nsSiteSecurityService.cpp | 1302 + security/manager/ssl/nsSiteSecurityService.h | 159 + security/manager/ssl/nsSmartCardMonitor.cpp | 396 + security/manager/ssl/nsSmartCardMonitor.h | 62 + security/manager/ssl/nsTLSSocketProvider.cpp | 69 + security/manager/ssl/nsTLSSocketProvider.h | 34 + security/manager/ssl/nsVerificationJob.h | 51 + security/manager/ssl/tests/.eslintrc.js | 8 + security/manager/ssl/tests/gtest/CertDBTest.cpp | 60 + .../manager/ssl/tests/gtest/DataStorageTest.cpp | 225 + .../ssl/tests/gtest/DeserializeCertTest.cpp | 96 + security/manager/ssl/tests/gtest/MD4Test.cpp | 76 + security/manager/ssl/tests/gtest/OCSPCacheTest.cpp | 337 + security/manager/ssl/tests/gtest/README.txt | 2 + security/manager/ssl/tests/gtest/STSParserTest.cpp | 144 + .../manager/ssl/tests/gtest/TLSIntoleranceTest.cpp | 568 + security/manager/ssl/tests/gtest/moz.build | 29 + .../ssl/tests/mochitest/browser/.eslintrc.js | 5 + .../ssl/tests/mochitest/browser/browser.ini | 18 + .../browser/browser_bug627234_perwindowpb.js | 102 + .../tests/mochitest/browser/browser_certViewer.js | 224 + .../browser/browser_certificateManagerLeak.js | 32 + .../browser/browser_clientAuth_connection.js | 135 + .../mochitest/browser/browser_clientAuth_ui.js | 137 + .../mochitest/browser/browser_deleteCert_ui.js | 215 + .../mochitest/browser/browser_downloadCert_ui.js | 150 + .../mochitest/browser/browser_editCACertTrust.js | 119 + .../browser/browser_exportP12_passwordUI.js | 142 + .../manager/ssl/tests/mochitest/browser/ca.pem | 17 + .../ssl/tests/mochitest/browser/ca.pem.certspec | 4 + .../ssl/tests/mochitest/browser/code-ee.pem | 17 + .../tests/mochitest/browser/code-ee.pem.certspec | 3 + .../tests/mochitest/browser/ee-from-expired-ca.pem | 17 + .../browser/ee-from-expired-ca.pem.certspec | 2 + .../mochitest/browser/ee-from-untrusted-ca.pem | 17 + .../browser/ee-from-untrusted-ca.pem.certspec | 2 + .../ssl/tests/mochitest/browser/email-ee.pem | 17 + .../tests/mochitest/browser/email-ee.pem.certspec | 3 + .../ssl/tests/mochitest/browser/expired-ca.pem | 18 + .../mochitest/browser/expired-ca.pem.certspec | 5 + .../manager/ssl/tests/mochitest/browser/has-cn.pem | 18 + .../tests/mochitest/browser/has-cn.pem.certspec | 2 + .../tests/mochitest/browser/has-empty-subject.pem | 16 + .../browser/has-empty-subject.pem.certspec | 3 + .../mochitest/browser/has-non-empty-subject.pem | 17 + .../browser/has-non-empty-subject.pem.certspec | 2 + .../manager/ssl/tests/mochitest/browser/has-o.pem | 17 + .../ssl/tests/mochitest/browser/has-o.pem.certspec | 2 + .../manager/ssl/tests/mochitest/browser/has-ou.pem | 17 + .../tests/mochitest/browser/has-ou.pem.certspec | 2 + .../manager/ssl/tests/mochitest/browser/head.js | 59 + .../ssl/tests/mochitest/browser/invalid.pem | 17 + .../tests/mochitest/browser/invalid.pem.certspec | 3 + .../manager/ssl/tests/mochitest/browser/md5-ee.pem | 17 + .../tests/mochitest/browser/md5-ee.pem.certspec | 3 + .../manager/ssl/tests/mochitest/browser/moz.build | 35 + .../ssl/tests/mochitest/browser/revoked.pem | 17 + .../tests/mochitest/browser/revoked.pem.certspec | 2 + .../manager/ssl/tests/mochitest/browser/ssl-ee.pem | 18 + .../tests/mochitest/browser/ssl-ee.pem.certspec | 3 + .../ssl/tests/mochitest/browser/unknown-issuer.pem | 17 + .../mochitest/browser/unknown-issuer.pem.certspec | 2 + .../ssl/tests/mochitest/browser/untrusted-ca.pem | 18 + .../mochitest/browser/untrusted-ca.pem.certspec | 4 + .../ssl/tests/mochitest/mixedcontent/.eslintrc.js | 5 + .../tests/mochitest/mixedcontent/alloworigin.sjs | 6 + .../ssl/tests/mochitest/mixedcontent/backward.html | 18 + .../ssl/tests/mochitest/mixedcontent/bug329869.js | 7 + .../mochitest/mixedcontent/bug383369step2.html | 29 + .../mochitest/mixedcontent/bug383369step3.html | 30 + .../ssl/tests/mochitest/mixedcontent/download.auto | 1 + .../mochitest/mixedcontent/download.auto^headers^ | 2 + .../tests/mochitest/mixedcontent/emptyimage.sjs | 5 + .../ssl/tests/mochitest/mixedcontent/hugebmp.sjs | 13 + .../ssl/tests/mochitest/mixedcontent/iframe.html | 13 + .../ssl/tests/mochitest/mixedcontent/iframe2.html | 14 + .../mochitest/mixedcontent/iframeMetaRedirect.html | 8 + .../mochitest/mixedcontent/iframesecredirect.sjs | 5 + .../mochitest/mixedcontent/iframeunsecredirect.sjs | 5 + .../mochitest/mixedcontent/imgsecredirect.sjs | 5 + .../mochitest/mixedcontent/imgunsecredirect.sjs | 5 + .../mochitest/mixedcontent/mixedContentTest.js | 204 + .../ssl/tests/mochitest/mixedcontent/mochitest.ini | 62 + .../tests/mochitest/mixedcontent/moonsurface.jpg | Bin 0 -> 52159 bytes .../ssl/tests/mochitest/mixedcontent/moz.build | 8 + .../ssl/tests/mochitest/mixedcontent/nocontent.sjs | 4 + .../mixedcontent/redirecttoemptyimage.sjs | 5 + .../ssl/tests/mochitest/mixedcontent/somestyle.css | 4 + .../mochitest/mixedcontent/test_bug329869.html | 37 + .../mochitest/mixedcontent/test_bug383369.html | 102 + .../mochitest/mixedcontent/test_bug455367.html | 35 + .../mochitest/mixedcontent/test_bug472986.html | 47 + .../mochitest/mixedcontent/test_bug477118.html | 35 + .../mochitest/mixedcontent/test_bug521461.html | 39 + .../mochitest/mixedcontent/test_cssBefore1.html | 43 + .../mochitest/mixedcontent/test_cssContent1.html | 42 + .../mochitest/mixedcontent/test_cssContent2.html | 47 + .../mixedcontent/test_documentWrite1.html | 38 + .../mixedcontent/test_documentWrite2.html | 40 + .../test_dynDelayedUnsecurePicture.html | 48 + .../mixedcontent/test_dynDelayedUnsecureXHR.html | 49 + .../mixedcontent/test_dynUnsecureBackground.html | 45 + .../test_dynUnsecureIframeRedirect.html | 45 + .../mixedcontent/test_dynUnsecurePicture.html | 46 + .../test_dynUnsecurePicturePreload.html | 37 + .../mixedcontent/test_dynUnsecureRedirect.html | 40 + .../test_innerHtmlDelayedUnsecurePicture.html | 42 + .../test_innerHtmlUnsecurePicture.html | 40 + .../mixedcontent/test_javascriptPicture.html | 35 + .../mochitest/mixedcontent/test_secureAll.html | 43 + .../mochitest/mixedcontent/test_securePicture.html | 37 + .../mixedcontent/test_unsecureBackground.html | 36 + .../mochitest/mixedcontent/test_unsecureCSS.html | 39 + .../mixedcontent/test_unsecureIframe.html | 37 + .../mixedcontent/test_unsecureIframe2.html | 37 + .../test_unsecureIframeMetaRedirect.html | 38 + .../mixedcontent/test_unsecureIframeRedirect.html | 38 + .../mixedcontent/test_unsecurePicture.html | 35 + .../mixedcontent/test_unsecurePictureDup.html | 21 + .../mixedcontent/test_unsecurePictureInIframe.html | 37 + .../mixedcontent/test_unsecureRedirect.html | 37 + .../mochitest/mixedcontent/unsecureIframe.html | 9 + .../mochitest/mixedcontent/unsecurePictureDup.html | 35 + security/manager/ssl/tests/mochitest/moz.build | 11 + .../mochitest/stricttransportsecurity/.eslintrc.js | 9 + .../mochitest/stricttransportsecurity/chrome.ini | 6 + .../stricttransportsecurity/mochitest.ini | 13 + .../mochitest/stricttransportsecurity/moz.build | 10 + .../stricttransportsecurity/nosts_bootstrap.html | 26 + .../nosts_bootstrap.html^headers^ | 1 + .../stricttransportsecurity/page_blank.html | 5 + .../stricttransportsecurity/plain_bootstrap.html | 26 + .../plain_bootstrap.html^headers^ | 2 + .../stricttransportsecurity/subdom_bootstrap.html | 26 + .../subdom_bootstrap.html^headers^ | 2 + .../test_stricttransportsecurity.html | 120 + .../test_sts_privatebrowsing_perwindowpb.html | 275 + .../mochitest/stricttransportsecurity/verify.sjs | 47 + security/manager/ssl/tests/moz.build | 17 + security/manager/ssl/tests/unit/.eslintrc.js | 5 + .../tests/unit/bad_certs/badSubjectAltNames.pem | 18 + .../unit/bad_certs/badSubjectAltNames.pem.certspec | 3 + .../ssl/tests/unit/bad_certs/beforeEpoch.pem | 19 + .../tests/unit/bad_certs/beforeEpoch.pem.certspec | 5 + .../ssl/tests/unit/bad_certs/beforeEpochINT.pem | 18 + .../unit/bad_certs/beforeEpochINT.pem.certspec | 5 + .../ssl/tests/unit/bad_certs/beforeEpochIssuer.pem | 20 + .../unit/bad_certs/beforeEpochIssuer.pem.certspec | 4 + .../tests/unit/bad_certs/ca-used-as-end-entity.pem | 20 + .../bad_certs/ca-used-as-end-entity.pem.certspec | 5 + .../ssl/tests/unit/bad_certs/default-ee.key | 28 + .../tests/unit/bad_certs/default-ee.key.keyspec | 1 + .../ssl/tests/unit/bad_certs/default-ee.pem | 21 + .../tests/unit/bad_certs/default-ee.pem.certspec | 4 + .../ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem | 19 + .../unit/bad_certs/eeIssuedByNonCA.pem.certspec | 4 + .../ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem | 18 + .../unit/bad_certs/eeIssuedByV1Cert.pem.certspec | 3 + .../ssl/tests/unit/bad_certs/emptyIssuerName.pem | 18 + .../unit/bad_certs/emptyIssuerName.pem.certspec | 3 + .../ssl/tests/unit/bad_certs/emptyNameCA.pem | 17 + .../tests/unit/bad_certs/emptyNameCA.pem.certspec | 4 + .../tests/unit/bad_certs/ev-test-intermediate.pem | 20 + .../bad_certs/ev-test-intermediate.pem.certspec | 7 + .../manager/ssl/tests/unit/bad_certs/ev-test.pem | 20 + .../ssl/tests/unit/bad_certs/ev-test.pem.certspec | 5 + .../manager/ssl/tests/unit/bad_certs/evroot.key | 28 + .../ssl/tests/unit/bad_certs/evroot.key.keyspec | 1 + .../manager/ssl/tests/unit/bad_certs/evroot.pem | 18 + .../ssl/tests/unit/bad_certs/evroot.pem.certspec | 7 + .../ssl/tests/unit/bad_certs/expired-ee.pem | 19 + .../tests/unit/bad_certs/expired-ee.pem.certspec | 5 + .../ssl/tests/unit/bad_certs/expiredINT.pem | 18 + .../tests/unit/bad_certs/expiredINT.pem.certspec | 5 + .../ssl/tests/unit/bad_certs/expiredissuer.pem | 20 + .../unit/bad_certs/expiredissuer.pem.certspec | 4 + .../ssl/tests/unit/bad_certs/idn-certificate.pem | 18 + .../unit/bad_certs/idn-certificate.pem.certspec | 3 + .../tests/unit/bad_certs/inadequateKeySizeEE.key | 16 + .../unit/bad_certs/inadequateKeySizeEE.key.keyspec | 1 + .../tests/unit/bad_certs/inadequateKeySizeEE.pem | 17 + .../bad_certs/inadequateKeySizeEE.pem.certspec | 5 + .../tests/unit/bad_certs/inadequatekeyusage-ee.pem | 20 + .../bad_certs/inadequatekeyusage-ee.pem.certspec | 5 + .../unit/bad_certs/ipAddressAsDNSNameInSAN.pem | 17 + .../bad_certs/ipAddressAsDNSNameInSAN.pem.certspec | 3 + .../tests/unit/bad_certs/md5signature-expired.pem | 20 + .../bad_certs/md5signature-expired.pem.certspec | 6 + .../ssl/tests/unit/bad_certs/md5signature.pem | 19 + .../tests/unit/bad_certs/md5signature.pem.certspec | 5 + .../ssl/tests/unit/bad_certs/mismatch-expired.pem | 19 + .../unit/bad_certs/mismatch-expired.pem.certspec | 5 + .../tests/unit/bad_certs/mismatch-notYetValid.pem | 19 + .../bad_certs/mismatch-notYetValid.pem.certspec | 5 + .../unit/bad_certs/mismatch-untrusted-expired.pem | 20 + .../mismatch-untrusted-expired.pem.certspec | 5 + .../tests/unit/bad_certs/mismatch-untrusted.pem | 20 + .../unit/bad_certs/mismatch-untrusted.pem.certspec | 4 + .../manager/ssl/tests/unit/bad_certs/mismatch.pem | 20 + .../ssl/tests/unit/bad_certs/mismatch.pem.certspec | 4 + .../ssl/tests/unit/bad_certs/mismatchCN.pem | 17 + .../tests/unit/bad_certs/mismatchCN.pem.certspec | 2 + .../manager/ssl/tests/unit/bad_certs/moz.build | 68 + .../ssl/tests/unit/bad_certs/noValidNames.pem | 19 + .../tests/unit/bad_certs/noValidNames.pem.certspec | 3 + .../ssl/tests/unit/bad_certs/notYetValid.pem | 19 + .../tests/unit/bad_certs/notYetValid.pem.certspec | 5 + .../ssl/tests/unit/bad_certs/notYetValidINT.pem | 18 + .../unit/bad_certs/notYetValidINT.pem.certspec | 5 + .../ssl/tests/unit/bad_certs/notYetValidIssuer.pem | 20 + .../unit/bad_certs/notYetValidIssuer.pem.certspec | 4 + .../tests/unit/bad_certs/nsCertTypeCritical.pem | 18 + .../unit/bad_certs/nsCertTypeCritical.pem.certspec | 4 + .../nsCertTypeCriticalWithExtKeyUsage.pem | 20 + .../nsCertTypeCriticalWithExtKeyUsage.pem.certspec | 6 + .../tests/unit/bad_certs/nsCertTypeNotCritical.pem | 18 + .../bad_certs/nsCertTypeNotCritical.pem.certspec | 4 + .../ssl/tests/unit/bad_certs/other-issuer-ee.pem | 21 + .../unit/bad_certs/other-issuer-ee.pem.certspec | 6 + .../ssl/tests/unit/bad_certs/other-test-ca.key | 28 + .../tests/unit/bad_certs/other-test-ca.key.keyspec | 1 + .../ssl/tests/unit/bad_certs/other-test-ca.pem | 18 + .../unit/bad_certs/other-test-ca.pem.certspec | 7 + .../unit/bad_certs/self-signed-EE-with-cA-true.pem | 21 + .../self-signed-EE-with-cA-true.pem.certspec | 5 + .../unit/bad_certs/selfsigned-inadequateEKU.pem | 21 + .../selfsigned-inadequateEKU.pem.certspec | 6 + .../ssl/tests/unit/bad_certs/selfsigned.pem | 20 + .../tests/unit/bad_certs/selfsigned.pem.certspec | 4 + .../manager/ssl/tests/unit/bad_certs/test-ca.pem | 18 + .../ssl/tests/unit/bad_certs/test-ca.pem.certspec | 4 + .../manager/ssl/tests/unit/bad_certs/test-int.pem | 18 + .../ssl/tests/unit/bad_certs/test-int.pem.certspec | 5 + .../ssl/tests/unit/bad_certs/unknownissuer.pem | 22 + .../unit/bad_certs/unknownissuer.pem.certspec | 4 + .../ssl/tests/unit/bad_certs/untrusted-expired.pem | 20 + .../unit/bad_certs/untrusted-expired.pem.certspec | 5 + .../ssl/tests/unit/bad_certs/untrustedissuer.pem | 20 + .../unit/bad_certs/untrustedissuer.pem.certspec | 4 + .../manager/ssl/tests/unit/bad_certs/v1Cert.pem | 17 + .../ssl/tests/unit/bad_certs/v1Cert.pem.certspec | 3 + security/manager/ssl/tests/unit/head_psm.js | 863 + security/manager/ssl/tests/unit/moz.build | 37 + .../unit/ocsp_certs/ca-used-as-end-entity.pem | 20 + .../ocsp_certs/ca-used-as-end-entity.pem.certspec | 5 + .../ssl/tests/unit/ocsp_certs/default-ee.key | 28 + .../tests/unit/ocsp_certs/default-ee.key.keyspec | 1 + .../ssl/tests/unit/ocsp_certs/default-ee.pem | 21 + .../tests/unit/ocsp_certs/default-ee.pem.certspec | 4 + .../tests/unit/ocsp_certs/delegatedSHA1Signer.pem | 18 + .../ocsp_certs/delegatedSHA1Signer.pem.certspec | 5 + .../ssl/tests/unit/ocsp_certs/delegatedSigner.pem | 18 + .../unit/ocsp_certs/delegatedSigner.pem.certspec | 4 + .../invalidDelegatedSignerFromIntermediate.pem | 19 + ...lidDelegatedSignerFromIntermediate.pem.certspec | 4 + .../invalidDelegatedSignerKeyUsageCrlSigning.pem | 18 + ...dDelegatedSignerKeyUsageCrlSigning.pem.certspec | 4 + .../invalidDelegatedSignerNoExtKeyUsage.pem | 18 + ...nvalidDelegatedSignerNoExtKeyUsage.pem.certspec | 3 + .../invalidDelegatedSignerWrongExtKeyUsage.pem | 18 + ...lidDelegatedSignerWrongExtKeyUsage.pem.certspec | 4 + .../manager/ssl/tests/unit/ocsp_certs/moz.build | 42 + .../unit/ocsp_certs/multi-tls-feature-bad-ee.pem | 19 + .../multi-tls-feature-bad-ee.pem.certspec | 4 + .../unit/ocsp_certs/multi-tls-feature-good-ee.pem | 19 + .../multi-tls-feature-good-ee.pem.certspec | 4 + .../must-staple-ee-with-must-staple-int.pem | 19 + ...ust-staple-ee-with-must-staple-int.pem.certspec | 4 + .../ssl/tests/unit/ocsp_certs/must-staple-ee.pem | 18 + .../unit/ocsp_certs/must-staple-ee.pem.certspec | 4 + .../unit/ocsp_certs/must-staple-missing-ee.pem | 18 + .../ocsp_certs/must-staple-missing-ee.pem.certspec | 3 + .../unit/ocsp_certs/ocspEEWithIntermediate.pem | 20 + .../ocsp_certs/ocspEEWithIntermediate.pem.certspec | 4 + .../tests/unit/ocsp_certs/ocspOtherEndEntity.pem | 19 + .../ocsp_certs/ocspOtherEndEntity.pem.certspec | 4 + .../ssl/tests/unit/ocsp_certs/other-test-ca.key | 28 + .../unit/ocsp_certs/other-test-ca.key.keyspec | 1 + .../ssl/tests/unit/ocsp_certs/other-test-ca.pem | 18 + .../unit/ocsp_certs/other-test-ca.pem.certspec | 7 + .../ocsp_certs/rsa-1016-keysizeDelegatedSigner.key | 16 + .../rsa-1016-keysizeDelegatedSigner.key.keyspec | 1 + .../ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem | 15 + .../rsa-1016-keysizeDelegatedSigner.pem.certspec | 4 + .../manager/ssl/tests/unit/ocsp_certs/test-ca.pem | 18 + .../ssl/tests/unit/ocsp_certs/test-ca.pem.certspec | 4 + .../manager/ssl/tests/unit/ocsp_certs/test-int.pem | 18 + .../tests/unit/ocsp_certs/test-int.pem.certspec | 5 + .../unit/ocsp_certs/test-multi-tls-feature-int.pem | 19 + .../test-multi-tls-feature-int.pem.certspec | 5 + .../tests/unit/ocsp_certs/test-must-staple-int.pem | 19 + .../ocsp_certs/test-must-staple-int.pem.certspec | 5 + .../ssl/tests/unit/pkcs11testmodule/moz.build | 18 + .../unit/pkcs11testmodule/pkcs11testmodule.cpp | 633 + .../unit/pkcs11testmodule/pkcs11testmodule.symbols | 1 + security/manager/ssl/tests/unit/pycert.py | 697 + security/manager/ssl/tests/unit/pykey.py | 706 + .../ssl/tests/unit/sss_readstate_child_worker.js | 25 + .../ssl/tests/unit/test_add_preexisting_cert.js | 45 + .../tests/unit/test_baseline_requirements/ca.pem | 17 + .../test_baseline_requirements/ca.pem.certspec | 4 + .../unit/test_baseline_requirements/moz.build | 19 + .../unit/test_baseline_requirements/no-san-old.pem | 17 + .../no-san-old.pem.certspec | 3 + .../test_baseline_requirements/no-san-older.pem | 17 + .../no-san-older.pem.certspec | 3 + .../test_baseline_requirements/no-san-recent.pem | 17 + .../no-san-recent.pem.certspec | 3 + .../san-contains-no-hostnames-old.pem | 18 + .../san-contains-no-hostnames-old.pem.certspec | 4 + .../san-contains-no-hostnames-older.pem | 18 + .../san-contains-no-hostnames-older.pem.certspec | 4 + .../san-contains-no-hostnames-recent.pem | 18 + .../san-contains-no-hostnames-recent.pem.certspec | 4 + ...st_baseline_requirements_subject_common_name.js | 188 + .../manager/ssl/tests/unit/test_certDB_import.js | 118 + .../unit/test_certDB_import/cert_from_windows.pfx | Bin 0 -> 2041 bytes .../ssl/tests/unit/test_certDB_import/emailEE.pem | 17 + .../unit/test_certDB_import/emailEE.pem.certspec | 2 + .../tests/unit/test_certDB_import/importedCA.pem | 17 + .../test_certDB_import/importedCA.pem.certspec | 3 + .../ssl/tests/unit/test_certDB_import/moz.build | 14 + .../ssl/tests/unit/test_certDB_import_pkcs12.js | 92 + .../manager/ssl/tests/unit/test_cert_blocklist.js | 362 + .../manager/ssl/tests/unit/test_cert_chains.js | 134 + security/manager/ssl/tests/unit/test_cert_dbKey.js | 146 + security/manager/ssl/tests/unit/test_cert_eku.js | 131 + .../manager/ssl/tests/unit/test_cert_eku/ca.pem | 17 + .../ssl/tests/unit/test_cert_eku/ca.pem.certspec | 3 + .../manager/ssl/tests/unit/test_cert_eku/ee-CA.pem | 17 + .../tests/unit/test_cert_eku/ee-CA.pem.certspec | 3 + .../ssl/tests/unit/test_cert_eku/ee-SA-CA.pem | 18 + .../tests/unit/test_cert_eku/ee-SA-CA.pem.certspec | 3 + .../ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem | 18 + .../unit/test_cert_eku/ee-SA-OCSP.pem.certspec | 3 + .../ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem | 18 + .../unit/test_cert_eku/ee-SA-nsSGC.pem.certspec | 3 + .../manager/ssl/tests/unit/test_cert_eku/ee-SA.pem | 17 + .../tests/unit/test_cert_eku/ee-SA.pem.certspec | 3 + .../ssl/tests/unit/test_cert_eku/ee-int-CA.pem | 17 + .../unit/test_cert_eku/ee-int-CA.pem.certspec | 2 + .../ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem | 17 + .../unit/test_cert_eku/ee-int-SA-CA.pem.certspec | 2 + .../tests/unit/test_cert_eku/ee-int-SA-OCSP.pem | 17 + .../unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec | 2 + .../tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem | 17 + .../test_cert_eku/ee-int-SA-nsSGC.pem.certspec | 2 + .../ssl/tests/unit/test_cert_eku/ee-int-SA.pem | 17 + .../unit/test_cert_eku/ee-int-SA.pem.certspec | 2 + .../tests/unit/test_cert_eku/ee-int-nsSGC-old.pem | 17 + .../test_cert_eku/ee-int-nsSGC-old.pem.certspec | 2 + .../unit/test_cert_eku/ee-int-nsSGC-older.pem | 17 + .../test_cert_eku/ee-int-nsSGC-older.pem.certspec | 2 + .../unit/test_cert_eku/ee-int-nsSGC-recent.pem | 17 + .../test_cert_eku/ee-int-nsSGC-recent.pem.certspec | 2 + .../ssl/tests/unit/test_cert_eku/ee-nsSGC.pem | 17 + .../tests/unit/test_cert_eku/ee-nsSGC.pem.certspec | 3 + .../ssl/tests/unit/test_cert_eku/int-CA.pem | 18 + .../tests/unit/test_cert_eku/int-CA.pem.certspec | 4 + .../ssl/tests/unit/test_cert_eku/int-SA-CA.pem | 18 + .../unit/test_cert_eku/int-SA-CA.pem.certspec | 4 + .../ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem | 18 + .../unit/test_cert_eku/int-SA-OCSP.pem.certspec | 4 + .../ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem | 18 + .../unit/test_cert_eku/int-SA-nsSGC.pem.certspec | 4 + .../ssl/tests/unit/test_cert_eku/int-SA.pem | 18 + .../tests/unit/test_cert_eku/int-SA.pem.certspec | 4 + .../ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem | 18 + .../unit/test_cert_eku/int-nsSGC-old.pem.certspec | 5 + .../tests/unit/test_cert_eku/int-nsSGC-older.pem | 18 + .../test_cert_eku/int-nsSGC-older.pem.certspec | 5 + .../tests/unit/test_cert_eku/int-nsSGC-recent.pem | 18 + .../test_cert_eku/int-nsSGC-recent.pem.certspec | 5 + .../manager/ssl/tests/unit/test_cert_eku/moz.build | 35 + .../ssl/tests/unit/test_cert_embedded_null.js | 38 + .../ssl/tests/unit/test_cert_embedded_null/ca.pem | 17 + .../unit/test_cert_embedded_null/ca.pem.certspec | 4 + .../unit/test_cert_embedded_null/embeddedNull.pem | 17 + .../embeddedNull.pem.certspec | 2 + .../embeddedNullCNAndSAN.pem | 18 + .../embeddedNullCNAndSAN.pem.certspec | 3 + .../test_cert_embedded_null/embeddedNullSAN.pem | 18 + .../embeddedNullSAN.pem.certspec | 3 + .../test_cert_embedded_null/embeddedNullSAN2.pem | 18 + .../embeddedNullSAN2.pem.certspec | 3 + .../tests/unit/test_cert_embedded_null/moz.build | 17 + .../ssl/tests/unit/test_cert_isBuiltInRoot.js | 71 + .../tests/unit/test_cert_isBuiltInRoot_reload.js | 123 + .../unit/test_cert_isBuiltInRoot_reload/cert8.db | Bin 0 -> 65536 bytes .../unit/test_cert_isBuiltInRoot_reload/cert9.db | Bin 0 -> 28672 bytes .../unit/test_cert_isBuiltInRoot_reload/key3.db | Bin 0 -> 16384 bytes .../unit/test_cert_isBuiltInRoot_reload/key4.db | Bin 0 -> 36864 bytes .../manager/ssl/tests/unit/test_cert_keyUsage.js | 57 + .../unit/test_cert_keyUsage/ca-all-usages.pem | 18 + .../test_cert_keyUsage/ca-all-usages.pem.certspec | 4 + .../test_cert_keyUsage/ca-missing-keyCertSign.pem | 18 + .../ca-missing-keyCertSign.pem.certspec | 4 + .../ca-no-keyUsage-extension.pem | 18 + .../ca-no-keyUsage-extension.pem.certspec | 3 + ...yCertSign-and-keyEncipherment-ca-all-usages.pem | 18 + ...-and-keyEncipherment-ca-all-usages.pem.certspec | 3 + ...-and-keyEncipherment-ca-missing-keyCertSign.pem | 18 + ...ncipherment-ca-missing-keyCertSign.pem.certspec | 3 + ...nd-keyEncipherment-ca-no-keyUsage-extension.pem | 18 + ...ipherment-ca-no-keyUsage-extension.pem.certspec | 3 + .../ee-keyCertSign-only-ca-all-usages.pem | 18 + .../ee-keyCertSign-only-ca-all-usages.pem.certspec | 3 + .../ee-keyCertSign-only-ca-missing-keyCertSign.pem | 18 + ...rtSign-only-ca-missing-keyCertSign.pem.certspec | 3 + ...e-keyCertSign-only-ca-no-keyUsage-extension.pem | 18 + ...Sign-only-ca-no-keyUsage-extension.pem.certspec | 3 + .../ee-keyEncipherment-only-ca-all-usages.pem | 18 + ...keyEncipherment-only-ca-all-usages.pem.certspec | 3 + ...keyEncipherment-only-ca-missing-keyCertSign.pem | 18 + ...erment-only-ca-missing-keyCertSign.pem.certspec | 3 + ...yEncipherment-only-ca-no-keyUsage-extension.pem | 18 + ...ment-only-ca-no-keyUsage-extension.pem.certspec | 3 + .../ee-no-keyUsage-extension-ca-all-usages.pem | 17 + ...o-keyUsage-extension-ca-all-usages.pem.certspec | 2 + ...o-keyUsage-extension-ca-missing-keyCertSign.pem | 18 + ...e-extension-ca-missing-keyCertSign.pem.certspec | 2 + ...keyUsage-extension-ca-no-keyUsage-extension.pem | 18 + ...extension-ca-no-keyUsage-extension.pem.certspec | 2 + .../ssl/tests/unit/test_cert_keyUsage/moz.build | 27 + .../unit/test_cert_override_bits_mismatches.js | 89 + .../manager/ssl/tests/unit/test_cert_overrides.js | 340 + security/manager/ssl/tests/unit/test_cert_sha1.js | 142 + .../manager/ssl/tests/unit/test_cert_sha1/ca.pem | 17 + .../ssl/tests/unit/test_cert_sha1/ca.pem.certspec | 6 + .../tests/unit/test_cert_sha1/ee-post_int-post.pem | 17 + .../test_cert_sha1/ee-post_int-post.pem.certspec | 4 + .../tests/unit/test_cert_sha1/ee-post_int-pre.pem | 17 + .../test_cert_sha1/ee-post_int-pre.pem.certspec | 4 + .../tests/unit/test_cert_sha1/ee-pre_int-pre.pem | 17 + .../test_cert_sha1/ee-pre_int-pre.pem.certspec | 4 + .../ssl/tests/unit/test_cert_sha1/int-post.pem | 17 + .../unit/test_cert_sha1/int-post.pem.certspec | 6 + .../ssl/tests/unit/test_cert_sha1/int-pre.pem | 17 + .../tests/unit/test_cert_sha1/int-pre.pem.certspec | 6 + .../ssl/tests/unit/test_cert_sha1/moz.build | 18 + .../manager/ssl/tests/unit/test_cert_signatures.js | 121 + .../ssl/tests/unit/test_cert_signatures/ca-rsa.pem | 18 + .../unit/test_cert_signatures/ca-rsa.pem.certspec | 4 + .../unit/test_cert_signatures/ca-secp384r1.pem | 11 + .../test_cert_signatures/ca-secp384r1.pem.certspec | 7 + .../unit/test_cert_signatures/ee-rsa-direct.pem | 17 + .../ee-rsa-direct.pem.certspec | 2 + .../ssl/tests/unit/test_cert_signatures/ee-rsa.pem | 17 + .../unit/test_cert_signatures/ee-rsa.pem.certspec | 2 + .../test_cert_signatures/ee-secp384r1-direct.pem | 10 + .../ee-secp384r1-direct.pem.certspec | 5 + .../unit/test_cert_signatures/ee-secp384r1.pem | 10 + .../test_cert_signatures/ee-secp384r1.pem.certspec | 5 + .../tests/unit/test_cert_signatures/int-rsa.pem | 18 + .../unit/test_cert_signatures/int-rsa.pem.certspec | 4 + .../unit/test_cert_signatures/int-secp384r1.pem | 11 + .../int-secp384r1.pem.certspec | 7 + .../ssl/tests/unit/test_cert_signatures/moz.build | 20 + security/manager/ssl/tests/unit/test_cert_trust.js | 216 + .../manager/ssl/tests/unit/test_cert_trust/ca.pem | 17 + .../ssl/tests/unit/test_cert_trust/ca.pem.certspec | 4 + .../manager/ssl/tests/unit/test_cert_trust/ee.pem | 18 + .../ssl/tests/unit/test_cert_trust/ee.pem.certspec | 3 + .../manager/ssl/tests/unit/test_cert_trust/int.pem | 17 + .../tests/unit/test_cert_trust/int.pem.certspec | 4 + .../ssl/tests/unit/test_cert_trust/moz.build | 15 + .../manager/ssl/tests/unit/test_cert_version.js | 190 + .../ssl/tests/unit/test_cert_version/ca.pem | 17 + .../tests/unit/test_cert_version/ca.pem.certspec | 4 + .../unit/test_cert_version/ee-v1-BC-cA_ca.pem | 17 + .../test_cert_version/ee-v1-BC-cA_ca.pem.certspec | 4 + .../unit/test_cert_version/ee-v1-BC-not-cA_ca.pem | 17 + .../ee-v1-BC-not-cA_ca.pem.certspec | 4 + .../tests/unit/test_cert_version/ee-v1-noBC_ca.pem | 17 + .../test_cert_version/ee-v1-noBC_ca.pem.certspec | 3 + .../unit/test_cert_version/ee-v2-BC-cA_ca.pem | 17 + .../test_cert_version/ee-v2-BC-cA_ca.pem.certspec | 4 + .../unit/test_cert_version/ee-v2-BC-not-cA_ca.pem | 17 + .../ee-v2-BC-not-cA_ca.pem.certspec | 4 + .../tests/unit/test_cert_version/ee-v2-noBC_ca.pem | 17 + .../test_cert_version/ee-v2-noBC_ca.pem.certspec | 3 + .../unit/test_cert_version/ee-v3-BC-cA_ca.pem | 17 + .../test_cert_version/ee-v3-BC-cA_ca.pem.certspec | 4 + .../unit/test_cert_version/ee-v3-BC-not-cA_ca.pem | 17 + .../ee-v3-BC-not-cA_ca.pem.certspec | 4 + .../tests/unit/test_cert_version/ee-v3-noBC_ca.pem | 17 + .../test_cert_version/ee-v3-noBC_ca.pem.certspec | 3 + .../unit/test_cert_version/ee-v4-BC-cA_ca.pem | 17 + .../test_cert_version/ee-v4-BC-cA_ca.pem.certspec | 4 + .../unit/test_cert_version/ee-v4-BC-not-cA_ca.pem | 17 + .../ee-v4-BC-not-cA_ca.pem.certspec | 4 + .../tests/unit/test_cert_version/ee-v4-noBC_ca.pem | 17 + .../test_cert_version/ee-v4-noBC_ca.pem.certspec | 3 + .../unit/test_cert_version/ee_int-v1-BC-cA.pem | 17 + .../test_cert_version/ee_int-v1-BC-cA.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v1-BC-not-cA.pem | 17 + .../ee_int-v1-BC-not-cA.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v1-noBC.pem | 17 + .../test_cert_version/ee_int-v1-noBC.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v2-BC-cA.pem | 17 + .../test_cert_version/ee_int-v2-BC-cA.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v2-BC-not-cA.pem | 17 + .../ee_int-v2-BC-not-cA.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v2-noBC.pem | 17 + .../test_cert_version/ee_int-v2-noBC.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v3-BC-cA.pem | 17 + .../test_cert_version/ee_int-v3-BC-cA.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v3-BC-not-cA.pem | 17 + .../ee_int-v3-BC-not-cA.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v3-noBC.pem | 17 + .../test_cert_version/ee_int-v3-noBC.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v4-BC-cA.pem | 17 + .../test_cert_version/ee_int-v4-BC-cA.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v4-BC-not-cA.pem | 17 + .../ee_int-v4-BC-not-cA.pem.certspec | 2 + .../unit/test_cert_version/ee_int-v4-noBC.pem | 17 + .../test_cert_version/ee_int-v4-noBC.pem.certspec | 2 + .../ssl/tests/unit/test_cert_version/generate.py | 82 + .../unit/test_cert_version/int-v1-BC-cA_ca.pem | 17 + .../test_cert_version/int-v1-BC-cA_ca.pem.certspec | 5 + .../unit/test_cert_version/int-v1-BC-not-cA_ca.pem | 18 + .../int-v1-BC-not-cA_ca.pem.certspec | 5 + .../unit/test_cert_version/int-v1-noBC_ca.pem | 17 + .../test_cert_version/int-v1-noBC_ca.pem.certspec | 4 + .../unit/test_cert_version/int-v2-BC-cA_ca.pem | 18 + .../test_cert_version/int-v2-BC-cA_ca.pem.certspec | 5 + .../unit/test_cert_version/int-v2-BC-not-cA_ca.pem | 18 + .../int-v2-BC-not-cA_ca.pem.certspec | 5 + .../unit/test_cert_version/int-v2-noBC_ca.pem | 17 + .../test_cert_version/int-v2-noBC_ca.pem.certspec | 4 + .../unit/test_cert_version/int-v3-BC-cA_ca.pem | 18 + .../test_cert_version/int-v3-BC-cA_ca.pem.certspec | 5 + .../unit/test_cert_version/int-v3-BC-not-cA_ca.pem | 18 + .../int-v3-BC-not-cA_ca.pem.certspec | 5 + .../unit/test_cert_version/int-v3-noBC_ca.pem | 17 + .../test_cert_version/int-v3-noBC_ca.pem.certspec | 4 + .../unit/test_cert_version/int-v4-BC-cA_ca.pem | 18 + .../test_cert_version/int-v4-BC-cA_ca.pem.certspec | 5 + .../unit/test_cert_version/int-v4-BC-not-cA_ca.pem | 18 + .../int-v4-BC-not-cA_ca.pem.certspec | 5 + .../unit/test_cert_version/int-v4-noBC_ca.pem | 17 + .../test_cert_version/int-v4-noBC_ca.pem.certspec | 4 + .../ssl/tests/unit/test_cert_version/moz.build | 61 + .../tests/unit/test_cert_version/ss-v1-BC-cA.pem | 17 + .../test_cert_version/ss-v1-BC-cA.pem.certspec | 4 + .../unit/test_cert_version/ss-v1-BC-not-cA.pem | 18 + .../test_cert_version/ss-v1-BC-not-cA.pem.certspec | 4 + .../tests/unit/test_cert_version/ss-v1-noBC.pem | 17 + .../unit/test_cert_version/ss-v1-noBC.pem.certspec | 3 + .../tests/unit/test_cert_version/ss-v2-BC-cA.pem | 17 + .../test_cert_version/ss-v2-BC-cA.pem.certspec | 4 + .../unit/test_cert_version/ss-v2-BC-not-cA.pem | 18 + .../test_cert_version/ss-v2-BC-not-cA.pem.certspec | 4 + .../tests/unit/test_cert_version/ss-v2-noBC.pem | 17 + .../unit/test_cert_version/ss-v2-noBC.pem.certspec | 3 + .../tests/unit/test_cert_version/ss-v3-BC-cA.pem | 17 + .../test_cert_version/ss-v3-BC-cA.pem.certspec | 4 + .../unit/test_cert_version/ss-v3-BC-not-cA.pem | 18 + .../test_cert_version/ss-v3-BC-not-cA.pem.certspec | 4 + .../tests/unit/test_cert_version/ss-v3-noBC.pem | 17 + .../unit/test_cert_version/ss-v3-noBC.pem.certspec | 3 + .../tests/unit/test_cert_version/ss-v4-BC-cA.pem | 17 + .../test_cert_version/ss-v4-BC-cA.pem.certspec | 4 + .../unit/test_cert_version/ss-v4-BC-not-cA.pem | 18 + .../test_cert_version/ss-v4-BC-not-cA.pem.certspec | 4 + .../tests/unit/test_cert_version/ss-v4-noBC.pem | 17 + .../unit/test_cert_version/ss-v4-noBC.pem.certspec | 3 + .../ssl/tests/unit/test_certviewer_invalid_oids.js | 62 + .../bug483440-attack2b.pem | 14 + .../bug483440-attack7.pem | 16 + .../bug483440-pk10oflo.pem | 14 + .../ssl/tests/unit/test_constructX509FromBase64.js | 69 + .../manager/ssl/tests/unit/test_content_signing.js | 266 + .../test_content_signing/content_signing_int.pem | 18 + .../content_signing_int.pem.certspec | 4 + .../content_signing_onecrl_RSA_ee.pem | 18 + .../content_signing_onecrl_RSA_ee.pem.certspec | 4 + .../content_signing_onecrl_ee.pem | 15 + .../content_signing_onecrl_ee.pem.certspec | 5 + .../content_signing_onecrl_no_SAN_ee.pem | 14 + .../content_signing_onecrl_no_SAN_ee.pem.certspec | 4 + .../content_signing_onecrl_wrong_key_ee.pem | 14 + ...ontent_signing_onecrl_wrong_key_ee.pem.certspec | 5 + .../content_signing_remote_newtab_ee.pem | 15 + .../content_signing_remote_newtab_ee.pem.certspec | 5 + .../test_content_signing/content_signing_root.pem | 18 + .../content_signing_root.pem.certspec | 4 + .../ssl/tests/unit/test_content_signing/moz.build | 19 + .../ssl/tests/unit/test_content_signing/pysign.py | 29 + .../ssl/tests/unit/test_content_signing/test.txt | 1 + .../unit/test_content_signing/test.txt.signature | 1 + .../ssl/tests/unit/test_datasignatureverifier.js | 193 + security/manager/ssl/tests/unit/test_der.js | 219 + .../ssl/tests/unit/test_enterprise_roots.js | 58 + security/manager/ssl/tests/unit/test_ev_certs.js | 356 + .../unit/test_ev_certs/anyPolicy-ee-path-ee.pem | 20 + .../anyPolicy-ee-path-ee.pem.certspec | 5 + .../unit/test_ev_certs/anyPolicy-ee-path-int.pem | 20 + .../anyPolicy-ee-path-int.pem.certspec | 7 + .../unit/test_ev_certs/anyPolicy-int-path-ee.pem | 21 + .../anyPolicy-int-path-ee.pem.certspec | 5 + .../unit/test_ev_certs/anyPolicy-int-path-int.pem | 20 + .../anyPolicy-int-path-int.pem.certspec | 7 + ...um-and-test-oid-ee-cabforum-oid-int-path-ee.pem | 23 + ...st-oid-ee-cabforum-oid-int-path-ee.pem.certspec | 5 + ...m-and-test-oid-ee-cabforum-oid-int-path-int.pem | 21 + ...t-oid-ee-cabforum-oid-int-path-int.pem.certspec | 7 + .../cabforum-and-test-oid-ee-path-ee.pem | 22 + .../cabforum-and-test-oid-ee-path-ee.pem.certspec | 5 + .../cabforum-and-test-oid-ee-path-int.pem | 20 + .../cabforum-and-test-oid-ee-path-int.pem.certspec | 7 + .../unit/test_ev_certs/cabforum-oid-path-ee.pem | 20 + .../cabforum-oid-path-ee.pem.certspec | 5 + .../unit/test_ev_certs/cabforum-oid-path-int.pem | 20 + .../cabforum-oid-path-int.pem.certspec | 7 + .../ssl/tests/unit/test_ev_certs/evroot.key | 28 + .../tests/unit/test_ev_certs/evroot.key.keyspec | 1 + .../ssl/tests/unit/test_ev_certs/evroot.pem | 18 + .../tests/unit/test_ev_certs/evroot.pem.certspec | 7 + .../manager/ssl/tests/unit/test_ev_certs/moz.build | 48 + .../unit/test_ev_certs/no-ocsp-ee-path-ee.pem | 19 + .../test_ev_certs/no-ocsp-ee-path-ee.pem.certspec | 4 + .../unit/test_ev_certs/no-ocsp-ee-path-int.pem | 20 + .../test_ev_certs/no-ocsp-ee-path-int.pem.certspec | 7 + .../unit/test_ev_certs/no-ocsp-int-path-ee.pem | 21 + .../test_ev_certs/no-ocsp-int-path-ee.pem.certspec | 5 + .../unit/test_ev_certs/no-ocsp-int-path-int.pem | 18 + .../no-ocsp-int-path-int.pem.certspec | 6 + .../unit/test_ev_certs/non-ev-root-path-ee.pem | 21 + .../test_ev_certs/non-ev-root-path-ee.pem.certspec | 5 + .../unit/test_ev_certs/non-ev-root-path-int.pem | 20 + .../non-ev-root-path-int.pem.certspec | 6 + .../ssl/tests/unit/test_ev_certs/non-evroot-ca.pem | 18 + .../unit/test_ev_certs/non-evroot-ca.pem.certspec | 4 + .../test_ev_certs/reverse-order-oids-path-ee.pem | 21 + .../reverse-order-oids-path-ee.pem.certspec | 5 + .../test_ev_certs/reverse-order-oids-path-int.pem | 21 + .../reverse-order-oids-path-int.pem.certspec | 7 + ...nd-cabforum-oid-ee-cabforum-oid-int-path-ee.pem | 23 + ...um-oid-ee-cabforum-oid-int-path-ee.pem.certspec | 5 + ...d-cabforum-oid-ee-cabforum-oid-int-path-int.pem | 21 + ...m-oid-ee-cabforum-oid-int-path-int.pem.certspec | 7 + .../test-and-cabforum-oid-ee-path-ee.pem | 22 + .../test-and-cabforum-oid-ee-path-ee.pem.certspec | 5 + .../test-and-cabforum-oid-ee-path-int.pem | 20 + .../test-and-cabforum-oid-ee-path-int.pem.certspec | 7 + .../test-oid-ee-cabforum-oid-int-path-ee.pem | 22 + ...st-oid-ee-cabforum-oid-int-path-ee.pem.certspec | 5 + .../test-oid-ee-cabforum-oid-int-path-int.pem | 21 + ...t-oid-ee-cabforum-oid-int-path-int.pem.certspec | 7 + .../tests/unit/test_ev_certs/test-oid-path-ee.pem | 20 + .../test_ev_certs/test-oid-path-ee.pem.certspec | 5 + .../tests/unit/test_ev_certs/test-oid-path-int.key | 28 + .../test_ev_certs/test-oid-path-int.key.keyspec | 1 + .../tests/unit/test_ev_certs/test-oid-path-int.pem | 20 + .../test_ev_certs/test-oid-path-int.pem.certspec | 7 + .../test_forget_about_site_security_headers.js | 100 + security/manager/ssl/tests/unit/test_getchain.js | 82 + .../manager/ssl/tests/unit/test_getchain/ca-1.pem | 17 + .../ssl/tests/unit/test_getchain/ca-1.pem.certspec | 5 + .../manager/ssl/tests/unit/test_getchain/ca-2.pem | 17 + .../ssl/tests/unit/test_getchain/ca-2.pem.certspec | 5 + .../manager/ssl/tests/unit/test_getchain/ee.pem | 17 + .../ssl/tests/unit/test_getchain/ee.pem.certspec | 2 + .../manager/ssl/tests/unit/test_getchain/moz.build | 15 + .../manager/ssl/tests/unit/test_hash_algorithms.js | 87 + .../ssl/tests/unit/test_hash_algorithms_wrap.js | 5 + security/manager/ssl/tests/unit/test_hmac.js | 88 + .../test_intermediate_basic_usage_constraints.js | 111 + .../ca.pem | 17 + .../ca.pem.certspec | 3 + .../ee-int-bad-ku-no-eku.pem | 18 + .../ee-int-bad-ku-no-eku.pem.certspec | 4 + .../ee-int-bad-ku-server-eku.pem | 18 + .../ee-int-bad-ku-server-eku.pem.certspec | 4 + .../ee-int-cA-FALSE-asserts-keyCertSign.pem | 19 + ...e-int-cA-FALSE-asserts-keyCertSign.pem.certspec | 4 + .../ee-int-limited-depth-invalid.pem | 18 + .../ee-int-limited-depth-invalid.pem.certspec | 4 + .../ee-int-limited-depth.pem | 18 + .../ee-int-limited-depth.pem.certspec | 4 + .../ee-int-no-extensions.pem | 18 + .../ee-int-no-extensions.pem.certspec | 4 + .../ee-int-no-ku-no-eku.pem | 18 + .../ee-int-no-ku-no-eku.pem.certspec | 4 + .../ee-int-no-ku-server-eku.pem | 18 + .../ee-int-no-ku-server-eku.pem.certspec | 4 + .../ee-int-not-a-ca.pem | 18 + .../ee-int-not-a-ca.pem.certspec | 4 + .../ee-int-valid-ku-no-eku.pem | 18 + .../ee-int-valid-ku-no-eku.pem.certspec | 4 + .../ee-int-valid-ku-server-eku.pem | 18 + .../ee-int-valid-ku-server-eku.pem.certspec | 4 + .../int-bad-ku-no-eku.pem | 18 + .../int-bad-ku-no-eku.pem.certspec | 4 + .../int-bad-ku-server-eku.pem | 18 + .../int-bad-ku-server-eku.pem.certspec | 5 + .../int-cA-FALSE-asserts-keyCertSign.pem | 18 + .../int-cA-FALSE-asserts-keyCertSign.pem.certspec | 4 + .../int-limited-depth-invalid.pem | 18 + .../int-limited-depth-invalid.pem.certspec | 3 + .../int-limited-depth.pem | 17 + .../int-limited-depth.pem.certspec | 3 + .../int-no-extensions.pem | 17 + .../int-no-extensions.pem.certspec | 2 + .../int-no-ku-no-eku.pem | 17 + .../int-no-ku-no-eku.pem.certspec | 3 + .../int-no-ku-server-eku.pem | 18 + .../int-no-ku-server-eku.pem.certspec | 4 + .../int-not-a-ca.pem | 17 + .../int-not-a-ca.pem.certspec | 3 + .../int-valid-ku-no-eku.pem | 18 + .../int-valid-ku-no-eku.pem.certspec | 4 + .../int-valid-ku-server-eku.pem | 18 + .../int-valid-ku-server-eku.pem.certspec | 5 + .../moz.build | 35 + .../tests/unit/test_js_cert_override_service.js | 56 + security/manager/ssl/tests/unit/test_keysize.js | 127 + .../ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem | 12 + ...sa_1016-int_rsa_1024-root_rsa_1024.pem.certspec | 4 + .../ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem | 12 + ...sa_1024-int_rsa_1016-root_rsa_1024.pem.certspec | 4 + .../ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem | 15 + ...sa_1024-int_rsa_1024-root_rsa_1016.pem.certspec | 4 + .../ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem | 13 + ...sa_1024-int_rsa_1024-root_rsa_1024.pem.certspec | 4 + ...cp224r1_224-int_secp256r1_256-root_rsa_2048.pem | 10 + ...24-int_secp256r1_256-root_rsa_2048.pem.certspec | 5 + ...r1_224-int_secp256r1_256-root_secp256r1_256.pem | 10 + ...t_secp256r1_256-root_secp256r1_256.pem.certspec | 5 + ...k1_256-int_secp256r1_256-root_secp256r1_256.pem | 10 + ...t_secp256r1_256-root_secp256r1_256.pem.certspec | 5 + ...cp256r1_256-int_rsa_1016-root_secp256r1_256.pem | 11 + ...56-int_rsa_1016-root_secp256r1_256.pem.certspec | 4 + ...r1_256-int_secp224r1_224-root_secp256r1_256.pem | 10 + ...t_secp224r1_224-root_secp256r1_256.pem.certspec | 5 + ...r1_256-int_secp256r1_256-root_secp224r1_224.pem | 10 + ...t_secp256r1_256-root_secp224r1_224.pem.certspec | 5 + ...r1_256-int_secp256r1_256-root_secp256k1_256.pem | 10 + ...t_secp256r1_256-root_secp256k1_256.pem.certspec | 5 + ...cp384r1_384-int_secp256r1_256-root_rsa_2048.pem | 11 + ...84-int_secp256r1_256-root_rsa_2048.pem.certspec | 5 + ...r1_521-int_secp384r1_384-root_secp256r1_256.pem | 12 + ...t_secp384r1_384-root_secp256r1_256.pem.certspec | 5 + .../test_keysize/int_rsa_1016-root_rsa_1024.pem | 13 + .../int_rsa_1016-root_rsa_1024.pem.certspec | 6 + .../int_rsa_1016-root_secp256r1_256.pem | 12 + .../int_rsa_1016-root_secp256r1_256.pem.certspec | 7 + .../test_keysize/int_rsa_1024-root_rsa_1016.pem | 13 + .../int_rsa_1024-root_rsa_1016.pem.certspec | 6 + .../test_keysize/int_rsa_1024-root_rsa_1024.pem | 13 + .../int_rsa_1024-root_rsa_1024.pem.certspec | 6 + .../int_secp224r1_224-root_secp256r1_256.pem | 10 + ...t_secp224r1_224-root_secp256r1_256.pem.certspec | 7 + .../int_secp256r1_256-root_rsa_2048.pem | 14 + .../int_secp256r1_256-root_rsa_2048.pem.certspec | 5 + .../int_secp256r1_256-root_secp224r1_224.pem | 10 + ...t_secp256r1_256-root_secp224r1_224.pem.certspec | 7 + .../int_secp256r1_256-root_secp256k1_256.pem | 10 + ...t_secp256r1_256-root_secp256k1_256.pem.certspec | 7 + .../int_secp256r1_256-root_secp256r1_256.pem | 10 + ...t_secp256r1_256-root_secp256r1_256.pem.certspec | 7 + .../int_secp384r1_384-root_secp256r1_256.pem | 11 + ...t_secp384r1_384-root_secp256r1_256.pem.certspec | 7 + .../manager/ssl/tests/unit/test_keysize/moz.build | 41 + .../ssl/tests/unit/test_keysize/root_rsa_1016.pem | 12 + .../unit/test_keysize/root_rsa_1016.pem.certspec | 6 + .../ssl/tests/unit/test_keysize/root_rsa_1024.pem | 12 + .../unit/test_keysize/root_rsa_1024.pem.certspec | 6 + .../ssl/tests/unit/test_keysize/root_rsa_2048.pem | 18 + .../unit/test_keysize/root_rsa_2048.pem.certspec | 4 + .../tests/unit/test_keysize/root_secp224r1_224.pem | 9 + .../test_keysize/root_secp224r1_224.pem.certspec | 7 + .../tests/unit/test_keysize/root_secp256k1_256.pem | 10 + .../test_keysize/root_secp256k1_256.pem.certspec | 7 + .../tests/unit/test_keysize/root_secp256r1_256.pem | 10 + .../test_keysize/root_secp256r1_256.pem.certspec | 7 + security/manager/ssl/tests/unit/test_keysize_ev.js | 146 + .../ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem | 21 + ...ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec | 5 + .../ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem | 21 + ...ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec | 5 + ...e_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem | 21 + ...8-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec | 4 + .../ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem | 21 + ...ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec | 4 + .../test_keysize_ev/ev_int_rsa_2040-evroot.pem | 20 + .../ev_int_rsa_2040-evroot.pem.certspec | 8 + .../tests/unit/test_keysize_ev/ev_int_rsa_2040.key | 28 + .../test_keysize_ev/ev_int_rsa_2040.key.keyspec | 1 + .../ev_int_rsa_2048-ev_root_rsa_2040.pem | 21 + .../ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec | 7 + .../test_keysize_ev/ev_int_rsa_2048-evroot.pem | 20 + .../ev_int_rsa_2048-evroot.pem.certspec | 7 + .../tests/unit/test_keysize_ev/ev_int_rsa_2048.key | 28 + .../test_keysize_ev/ev_int_rsa_2048.key.keyspec | 1 + .../unit/test_keysize_ev/ev_root_rsa_2040.key | 28 + .../test_keysize_ev/ev_root_rsa_2040.key.keyspec | 1 + .../unit/test_keysize_ev/ev_root_rsa_2040.pem | 18 + .../test_keysize_ev/ev_root_rsa_2040.pem.certspec | 7 + .../ssl/tests/unit/test_keysize_ev/evroot.key | 28 + .../tests/unit/test_keysize_ev/evroot.key.keyspec | 1 + .../ssl/tests/unit/test_keysize_ev/evroot.pem | 18 + .../tests/unit/test_keysize_ev/evroot.pem.certspec | 7 + .../ssl/tests/unit/test_keysize_ev/moz.build | 31 + security/manager/ssl/tests/unit/test_local_cert.js | 83 + .../ssl/tests/unit/test_logoutAndTeardown.js | 55 + .../ssl/tests/unit/test_name_constraints.js | 63 + .../NameConstraints.dcissallowed.pem | 20 + .../NameConstraints.dcissallowed.pem.certspec | 2 + .../NameConstraints.dcissblocked.pem | 20 + .../NameConstraints.dcissblocked.pem.certspec | 2 + .../ca-example-com-permitted.pem | 19 + .../ca-example-com-permitted.pem.certspec | 5 + .../ssl/tests/unit/test_name_constraints/dciss.pem | 22 + .../unit/test_name_constraints/dciss.pem.certspec | 4 + .../ee-example-com-and-org.pem | 18 + .../ee-example-com-and-org.pem.certspec | 3 + .../unit/test_name_constraints/ee-example-com.pem | 18 + .../ee-example-com.pem.certspec | 3 + .../unit/test_name_constraints/ee-example-org.pem | 18 + .../ee-example-org.pem.certspec | 3 + .../unit/test_name_constraints/ee-example-test.pem | 18 + .../ee-example-test.pem.certspec | 3 + .../int-example-org-permitted.pem | 19 + .../int-example-org-permitted.pem.certspec | 5 + .../ssl/tests/unit/test_name_constraints/moz.build | 21 + security/manager/ssl/tests/unit/test_nsCertType.js | 28 + .../ssl/tests/unit/test_nsIX509CertValidity.js | 49 + .../ssl/tests/unit/test_nsIX509Cert_utf8.js | 70 + .../manager/ssl/tests/unit/test_nss_shutdown.js | 44 + .../manager/ssl/tests/unit/test_ocsp_caching.js | 299 + .../ssl/tests/unit/test_ocsp_enabled_pref.js | 141 + .../ssl/tests/unit/test_ocsp_fetch_method.js | 59 + .../ssl/tests/unit/test_ocsp_fetch_method/a.pem | 18 + .../unit/test_ocsp_fetch_method/a.pem.certspec | 3 + .../ssl/tests/unit/test_ocsp_fetch_method/ca.pem | 17 + .../unit/test_ocsp_fetch_method/ca.pem.certspec | 4 + .../ssl/tests/unit/test_ocsp_fetch_method/int.key | 28 + .../unit/test_ocsp_fetch_method/int.key.keyspec | 1 + .../ssl/tests/unit/test_ocsp_fetch_method/int.pem | 17 + .../unit/test_ocsp_fetch_method/int.pem.certspec | 4 + .../tests/unit/test_ocsp_fetch_method/moz.build | 22 + .../ssl/tests/unit/test_ocsp_must_staple.js | 116 + .../ssl/tests/unit/test_ocsp_no_hsts_upgrade.js | 54 + .../manager/ssl/tests/unit/test_ocsp_required.js | 55 + .../manager/ssl/tests/unit/test_ocsp_stapling.js | 209 + .../ssl/tests/unit/test_ocsp_stapling_expired.js | 184 + .../unit/test_ocsp_stapling_with_intermediate.js | 45 + .../manager/ssl/tests/unit/test_ocsp_timeout.js | 88 + security/manager/ssl/tests/unit/test_ocsp_url.js | 137 + .../ssl/tests/unit/test_ocsp_url/bad-scheme.pem | 18 + .../unit/test_ocsp_url/bad-scheme.pem.certspec | 3 + .../manager/ssl/tests/unit/test_ocsp_url/ca.pem | 17 + .../ssl/tests/unit/test_ocsp_url/ca.pem.certspec | 4 + .../tests/unit/test_ocsp_url/empty-scheme-url.pem | 18 + .../test_ocsp_url/empty-scheme-url.pem.certspec | 3 + .../ssl/tests/unit/test_ocsp_url/ftp-url.pem | 18 + .../tests/unit/test_ocsp_url/ftp-url.pem.certspec | 3 + .../ssl/tests/unit/test_ocsp_url/hTTp-url.pem | 18 + .../tests/unit/test_ocsp_url/hTTp-url.pem.certspec | 3 + .../ssl/tests/unit/test_ocsp_url/https-url.pem | 18 + .../unit/test_ocsp_url/https-url.pem.certspec | 3 + .../manager/ssl/tests/unit/test_ocsp_url/int.key | 28 + .../ssl/tests/unit/test_ocsp_url/int.key.keyspec | 1 + .../manager/ssl/tests/unit/test_ocsp_url/int.pem | 17 + .../ssl/tests/unit/test_ocsp_url/int.pem.certspec | 4 + .../manager/ssl/tests/unit/test_ocsp_url/moz.build | 33 + .../ssl/tests/unit/test_ocsp_url/negative-port.pem | 18 + .../unit/test_ocsp_url/negative-port.pem.certspec | 3 + .../ssl/tests/unit/test_ocsp_url/no-host-url.pem | 18 + .../unit/test_ocsp_url/no-host-url.pem.certspec | 3 + .../ssl/tests/unit/test_ocsp_url/no-path-url.pem | 18 + .../unit/test_ocsp_url/no-path-url.pem.certspec | 3 + .../unit/test_ocsp_url/no-scheme-host-port.pem | 18 + .../test_ocsp_url/no-scheme-host-port.pem.certspec | 3 + .../ssl/tests/unit/test_ocsp_url/no-scheme-url.pem | 18 + .../unit/test_ocsp_url/no-scheme-url.pem.certspec | 3 + .../tests/unit/test_ocsp_url/unknown-scheme.pem | 18 + .../unit/test_ocsp_url/unknown-scheme.pem.certspec | 3 + .../ssl/tests/unit/test_ocsp_url/user-pass.pem | 18 + .../unit/test_ocsp_url/user-pass.pem.certspec | 3 + .../manager/ssl/tests/unit/test_onecrl/moz.build | 14 + .../ssl/tests/unit/test_onecrl/same-issuer-ee.pem | 19 + .../unit/test_onecrl/same-issuer-ee.pem.certspec | 4 + .../tests/unit/test_onecrl/sample_revocations.txt | 39 + .../ssl/tests/unit/test_onecrl/test-int-ee.pem | 18 + .../unit/test_onecrl/test-int-ee.pem.certspec | 3 + .../manager/ssl/tests/unit/test_password_prompt.js | 78 + security/manager/ssl/tests/unit/test_pinning.js | 263 + .../manager/ssl/tests/unit/test_pinning_dynamic.js | 246 + .../a.pinning2.example.com-badca.pem | 18 + .../a.pinning2.example.com-badca.pem.certspec | 5 + .../a.pinning2.example.com-pinningroot.pem | 18 + ...a.pinning2.example.com-pinningroot.pem.certspec | 4 + .../a.preload.example.com-badca.pem | 18 + .../a.preload.example.com-badca.pem.certspec | 5 + .../a.preload.example.com-pinningroot.pem | 18 + .../a.preload.example.com-pinningroot.pem.certspec | 4 + .../b.pinning2.example.com-badca.pem | 18 + .../b.pinning2.example.com-badca.pem.certspec | 5 + .../b.pinning2.example.com-pinningroot.pem | 18 + ...b.pinning2.example.com-pinningroot.pem.certspec | 4 + .../b.preload.example.com-badca.pem | 18 + .../b.preload.example.com-badca.pem.certspec | 5 + .../b.preload.example.com-pinningroot.pem | 18 + .../b.preload.example.com-pinningroot.pem.certspec | 4 + .../ssl/tests/unit/test_pinning_dynamic/badca.pem | 17 + .../unit/test_pinning_dynamic/badca.pem.certspec | 6 + .../ssl/tests/unit/test_pinning_dynamic/moz.build | 26 + .../unit/test_pinning_dynamic/pinningroot.pem | 18 + .../test_pinning_dynamic/pinningroot.pem.certspec | 4 + .../x.a.pinning2.example.com-badca.pem | 18 + .../x.a.pinning2.example.com-badca.pem.certspec | 5 + .../x.a.pinning2.example.com-pinningroot.pem | 18 + ...a.pinning2.example.com-pinningroot.pem.certspec | 4 + .../x.b.pinning2.example.com-badca.pem | 18 + .../x.b.pinning2.example.com-badca.pem.certspec | 5 + .../x.b.pinning2.example.com-pinningroot.pem | 18 + ...b.pinning2.example.com-pinningroot.pem.certspec | 4 + .../ssl/tests/unit/test_pinning_header_parsing.js | 141 + .../ssl/tests/unit/test_pkcs11_insert_remove.js | 41 + .../manager/ssl/tests/unit/test_pkcs11_module.js | 121 + .../unit/test_pkcs11_no_events_after_removal.js | 29 + .../ssl/tests/unit/test_pkcs11_safe_mode.js | 49 + .../manager/ssl/tests/unit/test_pkcs11_slot.js | 38 + .../manager/ssl/tests/unit/test_pkcs11_token.js | 119 + .../manager/ssl/tests/unit/test_pkcs11_tokenDB.js | 45 + security/manager/ssl/tests/unit/test_sdr.js | 87 + .../ssl/tests/unit/test_session_resumption.js | 159 + .../ssl/tests/unit/test_signed_apps-marketplace.js | 42 + .../manager/ssl/tests/unit/test_signed_apps.js | 233 + .../unit/test_signed_apps/gentestfiles/README.md | 18 + .../gentestfiles/create_test_files.sh | 213 + .../test_signed_apps/gentestfiles/nss_ctypes.py | 129 + .../test_signed_apps/gentestfiles/sign_b2g_app.py | 174 + .../gentestfiles/unsigned_app_1/icon-128.png | Bin 0 -> 1633 bytes .../gentestfiles/unsigned_app_1/index.html | 6 + .../gentestfiles/unsigned_app_1/manifest.webapp | 8 + .../gentestfiles/unsigned_app_origin/icon-128.png | Bin 0 -> 1633 bytes .../gentestfiles/unsigned_app_origin/index.html | 6 + .../unsigned_app_origin/manifest.webapp | 10 + .../unsigned_app_origin_toolkit_webapps/index.html | 10 + .../manifest.webapp | 9 + .../test_signed_apps/privileged-app-test-1.0.zip | Bin 0 -> 23169 bytes .../test-privileged-app-test-1.0.zip | Bin 0 -> 22750 bytes .../tests/unit/test_signed_apps/trusted_ca1.der | Bin 0 -> 898 bytes .../unit/test_signed_apps/unknown_issuer_app_1.zip | Bin 0 -> 4220 bytes .../tests/unit/test_signed_apps/unsigned_app_1.zip | Bin 0 -> 2282 bytes .../tests/unit/test_signed_apps/valid_app_1.zip | Bin 0 -> 4222 bytes security/manager/ssl/tests/unit/test_signed_dir.js | 201 + .../lightbeam_for_firefox-1.3.1-fx.xpi | Bin 0 -> 672533 bytes .../ssl/tests/unit/test_signed_manifest/README.md | 17 + .../unit/test_signed_manifest/create_test_files.sh | 181 + .../unit/test_signed_manifest/manifest.webapp | 10 + .../tests/unit/test_signed_manifest/nss_ctypes.py | 136 + .../unit/test_signed_manifest/sign_b2g_manifest.py | 76 + .../testInvalidSignedManifest/manifest.sig | Bin 0 -> 1501 bytes .../testValidSignedManifest/manifest.sig | Bin 0 -> 1494 bytes .../unit/test_signed_manifest/trusted_ca1.der | Bin 0 -> 928 bytes .../manager/ssl/tests/unit/test_sss_eviction.js | 85 + .../manager/ssl/tests/unit/test_sss_readstate.js | 82 + .../ssl/tests/unit/test_sss_readstate_child.js | 41 + .../ssl/tests/unit/test_sss_readstate_empty.js | 40 + .../ssl/tests/unit/test_sss_readstate_garbage.js | 56 + .../ssl/tests/unit/test_sss_readstate_huge.js | 60 + .../manager/ssl/tests/unit/test_sss_savestate.js | 128 + .../manager/ssl/tests/unit/test_startcom_wosign.js | 43 + .../test_startcom_wosign/StartCom-after-cutoff.pem | 19 + .../StartCom-after-cutoff.pem.certspec | 4 + .../StartCom-before-cutoff.pem | 19 + .../StartCom-before-cutoff.pem.certspec | 4 + .../tests/unit/test_startcom_wosign/StartComCA.pem | 19 + .../test_startcom_wosign/StartComCA.pem.certspec | 4 + .../test_startcom_wosign/WoSign-after-cutoff.pem | 19 + .../WoSign-after-cutoff.pem.certspec | 4 + .../test_startcom_wosign/WoSign-before-cutoff.pem | 19 + .../WoSign-before-cutoff.pem.certspec | 4 + .../tests/unit/test_startcom_wosign/WoSignCA.pem | 19 + .../test_startcom_wosign/WoSignCA.pem.certspec | 4 + .../ssl/tests/unit/test_startcom_wosign/ca.pem | 17 + .../unit/test_startcom_wosign/ca.pem.certspec | 5 + .../ssl/tests/unit/test_startcom_wosign/moz.build | 19 + security/manager/ssl/tests/unit/test_sts_fqdn.js | 50 + .../manager/ssl/tests/unit/test_sts_holepunch.js | 34 + .../manager/ssl/tests/unit/test_sts_ipv4_ipv6.js | 42 + .../tests/unit/test_sts_preloadlist_perwindowpb.js | 217 + .../unit/test_sts_preloadlist_selfdestruct.js | 23 + .../tests/unit/test_toolkit_securityreporter.js | 133 + security/manager/ssl/tests/unit/test_validity.js | 92 + .../ev_ee_27_months-ev_int_60_months-evroot.pem | 21 + ..._27_months-ev_int_60_months-evroot.pem.certspec | 5 + .../ev_ee_28_months-ev_int_60_months-evroot.pem | 21 + ..._28_months-ev_int_60_months-evroot.pem.certspec | 5 + .../unit/test_validity/ev_int_60_months-evroot.key | 28 + .../ev_int_60_months-evroot.key.keyspec | 1 + .../unit/test_validity/ev_int_60_months-evroot.pem | 20 + .../ev_int_60_months-evroot.pem.certspec | 8 + .../ssl/tests/unit/test_validity/evroot.key | 28 + .../tests/unit/test_validity/evroot.key.keyspec | 1 + .../ssl/tests/unit/test_validity/evroot.pem | 18 + .../tests/unit/test_validity/evroot.pem.certspec | 7 + .../manager/ssl/tests/unit/test_validity/moz.build | 24 + .../manager/ssl/tests/unit/test_weak_crypto.js | 273 + security/manager/ssl/tests/unit/test_x509.js | 83 + .../ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp | 141 + .../unit/tlsserver/cmd/GenerateOCSPResponse.cpp | 170 + .../unit/tlsserver/cmd/OCSPStaplingServer.cpp | 129 + .../manager/ssl/tests/unit/tlsserver/cmd/moz.build | 25 + .../ssl/tests/unit/tlsserver/default-ee.der | 3 + .../ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp | 215 + .../ssl/tests/unit/tlsserver/lib/OCSPCommon.h | 61 + .../ssl/tests/unit/tlsserver/lib/TLSServer.cpp | 600 + .../ssl/tests/unit/tlsserver/lib/TLSServer.h | 89 + .../manager/ssl/tests/unit/tlsserver/lib/moz.build | 17 + .../manager/ssl/tests/unit/tlsserver/moz.build | 8 + .../manager/ssl/tests/unit/xpcshell-smartcards.ini | 14 + security/manager/ssl/tests/unit/xpcshell.ini | 149 + 1174 files changed, 148260 insertions(+) create mode 100644 security/manager/ssl/CSTrustDomain.cpp create mode 100644 security/manager/ssl/CSTrustDomain.h create mode 100644 security/manager/ssl/CertBlocklist.cpp create mode 100644 security/manager/ssl/CertBlocklist.h create mode 100644 security/manager/ssl/ContentSignatureVerifier.cpp create mode 100644 security/manager/ssl/ContentSignatureVerifier.h create mode 100644 security/manager/ssl/CryptoTask.cpp create mode 100644 security/manager/ssl/CryptoTask.h create mode 100644 security/manager/ssl/DER.jsm create mode 100644 security/manager/ssl/DataStorage.cpp create mode 100644 security/manager/ssl/DataStorage.h create mode 100644 security/manager/ssl/DataStorageIPCUtils.h create mode 100644 security/manager/ssl/LocalCertService.cpp create mode 100644 security/manager/ssl/LocalCertService.h create mode 100644 security/manager/ssl/NSSErrorsService.cpp create mode 100644 security/manager/ssl/NSSErrorsService.h create mode 100644 security/manager/ssl/PPSMContentDownloader.ipdl create mode 100644 security/manager/ssl/PSMContentListener.cpp create mode 100644 security/manager/ssl/PSMContentListener.h create mode 100644 security/manager/ssl/PSMRunnable.cpp create mode 100644 security/manager/ssl/PSMRunnable.h create mode 100644 security/manager/ssl/PublicKeyPinningService.cpp create mode 100644 security/manager/ssl/PublicKeyPinningService.h create mode 100644 security/manager/ssl/PublicSSL.h create mode 100644 security/manager/ssl/RootCertificateTelemetryUtils.cpp create mode 100644 security/manager/ssl/RootCertificateTelemetryUtils.h create mode 100644 security/manager/ssl/RootHashes.inc create mode 100644 security/manager/ssl/SSLServerCertVerification.cpp create mode 100644 security/manager/ssl/SSLServerCertVerification.h create mode 100644 security/manager/ssl/ScopedNSSTypes.h create mode 100644 security/manager/ssl/SecretDecoderRing.cpp create mode 100644 security/manager/ssl/SecretDecoderRing.h create mode 100644 security/manager/ssl/SharedCertVerifier.h create mode 100644 security/manager/ssl/SharedSSLState.cpp create mode 100644 security/manager/ssl/SharedSSLState.h create mode 100644 security/manager/ssl/StaticHPKPins.errors create mode 100644 security/manager/ssl/StaticHPKPins.h create mode 100644 security/manager/ssl/TransportSecurityInfo.cpp create mode 100644 security/manager/ssl/TransportSecurityInfo.h create mode 100644 security/manager/ssl/WeakCryptoOverride.cpp create mode 100644 security/manager/ssl/WeakCryptoOverride.h create mode 100644 security/manager/ssl/X509.jsm create mode 100644 security/manager/ssl/crashtests/398665-1.html create mode 100644 security/manager/ssl/crashtests/crashtests.list create mode 100644 security/manager/ssl/md4.c create mode 100644 security/manager/ssl/md4.h create mode 100644 security/manager/ssl/moz.build create mode 100644 security/manager/ssl/nsCertOverrideService.cpp create mode 100644 security/manager/ssl/nsCertOverrideService.h create mode 100644 security/manager/ssl/nsCertTree.cpp create mode 100644 security/manager/ssl/nsCertTree.h create mode 100644 security/manager/ssl/nsClientAuthRemember.cpp create mode 100644 security/manager/ssl/nsClientAuthRemember.h create mode 100644 security/manager/ssl/nsCrypto.cpp create mode 100644 security/manager/ssl/nsCrypto.h create mode 100644 security/manager/ssl/nsCryptoHash.cpp create mode 100644 security/manager/ssl/nsCryptoHash.h create mode 100644 security/manager/ssl/nsDataSignatureVerifier.cpp create mode 100644 security/manager/ssl/nsDataSignatureVerifier.h create mode 100644 security/manager/ssl/nsIASN1Object.idl create mode 100644 security/manager/ssl/nsIASN1PrintableItem.idl create mode 100644 security/manager/ssl/nsIASN1Sequence.idl create mode 100644 security/manager/ssl/nsIAssociatedContentSecurity.idl create mode 100644 security/manager/ssl/nsIBadCertListener2.idl create mode 100644 security/manager/ssl/nsICertBlocklist.idl create mode 100644 security/manager/ssl/nsICertOverrideService.idl create mode 100644 security/manager/ssl/nsICertTree.idl create mode 100644 security/manager/ssl/nsICertificateDialogs.idl create mode 100644 security/manager/ssl/nsIClientAuthDialogs.idl create mode 100644 security/manager/ssl/nsIContentSignatureVerifier.idl create mode 100644 security/manager/ssl/nsIDataSignatureVerifier.idl create mode 100644 security/manager/ssl/nsIGenKeypairInfoDlg.idl create mode 100644 security/manager/ssl/nsIKeyModule.idl create mode 100644 security/manager/ssl/nsIKeygenThread.idl create mode 100644 security/manager/ssl/nsILocalCertService.idl create mode 100644 security/manager/ssl/nsINSSU2FToken.idl create mode 100644 security/manager/ssl/nsINSSVersion.idl create mode 100644 security/manager/ssl/nsIPK11Token.idl create mode 100644 security/manager/ssl/nsIPK11TokenDB.idl create mode 100644 security/manager/ssl/nsIPKCS11.idl create mode 100644 security/manager/ssl/nsIPKCS11Module.idl create mode 100644 security/manager/ssl/nsIPKCS11ModuleDB.idl create mode 100644 security/manager/ssl/nsIPKCS11Slot.idl create mode 100644 security/manager/ssl/nsIProtectedAuthThread.idl create mode 100644 security/manager/ssl/nsISSLStatus.idl create mode 100644 security/manager/ssl/nsISSLStatusProvider.idl create mode 100644 security/manager/ssl/nsISecretDecoderRing.idl create mode 100644 security/manager/ssl/nsISecurityUITelemetry.idl create mode 100644 security/manager/ssl/nsISiteSecurityService.idl create mode 100644 security/manager/ssl/nsITokenDialogs.idl create mode 100644 security/manager/ssl/nsITokenPasswordDialogs.idl create mode 100644 security/manager/ssl/nsIU2FToken.idl create mode 100644 security/manager/ssl/nsIWeakCryptoOverride.idl create mode 100644 security/manager/ssl/nsIX509Cert.idl create mode 100644 security/manager/ssl/nsIX509CertDB.idl create mode 100644 security/manager/ssl/nsIX509CertList.idl create mode 100644 security/manager/ssl/nsIX509CertValidity.idl create mode 100644 security/manager/ssl/nsKeyModule.cpp create mode 100644 security/manager/ssl/nsKeyModule.h create mode 100644 security/manager/ssl/nsKeygenHandler.cpp create mode 100644 security/manager/ssl/nsKeygenHandler.h create mode 100644 security/manager/ssl/nsKeygenHandlerContent.cpp create mode 100644 security/manager/ssl/nsKeygenHandlerContent.h create mode 100644 security/manager/ssl/nsKeygenThread.cpp create mode 100644 security/manager/ssl/nsKeygenThread.h create mode 100644 security/manager/ssl/nsNSSASN1Object.cpp create mode 100644 security/manager/ssl/nsNSSASN1Object.h create mode 100644 security/manager/ssl/nsNSSCallbacks.cpp create mode 100644 security/manager/ssl/nsNSSCallbacks.h create mode 100644 security/manager/ssl/nsNSSCertHelper.cpp create mode 100644 security/manager/ssl/nsNSSCertHelper.h create mode 100644 security/manager/ssl/nsNSSCertTrust.cpp create mode 100644 security/manager/ssl/nsNSSCertTrust.h create mode 100644 security/manager/ssl/nsNSSCertValidity.cpp create mode 100644 security/manager/ssl/nsNSSCertValidity.h create mode 100644 security/manager/ssl/nsNSSCertificate.cpp create mode 100644 security/manager/ssl/nsNSSCertificate.h create mode 100644 security/manager/ssl/nsNSSCertificateDB.cpp create mode 100644 security/manager/ssl/nsNSSCertificateDB.h create mode 100644 security/manager/ssl/nsNSSCertificateFakeTransport.cpp create mode 100644 security/manager/ssl/nsNSSCertificateFakeTransport.h create mode 100644 security/manager/ssl/nsNSSComponent.cpp create mode 100644 security/manager/ssl/nsNSSComponent.h create mode 100644 security/manager/ssl/nsNSSErrors.cpp create mode 100644 security/manager/ssl/nsNSSHelper.h create mode 100644 security/manager/ssl/nsNSSIOLayer.cpp create mode 100644 security/manager/ssl/nsNSSIOLayer.h create mode 100644 security/manager/ssl/nsNSSModule.cpp create mode 100644 security/manager/ssl/nsNSSShutDown.cpp create mode 100644 security/manager/ssl/nsNSSShutDown.h create mode 100644 security/manager/ssl/nsNSSU2FToken.cpp create mode 100644 security/manager/ssl/nsNSSU2FToken.h create mode 100644 security/manager/ssl/nsNSSVersion.cpp create mode 100644 security/manager/ssl/nsNSSVersion.h create mode 100644 security/manager/ssl/nsNTLMAuthModule.cpp create mode 100644 security/manager/ssl/nsNTLMAuthModule.h create mode 100644 security/manager/ssl/nsPK11TokenDB.cpp create mode 100644 security/manager/ssl/nsPK11TokenDB.h create mode 100644 security/manager/ssl/nsPKCS11Slot.cpp create mode 100644 security/manager/ssl/nsPKCS11Slot.h create mode 100644 security/manager/ssl/nsPKCS12Blob.cpp create mode 100644 security/manager/ssl/nsPKCS12Blob.h create mode 100644 security/manager/ssl/nsProtectedAuthThread.cpp create mode 100644 security/manager/ssl/nsProtectedAuthThread.h create mode 100644 security/manager/ssl/nsRandomGenerator.cpp create mode 100644 security/manager/ssl/nsRandomGenerator.h create mode 100644 security/manager/ssl/nsSSLSocketProvider.cpp create mode 100644 security/manager/ssl/nsSSLSocketProvider.h create mode 100644 security/manager/ssl/nsSSLStatus.cpp create mode 100644 security/manager/ssl/nsSSLStatus.h create mode 100644 security/manager/ssl/nsSTSPreloadList.errors create mode 100644 security/manager/ssl/nsSTSPreloadList.inc create mode 100644 security/manager/ssl/nsSecureBrowserUIImpl.cpp create mode 100644 security/manager/ssl/nsSecureBrowserUIImpl.h create mode 100644 security/manager/ssl/nsSecurityHeaderParser.cpp create mode 100644 security/manager/ssl/nsSecurityHeaderParser.h create mode 100644 security/manager/ssl/nsSiteSecurityService.cpp create mode 100644 security/manager/ssl/nsSiteSecurityService.h create mode 100644 security/manager/ssl/nsSmartCardMonitor.cpp create mode 100644 security/manager/ssl/nsSmartCardMonitor.h create mode 100644 security/manager/ssl/nsTLSSocketProvider.cpp create mode 100644 security/manager/ssl/nsTLSSocketProvider.h create mode 100644 security/manager/ssl/nsVerificationJob.h create mode 100644 security/manager/ssl/tests/.eslintrc.js create mode 100644 security/manager/ssl/tests/gtest/CertDBTest.cpp create mode 100644 security/manager/ssl/tests/gtest/DataStorageTest.cpp create mode 100644 security/manager/ssl/tests/gtest/DeserializeCertTest.cpp create mode 100644 security/manager/ssl/tests/gtest/MD4Test.cpp create mode 100644 security/manager/ssl/tests/gtest/OCSPCacheTest.cpp create mode 100644 security/manager/ssl/tests/gtest/README.txt create mode 100644 security/manager/ssl/tests/gtest/STSParserTest.cpp create mode 100644 security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp create mode 100644 security/manager/ssl/tests/gtest/moz.build create mode 100644 security/manager/ssl/tests/mochitest/browser/.eslintrc.js create mode 100644 security/manager/ssl/tests/mochitest/browser/browser.ini create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_certViewer.js create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js create mode 100644 security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js create mode 100644 security/manager/ssl/tests/mochitest/browser/ca.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/ca.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/code-ee.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/email-ee.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/expired-ca.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/has-cn.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/has-o.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/has-ou.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/head.js create mode 100644 security/manager/ssl/tests/mochitest/browser/invalid.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/md5-ee.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/moz.build create mode 100644 security/manager/ssl/tests/mochitest/browser/revoked.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/ssl-ee.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem create mode 100644 security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/backward.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/download.auto create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^ create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframe.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/moz.build create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html create mode 100644 security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html create mode 100644 security/manager/ssl/tests/mochitest/moz.build create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/.eslintrc.js create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/chrome.ini create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/mochitest.ini create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/moz.build create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html^headers^ create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html^headers^ create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html^headers^ create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html create mode 100644 security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs create mode 100644 security/manager/ssl/tests/moz.build create mode 100644 security/manager/ssl/tests/unit/.eslintrc.js create mode 100644 security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/default-ee.key create mode 100644 security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/default-ee.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/ev-test.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/evroot.key create mode 100644 security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/evroot.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/expired-ee.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/expiredINT.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/md5signature.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/moz.build create mode 100644 security/manager/ssl/tests/unit/bad_certs/noValidNames.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValid.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-test-ca.key create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/selfsigned.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/test-ca.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/test-int.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec create mode 100644 security/manager/ssl/tests/unit/bad_certs/v1Cert.pem create mode 100644 security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec create mode 100644 security/manager/ssl/tests/unit/head_psm.js create mode 100644 security/manager/ssl/tests/unit/moz.build create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/default-ee.key create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/moz.build create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-int.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem create mode 100644 security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/pkcs11testmodule/moz.build create mode 100644 security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp create mode 100644 security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols create mode 100755 security/manager/ssl/tests/unit/pycert.py create mode 100755 security/manager/ssl/tests/unit/pykey.py create mode 100644 security/manager/ssl/tests/unit/sss_readstate_child_worker.js create mode 100644 security/manager/ssl/tests/unit/test_add_preexisting_cert.js create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/moz.build create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js create mode 100644 security/manager/ssl/tests/unit/test_certDB_import.js create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_certDB_import/moz.build create mode 100644 security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js create mode 100644 security/manager/ssl/tests/unit/test_cert_blocklist.js create mode 100644 security/manager/ssl/tests/unit/test_cert_chains.js create mode 100644 security/manager/ssl/tests/unit/test_cert_dbKey.js create mode 100644 security/manager/ssl/tests/unit/test_cert_eku.js create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_eku/moz.build create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null.js create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_embedded_null/moz.build create mode 100644 security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js create mode 100644 security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js create mode 100644 security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db create mode 100644 security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db create mode 100644 security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db create mode 100644 security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage.js create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build create mode 100644 security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js create mode 100644 security/manager/ssl/tests/unit/test_cert_overrides.js create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1.js create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_sha1/moz.build create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures.js create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_signatures/moz.build create mode 100644 security/manager/ssl/tests/unit/test_cert_trust.js create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/ee.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/int.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_trust/moz.build create mode 100644 security/manager/ssl/tests/unit/test_cert_version.js create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec create mode 100755 security/manager/ssl/tests/unit/test_cert_version/generate.py create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/moz.build create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem create mode 100644 security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js create mode 100644 security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem create mode 100644 security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem create mode 100644 security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem create mode 100644 security/manager/ssl/tests/unit/test_constructX509FromBase64.js create mode 100644 security/manager/ssl/tests/unit/test_content_signing.js create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem create mode 100644 security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_content_signing/moz.build create mode 100644 security/manager/ssl/tests/unit/test_content_signing/pysign.py create mode 100644 security/manager/ssl/tests/unit/test_content_signing/test.txt create mode 100644 security/manager/ssl/tests/unit/test_content_signing/test.txt.signature create mode 100644 security/manager/ssl/tests/unit/test_datasignatureverifier.js create mode 100644 security/manager/ssl/tests/unit/test_der.js create mode 100644 security/manager/ssl/tests/unit/test_enterprise_roots.js create mode 100644 security/manager/ssl/tests/unit/test_ev_certs.js create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/evroot.key create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/moz.build create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem create mode 100644 security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js create mode 100644 security/manager/ssl/tests/unit/test_getchain.js create mode 100644 security/manager/ssl/tests/unit/test_getchain/ca-1.pem create mode 100644 security/manager/ssl/tests/unit/test_getchain/ca-1.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_getchain/ca-2.pem create mode 100644 security/manager/ssl/tests/unit/test_getchain/ca-2.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_getchain/ee.pem create mode 100644 security/manager/ssl/tests/unit/test_getchain/ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_getchain/moz.build create mode 100644 security/manager/ssl/tests/unit/test_hash_algorithms.js create mode 100644 security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js create mode 100644 security/manager/ssl/tests/unit/test_hmac.js create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build create mode 100644 security/manager/ssl/tests/unit/test_js_cert_override_service.js create mode 100644 security/manager/ssl/tests/unit/test_keysize.js create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/moz.build create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev.js create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/evroot.key create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_keysize_ev/moz.build create mode 100644 security/manager/ssl/tests/unit/test_local_cert.js create mode 100644 security/manager/ssl/tests/unit/test_logoutAndTeardown.js create mode 100644 security/manager/ssl/tests/unit/test_name_constraints.js create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/dciss.pem create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_name_constraints/moz.build create mode 100644 security/manager/ssl/tests/unit/test_nsCertType.js create mode 100644 security/manager/ssl/tests/unit/test_nsIX509CertValidity.js create mode 100644 security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js create mode 100644 security/manager/ssl/tests/unit/test_nss_shutdown.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_caching.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_fetch_method.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key create mode 100644 security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build create mode 100644 security/manager/ssl/tests/unit/test_ocsp_must_staple.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_required.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_stapling.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_timeout.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url.js create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/ca.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/int.key create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/int.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/moz.build create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem create mode 100644 security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_onecrl/moz.build create mode 100644 security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt create mode 100644 security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem create mode 100644 security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_password_prompt.js create mode 100644 security/manager/ssl/tests/unit/test_pinning.js create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic.js create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem create mode 100644 security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_pinning_header_parsing.js create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_module.js create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_slot.js create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_token.js create mode 100644 security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js create mode 100644 security/manager/ssl/tests/unit/test_sdr.js create mode 100644 security/manager/ssl/tests/unit/test_session_resumption.js create mode 100644 security/manager/ssl/tests/unit/test_signed_apps-marketplace.js create mode 100644 security/manager/ssl/tests/unit/test_signed_apps.js create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/README.md create mode 100755 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/create_test_files.sh create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/nss_ctypes.py create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/icon-128.png create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/index.html create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/manifest.webapp create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/icon-128.png create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/index.html create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/manifest.webapp create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/index.html create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/manifest.webapp create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/test-privileged-app-test-1.0.zip create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip create mode 100644 security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip create mode 100644 security/manager/ssl/tests/unit/test_signed_dir.js create mode 100644 security/manager/ssl/tests/unit/test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi create mode 100644 security/manager/ssl/tests/unit/test_signed_manifest/README.md create mode 100755 security/manager/ssl/tests/unit/test_signed_manifest/create_test_files.sh create mode 100644 security/manager/ssl/tests/unit/test_signed_manifest/manifest.webapp create mode 100644 security/manager/ssl/tests/unit/test_signed_manifest/nss_ctypes.py create mode 100644 security/manager/ssl/tests/unit/test_signed_manifest/sign_b2g_manifest.py create mode 100644 security/manager/ssl/tests/unit/test_signed_manifest/testInvalidSignedManifest/manifest.sig create mode 100644 security/manager/ssl/tests/unit/test_signed_manifest/testValidSignedManifest/manifest.sig create mode 100644 security/manager/ssl/tests/unit/test_signed_manifest/trusted_ca1.der create mode 100644 security/manager/ssl/tests/unit/test_sss_eviction.js create mode 100644 security/manager/ssl/tests/unit/test_sss_readstate.js create mode 100644 security/manager/ssl/tests/unit/test_sss_readstate_child.js create mode 100644 security/manager/ssl/tests/unit/test_sss_readstate_empty.js create mode 100644 security/manager/ssl/tests/unit/test_sss_readstate_garbage.js create mode 100644 security/manager/ssl/tests/unit/test_sss_readstate_huge.js create mode 100644 security/manager/ssl/tests/unit/test_sss_savestate.js create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign.js create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_startcom_wosign/moz.build create mode 100644 security/manager/ssl/tests/unit/test_sts_fqdn.js create mode 100644 security/manager/ssl/tests/unit/test_sts_holepunch.js create mode 100644 security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js create mode 100644 security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js create mode 100644 security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js create mode 100644 security/manager/ssl/tests/unit/test_toolkit_securityreporter.js create mode 100644 security/manager/ssl/tests/unit/test_validity.js create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_validity/evroot.key create mode 100644 security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec create mode 100644 security/manager/ssl/tests/unit/test_validity/evroot.pem create mode 100644 security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec create mode 100644 security/manager/ssl/tests/unit/test_validity/moz.build create mode 100644 security/manager/ssl/tests/unit/test_weak_crypto.js create mode 100644 security/manager/ssl/tests/unit/test_x509.js create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp create mode 100644 security/manager/ssl/tests/unit/tlsserver/cmd/moz.build create mode 100644 security/manager/ssl/tests/unit/tlsserver/default-ee.der create mode 100644 security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp create mode 100644 security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h create mode 100644 security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp create mode 100644 security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h create mode 100644 security/manager/ssl/tests/unit/tlsserver/lib/moz.build create mode 100644 security/manager/ssl/tests/unit/tlsserver/moz.build create mode 100644 security/manager/ssl/tests/unit/xpcshell-smartcards.ini create mode 100644 security/manager/ssl/tests/unit/xpcshell.ini (limited to 'security/manager/ssl') diff --git a/security/manager/ssl/CSTrustDomain.cpp b/security/manager/ssl/CSTrustDomain.cpp new file mode 100644 index 000000000..90008038e --- /dev/null +++ b/security/manager/ssl/CSTrustDomain.cpp @@ -0,0 +1,231 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "CSTrustDomain.h" +#include "mozilla/Base64.h" +#include "mozilla/Preferences.h" +#include "nsNSSCertificate.h" +#include "nsNSSComponent.h" +#include "nsServiceManagerUtils.h" +#include "nsThreadUtils.h" +#include "pkix/pkixnss.h" + +using namespace mozilla::pkix; + +namespace mozilla { namespace psm { + +static LazyLogModule gTrustDomainPRLog("CSTrustDomain"); +#define CSTrust_LOG(args) MOZ_LOG(gTrustDomainPRLog, LogLevel::Debug, args) + +CSTrustDomain::CSTrustDomain(UniqueCERTCertList& certChain) + : mCertChain(certChain) + , mCertBlocklist(do_GetService(NS_CERTBLOCKLIST_CONTRACTID)) +{ +} + +Result +CSTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA, + const CertPolicyId& policy, Input candidateCertDER, + /*out*/ TrustLevel& trustLevel) +{ + MOZ_ASSERT(policy.IsAnyPolicy()); + if (!policy.IsAnyPolicy()) { + return Result::FATAL_ERROR_INVALID_ARGS; + } + + SECItem candidateCertDERSECItem = UnsafeMapInputToSECItem(candidateCertDER); + UniqueCERTCertificate candidateCert( + CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &candidateCertDERSECItem, + nullptr, false, true)); + if (!candidateCert) { + return MapPRErrorCodeToResult(PR_GetError()); + } + + bool isCertRevoked; + nsresult nsrv = mCertBlocklist->IsCertRevoked( + candidateCert->derIssuer.data, + candidateCert->derIssuer.len, + candidateCert->serialNumber.data, + candidateCert->serialNumber.len, + candidateCert->derSubject.data, + candidateCert->derSubject.len, + candidateCert->derPublicKey.data, + candidateCert->derPublicKey.len, + &isCertRevoked); + if (NS_FAILED(nsrv)) { + return Result::FATAL_ERROR_LIBRARY_FAILURE; + } + + if (isCertRevoked) { + CSTrust_LOG(("CSTrustDomain: certificate is revoked\n")); + return Result::ERROR_REVOKED_CERTIFICATE; + } + + // Is this cert our built-in content signing root? + bool isRoot = false; + nsCOMPtr component(do_GetService(PSM_COMPONENT_CONTRACTID)); + if (!component) { + return Result::FATAL_ERROR_LIBRARY_FAILURE; + } + nsrv = component->IsCertContentSigningRoot(candidateCert.get(), isRoot); + if (NS_FAILED(nsrv)) { + return Result::FATAL_ERROR_LIBRARY_FAILURE; + } + if (isRoot) { + CSTrust_LOG(("CSTrustDomain: certificate is a trust anchor\n")); + trustLevel = TrustLevel::TrustAnchor; + return Success; + } + CSTrust_LOG(("CSTrustDomain: certificate is *not* a trust anchor\n")); + + trustLevel = TrustLevel::InheritsTrust; + return Success; +} + +Result +CSTrustDomain::FindIssuer(Input encodedIssuerName, IssuerChecker& checker, + Time time) +{ + // Loop over the chain, look for a matching subject + for (CERTCertListNode* n = CERT_LIST_HEAD(mCertChain); + !CERT_LIST_END(n, mCertChain); n = CERT_LIST_NEXT(n)) { + Input certDER; + Result rv = certDER.Init(n->cert->derCert.data, n->cert->derCert.len); + if (rv != Success) { + continue; // probably too big + } + + // if the subject does not match, try the next certificate + Input subjectDER; + rv = subjectDER.Init(n->cert->derSubject.data, n->cert->derSubject.len); + if (rv != Success) { + continue; // just try the next one + } + if (!InputsAreEqual(subjectDER, encodedIssuerName)) { + CSTrust_LOG(("CSTrustDomain: subjects don't match\n")); + continue; + } + + // If the subject does match, try the next step + bool keepGoing; + rv = checker.Check(certDER, nullptr/*additionalNameConstraints*/, + keepGoing); + if (rv != Success) { + return rv; + } + if (!keepGoing) { + CSTrust_LOG(("CSTrustDomain: don't keep going\n")); + break; + } + } + + return Success; +} + +Result +CSTrustDomain::CheckRevocation(EndEntityOrCA endEntityOrCA, + const CertID& certID, Time time, + Duration validityDuration, + /*optional*/ const Input* stapledOCSPresponse, + /*optional*/ const Input* aiaExtension) +{ + // We're relying solely on the CertBlocklist for revocation - and we're + // performing checks on this in GetCertTrust (as per nsNSSCertDBTrustDomain) + return Success; +} + +Result +CSTrustDomain::IsChainValid(const DERArray& certChain, Time time) +{ + // Check that our chain is not empty + if (certChain.GetLength() == 0) { + return Result::FATAL_ERROR_LIBRARY_FAILURE; + } + + return Success; +} + +Result +CSTrustDomain::CheckSignatureDigestAlgorithm(DigestAlgorithm digestAlg, + EndEntityOrCA endEntityOrCA, + Time notBefore) +{ + if (digestAlg == DigestAlgorithm::sha1) { + return Result::ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED; + } + return Success; +} + +Result +CSTrustDomain::CheckRSAPublicKeyModulusSizeInBits( + EndEntityOrCA endEntityOrCA, unsigned int modulusSizeInBits) +{ + if (modulusSizeInBits < 2048) { + return Result::ERROR_INADEQUATE_KEY_SIZE; + } + return Success; +} + +Result +CSTrustDomain::VerifyRSAPKCS1SignedDigest(const SignedDigest& signedDigest, + Input subjectPublicKeyInfo) +{ + return VerifyRSAPKCS1SignedDigestNSS(signedDigest, subjectPublicKeyInfo, + nullptr); +} + +Result +CSTrustDomain::CheckECDSACurveIsAcceptable(EndEntityOrCA endEntityOrCA, + NamedCurve curve) +{ + switch (curve) { + case NamedCurve::secp256r1: // fall through + case NamedCurve::secp384r1: // fall through + case NamedCurve::secp521r1: + return Success; + } + + return Result::ERROR_UNSUPPORTED_ELLIPTIC_CURVE; +} + +Result +CSTrustDomain::VerifyECDSASignedDigest(const SignedDigest& signedDigest, + Input subjectPublicKeyInfo) +{ + return VerifyECDSASignedDigestNSS(signedDigest, subjectPublicKeyInfo, + nullptr); +} + +Result +CSTrustDomain::CheckValidityIsAcceptable(Time notBefore, Time notAfter, + EndEntityOrCA endEntityOrCA, + KeyPurposeId keyPurpose) +{ + return Success; +} + +Result +CSTrustDomain::NetscapeStepUpMatchesServerAuth(Time notBefore, + /*out*/ bool& matches) +{ + matches = false; + return Success; +} + +void +CSTrustDomain::NoteAuxiliaryExtension(AuxiliaryExtension /*extension*/, + Input /*extensionData*/) +{ +} + +Result +CSTrustDomain::DigestBuf(Input item, DigestAlgorithm digestAlg, + /*out*/ uint8_t* digestBuf, size_t digestBufLen) +{ + return DigestBufNSS(item, digestAlg, digestBuf, digestBufLen); +} + +} } // end namespace mozilla::psm diff --git a/security/manager/ssl/CSTrustDomain.h b/security/manager/ssl/CSTrustDomain.h new file mode 100644 index 000000000..29a82539b --- /dev/null +++ b/security/manager/ssl/CSTrustDomain.h @@ -0,0 +1,80 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef CSTrustDomain_h +#define CSTrustDomain_h + +#include "pkix/pkixtypes.h" +#include "mozilla/StaticMutex.h" +#include "mozilla/UniquePtr.h" +#include "nsDebug.h" +#include "nsICertBlocklist.h" +#include "nsIX509CertDB.h" +#include "ScopedNSSTypes.h" + +namespace mozilla { namespace psm { + +class CSTrustDomain final : public mozilla::pkix::TrustDomain +{ +public: + typedef mozilla::pkix::Result Result; + + explicit CSTrustDomain(UniqueCERTCertList& certChain); + + virtual Result GetCertTrust( + mozilla::pkix::EndEntityOrCA endEntityOrCA, + const mozilla::pkix::CertPolicyId& policy, + mozilla::pkix::Input candidateCertDER, + /*out*/ mozilla::pkix::TrustLevel& trustLevel) override; + virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName, + IssuerChecker& checker, + mozilla::pkix::Time time) override; + virtual Result CheckRevocation( + mozilla::pkix::EndEntityOrCA endEntityOrCA, + const mozilla::pkix::CertID& certID, mozilla::pkix::Time time, + mozilla::pkix::Duration validityDuration, + /*optional*/ const mozilla::pkix::Input* stapledOCSPresponse, + /*optional*/ const mozilla::pkix::Input* aiaExtension) override; + virtual Result IsChainValid(const mozilla::pkix::DERArray& certChain, + mozilla::pkix::Time time) override; + virtual Result CheckSignatureDigestAlgorithm( + mozilla::pkix::DigestAlgorithm digestAlg, + mozilla::pkix::EndEntityOrCA endEntityOrCA, + mozilla::pkix::Time notBefore) override; + virtual Result CheckRSAPublicKeyModulusSizeInBits( + mozilla::pkix::EndEntityOrCA endEntityOrCA, + unsigned int modulusSizeInBits) override; + virtual Result VerifyRSAPKCS1SignedDigest( + const mozilla::pkix::SignedDigest& signedDigest, + mozilla::pkix::Input subjectPublicKeyInfo) override; + virtual Result CheckECDSACurveIsAcceptable( + mozilla::pkix::EndEntityOrCA endEntityOrCA, + mozilla::pkix::NamedCurve curve) override; + virtual Result VerifyECDSASignedDigest( + const mozilla::pkix::SignedDigest& signedDigest, + mozilla::pkix::Input subjectPublicKeyInfo) override; + virtual Result CheckValidityIsAcceptable( + mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter, + mozilla::pkix::EndEntityOrCA endEntityOrCA, + mozilla::pkix::KeyPurposeId keyPurpose) override; + virtual Result NetscapeStepUpMatchesServerAuth( + mozilla::pkix::Time notBefore, /*out*/ bool& matches) override; + virtual void NoteAuxiliaryExtension( + mozilla::pkix::AuxiliaryExtension extension, + mozilla::pkix::Input extensionData) override; + virtual Result DigestBuf(mozilla::pkix::Input item, + mozilla::pkix::DigestAlgorithm digestAlg, + /*out*/ uint8_t* digestBuf, + size_t digestBufLen) override; + +private: + /*out*/ UniqueCERTCertList& mCertChain; + nsCOMPtr mCertBlocklist; +}; + +} } // namespace mozilla::psm + +#endif // CSTrustDomain_h diff --git a/security/manager/ssl/CertBlocklist.cpp b/security/manager/ssl/CertBlocklist.cpp new file mode 100644 index 000000000..56473eca3 --- /dev/null +++ b/security/manager/ssl/CertBlocklist.cpp @@ -0,0 +1,671 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "CertBlocklist.h" + +#include "mozilla/Base64.h" +#include "mozilla/Casting.h" +#include "mozilla/Logging.h" +#include "mozilla/Preferences.h" +#include "mozilla/Unused.h" +#include "nsAppDirectoryServiceDefs.h" +#include "nsCRTGlue.h" +#include "nsDirectoryServiceUtils.h" +#include "nsICryptoHash.h" +#include "nsIFileStreams.h" +#include "nsILineInputStream.h" +#include "nsISafeOutputStream.h" +#include "nsIX509Cert.h" +#include "nsNetCID.h" +#include "nsNetUtil.h" +#include "nsTHashtable.h" +#include "nsThreadUtils.h" +#include "pkix/Input.h" +#include "prtime.h" + +NS_IMPL_ISUPPORTS(CertBlocklist, nsICertBlocklist) + +using namespace mozilla; +using namespace mozilla::pkix; + +#define PREF_BACKGROUND_UPDATE_TIMER "app.update.lastUpdateTime.blocklist-background-update-timer" +#define PREF_BLOCKLIST_ONECRL_CHECKED "services.blocklist.onecrl.checked" +#define PREF_MAX_STALENESS_IN_SECONDS "security.onecrl.maximum_staleness_in_seconds" +#define PREF_ONECRL_VIA_AMO "security.onecrl.via.amo" + +static LazyLogModule gCertBlockPRLog("CertBlock"); + +uint32_t CertBlocklist::sLastBlocklistUpdate = 0U; +uint32_t CertBlocklist::sLastKintoUpdate = 0U; +uint32_t CertBlocklist::sMaxStaleness = 0U; +bool CertBlocklist::sUseAMO = true; + +CertBlocklistItem::CertBlocklistItem(const uint8_t* DNData, + size_t DNLength, + const uint8_t* otherData, + size_t otherLength, + CertBlocklistItemMechanism itemMechanism) + : mIsCurrent(false) + , mItemMechanism(itemMechanism) +{ + mDNData = new uint8_t[DNLength]; + memcpy(mDNData, DNData, DNLength); + mDNLength = DNLength; + + mOtherData = new uint8_t[otherLength]; + memcpy(mOtherData, otherData, otherLength); + mOtherLength = otherLength; +} + +CertBlocklistItem::CertBlocklistItem(const CertBlocklistItem& aItem) +{ + mDNLength = aItem.mDNLength; + mDNData = new uint8_t[mDNLength]; + memcpy(mDNData, aItem.mDNData, mDNLength); + + mOtherLength = aItem.mOtherLength; + mOtherData = new uint8_t[mOtherLength]; + memcpy(mOtherData, aItem.mOtherData, mOtherLength); + + mItemMechanism = aItem.mItemMechanism; + + mIsCurrent = aItem.mIsCurrent; +} + +CertBlocklistItem::~CertBlocklistItem() +{ + delete[] mDNData; + delete[] mOtherData; +} + +nsresult +CertBlocklistItem::ToBase64(nsACString& b64DNOut, nsACString& b64OtherOut) +{ + nsDependentCSubstring DNString(BitwiseCast(mDNData), + mDNLength); + nsDependentCSubstring otherString(BitwiseCast(mOtherData), + mOtherLength); + nsresult rv = Base64Encode(DNString, b64DNOut); + if (NS_FAILED(rv)) { + return rv; + } + rv = Base64Encode(otherString, b64OtherOut); + return rv; +} + +bool +CertBlocklistItem::operator==(const CertBlocklistItem& aItem) const +{ + if (aItem.mItemMechanism != mItemMechanism) { + return false; + } + if (aItem.mDNLength != mDNLength || + aItem.mOtherLength != mOtherLength) { + return false; + } + return memcmp(aItem.mDNData, mDNData, mDNLength) == 0 && + memcmp(aItem.mOtherData, mOtherData, mOtherLength) == 0; +} + +uint32_t +CertBlocklistItem::Hash() const +{ + uint32_t hash; + // there's no requirement for a serial to be as large as the size of the hash + // key; if it's smaller, fall back to the first octet (otherwise, the last + // four) + if (mItemMechanism == BlockByIssuerAndSerial && + mOtherLength >= sizeof(hash)) { + memcpy(&hash, mOtherData + mOtherLength - sizeof(hash), sizeof(hash)); + } else { + hash = *mOtherData; + } + return hash; +} + +CertBlocklist::CertBlocklist() + : mMutex("CertBlocklist::mMutex") + , mModified(false) + , mBackingFileIsInitialized(false) + , mBackingFile(nullptr) +{ +} + +CertBlocklist::~CertBlocklist() +{ + Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged, + PREF_BACKGROUND_UPDATE_TIMER, + this); + Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged, + PREF_MAX_STALENESS_IN_SECONDS, + this); + Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged, + PREF_ONECRL_VIA_AMO, + this); + Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged, + PREF_BLOCKLIST_ONECRL_CHECKED, + this); +} + +nsresult +CertBlocklist::Init() +{ + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, ("CertBlocklist::Init")); + + // Init must be on main thread for getting the profile directory + if (!NS_IsMainThread()) { + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, + ("CertBlocklist::Init - called off main thread")); + return NS_ERROR_NOT_SAME_THREAD; + } + + // Register preference callbacks + nsresult rv = + Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged, + PREF_BACKGROUND_UPDATE_TIMER, + this); + if (NS_FAILED(rv)) { + return rv; + } + rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged, + PREF_MAX_STALENESS_IN_SECONDS, + this); + if (NS_FAILED(rv)) { + return rv; + } + rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged, + PREF_ONECRL_VIA_AMO, + this); + if (NS_FAILED(rv)) { + return rv; + } + rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged, + PREF_BLOCKLIST_ONECRL_CHECKED, + this); + if (NS_FAILED(rv)) { + return rv; + } + + // Get the profile directory + rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR, + getter_AddRefs(mBackingFile)); + if (NS_FAILED(rv) || !mBackingFile) { + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, + ("CertBlocklist::Init - couldn't get profile dir")); + // Since we're returning NS_OK here, set mBackingFile to a safe value. + // (We need initialization to succeed and CertBlocklist to be in a + // well-defined state if the profile directory doesn't exist.) + mBackingFile = nullptr; + return NS_OK; + } + rv = mBackingFile->Append(NS_LITERAL_STRING("revocations.txt")); + if (NS_FAILED(rv)) { + return rv; + } + nsAutoCString path; + rv = mBackingFile->GetNativePath(path); + if (NS_FAILED(rv)) { + return rv; + } + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, + ("CertBlocklist::Init certList path: %s", path.get())); + + return NS_OK; +} + +nsresult +CertBlocklist::EnsureBackingFileInitialized(MutexAutoLock& lock) +{ + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, + ("CertBlocklist::EnsureBackingFileInitialized")); + if (mBackingFileIsInitialized || !mBackingFile) { + return NS_OK; + } + + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, + ("CertBlocklist::EnsureBackingFileInitialized - not initialized")); + + bool exists = false; + nsresult rv = mBackingFile->Exists(&exists); + if (NS_FAILED(rv)) { + return rv; + } + if (!exists) { + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::EnsureBackingFileInitialized no revocations file")); + return NS_OK; + } + + // Load the revocations file into the cert blocklist + nsCOMPtr fileStream( + do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv)); + if (NS_FAILED(rv)) { + return rv; + } + + rv = fileStream->Init(mBackingFile, -1, -1, false); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr lineStream(do_QueryInterface(fileStream, &rv)); + nsAutoCString line; + nsAutoCString DN; + nsAutoCString other; + CertBlocklistItemMechanism mechanism; + // read in the revocations file. The file format is as follows: each line + // contains a comment, base64 encoded DER for a DN, base64 encoded DER for a + // serial number or a Base64 encoded SHA256 hash of a public key. Comment + // lines start with '#', serial number lines, ' ' (a space), public key hashes + // with '\t' (a tab) and anything else is assumed to be a DN. + bool more = true; + do { + rv = lineStream->ReadLine(line, &more); + if (NS_FAILED(rv)) { + break; + } + // ignore comments and empty lines + if (line.IsEmpty() || line.First() == '#') { + continue; + } + if (line.First() != ' ' && line.First() != '\t') { + DN = line; + continue; + } + other = line; + if (line.First() == ' ') { + mechanism = BlockByIssuerAndSerial; + } else { + mechanism = BlockBySubjectAndPubKey; + } + other.Trim(" \t", true, false, false); + // Serial numbers and public key hashes 'belong' to the last DN line seen; + // if no DN has been seen, the serial number or public key hash is ignored. + if (DN.IsEmpty() || other.IsEmpty()) { + continue; + } + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, + ("CertBlocklist::EnsureBackingFileInitialized adding: %s %s", + DN.get(), other.get())); + + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, + ("CertBlocklist::EnsureBackingFileInitialized - pre-decode")); + + rv = AddRevokedCertInternal(DN, other, mechanism, CertOldFromLocalCache, + lock); + + if (NS_FAILED(rv)) { + // we warn here, rather than abandoning, since we need to + // ensure that as many items as possible are read + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::EnsureBackingFileInitialized adding revoked cert " + "failed")); + } + } while (more); + mBackingFileIsInitialized = true; + return NS_OK; +} + +NS_IMETHODIMP +CertBlocklist::RevokeCertBySubjectAndPubKey(const char* aSubject, + const char* aPubKeyHash) +{ + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, + ("CertBlocklist::RevokeCertBySubjectAndPubKey - subject is: %s and pubKeyHash: %s", + aSubject, aPubKeyHash)); + MutexAutoLock lock(mMutex); + + return AddRevokedCertInternal(nsDependentCString(aSubject), + nsDependentCString(aPubKeyHash), + BlockBySubjectAndPubKey, + CertNewFromBlocklist, lock); +} + +NS_IMETHODIMP +CertBlocklist::RevokeCertByIssuerAndSerial(const char* aIssuer, + const char* aSerialNumber) +{ + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, + ("CertBlocklist::RevokeCertByIssuerAndSerial - issuer is: %s and serial: %s", + aIssuer, aSerialNumber)); + MutexAutoLock lock(mMutex); + + return AddRevokedCertInternal(nsDependentCString(aIssuer), + nsDependentCString(aSerialNumber), + BlockByIssuerAndSerial, + CertNewFromBlocklist, lock); +} + +nsresult +CertBlocklist::AddRevokedCertInternal(const nsACString& aEncodedDN, + const nsACString& aEncodedOther, + CertBlocklistItemMechanism aMechanism, + CertBlocklistItemState aItemState, + MutexAutoLock& /*proofOfLock*/) +{ + nsCString decodedDN; + nsCString decodedOther; + + nsresult rv = Base64Decode(aEncodedDN, decodedDN); + if (NS_FAILED(rv)) { + return rv; + } + rv = Base64Decode(aEncodedOther, decodedOther); + if (NS_FAILED(rv)) { + return rv; + } + + CertBlocklistItem item( + BitwiseCast(decodedDN.get()), + decodedDN.Length(), + BitwiseCast(decodedOther.get()), + decodedOther.Length(), + aMechanism); + + if (aItemState == CertNewFromBlocklist) { + // We want SaveEntries to be a no-op if no new entries are added. + nsGenericHashKey* entry = mBlocklist.GetEntry(item); + if (!entry) { + mModified = true; + } else { + // Ensure that any existing item is replaced by a fresh one so we can + // use mIsCurrent to decide which entries to write out. + mBlocklist.RemoveEntry(entry); + } + item.mIsCurrent = true; + } + mBlocklist.PutEntry(item); + + return NS_OK; +} + +// Write a line for a given string in the output stream +nsresult +WriteLine(nsIOutputStream* outputStream, const nsACString& string) +{ + nsAutoCString line(string); + line.Append('\n'); + + const char* data = line.get(); + uint32_t length = line.Length(); + nsresult rv = NS_OK; + while (NS_SUCCEEDED(rv) && length) { + uint32_t bytesWritten = 0; + rv = outputStream->Write(data, length, &bytesWritten); + if (NS_FAILED(rv)) { + return rv; + } + // if no data is written, something is wrong + if (!bytesWritten) { + return NS_ERROR_FAILURE; + } + length -= bytesWritten; + data += bytesWritten; + } + return rv; +} + +// void saveEntries(); +// Store the blockist in a text file containing base64 encoded issuers and +// serial numbers. +// +// Each item is stored on a separate line; each issuer is followed by its +// revoked serial numbers, indented by one space. +// +// lines starting with a # character are ignored +NS_IMETHODIMP +CertBlocklist::SaveEntries() +{ + MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, + ("CertBlocklist::SaveEntries - not initialized")); + MutexAutoLock lock(mMutex); + if (!mModified) { + return NS_OK; + } + + nsresult rv = EnsureBackingFileInitialized(lock); + if (NS_FAILED(rv)) { + return rv; + } + + if (!mBackingFile) { + // We allow this to succeed with no profile directory for tests + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::SaveEntries no file in profile to write to")); + return NS_OK; + } + + // Data needed for writing blocklist items out to the revocations file + IssuerTable issuerTable; + BlocklistStringSet issuers; + nsCOMPtr outputStream; + + rv = NS_NewAtomicFileOutputStream(getter_AddRefs(outputStream), + mBackingFile, -1, -1, 0); + if (NS_FAILED(rv)) { + return rv; + } + + rv = WriteLine(outputStream, + NS_LITERAL_CSTRING("# Auto generated contents. Do not edit.")); + if (NS_FAILED(rv)) { + return rv; + } + + // Sort blocklist items into lists of serials for each issuer + for (auto iter = mBlocklist.Iter(); !iter.Done(); iter.Next()) { + CertBlocklistItem item = iter.Get()->GetKey(); + if (!item.mIsCurrent) { + continue; + } + + nsAutoCString encDN; + nsAutoCString encOther; + + nsresult rv = item.ToBase64(encDN, encOther); + if (NS_FAILED(rv)) { + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::SaveEntries writing revocation data failed")); + return NS_ERROR_FAILURE; + } + + // If it's a subject / public key block, write it straight out + if (item.mItemMechanism == BlockBySubjectAndPubKey) { + WriteLine(outputStream, encDN); + WriteLine(outputStream, NS_LITERAL_CSTRING("\t") + encOther); + continue; + } + + // Otherwise, we have to group entries by issuer + issuers.PutEntry(encDN); + BlocklistStringSet* issuerSet = issuerTable.Get(encDN); + if (!issuerSet) { + issuerSet = new BlocklistStringSet(); + issuerTable.Put(encDN, issuerSet); + } + issuerSet->PutEntry(encOther); + } + + for (auto iter = issuers.Iter(); !iter.Done(); iter.Next()) { + nsCStringHashKey* hashKey = iter.Get(); + nsAutoPtr issuerSet; + issuerTable.RemoveAndForget(hashKey->GetKey(), issuerSet); + + nsresult rv = WriteLine(outputStream, hashKey->GetKey()); + if (NS_FAILED(rv)) { + break; + } + + // Write serial data to the output stream + for (auto iter = issuerSet->Iter(); !iter.Done(); iter.Next()) { + nsresult rv = WriteLine(outputStream, + NS_LITERAL_CSTRING(" ") + iter.Get()->GetKey()); + if (NS_FAILED(rv)) { + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::SaveEntries writing revocation data failed")); + return NS_ERROR_FAILURE; + } + } + } + + nsCOMPtr safeStream = do_QueryInterface(outputStream); + NS_ASSERTION(safeStream, "expected a safe output stream!"); + if (!safeStream) { + return NS_ERROR_FAILURE; + } + rv = safeStream->Finish(); + if (NS_FAILED(rv)) { + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::SaveEntries saving revocation data failed")); + return rv; + } + mModified = false; + return NS_OK; +} + +NS_IMETHODIMP +CertBlocklist::IsCertRevoked(const uint8_t* aIssuer, + uint32_t aIssuerLength, + const uint8_t* aSerial, + uint32_t aSerialLength, + const uint8_t* aSubject, + uint32_t aSubjectLength, + const uint8_t* aPubKey, + uint32_t aPubKeyLength, + bool* _retval) +{ + MutexAutoLock lock(mMutex); + + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::IsCertRevoked?")); + nsresult rv = EnsureBackingFileInitialized(lock); + if (NS_FAILED(rv)) { + return rv; + } + + Input issuer; + Input serial; + if (issuer.Init(aIssuer, aIssuerLength) != Success) { + return NS_ERROR_FAILURE; + } + if (serial.Init(aSerial, aSerialLength) != Success) { + return NS_ERROR_FAILURE; + } + + CertBlocklistItem issuerSerial(aIssuer, aIssuerLength, aSerial, aSerialLength, + BlockByIssuerAndSerial); + + nsAutoCString encDN; + nsAutoCString encOther; + + issuerSerial.ToBase64(encDN, encOther); + if (NS_FAILED(rv)) { + return rv; + } + + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::IsCertRevoked issuer %s - serial %s", + encDN.get(), encOther.get())); + + *_retval = mBlocklist.Contains(issuerSerial); + + if (*_retval) { + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("certblocklist::IsCertRevoked found by issuer / serial")); + return NS_OK; + } + + nsCOMPtr crypto; + crypto = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv); + + rv = crypto->Init(nsICryptoHash::SHA256); + if (NS_FAILED(rv)) { + return rv; + } + + rv = crypto->Update(aPubKey, aPubKeyLength); + if (NS_FAILED(rv)) { + return rv; + } + + nsCString hashString; + rv = crypto->Finish(false, hashString); + if (NS_FAILED(rv)) { + return rv; + } + + CertBlocklistItem subjectPubKey( + aSubject, + static_cast(aSubjectLength), + BitwiseCast(hashString.get()), + hashString.Length(), + BlockBySubjectAndPubKey); + + rv = subjectPubKey.ToBase64(encDN, encOther); + if (NS_FAILED(rv)) { + return rv; + } + + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::IsCertRevoked subject %s - pubKey hash %s", + encDN.get(), encOther.get())); + *_retval = mBlocklist.Contains(subjectPubKey); + + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::IsCertRevoked by subject / pubkey? %s", + *_retval ? "true" : "false")); + + return NS_OK; +} + +NS_IMETHODIMP +CertBlocklist::IsBlocklistFresh(bool* _retval) +{ + MutexAutoLock lock(mMutex); + *_retval = false; + + uint32_t now = uint32_t(PR_Now() / PR_USEC_PER_SEC); + uint32_t lastUpdate = sUseAMO ? sLastBlocklistUpdate : sLastKintoUpdate; + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::IsBlocklistFresh using AMO? %i lastUpdate is %i", + sUseAMO, lastUpdate)); + + if (now > lastUpdate) { + int64_t interval = now - lastUpdate; + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::IsBlocklistFresh we're after the last BlocklistUpdate " + "interval is %i, staleness %u", interval, sMaxStaleness)); + *_retval = sMaxStaleness > interval; + } + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::IsBlocklistFresh ? %s", *_retval ? "true" : "false")); + return NS_OK; +} + + +/* static */ +void +CertBlocklist::PreferenceChanged(const char* aPref, void* aClosure) + +{ + auto blocklist = static_cast(aClosure); + MutexAutoLock lock(blocklist->mMutex); + + MOZ_LOG(gCertBlockPRLog, LogLevel::Warning, + ("CertBlocklist::PreferenceChanged %s changed", aPref)); + if (strcmp(aPref, PREF_BACKGROUND_UPDATE_TIMER) == 0) { + sLastBlocklistUpdate = Preferences::GetUint(PREF_BACKGROUND_UPDATE_TIMER, + uint32_t(0)); + } else if (strcmp(aPref, PREF_BLOCKLIST_ONECRL_CHECKED) == 0) { + sLastKintoUpdate = Preferences::GetUint(PREF_BLOCKLIST_ONECRL_CHECKED, + uint32_t(0)); + } else if (strcmp(aPref, PREF_MAX_STALENESS_IN_SECONDS) == 0) { + sMaxStaleness = Preferences::GetUint(PREF_MAX_STALENESS_IN_SECONDS, + uint32_t(0)); + } else if (strcmp(aPref, PREF_ONECRL_VIA_AMO) == 0) { + sUseAMO = Preferences::GetBool(PREF_ONECRL_VIA_AMO, true); + } +} diff --git a/security/manager/ssl/CertBlocklist.h b/security/manager/ssl/CertBlocklist.h new file mode 100644 index 000000000..60f675cd8 --- /dev/null +++ b/security/manager/ssl/CertBlocklist.h @@ -0,0 +1,89 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef CertBlocklist_h +#define CertBlocklist_h + +#include "mozilla/Mutex.h" +#include "nsClassHashtable.h" +#include "nsCOMPtr.h" +#include "nsICertBlocklist.h" +#include "nsIOutputStream.h" +#include "nsTHashtable.h" +#include "nsIX509CertDB.h" +#include "pkix/Input.h" + +#define NS_CERT_BLOCKLIST_CID \ +{0x11aefd53, 0x2fbb, 0x4c92, {0xa0, 0xc1, 0x05, 0x32, 0x12, 0xae, 0x42, 0xd0} } + +enum CertBlocklistItemMechanism { + BlockByIssuerAndSerial, + BlockBySubjectAndPubKey +}; + +enum CertBlocklistItemState { + CertNewFromBlocklist, + CertOldFromLocalCache +}; + +class CertBlocklistItem +{ +public: + CertBlocklistItem(const uint8_t* DNData, size_t DNLength, + const uint8_t* otherData, size_t otherLength, + CertBlocklistItemMechanism itemMechanism); + CertBlocklistItem(const CertBlocklistItem& aItem); + ~CertBlocklistItem(); + nsresult ToBase64(nsACString& b64IssuerOut, nsACString& b64SerialOut); + bool operator==(const CertBlocklistItem& aItem) const; + uint32_t Hash() const; + bool mIsCurrent; + CertBlocklistItemMechanism mItemMechanism; + +private: + size_t mDNLength; + uint8_t* mDNData; + size_t mOtherLength; + uint8_t* mOtherData; +}; + +typedef nsGenericHashKey BlocklistItemKey; +typedef nsTHashtable BlocklistTable; +typedef nsTHashtable BlocklistStringSet; +typedef nsClassHashtable IssuerTable; + +class CertBlocklist : public nsICertBlocklist +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSICERTBLOCKLIST + CertBlocklist(); + nsresult Init(); + +private: + BlocklistTable mBlocklist; + nsresult AddRevokedCertInternal(const nsACString& aEncodedDN, + const nsACString& aEncodedOther, + CertBlocklistItemMechanism aMechanism, + CertBlocklistItemState aItemState, + mozilla::MutexAutoLock& /*proofOfLock*/); + mozilla::Mutex mMutex; + bool mModified; + bool mBackingFileIsInitialized; + // call EnsureBackingFileInitialized before operations that read or + // modify CertBlocklist data + nsresult EnsureBackingFileInitialized(mozilla::MutexAutoLock& lock); + nsCOMPtr mBackingFile; + +protected: + static void PreferenceChanged(const char* aPref, void* aClosure); + static uint32_t sLastBlocklistUpdate; + static uint32_t sLastKintoUpdate; + static uint32_t sMaxStaleness; + static bool sUseAMO; + virtual ~CertBlocklist(); +}; + +#endif // CertBlocklist_h diff --git a/security/manager/ssl/ContentSignatureVerifier.cpp b/security/manager/ssl/ContentSignatureVerifier.cpp new file mode 100644 index 000000000..bdeb3f264 --- /dev/null +++ b/security/manager/ssl/ContentSignatureVerifier.cpp @@ -0,0 +1,562 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "ContentSignatureVerifier.h" + +#include "BRNameMatchingPolicy.h" +#include "SharedCertVerifier.h" +#include "cryptohi.h" +#include "keyhi.h" +#include "mozilla/Assertions.h" +#include "mozilla/Casting.h" +#include "mozilla/Unused.h" +#include "nsCOMPtr.h" +#include "nsContentUtils.h" +#include "nsISupportsPriority.h" +#include "nsIURI.h" +#include "nsNSSComponent.h" +#include "nsSecurityHeaderParser.h" +#include "nsStreamUtils.h" +#include "nsWhitespaceTokenizer.h" +#include "nsXPCOMStrings.h" +#include "nssb64.h" +#include "pkix/pkix.h" +#include "pkix/pkixtypes.h" +#include "secerr.h" + +NS_IMPL_ISUPPORTS(ContentSignatureVerifier, + nsIContentSignatureVerifier, + nsIInterfaceRequestor, + nsIStreamListener) + +using namespace mozilla; +using namespace mozilla::pkix; +using namespace mozilla::psm; + +static LazyLogModule gCSVerifierPRLog("ContentSignatureVerifier"); +#define CSVerifier_LOG(args) MOZ_LOG(gCSVerifierPRLog, LogLevel::Debug, args) + +// Content-Signature prefix +const nsLiteralCString kPREFIX = NS_LITERAL_CSTRING("Content-Signature:\x00"); + +ContentSignatureVerifier::~ContentSignatureVerifier() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +NS_IMETHODIMP +ContentSignatureVerifier::VerifyContentSignature( + const nsACString& aData, const nsACString& aCSHeader, + const nsACString& aCertChain, const nsACString& aName, bool* _retval) +{ + NS_ENSURE_ARG(_retval); + nsresult rv = CreateContext(aData, aCSHeader, aCertChain, aName); + if (NS_FAILED(rv)) { + *_retval = false; + CSVerifier_LOG(("CSVerifier: Signature verification failed\n")); + if (rv == NS_ERROR_INVALID_SIGNATURE) { + return NS_OK; + } + return rv; + } + + return End(_retval); +} + +bool +IsNewLine(char16_t c) +{ + return c == '\n' || c == '\r'; +} + +nsresult +ReadChainIntoCertList(const nsACString& aCertChain, CERTCertList* aCertList, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + bool inBlock = false; + bool certFound = false; + + const nsCString header = NS_LITERAL_CSTRING("-----BEGIN CERTIFICATE-----"); + const nsCString footer = NS_LITERAL_CSTRING("-----END CERTIFICATE-----"); + + nsCWhitespaceTokenizerTemplate tokenizer(aCertChain); + + nsAutoCString blockData; + while (tokenizer.hasMoreTokens()) { + nsDependentCSubstring token = tokenizer.nextToken(); + if (token.IsEmpty()) { + continue; + } + if (inBlock) { + if (token.Equals(footer)) { + inBlock = false; + certFound = true; + // base64 decode data, make certs, append to chain + ScopedAutoSECItem der; + if (!NSSBase64_DecodeBuffer(nullptr, &der, blockData.BeginReading(), + blockData.Length())) { + CSVerifier_LOG(("CSVerifier: decoding the signature failed\n")); + return NS_ERROR_FAILURE; + } + UniqueCERTCertificate tmpCert( + CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der, nullptr, false, + true)); + if (!tmpCert) { + return NS_ERROR_FAILURE; + } + // if adding tmpCert succeeds, tmpCert will now be owned by aCertList + SECStatus res = CERT_AddCertToListTail(aCertList, tmpCert.get()); + if (res != SECSuccess) { + return MapSECStatus(res); + } + Unused << tmpCert.release(); + } else { + blockData.Append(token); + } + } else if (token.Equals(header)) { + inBlock = true; + blockData = ""; + } + } + if (inBlock || !certFound) { + // the PEM data did not end; bad data. + CSVerifier_LOG(("CSVerifier: supplied chain contains bad data\n")); + return NS_ERROR_FAILURE; + } + return NS_OK; +} + +nsresult +ContentSignatureVerifier::CreateContextInternal(const nsACString& aData, + const nsACString& aCertChain, + const nsACString& aName) +{ + MOZ_ASSERT(NS_IsMainThread()); + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + CSVerifier_LOG(("CSVerifier: nss is already shutdown\n")); + return NS_ERROR_FAILURE; + } + + UniqueCERTCertList certCertList(CERT_NewCertList()); + if (!certCertList) { + return NS_ERROR_OUT_OF_MEMORY; + } + + nsresult rv = ReadChainIntoCertList(aCertChain, certCertList.get(), locker); + if (NS_FAILED(rv)) { + return rv; + } + + CERTCertListNode* node = CERT_LIST_HEAD(certCertList.get()); + if (!node || CERT_LIST_END(node, certCertList.get()) || !node->cert) { + return NS_ERROR_FAILURE; + } + + SECItem* certSecItem = &node->cert->derCert; + + Input certDER; + mozilla::pkix::Result result = + certDER.Init(BitwiseCast(certSecItem->data), + certSecItem->len); + if (result != Success) { + return NS_ERROR_FAILURE; + } + + + // Check the signerCert chain is good + CSTrustDomain trustDomain(certCertList); + result = BuildCertChain(trustDomain, certDER, Now(), + EndEntityOrCA::MustBeEndEntity, + KeyUsage::noParticularKeyUsageRequired, + KeyPurposeId::id_kp_codeSigning, + CertPolicyId::anyPolicy, + nullptr/*stapledOCSPResponse*/); + if (result != Success) { + // if there was a library error, return an appropriate error + if (IsFatalError(result)) { + return NS_ERROR_FAILURE; + } + // otherwise, assume the signature was invalid + CSVerifier_LOG(("CSVerifier: The supplied chain is bad\n")); + return NS_ERROR_INVALID_SIGNATURE; + } + + // Check the SAN + Input hostnameInput; + + result = hostnameInput.Init( + BitwiseCast(aName.BeginReading()), + aName.Length()); + if (result != Success) { + return NS_ERROR_FAILURE; + } + + BRNameMatchingPolicy nameMatchingPolicy(BRNameMatchingPolicy::Mode::Enforce); + result = CheckCertHostname(certDER, hostnameInput, nameMatchingPolicy); + if (result != Success) { + return NS_ERROR_INVALID_SIGNATURE; + } + + mKey.reset(CERT_ExtractPublicKey(node->cert)); + + // in case we were not able to extract a key + if (!mKey) { + CSVerifier_LOG(("CSVerifier: unable to extract a key\n")); + return NS_ERROR_INVALID_SIGNATURE; + } + + // Base 64 decode the signature + ScopedAutoSECItem rawSignatureItem; + if (!NSSBase64_DecodeBuffer(nullptr, &rawSignatureItem, mSignature.get(), + mSignature.Length())) { + CSVerifier_LOG(("CSVerifier: decoding the signature failed\n")); + return NS_ERROR_FAILURE; + } + + // get signature object + ScopedAutoSECItem signatureItem; + // We have a raw ecdsa signature r||s so we have to DER-encode it first + // Note that we have to check rawSignatureItem->len % 2 here as + // DSAU_EncodeDerSigWithLen asserts this + if (rawSignatureItem.len == 0 || rawSignatureItem.len % 2 != 0) { + CSVerifier_LOG(("CSVerifier: signature length is bad\n")); + return NS_ERROR_FAILURE; + } + if (DSAU_EncodeDerSigWithLen(&signatureItem, &rawSignatureItem, + rawSignatureItem.len) != SECSuccess) { + CSVerifier_LOG(("CSVerifier: encoding the signature failed\n")); + return NS_ERROR_FAILURE; + } + + // this is the only OID we support for now + SECOidTag oid = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; + + mCx = UniqueVFYContext( + VFY_CreateContext(mKey.get(), &signatureItem, oid, nullptr)); + if (!mCx) { + return NS_ERROR_INVALID_SIGNATURE; + } + + if (VFY_Begin(mCx.get()) != SECSuccess) { + return NS_ERROR_INVALID_SIGNATURE; + } + + rv = UpdateInternal(kPREFIX, locker); + if (NS_FAILED(rv)) { + return rv; + } + // add data if we got any + return UpdateInternal(aData, locker); +} + +nsresult +ContentSignatureVerifier::DownloadCertChain() +{ + MOZ_ASSERT(NS_IsMainThread()); + + if (mCertChainURL.IsEmpty()) { + return NS_ERROR_INVALID_SIGNATURE; + } + + nsCOMPtr certChainURI; + nsresult rv = NS_NewURI(getter_AddRefs(certChainURI), mCertChainURL); + if (NS_FAILED(rv) || !certChainURI) { + return rv; + } + + // If the address is not https, fail. + bool isHttps = false; + rv = certChainURI->SchemeIs("https", &isHttps); + if (NS_FAILED(rv)) { + return rv; + } + if (!isHttps) { + return NS_ERROR_INVALID_SIGNATURE; + } + + rv = NS_NewChannel(getter_AddRefs(mChannel), certChainURI, + nsContentUtils::GetSystemPrincipal(), + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, + nsIContentPolicy::TYPE_OTHER); + if (NS_FAILED(rv)) { + return rv; + } + + // we need this chain soon + nsCOMPtr priorityChannel = do_QueryInterface(mChannel); + if (priorityChannel) { + priorityChannel->AdjustPriority(nsISupportsPriority::PRIORITY_HIGHEST); + } + + rv = mChannel->AsyncOpen2(this); + if (NS_FAILED(rv)) { + return rv; + } + + return NS_OK; +} + +// Create a context for content signature verification using CreateContext below. +// This function doesn't require a cert chain to be passed, but instead aCSHeader +// must contain an x5u value that is then used to download the cert chain. +NS_IMETHODIMP +ContentSignatureVerifier::CreateContextWithoutCertChain( + nsIContentSignatureReceiverCallback *aCallback, const nsACString& aCSHeader, + const nsACString& aName) +{ + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(aCallback); + if (mInitialised) { + return NS_ERROR_ALREADY_INITIALIZED; + } + mInitialised = true; + + // we get the raw content-signature header here, so first parse aCSHeader + nsresult rv = ParseContentSignatureHeader(aCSHeader); + if (NS_FAILED(rv)) { + return rv; + } + + mCallback = aCallback; + mName.Assign(aName); + + // We must download the cert chain now. + // This is async and blocks createContextInternal calls. + return DownloadCertChain(); +} + +// Create a context for a content signature verification. +// It sets signature, certificate chain and name that should be used to verify +// the data. The data parameter is the first part of the data to verify (this +// can be the empty string). +NS_IMETHODIMP +ContentSignatureVerifier::CreateContext(const nsACString& aData, + const nsACString& aCSHeader, + const nsACString& aCertChain, + const nsACString& aName) +{ + if (mInitialised) { + return NS_ERROR_ALREADY_INITIALIZED; + } + mInitialised = true; + // The cert chain is given in aCertChain so we don't have to download anything. + mHasCertChain = true; + + // we get the raw content-signature header here, so first parse aCSHeader + nsresult rv = ParseContentSignatureHeader(aCSHeader); + if (NS_FAILED(rv)) { + return rv; + } + + return CreateContextInternal(aData, aCertChain, aName); +} + +nsresult +ContentSignatureVerifier::UpdateInternal( + const nsACString& aData, const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + if (!aData.IsEmpty()) { + if (VFY_Update(mCx.get(), (const unsigned char*)nsPromiseFlatCString(aData).get(), + aData.Length()) != SECSuccess){ + return NS_ERROR_INVALID_SIGNATURE; + } + } + return NS_OK; +} + +/** + * Add data to the context that shold be verified. + */ +NS_IMETHODIMP +ContentSignatureVerifier::Update(const nsACString& aData) +{ + MOZ_ASSERT(NS_IsMainThread()); + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + CSVerifier_LOG(("CSVerifier: nss is already shutdown\n")); + return NS_ERROR_FAILURE; + } + + // If we didn't create the context yet, bail! + if (!mHasCertChain) { + MOZ_ASSERT_UNREACHABLE( + "Someone called ContentSignatureVerifier::Update before " + "downloading the cert chain."); + return NS_ERROR_FAILURE; + } + + return UpdateInternal(aData, locker); +} + +/** + * Finish signature verification and return the result in _retval. + */ +NS_IMETHODIMP +ContentSignatureVerifier::End(bool* _retval) +{ + NS_ENSURE_ARG(_retval); + MOZ_ASSERT(NS_IsMainThread()); + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + CSVerifier_LOG(("CSVerifier: nss is already shutdown\n")); + return NS_ERROR_FAILURE; + } + + // If we didn't create the context yet, bail! + if (!mHasCertChain) { + MOZ_ASSERT_UNREACHABLE( + "Someone called ContentSignatureVerifier::End before " + "downloading the cert chain."); + return NS_ERROR_FAILURE; + } + + *_retval = (VFY_End(mCx.get()) == SECSuccess); + + return NS_OK; +} + +nsresult +ContentSignatureVerifier::ParseContentSignatureHeader( + const nsACString& aContentSignatureHeader) +{ + MOZ_ASSERT(NS_IsMainThread()); + // We only support p384 ecdsa according to spec + NS_NAMED_LITERAL_CSTRING(signature_var, "p384ecdsa"); + NS_NAMED_LITERAL_CSTRING(certChainURL_var, "x5u"); + + nsSecurityHeaderParser parser(aContentSignatureHeader.BeginReading()); + nsresult rv = parser.Parse(); + if (NS_FAILED(rv)) { + CSVerifier_LOG(("CSVerifier: could not parse ContentSignature header\n")); + return NS_ERROR_FAILURE; + } + LinkedList* directives = parser.GetDirectives(); + + for (nsSecurityHeaderDirective* directive = directives->getFirst(); + directive != nullptr; directive = directive->getNext()) { + CSVerifier_LOG(("CSVerifier: found directive %s\n", directive->mName.get())); + if (directive->mName.Length() == signature_var.Length() && + directive->mName.EqualsIgnoreCase(signature_var.get(), + signature_var.Length())) { + if (!mSignature.IsEmpty()) { + CSVerifier_LOG(("CSVerifier: found two ContentSignatures\n")); + return NS_ERROR_INVALID_SIGNATURE; + } + + CSVerifier_LOG(("CSVerifier: found a ContentSignature directive\n")); + mSignature = directive->mValue; + } + if (directive->mName.Length() == certChainURL_var.Length() && + directive->mName.EqualsIgnoreCase(certChainURL_var.get(), + certChainURL_var.Length())) { + if (!mCertChainURL.IsEmpty()) { + CSVerifier_LOG(("CSVerifier: found two x5u values\n")); + return NS_ERROR_INVALID_SIGNATURE; + } + + CSVerifier_LOG(("CSVerifier: found an x5u directive\n")); + mCertChainURL = directive->mValue; + } + } + + // we have to ensure that we found a signature at this point + if (mSignature.IsEmpty()) { + CSVerifier_LOG(("CSVerifier: got a Content-Signature header but didn't find a signature.\n")); + return NS_ERROR_FAILURE; + } + + // Bug 769521: We have to change b64 url to regular encoding as long as we + // don't have a b64 url decoder. This should change soon, but in the meantime + // we have to live with this. + mSignature.ReplaceChar('-', '+'); + mSignature.ReplaceChar('_', '/'); + + return NS_OK; +} + +/* nsIStreamListener implementation */ + +NS_IMETHODIMP +ContentSignatureVerifier::OnStartRequest(nsIRequest* aRequest, + nsISupports* aContext) +{ + MOZ_ASSERT(NS_IsMainThread()); + return NS_OK; +} + +NS_IMETHODIMP +ContentSignatureVerifier::OnStopRequest(nsIRequest* aRequest, + nsISupports* aContext, nsresult aStatus) +{ + MOZ_ASSERT(NS_IsMainThread()); + nsCOMPtr callback; + callback.swap(mCallback); + nsresult rv; + + // Check HTTP status code and return if it's not 200. + nsCOMPtr http = do_QueryInterface(aRequest, &rv); + uint32_t httpResponseCode; + if (NS_FAILED(rv) || NS_FAILED(http->GetResponseStatus(&httpResponseCode)) || + httpResponseCode != 200) { + callback->ContextCreated(false); + return NS_OK; + } + + if (NS_FAILED(aStatus)) { + callback->ContextCreated(false); + return NS_OK; + } + + nsAutoCString certChain; + for (uint32_t i = 0; i < mCertChain.Length(); ++i) { + certChain.Append(mCertChain[i]); + } + + // We got the cert chain now. Let's create the context. + rv = CreateContextInternal(NS_LITERAL_CSTRING(""), certChain, mName); + if (NS_FAILED(rv)) { + callback->ContextCreated(false); + return NS_OK; + } + + mHasCertChain = true; + callback->ContextCreated(true); + return NS_OK; +} + +NS_IMETHODIMP +ContentSignatureVerifier::OnDataAvailable(nsIRequest* aRequest, + nsISupports* aContext, + nsIInputStream* aInputStream, + uint64_t aOffset, uint32_t aCount) +{ + MOZ_ASSERT(NS_IsMainThread()); + nsAutoCString buffer; + + nsresult rv = NS_ConsumeStream(aInputStream, aCount, buffer); + if (NS_FAILED(rv)) { + return rv; + } + + if (!mCertChain.AppendElement(buffer, fallible)) { + mCertChain.TruncateLength(0); + return NS_ERROR_OUT_OF_MEMORY; + } + + return NS_OK; +} + +NS_IMETHODIMP +ContentSignatureVerifier::GetInterface(const nsIID& uuid, void** result) +{ + return QueryInterface(uuid, result); +} diff --git a/security/manager/ssl/ContentSignatureVerifier.h b/security/manager/ssl/ContentSignatureVerifier.h new file mode 100644 index 000000000..c3b8d762d --- /dev/null +++ b/security/manager/ssl/ContentSignatureVerifier.h @@ -0,0 +1,92 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + +#ifndef ContentSignatureVerifier_h +#define ContentSignatureVerifier_h + +#include "cert.h" +#include "CSTrustDomain.h" +#include "nsIContentSignatureVerifier.h" +#include "nsIStreamListener.h" +#include "nsNSSShutDown.h" +#include "ScopedNSSTypes.h" + +// 45a5fe2f-c350-4b86-962d-02d5aaaa955a +#define NS_CONTENTSIGNATUREVERIFIER_CID \ + { 0x45a5fe2f, 0xc350, 0x4b86, \ + { 0x96, 0x2d, 0x02, 0xd5, 0xaa, 0xaa, 0x95, 0x5a } } +#define NS_CONTENTSIGNATUREVERIFIER_CONTRACTID \ + "@mozilla.org/security/contentsignatureverifier;1" + +class ContentSignatureVerifier final : public nsIContentSignatureVerifier + , public nsIStreamListener + , public nsNSSShutDownObject + , public nsIInterfaceRequestor +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSICONTENTSIGNATUREVERIFIER + NS_DECL_NSIINTERFACEREQUESTOR + NS_DECL_NSISTREAMLISTENER + NS_DECL_NSIREQUESTOBSERVER + + ContentSignatureVerifier() + : mCx(nullptr) + , mInitialised(false) + , mHasCertChain(false) + { + } + + // nsNSSShutDownObject + virtual void virtualDestroyNSSReference() override + { + destructorSafeDestroyNSSReference(); + } + +private: + ~ContentSignatureVerifier(); + + nsresult UpdateInternal(const nsACString& aData, + const nsNSSShutDownPreventionLock& /*proofOfLock*/); + nsresult DownloadCertChain(); + nsresult CreateContextInternal(const nsACString& aData, + const nsACString& aCertChain, + const nsACString& aName); + + void destructorSafeDestroyNSSReference() + { + mCx = nullptr; + mKey = nullptr; + } + + nsresult ParseContentSignatureHeader(const nsACString& aContentSignatureHeader); + + // verifier context for incremental verifications + mozilla::UniqueVFYContext mCx; + bool mInitialised; + // Indicates whether we hold a cert chain to verify the signature or not. + // It's set by default in CreateContext or when the channel created in + // DownloadCertChain finished. Update and End must only be called after + // mHashCertChain is set. + bool mHasCertChain; + // signature to verify + nsCString mSignature; + // x5u (X.509 URL) value pointing to pem cert chain + nsCString mCertChainURL; + // the downloaded cert chain to verify against + FallibleTArray mCertChain; + // verification key + mozilla::UniqueSECKEYPublicKey mKey; + // name of the verifying context + nsCString mName; + // callback to notify when finished + nsCOMPtr mCallback; + // channel to download the cert chain + nsCOMPtr mChannel; +}; + +#endif // ContentSignatureVerifier_h diff --git a/security/manager/ssl/CryptoTask.cpp b/security/manager/ssl/CryptoTask.cpp new file mode 100644 index 000000000..71b8ac88d --- /dev/null +++ b/security/manager/ssl/CryptoTask.cpp @@ -0,0 +1,95 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "CryptoTask.h" +#include "nsNSSComponent.h" + +namespace mozilla { + +CryptoTask::~CryptoTask() +{ + MOZ_ASSERT(mReleasedNSSResources); + + nsNSSShutDownPreventionLock lock; + if (!isAlreadyShutDown()) { + shutdown(ShutdownCalledFrom::Object); + } +} + +nsresult +CryptoTask::Dispatch(const nsACString& taskThreadName) +{ + MOZ_ASSERT(taskThreadName.Length() <= 15); + + // Ensure that NSS is initialized, since presumably CalculateResult + // will use NSS functions + if (!EnsureNSSInitializedChromeOrContent()) { + return NS_ERROR_FAILURE; + } + + // Can't add 'this' as the event to run, since mThread may not be set yet + nsresult rv = NS_NewThread(getter_AddRefs(mThread), nullptr, + nsIThreadManager::DEFAULT_STACK_SIZE); + if (NS_FAILED(rv)) { + return rv; + } + + NS_SetThreadName(mThread, taskThreadName); + // Note: event must not null out mThread! + return mThread->Dispatch(this, NS_DISPATCH_NORMAL); +} + +NS_IMETHODIMP +CryptoTask::Run() +{ + if (!NS_IsMainThread()) { + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + mRv = NS_ERROR_NOT_AVAILABLE; + } else { + mRv = CalculateResult(); + } + NS_DispatchToMainThread(this); + } else { + // back on the main thread + + // call ReleaseNSSResources now, before calling CallCallback, so that + // CryptoTasks have consistent behavior regardless of whether NSS is shut + // down between CalculateResult being called and CallCallback being called. + if (!mReleasedNSSResources) { + mReleasedNSSResources = true; + ReleaseNSSResources(); + } + + CallCallback(mRv); + + // Not all uses of CryptoTask use a transient thread + if (mThread) { + // Don't leak threads! + mThread->Shutdown(); // can't Shutdown from the thread itself, darn + // Don't null out mThread! + // See bug 999104. We must hold a ref to the thread across Dispatch() + // since the internal mThread ref could be released while processing + // the Dispatch(), and Dispatch/PutEvent itself doesn't hold a ref; it + // assumes the caller does. + } + } + + return NS_OK; +} + +void +CryptoTask::virtualDestroyNSSReference() +{ + MOZ_ASSERT(NS_IsMainThread(), + "virtualDestroyNSSReference called off the main thread"); + if (!mReleasedNSSResources) { + mReleasedNSSResources = true; + ReleaseNSSResources(); + } +} + +} // namespace mozilla diff --git a/security/manager/ssl/CryptoTask.h b/security/manager/ssl/CryptoTask.h new file mode 100644 index 000000000..ae107fe30 --- /dev/null +++ b/security/manager/ssl/CryptoTask.h @@ -0,0 +1,105 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla__CryptoTask_h +#define mozilla__CryptoTask_h + +#include "mozilla/Attributes.h" +#include "nsThreadUtils.h" +#include "nsNSSShutDown.h" + +namespace mozilla { + +/** + * Frequently we need to run a task on a background thread without blocking + * the main thread, and then call a callback on the main thread with the + * result. This class provides the framework for that. Subclasses must: + * + * (1) Override CalculateResult for the off-the-main-thread computation. + * NSS functionality may only be accessed within CalculateResult. + * (2) Override ReleaseNSSResources to release references to all NSS + * resources (that do implement nsNSSShutDownObject themselves). + * (3) Override CallCallback() for the on-the-main-thread call of the + * callback. + * + * CalculateResult, ReleaseNSSResources, and CallCallback are called in order, + * except CalculateResult might be skipped if NSS is shut down before it can + * be called; in that case ReleaseNSSResources will be called and then + * CallCallback will be called with an error code. + * + * That sequence of events is what happens if you call Dispatch. If for + * some reason, you decide not to run the task (e.g., due to an error in the + * constructor), you may call Skip, in which case the task is cleaned up and + * not run. In that case, only ReleaseNSSResources is called. (So a + * subclass must be prepared for ReleaseNSSResources to be run without + * CalculateResult having been called first.) + * + * Once a CryptoTask is created, the calling code must call either + * Dispatch or Skip. + * + */ +class CryptoTask : public Runnable, + public nsNSSShutDownObject +{ +public: + template + nsresult Dispatch(const char (&taskThreadName)[LEN]) + { + static_assert(LEN <= 15, + "Thread name must be no more than 15 characters"); + return Dispatch(nsDependentCString(taskThreadName, LEN - 1)); + } + + nsresult Dispatch(const nsACString& taskThreadName); + + void Skip() + { + virtualDestroyNSSReference(); + } + +protected: + CryptoTask() + : mRv(NS_ERROR_NOT_INITIALIZED), + mReleasedNSSResources(false) + { + } + + virtual ~CryptoTask(); + + /** + * Called on a background thread (never the main thread). If CalculateResult + * is called, then its result will be passed to CallCallback on the main + * thread. + */ + virtual nsresult CalculateResult() = 0; + + /** + * Called on the main thread during NSS shutdown or just before CallCallback + * has been called. All NSS resources must be released. Usually, this just + * means assigning nullptr to the ScopedNSSType-based memory variables. + */ + virtual void ReleaseNSSResources() = 0; + + /** + * Called on the main thread with the result from CalculateResult() or + * with an error code if NSS was shut down before CalculateResult could + * be called. + */ + virtual void CallCallback(nsresult rv) = 0; + +private: + NS_IMETHOD Run() override final; + virtual void virtualDestroyNSSReference() override final; + + nsresult mRv; + bool mReleasedNSSResources; + + nsCOMPtr mThread; +}; + +} // namespace mozilla + +#endif // mozilla__CryptoTask_h diff --git a/security/manager/ssl/DER.jsm b/security/manager/ssl/DER.jsm new file mode 100644 index 000000000..97669515a --- /dev/null +++ b/security/manager/ssl/DER.jsm @@ -0,0 +1,304 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +// A minimal ASN.1 DER decoder. Supports input lengths up to 65539 (one byte for +// the outer tag, one byte for the 0x82 length-length indicator, two bytes +// indicating a contents length of 65535, and then the 65535 bytes of contents). +// Intended to be used like so: +// +// let bytes = ; +// let der = new DER.DER(bytes); +// let contents = new DER.DER(der.readTagAndGetContents(DER.SEQUENCE)); +// while (!contents.atEnd()) { +// let integerBytes = contents.readTagAndGetContents(DER.INTEGER); +// <... do something with integerBytes ...> +// } +// der.assertAtEnd(); +// +// For CHOICE, use readTLVChoice and pass an array of acceptable tags. +// The convenience function readBIT_STRING is provided to handle the unused bits +// aspect of BIT STRING. It returns an object that has the properties contents +// (an array of bytes consisting of the bytes making up the BIT STRING) and +// unusedBits (indicating the number of unused bits at the end). +// All other functions generally return an array of bytes or a single byte as +// appropriate. +// peekTag can be used to see if the next tag is an expected given tag. +// readTLV reads and returns an entire (tag, length, value) tuple (again +// returned as an array of bytes). + +const UNIVERSAL = 0 << 6; +const CONSTRUCTED = 1 << 5; +const CONTEXT_SPECIFIC = 2 << 6; + +const INTEGER = UNIVERSAL | 0x02; // 0x02 +const BIT_STRING = UNIVERSAL | 0x03; // 0x03 +const NULL = UNIVERSAL | 0x05; // 0x05 +const OBJECT_IDENTIFIER = UNIVERSAL | 0x06; // 0x06 +const PrintableString = UNIVERSAL | 0x13; // 0x13 +const TeletexString = UNIVERSAL | 0x14; // 0x14 +const IA5String = UNIVERSAL | 0x16; // 0x16 +const UTCTime = UNIVERSAL | 0x17; // 0x17 +const GeneralizedTime = UNIVERSAL | 0x18; // 0x18 +const UTF8String = UNIVERSAL | 0x0c; // 0x0c +const SEQUENCE = UNIVERSAL | CONSTRUCTED | 0x10; // 0x30 +const SET = UNIVERSAL | CONSTRUCTED | 0x11; // 0x31 + +const ERROR_INVALID_INPUT = "invalid input"; +const ERROR_DATA_TRUNCATED = "data truncated"; +const ERROR_EXTRA_DATA = "extra data"; +const ERROR_INVALID_LENGTH = "invalid length"; +const ERROR_UNSUPPORTED_ASN1 = "unsupported asn.1"; +const ERROR_UNSUPPORTED_LENGTH = "unsupported length"; +const ERROR_INVALID_BIT_STRING = "invalid BIT STRING encoding"; + +/** Class representing a decoded BIT STRING. */ +class BitString { + /** + * @param {Number} unusedBits the number of unused bits + * @param {Number[]} contents an array of bytes comprising the BIT STRING + */ + constructor(unusedBits, contents) { + this._unusedBits = unusedBits; + this._contents = contents; + } + + /** + * Get the number of unused bits in the BIT STRING + * @return {Number} the number of unused bits + */ + get unusedBits() { + return this._unusedBits; + } + + /** + * Get the contents of the BIT STRING + * @return {Number[]} an array of bytes representing the contents + */ + get contents() { + return this._contents; + } +} + +/** Class representing DER-encoded data. Provides methods for decoding it. */ +class DER { + /** + * @param {Number[]} bytes an array of bytes representing the encoded data + */ + constructor(bytes) { + // Reject non-array inputs. + if (!Array.isArray(bytes)) { + throw new Error(ERROR_INVALID_INPUT); + } + if (bytes.length > 65539) { + throw new Error(ERROR_UNSUPPORTED_LENGTH); + } + // Reject inputs containing non-integer values or values too small or large. + if (bytes.some(b => !Number.isInteger(b) || b < 0 || b > 255)) { + throw new Error(ERROR_INVALID_INPUT); + } + this._bytes = bytes; + this._cursor = 0; + } + + /** + * Asserts that the decoder is at the end of the given data. Throws an error + * if this is not the case. + */ + assertAtEnd() { + if (!this.atEnd()) { + throw new Error(ERROR_EXTRA_DATA); + } + } + + /** + * Determines whether or not the decoder is at the end of the given data. + * @return {Boolean} true if the decoder is at the end and false otherwise + */ + atEnd() { + return this._cursor == this._bytes.length; + } + + /** + * Reads the next byte of data. Throws if no more data is available. + * @return {Number} the next byte of data + */ + readByte() { + if (this._cursor >= this._bytes.length) { + throw new Error(ERROR_DATA_TRUNCATED); + } + let val = this._bytes[this._cursor]; + this._cursor++; + return val; + } + + /** + * Given the next expected tag, reads and asserts that the next tag is in fact + * the given tag. + * @param {Number} expectedTag the expected next tag + */ + _readExpectedTag(expectedTag) { + let tag = this.readByte(); + if (tag != expectedTag) { + throw new Error(`unexpected tag: found ${tag} instead of ${expectedTag}`); + } + } + + /** + * Decodes and returns the length portion of an ASN.1 TLV tuple. Throws if the + * length is incorrectly encoded or if it describes a length greater than + * 65535 bytes. Indefinite-length encoding is not supported. + * @return {Number} the length of the value of the TLV tuple + */ + _readLength() { + let nextByte = this.readByte(); + if (nextByte < 0x80) { + return nextByte; + } + if (nextByte == 0x80) { + throw new Error(ERROR_UNSUPPORTED_ASN1); + } + if (nextByte == 0x81) { + let length = this.readByte(); + if (length < 0x80) { + throw new Error(ERROR_INVALID_LENGTH); + } + return length; + } + if (nextByte == 0x82) { + let length1 = this.readByte(); + let length2 = this.readByte(); + let length = (length1 << 8) | length2; + if (length < 256) { + throw new Error(ERROR_INVALID_LENGTH); + } + return length; + } + throw new Error(ERROR_UNSUPPORTED_LENGTH); + } + + /** + * Reads bytes of data if available. Throws if less than + * bytes are available. + * @param {Number} length the number of bytes to read. Must be non-negative. + * @return {Number[]} the next bytes of data + */ + readBytes(length) { + if (length < 0) { + throw new Error(ERROR_INVALID_LENGTH); + } + let bytes = []; + for (let i = 0; i < length; i++) { + bytes.push(this.readByte()); + } + return bytes; + } + + /** + * Given an expected next ASN.1 tag, ensures that that tag is next and returns + * the contents of that tag. Throws if a different tag is encountered or if + * the data is otherwise incorrectly encoded. + * @param {Number} tag the next expected ASN.1 tag + * @return {Number[]} the contents of the tag + */ + readTagAndGetContents(tag) { + this._readExpectedTag(tag); + let length = this._readLength(); + return this.readBytes(length); + } + + /** + * Returns the next byte without advancing the decoder. Throws if no more data + * is available. + * @return {Number} the next available byte + */ + _peekByte() { + if (this._cursor >= this._bytes.length) { + throw new Error(ERROR_DATA_TRUNCATED); + } + return this._bytes[this._cursor]; + } + + /** + * Given an expected tag, reads the next entire ASN.1 TLV tuple, asserting + * that the tag matches. + * @param {Number} tag the expected tag + * @return {Number[]} an array of bytes representing the TLV tuple + */ + _readExpectedTLV(tag) { + let mark = this._cursor; + this._readExpectedTag(tag); + let length = this._readLength(); + // read the bytes so we know they're there (also to advance the cursor) + this.readBytes(length); + return this._bytes.slice(mark, this._cursor); + } + + /** + * Reads the next ASN.1 tag, length, and value and returns them as an array of + * bytes. + * @return {Number[]} an array of bytes representing the next ASN.1 TLV + */ + readTLV() { + let nextTag = this._peekByte(); + return this._readExpectedTLV(nextTag); + } + + /** + * Convenience function for decoding a BIT STRING. Reads and returns the + * contents of the expected next BIT STRING. Throws if the next TLV isn't a + * BIT STRING or if the BIT STRING is incorrectly encoded. + * @return {BitString} the next BIT STRING + */ + readBIT_STRING() { + let contents = this.readTagAndGetContents(BIT_STRING); + if (contents.length < 1) { + throw new Error(ERROR_INVALID_BIT_STRING); + } + let unusedBits = contents[0]; + if (unusedBits > 7) { + throw new Error(ERROR_INVALID_BIT_STRING); + } + // Zero bytes of content but some amount of padding is invalid. + if (contents.length == 1 && unusedBits != 0) { + throw new Error(ERROR_INVALID_BIT_STRING); + } + return new BitString(unusedBits, contents.slice(1, contents.length)); + } + + /** + * Looks to see if the next ASN.1 tag is the expected given tag. + * @param {Number} tag the expected next ASN.1 tag + * @return {Boolean} true if the next tag is the given one and false otherwise + */ + peekTag(tag) { + if (this._cursor >= this._bytes.length) { + return false; + } + return this._bytes[this._cursor] == tag; + } + + /** + * Given a list of possible next ASN.1 tags, returns the next TLV if the next + * tag is in the list. Throws if the next tag is not in the list or if the + * data is incorrectly encoded. + * @param {Number[]} tagList the list of potential next tags + * @return {Number[]} the contents of the next TLV if the next tag is in + * + */ + readTLVChoice(tagList) { + let tag = this._peekByte(); + if (!tagList.includes(tag)) { + throw new Error( + `unexpected tag: found ${tag} instead of one of ${tagList}`); + } + return this._readExpectedTLV(tag); + } +} + +this.DER = { UNIVERSAL, CONSTRUCTED, CONTEXT_SPECIFIC, INTEGER, BIT_STRING, + NULL, OBJECT_IDENTIFIER, PrintableString, TeletexString, IA5String, + UTCTime, GeneralizedTime, UTF8String, SEQUENCE, SET, DER }; +this.EXPORTED_SYMBOLS = ["DER"]; diff --git a/security/manager/ssl/DataStorage.cpp b/security/manager/ssl/DataStorage.cpp new file mode 100644 index 000000000..2d9dbf5c4 --- /dev/null +++ b/security/manager/ssl/DataStorage.cpp @@ -0,0 +1,940 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "DataStorage.h" + +#include "mozilla/ClearOnShutdown.h" +#include "mozilla/dom/PContent.h" +#include "mozilla/dom/ContentChild.h" +#include "mozilla/dom/ContentParent.h" +#include "mozilla/Preferences.h" +#include "mozilla/Services.h" +#include "mozilla/Telemetry.h" +#include "mozilla/Unused.h" +#include "nsAppDirectoryServiceDefs.h" +#include "nsDirectoryServiceUtils.h" +#include "nsIObserverService.h" +#include "nsITimer.h" +#include "nsNetUtil.h" +#include "nsStreamUtils.h" +#include "nsThreadUtils.h" +#include "prprf.h" + +// NB: Read DataStorage.h first. + +// The default time between data changing and a write, in milliseconds. +static const uint32_t sDataStorageDefaultTimerDelay = 5u * 60u * 1000u; +// The maximum score an entry can have (prevents overflow) +static const uint32_t sMaxScore = UINT32_MAX; +// The maximum number of entries per type of data (limits resource use) +static const uint32_t sMaxDataEntries = 1024; +static const int64_t sOneDayInMicroseconds = int64_t(24 * 60 * 60) * + PR_USEC_PER_SEC; + +namespace mozilla { + +NS_IMPL_ISUPPORTS(DataStorage, + nsIObserver) + +StaticAutoPtr DataStorage::sDataStorages; + +DataStorage::DataStorage(const nsString& aFilename) + : mMutex("DataStorage::mMutex") + , mPendingWrite(false) + , mShuttingDown(false) + , mInitCalled(false) + , mReadyMonitor("DataStorage::mReadyMonitor") + , mReady(false) + , mFilename(aFilename) +{ +} + +DataStorage::~DataStorage() +{ +} + +// static +already_AddRefed +DataStorage::Get(const nsString& aFilename) +{ + MOZ_ASSERT(NS_IsMainThread()); + if (!sDataStorages) { + sDataStorages = new DataStorages(); + ClearOnShutdown(&sDataStorages); + } + RefPtr storage; + if (!sDataStorages->Get(aFilename, getter_AddRefs(storage))) { + storage = new DataStorage(aFilename); + sDataStorages->Put(aFilename, storage); + } + return storage.forget(); +} + +// static +already_AddRefed +DataStorage::GetIfExists(const nsString& aFilename) +{ + MOZ_ASSERT(NS_IsMainThread()); + if (!sDataStorages) { + sDataStorages = new DataStorages(); + } + RefPtr storage; + sDataStorages->Get(aFilename, getter_AddRefs(storage)); + return storage.forget(); +} + +nsresult +DataStorage::Init(bool& aDataWillPersist) +{ + // Don't access the observer service or preferences off the main thread. + if (!NS_IsMainThread()) { + NS_NOTREACHED("DataStorage::Init called off main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + MutexAutoLock lock(mMutex); + + // Ignore attempts to initialize several times. + if (mInitCalled) { + return NS_OK; + } + + mInitCalled = true; + + nsresult rv; + if (XRE_IsParentProcess()) { + rv = NS_NewNamedThread("DataStorage", getter_AddRefs(mWorkerThread)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + rv = AsyncReadData(aDataWillPersist, lock); + if (NS_FAILED(rv)) { + return rv; + } + } else { + // In the child process, we ask the parent process for the data. + MOZ_ASSERT(XRE_IsContentProcess()); + aDataWillPersist = false; + InfallibleTArray items; + dom::ContentChild::GetSingleton()-> + SendReadDataStorageArray(mFilename, &items); + for (auto& item : items) { + Entry entry; + entry.mValue = item.value(); + rv = PutInternal(item.key(), entry, item.type(), lock); + if (NS_FAILED(rv)) { + return rv; + } + } + mReady = true; + NotifyObservers("data-storage-ready"); + } + + nsCOMPtr os = services::GetObserverService(); + if (NS_WARN_IF(!os)) { + return NS_ERROR_FAILURE; + } + // Clear private data as appropriate. + os->AddObserver(this, "last-pb-context-exited", false); + // Observe shutdown; save data and prevent any further writes. + // In the parent process, we need to write to the profile directory, so + // we should listen for profile-before-change so that we can safely + // write to the profile. In the content process however we don't have + // access to the profile directory and profile notifications are not + // dispatched, so we need to clean up on xpcom-shutdown. + if (XRE_IsParentProcess()) { + os->AddObserver(this, "profile-before-change", false); + } + // In the Parent process, this is a backstop for xpcshell and other cases + // where profile-before-change might not get sent. + os->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, false); + + // For test purposes, we can set the write timer to be very fast. + mTimerDelay = Preferences::GetInt("test.datastorage.write_timer_ms", + sDataStorageDefaultTimerDelay); + rv = Preferences::AddStrongObserver(this, "test.datastorage.write_timer_ms"); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + return NS_OK; +} + +class DataStorage::Reader : public Runnable +{ +public: + explicit Reader(DataStorage* aDataStorage) + : mDataStorage(aDataStorage) + { + } + ~Reader(); + +private: + NS_DECL_NSIRUNNABLE + + static nsresult ParseLine(nsDependentCSubstring& aLine, nsCString& aKeyOut, + Entry& aEntryOut); + + RefPtr mDataStorage; +}; + +DataStorage::Reader::~Reader() +{ + // Notify that calls to Get can proceed. + { + MonitorAutoLock readyLock(mDataStorage->mReadyMonitor); + mDataStorage->mReady = true; + nsresult rv = mDataStorage->mReadyMonitor.NotifyAll(); + Unused << NS_WARN_IF(NS_FAILED(rv)); + } + + // This is for tests. + nsCOMPtr job = + NewRunnableMethod(mDataStorage, + &DataStorage::NotifyObservers, + "data-storage-ready"); + nsresult rv = NS_DispatchToMainThread(job, NS_DISPATCH_NORMAL); + Unused << NS_WARN_IF(NS_FAILED(rv)); +} + +NS_IMETHODIMP +DataStorage::Reader::Run() +{ + nsresult rv; + // Concurrent operations on nsIFile objects are not guaranteed to be safe, + // so we clone the file while holding the lock and then release the lock. + // At that point, we can safely operate on the clone. + nsCOMPtr file; + { + MutexAutoLock lock(mDataStorage->mMutex); + // If we don't have a profile, bail. + if (!mDataStorage->mBackingFile) { + return NS_OK; + } + rv = mDataStorage->mBackingFile->Clone(getter_AddRefs(file)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + } + nsCOMPtr fileInputStream; + rv = NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream), file); + // If we failed for some reason other than the file doesn't exist, bail. + if (NS_WARN_IF(NS_FAILED(rv) && + rv != NS_ERROR_FILE_TARGET_DOES_NOT_EXIST && // on Unix + rv != NS_ERROR_FILE_NOT_FOUND)) { // on Windows + return rv; + } + + // If there is a file with data in it, read it. If there isn't, + // we'll essentially fall through to notifying that we're good to go. + nsCString data; + if (fileInputStream) { + // Limit to 2MB of data, but only store sMaxDataEntries entries. + rv = NS_ConsumeStream(fileInputStream, 1u << 21, data); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + } + + // Atomically parse the data and insert the entries read. + // Don't clear existing entries - they may have been inserted between when + // this read was kicked-off and when it was run. + { + MutexAutoLock lock(mDataStorage->mMutex); + // The backing file consists of a list of + // \t\t\t\n + // The final \n is not optional; if it is not present the line is assumed + // to be corrupt. + int32_t currentIndex = 0; + int32_t newlineIndex = 0; + do { + newlineIndex = data.FindChar('\n', currentIndex); + // If there are no more newlines or the data table has too many + // entries, we are done. + if (newlineIndex < 0 || + mDataStorage->mPersistentDataTable.Count() >= sMaxDataEntries) { + break; + } + + nsDependentCSubstring line(data, currentIndex, + newlineIndex - currentIndex); + currentIndex = newlineIndex + 1; + nsCString key; + Entry entry; + nsresult parseRV = ParseLine(line, key, entry); + if (NS_SUCCEEDED(parseRV)) { + // It could be the case that a newer entry was added before + // we got around to reading the file. Don't overwrite new entries. + Entry newerEntry; + bool present = mDataStorage->mPersistentDataTable.Get(key, &newerEntry); + if (!present) { + mDataStorage->mPersistentDataTable.Put(key, entry); + } + } + } while (true); + + Telemetry::Accumulate(Telemetry::DATA_STORAGE_ENTRIES, + mDataStorage->mPersistentDataTable.Count()); + } + + return NS_OK; +} + +// The key must be a non-empty string containing no instances of '\t' or '\n', +// and must have a length no more than 256. +// The value must not contain '\n' and must have a length no more than 1024. +// The length limits are to prevent unbounded memory and disk usage. +/* static */ +nsresult +DataStorage::ValidateKeyAndValue(const nsCString& aKey, const nsCString& aValue) +{ + if (aKey.IsEmpty()) { + return NS_ERROR_INVALID_ARG; + } + if (aKey.Length() > 256) { + return NS_ERROR_INVALID_ARG; + } + int32_t delimiterIndex = aKey.FindChar('\t', 0); + if (delimiterIndex >= 0) { + return NS_ERROR_INVALID_ARG; + } + delimiterIndex = aKey.FindChar('\n', 0); + if (delimiterIndex >= 0) { + return NS_ERROR_INVALID_ARG; + } + delimiterIndex = aValue.FindChar('\n', 0); + if (delimiterIndex >= 0) { + return NS_ERROR_INVALID_ARG; + } + if (aValue.Length() > 1024) { + return NS_ERROR_INVALID_ARG; + } + + return NS_OK; +} + +// Each line is: \t\t\t +// Where is a uint32_t as a string, is a +// int32_t as a string, and the rest are strings. +// can contain anything but a newline. +// Returns a successful status if the line can be decoded into a key and entry. +// Otherwise, an error status is returned and the values assigned to the +// output parameters are in an undefined state. +/* static */ +nsresult +DataStorage::Reader::ParseLine(nsDependentCSubstring& aLine, nsCString& aKeyOut, + Entry& aEntryOut) +{ + // First find the indices to each part of the line. + int32_t scoreIndex; + scoreIndex = aLine.FindChar('\t', 0) + 1; + if (scoreIndex <= 0) { + return NS_ERROR_UNEXPECTED; + } + int32_t accessedIndex = aLine.FindChar('\t', scoreIndex) + 1; + if (accessedIndex <= 0) { + return NS_ERROR_UNEXPECTED; + } + int32_t valueIndex = aLine.FindChar('\t', accessedIndex) + 1; + if (valueIndex <= 0) { + return NS_ERROR_UNEXPECTED; + } + + // Now make substrings based on where each part is. + nsDependentCSubstring keyPart(aLine, 0, scoreIndex - 1); + nsDependentCSubstring scorePart(aLine, scoreIndex, + accessedIndex - scoreIndex - 1); + nsDependentCSubstring accessedPart(aLine, accessedIndex, + valueIndex - accessedIndex - 1); + nsDependentCSubstring valuePart(aLine, valueIndex); + + nsresult rv; + rv = DataStorage::ValidateKeyAndValue(nsCString(keyPart), + nsCString(valuePart)); + if (NS_FAILED(rv)) { + return NS_ERROR_UNEXPECTED; + } + + // Now attempt to decode the score part as a uint32_t. + // XXX nsDependentCSubstring doesn't support ToInteger + int32_t integer = nsCString(scorePart).ToInteger(&rv); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + if (integer < 0) { + return NS_ERROR_UNEXPECTED; + } + aEntryOut.mScore = (uint32_t)integer; + + integer = nsCString(accessedPart).ToInteger(&rv); + if (NS_FAILED(rv)) { + return rv; + } + if (integer < 0) { + return NS_ERROR_UNEXPECTED; + } + aEntryOut.mLastAccessed = integer; + + // Now set the key and value. + aKeyOut.Assign(keyPart); + aEntryOut.mValue.Assign(valuePart); + + return NS_OK; +} + +nsresult +DataStorage::AsyncReadData(bool& aHaveProfileDir, + const MutexAutoLock& /*aProofOfLock*/) +{ + MOZ_ASSERT(XRE_IsParentProcess()); + aHaveProfileDir = false; + // Allocate a Reader so that even if it isn't dispatched, + // the data-storage-ready notification will be fired and Get + // will be able to proceed (this happens in its destructor). + RefPtr job(new Reader(this)); + nsresult rv; + // If we don't have a profile directory, this will fail. + // That's okay - it just means there is no persistent state. + rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR, + getter_AddRefs(mBackingFile)); + if (NS_FAILED(rv)) { + mBackingFile = nullptr; + return NS_OK; + } + + rv = mBackingFile->Append(mFilename); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + aHaveProfileDir = true; + return NS_OK; +} + +void +DataStorage::WaitForReady() +{ + MonitorAutoLock readyLock(mReadyMonitor); + while (!mReady) { + nsresult rv = readyLock.Wait(); + if (NS_WARN_IF(NS_FAILED(rv))) { + break; + } + } + MOZ_ASSERT(mReady); +} + +nsCString +DataStorage::Get(const nsCString& aKey, DataStorageType aType) +{ + WaitForReady(); + MutexAutoLock lock(mMutex); + + Entry entry; + bool foundValue = GetInternal(aKey, &entry, aType, lock); + if (!foundValue) { + return EmptyCString(); + } + + // If we're here, we found a value. Maybe update its score. + if (entry.UpdateScore()) { + PutInternal(aKey, entry, aType, lock); + } + + return entry.mValue; +} + +bool +DataStorage::GetInternal(const nsCString& aKey, Entry* aEntry, + DataStorageType aType, + const MutexAutoLock& aProofOfLock) +{ + DataStorageTable& table = GetTableForType(aType, aProofOfLock); + bool foundValue = table.Get(aKey, aEntry); + return foundValue; +} + +DataStorage::DataStorageTable& +DataStorage::GetTableForType(DataStorageType aType, + const MutexAutoLock& /*aProofOfLock*/) +{ + switch (aType) { + case DataStorage_Persistent: + return mPersistentDataTable; + case DataStorage_Temporary: + return mTemporaryDataTable; + case DataStorage_Private: + return mPrivateDataTable; + } + + MOZ_CRASH("given bad DataStorage storage type"); +} + +void +DataStorage::ReadAllFromTable(DataStorageType aType, + InfallibleTArray* aItems, + const MutexAutoLock& aProofOfLock) +{ + for (auto iter = GetTableForType(aType, aProofOfLock).Iter(); + !iter.Done(); iter.Next()) { + DataStorageItem* item = aItems->AppendElement(); + item->key() = iter.Key(); + item->value() = iter.Data().mValue; + item->type() = aType; + } +} + +void +DataStorage::GetAll(InfallibleTArray* aItems) +{ + WaitForReady(); + MutexAutoLock lock(mMutex); + + aItems->SetCapacity(mPersistentDataTable.Count() + + mTemporaryDataTable.Count() + + mPrivateDataTable.Count()); + ReadAllFromTable(DataStorage_Persistent, aItems, lock); + ReadAllFromTable(DataStorage_Temporary, aItems, lock); + ReadAllFromTable(DataStorage_Private, aItems, lock); +} + +// Limit the number of entries per table. This is to prevent unbounded +// resource use. The eviction strategy is as follows: +// - An entry's score is incremented once for every day it is accessed. +// - Evict an entry with score no more than any other entry in the table +// (this is the same as saying evict the entry with the lowest score, +// except for when there are multiple entries with the lowest score, +// in which case one of them is evicted - which one is not specified). +void +DataStorage::MaybeEvictOneEntry(DataStorageType aType, + const MutexAutoLock& aProofOfLock) +{ + DataStorageTable& table = GetTableForType(aType, aProofOfLock); + if (table.Count() >= sMaxDataEntries) { + KeyAndEntry toEvict; + // If all entries have score sMaxScore, this won't actually remove + // anything. This will never happen, however, because having that high + // a score either means someone tampered with the backing file or every + // entry has been accessed once a day for ~4 billion days. + // The worst that will happen is there will be 1025 entries in the + // persistent data table, with the 1025th entry being replaced every time + // data with a new key is inserted into the table. This is bad but + // ultimately not that concerning, considering that if an attacker can + // modify data in the profile, they can cause much worse harm. + toEvict.mEntry.mScore = sMaxScore; + + for (auto iter = table.Iter(); !iter.Done(); iter.Next()) { + Entry entry = iter.UserData(); + if (entry.mScore < toEvict.mEntry.mScore) { + toEvict.mKey = iter.Key(); + toEvict.mEntry = entry; + } + } + + table.Remove(toEvict.mKey); + } +} + +template +static +void +RunOnAllContentParents(Functor func) +{ + if (!XRE_IsParentProcess()) { + return; + } + using dom::ContentParent; + nsTArray parents; + ContentParent::GetAll(parents); + for (auto& parent: parents) { + func(parent); + } +} + +nsresult +DataStorage::Put(const nsCString& aKey, const nsCString& aValue, + DataStorageType aType) +{ + WaitForReady(); + MutexAutoLock lock(mMutex); + + nsresult rv; + rv = ValidateKeyAndValue(aKey, aValue); + if (NS_FAILED(rv)) { + return rv; + } + + Entry entry; + bool exists = GetInternal(aKey, &entry, aType, lock); + if (exists) { + entry.UpdateScore(); + } else { + MaybeEvictOneEntry(aType, lock); + } + entry.mValue = aValue; + rv = PutInternal(aKey, entry, aType, lock); + if (NS_FAILED(rv)) { + return rv; + } + + RunOnAllContentParents([&](dom::ContentParent* aParent) { + DataStorageItem item; + item.key() = aKey; + item.value() = aValue; + item.type() = aType; + Unused << aParent->SendDataStoragePut(mFilename, item); + }); + + return NS_OK; +} + +nsresult +DataStorage::PutInternal(const nsCString& aKey, Entry& aEntry, + DataStorageType aType, + const MutexAutoLock& aProofOfLock) +{ + DataStorageTable& table = GetTableForType(aType, aProofOfLock); + table.Put(aKey, aEntry); + + if (aType == DataStorage_Persistent && !mPendingWrite) { + return AsyncSetTimer(aProofOfLock); + } + + return NS_OK; +} + +void +DataStorage::Remove(const nsCString& aKey, DataStorageType aType) +{ + WaitForReady(); + MutexAutoLock lock(mMutex); + + DataStorageTable& table = GetTableForType(aType, lock); + table.Remove(aKey); + + if (aType == DataStorage_Persistent && !mPendingWrite) { + Unused << AsyncSetTimer(lock); + } + + RunOnAllContentParents([&](dom::ContentParent* aParent) { + Unused << aParent->SendDataStorageRemove(mFilename, aKey, aType); + }); +} + +class DataStorage::Writer : public Runnable +{ +public: + Writer(nsCString& aData, DataStorage* aDataStorage) + : mData(aData) + , mDataStorage(aDataStorage) + { + } + +private: + NS_DECL_NSIRUNNABLE + + nsCString mData; + RefPtr mDataStorage; +}; + +NS_IMETHODIMP +DataStorage::Writer::Run() +{ + nsresult rv; + // Concurrent operations on nsIFile objects are not guaranteed to be safe, + // so we clone the file while holding the lock and then release the lock. + // At that point, we can safely operate on the clone. + nsCOMPtr file; + { + MutexAutoLock lock(mDataStorage->mMutex); + // If we don't have a profile, bail. + if (!mDataStorage->mBackingFile) { + return NS_OK; + } + rv = mDataStorage->mBackingFile->Clone(getter_AddRefs(file)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + } + + nsCOMPtr outputStream; + rv = NS_NewLocalFileOutputStream(getter_AddRefs(outputStream), file, + PR_CREATE_FILE | PR_TRUNCATE | PR_WRONLY); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + const char* ptr = mData.get(); + int32_t remaining = mData.Length(); + uint32_t written = 0; + while (remaining > 0) { + rv = outputStream->Write(ptr, remaining, &written); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + remaining -= written; + ptr += written; + } + + // Observed by tests. + nsCOMPtr job = + NewRunnableMethod(mDataStorage, + &DataStorage::NotifyObservers, + "data-storage-written"); + rv = NS_DispatchToMainThread(job, NS_DISPATCH_NORMAL); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + return NS_OK; +} + +nsresult +DataStorage::AsyncWriteData(const MutexAutoLock& /*aProofOfLock*/) +{ + MOZ_ASSERT(XRE_IsParentProcess()); + + if (mShuttingDown || !mBackingFile) { + return NS_OK; + } + + nsCString output; + for (auto iter = mPersistentDataTable.Iter(); !iter.Done(); iter.Next()) { + Entry entry = iter.UserData(); + output.Append(iter.Key()); + output.Append('\t'); + output.AppendInt(entry.mScore); + output.Append('\t'); + output.AppendInt(entry.mLastAccessed); + output.Append('\t'); + output.Append(entry.mValue); + output.Append('\n'); + } + + RefPtr job(new Writer(output, this)); + nsresult rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL); + mPendingWrite = false; + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + return NS_OK; +} + +nsresult +DataStorage::Clear() +{ + WaitForReady(); + MutexAutoLock lock(mMutex); + mPersistentDataTable.Clear(); + mTemporaryDataTable.Clear(); + mPrivateDataTable.Clear(); + + if (XRE_IsParentProcess()) { + // Asynchronously clear the file. This is similar to the permission manager + // in that it doesn't wait to synchronously remove the data from its backing + // storage either. + nsresult rv = AsyncWriteData(lock); + if (NS_FAILED(rv)) { + return rv; + } + } + + RunOnAllContentParents([&](dom::ContentParent* aParent) { + Unused << aParent->SendDataStorageClear(mFilename); + }); + + return NS_OK; +} + +/* static */ +void +DataStorage::TimerCallback(nsITimer* aTimer, void* aClosure) +{ + MOZ_ASSERT(XRE_IsParentProcess()); + + RefPtr aDataStorage = (DataStorage*)aClosure; + MutexAutoLock lock(aDataStorage->mMutex); + Unused << aDataStorage->AsyncWriteData(lock); +} + +// We only initialize the timer on the worker thread because it's not safe +// to mix what threads are operating on the timer. +nsresult +DataStorage::AsyncSetTimer(const MutexAutoLock& /*aProofOfLock*/) +{ + if (mShuttingDown || !XRE_IsParentProcess()) { + return NS_OK; + } + + mPendingWrite = true; + nsCOMPtr job = + NewRunnableMethod(this, &DataStorage::SetTimer); + nsresult rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + return NS_OK; +} + +void +DataStorage::SetTimer() +{ + MOZ_ASSERT(!NS_IsMainThread()); + MOZ_ASSERT(XRE_IsParentProcess()); + + MutexAutoLock lock(mMutex); + + nsresult rv; + if (!mTimer) { + mTimer = do_CreateInstance("@mozilla.org/timer;1", &rv); + if (NS_WARN_IF(NS_FAILED(rv))) { + return; + } + } + + rv = mTimer->InitWithFuncCallback(TimerCallback, this, + mTimerDelay, nsITimer::TYPE_ONE_SHOT); + Unused << NS_WARN_IF(NS_FAILED(rv)); +} + +void +DataStorage::NotifyObservers(const char* aTopic) +{ + // Don't access the observer service off the main thread. + if (!NS_IsMainThread()) { + NS_NOTREACHED("DataStorage::NotifyObservers called off main thread"); + return; + } + + nsCOMPtr os = services::GetObserverService(); + if (os) { + os->NotifyObservers(nullptr, aTopic, mFilename.get()); + } +} + +nsresult +DataStorage::DispatchShutdownTimer(const MutexAutoLock& /*aProofOfLock*/) +{ + MOZ_ASSERT(XRE_IsParentProcess()); + + nsCOMPtr job = + NewRunnableMethod(this, &DataStorage::ShutdownTimer); + nsresult rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + return NS_OK; +} + +void +DataStorage::ShutdownTimer() +{ + MOZ_ASSERT(XRE_IsParentProcess()); + MOZ_ASSERT(!NS_IsMainThread()); + MutexAutoLock lock(mMutex); + nsresult rv = mTimer->Cancel(); + Unused << NS_WARN_IF(NS_FAILED(rv)); + mTimer = nullptr; +} + +//------------------------------------------------------------ +// DataStorage::nsIObserver +//------------------------------------------------------------ + +NS_IMETHODIMP +DataStorage::Observe(nsISupports* aSubject, const char* aTopic, + const char16_t* aData) +{ + // Don't access preferences off the main thread. + if (!NS_IsMainThread()) { + NS_NOTREACHED("DataStorage::Observe called off main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + nsresult rv; + if (strcmp(aTopic, "last-pb-context-exited") == 0) { + MutexAutoLock lock(mMutex); + mPrivateDataTable.Clear(); + } else if (strcmp(aTopic, "profile-before-change") == 0 || + (strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0 && + XRE_IsParentProcess())) { + MOZ_ASSERT(XRE_IsParentProcess()); + // per bug 1271402, this should be safe to run multiple times + { + MutexAutoLock lock(mMutex); + rv = AsyncWriteData(lock); + mShuttingDown = true; + Unused << NS_WARN_IF(NS_FAILED(rv)); + if (mTimer) { + rv = DispatchShutdownTimer(lock); + Unused << NS_WARN_IF(NS_FAILED(rv)); + } + } + // Run the thread to completion and prevent any further events + // being scheduled to it. The thread may need the lock, so we can't + // hold it here. + rv = mWorkerThread->Shutdown(); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + sDataStorages->Clear(); + } else if (strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) { + MOZ_ASSERT(!XRE_IsParentProcess()); + sDataStorages->Clear(); + } else if (strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { + MutexAutoLock lock(mMutex); + mTimerDelay = Preferences::GetInt("test.datastorage.write_timer_ms", + sDataStorageDefaultTimerDelay); + } + + return NS_OK; +} + +DataStorage::Entry::Entry() + : mScore(0) + , mLastAccessed((int32_t)(PR_Now() / sOneDayInMicroseconds)) +{ +} + +// Updates this entry's score. Returns true if the score has actually changed. +// If it's been less than a day since this entry has been accessed, the score +// does not change. Otherwise, the score increases by 1. +// The default score is 0. The maximum score is the maximum value that can +// be represented by an unsigned 32 bit integer. +// This is to handle evictions from our tables, which in turn is to prevent +// unbounded resource use. +bool +DataStorage::Entry::UpdateScore() +{ + + int32_t nowInDays = (int32_t)(PR_Now() / sOneDayInMicroseconds); + int32_t daysSinceAccessed = (nowInDays - mLastAccessed); + + // Update the last accessed time. + mLastAccessed = nowInDays; + + // If it's been less than a day since we've been accessed, + // the score isn't updated. + if (daysSinceAccessed < 1) { + return false; + } + + // Otherwise, increment the score (but don't overflow). + if (mScore < sMaxScore) { + mScore++; + } + return true; +} + +} // namespace mozilla diff --git a/security/manager/ssl/DataStorage.h b/security/manager/ssl/DataStorage.h new file mode 100644 index 000000000..5e3182a40 --- /dev/null +++ b/security/manager/ssl/DataStorage.h @@ -0,0 +1,202 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_DataStorage_h +#define mozilla_DataStorage_h + +#include "mozilla/Monitor.h" +#include "mozilla/Mutex.h" +#include "mozilla/StaticPtr.h" +#include "nsCOMPtr.h" +#include "nsDataHashtable.h" +#include "nsIObserver.h" +#include "nsIThread.h" +#include "nsITimer.h" +#include "nsRefPtrHashtable.h" +#include "nsString.h" + +namespace mozilla { + +namespace dom { +class DataStorageItem; +} + +/** + * DataStorage is a threadsafe, generic, narrow string-based hash map that + * persists data on disk and additionally handles temporary and private data. + * However, if used in a context where there is no profile directory, data + * will not be persisted. + * + * Its lifecycle is as follows: + * - Allocate with a filename (this is or will eventually be a file in the + * profile directory, if the profile exists). + * - Call Init() from the main thread. This spins off an asynchronous read + * of the backing file. + * - Eventually observers of the topic "data-storage-ready" will be notified + * with the backing filename as the data in the notification when this + * has completed. + * - Should the profile directory not be available, (e.g. in xpcshell), + * DataStorage will not initially read any persistent data. The + * "data-storage-ready" event will still be emitted. This follows semantics + * similar to the permission manager and allows tests that test + * unrelated components to proceed without a profile. + * - When any persistent data changes, a timer is initialized that will + * eventually asynchronously write all persistent data to the backing file. + * When this happens, observers will be notified with the topic + * "data-storage-written" and the backing filename as the data. + * It is possible to receive a "data-storage-written" event while there exist + * pending persistent data changes. However, those changes will cause the + * timer to be reinitialized and another "data-storage-written" event will + * be sent. + * - When DataStorage observes the topic "profile-before-change" in + * anticipation of shutdown, all persistent data is synchronously written to + * the backing file. The worker thread responsible for these writes is then + * disabled to prevent further writes to that file (the delayed-write timer + * is cancelled when this happens). + * - For testing purposes, the preference "test.datastorage.write_timer_ms" can + * be set to cause the asynchronous writing of data to happen more quickly. + * - To prevent unbounded memory and disk use, the number of entries in each + * table is limited to 1024. Evictions are handled in by a modified LRU scheme + * (see implementation comments). + * - NB: Instances of DataStorage have long lifetimes because they are strong + * observers of events and won't go away until the observer service does. + * + * For each key/value: + * - The key must be a non-empty string containing no instances of '\t' or '\n' + * (this is a limitation of how the data is stored and will be addressed in + * the future). + * - The key must have a length no more than 256. + * - The value must not contain '\n' and must have a length no more than 1024. + * (the length limits are to prevent unbounded disk and memory usage) + */ + +/** + * Data that is DataStorage_Persistent is saved on disk. DataStorage_Temporary + * and DataStorage_Private are not saved. DataStorage_Private is meant to + * only be set and accessed from private contexts. It will be cleared upon + * observing the event "last-pb-context-exited". + */ +enum DataStorageType { + DataStorage_Persistent, + DataStorage_Temporary, + DataStorage_Private +}; + +class DataStorage : public nsIObserver +{ + typedef dom::DataStorageItem DataStorageItem; + +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIOBSERVER + + // If there is a profile directory, there is or will eventually be a file + // by the name specified by aFilename there. + static already_AddRefed Get(const nsString& aFilename); + static already_AddRefed GetIfExists(const nsString& aFilename); + + // Initializes the DataStorage. Must be called before using. + // aDataWillPersist returns whether or not data can be persistently saved. + nsresult Init(/*out*/bool& aDataWillPersist); + // Given a key and a type of data, returns a value. Returns an empty string if + // the key is not present for that type of data. If Get is called before the + // "data-storage-ready" event is observed, it will block. NB: It is not + // currently possible to differentiate between missing data and data that is + // the empty string. + nsCString Get(const nsCString& aKey, DataStorageType aType); + // Give a key, value, and type of data, adds an entry as appropriate. + // Updates existing entries. + nsresult Put(const nsCString& aKey, const nsCString& aValue, + DataStorageType aType); + // Given a key and type of data, removes an entry if present. + void Remove(const nsCString& aKey, DataStorageType aType); + // Removes all entries of all types of data. + nsresult Clear(); + + // Read all of the data items. + void GetAll(InfallibleTArray* aItems); + +private: + explicit DataStorage(const nsString& aFilename); + virtual ~DataStorage(); + + class Writer; + class Reader; + + class Entry + { + public: + Entry(); + bool UpdateScore(); + + uint32_t mScore; + int32_t mLastAccessed; // the last accessed time in days since the epoch + nsCString mValue; + }; + + // Utility class for scanning tables for an entry to evict. + class KeyAndEntry + { + public: + nsCString mKey; + Entry mEntry; + }; + + typedef nsDataHashtable DataStorageTable; + typedef nsRefPtrHashtable DataStorages; + + void WaitForReady(); + nsresult AsyncWriteData(const MutexAutoLock& aProofOfLock); + nsresult AsyncReadData(bool& aHaveProfileDir, + const MutexAutoLock& aProofOfLock); + nsresult AsyncSetTimer(const MutexAutoLock& aProofOfLock); + nsresult DispatchShutdownTimer(const MutexAutoLock& aProofOfLock); + + static nsresult ValidateKeyAndValue(const nsCString& aKey, + const nsCString& aValue); + static void TimerCallback(nsITimer* aTimer, void* aClosure); + void SetTimer(); + void ShutdownTimer(); + void NotifyObservers(const char* aTopic); + + bool GetInternal(const nsCString& aKey, Entry* aEntry, DataStorageType aType, + const MutexAutoLock& aProofOfLock); + nsresult PutInternal(const nsCString& aKey, Entry& aEntry, + DataStorageType aType, + const MutexAutoLock& aProofOfLock); + void MaybeEvictOneEntry(DataStorageType aType, + const MutexAutoLock& aProofOfLock); + DataStorageTable& GetTableForType(DataStorageType aType, + const MutexAutoLock& aProofOfLock); + + void ReadAllFromTable(DataStorageType aType, + InfallibleTArray* aItems, + const MutexAutoLock& aProofOfLock); + + Mutex mMutex; // This mutex protects access to the following members: + DataStorageTable mPersistentDataTable; + DataStorageTable mTemporaryDataTable; + DataStorageTable mPrivateDataTable; + nsCOMPtr mWorkerThread; + nsCOMPtr mBackingFile; + nsCOMPtr mTimer; // All uses after init must be on the worker thread + uint32_t mTimerDelay; // in milliseconds + bool mPendingWrite; // true if a write is needed but hasn't been dispatched + bool mShuttingDown; + bool mInitCalled; // Indicates that Init() has been called. + // (End list of members protected by mMutex) + + Monitor mReadyMonitor; // Do not acquire this at the same time as mMutex. + bool mReady; // Indicates that saved data has been read and Get can proceed. + + const nsString mFilename; + + static StaticAutoPtr sDataStorages; +}; + +} // namespace mozilla + +#endif // mozilla_DataStorage_h diff --git a/security/manager/ssl/DataStorageIPCUtils.h b/security/manager/ssl/DataStorageIPCUtils.h new file mode 100644 index 000000000..cab159e60 --- /dev/null +++ b/security/manager/ssl/DataStorageIPCUtils.h @@ -0,0 +1,21 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef ipc_DataStorageIPCUtils_h +#define ipc_DataStorageIPCUtils_h + +#include "ipc/IPCMessageUtils.h" +#include "mozilla/DataStorage.h" + +namespace IPC { + template<> + struct ParamTraits : + public ContiguousEnumSerializer {}; +} // namespace IPC + +#endif // mozilla_DataStorageIPCUtils_hh diff --git a/security/manager/ssl/LocalCertService.cpp b/security/manager/ssl/LocalCertService.cpp new file mode 100644 index 000000000..7ea0b4789 --- /dev/null +++ b/security/manager/ssl/LocalCertService.cpp @@ -0,0 +1,501 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "LocalCertService.h" + +#include "CryptoTask.h" +#include "ScopedNSSTypes.h" +#include "cert.h" +#include "mozilla/Casting.h" +#include "mozilla/ModuleUtils.h" +#include "mozilla/RefPtr.h" +#include "nsIPK11Token.h" +#include "nsIPK11TokenDB.h" +#include "nsIX509Cert.h" +#include "nsIX509CertDB.h" +#include "nsIX509CertValidity.h" +#include "nsLiteralString.h" +#include "nsProxyRelease.h" +#include "nsServiceManagerUtils.h" +#include "nsString.h" +#include "pk11pub.h" + +namespace mozilla { + +class LocalCertTask : public CryptoTask +{ +protected: + explicit LocalCertTask(const nsACString& aNickname) + : mNickname(aNickname) + { + } + + nsresult RemoveExisting() + { + // Search for any existing certs with this name and remove them + nsresult rv; + + for (;;) { + UniqueCERTCertificate cert( + PK11_FindCertFromNickname(mNickname.get(), nullptr)); + if (!cert) { + return NS_OK; // All done + } + + // Found a cert, check if generated by this service + if (!cert->isRoot) { + return NS_ERROR_UNEXPECTED; // Should be self-signed + } + + NS_NAMED_LITERAL_CSTRING(commonNamePrefix, "CN="); + nsAutoCString subjectNameFromNickname(commonNamePrefix + mNickname); + if (!subjectNameFromNickname.Equals(cert->subjectName)) { + return NS_ERROR_UNEXPECTED; // Subject should match nickname + } + if (!subjectNameFromNickname.Equals(cert->issuerName)) { + return NS_ERROR_UNEXPECTED; // Issuer should match nickname + } + + rv = MapSECStatus(PK11_DeleteTokenCertAndKey(cert.get(), nullptr)); + if (NS_FAILED(rv)) { + return rv; // Some error, abort the loop + } + } + } + + nsCString mNickname; +}; + +class LocalCertGetTask final : public LocalCertTask +{ +public: + LocalCertGetTask(const nsACString& aNickname, + nsILocalCertGetCallback* aCallback) + : LocalCertTask(aNickname) + , mCallback(new nsMainThreadPtrHolder(aCallback)) + , mCert(nullptr) + { + } + +private: + virtual nsresult CalculateResult() override + { + // Try to lookup an existing cert in the DB + nsresult rv = GetFromDB(); + // Make a new one if getting fails + if (NS_FAILED(rv)) { + rv = Generate(); + } + // If generation fails, we're out of luck + if (NS_FAILED(rv)) { + return rv; + } + + // Validate cert, make a new one if it fails + rv = Validate(); + if (NS_FAILED(rv)) { + rv = Generate(); + } + // If generation fails, we're out of luck + if (NS_FAILED(rv)) { + return rv; + } + + return NS_OK; + } + + nsresult Generate() + { + nsresult rv; + + // Get the key slot for generation later + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + + // Remove existing certs with this name (if any) + rv = RemoveExisting(); + if (NS_FAILED(rv)) { + return rv; + } + + // Generate a new cert + NS_NAMED_LITERAL_CSTRING(commonNamePrefix, "CN="); + nsAutoCString subjectNameStr(commonNamePrefix + mNickname); + UniqueCERTName subjectName(CERT_AsciiToName(subjectNameStr.get())); + if (!subjectName) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + + // Use the well-known NIST P-256 curve + SECOidData* curveOidData = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); + if (!curveOidData) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + + // Get key params from the curve + ScopedAutoSECItem keyParams(2 + curveOidData->oid.len); + keyParams.data[0] = SEC_ASN1_OBJECT_ID; + keyParams.data[1] = curveOidData->oid.len; + memcpy(keyParams.data + 2, curveOidData->oid.data, curveOidData->oid.len); + + // Generate cert key pair + SECKEYPublicKey* tempPublicKey; + UniqueSECKEYPrivateKey privateKey( + PK11_GenerateKeyPair(slot.get(), CKM_EC_KEY_PAIR_GEN, &keyParams, + &tempPublicKey, true /* token */, + true /* sensitive */, nullptr)); + UniqueSECKEYPublicKey publicKey(tempPublicKey); + tempPublicKey = nullptr; + if (!privateKey || !publicKey) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + + // Create subject public key info and cert request + UniqueCERTSubjectPublicKeyInfo spki( + SECKEY_CreateSubjectPublicKeyInfo(publicKey.get())); + if (!spki) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + UniqueCERTCertificateRequest certRequest( + CERT_CreateCertificateRequest(subjectName.get(), spki.get(), nullptr)); + if (!certRequest) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + + // Valid from one day before to 1 year after + static const PRTime oneDay = PRTime(PR_USEC_PER_SEC) + * PRTime(60) // sec + * PRTime(60) // min + * PRTime(24); // hours + + PRTime now = PR_Now(); + PRTime notBefore = now - oneDay; + PRTime notAfter = now + (PRTime(365) * oneDay); + UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter)); + if (!validity) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + + // Generate random serial + unsigned long serial; + // This serial in principle could collide, but it's unlikely + rv = MapSECStatus(PK11_GenerateRandomOnSlot( + slot.get(), BitwiseCast(&serial), + sizeof(serial))); + if (NS_FAILED(rv)) { + return rv; + } + + // Create the cert from these pieces + UniqueCERTCertificate cert( + CERT_CreateCertificate(serial, subjectName.get(), validity.get(), + certRequest.get())); + if (!cert) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + + // Update the cert version to X509v3 + if (!cert->version.data) { + return NS_ERROR_INVALID_POINTER; + } + *(cert->version.data) = SEC_CERTIFICATE_VERSION_3; + cert->version.len = 1; + + // Set cert signature algorithm + PLArenaPool* arena = cert->arena; + if (!arena) { + return NS_ERROR_INVALID_POINTER; + } + rv = MapSECStatus( + SECOID_SetAlgorithmID(arena, &cert->signature, + SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, 0)); + if (NS_FAILED(rv)) { + return rv; + } + + // Encode and self-sign the cert + UniqueSECItem certDER( + SEC_ASN1EncodeItem(nullptr, nullptr, cert.get(), + SEC_ASN1_GET(CERT_CertificateTemplate))); + if (!certDER) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + rv = MapSECStatus( + SEC_DerSignData(arena, &cert->derCert, certDER->data, certDER->len, + privateKey.get(), + SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE)); + if (NS_FAILED(rv)) { + return rv; + } + + // Create a CERTCertificate from the signed data + UniqueCERTCertificate certFromDER( + CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &cert->derCert, nullptr, + true /* perm */, true /* copyDER */)); + if (!certFromDER) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + + // Save the cert in the DB + rv = MapSECStatus(PK11_ImportCert(slot.get(), certFromDER.get(), + CK_INVALID_HANDLE, mNickname.get(), + false /* unused */)); + if (NS_FAILED(rv)) { + return rv; + } + + // We should now have cert in the DB, read it back in nsIX509Cert form + return GetFromDB(); + } + + nsresult GetFromDB() + { + nsCOMPtr certDB = do_GetService(NS_X509CERTDB_CONTRACTID); + if (!certDB) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr certFromDB; + nsresult rv; + rv = certDB->FindCertByNickname(NS_ConvertASCIItoUTF16(mNickname), + getter_AddRefs(certFromDB)); + if (NS_FAILED(rv)) { + return rv; + } + mCert = certFromDB; + return NS_OK; + } + + nsresult Validate() + { + // Verify cert is self-signed + bool selfSigned; + nsresult rv = mCert->GetIsSelfSigned(&selfSigned); + if (NS_FAILED(rv)) { + return rv; + } + if (!selfSigned) { + return NS_ERROR_FAILURE; + } + + // Check that subject and issuer match nickname + nsXPIDLString subjectName; + nsXPIDLString issuerName; + mCert->GetSubjectName(subjectName); + mCert->GetIssuerName(issuerName); + if (!subjectName.Equals(issuerName)) { + return NS_ERROR_FAILURE; + } + NS_NAMED_LITERAL_STRING(commonNamePrefix, "CN="); + nsAutoString subjectNameFromNickname( + commonNamePrefix + NS_ConvertASCIItoUTF16(mNickname)); + if (!subjectName.Equals(subjectNameFromNickname)) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr validity; + mCert->GetValidity(getter_AddRefs(validity)); + + PRTime notBefore, notAfter; + validity->GetNotBefore(¬Before); + validity->GetNotAfter(¬After); + + // Ensure cert will last at least one more day + static const PRTime oneDay = PRTime(PR_USEC_PER_SEC) + * PRTime(60) // sec + * PRTime(60) // min + * PRTime(24); // hours + PRTime now = PR_Now(); + if (notBefore > now || + notAfter < (now - oneDay)) { + return NS_ERROR_FAILURE; + } + + return NS_OK; + } + + virtual void ReleaseNSSResources() override {} + + virtual void CallCallback(nsresult rv) override + { + (void) mCallback->HandleCert(mCert, rv); + } + + nsMainThreadPtrHandle mCallback; + nsCOMPtr mCert; // out +}; + +class LocalCertRemoveTask final : public LocalCertTask +{ +public: + LocalCertRemoveTask(const nsACString& aNickname, + nsILocalCertCallback* aCallback) + : LocalCertTask(aNickname) + , mCallback(new nsMainThreadPtrHolder(aCallback)) + { + } + +private: + virtual nsresult CalculateResult() override + { + return RemoveExisting(); + } + + virtual void ReleaseNSSResources() override {} + + virtual void CallCallback(nsresult rv) override + { + (void) mCallback->HandleResult(rv); + } + + nsMainThreadPtrHandle mCallback; +}; + +NS_IMPL_ISUPPORTS(LocalCertService, nsILocalCertService) + +LocalCertService::LocalCertService() +{ +} + +LocalCertService::~LocalCertService() +{ +} + +nsresult +LocalCertService::LoginToKeySlot() +{ + nsresult rv; + + // Get access to key slot + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + + // If no user password yet, set it an empty one + if (PK11_NeedUserInit(slot.get())) { + rv = MapSECStatus(PK11_InitPin(slot.get(), "", "")); + if (NS_FAILED(rv)) { + return rv; + } + } + + // If user has a password set, prompt to login + if (PK11_NeedLogin(slot.get()) && !PK11_IsLoggedIn(slot.get(), nullptr)) { + // Switching to XPCOM to get the UI prompt that PSM owns + nsCOMPtr tokenDB = + do_GetService(NS_PK11TOKENDB_CONTRACTID); + if (!tokenDB) { + return NS_ERROR_FAILURE; + } + nsCOMPtr keyToken; + tokenDB->GetInternalKeyToken(getter_AddRefs(keyToken)); + if (!keyToken) { + return NS_ERROR_FAILURE; + } + // Prompt the user to login + return keyToken->Login(false /* force */); + } + + return NS_OK; +} + +NS_IMETHODIMP +LocalCertService::GetOrCreateCert(const nsACString& aNickname, + nsILocalCertGetCallback* aCallback) +{ + if (NS_WARN_IF(aNickname.IsEmpty())) { + return NS_ERROR_INVALID_ARG; + } + if (NS_WARN_IF(!aCallback)) { + return NS_ERROR_INVALID_POINTER; + } + + // Before sending off the task, login to key slot if needed + nsresult rv = LoginToKeySlot(); + if (NS_FAILED(rv)) { + aCallback->HandleCert(nullptr, rv); + return NS_OK; + } + + RefPtr task(new LocalCertGetTask(aNickname, aCallback)); + return task->Dispatch("LocalCertGet"); +} + +NS_IMETHODIMP +LocalCertService::RemoveCert(const nsACString& aNickname, + nsILocalCertCallback* aCallback) +{ + if (NS_WARN_IF(aNickname.IsEmpty())) { + return NS_ERROR_INVALID_ARG; + } + if (NS_WARN_IF(!aCallback)) { + return NS_ERROR_INVALID_POINTER; + } + + // Before sending off the task, login to key slot if needed + nsresult rv = LoginToKeySlot(); + if (NS_FAILED(rv)) { + aCallback->HandleResult(rv); + return NS_OK; + } + + RefPtr task( + new LocalCertRemoveTask(aNickname, aCallback)); + return task->Dispatch("LocalCertRm"); +} + +NS_IMETHODIMP +LocalCertService::GetLoginPromptRequired(bool* aRequired) +{ + nsresult rv; + + // Get access to key slot + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); + } + + // If no user password yet, set it an empty one + if (PK11_NeedUserInit(slot.get())) { + rv = MapSECStatus(PK11_InitPin(slot.get(), "", "")); + if (NS_FAILED(rv)) { + return rv; + } + } + + *aRequired = PK11_NeedLogin(slot.get()) && + !PK11_IsLoggedIn(slot.get(), nullptr); + return NS_OK; +} + +#define LOCALCERTSERVICE_CID \ +{ 0x47402be2, 0xe653, 0x45d0, \ + { 0x8d, 0xaa, 0x9f, 0x0d, 0xce, 0x0a, 0xc1, 0x48 } } + +NS_GENERIC_FACTORY_CONSTRUCTOR(LocalCertService) + +NS_DEFINE_NAMED_CID(LOCALCERTSERVICE_CID); + +static const Module::CIDEntry kLocalCertServiceCIDs[] = { + { &kLOCALCERTSERVICE_CID, false, nullptr, LocalCertServiceConstructor }, + { nullptr } +}; + +static const Module::ContractIDEntry kLocalCertServiceContracts[] = { + { LOCALCERTSERVICE_CONTRACTID, &kLOCALCERTSERVICE_CID }, + { nullptr } +}; + +static const Module kLocalCertServiceModule = { + Module::kVersion, + kLocalCertServiceCIDs, + kLocalCertServiceContracts +}; + +NSMODULE_DEFN(LocalCertServiceModule) = &kLocalCertServiceModule; + +} // namespace mozilla diff --git a/security/manager/ssl/LocalCertService.h b/security/manager/ssl/LocalCertService.h new file mode 100644 index 000000000..fb5a999cd --- /dev/null +++ b/security/manager/ssl/LocalCertService.h @@ -0,0 +1,27 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef LocalCertService_h +#define LocalCertService_h + +#include "nsILocalCertService.h" + +namespace mozilla { + +class LocalCertService final : public nsILocalCertService +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSILOCALCERTSERVICE + + LocalCertService(); + +private: + nsresult LoginToKeySlot(); + ~LocalCertService(); +}; + +} // namespace mozilla + +#endif // LocalCertService_h diff --git a/security/manager/ssl/NSSErrorsService.cpp b/security/manager/ssl/NSSErrorsService.cpp new file mode 100644 index 000000000..0632203b1 --- /dev/null +++ b/security/manager/ssl/NSSErrorsService.cpp @@ -0,0 +1,206 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "NSSErrorsService.h" + +#include "nsNSSComponent.h" +#include "nsServiceManagerUtils.h" +#include "pkix/pkixnss.h" +#include "secerr.h" +#include "sslerr.h" + +#define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties" +#define NSSERR_STRBUNDLE_URL "chrome://pipnss/locale/nsserrors.properties" + +namespace mozilla { +namespace psm { + +static_assert(mozilla::pkix::ERROR_BASE == + nsINSSErrorsService::MOZILLA_PKIX_ERROR_BASE, + "MOZILLA_PKIX_ERROR_BASE and " + "nsINSSErrorsService::MOZILLA_PKIX_ERROR_BASE do not match."); +static_assert(mozilla::pkix::ERROR_LIMIT == + nsINSSErrorsService::MOZILLA_PKIX_ERROR_LIMIT, + "MOZILLA_PKIX_ERROR_LIMIT and " + "nsINSSErrorsService::MOZILLA_PKIX_ERROR_LIMIT do not match."); + +static bool +IsPSMError(PRErrorCode error) +{ + return (error >= mozilla::pkix::ERROR_BASE && + error < mozilla::pkix::ERROR_LIMIT); +} + +NS_IMPL_ISUPPORTS(NSSErrorsService, nsINSSErrorsService) + +NSSErrorsService::~NSSErrorsService() { } + +nsresult +NSSErrorsService::Init() +{ + nsresult rv; + nsCOMPtr bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv)); + if (NS_FAILED(rv) || !bundleService) + return NS_ERROR_FAILURE; + + bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL, + getter_AddRefs(mPIPNSSBundle)); + if (!mPIPNSSBundle) + rv = NS_ERROR_FAILURE; + + bundleService->CreateBundle(NSSERR_STRBUNDLE_URL, + getter_AddRefs(mNSSErrorsBundle)); + if (!mNSSErrorsBundle) + rv = NS_ERROR_FAILURE; + + return rv; +} + +#define EXPECTED_SEC_ERROR_BASE (-0x2000) +#define EXPECTED_SSL_ERROR_BASE (-0x3000) + +#if SEC_ERROR_BASE != EXPECTED_SEC_ERROR_BASE || SSL_ERROR_BASE != EXPECTED_SSL_ERROR_BASE +#error "Unexpected change of error code numbers in lib NSS, please adjust the mapping code" +/* + * Please ensure the NSS error codes are mapped into the positive range 0x1000 to 0xf000 + * Search for NS_ERROR_MODULE_SECURITY to ensure there are no conflicts. + * The current code also assumes that NSS library error codes are negative. + */ +#endif + +bool +IsNSSErrorCode(PRErrorCode code) +{ + return IS_SEC_ERROR(code) || IS_SSL_ERROR(code) || IsPSMError(code); +} + +nsresult +GetXPCOMFromNSSError(PRErrorCode code) +{ + if (!code) { + MOZ_CRASH("Function failed without calling PR_GetError"); + } + + // The error codes within each module must be a 16 bit value. + // For simplicity we use the positive value of the NSS code. + return (nsresult)NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, + -1 * code); +} + +NS_IMETHODIMP +NSSErrorsService::IsNSSErrorCode(int32_t aNSPRCode, bool *_retval) +{ + if (!_retval) { + return NS_ERROR_INVALID_ARG; + } + + *_retval = mozilla::psm::IsNSSErrorCode(aNSPRCode); + return NS_OK; +} + +NS_IMETHODIMP +NSSErrorsService::GetXPCOMFromNSSError(int32_t aNSPRCode, nsresult *aXPCOMErrorCode) +{ + if (!aXPCOMErrorCode) { + return NS_ERROR_INVALID_ARG; + } + + if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) { + return NS_ERROR_INVALID_ARG; + } + + *aXPCOMErrorCode = mozilla::psm::GetXPCOMFromNSSError(aNSPRCode); + + return NS_OK; +} + +NS_IMETHODIMP +NSSErrorsService::GetErrorClass(nsresult aXPCOMErrorCode, uint32_t *aErrorClass) +{ + NS_ENSURE_ARG(aErrorClass); + + if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY || + NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) { + return NS_ERROR_FAILURE; + } + + int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode); + + if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) { + return NS_ERROR_FAILURE; + } + + if (mozilla::psm::ErrorIsOverridable(aNSPRCode)) { + *aErrorClass = ERROR_CLASS_BAD_CERT; + } else { + *aErrorClass = ERROR_CLASS_SSL_PROTOCOL; + } + + return NS_OK; +} + +bool +ErrorIsOverridable(PRErrorCode code) +{ + switch (code) + { + // Overridable errors. + case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: + case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME: + case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE: + case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE: + case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE: + case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA: + case SEC_ERROR_CA_CERT_INVALID: + case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: + case SEC_ERROR_EXPIRED_CERTIFICATE: + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + case SEC_ERROR_INVALID_TIME: + case SEC_ERROR_UNKNOWN_ISSUER: + case SSL_ERROR_BAD_CERT_DOMAIN: + return true; + // Non-overridable errors. + default: + return false; + } +} + +NS_IMETHODIMP +NSSErrorsService::GetErrorMessage(nsresult aXPCOMErrorCode, nsAString &aErrorMessage) +{ + if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY || + NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) { + return NS_ERROR_FAILURE; + } + + int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode); + + if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr theBundle = mPIPNSSBundle; + const char *id_str = nsNSSErrors::getOverrideErrorStringName(aNSPRCode); + + if (!id_str) { + id_str = nsNSSErrors::getDefaultErrorStringName(aNSPRCode); + theBundle = mNSSErrorsBundle; + } + + if (!id_str || !theBundle) { + return NS_ERROR_FAILURE; + } + + nsAutoString msg; + nsresult rv = + theBundle->GetStringFromName(NS_ConvertASCIItoUTF16(id_str).get(), + getter_Copies(msg)); + if (NS_SUCCEEDED(rv)) { + aErrorMessage = msg; + } + return rv; +} + +} // namespace psm +} // namespace mozilla diff --git a/security/manager/ssl/NSSErrorsService.h b/security/manager/ssl/NSSErrorsService.h new file mode 100644 index 000000000..844ceda35 --- /dev/null +++ b/security/manager/ssl/NSSErrorsService.h @@ -0,0 +1,49 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef NSSErrorsService_h +#define NSSErrorsService_h + +#include "nsINSSErrorsService.h" +#include "mozilla/Attributes.h" +#include "nsCOMPtr.h" +#include "nsIStringBundle.h" +#include "prerror.h" + +namespace mozilla { +namespace psm { + +class NSSErrorsService final : public nsINSSErrorsService +{ + NS_DECL_ISUPPORTS + NS_DECL_NSINSSERRORSSERVICE + +public: + nsresult Init(); + +private: + // For XPCOM implementations that are not a base class for some other + // class, it is good practice to make the destructor non-virtual and + // private. Then the only way to delete the object is via Release. +#ifdef _MSC_VER + // C4265: Class has virtual members but destructor is not virtual + __pragma(warning(disable:4265)) +#endif + ~NSSErrorsService(); + + nsCOMPtr mPIPNSSBundle; + nsCOMPtr mNSSErrorsBundle; +}; + +bool IsNSSErrorCode(PRErrorCode code); +nsresult GetXPCOMFromNSSError(PRErrorCode code); +bool ErrorIsOverridable(PRErrorCode code); + +} // namespace psm +} // namespace mozilla + +#define NS_NSSERRORSSERVICE_CID \ + { 0x9ef18451, 0xa157, 0x4d17, { 0x81, 0x32, 0x47, 0xaf, 0xef, 0x21, 0x36, 0x89 } } + +#endif // NSSErrorsService_h diff --git a/security/manager/ssl/PPSMContentDownloader.ipdl b/security/manager/ssl/PPSMContentDownloader.ipdl new file mode 100644 index 000000000..a9c0fc266 --- /dev/null +++ b/security/manager/ssl/PPSMContentDownloader.ipdl @@ -0,0 +1,28 @@ +/* vim: set sw=2 sts=2 ts=2 et tw=80 ft=cpp: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +include protocol PContent; +include protocol PChannelDiverter; + +namespace mozilla { +namespace psm { + +protocol PPSMContentDownloader +{ + manager PContent; + +parent: + async OnStartRequest(uint32_t contentLength); + async OnDataAvailable(nsCString data, uint64_t offset, uint32_t count); + async OnStopRequest(nsresult code); + + async DivertToParentUsing(PChannelDiverter diverter); + +child: + async __delete__(); +}; + +} // namespace psm +} // namespace mozilla diff --git a/security/manager/ssl/PSMContentListener.cpp b/security/manager/ssl/PSMContentListener.cpp new file mode 100644 index 000000000..688e2c18c --- /dev/null +++ b/security/manager/ssl/PSMContentListener.cpp @@ -0,0 +1,454 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set sw=2 sts=2 ts=2 et tw=80: + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "PSMContentListener.h" + +#include "nsIDivertableChannel.h" +#include "nsIStreamListener.h" +#include "nsIX509CertDB.h" +#include "nsIXULAppInfo.h" + +#include "mozilla/Casting.h" +#include "mozilla/Services.h" +#include "mozilla/Unused.h" + +#include "mozilla/dom/ContentChild.h" +#include "mozilla/net/ChannelDiverterParent.h" +#include "mozilla/net/ChannelDiverterChild.h" + +#include "nsCRT.h" +#include "nsNetUtil.h" +#include "nsIChannel.h" +#include "nsIInputStream.h" +#include "nsIURI.h" +#include "nsNSSHelper.h" + +#include "mozilla/Logging.h" + +extern mozilla::LazyLogModule gPIPNSSLog; + +namespace mozilla { namespace psm { + +namespace { + +const int32_t kDefaultCertAllocLength = 2048; + +enum { + UNKNOWN_TYPE = 0, + X509_CA_CERT = 1, + X509_USER_CERT = 2, + X509_EMAIL_CERT = 3, + X509_SERVER_CERT = 4 +}; + +/* other mime types that we should handle sometime: + + application/x-pkcs7-mime + application/pkcs7-signature + application/pre-encrypted + +*/ + +uint32_t +getPSMContentType(const char* aContentType) +{ + // Don't forget to update the registration of content listeners in nsNSSModule.cpp + // for every supported content type. + + if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert")) + return X509_CA_CERT; + if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert")) + return X509_SERVER_CERT; + if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert")) + return X509_USER_CERT; + if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert")) + return X509_EMAIL_CERT; + + return UNKNOWN_TYPE; +} + +int64_t +ComputeContentLength(nsIRequest* request) +{ + nsCOMPtr channel(do_QueryInterface(request)); + if (!channel) { + return -1; + } + + int64_t contentLength; + nsresult rv = channel->GetContentLength(&contentLength); + if (NS_FAILED(rv) || contentLength <= 0) { + return kDefaultCertAllocLength; + } + + if (contentLength > INT32_MAX) { + return -1; + } + + return contentLength; +} + +} // unnamed namespace + +/* ------------------------ + * PSMContentStreamListener + * ------------------------ */ + +PSMContentStreamListener::PSMContentStreamListener(uint32_t type) + : mType(type) +{ +} + +PSMContentStreamListener::~PSMContentStreamListener() +{ +} + +NS_IMPL_ISUPPORTS(PSMContentStreamListener, nsIStreamListener, nsIRequestObserver) + +NS_IMETHODIMP +PSMContentStreamListener::OnStartRequest(nsIRequest* request, nsISupports* context) +{ + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertDownloader::OnStartRequest\n")); + + int64_t contentLength = ComputeContentLength(request); + if (contentLength < 0) { + return NS_ERROR_FAILURE; + } + + mByteData.SetCapacity(contentLength); + return NS_OK; +} + +NS_IMETHODIMP +PSMContentStreamListener::OnDataAvailable(nsIRequest* request, + nsISupports* context, + nsIInputStream* aIStream, + uint64_t aSourceOffset, + uint32_t aLength) +{ + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertDownloader::OnDataAvailable\n")); + + nsCString chunk; + nsresult rv = NS_ReadInputStreamToString(aIStream, chunk, aLength); + if (NS_FAILED(rv)) { + return rv; + } + + mByteData.Append(chunk); + return NS_OK; +} + +NS_IMETHODIMP +PSMContentStreamListener::OnStopRequest(nsIRequest* request, + nsISupports* context, + nsresult aStatus) +{ + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertDownloader::OnStopRequest\n")); + + // Because importing the cert can spin the event loop (via alerts), we can't + // do it here. Do it off the event loop instead. + nsCOMPtr r = + NewRunnableMethod(this, &PSMContentStreamListener::ImportCertificate); + MOZ_ALWAYS_SUCCEEDS(NS_DispatchToMainThread(r)); + + return NS_OK; +} + +void +PSMContentStreamListener::ImportCertificate() +{ + nsCOMPtr certdb; + + nsCOMPtr ctx = new PipUIContext(); + + switch (mType) { + case X509_CA_CERT: + case X509_USER_CERT: + case X509_EMAIL_CERT: + certdb = do_GetService(NS_X509CERTDB_CONTRACTID); + break; + + default: + break; + } + + if (!certdb) { + return; + } + + switch (mType) { + case X509_CA_CERT: + certdb->ImportCertificates(BitwiseCast( + mByteData.BeginWriting()), + mByteData.Length(), mType, ctx); + break; + + case X509_USER_CERT: + certdb->ImportUserCertificate(BitwiseCast( + mByteData.BeginWriting()), + mByteData.Length(), ctx); + break; + + case X509_EMAIL_CERT: + certdb->ImportEmailCertificate(BitwiseCast( + mByteData.BeginWriting()), + mByteData.Length(), ctx); + break; + + default: + break; + } +} + +/* ------------------------ + * PSMContentDownloaderParent + * ------------------------ */ + +PSMContentDownloaderParent::PSMContentDownloaderParent(uint32_t type) + : PSMContentStreamListener(type) + , mIPCOpen(true) +{ +} + +PSMContentDownloaderParent::~PSMContentDownloaderParent() +{ +} + +bool +PSMContentDownloaderParent::RecvOnStartRequest(const uint32_t& contentLength) +{ + mByteData.SetCapacity(contentLength); + return true; +} + +bool +PSMContentDownloaderParent::RecvOnDataAvailable(const nsCString& data, + const uint64_t& offset, + const uint32_t& count) +{ + mByteData.Append(data); + return true; +} + +bool +PSMContentDownloaderParent::RecvOnStopRequest(const nsresult& code) +{ + if (NS_SUCCEEDED(code)) { + // See also PSMContentStreamListener::OnStopRequest. In this case, we don't + // have to dispatch ImportCertificate off of an event because we don't have + // to worry about Necko sending "clean up" events and destroying us if + // ImportCertificate spins the event loop. + ImportCertificate(); + } + + if (mIPCOpen) { + mozilla::Unused << Send__delete__(this); + } + return true; +} + +NS_IMETHODIMP +PSMContentDownloaderParent::OnStopRequest(nsIRequest* request, nsISupports* context, nsresult code) +{ + nsresult rv = PSMContentStreamListener::OnStopRequest(request, context, code); + + if (mIPCOpen) { + mozilla::Unused << Send__delete__(this); + } + return rv; +} + +bool +PSMContentDownloaderParent::RecvDivertToParentUsing(mozilla::net::PChannelDiverterParent* diverter) +{ + MOZ_ASSERT(diverter); + auto p = static_cast(diverter); + p->DivertTo(this); + mozilla::Unused << p->Send__delete__(p); + return true; +} + +void +PSMContentDownloaderParent::ActorDestroy(ActorDestroyReason why) +{ + mIPCOpen = false; +} + +/* ------------------------ + * PSMContentDownloaderChild + * ------------------------ */ + +NS_IMPL_ISUPPORTS(PSMContentDownloaderChild, nsIStreamListener) + +PSMContentDownloaderChild::PSMContentDownloaderChild() +{ +} + +PSMContentDownloaderChild::~PSMContentDownloaderChild() +{ +} + +NS_IMETHODIMP +PSMContentDownloaderChild::OnStartRequest(nsIRequest* request, nsISupports* context) +{ + nsCOMPtr divertable = do_QueryInterface(request); + if (divertable) { + mozilla::net::ChannelDiverterChild* diverter = nullptr; + nsresult rv = divertable->DivertToParent(&diverter); + if (NS_FAILED(rv)) { + return rv; + } + MOZ_ASSERT(diverter); + + return SendDivertToParentUsing(diverter) ? NS_OK : NS_ERROR_FAILURE; + } + + int64_t contentLength = ComputeContentLength(request); + if (contentLength < 0) { + return NS_ERROR_FAILURE; + } + + mozilla::Unused << SendOnStartRequest(contentLength); + return NS_OK; +} + +NS_IMETHODIMP +PSMContentDownloaderChild::OnDataAvailable(nsIRequest* request, + nsISupports* context, + nsIInputStream* aIStream, + uint64_t aSourceOffset, + uint32_t aLength) +{ + nsCString chunk; + nsresult rv = NS_ReadInputStreamToString(aIStream, chunk, aLength); + if (NS_FAILED(rv)) { + return rv; + } + + mozilla::Unused << SendOnDataAvailable(chunk, aSourceOffset, aLength); + return NS_OK; +} + +NS_IMETHODIMP +PSMContentDownloaderChild::OnStopRequest(nsIRequest* request, + nsISupports* context, + nsresult aStatus) +{ + mozilla::Unused << SendOnStopRequest(aStatus); + return NS_OK; +} + +/* ------------------------ + * PSMContentListener + * ------------------------ */ + +NS_IMPL_ISUPPORTS(PSMContentListener, + nsIURIContentListener, + nsISupportsWeakReference) + +PSMContentListener::PSMContentListener() +{ + mLoadCookie = nullptr; + mParentContentListener = nullptr; +} + +PSMContentListener::~PSMContentListener() +{ +} + +nsresult +PSMContentListener::init() +{ + return NS_OK; +} + +NS_IMETHODIMP +PSMContentListener::OnStartURIOpen(nsIURI* aURI, bool* aAbortOpen) +{ + //if we don't want to handle the URI, return true in + //*aAbortOpen + return NS_OK; +} + +NS_IMETHODIMP +PSMContentListener::IsPreferred(const char* aContentType, + char** aDesiredContentType, + bool* aCanHandleContent) +{ + return CanHandleContent(aContentType, true, + aDesiredContentType, aCanHandleContent); +} + +NS_IMETHODIMP +PSMContentListener::CanHandleContent(const char* aContentType, + bool aIsContentPreferred, + char** aDesiredContentType, + bool* aCanHandleContent) +{ + uint32_t type = getPSMContentType(aContentType); + *aCanHandleContent = (type != UNKNOWN_TYPE); + return NS_OK; +} + +NS_IMETHODIMP +PSMContentListener::DoContent(const nsACString& aContentType, + bool aIsContentPreferred, + nsIRequest* aRequest, + nsIStreamListener** aContentHandler, + bool* aAbortProcess) +{ + uint32_t type; + type = getPSMContentType(PromiseFlatCString(aContentType).get()); + if (gPIPNSSLog) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PSMContentListener::DoContent\n")); + } + if (type != UNKNOWN_TYPE) { + nsCOMPtr downloader; + if (XRE_IsParentProcess()) { + downloader = new PSMContentStreamListener(type); + } else { + downloader = static_cast( + dom::ContentChild::GetSingleton()->SendPPSMContentDownloaderConstructor(type)); + } + + downloader.forget(aContentHandler); + return NS_OK; + } + return NS_ERROR_FAILURE; +} + +NS_IMETHODIMP +PSMContentListener::GetLoadCookie(nsISupports** aLoadCookie) +{ + nsCOMPtr loadCookie(mLoadCookie); + loadCookie.forget(aLoadCookie); + return NS_OK; +} + +NS_IMETHODIMP +PSMContentListener::SetLoadCookie(nsISupports* aLoadCookie) +{ + mLoadCookie = aLoadCookie; + return NS_OK; +} + +NS_IMETHODIMP +PSMContentListener::GetParentContentListener(nsIURIContentListener** aContentListener) +{ + nsCOMPtr listener(mParentContentListener); + listener.forget(aContentListener); + return NS_OK; +} + +NS_IMETHODIMP +PSMContentListener::SetParentContentListener(nsIURIContentListener* aContentListener) +{ + mParentContentListener = aContentListener; + return NS_OK; +} + +} } // namespace mozilla::psm diff --git a/security/manager/ssl/PSMContentListener.h b/security/manager/ssl/PSMContentListener.h new file mode 100644 index 000000000..d948383a4 --- /dev/null +++ b/security/manager/ssl/PSMContentListener.h @@ -0,0 +1,111 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_psm_PSMCOntentListener_h_ +#define mozilla_psm_PSMCOntentListener_h_ + +#include "nsCOMPtr.h" +#include "nsIURIContentListener.h" +#include "nsWeakReference.h" +#include "mozilla/psm/PPSMContentDownloaderChild.h" +#include "mozilla/psm/PPSMContentDownloaderParent.h" + +#define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}} +#define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1" + +namespace mozilla { +namespace net { + +class PChannelDiverterParent; + +} // namespace net +} // namespace mozilla + +namespace mozilla { namespace psm { + +// PSMContentStreamListener for parent-process downloading. +class PSMContentStreamListener : public nsIStreamListener +{ +public: + explicit PSMContentStreamListener(uint32_t type); + NS_DECL_ISUPPORTS + NS_DECL_NSIREQUESTOBSERVER + NS_DECL_NSISTREAMLISTENER + + void ImportCertificate(); + +protected: + virtual ~PSMContentStreamListener(); + + nsCString mByteData; + uint32_t mType; +}; + +// Parent actor for importing a remote cert when the load was started by the +// child. +class PSMContentDownloaderParent : public PPSMContentDownloaderParent + , public PSMContentStreamListener +{ +public: + explicit PSMContentDownloaderParent(uint32_t type); + + virtual bool RecvOnStartRequest(const uint32_t &contentLength) override; + virtual bool RecvOnDataAvailable(const nsCString &data, + const uint64_t &offset, + const uint32_t &count) override; + virtual bool RecvOnStopRequest(const nsresult &code) override; + + // We inherit most of nsIStreamListener from PSMContentStreamListener, but + // we have to override OnStopRequest to know when we're done with our IPC + // ref. + NS_IMETHOD OnStopRequest(nsIRequest *request, nsISupports *aContext, nsresult code) override; + + virtual bool RecvDivertToParentUsing(mozilla::net::PChannelDiverterParent *diverter) override; + +protected: + virtual ~PSMContentDownloaderParent(); + + virtual void ActorDestroy(ActorDestroyReason why) override; + bool mIPCOpen; +}; + +// Child actor for importing a cert. +class PSMContentDownloaderChild : public nsIStreamListener + , public PPSMContentDownloaderChild +{ +public: + PSMContentDownloaderChild(); + + NS_DECL_ISUPPORTS + NS_DECL_NSIREQUESTOBSERVER + NS_DECL_NSISTREAMLISTENER + +private: + ~PSMContentDownloaderChild(); +}; + + +class PSMContentListener : public nsIURIContentListener, + public nsSupportsWeakReference +{ +public: + PSMContentListener(); + nsresult init(); + + NS_DECL_ISUPPORTS + NS_DECL_NSIURICONTENTLISTENER + +protected: + virtual ~PSMContentListener(); + +private: + nsCOMPtr mLoadCookie; + nsCOMPtr mParentContentListener; +}; + +} } // namespace mozilla::psm + +#endif // mozilla_psm_PSMCOntentListener_h diff --git a/security/manager/ssl/PSMRunnable.cpp b/security/manager/ssl/PSMRunnable.cpp new file mode 100644 index 000000000..9f151a83f --- /dev/null +++ b/security/manager/ssl/PSMRunnable.cpp @@ -0,0 +1,47 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public +* License, v. 2.0. If a copy of the MPL was not distributed with this +* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "PSMRunnable.h" + +namespace mozilla { namespace psm { + +SyncRunnableBase::SyncRunnableBase() + : monitor("SyncRunnableBase::monitor") +{ +} + +nsresult +SyncRunnableBase::DispatchToMainThreadAndWait() +{ + nsresult rv; + if (NS_IsMainThread()) { + RunOnTargetThread(); + rv = NS_OK; + } else { + mozilla::MonitorAutoLock lock(monitor); + rv = NS_DispatchToMainThread(this); + if (NS_SUCCEEDED(rv)) { + lock.Wait(); + } + } + + return rv; +} + +NS_IMETHODIMP +SyncRunnableBase::Run() +{ + RunOnTargetThread(); + mozilla::MonitorAutoLock(monitor).Notify(); + return NS_OK; +} + +nsresult +NotifyObserverRunnable::Run() +{ + mObserver->Observe(nullptr, mTopic, nullptr); + return NS_OK; +} + +} } // namespace mozilla::psm diff --git a/security/manager/ssl/PSMRunnable.h b/security/manager/ssl/PSMRunnable.h new file mode 100644 index 000000000..b43bc62c6 --- /dev/null +++ b/security/manager/ssl/PSMRunnable.h @@ -0,0 +1,46 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public +* License, v. 2.0. If a copy of the MPL was not distributed with this +* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef PSMRunnable_h +#define PSMRunnable_h + +#include "mozilla/Monitor.h" +#include "nsThreadUtils.h" +#include "nsIObserver.h" +#include "nsProxyRelease.h" + +namespace mozilla { namespace psm { + +// Wait for the event to run on the target thread without spinning the event +// loop on the calling thread. (Dispatching events to a thread using +// NS_DISPATCH_SYNC would cause the event loop on the calling thread to spin.) +class SyncRunnableBase : public Runnable +{ +public: + NS_DECL_NSIRUNNABLE + nsresult DispatchToMainThreadAndWait(); +protected: + SyncRunnableBase(); + virtual void RunOnTargetThread() = 0; +private: + mozilla::Monitor monitor; +}; + +class NotifyObserverRunnable : public Runnable +{ +public: + NotifyObserverRunnable(nsIObserver * observer, + const char * topicStringLiteral) + : mObserver(new nsMainThreadPtrHolder(observer)), + mTopic(topicStringLiteral) { + } + NS_DECL_NSIRUNNABLE +private: + nsMainThreadPtrHandle mObserver; + const char * const mTopic; +}; + +} } // namespace mozilla::psm + +#endif diff --git a/security/manager/ssl/PublicKeyPinningService.cpp b/security/manager/ssl/PublicKeyPinningService.cpp new file mode 100644 index 000000000..1f34c880b --- /dev/null +++ b/security/manager/ssl/PublicKeyPinningService.cpp @@ -0,0 +1,374 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "PublicKeyPinningService.h" + +#include "RootCertificateTelemetryUtils.h" +#include "mozilla/Base64.h" +#include "mozilla/Casting.h" +#include "mozilla/Logging.h" +#include "mozilla/Telemetry.h" +#include "nsISiteSecurityService.h" +#include "nsServiceManagerUtils.h" +#include "nsSiteSecurityService.h" +#include "nssb64.h" +#include "pkix/pkixtypes.h" +#include "seccomon.h" +#include "sechash.h" + +#include "StaticHPKPins.h" // autogenerated by genHPKPStaticpins.js + +using namespace mozilla; +using namespace mozilla::pkix; +using namespace mozilla::psm; + +LazyLogModule gPublicKeyPinningLog("PublicKeyPinningService"); + +/** + Computes in the location specified by base64Out the SHA256 digest + of the DER Encoded subject Public Key Info for the given cert +*/ +static nsresult +GetBase64HashSPKI(const CERTCertificate* cert, nsACString& hashSPKIDigest) +{ + hashSPKIDigest.Truncate(); + Digest digest; + nsresult rv = digest.DigestBuf(SEC_OID_SHA256, cert->derPublicKey.data, + cert->derPublicKey.len); + if (NS_FAILED(rv)) { + return rv; + } + return Base64Encode(nsDependentCSubstring( + BitwiseCast(digest.get().data), + digest.get().len), + hashSPKIDigest); +} + +/* + * Sets certMatchesPinset to true if a given cert matches any fingerprints from + * the given pinset or the dynamicFingerprints array, or to false otherwise. + */ +static nsresult +EvalCert(const CERTCertificate* cert, const StaticFingerprints* fingerprints, + const nsTArray* dynamicFingerprints, + /*out*/ bool& certMatchesPinset) +{ + certMatchesPinset = false; + if (!fingerprints && !dynamicFingerprints) { + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: No hashes found\n")); + return NS_ERROR_INVALID_ARG; + } + + nsAutoCString base64Out; + nsresult rv = GetBase64HashSPKI(cert, base64Out); + if (NS_FAILED(rv)) { + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: GetBase64HashSPKI failed!\n")); + return rv; + } + + if (fingerprints) { + for (size_t i = 0; i < fingerprints->size; i++) { + if (base64Out.Equals(fingerprints->data[i])) { + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: found pin base_64 ='%s'\n", base64Out.get())); + certMatchesPinset = true; + return NS_OK; + } + } + } + if (dynamicFingerprints) { + for (size_t i = 0; i < dynamicFingerprints->Length(); i++) { + if (base64Out.Equals((*dynamicFingerprints)[i])) { + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: found pin base_64 ='%s'\n", base64Out.get())); + certMatchesPinset = true; + return NS_OK; + } + } + } + return NS_OK; +} + +/* + * Sets certListIntersectsPinset to true if a given chain matches any + * fingerprints from the given static fingerprints or the + * dynamicFingerprints array, or to false otherwise. + */ +static nsresult +EvalChain(const UniqueCERTCertList& certList, + const StaticFingerprints* fingerprints, + const nsTArray* dynamicFingerprints, + /*out*/ bool& certListIntersectsPinset) +{ + certListIntersectsPinset = false; + CERTCertificate* currentCert; + + if (!fingerprints && !dynamicFingerprints) { + MOZ_ASSERT(false, "Must pass in at least one type of pinset"); + return NS_ERROR_FAILURE; + } + + CERTCertListNode* node; + for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList); + node = CERT_LIST_NEXT(node)) { + currentCert = node->cert; + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: certArray subject: '%s'\n", currentCert->subjectName)); + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: certArray issuer: '%s'\n", currentCert->issuerName)); + nsresult rv = EvalCert(currentCert, fingerprints, dynamicFingerprints, + certListIntersectsPinset); + if (NS_FAILED(rv)) { + return rv; + } + if (certListIntersectsPinset) { + return NS_OK; + } + } + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, ("pkpin: no matches found\n")); + return NS_OK; +} + +/** + Comparator for the is public key pinned host. +*/ +static int +TransportSecurityPreloadCompare(const void* key, const void* entry) { + auto keyStr = static_cast(key); + auto preloadEntry = static_cast(entry); + + return strcmp(keyStr, preloadEntry->mHost); +} + +nsresult +PublicKeyPinningService::ChainMatchesPinset(const UniqueCERTCertList& certList, + const nsTArray& aSHA256keys, + /*out*/ bool& chainMatchesPinset) +{ + return EvalChain(certList, nullptr, &aSHA256keys, chainMatchesPinset); +} + +// Returns via one of the output parameters the most relevant pinning +// information that is valid for the given host at the given time. +// Dynamic pins are prioritized over static pins. +static nsresult +FindPinningInformation(const char* hostname, mozilla::pkix::Time time, + /*out*/ nsTArray& dynamicFingerprints, + /*out*/ TransportSecurityPreload*& staticFingerprints) +{ + if (!hostname || hostname[0] == 0) { + return NS_ERROR_INVALID_ARG; + } + staticFingerprints = nullptr; + dynamicFingerprints.Clear(); + nsCOMPtr sssService = + do_GetService(NS_SSSERVICE_CONTRACTID); + if (!sssService) { + return NS_ERROR_FAILURE; + } + TransportSecurityPreload* foundEntry = nullptr; + char* evalHost = const_cast(hostname); + char* evalPart; + // Notice how the (xx = strchr) prevents pins for unqualified domain names. + while (!foundEntry && (evalPart = strchr(evalHost, '.'))) { + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: Querying pinsets for host: '%s'\n", evalHost)); + // Attempt dynamic pins first + nsresult rv; + bool found; + bool includeSubdomains; + nsTArray pinArray; + rv = sssService->GetKeyPinsForHostname(evalHost, time, pinArray, + &includeSubdomains, &found); + if (NS_FAILED(rv)) { + return rv; + } + if (found && (evalHost == hostname || includeSubdomains)) { + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: Found dyn match for host: '%s'\n", evalHost)); + dynamicFingerprints = pinArray; + return NS_OK; + } + + foundEntry = (TransportSecurityPreload *)bsearch(evalHost, + kPublicKeyPinningPreloadList, + sizeof(kPublicKeyPinningPreloadList) / sizeof(TransportSecurityPreload), + sizeof(TransportSecurityPreload), + TransportSecurityPreloadCompare); + if (foundEntry) { + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: Found pinset for host: '%s'\n", evalHost)); + if (evalHost != hostname) { + if (!foundEntry->mIncludeSubdomains) { + // Does not apply to this host, continue iterating + foundEntry = nullptr; + } + } + } else { + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: Didn't find pinset for host: '%s'\n", evalHost)); + } + // Add one for '.' + evalHost = evalPart + 1; + } + + if (foundEntry && foundEntry->pinset) { + if (time > TimeFromEpochInSeconds(kPreloadPKPinsExpirationTime / + PR_USEC_PER_SEC)) { + return NS_OK; + } + staticFingerprints = foundEntry; + } + return NS_OK; +} + +// Returns true via the output parameter if the given certificate list meets +// pinning requirements for the given host at the given time. It must be the +// case that either there is an intersection between the set of hashes of +// subject public key info data in the list and the most relevant non-expired +// pinset for the host or there is no pinning information for the host. +static nsresult +CheckPinsForHostname(const UniqueCERTCertList& certList, const char* hostname, + bool enforceTestMode, mozilla::pkix::Time time, + /*out*/ bool& chainHasValidPins, + /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo) +{ + chainHasValidPins = false; + if (!certList) { + return NS_ERROR_INVALID_ARG; + } + if (!hostname || hostname[0] == 0) { + return NS_ERROR_INVALID_ARG; + } + + nsTArray dynamicFingerprints; + TransportSecurityPreload* staticFingerprints = nullptr; + nsresult rv = FindPinningInformation(hostname, time, dynamicFingerprints, + staticFingerprints); + // If we have no pinning information, the certificate chain trivially + // validates with respect to pinning. + if (dynamicFingerprints.Length() == 0 && !staticFingerprints) { + chainHasValidPins = true; + return NS_OK; + } + if (dynamicFingerprints.Length() > 0) { + return EvalChain(certList, nullptr, &dynamicFingerprints, chainHasValidPins); + } + if (staticFingerprints) { + bool enforceTestModeResult; + rv = EvalChain(certList, staticFingerprints->pinset, nullptr, + enforceTestModeResult); + if (NS_FAILED(rv)) { + return rv; + } + chainHasValidPins = enforceTestModeResult; + Telemetry::ID histogram = staticFingerprints->mIsMoz + ? Telemetry::CERT_PINNING_MOZ_RESULTS + : Telemetry::CERT_PINNING_RESULTS; + if (staticFingerprints->mTestMode) { + histogram = staticFingerprints->mIsMoz + ? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS + : Telemetry::CERT_PINNING_TEST_RESULTS; + if (!enforceTestMode) { + chainHasValidPins = true; + } + } + // We can collect per-host pinning violations for this host because it is + // operationally critical to Firefox. + if (pinningTelemetryInfo) { + if (staticFingerprints->mId != kUnknownId) { + int32_t bucket = staticFingerprints->mId * 2 + + (enforceTestModeResult ? 1 : 0); + histogram = staticFingerprints->mTestMode + ? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS_BY_HOST + : Telemetry::CERT_PINNING_MOZ_RESULTS_BY_HOST; + pinningTelemetryInfo->certPinningResultBucket = bucket; + } else { + pinningTelemetryInfo->certPinningResultBucket = + enforceTestModeResult ? 1 : 0; + } + pinningTelemetryInfo->accumulateResult = true; + pinningTelemetryInfo->certPinningResultHistogram = histogram; + } + + // We only collect per-CA pinning statistics upon failures. + CERTCertListNode* rootNode = CERT_LIST_TAIL(certList); + // Only log telemetry if the certificate list is non-empty. + if (!CERT_LIST_END(rootNode, certList)) { + if (!enforceTestModeResult && pinningTelemetryInfo) { + int32_t binNumber = RootCABinNumber(&rootNode->cert->derCert); + if (binNumber != ROOT_CERTIFICATE_UNKNOWN ) { + pinningTelemetryInfo->accumulateForRoot = true; + pinningTelemetryInfo->rootBucket = binNumber; + } + } + } + + MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, + ("pkpin: Pin check %s for %s host '%s' (mode=%s)\n", + enforceTestModeResult ? "passed" : "failed", + staticFingerprints->mIsMoz ? "mozilla" : "non-mozilla", + hostname, staticFingerprints->mTestMode ? "test" : "production")); + } + + return NS_OK; +} + +nsresult +PublicKeyPinningService::ChainHasValidPins(const UniqueCERTCertList& certList, + const char* hostname, + mozilla::pkix::Time time, + bool enforceTestMode, + /*out*/ bool& chainHasValidPins, + /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo) +{ + chainHasValidPins = false; + if (!certList) { + return NS_ERROR_INVALID_ARG; + } + if (!hostname || hostname[0] == 0) { + return NS_ERROR_INVALID_ARG; + } + nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname)); + return CheckPinsForHostname(certList, canonicalizedHostname.get(), + enforceTestMode, time, chainHasValidPins, + pinningTelemetryInfo); +} + +nsresult +PublicKeyPinningService::HostHasPins(const char* hostname, + mozilla::pkix::Time time, + bool enforceTestMode, + /*out*/ bool& hostHasPins) +{ + hostHasPins = false; + nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname)); + nsTArray dynamicFingerprints; + TransportSecurityPreload* staticFingerprints = nullptr; + nsresult rv = FindPinningInformation(canonicalizedHostname.get(), time, + dynamicFingerprints, staticFingerprints); + if (NS_FAILED(rv)) { + return rv; + } + if (dynamicFingerprints.Length() > 0) { + hostHasPins = true; + } else if (staticFingerprints) { + hostHasPins = !staticFingerprints->mTestMode || enforceTestMode; + } + return NS_OK; +} + +nsAutoCString +PublicKeyPinningService::CanonicalizeHostname(const char* hostname) +{ + nsAutoCString canonicalizedHostname(hostname); + ToLowerCase(canonicalizedHostname); + while (canonicalizedHostname.Length() > 0 && + canonicalizedHostname.Last() == '.') { + canonicalizedHostname.Truncate(canonicalizedHostname.Length() - 1); + } + return canonicalizedHostname; +} diff --git a/security/manager/ssl/PublicKeyPinningService.h b/security/manager/ssl/PublicKeyPinningService.h new file mode 100644 index 000000000..f42376b52 --- /dev/null +++ b/security/manager/ssl/PublicKeyPinningService.h @@ -0,0 +1,65 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef PublicKeyPinningService_h +#define PublicKeyPinningService_h + +#include "CertVerifier.h" +#include "ScopedNSSTypes.h" +#include "cert.h" +#include "nsString.h" +#include "nsTArray.h" +#include "pkix/Time.h" + +namespace mozilla { +namespace psm { + +class PublicKeyPinningService +{ +public: + /** + * Sets chainHasValidPins to true if the given (host, certList) passes pinning + * checks, or to false otherwise. If the host is pinned, returns true via + * chainHasValidPins if one of the keys in the given certificate chain matches + * the pin set specified by the hostname. The certList's head is the EE cert + * and the tail is the trust anchor. + * Note: if an alt name is a wildcard, it won't necessarily find a pinset + * that would otherwise be valid for it + */ + static nsresult ChainHasValidPins(const UniqueCERTCertList& certList, + const char* hostname, + mozilla::pkix::Time time, + bool enforceTestMode, + /*out*/ bool& chainHasValidPins, + /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo); + /** + * Sets chainMatchesPinset to true if there is any intersection between the + * certificate list and the pins specified in the aSHA256keys array. + * Values passed in are assumed to be in base64 encoded form. + */ + static nsresult ChainMatchesPinset(const UniqueCERTCertList& certList, + const nsTArray& aSHA256keys, + /*out*/ bool& chainMatchesPinset); + + /** + * Returns true via the output parameter hostHasPins if there is pinning + * information for the given host that is valid at the given time, and false + * otherwise. + */ + static nsresult HostHasPins(const char* hostname, + mozilla::pkix::Time time, + bool enforceTestMode, + /*out*/ bool& hostHasPins); + + /** + * Given a hostname of potentially mixed case with potentially multiple + * trailing '.' (see bug 1118522), canonicalizes it to lowercase with no + * trailing '.'. + */ + static nsAutoCString CanonicalizeHostname(const char* hostname); +}; + +}} // namespace mozilla::psm + +#endif // PublicKeyPinningService_h diff --git a/security/manager/ssl/PublicSSL.h b/security/manager/ssl/PublicSSL.h new file mode 100644 index 000000000..71351f3e4 --- /dev/null +++ b/security/manager/ssl/PublicSSL.h @@ -0,0 +1,25 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_SSL_h +#define mozilla_SSL_h + +namespace mozilla { + +void ClearPrivateSSLState(); + +namespace psm { + +void InitializeSSLServerCertVerificationThreads(); +void StopSSLServerCertVerificationThreads(); +void DisableMD5(); +nsresult InitializeCipherSuite(); + +} //namespace psm +} // namespace mozilla + +#endif + diff --git a/security/manager/ssl/RootCertificateTelemetryUtils.cpp b/security/manager/ssl/RootCertificateTelemetryUtils.cpp new file mode 100644 index 000000000..3f9ea3eb6 --- /dev/null +++ b/security/manager/ssl/RootCertificateTelemetryUtils.cpp @@ -0,0 +1,90 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "RootCertificateTelemetryUtils.h" + +#include "mozilla/Logging.h" +#include "RootHashes.inc" // Note: Generated by genRootCAHashes.js +#include "ScopedNSSTypes.h" +#include "mozilla/ArrayUtils.h" + +namespace mozilla { namespace psm { + +mozilla::LazyLogModule gPublicKeyPinningTelemetryLog("PublicKeyPinningTelemetryService"); + +// Used in the BinarySearch method, this does a memcmp between the pointer +// provided to its construtor and whatever the binary search is looking for. +// +// This implementation assumes everything to be of HASH_LEN, so it should not +// be used generically. +class BinaryHashSearchArrayComparator +{ +public: + explicit BinaryHashSearchArrayComparator(const uint8_t* aTarget, size_t len) + : mTarget(aTarget) + { + NS_ASSERTION(len == HASH_LEN, "Hashes should be of the same length."); + } + + int operator()(const CertAuthorityHash val) const { + return memcmp(mTarget, val.hash, HASH_LEN); + } + +private: + const uint8_t* mTarget; +}; + +// Perform a hash of the provided cert, then search in the RootHashes.inc data +// structure for a matching bin number. +int32_t +RootCABinNumber(const SECItem* cert) +{ + Digest digest; + + // Compute SHA256 hash of the certificate + nsresult rv = digest.DigestBuf(SEC_OID_SHA256, cert->data, cert->len); + if (NS_WARN_IF(NS_FAILED(rv))) { + return ROOT_CERTIFICATE_HASH_FAILURE; + } + + // Compare against list of stored hashes + size_t idx; + + MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug, + ("pkpinTelem: First bytes %02hx %02hx %02hx %02hx\n", + digest.get().data[0], digest.get().data[1], digest.get().data[2], digest.get().data[3])); + + if (mozilla::BinarySearchIf(ROOT_TABLE, 0, ArrayLength(ROOT_TABLE), + BinaryHashSearchArrayComparator(static_cast(digest.get().data), + digest.get().len), + &idx)) { + + MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug, + ("pkpinTelem: Telemetry index was %lu, bin is %d\n", + idx, ROOT_TABLE[idx].binNumber)); + return (int32_t) ROOT_TABLE[idx].binNumber; + } + + // Didn't match. + return ROOT_CERTIFICATE_UNKNOWN; +} + + +// Attempt to increment the appropriate bin in the provided Telemetry probe ID. If +// there was a hash failure, we do nothing. +void +AccumulateTelemetryForRootCA(mozilla::Telemetry::ID probe, + const CERTCertificate* cert) +{ + int32_t binId = RootCABinNumber(&cert->derCert); + + if (binId != ROOT_CERTIFICATE_HASH_FAILURE) { + Accumulate(probe, binId); + } +} + +} // namespace psm +} // namespace mozilla diff --git a/security/manager/ssl/RootCertificateTelemetryUtils.h b/security/manager/ssl/RootCertificateTelemetryUtils.h new file mode 100644 index 000000000..05dbb4e44 --- /dev/null +++ b/security/manager/ssl/RootCertificateTelemetryUtils.h @@ -0,0 +1,30 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef RootCertificateTelemetryUtils_h +#define RootCertificateTelemetryUtils_h + +#include "mozilla/Telemetry.h" +#include "certt.h" + +namespace mozilla { namespace psm { + +// Note: New CAs will show up as UNKNOWN_ROOT until +// RootHashes.inc is updated to include them. 0 is reserved by +// genRootCAHashes.js for the unknowns. +#define ROOT_CERTIFICATE_UNKNOWN 0 +#define ROOT_CERTIFICATE_HASH_FAILURE -1 + +int32_t +RootCABinNumber(const SECItem* cert); + +void +AccumulateTelemetryForRootCA(mozilla::Telemetry::ID probe, const CERTCertificate* cert); + +} // namespace psm +} // namespace mozilla + +#endif // RootCertificateTelemetryUtils_h diff --git a/security/manager/ssl/RootHashes.inc b/security/manager/ssl/RootHashes.inc new file mode 100644 index 000000000..c335990cb --- /dev/null +++ b/security/manager/ssl/RootHashes.inc @@ -0,0 +1,1140 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/*****************************************************************************/ +/* This is an automatically generated file. If you're not */ +/* RootCertificateTelemetryUtils.cpp, you shouldn't be #including it. */ +/*****************************************************************************/ + +#define HASH_LEN 32 +struct CertAuthorityHash { + const uint8_t hash[HASH_LEN]; + const int32_t binNumber; +}; + +static const struct CertAuthorityHash ROOT_TABLE[] = { + { + /* Entrust_Root_Certification_Authority___EC1 */ + { 0x02, 0xED, 0x0E, 0xB2, 0x8C, 0x14, 0xDA, 0x45, 0x16, 0x5C, 0x56, 0x67, 0x91, 0x70, 0x0D, 0x64, + 0x51, 0xD7, 0xFB, 0x56, 0xF0, 0xB2, 0xAB, 0x1D, 0x3B, 0x8E, 0xB0, 0x70, 0xE5, 0x6E, 0xDF, 0xF5 }, + 164 /* Bin Number */ + }, + { + /* AffirmTrust_Commercial */ + { 0x03, 0x76, 0xAB, 0x1D, 0x54, 0xC5, 0xF9, 0x80, 0x3C, 0xE4, 0xB2, 0xE2, 0x01, 0xA0, 0xEE, 0x7E, + 0xEF, 0x7B, 0x57, 0xB6, 0x36, 0xE8, 0xA9, 0x3C, 0x9B, 0x8D, 0x48, 0x60, 0xC9, 0x6F, 0x5F, 0xA7 }, + 109 /* Bin Number */ + }, + { + /* ACEDICOM_Root */ + { 0x03, 0x95, 0x0F, 0xB4, 0x9A, 0x53, 0x1F, 0x3E, 0x19, 0x91, 0x94, 0x23, 0x98, 0xDF, 0xA9, 0xE0, + 0xEA, 0x32, 0xD7, 0xBA, 0x1C, 0xDD, 0x9B, 0xC8, 0x5D, 0xB5, 0x7E, 0xD9, 0x40, 0x0B, 0x43, 0x4A }, + 98 /* Bin Number */ + }, + { + /* Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068 */ + { 0x04, 0x04, 0x80, 0x28, 0xBF, 0x1F, 0x28, 0x64, 0xD4, 0x8F, 0x9A, 0xD4, 0xD8, 0x32, 0x94, 0x36, + 0x6A, 0x82, 0x88, 0x56, 0x55, 0x3F, 0x3B, 0x14, 0x30, 0x3F, 0x90, 0x14, 0x7F, 0x5D, 0x40, 0xEF }, + 102 /* Bin Number */ + }, + { + /* Chambers_of_Commerce_Root___2008 */ + { 0x06, 0x3E, 0x4A, 0xFA, 0xC4, 0x91, 0xDF, 0xD3, 0x32, 0xF3, 0x08, 0x9B, 0x85, 0x42, 0xE9, 0x46, + 0x17, 0xD8, 0x93, 0xD7, 0xFE, 0x94, 0x4E, 0x10, 0xA7, 0x93, 0x7E, 0xE2, 0x9D, 0x96, 0x93, 0xC0 }, + 104 /* Bin Number */ + }, + { + /* DST_Root_CA_X3 */ + { 0x06, 0x87, 0x26, 0x03, 0x31, 0xA7, 0x24, 0x03, 0xD9, 0x09, 0xF1, 0x05, 0xE6, 0x9B, 0xCF, 0x0D, + 0x32, 0xE1, 0xBD, 0x24, 0x93, 0xFF, 0xC6, 0xD9, 0x20, 0x6D, 0x11, 0xBC, 0xD6, 0x77, 0x07, 0x39 }, + 52 /* Bin Number */ + }, + { + /* AddTrust_Public_CA_Root */ + { 0x07, 0x91, 0xCA, 0x07, 0x49, 0xB2, 0x07, 0x82, 0xAA, 0xD3, 0xC7, 0xD7, 0xBD, 0x0C, 0xDF, 0xC9, + 0x48, 0x58, 0x35, 0x84, 0x3E, 0xB2, 0xD7, 0x99, 0x60, 0x09, 0xCE, 0x43, 0xAB, 0x6C, 0x69, 0x27 }, + 16 /* Bin Number */ + }, + { + /* OU_Equifax_Secure_Certificate_Authority_O_Equifax_C_US */ + { 0x08, 0x29, 0x7A, 0x40, 0x47, 0xDB, 0xA2, 0x36, 0x80, 0xC7, 0x31, 0xDB, 0x6E, 0x31, 0x76, 0x53, + 0xCA, 0x78, 0x48, 0xE1, 0xBE, 0xBD, 0x3A, 0x0B, 0x01, 0x79, 0xA7, 0x07, 0xF9, 0x2C, 0xF1, 0x78 }, + 4 /* Bin Number */ + }, + { + /* AffirmTrust_Networking */ + { 0x0A, 0x81, 0xEC, 0x5A, 0x92, 0x97, 0x77, 0xF1, 0x45, 0x90, 0x4A, 0xF3, 0x8D, 0x5D, 0x50, 0x9F, + 0x66, 0xB5, 0xE2, 0xC5, 0x8F, 0xCD, 0xB5, 0x31, 0x05, 0x8B, 0x0E, 0x17, 0xF3, 0xF0, 0xB4, 0x1B }, + 110 /* Bin Number */ + }, + { + /* Chambers_of_Commerce_Root */ + { 0x0C, 0x25, 0x8A, 0x12, 0xA5, 0x67, 0x4A, 0xEF, 0x25, 0xF2, 0x8B, 0xA7, 0xDC, 0xFA, 0xEC, 0xEE, + 0xA3, 0x48, 0xE5, 0x41, 0xE6, 0xF5, 0xCC, 0x4E, 0xE6, 0x3B, 0x71, 0xB3, 0x61, 0x60, 0x6A, 0xC3 }, + 39 /* Bin Number */ + }, + { + /* COMODO_Certification_Authority */ + { 0x0C, 0x2C, 0xD6, 0x3D, 0xF7, 0x80, 0x6F, 0xA3, 0x99, 0xED, 0xE8, 0x09, 0x11, 0x6B, 0x57, 0x5B, + 0xF8, 0x79, 0x89, 0xF0, 0x65, 0x18, 0xF9, 0x80, 0x8C, 0x86, 0x05, 0x03, 0x17, 0x8B, 0xAF, 0x66 }, + 63 /* Bin Number */ + }, + { + /* Buypass_Class_2_CA_1 */ + { 0x0F, 0x4E, 0x9C, 0xDD, 0x26, 0x4B, 0x02, 0x55, 0x50, 0xD1, 0x70, 0x80, 0x63, 0x40, 0x21, 0x4F, + 0xE9, 0x44, 0x34, 0xC9, 0xB0, 0x2F, 0x69, 0x7E, 0xC7, 0x10, 0xFC, 0x5F, 0xEA, 0xFB, 0x5E, 0x38 }, + 80 /* Bin Number */ + }, + { + /* Class_2_Primary_CA */ + { 0x0F, 0x99, 0x3C, 0x8A, 0xEF, 0x97, 0xBA, 0xAF, 0x56, 0x87, 0x14, 0x0E, 0xD5, 0x9A, 0xD1, 0x82, + 0x1B, 0xB4, 0xAF, 0xAC, 0xF0, 0xAA, 0x9A, 0x58, 0xB5, 0xD5, 0x7A, 0x33, 0x8A, 0x3A, 0xFB, 0xCB }, + 51 /* Bin Number */ + }, + { + /* Global_Chambersign_Root___2008 */ + { 0x13, 0x63, 0x35, 0x43, 0x93, 0x34, 0xA7, 0x69, 0x80, 0x16, 0xA0, 0xD3, 0x24, 0xDE, 0x72, 0x28, + 0x4E, 0x07, 0x9D, 0x7B, 0x52, 0x20, 0xBB, 0x8F, 0xBD, 0x74, 0x78, 0x16, 0xEE, 0xBE, 0xBA, 0xCA }, + 105 /* Bin Number */ + }, + { + /* OU_Starfield_Class_2_Certification_Authority_O__Starfield_Technologies__Inc___C_US */ + { 0x14, 0x65, 0xFA, 0x20, 0x53, 0x97, 0xB8, 0x76, 0xFA, 0xA6, 0xF0, 0xA9, 0x95, 0x8E, 0x55, 0x90, + 0xE4, 0x0F, 0xCC, 0x7F, 0xAA, 0x4F, 0xB7, 0xC2, 0xC8, 0x67, 0x75, 0x21, 0xFB, 0x5F, 0xB6, 0x58 }, + 44 /* Bin Number */ + }, + { + /* Certplus_Root_CA_G1 */ + { 0x15, 0x2A, 0x40, 0x2B, 0xFC, 0xDF, 0x2C, 0xD5, 0x48, 0x05, 0x4D, 0x22, 0x75, 0xB3, 0x9C, 0x7F, + 0xCA, 0x3E, 0xC0, 0x97, 0x80, 0x78, 0xB0, 0xF0, 0xEA, 0x76, 0xE5, 0x61, 0xA6, 0xC7, 0x43, 0x3E }, + 176 /* Bin Number */ + }, + { + /* Network_Solutions_Certificate_Authority */ + { 0x15, 0xF0, 0xBA, 0x00, 0xA3, 0xAC, 0x7A, 0xF3, 0xAC, 0x88, 0x4C, 0x07, 0x2B, 0x10, 0x11, 0xA0, + 0x77, 0xBD, 0x77, 0xC0, 0x97, 0xF4, 0x01, 0x64, 0xB2, 0xF8, 0x59, 0x8A, 0xBD, 0x83, 0x86, 0x0C }, + 64 /* Bin Number */ + }, + { + /* Baltimore_CyberTrust_Root */ + { 0x16, 0xAF, 0x57, 0xA9, 0xF6, 0x76, 0xB0, 0xAB, 0x12, 0x60, 0x95, 0xAA, 0x5E, 0xBA, 0xDE, 0xF2, + 0x2A, 0xB3, 0x11, 0x19, 0xD6, 0x44, 0xAC, 0x95, 0xCD, 0x4B, 0x93, 0xDB, 0xF3, 0xF2, 0x6A, 0xEB }, + 11 /* Bin Number */ + }, + { + /* COMODO_ECC_Certification_Authority */ + { 0x17, 0x93, 0x92, 0x7A, 0x06, 0x14, 0x54, 0x97, 0x89, 0xAD, 0xCE, 0x2F, 0x8F, 0x34, 0xF7, 0xF0, + 0xB6, 0x6D, 0x0F, 0x3A, 0xE3, 0xA3, 0xB8, 0x4D, 0x21, 0xEC, 0x15, 0xDB, 0xBA, 0x4F, 0xAD, 0xC7 }, + 66 /* Bin Number */ + }, + { + /* GlobalSign */ + { 0x17, 0x9F, 0xBC, 0x14, 0x8A, 0x3D, 0xD0, 0x0F, 0xD2, 0x4E, 0xA1, 0x34, 0x58, 0xCC, 0x43, 0xBF, + 0xA7, 0xF5, 0x9C, 0x81, 0x82, 0xD7, 0x83, 0xA5, 0x13, 0xF6, 0xEB, 0xEC, 0x10, 0x0C, 0x89, 0x24 }, + 158 /* Bin Number */ + }, + { + /* Amazon_Root_CA_3 */ + { 0x18, 0xCE, 0x6C, 0xFE, 0x7B, 0xF1, 0x4E, 0x60, 0xB2, 0xE3, 0x47, 0xB8, 0xDF, 0xE8, 0x68, 0xCB, + 0x31, 0xD0, 0x2E, 0xBB, 0x3A, 0xDA, 0x27, 0x15, 0x69, 0xF5, 0x03, 0x43, 0xB4, 0x6D, 0xB3, 0xA4 }, + 185 /* Bin Number */ + }, + { + /* QuoVadis_Root_CA_3 */ + { 0x18, 0xF1, 0xFC, 0x7F, 0x20, 0x5D, 0xF8, 0xAD, 0xDD, 0xEB, 0x7F, 0xE0, 0x07, 0xDD, 0x57, 0xE3, + 0xAF, 0x37, 0x5A, 0x9C, 0x4D, 0x8D, 0x73, 0x54, 0x6B, 0xF4, 0xF1, 0xFE, 0xD1, 0xE1, 0x8D, 0x35 }, + 33 /* Bin Number */ + }, + { + /* Amazon_Root_CA_2 */ + { 0x1B, 0xA5, 0xB2, 0xAA, 0x8C, 0x65, 0x40, 0x1A, 0x82, 0x96, 0x01, 0x18, 0xF8, 0x0B, 0xEC, 0x4F, + 0x62, 0x30, 0x4D, 0x83, 0xCE, 0xC4, 0x71, 0x3A, 0x19, 0xC3, 0x9C, 0x01, 0x1E, 0xA4, 0x6D, 0xB4 }, + 184 /* Bin Number */ + }, + { + /* China_Internet_Network_Information_Center_EV_Certificates_Root */ + { 0x1C, 0x01, 0xC6, 0xF4, 0xDB, 0xB2, 0xFE, 0xFC, 0x22, 0x55, 0x8B, 0x2B, 0xCA, 0x32, 0x56, 0x3F, + 0x49, 0x84, 0x4A, 0xCF, 0xC3, 0x2B, 0x7B, 0xE4, 0xB0, 0xFF, 0x59, 0x9F, 0x9E, 0x8C, 0x7A, 0xF7 }, + 133 /* Bin Number */ + }, + { + /* Swisscom_Root_CA_1 */ + { 0x21, 0xDB, 0x20, 0x12, 0x36, 0x60, 0xBB, 0x2E, 0xD4, 0x18, 0x20, 0x5D, 0xA1, 0x1E, 0xE7, 0xA8, + 0x5A, 0x65, 0xE2, 0xBC, 0x6E, 0x55, 0xB5, 0xAF, 0x7E, 0x78, 0x99, 0xC8, 0xA2, 0x66, 0xD9, 0x2E }, + 47 /* Bin Number */ + }, + { + /* VeriSign_Universal_Root_Certification_Authority */ + { 0x23, 0x99, 0x56, 0x11, 0x27, 0xA5, 0x71, 0x25, 0xDE, 0x8C, 0xEF, 0xEA, 0x61, 0x0D, 0xDF, 0x2F, + 0xA0, 0x78, 0xB5, 0xC8, 0x06, 0x7F, 0x4E, 0x82, 0x82, 0x90, 0xBF, 0xB8, 0x60, 0xE8, 0x4B, 0x3C }, + 90 /* Bin Number */ + }, + { + /* Izenpe_com */ + { 0x25, 0x30, 0xCC, 0x8E, 0x98, 0x32, 0x15, 0x02, 0xBA, 0xD9, 0x6F, 0x9B, 0x1F, 0xBA, 0x1B, 0x09, + 0x9E, 0x2D, 0x29, 0x9E, 0x0F, 0x45, 0x48, 0xBB, 0x91, 0x4F, 0x36, 0x3B, 0xC0, 0xD4, 0x53, 0x1F }, + 103 /* Bin Number */ + }, + { + /* OpenTrust_Root_CA_G2 */ + { 0x27, 0x99, 0x58, 0x29, 0xFE, 0x6A, 0x75, 0x15, 0xC1, 0xBF, 0xE8, 0x48, 0xF9, 0xC4, 0x76, 0x1D, + 0xB1, 0x6C, 0x22, 0x59, 0x29, 0x25, 0x7B, 0xF4, 0x0D, 0x08, 0x94, 0xF2, 0x9E, 0xA8, 0xBA, 0xF2 }, + 179 /* Bin Number */ + }, + { + /* Certinomis___Root_CA */ + { 0x2A, 0x99, 0xF5, 0xBC, 0x11, 0x74, 0xB7, 0x3C, 0xBB, 0x1D, 0x62, 0x08, 0x84, 0xE0, 0x1C, 0x34, + 0xE5, 0x1C, 0xCB, 0x39, 0x78, 0xDA, 0x12, 0x5F, 0x0E, 0x33, 0x26, 0x88, 0x83, 0xBF, 0x41, 0x58 }, + 168 /* Bin Number */ + }, + { + /* Starfield_Root_Certificate_Authority___G2 */ + { 0x2C, 0xE1, 0xCB, 0x0B, 0xF9, 0xD2, 0xF9, 0xE1, 0x02, 0x99, 0x3F, 0xBE, 0x21, 0x51, 0x52, 0xC3, + 0xB2, 0xDD, 0x0C, 0xAB, 0xDE, 0x1C, 0x68, 0xE5, 0x31, 0x9B, 0x83, 0x91, 0x54, 0xDB, 0xB7, 0xF5 }, + 107 /* Bin Number */ + }, + { + /* OU_ApplicationCA_O_Japanese_Government_C_JP */ + { 0x2D, 0x47, 0x43, 0x7D, 0xE1, 0x79, 0x51, 0x21, 0x5A, 0x12, 0xF3, 0xC5, 0x8E, 0x51, 0xC7, 0x29, + 0xA5, 0x80, 0x26, 0xEF, 0x1F, 0xCC, 0x0A, 0x5F, 0xB3, 0xD9, 0xDC, 0x01, 0x2F, 0x60, 0x0D, 0x19 }, + 85 /* Bin Number */ + }, + { + /* IdenTrust_Public_Sector_Root_CA_1 */ + { 0x30, 0xD0, 0x89, 0x5A, 0x9A, 0x44, 0x8A, 0x26, 0x20, 0x91, 0x63, 0x55, 0x22, 0xD1, 0xF5, 0x20, + 0x10, 0xB5, 0x86, 0x7A, 0xCA, 0xE1, 0x2C, 0x78, 0xEF, 0x95, 0x8F, 0xD4, 0xF4, 0x38, 0x9F, 0x2F }, + 162 /* Bin Number */ + }, + { + /* DigiCert_Global_Root_G3 */ + { 0x31, 0xAD, 0x66, 0x48, 0xF8, 0x10, 0x41, 0x38, 0xC7, 0x38, 0xF3, 0x9E, 0xA4, 0x32, 0x01, 0x33, + 0x39, 0x3E, 0x3A, 0x18, 0xCC, 0x02, 0x29, 0x6E, 0xF9, 0x7C, 0x2A, 0xC9, 0xEF, 0x67, 0x31, 0xD0 }, + 150 /* Bin Number */ + }, + { + /* Microsec_e_Szigno_Root_CA */ + { 0x32, 0x7A, 0x3D, 0x76, 0x1A, 0xBA, 0xDE, 0xA0, 0x34, 0xEB, 0x99, 0x84, 0x06, 0x27, 0x5C, 0xB1, + 0xA4, 0x77, 0x6E, 0xFD, 0xAE, 0x2F, 0xDF, 0x6D, 0x01, 0x68, 0xEA, 0x1C, 0x4F, 0x55, 0x67, 0xD0 }, + 70 /* Bin Number */ + }, + { + /* EBG_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */ + { 0x35, 0xAE, 0x5B, 0xDD, 0xD8, 0xF7, 0xAE, 0x63, 0x5C, 0xFF, 0xBA, 0x56, 0x82, 0xA8, 0xF0, 0x0B, + 0x95, 0xF4, 0x84, 0x62, 0xC7, 0x10, 0x8E, 0xE9, 0xA0, 0xE5, 0x29, 0x2B, 0x07, 0x4A, 0xAF, 0xB2 }, + 82 /* Bin Number */ + }, + { + /* GeoTrust_Primary_Certification_Authority */ + { 0x37, 0xD5, 0x10, 0x06, 0xC5, 0x12, 0xEA, 0xAB, 0x62, 0x64, 0x21, 0xF1, 0xEC, 0x8C, 0x92, 0x01, + 0x3F, 0xC5, 0xF8, 0x2A, 0xE9, 0x8E, 0xE5, 0x33, 0xEB, 0x46, 0x19, 0xB8, 0xDE, 0xB4, 0xD0, 0x6C }, + 58 /* Bin Number */ + }, + { + /* Staat_der_Nederlanden_Root_CA___G3 */ + { 0x3C, 0x4F, 0xB0, 0xB9, 0x5A, 0xB8, 0xB3, 0x00, 0x32, 0xF4, 0x32, 0xB8, 0x6F, 0x53, 0x5F, 0xE1, + 0x72, 0xC1, 0x85, 0xD0, 0xFD, 0x39, 0x86, 0x58, 0x37, 0xCF, 0x36, 0x18, 0x7F, 0xA6, 0xF4, 0x28 }, + 159 /* Bin Number */ + }, + { + /* Microsec_e_Szigno_Root_CA_2009 */ + { 0x3C, 0x5F, 0x81, 0xFE, 0xA5, 0xFA, 0xB8, 0x2C, 0x64, 0xBF, 0xA2, 0xEA, 0xEC, 0xAF, 0xCD, 0xE8, + 0xE0, 0x77, 0xFC, 0x86, 0x20, 0xA7, 0xCA, 0xE5, 0x37, 0x16, 0x3D, 0xF3, 0x6E, 0xDB, 0xF3, 0x78 }, + 99 /* Bin Number */ + }, + { + /* PSCProcert */ + { 0x3C, 0xFC, 0x3C, 0x14, 0xD1, 0xF6, 0x84, 0xFF, 0x17, 0xE3, 0x8C, 0x43, 0xCA, 0x44, 0x0C, 0x00, + 0xB9, 0x67, 0xEC, 0x93, 0x3E, 0x8B, 0xFE, 0x06, 0x4C, 0xA1, 0xD7, 0x2C, 0x90, 0xF2, 0xAD, 0xB0 }, + 132 /* Bin Number */ + }, + { + /* EE_Certification_Centre_Root_CA */ + { 0x3E, 0x84, 0xBA, 0x43, 0x42, 0x90, 0x85, 0x16, 0xE7, 0x75, 0x73, 0xC0, 0x99, 0x2F, 0x09, 0x79, + 0xCA, 0x08, 0x4E, 0x46, 0x85, 0x68, 0x1F, 0xF1, 0x95, 0xCC, 0xBA, 0x8A, 0x22, 0x9B, 0x8A, 0x76 }, + 128 /* Bin Number */ + }, + { + /* DigiCert_Assured_ID_Root_CA */ + { 0x3E, 0x90, 0x99, 0xB5, 0x01, 0x5E, 0x8F, 0x48, 0x6C, 0x00, 0xBC, 0xEA, 0x9D, 0x11, 0x1E, 0xE7, + 0x21, 0xFA, 0xBA, 0x35, 0x5A, 0x89, 0xBC, 0xF1, 0xDF, 0x69, 0x56, 0x1E, 0x3D, 0xC6, 0x32, 0x5C }, + 48 /* Bin Number */ + }, + { + /* Trusted_Certificate_Services */ + { 0x3F, 0x06, 0xE5, 0x56, 0x81, 0xD4, 0x96, 0xF5, 0xBE, 0x16, 0x9E, 0xB5, 0x38, 0x9F, 0x9F, 0x2B, + 0x8F, 0xF6, 0x1E, 0x17, 0x08, 0xDF, 0x68, 0x81, 0x72, 0x48, 0x49, 0xCD, 0x5D, 0x27, 0xCB, 0x69 }, + 30 /* Bin Number */ + }, + { + /* OISTE_WISeKey_Global_Root_GA_CA */ + { 0x41, 0xC9, 0x23, 0x86, 0x6A, 0xB4, 0xCA, 0xD6, 0xB7, 0xAD, 0x57, 0x80, 0x81, 0x58, 0x2E, 0x02, + 0x07, 0x97, 0xA6, 0xCB, 0xDF, 0x4F, 0xFF, 0x78, 0xCE, 0x83, 0x96, 0xB3, 0x89, 0x37, 0xD7, 0xF5 }, + 69 /* Bin Number */ + }, + { + /* Secure_Global_CA */ + { 0x42, 0x00, 0xF5, 0x04, 0x3A, 0xC8, 0x59, 0x0E, 0xBB, 0x52, 0x7D, 0x20, 0x9E, 0xD1, 0x50, 0x30, + 0x29, 0xFB, 0xCB, 0xD4, 0x1C, 0xA1, 0xB5, 0x06, 0xEC, 0x27, 0xF1, 0x5A, 0xDE, 0x7D, 0xAC, 0x69 }, + 62 /* Bin Number */ + }, + { + /* DigiCert_Global_Root_CA */ + { 0x43, 0x48, 0xA0, 0xE9, 0x44, 0x4C, 0x78, 0xCB, 0x26, 0x5E, 0x05, 0x8D, 0x5E, 0x89, 0x44, 0xB4, + 0xD8, 0x4F, 0x96, 0x62, 0xBD, 0x26, 0xDB, 0x25, 0x7F, 0x89, 0x34, 0xA4, 0x43, 0xC7, 0x01, 0x61 }, + 49 /* Bin Number */ + }, + { + /* Entrust_Root_Certification_Authority___G2 */ + { 0x43, 0xDF, 0x57, 0x74, 0xB0, 0x3E, 0x7F, 0xEF, 0x5F, 0xE4, 0x0D, 0x93, 0x1A, 0x7B, 0xED, 0xF1, + 0xBB, 0x2E, 0x6B, 0x42, 0x73, 0x8C, 0x4E, 0x6D, 0x38, 0x41, 0x10, 0x3D, 0x3A, 0xA7, 0xF3, 0x39 }, + 163 /* Bin Number */ + }, + { + /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */ + { 0x44, 0x04, 0xE3, 0x3B, 0x5E, 0x14, 0x0D, 0xCF, 0x99, 0x80, 0x51, 0xFD, 0xFC, 0x80, 0x28, 0xC7, + 0xC8, 0x16, 0x15, 0xC5, 0xEE, 0x73, 0x7B, 0x11, 0x1B, 0x58, 0x82, 0x33, 0xA9, 0xB5, 0x35, 0xA0 }, + 54 /* Bin Number */ + }, + { + /* Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015 */ + { 0x44, 0xB5, 0x45, 0xAA, 0x8A, 0x25, 0xE6, 0x5A, 0x73, 0xCA, 0x15, 0xDC, 0x27, 0xFC, 0x36, 0xD2, + 0x4C, 0x1C, 0xB9, 0x95, 0x3A, 0x06, 0x65, 0x39, 0xB1, 0x15, 0x82, 0xDC, 0x48, 0x7B, 0x48, 0x33 }, + 175 /* Bin Number */ + }, + { + /* Go_Daddy_Root_Certificate_Authority___G2 */ + { 0x45, 0x14, 0x0B, 0x32, 0x47, 0xEB, 0x9C, 0xC8, 0xC5, 0xB4, 0xF0, 0xD7, 0xB5, 0x30, 0x91, 0xF7, + 0x32, 0x92, 0x08, 0x9E, 0x6E, 0x5A, 0x63, 0xE2, 0x74, 0x9D, 0xD3, 0xAC, 0xA9, 0x19, 0x8E, 0xDA }, + 106 /* Bin Number */ + }, + { + /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H5 */ + { 0x49, 0x35, 0x1B, 0x90, 0x34, 0x44, 0xC1, 0x85, 0xCC, 0xDC, 0x5C, 0x69, 0x3D, 0x24, 0xD8, 0x55, + 0x5C, 0xB2, 0x08, 0xD6, 0xA8, 0x14, 0x13, 0x07, 0x69, 0x9F, 0x4A, 0xF0, 0x63, 0x19, 0x9D, 0x78 }, + 166 /* Bin Number */ + }, + { + /* D_TRUST_Root_Class_3_CA_2_2009 */ + { 0x49, 0xE7, 0xA4, 0x42, 0xAC, 0xF0, 0xEA, 0x62, 0x87, 0x05, 0x00, 0x54, 0xB5, 0x25, 0x64, 0xB6, + 0x50, 0xE4, 0xF4, 0x9E, 0x42, 0xE3, 0x48, 0xD6, 0xAA, 0x38, 0xE0, 0x39, 0xE9, 0x57, 0xB1, 0xC1 }, + 130 /* Bin Number */ + }, + { + /* thawte_Primary_Root_CA___G3 */ + { 0x4B, 0x03, 0xF4, 0x58, 0x07, 0xAD, 0x70, 0xF2, 0x1B, 0xFC, 0x2C, 0xAE, 0x71, 0xC9, 0xFD, 0xE4, + 0x60, 0x4C, 0x06, 0x4C, 0xF5, 0xFF, 0xB6, 0x86, 0xBA, 0xE5, 0xDB, 0xAA, 0xD7, 0xFD, 0xD3, 0x4C }, + 88 /* Bin Number */ + }, + { + /* Certification_Authority_of_WoSign */ + { 0x4B, 0x22, 0xD5, 0xA6, 0xAE, 0xC9, 0x9F, 0x3C, 0xDB, 0x79, 0xAA, 0x5E, 0xC0, 0x68, 0x38, 0x47, + 0x9C, 0xD5, 0xEC, 0xBA, 0x71, 0x64, 0xF7, 0xF2, 0x2D, 0xC1, 0xD6, 0x5F, 0x63, 0xD8, 0x57, 0x08 }, + 152 /* Bin Number */ + }, + { + /* Staat_der_Nederlanden_EV_Root_CA */ + { 0x4D, 0x24, 0x91, 0x41, 0x4C, 0xFE, 0x95, 0x67, 0x46, 0xEC, 0x4C, 0xEF, 0xA6, 0xCF, 0x6F, 0x72, + 0xE2, 0x8A, 0x13, 0x29, 0x43, 0x2F, 0x9D, 0x8A, 0x90, 0x7A, 0xC4, 0xCB, 0x5D, 0xAD, 0xC1, 0x5A }, + 160 /* Bin Number */ + }, + { + /* USERTrust_ECC_Certification_Authority */ + { 0x4F, 0xF4, 0x60, 0xD5, 0x4B, 0x9C, 0x86, 0xDA, 0xBF, 0xBC, 0xFC, 0x57, 0x12, 0xE0, 0x40, 0x0D, + 0x2B, 0xED, 0x3F, 0xBC, 0x4D, 0x4F, 0xBD, 0xAA, 0x86, 0xE0, 0x6A, 0xDC, 0xD2, 0xA9, 0xAD, 0x7A }, + 156 /* Bin Number */ + }, + { + /* ComSign_Secured_CA */ + { 0x50, 0x79, 0x41, 0xC7, 0x44, 0x60, 0xA0, 0xB4, 0x70, 0x86, 0x22, 0x0D, 0x4E, 0x99, 0x32, 0x57, + 0x2A, 0xB5, 0xD1, 0xB5, 0xBB, 0xCB, 0x89, 0x80, 0xAB, 0x1C, 0xB1, 0x76, 0x51, 0xA8, 0x44, 0xD2 }, + 76 /* Bin Number */ + }, + { + /* OU_Security_Communication_RootCA2_O__SECOM_Trust_Systems_CO__LTD___C_JP */ + { 0x51, 0x3B, 0x2C, 0xEC, 0xB8, 0x10, 0xD4, 0xCD, 0xE5, 0xDD, 0x85, 0x39, 0x1A, 0xDF, 0xC6, 0xC2, + 0xDD, 0x60, 0xD8, 0x7B, 0xB7, 0x36, 0xD2, 0xB5, 0x21, 0x48, 0x4A, 0xA4, 0x7A, 0x0E, 0xBE, 0xF6 }, + 118 /* Bin Number */ + }, + { + /* COMODO_RSA_Certification_Authority */ + { 0x52, 0xF0, 0xE1, 0xC4, 0xE5, 0x8E, 0xC6, 0x29, 0x29, 0x1B, 0x60, 0x31, 0x7F, 0x07, 0x46, 0x71, + 0xB8, 0x5D, 0x7E, 0xA8, 0x0D, 0x5B, 0x07, 0x27, 0x34, 0x63, 0x53, 0x4B, 0x32, 0xB4, 0x02, 0x34 }, + 154 /* Bin Number */ + }, + { + /* LuxTrust_Global_Root_2 */ + { 0x54, 0x45, 0x5F, 0x71, 0x29, 0xC2, 0x0B, 0x14, 0x47, 0xC4, 0x18, 0xF9, 0x97, 0x16, 0x8F, 0x24, + 0xC5, 0x8F, 0xC5, 0x02, 0x3B, 0xF5, 0xDA, 0x5B, 0xE2, 0xEB, 0x6E, 0x1D, 0xD8, 0x90, 0x2E, 0xD5 }, + 187 /* Bin Number */ + }, + { + /* DigiCert_Trusted_Root_G4 */ + { 0x55, 0x2F, 0x7B, 0xDC, 0xF1, 0xA7, 0xAF, 0x9E, 0x6C, 0xE6, 0x72, 0x01, 0x7F, 0x4F, 0x12, 0xAB, + 0xF7, 0x72, 0x40, 0xC7, 0x8E, 0x76, 0x1A, 0xC2, 0x03, 0xD1, 0xD9, 0xD2, 0x0A, 0xC8, 0x99, 0x88 }, + 151 /* Bin Number */ + }, + { + /* Actalis_Authentication_Root_CA */ + { 0x55, 0x92, 0x60, 0x84, 0xEC, 0x96, 0x3A, 0x64, 0xB9, 0x6E, 0x2A, 0xBE, 0x01, 0xCE, 0x0B, 0xA8, + 0x6A, 0x64, 0xFB, 0xFE, 0xBC, 0xC7, 0xAA, 0xB5, 0xAF, 0xC1, 0x55, 0xB3, 0x7F, 0xD7, 0x60, 0x66 }, + 121 /* Bin Number */ + }, + { + /* Starfield_Services_Root_Certificate_Authority___G2 */ + { 0x56, 0x8D, 0x69, 0x05, 0xA2, 0xC8, 0x87, 0x08, 0xA4, 0xB3, 0x02, 0x51, 0x90, 0xED, 0xCF, 0xED, + 0xB1, 0x97, 0x4A, 0x60, 0x6A, 0x13, 0xC6, 0xE5, 0x29, 0x0F, 0xCB, 0x2A, 0xE6, 0x3E, 0xDA, 0xB5 }, + 108 /* Bin Number */ + }, + { + /* OpenTrust_Root_CA_G1 */ + { 0x56, 0xC7, 0x71, 0x28, 0xD9, 0x8C, 0x18, 0xD9, 0x1B, 0x4C, 0xFD, 0xFF, 0xBC, 0x25, 0xEE, 0x91, + 0x03, 0xD4, 0x75, 0x8E, 0xA2, 0xAB, 0xAD, 0x82, 0x6A, 0x90, 0xF3, 0x45, 0x7D, 0x46, 0x0E, 0xB4 }, + 178 /* Bin Number */ + }, + { + /* TWCA_Global_Root_CA */ + { 0x59, 0x76, 0x90, 0x07, 0xF7, 0x68, 0x5D, 0x0F, 0xCD, 0x50, 0x87, 0x2F, 0x9F, 0x95, 0xD5, 0x75, + 0x5A, 0x5B, 0x2B, 0x45, 0x7D, 0x81, 0xF3, 0x69, 0x2B, 0x61, 0x0A, 0x98, 0x67, 0x2F, 0x0E, 0x1B }, + 139 /* Bin Number */ + }, + { + /* Certum_Trusted_Network_CA */ + { 0x5C, 0x58, 0x46, 0x8D, 0x55, 0xF5, 0x8E, 0x49, 0x7E, 0x74, 0x39, 0x82, 0xD2, 0xB5, 0x00, 0x10, + 0xB6, 0xD1, 0x65, 0x37, 0x4A, 0xCF, 0x83, 0xA7, 0xD4, 0xA3, 0x2D, 0xB7, 0x68, 0xC4, 0x40, 0x8E }, + 113 /* Bin Number */ + }, + { + /* CFCA_EV_ROOT */ + { 0x5C, 0xC3, 0xD7, 0x8E, 0x4E, 0x1D, 0x5E, 0x45, 0x54, 0x7A, 0x04, 0xE6, 0x87, 0x3E, 0x64, 0xF9, + 0x0C, 0xF9, 0x53, 0x6D, 0x1C, 0xCC, 0x2E, 0xF8, 0x00, 0xF3, 0x55, 0xC4, 0xC5, 0xFD, 0x70, 0xFD }, + 165 /* Bin Number */ + }, + { + /* IdenTrust_Commercial_Root_CA_1 */ + { 0x5D, 0x56, 0x49, 0x9B, 0xE4, 0xD2, 0xE0, 0x8B, 0xCF, 0xCA, 0xD0, 0x8A, 0x3E, 0x38, 0x72, 0x3D, + 0x50, 0x50, 0x3B, 0xDE, 0x70, 0x69, 0x48, 0xE4, 0x2F, 0x55, 0x60, 0x30, 0x19, 0xE5, 0x28, 0xAE }, + 161 /* Bin Number */ + }, + { + /* GeoTrust_Primary_Certification_Authority___G2 */ + { 0x5E, 0xDB, 0x7A, 0xC4, 0x3B, 0x82, 0xA0, 0x6A, 0x87, 0x61, 0xE8, 0xD7, 0xBE, 0x49, 0x79, 0xEB, + 0xF2, 0x61, 0x1F, 0x7D, 0xD7, 0x9B, 0xF9, 0x1C, 0x1C, 0x6B, 0x56, 0x6A, 0x21, 0x9E, 0xD7, 0x66 }, + 89 /* Bin Number */ + }, + { + /* Equifax_Secure_Global_eBusiness_CA_1 */ + { 0x5F, 0x0B, 0x62, 0xEA, 0xB5, 0xE3, 0x53, 0xEA, 0x65, 0x21, 0x65, 0x16, 0x58, 0xFB, 0xB6, 0x53, + 0x59, 0xF4, 0x43, 0x28, 0x0A, 0x4A, 0xFB, 0xD1, 0x04, 0xD7, 0x7D, 0x10, 0xF9, 0xF0, 0x4C, 0x07 }, + 12 /* Bin Number */ + }, + { + /* SwissSign_Gold_CA___G2 */ + { 0x62, 0xDD, 0x0B, 0xE9, 0xB9, 0xF5, 0x0A, 0x16, 0x3E, 0xA0, 0xF8, 0xE7, 0x5C, 0x05, 0x3B, 0x1E, + 0xCA, 0x57, 0xEA, 0x55, 0xC8, 0x68, 0x8F, 0x64, 0x7C, 0x68, 0x81, 0xF2, 0xC8, 0x35, 0x7B, 0x95 }, + 56 /* Bin Number */ + }, + { + /* Staat_der_Nederlanden_Root_CA___G2 */ + { 0x66, 0x8C, 0x83, 0x94, 0x7D, 0xA6, 0x3B, 0x72, 0x4B, 0xEC, 0xE1, 0x74, 0x3C, 0x31, 0xA0, 0xE6, + 0xAE, 0xD0, 0xDB, 0x8E, 0xC5, 0xB3, 0x1B, 0xE3, 0x77, 0xBB, 0x78, 0x4F, 0x91, 0xB6, 0x71, 0x6F }, + 93 /* Bin Number */ + }, + { + /* AddTrust_External_CA_Root */ + { 0x68, 0x7F, 0xA4, 0x51, 0x38, 0x22, 0x78, 0xFF, 0xF0, 0xC8, 0xB1, 0x1F, 0x8D, 0x43, 0xD5, 0x76, + 0x67, 0x1C, 0x6E, 0xB2, 0xBC, 0xEA, 0xB4, 0x13, 0xFB, 0x83, 0xD9, 0x65, 0xD0, 0x6D, 0x2F, 0xF2 }, + 15 /* Bin Number */ + }, + { + /* VeriSign_Class_3_Public_Primary_Certification_Authority___G4 */ + { 0x69, 0xDD, 0xD7, 0xEA, 0x90, 0xBB, 0x57, 0xC9, 0x3E, 0x13, 0x5D, 0xC8, 0x5E, 0xA6, 0xFC, 0xD5, + 0x48, 0x0B, 0x60, 0x32, 0x39, 0xBD, 0xC4, 0x54, 0xFC, 0x75, 0x8B, 0x2A, 0x26, 0xCF, 0x7F, 0x79 }, + 91 /* Bin Number */ + }, + { + /* Visa_eCommerce_Root */ + { 0x69, 0xFA, 0xC9, 0xBD, 0x55, 0xFB, 0x0A, 0xC7, 0x8D, 0x53, 0xBB, 0xEE, 0x5C, 0xF1, 0xD5, 0x97, + 0x98, 0x9F, 0xD0, 0xAA, 0xAB, 0x20, 0xA2, 0x51, 0x51, 0xBD, 0xF1, 0x73, 0x3E, 0xE7, 0xD1, 0x22 }, + 26 /* Bin Number */ + }, + { + /* OISTE_WISeKey_Global_Root_GB_CA */ + { 0x6B, 0x9C, 0x08, 0xE8, 0x6E, 0xB0, 0xF7, 0x67, 0xCF, 0xAD, 0x65, 0xCD, 0x98, 0xB6, 0x21, 0x49, + 0xE5, 0x49, 0x4A, 0x67, 0xF5, 0x84, 0x5E, 0x7B, 0xD1, 0xED, 0x01, 0x9F, 0x27, 0xB8, 0x6B, 0xD6 }, + 169 /* Bin Number */ + }, + { + /* NetLock_Arany__Class_Gold__F_tan_s_tv_ny */ + { 0x6C, 0x61, 0xDA, 0xC3, 0xA2, 0xDE, 0xF0, 0x31, 0x50, 0x6B, 0xE0, 0x36, 0xD2, 0xA6, 0xFE, 0x40, + 0x19, 0x94, 0xFB, 0xD1, 0x3D, 0xF9, 0xC8, 0xD4, 0x66, 0x59, 0x92, 0x74, 0xC4, 0x46, 0xEC, 0x98 }, + 92 /* Bin Number */ + }, + { + /* Certplus_Root_CA_G2 */ + { 0x6C, 0xC0, 0x50, 0x41, 0xE6, 0x44, 0x5E, 0x74, 0x69, 0x6C, 0x4C, 0xFB, 0xC9, 0xF8, 0x0F, 0x54, + 0x3B, 0x7E, 0xAB, 0xBB, 0x44, 0xB4, 0xCE, 0x6F, 0x78, 0x7C, 0x6A, 0x99, 0x71, 0xC4, 0x2F, 0x17 }, + 177 /* Bin Number */ + }, + { + /* Entrust_net_Certification_Authority__2048_ */ + { 0x6D, 0xC4, 0x71, 0x72, 0xE0, 0x1C, 0xBC, 0xB0, 0xBF, 0x62, 0x58, 0x0D, 0x89, 0x5F, 0xE2, 0xB8, + 0xAC, 0x9A, 0xD4, 0xF8, 0x73, 0x80, 0x1E, 0x0C, 0x10, 0xB9, 0xC8, 0x37, 0xD2, 0x1E, 0xB1, 0x77 }, + 10 /* Bin Number */ + }, + { + /* UTN_USERFirst_Hardware */ + { 0x6E, 0xA5, 0x47, 0x41, 0xD0, 0x04, 0x66, 0x7E, 0xED, 0x1B, 0x48, 0x16, 0x63, 0x4A, 0xA3, 0xA7, + 0x9E, 0x6E, 0x4B, 0x96, 0x95, 0x0F, 0x82, 0x79, 0xDA, 0xFC, 0x8D, 0x9B, 0xD8, 0x81, 0x21, 0x37 }, + 38 /* Bin Number */ + }, + { + /* AffirmTrust_Premium */ + { 0x70, 0xA7, 0x3F, 0x7F, 0x37, 0x6B, 0x60, 0x07, 0x42, 0x48, 0x90, 0x45, 0x34, 0xB1, 0x14, 0x82, + 0xD5, 0xBF, 0x0E, 0x69, 0x8E, 0xCC, 0x49, 0x8D, 0xF5, 0x25, 0x77, 0xEB, 0xF2, 0xE9, 0x3B, 0x9A }, + 111 /* Bin Number */ + }, + { + /* Entrust_Root_Certification_Authority */ + { 0x73, 0xC1, 0x76, 0x43, 0x4F, 0x1B, 0xC6, 0xD5, 0xAD, 0xF4, 0x5B, 0x0E, 0x76, 0xE7, 0x27, 0x28, + 0x7C, 0x8D, 0xE5, 0x76, 0x16, 0xC1, 0xE6, 0xE6, 0x14, 0x1A, 0x2B, 0x2C, 0xBC, 0x7D, 0x8E, 0x4C }, + 18 /* Bin Number */ + }, + { + /* DigiCert_High_Assurance_EV_Root_CA */ + { 0x74, 0x31, 0xE5, 0xF4, 0xC3, 0xC1, 0xCE, 0x46, 0x90, 0x77, 0x4F, 0x0B, 0x61, 0xE0, 0x54, 0x40, + 0x88, 0x3B, 0xA9, 0xA0, 0x1E, 0xD0, 0x0B, 0xA6, 0xAB, 0xD7, 0x80, 0x6E, 0xD3, 0xB1, 0x18, 0xCF }, + 50 /* Bin Number */ + }, + { + /* O_Government_Root_Certification_Authority_C_TW */ + { 0x76, 0x00, 0x29, 0x5E, 0xEF, 0xE8, 0x5B, 0x9E, 0x1F, 0xD6, 0x24, 0xDB, 0x76, 0x06, 0x2A, 0xAA, + 0xAE, 0x59, 0x81, 0x8A, 0x54, 0xD2, 0x77, 0x4C, 0xD4, 0xC0, 0xB2, 0xC0, 0x11, 0x31, 0xE1, 0xB3 }, + 46 /* Bin Number */ + }, + { + /* DST_ACES_CA_X6 */ + { 0x76, 0x7C, 0x95, 0x5A, 0x76, 0x41, 0x2C, 0x89, 0xAF, 0x68, 0x8E, 0x90, 0xA1, 0xC7, 0x0F, 0x55, + 0x6C, 0xFD, 0x6B, 0x60, 0x25, 0xDB, 0xEA, 0x10, 0x41, 0x6D, 0x7E, 0xB6, 0x83, 0x1F, 0x8C, 0x40 }, + 53 /* Bin Number */ + }, + { + /* America_Online_Root_Certification_Authority_1 */ + { 0x77, 0x40, 0x73, 0x12, 0xC6, 0x3A, 0x15, 0x3D, 0x5B, 0xC0, 0x0B, 0x4E, 0x51, 0x75, 0x9C, 0xDF, + 0xDA, 0xC2, 0x37, 0xDC, 0x2A, 0x33, 0xB6, 0x79, 0x46, 0xE9, 0x8E, 0x9B, 0xFA, 0x68, 0x0A, 0xE3 }, + 24 /* Bin Number */ + }, + { + /* Sonera_Class2_CA */ + { 0x79, 0x08, 0xB4, 0x03, 0x14, 0xC1, 0x38, 0x10, 0x0B, 0x51, 0x8D, 0x07, 0x35, 0x80, 0x7F, 0xFB, + 0xFC, 0xF8, 0x51, 0x8A, 0x00, 0x95, 0x33, 0x71, 0x05, 0xBA, 0x38, 0x6B, 0x15, 0x3D, 0xD9, 0x27 }, + 35 /* Bin Number */ + }, + { + /* A_Trust_nQual_03 */ + { 0x79, 0x3C, 0xBF, 0x45, 0x59, 0xB9, 0xFD, 0xE3, 0x8A, 0xB2, 0x2D, 0xF1, 0x68, 0x69, 0xF6, 0x98, + 0x81, 0xAE, 0x14, 0xC4, 0xB0, 0x13, 0x9A, 0xC7, 0x88, 0xA7, 0x8A, 0x1A, 0xFC, 0xCA, 0x02, 0xFB }, + 116 /* Bin Number */ + }, + { + /* DigiCert_Assured_ID_Root_G2 */ + { 0x7D, 0x05, 0xEB, 0xB6, 0x82, 0x33, 0x9F, 0x8C, 0x94, 0x51, 0xEE, 0x09, 0x4E, 0xEB, 0xFE, 0xFA, + 0x79, 0x53, 0xA1, 0x14, 0xED, 0xB2, 0xF4, 0x49, 0x49, 0x45, 0x2F, 0xAB, 0x7D, 0x2F, 0xC1, 0x85 }, + 147 /* Bin Number */ + }, + { + /* America_Online_Root_Certification_Authority_2 */ + { 0x7D, 0x3B, 0x46, 0x5A, 0x60, 0x14, 0xE5, 0x26, 0xC0, 0xAF, 0xFC, 0xEE, 0x21, 0x27, 0xD2, 0x31, + 0x17, 0x27, 0xAD, 0x81, 0x1C, 0x26, 0x84, 0x2D, 0x00, 0x6A, 0xF3, 0x73, 0x06, 0xCC, 0x80, 0xBD }, + 25 /* Bin Number */ + }, + { + /* DigiCert_Assured_ID_Root_G3 */ + { 0x7E, 0x37, 0xCB, 0x8B, 0x4C, 0x47, 0x09, 0x0C, 0xAB, 0x36, 0x55, 0x1B, 0xA6, 0xF4, 0x5D, 0xB8, + 0x40, 0x68, 0x0F, 0xBA, 0x16, 0x6A, 0x95, 0x2D, 0xB1, 0x00, 0x71, 0x7F, 0x43, 0x05, 0x3F, 0xC2 }, + 148 /* Bin Number */ + }, + { + /* NetLock_Kozjegyzoi__Class_A__Tanusitvanykiado */ + { 0x7F, 0x12, 0xCD, 0x5F, 0x7E, 0x5E, 0x29, 0x0E, 0xC7, 0xD8, 0x51, 0x79, 0xD5, 0xB7, 0x2C, 0x20, + 0xA5, 0xBE, 0x75, 0x08, 0xFF, 0xDB, 0x5B, 0xF8, 0x1A, 0xB9, 0x68, 0x4A, 0x7F, 0xC9, 0xF6, 0x67 }, + 41 /* Bin Number */ + }, + { + /* AddTrust_Qualified_CA_Root */ + { 0x80, 0x95, 0x21, 0x08, 0x05, 0xDB, 0x4B, 0xBC, 0x35, 0x5E, 0x44, 0x28, 0xD8, 0xFD, 0x6E, 0xC2, + 0xCD, 0xE3, 0xAB, 0x5F, 0xB9, 0x7A, 0x99, 0x42, 0x98, 0x8E, 0xB8, 0xF4, 0xDC, 0xD0, 0x60, 0x16 }, + 17 /* Bin Number */ + }, + { + /* OU_VeriSign_Trust_Network_OU___c__1998_VeriSign__Inc____For_authorized_use_only__OU_Class_3_Public_Primary_Certification_Authority___G2_O__VeriSign__Inc___C_US */ + { 0x83, 0xCE, 0x3C, 0x12, 0x29, 0x68, 0x8A, 0x59, 0x3D, 0x48, 0x5F, 0x81, 0x97, 0x3C, 0x0F, 0x91, + 0x95, 0x43, 0x1E, 0xDA, 0x37, 0xCC, 0x5E, 0x36, 0x43, 0x0E, 0x79, 0xC7, 0xA8, 0x88, 0x63, 0x8B }, + 5 /* Bin Number */ + }, + { + /* QuoVadis_Root_CA_2 */ + { 0x85, 0xA0, 0xDD, 0x7D, 0xD7, 0x20, 0xAD, 0xB7, 0xFF, 0x05, 0xF8, 0x3D, 0x54, 0x2B, 0x20, 0x9D, + 0xC7, 0xFF, 0x45, 0x28, 0xF7, 0xD6, 0x77, 0xB1, 0x83, 0x89, 0xFE, 0xA5, 0xE5, 0xC4, 0x9E, 0x86 }, + 32 /* Bin Number */ + }, + { + /* UTN___DATACorp_SGC */ + { 0x85, 0xFB, 0x2F, 0x91, 0xDD, 0x12, 0x27, 0x5A, 0x01, 0x45, 0xB6, 0x36, 0x53, 0x4F, 0x84, 0x02, + 0x4A, 0xD6, 0x8B, 0x69, 0xB8, 0xEE, 0x88, 0x68, 0x4F, 0xF7, 0x11, 0x37, 0x58, 0x05, 0xB3, 0x48 }, + 37 /* Bin Number */ + }, + { + /* EC_ACC */ + { 0x88, 0x49, 0x7F, 0x01, 0x60, 0x2F, 0x31, 0x54, 0x24, 0x6A, 0xE2, 0x8C, 0x4D, 0x5A, 0xEF, 0x10, + 0xF1, 0xD8, 0x7E, 0xBB, 0x76, 0x62, 0x6F, 0x4A, 0xE0, 0xB7, 0xF9, 0x5B, 0xA7, 0x96, 0x87, 0x99 }, + 119 /* Bin Number */ + }, + { + /* QuoVadis_Root_CA_3_G3 */ + { 0x88, 0xEF, 0x81, 0xDE, 0x20, 0x2E, 0xB0, 0x18, 0x45, 0x2E, 0x43, 0xF8, 0x64, 0x72, 0x5C, 0xEA, + 0x5F, 0xBD, 0x1F, 0xC2, 0xD9, 0xD2, 0x05, 0x73, 0x07, 0x09, 0xC5, 0xD8, 0xB8, 0x69, 0x0F, 0x46 }, + 146 /* Bin Number */ + }, + { + /* QuoVadis_Root_CA_1_G3 */ + { 0x8A, 0x86, 0x6F, 0xD1, 0xB2, 0x76, 0xB5, 0x7E, 0x57, 0x8E, 0x92, 0x1C, 0x65, 0x82, 0x8A, 0x2B, + 0xED, 0x58, 0xE9, 0xF2, 0xF2, 0x88, 0x05, 0x41, 0x34, 0xB7, 0xF1, 0xF4, 0xBF, 0xC9, 0xCC, 0x74 }, + 144 /* Bin Number */ + }, + { + /* CA_WoSign_ECC_Root */ + { 0x8B, 0x45, 0xDA, 0x1C, 0x06, 0xF7, 0x91, 0xEB, 0x0C, 0xAB, 0xF2, 0x6B, 0xE5, 0x88, 0xF5, 0xFB, + 0x23, 0x16, 0x5C, 0x2E, 0x61, 0x4B, 0xF8, 0x85, 0x56, 0x2D, 0x0D, 0xCE, 0x50, 0xB2, 0x9B, 0x02 }, + 171 /* Bin Number */ + }, + { + /* Root_CA_Generalitat_Valenciana */ + { 0x8C, 0x4E, 0xDF, 0xD0, 0x43, 0x48, 0xF3, 0x22, 0x96, 0x9E, 0x7E, 0x29, 0xA4, 0xCD, 0x4D, 0xCA, + 0x00, 0x46, 0x55, 0x06, 0x1C, 0x16, 0xE1, 0xB0, 0x76, 0x42, 0x2E, 0xF3, 0x42, 0xAD, 0x63, 0x0E }, + 115 /* Bin Number */ + }, + { + /* AddTrust_Class_1_CA_Root */ + { 0x8C, 0x72, 0x09, 0x27, 0x9A, 0xC0, 0x4E, 0x27, 0x5E, 0x16, 0xD0, 0x7F, 0xD3, 0xB7, 0x75, 0xE8, + 0x01, 0x54, 0xB5, 0x96, 0x80, 0x46, 0xE3, 0x1F, 0x52, 0xDD, 0x25, 0x76, 0x63, 0x24, 0xE9, 0xA7 }, + 14 /* Bin Number */ + }, + { + /* thawte_Primary_Root_CA */ + { 0x8D, 0x72, 0x2F, 0x81, 0xA9, 0xC1, 0x13, 0xC0, 0x79, 0x1D, 0xF1, 0x36, 0xA2, 0x96, 0x6D, 0xB2, + 0x6C, 0x95, 0x0A, 0x97, 0x1D, 0xB4, 0x6B, 0x41, 0x99, 0xF4, 0xEA, 0x54, 0xB7, 0x8B, 0xFB, 0x9F }, + 59 /* Bin Number */ + }, + { + /* TC_TrustCenter_Class_3_CA_II */ + { 0x8D, 0xA0, 0x84, 0xFC, 0xF9, 0x9C, 0xE0, 0x77, 0x22, 0xF8, 0x9B, 0x32, 0x05, 0x93, 0x98, 0x06, + 0xFA, 0x5C, 0xB8, 0x11, 0xE1, 0xC8, 0x13, 0xF6, 0xA1, 0x08, 0xC7, 0xD3, 0x36, 0xB3, 0x40, 0x8E }, + 73 /* Bin Number */ + }, + { + /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H6 */ + { 0x8D, 0xE7, 0x86, 0x55, 0xE1, 0xBE, 0x7F, 0x78, 0x47, 0x80, 0x0B, 0x93, 0xF6, 0x94, 0xD2, 0x1D, + 0x36, 0x8C, 0xC0, 0x6E, 0x03, 0x3E, 0x7F, 0xAB, 0x04, 0xBB, 0x5E, 0xB9, 0x9D, 0xA6, 0xB7, 0x00 }, + 167 /* Bin Number */ + }, + { + /* Amazon_Root_CA_1 */ + { 0x8E, 0xCD, 0xE6, 0x88, 0x4F, 0x3D, 0x87, 0xB1, 0x12, 0x5B, 0xA3, 0x1A, 0xC3, 0xFC, 0xB1, 0x3D, + 0x70, 0x16, 0xDE, 0x7F, 0x57, 0xCC, 0x90, 0x4F, 0xE1, 0xCB, 0x97, 0xC6, 0xAE, 0x98, 0x19, 0x6E }, + 183 /* Bin Number */ + }, + { + /* QuoVadis_Root_CA_2_G3 */ + { 0x8F, 0xE4, 0xFB, 0x0A, 0xF9, 0x3A, 0x4D, 0x0D, 0x67, 0xDB, 0x0B, 0xEB, 0xB2, 0x3E, 0x37, 0xC7, + 0x1B, 0xF3, 0x25, 0xDC, 0xBC, 0xDD, 0x24, 0x0E, 0xA0, 0x4D, 0xAF, 0x58, 0xB4, 0x7E, 0x18, 0x40 }, + 145 /* Bin Number */ + }, + { + /* T_TeleSec_GlobalRoot_Class_2 */ + { 0x91, 0xE2, 0xF5, 0x78, 0x8D, 0x58, 0x10, 0xEB, 0xA7, 0xBA, 0x58, 0x73, 0x7D, 0xE1, 0x54, 0x8A, + 0x8E, 0xCA, 0xCD, 0x01, 0x45, 0x98, 0xBC, 0x0B, 0x14, 0x3E, 0x04, 0x1B, 0x17, 0x05, 0x25, 0x52 }, + 142 /* Bin Number */ + }, + { + /* CA_Disig */ + { 0x92, 0xBF, 0x51, 0x19, 0xAB, 0xEC, 0xCA, 0xD0, 0xB1, 0x33, 0x2D, 0xC4, 0xE1, 0xD0, 0x5F, 0xBA, + 0x75, 0xB5, 0x67, 0x90, 0x44, 0xEE, 0x0C, 0xA2, 0x6E, 0x93, 0x1F, 0x74, 0x4F, 0x2F, 0x33, 0xCF }, + 94 /* Bin Number */ + }, + { + /* Cybertrust_Global_Root */ + { 0x96, 0x0A, 0xDF, 0x00, 0x63, 0xE9, 0x63, 0x56, 0x75, 0x0C, 0x29, 0x65, 0xDD, 0x0A, 0x08, 0x67, + 0xDA, 0x0B, 0x9C, 0xBD, 0x6E, 0x77, 0x71, 0x4A, 0xEA, 0xFB, 0x23, 0x49, 0xAB, 0x39, 0x3D, 0xA3 }, + 77 /* Bin Number */ + }, + { + /* ISRG_Root_X1 */ + { 0x96, 0xBC, 0xEC, 0x06, 0x26, 0x49, 0x76, 0xF3, 0x74, 0x60, 0x77, 0x9A, 0xCF, 0x28, 0xC5, 0xA7, + 0xCF, 0xE8, 0xA3, 0xC0, 0xAA, 0xE1, 0x1A, 0x8F, 0xFC, 0xEE, 0x05, 0xC0, 0xBD, 0xDF, 0x08, 0xC6 }, + 181 /* Bin Number */ + }, + { + /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */ + { 0x97, 0x8C, 0xD9, 0x66, 0xF2, 0xFA, 0xA0, 0x7B, 0xA7, 0xAA, 0x95, 0x00, 0xD9, 0xC0, 0x2E, 0x9D, + 0x77, 0xF2, 0xCD, 0xAD, 0xA6, 0xAD, 0x6B, 0xA7, 0x4A, 0xF4, 0xB9, 0x1C, 0x66, 0x59, 0x3C, 0x50 }, + 129 /* Bin Number */ + }, + { + /* Buypass_Class_2_Root_CA */ + { 0x9A, 0x11, 0x40, 0x25, 0x19, 0x7C, 0x5B, 0xB9, 0x5D, 0x94, 0xE6, 0x3D, 0x55, 0xCD, 0x43, 0x79, + 0x08, 0x47, 0xB6, 0x46, 0xB2, 0x3C, 0xDF, 0x11, 0xAD, 0xA4, 0xA0, 0x0E, 0xFF, 0x15, 0xFB, 0x48 }, + 125 /* Bin Number */ + }, + { + /* ACCVRAIZ1 */ + { 0x9A, 0x6E, 0xC0, 0x12, 0xE1, 0xA7, 0xDA, 0x9D, 0xBE, 0x34, 0x19, 0x4D, 0x47, 0x8A, 0xD7, 0xC0, + 0xDB, 0x18, 0x22, 0xFB, 0x07, 0x1D, 0xF1, 0x29, 0x81, 0x49, 0x6E, 0xD1, 0x04, 0x38, 0x41, 0x13 }, + 138 /* Bin Number */ + }, + { + /* VeriSign_Class_3_Public_Primary_Certification_Authority___G5 */ + { 0x9A, 0xCF, 0xAB, 0x7E, 0x43, 0xC8, 0xD8, 0x80, 0xD0, 0x6B, 0x26, 0x2A, 0x94, 0xDE, 0xEE, 0xE4, + 0xB4, 0x65, 0x99, 0x89, 0xC3, 0xD0, 0xCA, 0xF1, 0x9B, 0xAF, 0x64, 0x05, 0xE4, 0x1A, 0xB7, 0xDF }, + 60 /* Bin Number */ + }, + { + /* GeoTrust_Universal_CA_2 */ + { 0xA0, 0x23, 0x4F, 0x3B, 0xC8, 0x52, 0x7C, 0xA5, 0x62, 0x8E, 0xEC, 0x81, 0xAD, 0x5D, 0x69, 0x89, + 0x5D, 0xA5, 0x68, 0x0D, 0xC9, 0x1D, 0x1C, 0xB8, 0x47, 0x7F, 0x33, 0xF8, 0x78, 0xB9, 0x5B, 0x0B }, + 23 /* Bin Number */ + }, + { + /* Hellenic_Academic_and_Research_Institutions_RootCA_2015 */ + { 0xA0, 0x40, 0x92, 0x9A, 0x02, 0xCE, 0x53, 0xB4, 0xAC, 0xF4, 0xF2, 0xFF, 0xC6, 0x98, 0x1C, 0xE4, + 0x49, 0x6F, 0x75, 0x5E, 0x6D, 0x45, 0xFE, 0x0B, 0x2A, 0x69, 0x2B, 0xCD, 0x52, 0x52, 0x3F, 0x36 }, + 174 /* Bin Number */ + }, + { + /* GeoTrust_Universal_CA */ + { 0xA0, 0x45, 0x9B, 0x9F, 0x63, 0xB2, 0x25, 0x59, 0xF5, 0xFA, 0x5D, 0x4C, 0x6D, 0xB3, 0xF9, 0xF7, + 0x2F, 0xF1, 0x93, 0x42, 0x03, 0x35, 0x78, 0xF0, 0x73, 0xBF, 0x1D, 0x1B, 0x46, 0xCB, 0xB9, 0x12 }, + 22 /* Bin Number */ + }, + { + /* SZAFIR_ROOT_CA2 */ + { 0xA1, 0x33, 0x9D, 0x33, 0x28, 0x1A, 0x0B, 0x56, 0xE5, 0x57, 0xD3, 0xD3, 0x2B, 0x1C, 0xE7, 0xF9, + 0x36, 0x7E, 0xB0, 0x94, 0xBD, 0x5F, 0xA7, 0x2A, 0x7E, 0x50, 0x04, 0xC8, 0xDE, 0xD7, 0xCA, 0xFE }, + 172 /* Bin Number */ + }, + { + /* OU_Security_Communication_EV_RootCA1_O__SECOM_Trust_Systems_CO__LTD___C_JP */ + { 0xA2, 0x2D, 0xBA, 0x68, 0x1E, 0x97, 0x37, 0x6E, 0x2D, 0x39, 0x7D, 0x72, 0x8A, 0xAE, 0x3A, 0x9B, + 0x62, 0x96, 0xB9, 0xFD, 0xBA, 0x60, 0xBC, 0x2E, 0x11, 0xF6, 0x47, 0xF2, 0xC6, 0x75, 0xFB, 0x37 }, + 68 /* Bin Number */ + }, + { + /* thawte_Primary_Root_CA___G2 */ + { 0xA4, 0x31, 0x0D, 0x50, 0xAF, 0x18, 0xA6, 0x44, 0x71, 0x90, 0x37, 0x2A, 0x86, 0xAF, 0xAF, 0x8B, + 0x95, 0x1F, 0xFB, 0x43, 0x1D, 0x83, 0x7F, 0x1E, 0x56, 0x88, 0xB4, 0x59, 0x71, 0xED, 0x15, 0x57 }, + 87 /* Bin Number */ + }, + { + /* QuoVadis_Root_Certification_Authority */ + { 0xA4, 0x5E, 0xDE, 0x3B, 0xBB, 0xF0, 0x9C, 0x8A, 0xE1, 0x5C, 0x72, 0xEF, 0xC0, 0x72, 0x68, 0xD6, + 0x93, 0xA2, 0x1C, 0x99, 0x6F, 0xD5, 0x1E, 0x67, 0xCA, 0x07, 0x94, 0x60, 0xFD, 0x6D, 0x88, 0x73 }, + 31 /* Bin Number */ + }, + { + /* GTE_CyberTrust_Global_Root */ + { 0xA5, 0x31, 0x25, 0x18, 0x8D, 0x21, 0x10, 0xAA, 0x96, 0x4B, 0x02, 0xC7, 0xB7, 0xC6, 0xDA, 0x32, + 0x03, 0x17, 0x08, 0x94, 0xE5, 0xFB, 0x71, 0xFF, 0xFB, 0x66, 0x67, 0xD5, 0xE6, 0x81, 0x0A, 0x36 }, + 1 /* Bin Number */ + }, + { + /* WellsSecure_Public_Root_Certificate_Authority */ + { 0xA7, 0x12, 0x72, 0xAE, 0xAA, 0xA3, 0xCF, 0xE8, 0x72, 0x7F, 0x7F, 0xB3, 0x9F, 0x0F, 0xB3, 0xD1, + 0xE5, 0x42, 0x6E, 0x90, 0x60, 0xB0, 0x6E, 0xE6, 0xF1, 0x3E, 0x9A, 0x3C, 0x58, 0x33, 0xCD, 0x43 }, + 65 /* Bin Number */ + }, + { + /* Thawte_Premium_Server_CA */ + { 0xAB, 0x70, 0x36, 0x36, 0x5C, 0x71, 0x54, 0xAA, 0x29, 0xC2, 0xC2, 0x9F, 0x5D, 0x41, 0x91, 0x16, + 0x3B, 0x16, 0x2A, 0x22, 0x25, 0x01, 0x13, 0x57, 0xD5, 0x6D, 0x07, 0xFF, 0xA7, 0xBC, 0x1F, 0x72 }, + 3 /* Bin Number */ + }, + { + /* OU_RSA_Security_2048_V3_O_RSA_Security_Inc */ + { 0xAF, 0x8B, 0x67, 0x62, 0xA1, 0xE5, 0x28, 0x22, 0x81, 0x61, 0xA9, 0x5D, 0x5C, 0x55, 0x9E, 0xE2, + 0x66, 0x27, 0x8F, 0x75, 0xD7, 0x9E, 0x83, 0x01, 0x89, 0xA5, 0x03, 0x50, 0x6A, 0xBD, 0x6B, 0x4C }, + 19 /* Bin Number */ + }, + { + /* E_Tugra_Certification_Authority */ + { 0xB0, 0xBF, 0xD5, 0x2B, 0xB0, 0xD7, 0xD9, 0xBD, 0x92, 0xBF, 0x5D, 0x4D, 0xC1, 0x3D, 0xA2, 0x55, + 0xC0, 0x2C, 0x54, 0x2F, 0x37, 0x83, 0x65, 0xEA, 0x89, 0x39, 0x11, 0xF5, 0x5E, 0x55, 0xF2, 0x3C }, + 141 /* Bin Number */ + }, + { + /* Thawte_Server_CA */ + { 0xB4, 0x41, 0x0B, 0x73, 0xE2, 0xE6, 0xEA, 0xCA, 0x47, 0xFB, 0xC4, 0x2F, 0x8F, 0xA4, 0x01, 0x8A, + 0xF4, 0x38, 0x1D, 0xC5, 0x4C, 0xFA, 0xA8, 0x44, 0x50, 0x46, 0x1E, 0xED, 0x09, 0x45, 0x4D, 0xE9 }, + 2 /* Bin Number */ + }, + { + /* GeoTrust_Primary_Certification_Authority___G3 */ + { 0xB4, 0x78, 0xB8, 0x12, 0x25, 0x0D, 0xF8, 0x78, 0x63, 0x5C, 0x2A, 0xA7, 0xEC, 0x7D, 0x15, 0x5E, + 0xAA, 0x62, 0x5E, 0xE8, 0x29, 0x16, 0xE2, 0xCD, 0x29, 0x43, 0x61, 0x88, 0x6C, 0xD1, 0xFB, 0xD4 }, + 86 /* Bin Number */ + }, + { + /* Deutsche_Telekom_Root_CA_2 */ + { 0xB6, 0x19, 0x1A, 0x50, 0xD0, 0xC3, 0x97, 0x7F, 0x7D, 0xA9, 0x9B, 0xCD, 0xAA, 0xC8, 0x6A, 0x22, + 0x7D, 0xAE, 0xB9, 0x67, 0x9E, 0xC7, 0x0B, 0xA3, 0xB0, 0xC9, 0xD9, 0x22, 0x71, 0xC1, 0x70, 0xD3 }, + 75 /* Bin Number */ + }, + { + /* Certum_Trusted_Network_CA_2 */ + { 0xB6, 0x76, 0xF2, 0xED, 0xDA, 0xE8, 0x77, 0x5C, 0xD3, 0x6C, 0xB0, 0xF6, 0x3C, 0xD1, 0xD4, 0x60, + 0x39, 0x61, 0xF4, 0x9E, 0x62, 0x65, 0xBA, 0x01, 0x3A, 0x2F, 0x03, 0x07, 0xB6, 0xD0, 0xB8, 0x04 }, + 173 /* Bin Number */ + }, + { + /* Buypass_Class_3_CA_1 */ + { 0xB7, 0xB1, 0x2B, 0x17, 0x1F, 0x82, 0x1D, 0xAA, 0x99, 0x0C, 0xD0, 0xFE, 0x50, 0x87, 0xB1, 0x28, + 0x44, 0x8B, 0xA8, 0xE5, 0x18, 0x4F, 0x84, 0xC5, 0x1E, 0x02, 0xB5, 0xC8, 0xFB, 0x96, 0x2B, 0x24 }, + 81 /* Bin Number */ + }, + { + /* OpenTrust_Root_CA_G3 */ + { 0xB7, 0xC3, 0x62, 0x31, 0x70, 0x6E, 0x81, 0x07, 0x8C, 0x36, 0x7C, 0xB8, 0x96, 0x19, 0x8F, 0x1E, + 0x32, 0x08, 0xDD, 0x92, 0x69, 0x49, 0xDD, 0x8F, 0x57, 0x09, 0xA4, 0x10, 0xF7, 0x5B, 0x62, 0x92 }, + 180 /* Bin Number */ + }, + { + /* IGC_A */ + { 0xB9, 0xBE, 0xA7, 0x86, 0x0A, 0x96, 0x2E, 0xA3, 0x61, 0x1D, 0xAB, 0x97, 0xAB, 0x6D, 0xA3, 0xE2, + 0x1C, 0x10, 0x68, 0xB9, 0x7D, 0x55, 0x57, 0x5E, 0xD0, 0xE1, 0x12, 0x79, 0xC1, 0x1C, 0x89, 0x32 }, + 67 /* Bin Number */ + }, + { + /* Hellenic_Academic_and_Research_Institutions_RootCA_2011 */ + { 0xBC, 0x10, 0x4F, 0x15, 0xA4, 0x8B, 0xE7, 0x09, 0xDC, 0xA5, 0x42, 0xA7, 0xE1, 0xD4, 0xB9, 0xDF, + 0x6F, 0x05, 0x45, 0x27, 0xE8, 0x02, 0xEA, 0xA9, 0x2D, 0x59, 0x54, 0x44, 0x25, 0x8A, 0xFE, 0x71 }, + 120 /* Bin Number */ + }, + { + /* AffirmTrust_Premium_ECC */ + { 0xBD, 0x71, 0xFD, 0xF6, 0xDA, 0x97, 0xE4, 0xCF, 0x62, 0xD1, 0x64, 0x7A, 0xDD, 0x25, 0x81, 0xB0, + 0x7D, 0x79, 0xAD, 0xF8, 0x39, 0x7E, 0xB4, 0xEC, 0xBA, 0x9C, 0x5E, 0x84, 0x88, 0x82, 0x14, 0x23 }, + 112 /* Bin Number */ + }, + { + /* Secure_Certificate_Services */ + { 0xBD, 0x81, 0xCE, 0x3B, 0x4F, 0x65, 0x91, 0xD1, 0x1A, 0x67, 0xB5, 0xFC, 0x7A, 0x47, 0xFD, 0xEF, + 0x25, 0x52, 0x1B, 0xF9, 0xAA, 0x4E, 0x18, 0xB9, 0xE3, 0xDF, 0x2E, 0x34, 0xA7, 0x80, 0x3B, 0xE8 }, + 29 /* Bin Number */ + }, + { + /* SwissSign_Silver_CA___G2 */ + { 0xBE, 0x6C, 0x4D, 0xA2, 0xBB, 0xB9, 0xBA, 0x59, 0xB6, 0xF3, 0x93, 0x97, 0x68, 0x37, 0x42, 0x46, + 0xC3, 0xC0, 0x05, 0x99, 0x3F, 0xA9, 0x8F, 0x02, 0x0D, 0x1D, 0xED, 0xBE, 0xD4, 0x8A, 0x81, 0xD5 }, + 57 /* Bin Number */ + }, + { + /* GlobalSign */ + { 0xBE, 0xC9, 0x49, 0x11, 0xC2, 0x95, 0x56, 0x76, 0xDB, 0x6C, 0x0A, 0x55, 0x09, 0x86, 0xD7, 0x6E, + 0x3B, 0xA0, 0x05, 0x66, 0x7C, 0x44, 0x2C, 0x97, 0x62, 0xB4, 0xFB, 0xB7, 0x73, 0xDE, 0x22, 0x8C }, + 157 /* Bin Number */ + }, + { + /* SecureSign_RootCA11 */ + { 0xBF, 0x0F, 0xEE, 0xFB, 0x9E, 0x3A, 0x58, 0x1A, 0xD5, 0xF9, 0xE9, 0xDB, 0x75, 0x89, 0x98, 0x57, + 0x43, 0xD2, 0x61, 0x08, 0x5C, 0x4D, 0x31, 0x4F, 0x6F, 0x5D, 0x72, 0x59, 0xAA, 0x42, 0x16, 0x12 }, + 97 /* Bin Number */ + }, + { + /* TWCA_Root_Certification_Authority */ + { 0xBF, 0xD8, 0x8F, 0xE1, 0x10, 0x1C, 0x41, 0xAE, 0x3E, 0x80, 0x1B, 0xF8, 0xBE, 0x56, 0x35, 0x0E, + 0xE9, 0xBA, 0xD1, 0xA6, 0xB9, 0xBD, 0x51, 0x5E, 0xDC, 0x5C, 0x6D, 0x5B, 0x87, 0x11, 0xAC, 0x44 }, + 117 /* Bin Number */ + }, + { + /* OU_ePKI_Root_Certification_Authority_O__Chunghwa_Telecom_Co___Ltd___C_TW */ + { 0xC0, 0xA6, 0xF4, 0xDC, 0x63, 0xA2, 0x4B, 0xFD, 0xCF, 0x54, 0xEF, 0x2A, 0x6A, 0x08, 0x2A, 0x0A, + 0x72, 0xDE, 0x35, 0x80, 0x3E, 0x2F, 0xF5, 0xFF, 0x52, 0x7A, 0xE5, 0xD8, 0x72, 0x06, 0xDF, 0xD5 }, + 78 /* Bin Number */ + }, + { + /* OU_Trustis_FPS_Root_CA_O_Trustis_Limited_C_GB */ + { 0xC1, 0xB4, 0x82, 0x99, 0xAB, 0xA5, 0x20, 0x8F, 0xE9, 0x63, 0x0A, 0xCE, 0x55, 0xCA, 0x68, 0xA0, + 0x3E, 0xDA, 0x5A, 0x51, 0x9C, 0x88, 0x02, 0xA0, 0xD3, 0xA6, 0x73, 0xBE, 0x8F, 0x8E, 0x55, 0x7D }, + 122 /* Bin Number */ + }, + { + /* OU_Go_Daddy_Class_2_Certification_Authority_O__The_Go_Daddy_Group__Inc___C_US */ + { 0xC3, 0x84, 0x6B, 0xF2, 0x4B, 0x9E, 0x93, 0xCA, 0x64, 0x27, 0x4C, 0x0E, 0xC6, 0x7C, 0x1E, 0xCC, + 0x5E, 0x02, 0x4F, 0xFC, 0xAC, 0xD2, 0xD7, 0x40, 0x19, 0x35, 0x0E, 0x81, 0xFE, 0x54, 0x6A, 0xE4 }, + 43 /* Bin Number */ + }, + { + /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */ + { 0xC4, 0x70, 0xCF, 0x54, 0x7E, 0x23, 0x02, 0xB9, 0x77, 0xFB, 0x29, 0xDD, 0x71, 0xA8, 0x9A, 0x7B, + 0x6C, 0x1F, 0x60, 0x77, 0x7B, 0x03, 0x29, 0xF5, 0x60, 0x17, 0xF3, 0x28, 0xBF, 0x4F, 0x6B, 0xE6 }, + 55 /* Bin Number */ + }, + { + /* StartCom_Certification_Authority */ + { 0xC7, 0x66, 0xA9, 0xBE, 0xF2, 0xD4, 0x07, 0x1C, 0x86, 0x3A, 0x31, 0xAA, 0x49, 0x20, 0xE8, 0x13, + 0xB2, 0xD1, 0x98, 0x60, 0x8C, 0xB7, 0xB7, 0xCF, 0xE2, 0x11, 0x43, 0xB8, 0x36, 0xDF, 0x09, 0xEA }, + 45 /* Bin Number */ + }, + { + /* StartCom_Certification_Authority_G2 */ + { 0xC7, 0xBA, 0x65, 0x67, 0xDE, 0x93, 0xA7, 0x98, 0xAE, 0x1F, 0xAA, 0x79, 0x1E, 0x71, 0x2D, 0x37, + 0x8F, 0xAE, 0x1F, 0x93, 0xC4, 0x39, 0x7F, 0xEA, 0x44, 0x1B, 0xB7, 0xCB, 0xE6, 0xFD, 0x59, 0x95 }, + 124 /* Bin Number */ + }, + { + /* GeoTrust_Global_CA_2 */ + { 0xCA, 0x2D, 0x82, 0xA0, 0x86, 0x77, 0x07, 0x2F, 0x8A, 0xB6, 0x76, 0x4F, 0xF0, 0x35, 0x67, 0x6C, + 0xFE, 0x3E, 0x5E, 0x32, 0x5E, 0x01, 0x21, 0x72, 0xDF, 0x3F, 0x92, 0x09, 0x6D, 0xB7, 0x9B, 0x85 }, + 21 /* Bin Number */ + }, + { + /* GlobalSign */ + { 0xCA, 0x42, 0xDD, 0x41, 0x74, 0x5F, 0xD0, 0xB8, 0x1E, 0xB9, 0x02, 0x36, 0x2C, 0xF9, 0xD8, 0xBF, + 0x71, 0x9D, 0xA1, 0xBD, 0x1B, 0x1E, 0xFC, 0x94, 0x6F, 0x5B, 0x4C, 0x99, 0xF4, 0x2C, 0x1B, 0x9E }, + 7 /* Bin Number */ + }, + { + /* DigiCert_Global_Root_G2 */ + { 0xCB, 0x3C, 0xCB, 0xB7, 0x60, 0x31, 0xE5, 0xE0, 0x13, 0x8F, 0x8D, 0xD3, 0x9A, 0x23, 0xF9, 0xDE, + 0x47, 0xFF, 0xC3, 0x5E, 0x43, 0xC1, 0x14, 0x4C, 0xEA, 0x27, 0xD4, 0x6A, 0x5A, 0xB1, 0xCB, 0x5F }, + 149 /* Bin Number */ + }, + { + /* GlobalSign */ + { 0xCB, 0xB5, 0x22, 0xD7, 0xB7, 0xF1, 0x27, 0xAD, 0x6A, 0x01, 0x13, 0x86, 0x5B, 0xDF, 0x1C, 0xD4, + 0x10, 0x2E, 0x7D, 0x07, 0x59, 0xAF, 0x63, 0x5A, 0x7C, 0xF4, 0x72, 0x0D, 0xC9, 0x63, 0xC5, 0x3B }, + 101 /* Bin Number */ + }, + { + /* XRamp_Global_Certification_Authority */ + { 0xCE, 0xCD, 0xDC, 0x90, 0x50, 0x99, 0xD8, 0xDA, 0xDF, 0xC5, 0xB1, 0xD2, 0x09, 0xB7, 0x37, 0xCB, + 0xE2, 0xC1, 0x8C, 0xFB, 0x2C, 0x10, 0xC0, 0xFF, 0x0B, 0xCF, 0x0D, 0x32, 0x86, 0xFC, 0x1A, 0xA2 }, + 42 /* Bin Number */ + }, + { + /* Equifax_Secure_eBusiness_CA_1 */ + { 0xCF, 0x56, 0xFF, 0x46, 0xA4, 0xA1, 0x86, 0x10, 0x9D, 0xD9, 0x65, 0x84, 0xB5, 0xEE, 0xB5, 0x8A, + 0x51, 0x0C, 0x42, 0x75, 0xB0, 0xE5, 0xF9, 0x4F, 0x40, 0xBB, 0xAE, 0x86, 0x5E, 0x19, 0xF6, 0x73 }, + 13 /* Bin Number */ + }, + { + /* Staat_der_Nederlanden_Root_CA */ + { 0xD4, 0x1D, 0x82, 0x9E, 0x8C, 0x16, 0x59, 0x82, 0x2A, 0xF9, 0x3F, 0xCE, 0x62, 0xBF, 0xFC, 0xDE, + 0x26, 0x4F, 0xC8, 0x4E, 0x8B, 0x95, 0x0C, 0x5F, 0xF2, 0x75, 0xD0, 0x52, 0x35, 0x46, 0x95, 0xA3 }, + 36 /* Bin Number */ + }, + { + /* Certification_Authority_of_WoSign_G2 */ + { 0xD4, 0x87, 0xA5, 0x6F, 0x83, 0xB0, 0x74, 0x82, 0xE8, 0x5E, 0x96, 0x33, 0x94, 0xC1, 0xEC, 0xC2, + 0xC9, 0xE5, 0x1D, 0x09, 0x03, 0xEE, 0x94, 0x6B, 0x02, 0xC3, 0x01, 0x58, 0x1E, 0xD9, 0x9E, 0x16 }, + 170 /* Bin Number */ + }, + { + /* CA______ */ + { 0xD6, 0xF0, 0x34, 0xBD, 0x94, 0xAA, 0x23, 0x3F, 0x02, 0x97, 0xEC, 0xA4, 0x24, 0x5B, 0x28, 0x39, + 0x73, 0xE4, 0x47, 0xAA, 0x59, 0x0F, 0x31, 0x0C, 0x77, 0xF4, 0x8F, 0xDF, 0x83, 0x11, 0x22, 0x54 }, + 153 /* Bin Number */ + }, + { + /* AAA_Certificate_Services */ + { 0xD7, 0xA7, 0xA0, 0xFB, 0x5D, 0x7E, 0x27, 0x31, 0xD7, 0x71, 0xE9, 0x48, 0x4E, 0xBC, 0xDE, 0xF7, + 0x1D, 0x5F, 0x0C, 0x3E, 0x0A, 0x29, 0x48, 0x78, 0x2B, 0xC8, 0x3E, 0xE0, 0xEA, 0x69, 0x9E, 0xF4 }, + 28 /* Bin Number */ + }, + { + /* Certum_CA */ + { 0xD8, 0xE0, 0xFE, 0xBC, 0x1D, 0xB2, 0xE3, 0x8D, 0x00, 0x94, 0x0F, 0x37, 0xD2, 0x7D, 0x41, 0x34, + 0x4D, 0x99, 0x3E, 0x73, 0x4B, 0x99, 0xD5, 0x65, 0x6D, 0x97, 0x78, 0xD4, 0xD8, 0x14, 0x36, 0x24 }, + 27 /* Bin Number */ + }, + { + /* Swisscom_Root_EV_CA_2 */ + { 0xD9, 0x5F, 0xEA, 0x3C, 0xA4, 0xEE, 0xDC, 0xE7, 0x4C, 0xD7, 0x6E, 0x75, 0xFC, 0x6D, 0x1F, 0xF6, + 0x2C, 0x44, 0x1F, 0x0F, 0xA8, 0xBC, 0x77, 0xF0, 0x34, 0xB1, 0x9E, 0x5D, 0xB2, 0x58, 0x01, 0x5D }, + 135 /* Bin Number */ + }, + { + /* TeliaSonera_Root_CA_v1 */ + { 0xDD, 0x69, 0x36, 0xFE, 0x21, 0xF8, 0xF0, 0x77, 0xC1, 0x23, 0xA1, 0xA5, 0x21, 0xC1, 0x22, 0x24, + 0xF7, 0x22, 0x55, 0xB7, 0x3E, 0x03, 0xA7, 0x26, 0x06, 0x93, 0xE8, 0xA2, 0x4B, 0x0F, 0xA3, 0x89 }, + 140 /* Bin Number */ + }, + { + /* StartCom_Certification_Authority */ + { 0xE1, 0x78, 0x90, 0xEE, 0x09, 0xA3, 0xFB, 0xF4, 0xF4, 0x8B, 0x9C, 0x41, 0x4A, 0x17, 0xD6, 0x37, + 0xB7, 0xA5, 0x06, 0x47, 0xE9, 0xBC, 0x75, 0x23, 0x22, 0x72, 0x7F, 0xCC, 0x17, 0x42, 0xA9, 0x11 }, + 123 /* Bin Number */ + }, + { + /* CA_Disig_Root_R2 */ + { 0xE2, 0x3D, 0x4A, 0x03, 0x6D, 0x7B, 0x70, 0xE9, 0xF5, 0x95, 0xB1, 0x42, 0x20, 0x79, 0xD2, 0xB9, + 0x1E, 0xDF, 0xBB, 0x1F, 0xB6, 0x51, 0xA0, 0x63, 0x3E, 0xAA, 0x8A, 0x9D, 0xC5, 0xF8, 0x07, 0x03 }, + 137 /* Bin Number */ + }, + { + /* CNNIC_ROOT */ + { 0xE2, 0x83, 0x93, 0x77, 0x3D, 0xA8, 0x45, 0xA6, 0x79, 0xF2, 0x08, 0x0C, 0xC7, 0xFB, 0x44, 0xA3, + 0xB7, 0xA1, 0xC3, 0x79, 0x2C, 0xB7, 0xEB, 0x77, 0x29, 0xFD, 0xCB, 0x6A, 0x8D, 0x99, 0xAE, 0xA7 }, + 84 /* Bin Number */ + }, + { + /* Amazon_Root_CA_4 */ + { 0xE3, 0x5D, 0x28, 0x41, 0x9E, 0xD0, 0x20, 0x25, 0xCF, 0xA6, 0x90, 0x38, 0xCD, 0x62, 0x39, 0x62, + 0x45, 0x8D, 0xA5, 0xC6, 0x95, 0xFB, 0xDE, 0xA3, 0xC2, 0x2B, 0x0B, 0xFB, 0x25, 0x89, 0x70, 0x92 }, + 186 /* Bin Number */ + }, + { + /* VeriSign_Class_4_Public_Primary_Certification_Authority___G3 */ + { 0xE3, 0x89, 0x36, 0x0D, 0x0F, 0xDB, 0xAE, 0xB3, 0xD2, 0x50, 0x58, 0x4B, 0x47, 0x30, 0x31, 0x4E, + 0x22, 0x2F, 0x39, 0xC1, 0x56, 0xA0, 0x20, 0x14, 0x4E, 0x8D, 0x96, 0x05, 0x61, 0x79, 0x15, 0x06 }, + 9 /* Bin Number */ + }, + { + /* Certigna */ + { 0xE3, 0xB6, 0xA2, 0xDB, 0x2E, 0xD7, 0xCE, 0x48, 0x84, 0x2F, 0x7A, 0xC5, 0x32, 0x41, 0xC7, 0xB7, + 0x1D, 0x54, 0x14, 0x4B, 0xFB, 0x40, 0xC1, 0x1F, 0x3F, 0x1D, 0x0B, 0x42, 0xF5, 0xEE, 0xA1, 0x2D }, + 71 /* Bin Number */ + }, + { + /* T_B_TAK_UEKAE_K_k_Sertifika_Hizmet_Sa_lay_c_s____S_r_m_3 */ + { 0xE4, 0xC7, 0x34, 0x30, 0xD7, 0xA5, 0xB5, 0x09, 0x25, 0xDF, 0x43, 0x37, 0x0A, 0x0D, 0x21, 0x6E, + 0x9A, 0x79, 0xB9, 0xD6, 0xDB, 0x83, 0x73, 0xA0, 0xC6, 0x9E, 0xB1, 0xCC, 0x31, 0xC7, 0xC5, 0x2A }, + 79 /* Bin Number */ + }, + { + /* e_Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi */ + { 0xE6, 0x09, 0x07, 0x84, 0x65, 0xA4, 0x19, 0x78, 0x0C, 0xB6, 0xAC, 0x4C, 0x1C, 0x0B, 0xFB, 0x46, + 0x53, 0xD9, 0xD9, 0xCC, 0x6E, 0xB3, 0x94, 0x6E, 0xB7, 0xF3, 0xD6, 0x99, 0x97, 0xBA, 0xD5, 0x98 }, + 100 /* Bin Number */ + }, + { + /* TC_TrustCenter_Class_2_CA_II */ + { 0xE6, 0xB8, 0xF8, 0x76, 0x64, 0x85, 0xF8, 0x07, 0xAE, 0x7F, 0x8D, 0xAC, 0x16, 0x70, 0x46, 0x1F, + 0x07, 0xC0, 0xA1, 0x3E, 0xEF, 0x3A, 0x1F, 0xF7, 0x17, 0x53, 0x8D, 0x7A, 0xBA, 0xD3, 0x91, 0xB4 }, + 72 /* Bin Number */ + }, + { + /* OU_Security_Communication_RootCA1_O_SECOM_Trust_net_C_JP */ + { 0xE7, 0x5E, 0x72, 0xED, 0x9F, 0x56, 0x0E, 0xEC, 0x6E, 0xB4, 0x80, 0x00, 0x73, 0xA4, 0x3F, 0xC3, + 0xAD, 0x19, 0x19, 0x5A, 0x39, 0x22, 0x82, 0x01, 0x78, 0x95, 0x97, 0x4A, 0x99, 0x02, 0x6B, 0x6C }, + 34 /* Bin Number */ + }, + { + /* USERTrust_RSA_Certification_Authority */ + { 0xE7, 0x93, 0xC9, 0xB0, 0x2F, 0xD8, 0xAA, 0x13, 0xE2, 0x1C, 0x31, 0x22, 0x8A, 0xCC, 0xB0, 0x81, + 0x19, 0x64, 0x3B, 0x74, 0x9C, 0x89, 0x89, 0x64, 0xB1, 0x74, 0x6D, 0x46, 0xC3, 0xD4, 0xCB, 0xD2 }, + 155 /* Bin Number */ + }, + { + /* OU_certSIGN_ROOT_CA_O_certSIGN_C_RO */ + { 0xEA, 0xA9, 0x62, 0xC4, 0xFA, 0x4A, 0x6B, 0xAF, 0xEB, 0xE4, 0x15, 0x19, 0x6D, 0x35, 0x1C, 0xCD, + 0x88, 0x8D, 0x4F, 0x53, 0xF3, 0xFA, 0x8A, 0xE6, 0xD7, 0xC4, 0x66, 0xA9, 0x4E, 0x60, 0x42, 0xBB }, + 83 /* Bin Number */ + }, + { + /* VeriSign_Class_3_Public_Primary_Certification_Authority___G3 */ + { 0xEB, 0x04, 0xCF, 0x5E, 0xB1, 0xF3, 0x9A, 0xFA, 0x76, 0x2F, 0x2B, 0xB1, 0x20, 0xF2, 0x96, 0xCB, + 0xA5, 0x20, 0xC1, 0xB9, 0x7D, 0xB1, 0x58, 0x95, 0x65, 0xB8, 0x1C, 0xB9, 0xA1, 0x7B, 0x72, 0x44 }, + 8 /* Bin Number */ + }, + { + /* OU_AC_RAIZ_FNMT_RCM_O_FNMT_RCM_C_ES */ + { 0xEB, 0xC5, 0x57, 0x0C, 0x29, 0x01, 0x8C, 0x4D, 0x67, 0xB1, 0xAA, 0x12, 0x7B, 0xAF, 0x12, 0xF7, + 0x03, 0xB4, 0x61, 0x1E, 0xBC, 0x17, 0xB7, 0xDA, 0xB5, 0x57, 0x38, 0x94, 0x17, 0x9B, 0x93, 0xFA }, + 182 /* Bin Number */ + }, + { + /* GlobalSign_Root_CA */ + { 0xEB, 0xD4, 0x10, 0x40, 0xE4, 0xBB, 0x3E, 0xC7, 0x42, 0xC9, 0xE3, 0x81, 0xD3, 0x1E, 0xF2, 0xA4, + 0x1A, 0x48, 0xB6, 0x68, 0x5C, 0x96, 0xE7, 0xCE, 0xF3, 0xC1, 0xDF, 0x6C, 0xD4, 0x33, 0x1C, 0x99 }, + 6 /* Bin Number */ + }, + { + /* TC_TrustCenter_Universal_CA_I */ + { 0xEB, 0xF3, 0xC0, 0x2A, 0x87, 0x89, 0xB1, 0xFB, 0x7D, 0x51, 0x19, 0x95, 0xD6, 0x63, 0xB7, 0x29, + 0x06, 0xD9, 0x13, 0xCE, 0x0D, 0x5E, 0x10, 0x56, 0x8A, 0x8A, 0x77, 0xE2, 0x58, 0x61, 0x67, 0xE7 }, + 74 /* Bin Number */ + }, + { + /* Juur_SK */ + { 0xEC, 0xC3, 0xE9, 0xC3, 0x40, 0x75, 0x03, 0xBE, 0xE0, 0x91, 0xAA, 0x95, 0x2F, 0x41, 0x34, 0x8F, + 0xF8, 0x8B, 0xAA, 0x86, 0x3B, 0x22, 0x64, 0xBE, 0xFA, 0xC8, 0x07, 0x90, 0x15, 0x74, 0xE9, 0x39 }, + 95 /* Bin Number */ + }, + { + /* Buypass_Class_3_Root_CA */ + { 0xED, 0xF7, 0xEB, 0xBC, 0xA2, 0x7A, 0x2A, 0x38, 0x4D, 0x38, 0x7B, 0x7D, 0x40, 0x10, 0xC6, 0x66, + 0xE2, 0xED, 0xB4, 0x84, 0x3E, 0x4C, 0x29, 0xB4, 0xAE, 0x1D, 0x5B, 0x93, 0x32, 0xE6, 0xB2, 0x4D }, + 126 /* Bin Number */ + }, + { + /* D_TRUST_Root_Class_3_CA_2_EV_2009 */ + { 0xEE, 0xC5, 0x49, 0x6B, 0x98, 0x8C, 0xE9, 0x86, 0x25, 0xB9, 0x34, 0x09, 0x2E, 0xEC, 0x29, 0x08, + 0xBE, 0xD0, 0xB0, 0xF3, 0x16, 0xC2, 0xD4, 0x73, 0x0C, 0x84, 0xEA, 0xF1, 0xF3, 0xD3, 0x48, 0x81 }, + 131 /* Bin Number */ + }, + { + /* Global_Chambersign_Root */ + { 0xEF, 0x3C, 0xB4, 0x17, 0xFC, 0x8E, 0xBF, 0x6F, 0x97, 0x87, 0x6C, 0x9E, 0x4E, 0xCE, 0x39, 0xDE, + 0x1E, 0xA5, 0xFE, 0x64, 0x91, 0x41, 0xD1, 0x02, 0x8B, 0x7D, 0x11, 0xC0, 0xB2, 0x29, 0x8C, 0xED }, + 40 /* Bin Number */ + }, + { + /* Swisscom_Root_CA_2 */ + { 0xF0, 0x9B, 0x12, 0x2C, 0x71, 0x14, 0xF4, 0xA0, 0x9B, 0xD4, 0xEA, 0x4F, 0x4A, 0x99, 0xD5, 0x58, + 0xB4, 0x6E, 0x4C, 0x25, 0xCD, 0x81, 0x14, 0x0D, 0x29, 0xC0, 0x56, 0x13, 0x91, 0x4C, 0x38, 0x41 }, + 134 /* Bin Number */ + }, + { + /* SecureTrust_CA */ + { 0xF1, 0xC1, 0xB5, 0x0A, 0xE5, 0xA2, 0x0D, 0xD8, 0x03, 0x0E, 0xC9, 0xF6, 0xBC, 0x24, 0x82, 0x3D, + 0xD3, 0x67, 0xB5, 0x25, 0x57, 0x59, 0xB4, 0xE7, 0x1B, 0x61, 0xFC, 0xE9, 0xF7, 0x37, 0x5D, 0x73 }, + 61 /* Bin Number */ + }, + { + /* Atos_TrustedRoot_2011 */ + { 0xF3, 0x56, 0xBE, 0xA2, 0x44, 0xB7, 0xA9, 0x1E, 0xB3, 0x5D, 0x53, 0xCA, 0x9A, 0xD7, 0x86, 0x4A, + 0xCE, 0x01, 0x8E, 0x2D, 0x35, 0xD5, 0xF8, 0xF9, 0x6D, 0xDF, 0x68, 0xA6, 0xF4, 0x1A, 0xA4, 0x74 }, + 143 /* Bin Number */ + }, + { + /* CA_Disig_Root_R1 */ + { 0xF9, 0x6F, 0x23, 0xF4, 0xC3, 0xE7, 0x9C, 0x07, 0x7A, 0x46, 0x98, 0x8D, 0x5A, 0xF5, 0x90, 0x06, + 0x76, 0xA0, 0xF0, 0x39, 0xCB, 0x64, 0x5D, 0xD1, 0x75, 0x49, 0xB2, 0x16, 0xC8, 0x24, 0x40, 0xCE }, + 136 /* Bin Number */ + }, + { + /* Hongkong_Post_Root_CA_1 */ + { 0xF9, 0xE6, 0x7D, 0x33, 0x6C, 0x51, 0x00, 0x2A, 0xC0, 0x54, 0xC6, 0x32, 0x02, 0x2D, 0x66, 0xDD, + 0xA2, 0xE7, 0xE3, 0xFF, 0xF1, 0x0A, 0xD0, 0x61, 0xED, 0x31, 0xD8, 0xBB, 0xB4, 0x10, 0xCF, 0xB2 }, + 96 /* Bin Number */ + }, + { + /* Certinomis___Autorit__Racine */ + { 0xFC, 0xBF, 0xE2, 0x88, 0x62, 0x06, 0xF7, 0x2B, 0x27, 0x59, 0x3C, 0x8B, 0x07, 0x02, 0x97, 0xE1, + 0x2D, 0x76, 0x9E, 0xD1, 0x0E, 0xD7, 0x93, 0x07, 0x05, 0xA8, 0x09, 0x8E, 0xFF, 0xC1, 0x4D, 0x17 }, + 114 /* Bin Number */ + }, + { + /* T_TeleSec_GlobalRoot_Class_3 */ + { 0xFD, 0x73, 0xDA, 0xD3, 0x1C, 0x64, 0x4F, 0xF1, 0xB4, 0x3B, 0xEF, 0x0C, 0xCD, 0xDA, 0x96, 0x71, + 0x0B, 0x9C, 0xD9, 0x87, 0x5E, 0xCA, 0x7E, 0x31, 0x70, 0x7A, 0xF3, 0xE9, 0x6D, 0x52, 0x2B, 0xBD }, + 127 /* Bin Number */ + }, + { + /* GeoTrust_Global_CA */ + { 0xFF, 0x85, 0x6A, 0x2D, 0x25, 0x1D, 0xCD, 0x88, 0xD3, 0x66, 0x56, 0xF4, 0x50, 0x12, 0x67, 0x98, + 0xCF, 0xAB, 0xAA, 0xDE, 0x40, 0x79, 0x9C, 0x72, 0x2D, 0xE4, 0xD2, 0xB5, 0xDB, 0x36, 0xA7, 0x3A }, + 20 /* Bin Number */ + }, +}; + diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp new file mode 100644 index 000000000..4ef79f54a --- /dev/null +++ b/security/manager/ssl/SSLServerCertVerification.cpp @@ -0,0 +1,1795 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// For connections that are not processed on the socket transport thread, we do +// NOT use the async logic described below. Instead, we authenticate the +// certificate on the thread that the connection's I/O happens on, +// synchronously. This allows us to do certificate verification for blocking +// (not non-blocking) sockets and sockets that have their I/O processed on a +// thread other than the socket transport service thread. Also, we DO NOT +// support blocking sockets on the socket transport service thread at all. +// +// During certificate authentication, we call CERT_PKIXVerifyCert or +// CERT_VerifyCert. These functions may make zero or more HTTP requests +// for OCSP responses, CRLs, intermediate certificates, etc. Our fetching logic +// for these requests processes them on the socket transport service thread. +// +// If the connection for which we are verifying the certificate is happening +// on the socket transport thread (the usually case, at least for HTTP), then +// if our cert auth hook were to call the CERT_*Verify* functions directly, +// there would be a deadlock: The CERT_*Verify* function would cause an event +// to be asynchronously posted to the socket transport thread, and then it +// would block the socket transport thread waiting to be notified of the HTTP +// response. However, the HTTP request would never actually be processed +// because the socket transport thread would be blocked and so it wouldn't be +// able process HTTP requests. (i.e. Deadlock.) +// +// Consequently, when we are asked to verify a certificate on the socket +// transport service thread, we must always call the CERT_*Verify* cert +// functions on another thread. To accomplish this, our auth cert hook +// dispatches a SSLServerCertVerificationJob to a pool of background threads, +// and then immediately returns SECWouldBlock to libssl. These jobs are where +// the CERT_*Verify* functions are actually called. +// +// When our auth cert hook returns SECWouldBlock, libssl will carry on the +// handshake while we validate the certificate. This will free up the socket +// transport thread so that HTTP requests--in particular, the OCSP/CRL/cert +// requests needed for cert verification as mentioned above--can be processed. +// +// Once the CERT_*Verify* function returns, the cert verification job +// dispatches a SSLServerCertVerificationResult to the socket transport thread; +// the SSLServerCertVerificationResult will notify libssl that the certificate +// authentication is complete. Once libssl is notified that the authentication +// is complete, it will continue the SSL handshake (if it hasn't already +// finished) and it will begin allowing us to send/receive data on the +// connection. +// +// Timeline of events (for connections managed by the socket transport service): +// +// * libssl calls SSLServerCertVerificationJob::Dispatch on the socket +// transport thread. +// * SSLServerCertVerificationJob::Dispatch queues a job +// (instance of SSLServerCertVerificationJob) to its background thread +// pool and returns. +// * One of the background threads calls CERT_*Verify*, which may enqueue +// some HTTP request(s) onto the socket transport thread, and then +// blocks that background thread waiting for the responses and/or timeouts +// or errors for those requests. +// * Once those HTTP responses have all come back or failed, the +// CERT_*Verify* function returns a result indicating that the validation +// succeeded or failed. +// * If the validation succeeded, then a SSLServerCertVerificationResult +// event is posted to the socket transport thread, and the cert +// verification thread becomes free to verify other certificates. +// * Otherwise, a CertErrorRunnable is posted to the socket transport thread +// and then to the main thread (blocking both, see CertErrorRunnable) to +// do cert override processing and bad cert listener notification. Then +// the cert verification thread becomes free to verify other certificates. +// * After processing cert overrides, the CertErrorRunnable will dispatch a +// SSLServerCertVerificationResult event to the socket transport thread to +// notify it of the result of the override processing; then it returns, +// freeing up the main thread. +// * The SSLServerCertVerificationResult event will either wake up the +// socket (using SSL_RestartHandshakeAfterServerCert) if validation +// succeeded or there was an error override, or it will set an error flag +// so that the next I/O operation on the socket will fail, causing the +// socket transport thread to close the connection. +// +// Cert override processing must happen on the main thread because it accesses +// the nsICertOverrideService, and that service must be accessed on the main +// thread because some extensions (Selenium, in particular) replace it with a +// Javascript implementation, and chrome JS must always be run on the main +// thread. +// +// SSLServerCertVerificationResult must be dispatched to the socket transport +// thread because we must only call SSL_* functions on the socket transport +// thread since they may do I/O, because many parts of nsNSSSocketInfo (the +// subclass of TransportSecurityInfo used when validating certificates during +// an SSL handshake) and the PSM NSS I/O layer are not thread-safe, and because +// we need the event to interrupt the PR_Poll that may waiting for I/O on the +// socket for which we are validating the cert. + +#include "SSLServerCertVerification.h" + +#include + +#include "BRNameMatchingPolicy.h" +#include "CertVerifier.h" +#include "CryptoTask.h" +#include "ExtendedValidation.h" +#include "NSSCertDBTrustDomain.h" +#include "PSMRunnable.h" +#include "RootCertificateTelemetryUtils.h" +#include "ScopedNSSTypes.h" +#include "SharedCertVerifier.h" +#include "SharedSSLState.h" +#include "TransportSecurityInfo.h" // For RememberCertErrorsTable +#include "cert.h" +#include "mozilla/Assertions.h" +#include "mozilla/Casting.h" +#include "mozilla/Mutex.h" +#include "mozilla/RefPtr.h" +#include "mozilla/Telemetry.h" +#include "mozilla/UniquePtr.h" +#include "mozilla/Unused.h" +#include "mozilla/net/DNS.h" +#include "nsComponentManagerUtils.h" +#include "nsContentUtils.h" +#include "nsIBadCertListener2.h" +#include "nsICertOverrideService.h" +#include "nsISiteSecurityService.h" +#include "nsISocketProvider.h" +#include "nsIThreadPool.h" +#include "nsNSSCertificate.h" +#include "nsNSSComponent.h" +#include "nsNSSIOLayer.h" +#include "nsNSSShutDown.h" +#include "nsSSLStatus.h" +#include "nsServiceManagerUtils.h" +#include "nsURLHelper.h" +#include "nsXPCOMCIDInternal.h" +#include "pkix/pkix.h" +#include "pkix/pkixnss.h" +#include "secerr.h" +#include "secoidt.h" +#include "secport.h" +#include "ssl.h" +#include "sslerr.h" + +extern mozilla::LazyLogModule gPIPNSSLog; + +using namespace mozilla::pkix; + +namespace mozilla { namespace psm { + +namespace { + +// do not use a nsCOMPtr to avoid static initializer/destructor +nsIThreadPool* gCertVerificationThreadPool = nullptr; + +// We avoid using a mutex for the success case to avoid lock-related +// performance issues. However, we do use a lock in the error case to simplify +// the code, since performance in the error case is not important. +Mutex* gSSLVerificationTelemetryMutex = nullptr; + +// We add a mutex to serialize PKCS11 database operations +Mutex* gSSLVerificationPK11Mutex = nullptr; + +} // unnamed namespace + +// Called when the socket transport thread starts, to initialize the SSL cert +// verification thread pool. By tying the thread pool startup/shutdown directly +// to the STS thread's lifetime, we ensure that they are *always* available for +// SSL connections and that there are no races during startup and especially +// shutdown. (Previously, we have had multiple problems with races in PSM +// background threads, and the race-prevention/shutdown logic used there is +// brittle. Since this service is critical to things like downloading updates, +// we take no chances.) Also, by doing things this way, we avoid the need for +// locks, since gCertVerificationThreadPool is only ever accessed on the socket +// transport thread. +void +InitializeSSLServerCertVerificationThreads() +{ + gSSLVerificationTelemetryMutex = new Mutex("SSLVerificationTelemetryMutex"); + gSSLVerificationPK11Mutex = new Mutex("SSLVerificationPK11Mutex"); + // TODO: tuning, make parameters preferences + // XXX: instantiate nsThreadPool directly, to make this more bulletproof. + // Currently, the nsThreadPool.h header isn't exported for us to do so. + nsresult rv = CallCreateInstance(NS_THREADPOOL_CONTRACTID, + &gCertVerificationThreadPool); + if (NS_FAILED(rv)) { + NS_WARNING("Failed to create SSL cert verification threads."); + return; + } + + (void) gCertVerificationThreadPool->SetIdleThreadLimit(5); + (void) gCertVerificationThreadPool->SetIdleThreadTimeout(30 * 1000); + (void) gCertVerificationThreadPool->SetThreadLimit(5); + (void) gCertVerificationThreadPool->SetName(NS_LITERAL_CSTRING("SSL Cert")); +} + +// Called when the socket transport thread finishes, to destroy the thread +// pool. Since the socket transport service has stopped processing events, it +// will not attempt any more SSL I/O operations, so it is clearly safe to shut +// down the SSL cert verification infrastructure. Also, the STS will not +// dispatch many SSL verification result events at this point, so any pending +// cert verifications will (correctly) fail at the point they are dispatched. +// +// The other shutdown race condition that is possible is a race condition with +// shutdown of the nsNSSComponent service. We use the +// nsNSSShutdownPreventionLock where needed (not here) to prevent that. +void StopSSLServerCertVerificationThreads() +{ + if (gCertVerificationThreadPool) { + gCertVerificationThreadPool->Shutdown(); + NS_RELEASE(gCertVerificationThreadPool); + } + if (gSSLVerificationTelemetryMutex) { + delete gSSLVerificationTelemetryMutex; + gSSLVerificationTelemetryMutex = nullptr; + } + if (gSSLVerificationPK11Mutex) { + delete gSSLVerificationPK11Mutex; + gSSLVerificationPK11Mutex = nullptr; + } +} + +namespace { + +void +LogInvalidCertError(nsNSSSocketInfo* socketInfo, + PRErrorCode errorCode, + ::mozilla::psm::SSLErrorMessageType errorMessageType) +{ + nsString message; + socketInfo->GetErrorLogMessage(errorCode, errorMessageType, message); + if (!message.IsEmpty()) { + nsContentUtils::LogSimpleConsoleError(message, "SSL"); + } +} + +// Dispatched to the STS thread to notify the infoObject of the verification +// result. +// +// This will cause the PR_Poll in the STS thread to return, so things work +// correctly even if the STS thread is blocked polling (only) on the file +// descriptor that is waiting for this result. +class SSLServerCertVerificationResult : public Runnable +{ +public: + NS_DECL_NSIRUNNABLE + + SSLServerCertVerificationResult(nsNSSSocketInfo* infoObject, + PRErrorCode errorCode, + Telemetry::ID telemetryID = Telemetry::HistogramCount, + uint32_t telemetryValue = -1, + SSLErrorMessageType errorMessageType = + PlainErrorMessage); + + void Dispatch(); +private: + const RefPtr mInfoObject; +public: + const PRErrorCode mErrorCode; + const SSLErrorMessageType mErrorMessageType; + const Telemetry::ID mTelemetryID; + const uint32_t mTelemetryValue; +}; + +class CertErrorRunnable : public SyncRunnableBase +{ + public: + CertErrorRunnable(const void* fdForLogging, + nsIX509Cert* cert, + nsNSSSocketInfo* infoObject, + PRErrorCode defaultErrorCodeToReport, + uint32_t collectedErrors, + PRErrorCode errorCodeTrust, + PRErrorCode errorCodeMismatch, + PRErrorCode errorCodeTime, + uint32_t providerFlags) + : mFdForLogging(fdForLogging), mCert(cert), mInfoObject(infoObject), + mDefaultErrorCodeToReport(defaultErrorCodeToReport), + mCollectedErrors(collectedErrors), + mErrorCodeTrust(errorCodeTrust), + mErrorCodeMismatch(errorCodeMismatch), + mErrorCodeTime(errorCodeTime), + mProviderFlags(providerFlags) + { + } + + virtual void RunOnTargetThread(); + RefPtr mResult; // out +private: + SSLServerCertVerificationResult* CheckCertOverrides(); + + const void* const mFdForLogging; // may become an invalid pointer; do not dereference + const nsCOMPtr mCert; + const RefPtr mInfoObject; + const PRErrorCode mDefaultErrorCodeToReport; + const uint32_t mCollectedErrors; + const PRErrorCode mErrorCodeTrust; + const PRErrorCode mErrorCodeMismatch; + const PRErrorCode mErrorCodeTime; + const uint32_t mProviderFlags; +}; + +// A probe value of 1 means "no error". +uint32_t +MapOverridableErrorToProbeValue(PRErrorCode errorCode) +{ + switch (errorCode) + { + case SEC_ERROR_UNKNOWN_ISSUER: return 2; + case SEC_ERROR_CA_CERT_INVALID: return 3; + case SEC_ERROR_UNTRUSTED_ISSUER: return 4; + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: return 5; + case SEC_ERROR_UNTRUSTED_CERT: return 6; + case SEC_ERROR_INADEQUATE_KEY_USAGE: return 7; + case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: return 8; + case SSL_ERROR_BAD_CERT_DOMAIN: return 9; + case SEC_ERROR_EXPIRED_CERTIFICATE: return 10; + case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: return 11; + case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA: return 12; + case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE: return 13; + case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE: return 14; + case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE: + return 15; + case SEC_ERROR_INVALID_TIME: return 16; + case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME: return 17; + } + NS_WARNING("Unknown certificate error code. Does MapOverridableErrorToProbeValue " + "handle everything in DetermineCertOverrideErrors?"); + return 0; +} + +static uint32_t +MapCertErrorToProbeValue(PRErrorCode errorCode) +{ + uint32_t probeValue; + switch (errorCode) + { + // see security/pkix/include/pkix/Result.h +#define MOZILLA_PKIX_MAP(name, value, nss_name) case nss_name: probeValue = value; break; + MOZILLA_PKIX_MAP_LIST +#undef MOZILLA_PKIX_MAP + default: return 0; + } + + // Since FATAL_ERROR_FLAG is 0x800, fatal error values are much larger than + // non-fatal error values. To conserve space, we remap these so they start at + // (decimal) 90 instead of 0x800. Currently there are ~50 non-fatal errors + // mozilla::pkix might return, so saving space for 90 should be sufficient + // (similarly, there are 4 fatal errors, so saving space for 10 should also + // be sufficient). + static_assert(FATAL_ERROR_FLAG == 0x800, + "mozilla::pkix::FATAL_ERROR_FLAG is not what we were expecting"); + if (probeValue & FATAL_ERROR_FLAG) { + probeValue ^= FATAL_ERROR_FLAG; + probeValue += 90; + } + return probeValue; +} + +SECStatus +DetermineCertOverrideErrors(const UniqueCERTCertificate& cert, + const char* hostName, + PRTime now, PRErrorCode defaultErrorCodeToReport, + /*out*/ uint32_t& collectedErrors, + /*out*/ PRErrorCode& errorCodeTrust, + /*out*/ PRErrorCode& errorCodeMismatch, + /*out*/ PRErrorCode& errorCodeTime) +{ + MOZ_ASSERT(cert); + MOZ_ASSERT(hostName); + MOZ_ASSERT(collectedErrors == 0); + MOZ_ASSERT(errorCodeTrust == 0); + MOZ_ASSERT(errorCodeMismatch == 0); + MOZ_ASSERT(errorCodeTime == 0); + + // Assumes the error prioritization described in mozilla::pkix's + // BuildForward function. Also assumes that CheckCertHostname was only + // called if CertVerifier::VerifyCert succeeded. + switch (defaultErrorCodeToReport) { + case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + case SEC_ERROR_UNKNOWN_ISSUER: + case SEC_ERROR_CA_CERT_INVALID: + case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: + case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE: + case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA: + case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE: + case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME: + { + collectedErrors = nsICertOverrideService::ERROR_UNTRUSTED; + errorCodeTrust = defaultErrorCodeToReport; + + SECCertTimeValidity validity = CERT_CheckCertValidTimes(cert.get(), now, + false); + if (validity == secCertTimeUndetermined) { + // This only happens if cert is null. CERT_CheckCertValidTimes will + // have set the error code to SEC_ERROR_INVALID_ARGS. We should really + // be using mozilla::pkix here anyway. + MOZ_ASSERT(PR_GetError() == SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (validity == secCertTimeExpired) { + collectedErrors |= nsICertOverrideService::ERROR_TIME; + errorCodeTime = SEC_ERROR_EXPIRED_CERTIFICATE; + } else if (validity == secCertTimeNotValidYet) { + collectedErrors |= nsICertOverrideService::ERROR_TIME; + errorCodeTime = + mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE; + } + break; + } + + case SEC_ERROR_INVALID_TIME: + case SEC_ERROR_EXPIRED_CERTIFICATE: + case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE: + collectedErrors = nsICertOverrideService::ERROR_TIME; + errorCodeTime = defaultErrorCodeToReport; + break; + + case SSL_ERROR_BAD_CERT_DOMAIN: + collectedErrors = nsICertOverrideService::ERROR_MISMATCH; + errorCodeMismatch = SSL_ERROR_BAD_CERT_DOMAIN; + break; + + case 0: + NS_ERROR("No error code set during certificate validation failure."); + PR_SetError(PR_INVALID_STATE_ERROR, 0); + return SECFailure; + + default: + PR_SetError(defaultErrorCodeToReport, 0); + return SECFailure; + } + + if (defaultErrorCodeToReport != SSL_ERROR_BAD_CERT_DOMAIN) { + Input certInput; + if (certInput.Init(cert->derCert.data, cert->derCert.len) != Success) { + PR_SetError(SEC_ERROR_BAD_DER, 0); + return SECFailure; + } + Input hostnameInput; + Result result = hostnameInput.Init( + BitwiseCast(hostName), + strlen(hostName)); + if (result != Success) { + PR_SetError(SEC_ERROR_INVALID_ARGS, 0); + return SECFailure; + } + // Use a lax policy so as to not generate potentially spurious name + // mismatch "hints". + BRNameMatchingPolicy nameMatchingPolicy( + BRNameMatchingPolicy::Mode::DoNotEnforce); + // CheckCertHostname expects that its input represents a certificate that + // has already been successfully validated by BuildCertChain. This is + // obviously not the case, however, because we're in the error path of + // certificate verification. Thus, this is problematic. In the future, it + // would be nice to remove this optimistic additional error checking and + // simply punt to the front-end, which can more easily (and safely) perform + // extra checks to give the user hints as to why verification failed. + result = CheckCertHostname(certInput, hostnameInput, nameMatchingPolicy); + // Treat malformed name information as a domain mismatch. + if (result == Result::ERROR_BAD_DER || + result == Result::ERROR_BAD_CERT_DOMAIN) { + collectedErrors |= nsICertOverrideService::ERROR_MISMATCH; + errorCodeMismatch = SSL_ERROR_BAD_CERT_DOMAIN; + } else if (IsFatalError(result)) { + // Because its input has not been validated by BuildCertChain, + // CheckCertHostname can return an error that is less important than the + // original certificate verification error. Only return an error result + // from this function if we've encountered a fatal error. + PR_SetError(MapResultToPRErrorCode(result), 0); + return SECFailure; + } + } + + return SECSuccess; +} + +SSLServerCertVerificationResult* +CertErrorRunnable::CheckCertOverrides() +{ + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p][%p] top of CheckCertOverrides\n", + mFdForLogging, this)); + // "Use" mFdForLogging in non-PR_LOGGING builds, too, to suppress + // clang's -Wunused-private-field build warning for this variable: + Unused << mFdForLogging; + + if (!NS_IsMainThread()) { + NS_ERROR("CertErrorRunnable::CheckCertOverrides called off main thread"); + return new SSLServerCertVerificationResult(mInfoObject, + mDefaultErrorCodeToReport); + } + + int32_t port; + mInfoObject->GetPort(&port); + + nsAutoCString hostWithPortString(mInfoObject->GetHostName()); + hostWithPortString.Append(':'); + hostWithPortString.AppendInt(port); + + uint32_t remaining_display_errors = mCollectedErrors; + + + // If this is an HTTP Strict Transport Security host or a pinned host and the + // certificate is bad, don't allow overrides (RFC 6797 section 12.1, + // HPKP draft spec section 2.6). + bool strictTransportSecurityEnabled = false; + bool hasPinningInformation = false; + nsCOMPtr sss(do_GetService(NS_SSSERVICE_CONTRACTID)); + if (!sss) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p][%p] couldn't get nsISiteSecurityService to check for HSTS/HPKP\n", + mFdForLogging, this)); + return new SSLServerCertVerificationResult(mInfoObject, + mDefaultErrorCodeToReport); + } + nsresult nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HSTS, + mInfoObject->GetHostNameRaw(), + mProviderFlags, + nullptr, + &strictTransportSecurityEnabled); + if (NS_FAILED(nsrv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p][%p] checking for HSTS failed\n", mFdForLogging, this)); + return new SSLServerCertVerificationResult(mInfoObject, + mDefaultErrorCodeToReport); + } + nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HPKP, + mInfoObject->GetHostNameRaw(), + mProviderFlags, + nullptr, + &hasPinningInformation); + if (NS_FAILED(nsrv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p][%p] checking for HPKP failed\n", mFdForLogging, this)); + return new SSLServerCertVerificationResult(mInfoObject, + mDefaultErrorCodeToReport); + } + + if (!strictTransportSecurityEnabled && !hasPinningInformation) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p][%p] no HSTS or HPKP - overrides allowed\n", + mFdForLogging, this)); + nsCOMPtr overrideService = + do_GetService(NS_CERTOVERRIDE_CONTRACTID); + // it is fine to continue without the nsICertOverrideService + + uint32_t overrideBits = 0; + + if (overrideService) + { + bool haveOverride; + bool isTemporaryOverride; // we don't care + const nsACString& hostString(mInfoObject->GetHostName()); + nsrv = overrideService->HasMatchingOverride(hostString, port, + mCert, + &overrideBits, + &isTemporaryOverride, + &haveOverride); + if (NS_SUCCEEDED(nsrv) && haveOverride) + { + // remove the errors that are already overriden + remaining_display_errors &= ~overrideBits; + } + } + + if (!remaining_display_errors) { + // This can double- or triple-count one certificate with multiple + // different types of errors. Since this is telemetry and we just + // want a ballpark answer, we don't care. + if (mErrorCodeTrust != 0) { + uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeTrust); + Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue); + } + if (mErrorCodeMismatch != 0) { + uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeMismatch); + Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue); + } + if (mErrorCodeTime != 0) { + uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeTime); + Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue); + } + + // all errors are covered by override rules, so let's accept the cert + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p][%p] All errors covered by override rules\n", + mFdForLogging, this)); + return new SSLServerCertVerificationResult(mInfoObject, 0); + } + } else { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p][%p] HSTS or HPKP - no overrides allowed\n", + mFdForLogging, this)); + } + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p][%p] Certificate error was not overridden\n", + mFdForLogging, this)); + + // Ok, this is a full stop. + // First, deliver the technical details of the broken SSL status. + + // Try to get a nsIBadCertListener2 implementation from the socket consumer. + nsCOMPtr sslSocketControl = do_QueryInterface( + NS_ISUPPORTS_CAST(nsITransportSecurityInfo*, mInfoObject)); + if (sslSocketControl) { + nsCOMPtr cb; + sslSocketControl->GetNotificationCallbacks(getter_AddRefs(cb)); + if (cb) { + nsCOMPtr bcl = do_GetInterface(cb); + if (bcl) { + nsIInterfaceRequestor* csi + = static_cast(mInfoObject); + bool suppressMessage = false; // obsolete, ignored + nsrv = bcl->NotifyCertProblem(csi, mInfoObject->SSLStatus(), + hostWithPortString, &suppressMessage); + } + } + } + + // pick the error code to report by priority + PRErrorCode errorCodeToReport = mErrorCodeTrust ? mErrorCodeTrust + : mErrorCodeMismatch ? mErrorCodeMismatch + : mErrorCodeTime ? mErrorCodeTime + : mDefaultErrorCodeToReport; + + SSLServerCertVerificationResult* result = + new SSLServerCertVerificationResult(mInfoObject, + errorCodeToReport, + Telemetry::HistogramCount, + -1, + OverridableCertErrorMessage); + + LogInvalidCertError(mInfoObject, + result->mErrorCode, + result->mErrorMessageType); + + return result; +} + +void +CertErrorRunnable::RunOnTargetThread() +{ + MOZ_ASSERT(NS_IsMainThread()); + + mResult = CheckCertOverrides(); + + MOZ_ASSERT(mResult); +} + +// Returns null with the error code (PR_GetError()) set if it does not create +// the CertErrorRunnable. +CertErrorRunnable* +CreateCertErrorRunnable(CertVerifier& certVerifier, + PRErrorCode defaultErrorCodeToReport, + nsNSSSocketInfo* infoObject, + const UniqueCERTCertificate& cert, + const void* fdForLogging, + uint32_t providerFlags, + PRTime now) +{ + MOZ_ASSERT(infoObject); + MOZ_ASSERT(cert); + + uint32_t probeValue = MapCertErrorToProbeValue(defaultErrorCodeToReport); + Telemetry::Accumulate(Telemetry::SSL_CERT_VERIFICATION_ERRORS, probeValue); + + uint32_t collected_errors = 0; + PRErrorCode errorCodeTrust = 0; + PRErrorCode errorCodeMismatch = 0; + PRErrorCode errorCodeTime = 0; + if (DetermineCertOverrideErrors(cert, infoObject->GetHostNameRaw(), now, + defaultErrorCodeToReport, collected_errors, + errorCodeTrust, errorCodeMismatch, + errorCodeTime) != SECSuccess) { + // Attempt to enforce that if DetermineCertOverrideErrors failed, + // PR_SetError was set with a non-overridable error. This is because if we + // return from CreateCertErrorRunnable without calling + // infoObject->SetStatusErrorBits, we won't have the required information + // to actually add a certificate error override. This results in a broken + // UI which is annoying but not a security disaster. + MOZ_ASSERT(!ErrorIsOverridable(PR_GetError())); + return nullptr; + } + + RefPtr nssCert(nsNSSCertificate::Create(cert.get())); + if (!nssCert) { + NS_ERROR("nsNSSCertificate::Create failed"); + PR_SetError(SEC_ERROR_NO_MEMORY, 0); + return nullptr; + } + + if (!collected_errors) { + // This will happen when CERT_*Verify* only returned error(s) that are + // not on our whitelist of overridable certificate errors. + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] !collected_errors: %d\n", + fdForLogging, static_cast(defaultErrorCodeToReport))); + PR_SetError(defaultErrorCodeToReport, 0); + return nullptr; + } + + infoObject->SetStatusErrorBits(nssCert, collected_errors); + + return new CertErrorRunnable(fdForLogging, + static_cast(nssCert.get()), + infoObject, defaultErrorCodeToReport, + collected_errors, errorCodeTrust, + errorCodeMismatch, errorCodeTime, + providerFlags); +} + +// When doing async cert processing, we dispatch one of these runnables to the +// socket transport service thread, which blocks the socket transport +// service thread while it waits for the inner CertErrorRunnable to execute +// CheckCertOverrides on the main thread. CheckCertOverrides must block events +// on both of these threads because it calls TransportSecurityInfo::GetInterface(), +// which may call nsHttpConnection::GetInterface() through +// TransportSecurityInfo::mCallbacks. nsHttpConnection::GetInterface must always +// execute on the main thread, with the socket transport service thread +// blocked. +class CertErrorRunnableRunnable : public Runnable +{ +public: + explicit CertErrorRunnableRunnable(CertErrorRunnable* certErrorRunnable) + : mCertErrorRunnable(certErrorRunnable) + { + } +private: + NS_IMETHOD Run() override + { + nsresult rv = mCertErrorRunnable->DispatchToMainThreadAndWait(); + // The result must run on the socket transport thread, which we are already + // on, so we can just run it directly, instead of dispatching it. + if (NS_SUCCEEDED(rv)) { + rv = mCertErrorRunnable->mResult ? mCertErrorRunnable->mResult->Run() + : NS_ERROR_UNEXPECTED; + } + return rv; + } + RefPtr mCertErrorRunnable; +}; + +class SSLServerCertVerificationJob : public Runnable +{ +public: + // Must be called only on the socket transport thread + static SECStatus Dispatch(const RefPtr& certVerifier, + const void* fdForLogging, + nsNSSSocketInfo* infoObject, + const UniqueCERTCertificate& serverCert, + const UniqueCERTCertList& peerCertChain, + const SECItem* stapledOCSPResponse, + const SECItem* sctsFromTLSExtension, + uint32_t providerFlags, + Time time, + PRTime prtime); +private: + NS_DECL_NSIRUNNABLE + + // Must be called only on the socket transport thread + SSLServerCertVerificationJob(const RefPtr& certVerifier, + const void* fdForLogging, + nsNSSSocketInfo* infoObject, + const UniqueCERTCertificate& cert, + UniqueCERTCertList peerCertChain, + const SECItem* stapledOCSPResponse, + const SECItem* sctsFromTLSExtension, + uint32_t providerFlags, + Time time, + PRTime prtime); + const RefPtr mCertVerifier; + const void* const mFdForLogging; + const RefPtr mInfoObject; + const UniqueCERTCertificate mCert; + UniqueCERTCertList mPeerCertChain; + const uint32_t mProviderFlags; + const Time mTime; + const PRTime mPRTime; + const TimeStamp mJobStartTime; + const UniqueSECItem mStapledOCSPResponse; + const UniqueSECItem mSCTsFromTLSExtension; +}; + +SSLServerCertVerificationJob::SSLServerCertVerificationJob( + const RefPtr& certVerifier, const void* fdForLogging, + nsNSSSocketInfo* infoObject, const UniqueCERTCertificate& cert, + UniqueCERTCertList peerCertChain, const SECItem* stapledOCSPResponse, + const SECItem* sctsFromTLSExtension, + uint32_t providerFlags, Time time, PRTime prtime) + : mCertVerifier(certVerifier) + , mFdForLogging(fdForLogging) + , mInfoObject(infoObject) + , mCert(CERT_DupCertificate(cert.get())) + , mPeerCertChain(Move(peerCertChain)) + , mProviderFlags(providerFlags) + , mTime(time) + , mPRTime(prtime) + , mJobStartTime(TimeStamp::Now()) + , mStapledOCSPResponse(SECITEM_DupItem(stapledOCSPResponse)) + , mSCTsFromTLSExtension(SECITEM_DupItem(sctsFromTLSExtension)) +{ +} + +// This function assumes that we will only use the SPDY connection coalescing +// feature on connections where we have negotiated SPDY using NPN. If we ever +// talk SPDY without having negotiated it with SPDY, this code will give wrong +// and perhaps unsafe results. +// +// Returns SECSuccess on the initial handshake of all connections, on +// renegotiations for any connections where we did not negotiate SPDY, or on any +// SPDY connection where the server's certificate did not change. +// +// Prohibit changing the server cert only if we negotiated SPDY, +// in order to support SPDY's cross-origin connection pooling. +static SECStatus +BlockServerCertChangeForSpdy(nsNSSSocketInfo* infoObject, + const UniqueCERTCertificate& serverCert) +{ + // Get the existing cert. If there isn't one, then there is + // no cert change to worry about. + nsCOMPtr cert; + + RefPtr status(infoObject->SSLStatus()); + if (!status) { + // If we didn't have a status, then this is the + // first handshake on this connection, not a + // renegotiation. + return SECSuccess; + } + + status->GetServerCert(getter_AddRefs(cert)); + if (!cert) { + NS_NOTREACHED("every nsSSLStatus must have a cert" + "that implements nsIX509Cert"); + PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0); + return SECFailure; + } + + // Filter out sockets that did not neogtiate SPDY via NPN + nsAutoCString negotiatedNPN; + nsresult rv = infoObject->GetNegotiatedNPN(negotiatedNPN); + NS_ASSERTION(NS_SUCCEEDED(rv), + "GetNegotiatedNPN() failed during renegotiation"); + + if (NS_SUCCEEDED(rv) && !StringBeginsWith(negotiatedNPN, + NS_LITERAL_CSTRING("spdy/"))) { + return SECSuccess; + } + // If GetNegotiatedNPN() failed we will assume spdy for safety's safe + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("BlockServerCertChangeForSpdy failed GetNegotiatedNPN() call." + " Assuming spdy.\n")); + } + + // Check to see if the cert has actually changed + UniqueCERTCertificate c(cert->GetCert()); + NS_ASSERTION(c, "very bad and hopefully impossible state"); + bool sameCert = CERT_CompareCerts(c.get(), serverCert.get()); + if (sameCert) { + return SECSuccess; + } + + // Report an error - changed cert is confirmed + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("SPDY Refused to allow new cert during renegotiation\n")); + PR_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, 0); + return SECFailure; +} + +void +AccumulateSubjectCommonNameTelemetry(const char* commonName, + bool commonNameInSubjectAltNames) +{ + if (!commonName) { + // 1 means no common name present + Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 1); + } else if (!commonNameInSubjectAltNames) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("BR telemetry: common name '%s' not in subject alt. names " + "(or the subject alt. names extension is not present)\n", + commonName)); + // 2 means the common name is not present in subject alt names + Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 2); + } else { + // 0 means the common name is present in subject alt names + Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 0); + } +} + +// Returns true if and only if commonName ends with altName (minus its leading +// "*"). altName has already been checked to be of the form "*.". +// commonName may be NULL. +static bool +TryMatchingWildcardSubjectAltName(const char* commonName, + const nsACString& altName) +{ + return commonName && + StringEndsWith(nsDependentCString(commonName), Substring(altName, 1)); +} + +// Gathers telemetry on Baseline Requirements 9.2.1 (Subject Alternative +// Names Extension) and 9.2.2 (Subject Common Name Field). +// Specifically: +// - whether or not the subject common name field is present +// - whether or not the subject alternative names extension is present +// - if there is a malformed entry in the subject alt. names extension +// - if there is an entry in the subject alt. names extension corresponding +// to the subject common name +// Telemetry is only gathered for certificates that chain to a trusted root +// in Mozilla's Root CA program. +// certList consists of a validated certificate chain. The end-entity +// certificate is first and the root (trust anchor) is last. +void +GatherBaselineRequirementsTelemetry(const UniqueCERTCertList& certList) +{ + CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certList); + CERTCertListNode* rootNode = CERT_LIST_TAIL(certList); + PR_ASSERT(!(CERT_LIST_END(endEntityNode, certList) || + CERT_LIST_END(rootNode, certList))); + if (CERT_LIST_END(endEntityNode, certList) || + CERT_LIST_END(rootNode, certList)) { + return; + } + CERTCertificate* cert = endEntityNode->cert; + PR_ASSERT(cert); + if (!cert) { + return; + } + UniquePORTString commonName(CERT_GetCommonName(&cert->subject)); + // This only applies to certificates issued by authorities in our root + // program. + CERTCertificate* rootCert = rootNode->cert; + PR_ASSERT(rootCert); + if (!rootCert) { + return; + } + bool isBuiltIn = false; + Result result = IsCertBuiltInRoot(rootCert, isBuiltIn); + if (result != Success || !isBuiltIn) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("BR telemetry: root certificate for '%s' is not a built-in root " + "(or IsCertBuiltInRoot failed)\n", commonName.get())); + return; + } + ScopedAutoSECItem altNameExtension; + SECStatus rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, + &altNameExtension); + if (rv != SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("BR telemetry: no subject alt names extension for '%s'\n", + commonName.get())); + // 1 means there is no subject alt names extension + Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 1); + AccumulateSubjectCommonNameTelemetry(commonName.get(), false); + return; + } + + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + CERTGeneralName* subjectAltNames = + CERT_DecodeAltNameExtension(arena.get(), &altNameExtension); + if (!subjectAltNames) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("BR telemetry: could not decode subject alt names for '%s'\n", + commonName.get())); + // 2 means the subject alt names extension could not be decoded + Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 2); + AccumulateSubjectCommonNameTelemetry(commonName.get(), false); + return; + } + + CERTGeneralName* currentName = subjectAltNames; + bool commonNameInSubjectAltNames = false; + bool nonDNSNameOrIPAddressPresent = false; + bool malformedDNSNameOrIPAddressPresent = false; + bool nonFQDNPresent = false; + do { + nsAutoCString altName; + if (currentName->type == certDNSName) { + altName.Assign(BitwiseCast( + currentName->name.other.data), + currentName->name.other.len); + nsDependentCString altNameWithoutWildcard(altName, 0); + if (StringBeginsWith(altNameWithoutWildcard, NS_LITERAL_CSTRING("*."))) { + altNameWithoutWildcard.Rebind(altName, 2); + commonNameInSubjectAltNames |= + TryMatchingWildcardSubjectAltName(commonName.get(), altName); + } + // net_IsValidHostName appears to return true for valid IP addresses, + // which would be invalid for a DNS name. + // Note that the net_IsValidHostName check will catch things like + // "a.*.example.com". + if (!net_IsValidHostName(altNameWithoutWildcard) || + net_IsValidIPv4Addr(altName.get(), altName.Length()) || + net_IsValidIPv6Addr(altName.get(), altName.Length())) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("BR telemetry: DNSName '%s' not valid (for '%s')\n", + altName.get(), commonName.get())); + malformedDNSNameOrIPAddressPresent = true; + } + if (!altName.Contains('.')) { + nonFQDNPresent = true; + } + } else if (currentName->type == certIPAddress) { + // According to DNS.h, this includes space for the null-terminator + char buf[net::kNetAddrMaxCStrBufSize] = { 0 }; + PRNetAddr addr; + if (currentName->name.other.len == 4) { + addr.inet.family = PR_AF_INET; + memcpy(&addr.inet.ip, currentName->name.other.data, + currentName->name.other.len); + if (PR_NetAddrToString(&addr, buf, sizeof(buf) - 1) != PR_SUCCESS) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("BR telemetry: IPAddress (v4) not valid (for '%s')\n", + commonName.get())); + malformedDNSNameOrIPAddressPresent = true; + } else { + altName.Assign(buf); + } + } else if (currentName->name.other.len == 16) { + addr.inet.family = PR_AF_INET6; + memcpy(&addr.ipv6.ip, currentName->name.other.data, + currentName->name.other.len); + if (PR_NetAddrToString(&addr, buf, sizeof(buf) - 1) != PR_SUCCESS) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("BR telemetry: IPAddress (v6) not valid (for '%s')\n", + commonName.get())); + malformedDNSNameOrIPAddressPresent = true; + } else { + altName.Assign(buf); + } + } else { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("BR telemetry: IPAddress not valid (for '%s')\n", + commonName.get())); + malformedDNSNameOrIPAddressPresent = true; + } + } else { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("BR telemetry: non-DNSName, non-IPAddress present for '%s'\n", + commonName.get())); + nonDNSNameOrIPAddressPresent = true; + } + if (commonName && altName.Equals(commonName.get())) { + commonNameInSubjectAltNames = true; + } + currentName = CERT_GetNextGeneralName(currentName); + } while (currentName && currentName != subjectAltNames); + + if (nonDNSNameOrIPAddressPresent) { + // 3 means there's an entry that isn't an ip address or dns name + Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 3); + } + if (malformedDNSNameOrIPAddressPresent) { + // 4 means there's a malformed ip address or dns name entry + Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 4); + } + if (nonFQDNPresent) { + // 5 means there's a DNS name entry with a non-fully-qualified domain name + Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 5); + } + if (!nonDNSNameOrIPAddressPresent && !malformedDNSNameOrIPAddressPresent && + !nonFQDNPresent) { + // 0 means the extension is acceptable + Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 0); + } + + AccumulateSubjectCommonNameTelemetry(commonName.get(), + commonNameInSubjectAltNames); +} + +// Gather telemetry on whether the end-entity cert for a server has the +// required TLS Server Authentication EKU, or any others +void +GatherEKUTelemetry(const UniqueCERTCertList& certList) +{ + CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certList); + CERTCertListNode* rootNode = CERT_LIST_TAIL(certList); + PR_ASSERT(!(CERT_LIST_END(endEntityNode, certList) || + CERT_LIST_END(rootNode, certList))); + if (CERT_LIST_END(endEntityNode, certList) || + CERT_LIST_END(rootNode, certList)) { + return; + } + CERTCertificate* endEntityCert = endEntityNode->cert; + PR_ASSERT(endEntityCert); + if (!endEntityCert) { + return; + } + + // Only log telemetry if the root CA is built-in + CERTCertificate* rootCert = rootNode->cert; + PR_ASSERT(rootCert); + if (!rootCert) { + return; + } + bool isBuiltIn = false; + Result rv = IsCertBuiltInRoot(rootCert, isBuiltIn); + if (rv != Success || !isBuiltIn) { + return; + } + + // Find the EKU extension, if present + bool foundEKU = false; + SECOidTag oidTag; + CERTCertExtension* ekuExtension = nullptr; + for (size_t i = 0; endEntityCert->extensions && endEntityCert->extensions[i]; + i++) { + oidTag = SECOID_FindOIDTag(&endEntityCert->extensions[i]->id); + if (oidTag == SEC_OID_X509_EXT_KEY_USAGE) { + foundEKU = true; + ekuExtension = endEntityCert->extensions[i]; + } + } + + if (!foundEKU) { + Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 0); + return; + } + + // Parse the EKU extension + UniqueCERTOidSequence ekuSequence( + CERT_DecodeOidSequence(&ekuExtension->value)); + if (!ekuSequence) { + return; + } + + // Search through the available EKUs + bool foundServerAuth = false; + bool foundOther = false; + for (SECItem** oids = ekuSequence->oids; oids && *oids; oids++) { + oidTag = SECOID_FindOIDTag(*oids); + if (oidTag == SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) { + foundServerAuth = true; + } else { + foundOther = true; + } + } + + // Cases 3 is included only for completeness. It should never + // appear in these statistics, because CheckExtendedKeyUsage() + // should require the EKU extension, if present, to contain the + // value id_kp_serverAuth. + if (foundServerAuth && !foundOther) { + Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 1); + } else if (foundServerAuth && foundOther) { + Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 2); + } else if (!foundServerAuth) { + Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 3); + } +} + +// Gathers telemetry on which CA is the root of a given cert chain. +// If the root is a built-in root, then the telemetry makes a count +// by root. Roots that are not built-in are counted in one bin. +void +GatherRootCATelemetry(const UniqueCERTCertList& certList) +{ + CERTCertListNode* rootNode = CERT_LIST_TAIL(certList); + PR_ASSERT(rootNode); + if (!rootNode) { + return; + } + PR_ASSERT(!CERT_LIST_END(rootNode, certList)); + if (CERT_LIST_END(rootNode, certList)) { + return; + } + CERTCertificate* rootCert = rootNode->cert; + PR_ASSERT(rootCert); + if (!rootCert) { + return; + } + AccumulateTelemetryForRootCA(Telemetry::CERT_VALIDATION_SUCCESS_BY_CA, + rootCert); +} + +// These time are appoximate, i.e., doesn't account for leap seconds, etc +const uint64_t ONE_WEEK_IN_SECONDS = (7 * (24 * 60 *60)); +const uint64_t ONE_YEAR_IN_WEEKS = 52; + +// Gathers telemetry on the certificate lifetimes we observe in the wild +void +GatherEndEntityTelemetry(const UniqueCERTCertList& certList) +{ + CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certList); + MOZ_ASSERT(endEntityNode && !CERT_LIST_END(endEntityNode, certList)); + if (!endEntityNode || CERT_LIST_END(endEntityNode, certList)) { + return; + } + + CERTCertificate* endEntityCert = endEntityNode->cert; + PR_ASSERT(endEntityCert); + if (!endEntityCert) { + return; + } + + PRTime notBefore; + PRTime notAfter; + + if (CERT_GetCertTimes(endEntityCert, ¬Before, ¬After) != SECSuccess) { + return; + } + + PR_ASSERT(notAfter > notBefore); + if (notAfter <= notBefore) { + return; + } + + uint64_t durationInWeeks = (notAfter - notBefore) + / PR_USEC_PER_SEC + / ONE_WEEK_IN_SECONDS; + + if (durationInWeeks > (2 * ONE_YEAR_IN_WEEKS)) { + durationInWeeks = (2 * ONE_YEAR_IN_WEEKS) + 1; + } + + Telemetry::Accumulate(Telemetry::SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME, + durationInWeeks); +} + +// There are various things that we want to measure about certificate +// chains that we accept. This is a single entry point for all of them. +void +GatherSuccessfulValidationTelemetry(const UniqueCERTCertList& certList) +{ + GatherBaselineRequirementsTelemetry(certList); + GatherEKUTelemetry(certList); + GatherRootCATelemetry(certList); + GatherEndEntityTelemetry(certList); +} + +void +GatherTelemetryForSingleSCT(const ct::SignedCertificateTimestamp& sct) +{ + // See SSL_SCTS_ORIGIN in Histograms.json. + uint32_t origin = 0; + switch (sct.origin) { + case ct::SignedCertificateTimestamp::Origin::Embedded: + origin = 1; + break; + case ct::SignedCertificateTimestamp::Origin::TLSExtension: + origin = 2; + break; + case ct::SignedCertificateTimestamp::Origin::OCSPResponse: + origin = 3; + break; + default: + MOZ_ASSERT_UNREACHABLE("Unexpected SCT::Origin type"); + } + Telemetry::Accumulate(Telemetry::SSL_SCTS_ORIGIN, origin); + + // See SSL_SCTS_VERIFICATION_STATUS in Histograms.json. + uint32_t verificationStatus = 0; + switch (sct.verificationStatus) { + case ct::SignedCertificateTimestamp::VerificationStatus::OK: + verificationStatus = 1; + break; + case ct::SignedCertificateTimestamp::VerificationStatus::UnknownLog: + verificationStatus = 2; + break; + case ct::SignedCertificateTimestamp::VerificationStatus::InvalidSignature: + verificationStatus = 3; + break; + case ct::SignedCertificateTimestamp::VerificationStatus::InvalidTimestamp: + verificationStatus = 4; + break; + default: + MOZ_ASSERT_UNREACHABLE("Unexpected SCT::VerificationStatus type"); + } + Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS, + verificationStatus); +} + +void +GatherCertificateTransparencyTelemetry(const UniqueCERTCertList& certList, + const CertificateTransparencyInfo& info) +{ + if (!info.enabled) { + // No telemetry is gathered when CT is disabled. + return; + } + + if (!info.processedSCTs) { + // We didn't receive any SCT data for this connection. + Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, 0); + return; + } + + for (const ct::SignedCertificateTimestamp& sct : info.verifyResult.scts) { + GatherTelemetryForSingleSCT(sct); + } + + // Decoding errors are reported to the 0th bucket + // of the SSL_SCTS_VERIFICATION_STATUS enumerated probe. + for (size_t i = 0; i < info.verifyResult.decodingErrors; ++i) { + Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS, 0); + } + + // Handle the histogram of SCTs counts. + uint32_t sctsCount = static_cast(info.verifyResult.scts.length()); + // Note that sctsCount can be 0 in case we've received SCT binary data, + // but it failed to parse (e.g. due to unsupported CT protocol version). + Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, sctsCount); +} + +// Note: Takes ownership of |peerCertChain| if SECSuccess is not returned. +SECStatus +AuthCertificate(CertVerifier& certVerifier, + nsNSSSocketInfo* infoObject, + const UniqueCERTCertificate& cert, + UniqueCERTCertList& peerCertChain, + const SECItem* stapledOCSPResponse, + const SECItem* sctsFromTLSExtension, + uint32_t providerFlags, + Time time) +{ + MOZ_ASSERT(infoObject); + MOZ_ASSERT(cert); + + // We want to avoid storing any intermediate cert information when browsing + // in private, transient contexts. + bool saveIntermediates = + !(providerFlags & nsISocketProvider::NO_PERMANENT_STORAGE); + + SECOidTag evOidPolicy; + UniqueCERTCertList certList; + CertVerifier::OCSPStaplingStatus ocspStaplingStatus = + CertVerifier::OCSP_STAPLING_NEVER_CHECKED; + KeySizeStatus keySizeStatus = KeySizeStatus::NeverChecked; + SHA1ModeResult sha1ModeResult = SHA1ModeResult::NeverChecked; + PinningTelemetryInfo pinningTelemetryInfo; + CertificateTransparencyInfo certificateTransparencyInfo; + + int flags = 0; + if (!infoObject->SharedState().IsOCSPStaplingEnabled() || + !infoObject->SharedState().IsOCSPMustStapleEnabled()) { + flags |= CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST; + } + + Result rv = certVerifier.VerifySSLServerCert(cert, stapledOCSPResponse, + sctsFromTLSExtension, time, + infoObject, + infoObject->GetHostNameRaw(), + certList, saveIntermediates, + flags, infoObject-> + GetOriginAttributes(), + &evOidPolicy, + &ocspStaplingStatus, + &keySizeStatus, &sha1ModeResult, + &pinningTelemetryInfo, + &certificateTransparencyInfo); + + uint32_t evStatus = (rv != Success) ? 0 // 0 = Failure + : (evOidPolicy == SEC_OID_UNKNOWN) ? 1 // 1 = DV + : 2; // 2 = EV + Telemetry::Accumulate(Telemetry::CERT_EV_STATUS, evStatus); + + if (ocspStaplingStatus != CertVerifier::OCSP_STAPLING_NEVER_CHECKED) { + Telemetry::Accumulate(Telemetry::SSL_OCSP_STAPLING, ocspStaplingStatus); + } + if (keySizeStatus != KeySizeStatus::NeverChecked) { + Telemetry::Accumulate(Telemetry::CERT_CHAIN_KEY_SIZE_STATUS, + static_cast(keySizeStatus)); + } + if (sha1ModeResult != SHA1ModeResult::NeverChecked) { + Telemetry::Accumulate(Telemetry::CERT_CHAIN_SHA1_POLICY_STATUS, + static_cast(sha1ModeResult)); + } + + if (pinningTelemetryInfo.accumulateForRoot) { + Telemetry::Accumulate(Telemetry::CERT_PINNING_FAILURES_BY_CA, + pinningTelemetryInfo.rootBucket); + } + + if (pinningTelemetryInfo.accumulateResult) { + Telemetry::Accumulate(pinningTelemetryInfo.certPinningResultHistogram, + pinningTelemetryInfo.certPinningResultBucket); + } + + if (rv == Success) { + // Certificate verification succeeded. Delete any potential record of + // certificate error bits. + RememberCertErrorsTable::GetInstance().RememberCertHasError(infoObject, + nullptr, + SECSuccess); + GatherSuccessfulValidationTelemetry(certList); + GatherCertificateTransparencyTelemetry(certList, + certificateTransparencyInfo); + + // The connection may get terminated, for example, if the server requires + // a client cert. Let's provide a minimal SSLStatus + // to the caller that contains at least the cert and its status. + RefPtr status(infoObject->SSLStatus()); + if (!status) { + status = new nsSSLStatus(); + infoObject->SetSSLStatus(status); + } + + if (!status->HasServerCert()) { + EVStatus evStatus; + if (evOidPolicy == SEC_OID_UNKNOWN) { + evStatus = EVStatus::NotEV; + } else { + evStatus = EVStatus::EV; + } + + RefPtr nsc = nsNSSCertificate::Create(cert.get()); + status->SetServerCert(nsc, evStatus); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("AuthCertificate setting NEW cert %p", nsc.get())); + } + + status->SetCertificateTransparencyInfo(certificateTransparencyInfo); + } + + if (rv != Success) { + // Certificate validation failed; store the peer certificate chain on + // infoObject so it can be used for error reporting. + infoObject->SetFailedCertChain(Move(peerCertChain)); + PR_SetError(MapResultToPRErrorCode(rv), 0); + } + + return rv == Success ? SECSuccess : SECFailure; +} + +/*static*/ SECStatus +SSLServerCertVerificationJob::Dispatch( + const RefPtr& certVerifier, + const void* fdForLogging, + nsNSSSocketInfo* infoObject, + const UniqueCERTCertificate& serverCert, + const UniqueCERTCertList& peerCertChain, + const SECItem* stapledOCSPResponse, + const SECItem* sctsFromTLSExtension, + uint32_t providerFlags, + Time time, + PRTime prtime) +{ + // Runs on the socket transport thread + if (!certVerifier || !infoObject || !serverCert) { + NS_ERROR("Invalid parameters for SSL server cert validation"); + PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0); + return SECFailure; + } + + // Copy the certificate list so the runnable can take ownership of it in the + // constructor. + // We can safely skip checking if NSS has already shut down here since we're + // in the middle of verifying a certificate. + nsNSSShutDownPreventionLock lock; + UniqueCERTCertList peerCertChainCopy = + nsNSSCertList::DupCertList(peerCertChain, lock); + if (!peerCertChainCopy) { + PR_SetError(SEC_ERROR_NO_MEMORY, 0); + return SECFailure; + } + + RefPtr job( + new SSLServerCertVerificationJob(certVerifier, fdForLogging, infoObject, + serverCert, Move(peerCertChainCopy), + stapledOCSPResponse, sctsFromTLSExtension, + providerFlags, time, prtime)); + + nsresult nrv; + if (!gCertVerificationThreadPool) { + nrv = NS_ERROR_NOT_INITIALIZED; + } else { + nrv = gCertVerificationThreadPool->Dispatch(job, NS_DISPATCH_NORMAL); + } + if (NS_FAILED(nrv)) { + // We can't call SetCertVerificationResult here to change + // mCertVerificationState because SetCertVerificationResult will call + // libssl functions that acquire SSL locks that are already being held at + // this point. infoObject->mCertVerificationState will be stuck at + // waiting_for_cert_verification here, but that is OK because we already + // have to be able to handle cases where we encounter non-cert errors while + // in that state. + PRErrorCode error = nrv == NS_ERROR_OUT_OF_MEMORY + ? SEC_ERROR_NO_MEMORY + : PR_INVALID_STATE_ERROR; + PORT_SetError(error); + return SECFailure; + } + + PORT_SetError(PR_WOULD_BLOCK_ERROR); + return SECWouldBlock; +} + +NS_IMETHODIMP +SSLServerCertVerificationJob::Run() +{ + // Runs on a cert verification thread + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] SSLServerCertVerificationJob::Run\n", mInfoObject.get())); + + PRErrorCode error; + + nsNSSShutDownPreventionLock nssShutdownPrevention; + if (mInfoObject->isAlreadyShutDown()) { + error = SEC_ERROR_USER_CANCELLED; + } else { + Telemetry::ID successTelemetry + = Telemetry::SSL_SUCCESFUL_CERT_VALIDATION_TIME_MOZILLAPKIX; + Telemetry::ID failureTelemetry + = Telemetry::SSL_INITIAL_FAILED_CERT_VALIDATION_TIME_MOZILLAPKIX; + + // Reset the error code here so we can detect if AuthCertificate fails to + // set the error code if/when it fails. + PR_SetError(0, 0); + SECStatus rv = AuthCertificate(*mCertVerifier, mInfoObject, mCert, + mPeerCertChain, mStapledOCSPResponse.get(), + mSCTsFromTLSExtension.get(), + mProviderFlags, mTime); + MOZ_ASSERT(mPeerCertChain || rv != SECSuccess, + "AuthCertificate() should take ownership of chain on failure"); + if (rv == SECSuccess) { + uint32_t interval = (uint32_t) ((TimeStamp::Now() - mJobStartTime).ToMilliseconds()); + RefPtr restart( + new SSLServerCertVerificationResult(mInfoObject, 0, + successTelemetry, interval)); + restart->Dispatch(); + Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1); + return NS_OK; + } + + // Note: the interval is not calculated once as PR_GetError MUST be called + // before any other function call + error = PR_GetError(); + { + TimeStamp now = TimeStamp::Now(); + MutexAutoLock telemetryMutex(*gSSLVerificationTelemetryMutex); + Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now); + } + if (error != 0) { + RefPtr runnable( + CreateCertErrorRunnable(*mCertVerifier, error, mInfoObject, mCert, + mFdForLogging, mProviderFlags, mPRTime)); + if (!runnable) { + // CreateCertErrorRunnable set a new error code + error = PR_GetError(); + } else { + // We must block the the socket transport service thread while the + // main thread executes the CertErrorRunnable. The CertErrorRunnable + // will dispatch the result asynchronously, so we don't have to block + // this thread waiting for it. + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p][%p] Before dispatching CertErrorRunnable\n", + mFdForLogging, runnable.get())); + + nsresult nrv; + nsCOMPtr stsTarget + = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv); + if (NS_SUCCEEDED(nrv)) { + nrv = stsTarget->Dispatch(new CertErrorRunnableRunnable(runnable), + NS_DISPATCH_NORMAL); + } + if (NS_SUCCEEDED(nrv)) { + return NS_OK; + } + + NS_ERROR("Failed to dispatch CertErrorRunnable"); + error = PR_INVALID_STATE_ERROR; + } + } + } + + if (error == 0) { + NS_NOTREACHED("no error set during certificate validation failure"); + error = PR_INVALID_STATE_ERROR; + } + + RefPtr failure( + new SSLServerCertVerificationResult(mInfoObject, error)); + failure->Dispatch(); + return NS_OK; +} + +} // unnamed namespace + +// Extracts whatever information we need out of fd (using SSL_*) and passes it +// to SSLServerCertVerificationJob::Dispatch. SSLServerCertVerificationJob should +// never do anything with fd except logging. +SECStatus +AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig, PRBool isServer) +{ + RefPtr certVerifier(GetDefaultCertVerifier()); + if (!certVerifier) { + PR_SetError(SEC_ERROR_NOT_INITIALIZED, 0); + return SECFailure; + } + + // Runs on the socket transport thread + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] starting AuthCertificateHook\n", fd)); + + // Modern libssl always passes PR_TRUE for checkSig, and we have no means of + // doing verification without checking signatures. + NS_ASSERTION(checkSig, "AuthCertificateHook: checkSig unexpectedly false"); + + // PSM never causes libssl to call this function with PR_TRUE for isServer, + // and many things in PSM assume that we are a client. + NS_ASSERTION(!isServer, "AuthCertificateHook: isServer unexpectedly true"); + + nsNSSSocketInfo* socketInfo = static_cast(arg); + + UniqueCERTCertificate serverCert(SSL_PeerCertificate(fd)); + + if (!checkSig || isServer || !socketInfo || !serverCert) { + PR_SetError(PR_INVALID_STATE_ERROR, 0); + return SECFailure; + } + + // Get the peer certificate chain for error reporting + UniqueCERTCertList peerCertChain(SSL_PeerCertificateChain(fd)); + if (!peerCertChain) { + PR_SetError(PR_INVALID_STATE_ERROR, 0); + return SECFailure; + } + + socketInfo->SetFullHandshake(); + + Time now(Now()); + PRTime prnow(PR_Now()); + + if (BlockServerCertChangeForSpdy(socketInfo, serverCert) != SECSuccess) + return SECFailure; + + nsCOMPtr sslSocketControl = do_QueryInterface( + NS_ISUPPORTS_CAST(nsITransportSecurityInfo*, socketInfo)); + if (sslSocketControl && sslSocketControl->GetBypassAuthentication()) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] Bypass Auth in AuthCertificateHook\n", fd)); + return SECSuccess; + } + + bool onSTSThread; + nsresult nrv; + nsCOMPtr sts + = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv); + if (NS_SUCCEEDED(nrv)) { + nrv = sts->IsOnCurrentThread(&onSTSThread); + } + + if (NS_FAILED(nrv)) { + NS_ERROR("Could not get STS service or IsOnCurrentThread failed"); + PR_SetError(PR_UNKNOWN_ERROR, 0); + return SECFailure; + } + + // SSL_PeerStapledOCSPResponses will never return a non-empty response if + // OCSP stapling wasn't enabled because libssl wouldn't have let the server + // return a stapled OCSP response. + // We don't own these pointers. + const SECItemArray* csa = SSL_PeerStapledOCSPResponses(fd); + SECItem* stapledOCSPResponse = nullptr; + // we currently only support single stapled responses + if (csa && csa->len == 1) { + stapledOCSPResponse = &csa->items[0]; + } + + const SECItem* sctsFromTLSExtension = SSL_PeerSignedCertTimestamps(fd); + if (sctsFromTLSExtension && sctsFromTLSExtension->len == 0) { + // SSL_PeerSignedCertTimestamps returns null on error and empty item + // when no extension was returned by the server. We always use null when + // no extension was received (for whatever reason), ignoring errors. + sctsFromTLSExtension = nullptr; + } + + uint32_t providerFlags = 0; + socketInfo->GetProviderFlags(&providerFlags); + + if (onSTSThread) { + + // We *must* do certificate verification on a background thread because + // we need the socket transport thread to be free for our OCSP requests, + // and we *want* to do certificate verification on a background thread + // because of the performance benefits of doing so. + socketInfo->SetCertVerificationWaiting(); + SECStatus rv = SSLServerCertVerificationJob::Dispatch( + certVerifier, static_cast(fd), socketInfo, + serverCert, peerCertChain, stapledOCSPResponse, + sctsFromTLSExtension, providerFlags, now, prnow); + return rv; + } + + // We can't do certificate verification on a background thread, because the + // thread doing the network I/O may not interrupt its network I/O on receipt + // of our SSLServerCertVerificationResult event, and/or it might not even be + // a non-blocking socket. + + SECStatus rv = AuthCertificate(*certVerifier, socketInfo, serverCert, + peerCertChain, stapledOCSPResponse, + sctsFromTLSExtension, providerFlags, now); + MOZ_ASSERT(peerCertChain || rv != SECSuccess, + "AuthCertificate() should take ownership of chain on failure"); + if (rv == SECSuccess) { + Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1); + return SECSuccess; + } + + PRErrorCode error = PR_GetError(); + if (error != 0) { + RefPtr runnable( + CreateCertErrorRunnable(*certVerifier, error, socketInfo, serverCert, + static_cast(fd), providerFlags, + prnow)); + if (!runnable) { + // CreateCertErrorRunnable sets a new error code when it fails + error = PR_GetError(); + } else { + // We have to return SECSuccess or SECFailure based on the result of the + // override processing, so we must block this thread waiting for it. The + // CertErrorRunnable will NOT dispatch the result at all, since we passed + // false for CreateCertErrorRunnable's async parameter + nrv = runnable->DispatchToMainThreadAndWait(); + if (NS_FAILED(nrv)) { + NS_ERROR("Failed to dispatch CertErrorRunnable"); + PR_SetError(PR_INVALID_STATE_ERROR, 0); + return SECFailure; + } + + if (!runnable->mResult) { + NS_ERROR("CertErrorRunnable did not set result"); + PR_SetError(PR_INVALID_STATE_ERROR, 0); + return SECFailure; + } + + if (runnable->mResult->mErrorCode == 0) { + return SECSuccess; // cert error override occurred. + } + + // We must call SetCanceled here to set the error message type + // in case it isn't PlainErrorMessage, which is what we would + // default to if we just called + // PR_SetError(runnable->mResult->mErrorCode, 0) and returned + // SECFailure without doing this. + socketInfo->SetCanceled(runnable->mResult->mErrorCode, + runnable->mResult->mErrorMessageType); + error = runnable->mResult->mErrorCode; + } + } + + if (error == 0) { + NS_ERROR("error code not set"); + error = PR_UNKNOWN_ERROR; + } + + PR_SetError(error, 0); + return SECFailure; +} + +SSLServerCertVerificationResult::SSLServerCertVerificationResult( + nsNSSSocketInfo* infoObject, PRErrorCode errorCode, + Telemetry::ID telemetryID, uint32_t telemetryValue, + SSLErrorMessageType errorMessageType) + : mInfoObject(infoObject) + , mErrorCode(errorCode) + , mErrorMessageType(errorMessageType) + , mTelemetryID(telemetryID) + , mTelemetryValue(telemetryValue) +{ +// We accumulate telemetry for (only) successful validations on the main thread +// to avoid adversely affecting performance by acquiring the mutex that we use +// when accumulating the telemetry for unsuccessful validations. Unsuccessful +// validations times are accumulated elsewhere. +MOZ_ASSERT(telemetryID == Telemetry::HistogramCount || errorCode == 0); +} + +void +SSLServerCertVerificationResult::Dispatch() +{ + nsresult rv; + nsCOMPtr stsTarget + = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv); + NS_ASSERTION(stsTarget, + "Failed to get socket transport service event target"); + rv = stsTarget->Dispatch(this, NS_DISPATCH_NORMAL); + NS_ASSERTION(NS_SUCCEEDED(rv), + "Failed to dispatch SSLServerCertVerificationResult"); +} + +NS_IMETHODIMP +SSLServerCertVerificationResult::Run() +{ + // TODO: Assert that we're on the socket transport thread + if (mTelemetryID != Telemetry::HistogramCount) { + Telemetry::Accumulate(mTelemetryID, mTelemetryValue); + } + // XXX: This cast will be removed by the next patch + ((nsNSSSocketInfo*) mInfoObject.get()) + ->SetCertVerificationResult(mErrorCode, mErrorMessageType); + return NS_OK; +} + +} } // namespace mozilla::psm diff --git a/security/manager/ssl/SSLServerCertVerification.h b/security/manager/ssl/SSLServerCertVerification.h new file mode 100644 index 000000000..e729457c8 --- /dev/null +++ b/security/manager/ssl/SSLServerCertVerification.h @@ -0,0 +1,19 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#ifndef _SSLSERVERCERTVERIFICATION_H +#define _SSLSERVERCERTVERIFICATION_H + +#include "seccomon.h" +#include "prio.h" + +namespace mozilla { namespace psm { + +SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, + PRBool checkSig, PRBool isServer); + +} } // namespace mozilla::psm + +#endif diff --git a/security/manager/ssl/ScopedNSSTypes.h b/security/manager/ssl/ScopedNSSTypes.h new file mode 100644 index 000000000..d36f84c97 --- /dev/null +++ b/security/manager/ssl/ScopedNSSTypes.h @@ -0,0 +1,405 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This header provides smart pointers and various helpers for code that needs +// to interact with NSS. + +#ifndef ScopedNSSTypes_h +#define ScopedNSSTypes_h + +#include +#include + +#include "cert.h" +#include "cms.h" +#include "cryptohi.h" +#include "keyhi.h" +#include "mozilla/Likely.h" +#include "mozilla/Scoped.h" +#include "mozilla/UniquePtr.h" +#include "nsDebug.h" +#include "nsError.h" +#include "NSSErrorsService.h" +#include "pk11pub.h" +#include "pkcs12.h" +#include "prerror.h" +#include "prio.h" +#include "sechash.h" +#include "secmod.h" +#include "secpkcs7.h" +#include "secport.h" + +#ifndef MOZ_NO_MOZALLOC +#include "mozilla/mozalloc_oom.h" +#endif + +namespace mozilla { + +// NSPR APIs use PRStatus/PR_GetError and NSS APIs use SECStatus/PR_GetError to +// report success/failure. This function makes it more convenient and *safer* +// to translate NSPR/NSS results to nsresult. It is safer because it +// refuses to translate any bad PRStatus/SECStatus into an NS_OK, even when the +// NSPR/NSS function forgot to call PR_SetError. The actual enforcement of +// this happens in mozilla::psm::GetXPCOMFromNSSError. +// IMPORTANT: This must be called immediately after the function returning the +// SECStatus result. The recommended usage is: +// nsresult rv = MapSECStatus(f(x, y, z)); +inline nsresult +MapSECStatus(SECStatus rv) +{ + if (rv == SECSuccess) { + return NS_OK; + } + + return mozilla::psm::GetXPCOMFromNSSError(PR_GetError()); +} + +// Alphabetical order by NSS type +// Deprecated: use the equivalent UniquePtr templates instead. +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificate, + CERTCertificate, + CERT_DestroyCertificate) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificateList, + CERTCertificateList, + CERT_DestroyCertificateList) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificateRequest, + CERTCertificateRequest, + CERT_DestroyCertificateRequest) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTName, + CERTName, + CERT_DestroyName) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTSubjectPublicKeyInfo, + CERTSubjectPublicKeyInfo, + SECKEY_DestroySubjectPublicKeyInfo) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTValidity, + CERTValidity, + CERT_DestroyValidity) +// Deprecated: use the equivalent UniquePtr templates instead. + +namespace internal { + +inline void +PK11_DestroyContext_true(PK11Context * ctx) { + PK11_DestroyContext(ctx, true); +} + +} // namespace internal + +// Deprecated: use the equivalent UniquePtr templates instead. +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSGNDigestInfo, + SGNDigestInfo, + SGN_DestroyDigestInfo) + +// Emulates MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE, but for UniquePtrs. +#define MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(name, Type, Deleter) \ +struct name##DeletePolicy \ +{ \ + void operator()(Type* aValue) { Deleter(aValue); } \ +}; \ +typedef std::unique_ptr name; + +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11Context, + PK11Context, + internal::PK11_DestroyContext_true) + +/** A more convenient way of dealing with digests calculated into + * stack-allocated buffers. NSS must be initialized on the main thread before + * use, and the caller must ensure NSS isn't shut down, typically by + * subclassing nsNSSShutDownObject, while Digest is in use. + * + * Typical usage, for digesting a buffer in memory: + * + * nsCOMPtr nssDummy = do_GetService("@mozilla.org/psm;1", &rv); + * Digest digest; + * nsresult rv = digest.DigestBuf(SEC_OID_SHA256, mybuffer, myBufferLen); + * NS_ENSURE_SUCCESS(rv, rv); + * rv = MapSECStatus(SomeNSSFunction(..., digest.get(), ...)); + * + * Less typical usage, for digesting while doing streaming I/O and similar: + * + * Digest digest; + * UniquePK11Context digestContext(PK11_CreateDigestContext(SEC_OID_SHA256)); + * NS_ENSURE_TRUE(digestContext, NS_ERROR_OUT_OF_MEMORY); + * rv = MapSECStatus(PK11_DigestBegin(digestContext.get())); + * NS_ENSURE_SUCCESS(rv, rv); + * for (...) { + * rv = MapSECStatus(PK11_DigestOp(digestContext.get(), ...)); + * NS_ENSURE_SUCCESS(rv, rv); + * } + * rv = digest.End(SEC_OID_SHA256, digestContext); + * NS_ENSURE_SUCCESS(rv, rv) + */ +class Digest +{ +public: + Digest() + { + mItem.type = siBuffer; + mItem.data = mItemBuf; + mItem.len = 0; + } + + nsresult DigestBuf(SECOidTag hashAlg, const uint8_t * buf, uint32_t len) + { + if (len > static_cast(std::numeric_limits::max())) { + return NS_ERROR_INVALID_ARG; + } + nsresult rv = SetLength(hashAlg); + NS_ENSURE_SUCCESS(rv, rv); + return MapSECStatus(PK11_HashBuf(hashAlg, mItem.data, buf, + static_cast(len))); + } + + nsresult End(SECOidTag hashAlg, UniquePK11Context& context) + { + nsresult rv = SetLength(hashAlg); + NS_ENSURE_SUCCESS(rv, rv); + uint32_t len; + rv = MapSECStatus(PK11_DigestFinal(context.get(), mItem.data, &len, + mItem.len)); + NS_ENSURE_SUCCESS(rv, rv); + context = nullptr; + NS_ENSURE_TRUE(len == mItem.len, NS_ERROR_UNEXPECTED); + return NS_OK; + } + + const SECItem & get() const { return mItem; } + +private: + nsresult SetLength(SECOidTag hashType) + { +#ifdef _MSC_VER +#pragma warning(push) + // C4061: enumerator 'symbol' in switch of enum 'symbol' is not + // explicitly handled. +#pragma warning(disable:4061) +#endif + switch (hashType) + { + case SEC_OID_SHA1: mItem.len = SHA1_LENGTH; break; + case SEC_OID_SHA256: mItem.len = SHA256_LENGTH; break; + case SEC_OID_SHA384: mItem.len = SHA384_LENGTH; break; + case SEC_OID_SHA512: mItem.len = SHA512_LENGTH; break; + default: + return NS_ERROR_INVALID_ARG; + } +#ifdef _MSC_VER +#pragma warning(pop) +#endif + + return NS_OK; + } + + uint8_t mItemBuf[HASH_LENGTH_MAX]; + SECItem mItem; +}; + +// Deprecated: use the equivalent UniquePtr templates instead. +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SlotInfo, + PK11SlotInfo, + PK11_FreeSlot) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SymKey, + PK11SymKey, + PK11_FreeSymKey) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11GenericObject, + PK11GenericObject, + PK11_DestroyGenericObject) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSEC_PKCS12DecoderContext, + SEC_PKCS12DecoderContext, + SEC_PKCS12DecoderFinish) +namespace internal { + +inline void +PORT_FreeArena_false(PLArenaPool* arena) +{ + // PL_FreeArenaPool can't be used because it doesn't actually free the + // memory, which doesn't work well with memory analysis tools. + return PORT_FreeArena(arena, false); +} + +} // namespace internal + +// Deprecated: use the equivalent UniquePtr templates instead. +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPLArenaPool, + PLArenaPool, + internal::PORT_FreeArena_false) + +// Wrapper around NSS's SECItem_AllocItem that handles OOM the same way as +// other allocators. +inline void +SECITEM_AllocItem(SECItem & item, uint32_t len) +{ + if (MOZ_UNLIKELY(!SECITEM_AllocItem(nullptr, &item, len))) { +#ifndef MOZ_NO_MOZALLOC + mozalloc_handle_oom(len); + if (MOZ_UNLIKELY(!SECITEM_AllocItem(nullptr, &item, len))) +#endif + { + MOZ_CRASH(); + } + } +} + +class ScopedAutoSECItem final : public SECItem +{ +public: + explicit ScopedAutoSECItem(uint32_t initialAllocatedLen = 0) + { + data = nullptr; + len = 0; + if (initialAllocatedLen > 0) { + SECITEM_AllocItem(*this, initialAllocatedLen); + } + } + + void reset() + { + SECITEM_FreeItem(this, false); + } + + ~ScopedAutoSECItem() + { + reset(); + } +}; + +class MOZ_RAII AutoSECMODListReadLock final +{ +public: + AutoSECMODListReadLock() + : mLock(SECMOD_GetDefaultModuleListLock()) + { + MOZ_ASSERT(mLock, "should have SECMOD lock (has NSS been initialized?)"); + SECMOD_GetReadLock(mLock); + } + + ~AutoSECMODListReadLock() + { + SECMOD_ReleaseReadLock(mLock); + } + +private: + SECMODListLock* mLock; +}; + +namespace internal { + +inline void SECITEM_FreeItem_true(SECItem * s) +{ + return SECITEM_FreeItem(s, true); +} + +inline void SECOID_DestroyAlgorithmID_true(SECAlgorithmID * a) +{ + return SECOID_DestroyAlgorithmID(a, true); +} + +inline void SECKEYEncryptedPrivateKeyInfo_true(SECKEYEncryptedPrivateKeyInfo * epki) +{ + return SECKEY_DestroyEncryptedPrivateKeyInfo(epki, PR_TRUE); +} + +inline void VFY_DestroyContext_true(VFYContext * ctx) +{ + VFY_DestroyContext(ctx, true); +} + +} // namespace internal + +// Deprecated: use the equivalent UniquePtr templates instead. +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECItem, + SECItem, + internal::SECITEM_FreeItem_true) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPrivateKey, + SECKEYPrivateKey, + SECKEY_DestroyPrivateKey) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYEncryptedPrivateKeyInfo, + SECKEYEncryptedPrivateKeyInfo, + internal::SECKEYEncryptedPrivateKeyInfo_true) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPublicKey, + SECKEYPublicKey, + SECKEY_DestroyPublicKey) +MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECAlgorithmID, + SECAlgorithmID, + internal::SECOID_DestroyAlgorithmID_true) + +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificate, + CERTCertificate, + CERT_DestroyCertificate) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificateList, + CERTCertificateList, + CERT_DestroyCertificateList) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificatePolicies, + CERTCertificatePolicies, + CERT_DestroyCertificatePoliciesExtension) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificateRequest, + CERTCertificateRequest, + CERT_DestroyCertificateRequest) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertList, + CERTCertList, + CERT_DestroyCertList) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTName, + CERTName, + CERT_DestroyName) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTOidSequence, + CERTOidSequence, + CERT_DestroyOidSequence) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTSubjectPublicKeyInfo, + CERTSubjectPublicKeyInfo, + SECKEY_DestroySubjectPublicKeyInfo) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTUserNotice, + CERTUserNotice, + CERT_DestroyUserNotice) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTValidity, + CERTValidity, + CERT_DestroyValidity) + +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSMessage, + NSSCMSMessage, + NSS_CMSMessage_Destroy) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSSignedData, + NSSCMSSignedData, + NSS_CMSSignedData_Destroy) + +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SlotInfo, + PK11SlotInfo, + PK11_FreeSlot) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SlotList, + PK11SlotList, + PK11_FreeSlotList) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SymKey, + PK11SymKey, + PK11_FreeSymKey) + +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePLArenaPool, + PLArenaPool, + internal::PORT_FreeArena_false) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePORTString, + char, + PORT_Free); +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePRFileDesc, + PRFileDesc, + PR_Close) + +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECItem, + SECItem, + internal::SECITEM_FreeItem_true) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPrivateKey, + SECKEYPrivateKey, + SECKEY_DestroyPrivateKey) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPublicKey, + SECKEYPublicKey, + SECKEY_DestroyPublicKey) +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECMODModule, + SECMODModule, + SECMOD_DestroyModule) + +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueVFYContext, + VFYContext, + internal::VFY_DestroyContext_true) +} // namespace mozilla + +#endif // ScopedNSSTypes_h diff --git a/security/manager/ssl/SecretDecoderRing.cpp b/security/manager/ssl/SecretDecoderRing.cpp new file mode 100644 index 000000000..730251ebb --- /dev/null +++ b/security/manager/ssl/SecretDecoderRing.cpp @@ -0,0 +1,234 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "SecretDecoderRing.h" + +#include "ScopedNSSTypes.h" +#include "mozilla/Base64.h" +#include "mozilla/Casting.h" +#include "mozilla/Services.h" +#include "nsCOMPtr.h" +#include "nsIInterfaceRequestor.h" +#include "nsIInterfaceRequestorUtils.h" +#include "nsIObserverService.h" +#include "nsIServiceManager.h" +#include "nsITokenPasswordDialogs.h" +#include "nsNSSComponent.h" +#include "nsNSSHelper.h" +#include "pk11func.h" +#include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt +#include "ssl.h" // For SSL_ClearSessionCache + +using namespace mozilla; + +// NOTE: Should these be the thread-safe versions? +NS_IMPL_ISUPPORTS(SecretDecoderRing, nsISecretDecoderRing) + +SecretDecoderRing::SecretDecoderRing() +{ +} + +SecretDecoderRing::~SecretDecoderRing() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + shutdown(ShutdownCalledFrom::Object); +} + +nsresult +SecretDecoderRing::Encrypt(const nsACString& data, /*out*/ nsACString& result) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + return NS_ERROR_NOT_AVAILABLE; + } + + /* Make sure token is initialized. */ + nsCOMPtr ctx = new PipUIContext(); + nsresult rv = setPassword(slot.get(), ctx, locker); + if (NS_FAILED(rv)) { + return rv; + } + + /* Force authentication */ + if (PK11_Authenticate(slot.get(), true, ctx) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + /* Use default key id */ + SECItem keyid; + keyid.data = nullptr; + keyid.len = 0; + SECItem request; + request.data = BitwiseCast(data.BeginReading()); + request.len = data.Length(); + ScopedAutoSECItem reply; + if (PK11SDR_Encrypt(&keyid, &request, &reply, ctx) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + result.Assign(BitwiseCast(reply.data), reply.len); + return NS_OK; +} + +nsresult +SecretDecoderRing::Decrypt(const nsACString& data, /*out*/ nsACString& result) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + /* Find token with SDR key */ + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + return NS_ERROR_NOT_AVAILABLE; + } + + /* Force authentication */ + nsCOMPtr ctx = new PipUIContext(); + if (PK11_Authenticate(slot.get(), true, ctx) != SECSuccess) { + return NS_ERROR_NOT_AVAILABLE; + } + + SECItem request; + request.data = BitwiseCast(data.BeginReading()); + request.len = data.Length(); + ScopedAutoSECItem reply; + if (PK11SDR_Decrypt(&request, &reply, ctx) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + result.Assign(BitwiseCast(reply.data), reply.len); + return NS_OK; +} + +NS_IMETHODIMP +SecretDecoderRing::EncryptString(const nsACString& text, + /*out*/ nsACString& encryptedBase64Text) +{ + nsAutoCString encryptedText; + nsresult rv = Encrypt(text, encryptedText); + if (NS_FAILED(rv)) { + return rv; + } + + rv = Base64Encode(encryptedText, encryptedBase64Text); + if (NS_FAILED(rv)) { + return rv; + } + + return NS_OK; +} + +NS_IMETHODIMP +SecretDecoderRing::DecryptString(const nsACString& encryptedBase64Text, + /*out*/ nsACString& decryptedText) +{ + nsAutoCString encryptedText; + nsresult rv = Base64Decode(encryptedBase64Text, encryptedText); + if (NS_FAILED(rv)) { + return rv; + } + + rv = Decrypt(encryptedText, decryptedText); + if (NS_FAILED(rv)) { + return rv; + } + + return NS_OK; +} + +NS_IMETHODIMP +SecretDecoderRing::ChangePassword() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + return NS_ERROR_NOT_AVAILABLE; + } + + NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(slot.get())); + + nsCOMPtr dialogs; + nsresult rv = getNSSDialogs(getter_AddRefs(dialogs), + NS_GET_IID(nsITokenPasswordDialogs), + NS_TOKENPASSWORDSDIALOG_CONTRACTID); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr ctx = new PipUIContext(); + bool canceled; // Ignored + return dialogs->SetPassword(ctx, tokenName.get(), &canceled); +} + +NS_IMETHODIMP +SecretDecoderRing::Logout() +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + nsresult rv; + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + if (NS_FAILED(rv)) + return rv; + + { + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + PK11_LogoutAll(); + SSL_ClearSessionCache(); + } + + return NS_OK; +} + +NS_IMETHODIMP +SecretDecoderRing::LogoutAndTeardown() +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + nsresult rv; + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + if (NS_FAILED(rv)) + return rv; + + { + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + PK11_LogoutAll(); + SSL_ClearSessionCache(); + } + + rv = nssComponent->LogoutAuthenticatedPK11(); + + // After we just logged out, we need to prune dead connections to make + // sure that all connections that should be stopped, are stopped. See + // bug 517584. + nsCOMPtr os = mozilla::services::GetObserverService(); + if (os) + os->NotifyObservers(nullptr, "net:prune-dead-connections", nullptr); + + return rv; +} diff --git a/security/manager/ssl/SecretDecoderRing.h b/security/manager/ssl/SecretDecoderRing.h new file mode 100644 index 000000000..3bdcbe5c9 --- /dev/null +++ b/security/manager/ssl/SecretDecoderRing.h @@ -0,0 +1,39 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef SecretDecoderRing_h +#define SecretDecoderRing_h + +#include "nsISecretDecoderRing.h" +#include "nsNSSShutDown.h" +#include "nsString.h" + +#define NS_SECRETDECODERRING_CONTRACTID "@mozilla.org/security/sdr;1" + +#define NS_SECRETDECODERRING_CID \ + { 0x0c4f1ddc, 0x1dd2, 0x11b2, { 0x9d, 0x95, 0xf2, 0xfd, 0xf1, 0x13, 0x04, 0x4b } } + +class SecretDecoderRing : public nsISecretDecoderRing + , public nsNSSShutDownObject +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSISECRETDECODERRING + + SecretDecoderRing(); + + // Nothing to release. + virtual void virtualDestroyNSSReference() override {} + +protected: + virtual ~SecretDecoderRing(); + +private: + nsresult Encrypt(const nsACString& data, /*out*/ nsACString& result); + nsresult Decrypt(const nsACString& data, /*out*/ nsACString& result); +}; + +#endif // SecretDecoderRing_h diff --git a/security/manager/ssl/SharedCertVerifier.h b/security/manager/ssl/SharedCertVerifier.h new file mode 100644 index 000000000..03619573a --- /dev/null +++ b/security/manager/ssl/SharedCertVerifier.h @@ -0,0 +1,36 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef SharedCertVerifier_h +#define SharedCertVerifier_h + +#include "CertVerifier.h" +#include "mozilla/RefPtr.h" + +namespace mozilla { namespace psm { + +class SharedCertVerifier : public mozilla::psm::CertVerifier +{ +protected: + ~SharedCertVerifier(); + +public: + NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SharedCertVerifier) + + SharedCertVerifier(OcspDownloadConfig odc, OcspStrictConfig osc, + OcspGetConfig ogc, uint32_t certShortLifetimeInDays, + PinningMode pinningMode, SHA1Mode sha1Mode, + BRNameMatchingPolicy::Mode nameMatchingMode, + NetscapeStepUpPolicy netscapeStepUpPolicy, + CertificateTransparencyMode ctMode) + : mozilla::psm::CertVerifier(odc, osc, ogc, certShortLifetimeInDays, + pinningMode, sha1Mode, nameMatchingMode, + netscapeStepUpPolicy, ctMode) + { + } +}; + +} } // namespace mozilla::psm + +#endif // SharedCertVerifier_h diff --git a/security/manager/ssl/SharedSSLState.cpp b/security/manager/ssl/SharedSSLState.cpp new file mode 100644 index 000000000..c97687541 --- /dev/null +++ b/security/manager/ssl/SharedSSLState.cpp @@ -0,0 +1,218 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "SharedSSLState.h" +#include "nsClientAuthRemember.h" +#include "nsComponentManagerUtils.h" +#include "nsICertOverrideService.h" +#include "nsIObserverService.h" +#include "mozilla/Services.h" +#include "nsThreadUtils.h" +#include "nsCRT.h" +#include "nsServiceManagerUtils.h" +#include "PSMRunnable.h" +#include "PublicSSL.h" +#include "ssl.h" +#include "nsNetCID.h" +#include "mozilla/Atomics.h" +#include "mozilla/Unused.h" + +using mozilla::psm::SyncRunnableBase; +using mozilla::Atomic; +using mozilla::Unused; + +namespace { + +static Atomic sCertOverrideSvcExists(false); + +class MainThreadClearer : public SyncRunnableBase +{ +public: + MainThreadClearer() : mShouldClearSessionCache(false) {} + + void RunOnTargetThread() { + // In some cases it's possible to cause PSM/NSS to initialize while XPCOM shutdown + // is in progress. We want to avoid this, since they do not handle the situation well, + // hence the flags to avoid instantiating the services if they don't already exist. + + bool certOverrideSvcExists = sCertOverrideSvcExists.exchange(false); + if (certOverrideSvcExists) { + sCertOverrideSvcExists = true; + nsCOMPtr icos = do_GetService(NS_CERTOVERRIDE_CONTRACTID); + if (icos) { + icos->ClearValidityOverride( + NS_LITERAL_CSTRING("all:temporary-certificates"), + 0); + } + } + + // This needs to be checked on the main thread to avoid racing with NSS + // initialization. + mShouldClearSessionCache = mozilla::psm::PrivateSSLState() && + mozilla::psm::PrivateSSLState()->SocketCreated(); + } + bool mShouldClearSessionCache; +}; + +} // namespace + +namespace mozilla { + +void ClearPrivateSSLState() +{ + // This only works if it is called on the socket transport + // service thread immediately after closing all private SSL + // connections. +#ifdef DEBUG + nsresult rv; + nsCOMPtr sts + = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv); + MOZ_ASSERT(NS_SUCCEEDED(rv)); + bool onSTSThread; + rv = sts->IsOnCurrentThread(&onSTSThread); + MOZ_ASSERT(NS_SUCCEEDED(rv) && onSTSThread); +#endif + + RefPtr runnable = new MainThreadClearer; + runnable->DispatchToMainThreadAndWait(); + + // If NSS isn't initialized, this throws an assertion. We guard it by checking if + // the session cache might even have anything worth clearing. + if (runnable->mShouldClearSessionCache) { + SSL_ClearSessionCache(); + } +} + +namespace psm { + +namespace { +class PrivateBrowsingObserver : public nsIObserver { +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIOBSERVER + explicit PrivateBrowsingObserver(SharedSSLState* aOwner) : mOwner(aOwner) {} +protected: + virtual ~PrivateBrowsingObserver() {} +private: + SharedSSLState* mOwner; +}; + +SharedSSLState* gPublicState; +SharedSSLState* gPrivateState; +} // namespace + +NS_IMPL_ISUPPORTS(PrivateBrowsingObserver, nsIObserver) + +NS_IMETHODIMP +PrivateBrowsingObserver::Observe(nsISupports *aSubject, + const char *aTopic, + const char16_t *aData) +{ + if (!nsCRT::strcmp(aTopic, "last-pb-context-exited")) { + mOwner->ResetStoredData(); + } + return NS_OK; +} + +SharedSSLState::SharedSSLState() +: mClientAuthRemember(new nsClientAuthRememberService) +, mMutex("SharedSSLState::mMutex") +, mSocketCreated(false) +, mOCSPStaplingEnabled(false) +, mOCSPMustStapleEnabled(false) +{ + mIOLayerHelpers.Init(); + mClientAuthRemember->Init(); +} + +SharedSSLState::~SharedSSLState() +{ +} + +void +SharedSSLState::NotePrivateBrowsingStatus() +{ + MOZ_ASSERT(NS_IsMainThread(), "Not on main thread"); + mObserver = new PrivateBrowsingObserver(this); + nsCOMPtr obsSvc = mozilla::services::GetObserverService(); + obsSvc->AddObserver(mObserver, "last-pb-context-exited", false); +} + +void +SharedSSLState::ResetStoredData() +{ + MOZ_ASSERT(NS_IsMainThread(), "Not on main thread"); + mClientAuthRemember->ClearRememberedDecisions(); + mIOLayerHelpers.clearStoredData(); +} + +void +SharedSSLState::NoteSocketCreated() +{ + MutexAutoLock lock(mMutex); + mSocketCreated = true; +} + +bool +SharedSSLState::SocketCreated() +{ + MutexAutoLock lock(mMutex); + return mSocketCreated; +} + +/*static*/ void +SharedSSLState::GlobalInit() +{ + MOZ_ASSERT(NS_IsMainThread(), "Not on main thread"); + gPublicState = new SharedSSLState(); + gPrivateState = new SharedSSLState(); + gPrivateState->NotePrivateBrowsingStatus(); +} + +/*static*/ void +SharedSSLState::GlobalCleanup() +{ + MOZ_ASSERT(NS_IsMainThread(), "Not on main thread"); + + if (gPrivateState) { + gPrivateState->Cleanup(); + delete gPrivateState; + gPrivateState = nullptr; + } + + if (gPublicState) { + gPublicState->Cleanup(); + delete gPublicState; + gPublicState = nullptr; + } +} + +/*static*/ void +SharedSSLState::NoteCertOverrideServiceInstantiated() +{ + sCertOverrideSvcExists = true; +} + +void +SharedSSLState::Cleanup() +{ + mIOLayerHelpers.Cleanup(); +} + +SharedSSLState* +PublicSSLState() +{ + return gPublicState; +} + +SharedSSLState* +PrivateSSLState() +{ + return gPrivateState; +} + +} // namespace psm +} // namespace mozilla diff --git a/security/manager/ssl/SharedSSLState.h b/security/manager/ssl/SharedSSLState.h new file mode 100644 index 000000000..60a059620 --- /dev/null +++ b/security/manager/ssl/SharedSSLState.h @@ -0,0 +1,87 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef SharedSSLState_h +#define SharedSSLState_h + +#include "mozilla/RefPtr.h" +#include "nsNSSIOLayer.h" + +class nsClientAuthRememberService; +class nsIObserver; + +namespace mozilla { +namespace psm { + +class SharedSSLState { +public: + NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SharedSSLState) + SharedSSLState(); + + static void GlobalInit(); + static void GlobalCleanup(); + + nsClientAuthRememberService* GetClientAuthRememberService() { + return mClientAuthRemember; + } + + nsSSLIOLayerHelpers& IOLayerHelpers() { + return mIOLayerHelpers; + } + + // Main-thread only + void ResetStoredData(); + void NotePrivateBrowsingStatus(); + void SetOCSPStaplingEnabled(bool staplingEnabled) + { + mOCSPStaplingEnabled = staplingEnabled; + } + void SetOCSPMustStapleEnabled(bool mustStapleEnabled) + { + mOCSPMustStapleEnabled = mustStapleEnabled; + } + void SetSignedCertTimestampsEnabled(bool signedCertTimestampsEnabled) + { + mSignedCertTimestampsEnabled = signedCertTimestampsEnabled; + } + + // The following methods may be called from any thread + bool SocketCreated(); + void NoteSocketCreated(); + static void NoteCertOverrideServiceInstantiated(); + bool IsOCSPStaplingEnabled() const { return mOCSPStaplingEnabled; } + bool IsOCSPMustStapleEnabled() const { return mOCSPMustStapleEnabled; } + bool IsSignedCertTimestampsEnabled() const + { + return mSignedCertTimestampsEnabled; + } + +private: + ~SharedSSLState(); + + void Cleanup(); + + nsCOMPtr mObserver; + RefPtr mClientAuthRemember; + nsSSLIOLayerHelpers mIOLayerHelpers; + + // True if any sockets have been created that use this shared data. + // Requires synchronization between the socket and main threads for + // reading/writing. + Mutex mMutex; + bool mSocketCreated; + bool mOCSPStaplingEnabled; + bool mOCSPMustStapleEnabled; + bool mSignedCertTimestampsEnabled; +}; + +SharedSSLState* PublicSSLState(); +SharedSSLState* PrivateSSLState(); + +} // namespace psm +} // namespace mozilla + +#endif diff --git a/security/manager/ssl/StaticHPKPins.errors b/security/manager/ssl/StaticHPKPins.errors new file mode 100644 index 000000000..f5b0a1ebb --- /dev/null +++ b/security/manager/ssl/StaticHPKPins.errors @@ -0,0 +1,28 @@ +Can't find hash in builtin certs for Chrome nickname GoogleG2, inserting GOOGLE_PIN_GoogleG2 +Can't find hash in builtin certs for Chrome nickname RapidSSL, inserting GOOGLE_PIN_RapidSSL +Can't find hash in builtin certs for Chrome nickname DigiCertSHA2HighAssuranceServerCA, inserting GOOGLE_PIN_DigiCertSHA2HighAssuranceServerCA +Can't find hash in builtin certs for Chrome nickname VeriSignClass1, inserting GOOGLE_PIN_VeriSignClass1 +Can't find hash in builtin certs for Chrome nickname VeriSignClass4_G3, inserting GOOGLE_PIN_VeriSignClass4_G3 +Can't find hash in builtin certs for Chrome nickname VeriSignClass3_G2, inserting GOOGLE_PIN_VeriSignClass3_G2 +Can't find hash in builtin certs for Chrome nickname VeriSignClass2_G2, inserting GOOGLE_PIN_VeriSignClass2_G2 +Can't find hash in builtin certs for Chrome nickname Entrust_SSL, inserting GOOGLE_PIN_Entrust_SSL +Can't find hash in builtin certs for Chrome nickname UTNDATACorpSGC, inserting GOOGLE_PIN_UTNDATACorpSGC +Can't find hash in builtin certs for Chrome nickname GTECyberTrustGlobalRoot, inserting GOOGLE_PIN_GTECyberTrustGlobalRoot +Can't find hash in builtin certs for Chrome nickname GoDaddySecure, inserting GOOGLE_PIN_GoDaddySecure +Can't find hash in builtin certs for Chrome nickname SymantecClass3EVG3, inserting GOOGLE_PIN_SymantecClass3EVG3 +Can't find hash in builtin certs for Chrome nickname DigiCertECCSecureServerCA, inserting GOOGLE_PIN_DigiCertECCSecureServerCA +Can't find hash in builtin certs for Chrome nickname LetsEncryptAuthorityPrimary_X1_X3, inserting GOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3 +Can't find hash in builtin certs for Chrome nickname LetsEncryptAuthorityBackup_X2_X4, inserting GOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4 +Can't find hash in builtin certs for Chrome nickname COMODORSADomainValidationSecureServerCA, inserting GOOGLE_PIN_COMODORSADomainValidationSecureServerCA +Writing pinset test +Writing pinset google +Writing pinset tor +Writing pinset twitterCom +Writing pinset twitterCDN +Writing pinset dropbox +Writing pinset facebook +Writing pinset spideroak +Writing pinset yahoo +Writing pinset swehackCom +Writing pinset ncsccs +Writing pinset tumblr diff --git a/security/manager/ssl/StaticHPKPins.h b/security/manager/ssl/StaticHPKPins.h new file mode 100644 index 000000000..323d8ec85 --- /dev/null +++ b/security/manager/ssl/StaticHPKPins.h @@ -0,0 +1,1185 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/*****************************************************************************/ +/* This is an automatically generated file. If you're not */ +/* PublicKeyPinningService.cpp, you shouldn't be #including it. */ +/*****************************************************************************/ +#include +/* AddTrust External Root */ +static const char kAddTrust_External_RootFingerprint[] = + "lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU="; + +/* AddTrust Low-Value Services Root */ +static const char kAddTrust_Low_Value_Services_RootFingerprint[] = + "BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo="; + +/* AddTrust Public Services Root */ +static const char kAddTrust_Public_Services_RootFingerprint[] = + "OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg="; + +/* AddTrust Qualified Certificates Root */ +static const char kAddTrust_Qualified_Certificates_RootFingerprint[] = + "xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink="; + +/* AffirmTrust Commercial */ +static const char kAffirmTrust_CommercialFingerprint[] = + "bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU="; + +/* AffirmTrust Networking */ +static const char kAffirmTrust_NetworkingFingerprint[] = + "lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA="; + +/* AffirmTrust Premium */ +static const char kAffirmTrust_PremiumFingerprint[] = + "x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc="; + +/* AffirmTrust Premium ECC */ +static const char kAffirmTrust_Premium_ECCFingerprint[] = + "MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8="; + +/* Baltimore CyberTrust Root */ +static const char kBaltimore_CyberTrust_RootFingerprint[] = + "Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o="; + +/* COMODO Certification Authority */ +static const char kCOMODO_Certification_AuthorityFingerprint[] = + "AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4="; + +/* COMODO ECC Certification Authority */ +static const char kCOMODO_ECC_Certification_AuthorityFingerprint[] = + "58qRu/uxh4gFezqAcERupSkRYBlBAvfcw7mEjGPLnNU="; + +/* COMODO RSA Certification Authority */ +static const char kCOMODO_RSA_Certification_AuthorityFingerprint[] = + "grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME="; + +/* Comodo AAA Services root */ +static const char kComodo_AAA_Services_rootFingerprint[] = + "vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM="; + +/* Comodo Secure Services root */ +static const char kComodo_Secure_Services_rootFingerprint[] = + "RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4="; + +/* Comodo Trusted Services root */ +static const char kComodo_Trusted_Services_rootFingerprint[] = + "4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg="; + +/* Cybertrust Global Root */ +static const char kCybertrust_Global_RootFingerprint[] = + "foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU="; + +/* DST Root CA X3 */ +static const char kDST_Root_CA_X3Fingerprint[] = + "Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; + +/* DigiCert Assured ID Root CA */ +static const char kDigiCert_Assured_ID_Root_CAFingerprint[] = + "I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; + +/* DigiCert Assured ID Root G2 */ +static const char kDigiCert_Assured_ID_Root_G2Fingerprint[] = + "8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik="; + +/* DigiCert Assured ID Root G3 */ +static const char kDigiCert_Assured_ID_Root_G3Fingerprint[] = + "Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw="; + +/* DigiCert Global Root CA */ +static const char kDigiCert_Global_Root_CAFingerprint[] = + "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; + +/* DigiCert Global Root G2 */ +static const char kDigiCert_Global_Root_G2Fingerprint[] = + "i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; + +/* DigiCert Global Root G3 */ +static const char kDigiCert_Global_Root_G3Fingerprint[] = + "uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; + +/* DigiCert High Assurance EV Root CA */ +static const char kDigiCert_High_Assurance_EV_Root_CAFingerprint[] = + "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; + +/* DigiCert Trusted Root G4 */ +static const char kDigiCert_Trusted_Root_G4Fingerprint[] = + "Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; + +/* End Entity Test Cert */ +static const char kEnd_Entity_Test_CertFingerprint[] = + "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="; + +/* Entrust Root Certification Authority */ +static const char kEntrust_Root_Certification_AuthorityFingerprint[] = + "bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU="; + +/* Entrust Root Certification Authority - EC1 */ +static const char kEntrust_Root_Certification_Authority___EC1Fingerprint[] = + "/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI="; + +/* Entrust Root Certification Authority - G2 */ +static const char kEntrust_Root_Certification_Authority___G2Fingerprint[] = + "du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U="; + +/* Entrust.net Premium 2048 Secure Server CA */ +static const char kEntrust_net_Premium_2048_Secure_Server_CAFingerprint[] = + "HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg="; + +/* FacebookBackup */ +static const char kFacebookBackupFingerprint[] = + "q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; + +/* GOOGLE_PIN_COMODORSADomainValidationSecureServerCA */ +static const char kGOOGLE_PIN_COMODORSADomainValidationSecureServerCAFingerprint[] = + "klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; + +/* GOOGLE_PIN_DigiCertECCSecureServerCA */ +static const char kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint[] = + "PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw="; + +/* GOOGLE_PIN_DigiCertSHA2HighAssuranceServerCA */ +static const char kGOOGLE_PIN_DigiCertSHA2HighAssuranceServerCAFingerprint[] = + "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; + +/* GOOGLE_PIN_Entrust_SSL */ +static const char kGOOGLE_PIN_Entrust_SSLFingerprint[] = + "nsxRNo6G40YPZsKV5JQt1TCA8nseQQr/LRqp1Oa8fnw="; + +/* GOOGLE_PIN_GTECyberTrustGlobalRoot */ +static const char kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint[] = + "EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU="; + +/* GOOGLE_PIN_GoDaddySecure */ +static const char kGOOGLE_PIN_GoDaddySecureFingerprint[] = + "MrZLZnJ6IGPkBm87lYywqu5Xal7O/ZUzmbuIdHMdlYc="; + +/* GOOGLE_PIN_GoogleG2 */ +static const char kGOOGLE_PIN_GoogleG2Fingerprint[] = + "7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y="; + +/* GOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4 */ +static const char kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint[] = + "sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis="; + +/* GOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3 */ +static const char kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint[] = + "YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; + +/* GOOGLE_PIN_RapidSSL */ +static const char kGOOGLE_PIN_RapidSSLFingerprint[] = + "lT09gPUeQfbYrlxRtpsHrjDblj9Rpz+u7ajfCrg4qDM="; + +/* GOOGLE_PIN_SymantecClass3EVG3 */ +static const char kGOOGLE_PIN_SymantecClass3EVG3Fingerprint[] = + "gMxWOrX4PMQesK9qFNbYBxjBfjUvlkn/vN1n+L9lE5E="; + +/* GOOGLE_PIN_UTNDATACorpSGC */ +static const char kGOOGLE_PIN_UTNDATACorpSGCFingerprint[] = + "QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo="; + +/* GOOGLE_PIN_VeriSignClass1 */ +static const char kGOOGLE_PIN_VeriSignClass1Fingerprint[] = + "LclHC+Y+9KzxvYKGCUArt7h72ZY4pkOTTohoLRvowwg="; + +/* GOOGLE_PIN_VeriSignClass2_G2 */ +static const char kGOOGLE_PIN_VeriSignClass2_G2Fingerprint[] = + "2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; + +/* GOOGLE_PIN_VeriSignClass3_G2 */ +static const char kGOOGLE_PIN_VeriSignClass3_G2Fingerprint[] = + "AjyBzOjnxk+pQtPBUEhwfTXZu1uH9PVExb8bxWQ68vo="; + +/* GOOGLE_PIN_VeriSignClass4_G3 */ +static const char kGOOGLE_PIN_VeriSignClass4_G3Fingerprint[] = + "VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU="; + +/* GeoTrust Global CA */ +static const char kGeoTrust_Global_CAFingerprint[] = + "h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU="; + +/* GeoTrust Global CA 2 */ +static const char kGeoTrust_Global_CA_2Fingerprint[] = + "F3VaXClfPS1y5vAxofB/QAxYi55YKyLxfq4xoVkNEYU="; + +/* GeoTrust Primary Certification Authority */ +static const char kGeoTrust_Primary_Certification_AuthorityFingerprint[] = + "SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo="; + +/* GeoTrust Primary Certification Authority - G2 */ +static const char kGeoTrust_Primary_Certification_Authority___G2Fingerprint[] = + "vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs="; + +/* GeoTrust Primary Certification Authority - G3 */ +static const char kGeoTrust_Primary_Certification_Authority___G3Fingerprint[] = + "q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8="; + +/* GeoTrust Universal CA */ +static const char kGeoTrust_Universal_CAFingerprint[] = + "lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA="; + +/* GeoTrust Universal CA 2 */ +static const char kGeoTrust_Universal_CA_2Fingerprint[] = + "fKoDRlEkWQxgHlZ+UhSOlSwM/+iQAFMP4NlbbVDqrkE="; + +/* GlobalSign ECC Root CA - R4 */ +static const char kGlobalSign_ECC_Root_CA___R4Fingerprint[] = + "CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk="; + +/* GlobalSign ECC Root CA - R5 */ +static const char kGlobalSign_ECC_Root_CA___R5Fingerprint[] = + "fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8="; + +/* GlobalSign Root CA */ +static const char kGlobalSign_Root_CAFingerprint[] = + "K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; + +/* GlobalSign Root CA - R2 */ +static const char kGlobalSign_Root_CA___R2Fingerprint[] = + "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; + +/* GlobalSign Root CA - R3 */ +static const char kGlobalSign_Root_CA___R3Fingerprint[] = + "cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; + +/* Go Daddy Class 2 CA */ +static const char kGo_Daddy_Class_2_CAFingerprint[] = + "VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8="; + +/* Go Daddy Root Certificate Authority - G2 */ +static const char kGo_Daddy_Root_Certificate_Authority___G2Fingerprint[] = + "Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA="; + +/* GoogleBackup2048 */ +static const char kGoogleBackup2048Fingerprint[] = + "IPMbDAjLVSGntGO3WP53X/zilCVndez5YJ2+vJvhJsA="; + +/* SpiderOak2 */ +static const char kSpiderOak2Fingerprint[] = + "7Y3UnxbffL8aFPXsOJBpGasgpDmngpIhAxGKdQRklQQ="; + +/* SpiderOak3 */ +static const char kSpiderOak3Fingerprint[] = + "LkER54vOdlygpTsbYvlpMq1CE/lDAG1AP9xmdtwvV2A="; + +/* Starfield Class 2 CA */ +static const char kStarfield_Class_2_CAFingerprint[] = + "FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ="; + +/* Starfield Root Certificate Authority - G2 */ +static const char kStarfield_Root_Certificate_Authority___G2Fingerprint[] = + "gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ="; + +/* Swehack */ +static const char kSwehackFingerprint[] = + "FdaffE799rVb3oyAuhJ2mBW/XJwD07Uajb2G6YwSAEw="; + +/* SwehackBackup */ +static const char kSwehackBackupFingerprint[] = + "z6cuswA6E1vgFkCjUsbEYo0Lf3aP8M8YOvwkoiGzDCo="; + +/* TestSPKI */ +static const char kTestSPKIFingerprint[] = + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; + +/* Tor1 */ +static const char kTor1Fingerprint[] = + "bYz9JTDk89X3qu3fgswG+lBQso5vI0N1f0Rx4go4nLo="; + +/* Tor2 */ +static const char kTor2Fingerprint[] = + "xXCxhTdn7uxXneJSbQCqoAvuW3ZtQl2pDVTf2sewS8w="; + +/* Tor3 */ +static const char kTor3Fingerprint[] = + "CleC1qwUR8JPgH1nXvSe2VHxDe5/KfNs96EusbfSOfo="; + +/* TumblrBackup */ +static const char kTumblrBackupFingerprint[] = + "avlD96PLERV78IN1fD+ab5cupkUDD9wTZWJjHX6VC9w="; + +/* Twitter1 */ +static const char kTwitter1Fingerprint[] = + "vU9M48LzD/CF34wE5PPf4nBwRyosy06X21J0ap8yS5s="; + +/* USERTrust ECC Certification Authority */ +static const char kUSERTrust_ECC_Certification_AuthorityFingerprint[] = + "ICGRfpgmOUXIWcQ/HXPLQTkFPEFPoDyjvH7ohhQpjzs="; + +/* USERTrust RSA Certification Authority */ +static const char kUSERTrust_RSA_Certification_AuthorityFingerprint[] = + "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4="; + +/* UTN USERFirst Email Root CA */ +static const char kUTN_USERFirst_Email_Root_CAFingerprint[] = + "Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM="; + +/* UTN USERFirst Hardware Root CA */ +static const char kUTN_USERFirst_Hardware_Root_CAFingerprint[] = + "TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI="; + +/* UTN USERFirst Object Root CA */ +static const char kUTN_USERFirst_Object_Root_CAFingerprint[] = + "D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM="; + +/* VeriSign Class 3 Public Primary Certification Authority - G4 */ +static const char kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint[] = + "UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4="; + +/* VeriSign Class 3 Public Primary Certification Authority - G5 */ +static const char kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint[] = + "JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; + +/* VeriSign Universal Root Certification Authority */ +static const char kVeriSign_Universal_Root_Certification_AuthorityFingerprint[] = + "lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; + +/* Verisign Class 1 Public Primary Certification Authority - G3 */ +static const char kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint[] = + "IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM="; + +/* Verisign Class 2 Public Primary Certification Authority - G3 */ +static const char kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint[] = + "cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; + +/* Verisign Class 3 Public Primary Certification Authority - G3 */ +static const char kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint[] = + "SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4="; + +/* YahooBackup1 */ +static const char kYahooBackup1Fingerprint[] = + "2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; + +/* YahooBackup2 */ +static const char kYahooBackup2Fingerprint[] = + "dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; + +/* thawte Primary Root CA */ +static const char kthawte_Primary_Root_CAFingerprint[] = + "HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY="; + +/* thawte Primary Root CA - G2 */ +static const char kthawte_Primary_Root_CA___G2Fingerprint[] = + "Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM="; + +/* thawte Primary Root CA - G3 */ +static const char kthawte_Primary_Root_CA___G3Fingerprint[] = + "GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik="; + +/* Pinsets are each an ordered list by the actual value of the fingerprint */ +struct StaticFingerprints { + const size_t size; + const char* const* data; +}; + +/* PreloadedHPKPins.json pinsets */ +static const char* const kPinset_google_root_pems_Data[] = { + kEntrust_Root_Certification_Authority___EC1Fingerprint, + kComodo_Trusted_Services_rootFingerprint, + kCOMODO_ECC_Certification_AuthorityFingerprint, + kDigiCert_Assured_ID_Root_G2Fingerprint, + kCOMODO_Certification_AuthorityFingerprint, + kAddTrust_Low_Value_Services_RootFingerprint, + kGlobalSign_ECC_Root_CA___R4Fingerprint, + kGeoTrust_Global_CA_2Fingerprint, + kDigiCert_Assured_ID_Root_G3Fingerprint, + kStarfield_Class_2_CAFingerprint, + kthawte_Primary_Root_CA___G3Fingerprint, + kthawte_Primary_Root_CAFingerprint, + kEntrust_net_Premium_2048_Secure_Server_CAFingerprint, + kDigiCert_Assured_ID_Root_CAFingerprint, + kUSERTrust_ECC_Certification_AuthorityFingerprint, + kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint, + kGlobalSign_Root_CAFingerprint, + kGo_Daddy_Root_Certificate_Authority___G2Fingerprint, + kAffirmTrust_Premium_ECCFingerprint, + kAddTrust_Public_Services_RootFingerprint, + kComodo_Secure_Services_rootFingerprint, + kGeoTrust_Primary_Certification_AuthorityFingerprint, + kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint, + kUTN_USERFirst_Hardware_Root_CAFingerprint, + kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint, + kGo_Daddy_Class_2_CAFingerprint, + kDigiCert_Trusted_Root_G4Fingerprint, + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kBaltimore_CyberTrust_RootFingerprint, + kthawte_Primary_Root_CA___G2Fingerprint, + kAffirmTrust_CommercialFingerprint, + kEntrust_Root_Certification_AuthorityFingerprint, + kGlobalSign_Root_CA___R3Fingerprint, + kEntrust_Root_Certification_Authority___G2Fingerprint, + kGeoTrust_Universal_CA_2Fingerprint, + kGlobalSign_ECC_Root_CA___R5Fingerprint, + kCybertrust_Global_RootFingerprint, + kStarfield_Root_Certificate_Authority___G2Fingerprint, + kCOMODO_RSA_Certification_AuthorityFingerprint, + kGeoTrust_Global_CAFingerprint, + kDigiCert_Global_Root_G2Fingerprint, + kGlobalSign_Root_CA___R2Fingerprint, + kAffirmTrust_NetworkingFingerprint, + kAddTrust_External_RootFingerprint, + kVeriSign_Universal_Root_Certification_AuthorityFingerprint, + kGeoTrust_Universal_CAFingerprint, + kGeoTrust_Primary_Certification_Authority___G3Fingerprint, + kDigiCert_Global_Root_CAFingerprint, + kDigiCert_Global_Root_G3Fingerprint, + kGeoTrust_Primary_Certification_Authority___G2Fingerprint, + kComodo_AAA_Services_rootFingerprint, + kAffirmTrust_PremiumFingerprint, + kUSERTrust_RSA_Certification_AuthorityFingerprint, + kAddTrust_Qualified_Certificates_RootFingerprint, +}; +static const StaticFingerprints kPinset_google_root_pems = { + sizeof(kPinset_google_root_pems_Data) / sizeof(const char*), + kPinset_google_root_pems_Data +}; + +static const char* const kPinset_mozilla_Data[] = { + kGeoTrust_Global_CA_2Fingerprint, + kthawte_Primary_Root_CA___G3Fingerprint, + kthawte_Primary_Root_CAFingerprint, + kDigiCert_Assured_ID_Root_CAFingerprint, + kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint, + kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint, + kGeoTrust_Primary_Certification_AuthorityFingerprint, + kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint, + kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint, + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kBaltimore_CyberTrust_RootFingerprint, + kthawte_Primary_Root_CA___G2Fingerprint, + kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint, + kGeoTrust_Universal_CA_2Fingerprint, + kGeoTrust_Global_CAFingerprint, + kVeriSign_Universal_Root_Certification_AuthorityFingerprint, + kGeoTrust_Universal_CAFingerprint, + kGeoTrust_Primary_Certification_Authority___G3Fingerprint, + kDigiCert_Global_Root_CAFingerprint, + kGeoTrust_Primary_Certification_Authority___G2Fingerprint, +}; +static const StaticFingerprints kPinset_mozilla = { + sizeof(kPinset_mozilla_Data) / sizeof(const char*), + kPinset_mozilla_Data +}; + +static const char* const kPinset_mozilla_services_Data[] = { + kDigiCert_Global_Root_CAFingerprint, +}; +static const StaticFingerprints kPinset_mozilla_services = { + sizeof(kPinset_mozilla_services_Data) / sizeof(const char*), + kPinset_mozilla_services_Data +}; + +static const char* const kPinset_mozilla_test_Data[] = { + kEnd_Entity_Test_CertFingerprint, +}; +static const StaticFingerprints kPinset_mozilla_test = { + sizeof(kPinset_mozilla_test_Data) / sizeof(const char*), + kPinset_mozilla_test_Data +}; + +/* Chrome static pinsets */ +static const char* const kPinset_test_Data[] = { + kTestSPKIFingerprint, +}; +static const StaticFingerprints kPinset_test = { + sizeof(kPinset_test_Data) / sizeof(const char*), + kPinset_test_Data +}; + +static const char* const kPinset_google_Data[] = { + kGOOGLE_PIN_GoogleG2Fingerprint, + kGoogleBackup2048Fingerprint, + kGeoTrust_Global_CAFingerprint, + kGlobalSign_Root_CA___R2Fingerprint, +}; +static const StaticFingerprints kPinset_google = { + sizeof(kPinset_google_Data) / sizeof(const char*), + kPinset_google_Data +}; + +static const char* const kPinset_tor_Data[] = { + kTor3Fingerprint, + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint, + kTor1Fingerprint, + kGOOGLE_PIN_RapidSSLFingerprint, + kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint, + kTor2Fingerprint, +}; +static const StaticFingerprints kPinset_tor = { + sizeof(kPinset_tor_Data) / sizeof(const char*), + kPinset_tor_Data +}; + +static const char* const kPinset_twitterCom_Data[] = { + kGOOGLE_PIN_VeriSignClass2_G2Fingerprint, + kGOOGLE_PIN_VeriSignClass3_G2Fingerprint, + kGeoTrust_Global_CA_2Fingerprint, + kDigiCert_Assured_ID_Root_CAFingerprint, + kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint, + kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint, + kGOOGLE_PIN_VeriSignClass1Fingerprint, + kGeoTrust_Primary_Certification_AuthorityFingerprint, + kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint, + kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint, + kGOOGLE_PIN_VeriSignClass4_G3Fingerprint, + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint, + kGeoTrust_Universal_CA_2Fingerprint, + kGeoTrust_Global_CAFingerprint, + kVeriSign_Universal_Root_Certification_AuthorityFingerprint, + kGeoTrust_Universal_CAFingerprint, + kGeoTrust_Primary_Certification_Authority___G3Fingerprint, + kDigiCert_Global_Root_CAFingerprint, + kGeoTrust_Primary_Certification_Authority___G2Fingerprint, + kTwitter1Fingerprint, +}; +static const StaticFingerprints kPinset_twitterCom = { + sizeof(kPinset_twitterCom_Data) / sizeof(const char*), + kPinset_twitterCom_Data +}; + +static const char* const kPinset_twitterCDN_Data[] = { + kGOOGLE_PIN_VeriSignClass2_G2Fingerprint, + kComodo_Trusted_Services_rootFingerprint, + kCOMODO_Certification_AuthorityFingerprint, + kGOOGLE_PIN_VeriSignClass3_G2Fingerprint, + kAddTrust_Low_Value_Services_RootFingerprint, + kUTN_USERFirst_Object_Root_CAFingerprint, + kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint, + kGeoTrust_Global_CA_2Fingerprint, + kEntrust_net_Premium_2048_Secure_Server_CAFingerprint, + kDigiCert_Assured_ID_Root_CAFingerprint, + kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint, + kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint, + kGlobalSign_Root_CAFingerprint, + kUTN_USERFirst_Email_Root_CAFingerprint, + kGOOGLE_PIN_VeriSignClass1Fingerprint, + kAddTrust_Public_Services_RootFingerprint, + kGOOGLE_PIN_UTNDATACorpSGCFingerprint, + kComodo_Secure_Services_rootFingerprint, + kGeoTrust_Primary_Certification_AuthorityFingerprint, + kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint, + kUTN_USERFirst_Hardware_Root_CAFingerprint, + kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint, + kGOOGLE_PIN_VeriSignClass4_G3Fingerprint, + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kBaltimore_CyberTrust_RootFingerprint, + kEntrust_Root_Certification_AuthorityFingerprint, + kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint, + kGlobalSign_Root_CA___R3Fingerprint, + kEntrust_Root_Certification_Authority___G2Fingerprint, + kGeoTrust_Universal_CA_2Fingerprint, + kGeoTrust_Global_CAFingerprint, + kGlobalSign_Root_CA___R2Fingerprint, + kAddTrust_External_RootFingerprint, + kVeriSign_Universal_Root_Certification_AuthorityFingerprint, + kGeoTrust_Universal_CAFingerprint, + kGOOGLE_PIN_Entrust_SSLFingerprint, + kGeoTrust_Primary_Certification_Authority___G3Fingerprint, + kDigiCert_Global_Root_CAFingerprint, + kGeoTrust_Primary_Certification_Authority___G2Fingerprint, + kComodo_AAA_Services_rootFingerprint, + kTwitter1Fingerprint, + kAddTrust_Qualified_Certificates_RootFingerprint, +}; +static const StaticFingerprints kPinset_twitterCDN = { + sizeof(kPinset_twitterCDN_Data) / sizeof(const char*), + kPinset_twitterCDN_Data +}; + +static const char* const kPinset_dropbox_Data[] = { + kEntrust_Root_Certification_Authority___EC1Fingerprint, + kEntrust_net_Premium_2048_Secure_Server_CAFingerprint, + kDigiCert_Assured_ID_Root_CAFingerprint, + kGo_Daddy_Root_Certificate_Authority___G2Fingerprint, + kGOOGLE_PIN_GoDaddySecureFingerprint, + kGo_Daddy_Class_2_CAFingerprint, + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kEntrust_Root_Certification_AuthorityFingerprint, + kEntrust_Root_Certification_Authority___G2Fingerprint, + kDigiCert_Global_Root_CAFingerprint, +}; +static const StaticFingerprints kPinset_dropbox = { + sizeof(kPinset_dropbox_Data) / sizeof(const char*), + kPinset_dropbox_Data +}; + +static const char* const kPinset_facebook_Data[] = { + kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint, + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kGOOGLE_PIN_SymantecClass3EVG3Fingerprint, + kFacebookBackupFingerprint, +}; +static const StaticFingerprints kPinset_facebook = { + sizeof(kPinset_facebook_Data) / sizeof(const char*), + kPinset_facebook_Data +}; + +static const char* const kPinset_spideroak_Data[] = { + kSpiderOak2Fingerprint, + kSpiderOak3Fingerprint, + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kGeoTrust_Global_CAFingerprint, +}; +static const StaticFingerprints kPinset_spideroak = { + sizeof(kPinset_spideroak_Data) / sizeof(const char*), + kPinset_spideroak_Data +}; + +static const char* const kPinset_yahoo_Data[] = { + kYahooBackup1Fingerprint, + kGOOGLE_PIN_VeriSignClass2_G2Fingerprint, + kDigiCert_Assured_ID_Root_CAFingerprint, + kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint, + kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint, + kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint, + kDigiCert_Trusted_Root_G4Fingerprint, + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint, + kYahooBackup2Fingerprint, + kDigiCert_Global_Root_G2Fingerprint, + kVeriSign_Universal_Root_Certification_AuthorityFingerprint, + kDigiCert_Global_Root_CAFingerprint, + kDigiCert_Global_Root_G3Fingerprint, +}; +static const StaticFingerprints kPinset_yahoo = { + sizeof(kPinset_yahoo_Data) / sizeof(const char*), + kPinset_yahoo_Data +}; + +static const char* const kPinset_swehackCom_Data[] = { + kSwehackFingerprint, + kDST_Root_CA_X3Fingerprint, + kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint, + kGOOGLE_PIN_COMODORSADomainValidationSecureServerCAFingerprint, + kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint, + kSwehackBackupFingerprint, +}; +static const StaticFingerprints kPinset_swehackCom = { + sizeof(kPinset_swehackCom_Data) / sizeof(const char*), + kPinset_swehackCom_Data +}; + +static const char* const kPinset_ncsccs_Data[] = { + kCOMODO_ECC_Certification_AuthorityFingerprint, + kDigiCert_Assured_ID_Root_CAFingerprint, + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kBaltimore_CyberTrust_RootFingerprint, + kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint, + kCOMODO_RSA_Certification_AuthorityFingerprint, + kAddTrust_External_RootFingerprint, + kDigiCert_Global_Root_CAFingerprint, + kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint, +}; +static const StaticFingerprints kPinset_ncsccs = { + sizeof(kPinset_ncsccs_Data) / sizeof(const char*), + kPinset_ncsccs_Data +}; + +static const char* const kPinset_tumblr_Data[] = { + kDigiCert_High_Assurance_EV_Root_CAFingerprint, + kTumblrBackupFingerprint, + kGOOGLE_PIN_DigiCertSHA2HighAssuranceServerCAFingerprint, +}; +static const StaticFingerprints kPinset_tumblr = { + sizeof(kPinset_tumblr_Data) / sizeof(const char*), + kPinset_tumblr_Data +}; + +/* Domainlist */ +struct TransportSecurityPreload { + const char* mHost; + const bool mIncludeSubdomains; + const bool mTestMode; + const bool mIsMoz; + const int32_t mId; + const StaticFingerprints* pinset; +}; + +/* Sort hostnames for binary search. */ +static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { + { "0.me.uk", true, true, false, -1, &kPinset_ncsccs }, + { "2mdn.net", true, false, false, -1, &kPinset_google_root_pems }, + { "accounts.firefox.com", true, false, true, 4, &kPinset_mozilla_services }, + { "accounts.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla }, + { "addons.mozilla.org", true, false, true, 1, &kPinset_mozilla }, + { "admin.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "android.com", true, false, false, -1, &kPinset_google_root_pems }, + { "api.accounts.firefox.com", true, false, true, 5, &kPinset_mozilla_services }, + { "api.twitter.com", true, false, false, -1, &kPinset_twitterCDN }, + { "apis.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "appengine.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "apps.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "at.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "au.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla }, + { "aus5.mozilla.org", true, true, true, 7, &kPinset_mozilla }, + { "az.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "be.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "bi.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "blog.torproject.org", true, false, false, -1, &kPinset_tor }, + { "blogger.com", true, false, false, -1, &kPinset_google_root_pems }, + { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems }, + { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems }, + { "business.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "business.twitter.com", true, false, false, -1, &kPinset_twitterCom }, + { "ca.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "cd.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "cdn.mozilla.net", true, false, true, -1, &kPinset_mozilla }, + { "cdn.mozilla.org", true, false, true, -1, &kPinset_mozilla }, + { "cg.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "ch.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "chart.apis.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "check.torproject.org", true, false, false, -1, &kPinset_tor }, + { "checkout.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "chfr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "chit.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "chrome-devtools-frontend.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "chrome.com", true, false, false, -1, &kPinset_google_root_pems }, + { "chrome.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "chromiumbugs.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "chromiumcodereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "cl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "cloud.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "cn.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "co.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "code.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "code.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "codereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "codereview.chromium.org", true, false, false, -1, &kPinset_google_root_pems }, + { "contributor.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "cr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "crbug.com", true, false, false, -1, &kPinset_google_root_pems }, + { "crosbug.com", true, false, false, -1, &kPinset_google_root_pems }, + { "crrev.com", true, false, false, -1, &kPinset_google_root_pems }, + { "ct.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "de.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "dev.twitter.com", true, false, false, -1, &kPinset_twitterCom }, + { "developer.android.com", true, false, false, -1, &kPinset_google_root_pems }, + { "developers.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "dist.torproject.org", true, false, false, -1, &kPinset_tor }, + { "dk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "dl.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "dns.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "do.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "docs.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "domains.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "doubleclick.net", true, false, false, -1, &kPinset_google_root_pems }, + { "drive.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "dropbox.com", true, false, false, -1, &kPinset_dropbox }, + { "dropboxstatic.com", false, true, false, -1, &kPinset_dropbox }, + { "dropboxusercontent.com", false, true, false, -1, &kPinset_dropbox }, + { "edit.yahoo.com", true, true, false, -1, &kPinset_yahoo }, + { "en-maktoob.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "encrypted.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "es.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "espanol.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "exclude-subdomains.pinning.example.com", false, false, false, 0, &kPinset_mozilla_test }, + { "facebook.com", false, false, false, -1, &kPinset_facebook }, + { "fi.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "fi.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "firebaseio.com", true, false, false, -1, &kPinset_google_root_pems }, + { "fj.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "fr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "g.co", true, false, false, -1, &kPinset_google_root_pems }, + { "g4w.co", true, false, false, -1, &kPinset_google_root_pems }, + { "ggpht.com", true, false, false, -1, &kPinset_google_root_pems }, + { "gl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "glass.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "gm.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "gmail.com", false, false, false, -1, &kPinset_google_root_pems }, + { "goo.gl", true, false, false, -1, &kPinset_google_root_pems }, + { "google", true, false, false, -1, &kPinset_google_root_pems }, + { "google-analytics.com", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ac", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ad", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ae", true, false, false, -1, &kPinset_google_root_pems }, + { "google.af", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ag", true, false, false, -1, &kPinset_google_root_pems }, + { "google.am", true, false, false, -1, &kPinset_google_root_pems }, + { "google.as", true, false, false, -1, &kPinset_google_root_pems }, + { "google.at", true, false, false, -1, &kPinset_google_root_pems }, + { "google.az", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ba", true, false, false, -1, &kPinset_google_root_pems }, + { "google.be", true, false, false, -1, &kPinset_google_root_pems }, + { "google.bf", true, false, false, -1, &kPinset_google_root_pems }, + { "google.bg", true, false, false, -1, &kPinset_google_root_pems }, + { "google.bi", true, false, false, -1, &kPinset_google_root_pems }, + { "google.bj", true, false, false, -1, &kPinset_google_root_pems }, + { "google.bs", true, false, false, -1, &kPinset_google_root_pems }, + { "google.by", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ca", true, false, false, -1, &kPinset_google_root_pems }, + { "google.cat", true, false, false, -1, &kPinset_google_root_pems }, + { "google.cc", true, false, false, -1, &kPinset_google_root_pems }, + { "google.cd", true, false, false, -1, &kPinset_google_root_pems }, + { "google.cf", true, false, false, -1, &kPinset_google_root_pems }, + { "google.cg", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ch", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ci", true, false, false, -1, &kPinset_google_root_pems }, + { "google.cl", true, false, false, -1, &kPinset_google_root_pems }, + { "google.cm", true, false, false, -1, &kPinset_google_root_pems }, + { "google.cn", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.ao", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.bw", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.ck", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.cr", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.hu", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.id", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.il", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.im", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.in", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.je", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.jp", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.ke", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.kr", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.ls", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.ma", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.mz", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.nz", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.th", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.tz", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.ug", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.uk", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.uz", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.ve", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.vi", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.za", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.zm", true, false, false, -1, &kPinset_google_root_pems }, + { "google.co.zw", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.af", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ag", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ai", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ar", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.au", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.bd", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.bh", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.bn", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.bo", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.br", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.by", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.bz", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.cn", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.co", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.cu", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.cy", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.do", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ec", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.eg", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.et", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.fj", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ge", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.gh", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.gi", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.gr", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.gt", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.hk", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.iq", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.jm", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.jo", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.kh", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.kw", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.lb", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ly", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.mt", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.mx", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.my", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.na", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.nf", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ng", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ni", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.np", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.nr", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.om", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.pa", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.pe", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ph", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.pk", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.pl", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.pr", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.py", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.qa", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ru", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.sa", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.sb", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.sg", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.sl", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.sv", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.tj", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.tn", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.tr", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.tw", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ua", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.uy", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.vc", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.ve", true, false, false, -1, &kPinset_google_root_pems }, + { "google.com.vn", true, false, false, -1, &kPinset_google_root_pems }, + { "google.cv", true, false, false, -1, &kPinset_google_root_pems }, + { "google.cz", true, false, false, -1, &kPinset_google_root_pems }, + { "google.de", true, false, false, -1, &kPinset_google_root_pems }, + { "google.dj", true, false, false, -1, &kPinset_google_root_pems }, + { "google.dk", true, false, false, -1, &kPinset_google_root_pems }, + { "google.dm", true, false, false, -1, &kPinset_google_root_pems }, + { "google.dz", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ee", true, false, false, -1, &kPinset_google_root_pems }, + { "google.es", true, false, false, -1, &kPinset_google_root_pems }, + { "google.fi", true, false, false, -1, &kPinset_google_root_pems }, + { "google.fm", true, false, false, -1, &kPinset_google_root_pems }, + { "google.fr", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ga", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ge", true, false, false, -1, &kPinset_google_root_pems }, + { "google.gg", true, false, false, -1, &kPinset_google_root_pems }, + { "google.gl", true, false, false, -1, &kPinset_google_root_pems }, + { "google.gm", true, false, false, -1, &kPinset_google_root_pems }, + { "google.gp", true, false, false, -1, &kPinset_google_root_pems }, + { "google.gr", true, false, false, -1, &kPinset_google_root_pems }, + { "google.gy", true, false, false, -1, &kPinset_google_root_pems }, + { "google.hk", true, false, false, -1, &kPinset_google_root_pems }, + { "google.hn", true, false, false, -1, &kPinset_google_root_pems }, + { "google.hr", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ht", true, false, false, -1, &kPinset_google_root_pems }, + { "google.hu", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ie", true, false, false, -1, &kPinset_google_root_pems }, + { "google.im", true, false, false, -1, &kPinset_google_root_pems }, + { "google.info", true, false, false, -1, &kPinset_google_root_pems }, + { "google.iq", true, false, false, -1, &kPinset_google_root_pems }, + { "google.is", true, false, false, -1, &kPinset_google_root_pems }, + { "google.it", true, false, false, -1, &kPinset_google_root_pems }, + { "google.it.ao", true, false, false, -1, &kPinset_google_root_pems }, + { "google.je", true, false, false, -1, &kPinset_google_root_pems }, + { "google.jo", true, false, false, -1, &kPinset_google_root_pems }, + { "google.jobs", true, false, false, -1, &kPinset_google_root_pems }, + { "google.jp", true, false, false, -1, &kPinset_google_root_pems }, + { "google.kg", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ki", true, false, false, -1, &kPinset_google_root_pems }, + { "google.kz", true, false, false, -1, &kPinset_google_root_pems }, + { "google.la", true, false, false, -1, &kPinset_google_root_pems }, + { "google.li", true, false, false, -1, &kPinset_google_root_pems }, + { "google.lk", true, false, false, -1, &kPinset_google_root_pems }, + { "google.lt", true, false, false, -1, &kPinset_google_root_pems }, + { "google.lu", true, false, false, -1, &kPinset_google_root_pems }, + { "google.lv", true, false, false, -1, &kPinset_google_root_pems }, + { "google.md", true, false, false, -1, &kPinset_google_root_pems }, + { "google.me", true, false, false, -1, &kPinset_google_root_pems }, + { "google.mg", true, false, false, -1, &kPinset_google_root_pems }, + { "google.mk", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ml", true, false, false, -1, &kPinset_google_root_pems }, + { "google.mn", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ms", true, false, false, -1, &kPinset_google_root_pems }, + { "google.mu", true, false, false, -1, &kPinset_google_root_pems }, + { "google.mv", true, false, false, -1, &kPinset_google_root_pems }, + { "google.mw", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ne", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ne.jp", true, false, false, -1, &kPinset_google_root_pems }, + { "google.net", true, false, false, -1, &kPinset_google_root_pems }, + { "google.nl", true, false, false, -1, &kPinset_google_root_pems }, + { "google.no", true, false, false, -1, &kPinset_google_root_pems }, + { "google.nr", true, false, false, -1, &kPinset_google_root_pems }, + { "google.nu", true, false, false, -1, &kPinset_google_root_pems }, + { "google.off.ai", true, false, false, -1, &kPinset_google_root_pems }, + { "google.pk", true, false, false, -1, &kPinset_google_root_pems }, + { "google.pl", true, false, false, -1, &kPinset_google_root_pems }, + { "google.pn", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ps", true, false, false, -1, &kPinset_google_root_pems }, + { "google.pt", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ro", true, false, false, -1, &kPinset_google_root_pems }, + { "google.rs", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ru", true, false, false, -1, &kPinset_google_root_pems }, + { "google.rw", true, false, false, -1, &kPinset_google_root_pems }, + { "google.sc", true, false, false, -1, &kPinset_google_root_pems }, + { "google.se", true, false, false, -1, &kPinset_google_root_pems }, + { "google.sh", true, false, false, -1, &kPinset_google_root_pems }, + { "google.si", true, false, false, -1, &kPinset_google_root_pems }, + { "google.sk", true, false, false, -1, &kPinset_google_root_pems }, + { "google.sm", true, false, false, -1, &kPinset_google_root_pems }, + { "google.sn", true, false, false, -1, &kPinset_google_root_pems }, + { "google.so", true, false, false, -1, &kPinset_google_root_pems }, + { "google.st", true, false, false, -1, &kPinset_google_root_pems }, + { "google.td", true, false, false, -1, &kPinset_google_root_pems }, + { "google.tg", true, false, false, -1, &kPinset_google_root_pems }, + { "google.tk", true, false, false, -1, &kPinset_google_root_pems }, + { "google.tl", true, false, false, -1, &kPinset_google_root_pems }, + { "google.tm", true, false, false, -1, &kPinset_google_root_pems }, + { "google.tn", true, false, false, -1, &kPinset_google_root_pems }, + { "google.to", true, false, false, -1, &kPinset_google_root_pems }, + { "google.tt", true, false, false, -1, &kPinset_google_root_pems }, + { "google.us", true, false, false, -1, &kPinset_google_root_pems }, + { "google.uz", true, false, false, -1, &kPinset_google_root_pems }, + { "google.vg", true, false, false, -1, &kPinset_google_root_pems }, + { "google.vu", true, false, false, -1, &kPinset_google_root_pems }, + { "google.ws", true, false, false, -1, &kPinset_google_root_pems }, + { "googleadservices.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googleapis.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googlecode.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googlecommerce.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googlegroups.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googlemail.com", false, false, false, -1, &kPinset_google_root_pems }, + { "googleplex.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googlesource.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googlesyndication.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googletagmanager.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googletagservices.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googleusercontent.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googlevideo.com", true, false, false, -1, &kPinset_google_root_pems }, + { "googleweblight.com", true, false, false, -1, &kPinset_google_root_pems }, + { "goto.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "gr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "groups.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "gstatic.com", true, false, false, -1, &kPinset_google_root_pems }, + { "gvt1.com", true, false, false, -1, &kPinset_google_root_pems }, + { "gvt2.com", true, false, false, -1, &kPinset_google_root_pems }, + { "gvt3.com", true, false, false, -1, &kPinset_google_root_pems }, + { "hangouts.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "history.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "hk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "hn.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "hostedtalkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "hu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "id.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "ie.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "in.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "inbox.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "include-subdomains.pinning.example.com", true, false, false, -1, &kPinset_mozilla_test }, + { "it.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "kr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "kz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "li.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "login.corp.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "login.yahoo.com", true, true, false, -1, &kPinset_yahoo }, + { "lt.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "lu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "lv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "m.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "mail-settings.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "mail.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "mail.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "maktoob.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "malaysia.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "market.android.com", true, false, false, -1, &kPinset_google_root_pems }, + { "mbasic.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "meet.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "messenger.com", false, false, false, -1, &kPinset_facebook }, + { "mobile.twitter.com", true, false, false, -1, &kPinset_twitterCom }, + { "mt.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "mtouch.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "mu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "mw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "mx.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "myaccount.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "myactivity.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "ncsccs.com", true, true, false, -1, &kPinset_ncsccs }, + { "ni.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "nl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "no.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "np.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "nz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "oauth.twitter.com", true, false, false, -1, &kPinset_twitterCom }, + { "pa.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "passwords.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "payments.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "pe.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "ph.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "pinning-test.badssl.com", true, false, false, -1, &kPinset_test }, + { "pinningtest.appspot.com", true, false, false, -1, &kPinset_test }, + { "pixel.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "pixel.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "pk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "pl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "platform.twitter.com", true, false, false, -1, &kPinset_twitterCDN }, + { "play.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "plus.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "plus.sandbox.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "pr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "profiles.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "py.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "qc.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "research.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "ro.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "ru.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "rw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "script.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "se.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "secure.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "security.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "services.mozilla.com", true, false, true, 6, &kPinset_mozilla_services }, + { "sg.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "sirburton.com", true, true, false, -1, &kPinset_ncsccs }, + { "sites.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "spideroak.com", true, false, false, -1, &kPinset_spideroak }, + { "spreadsheets.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "static.googleadsserving.cn", true, false, false, -1, &kPinset_google_root_pems }, + { "stats.g.doubleclick.net", true, false, false, -1, &kPinset_google_root_pems }, + { "sv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "swehack.org", true, true, false, -1, &kPinset_swehackCom }, + { "t.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "tablet.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "talk.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "talkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "test-mode.pinning.example.com", true, true, false, -1, &kPinset_mozilla_test }, + { "th.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "themathematician.uk", true, true, false, -1, &kPinset_ncsccs }, + { "torproject.org", false, false, false, -1, &kPinset_tor }, + { "touch.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "tr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "translate.googleapis.com", true, false, false, -1, &kPinset_google_root_pems }, + { "tv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "tw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "twimg.com", true, false, false, -1, &kPinset_twitterCDN }, + { "twitter.com", true, false, false, -1, &kPinset_twitterCDN }, + { "ua.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "uk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "upload.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "urchin.com", true, false, false, -1, &kPinset_google_root_pems }, + { "uy.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "uz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "ve.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "vn.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "w-spotlight.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "wallet.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "webfilings-eu-mirror.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "webfilings-eu.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "webfilings-mirror-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "webfilings.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "wf-bigsky-master.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "wf-demo-eu.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "wf-demo-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "wf-dogfood-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "wf-pentest.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "wf-staging-hr.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "wf-training-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "wf-training-master.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "wf-trial-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "withgoogle.com", true, false, false, -1, &kPinset_google_root_pems }, + { "withyoutube.com", true, false, false, -1, &kPinset_google_root_pems }, + { "www.dropbox.com", true, false, false, -1, &kPinset_dropbox }, + { "www.facebook.com", true, false, false, -1, &kPinset_facebook }, + { "www.gmail.com", false, false, false, -1, &kPinset_google_root_pems }, + { "www.googlegroups.com", true, false, false, -1, &kPinset_google_root_pems }, + { "www.googlemail.com", false, false, false, -1, &kPinset_google_root_pems }, + { "www.messenger.com", true, false, false, -1, &kPinset_facebook }, + { "www.torproject.org", true, false, false, -1, &kPinset_tor }, + { "www.tumblr.com", false, true, false, -1, &kPinset_tumblr }, + { "www.twitter.com", true, false, false, -1, &kPinset_twitterCom }, + { "xa.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "xbrlsuccess.appspot.com", true, false, false, -1, &kPinset_google_root_pems }, + { "xn--7xa.google.com", true, false, false, -1, &kPinset_google_root_pems }, + { "youtu.be", true, false, false, -1, &kPinset_google_root_pems }, + { "youtube-nocookie.com", true, false, false, -1, &kPinset_google_root_pems }, + { "youtube.com", true, false, false, -1, &kPinset_google_root_pems }, + { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems }, + { "za.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, +}; + +// Pinning Preload List Length = 476; + +static const int32_t kUnknownId = -1; + +static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1524772960289000); diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp new file mode 100644 index 000000000..101e2332c --- /dev/null +++ b/security/manager/ssl/TransportSecurityInfo.cpp @@ -0,0 +1,1100 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "TransportSecurityInfo.h" + +#include "PSMRunnable.h" +#include "mozilla/Casting.h" +#include "nsComponentManagerUtils.h" +#include "nsIArray.h" +#include "nsICertOverrideService.h" +#include "nsIDateTimeFormat.h" +#include "nsIObjectInputStream.h" +#include "nsIObjectOutputStream.h" +#include "nsIWebProgressListener.h" +#include "nsIX509CertValidity.h" +#include "nsNSSCertHelper.h" +#include "nsNSSCertificate.h" +#include "nsNSSComponent.h" +#include "nsReadableUtils.h" +#include "nsServiceManagerUtils.h" +#include "nsXULAppAPI.h" +#include "pkix/pkixtypes.h" +#include "secerr.h" + +//#define DEBUG_SSL_VERBOSE //Enable this define to get minimal + //reports when doing SSL read/write + +//#define DUMP_BUFFER //Enable this define along with + //DEBUG_SSL_VERBOSE to dump SSL + //read/write buffer to a log. + //Uses PR_LOG except on Mac where + //we always write out to our own + //file. + +namespace mozilla { namespace psm { + +TransportSecurityInfo::TransportSecurityInfo() + : mMutex("TransportSecurityInfo::mMutex"), + mSecurityState(nsIWebProgressListener::STATE_IS_INSECURE), + mSubRequestsBrokenSecurity(0), + mSubRequestsNoSecurity(0), + mErrorCode(0), + mErrorMessageType(PlainErrorMessage), + mPort(0) +{ +} + +TransportSecurityInfo::~TransportSecurityInfo() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return; + + shutdown(ShutdownCalledFrom::Object); +} + +void +TransportSecurityInfo::virtualDestroyNSSReference() +{ +} + +NS_IMPL_ISUPPORTS(TransportSecurityInfo, + nsITransportSecurityInfo, + nsIInterfaceRequestor, + nsISSLStatusProvider, + nsIAssociatedContentSecurity, + nsISerializable, + nsIClassInfo) + +nsresult +TransportSecurityInfo::SetHostName(const char* host) +{ + mHostName.Adopt(host ? NS_strdup(host) : 0); + return NS_OK; +} + +nsresult +TransportSecurityInfo::GetHostName(char **host) +{ + *host = (mHostName) ? NS_strdup(mHostName) : nullptr; + return NS_OK; +} + +nsresult +TransportSecurityInfo::SetPort(int32_t aPort) +{ + mPort = aPort; + return NS_OK; +} + +nsresult +TransportSecurityInfo::GetPort(int32_t *aPort) +{ + *aPort = mPort; + return NS_OK; +} + +nsresult +TransportSecurityInfo::SetOriginAttributes( + const NeckoOriginAttributes& aOriginAttributes) +{ + mOriginAttributes = aOriginAttributes; + return NS_OK; +} + +PRErrorCode +TransportSecurityInfo::GetErrorCode() const +{ + MutexAutoLock lock(mMutex); + + return mErrorCode; +} + +void +TransportSecurityInfo::SetCanceled(PRErrorCode errorCode, + SSLErrorMessageType errorMessageType) +{ + MutexAutoLock lock(mMutex); + + mErrorCode = errorCode; + mErrorMessageType = errorMessageType; + mErrorMessageCached.Truncate(); +} + +NS_IMETHODIMP +TransportSecurityInfo::GetSecurityState(uint32_t* state) +{ + *state = mSecurityState; + return NS_OK; +} + +nsresult +TransportSecurityInfo::SetSecurityState(uint32_t aState) +{ + mSecurityState = aState; + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::GetCountSubRequestsBrokenSecurity( + int32_t *aSubRequestsBrokenSecurity) +{ + *aSubRequestsBrokenSecurity = mSubRequestsBrokenSecurity; + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::SetCountSubRequestsBrokenSecurity( + int32_t aSubRequestsBrokenSecurity) +{ + mSubRequestsBrokenSecurity = aSubRequestsBrokenSecurity; + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::GetCountSubRequestsNoSecurity( + int32_t *aSubRequestsNoSecurity) +{ + *aSubRequestsNoSecurity = mSubRequestsNoSecurity; + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::SetCountSubRequestsNoSecurity( + int32_t aSubRequestsNoSecurity) +{ + mSubRequestsNoSecurity = aSubRequestsNoSecurity; + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::Flush() +{ + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::GetErrorMessage(char16_t** aText) +{ + NS_ENSURE_ARG_POINTER(aText); + *aText = nullptr; + + if (!NS_IsMainThread()) { + NS_ERROR("nsNSSSocketInfo::GetErrorMessage called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + MutexAutoLock lock(mMutex); + + if (mErrorMessageCached.IsEmpty()) { + nsresult rv = formatErrorMessage(lock, + mErrorCode, mErrorMessageType, + true, true, mErrorMessageCached); + NS_ENSURE_SUCCESS(rv, rv); + } + + *aText = ToNewUnicode(mErrorMessageCached); + return *aText ? NS_OK : NS_ERROR_OUT_OF_MEMORY; +} + +void +TransportSecurityInfo::GetErrorLogMessage(PRErrorCode errorCode, + SSLErrorMessageType errorMessageType, + nsString &result) +{ + if (!NS_IsMainThread()) { + NS_ERROR("nsNSSSocketInfo::GetErrorLogMessage called off the main thread"); + return; + } + + MutexAutoLock lock(mMutex); + (void) formatErrorMessage(lock, errorCode, errorMessageType, + false, false, result); +} + +static nsresult +formatPlainErrorMessage(nsXPIDLCString const & host, int32_t port, + PRErrorCode err, + bool suppressPort443, + nsString &returnedMessage); + +static nsresult +formatOverridableCertErrorMessage(nsISSLStatus & sslStatus, + PRErrorCode errorCodeToReport, + const nsXPIDLCString & host, int32_t port, + bool suppressPort443, + bool wantsHtml, + nsString & returnedMessage); + +// XXX: uses nsNSSComponent string bundles off the main thread when called by +// nsNSSSocketInfo::Write(). +nsresult +TransportSecurityInfo::formatErrorMessage(MutexAutoLock const & proofOfLock, + PRErrorCode errorCode, + SSLErrorMessageType errorMessageType, + bool wantsHtml, bool suppressPort443, + nsString &result) +{ + result.Truncate(); + if (errorCode == 0) { + return NS_OK; + } + + if (!XRE_IsParentProcess()) { + return NS_ERROR_UNEXPECTED; + } + + nsresult rv; + NS_ConvertASCIItoUTF16 hostNameU(mHostName); + NS_ASSERTION(errorMessageType != OverridableCertErrorMessage || + (mSSLStatus && mSSLStatus->HasServerCert() && + mSSLStatus->mHaveCertErrorBits), + "GetErrorLogMessage called for cert error without cert"); + if (errorMessageType == OverridableCertErrorMessage && + mSSLStatus && mSSLStatus->HasServerCert()) { + rv = formatOverridableCertErrorMessage(*mSSLStatus, errorCode, + mHostName, mPort, + suppressPort443, + wantsHtml, + result); + } else { + rv = formatPlainErrorMessage(mHostName, mPort, + errorCode, + suppressPort443, + result); + } + + if (NS_FAILED(rv)) { + result.Truncate(); + } + + return rv; +} + +NS_IMETHODIMP +TransportSecurityInfo::GetErrorCode(int32_t* state) +{ + *state = GetErrorCode(); + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::GetInterface(const nsIID & uuid, void * *result) +{ + if (!NS_IsMainThread()) { + NS_ERROR("nsNSSSocketInfo::GetInterface called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + nsresult rv; + if (!mCallbacks) { + nsCOMPtr ir = new PipUIContext(); + rv = ir->GetInterface(uuid, result); + } else { + rv = mCallbacks->GetInterface(uuid, result); + } + return rv; +} + +// This is a new magic value. However, it re-uses the first 4 bytes +// of the previous value. This is so when older versions attempt to +// read a newer serialized TransportSecurityInfo, they will actually +// fail and return NS_ERROR_FAILURE instead of silently failing. +#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0x1faa, 0x4169, \ + { 0xb0, 0xd2, 0x81, 0x29, 0xec, 0x7c, 0xb1, 0xde } } +static NS_DEFINE_CID(kTransportSecurityInfoMagic, TRANSPORTSECURITYINFOMAGIC); + +NS_IMETHODIMP +TransportSecurityInfo::Write(nsIObjectOutputStream* stream) +{ + nsresult rv = stream->WriteID(kTransportSecurityInfoMagic); + if (NS_FAILED(rv)) { + return rv; + } + + MutexAutoLock lock(mMutex); + + rv = stream->Write32(mSecurityState); + if (NS_FAILED(rv)) { + return rv; + } + rv = stream->Write32(mSubRequestsBrokenSecurity); + if (NS_FAILED(rv)) { + return rv; + } + rv = stream->Write32(mSubRequestsNoSecurity); + if (NS_FAILED(rv)) { + return rv; + } + rv = stream->Write32(static_cast(mErrorCode)); + if (NS_FAILED(rv)) { + return rv; + } + if (mErrorMessageCached.IsEmpty()) { + // XXX: uses nsNSSComponent string bundles off the main thread + rv = formatErrorMessage(lock, mErrorCode, mErrorMessageType, + true, true, mErrorMessageCached); + if (NS_FAILED(rv)) { + return rv; + } + } + rv = stream->WriteWStringZ(mErrorMessageCached.get()); + if (NS_FAILED(rv)) { + return rv; + } + + // For successful connections and for connections with overridable errors, + // mSSLStatus will be non-null. However, for connections with non-overridable + // errors, it will be null. + nsCOMPtr serializable(mSSLStatus); + rv = NS_WriteOptionalCompoundObject(stream, + serializable, + NS_GET_IID(nsISSLStatus), + true); + if (NS_FAILED(rv)) { + return rv; + } + + rv = NS_WriteOptionalCompoundObject(stream, + mFailedCertChain, + NS_GET_IID(nsIX509CertList), + true); + if (NS_FAILED(rv)) { + return rv; + } + + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::Read(nsIObjectInputStream* stream) +{ + nsID id; + nsresult rv = stream->ReadID(&id); + if (NS_FAILED(rv)) { + return rv; + } + if (!id.Equals(kTransportSecurityInfoMagic)) { + return NS_ERROR_UNEXPECTED; + } + + MutexAutoLock lock(mMutex); + + rv = stream->Read32(&mSecurityState); + if (NS_FAILED(rv)) { + return rv; + } + uint32_t subRequestsBrokenSecurity; + rv = stream->Read32(&subRequestsBrokenSecurity); + if (NS_FAILED(rv)) { + return rv; + } + if (subRequestsBrokenSecurity > + static_cast(std::numeric_limits::max())) { + return NS_ERROR_UNEXPECTED; + } + mSubRequestsBrokenSecurity = subRequestsBrokenSecurity; + uint32_t subRequestsNoSecurity; + rv = stream->Read32(&subRequestsNoSecurity); + if (NS_FAILED(rv)) { + return rv; + } + if (subRequestsNoSecurity > + static_cast(std::numeric_limits::max())) { + return NS_ERROR_UNEXPECTED; + } + mSubRequestsNoSecurity = subRequestsNoSecurity; + uint32_t errorCode; + rv = stream->Read32(&errorCode); + if (NS_FAILED(rv)) { + return rv; + } + // PRErrorCode will be a negative value + mErrorCode = static_cast(errorCode); + + rv = stream->ReadString(mErrorMessageCached); + if (NS_FAILED(rv)) { + return rv; + } + + // For successful connections and for connections with overridable errors, + // mSSLStatus will be non-null. For connections with non-overridable errors, + // it will be null. + nsCOMPtr supports; + rv = NS_ReadOptionalObject(stream, true, getter_AddRefs(supports)); + if (NS_FAILED(rv)) { + return rv; + } + mSSLStatus = BitwiseCast(supports.get()); + + nsCOMPtr failedCertChainSupports; + rv = NS_ReadOptionalObject(stream, true, getter_AddRefs(failedCertChainSupports)); + if (NS_FAILED(rv)) { + return rv; + } + mFailedCertChain = do_QueryInterface(failedCertChainSupports); + + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::GetInterfaces(uint32_t *count, nsIID * **array) +{ + *count = 0; + *array = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::GetScriptableHelper(nsIXPCScriptable **_retval) +{ + *_retval = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::GetContractID(char * *aContractID) +{ + *aContractID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::GetClassDescription(char * *aClassDescription) +{ + *aClassDescription = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +TransportSecurityInfo::GetClassID(nsCID * *aClassID) +{ + *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID)); + if (!*aClassID) + return NS_ERROR_OUT_OF_MEMORY; + return GetClassIDNoAlloc(*aClassID); +} + +NS_IMETHODIMP +TransportSecurityInfo::GetFlags(uint32_t *aFlags) +{ + *aFlags = 0; + return NS_OK; +} + +static NS_DEFINE_CID(kNSSSocketInfoCID, TRANSPORTSECURITYINFO_CID); + +NS_IMETHODIMP +TransportSecurityInfo::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc) +{ + *aClassIDNoAlloc = kNSSSocketInfoCID; + return NS_OK; +} + +nsresult +TransportSecurityInfo::GetSSLStatus(nsISSLStatus** _result) +{ + NS_ENSURE_ARG_POINTER(_result); + + *_result = mSSLStatus; + NS_IF_ADDREF(*_result); + + return NS_OK; +} + +nsresult +TransportSecurityInfo::SetSSLStatus(nsSSLStatus *aSSLStatus) +{ + mSSLStatus = aSSLStatus; + + return NS_OK; +} + +/* Formats an error message for non-certificate-related SSL errors + * and non-overridable certificate errors (both are of type + * PlainErrormMessage). Use formatOverridableCertErrorMessage + * for overridable cert errors. + */ +static nsresult +formatPlainErrorMessage(const nsXPIDLCString &host, int32_t port, + PRErrorCode err, + bool suppressPort443, + nsString &returnedMessage) +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + const char16_t *params[1]; + nsresult rv; + + nsCOMPtr component = do_GetService(kNSSComponentCID, &rv); + NS_ENSURE_SUCCESS(rv, rv); + + if (host.Length()) + { + nsString hostWithPort; + + // For now, hide port when it's 443 and we're reporting the error. + // In the future a better mechanism should be used + // to make a decision about showing the port number, possibly by requiring + // the context object to implement a specific interface. + // The motivation is that Mozilla browser would like to hide the port number + // in error pages in the common case. + + hostWithPort.AssignASCII(host); + if (!suppressPort443 || port != 443) { + hostWithPort.Append(':'); + hostWithPort.AppendInt(port); + } + params[0] = hostWithPort.get(); + + nsString formattedString; + rv = component->PIPBundleFormatStringFromName("SSLConnectionErrorPrefix", + params, 1, + formattedString); + if (NS_SUCCEEDED(rv)) + { + returnedMessage.Append(formattedString); + returnedMessage.AppendLiteral("\n\n"); + } + } + + nsString explanation; + rv = nsNSSErrors::getErrorMessageFromCode(err, component, explanation); + if (NS_SUCCEEDED(rv)) + returnedMessage.Append(explanation); + + return NS_OK; +} + +static void +AppendErrorTextUntrusted(PRErrorCode errTrust, + const nsString &host, + nsIX509Cert* ix509, + nsINSSComponent *component, + nsString &returnedMessage) +{ + const char* errorID = nullptr; + const char* errorID2 = nullptr; + const char* errorID3 = nullptr; + bool isSelfSigned; + if (NS_SUCCEEDED(ix509->GetIsSelfSigned(&isSelfSigned)) && isSelfSigned) { + errorID = "certErrorTrust_SelfSigned"; + } + + if (!errorID) { + switch (errTrust) { + case SEC_ERROR_UNKNOWN_ISSUER: + errorID = "certErrorTrust_UnknownIssuer"; + errorID2 = "certErrorTrust_UnknownIssuer2"; + errorID3 = "certErrorTrust_UnknownIssuer3"; + break; + case SEC_ERROR_CA_CERT_INVALID: + errorID = "certErrorTrust_CaInvalid"; + break; + case SEC_ERROR_UNTRUSTED_ISSUER: + errorID = "certErrorTrust_Issuer"; + break; + case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: + errorID = "certErrorTrust_SignatureAlgorithmDisabled"; + break; + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + errorID = "certErrorTrust_ExpiredIssuer"; + break; + case SEC_ERROR_UNTRUSTED_CERT: + default: + errorID = "certErrorTrust_Untrusted"; + break; + } + } + + const char* errorIDs[] = { errorID, errorID2, errorID3 }; + for (size_t i = 0; i < ArrayLength(errorIDs); i++) { + if (!errorIDs[i]) { + break; + } + + nsString formattedString; + nsresult rv = component->GetPIPNSSBundleString(errorIDs[i], formattedString); + if (NS_SUCCEEDED(rv)) { + returnedMessage.Append(formattedString); + returnedMessage.Append('\n'); + } + } +} + +// Returns the number of dNSName or iPAddress entries encountered in the +// subject alternative name extension of the certificate. +// Returns zero if the extension is not present, could not be decoded, or if it +// does not contain any dNSName or iPAddress entries. +static uint32_t +GetSubjectAltNames(CERTCertificate* nssCert, nsString& allNames) +{ + allNames.Truncate(); + + ScopedAutoSECItem altNameExtension; + SECStatus rv = CERT_FindCertExtension(nssCert, SEC_OID_X509_SUBJECT_ALT_NAME, + &altNameExtension); + if (rv != SECSuccess) { + return 0; + } + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return 0; + } + CERTGeneralName* sanNameList(CERT_DecodeAltNameExtension(arena.get(), + &altNameExtension)); + if (!sanNameList) { + return 0; + } + + uint32_t nameCount = 0; + CERTGeneralName* current = sanNameList; + do { + nsAutoString name; + switch (current->type) { + case certDNSName: + { + nsDependentCSubstring nameFromCert(BitwiseCast( + current->name.other.data), + current->name.other.len); + // dNSName fields are defined as type IA5String and thus should + // be limited to ASCII characters. + if (IsASCII(nameFromCert)) { + name.Assign(NS_ConvertASCIItoUTF16(nameFromCert)); + if (!allNames.IsEmpty()) { + allNames.AppendLiteral(", "); + } + ++nameCount; + allNames.Append(name); + } + } + break; + + case certIPAddress: + { + char buf[INET6_ADDRSTRLEN]; + PRNetAddr addr; + if (current->name.other.len == 4) { + addr.inet.family = PR_AF_INET; + memcpy(&addr.inet.ip, current->name.other.data, current->name.other.len); + PR_NetAddrToString(&addr, buf, sizeof(buf)); + name.AssignASCII(buf); + } else if (current->name.other.len == 16) { + addr.ipv6.family = PR_AF_INET6; + memcpy(&addr.ipv6.ip, current->name.other.data, current->name.other.len); + PR_NetAddrToString(&addr, buf, sizeof(buf)); + name.AssignASCII(buf); + } else { + /* invalid IP address */ + } + if (!name.IsEmpty()) { + if (!allNames.IsEmpty()) { + allNames.AppendLiteral(", "); + } + ++nameCount; + allNames.Append(name); + } + break; + } + + default: // all other types of names are ignored + break; + } + current = CERT_GetNextGeneralName(current); + } while (current != sanNameList); // double linked + + return nameCount; +} + +static nsresult +AppendErrorTextMismatch(const nsString& host, nsIX509Cert* ix509, + nsINSSComponent* component, bool wantsHtml, + nsString& returnedMessage) +{ + // Prepare a default "not valid for " string in case anything + // goes wrong (or in case the certificate is not valid for any hostnames). + nsAutoString notValidForHostnameString; + const char16_t* params[1]; + params[0] = host.get(); + nsresult rv = component->PIPBundleFormatStringFromName( + "certErrorMismatch", params, 1, notValidForHostnameString); + if (NS_FAILED(rv)) { + return rv; + } + notValidForHostnameString.Append('\n'); + + UniqueCERTCertificate nssCert(ix509->GetCert()); + if (!nssCert) { + returnedMessage.Append(notValidForHostnameString); + return NS_OK; + } + + nsAutoString allNames; + uint32_t nameCount = GetSubjectAltNames(nssCert.get(), allNames); + if (nameCount == 0) { + returnedMessage.Append(notValidForHostnameString); + } else if (nameCount > 1) { + nsString message; + rv = component->GetPIPNSSBundleString("certErrorMismatchMultiple", message); + if (NS_FAILED(rv)) { + return rv; + } + returnedMessage.Append(message); + returnedMessage.AppendLiteral("\n "); + returnedMessage.Append(allNames); + returnedMessage.AppendLiteral(" \n"); + } else if (nameCount == 1) { + params[0] = allNames.get(); + + const char* stringID = wantsHtml ? "certErrorMismatchSingle2" + : "certErrorMismatchSinglePlain"; + nsAutoString formattedString; + rv = component->PIPBundleFormatStringFromName(stringID, params, 1, + formattedString); + if (NS_FAILED(rv)) { + return rv; + } + returnedMessage.Append(formattedString); + returnedMessage.Append('\n'); + } + + return NS_OK; +} + +static void +GetDateBoundary(nsIX509Cert* ix509, + nsString &formattedDate, + nsString &nowDate, + bool &trueExpired_falseNotYetValid) +{ + trueExpired_falseNotYetValid = true; + formattedDate.Truncate(); + + PRTime notAfter, notBefore, timeToUse; + nsCOMPtr validity; + nsresult rv; + + rv = ix509->GetValidity(getter_AddRefs(validity)); + if (NS_FAILED(rv)) + return; + + rv = validity->GetNotAfter(¬After); + if (NS_FAILED(rv)) + return; + + rv = validity->GetNotBefore(¬Before); + if (NS_FAILED(rv)) + return; + + PRTime now = PR_Now(); + if (now > notAfter) { + timeToUse = notAfter; + } else { + timeToUse = notBefore; + trueExpired_falseNotYetValid = false; + } + + nsCOMPtr dateTimeFormat = nsIDateTimeFormat::Create(); + if (!dateTimeFormat) { + return; + } + + dateTimeFormat->FormatPRTime(nullptr, kDateFormatLong, kTimeFormatNoSeconds, + timeToUse, formattedDate); + dateTimeFormat->FormatPRTime(nullptr, kDateFormatLong, kTimeFormatNoSeconds, + now, nowDate); +} + +static void +AppendErrorTextTime(nsIX509Cert* ix509, + nsINSSComponent *component, + nsString &returnedMessage) +{ + nsAutoString formattedDate, nowDate; + bool trueExpired_falseNotYetValid; + GetDateBoundary(ix509, formattedDate, nowDate, trueExpired_falseNotYetValid); + + const char16_t *params[2]; + params[0] = formattedDate.get(); // might be empty, if helper function had a problem + params[1] = nowDate.get(); + + const char *key = trueExpired_falseNotYetValid ? + "certErrorExpiredNow" : "certErrorNotYetValidNow"; + nsresult rv; + nsString formattedString; + rv = component->PIPBundleFormatStringFromName( + key, + params, + ArrayLength(params), + formattedString); + if (NS_SUCCEEDED(rv)) + { + returnedMessage.Append(formattedString); + returnedMessage.Append('\n'); + } +} + +static void +AppendErrorTextCode(PRErrorCode errorCodeToReport, + nsINSSComponent *component, + nsString &returnedMessage) +{ + const char *codeName = nsNSSErrors::getDefaultErrorStringName(errorCodeToReport); + if (codeName) + { + nsCString error_id(codeName); + NS_ConvertASCIItoUTF16 idU(error_id); + + const char16_t *params[1]; + params[0] = idU.get(); + + nsString formattedString; + nsresult rv; + rv = component->PIPBundleFormatStringFromName("certErrorCodePrefix2", + params, 1, + formattedString); + if (NS_SUCCEEDED(rv)) { + returnedMessage.Append('\n'); + returnedMessage.Append(formattedString); + returnedMessage.Append('\n'); + } + else { + returnedMessage.AppendLiteral(" ("); + returnedMessage.Append(idU); + returnedMessage.Append(')'); + } + } +} + +/* Formats an error message for overridable certificate errors (of type + * OverridableCertErrorMessage). Use formatPlainErrorMessage to format + * non-overridable cert errors and non-cert-related errors. + */ +static nsresult +formatOverridableCertErrorMessage(nsISSLStatus & sslStatus, + PRErrorCode errorCodeToReport, + const nsXPIDLCString & host, int32_t port, + bool suppressPort443, + bool wantsHtml, + nsString & returnedMessage) +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + const char16_t *params[1]; + nsresult rv; + nsAutoString hostWithPort; + nsAutoString hostWithoutPort; + + // For now, hide port when it's 443 and we're reporting the error. + // In the future a better mechanism should be used + // to make a decision about showing the port number, possibly by requiring + // the context object to implement a specific interface. + // The motivation is that Mozilla browser would like to hide the port number + // in error pages in the common case. + + hostWithoutPort.AppendASCII(host); + if (suppressPort443 && port == 443) { + params[0] = hostWithoutPort.get(); + } else { + hostWithPort.AppendASCII(host); + hostWithPort.Append(':'); + hostWithPort.AppendInt(port); + params[0] = hostWithPort.get(); + } + + nsCOMPtr component = do_GetService(kNSSComponentCID, &rv); + NS_ENSURE_SUCCESS(rv, rv); + + returnedMessage.Truncate(); + rv = component->PIPBundleFormatStringFromName("certErrorIntro", params, 1, + returnedMessage); + NS_ENSURE_SUCCESS(rv, rv); + + returnedMessage.AppendLiteral("\n\n"); + + RefPtr ix509; + rv = sslStatus.GetServerCert(getter_AddRefs(ix509)); + NS_ENSURE_SUCCESS(rv, rv); + + bool isUntrusted; + rv = sslStatus.GetIsUntrusted(&isUntrusted); + NS_ENSURE_SUCCESS(rv, rv); + if (isUntrusted) { + AppendErrorTextUntrusted(errorCodeToReport, hostWithoutPort, ix509, + component, returnedMessage); + } + + bool isDomainMismatch; + rv = sslStatus.GetIsDomainMismatch(&isDomainMismatch); + NS_ENSURE_SUCCESS(rv, rv); + if (isDomainMismatch) { + rv = AppendErrorTextMismatch(hostWithoutPort, ix509, component, wantsHtml, + returnedMessage); + NS_ENSURE_SUCCESS(rv, rv); + } + + bool isNotValidAtThisTime; + rv = sslStatus.GetIsNotValidAtThisTime(&isNotValidAtThisTime); + NS_ENSURE_SUCCESS(rv, rv); + if (isNotValidAtThisTime) { + AppendErrorTextTime(ix509, component, returnedMessage); + } + + AppendErrorTextCode(errorCodeToReport, component, returnedMessage); + + return NS_OK; +} + +// RememberCertErrorsTable + +/*static*/ RememberCertErrorsTable* +RememberCertErrorsTable::sInstance = nullptr; + +RememberCertErrorsTable::RememberCertErrorsTable() + : mErrorHosts() + , mMutex("RememberCertErrorsTable::mMutex") +{ +} + +static nsresult +GetHostPortKey(TransportSecurityInfo* infoObject, nsAutoCString &result) +{ + nsresult rv; + + result.Truncate(); + + nsXPIDLCString hostName; + rv = infoObject->GetHostName(getter_Copies(hostName)); + NS_ENSURE_SUCCESS(rv, rv); + + int32_t port; + rv = infoObject->GetPort(&port); + NS_ENSURE_SUCCESS(rv, rv); + + result.Assign(hostName); + result.Append(':'); + result.AppendInt(port); + + return NS_OK; +} + +void +RememberCertErrorsTable::RememberCertHasError(TransportSecurityInfo* infoObject, + nsSSLStatus* status, + SECStatus certVerificationResult) +{ + nsresult rv; + + nsAutoCString hostPortKey; + rv = GetHostPortKey(infoObject, hostPortKey); + if (NS_FAILED(rv)) + return; + + if (certVerificationResult != SECSuccess) { + NS_ASSERTION(status, + "Must have nsSSLStatus object when remembering flags"); + + if (!status) + return; + + CertStateBits bits; + bits.mIsDomainMismatch = status->mIsDomainMismatch; + bits.mIsNotValidAtThisTime = status->mIsNotValidAtThisTime; + bits.mIsUntrusted = status->mIsUntrusted; + + MutexAutoLock lock(mMutex); + mErrorHosts.Put(hostPortKey, bits); + } + else { + MutexAutoLock lock(mMutex); + mErrorHosts.Remove(hostPortKey); + } +} + +void +RememberCertErrorsTable::LookupCertErrorBits(TransportSecurityInfo* infoObject, + nsSSLStatus* status) +{ + // Get remembered error bits from our cache, because of SSL session caching + // the NSS library potentially hasn't notified us for this socket. + if (status->mHaveCertErrorBits) + // Rather do not modify bits if already set earlier + return; + + nsresult rv; + + nsAutoCString hostPortKey; + rv = GetHostPortKey(infoObject, hostPortKey); + if (NS_FAILED(rv)) + return; + + CertStateBits bits; + { + MutexAutoLock lock(mMutex); + if (!mErrorHosts.Get(hostPortKey, &bits)) + // No record was found, this host had no cert errors + return; + } + + // This host had cert errors, update the bits correctly + status->mHaveCertErrorBits = true; + status->mIsDomainMismatch = bits.mIsDomainMismatch; + status->mIsNotValidAtThisTime = bits.mIsNotValidAtThisTime; + status->mIsUntrusted = bits.mIsUntrusted; +} + +void +TransportSecurityInfo::SetStatusErrorBits(nsNSSCertificate* cert, + uint32_t collected_errors) +{ + MutexAutoLock lock(mMutex); + + if (!mSSLStatus) { + mSSLStatus = new nsSSLStatus(); + } + + mSSLStatus->SetServerCert(cert, EVStatus::NotEV); + + mSSLStatus->mHaveCertErrorBits = true; + mSSLStatus->mIsDomainMismatch = + collected_errors & nsICertOverrideService::ERROR_MISMATCH; + mSSLStatus->mIsNotValidAtThisTime = + collected_errors & nsICertOverrideService::ERROR_TIME; + mSSLStatus->mIsUntrusted = + collected_errors & nsICertOverrideService::ERROR_UNTRUSTED; + + RememberCertErrorsTable::GetInstance().RememberCertHasError(this, + mSSLStatus, + SECFailure); +} + +NS_IMETHODIMP +TransportSecurityInfo::GetFailedCertChain(nsIX509CertList** _result) +{ + NS_ASSERTION(_result, "non-NULL destination required"); + + *_result = mFailedCertChain; + NS_IF_ADDREF(*_result); + + return NS_OK; +} + +nsresult +TransportSecurityInfo::SetFailedCertChain(UniqueCERTCertList certList) +{ + nsNSSShutDownPreventionLock lock; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + // nsNSSCertList takes ownership of certList + mFailedCertChain = new nsNSSCertList(Move(certList), lock); + + return NS_OK; +} + +} } // namespace mozilla::psm diff --git a/security/manager/ssl/TransportSecurityInfo.h b/security/manager/ssl/TransportSecurityInfo.h new file mode 100644 index 000000000..7f8847852 --- /dev/null +++ b/security/manager/ssl/TransportSecurityInfo.h @@ -0,0 +1,171 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef TransportSecurityInfo_h +#define TransportSecurityInfo_h + +#include "ScopedNSSTypes.h" +#include "certt.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/Mutex.h" +#include "mozilla/RefPtr.h" +#include "nsDataHashtable.h" +#include "nsIAssociatedContentSecurity.h" +#include "nsIInterfaceRequestor.h" +#include "nsISSLStatusProvider.h" +#include "nsITransportSecurityInfo.h" +#include "nsNSSShutDown.h" +#include "nsSSLStatus.h" +#include "pkix/pkixtypes.h" + +namespace mozilla { namespace psm { + +enum SSLErrorMessageType { + OverridableCertErrorMessage = 1, // for *overridable* certificate errors + PlainErrorMessage = 2 // all other errors (or "no error") +}; + +class TransportSecurityInfo : public nsITransportSecurityInfo, + public nsIInterfaceRequestor, + public nsISSLStatusProvider, + public nsIAssociatedContentSecurity, + public nsISerializable, + public nsIClassInfo, + public nsNSSShutDownObject, + public nsOnPK11LogoutCancelObject +{ +protected: + virtual ~TransportSecurityInfo(); +public: + TransportSecurityInfo(); + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSITRANSPORTSECURITYINFO + NS_DECL_NSIINTERFACEREQUESTOR + NS_DECL_NSISSLSTATUSPROVIDER + NS_DECL_NSIASSOCIATEDCONTENTSECURITY + NS_DECL_NSISERIALIZABLE + NS_DECL_NSICLASSINFO + + nsresult SetSecurityState(uint32_t aState); + nsresult SetShortSecurityDescription(const char16_t *aText); + + const nsACString & GetHostName() const { return mHostName; } + const char * GetHostNameRaw() const { return mHostName.get(); } + + nsresult GetHostName(char **aHostName); + nsresult SetHostName(const char *aHostName); + + int32_t GetPort() const { return mPort; } + nsresult GetPort(int32_t *aPort); + nsresult SetPort(int32_t aPort); + + const NeckoOriginAttributes& GetOriginAttributes() const { + return mOriginAttributes; + } + nsresult SetOriginAttributes(const NeckoOriginAttributes& aOriginAttributes); + + PRErrorCode GetErrorCode() const; + + void GetErrorLogMessage(PRErrorCode errorCode, + ::mozilla::psm::SSLErrorMessageType errorMessageType, + nsString &result); + + void SetCanceled(PRErrorCode errorCode, + ::mozilla::psm::SSLErrorMessageType errorMessageType); + + /* Set SSL Status values */ + nsresult SetSSLStatus(nsSSLStatus *aSSLStatus); + nsSSLStatus* SSLStatus() { return mSSLStatus; } + void SetStatusErrorBits(nsNSSCertificate* cert, uint32_t collected_errors); + + nsresult SetFailedCertChain(UniqueCERTCertList certList); + +private: + mutable ::mozilla::Mutex mMutex; + +protected: + nsCOMPtr mCallbacks; + +private: + uint32_t mSecurityState; + int32_t mSubRequestsBrokenSecurity; + int32_t mSubRequestsNoSecurity; + + PRErrorCode mErrorCode; + ::mozilla::psm::SSLErrorMessageType mErrorMessageType; + nsString mErrorMessageCached; + nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock, + PRErrorCode errorCode, + ::mozilla::psm::SSLErrorMessageType errorMessageType, + bool wantsHtml, bool suppressPort443, + nsString &result); + + int32_t mPort; + nsXPIDLCString mHostName; + NeckoOriginAttributes mOriginAttributes; + + /* SSL Status */ + RefPtr mSSLStatus; + + /* Peer cert chain for failed connections (for error reporting) */ + nsCOMPtr mFailedCertChain; + + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); +}; + +class RememberCertErrorsTable +{ +private: + RememberCertErrorsTable(); + + struct CertStateBits + { + bool mIsDomainMismatch; + bool mIsNotValidAtThisTime; + bool mIsUntrusted; + }; + nsDataHashtable mErrorHosts; + +public: + void RememberCertHasError(TransportSecurityInfo * infoobject, + nsSSLStatus * status, + SECStatus certVerificationResult); + void LookupCertErrorBits(TransportSecurityInfo * infoObject, + nsSSLStatus* status); + + static nsresult Init() + { + sInstance = new RememberCertErrorsTable(); + return NS_OK; + } + + static RememberCertErrorsTable & GetInstance() + { + MOZ_ASSERT(sInstance); + return *sInstance; + } + + static void Cleanup() + { + delete sInstance; + sInstance = nullptr; + } +private: + Mutex mMutex; + + static RememberCertErrorsTable * sInstance; +}; + +} } // namespace mozilla::psm + +// 16786594-0296-4471-8096-8f84497ca428 +#define TRANSPORTSECURITYINFO_CID \ +{ 0x16786594, 0x0296, 0x4471, \ + { 0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 } } + +#endif // TransportSecurityInfo_h diff --git a/security/manager/ssl/WeakCryptoOverride.cpp b/security/manager/ssl/WeakCryptoOverride.cpp new file mode 100644 index 000000000..6b86e9f86 --- /dev/null +++ b/security/manager/ssl/WeakCryptoOverride.cpp @@ -0,0 +1,67 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "WeakCryptoOverride.h" + +#include "MainThreadUtils.h" +#include "SharedSSLState.h" +#include "nss.h" + +using namespace mozilla; +using namespace mozilla::psm; + +NS_IMPL_ISUPPORTS(WeakCryptoOverride, + nsIWeakCryptoOverride) + +WeakCryptoOverride::WeakCryptoOverride() +{ +} + +WeakCryptoOverride::~WeakCryptoOverride() +{ +} + +NS_IMETHODIMP +WeakCryptoOverride::AddWeakCryptoOverride(const nsACString& aHostName, + bool aPrivate, bool aTemporary) +{ + if (!NS_IsMainThread()) { + return NS_ERROR_NOT_SAME_THREAD; + } + + SharedSSLState* sharedState = aPrivate ? PrivateSSLState() + : PublicSSLState(); + if (!sharedState) { + return NS_ERROR_NOT_AVAILABLE; + } + const nsPromiseFlatCString& host = PromiseFlatCString(aHostName); + sharedState->IOLayerHelpers().addInsecureFallbackSite(host, aTemporary); + + return NS_OK; +} + +NS_IMETHODIMP +WeakCryptoOverride::RemoveWeakCryptoOverride(const nsACString& aHostName, + int32_t aPort, bool aPrivate) +{ + if (!NS_IsMainThread()) { + return NS_ERROR_NOT_SAME_THREAD; + } + + SharedSSLState* sharedState = aPrivate ? PrivateSSLState() + : PublicSSLState(); + if (!sharedState) { + return NS_ERROR_NOT_AVAILABLE; + } + const nsPromiseFlatCString& host = PromiseFlatCString(aHostName); + sharedState->IOLayerHelpers().removeInsecureFallbackSite(host, aPort); + + // Some servers will fail with SSL_ERROR_ILLEGAL_PARAMETER_ALERT + // unless the session cache is cleared. + SSL_ClearSessionCache(); + + return NS_OK; +} diff --git a/security/manager/ssl/WeakCryptoOverride.h b/security/manager/ssl/WeakCryptoOverride.h new file mode 100644 index 000000000..fefee75ef --- /dev/null +++ b/security/manager/ssl/WeakCryptoOverride.h @@ -0,0 +1,35 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef WEAKCRYPTOOVERRIDE_H +#define WEAKCRYPTOOVERRIDE_H + +#include "nsIWeakCryptoOverride.h" +#include "nsWeakReference.h" + +namespace mozilla { +namespace psm { + +class WeakCryptoOverride final : public nsIWeakCryptoOverride +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIWEAKCRYPTOOVERRIDE + + WeakCryptoOverride(); + +protected: + ~WeakCryptoOverride(); +}; + +} // psm +} // mozilla + +#define NS_WEAKCRYPTOOVERRIDE_CID /* ffb06724-3c20-447c-8328-ae71513dd618 */ \ +{ 0xffb06724, 0x3c20, 0x447c, \ + { 0x83, 0x28, 0xae, 0x71, 0x51, 0x3d, 0xd6, 0x18 } } + +#endif diff --git a/security/manager/ssl/X509.jsm b/security/manager/ssl/X509.jsm new file mode 100644 index 000000000..be107454e --- /dev/null +++ b/security/manager/ssl/X509.jsm @@ -0,0 +1,632 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +const Cu = Components.utils; +var { DER } = Cu.import("resource://gre/modules/psm/DER.jsm", {}); + +const ERROR_UNSUPPORTED_ASN1 = "unsupported asn.1"; +const ERROR_TIME_NOT_VALID = "Time not valid"; +const ERROR_LIBRARY_FAILURE = "library failure"; + +const X509v3 = 2; + +/** + * Helper function to read a NULL tag from the given DER. + * @param {DER} der a DER object to read a NULL from + * @return {NULL} an object representing an ASN.1 NULL + */ +function readNULL(der) { + return new NULL(der.readTagAndGetContents(DER.NULL)); +} + +/** + * Class representing an ASN.1 NULL. When encoded as DER, the only valid value + * is 05 00, and thus the contents should always be an empty array. + */ +class NULL { + /** + * @param {Number[]} bytes the contents of the NULL tag (should be empty) + */ + constructor(bytes) { + // Lint TODO: bytes should be an empty array + this._contents = bytes; + } +} + +/** + * Helper function to read an OBJECT IDENTIFIER from the given DER. + * @param {DER} der the DER to read an OBJECT IDENTIFIER from + * @return {OID} the value of the OBJECT IDENTIFIER + */ +function readOID(der) { + return new OID(der.readTagAndGetContents(DER.OBJECT_IDENTIFIER)); +} + +/** Class representing an ASN.1 OBJECT IDENTIFIER */ +class OID { + /** + * @param {Number[]} bytes the encoded contents of the OBJECT IDENTIFIER + * (not including the ASN.1 tag or length bytes) + */ + constructor(bytes) { + this._values = []; + // First octet has value 40 * value1 + value2 + // Lint TODO: validate that value1 is one of {0, 1, 2} + // Lint TODO: validate that value2 is in [0, 39] if value1 is 0 or 1 + let value1 = Math.floor(bytes[0] / 40); + let value2 = bytes[0] - 40 * value1; + this._values.push(value1); + this._values.push(value2); + bytes.shift(); + let accumulator = 0; + // Lint TODO: prevent overflow here + while (bytes.length > 0) { + let value = bytes.shift(); + accumulator *= 128; + if (value > 128) { + accumulator += (value - 128); + } else { + accumulator += value; + this._values.push(accumulator); + accumulator = 0; + } + } + } +} + +/** + * Class that serves as an abstract base class for more specific classes that + * represent datatypes from RFC 5280 and others. Given an array of bytes + * representing the DER encoding of such types, this framework simplifies the + * process of making a new DER object, attempting to parse the given bytes, and + * catching and stashing thrown exceptions. Subclasses are to implement + * parseOverride, which should read from this._der to fill out the structure's + * values. + */ +class DecodedDER { + constructor() { + this._der = null; + this._error = null; + } + + /** + * Returns the first exception encountered when decoding or null if none has + * been encountered. + * @return {Error} the first exception encountered when decoding or null + */ + get error() { + return this._error; + } + + /** + * Does the actual work of parsing the data. To be overridden by subclasses. + * If an implementation of parseOverride throws an exception, parse will catch + * that exception and stash it in the error property. This enables parent + * levels in a nested decoding hierarchy to continue to decode as much as + * possible. + */ + parseOverride() { + throw new Error(ERROR_LIBRARY_FAILURE); + } + + /** + * Public interface to be called to parse all data. Calls parseOverride inside + * a try/catch block. If an exception is thrown, stashes the error, which can + * be obtained via the error getter (above). + * @param {Number[]} bytes encoded DER to be decoded + */ + parse(bytes) { + this._der = new DER.DER(bytes); + try { + this.parseOverride(); + } catch (e) { + this._error = e; + } + } +} + +/** + * Helper function for reading the next SEQUENCE out of a DER and creating a new + * DER out of the resulting bytes. + * @param {DER} der the underlying DER object + * @return {DER} the contents of the SEQUENCE + */ +function readSEQUENCEAndMakeDER(der) { + return new DER.DER(der.readTagAndGetContents(DER.SEQUENCE)); +} + +/** + * Helper function for reading the next item identified by tag out of a DER and + * creating a new DER out of the resulting bytes. + * @param {DER} der the underlying DER object + * @param {Number} tag the expected next tag in the DER + * @return {DER} the contents of the tag + */ +function readTagAndMakeDER(der, tag) { + return new DER.DER(der.readTagAndGetContents(tag)); +} + +// Certificate ::= SEQUENCE { +// tbsCertificate TBSCertificate, +// signatureAlgorithm AlgorithmIdentifier, +// signatureValue BIT STRING } +class Certificate extends DecodedDER { + constructor() { + super(); + this._tbsCertificate = new TBSCertificate(); + this._signatureAlgorithm = new AlgorithmIdentifier(); + this._signatureValue = []; + } + + get tbsCertificate() { + return this._tbsCertificate; + } + + get signatureAlgorithm() { + return this._signatureAlgorithm; + } + + get signatureValue() { + return this._signatureValue; + } + + parseOverride() { + let contents = readSEQUENCEAndMakeDER(this._der); + this._tbsCertificate.parse(contents.readTLV()); + this._signatureAlgorithm.parse(contents.readTLV()); + + let signatureValue = contents.readBIT_STRING(); + if (signatureValue.unusedBits != 0) { + throw new Error(ERROR_UNSUPPORTED_ASN1); + } + this._signatureValue = signatureValue.contents; + contents.assertAtEnd(); + this._der.assertAtEnd(); + } +} + +// TBSCertificate ::= SEQUENCE { +// version [0] EXPLICIT Version DEFAULT v1, +// serialNumber CertificateSerialNumber, +// signature AlgorithmIdentifier, +// issuer Name, +// validity Validity, +// subject Name, +// subjectPublicKeyInfo SubjectPublicKeyInfo, +// issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, +// -- If present, version MUST be v2 or v3 +// subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, +// -- If present, version MUST be v2 or v3 +// extensions [3] EXPLICIT Extensions OPTIONAL +// -- If present, version MUST be v3 +// } +class TBSCertificate extends DecodedDER { + constructor() { + super(); + this._version = null; + this._serialNumber = []; + this._signature = new AlgorithmIdentifier(); + this._issuer = new Name(); + this._validity = new Validity(); + this._subject = new Name(); + this._subjectPublicKeyInfo = new SubjectPublicKeyInfo(); + this._extensions = []; + } + + get version() { + return this._version; + } + + get serialNumber() { + return this._serialNumber; + } + + get signature() { + return this._signature; + } + + get issuer() { + return this._issuer; + } + + get validity() { + return this._validity; + } + + get subject() { + return this._subject; + } + + get subjectPublicKeyInfo() { + return this._subjectPublicKeyInfo; + } + + get extensions() { + return this._extensions; + } + + parseOverride() { + let contents = readSEQUENCEAndMakeDER(this._der); + + let versionTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 0; + if (!contents.peekTag(versionTag)) { + this._version = 1; + } else { + let versionContents = readTagAndMakeDER(contents, versionTag); + let versionBytes = versionContents.readTagAndGetContents(DER.INTEGER); + if (versionBytes.length == 1 && versionBytes[0] == X509v3) { + this._version = 3; + } else { + // Lint TODO: warn about non-v3 certificates (this INTEGER could take up + // multiple bytes, be negative, and so on). + this._version = versionBytes; + } + versionContents.assertAtEnd(); + } + + let serialNumberBytes = contents.readTagAndGetContents(DER.INTEGER); + this._serialNumber = serialNumberBytes; + this._signature.parse(contents.readTLV()); + this._issuer.parse(contents.readTLV()); + this._validity.parse(contents.readTLV()); + this._subject.parse(contents.readTLV()); + this._subjectPublicKeyInfo.parse(contents.readTLV()); + + // Lint TODO: warn about unsupported features + let issuerUniqueIDTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 1; + if (contents.peekTag(issuerUniqueIDTag)) { + contents.readTagAndGetContents(issuerUniqueIDTag); + } + let subjectUniqueIDTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 2; + if (contents.peekTag(subjectUniqueIDTag)) { + contents.readTagAndGetContents(subjectUniqueIDTag); + } + + let extensionsTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 3; + if (contents.peekTag(extensionsTag)) { + let extensionsSequence = readTagAndMakeDER(contents, extensionsTag); + let extensionsContents = readSEQUENCEAndMakeDER(extensionsSequence); + while (!extensionsContents.atEnd()) { + // TODO: parse extensions + this._extensions.push(extensionsContents.readTLV()); + } + extensionsContents.assertAtEnd(); + extensionsSequence.assertAtEnd(); + } + contents.assertAtEnd(); + this._der.assertAtEnd(); + } +} + +// AlgorithmIdentifier ::= SEQUENCE { +// algorithm OBJECT IDENTIFIER, +// parameters ANY DEFINED BY algorithm OPTIONAL } +class AlgorithmIdentifier extends DecodedDER { + constructor() { + super(); + this._algorithm = null; + this._parameters = null; + } + + get algorithm() { + return this._algorithm; + } + + get parameters() { + return this._parameters; + } + + parseOverride() { + let contents = readSEQUENCEAndMakeDER(this._der); + this._algorithm = readOID(contents); + if (!contents.atEnd()) { + if (contents.peekTag(DER.NULL)) { + this._parameters = readNULL(contents); + } else if (contents.peekTag(DER.OBJECT_IDENTIFIER)) { + this._parameters = readOID(contents); + } + } + contents.assertAtEnd(); + this._der.assertAtEnd(); + } +} + +// Name ::= CHOICE { -- only one possibility for now -- +// rdnSequence RDNSequence } +// +// RDNSequence ::= SEQUENCE OF RelativeDistinguishedName +class Name extends DecodedDER { + constructor() { + super(); + this._rdns = []; + } + + get rdns() { + return this._rdns; + } + + parseOverride() { + let contents = readSEQUENCEAndMakeDER(this._der); + while (!contents.atEnd()) { + let rdn = new RelativeDistinguishedName(); + rdn.parse(contents.readTLV()); + this._rdns.push(rdn); + } + contents.assertAtEnd(); + this._der.assertAtEnd(); + } +} + +// RelativeDistinguishedName ::= +// SET SIZE (1..MAX) OF AttributeTypeAndValue +class RelativeDistinguishedName extends DecodedDER { + constructor() { + super(); + this._avas = []; + } + + get avas() { + return this._avas; + } + + parseOverride() { + let contents = readTagAndMakeDER(this._der, DER.SET); + // Lint TODO: enforce SET SIZE restrictions + while (!contents.atEnd()) { + let ava = new AttributeTypeAndValue(); + ava.parse(contents.readTLV()); + this._avas.push(ava); + } + contents.assertAtEnd(); + this._der.assertAtEnd(); + } +} + +// AttributeTypeAndValue ::= SEQUENCE { +// type AttributeType, +// value AttributeValue } +// +// AttributeType ::= OBJECT IDENTIFIER +// +// AttributeValue ::= ANY -- DEFINED BY AttributeType +class AttributeTypeAndValue extends DecodedDER { + constructor() { + super(); + this._type = null; + this._value = new DirectoryString(); + } + + get type() { + return this._type; + } + + get value() { + return this._value; + } + + parseOverride() { + let contents = readSEQUENCEAndMakeDER(this._der); + this._type = readOID(contents); + // We don't support universalString or bmpString. + // IA5String is supported because it is valid if `type == id-emailaddress`. + // Lint TODO: validate that the type of string is valid given `type`. + this._value.parse(contents.readTLVChoice([ DER.UTF8String, + DER.PrintableString, + DER.TeletexString, + DER.IA5String ])); + contents.assertAtEnd(); + this._der.assertAtEnd(); + } +} + +// DirectoryString ::= CHOICE { +// teletexString TeletexString (SIZE (1..MAX)), +// printableString PrintableString (SIZE (1..MAX)), +// universalString UniversalString (SIZE (1..MAX)), +// utf8String UTF8String (SIZE (1..MAX)), +// bmpString BMPString (SIZE (1..MAX)) } +class DirectoryString extends DecodedDER { + constructor() { + super(); + this._type = null; + this._value = null; + } + + get type() { + return this._type; + } + + get value() { + return this._value; + } + + parseOverride() { + if (this._der.peekTag(DER.UTF8String)) { + this._type = DER.UTF8String; + } else if (this._der.peekTag(DER.PrintableString)) { + this._type = DER.PrintableString; + } else if (this._der.peekTag(DER.TeletexString)) { + this._type = DER.TeletexString; + } else if (this._der.peekTag(DER.IA5String)) { + this._type = DER.IA5String; + } + // Lint TODO: validate that the contents are actually valid for the type + this._value = this._der.readTagAndGetContents(this._type); + this._der.assertAtEnd(); + } +} + +// Time ::= CHOICE { +// utcTime UTCTime, +// generalTime GeneralizedTime } +class Time extends DecodedDER { + constructor() { + super(); + this._type = null; + this._time = null; + } + + get time() { + return this._time; + } + + parseOverride() { + if (this._der.peekTag(DER.UTCTime)) { + this._type = DER.UTCTime; + } else if (this._der.peekTag(DER.GeneralizedTime)) { + this._type = DER.GeneralizedTime; + } + let contents = readTagAndMakeDER(this._der, this._type); + let year; + // Lint TODO: validate that the appropriate one of {UTCTime,GeneralizedTime} + // is used according to RFC 5280 and what the value of the date is. + // TODO TODO: explain this better (just quote the rfc). + if (this._type == DER.UTCTime) { + // UTCTime is YYMMDDHHMMSSZ in RFC 5280. If YY is greater than or equal + // to 50, the year is 19YY. Otherwise, it is 20YY. + let y1 = this._validateDigit(contents.readByte()); + let y2 = this._validateDigit(contents.readByte()); + let yy = y1 * 10 + y2; + if (yy >= 50) { + year = 1900 + yy; + } else { + year = 2000 + yy; + } + } else { + // GeneralizedTime is YYYYMMDDHHMMSSZ in RFC 5280. + year = 0; + for (let i = 0; i < 4; i++) { + let y = this._validateDigit(contents.readByte()); + year = year * 10 + y; + } + } + + let m1 = this._validateDigit(contents.readByte()); + let m2 = this._validateDigit(contents.readByte()); + let month = m1 * 10 + m2; + if (month == 0 || month > 12) { + throw new Error(ERROR_TIME_NOT_VALID); + } + + let d1 = this._validateDigit(contents.readByte()); + let d2 = this._validateDigit(contents.readByte()); + let day = d1 * 10 + d2; + if (day == 0 || day > 31) { + throw new Error(ERROR_TIME_NOT_VALID); + } + + let h1 = this._validateDigit(contents.readByte()); + let h2 = this._validateDigit(contents.readByte()); + let hour = h1 * 10 + h2; + if (hour > 23) { + throw new Error(ERROR_TIME_NOT_VALID); + } + + let min1 = this._validateDigit(contents.readByte()); + let min2 = this._validateDigit(contents.readByte()); + let minute = min1 * 10 + min2; + if (minute > 59) { + throw new Error(ERROR_TIME_NOT_VALID); + } + + let s1 = this._validateDigit(contents.readByte()); + let s2 = this._validateDigit(contents.readByte()); + let second = s1 * 10 + s2; + if (second > 60) { // leap-seconds mean this can be as much as 60 + throw new Error(ERROR_TIME_NOT_VALID); + } + + let z = contents.readByte(); + if (z != "Z".charCodeAt(0)) { + throw new Error(ERROR_TIME_NOT_VALID); + } + // Lint TODO: verify that the Time doesn't specify a nonsensical + // month/day/etc. + // months are zero-indexed in JS + this._time = new Date(Date.UTC(year, month - 1, day, hour, minute, + second)); + + contents.assertAtEnd(); + this._der.assertAtEnd(); + } + + /** + * Takes a byte that is supposed to be in the ASCII range for "0" to "9". + * Validates the range and then converts it to the range 0 to 9. + * @param {Number} the digit in question (as ASCII in the range ["0", "9"]) + * @return {Number} the numerical value of the digit (in the range [0, 9]) + */ + _validateDigit(d) { + if (d < "0".charCodeAt(0) || d > "9".charCodeAt(0)) { + throw new Error(ERROR_TIME_NOT_VALID); + } + return d - "0".charCodeAt(0); + } +} + +// Validity ::= SEQUENCE { +// notBefore Time, +// notAfter Time } +class Validity extends DecodedDER { + constructor() { + super(); + this._notBefore = new Time(); + this._notAfter = new Time(); + } + + get notBefore() { + return this._notBefore; + } + + get notAfter() { + return this._notAfter; + } + + parseOverride() { + let contents = readSEQUENCEAndMakeDER(this._der); + this._notBefore.parse(contents.readTLVChoice( + [DER.UTCTime, DER.GeneralizedTime])); + this._notAfter.parse(contents.readTLVChoice( + [DER.UTCTime, DER.GeneralizedTime])); + contents.assertAtEnd(); + this._der.assertAtEnd(); + } +} + +// SubjectPublicKeyInfo ::= SEQUENCE { +// algorithm AlgorithmIdentifier, +// subjectPublicKey BIT STRING } +class SubjectPublicKeyInfo extends DecodedDER { + constructor() { + super(); + this._algorithm = new AlgorithmIdentifier(); + this._subjectPublicKey = null; + } + + get algorithm() { + return this._algorithm; + } + + get subjectPublicKey() { + return this._subjectPublicKey; + } + + parseOverride() { + let contents = readSEQUENCEAndMakeDER(this._der); + this._algorithm.parse(contents.readTLV()); + let subjectPublicKeyBitString = contents.readBIT_STRING(); + if (subjectPublicKeyBitString.unusedBits != 0) { + throw new Error(ERROR_UNSUPPORTED_ASN1); + } + this._subjectPublicKey = subjectPublicKeyBitString.contents; + + contents.assertAtEnd(); + this._der.assertAtEnd(); + } +} + +this.X509 = { Certificate }; +this.EXPORTED_SYMBOLS = ["X509"]; diff --git a/security/manager/ssl/crashtests/398665-1.html b/security/manager/ssl/crashtests/398665-1.html new file mode 100644 index 000000000..85afb1137 --- /dev/null +++ b/security/manager/ssl/crashtests/398665-1.html @@ -0,0 +1 @@ + diff --git a/security/manager/ssl/crashtests/crashtests.list b/security/manager/ssl/crashtests/crashtests.list new file mode 100644 index 000000000..fbc5b8504 --- /dev/null +++ b/security/manager/ssl/crashtests/crashtests.list @@ -0,0 +1 @@ +load 398665-1.html diff --git a/security/manager/ssl/md4.c b/security/manager/ssl/md4.c new file mode 100644 index 000000000..696865de3 --- /dev/null +++ b/security/manager/ssl/md4.c @@ -0,0 +1,145 @@ +/* vim:set ts=2 sw=2 et cindent: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * "clean room" MD4 implementation (see RFC 1320) + */ + +#include +#include "md4.h" + +/* the "conditional" function */ +#define F(x,y,z) (((x) & (y)) | (~(x) & (z))) + +/* the "majority" function */ +#define G(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) + +/* the "parity" function */ +#define H(x,y,z) ((x) ^ (y) ^ (z)) + +/* rotate n-bits to the left */ +#define ROTL(x,n) (((x) << (n)) | ((x) >> (0x20 - n))) + +/* round 1: [abcd k s]: a = (a + F(b,c,d) + X[k]) <<< s */ +#define RD1(a,b,c,d,k,s) a += F(b,c,d) + X[k]; a = ROTL(a,s) + +/* round 2: [abcd k s]: a = (a + G(b,c,d) + X[k] + MAGIC) <<< s */ +#define RD2(a,b,c,d,k,s) a += G(b,c,d) + X[k] + 0x5A827999; a = ROTL(a,s) + +/* round 3: [abcd k s]: a = (a + H(b,c,d) + X[k] + MAGIC) <<< s */ +#define RD3(a,b,c,d,k,s) a += H(b,c,d) + X[k] + 0x6ED9EBA1; a = ROTL(a,s) + +/* converts from word array to byte array, len is number of bytes */ +static void w2b(uint8_t *out, const uint32_t *in, uint32_t len) +{ + uint8_t *bp; const uint32_t *wp, *wpend; + + bp = out; + wp = in; + wpend = wp + (len >> 2); + + for (; wp != wpend; ++wp, bp += 4) + { + bp[0] = (uint8_t) ((*wp ) & 0xFF); + bp[1] = (uint8_t) ((*wp >> 8) & 0xFF); + bp[2] = (uint8_t) ((*wp >> 16) & 0xFF); + bp[3] = (uint8_t) ((*wp >> 24) & 0xFF); + } +} + +/* converts from byte array to word array, len is number of bytes */ +static void b2w(uint32_t *out, const uint8_t *in, uint32_t len) +{ + uint32_t *wp; const uint8_t *bp, *bpend; + + wp = out; + bp = in; + bpend = in + len; + + for (; bp != bpend; bp += 4, ++wp) + { + *wp = (uint32_t) (bp[0] ) | + (uint32_t) (bp[1] << 8) | + (uint32_t) (bp[2] << 16) | + (uint32_t) (bp[3] << 24); + } +} + +/* update state: data is 64 bytes in length */ +static void md4step(uint32_t state[4], const uint8_t *data) +{ + uint32_t A, B, C, D, X[16]; + + b2w(X, data, 64); + + A = state[0]; + B = state[1]; + C = state[2]; + D = state[3]; + + RD1(A,B,C,D, 0,3); RD1(D,A,B,C, 1,7); RD1(C,D,A,B, 2,11); RD1(B,C,D,A, 3,19); + RD1(A,B,C,D, 4,3); RD1(D,A,B,C, 5,7); RD1(C,D,A,B, 6,11); RD1(B,C,D,A, 7,19); + RD1(A,B,C,D, 8,3); RD1(D,A,B,C, 9,7); RD1(C,D,A,B,10,11); RD1(B,C,D,A,11,19); + RD1(A,B,C,D,12,3); RD1(D,A,B,C,13,7); RD1(C,D,A,B,14,11); RD1(B,C,D,A,15,19); + + RD2(A,B,C,D, 0,3); RD2(D,A,B,C, 4,5); RD2(C,D,A,B, 8, 9); RD2(B,C,D,A,12,13); + RD2(A,B,C,D, 1,3); RD2(D,A,B,C, 5,5); RD2(C,D,A,B, 9, 9); RD2(B,C,D,A,13,13); + RD2(A,B,C,D, 2,3); RD2(D,A,B,C, 6,5); RD2(C,D,A,B,10, 9); RD2(B,C,D,A,14,13); + RD2(A,B,C,D, 3,3); RD2(D,A,B,C, 7,5); RD2(C,D,A,B,11, 9); RD2(B,C,D,A,15,13); + + RD3(A,B,C,D, 0,3); RD3(D,A,B,C, 8,9); RD3(C,D,A,B, 4,11); RD3(B,C,D,A,12,15); + RD3(A,B,C,D, 2,3); RD3(D,A,B,C,10,9); RD3(C,D,A,B, 6,11); RD3(B,C,D,A,14,15); + RD3(A,B,C,D, 1,3); RD3(D,A,B,C, 9,9); RD3(C,D,A,B, 5,11); RD3(B,C,D,A,13,15); + RD3(A,B,C,D, 3,3); RD3(D,A,B,C,11,9); RD3(C,D,A,B, 7,11); RD3(B,C,D,A,15,15); + + state[0] += A; + state[1] += B; + state[2] += C; + state[3] += D; +} + +void md4sum(const uint8_t *input, uint32_t inputLen, uint8_t *result) +{ + uint8_t final[128]; + uint32_t i, n, m, state[4]; + uint64_t inputLenBits; + uint32_t inputLenBitsLow; + uint32_t inputLenBitsHigh; + + /* magic initial states */ + state[0] = 0x67452301; + state[1] = 0xEFCDAB89; + state[2] = 0x98BADCFE; + state[3] = 0x10325476; + + /* compute number of complete 64-byte segments contained in input */ + m = inputLen >> 6; + + /* digest first m segments */ + for (i=0; i= 56 ? 120 : 56), &inputLenBitsLow, 4); + inputLenBitsHigh = (uint32_t)((inputLenBits >> 32) & 0xFFFFFFFF); + w2b(final + (n >= 56 ? 124 : 60), &inputLenBitsHigh, 4); + + md4step(state, final); + if (n >= 56) + md4step(state, final + 64); + + /* copy state to result */ + w2b(result, state, 16); +} diff --git a/security/manager/ssl/md4.h b/security/manager/ssl/md4.h new file mode 100644 index 000000000..4107aed40 --- /dev/null +++ b/security/manager/ssl/md4.h @@ -0,0 +1,38 @@ +/* vim:set ts=2 sw=2 et cindent: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef md4_h__ +#define md4_h__ + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/** + * md4sum - computes the MD4 sum over the input buffer per RFC 1320 + * + * @param input + * buffer containing input data + * @param inputLen + * length of input buffer (number of bytes) + * @param result + * 16-byte buffer that will contain the MD4 sum upon return + * + * NOTE: MD4 is superceded by MD5. do not use MD4 unless required by the + * protocol you are implementing (e.g., NTLM requires MD4). + * + * NOTE: this interface is designed for relatively small buffers. A streaming + * interface would make more sense if that were a requirement. Currently, this + * is good enough for the applications we care about. + */ +void md4sum(const uint8_t *input, uint32_t inputLen, uint8_t *result); + +#ifdef __cplusplus +} +#endif + +#endif /* md4_h__ */ diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build new file mode 100644 index 000000000..19e1b4f4b --- /dev/null +++ b/security/manager/ssl/moz.build @@ -0,0 +1,194 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +TEST_DIRS += [ 'tests' ] + +XPIDL_SOURCES += [ + 'nsIASN1Object.idl', + 'nsIASN1PrintableItem.idl', + 'nsIASN1Sequence.idl', + 'nsIAssociatedContentSecurity.idl', + 'nsIBadCertListener2.idl', + 'nsICertBlocklist.idl', + 'nsICertificateDialogs.idl', + 'nsICertOverrideService.idl', + 'nsIClientAuthDialogs.idl', + 'nsIContentSignatureVerifier.idl', + 'nsIDataSignatureVerifier.idl', + 'nsIGenKeypairInfoDlg.idl', + 'nsIKeygenThread.idl', + 'nsIKeyModule.idl', + 'nsILocalCertService.idl', + 'nsINSSU2FToken.idl', + 'nsINSSVersion.idl', + 'nsIPK11Token.idl', + 'nsIPK11TokenDB.idl', + 'nsIPKCS11.idl', + 'nsIPKCS11Module.idl', + 'nsIPKCS11ModuleDB.idl', + 'nsIPKCS11Slot.idl', + 'nsIProtectedAuthThread.idl', + 'nsISecretDecoderRing.idl', + 'nsISecurityUITelemetry.idl', + 'nsISiteSecurityService.idl', + 'nsISSLStatus.idl', + 'nsISSLStatusProvider.idl', + 'nsITokenDialogs.idl', + 'nsITokenPasswordDialogs.idl', + 'nsIU2FToken.idl', + 'nsIWeakCryptoOverride.idl', + 'nsIX509Cert.idl', + 'nsIX509CertDB.idl', + 'nsIX509CertList.idl', + 'nsIX509CertValidity.idl', +] + +if CONFIG['MOZ_XUL']: + XPIDL_SOURCES += [ + 'nsICertTree.idl', + ] + +XPIDL_MODULE = 'pipnss' + +EXTRA_JS_MODULES.psm += [ + 'DER.jsm', + 'X509.jsm', +] + +EXPORTS += [ + 'CryptoTask.h', + 'nsClientAuthRemember.h', + 'nsCrypto.h', + 'nsNSSCallbacks.h', + 'nsNSSCertificate.h', + 'nsNSSComponent.h', + 'nsNSSHelper.h', + 'nsNSSShutDown.h', + 'nsNSSU2FToken.h', + 'nsRandomGenerator.h', + 'nsSecurityHeaderParser.h', + 'NSSErrorsService.h', + 'ScopedNSSTypes.h', + 'SharedCertVerifier.h', +] + +EXPORTS.mozilla += [ + 'DataStorage.h', + 'PublicSSL.h', +] + +EXPORTS.mozilla.psm += [ + 'PSMContentListener.h', +] + +EXPORTS.ipc += [ + 'DataStorageIPCUtils.h', +] + +UNIFIED_SOURCES += [ + 'CertBlocklist.cpp', + 'ContentSignatureVerifier.cpp', + 'CryptoTask.cpp', + 'CSTrustDomain.cpp', + 'DataStorage.cpp', + 'LocalCertService.cpp', + 'nsCertOverrideService.cpp', + 'nsClientAuthRemember.cpp', + 'nsCrypto.cpp', + 'nsCryptoHash.cpp', + 'nsDataSignatureVerifier.cpp', + 'nsKeygenHandler.cpp', + 'nsKeygenHandlerContent.cpp', + 'nsKeygenThread.cpp', + 'nsKeyModule.cpp', + 'nsNSSASN1Object.cpp', + 'nsNSSCallbacks.cpp', + 'nsNSSCertHelper.cpp', + 'nsNSSCertificate.cpp', + 'nsNSSCertificateDB.cpp', + 'nsNSSCertificateFakeTransport.cpp', + 'nsNSSCertTrust.cpp', + 'nsNSSCertValidity.cpp', + 'nsNSSComponent.cpp', + 'nsNSSErrors.cpp', + 'nsNSSIOLayer.cpp', + 'nsNSSModule.cpp', + 'nsNSSShutDown.cpp', + 'nsNSSU2FToken.cpp', + 'nsNSSVersion.cpp', + 'nsNTLMAuthModule.cpp', + 'nsPK11TokenDB.cpp', + 'nsPKCS11Slot.cpp', + 'nsPKCS12Blob.cpp', + 'nsProtectedAuthThread.cpp', + 'nsRandomGenerator.cpp', + 'nsSecureBrowserUIImpl.cpp', + 'nsSecurityHeaderParser.cpp', + 'NSSErrorsService.cpp', + 'nsSiteSecurityService.cpp', + 'nsSSLSocketProvider.cpp', + 'nsSSLStatus.cpp', + 'nsTLSSocketProvider.cpp', + 'PSMContentListener.cpp', + 'PSMRunnable.cpp', + 'PublicKeyPinningService.cpp', + 'RootCertificateTelemetryUtils.cpp', + 'SecretDecoderRing.cpp', + 'SharedSSLState.cpp', + 'SSLServerCertVerification.cpp', + 'TransportSecurityInfo.cpp', + 'WeakCryptoOverride.cpp', +] + +IPDL_SOURCES += [ + 'PPSMContentDownloader.ipdl', +] + +if not CONFIG['MOZ_NO_SMART_CARDS']: + UNIFIED_SOURCES += [ + 'nsSmartCardMonitor.cpp', + ] + +if CONFIG['MOZ_XUL']: + UNIFIED_SOURCES += [ + 'nsCertTree.cpp', + ] + +UNIFIED_SOURCES += [ + 'md4.c', +] + +FINAL_LIBRARY = 'xul' + +LOCAL_INCLUDES += [ + '/dom/base', + '/dom/crypto', + '/security/certverifier', + '/security/pkix/include', +] + +LOCAL_INCLUDES += [ + '!/dist/public/nss', +] + +if CONFIG['NSS_DISABLE_DBM']: + DEFINES['NSS_DISABLE_DBM'] = '1' + +DEFINES['SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES'] = 'True' +DEFINES['NSS_ENABLE_ECC'] = 'True' +for var in ('DLL_PREFIX', 'DLL_SUFFIX'): + DEFINES[var] = '"%s"' % CONFIG[var] + +DEFINES['CERT_AddTempCertToPerm'] = '__CERT_AddTempCertToPerm' + +USE_LIBS += [ + 'crmf', +] + +include('/ipc/chromium/chromium-config.mozbuild') + +if CONFIG['GNU_CXX']: + CXXFLAGS += ['-Wno-error=shadow'] diff --git a/security/manager/ssl/nsCertOverrideService.cpp b/security/manager/ssl/nsCertOverrideService.cpp new file mode 100644 index 000000000..6582eda03 --- /dev/null +++ b/security/manager/ssl/nsCertOverrideService.cpp @@ -0,0 +1,705 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsCertOverrideService.h" + +#include "NSSCertDBTrustDomain.h" +#include "ScopedNSSTypes.h" +#include "SharedSSLState.h" +#include "mozilla/Telemetry.h" +#include "nsAppDirectoryServiceDefs.h" +#include "nsCRT.h" +#include "nsILineInputStream.h" +#include "nsIObserver.h" +#include "nsIObserverService.h" +#include "nsIOutputStream.h" +#include "nsISafeOutputStream.h" +#include "nsIX509Cert.h" +#include "nsNSSCertHelper.h" +#include "nsNSSCertificate.h" +#include "nsNSSComponent.h" +#include "nsNetUtil.h" +#include "nsPromiseFlatString.h" +#include "nsStreamUtils.h" +#include "nsStringBuffer.h" +#include "nsThreadUtils.h" +#include "ssl.h" // For SSL_ClearSessionCache + +using namespace mozilla; +using namespace mozilla::psm; + +#define CERT_OVERRIDE_FILE_NAME "cert_override.txt" + +void +nsCertOverride::convertBitsToString(OverrideBits ob, nsACString &str) +{ + str.Truncate(); + + if (ob & ob_Mismatch) + str.Append('M'); + + if (ob & ob_Untrusted) + str.Append('U'); + + if (ob & ob_Time_error) + str.Append('T'); +} + +void +nsCertOverride::convertStringToBits(const nsACString &str, OverrideBits &ob) +{ + const nsPromiseFlatCString &flat = PromiseFlatCString(str); + const char *walk = flat.get(); + + ob = ob_None; + + for ( ; *walk; ++walk) + { + switch (*walk) + { + case 'm': + case 'M': + ob = (OverrideBits)(ob | ob_Mismatch); + break; + + case 'u': + case 'U': + ob = (OverrideBits)(ob | ob_Untrusted); + break; + + case 't': + case 'T': + ob = (OverrideBits)(ob | ob_Time_error); + break; + + default: + break; + } + } +} + +NS_IMPL_ISUPPORTS(nsCertOverrideService, + nsICertOverrideService, + nsIObserver, + nsISupportsWeakReference) + +nsCertOverrideService::nsCertOverrideService() + : monitor("nsCertOverrideService.monitor") +{ +} + +nsCertOverrideService::~nsCertOverrideService() +{ +} + +nsresult +nsCertOverrideService::Init() +{ + if (!NS_IsMainThread()) { + NS_NOTREACHED("nsCertOverrideService initialized off main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + // Note that the names of these variables would seem to indicate that at one + // point another hash algorithm was used and is still supported for backwards + // compatibility. This is not the case. It has always been SHA256. + mOidTagForStoringNewHashes = SEC_OID_SHA256; + mDottedOidForStoringNewHashes.Assign("OID.2.16.840.1.101.3.4.2.1"); + + nsCOMPtr observerService = + mozilla::services::GetObserverService(); + + // If we cannot add ourselves as a profile change observer, then we will not + // attempt to read/write any settings file. Otherwise, we would end up + // reading/writing the wrong settings file after a profile change. + if (observerService) { + observerService->AddObserver(this, "profile-before-change", true); + observerService->AddObserver(this, "profile-do-change", true); + // simulate a profile change so we read the current profile's settings file + Observe(nullptr, "profile-do-change", nullptr); + } + + SharedSSLState::NoteCertOverrideServiceInstantiated(); + return NS_OK; +} + +NS_IMETHODIMP +nsCertOverrideService::Observe(nsISupports *, + const char *aTopic, + const char16_t *aData) +{ + // check the topic + if (!nsCRT::strcmp(aTopic, "profile-before-change")) { + // The profile is about to change, + // or is going away because the application is shutting down. + + RemoveAllFromMemory(); + } else if (!nsCRT::strcmp(aTopic, "profile-do-change")) { + // The profile has already changed. + // Now read from the new profile location. + // we also need to update the cached file location + + ReentrantMonitorAutoEnter lock(monitor); + + nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR, getter_AddRefs(mSettingsFile)); + if (NS_SUCCEEDED(rv)) { + mSettingsFile->AppendNative(NS_LITERAL_CSTRING(CERT_OVERRIDE_FILE_NAME)); + } else { + mSettingsFile = nullptr; + } + Read(); + CountPermanentOverrideTelemetry(); + } + + return NS_OK; +} + +void +nsCertOverrideService::RemoveAllFromMemory() +{ + ReentrantMonitorAutoEnter lock(monitor); + mSettingsTable.Clear(); +} + +void +nsCertOverrideService::RemoveAllTemporaryOverrides() +{ + ReentrantMonitorAutoEnter lock(monitor); + for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) { + nsCertOverrideEntry *entry = iter.Get(); + if (entry->mSettings.mIsTemporary) { + entry->mSettings.mCert = nullptr; + iter.Remove(); + } + } + // no need to write, as temporaries are never written to disk +} + +nsresult +nsCertOverrideService::Read() +{ + ReentrantMonitorAutoEnter lock(monitor); + + // If we don't have a profile, then we won't try to read any settings file. + if (!mSettingsFile) + return NS_OK; + + nsresult rv; + nsCOMPtr fileInputStream; + rv = NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream), mSettingsFile); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr lineInputStream = do_QueryInterface(fileInputStream, &rv); + if (NS_FAILED(rv)) { + return rv; + } + + nsAutoCString buffer; + bool isMore = true; + int32_t hostIndex = 0, algoIndex, fingerprintIndex, overrideBitsIndex, dbKeyIndex; + + /* file format is: + * + * host:port \t fingerprint-algorithm \t fingerprint \t override-mask \t dbKey + * + * where override-mask is a sequence of characters, + * M meaning hostname-Mismatch-override + * U meaning Untrusted-override + * T meaning Time-error-override (expired/not yet valid) + * + * if this format isn't respected we move onto the next line in the file. + */ + + while (isMore && NS_SUCCEEDED(lineInputStream->ReadLine(buffer, &isMore))) { + if (buffer.IsEmpty() || buffer.First() == '#') { + continue; + } + + // this is a cheap, cheesy way of parsing a tab-delimited line into + // string indexes, which can be lopped off into substrings. just for + // purposes of obfuscation, it also checks that each token was found. + // todo: use iterators? + if ((algoIndex = buffer.FindChar('\t', hostIndex) + 1) == 0 || + (fingerprintIndex = buffer.FindChar('\t', algoIndex) + 1) == 0 || + (overrideBitsIndex = buffer.FindChar('\t', fingerprintIndex) + 1) == 0 || + (dbKeyIndex = buffer.FindChar('\t', overrideBitsIndex) + 1) == 0) { + continue; + } + + const nsASingleFragmentCString &tmp = Substring(buffer, hostIndex, algoIndex - hostIndex - 1); + const nsASingleFragmentCString &algo_string = Substring(buffer, algoIndex, fingerprintIndex - algoIndex - 1); + const nsASingleFragmentCString &fingerprint = Substring(buffer, fingerprintIndex, overrideBitsIndex - fingerprintIndex - 1); + const nsASingleFragmentCString &bits_string = Substring(buffer, overrideBitsIndex, dbKeyIndex - overrideBitsIndex - 1); + const nsASingleFragmentCString &db_key = Substring(buffer, dbKeyIndex, buffer.Length() - dbKeyIndex); + + nsAutoCString host(tmp); + nsCertOverride::OverrideBits bits; + nsCertOverride::convertStringToBits(bits_string, bits); + + int32_t port; + int32_t portIndex = host.RFindChar(':'); + if (portIndex == kNotFound) + continue; // Ignore broken entries + + nsresult portParseError; + nsAutoCString portString(Substring(host, portIndex+1)); + port = portString.ToInteger(&portParseError); + if (NS_FAILED(portParseError)) + continue; // Ignore broken entries + + host.Truncate(portIndex); + + AddEntryToList(host, port, + nullptr, // don't have the cert + false, // not temporary + algo_string, fingerprint, bits, db_key); + } + + return NS_OK; +} + +nsresult +nsCertOverrideService::Write() +{ + ReentrantMonitorAutoEnter lock(monitor); + + // If we don't have any profile, then we won't try to write any file + if (!mSettingsFile) { + return NS_OK; + } + + nsresult rv; + nsCOMPtr fileOutputStream; + rv = NS_NewSafeLocalFileOutputStream(getter_AddRefs(fileOutputStream), + mSettingsFile, + -1, + 0600); + if (NS_FAILED(rv)) { + NS_ERROR("failed to open cert_warn_settings.txt for writing"); + return rv; + } + + // get a buffered output stream 4096 bytes big, to optimize writes + nsCOMPtr bufferedOutputStream; + rv = NS_NewBufferedOutputStream(getter_AddRefs(bufferedOutputStream), fileOutputStream, 4096); + if (NS_FAILED(rv)) { + return rv; + } + + static const char kHeader[] = + "# PSM Certificate Override Settings file" NS_LINEBREAK + "# This is a generated file! Do not edit." NS_LINEBREAK; + + /* see ::Read for file format */ + + uint32_t unused; + bufferedOutputStream->Write(kHeader, sizeof(kHeader) - 1, &unused); + + static const char kTab[] = "\t"; + for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) { + nsCertOverrideEntry *entry = iter.Get(); + + const nsCertOverride &settings = entry->mSettings; + if (settings.mIsTemporary) { + continue; + } + + nsAutoCString bits_string; + nsCertOverride::convertBitsToString(settings.mOverrideBits, bits_string); + + bufferedOutputStream->Write(entry->mHostWithPort.get(), + entry->mHostWithPort.Length(), &unused); + bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused); + bufferedOutputStream->Write(settings.mFingerprintAlgOID.get(), + settings.mFingerprintAlgOID.Length(), &unused); + bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused); + bufferedOutputStream->Write(settings.mFingerprint.get(), + settings.mFingerprint.Length(), &unused); + bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused); + bufferedOutputStream->Write(bits_string.get(), + bits_string.Length(), &unused); + bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused); + bufferedOutputStream->Write(settings.mDBKey.get(), + settings.mDBKey.Length(), &unused); + bufferedOutputStream->Write(NS_LINEBREAK, NS_LINEBREAK_LEN, &unused); + } + + // All went ok. Maybe except for problems in Write(), but the stream detects + // that for us + nsCOMPtr safeStream = do_QueryInterface(bufferedOutputStream); + NS_ASSERTION(safeStream, "expected a safe output stream!"); + if (safeStream) { + rv = safeStream->Finish(); + if (NS_FAILED(rv)) { + NS_WARNING("failed to save cert warn settings file! possible dataloss"); + return rv; + } + } + + return NS_OK; +} + +static nsresult +GetCertFingerprintByOidTag(nsIX509Cert *aCert, + SECOidTag aOidTag, + nsCString &fp) +{ + UniqueCERTCertificate nsscert(aCert->GetCert()); + if (!nsscert) { + return NS_ERROR_FAILURE; + } + return GetCertFingerprintByOidTag(nsscert.get(), aOidTag, fp); +} + +NS_IMETHODIMP +nsCertOverrideService::RememberValidityOverride(const nsACString& aHostName, + int32_t aPort, + nsIX509Cert* aCert, + uint32_t aOverrideBits, + bool aTemporary) +{ + NS_ENSURE_ARG_POINTER(aCert); + if (aHostName.IsEmpty()) + return NS_ERROR_INVALID_ARG; + if (aPort < -1) + return NS_ERROR_INVALID_ARG; + + UniqueCERTCertificate nsscert(aCert->GetCert()); + if (!nsscert) { + return NS_ERROR_FAILURE; + } + + nsAutoCString nickname; + nsresult rv = DefaultServerNicknameForCert(nsscert.get(), nickname); + if (!aTemporary && NS_SUCCEEDED(rv)) { + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + return NS_ERROR_FAILURE; + } + + SECStatus srv = PK11_ImportCert(slot.get(), nsscert.get(), CK_INVALID_HANDLE, + nickname.get(), false); + if (srv != SECSuccess) { + return NS_ERROR_FAILURE; + } + } + + nsAutoCString fpStr; + rv = GetCertFingerprintByOidTag(nsscert.get(), mOidTagForStoringNewHashes, + fpStr); + if (NS_FAILED(rv)) + return rv; + + nsAutoCString dbkey; + rv = aCert->GetDbKey(dbkey); + if (NS_FAILED(rv)) { + return rv; + } + + { + ReentrantMonitorAutoEnter lock(monitor); + AddEntryToList(aHostName, aPort, + aTemporary ? aCert : nullptr, + // keep a reference to the cert for temporary overrides + aTemporary, + mDottedOidForStoringNewHashes, fpStr, + (nsCertOverride::OverrideBits)aOverrideBits, + dbkey); + if (!aTemporary) { + Write(); + } + } + + return NS_OK; +} + +NS_IMETHODIMP +nsCertOverrideService::RememberTemporaryValidityOverrideUsingFingerprint( + const nsACString& aHostName, + int32_t aPort, + const nsACString& aCertFingerprint, + uint32_t aOverrideBits) +{ + if(aCertFingerprint.IsEmpty() || aHostName.IsEmpty() || (aPort < -1)) { + return NS_ERROR_INVALID_ARG; + } + + ReentrantMonitorAutoEnter lock(monitor); + AddEntryToList(aHostName, aPort, + nullptr, // No cert to keep alive + true, // temporary + mDottedOidForStoringNewHashes, + aCertFingerprint, + (nsCertOverride::OverrideBits)aOverrideBits, + EmptyCString()); // dbkey + + return NS_OK; +} + +NS_IMETHODIMP +nsCertOverrideService::HasMatchingOverride(const nsACString & aHostName, int32_t aPort, + nsIX509Cert *aCert, + uint32_t *aOverrideBits, + bool *aIsTemporary, + bool *_retval) +{ + if (aHostName.IsEmpty()) + return NS_ERROR_INVALID_ARG; + if (aPort < -1) + return NS_ERROR_INVALID_ARG; + + NS_ENSURE_ARG_POINTER(aCert); + NS_ENSURE_ARG_POINTER(aOverrideBits); + NS_ENSURE_ARG_POINTER(aIsTemporary); + NS_ENSURE_ARG_POINTER(_retval); + *_retval = false; + *aOverrideBits = nsCertOverride::ob_None; + + nsAutoCString hostPort; + GetHostWithPort(aHostName, aPort, hostPort); + nsCertOverride settings; + + { + ReentrantMonitorAutoEnter lock(monitor); + nsCertOverrideEntry *entry = mSettingsTable.GetEntry(hostPort.get()); + + if (!entry) + return NS_OK; + + settings = entry->mSettings; // copy + } + + *aOverrideBits = settings.mOverrideBits; + *aIsTemporary = settings.mIsTemporary; + + nsAutoCString fpStr; + nsresult rv; + + // This code was originally written in a way that suggested that other hash + // algorithms are supported for backwards compatibility. However, this was + // always unnecessary, because only SHA256 has ever been used here. + if (settings.mFingerprintAlgOID.Equals(mDottedOidForStoringNewHashes)) { + rv = GetCertFingerprintByOidTag(aCert, mOidTagForStoringNewHashes, fpStr); + if (NS_FAILED(rv)) { + return rv; + } + } else { + return NS_ERROR_UNEXPECTED; + } + + *_retval = settings.mFingerprint.Equals(fpStr); + return NS_OK; +} + +NS_IMETHODIMP +nsCertOverrideService::GetValidityOverride(const nsACString & aHostName, int32_t aPort, + nsACString & aHashAlg, + nsACString & aFingerprint, + uint32_t *aOverrideBits, + bool *aIsTemporary, + bool *_found) +{ + NS_ENSURE_ARG_POINTER(_found); + NS_ENSURE_ARG_POINTER(aIsTemporary); + NS_ENSURE_ARG_POINTER(aOverrideBits); + *_found = false; + *aOverrideBits = nsCertOverride::ob_None; + + nsAutoCString hostPort; + GetHostWithPort(aHostName, aPort, hostPort); + nsCertOverride settings; + + { + ReentrantMonitorAutoEnter lock(monitor); + nsCertOverrideEntry *entry = mSettingsTable.GetEntry(hostPort.get()); + + if (entry) { + *_found = true; + settings = entry->mSettings; // copy + } + } + + if (*_found) { + *aOverrideBits = settings.mOverrideBits; + *aIsTemporary = settings.mIsTemporary; + aFingerprint = settings.mFingerprint; + aHashAlg = settings.mFingerprintAlgOID; + } + + return NS_OK; +} + +nsresult +nsCertOverrideService::AddEntryToList(const nsACString &aHostName, int32_t aPort, + nsIX509Cert *aCert, + const bool aIsTemporary, + const nsACString &fingerprintAlgOID, + const nsACString &fingerprint, + nsCertOverride::OverrideBits ob, + const nsACString &dbKey) +{ + nsAutoCString hostPort; + GetHostWithPort(aHostName, aPort, hostPort); + + { + ReentrantMonitorAutoEnter lock(monitor); + nsCertOverrideEntry *entry = mSettingsTable.PutEntry(hostPort.get()); + + if (!entry) { + NS_ERROR("can't insert a null entry!"); + return NS_ERROR_OUT_OF_MEMORY; + } + + entry->mHostWithPort = hostPort; + + nsCertOverride &settings = entry->mSettings; + settings.mAsciiHost = aHostName; + settings.mPort = aPort; + settings.mIsTemporary = aIsTemporary; + settings.mFingerprintAlgOID = fingerprintAlgOID; + settings.mFingerprint = fingerprint; + settings.mOverrideBits = ob; + settings.mDBKey = dbKey; + // remove whitespace from stored dbKey for backwards compatibility + settings.mDBKey.StripWhitespace(); + settings.mCert = aCert; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsCertOverrideService::ClearValidityOverride(const nsACString & aHostName, int32_t aPort) +{ + if (aPort == 0 && + aHostName.EqualsLiteral("all:temporary-certificates")) { + RemoveAllTemporaryOverrides(); + return NS_OK; + } + nsAutoCString hostPort; + GetHostWithPort(aHostName, aPort, hostPort); + { + ReentrantMonitorAutoEnter lock(monitor); + mSettingsTable.RemoveEntry(hostPort.get()); + Write(); + } + + if (EnsureNSSInitialized(nssEnsure)) { + SSL_ClearSessionCache(); + } else { + return NS_ERROR_NOT_AVAILABLE; + } + + return NS_OK; +} + +void +nsCertOverrideService::CountPermanentOverrideTelemetry() +{ + ReentrantMonitorAutoEnter lock(monitor); + uint32_t overrideCount = 0; + for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) { + if (!iter.Get()->mSettings.mIsTemporary) { + overrideCount++; + } + } + Telemetry::Accumulate(Telemetry::SSL_PERMANENT_CERT_ERROR_OVERRIDES, + overrideCount); +} + +static bool +matchesDBKey(nsIX509Cert* cert, const nsCString& matchDbKey) +{ + nsAutoCString dbKey; + nsresult rv = cert->GetDbKey(dbKey); + if (NS_FAILED(rv)) { + return false; + } + return dbKey.Equals(matchDbKey); +} + +NS_IMETHODIMP +nsCertOverrideService::IsCertUsedForOverrides(nsIX509Cert *aCert, + bool aCheckTemporaries, + bool aCheckPermanents, + uint32_t *_retval) +{ + NS_ENSURE_ARG(aCert); + NS_ENSURE_ARG(_retval); + + uint32_t counter = 0; + { + ReentrantMonitorAutoEnter lock(monitor); + for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) { + const nsCertOverride &settings = iter.Get()->mSettings; + + if (( settings.mIsTemporary && !aCheckTemporaries) || + (!settings.mIsTemporary && !aCheckPermanents)) { + continue; + } + + if (matchesDBKey(aCert, settings.mDBKey)) { + nsAutoCString cert_fingerprint; + nsresult rv = NS_ERROR_UNEXPECTED; + if (settings.mFingerprintAlgOID.Equals(mDottedOidForStoringNewHashes)) { + rv = GetCertFingerprintByOidTag(aCert, + mOidTagForStoringNewHashes, cert_fingerprint); + } + if (NS_SUCCEEDED(rv) && + settings.mFingerprint.Equals(cert_fingerprint)) { + counter++; + } + } + } + } + *_retval = counter; + return NS_OK; +} + +nsresult +nsCertOverrideService::EnumerateCertOverrides(nsIX509Cert *aCert, + CertOverrideEnumerator aEnumerator, + void *aUserData) +{ + ReentrantMonitorAutoEnter lock(monitor); + for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) { + const nsCertOverride &settings = iter.Get()->mSettings; + + if (!aCert) { + aEnumerator(settings, aUserData); + } else { + if (matchesDBKey(aCert, settings.mDBKey)) { + nsAutoCString cert_fingerprint; + nsresult rv = NS_ERROR_UNEXPECTED; + if (settings.mFingerprintAlgOID.Equals(mDottedOidForStoringNewHashes)) { + rv = GetCertFingerprintByOidTag(aCert, + mOidTagForStoringNewHashes, cert_fingerprint); + } + if (NS_SUCCEEDED(rv) && + settings.mFingerprint.Equals(cert_fingerprint)) { + aEnumerator(settings, aUserData); + } + } + } + } + return NS_OK; +} + +void +nsCertOverrideService::GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval) +{ + nsAutoCString hostPort(aHostName); + if (aPort == -1) { + aPort = 443; + } + if (!hostPort.IsEmpty()) { + hostPort.Append(':'); + hostPort.AppendInt(aPort); + } + _retval.Assign(hostPort); +} diff --git a/security/manager/ssl/nsCertOverrideService.h b/security/manager/ssl/nsCertOverrideService.h new file mode 100644 index 000000000..bb410f8da --- /dev/null +++ b/security/manager/ssl/nsCertOverrideService.h @@ -0,0 +1,187 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __NSCERTOVERRIDESERVICE_H__ +#define __NSCERTOVERRIDESERVICE_H__ + +#include "mozilla/ReentrantMonitor.h" +#include "nsICertOverrideService.h" +#include "nsTHashtable.h" +#include "nsIObserver.h" +#include "nsString.h" +#include "nsIFile.h" +#include "secoidt.h" +#include "nsWeakReference.h" +#include "mozilla/Attributes.h" + +class nsCertOverride +{ +public: + + enum OverrideBits { ob_None=0, ob_Untrusted=1, ob_Mismatch=2, + ob_Time_error=4 }; + + nsCertOverride() + :mPort(-1) + ,mOverrideBits(ob_None) + { + } + + nsCertOverride(const nsCertOverride &other) + { + this->operator=(other); + } + + nsCertOverride &operator=(const nsCertOverride &other) + { + mAsciiHost = other.mAsciiHost; + mPort = other.mPort; + mIsTemporary = other.mIsTemporary; + mFingerprintAlgOID = other.mFingerprintAlgOID; + mFingerprint = other.mFingerprint; + mOverrideBits = other.mOverrideBits; + mDBKey = other.mDBKey; + mCert = other.mCert; + return *this; + } + + nsCString mAsciiHost; + int32_t mPort; + bool mIsTemporary; // true: session only, false: stored on disk + nsCString mFingerprint; + nsCString mFingerprintAlgOID; + OverrideBits mOverrideBits; + nsCString mDBKey; + nsCOMPtr mCert; + + static void convertBitsToString(OverrideBits ob, nsACString &str); + static void convertStringToBits(const nsACString &str, OverrideBits &ob); +}; + + +// hash entry class +class nsCertOverrideEntry final : public PLDHashEntryHdr +{ + public: + // Hash methods + typedef const char* KeyType; + typedef const char* KeyTypePointer; + + // do nothing with aHost - we require mHead to be set before we're live! + explicit nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8) + { + } + + nsCertOverrideEntry(const nsCertOverrideEntry& toCopy) + { + mSettings = toCopy.mSettings; + mHostWithPort = toCopy.mHostWithPort; + } + + ~nsCertOverrideEntry() + { + } + + KeyType GetKey() const + { + return HostWithPortPtr(); + } + + KeyTypePointer GetKeyPointer() const + { + return HostWithPortPtr(); + } + + bool KeyEquals(KeyTypePointer aKey) const + { + return !strcmp(HostWithPortPtr(), aKey); + } + + static KeyTypePointer KeyToPointer(KeyType aKey) + { + return aKey; + } + + static PLDHashNumber HashKey(KeyTypePointer aKey) + { + return PLDHashTable::HashStringKey(aKey); + } + + enum { ALLOW_MEMMOVE = false }; + + // get methods + inline const nsCString &HostWithPort() const { return mHostWithPort; } + + inline KeyTypePointer HostWithPortPtr() const + { + return mHostWithPort.get(); + } + + nsCertOverride mSettings; + nsCString mHostWithPort; +}; + +class nsCertOverrideService final : public nsICertOverrideService + , public nsIObserver + , public nsSupportsWeakReference +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSICERTOVERRIDESERVICE + NS_DECL_NSIOBSERVER + + nsCertOverrideService(); + + nsresult Init(); + void RemoveAllTemporaryOverrides(); + + typedef void + (*CertOverrideEnumerator)(const nsCertOverride &aSettings, + void *aUserData); + + // aCert == null: return all overrides + // aCert != null: return overrides that match the given cert + nsresult EnumerateCertOverrides(nsIX509Cert *aCert, + CertOverrideEnumerator enumerator, + void *aUserData); + + // Concates host name and the port number. If the port number is -1 then + // port 443 is automatically used. This method ensures there is always a port + // number separated with colon. + static void GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval); + +protected: + ~nsCertOverrideService(); + + mozilla::ReentrantMonitor monitor; + nsCOMPtr mSettingsFile; + nsTHashtable mSettingsTable; + + SECOidTag mOidTagForStoringNewHashes; + nsCString mDottedOidForStoringNewHashes; + + void CountPermanentOverrideTelemetry(); + + void RemoveAllFromMemory(); + nsresult Read(); + nsresult Write(); + nsresult AddEntryToList(const nsACString &host, int32_t port, + nsIX509Cert *aCert, + const bool aIsTemporary, + const nsACString &algo_oid, + const nsACString &fingerprint, + nsCertOverride::OverrideBits ob, + const nsACString &dbKey); +}; + +#define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \ + 0x67ba681d, \ + 0x5485, \ + 0x4fff, \ + {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6} \ + } + +#endif diff --git a/security/manager/ssl/nsCertTree.cpp b/security/manager/ssl/nsCertTree.cpp new file mode 100644 index 000000000..1ad4e296b --- /dev/null +++ b/security/manager/ssl/nsCertTree.cpp @@ -0,0 +1,1451 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsCertTree.h" + +#include "ScopedNSSTypes.h" +#include "mozilla/Logging.h" +#include "nsArray.h" +#include "nsArrayUtils.h" +#include "nsHashKeys.h" +#include "nsISupportsPrimitives.h" +#include "nsITreeColumns.h" +#include "nsIX509CertDB.h" +#include "nsIX509Cert.h" +#include "nsIX509CertValidity.h" +#include "nsNSSCertHelper.h" +#include "nsNSSCertificate.h" +#include "nsNSSComponent.h" // for PIPNSS string bundle calls. +#include "nsNSSHelper.h" +#include "nsReadableUtils.h" +#include "nsTHashtable.h" +#include "nsUnicharUtils.h" +#include "nsXPCOMCID.h" +#include "nsXPIDLString.h" +#include "pkix/pkixtypes.h" + +using namespace mozilla; + +extern LazyLogModule gPIPNSSLog; + +static NS_DEFINE_CID(kCertOverrideCID, NS_CERTOVERRIDE_CID); + +// treeArrayElStr +// +// structure used to hold map of tree. Each thread (an organization +// field from a cert) has an element in the array. The numChildren field +// stores the number of certs corresponding to that thread. +struct treeArrayElStr { + nsString orgName; /* heading for thread */ + bool open; /* toggle open state for thread */ + int32_t certIndex; /* index into cert array for 1st cert */ + int32_t numChildren; /* number of chidren (certs) for thread */ +}; + +CompareCacheHashEntryPtr::CompareCacheHashEntryPtr() +{ + entry = new CompareCacheHashEntry; +} + +CompareCacheHashEntryPtr::~CompareCacheHashEntryPtr() +{ + delete entry; +} + +CompareCacheHashEntry::CompareCacheHashEntry() +:key(nullptr) +{ + for (int i = 0; i < max_criterions; ++i) { + mCritInit[i] = false; + } +} + +static bool +CompareCacheMatchEntry(const PLDHashEntryHdr *hdr, const void *key) +{ + const CompareCacheHashEntryPtr *entryPtr = static_cast(hdr); + return entryPtr->entry->key == key; +} + +static void +CompareCacheInitEntry(PLDHashEntryHdr *hdr, const void *key) +{ + new (hdr) CompareCacheHashEntryPtr(); + CompareCacheHashEntryPtr *entryPtr = static_cast(hdr); + entryPtr->entry->key = (void*)key; +} + +static void +CompareCacheClearEntry(PLDHashTable *table, PLDHashEntryHdr *hdr) +{ + CompareCacheHashEntryPtr *entryPtr = static_cast(hdr); + entryPtr->~CompareCacheHashEntryPtr(); +} + +static const PLDHashTableOps gMapOps = { + PLDHashTable::HashVoidPtrKeyStub, + CompareCacheMatchEntry, + PLDHashTable::MoveEntryStub, + CompareCacheClearEntry, + CompareCacheInitEntry +}; + +NS_IMPL_ISUPPORTS0(nsCertAddonInfo) +NS_IMPL_ISUPPORTS(nsCertTreeDispInfo, nsICertTreeItem) + +nsCertTreeDispInfo::nsCertTreeDispInfo() +:mAddonInfo(nullptr) +,mTypeOfEntry(direct_db) +,mPort(-1) +,mOverrideBits(nsCertOverride::ob_None) +,mIsTemporary(true) +{ +} + +nsCertTreeDispInfo::nsCertTreeDispInfo(nsCertTreeDispInfo &other) +{ + mAddonInfo = other.mAddonInfo; + mTypeOfEntry = other.mTypeOfEntry; + mAsciiHost = other.mAsciiHost; + mPort = other.mPort; + mOverrideBits = other.mOverrideBits; + mIsTemporary = other.mIsTemporary; + mCert = other.mCert; +} + +nsCertTreeDispInfo::~nsCertTreeDispInfo() +{ +} + +NS_IMETHODIMP +nsCertTreeDispInfo::GetCert(nsIX509Cert **_cert) +{ + NS_ENSURE_ARG(_cert); + if (mCert) { + // we may already have the cert for temporary overrides + *_cert = mCert; + NS_IF_ADDREF(*_cert); + return NS_OK; + } + if (mAddonInfo) { + *_cert = mAddonInfo->mCert.get(); + NS_IF_ADDREF(*_cert); + } + else { + *_cert = nullptr; + } + return NS_OK; +} + +NS_IMETHODIMP +nsCertTreeDispInfo::GetHostPort(nsAString &aHostPort) +{ + nsAutoCString hostPort; + nsCertOverrideService::GetHostWithPort(mAsciiHost, mPort, hostPort); + aHostPort = NS_ConvertUTF8toUTF16(hostPort); + return NS_OK; +} + +NS_IMPL_ISUPPORTS(nsCertTree, nsICertTree, nsITreeView) + +nsCertTree::nsCertTree() + : mTreeArray(nullptr) + , mCompareCache(&gMapOps, sizeof(CompareCacheHashEntryPtr), + kInitialCacheLength) +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + mNSSComponent = do_GetService(kNSSComponentCID); + mOverrideService = do_GetService("@mozilla.org/security/certoverride;1"); + // Might be a different service if someone is overriding the contract + nsCOMPtr origCertOverride = + do_GetService(kCertOverrideCID); + mOriginalOverrideService = + static_cast(origCertOverride.get()); + mCellText = nullptr; +} + +void nsCertTree::ClearCompareHash() +{ + mCompareCache.ClearAndPrepareForLength(kInitialCacheLength); +} + +nsCertTree::~nsCertTree() +{ + delete [] mTreeArray; +} + +void +nsCertTree::FreeCertArray() +{ + mDispInfo.Clear(); +} + +CompareCacheHashEntry* +nsCertTree::getCacheEntry(void* cache, void* aCert) +{ + PLDHashTable& aCompareCache = *static_cast(cache); + auto entryPtr = static_cast + (aCompareCache.Add(aCert, fallible)); + return entryPtr ? entryPtr->entry : nullptr; +} + +void nsCertTree::RemoveCacheEntry(void *key) +{ + mCompareCache.Remove(key); +} + +// CountOrganizations +// +// Count the number of different organizations encountered in the cert +// list. +int32_t +nsCertTree::CountOrganizations() +{ + uint32_t i, certCount; + certCount = mDispInfo.Length(); + if (certCount == 0) return 0; + nsCOMPtr orgCert = nullptr; + nsCertAddonInfo *addonInfo = mDispInfo.ElementAt(0)->mAddonInfo; + if (addonInfo) { + orgCert = addonInfo->mCert; + } + nsCOMPtr nextCert = nullptr; + int32_t orgCount = 1; + for (i=1; imAddonInfo; + if (addonInfo) { + nextCert = addonInfo->mCert; + } + // XXX we assume issuer org is always criterion 1 + if (CmpBy(&mCompareCache, orgCert, nextCert, sort_IssuerOrg, sort_None, sort_None) != 0) { + orgCert = nextCert; + orgCount++; + } + } + return orgCount; +} + +// GetThreadDescAtIndex +// +// If the row at index is an organization thread, return the collection +// associated with that thread. Otherwise, return null. +treeArrayEl * +nsCertTree::GetThreadDescAtIndex(int32_t index) +{ + int i, idx=0; + if (index < 0) return nullptr; + for (i=0; i index) break; + } + return nullptr; +} + +// GetCertAtIndex +// +// If the row at index is a cert, return that cert. Otherwise, return null. +already_AddRefed +nsCertTree::GetCertAtIndex(int32_t index, int32_t *outAbsoluteCertOffset) +{ + RefPtr certdi( + GetDispInfoAtIndex(index, outAbsoluteCertOffset)); + if (!certdi) + return nullptr; + + nsCOMPtr ret; + if (certdi->mCert) { + ret = certdi->mCert; + } else if (certdi->mAddonInfo) { + ret = certdi->mAddonInfo->mCert; + } + return ret.forget(); +} + +// If the row at index is a cert, return that cert. Otherwise, return null. +already_AddRefed +nsCertTree::GetDispInfoAtIndex(int32_t index, + int32_t *outAbsoluteCertOffset) +{ + int i, idx = 0, cIndex = 0, nc; + if (index < 0) return nullptr; + // Loop over the threads + for (i=0; i certdi(mDispInfo.SafeElementAt(certIndex, + nullptr)); + if (certdi) { + return certdi.forget(); + } + break; + } + if (mTreeArray[i].open) + idx += mTreeArray[i].numChildren; + cIndex += mTreeArray[i].numChildren; + if (idx > index) break; + } + return nullptr; +} + +nsCertTree::nsCertCompareFunc +nsCertTree::GetCompareFuncFromCertType(uint32_t aType) +{ + switch (aType) { + case nsIX509Cert::ANY_CERT: + case nsIX509Cert::USER_CERT: + return CmpUserCert; + case nsIX509Cert::CA_CERT: + return CmpCACert; + case nsIX509Cert::EMAIL_CERT: + return CmpEmailCert; + case nsIX509Cert::SERVER_CERT: + default: + return CmpWebSiteCert; + } +} + +struct nsCertAndArrayAndPositionAndCounterAndTracker +{ + RefPtr certai; + nsTArray< RefPtr > *array; + int position; + int counter; + nsTHashtable *tracker; +}; + +// Used to enumerate host:port overrides that match a stored +// certificate, creates and adds a display-info-object to the +// provided array. Increments insert position and entry counter. +// We remove the given key from the tracker, which is used to +// track entries that have not yet been handled. +// The created display-info references the cert, so make a note +// of that by incrementing the cert usage counter. +static void +MatchingCertOverridesCallback(const nsCertOverride &aSettings, + void *aUserData) +{ + nsCertAndArrayAndPositionAndCounterAndTracker *cap = + (nsCertAndArrayAndPositionAndCounterAndTracker*)aUserData; + if (!cap) + return; + + nsCertTreeDispInfo *certdi = new nsCertTreeDispInfo; + if (certdi) { + if (cap->certai) + cap->certai->mUsageCount++; + certdi->mAddonInfo = cap->certai; + certdi->mTypeOfEntry = nsCertTreeDispInfo::host_port_override; + certdi->mAsciiHost = aSettings.mAsciiHost; + certdi->mPort = aSettings.mPort; + certdi->mOverrideBits = aSettings.mOverrideBits; + certdi->mIsTemporary = aSettings.mIsTemporary; + certdi->mCert = aSettings.mCert; + cap->array->InsertElementAt(cap->position, certdi); + cap->position++; + cap->counter++; + } + + // this entry is now associated to a displayed cert, remove + // it from the list of remaining entries + nsAutoCString hostPort; + nsCertOverrideService::GetHostWithPort(aSettings.mAsciiHost, aSettings.mPort, hostPort); + cap->tracker->RemoveEntry(hostPort); +} + +// Used to collect a list of the (unique) host:port keys +// for all stored overrides. +static void +CollectAllHostPortOverridesCallback(const nsCertOverride &aSettings, + void *aUserData) +{ + nsTHashtable *collectorTable = + (nsTHashtable *)aUserData; + if (!collectorTable) + return; + + nsAutoCString hostPort; + nsCertOverrideService::GetHostWithPort(aSettings.mAsciiHost, aSettings.mPort, hostPort); + collectorTable->PutEntry(hostPort); +} + +struct nsArrayAndPositionAndCounterAndTracker +{ + nsTArray< RefPtr > *array; + int position; + int counter; + nsTHashtable *tracker; +}; + +// Used when enumerating the stored host:port overrides where +// no associated certificate was found in the NSS database. +static void +AddRemaningHostPortOverridesCallback(const nsCertOverride &aSettings, + void *aUserData) +{ + nsArrayAndPositionAndCounterAndTracker *cap = + (nsArrayAndPositionAndCounterAndTracker*)aUserData; + if (!cap) + return; + + nsAutoCString hostPort; + nsCertOverrideService::GetHostWithPort(aSettings.mAsciiHost, aSettings.mPort, hostPort); + if (!cap->tracker->GetEntry(hostPort)) + return; + + // This entry is not associated to any stored cert, + // so we still need to display it. + + nsCertTreeDispInfo *certdi = new nsCertTreeDispInfo; + if (certdi) { + certdi->mAddonInfo = nullptr; + certdi->mTypeOfEntry = nsCertTreeDispInfo::host_port_override; + certdi->mAsciiHost = aSettings.mAsciiHost; + certdi->mPort = aSettings.mPort; + certdi->mOverrideBits = aSettings.mOverrideBits; + certdi->mIsTemporary = aSettings.mIsTemporary; + certdi->mCert = aSettings.mCert; + cap->array->InsertElementAt(cap->position, certdi); + cap->position++; + cap->counter++; + } +} + +nsresult +nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList, + uint32_t aWantedType, + nsCertCompareFunc aCertCmpFn, + void *aCertCmpFnArg) +{ + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("GetCertsByTypeFromCertList")); + if (!aCertList) + return NS_ERROR_FAILURE; + + if (!mOriginalOverrideService) + return NS_ERROR_FAILURE; + + nsTHashtable allHostPortOverrideKeys; + + if (aWantedType == nsIX509Cert::SERVER_CERT) { + mOriginalOverrideService-> + EnumerateCertOverrides(nullptr, + CollectAllHostPortOverridesCallback, + &allHostPortOverrideKeys); + } + + CERTCertListNode *node; + int count = 0; + for (node = CERT_LIST_HEAD(aCertList); + !CERT_LIST_END(node, aCertList); + node = CERT_LIST_NEXT(node)) { + + bool wantThisCert = (aWantedType == nsIX509Cert::ANY_CERT); + bool wantThisCertIfNoOverrides = false; + bool wantThisCertIfHaveOverrides = false; + bool addOverrides = false; + + if (!wantThisCert) { + uint32_t thisCertType = getCertType(node->cert); + + // The output from getCertType is a "guess", which can be wrong. + // The guess is based on stored trust flags, but for the host:port + // overrides, we are storing certs without any trust flags associated. + // So we must check whether the cert really belongs to the + // server, email or unknown tab. We will lookup the cert in the override + // list to come to the decision. Unfortunately, the lookup in the + // override list is quite expensive. Therefore we are using this + // lengthy if/else statement to minimize + // the number of override-list-lookups. + + if (aWantedType == nsIX509Cert::SERVER_CERT + && thisCertType == nsIX509Cert::UNKNOWN_CERT) { + // This unknown cert was stored without trust + // Are there host:port based overrides stored? + // If yes, display them. + addOverrides = true; + } + else + if (aWantedType == nsIX509Cert::UNKNOWN_CERT + && thisCertType == nsIX509Cert::UNKNOWN_CERT) { + // This unknown cert was stored without trust. + // If there are associated overrides, do not show as unknown. + // If there are no associated overrides, display as unknown. + wantThisCertIfNoOverrides = true; + } + else + if (aWantedType == nsIX509Cert::SERVER_CERT + && thisCertType == nsIX509Cert::SERVER_CERT) { + // This server cert is explicitly marked as a web site peer, + // with or without trust, but editable, so show it + wantThisCert = true; + // Are there host:port based overrides stored? + // If yes, display them. + addOverrides = true; + } + else + if (aWantedType == nsIX509Cert::SERVER_CERT + && thisCertType == nsIX509Cert::EMAIL_CERT) { + // This cert might have been categorized as an email cert + // because it carries an email address. But is it really one? + // Our cert categorization is uncertain when it comes to + // distinguish between email certs and web site certs. + // So, let's see if we have an override for that cert + // and if there is, conclude it's really a web site cert. + addOverrides = true; + } + else + if (aWantedType == nsIX509Cert::EMAIL_CERT + && thisCertType == nsIX509Cert::EMAIL_CERT) { + // This cert might have been categorized as an email cert + // because it carries an email address. But is it really one? + // Our cert categorization is uncertain when it comes to + // distinguish between email certs and web site certs. + // So, let's see if we have an override for that cert + // and if there is, conclude it's really a web site cert. + wantThisCertIfNoOverrides = true; + } + else + if (thisCertType == aWantedType) { + wantThisCert = true; + } + } + + nsCOMPtr pipCert = nsNSSCertificate::Create(node->cert); + if (!pipCert) + return NS_ERROR_OUT_OF_MEMORY; + + if (wantThisCertIfNoOverrides || wantThisCertIfHaveOverrides) { + uint32_t ocount = 0; + nsresult rv = + mOverrideService->IsCertUsedForOverrides(pipCert, + true, // we want temporaries + true, // we want permanents + &ocount); + if (wantThisCertIfNoOverrides) { + if (NS_FAILED(rv) || ocount == 0) { + // no overrides for this cert + wantThisCert = true; + } + } + + if (wantThisCertIfHaveOverrides) { + if (NS_SUCCEEDED(rv) && ocount > 0) { + // there are overrides for this cert + wantThisCert = true; + } + } + } + + RefPtr certai(new nsCertAddonInfo); + certai->mCert = pipCert; + certai->mUsageCount = 0; + + if (wantThisCert || addOverrides) { + int InsertPosition = 0; + for (; InsertPosition < count; ++InsertPosition) { + nsCOMPtr cert = nullptr; + RefPtr elem( + mDispInfo.SafeElementAt(InsertPosition, nullptr)); + if (elem && elem->mAddonInfo) { + cert = elem->mAddonInfo->mCert; + } + if ((*aCertCmpFn)(aCertCmpFnArg, pipCert, cert) < 0) { + break; + } + } + if (wantThisCert) { + nsCertTreeDispInfo *certdi = new nsCertTreeDispInfo; + certdi->mAddonInfo = certai; + certai->mUsageCount++; + certdi->mTypeOfEntry = nsCertTreeDispInfo::direct_db; + // not necessary: certdi->mAsciiHost.Clear(); certdi->mPort = -1; + certdi->mOverrideBits = nsCertOverride::ob_None; + certdi->mIsTemporary = false; + mDispInfo.InsertElementAt(InsertPosition, certdi); + ++count; + ++InsertPosition; + } + if (addOverrides) { + nsCertAndArrayAndPositionAndCounterAndTracker cap; + cap.certai = certai; + cap.array = &mDispInfo; + cap.position = InsertPosition; + cap.counter = 0; + cap.tracker = &allHostPortOverrideKeys; + + mOriginalOverrideService-> + EnumerateCertOverrides(pipCert, MatchingCertOverridesCallback, &cap); + count += cap.counter; + } + } + } + + if (aWantedType == nsIX509Cert::SERVER_CERT) { + nsArrayAndPositionAndCounterAndTracker cap; + cap.array = &mDispInfo; + cap.position = 0; + cap.counter = 0; + cap.tracker = &allHostPortOverrideKeys; + mOriginalOverrideService-> + EnumerateCertOverrides(nullptr, AddRemaningHostPortOverridesCallback, &cap); + } + + return NS_OK; +} + +nsresult +nsCertTree::GetCertsByType(uint32_t aType, + nsCertCompareFunc aCertCmpFn, + void *aCertCmpFnArg) +{ + nsNSSShutDownPreventionLock locker; + nsCOMPtr cxt = new PipUIContext(); + UniqueCERTCertList certList(PK11_ListCerts(PK11CertListUnique, cxt)); + return GetCertsByTypeFromCertList(certList.get(), aType, aCertCmpFn, + aCertCmpFnArg); +} + +nsresult +nsCertTree::GetCertsByTypeFromCache(nsIX509CertList *aCache, + uint32_t aType, + nsCertCompareFunc aCertCmpFn, + void *aCertCmpFnArg) +{ + NS_ENSURE_ARG_POINTER(aCache); + // GetRawCertList checks for NSS shutdown since we can't do it ourselves here + // easily. We still have to acquire a shutdown prevention lock to prevent NSS + // shutting down after GetRawCertList has returned. While cumbersome, this is + // at least mostly correct. The rest of this implementation doesn't even go + // this far in attempting to check for or prevent NSS shutdown at the + // appropriate times. If this were reimplemented at a higher level using + // more encapsulated types that handled NSS shutdown themselves, we wouldn't + // be having these kinds of problems. + nsNSSShutDownPreventionLock locker; + CERTCertList* certList = aCache->GetRawCertList(); + if (!certList) + return NS_ERROR_FAILURE; + return GetCertsByTypeFromCertList(certList, aType, aCertCmpFn, aCertCmpFnArg); +} + +// LoadCerts +// +// Load all of the certificates in the DB for this type. Sort them +// by token, organization, then common name. +NS_IMETHODIMP +nsCertTree::LoadCertsFromCache(nsIX509CertList *aCache, uint32_t aType) +{ + if (mTreeArray) { + FreeCertArray(); + delete [] mTreeArray; + mTreeArray = nullptr; + mNumRows = 0; + } + ClearCompareHash(); + + nsresult rv = GetCertsByTypeFromCache(aCache, aType, + GetCompareFuncFromCertType(aType), + &mCompareCache); + if (NS_FAILED(rv)) return rv; + return UpdateUIContents(); +} + +NS_IMETHODIMP +nsCertTree::LoadCerts(uint32_t aType) +{ + if (mTreeArray) { + FreeCertArray(); + delete [] mTreeArray; + mTreeArray = nullptr; + mNumRows = 0; + } + ClearCompareHash(); + + nsresult rv = GetCertsByType(aType, GetCompareFuncFromCertType(aType), + &mCompareCache); + if (NS_FAILED(rv)) return rv; + return UpdateUIContents(); +} + +nsresult +nsCertTree::UpdateUIContents() +{ + uint32_t count = mDispInfo.Length(); + mNumOrgs = CountOrganizations(); + mTreeArray = new treeArrayEl[mNumOrgs]; + + mCellText = nsArrayBase::Create(); + +if (count) { + uint32_t j = 0; + nsCOMPtr orgCert = nullptr; + nsCertAddonInfo *addonInfo = mDispInfo.ElementAt(j)->mAddonInfo; + if (addonInfo) { + orgCert = addonInfo->mCert; + } + for (int32_t i=0; iGetPIPNSSBundleString("CertOrgUnknown", orgNameRef); + } + else { + orgCert->GetIssuerOrganization(orgNameRef); + if (orgNameRef.IsEmpty()) + orgCert->GetCommonName(orgNameRef); + } + mTreeArray[i].open = true; + mTreeArray[i].certIndex = j; + mTreeArray[i].numChildren = 1; + if (++j >= count) break; + nsCOMPtr nextCert = nullptr; + nsCertAddonInfo *addonInfo = mDispInfo.SafeElementAt(j, nullptr)->mAddonInfo; + if (addonInfo) { + nextCert = addonInfo->mCert; + } + while (0 == CmpBy(&mCompareCache, orgCert, nextCert, sort_IssuerOrg, sort_None, sort_None)) { + mTreeArray[i].numChildren++; + if (++j >= count) break; + nextCert = nullptr; + addonInfo = mDispInfo.SafeElementAt(j, nullptr)->mAddonInfo; + if (addonInfo) { + nextCert = addonInfo->mCert; + } + } + orgCert = nextCert; + } +} + if (mTree) { + mTree->BeginUpdateBatch(); + mTree->RowCountChanged(0, -mNumRows); + } + mNumRows = count + mNumOrgs; + if (mTree) + mTree->EndUpdateBatch(); + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::DeleteEntryObject(uint32_t index) +{ + if (!mTreeArray) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr certdb = + do_GetService("@mozilla.org/security/x509certdb;1"); + if (!certdb) { + return NS_ERROR_FAILURE; + } + + int i; + uint32_t idx = 0, cIndex = 0, nc; + // Loop over the threads + for (i=0; i certdi(mDispInfo.SafeElementAt(certIndex, + nullptr)); + + // We will remove the element from the visual tree. + // Only if we have a certdi, then we can check for additional actions. + nsCOMPtr cert = nullptr; + if (certdi) { + if (certdi->mAddonInfo) { + cert = certdi->mAddonInfo->mCert; + } + nsCertAddonInfo* addonInfo = + certdi->mAddonInfo ? certdi->mAddonInfo.get() : nullptr; + if (certdi->mTypeOfEntry == nsCertTreeDispInfo::host_port_override) { + mOverrideService->ClearValidityOverride(certdi->mAsciiHost, certdi->mPort); + if (addonInfo) { + addonInfo->mUsageCount--; + if (addonInfo->mUsageCount == 0) { + // The certificate stored in the database is no longer + // referenced by any other object displayed. + // That means we no longer need to keep it around + // and really can remove it. + canRemoveEntry = true; + } + } + } + else { + if (addonInfo && addonInfo->mUsageCount > 1) { + // user is trying to delete a perm trusted cert, + // although there are still overrides stored, + // so, we keep the cert, but remove the trust + + UniqueCERTCertificate nsscert(cert->GetCert()); + + if (nsscert) { + CERTCertTrust trust; + memset((void*)&trust, 0, sizeof(trust)); + + SECStatus srv = CERT_DecodeTrustString(&trust, ""); // no override + if (srv == SECSuccess) { + CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nsscert.get(), + &trust); + } + } + } + else { + canRemoveEntry = true; + } + } + } + + mDispInfo.RemoveElementAt(certIndex); + + if (canRemoveEntry) { + RemoveCacheEntry(cert); + certdb->DeleteCertificate(cert); + } + + delete [] mTreeArray; + mTreeArray = nullptr; + return UpdateUIContents(); + } + if (mTreeArray[i].open) + idx += mTreeArray[i].numChildren; + cIndex += mTreeArray[i].numChildren; + if (idx > index) + break; + } + return NS_ERROR_FAILURE; +} + +////////////////////////////////////////////////////////////////////////////// +// +// Begin nsITreeView methods +// +///////////////////////////////////////////////////////////////////////////// + +NS_IMETHODIMP +nsCertTree::GetCert(uint32_t aIndex, nsIX509Cert **_cert) +{ + NS_ENSURE_ARG(_cert); + *_cert = GetCertAtIndex(aIndex).take(); + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::GetTreeItem(uint32_t aIndex, nsICertTreeItem **_treeitem) +{ + NS_ENSURE_ARG(_treeitem); + + RefPtr certdi(GetDispInfoAtIndex(aIndex)); + if (!certdi) + return NS_ERROR_FAILURE; + + *_treeitem = certdi; + NS_IF_ADDREF(*_treeitem); + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::GetRowCount(int32_t *aRowCount) +{ + if (!mTreeArray) + return NS_ERROR_NOT_INITIALIZED; + uint32_t count = 0; + for (int32_t i=0; iopen) { + *_retval = true; + } else { + *_retval = false; + } + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::IsContainerEmpty(int32_t index, bool *_retval) +{ + *_retval = !mTreeArray; + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::IsSeparator(int32_t index, bool *_retval) +{ + *_retval = false; + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::GetParentIndex(int32_t rowIndex, int32_t *_retval) +{ + if (!mTreeArray) + return NS_ERROR_NOT_INITIALIZED; + int i, idx = 0; + for (i = 0; i < mNumOrgs && idx < rowIndex; i++, idx++) { + if (mTreeArray[i].open) { + if (rowIndex <= idx + mTreeArray[i].numChildren) { + *_retval = idx; + return NS_OK; + } + idx += mTreeArray[i].numChildren; + } + } + *_retval = -1; + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::HasNextSibling(int32_t rowIndex, int32_t afterIndex, + bool *_retval) +{ + if (!mTreeArray) + return NS_ERROR_NOT_INITIALIZED; + + int i, idx = 0; + for (i = 0; i < mNumOrgs && idx <= rowIndex; i++, idx++) { + if (mTreeArray[i].open) { + idx += mTreeArray[i].numChildren; + if (afterIndex <= idx) { + *_retval = afterIndex < idx; + return NS_OK; + } + } + } + *_retval = false; + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::GetLevel(int32_t index, int32_t *_retval) +{ + if (!mTreeArray) + return NS_ERROR_NOT_INITIALIZED; + treeArrayEl *el = GetThreadDescAtIndex(index); + if (el) { + *_retval = 0; + } else { + *_retval = 1; + } + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::GetImageSrc(int32_t row, nsITreeColumn* col, + nsAString& _retval) +{ + _retval.Truncate(); + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::GetProgressMode(int32_t row, nsITreeColumn* col, int32_t* _retval) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::GetCellValue(int32_t row, nsITreeColumn* col, + nsAString& _retval) +{ + _retval.Truncate(); + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::GetCellText(int32_t row, nsITreeColumn* col, + nsAString& _retval) +{ + if (!mTreeArray) + return NS_ERROR_NOT_INITIALIZED; + + nsresult rv = NS_OK; + _retval.Truncate(); + + const char16_t* colID; + col->GetIdConst(&colID); + + treeArrayEl *el = GetThreadDescAtIndex(row); + if (el) { + if (NS_LITERAL_STRING("certcol").Equals(colID)) + _retval.Assign(el->orgName); + else + _retval.Truncate(); + return NS_OK; + } + + int32_t absoluteCertOffset; + RefPtr certdi(GetDispInfoAtIndex(row, &absoluteCertOffset)); + if (!certdi) + return NS_ERROR_FAILURE; + + nsCOMPtr cert = certdi->mCert; + if (!cert && certdi->mAddonInfo) { + cert = certdi->mAddonInfo->mCert; + } + + int32_t colIndex; + col->GetIndex(&colIndex); + uint32_t arrayIndex=absoluteCertOffset+colIndex*(mNumRows-mNumOrgs); + uint32_t arrayLength=0; + if (mCellText) { + mCellText->GetLength(&arrayLength); + } + if (arrayIndex < arrayLength) { + nsCOMPtr myString(do_QueryElementAt(mCellText, arrayIndex)); + if (myString) { + myString->GetData(_retval); + return NS_OK; + } + } + + if (NS_LITERAL_STRING("certcol").Equals(colID)) { + if (!cert) { + mNSSComponent->GetPIPNSSBundleString("CertNotStored", _retval); + } + else { + rv = cert->GetCommonName(_retval); + if (NS_FAILED(rv) || _retval.IsEmpty()) { + // kaie: I didn't invent the idea to cut off anything before + // the first colon. :-) + nsAutoString nick; + rv = cert->GetNickname(nick); + + nsAString::const_iterator start, end, end2; + nick.BeginReading(start); + nick.EndReading(end); + end2 = end; + + if (FindInReadable(NS_LITERAL_STRING(":"), start, end)) { + // found. end points to the first char after the colon, + // that's what we want. + _retval = Substring(end, end2); + } + else { + _retval = nick; + } + } + } + } else if (NS_LITERAL_STRING("tokencol").Equals(colID) && cert) { + rv = cert->GetTokenName(_retval); + } else if (NS_LITERAL_STRING("emailcol").Equals(colID) && cert) { + rv = cert->GetEmailAddress(_retval); + } else if (NS_LITERAL_STRING("issuedcol").Equals(colID) && cert) { + nsCOMPtr validity; + + rv = cert->GetValidity(getter_AddRefs(validity)); + if (NS_SUCCEEDED(rv)) { + validity->GetNotBeforeLocalDay(_retval); + } + } else if (NS_LITERAL_STRING("expiredcol").Equals(colID) && cert) { + nsCOMPtr validity; + + rv = cert->GetValidity(getter_AddRefs(validity)); + if (NS_SUCCEEDED(rv)) { + validity->GetNotAfterLocalDay(_retval); + } + } else if (NS_LITERAL_STRING("serialnumcol").Equals(colID) && cert) { + rv = cert->GetSerialNumber(_retval); + } else if (NS_LITERAL_STRING("sitecol").Equals(colID)) { + if (certdi->mTypeOfEntry == nsCertTreeDispInfo::host_port_override) { + nsAutoCString hostPort; + nsCertOverrideService::GetHostWithPort(certdi->mAsciiHost, certdi->mPort, hostPort); + _retval = NS_ConvertUTF8toUTF16(hostPort); + } + else { + _retval = NS_LITERAL_STRING("*"); + } + } else if (NS_LITERAL_STRING("lifetimecol").Equals(colID)) { + const char *stringID = + (certdi->mIsTemporary) ? "CertExceptionTemporary" : "CertExceptionPermanent"; + rv = mNSSComponent->GetPIPNSSBundleString(stringID, _retval); + } else { + return NS_ERROR_FAILURE; + } + if (mCellText) { + nsCOMPtr text(do_CreateInstance(NS_SUPPORTS_STRING_CONTRACTID, &rv)); + NS_ENSURE_SUCCESS(rv, rv); + text->SetData(_retval); + mCellText->ReplaceElementAt(text, arrayIndex, false); + } + return rv; +} + +NS_IMETHODIMP +nsCertTree::SetTree(nsITreeBoxObject *tree) +{ + mTree = tree; + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::ToggleOpenState(int32_t index) +{ + if (!mTreeArray) + return NS_ERROR_NOT_INITIALIZED; + treeArrayEl *el = GetThreadDescAtIndex(index); + if (el) { + el->open = !el->open; + int32_t newChildren = (el->open) ? el->numChildren : -el->numChildren; + if (mTree) mTree->RowCountChanged(index + 1, newChildren); + } + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::CycleHeader(nsITreeColumn* col) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::SelectionChanged() +{ + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsCertTree::CycleCell(int32_t row, nsITreeColumn* col) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::IsEditable(int32_t row, nsITreeColumn* col, bool *_retval) +{ + *_retval = false; + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::IsSelectable(int32_t row, nsITreeColumn* col, bool *_retval) +{ + *_retval = false; + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::SetCellValue(int32_t row, nsITreeColumn* col, + const nsAString& value) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::SetCellText(int32_t row, nsITreeColumn* col, + const nsAString& value) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::PerformAction(const char16_t *action) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::PerformActionOnRow(const char16_t *action, int32_t row) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsCertTree::PerformActionOnCell(const char16_t *action, int32_t row, + nsITreeColumn* col) +{ + return NS_OK; +} + +#ifdef DEBUG_CERT_TREE +void +nsCertTree::dumpMap() +{ + for (int i=0; iorgName); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("thread desc[%d]: %s", i, NS_LossyConvertUTF16toASCII(td).get())); + } + nsCOMPtr ct = GetCertAtIndex(i); + if (ct) { + char16_t *goo; + ct->GetCommonName(&goo); + nsAutoString doo(goo); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("cert [%d]: %s", i, NS_LossyConvertUTF16toASCII(doo).get())); + } + } +} +#endif + +// +// CanDrop +// +NS_IMETHODIMP nsCertTree::CanDrop(int32_t index, int32_t orientation, + nsIDOMDataTransfer* aDataTransfer, bool *_retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + *_retval = false; + + return NS_OK; +} + + +// +// Drop +// +NS_IMETHODIMP nsCertTree::Drop(int32_t row, int32_t orient, nsIDOMDataTransfer* aDataTransfer) +{ + return NS_OK; +} + + +// +// IsSorted +// +// ... +// +NS_IMETHODIMP nsCertTree::IsSorted(bool *_retval) +{ + *_retval = false; + return NS_OK; +} + +#define RETURN_NOTHING + +void +nsCertTree::CmpInitCriterion(nsIX509Cert *cert, CompareCacheHashEntry *entry, + sortCriterion crit, int32_t level) +{ + NS_ENSURE_TRUE(cert && entry, RETURN_NOTHING); + + entry->mCritInit[level] = true; + nsXPIDLString &str = entry->mCrit[level]; + + switch (crit) { + case sort_IssuerOrg: + cert->GetIssuerOrganization(str); + if (str.IsEmpty()) + cert->GetCommonName(str); + break; + case sort_Org: + cert->GetOrganization(str); + break; + case sort_Token: + cert->GetTokenName(str); + break; + case sort_CommonName: + cert->GetCommonName(str); + break; + case sort_IssuedDateDescending: + { + nsresult rv; + nsCOMPtr validity; + PRTime notBefore; + + rv = cert->GetValidity(getter_AddRefs(validity)); + if (NS_SUCCEEDED(rv)) { + rv = validity->GetNotBefore(¬Before); + } + + if (NS_SUCCEEDED(rv)) { + PRExplodedTime explodedTime; + PR_ExplodeTime(notBefore, PR_GMTParameters, &explodedTime); + char datebuf[20]; // 4 + 2 + 2 + 2 + 2 + 2 + 1 = 15 + if (0 != PR_FormatTime(datebuf, sizeof(datebuf), "%Y%m%d%H%M%S", &explodedTime)) { + str = NS_ConvertASCIItoUTF16(nsDependentCString(datebuf)); + } + } + } + break; + case sort_Email: + cert->GetEmailAddress(str); + break; + case sort_None: + default: + break; + } +} + +int32_t +nsCertTree::CmpByCrit(nsIX509Cert *a, CompareCacheHashEntry *ace, + nsIX509Cert *b, CompareCacheHashEntry *bce, + sortCriterion crit, int32_t level) +{ + NS_ENSURE_TRUE(a && ace && b && bce, 0); + + if (!ace->mCritInit[level]) { + CmpInitCriterion(a, ace, crit, level); + } + + if (!bce->mCritInit[level]) { + CmpInitCriterion(b, bce, crit, level); + } + + nsXPIDLString &str_a = ace->mCrit[level]; + nsXPIDLString &str_b = bce->mCrit[level]; + + int32_t result; + if (str_a && str_b) + result = Compare(str_a, str_b, nsCaseInsensitiveStringComparator()); + else + result = !str_a ? (!str_b ? 0 : -1) : 1; + + if (sort_IssuedDateDescending == crit) + result *= -1; // reverse compare order + + return result; +} + +int32_t +nsCertTree::CmpBy(void *cache, nsIX509Cert *a, nsIX509Cert *b, + sortCriterion c0, sortCriterion c1, sortCriterion c2) +{ + // This will be called when comparing items for display sorting. + // Some items might have no cert associated, so either a or b is null. + // We want all those orphans show at the top of the list, + // so we treat a null cert as "smaller" by returning -1. + // We don't try to sort within the group of no-cert entries, + // so we treat them as equal wrt sort order. + + if (!a && !b) + return 0; + + if (!a) + return -1; + + if (!b) + return 1; + + NS_ENSURE_TRUE(cache && a && b, 0); + + CompareCacheHashEntry *ace = getCacheEntry(cache, a); + CompareCacheHashEntry *bce = getCacheEntry(cache, b); + + int32_t cmp; + cmp = CmpByCrit(a, ace, b, bce, c0, 0); + if (cmp != 0) + return cmp; + + if (c1 != sort_None) { + cmp = CmpByCrit(a, ace, b, bce, c1, 1); + if (cmp != 0) + return cmp; + + if (c2 != sort_None) { + return CmpByCrit(a, ace, b, bce, c2, 2); + } + } + + return cmp; +} + +int32_t +nsCertTree::CmpCACert(void *cache, nsIX509Cert *a, nsIX509Cert *b) +{ + // XXX we assume issuer org is always criterion 1 + return CmpBy(cache, a, b, sort_IssuerOrg, sort_Org, sort_Token); +} + +int32_t +nsCertTree::CmpWebSiteCert(void *cache, nsIX509Cert *a, nsIX509Cert *b) +{ + // XXX we assume issuer org is always criterion 1 + return CmpBy(cache, a, b, sort_IssuerOrg, sort_CommonName, sort_None); +} + +int32_t +nsCertTree::CmpUserCert(void *cache, nsIX509Cert *a, nsIX509Cert *b) +{ + // XXX we assume issuer org is always criterion 1 + return CmpBy(cache, a, b, sort_IssuerOrg, sort_Token, sort_IssuedDateDescending); +} + +int32_t +nsCertTree::CmpEmailCert(void *cache, nsIX509Cert *a, nsIX509Cert *b) +{ + // XXX we assume issuer org is always criterion 1 + return CmpBy(cache, a, b, sort_IssuerOrg, sort_Email, sort_CommonName); +} + diff --git a/security/manager/ssl/nsCertTree.h b/security/manager/ssl/nsCertTree.h new file mode 100644 index 000000000..bf17b4efa --- /dev/null +++ b/security/manager/ssl/nsCertTree.h @@ -0,0 +1,154 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _NS_CERTTREE_H_ +#define _NS_CERTTREE_H_ + +#include "nsCOMPtr.h" +#include "nsIServiceManager.h" +#include "nsICertTree.h" +#include "nsITreeView.h" +#include "nsITreeBoxObject.h" +#include "nsITreeSelection.h" +#include "nsIMutableArray.h" +#include "nsNSSComponent.h" +#include "nsTArray.h" +#include "PLDHashTable.h" +#include "nsIX509CertDB.h" +#include "nsCertOverrideService.h" +#include "mozilla/Attributes.h" + +typedef struct treeArrayElStr treeArrayEl; + +struct CompareCacheHashEntry { + enum { max_criterions = 3 }; + CompareCacheHashEntry(); + + void *key; // no ownership + bool mCritInit[max_criterions]; + nsXPIDLString mCrit[max_criterions]; +}; + +struct CompareCacheHashEntryPtr : PLDHashEntryHdr { + CompareCacheHashEntryPtr(); + ~CompareCacheHashEntryPtr(); + CompareCacheHashEntry *entry; +}; + +class nsCertAddonInfo final : public nsISupports +{ +private: + ~nsCertAddonInfo() {} + +public: + NS_DECL_ISUPPORTS + + nsCertAddonInfo() : mUsageCount(0) {} + + RefPtr mCert; + // how many display entries reference this? + // (and therefore depend on the underlying cert) + int32_t mUsageCount; +}; + +class nsCertTreeDispInfo : public nsICertTreeItem +{ +protected: + virtual ~nsCertTreeDispInfo(); + +public: + NS_DECL_ISUPPORTS + NS_DECL_NSICERTTREEITEM + + nsCertTreeDispInfo(); + nsCertTreeDispInfo(nsCertTreeDispInfo &other); + + RefPtr mAddonInfo; + enum { + direct_db, host_port_override + } mTypeOfEntry; + nsCString mAsciiHost; + int32_t mPort; + nsCertOverride::OverrideBits mOverrideBits; + bool mIsTemporary; + nsCOMPtr mCert; +}; + +class nsCertTree : public nsICertTree +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSICERTTREE + NS_DECL_NSITREEVIEW + + nsCertTree(); + + enum sortCriterion { sort_IssuerOrg, sort_Org, sort_Token, + sort_CommonName, sort_IssuedDateDescending, sort_Email, sort_None }; + +protected: + virtual ~nsCertTree(); + + void ClearCompareHash(); + void RemoveCacheEntry(void *key); + + typedef int (*nsCertCompareFunc)(void *, nsIX509Cert *a, nsIX509Cert *b); + + static CompareCacheHashEntry *getCacheEntry(void *cache, void *aCert); + static void CmpInitCriterion(nsIX509Cert *cert, CompareCacheHashEntry *entry, + sortCriterion crit, int32_t level); + static int32_t CmpByCrit(nsIX509Cert *a, CompareCacheHashEntry *ace, + nsIX509Cert *b, CompareCacheHashEntry *bce, + sortCriterion crit, int32_t level); + static int32_t CmpBy(void *cache, nsIX509Cert *a, nsIX509Cert *b, + sortCriterion c0, sortCriterion c1, sortCriterion c2); + static int32_t CmpCACert(void *cache, nsIX509Cert *a, nsIX509Cert *b); + static int32_t CmpWebSiteCert(void *cache, nsIX509Cert *a, nsIX509Cert *b); + static int32_t CmpUserCert(void *cache, nsIX509Cert *a, nsIX509Cert *b); + static int32_t CmpEmailCert(void *cache, nsIX509Cert *a, nsIX509Cert *b); + nsCertCompareFunc GetCompareFuncFromCertType(uint32_t aType); + int32_t CountOrganizations(); + + nsresult GetCertsByType(uint32_t aType, nsCertCompareFunc aCertCmpFn, + void *aCertCmpFnArg); + + nsresult GetCertsByTypeFromCache(nsIX509CertList *aCache, uint32_t aType, + nsCertCompareFunc aCertCmpFn, void *aCertCmpFnArg); +private: + static const uint32_t kInitialCacheLength = 64; + + nsTArray< RefPtr > mDispInfo; + nsCOMPtr mTree; + nsCOMPtr mSelection; + treeArrayEl *mTreeArray; + int32_t mNumOrgs; + int32_t mNumRows; + PLDHashTable mCompareCache; + nsCOMPtr mNSSComponent; + nsCOMPtr mOverrideService; + RefPtr mOriginalOverrideService; + + treeArrayEl *GetThreadDescAtIndex(int32_t _index); + already_AddRefed + GetCertAtIndex(int32_t _index, int32_t *outAbsoluteCertOffset = nullptr); + already_AddRefed + GetDispInfoAtIndex(int32_t index, int32_t *outAbsoluteCertOffset = nullptr); + void FreeCertArray(); + nsresult UpdateUIContents(); + + nsresult GetCertsByTypeFromCertList(CERTCertList *aCertList, + uint32_t aType, + nsCertCompareFunc aCertCmpFn, + void *aCertCmpFnArg); + + nsCOMPtr mCellText; + +#ifdef DEBUG_CERT_TREE + /* for debugging purposes */ + void dumpMap(); +#endif +}; + +#endif /* _NS_CERTTREE_H_ */ + diff --git a/security/manager/ssl/nsClientAuthRemember.cpp b/security/manager/ssl/nsClientAuthRemember.cpp new file mode 100644 index 000000000..059955901 --- /dev/null +++ b/security/manager/ssl/nsClientAuthRemember.cpp @@ -0,0 +1,213 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsClientAuthRemember.h" + +#include "nsIX509Cert.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/RefPtr.h" +#include "nsCRT.h" +#include "nsNSSCertHelper.h" +#include "nsIObserverService.h" +#include "nsNetUtil.h" +#include "nsISupportsPrimitives.h" +#include "nsPromiseFlatString.h" +#include "nsThreadUtils.h" +#include "nsStringBuffer.h" +#include "cert.h" +#include "nspr.h" +#include "pk11pub.h" +#include "certdb.h" +#include "sechash.h" +#include "SharedSSLState.h" + +using namespace mozilla; +using namespace mozilla::psm; + +NS_IMPL_ISUPPORTS(nsClientAuthRememberService, + nsIObserver, + nsISupportsWeakReference) + +nsClientAuthRememberService::nsClientAuthRememberService() + : monitor("nsClientAuthRememberService.monitor") +{ +} + +nsClientAuthRememberService::~nsClientAuthRememberService() +{ + RemoveAllFromMemory(); +} + +nsresult +nsClientAuthRememberService::Init() +{ + if (!NS_IsMainThread()) { + NS_ERROR("nsClientAuthRememberService::Init called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + nsCOMPtr observerService = + mozilla::services::GetObserverService(); + if (observerService) { + observerService->AddObserver(this, "profile-before-change", true); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsClientAuthRememberService::Observe(nsISupports* aSubject, + const char* aTopic, + const char16_t* aData) +{ + // check the topic + if (!nsCRT::strcmp(aTopic, "profile-before-change")) { + // The profile is about to change, + // or is going away because the application is shutting down. + + ReentrantMonitorAutoEnter lock(monitor); + RemoveAllFromMemory(); + } + + return NS_OK; +} + +void nsClientAuthRememberService::ClearRememberedDecisions() +{ + ReentrantMonitorAutoEnter lock(monitor); + RemoveAllFromMemory(); +} + +void nsClientAuthRememberService::ClearAllRememberedDecisions() +{ + RefPtr svc = + PublicSSLState()->GetClientAuthRememberService(); + svc->ClearRememberedDecisions(); + + svc = PrivateSSLState()->GetClientAuthRememberService(); + svc->ClearRememberedDecisions(); +} + +void +nsClientAuthRememberService::RemoveAllFromMemory() +{ + mSettingsTable.Clear(); +} + +nsresult +nsClientAuthRememberService::RememberDecision( + const nsACString& aHostName, const NeckoOriginAttributes& aOriginAttributes, + CERTCertificate* aServerCert, CERTCertificate* aClientCert) +{ + // aClientCert == nullptr means: remember that user does not want to use a cert + NS_ENSURE_ARG_POINTER(aServerCert); + if (aHostName.IsEmpty()) { + return NS_ERROR_INVALID_ARG; + } + + nsAutoCString fpStr; + nsresult rv = GetCertFingerprintByOidTag(aServerCert, SEC_OID_SHA256, fpStr); + if (NS_FAILED(rv)) { + return rv; + } + + { + ReentrantMonitorAutoEnter lock(monitor); + if (aClientCert) { + RefPtr pipCert(new nsNSSCertificate(aClientCert)); + nsAutoCString dbkey; + rv = pipCert->GetDbKey(dbkey); + if (NS_SUCCEEDED(rv)) { + AddEntryToList(aHostName, aOriginAttributes, fpStr, dbkey); + } + } else { + nsCString empty; + AddEntryToList(aHostName, aOriginAttributes, fpStr, empty); + } + } + + return NS_OK; +} + +nsresult +nsClientAuthRememberService::HasRememberedDecision( + const nsACString& aHostName, const NeckoOriginAttributes& aOriginAttributes, + CERTCertificate* aCert, nsACString& aCertDBKey, bool* aRetVal) +{ + if (aHostName.IsEmpty()) + return NS_ERROR_INVALID_ARG; + + NS_ENSURE_ARG_POINTER(aCert); + NS_ENSURE_ARG_POINTER(aRetVal); + *aRetVal = false; + + nsresult rv; + nsAutoCString fpStr; + rv = GetCertFingerprintByOidTag(aCert, SEC_OID_SHA256, fpStr); + if (NS_FAILED(rv)) + return rv; + + nsAutoCString entryKey; + GetEntryKey(aHostName, aOriginAttributes, fpStr, entryKey); + nsClientAuthRemember settings; + + { + ReentrantMonitorAutoEnter lock(monitor); + nsClientAuthRememberEntry* entry = mSettingsTable.GetEntry(entryKey.get()); + if (!entry) + return NS_OK; + settings = entry->mSettings; // copy + } + + aCertDBKey = settings.mDBKey; + *aRetVal = true; + return NS_OK; +} + +nsresult +nsClientAuthRememberService::AddEntryToList( + const nsACString& aHostName, const NeckoOriginAttributes& aOriginAttributes, + const nsACString& aFingerprint, const nsACString& aDBKey) +{ + nsAutoCString entryKey; + GetEntryKey(aHostName, aOriginAttributes, aFingerprint, entryKey); + + { + ReentrantMonitorAutoEnter lock(monitor); + nsClientAuthRememberEntry* entry = mSettingsTable.PutEntry(entryKey.get()); + + if (!entry) { + NS_ERROR("can't insert a null entry!"); + return NS_ERROR_OUT_OF_MEMORY; + } + + entry->mEntryKey = entryKey; + + nsClientAuthRemember& settings = entry->mSettings; + settings.mAsciiHost = aHostName; + settings.mFingerprint = aFingerprint; + settings.mDBKey = aDBKey; + } + + return NS_OK; +} + +void +nsClientAuthRememberService::GetEntryKey( + const nsACString& aHostName, + const NeckoOriginAttributes& aOriginAttributes, + const nsACString& aFingerprint, + nsACString& aEntryKey) +{ + nsAutoCString hostCert(aHostName); + nsAutoCString suffix; + aOriginAttributes.CreateSuffix(suffix); + hostCert.Append(suffix); + hostCert.Append(':'); + hostCert.Append(aFingerprint); + + aEntryKey.Assign(hostCert); +} diff --git a/security/manager/ssl/nsClientAuthRemember.h b/security/manager/ssl/nsClientAuthRemember.h new file mode 100644 index 000000000..1be5601ce --- /dev/null +++ b/security/manager/ssl/nsClientAuthRemember.h @@ -0,0 +1,155 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __NSCLIENTAUTHREMEMBER_H__ +#define __NSCLIENTAUTHREMEMBER_H__ + +#include "mozilla/ReentrantMonitor.h" +#include "nsTHashtable.h" +#include "nsIObserver.h" +#include "nsIX509Cert.h" +#include "nsNSSCertificate.h" +#include "nsString.h" +#include "nsWeakReference.h" +#include "mozilla/Attributes.h" + +namespace mozilla { + class NeckoOriginAttributes; +} + +using mozilla::NeckoOriginAttributes; + +class nsClientAuthRemember +{ +public: + + nsClientAuthRemember() + { + } + + nsClientAuthRemember(const nsClientAuthRemember& aOther) + { + this->operator=(aOther); + } + + nsClientAuthRemember& operator=(const nsClientAuthRemember& aOther) + { + mAsciiHost = aOther.mAsciiHost; + mFingerprint = aOther.mFingerprint; + mDBKey = aOther.mDBKey; + return *this; + } + + nsCString mAsciiHost; + nsCString mFingerprint; + nsCString mDBKey; +}; + + +// hash entry class +class nsClientAuthRememberEntry final : public PLDHashEntryHdr +{ + public: + // Hash methods + typedef const char* KeyType; + typedef const char* KeyTypePointer; + + // do nothing with aHost - we require mHead to be set before we're live! + explicit nsClientAuthRememberEntry(KeyTypePointer aHostWithCertUTF8) + { + } + + nsClientAuthRememberEntry(const nsClientAuthRememberEntry& aToCopy) + { + mSettings = aToCopy.mSettings; + } + + ~nsClientAuthRememberEntry() + { + } + + KeyType GetKey() const + { + return EntryKeyPtr(); + } + + KeyTypePointer GetKeyPointer() const + { + return EntryKeyPtr(); + } + + bool KeyEquals(KeyTypePointer aKey) const + { + return !strcmp(EntryKeyPtr(), aKey); + } + + static KeyTypePointer KeyToPointer(KeyType aKey) + { + return aKey; + } + + static PLDHashNumber HashKey(KeyTypePointer aKey) + { + return PLDHashTable::HashStringKey(aKey); + } + + enum { ALLOW_MEMMOVE = false }; + + // get methods + inline const nsCString& GetEntryKey() const { return mEntryKey; } + + inline KeyTypePointer EntryKeyPtr() const + { + return mEntryKey.get(); + } + + nsClientAuthRemember mSettings; + nsCString mEntryKey; +}; + +class nsClientAuthRememberService final : public nsIObserver, + public nsSupportsWeakReference +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIOBSERVER + + nsClientAuthRememberService(); + + nsresult Init(); + + static void GetEntryKey(const nsACString& aHostName, + const NeckoOriginAttributes& aOriginAttributes, + const nsACString& aFingerprint, + /*out*/ nsACString& aEntryKey); + + nsresult RememberDecision(const nsACString& aHostName, + const NeckoOriginAttributes& aOriginAttributes, + CERTCertificate* aServerCert, + CERTCertificate* aClientCert); + + nsresult HasRememberedDecision(const nsACString& aHostName, + const NeckoOriginAttributes& aOriginAttributes, + CERTCertificate* aServerCert, + nsACString& aCertDBKey, bool* aRetVal); + + void ClearRememberedDecisions(); + static void ClearAllRememberedDecisions(); + +protected: + ~nsClientAuthRememberService(); + + mozilla::ReentrantMonitor monitor; + nsTHashtable mSettingsTable; + + void RemoveAllFromMemory(); + nsresult AddEntryToList(const nsACString& aHost, + const NeckoOriginAttributes& aOriginAttributes, + const nsACString& aServerFingerprint, + const nsACString& aDBKey); +}; + +#endif diff --git a/security/manager/ssl/nsCrypto.cpp b/security/manager/ssl/nsCrypto.cpp new file mode 100644 index 000000000..361257968 --- /dev/null +++ b/security/manager/ssl/nsCrypto.cpp @@ -0,0 +1,113 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsCrypto.h" + +#include "nsNSSComponent.h" +#include "nsNativeCharsetUtils.h" +#include "nsServiceManagerUtils.h" +#include "ScopedNSSTypes.h" + +// QueryInterface implementation for nsPkcs11 +NS_INTERFACE_MAP_BEGIN(nsPkcs11) + NS_INTERFACE_MAP_ENTRY(nsIPKCS11) + NS_INTERFACE_MAP_ENTRY(nsISupports) +NS_INTERFACE_MAP_END + +NS_IMPL_ADDREF(nsPkcs11) +NS_IMPL_RELEASE(nsPkcs11) + +nsPkcs11::nsPkcs11() +{ +} + +nsPkcs11::~nsPkcs11() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + shutdown(ShutdownCalledFrom::Object); +} + +// Delete a PKCS11 module from the user's profile. +NS_IMETHODIMP +nsPkcs11::DeleteModule(const nsAString& aModuleName) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (aModuleName.IsEmpty()) { + return NS_ERROR_INVALID_ARG; + } + + NS_ConvertUTF16toUTF8 moduleName(aModuleName); + // Introduce additional scope for module so all references to it are released + // before we call SECMOD_DeleteModule, below. +#ifndef MOZ_NO_SMART_CARDS + { + mozilla::UniqueSECMODModule module(SECMOD_FindModule(moduleName.get())); + if (!module) { + return NS_ERROR_FAILURE; + } + nsCOMPtr nssComponent( + do_GetService(PSM_COMPONENT_CONTRACTID)); + nssComponent->ShutdownSmartCardThread(module.get()); + } +#endif + + // modType is an output variable. We ignore it. + int32_t modType; + SECStatus srv = SECMOD_DeleteModule(moduleName.get(), &modType); + if (srv != SECSuccess) { + return NS_ERROR_FAILURE; + } + + return NS_OK; +} + +// Add a new PKCS11 module to the user's profile. +NS_IMETHODIMP +nsPkcs11::AddModule(const nsAString& aModuleName, + const nsAString& aLibraryFullPath, + int32_t aCryptoMechanismFlags, + int32_t aCipherFlags) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (aModuleName.IsEmpty()) { + return NS_ERROR_INVALID_ARG; + } + + NS_ConvertUTF16toUTF8 moduleName(aModuleName); + nsCString fullPath; + // NSS doesn't support Unicode path. Use native charset + NS_CopyUnicodeToNative(aLibraryFullPath, fullPath); + uint32_t mechFlags = SECMOD_PubMechFlagstoInternal(aCryptoMechanismFlags); + uint32_t cipherFlags = SECMOD_PubCipherFlagstoInternal(aCipherFlags); + SECStatus srv = SECMOD_AddNewModule(moduleName.get(), fullPath.get(), + mechFlags, cipherFlags); + if (srv != SECSuccess) { + return NS_ERROR_FAILURE; + } + +#ifndef MOZ_NO_SMART_CARDS + mozilla::UniqueSECMODModule module(SECMOD_FindModule(moduleName.get())); + if (!module) { + return NS_ERROR_FAILURE; + } + nsCOMPtr nssComponent( + do_GetService(PSM_COMPONENT_CONTRACTID)); + nssComponent->LaunchSmartCardThread(module.get()); +#endif + + return NS_OK; +} diff --git a/security/manager/ssl/nsCrypto.h b/security/manager/ssl/nsCrypto.h new file mode 100644 index 000000000..ec231b471 --- /dev/null +++ b/security/manager/ssl/nsCrypto.h @@ -0,0 +1,32 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#ifndef _nsCrypto_h_ +#define _nsCrypto_h_ + +#include "nsIPKCS11.h" + +#include "nsNSSShutDown.h" + +#define NS_PKCS11_CID \ + {0x74b7a390, 0x3b41, 0x11d4, { 0x8a, 0x80, 0x00, 0x60, 0x08, 0xc8, 0x44, 0xc3} } + +class nsPkcs11 : public nsIPKCS11 + , public nsNSSShutDownObject +{ +public: + nsPkcs11(); + + NS_DECL_ISUPPORTS + NS_DECL_NSIPKCS11 + +protected: + virtual ~nsPkcs11(); + +private: + virtual void virtualDestroyNSSReference() override {} +}; + +#endif //_nsCrypto_h_ diff --git a/security/manager/ssl/nsCryptoHash.cpp b/security/manager/ssl/nsCryptoHash.cpp new file mode 100644 index 000000000..d57eb5f58 --- /dev/null +++ b/security/manager/ssl/nsCryptoHash.cpp @@ -0,0 +1,438 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include + +#include "nsCryptoHash.h" + +#include "nsIInputStream.h" +#include "nsIKeyModule.h" + +#include "nsString.h" + +#include "sechash.h" +#include "pk11pub.h" +#include "base64.h" + +#define NS_CRYPTO_HASH_BUFFER_SIZE 4096 + +//--------------------------------------------- +// Implementing nsICryptoHash +//--------------------------------------------- + +nsCryptoHash::nsCryptoHash() + : mHashContext(nullptr) + , mInitialized(false) +{ +} + +nsCryptoHash::~nsCryptoHash() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +void +nsCryptoHash::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void +nsCryptoHash::destructorSafeDestroyNSSReference() +{ + if (mHashContext) + HASH_Destroy(mHashContext); + mHashContext = nullptr; +} + +NS_IMPL_ISUPPORTS(nsCryptoHash, nsICryptoHash) + +NS_IMETHODIMP +nsCryptoHash::Init(uint32_t algorithm) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + HASH_HashType hashType = (HASH_HashType)algorithm; + if (mHashContext) + { + if ((!mInitialized) && (HASH_GetType(mHashContext) == hashType)) + { + mInitialized = true; + HASH_Begin(mHashContext); + return NS_OK; + } + + // Destroy current hash context if the type was different + // or Finish method wasn't called. + HASH_Destroy(mHashContext); + mInitialized = false; + } + + mHashContext = HASH_Create(hashType); + if (!mHashContext) + return NS_ERROR_INVALID_ARG; + + HASH_Begin(mHashContext); + mInitialized = true; + return NS_OK; +} + +NS_IMETHODIMP +nsCryptoHash::InitWithString(const nsACString & aAlgorithm) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (aAlgorithm.LowerCaseEqualsLiteral("md2")) + return Init(nsICryptoHash::MD2); + + if (aAlgorithm.LowerCaseEqualsLiteral("md5")) + return Init(nsICryptoHash::MD5); + + if (aAlgorithm.LowerCaseEqualsLiteral("sha1")) + return Init(nsICryptoHash::SHA1); + + if (aAlgorithm.LowerCaseEqualsLiteral("sha256")) + return Init(nsICryptoHash::SHA256); + + if (aAlgorithm.LowerCaseEqualsLiteral("sha384")) + return Init(nsICryptoHash::SHA384); + + if (aAlgorithm.LowerCaseEqualsLiteral("sha512")) + return Init(nsICryptoHash::SHA512); + + return NS_ERROR_INVALID_ARG; +} + +NS_IMETHODIMP +nsCryptoHash::Update(const uint8_t *data, uint32_t len) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (!mInitialized) + return NS_ERROR_NOT_INITIALIZED; + + HASH_Update(mHashContext, data, len); + return NS_OK; +} + +NS_IMETHODIMP +nsCryptoHash::UpdateFromStream(nsIInputStream *data, uint32_t aLen) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (!mInitialized) + return NS_ERROR_NOT_INITIALIZED; + + if (!data) + return NS_ERROR_INVALID_ARG; + + uint64_t n; + nsresult rv = data->Available(&n); + if (NS_FAILED(rv)) + return rv; + + // if the user has passed UINT32_MAX, then read + // everything in the stream + + uint64_t len = aLen; + if (aLen == UINT32_MAX) + len = n; + + // So, if the stream has NO data available for the hash, + // or if the data available is less then what the caller + // requested, we can not fulfill the hash update. In this + // case, just return NS_ERROR_NOT_AVAILABLE indicating + // that there is not enough data in the stream to satisify + // the request. + + if (n == 0 || n < len) + return NS_ERROR_NOT_AVAILABLE; + + char buffer[NS_CRYPTO_HASH_BUFFER_SIZE]; + uint32_t read, readLimit; + + while(NS_SUCCEEDED(rv) && len>0) + { + readLimit = (uint32_t)std::min(NS_CRYPTO_HASH_BUFFER_SIZE, len); + + rv = data->Read(buffer, readLimit, &read); + + if (NS_SUCCEEDED(rv)) + rv = Update((const uint8_t*)buffer, read); + + len -= read; + } + + return rv; +} + +NS_IMETHODIMP +nsCryptoHash::Finish(bool ascii, nsACString & _retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (!mInitialized) + return NS_ERROR_NOT_INITIALIZED; + + uint32_t hashLen = 0; + unsigned char buffer[HASH_LENGTH_MAX]; + unsigned char* pbuffer = buffer; + + HASH_End(mHashContext, pbuffer, &hashLen, HASH_LENGTH_MAX); + + mInitialized = false; + + if (ascii) + { + UniquePORTString asciiData(BTOA_DataToAscii(buffer, hashLen)); + NS_ENSURE_TRUE(asciiData, NS_ERROR_OUT_OF_MEMORY); + + _retval.Assign(asciiData.get()); + } + else + { + _retval.Assign((const char*)buffer, hashLen); + } + + return NS_OK; +} + +//--------------------------------------------- +// Implementing nsICryptoHMAC +//--------------------------------------------- + +NS_IMPL_ISUPPORTS(nsCryptoHMAC, nsICryptoHMAC) + +nsCryptoHMAC::nsCryptoHMAC() +{ + mHMACContext = nullptr; +} + +nsCryptoHMAC::~nsCryptoHMAC() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +void +nsCryptoHMAC::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void +nsCryptoHMAC::destructorSafeDestroyNSSReference() +{ + if (mHMACContext) + PK11_DestroyContext(mHMACContext, true); + mHMACContext = nullptr; +} + +NS_IMETHODIMP +nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (mHMACContext) + { + PK11_DestroyContext(mHMACContext, true); + mHMACContext = nullptr; + } + + CK_MECHANISM_TYPE HMACMechType; + switch (aAlgorithm) + { + case nsCryptoHMAC::MD2: + HMACMechType = CKM_MD2_HMAC; break; + case nsCryptoHMAC::MD5: + HMACMechType = CKM_MD5_HMAC; break; + case nsCryptoHMAC::SHA1: + HMACMechType = CKM_SHA_1_HMAC; break; + case nsCryptoHMAC::SHA256: + HMACMechType = CKM_SHA256_HMAC; break; + case nsCryptoHMAC::SHA384: + HMACMechType = CKM_SHA384_HMAC; break; + case nsCryptoHMAC::SHA512: + HMACMechType = CKM_SHA512_HMAC; break; + default: + return NS_ERROR_INVALID_ARG; + } + + NS_ENSURE_ARG_POINTER(aKeyObject); + + nsresult rv; + + int16_t keyType; + rv = aKeyObject->GetType(&keyType); + NS_ENSURE_SUCCESS(rv, rv); + + NS_ENSURE_TRUE(keyType == nsIKeyObject::SYM_KEY, NS_ERROR_INVALID_ARG); + + PK11SymKey* key; + // GetKeyObj doesn't addref the key + rv = aKeyObject->GetKeyObj(&key); + NS_ENSURE_SUCCESS(rv, rv); + + SECItem rawData; + rawData.data = 0; + rawData.len = 0; + mHMACContext = PK11_CreateContextBySymKey( + HMACMechType, CKA_SIGN, key, &rawData); + NS_ENSURE_TRUE(mHMACContext, NS_ERROR_FAILURE); + + SECStatus ss = PK11_DigestBegin(mHMACContext); + NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE); + + return NS_OK; +} + +NS_IMETHODIMP +nsCryptoHMAC::Update(const uint8_t *aData, uint32_t aLen) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (!mHMACContext) + return NS_ERROR_NOT_INITIALIZED; + + if (!aData) + return NS_ERROR_INVALID_ARG; + + SECStatus ss = PK11_DigestOp(mHMACContext, aData, aLen); + NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE); + + return NS_OK; +} + +NS_IMETHODIMP +nsCryptoHMAC::UpdateFromStream(nsIInputStream *aStream, uint32_t aLen) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (!mHMACContext) + return NS_ERROR_NOT_INITIALIZED; + + if (!aStream) + return NS_ERROR_INVALID_ARG; + + uint64_t n; + nsresult rv = aStream->Available(&n); + if (NS_FAILED(rv)) + return rv; + + // if the user has passed UINT32_MAX, then read + // everything in the stream + + uint64_t len = aLen; + if (aLen == UINT32_MAX) + len = n; + + // So, if the stream has NO data available for the hash, + // or if the data available is less then what the caller + // requested, we can not fulfill the HMAC update. In this + // case, just return NS_ERROR_NOT_AVAILABLE indicating + // that there is not enough data in the stream to satisify + // the request. + + if (n == 0 || n < len) + return NS_ERROR_NOT_AVAILABLE; + + char buffer[NS_CRYPTO_HASH_BUFFER_SIZE]; + uint32_t read, readLimit; + + while(NS_SUCCEEDED(rv) && len > 0) + { + readLimit = (uint32_t)std::min(NS_CRYPTO_HASH_BUFFER_SIZE, len); + + rv = aStream->Read(buffer, readLimit, &read); + if (read == 0) + return NS_BASE_STREAM_CLOSED; + + if (NS_SUCCEEDED(rv)) + rv = Update((const uint8_t*)buffer, read); + + len -= read; + } + + return rv; +} + +NS_IMETHODIMP +nsCryptoHMAC::Finish(bool aASCII, nsACString & _retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (!mHMACContext) + return NS_ERROR_NOT_INITIALIZED; + + uint32_t hashLen = 0; + unsigned char buffer[HASH_LENGTH_MAX]; + unsigned char* pbuffer = buffer; + + PK11_DigestFinal(mHMACContext, pbuffer, &hashLen, HASH_LENGTH_MAX); + if (aASCII) + { + UniquePORTString asciiData(BTOA_DataToAscii(buffer, hashLen)); + NS_ENSURE_TRUE(asciiData, NS_ERROR_OUT_OF_MEMORY); + + _retval.Assign(asciiData.get()); + } + else + { + _retval.Assign((const char*)buffer, hashLen); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsCryptoHMAC::Reset() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + SECStatus ss = PK11_DigestBegin(mHMACContext); + NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE); + + return NS_OK; +} diff --git a/security/manager/ssl/nsCryptoHash.h b/security/manager/ssl/nsCryptoHash.h new file mode 100644 index 000000000..194f274d6 --- /dev/null +++ b/security/manager/ssl/nsCryptoHash.h @@ -0,0 +1,56 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _nsCryptoHash_h_ +#define _nsCryptoHash_h_ + +#include "nsICryptoHash.h" +#include "nsICryptoHMAC.h" +#include "nsNSSShutDown.h" +#include "hasht.h" +#include "secmodt.h" + +class nsIInputStream; + +#define NS_CRYPTO_HASH_CID {0x36a1d3b3, 0xd886, 0x4317, {0x96, 0xff, 0x87, 0xb0, 0x00, 0x5c, 0xfe, 0xf7}} +#define NS_CRYPTO_HMAC_CID {0xa496d0a2, 0xdff7, 0x4e23, {0xbd, 0x65, 0x1c, 0xa7, 0x42, 0xfa, 0x17, 0x8a}} + +class nsCryptoHash final : public nsICryptoHash, public nsNSSShutDownObject +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSICRYPTOHASH + + nsCryptoHash(); + +private: + ~nsCryptoHash(); + + HASHContext* mHashContext; + bool mInitialized; + + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); +}; + +class nsCryptoHMAC : public nsICryptoHMAC, public nsNSSShutDownObject +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSICRYPTOHMAC + + nsCryptoHMAC(); + +private: + ~nsCryptoHMAC(); + PK11Context* mHMACContext; + + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); +}; + +#endif // _nsCryptoHash_h_ + diff --git a/security/manager/ssl/nsDataSignatureVerifier.cpp b/security/manager/ssl/nsDataSignatureVerifier.cpp new file mode 100644 index 000000000..e67ff2406 --- /dev/null +++ b/security/manager/ssl/nsDataSignatureVerifier.cpp @@ -0,0 +1,336 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsDataSignatureVerifier.h" + +#include "cms.h" +#include "cryptohi.h" +#include "keyhi.h" +#include "mozilla/Casting.h" +#include "mozilla/Unused.h" +#include "nsCOMPtr.h" +#include "nsNSSComponent.h" +#include "nssb64.h" +#include "pkix/pkixnss.h" +#include "pkix/pkixtypes.h" +#include "ScopedNSSTypes.h" +#include "secerr.h" +#include "SharedCertVerifier.h" + +using namespace mozilla; +using namespace mozilla::pkix; +using namespace mozilla::psm; + +SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) + +NS_IMPL_ISUPPORTS(nsDataSignatureVerifier, nsIDataSignatureVerifier) + +const SEC_ASN1Template CERT_SignatureDataTemplate[] = +{ + { SEC_ASN1_SEQUENCE, + 0, nullptr, sizeof(CERTSignedData) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, + offsetof(CERTSignedData,signatureAlgorithm), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), }, + { SEC_ASN1_BIT_STRING, + offsetof(CERTSignedData,signature), }, + { 0, } +}; + +nsDataSignatureVerifier::~nsDataSignatureVerifier() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + shutdown(ShutdownCalledFrom::Object); +} + +NS_IMETHODIMP +nsDataSignatureVerifier::VerifyData(const nsACString& aData, + const nsACString& aSignature, + const nsACString& aPublicKey, + bool* _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + // Allocate an arena to handle the majority of the allocations + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + // Base 64 decode the key + SECItem keyItem; + PORT_Memset(&keyItem, 0, sizeof(SECItem)); + if (!NSSBase64_DecodeBuffer(arena.get(), &keyItem, + PromiseFlatCString(aPublicKey).get(), + aPublicKey.Length())) { + return NS_ERROR_FAILURE; + } + + // Extract the public key from the data + UniqueCERTSubjectPublicKeyInfo pki( + SECKEY_DecodeDERSubjectPublicKeyInfo(&keyItem)); + if (!pki) { + return NS_ERROR_FAILURE; + } + + UniqueSECKEYPublicKey publicKey(SECKEY_ExtractPublicKey(pki.get())); + if (!publicKey) { + return NS_ERROR_FAILURE; + } + + // Base 64 decode the signature + SECItem signatureItem; + PORT_Memset(&signatureItem, 0, sizeof(SECItem)); + if (!NSSBase64_DecodeBuffer(arena.get(), &signatureItem, + PromiseFlatCString(aSignature).get(), + aSignature.Length())) { + return NS_ERROR_FAILURE; + } + + // Decode the signature and algorithm + CERTSignedData sigData; + PORT_Memset(&sigData, 0, sizeof(CERTSignedData)); + SECStatus srv = SEC_QuickDERDecodeItem(arena.get(), &sigData, + CERT_SignatureDataTemplate, + &signatureItem); + if (srv != SECSuccess) { + return NS_ERROR_FAILURE; + } + + // Perform the final verification + DER_ConvertBitString(&(sigData.signature)); + srv = VFY_VerifyDataWithAlgorithmID( + BitwiseCast( + PromiseFlatCString(aData).get()), + aData.Length(), publicKey.get(), &(sigData.signature), + &(sigData.signatureAlgorithm), nullptr, nullptr); + + *_retval = (srv == SECSuccess); + + return NS_OK; +} + +namespace mozilla { + +nsresult +VerifyCMSDetachedSignatureIncludingCertificate( + const SECItem& buffer, const SECItem& detachedDigest, + nsresult (*verifyCertificate)(CERTCertificate* cert, void* context, + void* pinArg), + void* verifyCertificateContext, void* pinArg, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + // XXX: missing pinArg is tolerated. + if (NS_WARN_IF(!buffer.data && buffer.len > 0) || + NS_WARN_IF(!detachedDigest.data && detachedDigest.len > 0) || + (!verifyCertificate) || + NS_WARN_IF(!verifyCertificateContext)) { + return NS_ERROR_INVALID_ARG; + } + + UniqueNSSCMSMessage + cmsMsg(NSS_CMSMessage_CreateFromDER(const_cast(&buffer), nullptr, + nullptr, nullptr, nullptr, nullptr, + nullptr)); + if (!cmsMsg) { + return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING; + } + + if (!NSS_CMSMessage_IsSigned(cmsMsg.get())) { + return NS_ERROR_CMS_VERIFY_NOT_SIGNED; + } + + NSSCMSContentInfo* cinfo = NSS_CMSMessage_ContentLevel(cmsMsg.get(), 0); + if (!cinfo) { + return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO; + } + + // We're expecting this to be a PKCS#7 signedData content info. + if (NSS_CMSContentInfo_GetContentTypeTag(cinfo) + != SEC_OID_PKCS7_SIGNED_DATA) { + return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO; + } + + // signedData is non-owning + NSSCMSSignedData* signedData = + static_cast(NSS_CMSContentInfo_GetContent(cinfo)); + if (!signedData) { + return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO; + } + + // Set digest value. + if (NSS_CMSSignedData_SetDigestValue(signedData, SEC_OID_SHA1, + const_cast(&detachedDigest))) { + return NS_ERROR_CMS_VERIFY_BAD_DIGEST; + } + + // Parse the certificates into CERTCertificate objects held in memory so + // verifyCertificate will be able to find them during path building. + UniqueCERTCertList certs(CERT_NewCertList()); + if (!certs) { + return NS_ERROR_OUT_OF_MEMORY; + } + if (signedData->rawCerts) { + for (size_t i = 0; signedData->rawCerts[i]; ++i) { + UniqueCERTCertificate + cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(), + signedData->rawCerts[i], nullptr, false, + true)); + // Skip certificates that fail to parse + if (!cert) { + continue; + } + + if (CERT_AddCertToListTail(certs.get(), cert.get()) != SECSuccess) { + return NS_ERROR_OUT_OF_MEMORY; + } + + Unused << cert.release(); // Ownership transferred to the cert list. + } + } + + // Get the end-entity certificate. + int numSigners = NSS_CMSSignedData_SignerInfoCount(signedData); + if (NS_WARN_IF(numSigners != 1)) { + return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING; + } + // signer is non-owning. + NSSCMSSignerInfo* signer = NSS_CMSSignedData_GetSignerInfo(signedData, 0); + if (NS_WARN_IF(!signer)) { + return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING; + } + CERTCertificate* signerCert = + NSS_CMSSignerInfo_GetSigningCertificate(signer, CERT_GetDefaultCertDB()); + if (!signerCert) { + return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING; + } + + nsresult rv = verifyCertificate(signerCert, verifyCertificateContext, pinArg); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + // See NSS_CMSContentInfo_GetContentTypeOID, which isn't exported from NSS. + SECOidData* contentTypeOidData = + SECOID_FindOID(&signedData->contentInfo.contentType); + if (!contentTypeOidData) { + return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING; + } + + return MapSECStatus(NSS_CMSSignerInfo_Verify(signer, + const_cast(&detachedDigest), + &contentTypeOidData->oid)); +} + +} // namespace mozilla + +namespace { + +struct VerifyCertificateContext +{ + nsCOMPtr signingCert; + UniqueCERTCertList builtChain; +}; + +static nsresult +VerifyCertificate(CERTCertificate* cert, void* voidContext, void* pinArg) +{ + // XXX: missing pinArg is tolerated + if (NS_WARN_IF(!cert) || NS_WARN_IF(!voidContext)) { + return NS_ERROR_INVALID_ARG; + } + + VerifyCertificateContext* context = + static_cast(voidContext); + + nsCOMPtr xpcomCert(nsNSSCertificate::Create(cert)); + if (!xpcomCert) { + return NS_ERROR_OUT_OF_MEMORY; + } + + context->signingCert = xpcomCert; + + RefPtr certVerifier(GetDefaultCertVerifier()); + NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED); + + mozilla::pkix::Result result = + certVerifier->VerifyCert(cert, + certificateUsageObjectSigner, + Now(), pinArg, + nullptr, // hostname + context->builtChain); + if (result != Success) { + return GetXPCOMFromNSSError(MapResultToPRErrorCode(result)); + } + + return NS_OK; +} + +} // namespace + +NS_IMETHODIMP +nsDataSignatureVerifier::VerifySignature(const char* aRSABuf, + uint32_t aRSABufLen, + const char* aPlaintext, + uint32_t aPlaintextLen, + int32_t* aErrorCode, + nsIX509Cert** aSigningCert) +{ + if (!aRSABuf || !aPlaintext || !aErrorCode || !aSigningCert) { + return NS_ERROR_INVALID_ARG; + } + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + *aErrorCode = VERIFY_ERROR_OTHER; + *aSigningCert = nullptr; + + Digest digest; + nsresult rv = digest.DigestBuf( + SEC_OID_SHA1, + BitwiseCast(aPlaintext), + aPlaintextLen); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + SECItem buffer = { + siBuffer, + BitwiseCast(aRSABuf), + aRSABufLen + }; + + VerifyCertificateContext context; + // XXX: pinArg is missing + rv = VerifyCMSDetachedSignatureIncludingCertificate(buffer, digest.get(), + VerifyCertificate, + &context, nullptr, locker); + if (NS_SUCCEEDED(rv)) { + *aErrorCode = VERIFY_OK; + } else if (NS_ERROR_GET_MODULE(rv) == NS_ERROR_MODULE_SECURITY) { + if (rv == GetXPCOMFromNSSError(SEC_ERROR_UNKNOWN_ISSUER)) { + *aErrorCode = VERIFY_ERROR_UNKNOWN_ISSUER; + } else { + *aErrorCode = VERIFY_ERROR_OTHER; + } + rv = NS_OK; + } + if (rv == NS_OK) { + context.signingCert.forget(aSigningCert); + } + + return rv; +} diff --git a/security/manager/ssl/nsDataSignatureVerifier.h b/security/manager/ssl/nsDataSignatureVerifier.h new file mode 100644 index 000000000..485af70c8 --- /dev/null +++ b/security/manager/ssl/nsDataSignatureVerifier.h @@ -0,0 +1,47 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsDataSignatureVerifier_h +#define nsDataSignatureVerifier_h + +#include "certt.h" +#include "nsIDataSignatureVerifier.h" +#include "nsNSSShutDown.h" + +#define NS_DATASIGNATUREVERIFIER_CID \ + { 0x296d76aa, 0x275b, 0x4f3c, \ + { 0xaf, 0x8a, 0x30, 0xa4, 0x02, 0x6c, 0x18, 0xfc } } +#define NS_DATASIGNATUREVERIFIER_CONTRACTID \ + "@mozilla.org/security/datasignatureverifier;1" + +class nsDataSignatureVerifier final : public nsIDataSignatureVerifier + , public nsNSSShutDownObject +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIDATASIGNATUREVERIFIER + + nsDataSignatureVerifier() + { + } + +private: + ~nsDataSignatureVerifier(); + + // Nothing to release. + virtual void virtualDestroyNSSReference() override {} +}; + +namespace mozilla { + +nsresult VerifyCMSDetachedSignatureIncludingCertificate( + const SECItem& buffer, const SECItem& detachedDigest, + nsresult (*verifyCertificate)(CERTCertificate* cert, void* context, + void* pinArg), + void* verifyCertificateContext, void* pinArg, + const nsNSSShutDownPreventionLock& proofOfLock); + +} // namespace mozilla + +#endif // nsDataSignatureVerifier_h diff --git a/security/manager/ssl/nsIASN1Object.idl b/security/manager/ssl/nsIASN1Object.idl new file mode 100644 index 000000000..3996286b7 --- /dev/null +++ b/security/manager/ssl/nsIASN1Object.idl @@ -0,0 +1,70 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +/** + * This represents an ASN.1 object, + * where ASN.1 is "Abstract Syntax Notation number One". + * + * The additional state information carried in this interface + * makes it fit for being used as the data structure + * when working with visual reprenstation of ASN.1 objects + * in a human user interface, like in a tree widget + * where open/close state of nodes must be remembered. + */ +[scriptable, uuid(ba8bf582-1dd1-11b2-898c-f40246bc9a63)] +interface nsIASN1Object : nsISupports { + + /** + * Identifiers for the possible types of object. + */ + const unsigned long ASN1_END_CONTENTS = 0; + const unsigned long ASN1_BOOLEAN = 1; + const unsigned long ASN1_INTEGER = 2; + const unsigned long ASN1_BIT_STRING = 3; + const unsigned long ASN1_OCTET_STRING = 4; + const unsigned long ASN1_NULL = 5; + const unsigned long ASN1_OBJECT_ID = 6; + const unsigned long ASN1_ENUMERATED = 10; + const unsigned long ASN1_UTF8_STRING = 12; + const unsigned long ASN1_SEQUENCE = 16; + const unsigned long ASN1_SET = 17; + const unsigned long ASN1_PRINTABLE_STRING = 19; + const unsigned long ASN1_T61_STRING = 20; + const unsigned long ASN1_IA5_STRING = 22; + const unsigned long ASN1_UTC_TIME = 23; + const unsigned long ASN1_GEN_TIME = 24; + const unsigned long ASN1_VISIBLE_STRING = 26; + const unsigned long ASN1_UNIVERSAL_STRING = 28; + const unsigned long ASN1_BMP_STRING = 30; + const unsigned long ASN1_HIGH_TAG_NUMBER = 31; + const unsigned long ASN1_CONTEXT_SPECIFIC = 32; + const unsigned long ASN1_APPLICATION = 33; + const unsigned long ASN1_PRIVATE = 34; + + /** + * "type" will be equal to one of the defined object identifiers. + */ + attribute unsigned long type; + + + /** + * This contains a tag as explained in ASN.1 standards documents. + */ + attribute unsigned long tag; + + /** + * "displayName" contains a human readable explanatory label. + */ + attribute AString displayName; + + /** + * "displayValue" contains the human readable value. + */ + attribute AString displayValue; +}; + diff --git a/security/manager/ssl/nsIASN1PrintableItem.idl b/security/manager/ssl/nsIASN1PrintableItem.idl new file mode 100644 index 000000000..84e6879c4 --- /dev/null +++ b/security/manager/ssl/nsIASN1PrintableItem.idl @@ -0,0 +1,15 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" +#include "nsIASN1Object.idl" + +[scriptable, uuid(114e1142-1dd2-11b2-ac26-b6db19d9184a)] +interface nsIASN1PrintableItem : nsIASN1Object { + [noscript] void setData(in charPtr data, in unsigned long len); + [noscript] void getData(out charPtr data, out unsigned long len); +}; + diff --git a/security/manager/ssl/nsIASN1Sequence.idl b/security/manager/ssl/nsIASN1Sequence.idl new file mode 100644 index 000000000..c865f2bfc --- /dev/null +++ b/security/manager/ssl/nsIASN1Sequence.idl @@ -0,0 +1,56 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" +#include "nsIASN1Object.idl" + +interface nsIMutableArray; + +/** + * This represents a sequence of ASN.1 objects, + * where ASN.1 is "Abstract Syntax Notation number One". + * + * Overview of how this ASN1 interface is intended to + * work. + * + * First off, the nsIASN1Sequence is any type in ASN1 + * that consists of sub-elements (ie SEQUENCE, SET) + * nsIASN1Printable Items are all the other types that + * can be viewed by themselves without interpreting further. + * Examples would include INTEGER, UTF-8 STRING, OID. + * These are not intended to directly reflect the numberous + * types that exist in ASN1, but merely an interface to ease + * producing a tree display the ASN1 structure of any DER + * object. + * + * The additional state information carried in this interface + * makes it fit for being used as the data structure + * when working with visual reprenstation of ASN.1 objects + * in a human user interface, like in a tree widget + * where open/close state of nodes must be remembered. + */ +[scriptable, uuid(b6b957e6-1dd1-11b2-89d7-e30624f50b00)] +interface nsIASN1Sequence : nsIASN1Object { + + /** + * The array of objects stored in the sequence. + */ + attribute nsIMutableArray ASN1Objects; + + /** + * Whether the node at this position in the ASN.1 data structure + * sequence contains sub elements understood by the + * application. + */ + attribute boolean isValidContainer; + + /** + * Whether the contained objects should be shown or hidden. + * A UI implementation can use this flag to store the current + * expansion state when shown in a tree widget. + */ + attribute boolean isExpanded; +}; diff --git a/security/manager/ssl/nsIAssociatedContentSecurity.idl b/security/manager/ssl/nsIAssociatedContentSecurity.idl new file mode 100644 index 000000000..666f141f9 --- /dev/null +++ b/security/manager/ssl/nsIAssociatedContentSecurity.idl @@ -0,0 +1,23 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * This interface is used to cache associated (sub) content security + * state. That is determined asynchronously based on callback notification + * while loading the content and its sub content particles. + * + * Some optimizations like bfcaching removes these callback notifications + * and therefor the subcontent state could not be determined. In such + * a case it is loaded from this object stored in nsIChannel.securityInfo. + */ + +#include "nsISupports.idl" + +[scriptable, uuid(a8285dae-f125-454f-9d1b-089e3f01b2c4)] +interface nsIAssociatedContentSecurity : nsISupports +{ + attribute long countSubRequestsBrokenSecurity; + attribute long countSubRequestsNoSecurity; + void flush(); +}; diff --git a/security/manager/ssl/nsIBadCertListener2.idl b/security/manager/ssl/nsIBadCertListener2.idl new file mode 100644 index 000000000..9cd1cd382 --- /dev/null +++ b/security/manager/ssl/nsIBadCertListener2.idl @@ -0,0 +1,32 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsISSLStatus; +interface nsIInterfaceRequestor; + +/** + * A mechanism to report a broken SSL status. The recipient should NOT block. + * Can be used to obtain the SSL handshake status of a connection + * that will be canceled because of improper cert status. + */ +[scriptable, uuid(2c3d268c-ad82-49f3-99aa-e9ffddd7a0dc)] +interface nsIBadCertListener2 : nsISupports { + + /** + * @param socketInfo A network communication context that can be used to obtain more information + * about the active connection. + * @param status The SSL status object that describes the problem(s). + * @param targetSite The Site name that was used to open the current connection. + * + * @return The consumer shall return true if it wants to suppress the error message + * related to the bad cert (the connection will still get canceled). + */ + boolean notifyCertProblem(in nsIInterfaceRequestor socketInfo, + in nsISSLStatus status, + in AUTF8String targetSite); +}; diff --git a/security/manager/ssl/nsICertBlocklist.idl b/security/manager/ssl/nsICertBlocklist.idl new file mode 100644 index 000000000..5cf1c0952 --- /dev/null +++ b/security/manager/ssl/nsICertBlocklist.idl @@ -0,0 +1,61 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIX509Cert; + +%{C++ +#define NS_CERTBLOCKLIST_CONTRACTID "@mozilla.org/security/certblocklist;1" +%} + +/** + * Represents a service to add certificates as explicitly blocked/distrusted. + */ +[scriptable, uuid(e0654480-f433-11e4-b939-0800200c9a66)] +interface nsICertBlocklist : nsISupports { + /** + * Add details of a revoked certificate : + * issuer name (base-64 encoded DER) and serial number (base-64 encoded DER). + */ + void revokeCertByIssuerAndSerial(in string issuer, in string serialNumber); + + /** + * Add details of a revoked certificate : + * subject name (base-64 encoded DER) and hash of public key (base-64 encoded + * sha-256 hash of the public key). + */ + void revokeCertBySubjectAndPubKey(in string subject, in string pubKeyHash); + + /** + * Persist (fresh) blocklist entries to the profile (if a profile directory is + * available). Note: calling this will result in synchronous I/O. + */ + void saveEntries(); + + /** + * Check if a certificate is blocked. + * isser - issuer name, DER encoded + * serial - serial number, DER encoded + * subject - subject name, DER encoded + * pubkey - public key, DER encoded + */ + boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer, + in unsigned long issuer_length, + [const, array, size_is(serial_length)] in octet serial, + in unsigned long serial_length, + [const, array, size_is(subject_length)] in octet subject, + in unsigned long subject_length, + [const, array, size_is(pubkey_length)] in octet pubkey, + in unsigned long pubkey_length); + + /** + * Check that the blocklist data is current. Specifically, that the current + * time is no more than security.onecrl.maximum_staleness_in_seconds seconds + * after the last blocklist update (as stored in the + * app.update.lastUpdateTime.blocklist-background-update-timer pref) + */ + boolean isBlocklistFresh(); +}; diff --git a/security/manager/ssl/nsICertOverrideService.idl b/security/manager/ssl/nsICertOverrideService.idl new file mode 100644 index 000000000..b220851e2 --- /dev/null +++ b/security/manager/ssl/nsICertOverrideService.idl @@ -0,0 +1,144 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIArray; +interface nsIX509Cert; + +%{C++ +#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1" +%} + +/** + * This represents the global list of triples + * {host:port, cert-fingerprint, allowed-overrides} + * that the user wants to accept without further warnings. + */ +[scriptable, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)] +interface nsICertOverrideService : nsISupports { + + /** + * Override Untrusted + */ + const short ERROR_UNTRUSTED = 1; + + /** + * Override hostname Mismatch + */ + const short ERROR_MISMATCH = 2; + + /** + * Override Time error + */ + const short ERROR_TIME = 4; + + /** + * The given cert should always be accepted for the given hostname:port, + * regardless of errors verifying the cert. + * Host:Port is a primary key, only one entry per host:port can exist. + * The implementation will store a fingerprint of the cert. + * The implementation will decide which fingerprint alg is used. + * + * Each override is specific to exactly the errors overridden, so + * overriding everything won't match certs at the given host:port + * which only exhibit some subset of errors. + * + * @param aHostName The host (punycode) this mapping belongs to + * @param aPort The port this mapping belongs to, if it is -1 then it + * is internaly treated as 443 + * @param aCert The cert that should always be accepted + * @param aOverrideBits The precise set of errors we want to be overriden + */ + void rememberValidityOverride(in ACString aHostName, + in int32_t aPort, + in nsIX509Cert aCert, + in uint32_t aOverrideBits, + in boolean aTemporary); + + /** + * Certs with the given fingerprint should always be accepted for the + * given hostname:port, regardless of errors verifying the cert. + * Host:Port is a primary key, only one entry per host:port can exist. + * The fingerprint should be an SHA-256 hash of the certificate. + * + * @param aHostName The host (punycode) this mapping belongs to + * @param aPort The port this mapping belongs to, if it is -1 then it + * is internaly treated as 443 + * @param aCertFingerprint The cert fingerprint that should be accepted, in + * the format 'AA:BB:...' (colon-separated upper-case hex bytes). + * @param aOverrideBits The errors we want to be overriden + */ + void rememberTemporaryValidityOverrideUsingFingerprint( + in ACString aHostName, + in int32_t aPort, + in ACString aCertFingerprint, + in uint32_t aOverrideBits); + + /** + * Return whether this host, port, cert triple has a stored override. + * If so, the outparams will contain the specific errors that were + * overridden, and whether the override is permanent, or only for the current + * session. + * + * @param aHostName The host (punycode) this mapping belongs to + * @param aPort The port this mapping belongs to, if it is -1 then it + * is internally treated as 443 + * @param aCert The certificate this mapping belongs to + * @param aOverrideBits The errors that are currently overridden + * @param aIsTemporary Whether the stored override is session-only, + * or permanent + * @return Whether an override has been stored for this host+port+cert + */ + boolean hasMatchingOverride(in ACString aHostName, + in int32_t aPort, + in nsIX509Cert aCert, + out uint32_t aOverrideBits, + out boolean aIsTemporary); + + /** + * Retrieve the stored override for the given hostname:port. + * + * @param aHostName The host (punycode) whose entry should be tested + * @param aPort The port whose entry should be tested, if it is -1 then it + * is internaly treated as 443 + * @param aHashAlg On return value True, the fingerprint hash algorithm + * as an OID value in dotted notation. + * @param aFingerprint On return value True, the stored fingerprint + * @param aOverrideBits The errors that are currently overriden + * @return whether a matching override entry for aHostNameWithPort + * and aFingerprint is currently on file + */ + boolean getValidityOverride(in ACString aHostName, + in int32_t aPort, + out ACString aHashAlg, + out ACString aFingerprint, + out uint32_t aOverrideBits, + out boolean aIsTemporary); + + /** + * Remove a override for the given hostname:port. + * + * @param aHostName The host (punycode) whose entry should be cleared. + * @param aPort The port whose entry should be cleared. + * If it is -1, then it is internaly treated as 443. + * If it is 0 and aHostName is "all:temporary-certificates", + * then all temporary certificates should be cleared. + */ + void clearValidityOverride(in ACString aHostName, + in int32_t aPort); + + /** + * Is the given cert used in rules? + * + * @param aCert The cert we're looking for + * @return how many override entries are currently on file + * for the given certificate + */ + uint32_t isCertUsedForOverrides(in nsIX509Cert aCert, + in boolean aCheckTemporaries, + in boolean aCheckPermanents); +}; diff --git a/security/manager/ssl/nsICertTree.idl b/security/manager/ssl/nsICertTree.idl new file mode 100644 index 000000000..2ef4e1947 --- /dev/null +++ b/security/manager/ssl/nsICertTree.idl @@ -0,0 +1,37 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" +#include "nsITreeView.idl" + +interface nsIX509Cert; +interface nsIX509CertList; + +[scriptable, uuid(d0180863-606e-49e6-8324-cf45ed4dd891)] +interface nsICertTreeItem : nsISupports { + readonly attribute nsIX509Cert cert; + readonly attribute AString hostPort; +}; + +[scriptable, uuid(55d5ad6b-5572-47fe-941c-f01fe723659e)] +interface nsICertTree : nsITreeView { + void loadCerts(in unsigned long type); + void loadCertsFromCache(in nsIX509CertList cache, in unsigned long type); + + nsIX509Cert getCert(in unsigned long index); + nsICertTreeItem getTreeItem(in unsigned long index); + + void deleteEntryObject(in unsigned long index); +}; + +%{C++ + +#define NS_CERTTREE_CID { 0x4ea60761, 0x31d6, 0x491d, \ + { 0x9e, 0x34, 0x4b, 0x53, 0xa2, 0x6c, 0x41, 0x6c } } + +#define NS_CERTTREE_CONTRACTID "@mozilla.org/security/nsCertTree;1" + +%} diff --git a/security/manager/ssl/nsICertificateDialogs.idl b/security/manager/ssl/nsICertificateDialogs.idl new file mode 100644 index 000000000..a5f023ffd --- /dev/null +++ b/security/manager/ssl/nsICertificateDialogs.idl @@ -0,0 +1,77 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIInterfaceRequestor; +interface nsIX509Cert; + +/** + * Functions that implement user interface dialogs to manage certificates. + */ +[scriptable, uuid(da871dab-f69e-4173-ab26-99fcd47b0e85)] +interface nsICertificateDialogs : nsISupports +{ + /** + * UI shown when a user is asked to download a new CA cert. + * Provides user with ability to choose trust settings for the cert. + * Asks the user to grant permission to import the certificate. + * + * @param ctx A user interface context. + * @param cert The certificate that is about to get installed. + * @param trust a bit mask of trust flags, + * see nsIX509CertDB for possible values. + * + * @return true if the user allows to import the certificate. + */ + boolean confirmDownloadCACert(in nsIInterfaceRequestor ctx, + in nsIX509Cert cert, + out unsigned long trust); + + /** + * UI shown when a user's personal certificate is going to be + * exported to a backup file. + * The implementation of this dialog should make sure + * to prompt the user to type the password twice in order to + * confirm correct input. + * The wording in the dialog should also motivate the user + * to enter a strong password. + * + * @param ctx A user interface context. + * @param password The password provided by the user. + * + * @return false if the user requests to cancel. + */ + boolean setPKCS12FilePassword(in nsIInterfaceRequestor ctx, + out AString password); + + /** + * UI shown when a user is about to restore a personal + * certificate from a backup file. + * The user is requested to enter the password + * that was used in the past to protect that backup file. + * + * @param ctx A user interface context. + * @param password The password provided by the user. + * + * @return false if the user requests to cancel. + */ + boolean getPKCS12FilePassword(in nsIInterfaceRequestor ctx, + out AString password); + + /** + * UI shown when a certificate needs to be shown to the user. + * The implementation should try to display as many attributes + * as possible. + * + * @param ctx A user interface context. + * @param cert The certificate to be shown to the user. + */ + void viewCert(in nsIInterfaceRequestor ctx, + in nsIX509Cert cert); +}; + +%{C++ +#define NS_CERTIFICATEDIALOGS_CONTRACTID "@mozilla.org/nsCertificateDialogs;1" +%} diff --git a/security/manager/ssl/nsIClientAuthDialogs.idl b/security/manager/ssl/nsIClientAuthDialogs.idl new file mode 100644 index 000000000..8fcc7094e --- /dev/null +++ b/security/manager/ssl/nsIClientAuthDialogs.idl @@ -0,0 +1,47 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIArray; +interface nsIInterfaceRequestor; + +/** + * Provides UI for SSL client-auth dialogs. + */ +[scriptable, uuid(fa4c7520-1433-11d5-ba24-00108303b117)] +interface nsIClientAuthDialogs : nsISupports +{ + /** + * Called when a user is asked to choose a certificate for client auth. + * + * @param ctx Context that allows at least nsIClientAuthUserDecision to be + * queried. + * @param hostname Hostname of the server. + * @param port Port of the server. + * @param organization Organization field of the server cert. + * @param issuerOrg Organization field of the issuer cert of the server cert. + * @param certList List of certificates the user can choose from. + * @param selectedIndex Index of the cert in |certList| that the user chose. + * Ignored if the return value is false. + * @return true if a certificate was chosen. false if the user canceled. + */ + boolean chooseCertificate(in nsIInterfaceRequestor ctx, + in AUTF8String hostname, + in long port, + in AUTF8String organization, + in AUTF8String issuerOrg, + in nsIArray certList, + out unsigned long selectedIndex); +}; + +[scriptable, uuid(95c4373e-bdd4-4a63-b431-f5b000367721)] +interface nsIClientAuthUserDecision : nsISupports +{ + attribute boolean rememberClientAuthCertificate; +}; + +%{C++ +#define NS_CLIENTAUTHDIALOGS_CONTRACTID "@mozilla.org/nsClientAuthDialogs;1" +%} diff --git a/security/manager/ssl/nsIContentSignatureVerifier.idl b/security/manager/ssl/nsIContentSignatureVerifier.idl new file mode 100644 index 000000000..59a9d83ee --- /dev/null +++ b/security/manager/ssl/nsIContentSignatureVerifier.idl @@ -0,0 +1,116 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + +#include "nsISupports.idl" + +interface nsIContentSignatureReceiverCallback; + +/** + * An interface for verifying content-signatures, inspired by + * https://tools.ietf.org/html/draft-thomson-http-content-signature-00 + * described here https://github.com/franziskuskiefer/content-signature/tree/pki + * + * A new signature verifier instance should be created for each signature + * verification - you can create these instances with do_CreateInstance. + * + * There are two ways to use this functionality: + * The first allows a signature to be verified all at once by simply calling + * verifyContentSignature. + * The second allows for streaming; call createContext with the signature + * information (and initial data), call update with more data as it becomes + * available then, finally, call end to verify the signature. + */ +[scriptable, uuid(45a5fe2f-c350-4b86-962d-02d5aaaa955a)] +interface nsIContentSignatureVerifier : nsISupports +{ + + /** + * Verifies that the data matches the data that was used to generate the + * signature. + * + * @param aData The data to be tested. + * @param aContentSignatureHeader The content-signature header, + * url-safe base64 encoded. + * @param aCertificateChain The certificate chain to use for verification. + * PEM encoded string. + * @param aName The (host)name for which the end entity must + be valid. + * @returns true if the signature matches the data and aCertificateChain is + * valid within aContext, false if not. + */ + boolean verifyContentSignature(in ACString aData, + in ACString aContentSignatureHeader, + in ACString aCertificateChain, + in ACString aName); + + /** + * Creates a context to verify a content signature against data that is added + * later with update calls. + * + * @param aData The first chunk of data to be tested. + * @param aContentSignatureHeader The signature of the data, url-safe base64 + * encoded. + * @param aCertificateChain The certificate chain to use for + * verification. PEM encoded string. + * @param aName The (host)name for which the end entity must + be valid. + */ + void createContext(in ACString aData, in ACString aContentSignatureHeader, + in ACString aCertificateChain, in ACString aName); + + /** + * Creates a context to verify a content signature against data that is added + * later with update calls. + * This does not require the caller to download the certificate chain. It's + * done internally. + * It requires the x5u parameter to be present in aContentSignatureHeader + * + * NOTE: Callers have to wait for aCallback to return before invoking anything + * else. Otherwise the ContentSignatureVerifier will fail. + * + * @param aCallback Callback that's invoked when the cert chain + * got fetched. + * @param aContentSignatureHeader The signature of the data, url-safe base64 + * encoded, and the x5u value. + * @param aName The (host)name for which the end entity must + be valid. + */ + void createContextWithoutCertChain(in nsIContentSignatureReceiverCallback aCallback, + in ACString aContentSignatureHeader, + in ACString aName); + + /** + * Adds data to the context that was used to generate the signature. + * + * @param aData More data to be tested. + */ + void update(in ACString aData); + + /** + * Finalises the signature and returns the result of the signature + * verification. + * + * @returns true if the signature matches the data added with createContext + * and update, false if not. + */ + boolean end(); +}; + +/** + * Callback for nsIContentSignatureVerifier. + * { 0x1eb90707, 0xdf59, 0x48b7, \ + * { 0x9d, 0x42, 0xd8, 0xbf, 0x63, 0x0a, 0xe7, 0x44 } } + */ +[scriptable, uuid(1eb90707-df59-48b7-9d42-d8bf630ae744)] +interface nsIContentSignatureReceiverCallback : nsISupports +{ + /** + * Notification callback that's called by nsIContentSignatureVerifier when + * the cert chain is downloaded. + * If download and initialisation were successful, successful is true, + * otherwise false. If successful is false, the verification must be aborted. + */ + void contextCreated(in boolean successful); +}; diff --git a/security/manager/ssl/nsIDataSignatureVerifier.idl b/security/manager/ssl/nsIDataSignatureVerifier.idl new file mode 100644 index 000000000..347eaedc9 --- /dev/null +++ b/security/manager/ssl/nsIDataSignatureVerifier.idl @@ -0,0 +1,40 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + +#include "nsISupports.idl" + +interface nsIX509Cert; + +/** + * An interface for verifying that a given string of data was signed by the + * private key matching the given public key. + */ +[scriptable, uuid(94066a00-37c9-11e4-916c-0800200c9a66)] +interface nsIDataSignatureVerifier : nsISupports +{ + /** + * Verifies that the data matches the data that was used to generate the + * signature. + * + * @param aData The data to be tested. + * @param aSignature The signature of the data, base64 encoded. + * @param aPublicKey The public part of the key used for signing, DER encoded + * then base64 encoded. + * @returns true if the signature matches the data, false if not. + */ + boolean verifyData(in ACString aData, in ACString aSignature, in ACString aPublicKey); + + /* Sig Verification Error Codes */ + const long VERIFY_OK = 0; + const long VERIFY_ERROR_UNKNOWN_ISSUER = 1; + const long VERIFY_ERROR_OTHER = 2; + + nsIX509Cert verifySignature(in string aSignature, + in unsigned long aSignatureLen, + in string plaintext, + in unsigned long plaintextLen, + out long errorCode); + +}; diff --git a/security/manager/ssl/nsIGenKeypairInfoDlg.idl b/security/manager/ssl/nsIGenKeypairInfoDlg.idl new file mode 100644 index 000000000..03f2c4658 --- /dev/null +++ b/security/manager/ssl/nsIGenKeypairInfoDlg.idl @@ -0,0 +1,34 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIInterfaceRequestor; +interface nsIKeygenThread; + +/** + * nsIGeneratingKeypairInfoDialogs + * This is the interface for giving feedback to the user + * while generating a key pair. + */ +[scriptable, uuid(11bf5cdc-1dd2-11b2-ba6a-c76afb326fa1)] +interface nsIGeneratingKeypairInfoDialogs : nsISupports +{ + void displayGeneratingKeypairInfo(in nsIInterfaceRequestor ctx, + in nsIKeygenThread runnable); +}; + +%{C++ +/** + * This component is to be implemented by the embeddor. It is used to show + * feedback to the user while a private key is being generated. + * + * This component is only ever used on the UI thread. + * + * INTERFACES THAT NEED TO BE IMPLEMENTED: + * nsIGeneratingKeypairInfoDialogs + */ +#define NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID \ + "@mozilla.org/nsGeneratingKeypairInfoDialogs;1" +%} diff --git a/security/manager/ssl/nsIKeyModule.idl b/security/manager/ssl/nsIKeyModule.idl new file mode 100644 index 000000000..d9e1d1138 --- /dev/null +++ b/security/manager/ssl/nsIKeyModule.idl @@ -0,0 +1,37 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +%{ C++ + /* forward declaration */ + typedef struct PK11SymKeyStr PK11SymKey; +%} +[ptr] native PK11SymKeyPtr(PK11SymKey); + +// An opaque key object. +[scriptable, uuid(ee2dc516-ba7b-4e77-89fe-c43b886ef715)] +interface nsIKeyObject : nsISupports +{ + // Key types + const short SYM_KEY = 1; + + // Algorithm types + const short HMAC = 257; + + // The nsIKeyObject will take ownership of the key and be responsible + // for freeing the key memory when destroyed. + [noscript] void initKey(in short aAlgorithm, in PK11SymKeyPtr aKey); + + // Returns a pointer to the underlying key object. + [noscript] PK11SymKeyPtr getKeyObj(); + + short getType(); +}; + +[scriptable, uuid(838bdbf1-8244-448f-8bcd-cede70227d75)] +interface nsIKeyObjectFactory : nsISupports +{ + nsIKeyObject keyFromString(in short aAlgorithm, in ACString aKey); +}; diff --git a/security/manager/ssl/nsIKeygenThread.idl b/security/manager/ssl/nsIKeygenThread.idl new file mode 100644 index 000000000..85d619b97 --- /dev/null +++ b/security/manager/ssl/nsIKeygenThread.idl @@ -0,0 +1,48 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// make sure to include all the required file headers + +#include "nsISupports.idl" + +interface nsIObserver; + +/** + * nsIKeygenThread + * This is used to communicate with the thread generating a key pair, + * to be used by the dialog displaying status information. + */ +[scriptable, uuid(8712a243-5539-447c-9f47-8653f40c3a09)] +interface nsIKeygenThread : nsISupports +{ + /** + * startKeyGeneration - run the thread + * A user interface using this interface needs to + * call this method as soon as the status information + * is displaying. This will trigger key generation. + * To allow the closure of the status information, + * the thread needs a handle to an observer. + * + * observer will be called on the UI thread. + * When the key generation is done, the observe method will + * be called with a topic of "keygen-finished" and null data + * and subject. + */ + void startKeyGeneration(in nsIObserver observer); + + /** + * userCanceled - notify the thread + * If the user canceled, the thread is no longer allowed to + * close the dialog. However, if the thread already closed + * it, we are not allowed to close it. + */ + void userCanceled(out boolean threadAlreadyClosedDialog); +}; + +%{ C++ +// {195763b8-1dd2-11b2-a843-eb44e44aaa37} +#define NS_KEYGENTHREAD_CID \ +{ 0x195763b8, 0x1dd2, 0x11b2, { 0xa8, 0x43, 0xeb, 0x44, 0xe4, 0x4a, 0xaa, 0x37 } } +#define NS_KEYGENTHREAD_CONTRACTID "@mozilla.org/security/keygenthread;1" +%} diff --git a/security/manager/ssl/nsILocalCertService.idl b/security/manager/ssl/nsILocalCertService.idl new file mode 100644 index 000000000..a452683d9 --- /dev/null +++ b/security/manager/ssl/nsILocalCertService.idl @@ -0,0 +1,69 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIX509Cert; +interface nsILocalCertGetCallback; +interface nsILocalCertCallback; + +[scriptable, uuid(9702fdd4-4c2c-439c-ba2e-19cda018eb99)] +interface nsILocalCertService : nsISupports +{ + /** + * Get or create a new self-signed X.509 cert to represent this device over a + * secure transport, like TLS. + * + * The cert is stored permanently in the profile's key store after first use, + * and is valid for 1 year. If an expired or otherwise invalid cert is found + * with the nickname supplied here, it is removed and a new one is made. + * + * @param nickname Nickname that identifies the cert + * @param cb Callback to be notified with the result + */ + void getOrCreateCert(in ACString nickname, in nsILocalCertGetCallback cb); + + /** + * Remove a X.509 cert with the given nickname. + * + * @param nickname Nickname that identifies the cert + * @param cb Callback to be notified with the result + */ + void removeCert(in ACString nickname, in nsILocalCertCallback cb); + + /** + * Whether calling |getOrCreateCert| or |removeCert| will trigger a login + * prompt to be displayed. Generally this happens if the user has set a + * master password, but has not yet logged in. + */ + readonly attribute boolean loginPromptRequired; +}; + +[scriptable, uuid(cc09633e-7c70-4093-a9cf-79ab676ca8a9)] +interface nsILocalCertGetCallback : nsISupports +{ + /** + * Called with the result of the getOrCreateCert operation above. + * + * @param cert Requested cert, or null if some error + * @param result Result code from the get operation + */ + void handleCert(in nsIX509Cert cert, in nsresult result); +}; + +[scriptable, uuid(518124e9-55e6-4e23-97c0-4995b3a1bec6)] +interface nsILocalCertCallback : nsISupports +{ + /** + * Called with the result of the removeCert operation above. + * + * @param result Result code from the operation + */ + void handleResult(in nsresult result); +}; + +%{ C++ +#define LOCALCERTSERVICE_CONTRACTID \ + "@mozilla.org/security/local-cert-service;1" +%} diff --git a/security/manager/ssl/nsINSSU2FToken.idl b/security/manager/ssl/nsINSSU2FToken.idl new file mode 100644 index 000000000..649ed682a --- /dev/null +++ b/security/manager/ssl/nsINSSU2FToken.idl @@ -0,0 +1,21 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsIU2FToken.idl" + +/** + * Interface used to interact with the NSS-backed software U2F Token + */ +[scriptable, uuid(d9104a00-140b-4f86-a4b0-4998878ef4e6 )] +interface nsINSSU2FToken : nsIU2FToken { + /** + * Initializes the token and constructs and persists keys, if needed. Asserts + * that it is only called by the main thread. + */ + void init(); +}; + +%{C++ +#define NS_NSSU2FTOKEN_CONTRACTID "@mozilla.org/dom/u2f/nss-u2f-token;1" +%} diff --git a/security/manager/ssl/nsINSSVersion.idl b/security/manager/ssl/nsINSSVersion.idl new file mode 100644 index 000000000..0ad474b35 --- /dev/null +++ b/security/manager/ssl/nsINSSVersion.idl @@ -0,0 +1,27 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +%{C++ +#define NS_NSSVERSION_CONTRACTID "@mozilla.org/security/nssversion;1" +%} + +[scriptable, uuid(a8a53a2b-75cc-4c68-a9bb-9791dbddaa00)] +interface nsINSSVersion : nsISupports { + /* Minimal required versions as used at build time */ + readonly attribute AString NSPR_MinVersion; + readonly attribute AString NSS_MinVersion; + readonly attribute AString NSSUTIL_MinVersion; + readonly attribute AString NSSSSL_MinVersion; + readonly attribute AString NSSSMIME_MinVersion; + + /* Versions of libraries currently in use */ + readonly attribute AString NSPR_Version; + readonly attribute AString NSS_Version; + readonly attribute AString NSSUTIL_Version; + readonly attribute AString NSSSSL_Version; + readonly attribute AString NSSSMIME_Version; +}; diff --git a/security/manager/ssl/nsIPK11Token.idl b/security/manager/ssl/nsIPK11Token.idl new file mode 100644 index 000000000..1d53ce19a --- /dev/null +++ b/security/manager/ssl/nsIPK11Token.idl @@ -0,0 +1,74 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +[scriptable, uuid(51191434-1dd2-11b2-a17c-e49c4e99a4e3)] +interface nsIPK11Token : nsISupports +{ + const long ASK_EVERY_TIME = -1; + const long ASK_FIRST_TIME = 0; + const long ASK_EXPIRE_TIME = 1; + + /* + * The name of the token + */ + readonly attribute AUTF8String tokenName; + readonly attribute AUTF8String tokenLabel; + /** + * Manufacturer ID of the token. + */ + readonly attribute AUTF8String tokenManID; + /** + * Hardware version of the token. + */ + readonly attribute AUTF8String tokenHWVersion; + /** + * Firmware version of the token. + */ + readonly attribute AUTF8String tokenFWVersion; + readonly attribute AUTF8String tokenSerialNumber; + + /* + * Login information + */ + boolean isLoggedIn(); + void login(in boolean force); + void logoutSimple(); + void logoutAndDropAuthenticatedResources(); + + /* + * Reset password + */ + void reset(); + + /* + * Password information + */ + readonly attribute long minimumPasswordLength; + readonly attribute boolean needsUserInit; + /** + * Checks whether the given password is correct. Logs the token out if an + * incorrect password is given. + * + * @param password The password to check. + * @return true if the password was correct, false otherwise. + */ + boolean checkPassword(in AUTF8String password); + void initPassword(in AUTF8String initialPassword); + void changePassword(in AUTF8String oldPassword, in AUTF8String newPassword); + long getAskPasswordTimes(); + long getAskPasswordTimeout(); + void setAskPasswordDefaults([const] in long askTimes, [const] in long timeout); + + /* + * Other attributes + */ + boolean isHardwareToken(); + boolean needsLogin(); + boolean isFriendly(); +}; + diff --git a/security/manager/ssl/nsIPK11TokenDB.idl b/security/manager/ssl/nsIPK11TokenDB.idl new file mode 100644 index 000000000..297f3da11 --- /dev/null +++ b/security/manager/ssl/nsIPK11TokenDB.idl @@ -0,0 +1,42 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIPK11Token; +interface nsISimpleEnumerator; + +/** + * The PK11 Token Database provides access to the PK11 modules + * that are installed, and the tokens that are available. + * Interfaces: nsIPK11TokenDB + * Threading: ?? + */ +%{C++ +#define NS_PK11TOKENDB_CONTRACTID "@mozilla.org/security/pk11tokendb;1" +%} + +/** + * nsIPK11TokenDB - Manages PK11 Tokens + */ +[scriptable, uuid(4ee28c82-1dd2-11b2-aabf-bb4017abe395)] +interface nsIPK11TokenDB : nsISupports +{ + /* + * Get the internal key database token + */ + nsIPK11Token getInternalKeyToken(); + + /* + * Find a token by name + */ + nsIPK11Token findTokenByName(in AUTF8String tokenName); + + /* + * List all tokens + */ + nsISimpleEnumerator listTokens(); +}; diff --git a/security/manager/ssl/nsIPKCS11.idl b/security/manager/ssl/nsIPKCS11.idl new file mode 100644 index 000000000..c1e636b47 --- /dev/null +++ b/security/manager/ssl/nsIPKCS11.idl @@ -0,0 +1,16 @@ +/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +[scriptable, uuid(5743f870-958e-4f02-aef2-c0afeef67f05)] +interface nsIPKCS11 : nsISupports +{ + void deleteModule(in AString moduleName); + void addModule(in AString moduleName, + in AString libraryFullPath, + in long cryptoMechanismFlags, + in long cipherFlags); +}; diff --git a/security/manager/ssl/nsIPKCS11Module.idl b/security/manager/ssl/nsIPKCS11Module.idl new file mode 100644 index 000000000..8a1591878 --- /dev/null +++ b/security/manager/ssl/nsIPKCS11Module.idl @@ -0,0 +1,21 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIPKCS11Slot; +interface nsISimpleEnumerator; + +[scriptable, uuid(8a44bdf9-d1a5-4734-bd5a-34ed7fe564c2)] +interface nsIPKCS11Module : nsISupports +{ + readonly attribute AUTF8String name; + readonly attribute AUTF8String libName; + + nsIPKCS11Slot findSlotByName(in AUTF8String name); + + nsISimpleEnumerator listSlots(); +}; diff --git a/security/manager/ssl/nsIPKCS11ModuleDB.idl b/security/manager/ssl/nsIPKCS11ModuleDB.idl new file mode 100644 index 000000000..6c0749de5 --- /dev/null +++ b/security/manager/ssl/nsIPKCS11ModuleDB.idl @@ -0,0 +1,35 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIPKCS11Module; +interface nsIPKCS11Slot; +interface nsISimpleEnumerator; + +%{C++ +#define NS_PKCS11MODULEDB_CONTRACTID "@mozilla.org/security/pkcs11moduledb;1" +%} + +[scriptable, uuid(ff9fbcd7-9517-4334-b97a-ceed78909974)] +interface nsIPKCS11ModuleDB : nsISupports +{ + nsIPKCS11Module getInternal(); + + nsIPKCS11Module getInternalFIPS(); + + nsIPKCS11Module findModuleByName(in AUTF8String name); + + nsIPKCS11Slot findSlotByName(in AUTF8String name); + + nsISimpleEnumerator listModules(); + + readonly attribute boolean canToggleFIPS; + + void toggleFIPSMode(); + + readonly attribute boolean isFIPSEnabled; +}; diff --git a/security/manager/ssl/nsIPKCS11Slot.idl b/security/manager/ssl/nsIPKCS11Slot.idl new file mode 100644 index 000000000..7c41e4fcc --- /dev/null +++ b/security/manager/ssl/nsIPKCS11Slot.idl @@ -0,0 +1,44 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIPK11Token; + +[scriptable, uuid(c2d4f296-ee60-11d4-998b-00b0d02354a0)] +interface nsIPKCS11Slot : nsISupports { + readonly attribute AUTF8String name; + readonly attribute AUTF8String desc; + /** + * Manufacturer ID of the slot. + */ + readonly attribute AUTF8String manID; + /** + * Hardware version of the slot. + */ + readonly attribute AUTF8String HWVersion; + /** + * Firmware version of the slot. + */ + readonly attribute AUTF8String FWVersion; + + const unsigned long SLOT_DISABLED = 0; + const unsigned long SLOT_NOT_PRESENT = 1; + const unsigned long SLOT_UNINITIALIZED = 2; + const unsigned long SLOT_NOT_LOGGED_IN = 3; + const unsigned long SLOT_LOGGED_IN = 4; + const unsigned long SLOT_READY = 5; + readonly attribute unsigned long status; + + /* This is really a workaround for now. All of the "slot" functions + * (isTokenPresent(), etc.) are in nsIPK11Token. For now, return the + * token and handle those things there. + */ + nsIPK11Token getToken(); + + /* more fun with workarounds - we're referring to everything by token name */ + readonly attribute AUTF8String tokenName; +}; diff --git a/security/manager/ssl/nsIProtectedAuthThread.idl b/security/manager/ssl/nsIProtectedAuthThread.idl new file mode 100644 index 000000000..3dc650fe9 --- /dev/null +++ b/security/manager/ssl/nsIProtectedAuthThread.idl @@ -0,0 +1,46 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" +#include "nsIObserver.idl" +#include "nsIPKCS11Slot.idl" + +/** + * nsIProtectedAuthThread + * This is used to communicate with the thread login on to + * a token with CKF_PROTECTED_AUTHENTICATION_PATH set. + */ +[scriptable, uuid(4bb27cb7-8984-4cee-8ce7-9b014c3d091b)] +interface nsIProtectedAuthThread : nsISupports +{ + /** + * login - run the thread + * A user interface implementing this interface needs to + * call this method as soon as the message to the user is + * displayed. This will trigger login operation. No user + * cancellation is possible during login operation. + * + * When the login is done, the observe method of @observer will + * be called on the UI thread with a topic of "login-finished" + * and null data and subject. + */ + void login(in nsIObserver observer); + + /** + * The PKCS11 slot + */ + readonly attribute nsIPKCS11Slot slot; + + /** + * Gets token to be logged in name. + */ + AString getTokenName(); +}; + +%{ C++ +// {45334489-3D30-47c6-920B-0A55A313AEBF} +#define NS_PROTECTEDAUTHTHREAD_CID \ +{ 0x45334489, 0x3d30, 0x47c6, { 0x92, 0x0b, 0x0a, 0x55, 0xa3, 0x13, 0xae, 0xbf } } +#define NS_PROTECTEDAUTHTHREAD_CONTRACTID "@mozilla.org/security/protectedauththread;1" +%} diff --git a/security/manager/ssl/nsISSLStatus.idl b/security/manager/ssl/nsISSLStatus.idl new file mode 100644 index 000000000..f5c56a8cf --- /dev/null +++ b/security/manager/ssl/nsISSLStatus.idl @@ -0,0 +1,49 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIX509Cert; + +[scriptable, uuid(fa9ba95b-ca3b-498a-b889-7c79cf28fee8)] +interface nsISSLStatus : nsISupports { + readonly attribute nsIX509Cert serverCert; + + readonly attribute ACString cipherName; + readonly attribute unsigned long keyLength; + readonly attribute unsigned long secretKeyLength; + + const short SSL_VERSION_3 = 0; + const short TLS_VERSION_1 = 1; + const short TLS_VERSION_1_1 = 2; + const short TLS_VERSION_1_2 = 3; + const short TLS_VERSION_1_3 = 4; + readonly attribute unsigned short protocolVersion; + + const short CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE = 0; + const short CERTIFICATE_TRANSPARENCY_NONE = 1; + const short CERTIFICATE_TRANSPARENCY_OK = 2; + const short CERTIFICATE_TRANSPARENCY_UNKNOWN_LOG = 3; + const short CERTIFICATE_TRANSPARENCY_INVALID = 4; + readonly attribute unsigned short certificateTransparencyStatus; + + readonly attribute boolean isDomainMismatch; + readonly attribute boolean isNotValidAtThisTime; + + /* Note: To distinguish between + * "unstrusted because missing or untrusted issuer" + * and + * "untrusted because self signed" + * query nsIX509Cert::isSelfSigned + */ + readonly attribute boolean isUntrusted; + + /** + * True only if (and after) serverCert was successfully validated as + * Extended Validation (EV). + */ + readonly attribute boolean isExtendedValidation; +}; diff --git a/security/manager/ssl/nsISSLStatusProvider.idl b/security/manager/ssl/nsISSLStatusProvider.idl new file mode 100644 index 000000000..83048f179 --- /dev/null +++ b/security/manager/ssl/nsISSLStatusProvider.idl @@ -0,0 +1,13 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsISSLStatus; + +[scriptable, uuid(179b1ab1-0950-4427-9556-6f496dc4a27f)] +interface nsISSLStatusProvider : nsISupports { + readonly attribute nsISSLStatus SSLStatus; +}; diff --git a/security/manager/ssl/nsISecretDecoderRing.idl b/security/manager/ssl/nsISecretDecoderRing.idl new file mode 100644 index 000000000..e9f67cbee --- /dev/null +++ b/security/manager/ssl/nsISecretDecoderRing.idl @@ -0,0 +1,49 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +[scriptable, uuid(0EC80360-075C-11d4-9FD4-00C04F1B83D8)] +interface nsISecretDecoderRing: nsISupports { + /** + * Encrypt to Base64 output. + * Note that the input must basically be a byte array (i.e. the code points + * must be within the range [0, 255]). Hence, using this method directly to + * encrypt passwords (or any text, really) won't work as expected. + * Instead, use something like nsIScriptableUnicodeConverter to first convert + * the desired password or text to UTF-8, then encrypt that. Remember to + * convert back when calling decryptString(). + * + * @param text The text to encrypt. + * @return The encrypted text, encoded as Base64. + */ + ACString encryptString(in ACString text); + + /** + * Decrypt Base64 input. + * See the encryptString() documentation - this method has basically the same + * limitations. + * + * @param encryptedBase64Text Encrypted input text, encoded as Base64. + * @return The decoded text. + */ + ACString decryptString(in ACString encryptedBase64Text); + + /** + * Prompt the user to change the password on the SDR key. + */ + void changePassword(); + + /** + * Logout of the security device that protects the SDR key. + */ + void logout(); + + /** + * Logout of the security device that protects the SDR key and tear + * down authenticated objects. + */ + void logoutAndTeardown(); +}; diff --git a/security/manager/ssl/nsISecurityUITelemetry.idl b/security/manager/ssl/nsISecurityUITelemetry.idl new file mode 100644 index 000000000..05d3473ad --- /dev/null +++ b/security/manager/ssl/nsISecurityUITelemetry.idl @@ -0,0 +1,150 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +[scriptable, uuid(5d1acf82-223a-46fb-a8f3-a1b16e2ceb04)] + +interface nsISecurityUITelemetry : nsISupports { + +/* + * Addon installation warnings + */ + +// Firefox prevented this site from asking you to install addon +const uint32_t WARNING_ADDON_ASKING_PREVENTED = 1; +// User clicks through and allows site to ask to install addons +const uint32_t WARNING_ADDON_ASKING_PREVENTED_CLICK_THROUGH = 2; +// Are you sure you want to install this addon? Only install addons you trust +const uint32_t WARNING_CONFIRM_ADDON_INSTALL = 3; +// User clicked she is sure after waiting 3secs +const uint32_t WARNING_CONFIRM_ADDON_INSTALL_CLICK_THROUGH = 4; + + +/* + * modal dialogs/warnings + */ + +// removed WARNING_ENTERING_SECURE_SITE = 5; +// removed WARNING_ENTERING_WEAK_SITE = 6; +// removed WARNING_LEAVING_SECURE_SITE = 7; +// removed WARNING_MIXED_CONTENT = 8; + +// For confirmation dialogs, the clickthrough constant needs to be 1 +// more than the dialog constant so that +// WARNING_CONFIRM_ + 1 == WARNING_CONFIRM__CLICK_THROUGH +const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE = 9; +const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE_CLICK_THROUGH = 10; +// removed WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE = 11; +// removed WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE_CLICK_THROUGH = 12; + +/* + * Phishing / Malware page warnings + * deprecated: we use the _TOP and _FRAME versions below + */ + +const uint32_t WARNING_MALWARE_PAGE = 13; +const uint32_t WARNING_MALWARE_PAGE_WHY_BLOCKED = 14; +const uint32_t WARNING_MALWARE_PAGE_GET_ME_OUT_OF_HERE = 15; +const uint32_t WARNING_MALWARE_PAGE_IGNORE_WARNING = 16; + +const uint32_t WARNING_PHISHING_PAGE = 17; +const uint32_t WARNING_PHISHING_PAGE_WHY_BLOCKED = 18; +const uint32_t WARNING_PHISHING_PAGE_GET_ME_OUT_OF_HERE = 19; +const uint32_t WARNING_PHISHING_PAGE_IGNORE_WARNING = 20; + +/* + * SSL Error dialogs + * deprecated: we use the _TOP versions below + */ + +const uint32_t WARNING_BAD_CERT = 21; +const uint32_t WARNING_BAD_CERT_STS = 22; +const uint32_t WARNING_BAD_CERT_CLICK_ADD_EXCEPTION = 23; +const uint32_t WARNING_BAD_CERT_CLICK_VIEW_CERT = 24; +const uint32_t WARNING_BAD_CERT_DONT_REMEMBER_EXCEPTION = 25; +const uint32_t WARNING_BAD_CERT_GET_ME_OUT_OF_HERE = 27; +const uint32_t WARNING_BAD_CERT_UNDERSTAND_RISKS = 28; +const uint32_t WARNING_BAD_CERT_TECHINICAL_DETAILS = 29; + +/* + * Note that if we add more possibilities in the warning dialogs, + * it is a new experiment and we shouldn't reuse these buckets. + */ +const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_BASE = 30; +const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_FLAG_UNTRUSTED = 1; +const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_FLAG_DOMAIN = 2; +const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_FLAG_TIME = 4; + +const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_BASE = 38; +const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED = 1; +const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN = 2; +const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_FLAG_TIME = 4; +// This uses up buckets till 45 + +/* + * Geolocation Popup Telemetry + */ + +const uint32_t WARNING_GEOLOCATION_REQUEST = 46; +const uint32_t WARNING_GEOLOCATION_REQUEST_SHARE_LOCATION = 47; +const uint32_t WARNING_GEOLOCATION_REQUEST_ALWAYS_SHARE = 48; +const uint32_t WARNING_GEOLOCATION_REQUEST_NEVER_SHARE = 49; +// It would be nice to measure the two cases of user clicking +// "not now", and user closing the popup. This is currently not implemented. + +const uint32_t WARNING_MALWARE_PAGE_TOP = 52; +const uint32_t WARNING_MALWARE_PAGE_TOP_WHY_BLOCKED = 53; +const uint32_t WARNING_MALWARE_PAGE_TOP_GET_ME_OUT_OF_HERE = 54; +const uint32_t WARNING_MALWARE_PAGE_TOP_IGNORE_WARNING = 55; + +const uint32_t WARNING_PHISHING_PAGE_TOP = 56; +const uint32_t WARNING_PHISHING_PAGE_TOP_WHY_BLOCKED = 57; +const uint32_t WARNING_PHISHING_PAGE_TOP_GET_ME_OUT_OF_HERE = 58; +const uint32_t WARNING_PHISHING_PAGE_TOP_IGNORE_WARNING = 59; + +const uint32_t WARNING_MALWARE_PAGE_FRAME = 60; +const uint32_t WARNING_MALWARE_PAGE_FRAME_WHY_BLOCKED = 61; +const uint32_t WARNING_MALWARE_PAGE_FRAME_GET_ME_OUT_OF_HERE = 62; +const uint32_t WARNING_MALWARE_PAGE_FRAME_IGNORE_WARNING = 63; + +const uint32_t WARNING_PHISHING_PAGE_FRAME = 64; +const uint32_t WARNING_PHISHING_PAGE_FRAME_WHY_BLOCKED = 65; +const uint32_t WARNING_PHISHING_PAGE_FRAME_GET_ME_OUT_OF_HERE = 66; +const uint32_t WARNING_PHISHING_PAGE_FRAME_IGNORE_WARNING = 67; + +const uint32_t WARNING_BAD_CERT_TOP = 68; +const uint32_t WARNING_BAD_CERT_TOP_STS = 69; +const uint32_t WARNING_BAD_CERT_TOP_CLICK_ADD_EXCEPTION = 70; +const uint32_t WARNING_BAD_CERT_TOP_CLICK_VIEW_CERT = 71; +const uint32_t WARNING_BAD_CERT_TOP_DONT_REMEMBER_EXCEPTION = 72; +const uint32_t WARNING_BAD_CERT_TOP_GET_ME_OUT_OF_HERE = 73; +const uint32_t WARNING_BAD_CERT_TOP_UNDERSTAND_RISKS = 74; +// removed WARNING_BAD_CERT_TOP_TECHNICAL_DETAILS = 75; + +const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_BASE = 76; +const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED = 1; +const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_DOMAIN = 2; +const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_TIME = 4; + +const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE = 84; +const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED = 1; +const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN = 2; +const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME = 4; + +// Another Safe Browsing list (like malware & phishing above) +const uint32_t WARNING_UNWANTED_PAGE_TOP = 92; +const uint32_t WARNING_UNWANTED_PAGE_TOP_WHY_BLOCKED = 93; +const uint32_t WARNING_UNWANTED_PAGE_TOP_GET_ME_OUT_OF_HERE = 94; +const uint32_t WARNING_UNWANTED_PAGE_TOP_IGNORE_WARNING = 95; +const uint32_t WARNING_UNWANTED_PAGE_FRAME = 96; +const uint32_t WARNING_UNWANTED_PAGE_FRAME_WHY_BLOCKED = 97; +const uint32_t WARNING_UNWANTED_PAGE_FRAME_GET_ME_OUT_OF_HERE = 98; +const uint32_t WARNING_UNWANTED_PAGE_FRAME_IGNORE_WARNING = 99; + +// This uses up buckets till 99 (including) +// We only have buckets up to 100. +}; diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl new file mode 100644 index 000000000..fa20fe307 --- /dev/null +++ b/security/manager/ssl/nsISiteSecurityService.idl @@ -0,0 +1,204 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIURI; +interface nsIObserver; +interface nsIHttpChannel; +interface nsISSLStatus; + +%{C++ +#include "nsTArrayForwardDeclare.h" +class nsCString; +namespace mozilla +{ + namespace pkix + { + class Time; + } +} +%} +[ref] native nsCStringTArrayRef(nsTArray); +[ref] native mozillaPkixTime(mozilla::pkix::Time); + +[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)] +interface nsISiteSecurityService : nsISupports +{ + const uint32_t HEADER_HSTS = 0; + const uint32_t HEADER_HPKP = 1; + const uint32_t HEADER_OMS = 2; + + const uint32_t Success = 0; + const uint32_t ERROR_UNKNOWN = 1; + const uint32_t ERROR_UNTRUSTWORTHY_CONNECTION = 2; + const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3; + const uint32_t ERROR_NO_MAX_AGE = 4; + const uint32_t ERROR_MULTIPLE_MAX_AGES = 5; + const uint32_t ERROR_INVALID_MAX_AGE = 6; + const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7; + const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8; + const uint32_t ERROR_INVALID_PIN = 9; + const uint32_t ERROR_MULTIPLE_REPORT_URIS = 10; + const uint32_t ERROR_PINSET_DOES_NOT_MATCH_CHAIN = 11; + const uint32_t ERROR_NO_BACKUP_PIN = 12; + const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13; + const uint32_t ERROR_ROOT_NOT_BUILT_IN = 14; + + /** + * Parses a given HTTP header and records the results internally. + * Currently two header types are supported: HSTS (aka STS) and HPKP + * The format of the HSTS header is defined by the HSTS specification: + * https://tools.ietf.org/html/rfc6797 + * and allows a host to specify that future HTTP requests should be + * upgraded to HTTPS. + * The format of the HPKP header is defined by the HPKP specification: + * https://tools.ietf.org/html/rfc7469 + * and allows a host to specify a subset of trusted anchors to be used + * in future HTTPS connections. + * + * @param aType the type of security header in question. + * @param aSourceURI the URI of the resource with the HTTP header. + * @param aSSLStatus the SSLStatus of the current channel + * @param aHeader the HTTP response header specifying security data. + * @param aFlags options for this request as defined in nsISocketProvider: + * NO_PERMANENT_STORAGE + * @param aMaxAge the parsed max-age directive of the header. + * @param aIncludeSubdomains the parsed includeSubdomains directive. + * @param aFailureResult a more specific failure result if NS_ERROR_FAILURE + was returned. + * @return NS_OK if it succeeds + * NS_ERROR_FAILURE if it can't be parsed + * NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA + * if there are unrecognized tokens in the header. + */ + void processHeader(in uint32_t aType, + in nsIURI aSourceURI, + in string aHeader, + in nsISSLStatus aSSLStatus, + in uint32_t aFlags, + [optional] out unsigned long long aMaxAge, + [optional] out boolean aIncludeSubdomains, + [optional] out uint32_t aFailureResult); + + /** + * Same as processHeader but without checking for the security properties + * of the connection. Use ONLY for testing. + */ + void unsafeProcessHeader(in uint32_t aType, + in nsIURI aSourceURI, + in string aHeader, + in uint32_t aFlags, + [optional] out unsigned long long aMaxAge, + [optional] out boolean aIncludeSubdomains, + [optional] out uint32_t aFailureResult); + + /** + * Given a header type, removes state relating to that header of a host, + * including the includeSubdomains state that would affect subdomains. + * This essentially removes the state for the domain tree rooted at this + * host. + * @param aType the type of security state in question + * @param aURI the URI of the target host + * @param aFlags options for this request as defined in nsISocketProvider: + * NO_PERMANENT_STORAGE + */ + void removeState(in uint32_t aType, + in nsIURI aURI, + in uint32_t aFlags); + + /** + * See isSecureURI + * + * @param aType the type of security state in question. + * @param aHost the hostname (punycode) to query for state. + * @param aFlags options for this request as defined in nsISocketProvider: + * NO_PERMANENT_STORAGE + * @param aCached true if we have cached information regarding whether or not + * the host is HSTS, false otherwise. + */ + boolean isSecureHost(in uint32_t aType, + in string aHost, + in uint32_t aFlags, + [optional] out boolean aCached); + + /** + * Checks whether or not the URI's hostname has a given security state set. + * For example, for HSTS: + * The URI is an HSTS URI if either the host has the HSTS state set, or one + * of its super-domains has the HSTS "includeSubdomains" flag set. + * NOTE: this function makes decisions based only on the + * host contained in the URI, and disregards other portions of the URI + * such as path and port. + * + * @param aType the type of security state in question. + * @param aURI the URI to query for STS state. + * @param aFlags options for this request as defined in nsISocketProvider: + * NO_PERMANENT_STORAGE + * @param aCached true if we have cached information regarding whether or not + * the host is HSTS, false otherwise. + */ + boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags, + [optional] out boolean aCached); + + /** + * Removes all non-preloaded security state by resetting to factory-original + * settings. + */ + void clearAll(); + + /** + * Removes all preloaded security state. + */ + void clearPreloads(); + + /** + * Returns an array of sha256-hashed key pins for the given domain, if any. + * If these pins also apply to subdomains of the given domain, + * aIncludeSubdomains will be true. Pins returned are only for non-built-in + * pin entries. + * + * @param aHostname the hosname (punycode) to be queried about + * @param the time at which the pins should be valid. This is in + mozilla::pkix::Time which uses internally seconds since 0 AD. + * @param aPinArray the set of sha256-hashed key pins for the given domain + * @param aIncludeSubdomains true if the pins apply to subdomains of the + * given domain + */ + [noscript] boolean getKeyPinsForHostname(in string aHostname, + in mozillaPkixTime evalTime, + out nsCStringTArrayRef aPinArray, + out boolean aIncludeSubdomains); + + /** + * Set public-key pins for a host. The resulting pins will be permanent + * and visible from private and non-private contexts. These pins replace + * any already set by this mechanism or those built-in to Gecko. + * + * @param aHost the hostname (punycode) that pins will apply to + * @param aIncludeSubdomains whether these pins also apply to subdomains + * @param aExpires the time this pin should expire (millis since epoch) + * @param aPinCount number of keys being pinnned + * @param aSha256Pins array of hashed key fingerprints (SHA-256, base64) + * @param aIsPreload are these key pins for a preload entry? (false by + * default) + */ + boolean setKeyPins(in string aHost, in boolean aIncludeSubdomains, + in int64_t aExpires, in unsigned long aPinCount, + [array, size_is(aPinCount)] in string aSha256Pins, + [optional] in boolean aIsPreload); + + /** + * Mark a host as declining to provide a given security state so that features + * such as HSTS priming will not flood a server with requests. + * + * @param aURI the nsIURI that this applies to + * @param aMaxAge lifetime (in seconds) of this negative cache + */ + [noscript] void cacheNegativeHSTSResult(in nsIURI aURI, in unsigned long long aMaxAge); +}; + +%{C++ +#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1" +%} diff --git a/security/manager/ssl/nsITokenDialogs.idl b/security/manager/ssl/nsITokenDialogs.idl new file mode 100644 index 000000000..ceb625294 --- /dev/null +++ b/security/manager/ssl/nsITokenDialogs.idl @@ -0,0 +1,30 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIInterfaceRequestor; +interface nsIProtectedAuthThread; + +[scriptable, uuid(a1cbc159-468c-495d-8068-61dd538cbcca)] +interface nsITokenDialogs : nsISupports +{ + void ChooseToken(in nsIInterfaceRequestor ctx, + [array, size_is(count)] in wstring tokenNameList, + in unsigned long count, + out wstring tokenName, + out boolean canceled); + + /** + * displayProtectedAuth - displays notification dialog to the user + * that he is expected to authenticate to the token using its + * "protected authentication path" feature + */ + void displayProtectedAuth(in nsIInterfaceRequestor ctx, + in nsIProtectedAuthThread runnable); +}; + +%{C++ +#define NS_TOKENDIALOGS_CONTRACTID "@mozilla.org/nsTokenDialogs;1" +%} diff --git a/security/manager/ssl/nsITokenPasswordDialogs.idl b/security/manager/ssl/nsITokenPasswordDialogs.idl new file mode 100644 index 000000000..6e5660b17 --- /dev/null +++ b/security/manager/ssl/nsITokenPasswordDialogs.idl @@ -0,0 +1,29 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIInterfaceRequestor; + + +/** + * nsITokenPasswordDialogs + * This is the interface for setting and changing password + * on a PKCS11 token. + */ +[scriptable, uuid(87dbd64a-4466-474e-95f5-1ad1cee5702c)] +interface nsITokenPasswordDialogs : nsISupports +{ + /** + * setPassword - sets the password/PIN on the named token. + * The canceled output value should be set to TRUE when + * the user (or implementation) cancels the operation. + */ + void setPassword(in nsIInterfaceRequestor ctx, in wstring tokenName, + out boolean canceled); +}; + +%{C++ +#define NS_TOKENPASSWORDSDIALOG_CONTRACTID "@mozilla.org/nsTokenPasswordDialogs;1" +%} diff --git a/security/manager/ssl/nsIU2FToken.idl b/security/manager/ssl/nsIU2FToken.idl new file mode 100644 index 000000000..119c18593 --- /dev/null +++ b/security/manager/ssl/nsIU2FToken.idl @@ -0,0 +1,66 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIArray; + +/** + * Interface used to interact with U2F Token devices + */ +[scriptable, uuid(5778242f-1f42-47a2-b514-fa1adde2d904)] +interface nsIU2FToken : nsISupports { + /** + * Is this token compatible with the provided version? + * + * @param version The offered version to test + * @return True if the offered version is compatible + */ + void isCompatibleVersion(in AString version, [retval] out boolean result); + + /** + * Return whether the provided KeyHandle belongs to this Token + * + * @param keyHandle Key Handle to evaluate. + * @return True if the Key Handle is ours. + */ + void isRegistered([array, size_is(keyHandleLen)] in octet keyHandle, + in uint32_t keyHandleLen, + [retval] out boolean result); + + /** + * Generates a public/private keypair for the provided application + * and challenge, returning the pubkey, challenge response, and + * key handle in the registration data. + * + * @param application The FIDO Application data to associate with the key. + * @param challenge The Challenge to satisfy in the response. + * @param registration An array containing the pubkey, challenge response, + * and key handle. + */ + void register([array, size_is(applicationLen)] in octet application, + in uint32_t applicationLen, + [array, size_is(challengeLen)] in octet challenge, + in uint32_t challengeLen, + [array, size_is(registrationLen)] out octet registration, + out uint32_t registrationLen); + + /** + * Creates a signature over the "param" arguments using the private key + * provided in the key handle argument. + * + * @param application The FIDO Application data to associate with the key. + * @param challenge The Challenge to satisfy in the response. + * @param keyHandle The Key Handle opaque object to use. + * @param signature The resulting signature. + */ + void sign([array, size_is(applicationLen)] in octet application, + in uint32_t applicationLen, + [array, size_is(challengeLen)] in octet challenge, + in uint32_t challengeLen, + [array, size_is(keyHandleLen)] in octet keyHandle, + in uint32_t keyHandleLen, + [array, size_is(signatureLen)] out octet signature, + out uint32_t signatureLen); +}; diff --git a/security/manager/ssl/nsIWeakCryptoOverride.idl b/security/manager/ssl/nsIWeakCryptoOverride.idl new file mode 100644 index 000000000..7e3aa663f --- /dev/null +++ b/security/manager/ssl/nsIWeakCryptoOverride.idl @@ -0,0 +1,45 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +%{C++ +#define NS_WEAKCRYPTOOVERRIDE_CONTRACTID "@mozilla.org/security/weakcryptooverride;1" +%} + +/** + * This represents the fallback whitelist for + * weak crypto servers such as RC4-only. + */ +[scriptable, uuid(27b4d3df-8f15-4eb4-a35f-474e911b61e7)] +interface nsIWeakCryptoOverride : nsISupports { + /** + * Add a weak crypto override for the given hostname. + * Main thread only. + * + * @param aHostName The host (punycode) this mapping belongs to + * @param aPrivate The override info will used for the private browsing + * session and no information will be written to the disk. + * @param aTemporary The override info will not persist between sessions. + * Ignored if aPrivate is true. + */ + void addWeakCryptoOverride(in ACString aHostName, + in boolean aPrivate, + [optional] in boolean aTemporary); + + /** + * Remove a weak crypto override for the given hostname:port. + * Main thread only. + * + * @param aHostName The host (punycode) whose entry should be cleared. + * @param aPort The port whose entry should be cleared. + * @param aPrivate The override info will used for the private browsing + * session. + */ + void removeWeakCryptoOverride(in ACString aHostName, + in int32_t aPort, + in boolean aPrivate); +}; diff --git a/security/manager/ssl/nsIX509Cert.idl b/security/manager/ssl/nsIX509Cert.idl new file mode 100644 index 000000000..b1965edd4 --- /dev/null +++ b/security/manager/ssl/nsIX509Cert.idl @@ -0,0 +1,261 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIArray; +interface nsIX509CertValidity; +interface nsIASN1Object; +interface nsICertVerificationListener; + +%{ C++ + /* forward declaration */ + typedef struct CERTCertificateStr CERTCertificate; +%} +[ptr] native CERTCertificatePtr(CERTCertificate); + +/** + * This represents a X.509 certificate. + * + * NOTE: Service workers persist x.509 certs in object form on disk. If you + * change this uuid you probably need a hack in nsBinaryInputStream to + * read the old uuid. If you change the format of the object + * serialization then more complex changes will be needed. + */ +[scriptable, uuid(bdc3979a-5422-4cd5-8589-696b6e96ea83)] +interface nsIX509Cert : nsISupports { + + /** + * A nickname for the certificate. + */ + readonly attribute AString nickname; + + /** + * The primary email address of the certificate, if present. + */ + readonly attribute AString emailAddress; + + /** + * Did this certificate ship with the platform as a built-in root? + */ + readonly attribute bool isBuiltInRoot; + + /** + * Obtain a list of all email addresses + * contained in the certificate. + * + * @param length The number of strings in the returned array. + * @return An array of email addresses. + */ + void getEmailAddresses(out unsigned long length, + [retval, array, size_is(length)] out wstring addresses); + + /** + * Check whether a given address is contained in the certificate. + * The comparison will convert the email address to lowercase. + * The behaviour for non ASCII characters is undefined. + * + * @param aEmailAddress The address to search for. + * + * @return True if the address is contained in the certificate. + */ + boolean containsEmailAddress(in AString aEmailAddress); + + /** + * The subject owning the certificate. + */ + readonly attribute AString subjectName; + + /** + * The subject's common name. + */ + readonly attribute AString commonName; + + /** + * The subject's organization. + */ + readonly attribute AString organization; + + /** + * The subject's organizational unit. + */ + readonly attribute AString organizationalUnit; + + /** + * The fingerprint of the certificate's DER encoding, + * calculated using the SHA-256 algorithm. + */ + readonly attribute AString sha256Fingerprint; + + /** + * The fingerprint of the certificate's DER encoding, + * calculated using the SHA1 algorithm. + */ + readonly attribute AString sha1Fingerprint; + + /** + * A human readable name identifying the hardware or + * software token the certificate is stored on. + */ + readonly attribute AString tokenName; + + /** + * The subject identifying the issuer certificate. + */ + readonly attribute AString issuerName; + + /** + * The serial number the issuer assigned to this certificate. + */ + readonly attribute AString serialNumber; + + /** + * The issuer subject's common name. + */ + readonly attribute AString issuerCommonName; + + /** + * The issuer subject's organization. + */ + readonly attribute AString issuerOrganization; + + /** + * The issuer subject's organizational unit. + */ + readonly attribute AString issuerOrganizationUnit; + + /** + * The certificate used by the issuer to sign this certificate. + */ + readonly attribute nsIX509Cert issuer; + + /** + * This certificate's validity period. + */ + readonly attribute nsIX509CertValidity validity; + + /** + * A unique identifier of this certificate within the local storage. + */ + readonly attribute ACString dbKey; + + /** + * A human readable identifier to label this certificate. + */ + readonly attribute AString windowTitle; + + /** + * Constants to classify the type of a certificate. + */ + const unsigned long UNKNOWN_CERT = 0; + const unsigned long CA_CERT = 1 << 0; + const unsigned long USER_CERT = 1 << 1; + const unsigned long EMAIL_CERT = 1 << 2; + const unsigned long SERVER_CERT = 1 << 3; + const unsigned long ANY_CERT = 0xffff; + + /** + * Type of this certificate + */ + readonly attribute unsigned long certType; + + /** + * True if the certificate is self-signed. CA issued + * certificates are always self-signed. + */ + readonly attribute boolean isSelfSigned; + + /** + * Constants for specifying the chain mode when exporting a certificate + */ + const unsigned long CMS_CHAIN_MODE_CertOnly = 1; + const unsigned long CMS_CHAIN_MODE_CertChain = 2; + const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3; + + /** + * Obtain a list of certificates that contains this certificate + * and the issuing certificates of all involved issuers, + * up to the root issuer. + * + * @return The chain of certifficates including the issuers. + */ + nsIArray getChain(); + + /** + * A comma separated list of localized strings representing the contents of + * the certificate's key usage extension, if present. The empty string if the + * certificate doesn't have the key usage extension, or has an empty extension. + */ + readonly attribute AString keyUsages; + + /** + * This is the attribute which describes the ASN1 layout + * of the certificate. This can be used when doing a + * "pretty print" of the certificate's ASN1 structure. + */ + readonly attribute nsIASN1Object ASN1Structure; + + /** + * Obtain a raw binary encoding of this certificate + * in DER format. + * + * @param length The number of bytes in the binary encoding. + * @param data The bytes representing the DER encoded certificate. + */ + void getRawDER(out unsigned long length, + [retval, array, size_is(length)] out octet data); + + /** + * Test whether two certificate instances represent the + * same certificate. + * + * @return Whether the certificates are equal + */ + boolean equals(in nsIX509Cert other); + + /** + * The base64 encoding of the DER encoded public key info using the specified + * digest. + */ + readonly attribute ACString sha256SubjectPublicKeyInfoDigest; + + /** + * Obtain the certificate wrapped in a PKCS#7 SignedData structure, + * with or without the certificate chain + * + * @param chainMode Whether to include the chain (with or without the root), + see CMS_CHAIN_MODE constants. + * @param length The number of bytes of the PKCS#7 data. + * @param data The bytes representing the PKCS#7 wrapped certificate. + */ + void exportAsCMS(in unsigned long chainMode, + out unsigned long length, + [retval, array, size_is(length)] out octet data); + + /** + * Retrieves the NSS certificate object wrapped by this interface + */ + [notxpcom, noscript] CERTCertificatePtr getCert(); + + /** + * Human readable names identifying all hardware or + * software tokens the certificate is stored on. + * + * @param length On success, the number of entries in the returned array. + * @return On success, an array containing the names of all tokens + * the certificate is stored on (may be empty). + * On failure the function throws/returns an error. + */ + void getAllTokenNames(out unsigned long length, + [retval, array, size_is(length)] out wstring + tokenNames); + + /** + * Either delete the certificate from all cert databases, + * or mark it as untrusted. + */ + void markForPermDeletion(); +}; diff --git a/security/manager/ssl/nsIX509CertDB.idl b/security/manager/ssl/nsIX509CertDB.idl new file mode 100644 index 000000000..44d8e0588 --- /dev/null +++ b/security/manager/ssl/nsIX509CertDB.idl @@ -0,0 +1,431 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIArray; +interface nsIX509Cert; +interface nsIFile; +interface nsIInterfaceRequestor; +interface nsIZipReader; +interface nsIX509CertList; +interface nsIInputStream; + +%{C++ +#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1" +%} + +typedef uint32_t AppTrustedRoot; + +[scriptable, function, uuid(fc2b60e5-9a07-47c2-a2cd-b83b68a660ac)] +interface nsIOpenSignedAppFileCallback : nsISupports +{ + void openSignedAppFileFinished(in nsresult rv, + in nsIZipReader aZipReader, + in nsIX509Cert aSignerCert); +}; + +[scriptable, function, uuid(d5f97827-622a-488f-be08-d850432ac8ec)] +interface nsIVerifySignedDirectoryCallback : nsISupports +{ + void verifySignedDirectoryFinished(in nsresult rv, + in nsIX509Cert aSignerCert); +}; + +[scriptable, function, uuid(3d6a9c87-5c5f-46fc-9410-96da6092f0f2)] +interface nsIVerifySignedManifestCallback : nsISupports +{ + void verifySignedManifestFinished(in nsresult rv, + in nsIX509Cert aSignerCert); +}; + +/** + * Callback type for use with asyncVerifyCertAtTime. + * If aPRErrorCode is PRErrorCodeSuccess (i.e. 0), aVerifiedChain represents the + * verified certificate chain determined by asyncVerifyCertAtTime. aHasEVPolicy + * represents whether or not the end-entity certificate verified as EV. + * If aPRErrorCode is non-zero, it represents the error encountered during + * verification. aVerifiedChain is null in that case and aHasEVPolicy has no + * meaning. + */ +[scriptable, function, uuid(49e16fc8-efac-4f57-8361-956ef6b960a4)] +interface nsICertVerificationCallback : nsISupports { + void verifyCertFinished(in int32_t aPRErrorCode, + in nsIX509CertList aVerifiedChain, + in bool aHasEVPolicy); +}; + +/** + * This represents a service to access and manipulate + * X.509 certificates stored in a database. + */ +[scriptable, uuid(5c16cd9b-5a73-47f1-ab0f-11ede7495cce)] +interface nsIX509CertDB : nsISupports { + + /** + * Constants that define which usages a certificate + * is trusted for. + */ + const unsigned long UNTRUSTED = 0; + const unsigned long TRUSTED_SSL = 1 << 0; + const unsigned long TRUSTED_EMAIL = 1 << 1; + const unsigned long TRUSTED_OBJSIGN = 1 << 2; + + /** + * Given a nickname, + * locate the matching certificate. + * + * @param aNickname The nickname to be used as the key + * to find a certificate. + * + * @return The matching certificate if found. + */ + nsIX509Cert findCertByNickname(in AString aNickname); + + /** + * Will find a certificate based on its dbkey + * retrieved by getting the dbKey attribute of + * the certificate. + * + * @param aDBkey Database internal key, as obtained using + * attribute dbkey in nsIX509Cert. + */ + nsIX509Cert findCertByDBKey(in string aDBkey); + + /** + * Find user's own email encryption certificate by nickname. + * + * @param aNickname The nickname to be used as the key + * to find the certificate. + * + * @return The matching certificate if found. + */ + nsIX509Cert findEmailEncryptionCert(in AString aNickname); + + /** + * Find user's own email signing certificate by nickname. + * + * @param aNickname The nickname to be used as the key + * to find the certificate. + * + * @return The matching certificate if found. + */ + nsIX509Cert findEmailSigningCert(in AString aNickname); + + /** + * Find a certificate by email address. + * + * @param aEmailAddress The email address to be used as the key + * to find the certificate. + * + * @return The matching certificate if found. + */ + nsIX509Cert findCertByEmailAddress(in string aEmailAddress); + + /** + * Use this to import a stream sent down as a mime type into + * the certificate database on the default token. + * The stream may consist of one or more certificates. + * + * @param data The raw data to be imported + * @param length The length of the data to be imported + * @param type The type of the certificate, see constants in nsIX509Cert + * @param ctx A UI context. + */ + void importCertificates([array, size_is(length)] in octet data, + in unsigned long length, + in unsigned long type, + in nsIInterfaceRequestor ctx); + + /** + * Import another person's email certificate into the database. + * + * @param data The raw data to be imported + * @param length The length of the data to be imported + * @param ctx A UI context. + */ + void importEmailCertificate([array, size_is(length)] in octet data, + in unsigned long length, + in nsIInterfaceRequestor ctx); + + /** + * Import a personal certificate into the database, assuming + * the database already contains the private key for this certificate. + * + * @param data The raw data to be imported + * @param length The length of the data to be imported + * @param ctx A UI context. + */ + void importUserCertificate([array, size_is(length)] in octet data, + in unsigned long length, + in nsIInterfaceRequestor ctx); + + /** + * Delete a certificate stored in the database. + * + * @param aCert Delete this certificate. + */ + void deleteCertificate(in nsIX509Cert aCert); + + /** + * Modify the trust that is stored and associated to a certificate within + * a database. Separate trust is stored for + * One call manipulates the trust for one trust type only. + * See the trust type constants defined within this interface. + * + * @param cert Change the stored trust of this certificate. + * @param type The type of the certificate. See nsIX509Cert. + * @param trust A bitmask. The new trust for the possible usages. + * See the trust constants defined within this interface. + */ + void setCertTrust(in nsIX509Cert cert, + in unsigned long type, + in unsigned long trust); + + /** + * @param cert The certificate for which to modify trust. + * @param trustString decoded by CERT_DecodeTrustString. 3 comma separated + * characters, indicating SSL, Email, and Obj signing + * trust. + */ + void setCertTrustFromString(in nsIX509Cert cert, in ACString trustString); + + /** + * Query whether a certificate is trusted for a particular use. + * + * @param cert Obtain the stored trust of this certificate. + * @param certType The type of the certificate. See nsIX509Cert. + * @param trustType A single bit from the usages constants defined + * within this interface. + * + * @return Returns true if the certificate is trusted for the given use. + */ + boolean isCertTrusted(in nsIX509Cert cert, + in unsigned long certType, + in unsigned long trustType); + + /** + * Import certificate(s) from file + * + * @param aFile Identifies a file that contains the certificate + * to be imported. + * @param aType Describes the type of certificate that is going to + * be imported. See type constants in nsIX509Cert. + */ + void importCertsFromFile(in nsIFile aFile, + in unsigned long aType); + + /** + * Import a PKCS#12 file containing cert(s) and key(s) into the database. + * + * @param aToken Optionally limits the scope of + * this function to a token device. + * Can be null to mean any token. + * @param aFile Identifies a file that contains the data + * to be imported. + */ + void importPKCS12File(in nsISupports aToken, + in nsIFile aFile); + + /** + * Export a set of certs and keys from the database to a PKCS#12 file. + * + * @param aToken Optionally limits the scope of + * this function to a token device. + * Can be null to mean any token. + * @param aFile Identifies a file that will be filled with the data + * to be exported. + * @param count The number of certificates to be exported. + * @param aCerts The array of all certificates to be exported. + */ + void exportPKCS12File(in nsISupports aToken, + in nsIFile aFile, + in unsigned long count, + [array, size_is(count)] in nsIX509Cert aCerts); + + /* + * Decode a raw data presentation and instantiate an object in memory. + * + * @param base64 The raw representation of a certificate, + * encoded as Base 64. + * @return The new certificate object. + */ + nsIX509Cert constructX509FromBase64(in ACString base64); + + /* + * Decode a raw data presentation and instantiate an object in memory. + * + * @param certDER The raw representation of a certificate, + * encoded as raw DER. + * @param length The length of the DER string. + * @return The new certificate object. + */ + nsIX509Cert constructX509(in string certDER, in unsigned long length); + + /** + * Verifies the signature on the given JAR file to verify that it has a + * valid signature. To be considered valid, there must be exactly one + * signature on the JAR file and that signature must have signed every + * entry. Further, the signature must come from a certificate that + * is trusted for code signing. + * + * On success, NS_OK, a nsIZipReader, and the trusted certificate that + * signed the JAR are returned. + * + * On failure, an error code is returned. + * + * This method returns a nsIZipReader, instead of taking an nsIZipReader + * as input, to encourage users of the API to verify the signature as the + * first step in opening the JAR. + */ + const AppTrustedRoot AppMarketplaceProdPublicRoot = 1; + const AppTrustedRoot AppMarketplaceProdReviewersRoot = 2; + const AppTrustedRoot AppMarketplaceDevPublicRoot = 3; + const AppTrustedRoot AppMarketplaceDevReviewersRoot = 4; + const AppTrustedRoot AppMarketplaceStageRoot = 5; + const AppTrustedRoot AppXPCShellRoot = 6; + const AppTrustedRoot AddonsPublicRoot = 7; + const AppTrustedRoot AddonsStageRoot = 8; + const AppTrustedRoot PrivilegedPackageRoot = 9; + /* + * If DeveloperImportedRoot is set as trusted root, a CA from local file + * system will be imported. Only used when preference + * "network.http.packaged-apps-developer-mode" is set. + * The path of the CA is specified by preference + * "network.http.packaged-apps-developer-trusted-root". + */ + const AppTrustedRoot DeveloperImportedRoot = 10; + void openSignedAppFileAsync(in AppTrustedRoot trustedRoot, + in nsIFile aJarFile, + in nsIOpenSignedAppFileCallback callback); + + /** + * Verifies the signature on a directory representing an unpacked signed + * JAR file. To be considered valid, there must be exactly one signature + * on the directory structure and that signature must have signed every + * entry. Further, the signature must come from a certificate that + * is trusted for code signing. + * + * On success NS_OK and the trusted certificate that signed the + * unpacked JAR are returned. + * + * On failure, an error code is returned. + */ + void verifySignedDirectoryAsync(in AppTrustedRoot trustedRoot, + in nsIFile aUnpackedDir, + in nsIVerifySignedDirectoryCallback callback); + + /** + * Given streams containing a signature and a manifest file, verifies + * that the signature is valid for the manifest. The signature must + * come from a certificate that is trusted for code signing and that + * was issued by the given trusted root. + * + * On success, NS_OK and the trusted certificate that signed the + * Manifest are returned. + * + * On failure, an error code is returned. + */ + void verifySignedManifestAsync(in AppTrustedRoot trustedRoot, + in nsIInputStream aManifestStream, + in nsIInputStream aSignatureStream, + in nsIVerifySignedManifestCallback callback); + + /* + * Add a cert to a cert DB from a binary string. + * + * @param certDER The raw DER encoding of a certificate. + * @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters, + * indicating SSL, Email, and Obj signing trust + * @param aName name of the cert for display purposes. + * TODO(bug 857627): aName is currently ignored. It should either + * not be ignored, or be removed. + */ + void addCert(in ACString certDER, in ACString aTrust, in AUTF8String aName); + + // Flags for verifyCertNow (these must match the values in CertVerifier.cpp): + // Prevent network traffic. Doesn't work with classic verification. + const uint32_t FLAG_LOCAL_ONLY = 1 << 0; + // Do not fall back to DV verification after attempting EV validation. + // Actually does prevent network traffic, but can cause a valid EV + // certificate to not be considered valid. + const uint32_t FLAG_MUST_BE_EV = 1 << 1; + + /** Warning: This interface is inteded to use only for testing only as: + * 1. It can create IO on the main thread. + * 2. It is in constant change, so in/out can change at any release. + * + * Obtain the verification result for a cert given a particular usage. + * On success, the call returns 0, the chain built during verification, + * and whether the cert is good for EV usage. + * On failure, the call returns the PRErrorCode for the verification failure + * + * @param aCert Obtain the stored trust of this certificate + * @param aUsage a integer representing the usage from NSS + * @param aFlags flags as described above + * @param aHostname the (optional) hostname to verify for + * @param aTime the time at which to verify, in seconds since the epoch + * @param aVerifiedChain chain of verification up to the root if success + * @param aHasEVPolicy bool that signified that the cert was an EV cert + * @return 0 if success or the value or the error code for the verification + * failure + */ + int32_t /*PRErrorCode*/ + verifyCertAtTime(in nsIX509Cert aCert, + in int64_t /*SECCertificateUsage*/ aUsage, + in uint32_t aFlags, + in string aHostname, + in uint64_t aTime, + out nsIX509CertList aVerifiedChain, + out bool aHasEVPolicy); + int32_t /*PRErrorCode*/ + verifyCertNow(in nsIX509Cert aCert, + in int64_t /*SECCertificateUsage*/ aUsage, + in uint32_t aFlags, + in string aHostname, + out nsIX509CertList aVerifiedChain, + out bool aHasEVPolicy); + + /** + * Similar to the above, but asynchronous. As a result, use of this API is not + * limited to tests. + */ + void asyncVerifyCertAtTime(in nsIX509Cert aCert, + in int64_t /*SECCertificateUsage*/ aUsage, + in uint32_t aFlags, + in string aHostname, + in uint64_t aTime, + in nsICertVerificationCallback aCallback); + + // Clears the OCSP cache for the current certificate verification + // implementation. + void clearOCSPCache(); + + /* + * Add a cert to a cert DB from a base64 encoded string. + * + * @param base64 The raw representation of a certificate, + * encoded as Base 64. + * @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters, + * indicating SSL, Email, and Obj signing trust + * @param aName name of the cert for display purposes. + * TODO(bug 857627): aName is currently ignored. It should either + * not be ignored, or be removed. + */ + void addCertFromBase64(in ACString base64, in ACString aTrust, + in AUTF8String aName); + + /* + * Get all the known certs in the database + */ + nsIX509CertList getCerts(); + + /* + * Get a list of imported enterprise root certificates (currently only + * implemented on Windows). + */ + nsIX509CertList getEnterpriseRoots(); +}; diff --git a/security/manager/ssl/nsIX509CertList.idl b/security/manager/ssl/nsIX509CertList.idl new file mode 100644 index 000000000..63f1c5e38 --- /dev/null +++ b/security/manager/ssl/nsIX509CertList.idl @@ -0,0 +1,49 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsISimpleEnumerator; +interface nsIX509Cert; + +%{C++ +typedef struct CERTCertListStr CERTCertList; +%} +[ptr] native CERTCertListPtr(CERTCertList); + +[scriptable, uuid(ae74cda5-cd2f-473f-96f5-f0b7fff62c68)] +interface nsIX509CertList : nsISupports { + void addCert(in nsIX509Cert cert); + void deleteCert(in nsIX509Cert cert); + nsISimpleEnumerator getEnumerator(); + + /** + * Returns the raw, backing cert list. + * Must be called only from functions where an nsNSSShutDownPreventionLock + * has been acquired. + */ + [notxpcom, noscript] CERTCertListPtr getRawCertList(); + + /** + * Test whether two certificate list instances represent the same + * certificate list. + * + * @return Whether the certificate lists are equal + */ + boolean equals(in nsIX509CertList other); + +}; + +%{C++ + +#define NS_X509CERTLIST_CID { /* 959fb165-6517-487f-ab9b-d8913be53197 */ \ + 0x959fb165, \ + 0x6517, \ + 0x487f, \ + {0xab, 0x9b, 0xd8, 0x91, 0x3b, 0xe5, 0x31, 0x97} \ + } + +#define NS_X509CERTLIST_CONTRACTID "@mozilla.org/security/x509certlist;1" + +%} diff --git a/security/manager/ssl/nsIX509CertValidity.idl b/security/manager/ssl/nsIX509CertValidity.idl new file mode 100644 index 000000000..25d4c004b --- /dev/null +++ b/security/manager/ssl/nsIX509CertValidity.idl @@ -0,0 +1,70 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +/** + * Information on the validity period of a X.509 certificate. + */ +[scriptable, uuid(e701dfd8-1dd1-11b2-a172-ffa6cc6156ad)] +interface nsIX509CertValidity : nsISupports { + + /** + * The earliest point in time where + * a certificate is valid. + */ + readonly attribute PRTime notBefore; + + /** + * "notBefore" attribute formatted as a time string + * according to the environment locale, + * according to the environment time zone. + */ + readonly attribute AString notBeforeLocalTime; + + /** + * The day portion of "notBefore" + * formatted as a time string + * according to the environment locale, + * according to the environment time zone. + */ + readonly attribute AString notBeforeLocalDay; + + /** + * "notBefore" attribute formatted as a string + * according to the environment locale, + * displayed as GMT / UTC. + */ + readonly attribute AString notBeforeGMT; + + /** + * The latest point in time where + * a certificate is valid. + */ + readonly attribute PRTime notAfter; + + /** + * "notAfter" attribute formatted as a time string + * according to the environment locale, + * according to the environment time zone. + */ + readonly attribute AString notAfterLocalTime; + + /** + * The day portion of "notAfter" + * formatted as a time string + * according to the environment locale, + * according to the environment time zone. + */ + readonly attribute AString notAfterLocalDay; + + /** + * "notAfter" attribute formatted as a time string + * according to the environment locale, + * displayed as GMT / UTC. + */ + readonly attribute AString notAfterGMT; +}; diff --git a/security/manager/ssl/nsKeyModule.cpp b/security/manager/ssl/nsKeyModule.cpp new file mode 100644 index 000000000..41e5f5df9 --- /dev/null +++ b/security/manager/ssl/nsKeyModule.cpp @@ -0,0 +1,159 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsCOMPtr.h" +#include "nsComponentManagerUtils.h" +#include "nsKeyModule.h" +#include "nsString.h" + +using namespace mozilla; +using namespace mozilla::psm; + +NS_IMPL_ISUPPORTS(nsKeyObject, nsIKeyObject) + +nsKeyObject::nsKeyObject() + : mSymKey(nullptr) +{ +} + +nsKeyObject::~nsKeyObject() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +void +nsKeyObject::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void +nsKeyObject::destructorSafeDestroyNSSReference() +{ + mSymKey = nullptr; +} + +////////////////////////////////////////////////////////////////////////////// +// nsIKeyObject + +NS_IMETHODIMP +nsKeyObject::InitKey(int16_t aAlgorithm, PK11SymKey* aKey) +{ + if (!aKey || aAlgorithm != nsIKeyObject::HMAC) { + return NS_ERROR_INVALID_ARG; + } + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + mSymKey.reset(aKey); + return NS_OK; +} + +NS_IMETHODIMP +nsKeyObject::GetKeyObj(PK11SymKey** _retval) +{ + if (!_retval) { + return NS_ERROR_INVALID_ARG; + } + + *_retval = nullptr; + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (!mSymKey) { + return NS_ERROR_NOT_INITIALIZED; + } + + *_retval = mSymKey.get(); + return NS_OK; +} + +NS_IMETHODIMP +nsKeyObject::GetType(int16_t *_retval) +{ + if (!_retval) { + return NS_ERROR_INVALID_ARG; + } + *_retval = nsIKeyObject::SYM_KEY; + return NS_OK; +} + +////////////////////////////////////////////////////////////////////////////// +// nsIKeyObjectFactory + +NS_IMPL_ISUPPORTS(nsKeyObjectFactory, nsIKeyObjectFactory) + +nsKeyObjectFactory::nsKeyObjectFactory() +{ +} + +nsKeyObjectFactory::~nsKeyObjectFactory() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + shutdown(ShutdownCalledFrom::Object); +} + +NS_IMETHODIMP +nsKeyObjectFactory::KeyFromString(int16_t aAlgorithm, const nsACString& aKey, + nsIKeyObject** _retval) +{ + if (!_retval || aAlgorithm != nsIKeyObject::HMAC) { + return NS_ERROR_INVALID_ARG; + } + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + CK_MECHANISM_TYPE cipherMech = CKM_GENERIC_SECRET_KEY_GEN; + CK_ATTRIBUTE_TYPE cipherOperation = CKA_SIGN; + + nsresult rv; + nsCOMPtr key( + do_CreateInstance(NS_KEYMODULEOBJECT_CONTRACTID, &rv)); + if (NS_FAILED(rv)) { + return rv; + } + + // Convert the raw string into a SECItem + const nsCString& flatKey = PromiseFlatCString(aKey); + SECItem keyItem; + keyItem.data = (unsigned char*)flatKey.get(); + keyItem.len = flatKey.Length(); + + UniquePK11SlotInfo slot(PK11_GetBestSlot(cipherMech, nullptr)); + if (!slot) { + return NS_ERROR_FAILURE; + } + + UniquePK11SymKey symKey(PK11_ImportSymKey(slot.get(), cipherMech, + PK11_OriginUnwrap, cipherOperation, + &keyItem, nullptr)); + if (!symKey) { + return NS_ERROR_FAILURE; + } + + rv = key->InitKey(aAlgorithm, symKey.release()); + if (NS_FAILED(rv)) { + return rv; + } + + key.swap(*_retval); + return NS_OK; +} diff --git a/security/manager/ssl/nsKeyModule.h b/security/manager/ssl/nsKeyModule.h new file mode 100644 index 000000000..2f7c21937 --- /dev/null +++ b/security/manager/ssl/nsKeyModule.h @@ -0,0 +1,63 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsKeyModule_h +#define nsKeyModule_h + +#include "ScopedNSSTypes.h" +#include "nsIKeyModule.h" +#include "nsNSSShutDown.h" +#include "pk11pub.h" + +#define NS_KEYMODULEOBJECT_CID \ +{ 0x9d383ddd, 0x6856, 0x4187, {0x84, 0x85, 0xf3, 0x61, 0x95, 0xb2, 0x9a, 0x0e} } +#define NS_KEYMODULEOBJECT_CONTRACTID "@mozilla.org/security/keyobject;1" + +#define NS_KEYMODULEOBJECTFACTORY_CID \ +{ 0x2a35dd47, 0xb026, 0x4e8d, {0xb6, 0xb7, 0x57, 0x40, 0xf6, 0x1a, 0xb9, 0x02} } +#define NS_KEYMODULEOBJECTFACTORY_CONTRACTID \ +"@mozilla.org/security/keyobjectfactory;1" + +class nsKeyObject final : public nsIKeyObject + , public nsNSSShutDownObject +{ +public: + nsKeyObject(); + + NS_DECL_ISUPPORTS + NS_DECL_NSIKEYOBJECT + +private: + ~nsKeyObject(); + + // Disallow copy constructor + nsKeyObject(nsKeyObject&); + + UniquePK11SymKey mSymKey; + + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); +}; + + +class nsKeyObjectFactory final : public nsIKeyObjectFactory + , public nsNSSShutDownObject +{ +public: + nsKeyObjectFactory(); + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIKEYOBJECTFACTORY + +private: + ~nsKeyObjectFactory(); + + // Disallow copy constructor + nsKeyObjectFactory(nsKeyObjectFactory&); + + // No NSS resources to release. + virtual void virtualDestroyNSSReference() override {} +}; + +#endif // nsKeyModule_h diff --git a/security/manager/ssl/nsKeygenHandler.cpp b/security/manager/ssl/nsKeygenHandler.cpp new file mode 100644 index 000000000..c4529f877 --- /dev/null +++ b/security/manager/ssl/nsKeygenHandler.cpp @@ -0,0 +1,785 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "base64.h" +#include "cryptohi.h" +#include "keyhi.h" +#include "mozilla/Assertions.h" +#include "mozilla/Telemetry.h" +#include "nsIContent.h" +#include "nsIDOMHTMLSelectElement.h" +#include "nsIGenKeypairInfoDlg.h" +#include "nsIServiceManager.h" +#include "nsITokenDialogs.h" +#include "nsKeygenHandler.h" +#include "nsKeygenHandlerContent.h" +#include "nsKeygenThread.h" +#include "nsNSSComponent.h" // for PIPNSS string bundle calls. +#include "nsNSSHelper.h" +#include "nsReadableUtils.h" +#include "nsUnicharUtils.h" +#include "nsXULAppAPI.h" +#include "nspr.h" +#include "secasn1.h" +#include "secder.h" +#include "secdert.h" + +//These defines are taken from the PKCS#11 spec +#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 +#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 + +DERTemplate SECAlgorithmIDTemplate[] = { + { DER_SEQUENCE, + 0, nullptr, sizeof(SECAlgorithmID) }, + { DER_OBJECT_ID, + offsetof(SECAlgorithmID,algorithm), }, + { DER_OPTIONAL | DER_ANY, + offsetof(SECAlgorithmID,parameters), }, + { 0, } +}; + +DERTemplate CERTSubjectPublicKeyInfoTemplate[] = { + { DER_SEQUENCE, + 0, nullptr, sizeof(CERTSubjectPublicKeyInfo) }, + { DER_INLINE, + offsetof(CERTSubjectPublicKeyInfo,algorithm), + SECAlgorithmIDTemplate, }, + { DER_BIT_STRING, + offsetof(CERTSubjectPublicKeyInfo,subjectPublicKey), }, + { 0, } +}; + +DERTemplate CERTPublicKeyAndChallengeTemplate[] = +{ + { DER_SEQUENCE, 0, nullptr, sizeof(CERTPublicKeyAndChallenge) }, + { DER_ANY, offsetof(CERTPublicKeyAndChallenge,spki), }, + { DER_IA5_STRING, offsetof(CERTPublicKeyAndChallenge,challenge), }, + { 0, } +}; + +typedef struct curveNameTagPairStr { + const char *curveName; + SECOidTag curveOidTag; +} CurveNameTagPair; + +static CurveNameTagPair nameTagPair[] = +{ + { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 }, + { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 }, + { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 }, + { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 }, + { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 }, + { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 }, + { "prime256v1", SEC_OID_ANSIX962_EC_PRIME256V1 }, + + { "secp112r1", SEC_OID_SECG_EC_SECP112R1}, + { "secp112r2", SEC_OID_SECG_EC_SECP112R2}, + { "secp128r1", SEC_OID_SECG_EC_SECP128R1}, + { "secp128r2", SEC_OID_SECG_EC_SECP128R2}, + { "secp160k1", SEC_OID_SECG_EC_SECP160K1}, + { "secp160r1", SEC_OID_SECG_EC_SECP160R1}, + { "secp160r2", SEC_OID_SECG_EC_SECP160R2}, + { "secp192k1", SEC_OID_SECG_EC_SECP192K1}, + { "secp192r1", SEC_OID_ANSIX962_EC_PRIME192V1 }, + { "nistp192", SEC_OID_ANSIX962_EC_PRIME192V1 }, + { "secp224k1", SEC_OID_SECG_EC_SECP224K1}, + { "secp224r1", SEC_OID_SECG_EC_SECP224R1}, + { "nistp224", SEC_OID_SECG_EC_SECP224R1}, + { "secp256k1", SEC_OID_SECG_EC_SECP256K1}, + { "secp256r1", SEC_OID_ANSIX962_EC_PRIME256V1 }, + { "nistp256", SEC_OID_ANSIX962_EC_PRIME256V1 }, + { "secp384r1", SEC_OID_SECG_EC_SECP384R1}, + { "nistp384", SEC_OID_SECG_EC_SECP384R1}, + { "secp521r1", SEC_OID_SECG_EC_SECP521R1}, + { "nistp521", SEC_OID_SECG_EC_SECP521R1}, + + { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 }, + { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 }, + { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 }, + { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 }, + { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 }, + { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 }, + { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 }, + { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 }, + { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 }, + { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 }, + { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 }, + { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 }, + { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 }, + { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 }, + { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 }, + { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 }, + { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 }, + { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 }, + { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 }, + { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 }, + + { "sect113r1", SEC_OID_SECG_EC_SECT113R1}, + { "sect113r2", SEC_OID_SECG_EC_SECT113R2}, + { "sect131r1", SEC_OID_SECG_EC_SECT131R1}, + { "sect131r2", SEC_OID_SECG_EC_SECT131R2}, + { "sect163k1", SEC_OID_SECG_EC_SECT163K1}, + { "nistk163", SEC_OID_SECG_EC_SECT163K1}, + { "sect163r1", SEC_OID_SECG_EC_SECT163R1}, + { "sect163r2", SEC_OID_SECG_EC_SECT163R2}, + { "nistb163", SEC_OID_SECG_EC_SECT163R2}, + { "sect193r1", SEC_OID_SECG_EC_SECT193R1}, + { "sect193r2", SEC_OID_SECG_EC_SECT193R2}, + { "sect233k1", SEC_OID_SECG_EC_SECT233K1}, + { "nistk233", SEC_OID_SECG_EC_SECT233K1}, + { "sect233r1", SEC_OID_SECG_EC_SECT233R1}, + { "nistb233", SEC_OID_SECG_EC_SECT233R1}, + { "sect239k1", SEC_OID_SECG_EC_SECT239K1}, + { "sect283k1", SEC_OID_SECG_EC_SECT283K1}, + { "nistk283", SEC_OID_SECG_EC_SECT283K1}, + { "sect283r1", SEC_OID_SECG_EC_SECT283R1}, + { "nistb283", SEC_OID_SECG_EC_SECT283R1}, + { "sect409k1", SEC_OID_SECG_EC_SECT409K1}, + { "nistk409", SEC_OID_SECG_EC_SECT409K1}, + { "sect409r1", SEC_OID_SECG_EC_SECT409R1}, + { "nistb409", SEC_OID_SECG_EC_SECT409R1}, + { "sect571k1", SEC_OID_SECG_EC_SECT571K1}, + { "nistk571", SEC_OID_SECG_EC_SECT571K1}, + { "sect571r1", SEC_OID_SECG_EC_SECT571R1}, + { "nistb571", SEC_OID_SECG_EC_SECT571R1}, + +}; + +mozilla::UniqueSECItem +DecodeECParams(const char* curve) +{ + SECOidData *oidData = nullptr; + SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ + int i, numCurves; + + if (curve && *curve) { + numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); + for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); + i++) { + if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) + curveOidTag = nameTagPair[i].curveOidTag; + } + } + + /* Return nullptr if curve name is not recognized */ + if ((curveOidTag == SEC_OID_UNKNOWN) || + (oidData = SECOID_FindOIDByTag(curveOidTag)) == nullptr) { + return nullptr; + } + + mozilla::UniqueSECItem ecparams(SECITEM_AllocItem(nullptr, nullptr, + 2 + oidData->oid.len)); + if (!ecparams) { + return nullptr; + } + + /* + * ecparams->data needs to contain the ASN encoding of an object ID (OID) + * representing the named curve. The actual OID is in + * oidData->oid.data so we simply prepend 0x06 and OID length + */ + ecparams->data[0] = SEC_ASN1_OBJECT_ID; + ecparams->data[1] = oidData->oid.len; + memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); + + return ecparams; +} + +NS_IMPL_ISUPPORTS(nsKeygenFormProcessor, nsIFormProcessor) + +nsKeygenFormProcessor::nsKeygenFormProcessor() +{ + m_ctx = new PipUIContext(); +} + +nsKeygenFormProcessor::~nsKeygenFormProcessor() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + shutdown(ShutdownCalledFrom::Object); +} + +nsresult +nsKeygenFormProcessor::Create(nsISupports* aOuter, const nsIID& aIID, void* *aResult) +{ + if (GeckoProcessType_Content == XRE_GetProcessType()) { + nsCOMPtr contentProcessor = new nsKeygenFormProcessorContent(); + return contentProcessor->QueryInterface(aIID, aResult); + } + + nsresult rv; + NS_ENSURE_NO_AGGREGATION(aOuter); + nsKeygenFormProcessor* formProc = new nsKeygenFormProcessor(); + + nsCOMPtr stabilize = formProc; + rv = formProc->Init(); + if (NS_SUCCEEDED(rv)) { + rv = formProc->QueryInterface(aIID, aResult); + } + return rv; +} + +nsresult +nsKeygenFormProcessor::Init() +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + nsresult rv; + + nsCOMPtr nssComponent; + nssComponent = do_GetService(kNSSComponentCID, &rv); + if (NS_FAILED(rv)) + return rv; + + // Init possible key size choices. + nssComponent->GetPIPNSSBundleString("HighGrade", mSECKeySizeChoiceList[0].name); + mSECKeySizeChoiceList[0].size = 2048; + + nssComponent->GetPIPNSSBundleString("MediumGrade", mSECKeySizeChoiceList[1].name); + mSECKeySizeChoiceList[1].size = 1024; + + return NS_OK; +} + +nsresult +nsKeygenFormProcessor::GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + return GetSlotWithMechanism(aMechanism, m_ctx, aSlot, locker); +} + +uint32_t MapGenMechToAlgoMech(uint32_t mechanism) +{ + uint32_t searchMech; + + /* We are interested in slots based on the ability to perform + a given algorithm, not on their ability to generate keys usable + by that algorithm. Therefore, map keygen-specific mechanism tags + to tags for the corresponding crypto algorithm. */ + switch(mechanism) + { + case CKM_RSA_PKCS_KEY_PAIR_GEN: + searchMech = CKM_RSA_PKCS; + break; + case CKM_RC4_KEY_GEN: + searchMech = CKM_RC4; + break; + case CKM_DH_PKCS_KEY_PAIR_GEN: + searchMech = CKM_DH_PKCS_DERIVE; /* ### mwelch is this right? */ + break; + case CKM_DES_KEY_GEN: + /* What do we do about DES keygen? Right now, we're just using + DES_KEY_GEN to look for tokens, because otherwise we'll have + to search the token list three times. */ + case CKM_EC_KEY_PAIR_GEN: + /* The default should also work for EC key pair generation. */ + default: + searchMech = mechanism; + break; + } + return searchMech; +} + + +nsresult +GetSlotWithMechanism(uint32_t aMechanism, nsIInterfaceRequestor* m_ctx, + PK11SlotInfo** aSlot, nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + PK11SlotList * slotList = nullptr; + char16_t** tokenNameList = nullptr; + nsCOMPtr dialogs; + char16_t *unicodeTokenChosen; + PK11SlotListElement *slotElement, *tmpSlot; + uint32_t numSlots = 0, i = 0; + bool canceled; + nsresult rv = NS_OK; + + *aSlot = nullptr; + + // Get the slot + slotList = PK11_GetAllTokens(MapGenMechToAlgoMech(aMechanism), + true, true, m_ctx); + if (!slotList || !slotList->head) { + rv = NS_ERROR_FAILURE; + goto loser; + } + + if (!slotList->head->next) { + /* only one slot available, just return it */ + *aSlot = slotList->head->slot; + } else { + // Gerenate a list of slots and ask the user to choose // + tmpSlot = slotList->head; + while (tmpSlot) { + numSlots++; + tmpSlot = tmpSlot->next; + } + + // Allocate the slot name buffer // + tokenNameList = static_cast(moz_xmalloc(sizeof(char16_t *) * numSlots)); + if (!tokenNameList) { + rv = NS_ERROR_OUT_OF_MEMORY; + goto loser; + } + + i = 0; + slotElement = PK11_GetFirstSafe(slotList); + while (slotElement) { + tokenNameList[i] = UTF8ToNewUnicode(nsDependentCString(PK11_GetTokenName(slotElement->slot))); + slotElement = PK11_GetNextSafe(slotList, slotElement, false); + if (tokenNameList[i]) + i++; + else { + // OOM. adjust numSlots so we don't free unallocated memory. + numSlots = i; + PK11_FreeSlotListElement(slotList, slotElement); + rv = NS_ERROR_OUT_OF_MEMORY; + goto loser; + } + } + + // Throw up the token list dialog and get back the token. + rv = getNSSDialogs(getter_AddRefs(dialogs), NS_GET_IID(nsITokenDialogs), + NS_TOKENDIALOGS_CONTRACTID); + + if (NS_FAILED(rv)) { + goto loser; + } + + if (!tokenNameList || !*tokenNameList) { + rv = NS_ERROR_OUT_OF_MEMORY; + } else { + rv = dialogs->ChooseToken(m_ctx, (const char16_t**)tokenNameList, + numSlots, &unicodeTokenChosen, &canceled); + } + if (NS_FAILED(rv)) goto loser; + + if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } + + // Get the slot // + slotElement = PK11_GetFirstSafe(slotList); + nsAutoString tokenStr(unicodeTokenChosen); + while (slotElement) { + if (tokenStr.Equals(NS_ConvertUTF8toUTF16(PK11_GetTokenName(slotElement->slot)))) { + *aSlot = slotElement->slot; + PK11_FreeSlotListElement(slotList, slotElement); + break; + } + slotElement = PK11_GetNextSafe(slotList, slotElement, false); + } + if(!(*aSlot)) { + rv = NS_ERROR_FAILURE; + goto loser; + } + } + + // Get a reference to the slot // + PK11_ReferenceSlot(*aSlot); +loser: + if (slotList) { + PK11_FreeSlotList(slotList); + } + if (tokenNameList) { + NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(numSlots, tokenNameList); + } + return rv; +} + + +void +GatherKeygenTelemetry(uint32_t keyGenMechanism, int keysize, char* curve) +{ + if (keyGenMechanism == CKM_RSA_PKCS_KEY_PAIR_GEN) { + if (keysize > 8196 || keysize < 0) { + return; + } + + nsCString telemetryValue("rsa"); + telemetryValue.AppendPrintf("%d", keysize); + mozilla::Telemetry::Accumulate( + mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, telemetryValue); + } else if (keyGenMechanism == CKM_EC_KEY_PAIR_GEN) { + nsCString secp384r1 = NS_LITERAL_CSTRING("secp384r1"); + nsCString secp256r1 = NS_LITERAL_CSTRING("secp256r1"); + + mozilla::UniqueSECItem decoded = DecodeECParams(curve); + if (!decoded) { + switch (keysize) { + case 2048: + mozilla::Telemetry::Accumulate( + mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1); + break; + case 1024: + case 512: + mozilla::Telemetry::Accumulate( + mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1); + break; + } + } else { + if (secp384r1.EqualsIgnoreCase(curve, secp384r1.Length())) { + mozilla::Telemetry::Accumulate( + mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1); + } else if (secp256r1.EqualsIgnoreCase(curve, secp256r1.Length())) { + mozilla::Telemetry::Accumulate( + mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1); + } else { + mozilla::Telemetry::Accumulate( + mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, NS_LITERAL_CSTRING("other_ec")); + } + } + } else { + MOZ_CRASH("Unknown keygen algorithm"); + return; + } +} + +nsresult +nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue, + const nsAString& aChallenge, + const nsAFlatString& aKeyType, + nsAString& aOutPublicKey, + const nsAString& aKeyParams) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsresult rv = NS_ERROR_FAILURE; + UniquePORTString keystring; + char *keyparamsString = nullptr; + uint32_t keyGenMechanism; + PK11SlotInfo *slot = nullptr; + PK11RSAGenParams rsaParams; + mozilla::UniqueSECItem ecParams; + SECOidTag algTag; + int keysize = 0; + void *params = nullptr; // Non-owning. + SECKEYPrivateKey *privateKey = nullptr; + SECKEYPublicKey *publicKey = nullptr; + CERTSubjectPublicKeyInfo *spkInfo = nullptr; + SECStatus srv = SECFailure; + SECItem spkiItem; + SECItem pkacItem; + SECItem signedItem; + CERTPublicKeyAndChallenge pkac; + pkac.challenge.data = nullptr; + nsCOMPtr dialogs; + nsKeygenThread *KeygenRunnable = 0; + nsCOMPtr runnable; + + // permanent and sensitive flags for keygen + PK11AttrFlags attrFlags = PK11_ATTR_TOKEN | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE; + + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + goto loser; + } + + // Get the key size // + for (size_t i = 0; i < number_of_key_size_choices; ++i) { + if (aValue.Equals(mSECKeySizeChoiceList[i].name)) { + keysize = mSECKeySizeChoiceList[i].size; + break; + } + } + if (!keysize) { + goto loser; + } + + // Set the keygen mechanism + if (aKeyType.IsEmpty() || aKeyType.LowerCaseEqualsLiteral("rsa")) { + keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; + } else if (aKeyType.LowerCaseEqualsLiteral("ec")) { + keyparamsString = ToNewCString(aKeyParams); + if (!keyparamsString) { + rv = NS_ERROR_OUT_OF_MEMORY; + goto loser; + } + + keyGenMechanism = CKM_EC_KEY_PAIR_GEN; + /* ecParams are initialized later */ + } else { + goto loser; + } + + // Get the slot + rv = GetSlot(keyGenMechanism, &slot); + if (NS_FAILED(rv)) { + goto loser; + } + switch (keyGenMechanism) { + case CKM_RSA_PKCS_KEY_PAIR_GEN: + rsaParams.keySizeInBits = keysize; + rsaParams.pe = DEFAULT_RSA_KEYGEN_PE; + algTag = DEFAULT_RSA_KEYGEN_ALG; + params = &rsaParams; + break; + case CKM_EC_KEY_PAIR_GEN: + /* XXX We ought to rethink how the KEYGEN tag is + * displayed. The pulldown selections presented + * to the user must depend on the keytype. + * The displayed selection could be picked + * from the keyparams attribute (this is currently called + * the pqg attribute). + * For now, we pick ecparams from the keyparams field + * if it specifies a valid supported curve, or else + * we pick one of secp384r1, secp256r1 or secp192r1 + * respectively depending on the user's selection + * (High, Medium, Low). + * (RSA uses RSA-2048, RSA-1024 and RSA-512 for historical + * reasons, while ECC choices represent a stronger mapping) + * NOTE: The user's selection + * is silently ignored when a valid curve is presented + * in keyparams. + */ + ecParams = DecodeECParams(keyparamsString); + if (!ecParams) { + /* The keyparams attribute did not specify a valid + * curve name so use a curve based on the keysize. + * NOTE: Here keysize is used only as an indication of + * High/Medium/Low strength; elliptic curve + * cryptography uses smaller keys than RSA to provide + * equivalent security. + */ + switch (keysize) { + case 2048: + ecParams = DecodeECParams("secp384r1"); + break; + case 1024: + case 512: + ecParams = DecodeECParams("secp256r1"); + break; + } + } + MOZ_ASSERT(ecParams); + params = ecParams.get(); + /* XXX The signature algorithm ought to choose the hashing + * algorithm based on key size once ECDSA variations based + * on SHA256 SHA384 and SHA512 are standardized. + */ + algTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST; + break; + default: + goto loser; + } + + /* Make sure token is initialized. */ + rv = setPassword(slot, m_ctx, locker); + if (NS_FAILED(rv)) + goto loser; + + srv = PK11_Authenticate(slot, true, m_ctx); + if (srv != SECSuccess) { + goto loser; + } + + rv = getNSSDialogs(getter_AddRefs(dialogs), + NS_GET_IID(nsIGeneratingKeypairInfoDialogs), + NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID); + + if (NS_SUCCEEDED(rv)) { + KeygenRunnable = new nsKeygenThread(); + NS_IF_ADDREF(KeygenRunnable); + } + + if (NS_FAILED(rv) || !KeygenRunnable) { + rv = NS_OK; + privateKey = PK11_GenerateKeyPairWithFlags(slot, keyGenMechanism, params, + &publicKey, attrFlags, m_ctx); + } else { + KeygenRunnable->SetParams( slot, attrFlags, nullptr, 0, + keyGenMechanism, params, m_ctx ); + + runnable = do_QueryInterface(KeygenRunnable); + if (runnable) { + rv = dialogs->DisplayGeneratingKeypairInfo(m_ctx, runnable); + // We call join on the thread so we can be sure that no + // simultaneous access to the passed parameters will happen. + KeygenRunnable->Join(); + + if (NS_SUCCEEDED(rv)) { + PK11SlotInfo *used_slot = nullptr; + rv = KeygenRunnable->ConsumeResult(&used_slot, &privateKey, &publicKey); + if (NS_SUCCEEDED(rv) && used_slot) { + PK11_FreeSlot(used_slot); + } + } + } + } + + if (NS_FAILED(rv) || !privateKey) { + goto loser; + } + // just in case we'll need to authenticate to the db -jp // + privateKey->wincx = m_ctx; + + /* + * Create a subject public key info from the public key. + */ + spkInfo = SECKEY_CreateSubjectPublicKeyInfo(publicKey); + if ( !spkInfo ) { + goto loser; + } + + /* + * Now DER encode the whole subjectPublicKeyInfo. + */ + srv = DER_Encode(arena.get(), &spkiItem, CERTSubjectPublicKeyInfoTemplate, + spkInfo); + if (srv != SECSuccess) { + goto loser; + } + + /* + * set up the PublicKeyAndChallenge data structure, then DER encode it + */ + pkac.spki = spkiItem; + pkac.challenge.len = aChallenge.Length(); + pkac.challenge.data = (unsigned char *)ToNewCString(aChallenge); + if (!pkac.challenge.data) { + rv = NS_ERROR_OUT_OF_MEMORY; + goto loser; + } + + srv = DER_Encode(arena.get(), &pkacItem, CERTPublicKeyAndChallengeTemplate, + &pkac); + if (srv != SECSuccess) { + goto loser; + } + + /* + * now sign the DER encoded PublicKeyAndChallenge + */ + srv = SEC_DerSignData(arena.get(), &signedItem, pkacItem.data, pkacItem.len, + privateKey, algTag); + if (srv != SECSuccess) { + goto loser; + } + + /* + * Convert the signed public key and challenge into base64/ascii. + */ + keystring = UniquePORTString( + BTOA_DataToAscii(signedItem.data, signedItem.len)); + if (!keystring) { + rv = NS_ERROR_OUT_OF_MEMORY; + goto loser; + } + + CopyASCIItoUTF16(keystring.get(), aOutPublicKey); + + rv = NS_OK; + + GatherKeygenTelemetry(keyGenMechanism, keysize, keyparamsString); +loser: + if (srv != SECSuccess) { + if ( privateKey ) { + PK11_DestroyTokenObject(privateKey->pkcs11Slot,privateKey->pkcs11ID); + } + if ( publicKey ) { + PK11_DestroyTokenObject(publicKey->pkcs11Slot,publicKey->pkcs11ID); + } + } + if ( spkInfo ) { + SECKEY_DestroySubjectPublicKeyInfo(spkInfo); + } + if ( publicKey ) { + SECKEY_DestroyPublicKey(publicKey); + } + if ( privateKey ) { + SECKEY_DestroyPrivateKey(privateKey); + } + if (slot) { + PK11_FreeSlot(slot); + } + if (KeygenRunnable) { + NS_RELEASE(KeygenRunnable); + } + if (keyparamsString) { + free(keyparamsString); + } + if (pkac.challenge.data) { + free(pkac.challenge.data); + } + return rv; +} + +// static +void +nsKeygenFormProcessor::ExtractParams(nsIDOMHTMLElement* aElement, + nsAString& challengeValue, + nsAString& keyTypeValue, + nsAString& keyParamsValue) +{ + aElement->GetAttribute(NS_LITERAL_STRING("keytype"), keyTypeValue); + if (keyTypeValue.IsEmpty()) { + // If this field is not present, we default to rsa. + keyTypeValue.AssignLiteral("rsa"); + } + + aElement->GetAttribute(NS_LITERAL_STRING("pqg"), + keyParamsValue); + /* XXX We can still support the pqg attribute in the keygen + * tag for backward compatibility while introducing a more + * general attribute named keyparams. + */ + if (keyParamsValue.IsEmpty()) { + aElement->GetAttribute(NS_LITERAL_STRING("keyparams"), + keyParamsValue); + } + + aElement->GetAttribute(NS_LITERAL_STRING("challenge"), challengeValue); +} + +nsresult +nsKeygenFormProcessor::ProcessValue(nsIDOMHTMLElement* aElement, + const nsAString& aName, + nsAString& aValue) +{ + nsAutoString challengeValue; + nsAutoString keyTypeValue; + nsAutoString keyParamsValue; + ExtractParams(aElement, challengeValue, keyTypeValue, keyParamsValue); + + return GetPublicKey(aValue, challengeValue, keyTypeValue, + aValue, keyParamsValue); +} + +nsresult +nsKeygenFormProcessor::ProcessValueIPC(const nsAString& aOldValue, + const nsAString& aChallenge, + const nsAString& aKeyType, + const nsAString& aKeyParams, + nsAString& newValue) +{ + return GetPublicKey(aOldValue, aChallenge, PromiseFlatString(aKeyType), + newValue, aKeyParams); +} + +nsresult +nsKeygenFormProcessor::ProvideContent(const nsAString& aFormType, + nsTArray& aContent, + nsAString& aAttribute) +{ + if (Compare(aFormType, NS_LITERAL_STRING("SELECT"), + nsCaseInsensitiveStringComparator()) == 0) { + + for (size_t i = 0; i < number_of_key_size_choices; ++i) { + aContent.AppendElement(mSECKeySizeChoiceList[i].name); + } + aAttribute.AssignLiteral("-mozilla-keygen"); + } + return NS_OK; +} + diff --git a/security/manager/ssl/nsKeygenHandler.h b/security/manager/ssl/nsKeygenHandler.h new file mode 100644 index 000000000..56cac4850 --- /dev/null +++ b/security/manager/ssl/nsKeygenHandler.h @@ -0,0 +1,82 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsKeygenHandler_h +#define nsKeygenHandler_h + +#include "ScopedNSSTypes.h" +#include "keythi.h" +#include "nsCOMPtr.h" +#include "nsError.h" +#include "nsIFormProcessor.h" +#include "nsIInterfaceRequestor.h" +#include "nsNSSShutDown.h" +#include "nsTArray.h" +#include "secmodt.h" + +nsresult GetSlotWithMechanism(uint32_t mechanism, + nsIInterfaceRequestor* ctx, + PK11SlotInfo** retSlot, + nsNSSShutDownPreventionLock& /*proofOfLock*/); + +#define DEFAULT_RSA_KEYGEN_PE 65537L +#define DEFAULT_RSA_KEYGEN_ALG SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION + +mozilla::UniqueSECItem DecodeECParams(const char* curve); + +class nsKeygenFormProcessor : public nsIFormProcessor + , public nsNSSShutDownObject +{ +public: + nsKeygenFormProcessor(); + nsresult Init(); + + virtual nsresult ProcessValue(nsIDOMHTMLElement* aElement, + const nsAString& aName, + nsAString& aValue) override; + + virtual nsresult ProcessValueIPC(const nsAString& aOldValue, + const nsAString& aChallenge, + const nsAString& aKeyType, + const nsAString& aKeyParams, + nsAString& aNewValue) override; + + virtual nsresult ProvideContent(const nsAString& aFormType, + nsTArray& aContent, + nsAString& aAttribute) override; + NS_DECL_THREADSAFE_ISUPPORTS + + static nsresult Create(nsISupports* aOuter, const nsIID& aIID, void* *aResult); + + static void ExtractParams(nsIDOMHTMLElement* aElement, + nsAString& challengeValue, + nsAString& keyTypeValue, + nsAString& keyParamsValue); + + // Nothing to release. + virtual void virtualDestroyNSSReference() override {} + +protected: + virtual ~nsKeygenFormProcessor(); + + nsresult GetPublicKey(const nsAString& aValue, const nsAString& aChallenge, + const nsAFlatString& akeyType, nsAString& aOutPublicKey, + const nsAString& aPqg); + nsresult GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot); +private: + nsCOMPtr m_ctx; + + typedef struct SECKeySizeChoiceInfoStr { + nsString name; + int size; + } SECKeySizeChoiceInfo; + + enum { number_of_key_size_choices = 2 }; + + SECKeySizeChoiceInfo mSECKeySizeChoiceList[number_of_key_size_choices]; +}; + +#endif // nsKeygenHandler_h diff --git a/security/manager/ssl/nsKeygenHandlerContent.cpp b/security/manager/ssl/nsKeygenHandlerContent.cpp new file mode 100644 index 000000000..766da0a6d --- /dev/null +++ b/security/manager/ssl/nsKeygenHandlerContent.cpp @@ -0,0 +1,78 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=2 sw=2 sts=2 et tw=80: + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsKeygenHandlerContent.h" + +#include "nsIFormProcessor.h" +#include "nsString.h" + +#include "mozilla/dom/ContentChild.h" +#include "mozilla/Unused.h" + +#include "keythi.h" +#include "nss.h" +#include "secmodt.h" +#include "nsKeygenHandler.h" + +using mozilla::dom::ContentChild; +using mozilla::Unused; + +NS_IMPL_ISUPPORTS(nsKeygenFormProcessorContent, nsIFormProcessor) + +nsKeygenFormProcessorContent::nsKeygenFormProcessorContent() +{ +} + +nsKeygenFormProcessorContent::~nsKeygenFormProcessorContent() +{ +} + +nsresult +nsKeygenFormProcessorContent::ProcessValue(nsIDOMHTMLElement* aElement, + const nsAString& aName, + nsAString& aValue) +{ + nsAutoString challengeValue; + nsAutoString keyTypeValue; + nsAutoString keyParamsValue; + nsKeygenFormProcessor::ExtractParams(aElement, challengeValue, keyTypeValue, keyParamsValue); + + ContentChild* child = ContentChild::GetSingleton(); + + nsString oldValue(aValue); + nsString newValue; + Unused << child->SendKeygenProcessValue(oldValue, challengeValue, + keyTypeValue, keyParamsValue, + &newValue); + + aValue.Assign(newValue); + return NS_OK; +} + +nsresult +nsKeygenFormProcessorContent::ProcessValueIPC(const nsAString& aOldValue, + const nsAString& aChallenge, + const nsAString& aKeyType, + const nsAString& aKeyParams, + nsAString& aNewValue) +{ + MOZ_ASSERT(false, "should never be called in the child process"); + return NS_ERROR_UNEXPECTED; +} + +nsresult +nsKeygenFormProcessorContent::ProvideContent(const nsAString& aFormType, + nsTArray& aContent, + nsAString& aAttribute) +{ + nsString attribute; + Unused << + ContentChild::GetSingleton()->SendKeygenProvideContent(&attribute, + &aContent); + aAttribute.Assign(attribute); + return NS_OK; +} diff --git a/security/manager/ssl/nsKeygenHandlerContent.h b/security/manager/ssl/nsKeygenHandlerContent.h new file mode 100644 index 000000000..c36e57051 --- /dev/null +++ b/security/manager/ssl/nsKeygenHandlerContent.h @@ -0,0 +1,42 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=2 sw=2 sts=2 et tw=80: + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsKeygenHandlerContent_h +#define nsKeygenHandlerContent_h + +#include "mozilla/Attributes.h" +#include "nsIFormProcessor.h" +#include "nsStringFwd.h" +#include "nsTArray.h" + +class nsIDOMHTMLElement; + +class nsKeygenFormProcessorContent final : public nsIFormProcessor { +public: + nsKeygenFormProcessorContent(); + + virtual nsresult ProcessValue(nsIDOMHTMLElement* aElement, + const nsAString& aName, + nsAString& aValue) override; + + virtual nsresult ProcessValueIPC(const nsAString& aOldValue, + const nsAString& aChallenge, + const nsAString& aKeyType, + const nsAString& aKeyParams, + nsAString& aNewValue) override; + + virtual nsresult ProvideContent(const nsAString& aFormType, + nsTArray& aContent, + nsAString& aAttribute) override; + + NS_DECL_ISUPPORTS + +protected: + ~nsKeygenFormProcessorContent(); +}; + +#endif // nsKeygenHandlerContent_h diff --git a/security/manager/ssl/nsKeygenThread.cpp b/security/manager/ssl/nsKeygenThread.cpp new file mode 100644 index 000000000..b295c4f36 --- /dev/null +++ b/security/manager/ssl/nsKeygenThread.cpp @@ -0,0 +1,254 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "pk11func.h" +#include "nsCOMPtr.h" +#include "nsThreadUtils.h" +#include "nsKeygenThread.h" +#include "nsIObserver.h" +#include "nsNSSShutDown.h" +#include "PSMRunnable.h" +#include "mozilla/DebugOnly.h" + +using namespace mozilla; +using namespace mozilla::psm; + +NS_IMPL_ISUPPORTS(nsKeygenThread, nsIKeygenThread) + + +nsKeygenThread::nsKeygenThread() +:mutex("nsKeygenThread.mutex"), + iAmRunning(false), + keygenReady(false), + statusDialogClosed(false), + alreadyReceivedParams(false), + privateKey(nullptr), + publicKey(nullptr), + slot(nullptr), + flags(0), + altSlot(nullptr), + altFlags(0), + usedSlot(nullptr), + keyGenMechanism(0), + params(nullptr), + wincx(nullptr), + threadHandle(nullptr) +{ +} + +nsKeygenThread::~nsKeygenThread() +{ + // clean up in the unlikely case that nobody consumed our results + + if (privateKey) + SECKEY_DestroyPrivateKey(privateKey); + + if (publicKey) + SECKEY_DestroyPublicKey(publicKey); + + if (usedSlot) + PK11_FreeSlot(usedSlot); +} + +void nsKeygenThread::SetParams( + PK11SlotInfo *a_slot, + PK11AttrFlags a_flags, + PK11SlotInfo *a_alternative_slot, + PK11AttrFlags a_alternative_flags, + uint32_t a_keyGenMechanism, + void *a_params, + void *a_wincx ) +{ + nsNSSShutDownPreventionLock locker; + MutexAutoLock lock(mutex); + + if (!alreadyReceivedParams) { + alreadyReceivedParams = true; + slot = (a_slot) ? PK11_ReferenceSlot(a_slot) : nullptr; + flags = a_flags; + altSlot = (a_alternative_slot) ? PK11_ReferenceSlot(a_alternative_slot) : nullptr; + altFlags = a_alternative_flags; + keyGenMechanism = a_keyGenMechanism; + params = a_params; + wincx = a_wincx; + } +} + +nsresult nsKeygenThread::ConsumeResult( + PK11SlotInfo **a_used_slot, + SECKEYPrivateKey **a_privateKey, + SECKEYPublicKey **a_publicKey) +{ + if (!a_used_slot || !a_privateKey || !a_publicKey) { + return NS_ERROR_FAILURE; + } + + nsresult rv; + + MutexAutoLock lock(mutex); + + // GetParams must not be called until thread creator called + // Join on this thread. + NS_ASSERTION(keygenReady, "logic error in nsKeygenThread::GetParams"); + + if (keygenReady) { + *a_privateKey = privateKey; + *a_publicKey = publicKey; + *a_used_slot = usedSlot; + + privateKey = 0; + publicKey = 0; + usedSlot = 0; + + rv = NS_OK; + } + else { + rv = NS_ERROR_FAILURE; + } + + return rv; +} + +static void nsKeygenThreadRunner(void *arg) +{ + PR_SetCurrentThreadName("Keygen"); + nsKeygenThread *self = static_cast(arg); + self->Run(); +} + +nsresult nsKeygenThread::StartKeyGeneration(nsIObserver* aObserver) +{ + if (!NS_IsMainThread()) { + NS_ERROR("nsKeygenThread::StartKeyGeneration called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + if (!aObserver) + return NS_OK; + + MutexAutoLock lock(mutex); + + if (iAmRunning || keygenReady) { + return NS_OK; + } + + // We must AddRef aObserver only here on the main thread, because it + // probably does not implement a thread-safe AddRef. + mNotifyObserver = new NotifyObserverRunnable(aObserver, "keygen-finished"); + + iAmRunning = true; + + threadHandle = PR_CreateThread(PR_USER_THREAD, nsKeygenThreadRunner, static_cast(this), + PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0); + + // bool thread_started_ok = (threadHandle != nullptr); + // we might want to return "thread started ok" to caller in the future + NS_ASSERTION(threadHandle, "Could not create nsKeygenThreadRunner thread\n"); + + return NS_OK; +} + +nsresult nsKeygenThread::UserCanceled(bool *threadAlreadyClosedDialog) +{ + if (!threadAlreadyClosedDialog) + return NS_OK; + + *threadAlreadyClosedDialog = false; + + MutexAutoLock lock(mutex); + + if (keygenReady) + *threadAlreadyClosedDialog = statusDialogClosed; + + // User somehow closed the dialog, but we will not cancel. + // Bad luck, we told him not do, and user still has to wait. + // However, we remember that it's closed and will not close + // it again to avoid problems. + statusDialogClosed = true; + + return NS_OK; +} + +void nsKeygenThread::Run(void) +{ + nsNSSShutDownPreventionLock locker; + bool canGenerate = false; + + { + MutexAutoLock lock(mutex); + if (alreadyReceivedParams) { + canGenerate = true; + keygenReady = false; + } + } + + if (canGenerate) { + privateKey = PK11_GenerateKeyPairWithFlags(slot, keyGenMechanism, + params, &publicKey, + flags, wincx); + + if (privateKey) { + usedSlot = PK11_ReferenceSlot(slot); + } + else if (altSlot) { + privateKey = PK11_GenerateKeyPairWithFlags(altSlot, keyGenMechanism, + params, &publicKey, + altFlags, wincx); + if (privateKey) { + usedSlot = PK11_ReferenceSlot(altSlot); + } + } + } + + // This call gave us ownership over privateKey and publicKey. + // But as the params structure is owner by our caller, + // we effectively transferred ownership to the caller. + // As long as key generation can't be canceled, we don't need + // to care for cleaning this up. + + nsCOMPtr notifyObserver; + { + MutexAutoLock lock(mutex); + + keygenReady = true; + iAmRunning = false; + + // forget our parameters + if (slot) { + PK11_FreeSlot(slot); + slot = 0; + } + if (altSlot) { + PK11_FreeSlot(altSlot); + altSlot = 0; + } + keyGenMechanism = 0; + params = 0; + wincx = 0; + + if (!statusDialogClosed && mNotifyObserver) + notifyObserver = mNotifyObserver; + + mNotifyObserver = nullptr; + } + + if (notifyObserver) { + DebugOnly rv = NS_DispatchToMainThread(notifyObserver); + NS_ASSERTION(NS_SUCCEEDED(rv), + "failed to dispatch keygen thread observer to main thread"); + } +} + +void nsKeygenThread::Join() +{ + if (!threadHandle) + return; + + PR_JoinThread(threadHandle); + threadHandle = nullptr; + + return; +} diff --git a/security/manager/ssl/nsKeygenThread.h b/security/manager/ssl/nsKeygenThread.h new file mode 100644 index 000000000..139bf89f8 --- /dev/null +++ b/security/manager/ssl/nsKeygenThread.h @@ -0,0 +1,72 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _NSKEYGENTHREAD_H_ +#define _NSKEYGENTHREAD_H_ + +#include "keyhi.h" +#include "nspr.h" + +#include "mozilla/Mutex.h" +#include "nsIKeygenThread.h" +#include "nsCOMPtr.h" + +class nsIRunnable; + +class nsKeygenThread : public nsIKeygenThread +{ +private: + mozilla::Mutex mutex; + + nsCOMPtr mNotifyObserver; + + bool iAmRunning; + bool keygenReady; + bool statusDialogClosed; + bool alreadyReceivedParams; + + SECKEYPrivateKey *privateKey; + SECKEYPublicKey *publicKey; + PK11SlotInfo *slot; + PK11AttrFlags flags; + PK11SlotInfo *altSlot; + PK11AttrFlags altFlags; + PK11SlotInfo *usedSlot; + uint32_t keyGenMechanism; + void *params; + void *wincx; + + PRThread *threadHandle; + +protected: + virtual ~nsKeygenThread(); + +public: + nsKeygenThread(); + + NS_DECL_NSIKEYGENTHREAD + NS_DECL_THREADSAFE_ISUPPORTS + + void SetParams( + PK11SlotInfo *a_slot, + PK11AttrFlags a_flags, + PK11SlotInfo *a_alternative_slot, + PK11AttrFlags a_alternative_flags, + uint32_t a_keyGenMechanism, + void *a_params, + void *a_wincx ); + + nsresult ConsumeResult( + PK11SlotInfo **a_used_slot, + SECKEYPrivateKey **a_privateKey, + SECKEYPublicKey **a_publicKey); + + void Join(void); + + void Run(void); +}; + +#endif //_NSKEYGENTHREAD_H_ diff --git a/security/manager/ssl/nsNSSASN1Object.cpp b/security/manager/ssl/nsNSSASN1Object.cpp new file mode 100644 index 000000000..6b52d8c94 --- /dev/null +++ b/security/manager/ssl/nsNSSASN1Object.cpp @@ -0,0 +1,430 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#include "nsNSSASN1Object.h" + +#include "nsArray.h" +#include "nsArrayUtils.h" +#include "nsIComponentManager.h" +#include "nsReadableUtils.h" +#include "nsXPCOMCID.h" +#include "secasn1.h" + +NS_IMPL_ISUPPORTS(nsNSSASN1Sequence, nsIASN1Sequence, nsIASN1Object) +NS_IMPL_ISUPPORTS(nsNSSASN1PrintableItem, nsIASN1PrintableItem, nsIASN1Object) + +// This function is used to interpret an integer that +// was encoded in a DER buffer. This function is used +// when converting a DER buffer into a nsIASN1Object +// structure. This interprets the buffer in data +// as defined by the DER (Distinguised Encoding Rules) of +// ASN1. +static int +getInteger256(unsigned char *data, unsigned int nb) +{ + int val; + + switch (nb) { + case 1: + val = data[0]; + break; + case 2: + val = (data[0] << 8) | data[1]; + break; + case 3: + val = (data[0] << 16) | (data[1] << 8) | data[2]; + break; + case 4: + val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; + break; + default: + return -1; + } + + return val; +} + +// This function is used to retrieve the lenght of a DER encoded +// item. It looks to see if this a multibyte length and then +// interprets the buffer accordingly to get the actual length value. +// This funciton is used mostly while parsing the DER headers. +// +// A DER encoded item has the following structure: +// +// +static int32_t +getDERItemLength(unsigned char *data, unsigned char *end, + unsigned long *bytesUsed, bool *indefinite) +{ + unsigned char lbyte = *data++; + int32_t length = -1; + + *indefinite = false; + if (lbyte >= 0x80) { + // Multibyte length + unsigned nb = (unsigned) (lbyte & 0x7f); + if (nb > 4) { + return -1; + } + if (nb > 0) { + + if ((data+nb) > end) { + return -1; + } + length = getInteger256(data, nb); + if (length < 0) + return -1; + } else { + *indefinite = true; + length = 0; + } + *bytesUsed = nb+1; + } else { + length = lbyte; + *bytesUsed = 1; + } + return length; +} + +static nsresult +buildASN1ObjectFromDER(unsigned char *data, + unsigned char *end, + nsIASN1Sequence *parent) +{ + nsresult rv; + nsCOMPtr sequence; + nsCOMPtr printableItem; + nsCOMPtr asn1Obj; + nsCOMPtr parentObjects; + + NS_ENSURE_ARG_POINTER(parent); + if (data >= end) + return NS_OK; + + unsigned char code, tagnum; + + // A DER item has the form of |tag|len|data + // tag is one byte and describes the type of element + // we are dealing with. + // len is a DER encoded int telling us how long the data is + // data is a buffer that is len bytes long and has to be + // interpreted according to its type. + unsigned long bytesUsed; + bool indefinite; + int32_t len; + uint32_t type; + + rv = parent->GetASN1Objects(getter_AddRefs(parentObjects)); + if (NS_FAILED(rv) || !parentObjects) + return NS_ERROR_FAILURE; + while (data < end) { + code = *data; + tagnum = code & SEC_ASN1_TAGNUM_MASK; + + /* + * NOTE: This code does not (yet) handle the high-tag-number form! + */ + if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) { + return NS_ERROR_FAILURE; + } + + data++; + len = getDERItemLength(data, end, &bytesUsed, &indefinite); + if (len < 0) { + return NS_ERROR_FAILURE; + } + + data += bytesUsed; + if (data + len > end) { + return NS_ERROR_FAILURE; + } + + if (code & SEC_ASN1_CONSTRUCTED) { + if (len > 0 || indefinite) { + sequence = new nsNSSASN1Sequence(); + switch (code & SEC_ASN1_CLASS_MASK) { + case SEC_ASN1_UNIVERSAL: + type = tagnum; + break; + case SEC_ASN1_APPLICATION: + type = nsIASN1Object::ASN1_APPLICATION; + break; + case SEC_ASN1_CONTEXT_SPECIFIC: + type = nsIASN1Object::ASN1_CONTEXT_SPECIFIC; + break; + case SEC_ASN1_PRIVATE: + type = nsIASN1Object::ASN1_PRIVATE; + break; + default: + NS_ERROR("Bad DER"); + return NS_ERROR_FAILURE; + } + sequence->SetTag(tagnum); + sequence->SetType(type); + rv = buildASN1ObjectFromDER(data, (len == 0) ? end : data + len, + sequence); + asn1Obj = sequence; + } + } else { + printableItem = new nsNSSASN1PrintableItem(); + + asn1Obj = printableItem; + asn1Obj->SetType(tagnum); + asn1Obj->SetTag(tagnum); + printableItem->SetData((char*)data, len); + } + data += len; + parentObjects->AppendElement(asn1Obj, false); + } + + return NS_OK; +} + +nsresult +CreateFromDER(unsigned char *data, + unsigned int len, + nsIASN1Object **retval) +{ + nsCOMPtr sequence = new nsNSSASN1Sequence; + *retval = nullptr; + + nsresult rv = buildASN1ObjectFromDER(data, data+len, sequence); + + if (NS_SUCCEEDED(rv)) { + // The actual object will be the first element inserted + // into the sequence of the sequence variable we created. + nsCOMPtr elements; + + sequence->GetASN1Objects(getter_AddRefs(elements)); + nsCOMPtr asn1Obj = do_QueryElementAt(elements, 0); + if (!asn1Obj) { + return NS_ERROR_FAILURE; + } + + asn1Obj.forget(retval); + } + return rv; +} + +nsNSSASN1Sequence::nsNSSASN1Sequence() : mType(0), + mTag(0), + mIsValidContainer(true), + mIsExpanded(true) +{ + /* member initializers and constructor code */ +} + +nsNSSASN1Sequence::~nsNSSASN1Sequence() +{ + /* destructor code */ +} + +NS_IMETHODIMP +nsNSSASN1Sequence::GetASN1Objects(nsIMutableArray * *aASN1Objects) +{ + if (!mASN1Objects) { + mASN1Objects = nsArrayBase::Create(); + } + *aASN1Objects = mASN1Objects; + NS_IF_ADDREF(*aASN1Objects); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::SetASN1Objects(nsIMutableArray * aASN1Objects) +{ + mASN1Objects = aASN1Objects; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::GetTag(uint32_t *aTag) +{ + *aTag = mTag; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::SetTag(uint32_t aTag) +{ + mTag = aTag; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::GetType(uint32_t *aType) +{ + *aType = mType; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::SetType(uint32_t aType) +{ + mType = aType; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::GetDisplayName(nsAString &aDisplayName) +{ + aDisplayName = mDisplayName; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::SetDisplayName(const nsAString &aDisplayName) +{ + mDisplayName = aDisplayName; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::GetDisplayValue(nsAString &aDisplayValue) +{ + aDisplayValue = mDisplayValue; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::SetDisplayValue(const nsAString &aDisplayValue) +{ + mDisplayValue = aDisplayValue; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::GetIsValidContainer(bool *aIsValidContainer) +{ + NS_ENSURE_ARG_POINTER(aIsValidContainer); + *aIsValidContainer = mIsValidContainer; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::SetIsValidContainer(bool aIsValidContainer) +{ + mIsValidContainer = aIsValidContainer; + SetIsExpanded(mIsValidContainer); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::GetIsExpanded(bool *aIsExpanded) +{ + NS_ENSURE_ARG_POINTER(aIsExpanded); + *aIsExpanded = mIsExpanded; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1Sequence::SetIsExpanded(bool aIsExpanded) +{ + mIsExpanded = aIsExpanded; + return NS_OK; +} + +nsNSSASN1PrintableItem::nsNSSASN1PrintableItem() : mType(0), + mTag(0), + mData(nullptr), + mLen(0) +{ + /* member initializers and constructor code */ +} + +nsNSSASN1PrintableItem::~nsNSSASN1PrintableItem() +{ + /* destructor code */ + if (mData) + free(mData); +} + +NS_IMETHODIMP +nsNSSASN1PrintableItem::GetDisplayValue(nsAString &aValue) +{ + aValue = mValue; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1PrintableItem::SetDisplayValue(const nsAString &aValue) +{ + mValue = aValue; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1PrintableItem::GetTag(uint32_t *aTag) +{ + *aTag = mTag; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1PrintableItem::SetTag(uint32_t aTag) +{ + mTag = aTag; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1PrintableItem::GetType(uint32_t *aType) +{ + *aType = mType; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1PrintableItem::SetType(uint32_t aType) +{ + mType = aType; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1PrintableItem::SetData(char *data, uint32_t len) +{ + if (len > 0) { + if (mLen < len) { + unsigned char* newData = (unsigned char*)moz_xrealloc(mData, len); + if (!newData) + return NS_ERROR_OUT_OF_MEMORY; + + mData = newData; + } + + memcpy(mData, data, len); + } else if (len == 0) { + if (mData) { + free(mData); + mData = nullptr; + } + } + mLen = len; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1PrintableItem::GetData(char **outData, uint32_t *outLen) +{ + NS_ENSURE_ARG_POINTER(outData); + NS_ENSURE_ARG_POINTER(outLen); + + *outData = (char*)mData; + *outLen = mLen; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1PrintableItem::GetDisplayName(nsAString &aDisplayName) +{ + aDisplayName = mDisplayName; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSASN1PrintableItem::SetDisplayName(const nsAString &aDisplayName) +{ + mDisplayName = aDisplayName; + return NS_OK; +} diff --git a/security/manager/ssl/nsNSSASN1Object.h b/security/manager/ssl/nsNSSASN1Object.h new file mode 100644 index 000000000..b995a58fc --- /dev/null +++ b/security/manager/ssl/nsNSSASN1Object.h @@ -0,0 +1,64 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#ifndef _NSSASN_H_ +#define _NSSASN_H_ + +#include "nscore.h" +#include "nsIX509Cert.h" +#include "nsCOMPtr.h" +#include "nsString.h" +#include "nsIASN1Sequence.h" +#include "nsIASN1PrintableItem.h" +#include "nsIMutableArray.h" + +// +// Read comments in nsIX509Cert.idl for a description of the desired +// purpose for this ASN1 interface implementation. +// + +class nsNSSASN1Sequence : public nsIASN1Sequence +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIASN1SEQUENCE + NS_DECL_NSIASN1OBJECT + + nsNSSASN1Sequence(); +protected: + virtual ~nsNSSASN1Sequence(); + /* additional members */ +private: + nsCOMPtr mASN1Objects; + nsString mDisplayName; + nsString mDisplayValue; + uint32_t mType; + uint32_t mTag; + bool mIsValidContainer; + bool mIsExpanded; +}; + +class nsNSSASN1PrintableItem : public nsIASN1PrintableItem +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIASN1PRINTABLEITEM + NS_DECL_NSIASN1OBJECT + + nsNSSASN1PrintableItem(); +protected: + virtual ~nsNSSASN1PrintableItem(); + /* additional members */ +private: + nsString mDisplayName; + nsString mValue; + uint32_t mType; + uint32_t mTag; + unsigned char *mData; + uint32_t mLen; +}; + +nsresult CreateFromDER(unsigned char *data, + unsigned int len, + nsIASN1Object **retval); +#endif //_NSSASN_H_ diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp new file mode 100644 index 000000000..e28760d5f --- /dev/null +++ b/security/manager/ssl/nsNSSCallbacks.cpp @@ -0,0 +1,1379 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSCallbacks.h" + +#include "PSMRunnable.h" +#include "ScopedNSSTypes.h" +#include "SharedCertVerifier.h" +#include "SharedSSLState.h" +#include "mozilla/ArrayUtils.h" +#include "mozilla/Assertions.h" +#include "mozilla/Casting.h" +#include "mozilla/RefPtr.h" +#include "mozilla/Telemetry.h" +#include "mozilla/TimeStamp.h" +#include "mozilla/Unused.h" +#include "nsContentUtils.h" +#include "nsICertOverrideService.h" +#include "nsIHttpChannelInternal.h" +#include "nsIPrompt.h" +#include "nsISupportsPriority.h" +#include "nsITokenDialogs.h" +#include "nsIUploadChannel.h" +#include "nsIWebProgressListener.h" +#include "nsNSSCertificate.h" +#include "nsNSSComponent.h" +#include "nsNSSIOLayer.h" +#include "nsNetUtil.h" +#include "nsProtectedAuthThread.h" +#include "nsProxyRelease.h" +#include "pkix/pkixtypes.h" +#include "ssl.h" +#include "sslproto.h" + +using namespace mozilla; +using namespace mozilla::psm; + +extern LazyLogModule gPIPNSSLog; + +static void AccumulateCipherSuite(Telemetry::ID probe, + const SSLChannelInfo& channelInfo); + +namespace { + +// Bits in bit mask for SSL_REASONS_FOR_NOT_FALSE_STARTING telemetry probe +// These bits are numbered so that the least subtle issues have higher values. +// This should make it easier for us to interpret the results. +const uint32_t NPN_NOT_NEGOTIATED = 64; +const uint32_t POSSIBLE_VERSION_DOWNGRADE = 4; +const uint32_t POSSIBLE_CIPHER_SUITE_DOWNGRADE = 2; +const uint32_t KEA_NOT_SUPPORTED = 1; + +} // namespace + +class nsHTTPDownloadEvent : public Runnable { +public: + nsHTTPDownloadEvent(); + ~nsHTTPDownloadEvent(); + + NS_IMETHOD Run(); + + nsNSSHttpRequestSession *mRequestSession; + + RefPtr mListener; + bool mResponsibleForDoneSignal; + TimeStamp mStartTime; +}; + +nsHTTPDownloadEvent::nsHTTPDownloadEvent() +:mResponsibleForDoneSignal(true) +{ +} + +nsHTTPDownloadEvent::~nsHTTPDownloadEvent() +{ + if (mResponsibleForDoneSignal && mListener) + mListener->send_done_signal(); + + mRequestSession->Release(); +} + +NS_IMETHODIMP +nsHTTPDownloadEvent::Run() +{ + if (!mListener) + return NS_OK; + + nsresult rv; + + nsCOMPtr ios = do_GetIOService(); + NS_ENSURE_STATE(ios); + + nsCOMPtr chan; + ios->NewChannel2(mRequestSession->mURL, + nullptr, + nullptr, + nullptr, // aLoadingNode + nsContentUtils::GetSystemPrincipal(), + nullptr, // aTriggeringPrincipal + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, + nsIContentPolicy::TYPE_OTHER, + getter_AddRefs(chan)); + NS_ENSURE_STATE(chan); + + // Security operations scheduled through normal HTTP channels are given + // high priority to accommodate real time OCSP transactions. + nsCOMPtr priorityChannel = do_QueryInterface(chan); + if (priorityChannel) + priorityChannel->AdjustPriority(nsISupportsPriority::PRIORITY_HIGHEST); + + chan->SetLoadFlags(nsIRequest::LOAD_ANONYMOUS | + nsIChannel::LOAD_BYPASS_SERVICE_WORKER); + + // For OCSP requests, only the first party domain aspect of origin attributes + // is used. This means that OCSP requests are shared across different + // containers. + if (mRequestSession->mOriginAttributes != NeckoOriginAttributes()) { + NeckoOriginAttributes attrs; + attrs.mFirstPartyDomain = + mRequestSession->mOriginAttributes.mFirstPartyDomain; + + nsCOMPtr loadInfo = chan->GetLoadInfo(); + if (loadInfo) { + rv = loadInfo->SetOriginAttributes(attrs); + NS_ENSURE_SUCCESS(rv, rv); + } + } + + // Create a loadgroup for this new channel. This way if the channel + // is redirected, we'll have a way to cancel the resulting channel. + nsCOMPtr lg = do_CreateInstance(NS_LOADGROUP_CONTRACTID); + chan->SetLoadGroup(lg); + + if (mRequestSession->mHasPostData) + { + nsCOMPtr uploadStream; + rv = NS_NewPostDataStream(getter_AddRefs(uploadStream), + false, + mRequestSession->mPostData); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr uploadChannel(do_QueryInterface(chan)); + NS_ENSURE_STATE(uploadChannel); + + rv = uploadChannel->SetUploadStream(uploadStream, + mRequestSession->mPostContentType, + -1); + NS_ENSURE_SUCCESS(rv, rv); + } + + // Do not use SPDY for internal security operations. It could result + // in the silent upgrade to ssl, which in turn could require an SSL + // operation to fulfill something like an OCSP fetch, which is an + // endless loop. + nsCOMPtr internalChannel = do_QueryInterface(chan); + if (internalChannel) { + rv = internalChannel->SetAllowSpdy(false); + NS_ENSURE_SUCCESS(rv, rv); + } + + nsCOMPtr hchan = do_QueryInterface(chan); + NS_ENSURE_STATE(hchan); + + rv = hchan->SetAllowSTS(false); + NS_ENSURE_SUCCESS(rv, rv); + + rv = hchan->SetRequestMethod(mRequestSession->mRequestMethod); + NS_ENSURE_SUCCESS(rv, rv); + + mResponsibleForDoneSignal = false; + mListener->mResponsibleForDoneSignal = true; + + mListener->mLoadGroup = lg.get(); + NS_ADDREF(mListener->mLoadGroup); + mListener->mLoadGroupOwnerThread = PR_GetCurrentThread(); + + rv = NS_NewStreamLoader(getter_AddRefs(mListener->mLoader), + mListener); + + if (NS_SUCCEEDED(rv)) { + mStartTime = TimeStamp::Now(); + rv = hchan->AsyncOpen2(mListener->mLoader); + } + + if (NS_FAILED(rv)) { + mListener->mResponsibleForDoneSignal = false; + mResponsibleForDoneSignal = true; + + NS_RELEASE(mListener->mLoadGroup); + mListener->mLoadGroup = nullptr; + mListener->mLoadGroupOwnerThread = nullptr; + } + + return NS_OK; +} + +struct nsCancelHTTPDownloadEvent : Runnable { + RefPtr mListener; + + NS_IMETHOD Run() override { + mListener->FreeLoadGroup(true); + mListener = nullptr; + return NS_OK; + } +}; + +mozilla::pkix::Result +nsNSSHttpServerSession::createSessionFcn(const char* host, + uint16_t portnum, + /*out*/ nsNSSHttpServerSession** pSession) +{ + if (!host || !pSession) { + return Result::FATAL_ERROR_INVALID_ARGS; + } + + nsNSSHttpServerSession* hss = new nsNSSHttpServerSession; + if (!hss) { + return Result::FATAL_ERROR_NO_MEMORY; + } + + hss->mHost = host; + hss->mPort = portnum; + + *pSession = hss; + return Success; +} + +mozilla::pkix::Result +nsNSSHttpRequestSession::createFcn(const nsNSSHttpServerSession* session, + const char* http_protocol_variant, + const char* path_and_query_string, + const char* http_request_method, + const NeckoOriginAttributes& origin_attributes, + const PRIntervalTime timeout, + /*out*/ nsNSSHttpRequestSession** pRequest) +{ + if (!session || !http_protocol_variant || !path_and_query_string || + !http_request_method || !pRequest) { + return Result::FATAL_ERROR_INVALID_ARGS; + } + + nsNSSHttpRequestSession* rs = new nsNSSHttpRequestSession; + if (!rs) { + return Result::FATAL_ERROR_NO_MEMORY; + } + + rs->mTimeoutInterval = timeout; + + // Use a maximum timeout value of 10 seconds because of bug 404059. + // FIXME: Use a better approach once 406120 is ready. + uint32_t maxBug404059Timeout = PR_TicksPerSecond() * 10; + if (timeout > maxBug404059Timeout) { + rs->mTimeoutInterval = maxBug404059Timeout; + } + + rs->mURL.Assign(http_protocol_variant); + rs->mURL.AppendLiteral("://"); + rs->mURL.Append(session->mHost); + rs->mURL.Append(':'); + rs->mURL.AppendInt(session->mPort); + rs->mURL.Append(path_and_query_string); + + rs->mOriginAttributes = origin_attributes; + + rs->mRequestMethod = http_request_method; + + *pRequest = rs; + return Success; +} + +mozilla::pkix::Result +nsNSSHttpRequestSession::setPostDataFcn(const char* http_data, + const uint32_t http_data_len, + const char* http_content_type) +{ + mHasPostData = true; + mPostData.Assign(http_data, http_data_len); + mPostContentType.Assign(http_content_type); + + return Success; +} + +mozilla::pkix::Result +nsNSSHttpRequestSession::trySendAndReceiveFcn(PRPollDesc** pPollDesc, + uint16_t* http_response_code, + const char** http_response_content_type, + const char** http_response_headers, + const char** http_response_data, + uint32_t* http_response_data_len) +{ + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSHttpRequestSession::trySendAndReceiveFcn to %s\n", mURL.get())); + + bool onSTSThread; + nsresult nrv; + nsCOMPtr sts + = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv); + if (NS_FAILED(nrv)) { + NS_ERROR("Could not get STS service"); + return Result::FATAL_ERROR_INVALID_STATE; + } + + nrv = sts->IsOnCurrentThread(&onSTSThread); + if (NS_FAILED(nrv)) { + NS_ERROR("IsOnCurrentThread failed"); + return Result::FATAL_ERROR_INVALID_STATE; + } + + if (onSTSThread) { + NS_ERROR("nsNSSHttpRequestSession::trySendAndReceiveFcn called on socket " + "thread; this will not work."); + return Result::FATAL_ERROR_INVALID_STATE; + } + + const int max_retries = 2; + int retry_count = 0; + bool retryable_error = false; + Result rv = Result::ERROR_UNKNOWN_ERROR; + + do + { + if (retry_count > 0) + { + if (retryable_error) + { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSHttpRequestSession::trySendAndReceiveFcn - sleeping and retrying: %d of %d\n", + retry_count, max_retries)); + } + + PR_Sleep( PR_MillisecondsToInterval(300) * retry_count ); + } + + ++retry_count; + retryable_error = false; + + rv = + internal_send_receive_attempt(retryable_error, pPollDesc, http_response_code, + http_response_content_type, http_response_headers, + http_response_data, http_response_data_len); + } + while (retryable_error && + retry_count < max_retries); + + if (retry_count > 1) + { + if (retryable_error) + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSHttpRequestSession::trySendAndReceiveFcn - still failing, giving up...\n")); + else + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSHttpRequestSession::trySendAndReceiveFcn - success at attempt %d\n", + retry_count)); + } + + return rv; +} + +void +nsNSSHttpRequestSession::AddRef() +{ + ++mRefCount; +} + +void +nsNSSHttpRequestSession::Release() +{ + int32_t newRefCount = --mRefCount; + if (!newRefCount) { + delete this; + } +} + +mozilla::pkix::Result +nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error, + PRPollDesc **pPollDesc, + uint16_t *http_response_code, + const char **http_response_content_type, + const char **http_response_headers, + const char **http_response_data, + uint32_t *http_response_data_len) +{ + if (pPollDesc) *pPollDesc = nullptr; + if (http_response_code) *http_response_code = 0; + if (http_response_content_type) *http_response_content_type = 0; + if (http_response_headers) *http_response_headers = 0; + if (http_response_data) *http_response_data = 0; + + uint32_t acceptableResultSize = 0; + + if (http_response_data_len) + { + acceptableResultSize = *http_response_data_len; + *http_response_data_len = 0; + } + + if (!mListener) { + return Result::FATAL_ERROR_INVALID_STATE; + } + + Mutex& waitLock = mListener->mLock; + CondVar& waitCondition = mListener->mCondition; + volatile bool &waitFlag = mListener->mWaitFlag; + waitFlag = true; + + RefPtr event(new nsHTTPDownloadEvent); + if (!event) { + return Result::FATAL_ERROR_NO_MEMORY; + } + + event->mListener = mListener; + this->AddRef(); + event->mRequestSession = this; + + nsresult rv = NS_DispatchToMainThread(event); + if (NS_FAILED(rv)) { + event->mResponsibleForDoneSignal = false; + return Result::FATAL_ERROR_LIBRARY_FAILURE; + } + + bool request_canceled = false; + + { + MutexAutoLock locker(waitLock); + + const PRIntervalTime start_time = PR_IntervalNow(); + PRIntervalTime wait_interval; + + bool running_on_main_thread = NS_IsMainThread(); + if (running_on_main_thread) + { + // The result of running this on the main thread + // is a series of small timeouts mixed with spinning the + // event loop - this is always dangerous as there is so much main + // thread code that does not expect to be called re-entrantly. Your + // app really shouldn't do that. + NS_WARNING("Security network blocking I/O on Main Thread"); + + // let's process events quickly + wait_interval = PR_MicrosecondsToInterval(50); + } + else + { + // On a secondary thread, it's fine to wait some more for + // for the condition variable. + wait_interval = PR_MillisecondsToInterval(250); + } + + while (waitFlag) + { + if (running_on_main_thread) + { + // Networking runs on the main thread, which we happen to block here. + // Processing events will allow the OCSP networking to run while we + // are waiting. Thanks a lot to Darin Fisher for rewriting the + // thread manager. Thanks a lot to Christian Biesinger who + // made me aware of this possibility. (kaie) + + MutexAutoUnlock unlock(waitLock); + NS_ProcessNextEvent(nullptr); + } + + waitCondition.Wait(wait_interval); + + if (!waitFlag) + break; + + if (!request_canceled) + { + bool timeout = + (PRIntervalTime)(PR_IntervalNow() - start_time) > mTimeoutInterval; + + if (timeout) + { + request_canceled = true; + + RefPtr cancelevent( + new nsCancelHTTPDownloadEvent); + cancelevent->mListener = mListener; + rv = NS_DispatchToMainThread(cancelevent); + if (NS_FAILED(rv)) { + NS_WARNING("cannot post cancel event"); + } + break; + } + } + } + } + + if (!event->mStartTime.IsNull()) { + if (request_canceled) { + Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 0); + Telemetry::AccumulateTimeDelta( + Telemetry::CERT_VALIDATION_HTTP_REQUEST_CANCELED_TIME, + event->mStartTime, TimeStamp::Now()); + } + else if (NS_SUCCEEDED(mListener->mResultCode) && + mListener->mHttpResponseCode == 200) { + Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 1); + Telemetry::AccumulateTimeDelta( + Telemetry::CERT_VALIDATION_HTTP_REQUEST_SUCCEEDED_TIME, + event->mStartTime, TimeStamp::Now()); + } + else { + Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 2); + Telemetry::AccumulateTimeDelta( + Telemetry::CERT_VALIDATION_HTTP_REQUEST_FAILED_TIME, + event->mStartTime, TimeStamp::Now()); + } + } + else { + Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 3); + } + + if (request_canceled) { + return Result::ERROR_OCSP_SERVER_ERROR; + } + + if (NS_FAILED(mListener->mResultCode)) { + if (mListener->mResultCode == NS_ERROR_CONNECTION_REFUSED || + mListener->mResultCode == NS_ERROR_NET_RESET) { + retryable_error = true; + } + return Result::ERROR_OCSP_SERVER_ERROR; + } + + if (http_response_code) + *http_response_code = mListener->mHttpResponseCode; + + if (mListener->mHttpRequestSucceeded && http_response_data && + http_response_data_len) { + *http_response_data_len = mListener->mResultLen; + + // acceptableResultSize == 0 means: any size is acceptable + if (acceptableResultSize != 0 && + acceptableResultSize < mListener->mResultLen) { + return Result::ERROR_OCSP_SERVER_ERROR; + } + + // Return data by reference, result data will be valid until "this" gets + // destroyed. + *http_response_data = (const char*)mListener->mResultData; + } + + if (mListener->mHttpRequestSucceeded && http_response_content_type) { + if (mListener->mHttpResponseContentType.Length()) { + *http_response_content_type = mListener->mHttpResponseContentType.get(); + } + } + + return Success; +} + +nsNSSHttpRequestSession::nsNSSHttpRequestSession() +: mRefCount(1), + mHasPostData(false), + mTimeoutInterval(0), + mListener(new nsHTTPListener) +{ +} + +nsNSSHttpRequestSession::~nsNSSHttpRequestSession() +{ +} + +nsHTTPListener::nsHTTPListener() +: mResultData(nullptr), + mResultLen(0), + mLock("nsHTTPListener.mLock"), + mCondition(mLock, "nsHTTPListener.mCondition"), + mWaitFlag(true), + mResponsibleForDoneSignal(false), + mLoadGroup(nullptr), + mLoadGroupOwnerThread(nullptr) +{ +} + +nsHTTPListener::~nsHTTPListener() +{ + if (mResponsibleForDoneSignal) + send_done_signal(); + + if (mResultData) { + free(const_cast(mResultData)); + } + + if (mLoader) { + NS_ReleaseOnMainThread(mLoader.forget()); + } +} + +NS_IMPL_ISUPPORTS(nsHTTPListener, nsIStreamLoaderObserver) + +void +nsHTTPListener::FreeLoadGroup(bool aCancelLoad) +{ + nsILoadGroup *lg = nullptr; + + MutexAutoLock locker(mLock); + + if (mLoadGroup) { + if (mLoadGroupOwnerThread != PR_GetCurrentThread()) { + NS_ASSERTION(false, + "attempt to access nsHTTPDownloadEvent::mLoadGroup on multiple threads, leaking it!"); + } + else { + lg = mLoadGroup; + mLoadGroup = nullptr; + } + } + + if (lg) { + if (aCancelLoad) { + lg->Cancel(NS_ERROR_ABORT); + } + NS_RELEASE(lg); + } +} + +NS_IMETHODIMP +nsHTTPListener::OnStreamComplete(nsIStreamLoader* aLoader, + nsISupports* aContext, + nsresult aStatus, + uint32_t stringLen, + const uint8_t* string) +{ + mResultCode = aStatus; + + FreeLoadGroup(false); + + nsCOMPtr req; + nsCOMPtr hchan; + + nsresult rv = aLoader->GetRequest(getter_AddRefs(req)); + + if (NS_FAILED(aStatus)) + { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsHTTPListener::OnStreamComplete status failed %d", aStatus)); + } + + if (NS_SUCCEEDED(rv)) + hchan = do_QueryInterface(req, &rv); + + if (NS_SUCCEEDED(rv)) + { + rv = hchan->GetRequestSucceeded(&mHttpRequestSucceeded); + if (NS_FAILED(rv)) + mHttpRequestSucceeded = false; + + mResultLen = stringLen; + mResultData = string; // take ownership of allocation + aStatus = NS_SUCCESS_ADOPTED_DATA; + + unsigned int rcode; + rv = hchan->GetResponseStatus(&rcode); + if (NS_FAILED(rv)) + mHttpResponseCode = 500; + else + mHttpResponseCode = rcode; + + hchan->GetResponseHeader(NS_LITERAL_CSTRING("Content-Type"), + mHttpResponseContentType); + } + + if (mResponsibleForDoneSignal) + send_done_signal(); + + return aStatus; +} + +void nsHTTPListener::send_done_signal() +{ + mResponsibleForDoneSignal = false; + + { + MutexAutoLock locker(mLock); + mWaitFlag = false; + mCondition.NotifyAll(); + } +} + +static char* +ShowProtectedAuthPrompt(PK11SlotInfo* slot, nsIInterfaceRequestor *ir) +{ + if (!NS_IsMainThread()) { + NS_ERROR("ShowProtectedAuthPrompt called off the main thread"); + return nullptr; + } + + char* protAuthRetVal = nullptr; + + // Get protected auth dialogs + nsCOMPtr dialogs; + nsresult nsrv = getNSSDialogs(getter_AddRefs(dialogs), + NS_GET_IID(nsITokenDialogs), + NS_TOKENDIALOGS_CONTRACTID); + if (NS_SUCCEEDED(nsrv)) + { + nsProtectedAuthThread* protectedAuthRunnable = new nsProtectedAuthThread(); + if (protectedAuthRunnable) + { + NS_ADDREF(protectedAuthRunnable); + + protectedAuthRunnable->SetParams(slot); + + nsCOMPtr runnable = do_QueryInterface(protectedAuthRunnable); + if (runnable) + { + nsrv = dialogs->DisplayProtectedAuth(ir, runnable); + + // We call join on the thread, + // so we can be sure that no simultaneous access will happen. + protectedAuthRunnable->Join(); + + if (NS_SUCCEEDED(nsrv)) + { + SECStatus rv = protectedAuthRunnable->GetResult(); + switch (rv) + { + case SECSuccess: + protAuthRetVal = ToNewCString(nsDependentCString(PK11_PW_AUTHENTICATED)); + break; + case SECWouldBlock: + protAuthRetVal = ToNewCString(nsDependentCString(PK11_PW_RETRY)); + break; + default: + protAuthRetVal = nullptr; + break; + } + } + } + + NS_RELEASE(protectedAuthRunnable); + } + } + + return protAuthRetVal; +} + +class PK11PasswordPromptRunnable : public SyncRunnableBase + , public nsNSSShutDownObject +{ +public: + PK11PasswordPromptRunnable(PK11SlotInfo* slot, + nsIInterfaceRequestor* ir) + : mResult(nullptr), + mSlot(slot), + mIR(ir) + { + } + virtual ~PK11PasswordPromptRunnable(); + + // This doesn't own the PK11SlotInfo or any other NSS objects, so there's + // nothing to release. + virtual void virtualDestroyNSSReference() override {} + char * mResult; // out + virtual void RunOnTargetThread() override; +private: + PK11SlotInfo* const mSlot; // in + nsIInterfaceRequestor* const mIR; // in +}; + +PK11PasswordPromptRunnable::~PK11PasswordPromptRunnable() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + shutdown(ShutdownCalledFrom::Object); +} + +void +PK11PasswordPromptRunnable::RunOnTargetThread() +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + nsresult rv; + nsCOMPtr prompt; + if (!mIR) { + rv = nsNSSComponent::GetNewPrompter(getter_AddRefs(prompt)); + if (NS_FAILED(rv)) { + return; + } + } else { + prompt = do_GetInterface(mIR); + MOZ_ASSERT(prompt, "Interface requestor should implement nsIPrompt"); + } + + if (!prompt) { + return; + } + + if (PK11_ProtectedAuthenticationPath(mSlot)) { + mResult = ShowProtectedAuthPrompt(mSlot, mIR); + return; + } + + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID)); + if (!nssComponent) { + return; + } + + NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(mSlot)); + const char16_t* formatStrings[] = { + tokenName.get(), + }; + nsAutoString promptString; + rv = nssComponent->PIPBundleFormatStringFromName("CertPassPrompt", + formatStrings, + ArrayLength(formatStrings), + promptString); + if (NS_FAILED(rv)) { + return; + } + + nsXPIDLString password; + // |checkState| is unused because |checkMsg| (the argument just before it) is + // null, but XPConnect requires it to point to a valid bool nonetheless. + bool checkState = false; + bool userClickedOK = false; + rv = prompt->PromptPassword(nullptr, promptString.get(), + getter_Copies(password), nullptr, &checkState, + &userClickedOK); + if (NS_FAILED(rv) || !userClickedOK) { + return; + } + + mResult = ToNewUTF8String(password); +} + +char* +PK11PasswordPrompt(PK11SlotInfo* slot, PRBool /*retry*/, void* arg) +{ + RefPtr runnable( + new PK11PasswordPromptRunnable(slot, + static_cast(arg))); + runnable->DispatchToMainThreadAndWait(); + return runnable->mResult; +} + +// call with shutdown prevention lock held +static void +PreliminaryHandshakeDone(PRFileDesc* fd) +{ + nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret; + if (!infoObject) + return; + + SSLChannelInfo channelInfo; + if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) == SECSuccess) { + infoObject->SetSSLVersionUsed(channelInfo.protocolVersion); + infoObject->SetEarlyDataAccepted(channelInfo.earlyDataAccepted); + + SSLCipherSuiteInfo cipherInfo; + if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo, + sizeof cipherInfo) == SECSuccess) { + /* Set the SSL Status information */ + RefPtr status(infoObject->SSLStatus()); + if (!status) { + status = new nsSSLStatus(); + infoObject->SetSSLStatus(status); + } + + status->mHaveCipherSuiteAndProtocol = true; + status->mCipherSuite = channelInfo.cipherSuite; + status->mProtocolVersion = channelInfo.protocolVersion & 0xFF; + infoObject->SetKEAUsed(channelInfo.keaType); + infoObject->SetKEAKeyBits(channelInfo.keaKeyBits); + infoObject->SetMACAlgorithmUsed(cipherInfo.macAlgorithm); + } + } + + // Don't update NPN details on renegotiation. + if (infoObject->IsPreliminaryHandshakeDone()) { + return; + } + + // Get the NPN value. + SSLNextProtoState state; + unsigned char npnbuf[256]; + unsigned int npnlen; + + if (SSL_GetNextProto(fd, &state, npnbuf, &npnlen, + AssertedCast(ArrayLength(npnbuf))) + == SECSuccess) { + if (state == SSL_NEXT_PROTO_NEGOTIATED || + state == SSL_NEXT_PROTO_SELECTED) { + infoObject->SetNegotiatedNPN(BitwiseCast(npnbuf), + npnlen); + } else { + infoObject->SetNegotiatedNPN(nullptr, 0); + } + mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state); + } else { + infoObject->SetNegotiatedNPN(nullptr, 0); + } + + infoObject->SetPreliminaryHandshakeDone(); +} + +SECStatus +CanFalseStartCallback(PRFileDesc* fd, void* client_data, PRBool *canFalseStart) +{ + *canFalseStart = false; + + nsNSSShutDownPreventionLock locker; + + nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret; + if (!infoObject) { + PR_SetError(PR_INVALID_STATE_ERROR, 0); + return SECFailure; + } + + infoObject->SetFalseStartCallbackCalled(); + + if (infoObject->isAlreadyShutDown()) { + MOZ_CRASH("SSL socket used after NSS shut down"); + PR_SetError(PR_INVALID_STATE_ERROR, 0); + return SECFailure; + } + + PreliminaryHandshakeDone(fd); + + uint32_t reasonsForNotFalseStarting = 0; + + SSLChannelInfo channelInfo; + if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) != SECSuccess) { + return SECSuccess; + } + + SSLCipherSuiteInfo cipherInfo; + if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo, + sizeof (cipherInfo)) != SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - " + " KEA %d\n", fd, + static_cast(channelInfo.keaType))); + return SECSuccess; + } + + nsSSLIOLayerHelpers& helpers = infoObject->SharedState().IOLayerHelpers(); + + // Prevent version downgrade attacks from TLS 1.2, and avoid False Start for + // TLS 1.3 and later. See Bug 861310 for all the details as to why. + if (channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_2) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - " + "SSL Version must be TLS 1.2, was %x\n", fd, + static_cast(channelInfo.protocolVersion))); + reasonsForNotFalseStarting |= POSSIBLE_VERSION_DOWNGRADE; + } + + // See bug 952863 for why ECDHE is allowed, but DHE (and RSA) are not. + if (channelInfo.keaType != ssl_kea_ecdh) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - " + "unsupported KEA %d\n", fd, + static_cast(channelInfo.keaType))); + reasonsForNotFalseStarting |= KEA_NOT_SUPPORTED; + } + + // Prevent downgrade attacks on the symmetric cipher. We do not allow CBC + // mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt + // design. See bug 1109766 for more details. + if (cipherInfo.macAlgorithm != ssl_mac_aead) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("CanFalseStartCallback [%p] failed - non-AEAD cipher used, %d, " + "is not supported with False Start.\n", fd, + static_cast(cipherInfo.symCipher))); + reasonsForNotFalseStarting |= POSSIBLE_CIPHER_SUITE_DOWNGRADE; + } + + // XXX: An attacker can choose which protocols are advertised in the + // NPN extension. TODO(Bug 861311): We should restrict the ability + // of an attacker leverage this capability by restricting false start + // to the same protocol we previously saw for the server, after the + // first successful connection to the server. + + // Enforce NPN to do false start if policy requires it. Do this as an + // indicator if server compatibility. + if (helpers.mFalseStartRequireNPN) { + nsAutoCString negotiatedNPN; + if (NS_FAILED(infoObject->GetNegotiatedNPN(negotiatedNPN)) || + !negotiatedNPN.Length()) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - " + "NPN cannot be verified\n", fd)); + reasonsForNotFalseStarting |= NPN_NOT_NEGOTIATED; + } + } + + Telemetry::Accumulate(Telemetry::SSL_REASONS_FOR_NOT_FALSE_STARTING, + reasonsForNotFalseStarting); + + if (reasonsForNotFalseStarting == 0) { + *canFalseStart = PR_TRUE; + infoObject->SetFalseStarted(); + infoObject->NoteTimeUntilReady(); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] ok\n", fd)); + } + + return SECSuccess; +} + +static void +AccumulateNonECCKeySize(Telemetry::ID probe, uint32_t bits) +{ + unsigned int value = bits < 512 ? 1 : bits == 512 ? 2 + : bits < 768 ? 3 : bits == 768 ? 4 + : bits < 1024 ? 5 : bits == 1024 ? 6 + : bits < 1280 ? 7 : bits == 1280 ? 8 + : bits < 1536 ? 9 : bits == 1536 ? 10 + : bits < 2048 ? 11 : bits == 2048 ? 12 + : bits < 3072 ? 13 : bits == 3072 ? 14 + : bits < 4096 ? 15 : bits == 4096 ? 16 + : bits < 8192 ? 17 : bits == 8192 ? 18 + : bits < 16384 ? 19 : bits == 16384 ? 20 + : 0; + Telemetry::Accumulate(probe, value); +} + +// XXX: This attempts to map a bit count to an ECC named curve identifier. In +// the vast majority of situations, we only have the Suite B curves available. +// In that case, this mapping works fine. If we were to have more curves +// available, the mapping would be ambiguous since there could be multiple +// named curves for a given size (e.g. secp256k1 vs. secp256r1). We punt on +// that for now. See also NSS bug 323674. +static void +AccumulateECCCurve(Telemetry::ID probe, uint32_t bits) +{ + unsigned int value = bits == 256 ? 23 // P-256 + : bits == 384 ? 24 // P-384 + : bits == 521 ? 25 // P-521 + : 0; // Unknown + Telemetry::Accumulate(probe, value); +} + +static void +AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo) +{ + uint32_t value; + switch (channelInfo.cipherSuite) { + // ECDHE key exchange + case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: value = 1; break; + case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: value = 2; break; + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: value = 3; break; + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: value = 4; break; + case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: value = 5; break; + case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: value = 6; break; + case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: value = 7; break; + case TLS_ECDHE_RSA_WITH_RC4_128_SHA: value = 8; break; + case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: value = 9; break; + case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 10; break; + case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: value = 11; break; + case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: value = 12; break; + case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: value = 13; break; + case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: value = 14; break; + // DHE key exchange + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: value = 21; break; + case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 22; break; + case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: value = 23; break; + case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: value = 24; break; + case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: value = 25; break; + case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: value = 26; break; + case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: value = 27; break; + case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: value = 28; break; + case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: value = 29; break; + case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: value = 30; break; + // ECDH key exchange + case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: value = 41; break; + case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: value = 42; break; + case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: value = 43; break; + case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: value = 44; break; + case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 45; break; + case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: value = 46; break; + case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: value = 47; break; + case TLS_ECDH_RSA_WITH_RC4_128_SHA: value = 48; break; + // RSA key exchange + case TLS_RSA_WITH_AES_128_CBC_SHA: value = 61; break; + case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 62; break; + case TLS_RSA_WITH_AES_256_CBC_SHA: value = 63; break; + case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: value = 64; break; + case SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: value = 65; break; + case TLS_RSA_WITH_3DES_EDE_CBC_SHA: value = 66; break; + case TLS_RSA_WITH_SEED_CBC_SHA: value = 67; break; + case TLS_RSA_WITH_RC4_128_SHA: value = 68; break; + case TLS_RSA_WITH_RC4_128_MD5: value = 69; break; + // TLS 1.3 PSK resumption + case TLS_AES_128_GCM_SHA256: value = 70; break; + case TLS_CHACHA20_POLY1305_SHA256: value = 71; break; + case TLS_AES_256_GCM_SHA384: value = 72; break; + // unknown + default: + value = 0; + break; + } + MOZ_ASSERT(value != 0); + Telemetry::Accumulate(probe, value); +} + +// In the case of session resumption, the AuthCertificate hook has been bypassed +// (because we've previously successfully connected to our peer). That being the +// case, we unfortunately don't know if the peer's server certificate verified +// as extended validation or not. To address this, we attempt to build a +// verified EV certificate chain here using as much of the original context as +// possible (e.g. stapled OCSP responses, SCTs, the hostname, the first party +// domain, etc.). Note that because we are on the socket thread, this must not +// cause any network requests, hence the use of FLAG_LOCAL_ONLY. +static void +DetermineEVStatusAndSetNewCert(RefPtr sslStatus, PRFileDesc* fd, + nsNSSSocketInfo* infoObject) +{ + MOZ_ASSERT(sslStatus); + MOZ_ASSERT(fd); + MOZ_ASSERT(infoObject); + + if (!sslStatus || !fd || !infoObject) { + return; + } + + UniqueCERTCertificate cert(SSL_PeerCertificate(fd)); + MOZ_ASSERT(cert, "SSL_PeerCertificate failed in TLS handshake callback?"); + if (!cert) { + return; + } + + RefPtr certVerifier(GetDefaultCertVerifier()); + MOZ_ASSERT(certVerifier, + "Certificate verifier uninitialized in TLS handshake callback?"); + if (!certVerifier) { + return; + } + + // We don't own these pointers. + const SECItemArray* stapledOCSPResponses = SSL_PeerStapledOCSPResponses(fd); + const SECItem* stapledOCSPResponse = nullptr; + // we currently only support single stapled responses + if (stapledOCSPResponses && stapledOCSPResponses->len == 1) { + stapledOCSPResponse = &stapledOCSPResponses->items[0]; + } + const SECItem* sctsFromTLSExtension = SSL_PeerSignedCertTimestamps(fd); + if (sctsFromTLSExtension && sctsFromTLSExtension->len == 0) { + // SSL_PeerSignedCertTimestamps returns null on error and empty item + // when no extension was returned by the server. We always use null when + // no extension was received (for whatever reason), ignoring errors. + sctsFromTLSExtension = nullptr; + } + + int flags = mozilla::psm::CertVerifier::FLAG_LOCAL_ONLY | + mozilla::psm::CertVerifier::FLAG_MUST_BE_EV; + if (!infoObject->SharedState().IsOCSPStaplingEnabled() || + !infoObject->SharedState().IsOCSPMustStapleEnabled()) { + flags |= CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST; + } + + SECOidTag evOidPolicy; + UniqueCERTCertList unusedBuiltChain; + const bool saveIntermediates = false; + mozilla::pkix::Result rv = certVerifier->VerifySSLServerCert( + cert, + stapledOCSPResponse, + sctsFromTLSExtension, + mozilla::pkix::Now(), + infoObject, + infoObject->GetHostNameRaw(), + unusedBuiltChain, + saveIntermediates, + flags, + infoObject->GetOriginAttributes(), + &evOidPolicy); + + RefPtr nssc(nsNSSCertificate::Create(cert.get())); + if (rv == Success && evOidPolicy != SEC_OID_UNKNOWN) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("HandshakeCallback using NEW cert %p (is EV)", nssc.get())); + sslStatus->SetServerCert(nssc, EVStatus::EV); + } else { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("HandshakeCallback using NEW cert %p (is not EV)", nssc.get())); + sslStatus->SetServerCert(nssc, EVStatus::NotEV); + } +} + +void HandshakeCallback(PRFileDesc* fd, void* client_data) { + nsNSSShutDownPreventionLock locker; + SECStatus rv; + + nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret; + + // Do the bookkeeping that needs to be done after the + // server's ServerHello...ServerHelloDone have been processed, but that doesn't + // need the handshake to be completed. + PreliminaryHandshakeDone(fd); + + nsSSLIOLayerHelpers& ioLayerHelpers + = infoObject->SharedState().IOLayerHelpers(); + + SSLVersionRange versions(infoObject->GetTLSVersionRange()); + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] HandshakeCallback: succeeded using TLS version range (0x%04x,0x%04x)\n", + fd, static_cast(versions.min), + static_cast(versions.max))); + + // If the handshake completed, then we know the site is TLS tolerant + ioLayerHelpers.rememberTolerantAtVersion(infoObject->GetHostName(), + infoObject->GetPort(), + versions.max); + + bool usesFallbackCipher = false; + SSLChannelInfo channelInfo; + rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)); + MOZ_ASSERT(rv == SECSuccess); + if (rv == SECSuccess) { + // Get the protocol version for telemetry + // 1=tls1, 2=tls1.1, 3=tls1.2 + unsigned int versionEnum = channelInfo.protocolVersion & 0xFF; + MOZ_ASSERT(versionEnum > 0); + Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_VERSION, versionEnum); + AccumulateCipherSuite( + infoObject->IsFullHandshake() ? Telemetry::SSL_CIPHER_SUITE_FULL + : Telemetry::SSL_CIPHER_SUITE_RESUMED, + channelInfo); + + SSLCipherSuiteInfo cipherInfo; + rv = SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo, + sizeof cipherInfo); + MOZ_ASSERT(rv == SECSuccess); + if (rv == SECSuccess) { + usesFallbackCipher = channelInfo.keaType == ssl_kea_dh; + + // keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4 + Telemetry::Accumulate( + infoObject->IsFullHandshake() + ? Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_FULL + : Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_RESUMED, + channelInfo.keaType); + + MOZ_ASSERT(infoObject->GetKEAUsed() == channelInfo.keaType); + + if (infoObject->IsFullHandshake()) { + switch (channelInfo.keaType) { + case ssl_kea_rsa: + AccumulateNonECCKeySize(Telemetry::SSL_KEA_RSA_KEY_SIZE_FULL, + channelInfo.keaKeyBits); + break; + case ssl_kea_dh: + AccumulateNonECCKeySize(Telemetry::SSL_KEA_DHE_KEY_SIZE_FULL, + channelInfo.keaKeyBits); + break; + case ssl_kea_ecdh: + AccumulateECCCurve(Telemetry::SSL_KEA_ECDHE_CURVE_FULL, + channelInfo.keaKeyBits); + break; + default: + MOZ_CRASH("impossible KEA"); + break; + } + + Telemetry::Accumulate(Telemetry::SSL_AUTH_ALGORITHM_FULL, + channelInfo.authType); + + // RSA key exchange doesn't use a signature for auth. + if (channelInfo.keaType != ssl_kea_rsa) { + switch (channelInfo.authType) { + case ssl_auth_rsa: + case ssl_auth_rsa_sign: + AccumulateNonECCKeySize(Telemetry::SSL_AUTH_RSA_KEY_SIZE_FULL, + channelInfo.authKeyBits); + break; + case ssl_auth_ecdsa: + AccumulateECCCurve(Telemetry::SSL_AUTH_ECDSA_CURVE_FULL, + channelInfo.authKeyBits); + break; + default: + MOZ_CRASH("impossible auth algorithm"); + break; + } + } + } + + Telemetry::Accumulate( + infoObject->IsFullHandshake() + ? Telemetry::SSL_SYMMETRIC_CIPHER_FULL + : Telemetry::SSL_SYMMETRIC_CIPHER_RESUMED, + cipherInfo.symCipher); + } + } + + PRBool siteSupportsSafeRenego; + if (channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_3) { + rv = SSL_HandshakeNegotiatedExtension(fd, ssl_renegotiation_info_xtn, + &siteSupportsSafeRenego); + MOZ_ASSERT(rv == SECSuccess); + if (rv != SECSuccess) { + siteSupportsSafeRenego = false; + } + } else { + // TLS 1.3 dropped support for renegotiation. + siteSupportsSafeRenego = true; + } + bool renegotiationUnsafe = !siteSupportsSafeRenego && + ioLayerHelpers.treatUnsafeNegotiationAsBroken(); + + + /* Set the SSL Status information */ + RefPtr status(infoObject->SSLStatus()); + if (!status) { + status = new nsSSLStatus(); + infoObject->SetSSLStatus(status); + } + + RememberCertErrorsTable::GetInstance().LookupCertErrorBits(infoObject, + status); + + uint32_t state; + if (renegotiationUnsafe) { + state = nsIWebProgressListener::STATE_IS_BROKEN; + } else { + state = nsIWebProgressListener::STATE_IS_SECURE | + nsIWebProgressListener::STATE_SECURE_HIGH; + if (!usesFallbackCipher) { + SSLVersionRange defVersion; + rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion); + if (rv == SECSuccess && versions.max >= defVersion.max) { + // we know this site no longer requires a fallback cipher + ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(), + infoObject->GetPort()); + } + } + } + + if (status->HasServerCert()) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("HandshakeCallback KEEPING existing cert\n")); + } else { + DetermineEVStatusAndSetNewCert(status, fd, infoObject); + } + + bool domainMismatch; + bool untrusted; + bool notValidAtThisTime; + // These all return NS_OK, so don't even bother checking the return values. + Unused << status->GetIsDomainMismatch(&domainMismatch); + Unused << status->GetIsUntrusted(&untrusted); + Unused << status->GetIsNotValidAtThisTime(¬ValidAtThisTime); + // If we're here, the TLS handshake has succeeded. Thus if any of these + // booleans are true, the user has added an override for a certificate error. + if (domainMismatch || untrusted || notValidAtThisTime) { + state |= nsIWebProgressListener::STATE_CERT_USER_OVERRIDDEN; + } + + infoObject->SetSecurityState(state); + + // XXX Bug 883674: We shouldn't be formatting messages here in PSM; instead, + // we should set a flag on the channel that higher (UI) level code can check + // to log the warning. In particular, these warnings should go to the web + // console instead of to the error console. Also, the warning is not + // localized. + if (!siteSupportsSafeRenego) { + nsXPIDLCString hostName; + infoObject->GetHostName(getter_Copies(hostName)); + + nsAutoString msg; + msg.Append(NS_ConvertASCIItoUTF16(hostName)); + msg.AppendLiteral(" : server does not support RFC 5746, see CVE-2009-3555"); + + nsContentUtils::LogSimpleConsoleError(msg, "SSL"); + } + + infoObject->NoteTimeUntilReady(); + infoObject->SetHandshakeCompleted(); +} diff --git a/security/manager/ssl/nsNSSCallbacks.h b/security/manager/ssl/nsNSSCallbacks.h new file mode 100644 index 000000000..e9d7f3172 --- /dev/null +++ b/security/manager/ssl/nsNSSCallbacks.h @@ -0,0 +1,198 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSCallbacks_h +#define nsNSSCallbacks_h + +#include "mozilla/Attributes.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/CondVar.h" +#include "mozilla/Mutex.h" +#include "nsAutoPtr.h" +#include "nsCOMPtr.h" +#include "nsIStreamLoader.h" +#include "nspr.h" +#include "nsString.h" +#include "pk11func.h" +#include "pkix/pkixtypes.h" + +#include "ocspt.h" // Must be included after pk11func.h. + +using mozilla::NeckoOriginAttributes; + +class nsILoadGroup; + +char* +PK11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void* arg); + +void HandshakeCallback(PRFileDesc *fd, void *client_data); +SECStatus CanFalseStartCallback(PRFileDesc* fd, void* client_data, + PRBool *canFalseStart); + +class nsHTTPListener final : public nsIStreamLoaderObserver +{ +private: + // For XPCOM implementations that are not a base class for some other + // class, it is good practice to make the destructor non-virtual and + // private. Then the only way to delete the object is via Release. +#ifdef _MSC_VER + // C4265: Class has virtual members but destructor is not virtual + __pragma(warning(disable:4265)) +#endif + ~nsHTTPListener(); + +public: + nsHTTPListener(); + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSISTREAMLOADEROBSERVER + + nsCOMPtr mLoader; + + nsresult mResultCode; + + bool mHttpRequestSucceeded; + uint16_t mHttpResponseCode; + nsCString mHttpResponseContentType; + + const uint8_t* mResultData; // allocated in loader, but owned by listener + uint32_t mResultLen; + + mozilla::Mutex mLock; + mozilla::CondVar mCondition; + volatile bool mWaitFlag; + + bool mResponsibleForDoneSignal; + void send_done_signal(); + + // no nsCOMPtr. When I use it, I get assertions about + // loadgroup not being thread safe. + // So, let's use a raw pointer and ensure we only create and destroy + // it on the network thread ourselves. + nsILoadGroup *mLoadGroup; + PRThread *mLoadGroupOwnerThread; + void FreeLoadGroup(bool aCancelLoad); +}; + +class nsNSSHttpServerSession +{ +public: + typedef mozilla::pkix::Result Result; + + nsCString mHost; + uint16_t mPort; + + static Result createSessionFcn(const char* host, + uint16_t portnum, + /*out*/ nsNSSHttpServerSession** pSession); +}; + +class nsNSSHttpRequestSession +{ +protected: + mozilla::ThreadSafeAutoRefCnt mRefCount; + +public: + typedef mozilla::pkix::Result Result; + + static Result createFcn(const nsNSSHttpServerSession* session, + const char* httpProtocolVariant, + const char* pathAndQueryString, + const char* httpRequestMethod, + const NeckoOriginAttributes& originAttributes, + const PRIntervalTime timeout, + /*out*/ nsNSSHttpRequestSession** pRequest); + + Result setPostDataFcn(const char* httpData, + const uint32_t httpDataLen, + const char* httpContentType); + + Result trySendAndReceiveFcn(PRPollDesc** pPollDesc, + uint16_t* httpResponseCode, + const char** httpResponseContentType, + const char** httpResponseHeaders, + const char** httpResponseData, + uint32_t* httpResponseDataLen); + + void AddRef(); + void Release(); + + nsCString mURL; + nsCString mRequestMethod; + + bool mHasPostData; + nsCString mPostData; + nsCString mPostContentType; + + NeckoOriginAttributes mOriginAttributes; + + PRIntervalTime mTimeoutInterval; + + RefPtr mListener; + +protected: + nsNSSHttpRequestSession(); + ~nsNSSHttpRequestSession(); + + Result internal_send_receive_attempt(bool& retryableError, + PRPollDesc** pPollDesc, + uint16_t* httpResponseCode, + const char** httpResponseContentType, + const char** httpResponseHeaders, + const char** httpResponseData, + uint32_t* httpResponseDataLen); +}; + +class nsNSSHttpInterface +{ +public: + typedef mozilla::pkix::Result Result; + + static Result createSessionFcn(const char* host, + uint16_t portnum, + /*out*/ nsNSSHttpServerSession** pSession) + { + return nsNSSHttpServerSession::createSessionFcn(host, portnum, pSession); + } + + static Result createFcn(const nsNSSHttpServerSession* session, + const char* httpProtocolVariant, + const char* pathAndQueryString, + const char* httpRequestMethod, + const NeckoOriginAttributes& originAttributes, + const PRIntervalTime timeout, + /*out*/ nsNSSHttpRequestSession** pRequest) + { + return nsNSSHttpRequestSession::createFcn(session, httpProtocolVariant, + pathAndQueryString, + httpRequestMethod, originAttributes, + timeout, pRequest); + } + + static Result setPostDataFcn(nsNSSHttpRequestSession* request, + const char* httpData, + const uint32_t httpDataLen, + const char* httpContentType) + { + return request->setPostDataFcn(httpData, httpDataLen, httpContentType); + } + + static Result trySendAndReceiveFcn(nsNSSHttpRequestSession* request, + PRPollDesc** pPollDesc, + uint16_t* httpResponseCode, + const char** httpResponseContentType, + const char** httpResponseHeaders, + const char** httpResponseData, + uint32_t* httpResponseDataLen) + { + return request->trySendAndReceiveFcn(pPollDesc, httpResponseCode, + httpResponseContentType, + httpResponseHeaders, + httpResponseData, httpResponseDataLen); + } +}; + +#endif // nsNSSCallbacks_h diff --git a/security/manager/ssl/nsNSSCertHelper.cpp b/security/manager/ssl/nsNSSCertHelper.cpp new file mode 100644 index 000000000..64c87ad2f --- /dev/null +++ b/security/manager/ssl/nsNSSCertHelper.cpp @@ -0,0 +1,2039 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSCertHelper.h" + +#include + +#include "ScopedNSSTypes.h" +#include "mozilla/Casting.h" +#include "mozilla/NotNull.h" +#include "mozilla/Sprintf.h" +#include "mozilla/UniquePtr.h" +#include "nsCOMPtr.h" +#include "nsComponentManagerUtils.h" +#include "nsDateTimeFormatCID.h" +#include "nsIDateTimeFormat.h" +#include "nsNSSASN1Object.h" +#include "nsNSSCertTrust.h" +#include "nsNSSCertValidity.h" +#include "nsNSSCertificate.h" +#include "nsNSSComponent.h" +#include "nsServiceManagerUtils.h" +#include "prerror.h" +#include "secder.h" + +using namespace mozilla; + +/* Object Identifier constants */ +#define CONST_OID static const unsigned char +#define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37 +#define PKIX_OID 0x2b, 0x6, 0x01, 0x05, 0x05, 0x07 +CONST_OID msCertExtCerttype[] = { MICROSOFT_OID, 20, 2}; +CONST_OID msNTPrincipalName[] = { MICROSOFT_OID, 20, 2, 3 }; +CONST_OID msCertsrvCAVersion[] = { MICROSOFT_OID, 21, 1 }; +CONST_OID msNTDSReplication[] = { MICROSOFT_OID, 25, 1 }; +CONST_OID pkixLogotype[] = { PKIX_OID, 1, 12 }; + +#define OI(x) { siDEROID, (unsigned char *)x, sizeof x } +#define OD(oid,desc,mech,ext) {OI(oid), SEC_OID_UNKNOWN, desc, mech, ext} +#define SEC_OID(tag) more_oids[tag].offset + +static SECOidData more_oids[] = { + /* Microsoft OIDs */ + #define MS_CERT_EXT_CERTTYPE 0 + OD( msCertExtCerttype, + "Microsoft Certificate Template Name", + CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), + + #define MS_NT_PRINCIPAL_NAME 1 + OD( msNTPrincipalName, + "Microsoft Principal Name", + CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), + + #define MS_CERTSERV_CA_VERSION 2 + OD( msCertsrvCAVersion, + "Microsoft CA Version", + CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), + + #define MS_NTDS_REPLICATION 3 + OD( msNTDSReplication, + "Microsoft Domain GUID", + CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), + + #define PKIX_LOGOTYPE 4 + OD( pkixLogotype, + "Logotype", + CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), +}; + +static const unsigned int numOids = (sizeof more_oids) / (sizeof more_oids[0]); + +static nsresult +ProcessVersion(SECItem* versionItem, nsINSSComponent* nssComponent, + nsIASN1PrintableItem** retItem) +{ + nsAutoString text; + nssComponent->GetPIPNSSBundleString("CertDumpVersion", text); + nsCOMPtr printableItem = new nsNSSASN1PrintableItem(); + nsresult rv = printableItem->SetDisplayName(text); + if (NS_FAILED(rv)) { + return rv; + } + + // Now to figure out what version this certificate is. + unsigned int version; + if (versionItem->data) { + // Filter out totally bogus version values/encodings. + if (versionItem->len != 1) { + return NS_ERROR_FAILURE; + } + version = *BitwiseCast(versionItem->data); + } else { + // If there is no version present in the cert, then RFC 5280 says we + // default to v1 (0). + version = 0; + } + + // A value of n actually corresponds to version n + 1 + nsAutoString versionString; + versionString.AppendInt(version + 1); + const char16_t* params[1] = { versionString.get() }; + rv = nssComponent->PIPBundleFormatStringFromName("CertDumpVersionValue", + params, + MOZ_ARRAY_LENGTH(params), + text); + if (NS_FAILED(rv)) { + return rv; + } + + rv = printableItem->SetDisplayValue(text); + if (NS_FAILED(rv)) { + return rv; + } + + printableItem.forget(retItem); + return NS_OK; +} + +static nsresult +ProcessSerialNumberDER(const SECItem& serialItem, + NotNull nssComponent, + /*out*/ nsCOMPtr& retItem) +{ + nsAutoString text; + nsresult rv = nssComponent->GetPIPNSSBundleString("CertDumpSerialNo", text); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr printableItem = new nsNSSASN1PrintableItem(); + rv = printableItem->SetDisplayName(text); + if (NS_FAILED(rv)) { + return rv; + } + + UniquePORTString serialNumber( + CERT_Hexify(const_cast(&serialItem), 1)); + if (!serialNumber) { + return NS_ERROR_OUT_OF_MEMORY; + } + + rv = printableItem->SetDisplayValue(NS_ConvertASCIItoUTF16(serialNumber.get())); + if (NS_FAILED(rv)) { + return rv; + } + + retItem = printableItem.forget(); + return NS_OK; +} + +static nsresult +GetDefaultOIDFormat(SECItem *oid, + nsINSSComponent *nssComponent, + nsAString &outString, + char separator) +{ + outString.Truncate(); + int invalidCount = 0; + + unsigned int i; + unsigned long val = 0; + bool invalid = false; + bool first = true; + + val = 0; + for (i = 0; i < oid->len; ++i) { + // In this loop, we have to parse a DER formatted + // If the first bit is a 1, then the integer is + // represented by more than one byte. If the + // first bit is set then we continue on and add + // the values of the later bytes until we get + // a byte without the first bit set. + unsigned long j; + + j = oid->data[i]; + val = (val << 7) | (j & 0x7f); + if (j & 0x80) { + // - If val is 0 in this block, the OID number particle starts with 0x80 + // what is specified as an invalid formating. + // - If val is larger then 2^32-7, on next left shift by 7 we will loose + // the most significant bits, this OID number particle cannot be read + // by our implementation. + // - If the first bit is set while this is the last component of the OID + // we are also in an invalid state. + if (val == 0 || (val >= (1 << (32-7))) || (i == oid->len-1)) { + invalid = true; + } + + if (i < oid->len-1) + continue; + } + + if (!invalid) { + if (first) { + unsigned long one = std::min(val/40, 2UL); // never > 2 + unsigned long two = val - (one * 40); + + outString.AppendPrintf("%lu%c%lu", one, separator, two); + } + else { + outString.AppendPrintf("%c%lu", separator, val); + } + } + else { + if (!first) { + outString.AppendPrintf("%c", separator); + } + nsAutoString unknownText; + nssComponent->GetPIPNSSBundleString("CertUnknown", + unknownText); + outString.Append(unknownText); + + if (++invalidCount > 3) { + // Allow only 3 occurences of Unknown in OID display string to + // prevent bloat. + break; + } + } + + val = 0; + invalid = false; + first = false; + } + + return NS_OK; +} + +static nsresult +GetOIDText(SECItem *oid, nsINSSComponent *nssComponent, nsAString &text) +{ + nsresult rv; + SECOidTag oidTag = SECOID_FindOIDTag(oid); + const char *bundlekey = 0; + + switch (oidTag) { + case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: + bundlekey = "CertDumpMD2WithRSA"; + break; + case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: + bundlekey = "CertDumpMD5WithRSA"; + break; + case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: + bundlekey = "CertDumpSHA1WithRSA"; + break; + case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: + bundlekey = "CertDumpSHA256WithRSA"; + break; + case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: + bundlekey = "CertDumpSHA384WithRSA"; + break; + case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: + bundlekey = "CertDumpSHA512WithRSA"; + break; + case SEC_OID_PKCS1_RSA_ENCRYPTION: + bundlekey = "CertDumpRSAEncr"; + break; + case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: + bundlekey = "CertDumpRSAPSSSignature"; + break; + case SEC_OID_AVA_COUNTRY_NAME: + bundlekey = "CertDumpAVACountry"; + break; + case SEC_OID_AVA_COMMON_NAME: + bundlekey = "CertDumpAVACN"; + break; + case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME: + bundlekey = "CertDumpAVAOU"; + break; + case SEC_OID_AVA_ORGANIZATION_NAME: + bundlekey = "CertDumpAVAOrg"; + break; + case SEC_OID_AVA_LOCALITY: + bundlekey = "CertDumpAVALocality"; + break; + case SEC_OID_AVA_DN_QUALIFIER: + bundlekey = "CertDumpAVADN"; + break; + case SEC_OID_AVA_DC: + bundlekey = "CertDumpAVADC"; + break; + case SEC_OID_AVA_STATE_OR_PROVINCE: + bundlekey = "CertDumpAVAState"; + break; + case SEC_OID_AVA_SURNAME: + bundlekey = "CertDumpSurname"; + break; + case SEC_OID_AVA_GIVEN_NAME: + bundlekey = "CertDumpGivenName"; + break; + case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR: + bundlekey = "CertDumpSubjectDirectoryAttr"; + break; + case SEC_OID_X509_SUBJECT_KEY_ID: + bundlekey = "CertDumpSubjectKeyID"; + break; + case SEC_OID_X509_KEY_USAGE: + bundlekey = "CertDumpKeyUsage"; + break; + case SEC_OID_X509_SUBJECT_ALT_NAME: + bundlekey = "CertDumpSubjectAltName"; + break; + case SEC_OID_X509_ISSUER_ALT_NAME: + bundlekey = "CertDumpIssuerAltName"; + break; + case SEC_OID_X509_BASIC_CONSTRAINTS: + bundlekey = "CertDumpBasicConstraints"; + break; + case SEC_OID_X509_NAME_CONSTRAINTS: + bundlekey = "CertDumpNameConstraints"; + break; + case SEC_OID_X509_CRL_DIST_POINTS: + bundlekey = "CertDumpCrlDistPoints"; + break; + case SEC_OID_X509_CERTIFICATE_POLICIES: + bundlekey = "CertDumpCertPolicies"; + break; + case SEC_OID_X509_POLICY_MAPPINGS: + bundlekey = "CertDumpPolicyMappings"; + break; + case SEC_OID_X509_POLICY_CONSTRAINTS: + bundlekey = "CertDumpPolicyConstraints"; + break; + case SEC_OID_X509_AUTH_KEY_ID: + bundlekey = "CertDumpAuthKeyID"; + break; + case SEC_OID_X509_EXT_KEY_USAGE: + bundlekey = "CertDumpExtKeyUsage"; + break; + case SEC_OID_X509_AUTH_INFO_ACCESS: + bundlekey = "CertDumpAuthInfoAccess"; + break; + case SEC_OID_ANSIX9_DSA_SIGNATURE: + bundlekey = "CertDumpAnsiX9DsaSignature"; + break; + case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: + bundlekey = "CertDumpAnsiX9DsaSignatureWithSha1"; + break; + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha1"; + break; + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha224"; + break; + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha256"; + break; + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha384"; + break; + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha512"; + break; + case SEC_OID_RFC1274_UID: + bundlekey = "CertDumpUserID"; + break; + case SEC_OID_PKCS9_EMAIL_ADDRESS: + bundlekey = "CertDumpPK9Email"; + break; + case SEC_OID_ANSIX962_EC_PUBLIC_KEY: + bundlekey = "CertDumpECPublicKey"; + break; + /* ANSI X9.62 named elliptic curves (prime field) */ + case SEC_OID_ANSIX962_EC_PRIME192V1: + /* same as SEC_OID_SECG_EC_SECP192r1 */ + bundlekey = "CertDumpECprime192v1"; + break; + case SEC_OID_ANSIX962_EC_PRIME192V2: + bundlekey = "CertDumpECprime192v2"; + break; + case SEC_OID_ANSIX962_EC_PRIME192V3: + bundlekey = "CertDumpECprime192v3"; + break; + case SEC_OID_ANSIX962_EC_PRIME239V1: + bundlekey = "CertDumpECprime239v1"; + break; + case SEC_OID_ANSIX962_EC_PRIME239V2: + bundlekey = "CertDumpECprime239v2"; + break; + case SEC_OID_ANSIX962_EC_PRIME239V3: + bundlekey = "CertDumpECprime239v3"; + break; + case SEC_OID_ANSIX962_EC_PRIME256V1: + /* same as SEC_OID_SECG_EC_SECP256r1 */ + bundlekey = "CertDumpECprime256v1"; + break; + /* SECG named elliptic curves (prime field) */ + case SEC_OID_SECG_EC_SECP112R1: + bundlekey = "CertDumpECsecp112r1"; + break; + case SEC_OID_SECG_EC_SECP112R2: + bundlekey = "CertDumpECsecp112r2"; + break; + case SEC_OID_SECG_EC_SECP128R1: + bundlekey = "CertDumpECsecp128r1"; + break; + case SEC_OID_SECG_EC_SECP128R2: + bundlekey = "CertDumpECsecp128r2"; + break; + case SEC_OID_SECG_EC_SECP160K1: + bundlekey = "CertDumpECsecp160k1"; + break; + case SEC_OID_SECG_EC_SECP160R1: + bundlekey = "CertDumpECsecp160r1"; + break; + case SEC_OID_SECG_EC_SECP160R2: + bundlekey = "CertDumpECsecp160r2"; + break; + case SEC_OID_SECG_EC_SECP192K1: + bundlekey = "CertDumpECsecp192k1"; + break; + case SEC_OID_SECG_EC_SECP224K1: + bundlekey = "CertDumpECsecp224k1"; + break; + case SEC_OID_SECG_EC_SECP224R1: + bundlekey = "CertDumpECsecp224r1"; + break; + case SEC_OID_SECG_EC_SECP256K1: + bundlekey = "CertDumpECsecp256k1"; + break; + case SEC_OID_SECG_EC_SECP384R1: + bundlekey = "CertDumpECsecp384r1"; + break; + + case SEC_OID_SECG_EC_SECP521R1: + bundlekey = "CertDumpECsecp521r1"; + break; + /* ANSI X9.62 named elliptic curves (characteristic two field) */ + case SEC_OID_ANSIX962_EC_C2PNB163V1: + bundlekey = "CertDumpECc2pnb163v1"; + break; + case SEC_OID_ANSIX962_EC_C2PNB163V2: + bundlekey = "CertDumpECc2pnb163v2"; + break; + case SEC_OID_ANSIX962_EC_C2PNB163V3: + bundlekey = "CertDumpECc2pnb163v3"; + break; + case SEC_OID_ANSIX962_EC_C2PNB176V1: + bundlekey = "CertDumpECc2pnb176v1"; + break; + case SEC_OID_ANSIX962_EC_C2TNB191V1: + bundlekey = "CertDumpECc2tnb191v1"; + break; + case SEC_OID_ANSIX962_EC_C2TNB191V2: + bundlekey = "CertDumpECc2tnb191v2"; + break; + case SEC_OID_ANSIX962_EC_C2TNB191V3: + bundlekey = "CertDumpECc2tnb191v3"; + break; + case SEC_OID_ANSIX962_EC_C2ONB191V4: + bundlekey = "CertDumpECc2onb191v4"; + break; + case SEC_OID_ANSIX962_EC_C2ONB191V5: + bundlekey = "CertDumpECc2onb191v5"; + break; + case SEC_OID_ANSIX962_EC_C2PNB208W1: + bundlekey = "CertDumpECc2pnb208w1"; + break; + case SEC_OID_ANSIX962_EC_C2TNB239V1: + bundlekey = "CertDumpECc2tnb239v1"; + break; + case SEC_OID_ANSIX962_EC_C2TNB239V2: + bundlekey = "CertDumpECc2tnb239v2"; + break; + case SEC_OID_ANSIX962_EC_C2TNB239V3: + bundlekey = "CertDumpECc2tnb239v3"; + break; + case SEC_OID_ANSIX962_EC_C2ONB239V4: + bundlekey = "CertDumpECc2onb239v4"; + break; + case SEC_OID_ANSIX962_EC_C2ONB239V5: + bundlekey = "CertDumpECc2onb239v5"; + break; + case SEC_OID_ANSIX962_EC_C2PNB272W1: + bundlekey = "CertDumpECc2pnb272w1"; + break; + case SEC_OID_ANSIX962_EC_C2PNB304W1: + bundlekey = "CertDumpECc2pnb304w1"; + break; + case SEC_OID_ANSIX962_EC_C2TNB359V1: + bundlekey = "CertDumpECc2tnb359v1"; + break; + case SEC_OID_ANSIX962_EC_C2PNB368W1: + bundlekey = "CertDumpECc2pnb368w1"; + break; + case SEC_OID_ANSIX962_EC_C2TNB431R1: + bundlekey = "CertDumpECc2tnb431r1"; + break; + /* SECG named elliptic curves (characteristic two field) */ + case SEC_OID_SECG_EC_SECT113R1: + bundlekey = "CertDumpECsect113r1"; + break; + case SEC_OID_SECG_EC_SECT113R2: + bundlekey = "CertDumpECsect113r2"; + break; + case SEC_OID_SECG_EC_SECT131R1: + bundlekey = "CertDumpECsect131r1"; + break; + case SEC_OID_SECG_EC_SECT131R2: + bundlekey = "CertDumpECsect131r2"; + break; + case SEC_OID_SECG_EC_SECT163K1: + bundlekey = "CertDumpECsect163k1"; + break; + case SEC_OID_SECG_EC_SECT163R1: + bundlekey = "CertDumpECsect163r1"; + break; + case SEC_OID_SECG_EC_SECT163R2: + bundlekey = "CertDumpECsect163r2"; + break; + case SEC_OID_SECG_EC_SECT193R1: + bundlekey = "CertDumpECsect193r1"; + break; + case SEC_OID_SECG_EC_SECT193R2: + bundlekey = "CertDumpECsect193r2"; + break; + case SEC_OID_SECG_EC_SECT233K1: + bundlekey = "CertDumpECsect233k1"; + break; + case SEC_OID_SECG_EC_SECT233R1: + bundlekey = "CertDumpECsect233r1"; + break; + case SEC_OID_SECG_EC_SECT239K1: + bundlekey = "CertDumpECsect239k1"; + break; + case SEC_OID_SECG_EC_SECT283K1: + bundlekey = "CertDumpECsect283k1"; + break; + case SEC_OID_SECG_EC_SECT283R1: + bundlekey = "CertDumpECsect283r1"; + break; + case SEC_OID_SECG_EC_SECT409K1: + bundlekey = "CertDumpECsect409k1"; + break; + case SEC_OID_SECG_EC_SECT409R1: + bundlekey = "CertDumpECsect409r1"; + break; + case SEC_OID_SECG_EC_SECT571K1: + bundlekey = "CertDumpECsect571k1"; + break; + case SEC_OID_SECG_EC_SECT571R1: + bundlekey = "CertDumpECsect571r1"; + break; + default: + if (oidTag == SEC_OID(MS_CERT_EXT_CERTTYPE)) { + bundlekey = "CertDumpMSCerttype"; + break; + } + if (oidTag == SEC_OID(MS_CERTSERV_CA_VERSION)) { + bundlekey = "CertDumpMSCAVersion"; + break; + } + if (oidTag == SEC_OID(PKIX_LOGOTYPE)) { + bundlekey = "CertDumpLogotype"; + break; + } + /* fallthrough */ + } + + if (bundlekey) { + rv = nssComponent->GetPIPNSSBundleString(bundlekey, text); + } else { + nsAutoString text2; + rv = GetDefaultOIDFormat(oid, nssComponent, text2, ' '); + if (NS_FAILED(rv)) + return rv; + + const char16_t *params[1] = {text2.get()}; + rv = nssComponent->PIPBundleFormatStringFromName("CertDumpDefOID", + params, 1, text); + } + return rv; +} + +#define SEPARATOR "\n" + +static nsresult +ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data, + nsAString &text, bool wantHeader = true) +{ + // This function is used to display some DER bytes + // that we have not added support for decoding. + // If it's short, let's display as an integer, no size header. + + if (data->len <= 4) { + int i_pv = DER_GetInteger(data); + nsAutoString value; + value.AppendInt(i_pv); + text.Append(value); + text.AppendLiteral(SEPARATOR); + return NS_OK; + } + + // Else produce a hex dump. + + if (wantHeader) { + nsAutoString bytelen, bitlen; + bytelen.AppendInt(data->len); + bitlen.AppendInt(data->len*8); + + const char16_t *params[2] = {bytelen.get(), bitlen.get()}; + nsresult rv = nssComponent->PIPBundleFormatStringFromName("CertDumpRawBytesHeader", + params, 2, text); + if (NS_FAILED(rv)) + return rv; + + text.AppendLiteral(SEPARATOR); + } + + // This prints the value of the byte out into a + // string that can later be displayed as a byte + // string. We place a new line after 24 bytes + // to break up extermaly long sequence of bytes. + + uint32_t i; + char buffer[5]; + for (i=0; ilen; i++) { + SprintfLiteral(buffer, "%02x ", data->data[i]); + AppendASCIItoUTF16(buffer, text); + if ((i+1)%16 == 0) { + text.AppendLiteral(SEPARATOR); + } + } + return NS_OK; +} + +/** + * Appends a pipnss bundle string to the given string. + * + * @param nssComponent For accessing the string bundle. + * @param bundleKey Key for the string to append. + * @param currentText The text to append to, using |SEPARATOR| as the separator. + */ +template +void AppendBundleString(const NotNull& nssComponent, + const char (&bundleKey)[N], + /*in/out*/ nsAString& currentText) +{ + nsAutoString bundleString; + nsresult rv = nssComponent->GetPIPNSSBundleString(bundleKey, bundleString); + if (NS_FAILED(rv)) { + return; + } + + currentText.Append(bundleString); + currentText.AppendLiteral(SEPARATOR); +} + +static nsresult +ProcessKeyUsageExtension(SECItem *extData, nsAString &text, + nsINSSComponent *nssComponent) +{ + MOZ_ASSERT(extData); + MOZ_ASSERT(nssComponent); + NS_ENSURE_ARG(extData); + NS_ENSURE_ARG(nssComponent); + + NotNull wrappedNSSComponent = WrapNotNull(nssComponent); + ScopedAutoSECItem decoded; + if (SEC_ASN1DecodeItem(nullptr, &decoded, SEC_ASN1_GET(SEC_BitStringTemplate), + extData) != SECSuccess) { + AppendBundleString(wrappedNSSComponent, "CertDumpExtensionFailure", text); + return NS_OK; + } + unsigned char keyUsage = 0; + if (decoded.len) { + keyUsage = decoded.data[0]; + } + + if (keyUsage & KU_DIGITAL_SIGNATURE) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUSign", text); + } + if (keyUsage & KU_NON_REPUDIATION) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUNonRep", text); + } + if (keyUsage & KU_KEY_ENCIPHERMENT) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUEnc", text); + } + if (keyUsage & KU_DATA_ENCIPHERMENT) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUDEnc", text); + } + if (keyUsage & KU_KEY_AGREEMENT) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUKA", text); + } + if (keyUsage & KU_KEY_CERT_SIGN) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUCertSign", text); + } + if (keyUsage & KU_CRL_SIGN) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUCRLSigner", text); + } + + return NS_OK; +} + +static nsresult +ProcessBasicConstraints(SECItem *extData, + nsAString &text, + nsINSSComponent *nssComponent) +{ + nsAutoString local; + CERTBasicConstraints value; + SECStatus rv; + nsresult rv2; + + value.pathLenConstraint = -1; + rv = CERT_DecodeBasicConstraintValue (&value, extData); + if (rv != SECSuccess) { + ProcessRawBytes(nssComponent, extData, text); + return NS_OK; + } + if (value.isCA) + rv2 = nssComponent->GetPIPNSSBundleString("CertDumpIsCA", local); + else + rv2 = nssComponent->GetPIPNSSBundleString("CertDumpIsNotCA", local); + if (NS_FAILED(rv2)) + return rv2; + text.Append(local.get()); + if (value.pathLenConstraint != -1) { + nsAutoString depth; + if (value.pathLenConstraint == CERT_UNLIMITED_PATH_CONSTRAINT) + nssComponent->GetPIPNSSBundleString("CertDumpPathLenUnlimited", depth); + else + depth.AppendInt(value.pathLenConstraint); + const char16_t *params[1] = {depth.get()}; + rv2 = nssComponent->PIPBundleFormatStringFromName("CertDumpPathLen", + params, 1, local); + if (NS_FAILED(rv2)) + return rv2; + text.AppendLiteral(SEPARATOR); + text.Append(local.get()); + } + return NS_OK; +} + +static nsresult +ProcessExtKeyUsage(SECItem *extData, + nsAString &text, + nsINSSComponent *nssComponent) +{ + nsAutoString local; + SECItem **oids; + SECItem *oid; + nsresult rv; + + UniqueCERTOidSequence extKeyUsage(CERT_DecodeOidSequence(extData)); + if (!extKeyUsage) { + return NS_ERROR_FAILURE; + } + + oids = extKeyUsage->oids; + while (oids && *oids) { + // For each OID, try to find a bundle string + // of the form CertDumpEKU_ + nsAutoString oidname; + oid = *oids; + rv = GetDefaultOIDFormat(oid, nssComponent, oidname, '_'); + if (NS_FAILED(rv)) + return rv; + nsAutoString bundlekey = NS_LITERAL_STRING("CertDumpEKU_")+ oidname; + NS_ConvertUTF16toUTF8 bk_ascii(bundlekey); + + rv = nssComponent->GetPIPNSSBundleString(bk_ascii.get(), local); + nsresult rv2 = GetDefaultOIDFormat(oid, nssComponent, oidname, '.'); + if (NS_FAILED(rv2)) + return rv2; + if (NS_SUCCEEDED(rv)) { + // display name and OID in parentheses + text.Append(local); + text.AppendLiteral(" ("); + text.Append(oidname); + text.Append(')'); + } else + // If there is no bundle string, just display the OID itself + text.Append(oidname); + + text.AppendLiteral(SEPARATOR); + oids++; + } + + return NS_OK; +} + +static nsresult +ProcessRDN(CERTRDN* rdn, nsAString &finalString, nsINSSComponent *nssComponent) +{ + nsresult rv; + CERTAVA** avas; + CERTAVA* ava; + nsString avavalue; + nsString type; + nsAutoString temp; + const char16_t *params[2]; + + avas = rdn->avas; + while ((ava = *avas++) != 0) { + rv = GetOIDText(&ava->type, nssComponent, type); + if (NS_FAILED(rv)) { + return rv; + } + + //This function returns a string in UTF8 format. + UniqueSECItem decodeItem(CERT_DecodeAVAValue(&ava->value)); + if (!decodeItem) { + return NS_ERROR_FAILURE; + } + + // We know we can fit buffer of this length. CERT_RFC1485_EscapeAndQuote + // will fail if we provide smaller buffer then the result can fit to. + int escapedValueCapacity = decodeItem->len * 3 + 3; + UniquePtr escapedValue = MakeUnique(escapedValueCapacity); + + SECStatus status = CERT_RFC1485_EscapeAndQuote( + escapedValue.get(), + escapedValueCapacity, + (char*)decodeItem->data, + decodeItem->len); + if (SECSuccess != status) { + return NS_ERROR_FAILURE; + } + + avavalue = NS_ConvertUTF8toUTF16(escapedValue.get()); + + params[0] = type.get(); + params[1] = avavalue.get(); + nssComponent->PIPBundleFormatStringFromName("AVATemplate", + params, 2, temp); + finalString += temp + NS_LITERAL_STRING("\n"); + } + return NS_OK; +} + +static nsresult +ProcessName(CERTName *name, nsINSSComponent *nssComponent, char16_t **value) +{ + CERTRDN** rdns; + CERTRDN** rdn; + nsString finalString; + + rdns = name->rdns; + + nsresult rv; + CERTRDN **lastRdn; + /* find last RDN */ + lastRdn = rdns; + while (*lastRdn) lastRdn++; + // The above whille loop will put us at the last member + // of the array which is a nullptr pointer. So let's back + // up one spot so that we have the last non-nullptr entry in + // the array in preparation for traversing the + // RDN's (Relative Distinguished Name) in reverse oder. + lastRdn--; + + /* + * Loop over name contents in _reverse_ RDN order appending to string + * When building the Ascii string, NSS loops over these entries in + * reverse order, so I will as well. The difference is that NSS + * will always place them in a one line string separated by commas, + * where I want each entry on a single line. I can't just use a comma + * as my delimitter because it is a valid character to have in the + * value portion of the AVA and could cause trouble when parsing. + */ + for (rdn = lastRdn; rdn >= rdns; rdn--) { + rv = ProcessRDN(*rdn, finalString, nssComponent); + if (NS_FAILED(rv)) + return rv; + } + *value = ToNewUnicode(finalString); + return NS_OK; +} + +static nsresult +ProcessIA5String(const SECItem& extData, /*in/out*/ nsAString& text) +{ + ScopedAutoSECItem item; + if (SEC_ASN1DecodeItem(nullptr, &item, SEC_ASN1_GET(SEC_IA5StringTemplate), + &extData) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + text.AppendASCII(BitwiseCast(item.data), + AssertedCast(item.len)); + return NS_OK; +} + +static nsresult +AppendBMPtoUTF16(const UniquePLArenaPool& arena, unsigned char* data, + unsigned int len, nsAString& text) +{ + if (len % 2 != 0) { + return NS_ERROR_FAILURE; + } + + /* XXX instead of converting to and from UTF-8, it would + be sufficient to just swap bytes, or do nothing */ + unsigned int utf8ValLen = len * 3 + 1; + unsigned char* utf8Val = (unsigned char*)PORT_ArenaZAlloc(arena.get(), + utf8ValLen); + if (!PORT_UCS2_UTF8Conversion(false, data, len, utf8Val, utf8ValLen, + &utf8ValLen)) { + return NS_ERROR_FAILURE; + } + AppendUTF8toUTF16((char*)utf8Val, text); + return NS_OK; +} + +static nsresult +ProcessBMPString(SECItem* extData, nsAString& text) +{ + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + SECItem item; + if (SEC_ASN1DecodeItem(arena.get(), &item, SEC_ASN1_GET(SEC_BMPStringTemplate), + extData) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + return AppendBMPtoUTF16(arena, item.data, item.len, text); +} + +static nsresult +ProcessGeneralName(const UniquePLArenaPool& arena, CERTGeneralName* current, + nsAString& text, nsINSSComponent* nssComponent) +{ + NS_ENSURE_ARG_POINTER(current); + + nsAutoString key; + nsXPIDLString value; + nsresult rv = NS_OK; + + switch (current->type) { + case certOtherName: { + SECOidTag oidTag = SECOID_FindOIDTag(¤t->name.OthName.oid); + if (oidTag == SEC_OID(MS_NT_PRINCIPAL_NAME)) { + /* The type of this name is apparently nowhere explicitly + documented. However, in the generated templates, it is always + UTF-8. So try to decode this as UTF-8; if that fails, dump the + raw data. */ + SECItem decoded; + nssComponent->GetPIPNSSBundleString("CertDumpMSNTPrincipal", key); + if (SEC_ASN1DecodeItem(arena.get(), &decoded, + SEC_ASN1_GET(SEC_UTF8StringTemplate), + ¤t->name.OthName.name) == SECSuccess) { + AppendUTF8toUTF16(nsAutoCString((char*)decoded.data, decoded.len), + value); + } else { + ProcessRawBytes(nssComponent, ¤t->name.OthName.name, value); + } + break; + } else if (oidTag == SEC_OID(MS_NTDS_REPLICATION)) { + /* This should be a 16-byte GUID */ + SECItem guid; + nssComponent->GetPIPNSSBundleString("CertDumpMSDomainGUID", key); + if (SEC_ASN1DecodeItem(arena.get(), &guid, + SEC_ASN1_GET(SEC_OctetStringTemplate), + ¤t->name.OthName.name) == SECSuccess + && guid.len == 16) { + char buf[40]; + unsigned char *d = guid.data; + SprintfLiteral(buf, + "{%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x}", + d[3], d[2], d[1], d[0], d[5], d[4], d[7], d[6], + d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); + value.AssignASCII(buf); + } else { + ProcessRawBytes(nssComponent, ¤t->name.OthName.name, value); + } + } else { + rv = GetDefaultOIDFormat(¤t->name.OthName.oid, nssComponent, key, ' '); + if (NS_FAILED(rv)) { + return rv; + } + ProcessRawBytes(nssComponent, ¤t->name.OthName.name, value); + } + break; + } + case certRFC822Name: + nssComponent->GetPIPNSSBundleString("CertDumpRFC822Name", key); + value.AssignASCII((char*)current->name.other.data, current->name.other.len); + break; + case certDNSName: + nssComponent->GetPIPNSSBundleString("CertDumpDNSName", key); + value.AssignASCII((char*)current->name.other.data, current->name.other.len); + break; + case certX400Address: + nssComponent->GetPIPNSSBundleString("CertDumpX400Address", key); + ProcessRawBytes(nssComponent, ¤t->name.other, value); + break; + case certDirectoryName: + nssComponent->GetPIPNSSBundleString("CertDumpDirectoryName", key); + rv = ProcessName(¤t->name.directoryName, nssComponent, + getter_Copies(value)); + if (NS_FAILED(rv)) { + return rv; + } + break; + case certEDIPartyName: + nssComponent->GetPIPNSSBundleString("CertDumpEDIPartyName", key); + ProcessRawBytes(nssComponent, ¤t->name.other, value); + break; + case certURI: + nssComponent->GetPIPNSSBundleString("CertDumpURI", key); + value.AssignASCII((char*)current->name.other.data, current->name.other.len); + break; + case certIPAddress: + { + char buf[INET6_ADDRSTRLEN]; + PRStatus status = PR_FAILURE; + PRNetAddr addr; + memset(&addr, 0, sizeof(addr)); + nssComponent->GetPIPNSSBundleString("CertDumpIPAddress", key); + if (current->name.other.len == 4) { + addr.inet.family = PR_AF_INET; + memcpy(&addr.inet.ip, current->name.other.data, current->name.other.len); + status = PR_NetAddrToString(&addr, buf, sizeof(buf)); + } else if (current->name.other.len == 16) { + addr.ipv6.family = PR_AF_INET6; + memcpy(&addr.ipv6.ip, current->name.other.data, current->name.other.len); + status = PR_NetAddrToString(&addr, buf, sizeof(buf)); + } + if (status == PR_SUCCESS) { + value.AssignASCII(buf); + } else { + /* invalid IP address */ + ProcessRawBytes(nssComponent, ¤t->name.other, value); + } + break; + } + case certRegisterID: + nssComponent->GetPIPNSSBundleString("CertDumpRegisterID", key); + rv = GetDefaultOIDFormat(¤t->name.other, nssComponent, value, '.'); + if (NS_FAILED(rv)) { + return rv; + } + break; + } + text.Append(key); + text.AppendLiteral(": "); + text.Append(value); + text.AppendLiteral(SEPARATOR); + + return rv; +} + +static nsresult +ProcessGeneralNames(const UniquePLArenaPool& arena, CERTGeneralName* nameList, + nsAString& text, nsINSSComponent* nssComponent) +{ + CERTGeneralName* current = nameList; + nsresult rv; + + do { + rv = ProcessGeneralName(arena, current, text, nssComponent); + if (NS_FAILED(rv)) { + break; + } + current = CERT_GetNextGeneralName(current); + } while (current != nameList); + return rv; +} + +static nsresult +ProcessAltName(SECItem* extData, nsAString& text, nsINSSComponent* nssComponent) +{ + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + CERTGeneralName* nameList = CERT_DecodeAltNameExtension(arena.get(), extData); + if (!nameList) { + return NS_OK; + } + + return ProcessGeneralNames(arena, nameList, text, nssComponent); +} + +static nsresult +ProcessSubjectKeyId(SECItem *extData, + nsAString &text, + nsINSSComponent *nssComponent) +{ + SECItem decoded; + nsAutoString local; + + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + if (SEC_QuickDERDecodeItem(arena.get(), &decoded, + SEC_ASN1_GET(SEC_OctetStringTemplate), + extData) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + nssComponent->GetPIPNSSBundleString("CertDumpKeyID", local); + text.Append(local); + text.AppendLiteral(": "); + ProcessRawBytes(nssComponent, &decoded, text); + + return NS_OK; +} + +static nsresult +ProcessAuthKeyId(SECItem *extData, + nsAString &text, + nsINSSComponent *nssComponent) +{ + nsresult rv = NS_OK; + nsAutoString local; + + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + CERTAuthKeyID* ret = CERT_DecodeAuthKeyID(arena.get(), extData); + if (!ret) { + return NS_ERROR_FAILURE; + } + + if (ret->keyID.len > 0) { + nssComponent->GetPIPNSSBundleString("CertDumpKeyID", local); + text.Append(local); + text.AppendLiteral(": "); + ProcessRawBytes(nssComponent, &ret->keyID, text); + text.AppendLiteral(SEPARATOR); + } + + if (ret->authCertIssuer) { + nssComponent->GetPIPNSSBundleString("CertDumpIssuer", local); + text.Append(local); + text.AppendLiteral(": "); + rv = ProcessGeneralNames(arena, ret->authCertIssuer, text, nssComponent); + if (NS_FAILED(rv)) { + return rv; + } + } + + if (ret->authCertSerialNumber.len > 0) { + nssComponent->GetPIPNSSBundleString("CertDumpSerialNo", local); + text.Append(local); + text.AppendLiteral(": "); + ProcessRawBytes(nssComponent, &ret->authCertSerialNumber, text); + } + + return rv; +} + +static nsresult +ProcessUserNotice(SECItem* derNotice, nsAString& text, + nsINSSComponent* nssComponent) +{ + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + UniqueCERTUserNotice notice(CERT_DecodeUserNotice(derNotice)); + if (!notice) { + ProcessRawBytes(nssComponent, derNotice, text); + return NS_OK; + } + + if (notice->noticeReference.organization.len != 0) { + switch (notice->noticeReference.organization.type) { + case siAsciiString: + case siVisibleString: + case siUTF8String: + text.Append(NS_ConvertUTF8toUTF16( + (const char *)notice->noticeReference.organization.data, + notice->noticeReference.organization.len)); + break; + case siBMPString: + AppendBMPtoUTF16(arena, notice->noticeReference.organization.data, + notice->noticeReference.organization.len, text); + break; + default: + break; + } + text.AppendLiteral(" - "); + SECItem** itemList = notice->noticeReference.noticeNumbers; + while (*itemList) { + unsigned long number; + char buffer[60]; + if (SEC_ASN1DecodeInteger(*itemList, &number) == SECSuccess) { + SprintfLiteral(buffer, "#%lu", number); + if (itemList != notice->noticeReference.noticeNumbers) + text.AppendLiteral(", "); + AppendASCIItoUTF16(buffer, text); + } + itemList++; + } + } + if (notice->displayText.len != 0) { + text.AppendLiteral(SEPARATOR); + text.AppendLiteral(" "); + switch (notice->displayText.type) { + case siAsciiString: + case siVisibleString: + case siUTF8String: + text.Append(NS_ConvertUTF8toUTF16((const char *)notice->displayText.data, + notice->displayText.len)); + break; + case siBMPString: + AppendBMPtoUTF16(arena, notice->displayText.data, notice->displayText.len, + text); + break; + default: + break; + } + } + + return NS_OK; +} + +static nsresult +ProcessCertificatePolicies(SECItem *extData, + nsAString &text, + nsINSSComponent *nssComponent) +{ + CERTPolicyInfo **policyInfos, *policyInfo; + CERTPolicyQualifier **policyQualifiers, *policyQualifier; + nsAutoString local; + nsresult rv = NS_OK; + + UniqueCERTCertificatePolicies policies( + CERT_DecodeCertificatePoliciesExtension(extData)); + if (!policies) { + return NS_ERROR_FAILURE; + } + + policyInfos = policies->policyInfos; + while (*policyInfos) { + policyInfo = *policyInfos++; + switch (policyInfo->oid) { + case SEC_OID_VERISIGN_USER_NOTICES: + nssComponent->GetPIPNSSBundleString("CertDumpVerisignNotices", local); + text.Append(local); + break; + default: + GetDefaultOIDFormat(&policyInfo->policyID, nssComponent, local, '.'); + text.Append(local); + } + + if (policyInfo->policyQualifiers) { + /* Add all qualifiers on separate lines, indented */ + policyQualifiers = policyInfo->policyQualifiers; + text.Append(':'); + text.AppendLiteral(SEPARATOR); + while (*policyQualifiers) { + text.AppendLiteral(" "); + policyQualifier = *policyQualifiers++; + switch(policyQualifier->oid) { + case SEC_OID_PKIX_CPS_POINTER_QUALIFIER: + nssComponent->GetPIPNSSBundleString("CertDumpCPSPointer", local); + text.Append(local); + text.Append(':'); + text.AppendLiteral(SEPARATOR); + text.AppendLiteral(" "); + /* The CPS pointer ought to be the cPSuri alternative + of the Qualifier choice. */ + rv = ProcessIA5String(policyQualifier->qualifierValue, text); + if (NS_FAILED(rv)) { + return rv; + } + break; + case SEC_OID_PKIX_USER_NOTICE_QUALIFIER: + nssComponent->GetPIPNSSBundleString("CertDumpUserNotice", local); + text.Append(local); + text.AppendLiteral(": "); + rv = ProcessUserNotice(&policyQualifier->qualifierValue, + text, nssComponent); + break; + default: + GetDefaultOIDFormat(&policyQualifier->qualifierID, nssComponent, local, '.'); + text.Append(local); + text.AppendLiteral(": "); + ProcessRawBytes(nssComponent, &policyQualifier->qualifierValue, text); + } + text.AppendLiteral(SEPARATOR); + } /* while policyQualifiers */ + } /* if policyQualifiers */ + text.AppendLiteral(SEPARATOR); + } + + return rv; +} + +static nsresult +ProcessCrlDistPoints(SECItem *extData, + nsAString &text, + nsINSSComponent *nssComponent) +{ + nsresult rv = NS_OK; + nsAutoString local; + + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + CERTCrlDistributionPoints* crldp = + CERT_DecodeCRLDistributionPoints(arena.get(), extData); + if (!crldp || !crldp->distPoints) { + return NS_ERROR_FAILURE; + } + + for (CRLDistributionPoint** points = crldp->distPoints; *points; points++) { + CRLDistributionPoint* point = *points; + switch (point->distPointType) { + case generalName: + rv = ProcessGeneralName(arena, point->distPoint.fullName, + text, nssComponent); + if (NS_FAILED(rv)) { + return rv; + } + break; + case relativeDistinguishedName: + rv = ProcessRDN(&point->distPoint.relativeName, + text, nssComponent); + if (NS_FAILED(rv)) { + return rv; + } + break; + } + if (point->reasons.len) { + int reasons = point->reasons.data[0]; + text.Append(' '); + bool comma = false; + if (reasons & RF_UNUSED) { + nssComponent->GetPIPNSSBundleString("CertDumpUnused", local); + text.Append(local); + comma = true; + } + if (reasons & RF_KEY_COMPROMISE) { + if (comma) text.AppendLiteral(", "); + nssComponent->GetPIPNSSBundleString("CertDumpKeyCompromise", local); + text.Append(local); + comma = true; + } + if (reasons & RF_CA_COMPROMISE) { + if (comma) text.AppendLiteral(", "); + nssComponent->GetPIPNSSBundleString("CertDumpCACompromise", local); + text.Append(local); + comma = true; + } + if (reasons & RF_AFFILIATION_CHANGED) { + if (comma) text.AppendLiteral(", "); + nssComponent->GetPIPNSSBundleString("CertDumpAffiliationChanged", local); + text.Append(local); + comma = true; + } + if (reasons & RF_SUPERSEDED) { + if (comma) text.AppendLiteral(", "); + nssComponent->GetPIPNSSBundleString("CertDumpSuperseded", local); + text.Append(local); + comma = true; + } + if (reasons & RF_CESSATION_OF_OPERATION) { + if (comma) text.AppendLiteral(", "); + nssComponent->GetPIPNSSBundleString("CertDumpCessation", local); + text.Append(local); + comma = true; + } + if (reasons & RF_CERTIFICATE_HOLD) { + if (comma) text.AppendLiteral(", "); + nssComponent->GetPIPNSSBundleString("CertDumpHold", local); + text.Append(local); + comma = true; + } + text.AppendLiteral(SEPARATOR); + } + if (point->crlIssuer) { + nssComponent->GetPIPNSSBundleString("CertDumpIssuer", local); + text.Append(local); + text.AppendLiteral(": "); + rv = ProcessGeneralNames(arena, point->crlIssuer, + text, nssComponent); + if (NS_FAILED(rv)) { + return rv; + } + } + } + + return NS_OK; +} + +static nsresult +ProcessAuthInfoAccess(SECItem *extData, + nsAString &text, + nsINSSComponent *nssComponent) +{ + nsresult rv = NS_OK; + nsAutoString local; + + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + CERTAuthInfoAccess** aia = CERT_DecodeAuthInfoAccessExtension(arena.get(), + extData); + if (!aia) { + return NS_OK; + } + + while (*aia) { + CERTAuthInfoAccess* desc = *aia++; + switch (SECOID_FindOIDTag(&desc->method)) { + case SEC_OID_PKIX_OCSP: + nssComponent->GetPIPNSSBundleString("CertDumpOCSPResponder", local); + break; + case SEC_OID_PKIX_CA_ISSUERS: + nssComponent->GetPIPNSSBundleString("CertDumpCAIssuers", local); + break; + default: + rv = GetDefaultOIDFormat(&desc->method, nssComponent, local, '.'); + if (NS_FAILED(rv)) { + return rv; + } + } + text.Append(local); + text.AppendLiteral(": "); + rv = ProcessGeneralName(arena, desc->location, text, nssComponent); + if (NS_FAILED(rv)) { + return rv; + } + } + + return rv; +} + +static nsresult +ProcessMSCAVersion(SECItem *extData, + nsAString &text, + nsINSSComponent *nssComponent) +{ + MOZ_ASSERT(extData); + NS_ENSURE_ARG(extData); + + ScopedAutoSECItem decoded; + if (SEC_ASN1DecodeItem(nullptr, &decoded, SEC_ASN1_GET(SEC_IntegerTemplate), + extData) != SECSuccess) { + /* This extension used to be an Integer when this code + was written, but apparently isn't anymore. Display + the raw bytes instead. */ + return ProcessRawBytes(nssComponent, extData, text); + } + + unsigned long version; + if (SEC_ASN1DecodeInteger(&decoded, &version) != SECSuccess) { + /* Value out of range, display raw bytes */ + return ProcessRawBytes(nssComponent, extData, text); + } + + /* Apparently, the encoding is , with 16 bits each */ + char buf[50]; + if (SprintfLiteral(buf, "%lu.%lu", version & 0xFFFF, version >> 16) <= 0) { + return NS_ERROR_FAILURE; + } + + text.AppendASCII(buf); + return NS_OK; +} + +static nsresult +ProcessExtensionData(SECOidTag oidTag, SECItem *extData, + nsAString &text, + nsINSSComponent *nssComponent) +{ + nsresult rv; + switch (oidTag) { + case SEC_OID_X509_KEY_USAGE: + rv = ProcessKeyUsageExtension(extData, text, nssComponent); + break; + case SEC_OID_X509_BASIC_CONSTRAINTS: + rv = ProcessBasicConstraints(extData, text, nssComponent); + break; + case SEC_OID_X509_EXT_KEY_USAGE: + rv = ProcessExtKeyUsage(extData, text, nssComponent); + break; + case SEC_OID_X509_ISSUER_ALT_NAME: + case SEC_OID_X509_SUBJECT_ALT_NAME: + rv = ProcessAltName(extData, text, nssComponent); + break; + case SEC_OID_X509_SUBJECT_KEY_ID: + rv = ProcessSubjectKeyId(extData, text, nssComponent); + break; + case SEC_OID_X509_AUTH_KEY_ID: + rv = ProcessAuthKeyId(extData, text, nssComponent); + break; + case SEC_OID_X509_CERTIFICATE_POLICIES: + rv = ProcessCertificatePolicies(extData, text, nssComponent); + break; + case SEC_OID_X509_CRL_DIST_POINTS: + rv = ProcessCrlDistPoints(extData, text, nssComponent); + break; + case SEC_OID_X509_AUTH_INFO_ACCESS: + rv = ProcessAuthInfoAccess(extData, text, nssComponent); + break; + default: + if (oidTag == SEC_OID(MS_CERT_EXT_CERTTYPE)) { + rv = ProcessBMPString(extData, text); + break; + } + if (oidTag == SEC_OID(MS_CERTSERV_CA_VERSION)) { + rv = ProcessMSCAVersion(extData, text, nssComponent); + break; + } + rv = ProcessRawBytes(nssComponent, extData, text); + break; + } + return rv; +} + +static nsresult +ProcessSingleExtension(CERTCertExtension *extension, + nsINSSComponent *nssComponent, + nsIASN1PrintableItem **retExtension) +{ + nsAutoString text, extvalue; + GetOIDText(&extension->id, nssComponent, text); + nsCOMPtrextensionItem = new nsNSSASN1PrintableItem(); + + extensionItem->SetDisplayName(text); + SECOidTag oidTag = SECOID_FindOIDTag(&extension->id); + text.Truncate(); + if (extension->critical.data) { + if (extension->critical.data[0]) { + nssComponent->GetPIPNSSBundleString("CertDumpCritical", text); + } else { + nssComponent->GetPIPNSSBundleString("CertDumpNonCritical", text); + } + } else { + nssComponent->GetPIPNSSBundleString("CertDumpNonCritical", text); + } + text.AppendLiteral(SEPARATOR); + nsresult rv = ProcessExtensionData(oidTag, &extension->value, extvalue, + nssComponent); + if (NS_FAILED(rv)) { + extvalue.Truncate(); + rv = ProcessRawBytes(nssComponent, &extension->value, extvalue, false); + } + text.Append(extvalue); + + extensionItem->SetDisplayValue(text); + extensionItem.forget(retExtension); + return NS_OK; +} + +static nsresult +ProcessSECAlgorithmID(SECAlgorithmID *algID, + nsINSSComponent *nssComponent, + nsIASN1Sequence **retSequence) +{ + SECOidTag algOIDTag = SECOID_FindOIDTag(&algID->algorithm); + SECItem paramsOID = { siBuffer, nullptr, 0 }; + nsCOMPtr sequence = new nsNSSASN1Sequence(); + + *retSequence = nullptr; + nsString text; + GetOIDText(&algID->algorithm, nssComponent, text); + if (!algID->parameters.len || algID->parameters.data[0] == nsIASN1Object::ASN1_NULL) { + sequence->SetDisplayValue(text); + sequence->SetIsValidContainer(false); + } else { + nsCOMPtr printableItem = new nsNSSASN1PrintableItem(); + + printableItem->SetDisplayValue(text); + nsCOMPtr asn1Objects; + sequence->GetASN1Objects(getter_AddRefs(asn1Objects)); + asn1Objects->AppendElement(printableItem, false); + nssComponent->GetPIPNSSBundleString("CertDumpAlgID", text); + printableItem->SetDisplayName(text); + + printableItem = new nsNSSASN1PrintableItem(); + + asn1Objects->AppendElement(printableItem, false); + nssComponent->GetPIPNSSBundleString("CertDumpParams", text); + printableItem->SetDisplayName(text); + if ((algOIDTag == SEC_OID_ANSIX962_EC_PUBLIC_KEY) && + (algID->parameters.len > 2) && + (algID->parameters.data[0] == nsIASN1Object::ASN1_OBJECT_ID)) { + paramsOID.len = algID->parameters.len - 2; + paramsOID.data = algID->parameters.data + 2; + GetOIDText(¶msOID, nssComponent, text); + } else { + ProcessRawBytes(nssComponent, &algID->parameters,text); + } + printableItem->SetDisplayValue(text); + } + sequence.forget(retSequence); + return NS_OK; +} + +static nsresult +ProcessTime(PRTime dispTime, const char16_t* displayName, + nsIASN1Sequence* parentSequence) +{ + nsCOMPtr dateFormatter = nsIDateTimeFormat::Create(); + if (!dateFormatter) { + return NS_ERROR_FAILURE; + } + + nsString text; + nsString tempString; + + PRExplodedTime explodedTime; + PR_ExplodeTime(dispTime, PR_LocalTimeParameters, &explodedTime); + + dateFormatter->FormatPRExplodedTime(nullptr, kDateFormatLong, + kTimeFormatSeconds, &explodedTime, + tempString); + + text.Append(tempString); + text.AppendLiteral("\n("); + + PRExplodedTime explodedTimeGMT; + PR_ExplodeTime(dispTime, PR_GMTParameters, &explodedTimeGMT); + + dateFormatter->FormatPRExplodedTime(nullptr, kDateFormatLong, + kTimeFormatSeconds, &explodedTimeGMT, + tempString); + + text.Append(tempString); + text.AppendLiteral(" GMT)"); + + nsCOMPtr printableItem = new nsNSSASN1PrintableItem(); + + printableItem->SetDisplayValue(text); + printableItem->SetDisplayName(nsDependentString(displayName)); + nsCOMPtr asn1Objects; + parentSequence->GetASN1Objects(getter_AddRefs(asn1Objects)); + asn1Objects->AppendElement(printableItem, false); + return NS_OK; +} + +static nsresult +ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki, + nsIASN1Sequence *parentSequence, + nsINSSComponent *nssComponent) +{ + nsCOMPtr spkiSequence = new nsNSSASN1Sequence(); + + nsString text; + nssComponent->GetPIPNSSBundleString("CertDumpSPKI", text); + spkiSequence->SetDisplayName(text); + + nssComponent->GetPIPNSSBundleString("CertDumpSPKIAlg", text); + nsCOMPtr sequenceItem; + nsresult rv = ProcessSECAlgorithmID(&spki->algorithm, nssComponent, + getter_AddRefs(sequenceItem)); + if (NS_FAILED(rv)) + return rv; + sequenceItem->SetDisplayName(text); + nsCOMPtr asn1Objects; + spkiSequence->GetASN1Objects(getter_AddRefs(asn1Objects)); + asn1Objects->AppendElement(sequenceItem, false); + + nsCOMPtr printableItem = new nsNSSASN1PrintableItem(); + + text.Truncate(); + + UniqueSECKEYPublicKey key(SECKEY_ExtractPublicKey(spki)); + bool displayed = false; + if (key) { + switch (key->keyType) { + case rsaKey: { + displayed = true; + nsAutoString length1, length2, data1, data2; + length1.AppendInt(key->u.rsa.modulus.len * 8); + length2.AppendInt(key->u.rsa.publicExponent.len * 8); + ProcessRawBytes(nssComponent, &key->u.rsa.modulus, data1, + false); + ProcessRawBytes(nssComponent, &key->u.rsa.publicExponent, data2, + false); + const char16_t *params[4] = {length1.get(), data1.get(), + length2.get(), data2.get()}; + nssComponent->PIPBundleFormatStringFromName("CertDumpRSATemplate", + params, 4, text); + break; + } + case ecKey: { + displayed = true; + SECKEYECPublicKey &ecpk = key->u.ec; + int fieldSizeLenAsBits = + SECKEY_ECParamsToKeySize(&ecpk.DEREncodedParams); + int basePointOrderLenAsBits = + SECKEY_ECParamsToBasePointOrderLen(&ecpk.DEREncodedParams); + nsAutoString s_fsl, s_bpol, s_pv; + s_fsl.AppendInt(fieldSizeLenAsBits); + s_bpol.AppendInt(basePointOrderLenAsBits); + + if (ecpk.publicValue.len > 4) { + ProcessRawBytes(nssComponent, &ecpk.publicValue, s_pv, false); + } else { + int i_pv = DER_GetInteger(&ecpk.publicValue); + s_pv.AppendInt(i_pv); + } + const char16_t *params[] = {s_fsl.get(), s_bpol.get(), s_pv.get()}; + nssComponent->PIPBundleFormatStringFromName("CertDumpECTemplate", + params, 3, text); + break; + } + default: + /* Algorithm unknown, or too rarely used to bother displaying it */ + break; + } + } + if (!displayed) { + // Algorithm unknown, display raw bytes + // The subjectPublicKey field is encoded as a bit string. + // ProcessRawBytes expects the length to be in bytes, so + // let's convert the lenght into a temporary SECItem. + SECItem data; + data.data = spki->subjectPublicKey.data; + data.len = spki->subjectPublicKey.len / 8; + ProcessRawBytes(nssComponent, &data, text); + + } + + printableItem->SetDisplayValue(text); + nssComponent->GetPIPNSSBundleString("CertDumpSubjPubKey", text); + printableItem->SetDisplayName(text); + asn1Objects->AppendElement(printableItem, false); + + parentSequence->GetASN1Objects(getter_AddRefs(asn1Objects)); + asn1Objects->AppendElement(spkiSequence, false); + return NS_OK; +} + +static nsresult +ProcessExtensions(CERTCertExtension **extensions, + nsIASN1Sequence *parentSequence, + nsINSSComponent *nssComponent) +{ + nsCOMPtr extensionSequence = new nsNSSASN1Sequence; + + nsString text; + nssComponent->GetPIPNSSBundleString("CertDumpExtensions", text); + extensionSequence->SetDisplayName(text); + int32_t i; + nsresult rv; + nsCOMPtr newExtension; + nsCOMPtr asn1Objects; + extensionSequence->GetASN1Objects(getter_AddRefs(asn1Objects)); + for (i=0; extensions[i] != nullptr; i++) { + rv = ProcessSingleExtension(extensions[i], + nssComponent, + getter_AddRefs(newExtension)); + if (NS_FAILED(rv)) + return rv; + + asn1Objects->AppendElement(newExtension, false); + } + parentSequence->GetASN1Objects(getter_AddRefs(asn1Objects)); + asn1Objects->AppendElement(extensionSequence, false); + return NS_OK; +} + +static bool registered; +static SECStatus RegisterDynamicOids() +{ + unsigned int i; + SECStatus rv = SECSuccess; + + if (registered) + return rv; + + for (i = 0; i < numOids; i++) { + SECOidTag tag = SECOID_AddEntry(&more_oids[i]); + if (tag == SEC_OID_UNKNOWN) { + rv = SECFailure; + continue; + } + more_oids[i].offset = tag; + } + registered = true; + return rv; +} + +nsresult +nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence **retSequence, + nsINSSComponent *nssComponent) +{ + MOZ_ASSERT(nssComponent); + NS_ENSURE_ARG(nssComponent); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + if (RegisterDynamicOids() != SECSuccess) + return NS_ERROR_FAILURE; + + // + // TBSCertificate ::= SEQUENCE { + // version [0] EXPLICIT Version DEFAULT v1, + // serialNumber CertificateSerialNumber, + // signature AlgorithmIdentifier, + // issuer Name, + // validity Validity, + // subject Name, + // subjectPublicKeyInfo SubjectPublicKeyInfo, + // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + // -- If present, version shall be v2 or v3 + // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + // -- If present, version shall be v2 or v3 + // extensions [3] EXPLICIT Extensions OPTIONAL + // -- If present, version shall be v3 + // } + // + // This is the ASN1 structure we should be dealing with at this point. + // The code in this method will assert this is the structure we're dealing + // and then add more user friendly text for that field. + nsCOMPtr sequence = new nsNSSASN1Sequence(); + + nsString text; + nssComponent->GetPIPNSSBundleString("CertDumpCertificate", text); + sequence->SetDisplayName(text); + nsCOMPtr printableItem; + + nsCOMPtr asn1Objects; + sequence->GetASN1Objects(getter_AddRefs(asn1Objects)); + + nsresult rv = ProcessVersion(&mCert->version, nssComponent, + getter_AddRefs(printableItem)); + if (NS_FAILED(rv)) + return rv; + + asn1Objects->AppendElement(printableItem, false); + + rv = ProcessSerialNumberDER(mCert->serialNumber, WrapNotNull(nssComponent), + printableItem); + if (NS_FAILED(rv)) + return rv; + asn1Objects->AppendElement(printableItem, false); + + nsCOMPtr algID; + rv = ProcessSECAlgorithmID(&mCert->signature, + nssComponent, getter_AddRefs(algID)); + if (NS_FAILED(rv)) + return rv; + + nssComponent->GetPIPNSSBundleString("CertDumpSigAlg", text); + algID->SetDisplayName(text); + asn1Objects->AppendElement(algID, false); + + nsXPIDLString value; + ProcessName(&mCert->issuer, nssComponent, getter_Copies(value)); + + printableItem = new nsNSSASN1PrintableItem(); + + printableItem->SetDisplayValue(value); + nssComponent->GetPIPNSSBundleString("CertDumpIssuer", text); + printableItem->SetDisplayName(text); + asn1Objects->AppendElement(printableItem, false); + + nsCOMPtr validitySequence = new nsNSSASN1Sequence(); + nssComponent->GetPIPNSSBundleString("CertDumpValidity", text); + validitySequence->SetDisplayName(text); + asn1Objects->AppendElement(validitySequence, false); + nssComponent->GetPIPNSSBundleString("CertDumpNotBefore", text); + nsCOMPtr validityData; + GetValidity(getter_AddRefs(validityData)); + PRTime notBefore, notAfter; + + validityData->GetNotBefore(¬Before); + validityData->GetNotAfter(¬After); + validityData = nullptr; + rv = ProcessTime(notBefore, text.get(), validitySequence); + if (NS_FAILED(rv)) + return rv; + + nssComponent->GetPIPNSSBundleString("CertDumpNotAfter", text); + rv = ProcessTime(notAfter, text.get(), validitySequence); + if (NS_FAILED(rv)) + return rv; + + nssComponent->GetPIPNSSBundleString("CertDumpSubject", text); + + printableItem = new nsNSSASN1PrintableItem(); + + printableItem->SetDisplayName(text); + ProcessName(&mCert->subject, nssComponent,getter_Copies(value)); + printableItem->SetDisplayValue(value); + asn1Objects->AppendElement(printableItem, false); + + rv = ProcessSubjectPublicKeyInfo(&mCert->subjectPublicKeyInfo, sequence, + nssComponent); + if (NS_FAILED(rv)) + return rv; + + SECItem data; + // Is there an issuerUniqueID? + if (mCert->issuerID.data) { + // The issuerID is encoded as a bit string. + // The function ProcessRawBytes expects the + // length to be in bytes, so let's convert the + // length in a temporary SECItem + data.data = mCert->issuerID.data; + data.len = (mCert->issuerID.len + 7) / 8; + + ProcessRawBytes(nssComponent, &data, text); + printableItem = new nsNSSASN1PrintableItem(); + + printableItem->SetDisplayValue(text); + nssComponent->GetPIPNSSBundleString("CertDumpIssuerUniqueID", text); + printableItem->SetDisplayName(text); + asn1Objects->AppendElement(printableItem, false); + } + + if (mCert->subjectID.data) { + // The subjectID is encoded as a bit string. + // The function ProcessRawBytes expects the + // length to be in bytes, so let's convert the + // length in a temporary SECItem + data.data = mCert->subjectID.data; + data.len = (mCert->subjectID.len + 7) / 8; + + ProcessRawBytes(nssComponent, &data, text); + printableItem = new nsNSSASN1PrintableItem(); + + printableItem->SetDisplayValue(text); + nssComponent->GetPIPNSSBundleString("CertDumpSubjectUniqueID", text); + printableItem->SetDisplayName(text); + asn1Objects->AppendElement(printableItem, false); + + } + if (mCert->extensions) { + rv = ProcessExtensions(mCert->extensions, sequence, nssComponent); + if (NS_FAILED(rv)) + return rv; + } + sequence.forget(retSequence); + return NS_OK; +} + +nsresult +nsNSSCertificate::CreateASN1Struct(nsIASN1Object** aRetVal) +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + nsCOMPtr sequence = new nsNSSASN1Sequence(); + + nsCOMPtr asn1Objects; + sequence->GetASN1Objects(getter_AddRefs(asn1Objects)); + + nsAutoString title; + nsresult rv = GetWindowTitle(title); + if (NS_FAILED(rv)) { + return rv; + } + + sequence->SetDisplayName(title); + sequence.forget(aRetVal); + + // This sequence will be contain the tbsCertificate, signatureAlgorithm, + // and signatureValue. + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + if (NS_FAILED(rv)) + return rv; + + rv = CreateTBSCertificateASN1Struct(getter_AddRefs(sequence), + nssComponent); + if (NS_FAILED(rv)) + return rv; + + asn1Objects->AppendElement(sequence, false); + nsCOMPtr algID; + + rv = ProcessSECAlgorithmID(&mCert->signatureWrap.signatureAlgorithm, + nssComponent, getter_AddRefs(algID)); + if (NS_FAILED(rv)) + return rv; + nsString text; + nssComponent->GetPIPNSSBundleString("CertDumpSigAlg", text); + algID->SetDisplayName(text); + asn1Objects->AppendElement(algID, false); + nsCOMPtrprintableItem = new nsNSSASN1PrintableItem(); + nssComponent->GetPIPNSSBundleString("CertDumpCertSig", text); + printableItem->SetDisplayName(text); + // The signatureWrap is encoded as a bit string. + // The function ProcessRawBytes expects the + // length to be in bytes, so let's convert the + // length in a temporary SECItem + SECItem temp; + temp.data = mCert->signatureWrap.signature.data; + temp.len = mCert->signatureWrap.signature.len / 8; + text.Truncate(); + ProcessRawBytes(nssComponent, &temp,text); + printableItem->SetDisplayValue(text); + asn1Objects->AppendElement(printableItem, false); + return NS_OK; +} + +uint32_t +getCertType(CERTCertificate *cert) +{ + nsNSSCertTrust trust(cert->trust); + if (cert->nickname && trust.HasAnyUser()) + return nsIX509Cert::USER_CERT; + if (trust.HasAnyCA()) + return nsIX509Cert::CA_CERT; + if (trust.HasPeer(true, false, false)) + return nsIX509Cert::SERVER_CERT; + if (trust.HasPeer(false, true, false) && cert->emailAddr) + return nsIX509Cert::EMAIL_CERT; + if (CERT_IsCACert(cert, nullptr)) + return nsIX509Cert::CA_CERT; + if (cert->emailAddr) + return nsIX509Cert::EMAIL_CERT; + return nsIX509Cert::UNKNOWN_CERT; +} + +nsresult +GetCertFingerprintByOidTag(CERTCertificate* nsscert, + SECOidTag aOidTag, + nsCString &fp) +{ + Digest digest; + nsresult rv = digest.DigestBuf(aOidTag, nsscert->derCert.data, + nsscert->derCert.len); + NS_ENSURE_SUCCESS(rv, rv); + + UniquePORTString tmpstr(CERT_Hexify(const_cast(&digest.get()), 1)); + NS_ENSURE_TRUE(tmpstr, NS_ERROR_OUT_OF_MEMORY); + + fp.Assign(tmpstr.get()); + return NS_OK; +} diff --git a/security/manager/ssl/nsNSSCertHelper.h b/security/manager/ssl/nsNSSCertHelper.h new file mode 100644 index 000000000..d84e1b39f --- /dev/null +++ b/security/manager/ssl/nsNSSCertHelper.h @@ -0,0 +1,23 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSCertHelper_h +#define nsNSSCertHelper_h + +#ifndef INET6_ADDRSTRLEN +#define INET6_ADDRSTRLEN 46 +#endif + +#include "certt.h" +#include "nsString.h" + +uint32_t +getCertType(CERTCertificate *cert); + +nsresult +GetCertFingerprintByOidTag(CERTCertificate* nsscert, + SECOidTag aOidTag, + nsCString &fp); + +#endif // nsNSSCertHelper_h diff --git a/security/manager/ssl/nsNSSCertTrust.cpp b/security/manager/ssl/nsNSSCertTrust.cpp new file mode 100644 index 000000000..b608aebe1 --- /dev/null +++ b/security/manager/ssl/nsNSSCertTrust.cpp @@ -0,0 +1,233 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSCertTrust.h" + +void +nsNSSCertTrust::AddCATrust(bool ssl, bool email, bool objSign) +{ + if (ssl) { + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA); + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA); + } + if (email) { + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA); + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA); + } + if (objSign) { + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA); + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA); + } +} + +void +nsNSSCertTrust::AddPeerTrust(bool ssl, bool email, bool objSign) +{ + if (ssl) + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED); + if (email) + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED); + if (objSign) + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED); +} + +nsNSSCertTrust::nsNSSCertTrust() +{ + memset(&mTrust, 0, sizeof(CERTCertTrust)); +} + +nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, + unsigned int email, + unsigned int objsign) +{ + memset(&mTrust, 0, sizeof(CERTCertTrust)); + addTrust(&mTrust.sslFlags, ssl); + addTrust(&mTrust.emailFlags, email); + addTrust(&mTrust.objectSigningFlags, objsign); +} + +nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t) +{ + if (t) + memcpy(&mTrust, t, sizeof(CERTCertTrust)); + else + memset(&mTrust, 0, sizeof(CERTCertTrust)); +} + +nsNSSCertTrust::~nsNSSCertTrust() +{ +} + +void +nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer, + bool ca, bool tCA, bool tClientCA, + bool user, bool warn) +{ + mTrust.sslFlags = 0; + if (peer || tPeer) + addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD); + if (tPeer) + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED); + if (ca || tCA) + addTrust(&mTrust.sslFlags, CERTDB_VALID_CA); + if (tClientCA) + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA); + if (tCA) + addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA); + if (user) + addTrust(&mTrust.sslFlags, CERTDB_USER); + if (warn) + addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN); +} + +void +nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer, + bool ca, bool tCA, bool tClientCA, + bool user, bool warn) +{ + mTrust.emailFlags = 0; + if (peer || tPeer) + addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD); + if (tPeer) + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED); + if (ca || tCA) + addTrust(&mTrust.emailFlags, CERTDB_VALID_CA); + if (tClientCA) + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA); + if (tCA) + addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA); + if (user) + addTrust(&mTrust.emailFlags, CERTDB_USER); + if (warn) + addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN); +} + +void +nsNSSCertTrust::SetObjSignTrust(bool peer, bool tPeer, + bool ca, bool tCA, bool tClientCA, + bool user, bool warn) +{ + mTrust.objectSigningFlags = 0; + if (peer || tPeer) + addTrust(&mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD); + if (tPeer) + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED); + if (ca || tCA) + addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_CA); + if (tClientCA) + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA); + if (tCA) + addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA); + if (user) + addTrust(&mTrust.objectSigningFlags, CERTDB_USER); + if (warn) + addTrust(&mTrust.objectSigningFlags, CERTDB_SEND_WARN); +} + +void +nsNSSCertTrust::SetValidCA() +{ + SetSSLTrust(false, false, + true, false, false, + false, false); + SetEmailTrust(false, false, + true, false, false, + false, false); + SetObjSignTrust(false, false, + true, false, false, + false, false); +} + +void +nsNSSCertTrust::SetValidPeer() +{ + SetSSLTrust(true, false, + false, false, false, + false, false); + SetEmailTrust(true, false, + false, false, false, + false, false); + SetObjSignTrust(true, false, + false, false, false, + false, false); +} + +bool +nsNSSCertTrust::HasAnyCA() +{ + if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) || + hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) || + hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA)) + return true; + return false; +} + +bool +nsNSSCertTrust::HasPeer(bool checkSSL, + bool checkEmail, + bool checkObjSign) +{ + if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD)) + return false; + if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD)) + return false; + if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD)) + return false; + return true; +} + +bool +nsNSSCertTrust::HasAnyUser() +{ + if (hasTrust(mTrust.sslFlags, CERTDB_USER) || + hasTrust(mTrust.emailFlags, CERTDB_USER) || + hasTrust(mTrust.objectSigningFlags, CERTDB_USER)) + return true; + return false; +} + +bool +nsNSSCertTrust::HasTrustedCA(bool checkSSL, + bool checkEmail, + bool checkObjSign) +{ + if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) || + hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA))) + return false; + if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) || + hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA))) + return false; + if (checkObjSign && + !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CA) || + hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA))) + return false; + return true; +} + +bool +nsNSSCertTrust::HasTrustedPeer(bool checkSSL, + bool checkEmail, + bool checkObjSign) +{ + if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED))) + return false; + if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED))) + return false; + if (checkObjSign && + !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED))) + return false; + return true; +} + +void +nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v) +{ + *t |= v; +} + +bool +nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v) +{ + return !!(t & v); +} diff --git a/security/manager/ssl/nsNSSCertTrust.h b/security/manager/ssl/nsNSSCertTrust.h new file mode 100644 index 000000000..c3f7e5441 --- /dev/null +++ b/security/manager/ssl/nsNSSCertTrust.h @@ -0,0 +1,70 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSCertTrust_h +#define nsNSSCertTrust_h + +#include "certdb.h" +#include "certt.h" + +/* + * Class for maintaining trust flags for an NSS certificate. + */ +class nsNSSCertTrust +{ +public: + nsNSSCertTrust(); + nsNSSCertTrust(unsigned int ssl, unsigned int email, unsigned int objsign); + explicit nsNSSCertTrust(CERTCertTrust *t); + virtual ~nsNSSCertTrust(); + + /* query */ + bool HasAnyCA(); + bool HasAnyUser(); + bool HasPeer(bool checkSSL = true, + bool checkEmail = true, + bool checkObjSign = true); + bool HasTrustedCA(bool checkSSL = true, + bool checkEmail = true, + bool checkObjSign = true); + bool HasTrustedPeer(bool checkSSL = true, + bool checkEmail = true, + bool checkObjSign = true); + + /* common defaults */ + /* equivalent to "c,c,c" */ + void SetValidCA(); + /* equivalent to "p,p,p" */ + void SetValidPeer(); + + /* general setters */ + /* read: "p, P, c, C, T, u, w" */ + void SetSSLTrust(bool peer, bool tPeer, + bool ca, bool tCA, bool tClientCA, + bool user, bool warn); + + void SetEmailTrust(bool peer, bool tPeer, + bool ca, bool tCA, bool tClientCA, + bool user, bool warn); + + void SetObjSignTrust(bool peer, bool tPeer, + bool ca, bool tCA, bool tClientCA, + bool user, bool warn); + + /* set c <--> CT */ + void AddCATrust(bool ssl, bool email, bool objSign); + /* set p <--> P */ + void AddPeerTrust(bool ssl, bool email, bool objSign); + + /* get it (const?) (shallow?) */ + CERTCertTrust * GetTrust() { return &mTrust; } + +private: + void addTrust(unsigned int *t, unsigned int v); + void removeTrust(unsigned int *t, unsigned int v); + bool hasTrust(unsigned int t, unsigned int v); + CERTCertTrust mTrust; +}; + +#endif // nsNSSCertTrust_h diff --git a/security/manager/ssl/nsNSSCertValidity.cpp b/security/manager/ssl/nsNSSCertValidity.cpp new file mode 100644 index 000000000..536aafc8f --- /dev/null +++ b/security/manager/ssl/nsNSSCertValidity.cpp @@ -0,0 +1,130 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSCertValidity.h" + +#include "cert.h" +#include "mozilla/Assertions.h" +#include "nsCOMPtr.h" +#include "nsComponentManagerUtils.h" +#include "nsReadableUtils.h" + +NS_IMPL_ISUPPORTS(nsX509CertValidity, nsIX509CertValidity) + +nsX509CertValidity::nsX509CertValidity(const mozilla::UniqueCERTCertificate& cert) + : mTimesInitialized(false) +{ + MOZ_ASSERT(cert); + if (!cert) { + return; + } + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + if (CERT_GetCertTimes(cert.get(), &mNotBefore, &mNotAfter) == SECSuccess) { + mTimesInitialized = true; + } +} + +nsX509CertValidity::~nsX509CertValidity() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + shutdown(ShutdownCalledFrom::Object); +} + +NS_IMETHODIMP +nsX509CertValidity::GetNotBefore(PRTime* aNotBefore) +{ + NS_ENSURE_ARG(aNotBefore); + + if (!mTimesInitialized) { + return NS_ERROR_FAILURE; + } + + *aNotBefore = mNotBefore; + return NS_OK; +} + +nsresult +nsX509CertValidity::FormatTime(const PRTime& aTimeDate, + PRTimeParamFn aParamFn, + const nsTimeFormatSelector aTimeFormatSelector, + nsAString& aFormattedTimeDate) +{ + if (!mTimesInitialized) + return NS_ERROR_FAILURE; + + nsCOMPtr dateFormatter = nsIDateTimeFormat::Create(); + if (!dateFormatter) { + return NS_ERROR_FAILURE; + } + + PRExplodedTime explodedTime; + PR_ExplodeTime(const_cast(aTimeDate), aParamFn, &explodedTime); + return dateFormatter->FormatPRExplodedTime(nullptr, kDateFormatLong, + aTimeFormatSelector, + &explodedTime, aFormattedTimeDate); +} + +NS_IMETHODIMP +nsX509CertValidity::GetNotBeforeLocalTime(nsAString& aNotBeforeLocalTime) +{ + return FormatTime(mNotBefore, PR_LocalTimeParameters, + kTimeFormatSeconds, aNotBeforeLocalTime); +} + +NS_IMETHODIMP +nsX509CertValidity::GetNotBeforeLocalDay(nsAString& aNotBeforeLocalDay) +{ + return FormatTime(mNotBefore, PR_LocalTimeParameters, + kTimeFormatNone, aNotBeforeLocalDay); +} + +NS_IMETHODIMP +nsX509CertValidity::GetNotBeforeGMT(nsAString& aNotBeforeGMT) +{ + return FormatTime(mNotBefore, PR_GMTParameters, + kTimeFormatSeconds, aNotBeforeGMT); +} + +NS_IMETHODIMP +nsX509CertValidity::GetNotAfter(PRTime* aNotAfter) +{ + NS_ENSURE_ARG(aNotAfter); + + if (!mTimesInitialized) { + return NS_ERROR_FAILURE; + } + + *aNotAfter = mNotAfter; + return NS_OK; +} + +NS_IMETHODIMP +nsX509CertValidity::GetNotAfterLocalTime(nsAString& aNotAfterLocaltime) +{ + return FormatTime(mNotAfter, PR_LocalTimeParameters, + kTimeFormatSeconds, aNotAfterLocaltime); +} + +NS_IMETHODIMP +nsX509CertValidity::GetNotAfterLocalDay(nsAString& aNotAfterLocalDay) +{ + return FormatTime(mNotAfter, PR_LocalTimeParameters, + kTimeFormatNone, aNotAfterLocalDay); +} + +NS_IMETHODIMP +nsX509CertValidity::GetNotAfterGMT(nsAString& aNotAfterGMT) +{ + return FormatTime(mNotAfter, PR_GMTParameters, + kTimeFormatSeconds, aNotAfterGMT); +} diff --git a/security/manager/ssl/nsNSSCertValidity.h b/security/manager/ssl/nsNSSCertValidity.h new file mode 100644 index 000000000..79c95e383 --- /dev/null +++ b/security/manager/ssl/nsNSSCertValidity.h @@ -0,0 +1,42 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSCertValidity_h +#define nsNSSCertValidity_h + +#include "ScopedNSSTypes.h" +#include "nsIDateTimeFormat.h" +#include "nsIX509CertValidity.h" +#include "nsNSSShutDown.h" + +class nsX509CertValidity : public nsIX509CertValidity + , public nsNSSShutDownObject +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIX509CERTVALIDITY + + explicit nsX509CertValidity(const mozilla::UniqueCERTCertificate& cert); + +protected: + virtual ~nsX509CertValidity(); + + // Nothing to release. + virtual void virtualDestroyNSSReference() override {} + +private: + nsresult FormatTime(const PRTime& aTime, + PRTimeParamFn aParamFn, + const nsTimeFormatSelector aTimeFormatSelector, + nsAString& aFormattedTimeDate); + + PRTime mNotBefore; + PRTime mNotAfter; + bool mTimesInitialized; + + nsX509CertValidity(const nsX509CertValidity& x) = delete; + nsX509CertValidity& operator=(const nsX509CertValidity& x) = delete; +}; + +#endif // nsNSSCertValidity_h diff --git a/security/manager/ssl/nsNSSCertificate.cpp b/security/manager/ssl/nsNSSCertificate.cpp new file mode 100644 index 000000000..12fca5065 --- /dev/null +++ b/security/manager/ssl/nsNSSCertificate.cpp @@ -0,0 +1,1635 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSCertificate.h" + +#include "CertVerifier.h" +#include "ExtendedValidation.h" +#include "NSSCertDBTrustDomain.h" +#include "certdb.h" +#include "mozilla/Base64.h" +#include "mozilla/Casting.h" +#include "mozilla/NotNull.h" +#include "mozilla/Unused.h" +#include "nsArray.h" +#include "nsCOMPtr.h" +#include "nsCRT.h" +#include "nsICertificateDialogs.h" +#include "nsIClassInfoImpl.h" +#include "nsIObjectInputStream.h" +#include "nsIObjectOutputStream.h" +#include "nsISupportsPrimitives.h" +#include "nsIURI.h" +#include "nsIX509Cert.h" +#include "nsNSSASN1Object.h" +#include "nsNSSCertHelper.h" +#include "nsNSSCertValidity.h" +#include "nsNSSComponent.h" // for PIPNSS string bundle calls. +#include "nsPK11TokenDB.h" +#include "nsPKCS12Blob.h" +#include "nsProxyRelease.h" +#include "nsReadableUtils.h" +#include "nsString.h" +#include "nsThreadUtils.h" +#include "nsUnicharUtils.h" +#include "nsXULAppAPI.h" +#include "nspr.h" +#include "pkix/pkixnss.h" +#include "pkix/pkixtypes.h" +#include "pkix/Result.h" +#include "prerror.h" +#include "prmem.h" +#include "prprf.h" +#include "secasn1.h" +#include "secder.h" +#include "secerr.h" +#include "ssl.h" + +#ifdef XP_WIN +#include // for htonl +#endif + +using namespace mozilla; +using namespace mozilla::psm; + +extern LazyLogModule gPIPNSSLog; + +// This is being stored in an uint32_t that can otherwise +// only take values from nsIX509Cert's list of cert types. +// As nsIX509Cert is frozen, we choose a value not contained +// in the list to mean not yet initialized. +#define CERT_TYPE_NOT_YET_INITIALIZED (1 << 30) + +NS_IMPL_ISUPPORTS(nsNSSCertificate, + nsIX509Cert, + nsISerializable, + nsIClassInfo) + +static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + +/*static*/ nsNSSCertificate* +nsNSSCertificate::Create(CERTCertificate* cert) +{ + if (GeckoProcessType_Default != XRE_GetProcessType()) { + NS_ERROR("Trying to initialize nsNSSCertificate in a non-chrome process!"); + return nullptr; + } + if (cert) + return new nsNSSCertificate(cert); + else + return new nsNSSCertificate(); +} + +nsNSSCertificate* +nsNSSCertificate::ConstructFromDER(char* certDER, int derLen) +{ + // On non-chrome process prevent instantiation + if (GeckoProcessType_Default != XRE_GetProcessType()) + return nullptr; + + nsNSSCertificate* newObject = nsNSSCertificate::Create(); + if (newObject && !newObject->InitFromDER(certDER, derLen)) { + delete newObject; + newObject = nullptr; + } + + return newObject; +} + +bool +nsNSSCertificate::InitFromDER(char* certDER, int derLen) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return false; + + if (!certDER || !derLen) + return false; + + CERTCertificate* aCert = CERT_DecodeCertFromPackage(certDER, derLen); + + if (!aCert) + return false; + + if (!aCert->dbhandle) + { + aCert->dbhandle = CERT_GetDefaultCertDB(); + } + + mCert.reset(aCert); + return true; +} + +nsNSSCertificate::nsNSSCertificate(CERTCertificate* cert) + : mCert(nullptr) + , mPermDelete(false) + , mCertType(CERT_TYPE_NOT_YET_INITIALIZED) +{ +#if defined(DEBUG) + if (GeckoProcessType_Default != XRE_GetProcessType()) + NS_ERROR("Trying to initialize nsNSSCertificate in a non-chrome process!"); +#endif + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return; + + if (cert) { + mCert.reset(CERT_DupCertificate(cert)); + } +} + +nsNSSCertificate::nsNSSCertificate() + : mCert(nullptr) + , mPermDelete(false) + , mCertType(CERT_TYPE_NOT_YET_INITIALIZED) +{ + if (GeckoProcessType_Default != XRE_GetProcessType()) + NS_ERROR("Trying to initialize nsNSSCertificate in a non-chrome process!"); +} + +nsNSSCertificate::~nsNSSCertificate() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +void nsNSSCertificate::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void nsNSSCertificate::destructorSafeDestroyNSSReference() +{ + if (mPermDelete) { + if (mCertType == nsNSSCertificate::USER_CERT) { + nsCOMPtr cxt = new PipUIContext(); + PK11_DeleteTokenCertAndKey(mCert.get(), cxt); + } else if (mCert->slot && !PK11_IsReadOnly(mCert->slot)) { + // If the list of built-ins does contain a non-removable + // copy of this certificate, our call will not remove + // the certificate permanently, but rather remove all trust. + SEC_DeletePermCertificate(mCert.get()); + } + } + + mCert = nullptr; +} + +nsresult +nsNSSCertificate::GetCertType(uint32_t* aCertType) +{ + if (mCertType == CERT_TYPE_NOT_YET_INITIALIZED) { + // only determine cert type once and cache it + mCertType = getCertType(mCert.get()); + } + *aCertType = mCertType; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetIsSelfSigned(bool* aIsSelfSigned) +{ + NS_ENSURE_ARG(aIsSelfSigned); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + *aIsSelfSigned = mCert->isRoot; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetIsBuiltInRoot(bool* aIsBuiltInRoot) +{ + NS_ENSURE_ARG(aIsBuiltInRoot); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + pkix::Result rv = IsCertBuiltInRoot(mCert.get(), *aIsBuiltInRoot); + if (rv != pkix::Result::Success) { + return NS_ERROR_FAILURE; + } + return NS_OK; +} + +nsresult +nsNSSCertificate::MarkForPermDeletion() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + // make sure user is logged in to the token + nsCOMPtr ctx = new PipUIContext(); + + if (mCert->slot && PK11_NeedLogin(mCert->slot) && + !PK11_NeedUserInit(mCert->slot) && !PK11_IsInternal(mCert->slot)) { + if (SECSuccess != PK11_Authenticate(mCert->slot, true, ctx)) { + return NS_ERROR_FAILURE; + } + } + + mPermDelete = true; + return NS_OK; +} + +/** + * Appends a pipnss bundle string to the given string. + * + * @param nssComponent For accessing the string bundle. + * @param bundleKey Key for the string to append. + * @param currentText The text to append to, using commas as separators. + */ +template +void +AppendBundleString(const NotNull>& nssComponent, + const char (&bundleKey)[N], + /*in/out*/ nsAString& currentText) +{ + nsAutoString bundleString; + nsresult rv = nssComponent->GetPIPNSSBundleString(bundleKey, bundleString); + if (NS_FAILED(rv)) { + return; + } + + if (!currentText.IsEmpty()) { + currentText.Append(','); + } + currentText.Append(bundleString); +} + +NS_IMETHODIMP +nsNSSCertificate::GetKeyUsages(nsAString& text) +{ + text.Truncate(); + + nsCOMPtr nssComponent = do_GetService(kNSSComponentCID); + if (!nssComponent) { + return NS_ERROR_FAILURE; + } + + if (!mCert) { + return NS_ERROR_FAILURE; + } + + if (!mCert->extensions) { + return NS_OK; + } + + ScopedAutoSECItem keyUsageItem; + if (CERT_FindKeyUsageExtension(mCert.get(), &keyUsageItem) != SECSuccess) { + return PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND ? NS_OK + : NS_ERROR_FAILURE; + } + + unsigned char keyUsage = 0; + if (keyUsageItem.len) { + keyUsage = keyUsageItem.data[0]; + } + + NotNull> wrappedNSSComponent = + WrapNotNull(nssComponent); + if (keyUsage & KU_DIGITAL_SIGNATURE) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUSign", text); + } + if (keyUsage & KU_NON_REPUDIATION) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUNonRep", text); + } + if (keyUsage & KU_KEY_ENCIPHERMENT) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUEnc", text); + } + if (keyUsage & KU_DATA_ENCIPHERMENT) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUDEnc", text); + } + if (keyUsage & KU_KEY_AGREEMENT) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUKA", text); + } + if (keyUsage & KU_KEY_CERT_SIGN) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUCertSign", text); + } + if (keyUsage & KU_CRL_SIGN) { + AppendBundleString(wrappedNSSComponent, "CertDumpKUCRLSign", text); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetDbKey(nsACString& aDbKey) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + return GetDbKey(mCert, aDbKey); +} + +nsresult +nsNSSCertificate::GetDbKey(const UniqueCERTCertificate& cert, nsACString& aDbKey) +{ + static_assert(sizeof(uint64_t) == 8, "type size sanity check"); + static_assert(sizeof(uint32_t) == 4, "type size sanity check"); + // The format of the key is the base64 encoding of the following: + // 4 bytes: {0, 0, 0, 0} (this was intended to be the module ID, but it was + // never implemented) + // 4 bytes: {0, 0, 0, 0} (this was intended to be the slot ID, but it was + // never implemented) + // 4 bytes: + // 4 bytes: + // n bytes: + // m bytes: + nsAutoCString buf; + const char leadingZeroes[] = {0, 0, 0, 0, 0, 0, 0, 0}; + buf.Append(leadingZeroes, sizeof(leadingZeroes)); + uint32_t serialNumberLen = htonl(cert->serialNumber.len); + buf.Append(BitwiseCast(&serialNumberLen), + sizeof(uint32_t)); + uint32_t issuerLen = htonl(cert->derIssuer.len); + buf.Append(BitwiseCast(&issuerLen), + sizeof(uint32_t)); + buf.Append(BitwiseCast(cert->serialNumber.data), + cert->serialNumber.len); + buf.Append(BitwiseCast(cert->derIssuer.data), + cert->derIssuer.len); + + return Base64Encode(buf, aDbKey); +} + +NS_IMETHODIMP +nsNSSCertificate::GetWindowTitle(nsAString& aWindowTitle) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + aWindowTitle.Truncate(); + + if (!mCert) { + NS_ERROR("Somehow got nullptr for mCert in nsNSSCertificate."); + return NS_ERROR_FAILURE; + } + + UniquePORTString commonName(CERT_GetCommonName(&mCert->subject)); + + const char* titleOptions[] = { + mCert->nickname, + commonName.get(), + mCert->subjectName, + mCert->emailAddr + }; + + nsAutoCString titleOption; + for (size_t i = 0; i < ArrayLength(titleOptions); i++) { + titleOption = titleOptions[i]; + if (titleOption.Length() > 0 && IsUTF8(titleOption)) { + CopyUTF8toUTF16(titleOption, aWindowTitle); + return NS_OK; + } + } + + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetNickname(nsAString& aNickname) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + if (mCert->nickname) { + CopyUTF8toUTF16(mCert->nickname, aNickname); + } else { + nsresult rv; + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + if (NS_FAILED(rv) || !nssComponent) { + return NS_ERROR_FAILURE; + } + nssComponent->GetPIPNSSBundleString("CertNoNickname", aNickname); + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetEmailAddress(nsAString& aEmailAddress) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + if (mCert->emailAddr) { + CopyUTF8toUTF16(mCert->emailAddr, aEmailAddress); + } else { + nsresult rv; + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + if (NS_FAILED(rv) || !nssComponent) { + return NS_ERROR_FAILURE; + } + nssComponent->GetPIPNSSBundleString("CertNoEmailAddress", aEmailAddress); + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetEmailAddresses(uint32_t* aLength, char16_t*** aAddresses) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + NS_ENSURE_ARG(aLength); + NS_ENSURE_ARG(aAddresses); + + *aLength = 0; + + const char* aAddr; + for (aAddr = CERT_GetFirstEmailAddress(mCert.get()) + ; + aAddr + ; + aAddr = CERT_GetNextEmailAddress(mCert.get(), aAddr)) + { + ++(*aLength); + } + + *aAddresses = (char16_t**) moz_xmalloc(sizeof(char16_t*) * (*aLength)); + if (!*aAddresses) + return NS_ERROR_OUT_OF_MEMORY; + + uint32_t iAddr; + for (aAddr = CERT_GetFirstEmailAddress(mCert.get()), iAddr = 0 + ; + aAddr + ; + aAddr = CERT_GetNextEmailAddress(mCert.get(), aAddr), ++iAddr) + { + (*aAddresses)[iAddr] = ToNewUnicode(NS_ConvertUTF8toUTF16(aAddr)); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::ContainsEmailAddress(const nsAString& aEmailAddress, + bool* result) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + NS_ENSURE_ARG(result); + *result = false; + + const char* aAddr = nullptr; + for (aAddr = CERT_GetFirstEmailAddress(mCert.get()) + ; + aAddr + ; + aAddr = CERT_GetNextEmailAddress(mCert.get(), aAddr)) + { + NS_ConvertUTF8toUTF16 certAddr(aAddr); + ToLowerCase(certAddr); + + nsAutoString testAddr(aEmailAddress); + ToLowerCase(testAddr); + + if (certAddr == testAddr) + { + *result = true; + break; + } + + } + + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetCommonName(nsAString& aCommonName) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + aCommonName.Truncate(); + if (mCert) { + UniquePORTString commonName(CERT_GetCommonName(&mCert->subject)); + if (commonName) { + aCommonName = NS_ConvertUTF8toUTF16(commonName.get()); + } + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetOrganization(nsAString& aOrganization) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + aOrganization.Truncate(); + if (mCert) { + UniquePORTString organization(CERT_GetOrgName(&mCert->subject)); + if (organization) { + aOrganization = NS_ConvertUTF8toUTF16(organization.get()); + } + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetIssuerCommonName(nsAString& aCommonName) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + aCommonName.Truncate(); + if (mCert) { + UniquePORTString commonName(CERT_GetCommonName(&mCert->issuer)); + if (commonName) { + aCommonName = NS_ConvertUTF8toUTF16(commonName.get()); + } + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetIssuerOrganization(nsAString& aOrganization) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + aOrganization.Truncate(); + if (mCert) { + UniquePORTString organization(CERT_GetOrgName(&mCert->issuer)); + if (organization) { + aOrganization = NS_ConvertUTF8toUTF16(organization.get()); + } + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetIssuerOrganizationUnit(nsAString& aOrganizationUnit) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + aOrganizationUnit.Truncate(); + if (mCert) { + UniquePORTString organizationUnit(CERT_GetOrgUnitName(&mCert->issuer)); + if (organizationUnit) { + aOrganizationUnit = NS_ConvertUTF8toUTF16(organizationUnit.get()); + } + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetIssuer(nsIX509Cert** aIssuer) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + NS_ENSURE_ARG(aIssuer); + *aIssuer = nullptr; + + nsCOMPtr chain; + nsresult rv; + rv = GetChain(getter_AddRefs(chain)); + NS_ENSURE_SUCCESS(rv, rv); + uint32_t length; + if (!chain || NS_FAILED(chain->GetLength(&length)) || length == 0) { + return NS_ERROR_UNEXPECTED; + } + if (length == 1) { // No known issuer + return NS_OK; + } + nsCOMPtr cert; + chain->QueryElementAt(1, NS_GET_IID(nsIX509Cert), getter_AddRefs(cert)); + if (!cert) { + return NS_ERROR_UNEXPECTED; + } + cert.forget(aIssuer); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetOrganizationalUnit(nsAString& aOrganizationalUnit) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + aOrganizationalUnit.Truncate(); + if (mCert) { + UniquePORTString orgunit(CERT_GetOrgUnitName(&mCert->subject)); + if (orgunit) { + aOrganizationalUnit = NS_ConvertUTF8toUTF16(orgunit.get()); + } + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetChain(nsIArray** _rvChain) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + NS_ENSURE_ARG(_rvChain); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting chain for \"%s\"\n", mCert->nickname)); + + mozilla::pkix::Time now(mozilla::pkix::Now()); + + RefPtr certVerifier(GetDefaultCertVerifier()); + NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED); + + UniqueCERTCertList nssChain; + // We want to test all usages, but we start with server because most of the + // time Firefox users care about server certs. + if (certVerifier->VerifyCert(mCert.get(), certificateUsageSSLServer, now, + nullptr, /*XXX fixme*/ + nullptr, /* hostname */ + nssChain, + CertVerifier::FLAG_LOCAL_ONLY) + != mozilla::pkix::Success) { + nssChain = nullptr; + // keep going + } + + // This is the whitelist of all non-SSLServer usages that are supported by + // verifycert. + const int otherUsagesToTest = certificateUsageSSLClient | + certificateUsageSSLCA | + certificateUsageEmailSigner | + certificateUsageEmailRecipient | + certificateUsageObjectSigner | + certificateUsageStatusResponder; + for (int usage = certificateUsageSSLClient; + usage < certificateUsageAnyCA && !nssChain; + usage = usage << 1) { + if ((usage & otherUsagesToTest) == 0) { + continue; + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("pipnss: PKIX attempting chain(%d) for '%s'\n", + usage, mCert->nickname)); + if (certVerifier->VerifyCert(mCert.get(), usage, now, + nullptr, /*XXX fixme*/ + nullptr, /*hostname*/ + nssChain, + CertVerifier::FLAG_LOCAL_ONLY) + != mozilla::pkix::Success) { + nssChain = nullptr; + // keep going + } + } + + if (!nssChain) { + // There is not verified path for the chain, however we still want to + // present to the user as much of a possible chain as possible, in the case + // where there was a problem with the cert or the issuers. + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("pipnss: getchain :CertVerify failed to get chain for '%s'\n", + mCert->nickname)); + nssChain = UniqueCERTCertList( + CERT_GetCertChainFromCert(mCert.get(), PR_Now(), certUsageSSLClient)); + } + if (!nssChain) { + return NS_ERROR_FAILURE; + } + + // enumerate the chain for scripting purposes + nsCOMPtr array = nsArrayBase::Create(); + if (!array) { + return NS_ERROR_FAILURE; + } + CERTCertListNode* node; + for (node = CERT_LIST_HEAD(nssChain.get()); + !CERT_LIST_END(node, nssChain.get()); + node = CERT_LIST_NEXT(node)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("adding %s to chain\n", node->cert->nickname)); + nsCOMPtr cert = nsNSSCertificate::Create(node->cert); + array->AppendElement(cert, false); + } + *_rvChain = array; + NS_IF_ADDREF(*_rvChain); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetAllTokenNames(uint32_t* aLength, char16_t*** aTokenNames) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + NS_ENSURE_ARG(aLength); + NS_ENSURE_ARG(aTokenNames); + *aLength = 0; + *aTokenNames = nullptr; + + // Get the slots from NSS + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting slots for \"%s\"\n", mCert->nickname)); + UniquePK11SlotList slots(PK11_GetAllSlotsForCert(mCert.get(), nullptr)); + if (!slots) { + if (PORT_GetError() == SEC_ERROR_NO_TOKEN) { + return NS_OK; // List of slots is empty, return empty array + } + return NS_ERROR_FAILURE; + } + + // read the token names from slots + PK11SlotListElement* le; + + for (le = slots->head; le; le = le->next) { + ++(*aLength); + } + + *aTokenNames = (char16_t**) moz_xmalloc(sizeof(char16_t*) * (*aLength)); + if (!*aTokenNames) { + *aLength = 0; + return NS_ERROR_OUT_OF_MEMORY; + } + + uint32_t iToken; + for (le = slots->head, iToken = 0; le; le = le->next, ++iToken) { + char* token = PK11_GetTokenName(le->slot); + (*aTokenNames)[iToken] = ToNewUnicode(NS_ConvertUTF8toUTF16(token)); + if (!(*aTokenNames)[iToken]) { + NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(iToken, *aTokenNames); + *aLength = 0; + *aTokenNames = nullptr; + return NS_ERROR_OUT_OF_MEMORY; + } + } + + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetSubjectName(nsAString& _subjectName) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + _subjectName.Truncate(); + if (mCert->subjectName) { + _subjectName = NS_ConvertUTF8toUTF16(mCert->subjectName); + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetIssuerName(nsAString& _issuerName) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + _issuerName.Truncate(); + if (mCert->issuerName) { + _issuerName = NS_ConvertUTF8toUTF16(mCert->issuerName); + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetSerialNumber(nsAString& _serialNumber) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + _serialNumber.Truncate(); + UniquePORTString tmpstr(CERT_Hexify(&mCert->serialNumber, 1)); + if (tmpstr) { + _serialNumber = NS_ConvertASCIItoUTF16(tmpstr.get()); + return NS_OK; + } + return NS_ERROR_FAILURE; +} + +nsresult +nsNSSCertificate::GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + aFingerprint.Truncate(); + Digest digest; + nsresult rv = digest.DigestBuf(aHashAlg, mCert->derCert.data, + mCert->derCert.len); + if (NS_FAILED(rv)) { + return rv; + } + + // CERT_Hexify's second argument is an int that is interpreted as a boolean + UniquePORTString fpStr(CERT_Hexify(const_cast(&digest.get()), 1)); + if (!fpStr) { + return NS_ERROR_FAILURE; + } + + aFingerprint.AssignASCII(fpStr.get()); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetSha256Fingerprint(nsAString& aSha256Fingerprint) +{ + return GetCertificateHash(aSha256Fingerprint, SEC_OID_SHA256); +} + +NS_IMETHODIMP +nsNSSCertificate::GetSha1Fingerprint(nsAString& _sha1Fingerprint) +{ + return GetCertificateHash(_sha1Fingerprint, SEC_OID_SHA1); +} + +NS_IMETHODIMP +nsNSSCertificate::GetTokenName(nsAString& aTokenName) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + aTokenName.Truncate(); + if (mCert) { + // HACK alert + // When the trust of a builtin cert is modified, NSS copies it into the + // cert db. At this point, it is now "managed" by the user, and should + // not be listed with the builtins. However, in the collection code + // used by PK11_ListCerts, the cert is found in the temp db, where it + // has been loaded from the token. Though the trust is correct (grabbed + // from the cert db), the source is wrong. I believe this is a safe + // way to work around this. + if (mCert->slot) { + char* token = PK11_GetTokenName(mCert->slot); + if (token) { + aTokenName = NS_ConvertUTF8toUTF16(token); + } + } else { + nsresult rv; + nsAutoString tok; + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + if (NS_FAILED(rv)) return rv; + rv = nssComponent->GetPIPNSSBundleString("InternalToken", tok); + if (NS_SUCCEEDED(rv)) + aTokenName = tok; + } + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(nsACString& aSha256SPKIDigest) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + aSha256SPKIDigest.Truncate(); + Digest digest; + nsresult rv = digest.DigestBuf(SEC_OID_SHA256, mCert->derPublicKey.data, + mCert->derPublicKey.len); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + rv = Base64Encode(nsDependentCSubstring( + BitwiseCast(digest.get().data), + digest.get().len), + aSha256SPKIDigest); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetRawDER(uint32_t* aLength, uint8_t** aArray) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + if (mCert) { + *aArray = (uint8_t*)moz_xmalloc(mCert->derCert.len); + if (*aArray) { + memcpy(*aArray, mCert->derCert.data, mCert->derCert.len); + *aLength = mCert->derCert.len; + return NS_OK; + } + } + *aLength = 0; + return NS_ERROR_FAILURE; +} + +NS_IMETHODIMP +nsNSSCertificate::ExportAsCMS(uint32_t chainMode, + uint32_t* aLength, uint8_t** aArray) +{ + NS_ENSURE_ARG(aLength); + NS_ENSURE_ARG(aArray); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + if (!mCert) + return NS_ERROR_FAILURE; + + switch (chainMode) { + case nsIX509Cert::CMS_CHAIN_MODE_CertOnly: + case nsIX509Cert::CMS_CHAIN_MODE_CertChain: + case nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot: + break; + default: + return NS_ERROR_INVALID_ARG; + } + + UniqueNSSCMSMessage cmsg(NSS_CMSMessage_Create(nullptr)); + if (!cmsg) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSCertificate::ExportAsCMS - can't create CMS message\n")); + return NS_ERROR_OUT_OF_MEMORY; + } + + // first, create SignedData with the certificate only (no chain) + UniqueNSSCMSSignedData sigd( + NSS_CMSSignedData_CreateCertsOnly(cmsg.get(), mCert.get(), false)); + if (!sigd) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSCertificate::ExportAsCMS - can't create SignedData\n")); + return NS_ERROR_FAILURE; + } + + // Calling NSS_CMSSignedData_CreateCertsOnly() will not allow us + // to specify the inclusion of the root, but CERT_CertChainFromCert() does. + // Since CERT_CertChainFromCert() also includes the certificate itself, + // we have to start at the issuing cert (to avoid duplicate certs + // in the SignedData). + if (chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChain || + chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot) { + UniqueCERTCertificate issuerCert( + CERT_FindCertIssuer(mCert.get(), PR_Now(), certUsageAnyCA)); + // the issuerCert of a self signed root is the cert itself, + // so make sure we're not adding duplicates, again + if (issuerCert && issuerCert != mCert) { + bool includeRoot = + (chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot); + UniqueCERTCertificateList certChain( + CERT_CertChainFromCert(issuerCert.get(), certUsageAnyCA, includeRoot)); + if (certChain) { + if (NSS_CMSSignedData_AddCertList(sigd.get(), certChain.get()) + == SECSuccess) { + Unused << certChain.release(); + } + else { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSCertificate::ExportAsCMS - can't add chain\n")); + return NS_ERROR_FAILURE; + } + } + else { + // try to add the issuerCert, at least + if (NSS_CMSSignedData_AddCertificate(sigd.get(), issuerCert.get()) + == SECSuccess) { + Unused << issuerCert.release(); + } + else { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSCertificate::ExportAsCMS - can't add issuer cert\n")); + return NS_ERROR_FAILURE; + } + } + } + } + + NSSCMSContentInfo* cinfo = NSS_CMSMessage_GetContentInfo(cmsg.get()); + if (NSS_CMSContentInfo_SetContent_SignedData(cmsg.get(), cinfo, sigd.get()) + == SECSuccess) { + Unused << sigd.release(); + } + else { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSCertificate::ExportAsCMS - can't attach SignedData\n")); + return NS_ERROR_FAILURE; + } + + UniquePLArenaPool arena(PORT_NewArena(1024)); + if (!arena) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSCertificate::ExportAsCMS - out of memory\n")); + return NS_ERROR_OUT_OF_MEMORY; + } + + SECItem certP7 = { siBuffer, nullptr, 0 }; + NSSCMSEncoderContext* ecx = NSS_CMSEncoder_Start(cmsg.get(), nullptr, nullptr, + &certP7, arena.get(), nullptr, + nullptr, nullptr, nullptr, + nullptr, nullptr); + if (!ecx) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSCertificate::ExportAsCMS - can't create encoder context\n")); + return NS_ERROR_FAILURE; + } + + if (NSS_CMSEncoder_Finish(ecx) != SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSCertificate::ExportAsCMS - failed to add encoded data\n")); + return NS_ERROR_FAILURE; + } + + *aArray = (uint8_t*)moz_xmalloc(certP7.len); + if (!*aArray) + return NS_ERROR_OUT_OF_MEMORY; + + memcpy(*aArray, certP7.data, certP7.len); + *aLength = certP7.len; + return NS_OK; +} + +CERTCertificate* +nsNSSCertificate::GetCert() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return nullptr; + + return (mCert) ? CERT_DupCertificate(mCert.get()) : nullptr; +} + +NS_IMETHODIMP +nsNSSCertificate::GetValidity(nsIX509CertValidity** aValidity) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + NS_ENSURE_ARG(aValidity); + + if (!mCert) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr validity = new nsX509CertValidity(mCert); + validity.forget(aValidity); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetASN1Structure(nsIASN1Object** aASN1Structure) +{ + NS_ENSURE_ARG_POINTER(aASN1Structure); + return CreateASN1Struct(aASN1Structure); +} + +NS_IMETHODIMP +nsNSSCertificate::Equals(nsIX509Cert* other, bool* result) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + NS_ENSURE_ARG(other); + NS_ENSURE_ARG(result); + + UniqueCERTCertificate cert(other->GetCert()); + *result = (mCert.get() == cert.get()); + return NS_OK; +} + +namespace mozilla { + +// TODO(bug 1036065): It seems like we only construct CERTCertLists for the +// purpose of constructing nsNSSCertLists, so maybe we should change this +// function to output an nsNSSCertList instead. +SECStatus +ConstructCERTCertListFromReversedDERArray( + const mozilla::pkix::DERArray& certArray, + /*out*/ UniqueCERTCertList& certList) +{ + certList = UniqueCERTCertList(CERT_NewCertList()); + if (!certList) { + return SECFailure; + } + + CERTCertDBHandle* certDB(CERT_GetDefaultCertDB()); // non-owning + + size_t numCerts = certArray.GetLength(); + for (size_t i = 0; i < numCerts; ++i) { + SECItem certDER(UnsafeMapInputToSECItem(*certArray.GetDER(i))); + UniqueCERTCertificate cert(CERT_NewTempCertificate(certDB, &certDER, + nullptr, false, true)); + if (!cert) { + return SECFailure; + } + // certArray is ordered with the root first, but we want the resulting + // certList to have the root last. + if (CERT_AddCertToListHead(certList.get(), cert.get()) != SECSuccess) { + return SECFailure; + } + Unused << cert.release(); // cert is now owned by certList. + } + + return SECSuccess; +} + +} // namespace mozilla + +NS_IMPL_CLASSINFO(nsNSSCertList, + nullptr, + // inferred from nsIX509Cert + nsIClassInfo::THREADSAFE, + NS_X509CERTLIST_CID) + +NS_IMPL_ISUPPORTS_CI(nsNSSCertList, + nsIX509CertList, + nsISerializable) + +nsNSSCertList::nsNSSCertList(UniqueCERTCertList certList, + const nsNSSShutDownPreventionLock& proofOfLock) +{ + if (certList) { + mCertList = Move(certList); + } else { + mCertList = UniqueCERTCertList(CERT_NewCertList()); + } +} + +nsNSSCertList::nsNSSCertList() +{ + mCertList = UniqueCERTCertList(CERT_NewCertList()); +} + +nsNSSCertList::~nsNSSCertList() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +void nsNSSCertList::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void nsNSSCertList::destructorSafeDestroyNSSReference() +{ + mCertList = nullptr; +} + +NS_IMETHODIMP +nsNSSCertList::AddCert(nsIX509Cert* aCert) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + CERTCertificate* cert = aCert->GetCert(); + if (!cert) { + NS_ERROR("Somehow got nullptr for mCertificate in nsNSSCertificate."); + return NS_ERROR_FAILURE; + } + + if (!mCertList) { + NS_ERROR("Somehow got nullptr for mCertList in nsNSSCertList."); + return NS_ERROR_FAILURE; + } + // XXX: check return value! + CERT_AddCertToListTail(mCertList.get(), cert); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertList::DeleteCert(nsIX509Cert* aCert) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + CERTCertificate* cert = aCert->GetCert(); + CERTCertListNode* node; + + if (!cert) { + NS_ERROR("Somehow got nullptr for mCertificate in nsNSSCertificate."); + return NS_ERROR_FAILURE; + } + + if (!mCertList) { + NS_ERROR("Somehow got nullptr for mCertList in nsNSSCertList."); + return NS_ERROR_FAILURE; + } + + for (node = CERT_LIST_HEAD(mCertList.get()); + !CERT_LIST_END(node, mCertList.get()); node = CERT_LIST_NEXT(node)) { + if (node->cert == cert) { + CERT_RemoveCertListNode(node); + return NS_OK; + } + } + return NS_OK; // XXX Should we fail if we couldn't find it? +} + +UniqueCERTCertList +nsNSSCertList::DupCertList(const UniqueCERTCertList& certList, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + if (!certList) { + return nullptr; + } + + UniqueCERTCertList newList(CERT_NewCertList()); + if (!newList) { + return nullptr; + } + + for (CERTCertListNode* node = CERT_LIST_HEAD(certList); + !CERT_LIST_END(node, certList); + node = CERT_LIST_NEXT(node)) { + UniqueCERTCertificate cert(CERT_DupCertificate(node->cert)); + if (!cert) { + return nullptr; + } + + if (CERT_AddCertToListTail(newList.get(), cert.get()) != SECSuccess) { + return nullptr; + } + + Unused << cert.release(); // Ownership transferred to the cert list. + } + return newList; +} + +CERTCertList* +nsNSSCertList::GetRawCertList() +{ + // This function should only be called after acquiring a + // nsNSSShutDownPreventionLock. It's difficult to enforce this in code since + // this is an implementation of an XPCOM interface function (albeit a + // C++-only one), so we acquire the (reentrant) lock and check for shutdown + // ourselves here. At the moment it appears that only nsCertTree uses this + // function. When that gets removed and replaced by a more reasonable + // implementation of the certificate manager, this function can be removed. + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return nullptr; + } + return mCertList.get(); +} + +NS_IMETHODIMP +nsNSSCertList::Write(nsIObjectOutputStream* aStream) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + NS_ENSURE_STATE(mCertList); + nsresult rv = NS_OK; + + // First, enumerate the certs to get the length of the list + uint32_t certListLen = 0; + CERTCertListNode* node = nullptr; + for (node = CERT_LIST_HEAD(mCertList); + !CERT_LIST_END(node, mCertList); + node = CERT_LIST_NEXT(node), ++certListLen) { + } + + // Write the length of the list + rv = aStream->Write32(certListLen); + + // Repeat the loop, and serialize each certificate + node = nullptr; + for (node = CERT_LIST_HEAD(mCertList); + !CERT_LIST_END(node, mCertList); + node = CERT_LIST_NEXT(node)) + { + nsCOMPtr cert = nsNSSCertificate::Create(node->cert); + if (!cert) { + rv = NS_ERROR_OUT_OF_MEMORY; + break; + } + + nsCOMPtr serializableCert = do_QueryInterface(cert); + rv = aStream->WriteCompoundObject(serializableCert, NS_GET_IID(nsIX509Cert), true); + if (NS_FAILED(rv)) { + break; + } + } + + return rv; +} + +NS_IMETHODIMP +nsNSSCertList::Read(nsIObjectInputStream* aStream) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + NS_ENSURE_STATE(mCertList); + nsresult rv = NS_OK; + + uint32_t certListLen; + rv = aStream->Read32(&certListLen); + if (NS_FAILED(rv)) { + return rv; + } + + for(uint32_t i = 0; i < certListLen; ++i) { + nsCOMPtr certSupports; + rv = aStream->ReadObject(true, getter_AddRefs(certSupports)); + if (NS_FAILED(rv)) { + break; + } + + nsCOMPtr cert = do_QueryInterface(certSupports); + rv = AddCert(cert); + if (NS_FAILED(rv)) { + break; + } + } + + return rv; +} + +NS_IMETHODIMP +nsNSSCertList::GetEnumerator(nsISimpleEnumerator** _retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (!mCertList) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr enumerator = + new nsNSSCertListEnumerator(mCertList, locker); + + enumerator.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertList::Equals(nsIX509CertList* other, bool* result) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + NS_ENSURE_ARG(result); + *result = true; + + nsresult rv; + + nsCOMPtr selfEnumerator; + rv = GetEnumerator(getter_AddRefs(selfEnumerator)); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr otherEnumerator; + rv = other->GetEnumerator(getter_AddRefs(otherEnumerator)); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr selfSupports; + nsCOMPtr otherSupports; + while (NS_SUCCEEDED(selfEnumerator->GetNext(getter_AddRefs(selfSupports)))) { + if (NS_SUCCEEDED(otherEnumerator->GetNext(getter_AddRefs(otherSupports)))) { + nsCOMPtr selfCert = do_QueryInterface(selfSupports); + nsCOMPtr otherCert = do_QueryInterface(otherSupports); + + bool certsEqual = false; + rv = selfCert->Equals(otherCert, &certsEqual); + if (NS_FAILED(rv)) { + return rv; + } + if (!certsEqual) { + *result = false; + break; + } + } else { + // other is shorter than self + *result = false; + break; + } + } + + // Make sure self is the same length as other + bool otherHasMore = false; + rv = otherEnumerator->HasMoreElements(&otherHasMore); + if (NS_FAILED(rv)) { + return rv; + } + if (otherHasMore) { + *result = false; + } + + return NS_OK; +} + +NS_IMPL_ISUPPORTS(nsNSSCertListEnumerator, nsISimpleEnumerator) + +nsNSSCertListEnumerator::nsNSSCertListEnumerator( + const UniqueCERTCertList& certList, + const nsNSSShutDownPreventionLock& proofOfLock) +{ + MOZ_ASSERT(certList); + mCertList = nsNSSCertList::DupCertList(certList, proofOfLock); +} + +nsNSSCertListEnumerator::~nsNSSCertListEnumerator() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +void nsNSSCertListEnumerator::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void nsNSSCertListEnumerator::destructorSafeDestroyNSSReference() +{ + mCertList = nullptr; +} + +NS_IMETHODIMP +nsNSSCertListEnumerator::HasMoreElements(bool* _retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + NS_ENSURE_TRUE(mCertList, NS_ERROR_FAILURE); + + *_retval = !CERT_LIST_EMPTY(mCertList); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertListEnumerator::GetNext(nsISupports** _retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + NS_ENSURE_TRUE(mCertList, NS_ERROR_FAILURE); + + CERTCertListNode* node = CERT_LIST_HEAD(mCertList); + if (CERT_LIST_END(node, mCertList)) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr nssCert = nsNSSCertificate::Create(node->cert); + if (!nssCert) { + return NS_ERROR_OUT_OF_MEMORY; + } + + nssCert.forget(_retval); + + CERT_RemoveCertListNode(node); + return NS_OK; +} + +// NB: This serialization must match that of nsNSSCertificateFakeTransport. +NS_IMETHODIMP +nsNSSCertificate::Write(nsIObjectOutputStream* aStream) +{ + NS_ENSURE_STATE(mCert); + // This field used to be the cached EV status, but it is no longer necessary. + nsresult rv = aStream->Write32(0); + if (NS_FAILED(rv)) { + return rv; + } + rv = aStream->Write32(mCert->derCert.len); + if (NS_FAILED(rv)) { + return rv; + } + return aStream->WriteByteArray(mCert->derCert.data, mCert->derCert.len); +} + +NS_IMETHODIMP +nsNSSCertificate::Read(nsIObjectInputStream* aStream) +{ + NS_ENSURE_STATE(!mCert); + + // This field is no longer used. + uint32_t unusedCachedEVStatus; + nsresult rv = aStream->Read32(&unusedCachedEVStatus); + if (NS_FAILED(rv)) { + return rv; + } + + uint32_t len; + rv = aStream->Read32(&len); + if (NS_FAILED(rv)) { + return rv; + } + + nsXPIDLCString str; + rv = aStream->ReadBytes(len, getter_Copies(str)); + if (NS_FAILED(rv)) { + return rv; + } + + if (!InitFromDER(const_cast(str.get()), len)) { + return NS_ERROR_UNEXPECTED; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetInterfaces(uint32_t* count, nsIID*** array) +{ + *count = 0; + *array = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetScriptableHelper(nsIXPCScriptable** _retval) +{ + *_retval = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetContractID(char** aContractID) +{ + *aContractID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetClassDescription(char** aClassDescription) +{ + *aClassDescription = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetClassID(nsCID** aClassID) +{ + *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID)); + if (!*aClassID) + return NS_ERROR_OUT_OF_MEMORY; + return GetClassIDNoAlloc(*aClassID); +} + +NS_IMETHODIMP +nsNSSCertificate::GetFlags(uint32_t* aFlags) +{ + *aFlags = nsIClassInfo::THREADSAFE; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificate::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) +{ + static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID); + + *aClassIDNoAlloc = kNSSCertificateCID; + return NS_OK; +} diff --git a/security/manager/ssl/nsNSSCertificate.h b/security/manager/ssl/nsNSSCertificate.h new file mode 100644 index 000000000..b62c6c7ac --- /dev/null +++ b/security/manager/ssl/nsNSSCertificate.h @@ -0,0 +1,132 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSCertificate_h +#define nsNSSCertificate_h + +#include "ScopedNSSTypes.h" +#include "certt.h" +#include "nsCOMPtr.h" +#include "nsIASN1Object.h" +#include "nsIClassInfo.h" +#include "nsISerializable.h" +#include "nsISimpleEnumerator.h" +#include "nsIX509Cert.h" +#include "nsIX509CertDB.h" +#include "nsIX509CertList.h" +#include "nsNSSShutDown.h" + +namespace mozilla { namespace pkix { class DERArray; } } + +class nsAutoString; +class nsINSSComponent; +class nsIASN1Sequence; + +class nsNSSCertificate final : public nsIX509Cert, + public nsISerializable, + public nsIClassInfo, + public nsNSSShutDownObject +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIX509CERT + NS_DECL_NSISERIALIZABLE + NS_DECL_NSICLASSINFO + + friend class nsNSSCertificateFakeTransport; + + explicit nsNSSCertificate(CERTCertificate* cert); + nsNSSCertificate(); + static nsNSSCertificate* Create(CERTCertificate* cert = nullptr); + static nsNSSCertificate* ConstructFromDER(char* certDER, int derLen); + + // This is a separate static method so nsNSSComponent can use it during NSS + // initialization. Other code should probably not use it. + static nsresult GetDbKey(const mozilla::UniqueCERTCertificate& cert, + nsACString& aDbKey); + +private: + virtual ~nsNSSCertificate(); + + mozilla::UniqueCERTCertificate mCert; + bool mPermDelete; + uint32_t mCertType; + nsresult CreateASN1Struct(nsIASN1Object** aRetVal); + nsresult CreateTBSCertificateASN1Struct(nsIASN1Sequence** retSequence, + nsINSSComponent* nssComponent); + nsresult GetSortableDate(PRTime aTime, nsAString& _aSortableDate); + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); + bool InitFromDER(char* certDER, int derLen); // return false on failure + + nsresult GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg); +}; + +namespace mozilla { + +SECStatus ConstructCERTCertListFromReversedDERArray( + const mozilla::pkix::DERArray& certArray, + /*out*/ mozilla::UniqueCERTCertList& certList); + +} // namespace mozilla + +class nsNSSCertList: public nsIX509CertList, + public nsISerializable, + public nsNSSShutDownObject +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIX509CERTLIST + NS_DECL_NSISERIALIZABLE + + // certList is adopted + nsNSSCertList(mozilla::UniqueCERTCertList certList, + const nsNSSShutDownPreventionLock& proofOfLock); + + nsNSSCertList(); + + static mozilla::UniqueCERTCertList DupCertList( + const mozilla::UniqueCERTCertList& certList, + const nsNSSShutDownPreventionLock& proofOfLock); + +private: + virtual ~nsNSSCertList(); + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); + + mozilla::UniqueCERTCertList mCertList; + + nsNSSCertList(const nsNSSCertList&) = delete; + void operator=(const nsNSSCertList&) = delete; +}; + +class nsNSSCertListEnumerator: public nsISimpleEnumerator, + public nsNSSShutDownObject +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSISIMPLEENUMERATOR + + nsNSSCertListEnumerator(const mozilla::UniqueCERTCertList& certList, + const nsNSSShutDownPreventionLock& proofOfLock); +private: + virtual ~nsNSSCertListEnumerator(); + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); + + mozilla::UniqueCERTCertList mCertList; + + nsNSSCertListEnumerator(const nsNSSCertListEnumerator&) = delete; + void operator=(const nsNSSCertListEnumerator&) = delete; +}; + +#define NS_X509CERT_CID { /* 660a3226-915c-4ffb-bb20-8985a632df05 */ \ + 0x660a3226, \ + 0x915c, \ + 0x4ffb, \ + { 0xbb, 0x20, 0x89, 0x85, 0xa6, 0x32, 0xdf, 0x05 } \ + } + +#endif // nsNSSCertificate_h diff --git a/security/manager/ssl/nsNSSCertificateDB.cpp b/security/manager/ssl/nsNSSCertificateDB.cpp new file mode 100644 index 000000000..3d7c7eec4 --- /dev/null +++ b/security/manager/ssl/nsNSSCertificateDB.cpp @@ -0,0 +1,1658 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSCertificateDB.h" + +#include "CertVerifier.h" +#include "CryptoTask.h" +#include "ExtendedValidation.h" +#include "NSSCertDBTrustDomain.h" +#include "SharedSSLState.h" +#include "certdb.h" +#include "mozilla/Base64.h" +#include "mozilla/Casting.h" +#include "mozilla/Unused.h" +#include "nsArray.h" +#include "nsArrayUtils.h" +#include "nsCOMPtr.h" +#include "nsCRT.h" +#include "nsComponentManagerUtils.h" +#include "nsICertificateDialogs.h" +#include "nsIFile.h" +#include "nsIMutableArray.h" +#include "nsIObserverService.h" +#include "nsIPrefBranch.h" +#include "nsIPrefService.h" +#include "nsIPrompt.h" +#include "nsNSSCertHelper.h" +#include "nsNSSCertTrust.h" +#include "nsNSSCertificate.h" +#include "nsNSSComponent.h" +#include "nsNSSHelper.h" +#include "nsNSSShutDown.h" +#include "nsPK11TokenDB.h" +#include "nsPKCS12Blob.h" +#include "nsPromiseFlatString.h" +#include "nsProxyRelease.h" +#include "nsReadableUtils.h" +#include "nsThreadUtils.h" +#include "nspr.h" +#include "pkix/Time.h" +#include "pkix/pkixnss.h" +#include "pkix/pkixtypes.h" +#include "secasn1.h" +#include "secder.h" +#include "secerr.h" +#include "ssl.h" + +#ifdef XP_WIN +#include // for ntohl +#endif + +using namespace mozilla; +using namespace mozilla::psm; +using mozilla::psm::SharedSSLState; + +extern LazyLogModule gPIPNSSLog; + +static nsresult +attemptToLogInWithDefaultPassword() +{ +#ifdef NSS_DISABLE_DBM + // The SQL NSS DB requires the user to be authenticated to set certificate + // trust settings, even if the user's password is empty. To maintain + // compatibility with the DBM-based database, try to log in with the + // default empty password. This will allow, at least, tests that need to + // change certificate trust to pass on all platforms. TODO(bug 978120): Do + // proper testing and/or implement a better solution so that we are confident + // that this does the correct thing outside of xpcshell tests too. + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + return MapSECStatus(SECFailure); + } + if (PK11_NeedUserInit(slot.get())) { + // Ignore the return value. Presumably PK11_InitPin will fail if the user + // has a non-default password. + Unused << PK11_InitPin(slot.get(), nullptr, nullptr); + } +#endif + + return NS_OK; +} + +NS_IMPL_ISUPPORTS(nsNSSCertificateDB, nsIX509CertDB) + +nsNSSCertificateDB::~nsNSSCertificateDB() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + shutdown(ShutdownCalledFrom::Object); +} + +NS_IMETHODIMP +nsNSSCertificateDB::FindCertByNickname(const nsAString& nickname, + nsIX509Cert** _rvCert) +{ + NS_ENSURE_ARG_POINTER(_rvCert); + *_rvCert = nullptr; + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + char *asciiname = nullptr; + NS_ConvertUTF16toUTF8 aUtf8Nickname(nickname); + asciiname = const_cast(aUtf8Nickname.get()); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting \"%s\"\n", asciiname)); + UniqueCERTCertificate cert(PK11_FindCertFromNickname(asciiname, nullptr)); + if (!cert) { + cert.reset(CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname)); + } + if (cert) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("got it\n")); + nsCOMPtr pCert = nsNSSCertificate::Create(cert.get()); + if (pCert) { + pCert.forget(_rvCert); + return NS_OK; + } + } + return NS_ERROR_FAILURE; +} + +NS_IMETHODIMP +nsNSSCertificateDB::FindCertByDBKey(const char* aDBKey,nsIX509Cert** _cert) +{ + NS_ENSURE_ARG_POINTER(aDBKey); + NS_ENSURE_ARG(aDBKey[0]); + NS_ENSURE_ARG_POINTER(_cert); + *_cert = nullptr; + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniqueCERTCertificate cert; + nsresult rv = FindCertByDBKey(aDBKey, cert); + if (NS_FAILED(rv)) { + return rv; + } + // If we can't find the certificate, that's not an error. Just return null. + if (!cert) { + return NS_OK; + } + nsCOMPtr nssCert = nsNSSCertificate::Create(cert.get()); + if (!nssCert) { + return NS_ERROR_OUT_OF_MEMORY; + } + nssCert.forget(_cert); + return NS_OK; +} + +nsresult +nsNSSCertificateDB::FindCertByDBKey(const char* aDBKey, + UniqueCERTCertificate& cert) +{ + static_assert(sizeof(uint64_t) == 8, "type size sanity check"); + static_assert(sizeof(uint32_t) == 4, "type size sanity check"); + // (From nsNSSCertificate::GetDbKey) + // The format of the key is the base64 encoding of the following: + // 4 bytes: {0, 0, 0, 0} (this was intended to be the module ID, but it was + // never implemented) + // 4 bytes: {0, 0, 0, 0} (this was intended to be the slot ID, but it was + // never implemented) + // 4 bytes: + // 4 bytes: + // n bytes: + // m bytes: + nsAutoCString decoded; + nsAutoCString tmpDBKey(aDBKey); + // Filter out any whitespace for backwards compatibility. + tmpDBKey.StripWhitespace(); + nsresult rv = Base64Decode(tmpDBKey, decoded); + if (NS_FAILED(rv)) { + return rv; + } + if (decoded.Length() < 16) { + return NS_ERROR_ILLEGAL_INPUT; + } + const char* reader = decoded.BeginReading(); + uint64_t zeroes = *BitwiseCast(reader); + if (zeroes != 0) { + return NS_ERROR_ILLEGAL_INPUT; + } + reader += sizeof(uint64_t); + // Note: We surround the ntohl() argument with parentheses to stop the macro + // from thinking two arguments were passed. + uint32_t serialNumberLen = ntohl( + (*BitwiseCast(reader))); + reader += sizeof(uint32_t); + uint32_t issuerLen = ntohl( + (*BitwiseCast(reader))); + reader += sizeof(uint32_t); + if (decoded.Length() != 16ULL + serialNumberLen + issuerLen) { + return NS_ERROR_ILLEGAL_INPUT; + } + CERTIssuerAndSN issuerSN; + issuerSN.serialNumber.len = serialNumberLen; + issuerSN.serialNumber.data = BitwiseCast(reader); + reader += serialNumberLen; + issuerSN.derIssuer.len = issuerLen; + issuerSN.derIssuer.data = BitwiseCast(reader); + reader += issuerLen; + MOZ_ASSERT(reader == decoded.EndReading()); + + cert.reset(CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN)); + return NS_OK; +} + +SECStatus +collect_certs(void *arg, SECItem **certs, int numcerts) +{ + CERTDERCerts *collectArgs; + SECItem *cert; + SECStatus rv; + + collectArgs = (CERTDERCerts *)arg; + + collectArgs->numcerts = numcerts; + collectArgs->rawCerts = (SECItem *) PORT_ArenaZAlloc(collectArgs->arena, + sizeof(SECItem) * numcerts); + if (!collectArgs->rawCerts) + return(SECFailure); + + cert = collectArgs->rawCerts; + + while ( numcerts-- ) { + rv = SECITEM_CopyItem(collectArgs->arena, cert, *certs); + if ( rv == SECFailure ) + return(SECFailure); + cert++; + certs++; + } + + return (SECSuccess); +} + +CERTDERCerts* +nsNSSCertificateDB::getCertsFromPackage(const UniquePLArenaPool& arena, + uint8_t* data, uint32_t length, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + CERTDERCerts* collectArgs = PORT_ArenaZNew(arena.get(), CERTDERCerts); + if (!collectArgs) { + return nullptr; + } + + collectArgs->arena = arena.get(); + if (CERT_DecodeCertPackage(BitwiseCast(data), length, + collect_certs, collectArgs) != SECSuccess) { + return nullptr; + } + + return collectArgs; +} + +nsresult +nsNSSCertificateDB::handleCACertDownload(NotNull x509Certs, + nsIInterfaceRequestor *ctx, + const nsNSSShutDownPreventionLock &proofOfLock) +{ + // First thing we have to do is figure out which certificate we're + // gonna present to the user. The CA may have sent down a list of + // certs which may or may not be a chained list of certs. Until + // the day we can design some solid UI for the general case, we'll + // code to the > 90% case. That case is where a CA sends down a + // list that is a hierarchy whose root is either the first or + // the last cert. What we're gonna do is compare the first + // 2 entries, if the second was signed by the first, we assume + // the root cert is the first cert and display it. Otherwise, + // we compare the last 2 entries, if the second to last cert was + // signed by the last cert, then we assume the last cert is the + // root and display it. + + uint32_t numCerts; + + x509Certs->GetLength(&numCerts); + NS_ASSERTION(numCerts > 0, "Didn't get any certs to import."); + if (numCerts == 0) + return NS_OK; // Nothing to import, so nothing to do. + + nsCOMPtr certToShow; + uint32_t selCertIndex; + if (numCerts == 1) { + // There's only one cert, so let's show it. + selCertIndex = 0; + certToShow = do_QueryElementAt(x509Certs, selCertIndex); + } else { + nsCOMPtr cert0; // first cert + nsCOMPtr cert1; // second cert + nsCOMPtr certn_2; // second to last cert + nsCOMPtr certn_1; // last cert + + cert0 = do_QueryElementAt(x509Certs, 0); + cert1 = do_QueryElementAt(x509Certs, 1); + certn_2 = do_QueryElementAt(x509Certs, numCerts-2); + certn_1 = do_QueryElementAt(x509Certs, numCerts-1); + + nsXPIDLString cert0SubjectName; + nsXPIDLString cert1IssuerName; + nsXPIDLString certn_2IssuerName; + nsXPIDLString certn_1SubjectName; + + cert0->GetSubjectName(cert0SubjectName); + cert1->GetIssuerName(cert1IssuerName); + certn_2->GetIssuerName(certn_2IssuerName); + certn_1->GetSubjectName(certn_1SubjectName); + + if (cert1IssuerName.Equals(cert0SubjectName)) { + // In this case, the first cert in the list signed the second, + // so the first cert is the root. Let's display it. + selCertIndex = 0; + certToShow = cert0; + } else + if (certn_2IssuerName.Equals(certn_1SubjectName)) { + // In this case the last cert has signed the second to last cert. + // The last cert is the root, so let's display it. + selCertIndex = numCerts-1; + certToShow = certn_1; + } else { + // It's not a chain, so let's just show the first one in the + // downloaded list. + selCertIndex = 0; + certToShow = cert0; + } + } + + if (!certToShow) + return NS_ERROR_FAILURE; + + nsCOMPtr dialogs; + nsresult rv = ::getNSSDialogs(getter_AddRefs(dialogs), + NS_GET_IID(nsICertificateDialogs), + NS_CERTIFICATEDIALOGS_CONTRACTID); + if (NS_FAILED(rv)) { + return rv; + } + + UniqueCERTCertificate tmpCert(certToShow->GetCert()); + if (!tmpCert) { + return NS_ERROR_FAILURE; + } + + if (!CERT_IsCACert(tmpCert.get(), nullptr)) { + DisplayCertificateAlert(ctx, "NotACACert", certToShow, proofOfLock); + return NS_ERROR_FAILURE; + } + + if (tmpCert->isperm) { + DisplayCertificateAlert(ctx, "CaCertExists", certToShow, proofOfLock); + return NS_ERROR_FAILURE; + } + + uint32_t trustBits; + bool allows; + rv = dialogs->ConfirmDownloadCACert(ctx, certToShow, &trustBits, &allows); + if (NS_FAILED(rv)) + return rv; + + if (!allows) + return NS_ERROR_NOT_AVAILABLE; + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("trust is %d\n", trustBits)); + UniquePORTString nickname(CERT_MakeCANickname(tmpCert.get())); + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Created nick \"%s\"\n", nickname.get())); + + nsNSSCertTrust trust; + trust.SetValidCA(); + trust.AddCATrust(!!(trustBits & nsIX509CertDB::TRUSTED_SSL), + !!(trustBits & nsIX509CertDB::TRUSTED_EMAIL), + !!(trustBits & nsIX509CertDB::TRUSTED_OBJSIGN)); + + if (CERT_AddTempCertToPerm(tmpCert.get(), nickname.get(), + trust.GetTrust()) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + // Import additional delivered certificates that can be verified. + + // build a CertList for filtering + UniqueCERTCertList certList(CERT_NewCertList()); + if (!certList) { + return NS_ERROR_FAILURE; + } + + // get all remaining certs into temp store + + for (uint32_t i=0; i remainingCert = do_QueryElementAt(x509Certs, i); + if (!remainingCert) { + continue; + } + + UniqueCERTCertificate tmpCert2(remainingCert->GetCert()); + if (!tmpCert2) { + continue; // Let's try to import the rest of 'em + } + + if (CERT_AddCertToListTail(certList.get(), tmpCert2.get()) != SECSuccess) { + continue; + } + + Unused << tmpCert2.release(); + } + + return ImportValidCACertsInList(certList, ctx, proofOfLock); +} + +NS_IMETHODIMP +nsNSSCertificateDB::ImportCertificates(uint8_t* data, uint32_t length, + uint32_t type, + nsIInterfaceRequestor* ctx) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + // We currently only handle CA certificates. + if (type != nsIX509Cert::CA_CERT) { + return NS_ERROR_FAILURE; + } + + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + CERTDERCerts* certCollection = getCertsFromPackage(arena, data, length, + locker); + if (!certCollection) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr array = nsArrayBase::Create(); + if (!array) { + return NS_ERROR_FAILURE; + } + + // Now let's create some certs to work with + for (int i = 0; i < certCollection->numcerts; i++) { + SECItem* currItem = &certCollection->rawCerts[i]; + nsCOMPtr cert = nsNSSCertificate::ConstructFromDER( + BitwiseCast(currItem->data), currItem->len); + if (!cert) { + return NS_ERROR_FAILURE; + } + nsresult rv = array->AppendElement(cert, false); + if (NS_FAILED(rv)) { + return rv; + } + } + + return handleCACertDownload(WrapNotNull(array), ctx, locker); +} + +/** + * Filters an array of certs by usage and imports them into temporary storage. + * + * @param numcerts + * Size of the |certs| array. + * @param certs + * Pointer to array of certs to import. + * @param usage + * Usage the certs should be filtered on. + * @param caOnly + * Whether to import only CA certs. + * @param filteredCerts + * List of certs that weren't filtered out and were successfully imported. + */ +static nsresult +ImportCertsIntoTempStorage(int numcerts, SECItem* certs, + const SECCertUsage usage, const bool caOnly, + const nsNSSShutDownPreventionLock& /*proofOfLock*/, + /*out*/ const UniqueCERTCertList& filteredCerts) +{ + NS_ENSURE_ARG_MIN(numcerts, 1); + NS_ENSURE_ARG_POINTER(certs); + NS_ENSURE_ARG_POINTER(filteredCerts.get()); + + // CERT_ImportCerts() expects an array of *pointers* to SECItems, so we have + // to convert |certs| to such a format first. + SECItem** ptrArray = + static_cast(PORT_Alloc(sizeof(SECItem*) * numcerts)); + if (!ptrArray) { + return NS_ERROR_OUT_OF_MEMORY; + } + + for (int i = 0; i < numcerts; i++) { + ptrArray[i] = &certs[i]; + } + + CERTCertificate** importedCerts = nullptr; + SECStatus srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), usage, + numcerts, ptrArray, &importedCerts, false, + caOnly, nullptr); + PORT_Free(ptrArray); + ptrArray = nullptr; + if (srv != SECSuccess) { + return NS_ERROR_FAILURE; + } + + for (int i = 0; i < numcerts; i++) { + if (!importedCerts[i]) { + continue; + } + + UniqueCERTCertificate cert(CERT_DupCertificate(importedCerts[i])); + if (!cert) { + continue; + } + + if (CERT_AddCertToListTail(filteredCerts.get(), cert.get()) == SECSuccess) { + Unused << cert.release(); + } + } + + CERT_DestroyCertArray(importedCerts, numcerts); + + // CERT_ImportCerts() ignores its |usage| parameter, so we have to manually + // filter out unwanted certs. + if (CERT_FilterCertListByUsage(filteredCerts.get(), usage, caOnly) + != SECSuccess) { + return NS_ERROR_FAILURE; + } + + return NS_OK; +} + +static SECStatus +ImportCertsIntoPermanentStorage(const UniqueCERTCertList& certChain, + const SECCertUsage usage, const bool caOnly) +{ + int chainLen = 0; + for (CERTCertListNode *chainNode = CERT_LIST_HEAD(certChain); + !CERT_LIST_END(chainNode, certChain); + chainNode = CERT_LIST_NEXT(chainNode)) { + chainLen++; + } + + SECItem **rawArray; + rawArray = (SECItem **) PORT_Alloc(chainLen * sizeof(SECItem *)); + if (!rawArray) { + return SECFailure; + } + + int i = 0; + for (CERTCertListNode *chainNode = CERT_LIST_HEAD(certChain); + !CERT_LIST_END(chainNode, certChain); + chainNode = CERT_LIST_NEXT(chainNode), i++) { + rawArray[i] = &chainNode->cert->derCert; + } + SECStatus srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), usage, chainLen, + rawArray, nullptr, true, caOnly, nullptr); + + PORT_Free(rawArray); + return srv; +} + +NS_IMETHODIMP +nsNSSCertificateDB::ImportEmailCertificate(uint8_t* data, uint32_t length, + nsIInterfaceRequestor* ctx) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + CERTDERCerts *certCollection = getCertsFromPackage(arena, data, length, locker); + if (!certCollection) { + return NS_ERROR_FAILURE; + } + + UniqueCERTCertList filteredCerts(CERT_NewCertList()); + if (!filteredCerts) { + return NS_ERROR_FAILURE; + } + + nsresult rv = ImportCertsIntoTempStorage(certCollection->numcerts, + certCollection->rawCerts, + certUsageEmailRecipient, + false, locker, filteredCerts); + if (NS_FAILED(rv)) { + return rv; + } + + RefPtr certVerifier(GetDefaultCertVerifier()); + if (!certVerifier) { + return NS_ERROR_UNEXPECTED; + } + + // Iterate through the filtered cert list and import verified certs into + // permanent storage. + // Note: We verify the certs in order to prevent DoS attacks. See Bug 249004. + for (CERTCertListNode* node = CERT_LIST_HEAD(filteredCerts.get()); + !CERT_LIST_END(node, filteredCerts.get()); + node = CERT_LIST_NEXT(node)) { + if (!node->cert) { + continue; + } + + UniqueCERTCertList certChain; + mozilla::pkix::Result result = + certVerifier->VerifyCert(node->cert, certificateUsageEmailRecipient, + mozilla::pkix::Now(), ctx, nullptr, certChain); + if (result != mozilla::pkix::Success) { + nsCOMPtr certToShow = nsNSSCertificate::Create(node->cert); + DisplayCertificateAlert(ctx, "NotImportingUnverifiedCert", certToShow, locker); + continue; + } + SECStatus srv = ImportCertsIntoPermanentStorage(certChain, + certUsageEmailRecipient, + false); + if (srv != SECSuccess) { + return NS_ERROR_FAILURE; + } + CERT_SaveSMimeProfile(node->cert, nullptr, nullptr); + } + + return NS_OK; +} + +nsresult +nsNSSCertificateDB::ImportValidCACerts(int numCACerts, SECItem* caCerts, + nsIInterfaceRequestor* ctx, + const nsNSSShutDownPreventionLock& proofOfLock) +{ + UniqueCERTCertList filteredCerts(CERT_NewCertList()); + if (!filteredCerts) { + return NS_ERROR_FAILURE; + } + + nsresult rv = ImportCertsIntoTempStorage(numCACerts, caCerts, certUsageAnyCA, + true, proofOfLock, filteredCerts); + if (NS_FAILED(rv)) { + return rv; + } + + return ImportValidCACertsInList(filteredCerts, ctx, proofOfLock); +} + +nsresult +nsNSSCertificateDB::ImportValidCACertsInList(const UniqueCERTCertList& filteredCerts, + nsIInterfaceRequestor* ctx, + const nsNSSShutDownPreventionLock& proofOfLock) +{ + RefPtr certVerifier(GetDefaultCertVerifier()); + if (!certVerifier) { + return NS_ERROR_UNEXPECTED; + } + + // Iterate through the filtered cert list and import verified certs into + // permanent storage. + // Note: We verify the certs in order to prevent DoS attacks. See Bug 249004. + for (CERTCertListNode* node = CERT_LIST_HEAD(filteredCerts.get()); + !CERT_LIST_END(node, filteredCerts.get()); + node = CERT_LIST_NEXT(node)) { + UniqueCERTCertList certChain; + mozilla::pkix::Result result = + certVerifier->VerifyCert(node->cert, certificateUsageVerifyCA, + mozilla::pkix::Now(), ctx, nullptr, certChain); + if (result != mozilla::pkix::Success) { + nsCOMPtr certToShow = nsNSSCertificate::Create(node->cert); + DisplayCertificateAlert(ctx, "NotImportingUnverifiedCert", certToShow, proofOfLock); + continue; + } + + SECStatus srv = ImportCertsIntoPermanentStorage(certChain, certUsageAnyCA, + true); + if (srv != SECSuccess) { + return NS_ERROR_FAILURE; + } + } + + return NS_OK; +} + +void nsNSSCertificateDB::DisplayCertificateAlert(nsIInterfaceRequestor *ctx, + const char *stringID, + nsIX509Cert *certToShow, + const nsNSSShutDownPreventionLock &/*proofOfLock*/) +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + if (!NS_IsMainThread()) { + NS_ERROR("nsNSSCertificateDB::DisplayCertificateAlert called off the main thread"); + return; + } + + nsCOMPtr my_ctx = ctx; + if (!my_ctx) { + my_ctx = new PipUIContext(); + } + + // This shall be replaced by embedding ovverridable prompts + // as discussed in bug 310446, and should make use of certToShow. + + nsresult rv; + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + if (NS_SUCCEEDED(rv)) { + nsAutoString tmpMessage; + nssComponent->GetPIPNSSBundleString(stringID, tmpMessage); + + nsCOMPtr prompt (do_GetInterface(my_ctx)); + if (!prompt) { + return; + } + + prompt->Alert(nullptr, tmpMessage.get()); + } +} + +NS_IMETHODIMP +nsNSSCertificateDB::ImportUserCertificate(uint8_t* data, uint32_t length, + nsIInterfaceRequestor* ctx) +{ + if (!NS_IsMainThread()) { + NS_ERROR("nsNSSCertificateDB::ImportUserCertificate called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + CERTDERCerts* collectArgs = getCertsFromPackage(arena, data, length, locker); + if (!collectArgs) { + return NS_ERROR_FAILURE; + } + + UniqueCERTCertificate cert( + CERT_NewTempCertificate(CERT_GetDefaultCertDB(), collectArgs->rawCerts, + nullptr, false, true)); + if (!cert) { + return NS_ERROR_FAILURE; + } + + UniquePK11SlotInfo slot(PK11_KeyForCertExists(cert.get(), nullptr, ctx)); + if (!slot) { + nsCOMPtr certToShow = nsNSSCertificate::Create(cert.get()); + DisplayCertificateAlert(ctx, "UserCertIgnoredNoPrivateKey", certToShow, locker); + return NS_ERROR_FAILURE; + } + slot = nullptr; + + /* pick a nickname for the cert */ + nsAutoCString nickname; + if (cert->nickname) { + nickname = cert->nickname; + } else { + get_default_nickname(cert.get(), ctx, nickname, locker); + } + + /* user wants to import the cert */ + slot.reset(PK11_ImportCertForKey(cert.get(), nickname.get(), ctx)); + if (!slot) { + return NS_ERROR_FAILURE; + } + slot = nullptr; + + { + nsCOMPtr certToShow = nsNSSCertificate::Create(cert.get()); + DisplayCertificateAlert(ctx, "UserCertImported", certToShow, locker); + } + + int numCACerts = collectArgs->numcerts - 1; + if (numCACerts) { + SECItem* caCerts = collectArgs->rawCerts + 1; + return ImportValidCACerts(numCACerts, caCerts, ctx, locker); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateDB::DeleteCertificate(nsIX509Cert *aCert) +{ + NS_ENSURE_ARG_POINTER(aCert); + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + UniqueCERTCertificate cert(aCert->GetCert()); + if (!cert) { + return NS_ERROR_FAILURE; + } + SECStatus srv = SECSuccess; + + uint32_t certType; + aCert->GetCertType(&certType); + if (NS_FAILED(aCert->MarkForPermDeletion())) + { + return NS_ERROR_FAILURE; + } + + if (cert->slot && certType != nsIX509Cert::USER_CERT) { + // To delete a cert of a slot (builtin, most likely), mark it as + // completely untrusted. This way we keep a copy cached in the + // local database, and next time we try to load it off of the + // external token/slot, we'll know not to trust it. We don't + // want to do that with user certs, because a user may re-store + // the cert onto the card again at which point we *will* want to + // trust that cert if it chains up properly. + nsNSSCertTrust trust(0, 0, 0); + srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), + cert.get(), trust.GetTrust()); + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("cert deleted: %d", srv)); + return (srv) ? NS_ERROR_FAILURE : NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateDB::SetCertTrust(nsIX509Cert *cert, + uint32_t type, + uint32_t trusted) +{ + NS_ENSURE_ARG_POINTER(cert); + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + nsNSSCertTrust trust; + nsresult rv; + UniqueCERTCertificate nsscert(cert->GetCert()); + + rv = attemptToLogInWithDefaultPassword(); + if (NS_WARN_IF(rv != NS_OK)) { + return rv; + } + + SECStatus srv; + if (type == nsIX509Cert::CA_CERT) { + // always start with untrusted and move up + trust.SetValidCA(); + trust.AddCATrust(!!(trusted & nsIX509CertDB::TRUSTED_SSL), + !!(trusted & nsIX509CertDB::TRUSTED_EMAIL), + !!(trusted & nsIX509CertDB::TRUSTED_OBJSIGN)); + srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), + nsscert.get(), + trust.GetTrust()); + } else if (type == nsIX509Cert::SERVER_CERT) { + // always start with untrusted and move up + trust.SetValidPeer(); + trust.AddPeerTrust(trusted & nsIX509CertDB::TRUSTED_SSL, 0, 0); + srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), + nsscert.get(), + trust.GetTrust()); + } else if (type == nsIX509Cert::EMAIL_CERT) { + // always start with untrusted and move up + trust.SetValidPeer(); + trust.AddPeerTrust(0, !!(trusted & nsIX509CertDB::TRUSTED_EMAIL), 0); + srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), + nsscert.get(), + trust.GetTrust()); + } else { + // ignore user certs + return NS_OK; + } + return MapSECStatus(srv); +} + +NS_IMETHODIMP +nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert, + uint32_t certType, + uint32_t trustType, + bool *_isTrusted) +{ + NS_ENSURE_ARG_POINTER(_isTrusted); + *_isTrusted = false; + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + SECStatus srv; + UniqueCERTCertificate nsscert(cert->GetCert()); + CERTCertTrust nsstrust; + srv = CERT_GetCertTrust(nsscert.get(), &nsstrust); + if (srv != SECSuccess) + return NS_ERROR_FAILURE; + + nsNSSCertTrust trust(&nsstrust); + if (certType == nsIX509Cert::CA_CERT) { + if (trustType & nsIX509CertDB::TRUSTED_SSL) { + *_isTrusted = trust.HasTrustedCA(true, false, false); + } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) { + *_isTrusted = trust.HasTrustedCA(false, true, false); + } else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) { + *_isTrusted = trust.HasTrustedCA(false, false, true); + } else { + return NS_ERROR_FAILURE; + } + } else if (certType == nsIX509Cert::SERVER_CERT) { + if (trustType & nsIX509CertDB::TRUSTED_SSL) { + *_isTrusted = trust.HasTrustedPeer(true, false, false); + } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) { + *_isTrusted = trust.HasTrustedPeer(false, true, false); + } else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) { + *_isTrusted = trust.HasTrustedPeer(false, false, true); + } else { + return NS_ERROR_FAILURE; + } + } else if (certType == nsIX509Cert::EMAIL_CERT) { + if (trustType & nsIX509CertDB::TRUSTED_SSL) { + *_isTrusted = trust.HasTrustedPeer(true, false, false); + } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) { + *_isTrusted = trust.HasTrustedPeer(false, true, false); + } else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) { + *_isTrusted = trust.HasTrustedPeer(false, false, true); + } else { + return NS_ERROR_FAILURE; + } + } /* user: ignore */ + return NS_OK; +} + + +NS_IMETHODIMP +nsNSSCertificateDB::ImportCertsFromFile(nsIFile* aFile, uint32_t aType) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + NS_ENSURE_ARG(aFile); + switch (aType) { + case nsIX509Cert::CA_CERT: + case nsIX509Cert::EMAIL_CERT: + // good + break; + + default: + // not supported (yet) + return NS_ERROR_FAILURE; + } + + PRFileDesc* fd = nullptr; + nsresult rv = aFile->OpenNSPRFileDesc(PR_RDONLY, 0, &fd); + if (NS_FAILED(rv)) { + return rv; + } + if (!fd) { + return NS_ERROR_FAILURE; + } + + PRFileInfo fileInfo; + if (PR_GetOpenFileInfo(fd, &fileInfo) != PR_SUCCESS) { + return NS_ERROR_FAILURE; + } + + auto buf = MakeUnique(fileInfo.size); + int32_t bytesObtained = PR_Read(fd, buf.get(), fileInfo.size); + PR_Close(fd); + + if (bytesObtained != fileInfo.size) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr cxt = new PipUIContext(); + + switch (aType) { + case nsIX509Cert::CA_CERT: + return ImportCertificates(buf.get(), bytesObtained, aType, cxt); + case nsIX509Cert::EMAIL_CERT: + return ImportEmailCertificate(buf.get(), bytesObtained, cxt); + default: + MOZ_ASSERT(false, "Unsupported type should have been filtered out"); + break; + } + + return NS_ERROR_FAILURE; +} + +NS_IMETHODIMP +nsNSSCertificateDB::ImportPKCS12File(nsISupports* aToken, nsIFile* aFile) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + NS_ENSURE_ARG(aFile); + nsPKCS12Blob blob; + nsCOMPtr token = do_QueryInterface(aToken); + if (token) { + blob.SetToken(token); + } + return blob.ImportFromFile(aFile); +} + +NS_IMETHODIMP +nsNSSCertificateDB::ExportPKCS12File(nsISupports* aToken, + nsIFile* aFile, + uint32_t count, + nsIX509Cert** certs) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + NS_ENSURE_ARG(aFile); + nsPKCS12Blob blob; + if (count == 0) return NS_OK; + nsCOMPtr localRef; + if (!aToken) { + UniquePK11SlotInfo keySlot(PK11_GetInternalKeySlot()); + if (!keySlot) { + return NS_ERROR_FAILURE; + } + localRef = new nsPK11Token(keySlot.get()); + } else { + localRef = do_QueryInterface(aToken); + } + blob.SetToken(localRef); + return blob.ExportToFile(aFile, certs, count); +} + +NS_IMETHODIMP +nsNSSCertificateDB::FindEmailEncryptionCert(const nsAString& aNickname, + nsIX509Cert** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + *_retval = nullptr; + + if (aNickname.IsEmpty()) + return NS_OK; + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsCOMPtr ctx = new PipUIContext(); + char *asciiname = nullptr; + NS_ConvertUTF16toUTF8 aUtf8Nickname(aNickname); + asciiname = const_cast(aUtf8Nickname.get()); + + /* Find a good cert in the user's database */ + UniqueCERTCertificate cert(CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), + asciiname, + certUsageEmailRecipient, + true, ctx)); + if (!cert) { + return NS_OK; + } + + nsCOMPtr nssCert = nsNSSCertificate::Create(cert.get()); + if (!nssCert) { + return NS_ERROR_OUT_OF_MEMORY; + } + nssCert.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateDB::FindEmailSigningCert(const nsAString& aNickname, + nsIX509Cert** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + *_retval = nullptr; + + if (aNickname.IsEmpty()) + return NS_OK; + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsCOMPtr ctx = new PipUIContext(); + char *asciiname = nullptr; + NS_ConvertUTF16toUTF8 aUtf8Nickname(aNickname); + asciiname = const_cast(aUtf8Nickname.get()); + + /* Find a good cert in the user's database */ + UniqueCERTCertificate cert(CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(), + asciiname, + certUsageEmailSigner, + true, ctx)); + if (!cert) { + return NS_OK; + } + + nsCOMPtr nssCert = nsNSSCertificate::Create(cert.get()); + if (!nssCert) { + return NS_ERROR_OUT_OF_MEMORY; + } + nssCert.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateDB::FindCertByEmailAddress(const char* aEmailAddress, + nsIX509Cert** _retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + RefPtr certVerifier(GetDefaultCertVerifier()); + NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED); + + UniqueCERTCertList certlist( + PK11_FindCertsFromEmailAddress(aEmailAddress, nullptr)); + if (!certlist) + return NS_ERROR_FAILURE; + + // certlist now contains certificates with the right email address, + // but they might not have the correct usage or might even be invalid + + if (CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) + return NS_ERROR_FAILURE; // no certs found + + CERTCertListNode *node; + // search for a valid certificate + for (node = CERT_LIST_HEAD(certlist); + !CERT_LIST_END(node, certlist); + node = CERT_LIST_NEXT(node)) { + + UniqueCERTCertList unusedCertChain; + mozilla::pkix::Result result = + certVerifier->VerifyCert(node->cert, certificateUsageEmailRecipient, + mozilla::pkix::Now(), + nullptr /*XXX pinarg*/, + nullptr /*hostname*/, + unusedCertChain); + if (result == mozilla::pkix::Success) { + break; + } + } + + if (CERT_LIST_END(node, certlist)) { + // no valid cert found + return NS_ERROR_FAILURE; + } + + // node now contains the first valid certificate with correct usage + RefPtr nssCert = nsNSSCertificate::Create(node->cert); + if (!nssCert) + return NS_ERROR_OUT_OF_MEMORY; + + nssCert.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateDB::ConstructX509FromBase64(const nsACString& base64, + /*out*/ nsIX509Cert** _retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + if (!_retval) { + return NS_ERROR_INVALID_POINTER; + } + + // Base64Decode() doesn't consider a zero length input as an error, and just + // returns the empty string. We don't want this behavior, so the below check + // catches this case. + if (base64.Length() < 1) { + return NS_ERROR_ILLEGAL_VALUE; + } + + nsAutoCString certDER; + nsresult rv = Base64Decode(base64, certDER); + if (NS_FAILED(rv)) { + return rv; + } + + return ConstructX509(certDER.get(), certDER.Length(), _retval); +} + +NS_IMETHODIMP +nsNSSCertificateDB::ConstructX509(const char* certDER, + uint32_t lengthDER, + nsIX509Cert** _retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + if (NS_WARN_IF(!_retval)) { + return NS_ERROR_INVALID_POINTER; + } + + SECItem secitem_cert; + secitem_cert.type = siDERCertBuffer; + secitem_cert.data = (unsigned char*)certDER; + secitem_cert.len = lengthDER; + + UniqueCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(), + &secitem_cert, nullptr, + false, true)); + if (!cert) + return (PORT_GetError() == SEC_ERROR_NO_MEMORY) + ? NS_ERROR_OUT_OF_MEMORY : NS_ERROR_FAILURE; + + nsCOMPtr nssCert = nsNSSCertificate::Create(cert.get()); + if (!nssCert) { + return NS_ERROR_OUT_OF_MEMORY; + } + nssCert.forget(_retval); + return NS_OK; +} + +void +nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert, + nsIInterfaceRequestor* ctx, + nsCString &nickname, + const nsNSSShutDownPreventionLock &/*proofOfLock*/) +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + nickname.Truncate(); + + nsresult rv; + CK_OBJECT_HANDLE keyHandle; + + CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB(); + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + if (NS_FAILED(rv)) + return; + + nsAutoCString username; + UniquePORTString tempCN(CERT_GetCommonName(&cert->subject)); + if (tempCN) { + username = tempCN.get(); + } + + nsAutoCString caname; + UniquePORTString tempIssuerOrg(CERT_GetOrgName(&cert->issuer)); + if (tempIssuerOrg) { + caname = tempIssuerOrg.get(); + } + + nsAutoString tmpNickFmt; + nssComponent->GetPIPNSSBundleString("nick_template", tmpNickFmt); + NS_ConvertUTF16toUTF8 nickFmt(tmpNickFmt); + + nsAutoCString baseName; + baseName.AppendPrintf(nickFmt.get(), username.get(), caname.get()); + if (baseName.IsEmpty()) { + return; + } + + nickname = baseName; + + /* + * We need to see if the private key exists on a token, if it does + * then we need to check for nicknames that already exist on the smart + * card. + */ + UniquePK11SlotInfo slot(PK11_KeyForCertExists(cert, &keyHandle, ctx)); + if (!slot) + return; + + if (!PK11_IsInternal(slot.get())) { + nsAutoCString tmp; + tmp.AppendPrintf("%s:%s", PK11_GetTokenName(slot.get()), baseName.get()); + if (tmp.IsEmpty()) { + nickname.Truncate(); + return; + } + baseName = tmp; + nickname = baseName; + } + + int count = 1; + while (true) { + if ( count > 1 ) { + nsAutoCString tmp; + tmp.AppendPrintf("%s #%d", baseName.get(), count); + if (tmp.IsEmpty()) { + nickname.Truncate(); + return; + } + nickname = tmp; + } + + UniqueCERTCertificate dummycert; + + if (PK11_IsInternal(slot.get())) { + /* look up the nickname to make sure it isn't in use already */ + dummycert.reset(CERT_FindCertByNickname(defaultcertdb, nickname.get())); + } else { + // Check the cert against others that already live on the smart card. + dummycert.reset(PK11_FindCertFromNickname(nickname.get(), ctx)); + if (dummycert) { + // Make sure the subject names are different. + if (CERT_CompareName(&cert->subject, &dummycert->subject) == SECEqual) + { + /* + * There is another certificate with the same nickname and + * the same subject name on the smart card, so let's use this + * nickname. + */ + dummycert = nullptr; + } + } + } + if (!dummycert) { + break; + } + count++; + } +} + +NS_IMETHODIMP +nsNSSCertificateDB::AddCertFromBase64(const nsACString& aBase64, + const nsACString& aTrust, + const nsACString& /*aName*/) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsNSSCertTrust trust; + if (CERT_DecodeTrustString(trust.GetTrust(), PromiseFlatCString(aTrust).get()) + != SECSuccess) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr newCert; + nsresult rv = ConstructX509FromBase64(aBase64, getter_AddRefs(newCert)); + if (NS_FAILED(rv)) { + return rv; + } + + UniqueCERTCertificate tmpCert(newCert->GetCert()); + if (!tmpCert) { + return NS_ERROR_FAILURE; + } + + // If there's already a certificate that matches this one in the database, we + // still want to set its trust to the given value. + if (tmpCert->isperm) { + return SetCertTrustFromString(newCert, aTrust); + } + + UniquePORTString nickname(CERT_MakeCANickname(tmpCert.get())); + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Created nick \"%s\"\n", nickname.get())); + + rv = attemptToLogInWithDefaultPassword(); + if (NS_WARN_IF(rv != NS_OK)) { + return rv; + } + + SECStatus srv = CERT_AddTempCertToPerm(tmpCert.get(), nickname.get(), + trust.GetTrust()); + return MapSECStatus(srv); +} + +NS_IMETHODIMP +nsNSSCertificateDB::AddCert(const nsACString& aCertDER, const nsACString& aTrust, + const nsACString& aName) +{ + nsCString base64; + nsresult rv = Base64Encode(aCertDER, base64); + NS_ENSURE_SUCCESS(rv, rv); + return AddCertFromBase64(base64, aTrust, aName); +} + +NS_IMETHODIMP +nsNSSCertificateDB::SetCertTrustFromString(nsIX509Cert* cert, + const nsACString& trustString) +{ + NS_ENSURE_ARG(cert); + + CERTCertTrust trust; + SECStatus srv = CERT_DecodeTrustString(&trust, + PromiseFlatCString(trustString).get()); + if (srv != SECSuccess) { + return MapSECStatus(srv); + } + UniqueCERTCertificate nssCert(cert->GetCert()); + + nsresult rv = attemptToLogInWithDefaultPassword(); + if (NS_WARN_IF(rv != NS_OK)) { + return rv; + } + + srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nssCert.get(), &trust); + return MapSECStatus(srv); +} + +NS_IMETHODIMP +nsNSSCertificateDB::GetCerts(nsIX509CertList **_retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsCOMPtr ctx = new PipUIContext(); + nsCOMPtr nssCertList; + UniqueCERTCertList certList(PK11_ListCerts(PK11CertListUnique, ctx)); + + // nsNSSCertList 1) adopts certList, and 2) handles the nullptr case fine. + // (returns an empty list) + nssCertList = new nsNSSCertList(Move(certList), locker); + + nssCertList.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateDB::GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) +{ + MOZ_ASSERT(NS_IsMainThread()); + if (!NS_IsMainThread()) { + return NS_ERROR_NOT_SAME_THREAD; + } + + NS_ENSURE_ARG_POINTER(enterpriseRoots); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + +#ifdef XP_WIN + nsCOMPtr psm(do_GetService(PSM_COMPONENT_CONTRACTID)); + if (!psm) { + return NS_ERROR_FAILURE; + } + return psm->GetEnterpriseRoots(enterpriseRoots); +#else + return NS_ERROR_NOT_IMPLEMENTED; +#endif +} + +nsresult +VerifyCertAtTime(nsIX509Cert* aCert, + int64_t /*SECCertificateUsage*/ aUsage, + uint32_t aFlags, + const char* aHostname, + mozilla::pkix::Time aTime, + nsIX509CertList** aVerifiedChain, + bool* aHasEVPolicy, + int32_t* /*PRErrorCode*/ _retval, + const nsNSSShutDownPreventionLock& locker) +{ + NS_ENSURE_ARG_POINTER(aCert); + NS_ENSURE_ARG_POINTER(aHasEVPolicy); + NS_ENSURE_ARG_POINTER(aVerifiedChain); + NS_ENSURE_ARG_POINTER(_retval); + + *aVerifiedChain = nullptr; + *aHasEVPolicy = false; + *_retval = PR_UNKNOWN_ERROR; + + UniqueCERTCertificate nssCert(aCert->GetCert()); + if (!nssCert) { + return NS_ERROR_INVALID_ARG; + } + + RefPtr certVerifier(GetDefaultCertVerifier()); + NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE); + + UniqueCERTCertList resultChain; + SECOidTag evOidPolicy; + mozilla::pkix::Result result; + + if (aHostname && aUsage == certificateUsageSSLServer) { + result = certVerifier->VerifySSLServerCert(nssCert, + nullptr, // stapledOCSPResponse + nullptr, // sctsFromTLSExtension + aTime, + nullptr, // Assume no context + aHostname, + resultChain, + false, // don't save intermediates + aFlags, + NeckoOriginAttributes(), + &evOidPolicy); + } else { + result = certVerifier->VerifyCert(nssCert.get(), aUsage, aTime, + nullptr, // Assume no context + aHostname, + resultChain, + aFlags, + nullptr, // stapledOCSPResponse + nullptr, // sctsFromTLSExtension + NeckoOriginAttributes(), + &evOidPolicy); + } + + nsCOMPtr nssCertList; + // This adopts the list + nssCertList = new nsNSSCertList(Move(resultChain), locker); + NS_ENSURE_TRUE(nssCertList, NS_ERROR_FAILURE); + + *_retval = mozilla::pkix::MapResultToPRErrorCode(result); + if (result == mozilla::pkix::Success && evOidPolicy != SEC_OID_UNKNOWN) { + *aHasEVPolicy = true; + } + nssCertList.forget(aVerifiedChain); + + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateDB::VerifyCertNow(nsIX509Cert* aCert, + int64_t /*SECCertificateUsage*/ aUsage, + uint32_t aFlags, + const char* aHostname, + nsIX509CertList** aVerifiedChain, + bool* aHasEVPolicy, + int32_t* /*PRErrorCode*/ _retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + return ::VerifyCertAtTime(aCert, aUsage, aFlags, aHostname, + mozilla::pkix::Now(), + aVerifiedChain, aHasEVPolicy, _retval, locker); +} + +NS_IMETHODIMP +nsNSSCertificateDB::VerifyCertAtTime(nsIX509Cert* aCert, + int64_t /*SECCertificateUsage*/ aUsage, + uint32_t aFlags, + const char* aHostname, + uint64_t aTime, + nsIX509CertList** aVerifiedChain, + bool* aHasEVPolicy, + int32_t* /*PRErrorCode*/ _retval) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + return ::VerifyCertAtTime(aCert, aUsage, aFlags, aHostname, + mozilla::pkix::TimeFromEpochInSeconds(aTime), + aVerifiedChain, aHasEVPolicy, _retval, locker); +} + +class VerifyCertAtTimeTask final : public CryptoTask +{ +public: + VerifyCertAtTimeTask(nsIX509Cert* aCert, int64_t aUsage, uint32_t aFlags, + const char* aHostname, uint64_t aTime, + nsICertVerificationCallback* aCallback) + : mCert(aCert) + , mUsage(aUsage) + , mFlags(aFlags) + , mHostname(aHostname) + , mTime(aTime) + , mCallback(new nsMainThreadPtrHolder(aCallback)) + , mPRErrorCode(SEC_ERROR_LIBRARY_FAILURE) + , mVerifiedCertList(nullptr) + , mHasEVPolicy(false) + { + } + +private: + virtual nsresult CalculateResult() override + { + nsCOMPtr certDB = do_GetService(NS_X509CERTDB_CONTRACTID); + if (!certDB) { + return NS_ERROR_FAILURE; + } + // Unfortunately mHostname will have made the empty string out of a null + // pointer passed in the constructor. If we pass the empty string on to + // VerifyCertAtTime with the usage certificateUsageSSLServer, it will call + // VerifySSLServerCert, which expects a non-empty hostname. To avoid this, + // check the length and use nullptr if appropriate. + const char* hostname = mHostname.Length() > 0 ? mHostname.get() : nullptr; + return certDB->VerifyCertAtTime(mCert, mUsage, mFlags, hostname, mTime, + getter_AddRefs(mVerifiedCertList), + &mHasEVPolicy, &mPRErrorCode); + } + + // No NSS resources are directly held, so there is nothing to release. + virtual void ReleaseNSSResources() override { } + + virtual void CallCallback(nsresult rv) override + { + if (NS_FAILED(rv)) { + Unused << mCallback->VerifyCertFinished(SEC_ERROR_LIBRARY_FAILURE, + nullptr, false); + } else { + Unused << mCallback->VerifyCertFinished(mPRErrorCode, mVerifiedCertList, + mHasEVPolicy); + } + } + + nsCOMPtr mCert; + int64_t mUsage; + uint32_t mFlags; + nsCString mHostname; + uint64_t mTime; + nsMainThreadPtrHandle mCallback; + int32_t mPRErrorCode; + nsCOMPtr mVerifiedCertList; + bool mHasEVPolicy; +}; + +NS_IMETHODIMP +nsNSSCertificateDB::AsyncVerifyCertAtTime(nsIX509Cert* aCert, + int64_t /*SECCertificateUsage*/ aUsage, + uint32_t aFlags, + const char* aHostname, + uint64_t aTime, + nsICertVerificationCallback* aCallback) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + RefPtr task(new VerifyCertAtTimeTask(aCert, aUsage, + aFlags, aHostname, + aTime, aCallback)); + return task->Dispatch("VerifyCert"); +} + +NS_IMETHODIMP +nsNSSCertificateDB::ClearOCSPCache() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + RefPtr certVerifier(GetDefaultCertVerifier()); + NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE); + certVerifier->ClearOCSPCache(); + return NS_OK; +} diff --git a/security/manager/ssl/nsNSSCertificateDB.h b/security/manager/ssl/nsNSSCertificateDB.h new file mode 100644 index 000000000..06af6739a --- /dev/null +++ b/security/manager/ssl/nsNSSCertificateDB.h @@ -0,0 +1,77 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSCertificateDB_h +#define nsNSSCertificateDB_h + +#include "ScopedNSSTypes.h" +#include "certt.h" +#include "mozilla/Mutex.h" +#include "mozilla/NotNull.h" +#include "mozilla/RefPtr.h" +#include "mozilla/UniquePtr.h" +#include "nsIX509CertDB.h" +#include "nsNSSShutDown.h" +#include "nsString.h" + +class nsCString; +class nsIArray; + +class nsNSSCertificateDB final : public nsIX509CertDB + , public nsNSSShutDownObject + +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIX509CERTDB + + // Use this function to generate a default nickname for a user + // certificate that is to be imported onto a token. + static void + get_default_nickname(CERTCertificate *cert, nsIInterfaceRequestor* ctx, + nsCString &nickname, + const nsNSSShutDownPreventionLock &proofOfLock); + + static nsresult + ImportValidCACerts(int numCACerts, SECItem *CACerts, nsIInterfaceRequestor *ctx, + const nsNSSShutDownPreventionLock &proofOfLock); + + // This is a separate static method so nsNSSComponent can use it during NSS + // initialization. Other code should probably not use it. + static nsresult + FindCertByDBKey(const char* aDBKey, mozilla::UniqueCERTCertificate& cert); + +protected: + virtual ~nsNSSCertificateDB(); + +private: + + static nsresult + ImportValidCACertsInList(const mozilla::UniqueCERTCertList& filteredCerts, + nsIInterfaceRequestor* ctx, + const nsNSSShutDownPreventionLock& proofOfLock); + + static void DisplayCertificateAlert(nsIInterfaceRequestor *ctx, + const char *stringID, nsIX509Cert *certToShow, + const nsNSSShutDownPreventionLock &proofOfLock); + + CERTDERCerts* getCertsFromPackage(const mozilla::UniquePLArenaPool& arena, + uint8_t* data, uint32_t length, + const nsNSSShutDownPreventionLock& proofOfLock); + nsresult handleCACertDownload(mozilla::NotNull x509Certs, + nsIInterfaceRequestor *ctx, + const nsNSSShutDownPreventionLock &proofOfLock); + + // We don't own any NSS objects here, so no need to clean up + virtual void virtualDestroyNSSReference() override { }; +}; + +#define NS_X509CERTDB_CID { /* fb0bbc5c-452e-4783-b32c-80124693d871 */ \ + 0xfb0bbc5c, \ + 0x452e, \ + 0x4783, \ + {0xb3, 0x2c, 0x80, 0x12, 0x46, 0x93, 0xd8, 0x71} \ + } + +#endif // nsNSSCertificateDB_h diff --git a/security/manager/ssl/nsNSSCertificateFakeTransport.cpp b/security/manager/ssl/nsNSSCertificateFakeTransport.cpp new file mode 100644 index 000000000..088a5c4ed --- /dev/null +++ b/security/manager/ssl/nsNSSCertificateFakeTransport.cpp @@ -0,0 +1,478 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSCertificateFakeTransport.h" + +#include "mozilla/Assertions.h" +#include "nsIClassInfoImpl.h" +#include "nsIObjectInputStream.h" +#include "nsIObjectOutputStream.h" +#include "nsISupportsPrimitives.h" +#include "nsNSSCertificate.h" +#include "nsString.h" + +NS_IMPL_ISUPPORTS(nsNSSCertificateFakeTransport, + nsIX509Cert, + nsISerializable, + nsIClassInfo) + +nsNSSCertificateFakeTransport::nsNSSCertificateFakeTransport() + : mCertSerialization(nullptr) +{ +} + +nsNSSCertificateFakeTransport::~nsNSSCertificateFakeTransport() +{ + mCertSerialization = nullptr; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetDbKey(nsACString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetWindowTitle(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetNickname(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetEmailAddress(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetEmailAddresses(uint32_t*, char16_t***) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::ContainsEmailAddress(const nsAString&, bool*) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetCommonName(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetOrganization(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetIssuerCommonName(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetIssuerOrganization(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetIssuerOrganizationUnit(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetIssuer(nsIX509Cert**) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetOrganizationalUnit(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetChain(nsIArray**) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetSubjectName(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetIssuerName(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetSerialNumber(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetSha256Fingerprint(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetSha1Fingerprint(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetTokenName(nsAString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetRawDER(uint32_t*, uint8_t**) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetValidity(nsIX509CertValidity**) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetKeyUsages(nsAString&) +{ + MOZ_ASSERT_UNREACHABLE("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetASN1Structure(nsIASN1Object**) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::Equals(nsIX509Cert*, bool*) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetSha256SubjectPublicKeyInfoDigest(nsACString&) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +// NB: This serialization must match that of nsNSSCertificate. +NS_IMETHODIMP +nsNSSCertificateFakeTransport::Write(nsIObjectOutputStream* aStream) +{ + // On a non-chrome process we don't have mCert because we lack + // nsNSSComponent. nsNSSCertificateFakeTransport object is used only to + // carry the certificate serialization. + + // This serialization has to match that of nsNSSCertificate, so include this + // now-unused field. + nsresult rv = aStream->Write32(0); + if (NS_FAILED(rv)) { + return rv; + } + + rv = aStream->Write32(mCertSerialization->len); + if (NS_FAILED(rv)) { + return rv; + } + + return aStream->WriteByteArray(mCertSerialization->data, + mCertSerialization->len); +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::Read(nsIObjectInputStream* aStream) +{ + // This serialization has to match that of nsNSSCertificate, so read the (now + // unused) cachedEVStatus. + uint32_t unusedCachedEVStatus; + nsresult rv = aStream->Read32(&unusedCachedEVStatus); + if (NS_FAILED(rv)) { + return rv; + } + + uint32_t len; + rv = aStream->Read32(&len); + if (NS_FAILED(rv)) { + return rv; + } + + nsXPIDLCString str; + rv = aStream->ReadBytes(len, getter_Copies(str)); + if (NS_FAILED(rv)) { + return rv; + } + + // On a non-chrome process we cannot instatiate mCert because we lack + // nsNSSComponent. nsNSSCertificateFakeTransport object is used only to + // carry the certificate serialization. + mCertSerialization = + mozilla::UniqueSECItem(SECITEM_AllocItem(nullptr, nullptr, len)); + if (!mCertSerialization) { + return NS_ERROR_OUT_OF_MEMORY; + } + PORT_Memcpy(mCertSerialization->data, str.Data(), len); + + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetInterfaces(uint32_t* count, nsIID*** array) +{ + *count = 0; + *array = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetScriptableHelper(nsIXPCScriptable** _retval) +{ + *_retval = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetContractID(char** aContractID) +{ + *aContractID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetClassDescription(char** aClassDescription) +{ + *aClassDescription = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetClassID(nsCID** aClassID) +{ + *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID)); + if (!*aClassID) + return NS_ERROR_OUT_OF_MEMORY; + return GetClassIDNoAlloc(*aClassID); +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetFlags(uint32_t* aFlags) +{ + *aFlags = nsIClassInfo::THREADSAFE; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) +{ + static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID); + + *aClassIDNoAlloc = kNSSCertificateCID; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetCertType(unsigned int*) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetIsSelfSigned(bool*) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetIsBuiltInRoot(bool* aIsBuiltInRoot) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::GetAllTokenNames(unsigned int*, char16_t***) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +CERTCertificate* +nsNSSCertificateFakeTransport::GetCert() +{ + NS_NOTREACHED("Unimplemented on content process"); + return nullptr; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::ExportAsCMS(unsigned int, + unsigned int*, + unsigned char**) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertificateFakeTransport::MarkForPermDeletion() +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMPL_CLASSINFO(nsNSSCertListFakeTransport, + nullptr, + // inferred from nsIX509Cert + nsIClassInfo::THREADSAFE, + NS_X509CERTLIST_CID) + +NS_IMPL_ISUPPORTS_CI(nsNSSCertListFakeTransport, + nsIX509CertList, + nsISerializable) + +nsNSSCertListFakeTransport::nsNSSCertListFakeTransport() +{ +} + +nsNSSCertListFakeTransport::~nsNSSCertListFakeTransport() +{ +} + +NS_IMETHODIMP +nsNSSCertListFakeTransport::AddCert(nsIX509Cert* aCert) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertListFakeTransport::DeleteCert(nsIX509Cert* aCert) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +CERTCertList* +nsNSSCertListFakeTransport::GetRawCertList() +{ + NS_NOTREACHED("Unimplemented on content process"); + return nullptr; +} + +NS_IMETHODIMP +nsNSSCertListFakeTransport::GetEnumerator(nsISimpleEnumerator**) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNSSCertListFakeTransport::Equals(nsIX509CertList*, bool*) +{ + NS_NOTREACHED("Unimplemented on content process"); + return NS_ERROR_NOT_IMPLEMENTED; +} + +// NB: This serialization must match that of nsNSSCertList. +NS_IMETHODIMP +nsNSSCertListFakeTransport::Write(nsIObjectOutputStream* aStream) +{ + uint32_t certListLen = mFakeCertList.length(); + // Write the length of the list + nsresult rv = aStream->Write32(certListLen); + if (NS_FAILED(rv)) { + return rv; + } + + for (size_t i = 0; i < certListLen; i++) { + nsCOMPtr cert = mFakeCertList[i]; + nsCOMPtr serializableCert = do_QueryInterface(cert); + rv = aStream->WriteCompoundObject(serializableCert, + NS_GET_IID(nsIX509Cert), true); + if (NS_FAILED(rv)) { + break; + } + } + + return rv; +} + +NS_IMETHODIMP +nsNSSCertListFakeTransport::Read(nsIObjectInputStream* aStream) +{ + uint32_t certListLen; + nsresult rv = aStream->Read32(&certListLen); + if (NS_FAILED(rv)) { + return rv; + } + + for (uint32_t i = 0; i < certListLen; i++) { + nsCOMPtr certSupports; + rv = aStream->ReadObject(true, getter_AddRefs(certSupports)); + if (NS_FAILED(rv)) { + break; + } + + nsCOMPtr cert = do_QueryInterface(certSupports); + if (!mFakeCertList.append(cert)) { + return NS_ERROR_OUT_OF_MEMORY; + } + } + + return rv; +} diff --git a/security/manager/ssl/nsNSSCertificateFakeTransport.h b/security/manager/ssl/nsNSSCertificateFakeTransport.h new file mode 100644 index 000000000..1c57505b4 --- /dev/null +++ b/security/manager/ssl/nsNSSCertificateFakeTransport.h @@ -0,0 +1,54 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSCertificateFakeTransport_h +#define nsNSSCertificateFakeTransport_h + +#include "ScopedNSSTypes.h" +#include "mozilla/Vector.h" +#include "nsCOMPtr.h" +#include "nsIClassInfo.h" +#include "nsISerializable.h" +#include "nsIX509Cert.h" +#include "nsIX509CertList.h" +#include "secitem.h" + +class nsNSSCertificateFakeTransport : public nsIX509Cert, + public nsISerializable, + public nsIClassInfo +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIX509CERT + NS_DECL_NSISERIALIZABLE + NS_DECL_NSICLASSINFO + + nsNSSCertificateFakeTransport(); + +protected: + virtual ~nsNSSCertificateFakeTransport(); + +private: + mozilla::UniqueSECItem mCertSerialization; +}; + +class nsNSSCertListFakeTransport : public nsIX509CertList, + public nsISerializable +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIX509CERTLIST + NS_DECL_NSISERIALIZABLE + + nsNSSCertListFakeTransport(); + +protected: + virtual ~nsNSSCertListFakeTransport(); + +private: + mozilla::Vector > mFakeCertList; +}; + +#endif // nsNSSCertificateFakeTransport_h diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp new file mode 100644 index 000000000..d53f846ed --- /dev/null +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -0,0 +1,2499 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSComponent.h" + +#include "ExtendedValidation.h" +#include "NSSCertDBTrustDomain.h" +#include "ScopedNSSTypes.h" +#include "SharedSSLState.h" +#include "cert.h" +#include "certdb.h" +#include "mozilla/ArrayUtils.h" +#include "mozilla/Casting.h" +#include "mozilla/Preferences.h" +#include "mozilla/PublicSSL.h" +#include "mozilla/Services.h" +#include "mozilla/StaticPtr.h" +#include "mozilla/SyncRunnable.h" +#include "mozilla/Telemetry.h" +#include "mozilla/Unused.h" +#include "nsAppDirectoryServiceDefs.h" +#include "nsCRT.h" +#include "nsClientAuthRemember.h" +#include "nsComponentManagerUtils.h" +#include "nsDirectoryServiceDefs.h" +#include "nsICertOverrideService.h" +#include "nsIFile.h" +#include "nsIObserverService.h" +#include "nsIPrompt.h" +#include "nsIProperties.h" +#include "nsISiteSecurityService.h" +#include "nsITokenPasswordDialogs.h" +#include "nsIWindowWatcher.h" +#include "nsIXULRuntime.h" +#include "nsNSSCertificateDB.h" +#include "nsNSSHelper.h" +#include "nsNSSShutDown.h" +#include "nsServiceManagerUtils.h" +#include "nsThreadUtils.h" +#include "nsXULAppAPI.h" +#include "nss.h" +#include "p12plcy.h" +#include "pkix/pkixnss.h" +#include "secerr.h" +#include "secmod.h" +#include "ssl.h" +#include "sslerr.h" +#include "sslproto.h" + +#ifndef MOZ_NO_SMART_CARDS +#include "nsSmartCardMonitor.h" +#endif + +#ifdef XP_WIN +#include "mozilla/WindowsVersion.h" +#include "nsILocalFileWin.h" + +#include "windows.h" // this needs to be before the following includes +#include "lmcons.h" +#include "sddl.h" +#include "wincrypt.h" +#include "nsIWindowsRegKey.h" +#endif + +using namespace mozilla; +using namespace mozilla::psm; + +LazyLogModule gPIPNSSLog("pipnss"); + +int nsNSSComponent::mInstanceCount = 0; + +// This function can be called from chrome or content processes +// to ensure that NSS is initialized. +bool EnsureNSSInitializedChromeOrContent() +{ + nsresult rv; + if (XRE_IsParentProcess()) { + nsCOMPtr nss = do_GetService(PSM_COMPONENT_CONTRACTID, &rv); + if (NS_FAILED(rv)) { + return false; + } + + return true; + } + + // If this is a content process and not the main thread (i.e. probably a + // worker) then forward this call to the main thread. + if (!NS_IsMainThread()) { + static Atomic initialized(false); + + // Cache the result to dispatch to the main thread only once per worker. + if (initialized) { + return true; + } + + nsCOMPtr mainThread; + nsresult rv = NS_GetMainThread(getter_AddRefs(mainThread)); + if (NS_FAILED(rv)) { + return false; + } + + // Forward to the main thread synchronously. + mozilla::SyncRunnable::DispatchToThread(mainThread, + new SyncRunnable(NS_NewRunnableFunction([]() { + initialized = EnsureNSSInitializedChromeOrContent(); + })) + ); + + return initialized; + } + + if (NSS_IsInitialized()) { + return true; + } + + if (NSS_NoDB_Init(nullptr) != SECSuccess) { + return false; + } + + if (NS_FAILED(mozilla::psm::InitializeCipherSuite())) { + return false; + } + + mozilla::psm::DisableMD5(); + return true; +} + +// We must ensure that the nsNSSComponent has been loaded before +// creating any other components. +bool EnsureNSSInitialized(EnsureNSSOperator op) +{ + if (GeckoProcessType_Default != XRE_GetProcessType()) + { + if (op == nssEnsureOnChromeOnly) + { + // If the component needs PSM/NSS initialized only on the chrome process, + // pretend we successfully initiated it but in reality we bypass it. + // It's up to the programmer to check for process type in such components + // and take care not to call anything that needs NSS/PSM initiated. + return true; + } + + NS_ERROR("Trying to initialize PSM/NSS in a non-chrome process!"); + return false; + } + + static bool loading = false; + static int32_t haveLoaded = 0; + + switch (op) + { + // In following 4 cases we are protected by monitor of XPCOM component + // manager - we are inside of do_GetService call for nss component, so it is + // safe to move with the flags here. + case nssLoadingComponent: + if (loading) + return false; // We are reentered during nss component creation + loading = true; + return true; + + case nssInitSucceeded: + NS_ASSERTION(loading, "Bad call to EnsureNSSInitialized(nssInitSucceeded)"); + loading = false; + PR_AtomicSet(&haveLoaded, 1); + return true; + + case nssInitFailed: + NS_ASSERTION(loading, "Bad call to EnsureNSSInitialized(nssInitFailed)"); + loading = false; + MOZ_FALLTHROUGH; + + case nssShutdown: + PR_AtomicSet(&haveLoaded, 0); + return false; + + // In this case we are called from a component to ensure nss initilization. + // If the component has not yet been loaded and is not currently loading + // call do_GetService for nss component to ensure it. + case nssEnsure: + case nssEnsureOnChromeOnly: + case nssEnsureChromeOrContent: + // We are reentered during nss component creation or nss component is already up + if (PR_AtomicAdd(&haveLoaded, 0) || loading) + return true; + + { + nsCOMPtr nssComponent + = do_GetService(PSM_COMPONENT_CONTRACTID); + + // Nss component failed to initialize, inform the caller of that fact. + // Flags are appropriately set by component constructor itself. + if (!nssComponent) + return false; + + bool isInitialized; + nsresult rv = nssComponent->IsNSSInitialized(&isInitialized); + return NS_SUCCEEDED(rv) && isInitialized; + } + + default: + NS_ASSERTION(false, "Bad operator to EnsureNSSInitialized"); + return false; + } +} + +static void +GetRevocationBehaviorFromPrefs(/*out*/ CertVerifier::OcspDownloadConfig* odc, + /*out*/ CertVerifier::OcspStrictConfig* osc, + /*out*/ CertVerifier::OcspGetConfig* ogc, + /*out*/ uint32_t* certShortLifetimeInDays, + const MutexAutoLock& /*proofOfLock*/) +{ + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(odc); + MOZ_ASSERT(osc); + MOZ_ASSERT(ogc); + MOZ_ASSERT(certShortLifetimeInDays); + + // 0 = disabled + // 1 = enabled for everything (default) + // 2 = enabled for EV certificates only + int32_t ocspLevel = Preferences::GetInt("security.OCSP.enabled", 1); + switch (ocspLevel) { + case 0: *odc = CertVerifier::ocspOff; break; + case 2: *odc = CertVerifier::ocspEVOnly; break; + default: *odc = CertVerifier::ocspOn; break; + } + + *osc = Preferences::GetBool("security.OCSP.require", false) + ? CertVerifier::ocspStrict + : CertVerifier::ocspRelaxed; + + // XXX: Always use POST for OCSP; see bug 871954 for undoing this. + *ogc = Preferences::GetBool("security.OCSP.GET.enabled", false) + ? CertVerifier::ocspGetEnabled + : CertVerifier::ocspGetDisabled; + + // If we pass in just 0 as the second argument to Preferences::GetUint, there + // are two function signatures that match (given that 0 can be intepreted as + // a null pointer). Thus the compiler will complain without the cast. + *certShortLifetimeInDays = + Preferences::GetUint("security.pki.cert_short_lifetime_in_days", + static_cast(0)); + + SSL_ClearSessionCache(); +} + +nsNSSComponent::nsNSSComponent() + : mutex("nsNSSComponent.mutex") + , mNSSInitialized(false) +#ifndef MOZ_NO_SMART_CARDS + , mThreadList(nullptr) +#endif +{ + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::ctor\n")); + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + + NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!"); + ++mInstanceCount; +} + +nsNSSComponent::~nsNSSComponent() +{ + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::dtor\n")); + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + + // All cleanup code requiring services needs to happen in xpcom_shutdown + + ShutdownNSS(); + SharedSSLState::GlobalCleanup(); + RememberCertErrorsTable::Cleanup(); + --mInstanceCount; + nsNSSShutDownList::shutdown(); + + // We are being freed, drop the haveLoaded flag to re-enable + // potential nss initialization later. + EnsureNSSInitialized(nssShutdown); + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::dtor finished\n")); +} + +NS_IMETHODIMP +nsNSSComponent::PIPBundleFormatStringFromName(const char* name, + const char16_t** params, + uint32_t numParams, + nsAString& outString) +{ + nsresult rv = NS_ERROR_FAILURE; + + if (mPIPNSSBundle && name) { + nsXPIDLString result; + rv = mPIPNSSBundle->FormatStringFromName(NS_ConvertASCIItoUTF16(name).get(), + params, numParams, + getter_Copies(result)); + if (NS_SUCCEEDED(rv)) { + outString = result; + } + } + return rv; +} + +NS_IMETHODIMP +nsNSSComponent::GetPIPNSSBundleString(const char* name, nsAString& outString) +{ + nsresult rv = NS_ERROR_FAILURE; + + outString.SetLength(0); + if (mPIPNSSBundle && name) { + nsXPIDLString result; + rv = mPIPNSSBundle->GetStringFromName(NS_ConvertASCIItoUTF16(name).get(), + getter_Copies(result)); + if (NS_SUCCEEDED(rv)) { + outString = result; + rv = NS_OK; + } + } + + return rv; +} + +NS_IMETHODIMP +nsNSSComponent::GetNSSBundleString(const char* name, nsAString& outString) +{ + nsresult rv = NS_ERROR_FAILURE; + + outString.SetLength(0); + if (mNSSErrorsBundle && name) { + nsXPIDLString result; + rv = mNSSErrorsBundle->GetStringFromName(NS_ConvertASCIItoUTF16(name).get(), + getter_Copies(result)); + if (NS_SUCCEEDED(rv)) { + outString = result; + rv = NS_OK; + } + } + + return rv; +} + +#ifndef MOZ_NO_SMART_CARDS +void +nsNSSComponent::LaunchSmartCardThreads() +{ + nsNSSShutDownPreventionLock locker; + { + SECMODModuleList* list; + SECMODListLock* lock = SECMOD_GetDefaultModuleListLock(); + if (!lock) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, + ("Couldn't get the module list lock, can't launch smart card threads\n")); + return; + } + SECMOD_GetReadLock(lock); + list = SECMOD_GetDefaultModuleList(); + + while (list) { + SECMODModule* module = list->module; + LaunchSmartCardThread(module); + list = list->next; + } + SECMOD_ReleaseReadLock(lock); + } +} + +NS_IMETHODIMP +nsNSSComponent::LaunchSmartCardThread(SECMODModule* module) +{ + SmartCardMonitoringThread* newThread; + if (SECMOD_HasRemovableSlots(module)) { + if (!mThreadList) { + mThreadList = new SmartCardThreadList(); + } + newThread = new SmartCardMonitoringThread(module); + // newThread is adopted by the add. + return mThreadList->Add(newThread); + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSComponent::ShutdownSmartCardThread(SECMODModule* module) +{ + if (!mThreadList) { + return NS_OK; + } + mThreadList->Remove(module); + return NS_OK; +} + +void +nsNSSComponent::ShutdownSmartCardThreads() +{ + delete mThreadList; + mThreadList = nullptr; +} +#endif // MOZ_NO_SMART_CARDS + +#ifdef XP_WIN +static bool +GetUserSid(nsAString& sidString) +{ + // UNLEN is the maximum user name length (see Lmcons.h). +1 for the null + // terminator. + WCHAR lpAccountName[UNLEN + 1]; + DWORD lcAccountName = sizeof(lpAccountName) / sizeof(lpAccountName[0]); + BOOL success = GetUserName(lpAccountName, &lcAccountName); + if (!success) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("GetUserName failed")); + return false; + } + char sid_buffer[SECURITY_MAX_SID_SIZE]; + SID* sid = BitwiseCast(sid_buffer); + DWORD cbSid = ArrayLength(sid_buffer); + SID_NAME_USE eUse; + // There doesn't appear to be a defined maximum length for the domain name + // here. To deal with this, we start with a reasonable buffer length and + // see if that works. If it fails and the error indicates insufficient length, + // we use the indicated required length and try again. + DWORD cchReferencedDomainName = 128; + auto ReferencedDomainName(MakeUnique(cchReferencedDomainName)); + success = LookupAccountName(nullptr, lpAccountName, sid, &cbSid, + ReferencedDomainName.get(), + &cchReferencedDomainName, &eUse); + if (!success && GetLastError() != ERROR_INSUFFICIENT_BUFFER) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("LookupAccountName failed")); + return false; + } + if (!success) { + ReferencedDomainName = MakeUnique(cchReferencedDomainName); + success = LookupAccountName(nullptr, lpAccountName, sid, &cbSid, + ReferencedDomainName.get(), + &cchReferencedDomainName, &eUse); + } + if (!success) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("LookupAccountName failed")); + return false; + } + LPTSTR StringSid; + success = ConvertSidToStringSid(sid, &StringSid); + if (!success) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("ConvertSidToStringSid failed")); + return false; + } + sidString.Assign(StringSid); + LocalFree(StringSid); + return true; +} + +// This is a specialized helper function to read the value of a registry key +// that might not be present. If it is present, returns (via the output +// parameter) its value. Otherwise, returns the given default value. +// This function handles one level of nesting. That is, if the desired value +// is actually in a direct child of the given registry key (where the child +// and/or the value being sought may not actually be present), this function +// will handle that. In the normal case, though, optionalChildName will be +// null. +static nsresult +ReadRegKeyValueWithDefault(nsCOMPtr regKey, + uint32_t flags, + wchar_t* optionalChildName, + wchar_t* valueName, + uint32_t defaultValue, + uint32_t& valueOut) +{ + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("ReadRegKeyValueWithDefault")); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("attempting to read '%S%s%S' with default '%u'", + optionalChildName ? optionalChildName : L"", + optionalChildName ? "\\" : "", valueName, defaultValue)); + if (optionalChildName) { + nsDependentString childNameString(optionalChildName); + bool hasChild; + nsresult rv = regKey->HasChild(childNameString, &hasChild); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("failed to determine if child key is present")); + return rv; + } + if (!hasChild) { + valueOut = defaultValue; + return NS_OK; + } + nsCOMPtr childRegKey; + rv = regKey->OpenChild(childNameString, flags, + getter_AddRefs(childRegKey)); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open child key")); + return rv; + } + return ReadRegKeyValueWithDefault(childRegKey, flags, nullptr, valueName, + defaultValue, valueOut); + } + nsDependentString valueNameString(valueName); + bool hasValue; + nsresult rv = regKey->HasValue(valueNameString, &hasValue); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("failed to determine if value is present")); + return rv; + } + if (!hasValue) { + valueOut = defaultValue; + return NS_OK; + } + rv = regKey->ReadIntValue(valueNameString, &valueOut); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to read value")); + return rv; + } + return NS_OK; +} + +static nsresult +AccountHasFamilySafetyEnabled(bool& enabled) +{ + enabled = false; + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("AccountHasFamilySafetyEnabled?")); + nsCOMPtr parentalControlsKey( + do_CreateInstance("@mozilla.org/windows-registry-key;1")); + if (!parentalControlsKey) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't create nsIWindowsRegKey")); + return NS_ERROR_FAILURE; + } + uint32_t flags = nsIWindowsRegKey::ACCESS_READ | nsIWindowsRegKey::WOW64_64; + NS_NAMED_LITERAL_STRING(familySafetyPath, + "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls"); + nsresult rv = parentalControlsKey->Open( + nsIWindowsRegKey::ROOT_KEY_LOCAL_MACHINE, familySafetyPath, flags); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open parentalControlsKey")); + return rv; + } + NS_NAMED_LITERAL_STRING(usersString, "Users"); + bool hasUsers; + rv = parentalControlsKey->HasChild(usersString, &hasUsers); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("HasChild(Users) failed")); + return rv; + } + if (!hasUsers) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("Users subkey not present - Parental Controls not enabled")); + return NS_OK; + } + nsCOMPtr usersKey; + rv = parentalControlsKey->OpenChild(usersString, flags, + getter_AddRefs(usersKey)); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to open Users subkey")); + return rv; + } + nsAutoString sid; + if (!GetUserSid(sid)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't get sid")); + return NS_ERROR_FAILURE; + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("our sid is '%S'", sid.get())); + bool hasSid; + rv = usersKey->HasChild(sid, &hasSid); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("HasChild(sid) failed")); + return rv; + } + if (!hasSid) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("sid not present in Family Safety Users")); + return NS_OK; + } + nsCOMPtr sidKey; + rv = usersKey->OpenChild(sid, flags, getter_AddRefs(sidKey)); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open sid key")); + return rv; + } + // There are three keys we're interested in: "Parental Controls On", + // "Logging Required", and "Web\\Filter On". These keys will have value 0 + // or 1, indicating a particular feature is disabled or enabled, + // respectively. So, if "Parental Controls On" is not 1, Family Safety is + // disabled and we don't care about anything else. If both "Logging + // Required" and "Web\\Filter On" are 0, the proxy will not be running, + // so for our purposes we can consider Family Safety disabled in that + // case. + // By default, "Logging Required" is 1 and "Web\\Filter On" is 0, + // reflecting the initial settings when Family Safety is enabled for an + // account for the first time, However, these sub-keys are not created + // unless they are switched away from the default value. + uint32_t parentalControlsOn; + rv = sidKey->ReadIntValue(NS_LITERAL_STRING("Parental Controls On"), + &parentalControlsOn); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("couldn't read Parental Controls On")); + return rv; + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("Parental Controls On: %u", parentalControlsOn)); + if (parentalControlsOn != 1) { + return NS_OK; + } + uint32_t loggingRequired; + rv = ReadRegKeyValueWithDefault(sidKey, flags, nullptr, L"Logging Required", + 1, loggingRequired); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("failed to read value of Logging Required")); + return rv; + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("Logging Required: %u", loggingRequired)); + uint32_t webFilterOn; + rv = ReadRegKeyValueWithDefault(sidKey, flags, L"Web", L"Filter On", 0, + webFilterOn); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("failed to read value of Web\\Filter On")); + return rv; + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Web\\Filter On: %u", webFilterOn)); + enabled = loggingRequired == 1 || webFilterOn == 1; + return NS_OK; +} + +// It would be convenient to just use nsIX509CertDB in the following code. +// However, since nsIX509CertDB depends on nsNSSComponent initialization (and +// since this code runs during that initialization), we can't use it. Instead, +// we can use NSS APIs directly (as long as we're called late enough in +// nsNSSComponent initialization such that those APIs are safe to use). + +// Helper function to convert a PCCERT_CONTEXT (i.e. a certificate obtained via +// a Windows API) to a temporary CERTCertificate (i.e. a certificate for use +// with NSS APIs). +static UniqueCERTCertificate +PCCERT_CONTEXTToCERTCertificate(PCCERT_CONTEXT pccert) +{ + MOZ_ASSERT(pccert); + if (!pccert) { + return nullptr; + } + + SECItem derCert = { + siBuffer, + pccert->pbCertEncoded, + pccert->cbCertEncoded + }; + return UniqueCERTCertificate( + CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert, + nullptr, // nickname unnecessary + false, // not permanent + true)); // copy DER +} + +static const char* kMicrosoftFamilySafetyCN = "Microsoft Family Safety"; + +nsresult +nsNSSComponent::MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate, + bool& wasFamilySafetyRoot) +{ + MOZ_ASSERT(NS_IsMainThread()); + if (!NS_IsMainThread()) { + return NS_ERROR_NOT_SAME_THREAD; + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("MaybeImportFamilySafetyRoot")); + wasFamilySafetyRoot = false; + + UniqueCERTCertificate nssCertificate( + PCCERT_CONTEXTToCERTCertificate(certificate)); + if (!nssCertificate) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't decode certificate")); + return NS_ERROR_FAILURE; + } + // Looking for a certificate with the common name 'Microsoft Family Safety' + UniquePORTString subjectName(CERT_GetCommonName(&nssCertificate->subject)); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("subject name is '%s'", subjectName.get())); + if (nsCRT::strcmp(subjectName.get(), kMicrosoftFamilySafetyCN) == 0) { + wasFamilySafetyRoot = true; + CERTCertTrust trust = { + CERTDB_TRUSTED_CA | CERTDB_VALID_CA | CERTDB_USER, + 0, + 0 + }; + if (CERT_ChangeCertTrust(nullptr, nssCertificate.get(), &trust) + != SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("couldn't trust certificate for TLS server auth")); + return NS_ERROR_FAILURE; + } + MOZ_ASSERT(!mFamilySafetyRoot); + mFamilySafetyRoot = Move(nssCertificate); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("added Family Safety root")); + } + return NS_OK; +} + +// Because HCERTSTORE is just a typedef void*, we can't use any of the nice +// scoped or unique pointer templates. To elaborate, any attempt would +// instantiate those templates with T = void. When T gets used in the context +// of T&, this results in void&, which isn't legal. +class ScopedCertStore final +{ +public: + explicit ScopedCertStore(HCERTSTORE certstore) : certstore(certstore) {} + + ~ScopedCertStore() + { + CertCloseStore(certstore, 0); + } + + HCERTSTORE get() + { + return certstore; + } + +private: + ScopedCertStore(const ScopedCertStore&) = delete; + ScopedCertStore& operator=(const ScopedCertStore&) = delete; + HCERTSTORE certstore; +}; + +static const wchar_t* kWindowsDefaultRootStoreName = L"ROOT"; + +nsresult +nsNSSComponent::LoadFamilySafetyRoot() +{ + ScopedCertStore certstore( + CertOpenSystemStore(0, kWindowsDefaultRootStoreName)); + if (!certstore.get()) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("couldn't get certstore '%S'", kWindowsDefaultRootStoreName)); + return NS_ERROR_FAILURE; + } + // Any resources held by the certificate are released by the next call to + // CertFindCertificateInStore. + PCCERT_CONTEXT certificate = nullptr; + while ((certificate = CertFindCertificateInStore(certstore.get(), + X509_ASN_ENCODING, 0, + CERT_FIND_ANY, nullptr, + certificate))) { + bool wasFamilySafetyRoot = false; + nsresult rv = MaybeImportFamilySafetyRoot(certificate, + wasFamilySafetyRoot); + if (NS_SUCCEEDED(rv) && wasFamilySafetyRoot) { + return NS_OK; // We're done (we're only expecting one root). + } + } + return NS_ERROR_FAILURE; +} + +void +nsNSSComponent::UnloadFamilySafetyRoot() +{ + MOZ_ASSERT(NS_IsMainThread()); + if (!NS_IsMainThread()) { + return; + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("UnloadFamilySafetyRoot")); + if (!mFamilySafetyRoot) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Family Safety Root wasn't present")); + return; + } + // It would be intuitive to set the trust to { 0, 0, 0 } here. However, this + // doesn't work for temporary certificates because CERT_ChangeCertTrust first + // looks up the current trust settings in the permanent cert database, finds + // that such trust doesn't exist, considers the current trust to be + // { 0, 0, 0 }, and decides that it doesn't need to update the trust since + // they're the same. To work around this, we set a non-zero flag to ensure + // that the trust will get updated. + CERTCertTrust trust = { CERTDB_USER, 0, 0 }; + if (CERT_ChangeCertTrust(nullptr, mFamilySafetyRoot.get(), &trust) + != SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("couldn't untrust certificate for TLS server auth")); + } + mFamilySafetyRoot = nullptr; +} + +#endif // XP_WIN + +// The supported values of this pref are: +// 0: disable detecting Family Safety mode and importing the root +// 1: only attempt to detect Family Safety mode (don't import the root) +// 2: detect Family Safety mode and import the root +const char* kFamilySafetyModePref = "security.family_safety.mode"; + +// The telemetry gathered by this function is as follows: +// 0-2: the value of the Family Safety mode pref +// 3: detecting Family Safety mode failed +// 4: Family Safety was not enabled +// 5: Family Safety was enabled +// 6: failed to import the Family Safety root +// 7: successfully imported the root +void +nsNSSComponent::MaybeEnableFamilySafetyCompatibility() +{ +#ifdef XP_WIN + UnloadFamilySafetyRoot(); + if (!(IsWin8Point1OrLater() && !IsWin10OrLater())) { + return; + } + // Detect but don't import by default. + uint32_t familySafetyMode = Preferences::GetUint(kFamilySafetyModePref, 1); + if (familySafetyMode > 2) { + familySafetyMode = 0; + } + Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, familySafetyMode); + if (familySafetyMode == 0) { + return; + } + bool familySafetyEnabled; + nsresult rv = AccountHasFamilySafetyEnabled(familySafetyEnabled); + if (NS_FAILED(rv)) { + Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 3); + return; + } + if (!familySafetyEnabled) { + Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 4); + return; + } + Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 5); + if (familySafetyMode == 2) { + rv = LoadFamilySafetyRoot(); + if (NS_FAILED(rv)) { + Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 6); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("failed to load Family Safety root")); + } else { + Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 7); + } + } +#endif // XP_WIN +} + +#ifdef XP_WIN +// Helper function to determine if the OS considers the given certificate to be +// a trust anchor for TLS server auth certificates. This is to be used in the +// context of importing what are presumed to be root certificates from the OS. +// If this function returns true but it turns out that the given certificate is +// in some way unsuitable to issue certificates, mozilla::pkix will never build +// a valid chain that includes the certificate, so importing it even if it +// isn't a valid CA poses no risk. +static bool +CertIsTrustAnchorForTLSServerAuth(PCCERT_CONTEXT certificate) +{ + MOZ_ASSERT(certificate); + if (!certificate) { + return false; + } + + PCCERT_CHAIN_CONTEXT pChainContext = nullptr; + CERT_ENHKEY_USAGE enhkeyUsage; + memset(&enhkeyUsage, 0, sizeof(CERT_ENHKEY_USAGE)); + LPSTR identifiers[] = { + "1.3.6.1.5.5.7.3.1", // id-kp-serverAuth + }; + enhkeyUsage.cUsageIdentifier = ArrayLength(identifiers); + enhkeyUsage.rgpszUsageIdentifier = identifiers; + CERT_USAGE_MATCH certUsage; + memset(&certUsage, 0, sizeof(CERT_USAGE_MATCH)); + certUsage.dwType = USAGE_MATCH_TYPE_AND; + certUsage.Usage = enhkeyUsage; + CERT_CHAIN_PARA chainPara; + memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA)); + chainPara.cbSize = sizeof(CERT_CHAIN_PARA); + chainPara.RequestedUsage = certUsage; + + if (!CertGetCertificateChain(nullptr, certificate, nullptr, nullptr, + &chainPara, 0, nullptr, &pChainContext)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertGetCertificateChain failed")); + return false; + } + bool trusted = pChainContext->TrustStatus.dwErrorStatus == + CERT_TRUST_NO_ERROR; + bool isRoot = pChainContext->cChain == 1; + CertFreeCertificateChain(pChainContext); + if (trusted && isRoot) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("certificate is trust anchor for TLS server auth")); + return true; + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("certificate not trust anchor for TLS server auth")); + return false; +} + +void +nsNSSComponent::UnloadEnterpriseRoots() +{ + MOZ_ASSERT(NS_IsMainThread()); + if (!NS_IsMainThread()) { + return; + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("UnloadEnterpriseRoots")); + if (!mEnterpriseRoots) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("no enterprise roots were present")); + return; + } + // It would be intuitive to set the trust to { 0, 0, 0 } here. However, this + // doesn't work for temporary certificates because CERT_ChangeCertTrust first + // looks up the current trust settings in the permanent cert database, finds + // that such trust doesn't exist, considers the current trust to be + // { 0, 0, 0 }, and decides that it doesn't need to update the trust since + // they're the same. To work around this, we set a non-zero flag to ensure + // that the trust will get updated. + CERTCertTrust trust = { CERTDB_USER, 0, 0 }; + for (CERTCertListNode* n = CERT_LIST_HEAD(mEnterpriseRoots.get()); + !CERT_LIST_END(n, mEnterpriseRoots.get()); n = CERT_LIST_NEXT(n)) { + if (!n || !n->cert) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("library failure: CERTCertListNode null or lacks cert")); + continue; + } + if (CERT_ChangeCertTrust(nullptr, n->cert, &trust) != SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("couldn't untrust certificate for TLS server auth")); + } + } + mEnterpriseRoots = nullptr; + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("unloaded enterprise roots")); +} + +NS_IMETHODIMP +nsNSSComponent::GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) +{ + MOZ_ASSERT(NS_IsMainThread()); + if (!NS_IsMainThread()) { + return NS_ERROR_NOT_SAME_THREAD; + } + NS_ENSURE_ARG_POINTER(enterpriseRoots); + + nsNSSShutDownPreventionLock lock; + // nsNSSComponent isn't a nsNSSShutDownObject, so we can't check + // isAlreadyShutDown(). However, since mEnterpriseRoots is cleared when NSS + // shuts down, we can use that as a proxy for checking for NSS shutdown. + // (Of course, it may also be the case that no enterprise roots were imported, + // so we should just return a null list and NS_OK in this case.) + if (!mEnterpriseRoots) { + *enterpriseRoots = nullptr; + return NS_OK; + } + UniqueCERTCertList enterpriseRootsCopy( + nsNSSCertList::DupCertList(mEnterpriseRoots, lock)); + if (!enterpriseRootsCopy) { + return NS_ERROR_FAILURE; + } + nsCOMPtr enterpriseRootsCertList( + new nsNSSCertList(Move(enterpriseRootsCopy), lock)); + if (!enterpriseRootsCertList) { + return NS_ERROR_FAILURE; + } + enterpriseRootsCertList.forget(enterpriseRoots); + return NS_OK; +} +#endif // XP_WIN + +static const char* kEnterpriseRootModePref = "security.enterprise_roots.enabled"; + +void +nsNSSComponent::MaybeImportEnterpriseRoots() +{ +#ifdef XP_WIN + MOZ_ASSERT(NS_IsMainThread()); + if (!NS_IsMainThread()) { + return; + } + UnloadEnterpriseRoots(); + bool importEnterpriseRoots = Preferences::GetBool(kEnterpriseRootModePref, + false); + if (!importEnterpriseRoots) { + return; + } + + MOZ_ASSERT(!mEnterpriseRoots); + mEnterpriseRoots.reset(CERT_NewCertList()); + if (!mEnterpriseRoots) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("failed to allocate a new CERTCertList for mEnterpriseRoots")); + return; + } + + ImportEnterpriseRootsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE); + ImportEnterpriseRootsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY); + ImportEnterpriseRootsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE); +#endif // XP_WIN +} + +#ifdef XP_WIN +// Loads the enterprise roots at the registry location corresponding to the +// given location flag. +// Supported flags are: +// CERT_SYSTEM_STORE_LOCAL_MACHINE +// (for HKLM\SOFTWARE\Microsoft\SystemCertificates) +// CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY +// (for HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates) +// CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE +// (for HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates) +void +nsNSSComponent::ImportEnterpriseRootsForLocation(DWORD locationFlag) +{ + MOZ_ASSERT(NS_IsMainThread()); + if (!NS_IsMainThread()) { + return; + } + MOZ_ASSERT(locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE || + locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY || + locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE, + "unexpected locationFlag for ImportEnterpriseRootsForLocation"); + if (!(locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE || + locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY || + locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE)) { + return; + } + + DWORD flags = locationFlag | + CERT_STORE_OPEN_EXISTING_FLAG | + CERT_STORE_READONLY_FLAG; + // The certificate store being opened should consist only of certificates + // added by a user or administrator and not any certificates that are part + // of Microsoft's root store program. + // The 3rd parameter to CertOpenStore should be NULL according to + // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376559%28v=vs.85%29.aspx + ScopedCertStore enterpriseRootStore(CertOpenStore( + CERT_STORE_PROV_SYSTEM_REGISTRY_W, 0, NULL, flags, + kWindowsDefaultRootStoreName)); + if (!enterpriseRootStore.get()) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to open enterprise root store")); + return; + } + CERTCertTrust trust = { + CERTDB_TRUSTED_CA | CERTDB_VALID_CA | CERTDB_USER, + 0, + 0 + }; + PCCERT_CONTEXT certificate = nullptr; + uint32_t numImported = 0; + while ((certificate = CertFindCertificateInStore(enterpriseRootStore.get(), + X509_ASN_ENCODING, 0, + CERT_FIND_ANY, nullptr, + certificate))) { + if (!CertIsTrustAnchorForTLSServerAuth(certificate)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("skipping cert not trust anchor for TLS server auth")); + continue; + } + UniqueCERTCertificate nssCertificate( + PCCERT_CONTEXTToCERTCertificate(certificate)); + if (!nssCertificate) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't decode certificate")); + continue; + } + // Don't import the Microsoft Family Safety root (this prevents the + // Enterprise Roots feature from interacting poorly with the Family + // Safety support). + UniquePORTString subjectName( + CERT_GetCommonName(&nssCertificate->subject)); + if (nsCRT::strcmp(subjectName.get(), kMicrosoftFamilySafetyCN) == 0) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("skipping Family Safety Root")); + continue; + } + MOZ_ASSERT(mEnterpriseRoots, "mEnterpriseRoots unexpectedly NULL?"); + if (!mEnterpriseRoots) { + return; + } + if (CERT_AddCertToListTail(mEnterpriseRoots.get(), nssCertificate.get()) + != SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't add cert to list")); + continue; + } + if (CERT_ChangeCertTrust(nullptr, nssCertificate.get(), &trust) + != SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("couldn't trust certificate for TLS server auth")); + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Imported '%s'", subjectName.get())); + numImported++; + // now owned by mEnterpriseRoots + Unused << nssCertificate.release(); + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("imported %u roots", numImported)); +} +#endif // XP_WIN + +void +nsNSSComponent::LoadLoadableRoots() +{ + nsNSSShutDownPreventionLock locker; + SECMODModule* RootsModule = nullptr; + + // In the past we used SECMOD_AddNewModule to load our module containing + // root CA certificates. This caused problems, refer to bug 176501. + // On startup, we fix our database and clean any stored module reference, + // and will use SECMOD_LoadUserModule to temporarily load it + // for the session. (This approach requires to clean up + // using SECMOD_UnloadUserModule at the end of the session.) + + { + // Find module containing root certs + + SECMODModuleList* list; + SECMODListLock* lock = SECMOD_GetDefaultModuleListLock(); + if (!lock) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, + ("Couldn't get the module list lock, can't install loadable roots\n")); + return; + } + SECMOD_GetReadLock(lock); + list = SECMOD_GetDefaultModuleList(); + + while (!RootsModule && list) { + SECMODModule* module = list->module; + + for (int i=0; i < module->slotCount; i++) { + PK11SlotInfo* slot = module->slots[i]; + if (PK11_IsPresent(slot)) { + if (PK11_HasRootCerts(slot)) { + RootsModule = SECMOD_ReferenceModule(module); + break; + } + } + } + + list = list->next; + } + SECMOD_ReleaseReadLock(lock); + } + + if (RootsModule) { + int32_t modType; + SECMOD_DeleteModule(RootsModule->commonName, &modType); + SECMOD_DestroyModule(RootsModule); + RootsModule = nullptr; + } + + // Find the best Roots module for our purposes. + // Prefer the application's installation directory, + // but also ensure the library is at least the version we expect. + + nsAutoString modName; + nsresult rv = GetPIPNSSBundleString("RootCertModuleName", modName); + if (NS_FAILED(rv)) { + // When running Cpp unit tests on Android, this will fail because string + // bundles aren't available (see bug 1311077, bug 1228175 comment 12, and + // bug 929655). Because the module name is really only for display purposes, + // we can just hard-code the value here. Furthermore, if we want to be able + // to stop using string bundles in PSM in this way, we'll have to hard-code + // the string and only use the localized version when displaying it to the + // user, so this is a step in that direction anyway. + modName.AssignLiteral("Builtin Roots Module"); + } + + nsCOMPtr directoryService(do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID)); + if (!directoryService) + return; + + static const char nss_lib[] = "nss3"; + const char* possible_ckbi_locations[] = { + nss_lib, // This special value means: search for ckbi in the directory + // where nss3 is. + NS_XPCOM_CURRENT_PROCESS_DIR, + NS_GRE_DIR, + 0 // This special value means: + // search for ckbi in the directories on the shared + // library/DLL search path + }; + + for (size_t il = 0; il < sizeof(possible_ckbi_locations)/sizeof(const char*); ++il) { + nsAutoCString libDir; + + if (possible_ckbi_locations[il]) { + nsCOMPtr mozFile; + if (possible_ckbi_locations[il] == nss_lib) { + // Get the location of the nss3 library. + char* nss_path = PR_GetLibraryFilePathname(DLL_PREFIX "nss3" DLL_SUFFIX, + (PRFuncPtr) NSS_Initialize); + if (!nss_path) { + continue; + } + // Get the directory containing the nss3 library. + nsCOMPtr nssLib(do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv)); + if (NS_SUCCEEDED(rv)) { + rv = nssLib->InitWithNativePath(nsDependentCString(nss_path)); + } + PR_Free(nss_path); + if (NS_SUCCEEDED(rv)) { + nsCOMPtr file; + if (NS_SUCCEEDED(nssLib->GetParent(getter_AddRefs(file)))) { + mozFile = do_QueryInterface(file); + } + } + } else { + directoryService->Get( possible_ckbi_locations[il], + NS_GET_IID(nsIFile), + getter_AddRefs(mozFile)); + } + + if (!mozFile) { + continue; + } + + if (NS_FAILED(mozFile->GetNativePath(libDir))) { + continue; + } + } + + NS_ConvertUTF16toUTF8 modNameUTF8(modName); + if (mozilla::psm::LoadLoadableRoots( + libDir.Length() > 0 ? libDir.get() : nullptr, + modNameUTF8.get()) == SECSuccess) { + break; + } + } +} + +void +nsNSSComponent::UnloadLoadableRoots() +{ + nsresult rv; + nsAutoString modName; + rv = GetPIPNSSBundleString("RootCertModuleName", modName); + if (NS_FAILED(rv)) return; + + NS_ConvertUTF16toUTF8 modNameUTF8(modName); + ::mozilla::psm::UnloadLoadableRoots(modNameUTF8.get()); +} + +nsresult +nsNSSComponent::ConfigureInternalPKCS11Token() +{ + nsNSSShutDownPreventionLock locker; + nsAutoString manufacturerID; + nsAutoString libraryDescription; + nsAutoString tokenDescription; + nsAutoString privateTokenDescription; + nsAutoString slotDescription; + nsAutoString privateSlotDescription; + nsAutoString fips140SlotDescription; + nsAutoString fips140TokenDescription; + + nsresult rv; + rv = GetPIPNSSBundleString("ManufacturerID", manufacturerID); + if (NS_FAILED(rv)) return rv; + + rv = GetPIPNSSBundleString("LibraryDescription", libraryDescription); + if (NS_FAILED(rv)) return rv; + + rv = GetPIPNSSBundleString("TokenDescription", tokenDescription); + if (NS_FAILED(rv)) return rv; + + rv = GetPIPNSSBundleString("PrivateTokenDescription", privateTokenDescription); + if (NS_FAILED(rv)) return rv; + + rv = GetPIPNSSBundleString("SlotDescription", slotDescription); + if (NS_FAILED(rv)) return rv; + + rv = GetPIPNSSBundleString("PrivateSlotDescription", privateSlotDescription); + if (NS_FAILED(rv)) return rv; + + rv = GetPIPNSSBundleString("Fips140SlotDescription", fips140SlotDescription); + if (NS_FAILED(rv)) return rv; + + rv = GetPIPNSSBundleString("Fips140TokenDescription", fips140TokenDescription); + if (NS_FAILED(rv)) return rv; + + PK11_ConfigurePKCS11(NS_ConvertUTF16toUTF8(manufacturerID).get(), + NS_ConvertUTF16toUTF8(libraryDescription).get(), + NS_ConvertUTF16toUTF8(tokenDescription).get(), + NS_ConvertUTF16toUTF8(privateTokenDescription).get(), + NS_ConvertUTF16toUTF8(slotDescription).get(), + NS_ConvertUTF16toUTF8(privateSlotDescription).get(), + NS_ConvertUTF16toUTF8(fips140SlotDescription).get(), + NS_ConvertUTF16toUTF8(fips140TokenDescription).get(), + 0, 0); + return NS_OK; +} + +nsresult +nsNSSComponent::InitializePIPNSSBundle() +{ + // Called during init only, no mutex required. + + nsresult rv; + nsCOMPtr bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv)); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); + MOZ_RELEASE_ASSERT(bundleService); +#endif + if (NS_FAILED(rv) || !bundleService) + return NS_ERROR_FAILURE; + + bundleService->CreateBundle("chrome://pipnss/locale/pipnss.properties", + getter_AddRefs(mPIPNSSBundle)); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(mPIPNSSBundle); +#endif + if (!mPIPNSSBundle) + rv = NS_ERROR_FAILURE; + + bundleService->CreateBundle("chrome://pipnss/locale/nsserrors.properties", + getter_AddRefs(mNSSErrorsBundle)); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(mNSSErrorsBundle); +#endif + if (!mNSSErrorsBundle) + rv = NS_ERROR_FAILURE; + + return rv; +} + +// Table of pref names and SSL cipher ID +typedef struct { + const char* pref; + long id; + bool enabledByDefault; + bool weak; +} CipherPref; + +// Update the switch statement in AccumulateCipherSuite in nsNSSCallbacks.cpp +// when you add/remove cipher suites here. +static const CipherPref sCipherPrefs[] = { + { "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, true }, + { "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, true }, + + { "security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, true }, + { "security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, true }, + + { "security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384", + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, true }, + { "security.ssl3.ecdhe_rsa_aes_256_gcm_sha384", + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, true }, + + { "security.ssl3.ecdhe_rsa_aes_128_sha", + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, true }, + { "security.ssl3.ecdhe_ecdsa_aes_128_sha", + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, true }, + + { "security.ssl3.ecdhe_rsa_aes_256_sha", + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, true }, + { "security.ssl3.ecdhe_ecdsa_aes_256_sha", + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true }, + + { "security.ssl3.dhe_rsa_aes_128_sha", + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true }, + + { "security.ssl3.dhe_rsa_aes_256_sha", + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, true }, + + { "security.tls13.aes_128_gcm_sha256", + TLS_AES_128_GCM_SHA256, true }, + { "security.tls13.chacha20_poly1305_sha256", + TLS_CHACHA20_POLY1305_SHA256, true }, + { "security.tls13.aes_256_gcm_sha384", + TLS_AES_256_GCM_SHA384, true }, + + { "security.ssl3.rsa_aes_128_sha", + TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange) + { "security.ssl3.rsa_aes_256_sha", + TLS_RSA_WITH_AES_256_CBC_SHA, true }, // deprecated (RSA key exchange) + { "security.ssl3.rsa_des_ede3_sha", + TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES) + + // All the rest are disabled + + { nullptr, 0 } // end marker +}; + +// Bit flags indicating what weak ciphers are enabled. +// The bit index will correspond to the index in sCipherPrefs. +// Wrtten by the main thread, read from any threads. +static Atomic sEnabledWeakCiphers; +static_assert(MOZ_ARRAY_LENGTH(sCipherPrefs) - 1 <= sizeof(uint32_t) * CHAR_BIT, + "too many cipher suites"); + +/*static*/ bool +nsNSSComponent::AreAnyWeakCiphersEnabled() +{ + return !!sEnabledWeakCiphers; +} + +/*static*/ void +nsNSSComponent::UseWeakCiphersOnSocket(PRFileDesc* fd) +{ + const uint32_t enabledWeakCiphers = sEnabledWeakCiphers; + const CipherPref* const cp = sCipherPrefs; + for (size_t i = 0; cp[i].pref; ++i) { + if (enabledWeakCiphers & ((uint32_t)1 << i)) { + SSL_CipherPrefSet(fd, cp[i].id, true); + } + } +} + +// This function will convert from pref values like 1, 2, ... +// to the internal values of SSL_LIBRARY_VERSION_TLS_1_0, +// SSL_LIBRARY_VERSION_TLS_1_1, ... +/*static*/ void +nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut, + uint32_t minFromPrefs, + uint32_t maxFromPrefs, + SSLVersionRange defaults) +{ + rangeOut = defaults; + // determine what versions are supported + SSLVersionRange supported; + if (SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) + != SECSuccess) { + return; + } + + // Clip the defaults by what NSS actually supports to enable + // working with a system NSS with different ranges. + rangeOut.min = std::max(rangeOut.min, supported.min); + rangeOut.max = std::min(rangeOut.max, supported.max); + + // convert min/maxFromPrefs to the internal representation + minFromPrefs += SSL_LIBRARY_VERSION_3_0; + maxFromPrefs += SSL_LIBRARY_VERSION_3_0; + // if min/maxFromPrefs are invalid, use defaults + if (minFromPrefs > maxFromPrefs || + minFromPrefs < supported.min || maxFromPrefs > supported.max || + minFromPrefs < SSL_LIBRARY_VERSION_TLS_1_0) { + return; + } + + // fill out rangeOut + rangeOut.min = (uint16_t) minFromPrefs; + rangeOut.max = (uint16_t) maxFromPrefs; +} + +static const int32_t OCSP_ENABLED_DEFAULT = 1; +static const bool REQUIRE_SAFE_NEGOTIATION_DEFAULT = false; +static const bool FALSE_START_ENABLED_DEFAULT = true; +static const bool NPN_ENABLED_DEFAULT = true; +static const bool ALPN_ENABLED_DEFAULT = false; +static const bool ENABLED_0RTT_DATA_DEFAULT = false; + +static void +ConfigureTLSSessionIdentifiers() +{ + bool disableSessionIdentifiers = + Preferences::GetBool("security.ssl.disable_session_identifiers", false); + SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, !disableSessionIdentifiers); + SSL_OptionSetDefault(SSL_NO_CACHE, disableSessionIdentifiers); +} + +namespace { + +class CipherSuiteChangeObserver : public nsIObserver +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIOBSERVER + + static nsresult StartObserve(); + +protected: + virtual ~CipherSuiteChangeObserver() {} + +private: + static StaticRefPtr sObserver; + CipherSuiteChangeObserver() {} +}; + +NS_IMPL_ISUPPORTS(CipherSuiteChangeObserver, nsIObserver) + +// static +StaticRefPtr CipherSuiteChangeObserver::sObserver; + +// static +nsresult +CipherSuiteChangeObserver::StartObserve() +{ + NS_ASSERTION(NS_IsMainThread(), "CipherSuiteChangeObserver::StartObserve() can only be accessed in main thread"); + if (!sObserver) { + RefPtr observer = new CipherSuiteChangeObserver(); + nsresult rv = Preferences::AddStrongObserver(observer.get(), "security."); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); +#endif + if (NS_FAILED(rv)) { + sObserver = nullptr; + return rv; + } + + nsCOMPtr observerService = + mozilla::services::GetObserverService(); + observerService->AddObserver(observer, NS_XPCOM_SHUTDOWN_OBSERVER_ID, + false); + + sObserver = observer; + } + return NS_OK; +} + +nsresult +CipherSuiteChangeObserver::Observe(nsISupports* aSubject, + const char* aTopic, + const char16_t* someData) +{ + NS_ASSERTION(NS_IsMainThread(), "CipherSuiteChangeObserver::Observe can only be accessed in main thread"); + if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { + NS_ConvertUTF16toUTF8 prefName(someData); + // Look through the cipher table and set according to pref setting + const CipherPref* const cp = sCipherPrefs; + for (size_t i = 0; cp[i].pref; ++i) { + if (prefName.Equals(cp[i].pref)) { + bool cipherEnabled = Preferences::GetBool(cp[i].pref, + cp[i].enabledByDefault); + if (cp[i].weak) { + // Weak ciphers will not be used by default even if they + // are enabled in prefs. They are only used on specific + // sockets as a part of a fallback mechanism. + // Only the main thread will change sEnabledWeakCiphers. + uint32_t enabledWeakCiphers = sEnabledWeakCiphers; + if (cipherEnabled) { + enabledWeakCiphers |= ((uint32_t)1 << i); + } else { + enabledWeakCiphers &= ~((uint32_t)1 << i); + } + sEnabledWeakCiphers = enabledWeakCiphers; + } else { + SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled); + SSL_ClearSessionCache(); + } + break; + } + } + } else if (nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) { + Preferences::RemoveObserver(this, "security."); + MOZ_ASSERT(sObserver.get() == this); + sObserver = nullptr; + nsCOMPtr observerService = + mozilla::services::GetObserverService(); + observerService->RemoveObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID); + } + return NS_OK; +} + +} // namespace + +// Caller must hold a lock on nsNSSComponent::mutex when calling this function +void nsNSSComponent::setValidationOptions(bool isInitialSetting, + const MutexAutoLock& lock) +{ + // This preference controls whether we do OCSP fetching and does not affect + // OCSP stapling. + // 0 = disabled, 1 = enabled + int32_t ocspEnabled = Preferences::GetInt("security.OCSP.enabled", + OCSP_ENABLED_DEFAULT); + + bool ocspRequired = ocspEnabled && + Preferences::GetBool("security.OCSP.require", false); + + // We measure the setting of the pref at startup only to minimize noise by + // addons that may muck with the settings, though it probably doesn't matter. + if (isInitialSetting) { + Telemetry::Accumulate(Telemetry::CERT_OCSP_ENABLED, ocspEnabled); + Telemetry::Accumulate(Telemetry::CERT_OCSP_REQUIRED, ocspRequired); + } + + bool ocspStaplingEnabled = Preferences::GetBool("security.ssl.enable_ocsp_stapling", + true); + PublicSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled); + PrivateSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled); + + bool ocspMustStapleEnabled = Preferences::GetBool("security.ssl.enable_ocsp_must_staple", + true); + PublicSSLState()->SetOCSPMustStapleEnabled(ocspMustStapleEnabled); + PrivateSSLState()->SetOCSPMustStapleEnabled(ocspMustStapleEnabled); + + const CertVerifier::CertificateTransparencyMode defaultCTMode = + CertVerifier::CertificateTransparencyMode::TelemetryOnly; + CertVerifier::CertificateTransparencyMode ctMode = + static_cast + (Preferences::GetInt("security.pki.certificate_transparency.mode", + static_cast(defaultCTMode))); + switch (ctMode) { + case CertVerifier::CertificateTransparencyMode::Disabled: + case CertVerifier::CertificateTransparencyMode::TelemetryOnly: + break; + default: + ctMode = defaultCTMode; + break; + } + bool sctsEnabled = + ctMode != CertVerifier::CertificateTransparencyMode::Disabled; + PublicSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled); + PrivateSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled); + + CertVerifier::PinningMode pinningMode = + static_cast + (Preferences::GetInt("security.cert_pinning.enforcement_level", + CertVerifier::pinningDisabled)); + if (pinningMode > CertVerifier::pinningEnforceTestMode) { + pinningMode = CertVerifier::pinningDisabled; + } + + CertVerifier::SHA1Mode sha1Mode = static_cast + (Preferences::GetInt("security.pki.sha1_enforcement_level", + static_cast(CertVerifier::SHA1Mode::Allowed))); + switch (sha1Mode) { + case CertVerifier::SHA1Mode::Allowed: + case CertVerifier::SHA1Mode::Forbidden: + case CertVerifier::SHA1Mode::UsedToBeBefore2016ButNowIsForbidden: + case CertVerifier::SHA1Mode::ImportedRoot: + case CertVerifier::SHA1Mode::ImportedRootOrBefore2016: + break; + default: + sha1Mode = CertVerifier::SHA1Mode::Allowed; + break; + } + + // Convert a previously-available setting to a safe one. + if (sha1Mode == CertVerifier::SHA1Mode::UsedToBeBefore2016ButNowIsForbidden) { + sha1Mode = CertVerifier::SHA1Mode::Forbidden; + } + + BRNameMatchingPolicy::Mode nameMatchingMode = + static_cast + (Preferences::GetInt("security.pki.name_matching_mode", + static_cast(BRNameMatchingPolicy::Mode::DoNotEnforce))); + switch (nameMatchingMode) { + case BRNameMatchingPolicy::Mode::Enforce: + case BRNameMatchingPolicy::Mode::EnforceAfter23August2015: + case BRNameMatchingPolicy::Mode::EnforceAfter23August2016: + case BRNameMatchingPolicy::Mode::DoNotEnforce: + break; + default: + nameMatchingMode = BRNameMatchingPolicy::Mode::DoNotEnforce; + break; + } + + NetscapeStepUpPolicy netscapeStepUpPolicy = + static_cast + (Preferences::GetUint("security.pki.netscape_step_up_policy", + static_cast(NetscapeStepUpPolicy::AlwaysMatch))); + switch (netscapeStepUpPolicy) { + case NetscapeStepUpPolicy::AlwaysMatch: + case NetscapeStepUpPolicy::MatchBefore23August2016: + case NetscapeStepUpPolicy::MatchBefore23August2015: + case NetscapeStepUpPolicy::NeverMatch: + break; + default: + netscapeStepUpPolicy = NetscapeStepUpPolicy::AlwaysMatch; + break; + } + + CertVerifier::OcspDownloadConfig odc; + CertVerifier::OcspStrictConfig osc; + CertVerifier::OcspGetConfig ogc; + uint32_t certShortLifetimeInDays; + + GetRevocationBehaviorFromPrefs(&odc, &osc, &ogc, &certShortLifetimeInDays, + lock); + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, + certShortLifetimeInDays, + pinningMode, sha1Mode, + nameMatchingMode, + netscapeStepUpPolicy, + ctMode); +} + +// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and +// TLS 1.2 (max) when the prefs aren't set or set to invalid values. +nsresult +nsNSSComponent::setEnabledTLSVersions() +{ + // keep these values in sync with security-prefs.js + // 1 means TLS 1.0, 2 means TLS 1.1, etc. + static const uint32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const uint32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + uint32_t minFromPrefs = Preferences::GetUint("security.tls.version.min", + PSM_DEFAULT_MIN_TLS_VERSION); + uint32_t maxFromPrefs = Preferences::GetUint("security.tls.version.max", + PSM_DEFAULT_MAX_TLS_VERSION); + + SSLVersionRange defaults = { + SSL_LIBRARY_VERSION_3_0 + PSM_DEFAULT_MIN_TLS_VERSION, + SSL_LIBRARY_VERSION_3_0 + PSM_DEFAULT_MAX_TLS_VERSION + }; + SSLVersionRange filledInRange; + FillTLSVersionRange(filledInRange, minFromPrefs, maxFromPrefs, defaults); + + SECStatus srv = + SSL_VersionRangeSetDefault(ssl_variant_stream, &filledInRange); + if (srv != SECSuccess) { + return NS_ERROR_FAILURE; + } + + return NS_OK; +} + +static nsresult +GetNSSProfilePath(nsAutoCString& aProfilePath) +{ + aProfilePath.Truncate(); + const char* dbDirOverride = getenv("MOZPSM_NSSDBDIR_OVERRIDE"); + if (dbDirOverride && strlen(dbDirOverride) > 0) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("Using specified MOZPSM_NSSDBDIR_OVERRIDE as NSS DB dir: %s\n", + dbDirOverride)); + aProfilePath.Assign(dbDirOverride); + return NS_OK; + } + + nsCOMPtr profileFile; + nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR, + getter_AddRefs(profileFile)); + if (NS_FAILED(rv)) { + NS_WARNING("NSS will be initialized without a profile directory. " + "Some things may not work as expected."); + return NS_OK; + } + +#if defined(XP_WIN) + // Native path will drop Unicode characters that cannot be mapped to system's + // codepage, using short (canonical) path as workaround. + nsCOMPtr profileFileWin(do_QueryInterface(profileFile)); + if (!profileFileWin) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, + ("Could not get nsILocalFileWin for profile directory.\n")); + return NS_ERROR_FAILURE; + } + rv = profileFileWin->GetNativeCanonicalPath(aProfilePath); +#else + rv = profileFile->GetNativePath(aProfilePath); +#endif +#ifdef ANDROID + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); +#endif + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, + ("Could not get native path for profile directory.\n")); + return rv; + } + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("NSS profile at '%s'\n", aProfilePath.get())); + return NS_OK; +} + +nsresult +nsNSSComponent::InitializeNSS() +{ + // Can be called both during init and profile change. + // Needs mutex protection. + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::InitializeNSS\n")); + + static_assert(nsINSSErrorsService::NSS_SEC_ERROR_BASE == SEC_ERROR_BASE && + nsINSSErrorsService::NSS_SEC_ERROR_LIMIT == SEC_ERROR_LIMIT && + nsINSSErrorsService::NSS_SSL_ERROR_BASE == SSL_ERROR_BASE && + nsINSSErrorsService::NSS_SSL_ERROR_LIMIT == SSL_ERROR_LIMIT, + "You must update the values in nsINSSErrorsService.idl"); + + MutexAutoLock lock(mutex); + +#ifdef ANDROID + MOZ_RELEASE_ASSERT(!mNSSInitialized); +#endif + if (mNSSInitialized) { + // We should never try to initialize NSS more than once in a process. + MOZ_ASSERT_UNREACHABLE("Trying to initialize NSS twice"); + return NS_ERROR_FAILURE; + } + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization beginning\n")); + + // The call to ConfigureInternalPKCS11Token needs to be done before NSS is initialized, + // but affects only static data. + // If we could assume i18n will not change between profiles, one call per application + // run were sufficient. As I can't predict what happens in the future, let's repeat + // this call for every re-init of NSS. + + ConfigureInternalPKCS11Token(); + + nsAutoCString profileStr; + nsresult rv = GetNSSProfilePath(profileStr); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); +#endif + if (NS_FAILED(rv)) { + return NS_ERROR_NOT_AVAILABLE; + } + + SECStatus init_rv = SECFailure; + bool nocertdb = Preferences::GetBool("security.nocertdb", false); + bool inSafeMode = true; + nsCOMPtr runtime(do_GetService("@mozilla.org/xre/runtime;1")); + // There might not be an nsIXULRuntime in embedded situations. This will + // default to assuming we are in safe mode (as a result, no external PKCS11 + // modules will be loaded). + if (runtime) { + rv = runtime->GetInSafeMode(&inSafeMode); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); +#endif + if (NS_FAILED(rv)) { + return rv; + } + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("inSafeMode: %u\n", inSafeMode)); + + if (!nocertdb && !profileStr.IsEmpty()) { + // First try to initialize the NSS DB in read/write mode. + // Only load PKCS11 modules if we're not in safe mode. + init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode); + // If that fails, attempt read-only mode. + if (init_rv != SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get())); + init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true, !inSafeMode); + } + if (init_rv != SECSuccess) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n")); + } + } + // If we haven't succeeded in initializing the DB in our profile + // directory or we don't have a profile at all, or the "security.nocertdb" + // pref has been set to "true", attempt to initialize with no DB. + if (nocertdb || init_rv != SECSuccess) { + init_rv = NSS_NoDB_Init(nullptr); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(init_rv == SECSuccess); +#endif + } + if (init_rv != SECSuccess) { +#ifdef ANDROID + MOZ_RELEASE_ASSERT(false); +#endif + MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("could not initialize NSS - panicking\n")); + return NS_ERROR_NOT_AVAILABLE; + } + + // ensure we have an initial value for the content signer root + mContentSigningRootHash = + Preferences::GetString("security.content.signature.root_hash"); + + mNSSInitialized = true; + + PK11_SetPasswordFunc(PK11PasswordPrompt); + + SharedSSLState::GlobalInit(); + + // Register an observer so we can inform NSS when these prefs change + Preferences::AddStrongObserver(this, "security."); + + SSL_OptionSetDefault(SSL_ENABLE_SSL2, false); + SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false); + + rv = setEnabledTLSVersions(); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); +#endif + if (NS_FAILED(rv)) { + return NS_ERROR_UNEXPECTED; + } + + DisableMD5(); + LoadLoadableRoots(); + + rv = LoadExtendedValidationInfo(); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); +#endif + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("failed to load EV info")); + return rv; + } + + MaybeEnableFamilySafetyCompatibility(); + MaybeImportEnterpriseRoots(); + + ConfigureTLSSessionIdentifiers(); + + bool requireSafeNegotiation = + Preferences::GetBool("security.ssl.require_safe_negotiation", + REQUIRE_SAFE_NEGOTIATION_DEFAULT); + SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation); + + SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_REQUIRES_XTN); + + SSL_OptionSetDefault(SSL_ENABLE_EXTENDED_MASTER_SECRET, true); + + SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, + Preferences::GetBool("security.ssl.enable_false_start", + FALSE_START_ENABLED_DEFAULT)); + + // SSL_ENABLE_NPN and SSL_ENABLE_ALPN also require calling + // SSL_SetNextProtoNego in order for the extensions to be negotiated. + // WebRTC does not do that so it will not use NPN or ALPN even when these + // preferences are true. + SSL_OptionSetDefault(SSL_ENABLE_NPN, + Preferences::GetBool("security.ssl.enable_npn", + NPN_ENABLED_DEFAULT)); + SSL_OptionSetDefault(SSL_ENABLE_ALPN, + Preferences::GetBool("security.ssl.enable_alpn", + ALPN_ENABLED_DEFAULT)); + + SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA, + Preferences::GetBool("security.tls.enable_0rtt_data", + ENABLED_0RTT_DATA_DEFAULT)); + + if (NS_FAILED(InitializeCipherSuite())) { +#ifdef ANDROID + MOZ_RELEASE_ASSERT(false); +#endif + MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to initialize cipher suite settings\n")); + return NS_ERROR_FAILURE; + } + + // TLSServerSocket may be run with the session cache enabled. It is necessary + // to call this once before that can happen. This specifies a maximum of 1000 + // cache entries (the default number of cache entries is 10000, which seems a + // little excessive as there probably won't be that many clients connecting to + // any TLSServerSockets the browser runs.) + // Note that this must occur before any calls to SSL_ClearSessionCache + // (otherwise memory will leak). + if (SSL_ConfigServerSessionIDCache(1000, 0, 0, nullptr) != SECSuccess) { +#ifdef ANDROID + MOZ_RELEASE_ASSERT(false); +#endif + return NS_ERROR_FAILURE; + } + + // ensure the CertBlocklist is initialised + nsCOMPtr certList = do_GetService(NS_CERTBLOCKLIST_CONTRACTID); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(certList); +#endif + if (!certList) { + return NS_ERROR_FAILURE; + } + + // dynamic options from prefs + setValidationOptions(true, lock); + +#ifndef MOZ_NO_SMART_CARDS + LaunchSmartCardThreads(); +#endif + + mozilla::pkix::RegisterErrorTable(); + + // Initialize the site security service + nsCOMPtr sssService = + do_GetService(NS_SSSERVICE_CONTRACTID); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(sssService); +#endif + if (!sssService) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Cannot initialize site security service\n")); + return NS_ERROR_FAILURE; + } + + // Initialize the cert override service + nsCOMPtr coService = + do_GetService(NS_CERTOVERRIDE_CONTRACTID); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(coService); +#endif + if (!coService) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Cannot initialize cert override service\n")); + return NS_ERROR_FAILURE; + } + + if (PK11_IsFIPS()) { + Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true); + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization done\n")); + return NS_OK; +} + +void +nsNSSComponent::ShutdownNSS() +{ + // Can be called both during init and profile change, + // needs mutex protection. + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::ShutdownNSS\n")); + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + + MutexAutoLock lock(mutex); + + if (mNSSInitialized) { + mNSSInitialized = false; + + PK11_SetPasswordFunc((PK11PasswordFunc)nullptr); + + Preferences::RemoveObserver(this, "security."); + +#ifdef XP_WIN + mFamilySafetyRoot = nullptr; + mEnterpriseRoots = nullptr; +#endif + +#ifndef MOZ_NO_SMART_CARDS + ShutdownSmartCardThreads(); +#endif + SSL_ClearSessionCache(); + // TLSServerSocket may be run with the session cache enabled. This ensures + // those resources are cleaned up. + Unused << SSL_ShutdownServerSessionIDCache(); + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("evaporating psm resources")); + if (NS_FAILED(nsNSSShutDownList::evaporateAllNSSResources())) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("failed to evaporate resources")); + return; + } + UnloadLoadableRoots(); + EnsureNSSInitialized(nssShutdown); + if (SECSuccess != ::NSS_Shutdown()) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("NSS SHUTDOWN FAILURE")); + } else { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS shutdown =====>> OK <<=====")); + } + } +} + +nsresult +nsNSSComponent::Init() +{ + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + if (!NS_IsMainThread()) { + return NS_ERROR_NOT_SAME_THREAD; + } + + nsresult rv = NS_OK; + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n")); + + rv = InitializePIPNSSBundle(); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); +#endif + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to create pipnss bundle.\n")); + return rv; + } + + // Access our string bundles now, this prevents assertions from I/O + // - nsStandardURL not thread-safe + // - wrong thread: 'NS_IsMainThread()' in nsIOService.cpp + // when loading error strings on the SSL threads. + { + NS_NAMED_LITERAL_STRING(dummy_name, "dummy"); + nsXPIDLString result; + mPIPNSSBundle->GetStringFromName(dummy_name.get(), + getter_Copies(result)); + mNSSErrorsBundle->GetStringFromName(dummy_name.get(), + getter_Copies(result)); + } + + + rv = InitializeNSS(); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); +#endif + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, + ("nsNSSComponent::InitializeNSS() failed\n")); + return rv; + } + + RememberCertErrorsTable::Init(); + + return RegisterObservers(); +} + +// nsISupports Implementation for the class +NS_IMPL_ISUPPORTS(nsNSSComponent, + nsINSSComponent, + nsIObserver) + +static const char* const PROFILE_BEFORE_CHANGE_TOPIC = "profile-before-change"; + +NS_IMETHODIMP +nsNSSComponent::Observe(nsISupports* aSubject, const char* aTopic, + const char16_t* someData) +{ + if (nsCRT::strcmp(aTopic, PROFILE_BEFORE_CHANGE_TOPIC) == 0) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("receiving profile change topic\n")); + DoProfileBeforeChange(); + } else if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { + nsNSSShutDownPreventionLock locker; + bool clearSessionCache = true; + NS_ConvertUTF16toUTF8 prefName(someData); + + if (prefName.EqualsLiteral("security.tls.version.min") || + prefName.EqualsLiteral("security.tls.version.max")) { + (void) setEnabledTLSVersions(); + } else if (prefName.EqualsLiteral("security.ssl.require_safe_negotiation")) { + bool requireSafeNegotiation = + Preferences::GetBool("security.ssl.require_safe_negotiation", + REQUIRE_SAFE_NEGOTIATION_DEFAULT); + SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation); + } else if (prefName.EqualsLiteral("security.ssl.enable_false_start")) { + SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, + Preferences::GetBool("security.ssl.enable_false_start", + FALSE_START_ENABLED_DEFAULT)); + } else if (prefName.EqualsLiteral("security.ssl.enable_npn")) { + SSL_OptionSetDefault(SSL_ENABLE_NPN, + Preferences::GetBool("security.ssl.enable_npn", + NPN_ENABLED_DEFAULT)); + } else if (prefName.EqualsLiteral("security.ssl.enable_alpn")) { + SSL_OptionSetDefault(SSL_ENABLE_ALPN, + Preferences::GetBool("security.ssl.enable_alpn", + ALPN_ENABLED_DEFAULT)); + } else if (prefName.EqualsLiteral("security.tls.enable_0rtt_data")) { + SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA, + Preferences::GetBool("security.tls.enable_0rtt_data", + ENABLED_0RTT_DATA_DEFAULT)); + } else if (prefName.Equals("security.ssl.disable_session_identifiers")) { + ConfigureTLSSessionIdentifiers(); + } else if (prefName.EqualsLiteral("security.OCSP.enabled") || + prefName.EqualsLiteral("security.OCSP.require") || + prefName.EqualsLiteral("security.OCSP.GET.enabled") || + prefName.EqualsLiteral("security.pki.cert_short_lifetime_in_days") || + prefName.EqualsLiteral("security.ssl.enable_ocsp_stapling") || + prefName.EqualsLiteral("security.ssl.enable_ocsp_must_staple") || + prefName.EqualsLiteral("security.pki.certificate_transparency.mode") || + prefName.EqualsLiteral("security.cert_pinning.enforcement_level") || + prefName.EqualsLiteral("security.pki.sha1_enforcement_level") || + prefName.EqualsLiteral("security.pki.name_matching_mode") || + prefName.EqualsLiteral("security.pki.netscape_step_up_policy")) { + MutexAutoLock lock(mutex); + setValidationOptions(false, lock); +#ifdef DEBUG + } else if (prefName.EqualsLiteral("security.test.built_in_root_hash")) { + MutexAutoLock lock(mutex); + mTestBuiltInRootHash = Preferences::GetString("security.test.built_in_root_hash"); +#endif // DEBUG + } else if (prefName.Equals(kFamilySafetyModePref)) { + MaybeEnableFamilySafetyCompatibility(); + } else if (prefName.EqualsLiteral("security.content.signature.root_hash")) { + MutexAutoLock lock(mutex); + mContentSigningRootHash = + Preferences::GetString("security.content.signature.root_hash"); + } else if (prefName.Equals(kEnterpriseRootModePref)) { + MaybeImportEnterpriseRoots(); + } else { + clearSessionCache = false; + } + if (clearSessionCache) + SSL_ClearSessionCache(); + } + + return NS_OK; +} + +/*static*/ nsresult +nsNSSComponent::GetNewPrompter(nsIPrompt** result) +{ + NS_ENSURE_ARG_POINTER(result); + *result = nullptr; + + if (!NS_IsMainThread()) { + NS_ERROR("nsSDRContext::GetNewPrompter called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + nsresult rv; + nsCOMPtr wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv)); + NS_ENSURE_SUCCESS(rv, rv); + + rv = wwatch->GetNewPrompter(0, result); + NS_ENSURE_SUCCESS(rv, rv); + + return rv; +} + +/*static*/ nsresult +nsNSSComponent::ShowAlertWithConstructedString(const nsString& message) +{ + nsCOMPtr prompter; + nsresult rv = GetNewPrompter(getter_AddRefs(prompter)); + if (prompter) { + rv = prompter->Alert(nullptr, message.get()); + } + return rv; +} + +NS_IMETHODIMP +nsNSSComponent::ShowAlertFromStringBundle(const char* messageID) +{ + nsString message; + nsresult rv; + + rv = GetPIPNSSBundleString(messageID, message); + if (NS_FAILED(rv)) { + NS_ERROR("GetPIPNSSBundleString failed"); + return rv; + } + + return ShowAlertWithConstructedString(message); +} + +nsresult nsNSSComponent::LogoutAuthenticatedPK11() +{ + nsCOMPtr icos = + do_GetService("@mozilla.org/security/certoverride;1"); + if (icos) { + icos->ClearValidityOverride( + NS_LITERAL_CSTRING("all:temporary-certificates"), + 0); + } + + nsClientAuthRememberService::ClearAllRememberedDecisions(); + + return nsNSSShutDownList::doPK11Logout(); +} + +nsresult +nsNSSComponent::RegisterObservers() +{ + // Happens once during init only, no mutex protection. + + nsCOMPtr observerService( + do_GetService("@mozilla.org/observer-service;1")); +#ifdef ANDROID + MOZ_RELEASE_ASSERT(observerService); +#endif + if (!observerService) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("nsNSSComponent: couldn't get observer service\n")); + return NS_ERROR_FAILURE; + } + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent: adding observers\n")); + // Using false for the ownsweak parameter means the observer service will + // keep a strong reference to this component. As a result, this will live at + // least as long as the observer service. + observerService->AddObserver(this, PROFILE_BEFORE_CHANGE_TOPIC, false); + + return NS_OK; +} + +void +nsNSSComponent::DoProfileBeforeChange() +{ + bool needsCleanup = true; + + { + MutexAutoLock lock(mutex); + + if (!mNSSInitialized) { + // Make sure we don't try to cleanup if we have already done so. + // This makes sure we behave safely, in case we are notified + // multiple times. + needsCleanup = false; + } + } + + if (needsCleanup) { + ShutdownNSS(); + } +} + +NS_IMETHODIMP +nsNSSComponent::IsNSSInitialized(bool* initialized) +{ + MutexAutoLock lock(mutex); + *initialized = mNSSInitialized; + return NS_OK; +} + +#ifdef DEBUG +NS_IMETHODIMP +nsNSSComponent::IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) +{ + MutexAutoLock lock(mutex); + MOZ_ASSERT(mNSSInitialized); + + result = false; + + if (mTestBuiltInRootHash.IsEmpty()) { + return NS_OK; + } + + RefPtr nsc = nsNSSCertificate::Create(cert); + if (!nsc) { + return NS_ERROR_FAILURE; + } + nsAutoString certHash; + nsresult rv = nsc->GetSha256Fingerprint(certHash); + if (NS_FAILED(rv)) { + return rv; + } + + result = mTestBuiltInRootHash.Equals(certHash); + return NS_OK; +} +#endif // DEBUG + +NS_IMETHODIMP +nsNSSComponent::IsCertContentSigningRoot(CERTCertificate* cert, bool& result) +{ + MutexAutoLock lock(mutex); + MOZ_ASSERT(mNSSInitialized); + + result = false; + + if (mContentSigningRootHash.IsEmpty()) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("mContentSigningRootHash is empty")); + return NS_ERROR_FAILURE; + } + + RefPtr nsc = nsNSSCertificate::Create(cert); + if (!nsc) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("creating nsNSSCertificate failed")); + return NS_ERROR_FAILURE; + } + nsAutoString certHash; + nsresult rv = nsc->GetSha256Fingerprint(certHash); + if (NS_FAILED(rv)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("getting cert fingerprint failed")); + return rv; + } + + result = mContentSigningRootHash.Equals(certHash); + return NS_OK; +} + +SharedCertVerifier::~SharedCertVerifier() { } + +already_AddRefed +nsNSSComponent::GetDefaultCertVerifier() +{ + MutexAutoLock lock(mutex); + MOZ_ASSERT(mNSSInitialized); + RefPtr certVerifier(mDefaultCertVerifier); + return certVerifier.forget(); +} + +namespace mozilla { namespace psm { + +already_AddRefed +GetDefaultCertVerifier() +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID)); + if (nssComponent) { + return nssComponent->GetDefaultCertVerifier(); + } + + return nullptr; +} + +} } // namespace mozilla::psm + +NS_IMPL_ISUPPORTS(PipUIContext, nsIInterfaceRequestor) + +PipUIContext::PipUIContext() +{ +} + +PipUIContext::~PipUIContext() +{ +} + +NS_IMETHODIMP +PipUIContext::GetInterface(const nsIID& uuid, void** result) +{ + NS_ENSURE_ARG_POINTER(result); + *result = nullptr; + + if (!NS_IsMainThread()) { + NS_ERROR("PipUIContext::GetInterface called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + if (!uuid.Equals(NS_GET_IID(nsIPrompt))) + return NS_ERROR_NO_INTERFACE; + + nsIPrompt* prompt = nullptr; + nsresult rv = nsNSSComponent::GetNewPrompter(&prompt); + *result = prompt; + return rv; +} + +nsresult +getNSSDialogs(void** _result, REFNSIID aIID, const char* contract) +{ + if (!NS_IsMainThread()) { + NS_ERROR("getNSSDialogs called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + nsresult rv; + + nsCOMPtr svc = do_GetService(contract, &rv); + if (NS_FAILED(rv)) { + return rv; + } + + rv = svc->QueryInterface(aIID, _result); + + return rv; +} + +nsresult +setPassword(PK11SlotInfo* slot, nsIInterfaceRequestor* ctx, + nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + MOZ_ASSERT(slot); + MOZ_ASSERT(ctx); + NS_ENSURE_ARG_POINTER(slot); + NS_ENSURE_ARG_POINTER(ctx); + + if (PK11_NeedUserInit(slot)) { + nsCOMPtr dialogs; + nsresult rv = getNSSDialogs(getter_AddRefs(dialogs), + NS_GET_IID(nsITokenPasswordDialogs), + NS_TOKENPASSWORDSDIALOG_CONTRACTID); + if (NS_FAILED(rv)) { + return rv; + } + + bool canceled; + NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(slot)); + rv = dialogs->SetPassword(ctx, tokenName.get(), &canceled); + if (NS_FAILED(rv)) { + return rv; + } + + if (canceled) { + return NS_ERROR_NOT_AVAILABLE; + } + } + + return NS_OK; +} + +namespace mozilla { +namespace psm { + +nsresult +InitializeCipherSuite() +{ + NS_ASSERTION(NS_IsMainThread(), "InitializeCipherSuite() can only be accessed in main thread"); + + if (NSS_SetDomesticPolicy() != SECSuccess) { +#ifdef ANDROID + MOZ_RELEASE_ASSERT(false); +#endif + return NS_ERROR_FAILURE; + } + + // Disable any ciphers that NSS might have enabled by default + for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) { + uint16_t cipher_id = SSL_ImplementedCiphers[i]; + SSL_CipherPrefSetDefault(cipher_id, false); + } + + // Now only set SSL/TLS ciphers we knew about at compile time + uint32_t enabledWeakCiphers = 0; + const CipherPref* const cp = sCipherPrefs; + for (size_t i = 0; cp[i].pref; ++i) { + bool cipherEnabled = Preferences::GetBool(cp[i].pref, + cp[i].enabledByDefault); + if (cp[i].weak) { + // Weak ciphers are not used by default. See the comment + // in CipherSuiteChangeObserver::Observe for details. + if (cipherEnabled) { + enabledWeakCiphers |= ((uint32_t)1 << i); + } + } else { + SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled); + } + } + sEnabledWeakCiphers = enabledWeakCiphers; + + // Enable ciphers for PKCS#12 + SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1); + SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1); + SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1); + SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1); + SEC_PKCS12EnableCipher(PKCS12_DES_56, 1); + SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1); + SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1); + PORT_SetUCS2_ASCIIConversionFunction(pip_ucs2_ascii_conversion_fn); + + // PSM enforces a minimum RSA key size of 1024 bits, which is overridable. + // NSS has its own minimum, which is not overridable (the default is 1023 + // bits). This sets the NSS minimum to 512 bits so users can still connect to + // devices like wifi routers with woefully small keys (they would have to add + // an override to do so, but they already do for such devices). + NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 512); + + // Observe preference change around cipher suite setting. + return CipherSuiteChangeObserver::StartObserve(); +} + +} // namespace psm +} // namespace mozilla diff --git a/security/manager/ssl/nsNSSComponent.h b/security/manager/ssl/nsNSSComponent.h new file mode 100644 index 000000000..e510dd10f --- /dev/null +++ b/security/manager/ssl/nsNSSComponent.h @@ -0,0 +1,234 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _nsNSSComponent_h_ +#define _nsNSSComponent_h_ + +#include "ScopedNSSTypes.h" +#include "SharedCertVerifier.h" +#include "mozilla/Mutex.h" +#include "mozilla/RefPtr.h" +#include "nsCOMPtr.h" +#include "nsIObserver.h" +#include "nsIStringBundle.h" +#include "nsNSSCallbacks.h" +#include "prerror.h" +#include "sslt.h" + +#ifdef XP_WIN +#include "windows.h" // this needs to be before the following includes +#include "wincrypt.h" +#endif // XP_WIN + +class nsIDOMWindow; +class nsIPrompt; +class nsIX509CertList; +class SmartCardThreadList; + +namespace mozilla { namespace psm { + +MOZ_MUST_USE + ::already_AddRefed + GetDefaultCertVerifier(); + +} } // namespace mozilla::psm + + +#define NS_NSSCOMPONENT_CID \ +{0x4cb64dfd, 0xca98, 0x4e24, {0xbe, 0xfd, 0x0d, 0x92, 0x85, 0xa3, 0x3b, 0xcb}} + +#define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1" + +#define NS_INSSCOMPONENT_IID \ + { 0xa0a8f52b, 0xea18, 0x4abc, \ + { 0xa3, 0xca, 0xec, 0xcf, 0x70, 0x4f, 0xfe, 0x63 } } + +enum EnsureNSSOperator +{ + nssLoadingComponent = 0, + nssInitSucceeded = 1, + nssInitFailed = 2, + nssShutdown = 3, + nssEnsure = 100, + nssEnsureOnChromeOnly = 101, + nssEnsureChromeOrContent = 102, +}; + +extern bool EnsureNSSInitializedChromeOrContent(); + +extern bool EnsureNSSInitialized(EnsureNSSOperator op); + +class NS_NO_VTABLE nsINSSComponent : public nsISupports +{ +public: + NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID) + + NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) = 0; + + NS_IMETHOD GetPIPNSSBundleString(const char* name, + nsAString& outString) = 0; + NS_IMETHOD PIPBundleFormatStringFromName(const char* name, + const char16_t** params, + uint32_t numParams, + nsAString& outString) = 0; + + NS_IMETHOD GetNSSBundleString(const char* name, + nsAString& outString) = 0; + + NS_IMETHOD LogoutAuthenticatedPK11() = 0; + +#ifndef MOZ_NO_SMART_CARDS + NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) = 0; + + NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) = 0; +#endif + + NS_IMETHOD IsNSSInitialized(bool* initialized) = 0; + +#ifdef DEBUG + NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) = 0; +#endif + + NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) = 0; + +#ifdef XP_WIN + NS_IMETHOD GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) = 0; +#endif + + virtual ::already_AddRefed + GetDefaultCertVerifier() = 0; +}; + +NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID) + +class nsNSSShutDownList; + +// Implementation of the PSM component interface. +class nsNSSComponent final : public nsINSSComponent + , public nsIObserver +{ +public: + NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID ) + + nsNSSComponent(); + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIOBSERVER + + nsresult Init(); + + static nsresult GetNewPrompter(nsIPrompt** result); + static nsresult ShowAlertWithConstructedString(const nsString& message); + NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) override; + + NS_IMETHOD GetPIPNSSBundleString(const char* name, + nsAString& outString) override; + NS_IMETHOD PIPBundleFormatStringFromName(const char* name, + const char16_t** params, + uint32_t numParams, + nsAString& outString) override; + NS_IMETHOD GetNSSBundleString(const char* name, nsAString& outString) override; + NS_IMETHOD LogoutAuthenticatedPK11() override; + +#ifndef MOZ_NO_SMART_CARDS + NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) override; + NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) override; + void LaunchSmartCardThreads(); + void ShutdownSmartCardThreads(); + nsresult DispatchEventToWindow(nsIDOMWindow* domWin, + const nsAString& eventType, + const nsAString& token); +#endif + + NS_IMETHOD IsNSSInitialized(bool* initialized) override; + +#ifdef DEBUG + NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) override; +#endif + + NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) override; + +#ifdef XP_WIN + NS_IMETHOD GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) override; +#endif + + ::already_AddRefed + GetDefaultCertVerifier() override; + + // The following two methods are thread-safe. + static bool AreAnyWeakCiphersEnabled(); + static void UseWeakCiphersOnSocket(PRFileDesc* fd); + + static void FillTLSVersionRange(SSLVersionRange& rangeOut, + uint32_t minFromPrefs, + uint32_t maxFromPrefs, + SSLVersionRange defaults); + +protected: + virtual ~nsNSSComponent(); + +private: + nsresult InitializeNSS(); + void ShutdownNSS(); + + void LoadLoadableRoots(); + void UnloadLoadableRoots(); + void setValidationOptions(bool isInitialSetting, + const mozilla::MutexAutoLock& lock); + nsresult setEnabledTLSVersions(); + nsresult InitializePIPNSSBundle(); + nsresult ConfigureInternalPKCS11Token(); + nsresult RegisterObservers(); + + void DoProfileBeforeChange(); + + void MaybeEnableFamilySafetyCompatibility(); + void MaybeImportEnterpriseRoots(); +#ifdef XP_WIN + void ImportEnterpriseRootsForLocation(DWORD locationFlag); + nsresult MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate, + bool& wasFamilySafetyRoot); + nsresult LoadFamilySafetyRoot(); + void UnloadFamilySafetyRoot(); + + void UnloadEnterpriseRoots(); + + mozilla::UniqueCERTCertificate mFamilySafetyRoot; + mozilla::UniqueCERTCertList mEnterpriseRoots; +#endif // XP_WIN + + mozilla::Mutex mutex; + + nsCOMPtr mPIPNSSBundle; + nsCOMPtr mNSSErrorsBundle; + bool mNSSInitialized; + static int mInstanceCount; +#ifndef MOZ_NO_SMART_CARDS + SmartCardThreadList* mThreadList; +#endif + +#ifdef DEBUG + nsString mTestBuiltInRootHash; +#endif + nsString mContentSigningRootHash; + + nsNSSHttpInterface mHttpForNSS; + RefPtr mDefaultCertVerifier; + + static PRStatus IdentityInfoInit(void); +}; + +class nsNSSErrors +{ +public: + static const char* getDefaultErrorStringName(PRErrorCode err); + static const char* getOverrideErrorStringName(PRErrorCode aErrorCode); + static nsresult getErrorMessageFromCode(PRErrorCode err, + nsINSSComponent* component, + nsString& returnedMessage); +}; + +#endif // _nsNSSComponent_h_ diff --git a/security/manager/ssl/nsNSSErrors.cpp b/security/manager/ssl/nsNSSErrors.cpp new file mode 100644 index 000000000..fc8bd3e31 --- /dev/null +++ b/security/manager/ssl/nsNSSErrors.cpp @@ -0,0 +1,103 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSComponent.h" +#include "secerr.h" +#include "sslerr.h" + +const char * +nsNSSErrors::getDefaultErrorStringName(PRErrorCode err) +{ + return PR_ErrorToName(err); +} + +const char * +nsNSSErrors::getOverrideErrorStringName(PRErrorCode aErrorCode) +{ + const char *id_str = nullptr; + + switch (aErrorCode) { + case SSL_ERROR_SSL_DISABLED: + id_str = "PSMERR_SSL_Disabled"; + break; + + case SSL_ERROR_SSL2_DISABLED: + id_str = "PSMERR_SSL2_Disabled"; + break; + + case SEC_ERROR_REUSED_ISSUER_AND_SERIAL: + id_str = "PSMERR_HostReusedIssuerSerial"; + break; + } + + return id_str; +} + +nsresult +nsNSSErrors::getErrorMessageFromCode(PRErrorCode err, + nsINSSComponent *component, + nsString &returnedMessage) +{ + NS_ENSURE_ARG_POINTER(component); + returnedMessage.Truncate(); + + const char *nss_error_id_str = getDefaultErrorStringName(err); + const char *id_str = getOverrideErrorStringName(err); + + if (id_str || nss_error_id_str) + { + nsString defMsg; + nsresult rv; + if (id_str) + { + rv = component->GetPIPNSSBundleString(id_str, defMsg); + } + else + { + rv = component->GetNSSBundleString(nss_error_id_str, defMsg); + } + + if (NS_SUCCEEDED(rv)) + { + returnedMessage.Append(defMsg); + returnedMessage.Append('\n'); + } + } + + if (returnedMessage.IsEmpty()) + { + // no localized string available, use NSS' internal + returnedMessage.AppendASCII(PR_ErrorToString(err, PR_LANGUAGE_EN)); + returnedMessage.Append('\n'); + } + + if (nss_error_id_str) + { + nsresult rv; + nsCString error_id(nss_error_id_str); + NS_ConvertASCIItoUTF16 idU(error_id); + + const char16_t *params[1]; + params[0] = idU.get(); + + nsString formattedString; + rv = component->PIPBundleFormatStringFromName("certErrorCodePrefix2", + params, 1, + formattedString); + if (NS_SUCCEEDED(rv)) { + returnedMessage.Append('\n'); + returnedMessage.Append(formattedString); + returnedMessage.Append('\n'); + } + else { + returnedMessage.Append('('); + returnedMessage.Append(idU); + returnedMessage.Append(')'); + } + } + + return NS_OK; +} diff --git a/security/manager/ssl/nsNSSHelper.h b/security/manager/ssl/nsNSSHelper.h new file mode 100644 index 000000000..005076099 --- /dev/null +++ b/security/manager/ssl/nsNSSHelper.h @@ -0,0 +1,58 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef NSS_HELPER_ +#define NSS_HELPER_ + +#include "nsIInterfaceRequestor.h" +#include "nsIInterfaceRequestorUtils.h" +#include "nsNSSShutDown.h" +#include "pk11func.h" + +// +// Implementation of an nsIInterfaceRequestor for use +// as context for NSS calls +// +class PipUIContext : public nsIInterfaceRequestor +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIINTERFACEREQUESTOR + + PipUIContext(); + +protected: + virtual ~PipUIContext(); +}; + +// +// Function to get the implementor for a certain set of NSS +// specific dialogs. +// + +nsresult +getNSSDialogs(void **_result, REFNSIID aIID, const char *contract); + +extern "C" { +// a "fake" unicode conversion function +PRBool +pip_ucs2_ascii_conversion_fn(PRBool toUnicode, + unsigned char *inBuf, + unsigned int inBufLen, + unsigned char *outBuf, + unsigned int maxOutBufLen, + unsigned int *outBufLen, + PRBool swapBytes); +} + +// +// A function that sets the password on an unitialized slot. +// +nsresult +setPassword(PK11SlotInfo* slot, nsIInterfaceRequestor* ctx, + nsNSSShutDownPreventionLock& /*proofOfLock*/); + +#endif diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp new file mode 100644 index 000000000..8be215308 --- /dev/null +++ b/security/manager/ssl/nsNSSIOLayer.cpp @@ -0,0 +1,2731 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSIOLayer.h" + +#include + +#include "NSSCertDBTrustDomain.h" +#include "NSSErrorsService.h" +#include "PSMRunnable.h" +#include "SSLServerCertVerification.h" +#include "ScopedNSSTypes.h" +#include "SharedSSLState.h" +#include "keyhi.h" +#include "mozilla/Casting.h" +#include "mozilla/DebugOnly.h" +#include "mozilla/Logging.h" +#include "mozilla/Move.h" +#include "mozilla/Preferences.h" +#include "mozilla/Telemetry.h" +#include "nsArray.h" +#include "nsArrayUtils.h" +#include "nsCharSeparatedTokenizer.h" +#include "nsClientAuthRemember.h" +#include "nsContentUtils.h" +#include "nsIClientAuthDialogs.h" +#include "nsIConsoleService.h" +#include "nsIPrefService.h" +#include "nsISocketProvider.h" +#include "nsIWebProgressListener.h" +#include "nsNSSCertHelper.h" +#include "nsNSSComponent.h" +#include "nsPrintfCString.h" +#include "nsServiceManagerUtils.h" +#include "pkix/pkixtypes.h" +#include "prmem.h" +#include "prnetdb.h" +#include "secder.h" +#include "secerr.h" +#include "ssl.h" +#include "sslerr.h" +#include "sslproto.h" + +using namespace mozilla; +using namespace mozilla::psm; + +//#define DEBUG_SSL_VERBOSE //Enable this define to get minimal + //reports when doing SSL read/write + +//#define DUMP_BUFFER //Enable this define along with + //DEBUG_SSL_VERBOSE to dump SSL + //read/write buffer to a log. + //Uses PR_LOG except on Mac where + //we always write out to our own + //file. + +namespace { + +#define MAX_ALPN_LENGTH 255 + +void +getSiteKey(const nsACString& hostName, uint16_t port, + /*out*/ nsCSubstring& key) +{ + key = hostName; + key.AppendASCII(":"); + key.AppendInt(port); +} + +// Historically, we have required that the server negotiate ALPN or NPN in +// order to false start, as a compatibility hack to work around +// implementations that just stop responding during false start. However, now +// false start is resricted to modern crypto (TLS 1.2 and AEAD cipher suites) +// so it is less likely that requring NPN or ALPN is still necessary. +static const bool FALSE_START_REQUIRE_NPN_DEFAULT = false; + +} // unnamed namespace + +extern LazyLogModule gPIPNSSLog; + +nsNSSSocketInfo::nsNSSSocketInfo(SharedSSLState& aState, uint32_t providerFlags) + : mFd(nullptr), + mCertVerificationState(before_cert_verification), + mSharedState(aState), + mForSTARTTLS(false), + mHandshakePending(true), + mRememberClientAuthCertificate(false), + mPreliminaryHandshakeDone(false), + mNPNCompleted(false), + mEarlyDataAccepted(false), + mFalseStartCallbackCalled(false), + mFalseStarted(false), + mIsFullHandshake(false), + mHandshakeCompleted(false), + mJoined(false), + mSentClientCert(false), + mNotedTimeUntilReady(false), + mFailedVerification(false), + mKEAUsed(nsISSLSocketControl::KEY_EXCHANGE_UNKNOWN), + mKEAKeyBits(0), + mSSLVersionUsed(nsISSLSocketControl::SSL_VERSION_UNKNOWN), + mMACAlgorithmUsed(nsISSLSocketControl::SSL_MAC_UNKNOWN), + mBypassAuthentication(false), + mProviderFlags(providerFlags), + mSocketCreationTimestamp(TimeStamp::Now()), + mPlaintextBytesRead(0), + mClientCert(nullptr) +{ + mTLSVersionRange.min = 0; + mTLSVersionRange.max = 0; +} + +nsNSSSocketInfo::~nsNSSSocketInfo() +{ +} + +NS_IMPL_ISUPPORTS_INHERITED(nsNSSSocketInfo, TransportSecurityInfo, + nsISSLSocketControl, + nsIClientAuthUserDecision) + +NS_IMETHODIMP +nsNSSSocketInfo::GetProviderFlags(uint32_t* aProviderFlags) +{ + *aProviderFlags = mProviderFlags; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetKEAUsed(int16_t* aKea) +{ + *aKea = mKEAUsed; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetKEAKeyBits(uint32_t* aKeyBits) +{ + *aKeyBits = mKEAKeyBits; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetSSLVersionUsed(int16_t* aSSLVersionUsed) +{ + *aSSLVersionUsed = mSSLVersionUsed; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetSSLVersionOffered(int16_t* aSSLVersionOffered) +{ + *aSSLVersionOffered = mTLSVersionRange.max; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetMACAlgorithmUsed(int16_t* aMac) +{ + *aMac = mMACAlgorithmUsed; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetClientCert(nsIX509Cert** aClientCert) +{ + NS_ENSURE_ARG_POINTER(aClientCert); + *aClientCert = mClientCert; + NS_IF_ADDREF(*aClientCert); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::SetClientCert(nsIX509Cert* aClientCert) +{ + mClientCert = aClientCert; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetBypassAuthentication(bool* arg) +{ + *arg = mBypassAuthentication; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetFailedVerification(bool* arg) +{ + *arg = mFailedVerification; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetRememberClientAuthCertificate(bool* aRemember) +{ + NS_ENSURE_ARG_POINTER(aRemember); + *aRemember = mRememberClientAuthCertificate; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::SetRememberClientAuthCertificate(bool aRemember) +{ + mRememberClientAuthCertificate = aRemember; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetNotificationCallbacks(nsIInterfaceRequestor** aCallbacks) +{ + *aCallbacks = mCallbacks; + NS_IF_ADDREF(*aCallbacks); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::SetNotificationCallbacks(nsIInterfaceRequestor* aCallbacks) +{ + if (!aCallbacks) { + mCallbacks = nullptr; + return NS_OK; + } + + mCallbacks = aCallbacks; + + return NS_OK; +} + +void +nsNSSSocketInfo::NoteTimeUntilReady() +{ + if (mNotedTimeUntilReady) + return; + + mNotedTimeUntilReady = true; + + // This will include TCP and proxy tunnel wait time + Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY, + mSocketCreationTimestamp, TimeStamp::Now()); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] nsNSSSocketInfo::NoteTimeUntilReady\n", mFd)); +} + +void +nsNSSSocketInfo::SetHandshakeCompleted() +{ + if (!mHandshakeCompleted) { + enum HandshakeType { + Resumption = 1, + FalseStarted = 2, + ChoseNotToFalseStart = 3, + NotAllowedToFalseStart = 4, + }; + + HandshakeType handshakeType = !IsFullHandshake() ? Resumption + : mFalseStarted ? FalseStarted + : mFalseStartCallbackCalled ? ChoseNotToFalseStart + : NotAllowedToFalseStart; + + // This will include TCP and proxy tunnel wait time + Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_HANDSHAKE_FINISHED, + mSocketCreationTimestamp, TimeStamp::Now()); + + // If the handshake is completed for the first time from just 1 callback + // that means that TLS session resumption must have been used. + Telemetry::Accumulate(Telemetry::SSL_RESUMED_SESSION, + handshakeType == Resumption); + Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_TYPE, handshakeType); + } + + + // Remove the plain text layer as it is not needed anymore. + // The plain text layer is not always present - so its not a fatal error + // if it cannot be removed + PRFileDesc* poppedPlaintext = + PR_GetIdentitiesLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity); + if (poppedPlaintext) { + PR_PopIOLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity); + poppedPlaintext->dtor(poppedPlaintext); + } + + mHandshakeCompleted = true; + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] nsNSSSocketInfo::SetHandshakeCompleted\n", (void*) mFd)); + + mIsFullHandshake = false; // reset for next handshake on this connection +} + +void +nsNSSSocketInfo::SetNegotiatedNPN(const char* value, uint32_t length) +{ + if (!value) { + mNegotiatedNPN.Truncate(); + } else { + mNegotiatedNPN.Assign(value, length); + } + mNPNCompleted = true; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetNegotiatedNPN(nsACString& aNegotiatedNPN) +{ + if (!mNPNCompleted) + return NS_ERROR_NOT_CONNECTED; + + aNegotiatedNPN = mNegotiatedNPN; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetAlpnEarlySelection(nsACString& aAlpnSelected) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown() || isPK11LoggedOut()) { + return NS_ERROR_NOT_AVAILABLE; + } + SSLNextProtoState alpnState; + unsigned char chosenAlpn[MAX_ALPN_LENGTH]; + unsigned int chosenAlpnLen; + SECStatus rv = SSL_GetNextProto(mFd, &alpnState, chosenAlpn, &chosenAlpnLen, + AssertedCast(ArrayLength(chosenAlpn))); + + if (rv != SECSuccess || alpnState != SSL_NEXT_PROTO_EARLY_VALUE || + chosenAlpnLen == 0) { + return NS_ERROR_NOT_AVAILABLE; + } + + aAlpnSelected.Assign(BitwiseCast(chosenAlpn), + chosenAlpnLen); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::GetEarlyDataAccepted(bool* aAccepted) +{ + *aAccepted = mEarlyDataAccepted; + return NS_OK; +} + +void +nsNSSSocketInfo::SetEarlyDataAccepted(bool aAccepted) +{ + mEarlyDataAccepted = aAccepted; +} + +NS_IMETHODIMP +nsNSSSocketInfo::DriveHandshake() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown() || isPK11LoggedOut()) { + return NS_ERROR_NOT_AVAILABLE; + } + if (!mFd) { + return NS_ERROR_FAILURE; + } + PRErrorCode errorCode = GetErrorCode(); + if (errorCode) { + return GetXPCOMFromNSSError(errorCode); + } + + SECStatus rv = SSL_ForceHandshake(mFd); + + if (rv != SECSuccess) { + errorCode = PR_GetError(); + if (errorCode == PR_WOULD_BLOCK_ERROR) { + return NS_BASE_STREAM_WOULD_BLOCK; + } + + SetCanceled(errorCode, PlainErrorMessage); + return GetXPCOMFromNSSError(errorCode); + } + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::IsAcceptableForHost(const nsACString& hostname, bool* _retval) +{ + NS_ENSURE_ARG(_retval); + + *_retval = false; + + // If this is the same hostname then the certicate status does not + // need to be considered. They are joinable. + if (hostname.Equals(GetHostName())) { + *_retval = true; + return NS_OK; + } + + // Before checking the server certificate we need to make sure the + // handshake has completed. + if (!mHandshakeCompleted || !SSLStatus() || !SSLStatus()->HasServerCert()) { + return NS_OK; + } + + // If the cert has error bits (e.g. it is untrusted) then do not join. + // The value of mHaveCertErrorBits is only reliable because we know that + // the handshake completed. + if (SSLStatus()->mHaveCertErrorBits) + return NS_OK; + + // If the connection is using client certificates then do not join + // because the user decides on whether to send client certs to hosts on a + // per-domain basis. + if (mSentClientCert) + return NS_OK; + + // Ensure that the server certificate covers the hostname that would + // like to join this connection + + UniqueCERTCertificate nssCert; + + nsCOMPtr cert; + if (NS_FAILED(SSLStatus()->GetServerCert(getter_AddRefs(cert)))) { + return NS_OK; + } + if (cert) { + nssCert.reset(cert->GetCert()); + } + + if (!nssCert) { + return NS_OK; + } + + // Attempt to verify the joinee's certificate using the joining hostname. + // This ensures that any hostname-specific verification logic (e.g. key + // pinning) is satisfied by the joinee's certificate chain. + // This verification only uses local information; since we're on the network + // thread, we would be blocking on ourselves if we attempted any network i/o. + // TODO(bug 1056935): The certificate chain built by this verification may be + // different than the certificate chain originally built during the joined + // connection's TLS handshake. Consequently, we may report a wrong and/or + // misleading certificate chain for HTTP transactions coalesced onto this + // connection. This may become problematic in the future. For example, + // if/when we begin relying on intermediate certificates being stored in the + // securityInfo of a cached HTTPS response, that cached certificate chain may + // actually be the wrong chain. We should consider having JoinConnection + // return the certificate chain built here, so that the calling Necko code + // can associate the correct certificate chain with the HTTP transactions it + // is trying to join onto this connection. + RefPtr certVerifier(GetDefaultCertVerifier()); + if (!certVerifier) { + return NS_OK; + } + nsAutoCString hostnameFlat(PromiseFlatCString(hostname)); + CertVerifier::Flags flags = CertVerifier::FLAG_LOCAL_ONLY; + UniqueCERTCertList unusedBuiltChain; + mozilla::pkix::Result result = + certVerifier->VerifySSLServerCert(nssCert, + nullptr, // stapledOCSPResponse + nullptr, // sctsFromTLSExtension + mozilla::pkix::Now(), + nullptr, // pinarg + hostnameFlat.get(), + unusedBuiltChain, + false, // save intermediates + flags); + if (result != mozilla::pkix::Success) { + return NS_OK; + } + + // All tests pass + *_retval = true; + return NS_OK; +} + +NS_IMETHODIMP +nsNSSSocketInfo::JoinConnection(const nsACString& npnProtocol, + const nsACString& hostname, + int32_t port, + bool* _retval) +{ + *_retval = false; + + // Different ports may not be joined together + if (port != GetPort()) + return NS_OK; + + // Make sure NPN has been completed and matches requested npnProtocol + if (!mNPNCompleted || !mNegotiatedNPN.Equals(npnProtocol)) + return NS_OK; + + if (mBypassAuthentication) { + // An unauthenticated connection does not know whether or not it + // is acceptable for a particular hostname + return NS_OK; + } + + IsAcceptableForHost(hostname, _retval); + + if (*_retval) { + // All tests pass - this is joinable + mJoined = true; + } + return NS_OK; +} + +bool +nsNSSSocketInfo::GetForSTARTTLS() +{ + return mForSTARTTLS; +} + +void +nsNSSSocketInfo::SetForSTARTTLS(bool aForSTARTTLS) +{ + mForSTARTTLS = aForSTARTTLS; +} + +NS_IMETHODIMP +nsNSSSocketInfo::ProxyStartSSL() +{ + return ActivateSSL(); +} + +NS_IMETHODIMP +nsNSSSocketInfo::StartTLS() +{ + return ActivateSSL(); +} + +NS_IMETHODIMP +nsNSSSocketInfo::SetNPNList(nsTArray& protocolArray) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + if (!mFd) + return NS_ERROR_FAILURE; + + // the npn list is a concatenated list of 8 bit byte strings. + nsCString npnList; + + for (uint32_t index = 0; index < protocolArray.Length(); ++index) { + if (protocolArray[index].IsEmpty() || + protocolArray[index].Length() > 255) + return NS_ERROR_ILLEGAL_VALUE; + + npnList.Append(protocolArray[index].Length()); + npnList.Append(protocolArray[index]); + } + + if (SSL_SetNextProtoNego( + mFd, + BitwiseCast(npnList.get()), + npnList.Length()) != SECSuccess) + return NS_ERROR_FAILURE; + + return NS_OK; +} + +nsresult +nsNSSSocketInfo::ActivateSSL() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + if (SECSuccess != SSL_OptionSet(mFd, SSL_SECURITY, true)) + return NS_ERROR_FAILURE; + if (SECSuccess != SSL_ResetHandshake(mFd, false)) + return NS_ERROR_FAILURE; + + mHandshakePending = true; + + return NS_OK; +} + +nsresult +nsNSSSocketInfo::GetFileDescPtr(PRFileDesc** aFilePtr) +{ + *aFilePtr = mFd; + return NS_OK; +} + +nsresult +nsNSSSocketInfo::SetFileDescPtr(PRFileDesc* aFilePtr) +{ + mFd = aFilePtr; + return NS_OK; +} + +void +nsNSSSocketInfo::SetCertVerificationWaiting() +{ + // mCertVerificationState may be before_cert_verification for the first + // handshake on the connection, or after_cert_verification for subsequent + // renegotiation handshakes. + NS_ASSERTION(mCertVerificationState != waiting_for_cert_verification, + "Invalid state transition to waiting_for_cert_verification"); + mCertVerificationState = waiting_for_cert_verification; +} + +// Be careful that SetCertVerificationResult does NOT get called while we are +// processing a SSL callback function, because SSL_AuthCertificateComplete will +// attempt to acquire locks that are already held by libssl when it calls +// callbacks. +void +nsNSSSocketInfo::SetCertVerificationResult(PRErrorCode errorCode, + SSLErrorMessageType errorMessageType) +{ + NS_ASSERTION(mCertVerificationState == waiting_for_cert_verification, + "Invalid state transition to cert_verification_finished"); + + if (mFd) { + SECStatus rv = SSL_AuthCertificateComplete(mFd, errorCode); + // Only replace errorCode if there was originally no error + if (rv != SECSuccess && errorCode == 0) { + errorCode = PR_GetError(); + errorMessageType = PlainErrorMessage; + if (errorCode == 0) { + NS_ERROR("SSL_AuthCertificateComplete didn't set error code"); + errorCode = PR_INVALID_STATE_ERROR; + } + } + } + + if (errorCode) { + mFailedVerification = true; + SetCanceled(errorCode, errorMessageType); + } + + if (mPlaintextBytesRead && !errorCode) { + Telemetry::Accumulate(Telemetry::SSL_BYTES_BEFORE_CERT_CALLBACK, + AssertedCast(mPlaintextBytesRead)); + } + + mCertVerificationState = after_cert_verification; +} + +SharedSSLState& +nsNSSSocketInfo::SharedState() +{ + return mSharedState; +} + +void nsSSLIOLayerHelpers::Cleanup() +{ + MutexAutoLock lock(mutex); + mTLSIntoleranceInfo.Clear(); + mInsecureFallbackSites.Clear(); +} + +static void +nsHandleSSLError(nsNSSSocketInfo* socketInfo, + ::mozilla::psm::SSLErrorMessageType errtype, + PRErrorCode err) +{ + if (!NS_IsMainThread()) { + NS_ERROR("nsHandleSSLError called off the main thread"); + return; + } + + // SetCanceled is only called by the main thread or the socket transport + // thread. Whenever this function is called on the main thread, the SSL + // thread is blocked on it. So, no mutex is necessary for + // SetCanceled()/GetError*(). + if (socketInfo->GetErrorCode()) { + // If the socket has been flagged as canceled, + // the code who did was responsible for setting the error code. + return; + } + + // We must cancel first, which sets the error code. + socketInfo->SetCanceled(err, PlainErrorMessage); + nsXPIDLString errorString; + socketInfo->GetErrorLogMessage(err, errtype, errorString); + + if (!errorString.IsEmpty()) { + nsContentUtils::LogSimpleConsoleError(errorString, "SSL"); + } +} + +namespace { + +enum Operation { reading, writing, not_reading_or_writing }; + +int32_t checkHandshake(int32_t bytesTransfered, bool wasReading, + PRFileDesc* ssl_layer_fd, + nsNSSSocketInfo* socketInfo); + +nsNSSSocketInfo* +getSocketInfoIfRunning(PRFileDesc* fd, Operation op, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + if (!fd || !fd->lower || !fd->secret || + fd->identity != nsSSLIOLayerHelpers::nsSSLIOLayerIdentity) { + NS_ERROR("bad file descriptor passed to getSocketInfoIfRunning"); + PR_SetError(PR_BAD_DESCRIPTOR_ERROR, 0); + return nullptr; + } + + nsNSSSocketInfo* socketInfo = (nsNSSSocketInfo*) fd->secret; + + if (socketInfo->isAlreadyShutDown() || socketInfo->isPK11LoggedOut()) { + PR_SetError(PR_SOCKET_SHUTDOWN_ERROR, 0); + return nullptr; + } + + if (socketInfo->GetErrorCode()) { + PRErrorCode err = socketInfo->GetErrorCode(); + PR_SetError(err, 0); + if (op == reading || op == writing) { + // We must do TLS intolerance checks for reads and writes, for timeouts + // in particular. + (void) checkHandshake(-1, op == reading, fd, socketInfo); + } + + // If we get here, it is probably because cert verification failed and this + // is the first I/O attempt since that failure. + return nullptr; + } + + return socketInfo; +} + +} // namespace + +static PRStatus +nsSSLIOLayerConnect(PRFileDesc* fd, const PRNetAddr* addr, + PRIntervalTime timeout) +{ + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] connecting SSL socket\n", + (void*) fd)); + nsNSSShutDownPreventionLock locker; + if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker)) + return PR_FAILURE; + + PRStatus status = fd->lower->methods->connect(fd->lower, addr, timeout); + if (status != PR_SUCCESS) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("[%p] Lower layer connect error: %d\n", + (void*) fd, PR_GetError())); + return status; + } + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Connect\n", (void*) fd)); + return status; +} + +void +nsSSLIOLayerHelpers::rememberTolerantAtVersion(const nsACString& hostName, + int16_t port, uint16_t tolerant) +{ + nsCString key; + getSiteKey(hostName, port, key); + + MutexAutoLock lock(mutex); + + IntoleranceEntry entry; + if (mTLSIntoleranceInfo.Get(key, &entry)) { + entry.AssertInvariant(); + entry.tolerant = std::max(entry.tolerant, tolerant); + if (entry.intolerant != 0 && entry.intolerant <= entry.tolerant) { + entry.intolerant = entry.tolerant + 1; + entry.intoleranceReason = 0; // lose the reason + } + if (entry.strongCipherStatus == StrongCipherStatusUnknown) { + entry.strongCipherStatus = StrongCiphersWorked; + } + } else { + entry.tolerant = tolerant; + entry.intolerant = 0; + entry.intoleranceReason = 0; + entry.strongCipherStatus = StrongCiphersWorked; + } + + entry.AssertInvariant(); + + mTLSIntoleranceInfo.Put(key, entry); +} + +void +nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName, + int16_t port) +{ + nsCString key; + getSiteKey(hostName, port, key); + + MutexAutoLock lock(mutex); + + IntoleranceEntry entry; + if (mTLSIntoleranceInfo.Get(key, &entry)) { + entry.AssertInvariant(); + + entry.intolerant = 0; + entry.intoleranceReason = 0; + if (entry.strongCipherStatus != StrongCiphersWorked) { + entry.strongCipherStatus = StrongCipherStatusUnknown; + } + + entry.AssertInvariant(); + mTLSIntoleranceInfo.Put(key, entry); + } +} + +bool +nsSSLIOLayerHelpers::fallbackLimitReached(const nsACString& hostName, + uint16_t intolerant) +{ + if (isInsecureFallbackSite(hostName)) { + return intolerant <= SSL_LIBRARY_VERSION_TLS_1_0; + } + return intolerant <= mVersionFallbackLimit; +} + +// returns true if we should retry the handshake +bool +nsSSLIOLayerHelpers::rememberIntolerantAtVersion(const nsACString& hostName, + int16_t port, + uint16_t minVersion, + uint16_t intolerant, + PRErrorCode intoleranceReason) +{ + if (intolerant <= minVersion || fallbackLimitReached(hostName, intolerant)) { + // We can't fall back any further. Assume that intolerance isn't the issue. + forgetIntolerance(hostName, port); + return false; + } + + nsCString key; + getSiteKey(hostName, port, key); + + MutexAutoLock lock(mutex); + + IntoleranceEntry entry; + if (mTLSIntoleranceInfo.Get(key, &entry)) { + entry.AssertInvariant(); + if (intolerant <= entry.tolerant) { + // We already know the server is tolerant at an equal or higher version. + return false; + } + if ((entry.intolerant != 0 && intolerant >= entry.intolerant)) { + // We already know that the server is intolerant at a lower version. + return true; + } + } else { + entry.tolerant = 0; + entry.strongCipherStatus = StrongCipherStatusUnknown; + } + + entry.intolerant = intolerant; + entry.intoleranceReason = intoleranceReason; + entry.AssertInvariant(); + mTLSIntoleranceInfo.Put(key, entry); + + return true; +} + +// returns true if we should retry the handshake +bool +nsSSLIOLayerHelpers::rememberStrongCiphersFailed(const nsACString& hostName, + int16_t port, + PRErrorCode intoleranceReason) +{ + nsCString key; + getSiteKey(hostName, port, key); + + MutexAutoLock lock(mutex); + + IntoleranceEntry entry; + if (mTLSIntoleranceInfo.Get(key, &entry)) { + entry.AssertInvariant(); + if (entry.strongCipherStatus != StrongCipherStatusUnknown) { + // We already know if the server supports a strong cipher. + return false; + } + } else { + entry.tolerant = 0; + entry.intolerant = 0; + entry.intoleranceReason = intoleranceReason; + } + + entry.strongCipherStatus = StrongCiphersFailed; + entry.AssertInvariant(); + mTLSIntoleranceInfo.Put(key, entry); + + return true; +} + +void +nsSSLIOLayerHelpers::adjustForTLSIntolerance(const nsACString& hostName, + int16_t port, + /*in/out*/ SSLVersionRange& range, + /*out*/ StrongCipherStatus& strongCipherStatus) +{ + IntoleranceEntry entry; + + { + nsCString key; + getSiteKey(hostName, port, key); + + MutexAutoLock lock(mutex); + if (!mTLSIntoleranceInfo.Get(key, &entry)) { + return; + } + } + + entry.AssertInvariant(); + + if (entry.intolerant != 0) { + // We've tried connecting at a higher range but failed, so try at the + // version we haven't tried yet, unless we have reached the minimum. + if (range.min < entry.intolerant) { + range.max = entry.intolerant - 1; + } + } + strongCipherStatus = entry.strongCipherStatus; +} + +PRErrorCode +nsSSLIOLayerHelpers::getIntoleranceReason(const nsACString& hostName, + int16_t port) +{ + IntoleranceEntry entry; + + { + nsCString key; + getSiteKey(hostName, port, key); + + MutexAutoLock lock(mutex); + if (!mTLSIntoleranceInfo.Get(key, &entry)) { + return 0; + } + } + + entry.AssertInvariant(); + return entry.intoleranceReason; +} + +bool nsSSLIOLayerHelpers::nsSSLIOLayerInitialized = false; +PRDescIdentity nsSSLIOLayerHelpers::nsSSLIOLayerIdentity; +PRDescIdentity nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity; +PRIOMethods nsSSLIOLayerHelpers::nsSSLIOLayerMethods; +PRIOMethods nsSSLIOLayerHelpers::nsSSLPlaintextLayerMethods; + +static PRStatus +nsSSLIOLayerClose(PRFileDesc* fd) +{ + nsNSSShutDownPreventionLock locker; + if (!fd) + return PR_FAILURE; + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Shutting down socket\n", + (void*) fd)); + + nsNSSSocketInfo* socketInfo = (nsNSSSocketInfo*) fd->secret; + NS_ASSERTION(socketInfo,"nsNSSSocketInfo was null for an fd"); + + return socketInfo->CloseSocketAndDestroy(locker); +} + +PRStatus +nsNSSSocketInfo::CloseSocketAndDestroy( + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + PRFileDesc* popped = PR_PopIOLayer(mFd, PR_TOP_IO_LAYER); + NS_ASSERTION(popped && + popped->identity == nsSSLIOLayerHelpers::nsSSLIOLayerIdentity, + "SSL Layer not on top of stack"); + + // The plain text layer is not always present - so its not a fatal error + // if it cannot be removed + PRFileDesc* poppedPlaintext = + PR_GetIdentitiesLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity); + if (poppedPlaintext) { + PR_PopIOLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity); + poppedPlaintext->dtor(poppedPlaintext); + } + + PRStatus status = mFd->methods->close(mFd); + + // the nsNSSSocketInfo instance can out-live the connection, so we need some + // indication that the connection has been closed. mFd == nullptr is that + // indication. This is needed, for example, when the connection is closed + // before we have finished validating the server's certificate. + mFd = nullptr; + + if (status != PR_SUCCESS) return status; + + popped->identity = PR_INVALID_IO_LAYER; + NS_RELEASE_THIS(); + popped->dtor(popped); + + return PR_SUCCESS; +} + +#if defined(DEBUG_SSL_VERBOSE) && defined(DUMP_BUFFER) +// Dumps a (potentially binary) buffer using SSM_DEBUG. (We could have used +// the version in ssltrace.c, but that's specifically tailored to SSLTRACE.) +#define DUMPBUF_LINESIZE 24 +static void +nsDumpBuffer(unsigned char* buf, int len) +{ + char hexbuf[DUMPBUF_LINESIZE*3+1]; + char chrbuf[DUMPBUF_LINESIZE+1]; + static const char* hex = "0123456789abcdef"; + int i = 0; + int l = 0; + char ch; + char* c; + char* h; + if (len == 0) + return; + hexbuf[DUMPBUF_LINESIZE*3] = '\0'; + chrbuf[DUMPBUF_LINESIZE] = '\0'; + (void) memset(hexbuf, 0x20, DUMPBUF_LINESIZE*3); + (void) memset(chrbuf, 0x20, DUMPBUF_LINESIZE); + h = hexbuf; + c = chrbuf; + + while (i < len) { + ch = buf[i]; + + if (l == DUMPBUF_LINESIZE) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("%s%s\n", hexbuf, chrbuf)); + (void) memset(hexbuf, 0x20, DUMPBUF_LINESIZE*3); + (void) memset(chrbuf, 0x20, DUMPBUF_LINESIZE); + h = hexbuf; + c = chrbuf; + l = 0; + } + + // Convert a character to hex. + *h++ = hex[(ch >> 4) & 0xf]; + *h++ = hex[ch & 0xf]; + h++; + + // Put the character (if it's printable) into the character buffer. + if ((ch >= 0x20) && (ch <= 0x7e)) { + *c++ = ch; + } else { + *c++ = '.'; + } + i++; l++; + } + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("%s%s\n", hexbuf, chrbuf)); +} + +#define DEBUG_DUMP_BUFFER(buf,len) nsDumpBuffer(buf,len) +#else +#define DEBUG_DUMP_BUFFER(buf,len) +#endif + +class SSLErrorRunnable : public SyncRunnableBase +{ + public: + SSLErrorRunnable(nsNSSSocketInfo* infoObject, + ::mozilla::psm::SSLErrorMessageType errtype, + PRErrorCode errorCode) + : mInfoObject(infoObject) + , mErrType(errtype) + , mErrorCode(errorCode) + { + } + + virtual void RunOnTargetThread() + { + nsHandleSSLError(mInfoObject, mErrType, mErrorCode); + } + + RefPtr mInfoObject; + ::mozilla::psm::SSLErrorMessageType mErrType; + const PRErrorCode mErrorCode; +}; + +namespace { + +uint32_t tlsIntoleranceTelemetryBucket(PRErrorCode err) +{ + // returns a numeric code for where we track various errors in telemetry + // only errors that cause version fallback are tracked, + // so this is also used to determine which errors can cause version fallback + switch (err) { + case SSL_ERROR_BAD_MAC_ALERT: return 1; + case SSL_ERROR_BAD_MAC_READ: return 2; + case SSL_ERROR_HANDSHAKE_FAILURE_ALERT: return 3; + case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT: return 4; + case SSL_ERROR_ILLEGAL_PARAMETER_ALERT: return 6; + case SSL_ERROR_NO_CYPHER_OVERLAP: return 7; + case SSL_ERROR_UNSUPPORTED_VERSION: return 10; + case SSL_ERROR_PROTOCOL_VERSION_ALERT: return 11; + case SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE: return 13; + case SSL_ERROR_DECODE_ERROR_ALERT: return 14; + case PR_CONNECT_RESET_ERROR: return 16; + case PR_END_OF_FILE_ERROR: return 17; + case SSL_ERROR_INTERNAL_ERROR_ALERT: return 18; + default: return 0; + } +} + +bool +retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo) +{ + // This function is supposed to decide which error codes should + // be used to conclude server is TLS intolerant. + // Note this only happens during the initial SSL handshake. + + SSLVersionRange range = socketInfo->GetTLSVersionRange(); + nsSSLIOLayerHelpers& helpers = socketInfo->SharedState().IOLayerHelpers(); + + if (err == SSL_ERROR_UNSUPPORTED_VERSION && + range.min == SSL_LIBRARY_VERSION_TLS_1_0) { + socketInfo->SetSecurityState(nsIWebProgressListener::STATE_IS_INSECURE | + nsIWebProgressListener::STATE_USES_SSL_3); + } + + // NSS will return SSL_ERROR_RX_MALFORMED_SERVER_HELLO if anti-downgrade + // detected the downgrade. + if (err == SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT || + err == SSL_ERROR_RX_MALFORMED_SERVER_HELLO) { + // This is a clear signal that we've fallen back too many versions. Treat + // this as a hard failure, but forget any intolerance so that later attempts + // don't use this version (i.e., range.max) and trigger the error again. + + // First, track the original cause of the version fallback. This uses the + // same buckets as the telemetry below, except that bucket 0 will include + // all cases where there wasn't an original reason. + PRErrorCode originalReason = + helpers.getIntoleranceReason(socketInfo->GetHostName(), + socketInfo->GetPort()); + Telemetry::Accumulate(Telemetry::SSL_VERSION_FALLBACK_INAPPROPRIATE, + tlsIntoleranceTelemetryBucket(originalReason)); + + helpers.forgetIntolerance(socketInfo->GetHostName(), + socketInfo->GetPort()); + + return false; + } + + // Disallow PR_CONNECT_RESET_ERROR if fallback limit reached. + bool fallbackLimitReached = + helpers.fallbackLimitReached(socketInfo->GetHostName(), range.max); + if (err == PR_CONNECT_RESET_ERROR && fallbackLimitReached) { + return false; + } + + if ((err == SSL_ERROR_NO_CYPHER_OVERLAP || err == PR_END_OF_FILE_ERROR || + err == PR_CONNECT_RESET_ERROR) && + nsNSSComponent::AreAnyWeakCiphersEnabled()) { + if (helpers.isInsecureFallbackSite(socketInfo->GetHostName()) || + helpers.mUnrestrictedRC4Fallback) { + if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(), + socketInfo->GetPort(), err)) { + Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, + tlsIntoleranceTelemetryBucket(err)); + return true; + } + Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0); + } + } + + // When not using a proxy we'll see a connection reset error. + // When using a proxy, we'll see an end of file error. + + // Don't allow STARTTLS connections to fall back on connection resets or + // EOF. + if ((err == PR_CONNECT_RESET_ERROR || err == PR_END_OF_FILE_ERROR) + && socketInfo->GetForSTARTTLS()) { + return false; + } + + uint32_t reason = tlsIntoleranceTelemetryBucket(err); + if (reason == 0) { + return false; + } + + Telemetry::ID pre; + Telemetry::ID post; + switch (range.max) { + case SSL_LIBRARY_VERSION_TLS_1_3: + pre = Telemetry::SSL_TLS13_INTOLERANCE_REASON_PRE; + post = Telemetry::SSL_TLS13_INTOLERANCE_REASON_POST; + break; + case SSL_LIBRARY_VERSION_TLS_1_2: + pre = Telemetry::SSL_TLS12_INTOLERANCE_REASON_PRE; + post = Telemetry::SSL_TLS12_INTOLERANCE_REASON_POST; + break; + case SSL_LIBRARY_VERSION_TLS_1_1: + pre = Telemetry::SSL_TLS11_INTOLERANCE_REASON_PRE; + post = Telemetry::SSL_TLS11_INTOLERANCE_REASON_POST; + break; + case SSL_LIBRARY_VERSION_TLS_1_0: + pre = Telemetry::SSL_TLS10_INTOLERANCE_REASON_PRE; + post = Telemetry::SSL_TLS10_INTOLERANCE_REASON_POST; + break; + default: + MOZ_CRASH("impossible TLS version"); + return false; + } + + // The difference between _PRE and _POST represents how often we avoided + // TLS intolerance fallback due to remembered tolerance. + Telemetry::Accumulate(pre, reason); + + if (!helpers.rememberIntolerantAtVersion(socketInfo->GetHostName(), + socketInfo->GetPort(), + range.min, range.max, err)) { + return false; + } + + Telemetry::Accumulate(post, reason); + + return true; +} + +// Ensure that we haven't added too many errors to fit. +static_assert((SSL_ERROR_END_OF_LIST - SSL_ERROR_BASE) <= 256, + "too many SSL errors"); +static_assert((SEC_ERROR_END_OF_LIST - SEC_ERROR_BASE) <= 256, + "too many SEC errors"); +static_assert((PR_MAX_ERROR - PR_NSPR_ERROR_BASE) <= 128, + "too many NSPR errors"); +static_assert((mozilla::pkix::ERROR_BASE - mozilla::pkix::END_OF_LIST) < 31, + "too many moz::pkix errors"); + +static void +reportHandshakeResult(int32_t bytesTransferred, bool wasReading, PRErrorCode err) +{ + uint32_t bucket; + + // A negative bytesTransferred or a 0 read are errors. + if (bytesTransferred > 0) { + bucket = 0; + } else if ((bytesTransferred == 0) && !wasReading) { + // PR_Write() is defined to never return 0, but let's make sure. + // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PR_Write. + MOZ_ASSERT(false); + bucket = 671; + } else if (IS_SSL_ERROR(err)) { + bucket = err - SSL_ERROR_BASE; + MOZ_ASSERT(bucket > 0); // SSL_ERROR_EXPORT_ONLY_SERVER isn't used. + } else if (IS_SEC_ERROR(err)) { + bucket = (err - SEC_ERROR_BASE) + 256; + } else if ((err >= PR_NSPR_ERROR_BASE) && (err < PR_MAX_ERROR)) { + bucket = (err - PR_NSPR_ERROR_BASE) + 512; + } else if ((err >= mozilla::pkix::ERROR_BASE) && + (err < mozilla::pkix::ERROR_LIMIT)) { + bucket = (err - mozilla::pkix::ERROR_BASE) + 640; + } else { + bucket = 671; + } + + Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT, bucket); +} + +int32_t +checkHandshake(int32_t bytesTransfered, bool wasReading, + PRFileDesc* ssl_layer_fd, nsNSSSocketInfo* socketInfo) +{ + const PRErrorCode originalError = PR_GetError(); + PRErrorCode err = originalError; + + // This is where we work around all of those SSL servers that don't + // conform to the SSL spec and shutdown a connection when we request + // SSL v3.1 (aka TLS). The spec says the client says what version + // of the protocol we're willing to perform, in our case SSL v3.1 + // In its response, the server says which version it wants to perform. + // Many servers out there only know how to do v3.0. Next, we're supposed + // to send back the version of the protocol we requested (ie v3.1). At + // this point many servers's implementations are broken and they shut + // down the connection when they don't see the version they sent back. + // This is supposed to prevent a man in the middle from forcing one + // side to dumb down to a lower level of the protocol. Unfortunately, + // there are enough broken servers out there that such a gross work-around + // is necessary. :( + + // Do NOT assume TLS intolerance on a closed connection after bad cert ui was shown. + // Simply retry. + // This depends on the fact that Cert UI will not be shown again, + // should the user override the bad cert. + + bool handleHandshakeResultNow = socketInfo->IsHandshakePending(); + + bool wantRetry = false; + + if (0 > bytesTransfered) { + if (handleHandshakeResultNow) { + if (PR_WOULD_BLOCK_ERROR == err) { + PR_SetError(err, 0); + return bytesTransfered; + } + + wantRetry = retryDueToTLSIntolerance(err, socketInfo); + } + + // This is the common place where we trigger non-cert-errors on a SSL + // socket. This might be reached at any time of the connection. + // + // The socketInfo->GetErrorCode() check is here to ensure we don't try to + // do the synchronous dispatch to the main thread unnecessarily after we've + // already handled a certificate error. (SSLErrorRunnable calls + // nsHandleSSLError, which has logic to avoid replacing the error message, + // so without the !socketInfo->GetErrorCode(), it would just be an + // expensive no-op.) + if (!wantRetry && mozilla::psm::IsNSSErrorCode(err) && + !socketInfo->GetErrorCode()) { + RefPtr runnable(new SSLErrorRunnable(socketInfo, + PlainErrorMessage, + err)); + (void) runnable->DispatchToMainThreadAndWait(); + } + } else if (wasReading && 0 == bytesTransfered) { + // zero bytes on reading, socket closed + if (handleHandshakeResultNow) { + wantRetry = retryDueToTLSIntolerance(PR_END_OF_FILE_ERROR, socketInfo); + } + } + + if (wantRetry) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] checkHandshake: will retry with lower max TLS version\n", + ssl_layer_fd)); + // We want to cause the network layer to retry the connection. + err = PR_CONNECT_RESET_ERROR; + if (wasReading) + bytesTransfered = -1; + } + + // TLS intolerant servers only cause the first transfer to fail, so let's + // set the HandshakePending attribute to false so that we don't try the logic + // above again in a subsequent transfer. + if (handleHandshakeResultNow) { + // Report the result once for each handshake. Note that this does not + // get handshakes which are cancelled before any reads or writes + // happen. + reportHandshakeResult(bytesTransfered, wasReading, originalError); + socketInfo->SetHandshakeNotPending(); + } + + if (bytesTransfered < 0) { + // Remember that we encountered an error so that getSocketInfoIfRunning + // will correctly cause us to fail if another part of Gecko + // (erroneously) calls an I/O function (PR_Send/PR_Recv/etc.) again on + // this socket. Note that we use the original error because if we use + // PR_CONNECT_RESET_ERROR, we'll repeated try to reconnect. + if (originalError != PR_WOULD_BLOCK_ERROR && !socketInfo->GetErrorCode()) { + socketInfo->SetCanceled(originalError, PlainErrorMessage); + } + PR_SetError(err, 0); + } + + return bytesTransfered; +} + +} // namespace + +static int16_t +nsSSLIOLayerPoll(PRFileDesc* fd, int16_t in_flags, int16_t* out_flags) +{ + nsNSSShutDownPreventionLock locker; + + if (!out_flags) { + NS_WARNING("nsSSLIOLayerPoll called with null out_flags"); + return 0; + } + + *out_flags = 0; + + nsNSSSocketInfo* socketInfo = + getSocketInfoIfRunning(fd, not_reading_or_writing, locker); + + if (!socketInfo) { + // If we get here, it is probably because certificate validation failed + // and this is the first I/O operation after the failure. + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] polling SSL socket right after certificate verification failed " + "or NSS shutdown or SDR logout %d\n", + fd, (int) in_flags)); + + NS_ASSERTION(in_flags & PR_POLL_EXCEPT, + "caller did not poll for EXCEPT (canceled)"); + // Since this poll method cannot return errors, we want the caller to call + // PR_Send/PR_Recv right away to get the error, so we tell that we are + // ready for whatever I/O they are asking for. (See getSocketInfoIfRunning). + *out_flags = in_flags | PR_POLL_EXCEPT; // see also bug 480619 + return in_flags; + } + + MOZ_LOG(gPIPNSSLog, LogLevel::Verbose, + (socketInfo->IsWaitingForCertVerification() + ? "[%p] polling SSL socket during certificate verification using lower %d\n" + : "[%p] poll SSL socket using lower %d\n", + fd, (int) in_flags)); + + // We want the handshake to continue during certificate validation, so we + // don't need to do anything special here. libssl automatically blocks when + // it reaches any point that would be unsafe to send/receive something before + // cert validation is complete. + int16_t result = fd->lower->methods->poll(fd->lower, in_flags, out_flags); + MOZ_LOG(gPIPNSSLog, LogLevel::Verbose, + ("[%p] poll SSL socket returned %d\n", (void*) fd, (int) result)); + return result; +} + +nsSSLIOLayerHelpers::nsSSLIOLayerHelpers() + : mTreatUnsafeNegotiationAsBroken(false) + , mTLSIntoleranceInfo() + , mFalseStartRequireNPN(false) + , mUnrestrictedRC4Fallback(false) + , mVersionFallbackLimit(SSL_LIBRARY_VERSION_TLS_1_0) + , mutex("nsSSLIOLayerHelpers.mutex") +{ +} + +static int +_PSM_InvalidInt(void) +{ + MOZ_ASSERT_UNREACHABLE("I/O method is invalid"); + PR_SetError(PR_INVALID_METHOD_ERROR, 0); + return -1; +} + +static int64_t +_PSM_InvalidInt64(void) +{ + MOZ_ASSERT_UNREACHABLE("I/O method is invalid"); + PR_SetError(PR_INVALID_METHOD_ERROR, 0); + return -1; +} + +static PRStatus +_PSM_InvalidStatus(void) +{ + MOZ_ASSERT_UNREACHABLE("I/O method is invalid"); + PR_SetError(PR_INVALID_METHOD_ERROR, 0); + return PR_FAILURE; +} + +static PRFileDesc* +_PSM_InvalidDesc(void) +{ + MOZ_ASSERT_UNREACHABLE("I/O method is invalid"); + PR_SetError(PR_INVALID_METHOD_ERROR, 0); + return nullptr; +} + +static PRStatus +PSMGetsockname(PRFileDesc* fd, PRNetAddr* addr) +{ + nsNSSShutDownPreventionLock locker; + if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker)) + return PR_FAILURE; + + return fd->lower->methods->getsockname(fd->lower, addr); +} + +static PRStatus +PSMGetpeername(PRFileDesc* fd, PRNetAddr* addr) +{ + nsNSSShutDownPreventionLock locker; + if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker)) + return PR_FAILURE; + + return fd->lower->methods->getpeername(fd->lower, addr); +} + +static PRStatus +PSMGetsocketoption(PRFileDesc* fd, PRSocketOptionData* data) +{ + nsNSSShutDownPreventionLock locker; + if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker)) + return PR_FAILURE; + + return fd->lower->methods->getsocketoption(fd, data); +} + +static PRStatus +PSMSetsocketoption(PRFileDesc* fd, const PRSocketOptionData* data) +{ + nsNSSShutDownPreventionLock locker; + if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker)) + return PR_FAILURE; + + return fd->lower->methods->setsocketoption(fd, data); +} + +static int32_t +PSMRecv(PRFileDesc* fd, void* buf, int32_t amount, int flags, + PRIntervalTime timeout) +{ + nsNSSShutDownPreventionLock locker; + nsNSSSocketInfo* socketInfo = getSocketInfoIfRunning(fd, reading, locker); + if (!socketInfo) + return -1; + + if (flags != PR_MSG_PEEK && flags != 0) { + PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0); + return -1; + } + + int32_t bytesRead = fd->lower->methods->recv(fd->lower, buf, amount, flags, + timeout); + + MOZ_LOG(gPIPNSSLog, LogLevel::Verbose, + ("[%p] read %d bytes\n", (void*) fd, bytesRead)); + +#ifdef DEBUG_SSL_VERBOSE + DEBUG_DUMP_BUFFER((unsigned char*) buf, bytesRead); +#endif + + return checkHandshake(bytesRead, true, fd, socketInfo); +} + +static int32_t +PSMSend(PRFileDesc* fd, const void* buf, int32_t amount, int flags, + PRIntervalTime timeout) +{ + nsNSSShutDownPreventionLock locker; + nsNSSSocketInfo* socketInfo = getSocketInfoIfRunning(fd, writing, locker); + if (!socketInfo) + return -1; + + if (flags != 0) { + PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0); + return -1; + } + +#ifdef DEBUG_SSL_VERBOSE + DEBUG_DUMP_BUFFER((unsigned char*) buf, amount); +#endif + + int32_t bytesWritten = fd->lower->methods->send(fd->lower, buf, amount, + flags, timeout); + + MOZ_LOG(gPIPNSSLog, LogLevel::Verbose, + ("[%p] wrote %d bytes\n", fd, bytesWritten)); + + return checkHandshake(bytesWritten, false, fd, socketInfo); +} + +static PRStatus +PSMBind(PRFileDesc* fd, const PRNetAddr *addr) +{ + nsNSSShutDownPreventionLock locker; + if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker)) + return PR_FAILURE; + + return fd->lower->methods->bind(fd->lower, addr); +} + +static int32_t +nsSSLIOLayerRead(PRFileDesc* fd, void* buf, int32_t amount) +{ + return PSMRecv(fd, buf, amount, 0, PR_INTERVAL_NO_TIMEOUT); +} + +static int32_t +nsSSLIOLayerWrite(PRFileDesc* fd, const void* buf, int32_t amount) +{ + return PSMSend(fd, buf, amount, 0, PR_INTERVAL_NO_TIMEOUT); +} + +static PRStatus +PSMConnectcontinue(PRFileDesc* fd, int16_t out_flags) +{ + nsNSSShutDownPreventionLock locker; + if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker)) { + return PR_FAILURE; + } + + return fd->lower->methods->connectcontinue(fd, out_flags); +} + +static int +PSMAvailable(void) +{ + // This is called through PR_Available(), but is not implemented in PSM + PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0); + return -1; +} + +static int64_t +PSMAvailable64(void) +{ + // This is called through PR_Available(), but is not implemented in PSM + PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0); + return -1; +} + +namespace { + +class PrefObserver : public nsIObserver { +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIOBSERVER + explicit PrefObserver(nsSSLIOLayerHelpers* aOwner) : mOwner(aOwner) {} + +protected: + virtual ~PrefObserver() {} +private: + nsSSLIOLayerHelpers* mOwner; +}; + +} // unnamed namespace + +NS_IMPL_ISUPPORTS(PrefObserver, nsIObserver) + +NS_IMETHODIMP +PrefObserver::Observe(nsISupports* aSubject, const char* aTopic, + const char16_t* someData) +{ + if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { + NS_ConvertUTF16toUTF8 prefName(someData); + + if (prefName.EqualsLiteral("security.ssl.treat_unsafe_negotiation_as_broken")) { + bool enabled; + Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled); + mOwner->setTreatUnsafeNegotiationAsBroken(enabled); + } else if (prefName.EqualsLiteral("security.ssl.false_start.require-npn")) { + mOwner->mFalseStartRequireNPN = + Preferences::GetBool("security.ssl.false_start.require-npn", + FALSE_START_REQUIRE_NPN_DEFAULT); + } else if (prefName.EqualsLiteral("security.tls.version.fallback-limit")) { + mOwner->loadVersionFallbackLimit(); + } else if (prefName.EqualsLiteral("security.tls.insecure_fallback_hosts")) { + // Changes to the whitelist on the public side will update the pref. + // Don't propagate the changes to the private side. + if (mOwner->isPublic()) { + mOwner->initInsecureFallbackSites(); + } + } else if (prefName.EqualsLiteral("security.tls.unrestricted_rc4_fallback")) { + mOwner->mUnrestrictedRC4Fallback = + Preferences::GetBool("security.tls.unrestricted_rc4_fallback", false); + } + } + return NS_OK; +} + +static int32_t +PlaintextRecv(PRFileDesc* fd, void* buf, int32_t amount, int flags, + PRIntervalTime timeout) +{ + // The shutdownlocker is not needed here because it will already be + // held higher in the stack + nsNSSSocketInfo* socketInfo = nullptr; + + int32_t bytesRead = fd->lower->methods->recv(fd->lower, buf, amount, flags, + timeout); + if (fd->identity == nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity) + socketInfo = (nsNSSSocketInfo*) fd->secret; + + if ((bytesRead > 0) && socketInfo) + socketInfo->AddPlaintextBytesRead(bytesRead); + return bytesRead; +} + +nsSSLIOLayerHelpers::~nsSSLIOLayerHelpers() +{ + // mPrefObserver will only be set if this->Init was called. The GTest tests + // do not call Init. + if (mPrefObserver) { + Preferences::RemoveObserver(mPrefObserver, + "security.ssl.treat_unsafe_negotiation_as_broken"); + Preferences::RemoveObserver(mPrefObserver, + "security.ssl.false_start.require-npn"); + Preferences::RemoveObserver(mPrefObserver, + "security.tls.version.fallback-limit"); + Preferences::RemoveObserver(mPrefObserver, + "security.tls.insecure_fallback_hosts"); + Preferences::RemoveObserver(mPrefObserver, + "security.tls.unrestricted_rc4_fallback"); + } +} + +nsresult +nsSSLIOLayerHelpers::Init() +{ + if (!nsSSLIOLayerInitialized) { + nsSSLIOLayerInitialized = true; + nsSSLIOLayerIdentity = PR_GetUniqueIdentity("NSS layer"); + nsSSLIOLayerMethods = *PR_GetDefaultIOMethods(); + + nsSSLIOLayerMethods.available = (PRAvailableFN) PSMAvailable; + nsSSLIOLayerMethods.available64 = (PRAvailable64FN) PSMAvailable64; + nsSSLIOLayerMethods.fsync = (PRFsyncFN) _PSM_InvalidStatus; + nsSSLIOLayerMethods.seek = (PRSeekFN) _PSM_InvalidInt; + nsSSLIOLayerMethods.seek64 = (PRSeek64FN) _PSM_InvalidInt64; + nsSSLIOLayerMethods.fileInfo = (PRFileInfoFN) _PSM_InvalidStatus; + nsSSLIOLayerMethods.fileInfo64 = (PRFileInfo64FN) _PSM_InvalidStatus; + nsSSLIOLayerMethods.writev = (PRWritevFN) _PSM_InvalidInt; + nsSSLIOLayerMethods.accept = (PRAcceptFN) _PSM_InvalidDesc; + nsSSLIOLayerMethods.listen = (PRListenFN) _PSM_InvalidStatus; + nsSSLIOLayerMethods.shutdown = (PRShutdownFN) _PSM_InvalidStatus; + nsSSLIOLayerMethods.recvfrom = (PRRecvfromFN) _PSM_InvalidInt; + nsSSLIOLayerMethods.sendto = (PRSendtoFN) _PSM_InvalidInt; + nsSSLIOLayerMethods.acceptread = (PRAcceptreadFN) _PSM_InvalidInt; + nsSSLIOLayerMethods.transmitfile = (PRTransmitfileFN) _PSM_InvalidInt; + nsSSLIOLayerMethods.sendfile = (PRSendfileFN) _PSM_InvalidInt; + + nsSSLIOLayerMethods.getsockname = PSMGetsockname; + nsSSLIOLayerMethods.getpeername = PSMGetpeername; + nsSSLIOLayerMethods.getsocketoption = PSMGetsocketoption; + nsSSLIOLayerMethods.setsocketoption = PSMSetsocketoption; + nsSSLIOLayerMethods.recv = PSMRecv; + nsSSLIOLayerMethods.send = PSMSend; + nsSSLIOLayerMethods.connectcontinue = PSMConnectcontinue; + nsSSLIOLayerMethods.bind = PSMBind; + + nsSSLIOLayerMethods.connect = nsSSLIOLayerConnect; + nsSSLIOLayerMethods.close = nsSSLIOLayerClose; + nsSSLIOLayerMethods.write = nsSSLIOLayerWrite; + nsSSLIOLayerMethods.read = nsSSLIOLayerRead; + nsSSLIOLayerMethods.poll = nsSSLIOLayerPoll; + + nsSSLPlaintextLayerIdentity = PR_GetUniqueIdentity("Plaintxext PSM layer"); + nsSSLPlaintextLayerMethods = *PR_GetDefaultIOMethods(); + nsSSLPlaintextLayerMethods.recv = PlaintextRecv; + } + + bool enabled = false; + Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled); + setTreatUnsafeNegotiationAsBroken(enabled); + + mFalseStartRequireNPN = + Preferences::GetBool("security.ssl.false_start.require-npn", + FALSE_START_REQUIRE_NPN_DEFAULT); + loadVersionFallbackLimit(); + initInsecureFallbackSites(); + mUnrestrictedRC4Fallback = + Preferences::GetBool("security.tls.unrestricted_rc4_fallback", false); + + mPrefObserver = new PrefObserver(this); + Preferences::AddStrongObserver(mPrefObserver, + "security.ssl.treat_unsafe_negotiation_as_broken"); + Preferences::AddStrongObserver(mPrefObserver, + "security.ssl.false_start.require-npn"); + Preferences::AddStrongObserver(mPrefObserver, + "security.tls.version.fallback-limit"); + Preferences::AddStrongObserver(mPrefObserver, + "security.tls.insecure_fallback_hosts"); + Preferences::AddStrongObserver(mPrefObserver, + "security.tls.unrestricted_rc4_fallback"); + return NS_OK; +} + +void +nsSSLIOLayerHelpers::loadVersionFallbackLimit() +{ + // see nsNSSComponent::setEnabledTLSVersions for pref handling rules + uint32_t limit = Preferences::GetUint("security.tls.version.fallback-limit", + 3); // 3 = TLS 1.2 + SSLVersionRange defaults = { SSL_LIBRARY_VERSION_TLS_1_2, + SSL_LIBRARY_VERSION_TLS_1_2 }; + SSLVersionRange filledInRange; + nsNSSComponent::FillTLSVersionRange(filledInRange, limit, limit, defaults); + if (filledInRange.max < SSL_LIBRARY_VERSION_TLS_1_2) { + filledInRange.max = SSL_LIBRARY_VERSION_TLS_1_2; + } + + mVersionFallbackLimit = filledInRange.max; +} + +void +nsSSLIOLayerHelpers::clearStoredData() +{ + MutexAutoLock lock(mutex); + mInsecureFallbackSites.Clear(); + mTLSIntoleranceInfo.Clear(); +} + +void +nsSSLIOLayerHelpers::setInsecureFallbackSites(const nsCString& str) +{ + MutexAutoLock lock(mutex); + + mInsecureFallbackSites.Clear(); + + if (str.IsEmpty()) { + return; + } + + nsCCharSeparatedTokenizer toker(str, ','); + + while (toker.hasMoreTokens()) { + const nsCSubstring& host = toker.nextToken(); + if (!host.IsEmpty()) { + mInsecureFallbackSites.PutEntry(host); + } + } +} + +void +nsSSLIOLayerHelpers::initInsecureFallbackSites() +{ + MOZ_ASSERT(NS_IsMainThread()); + nsCString insecureFallbackHosts; + Preferences::GetCString("security.tls.insecure_fallback_hosts", + &insecureFallbackHosts); + setInsecureFallbackSites(insecureFallbackHosts); +} + +bool +nsSSLIOLayerHelpers::isPublic() const +{ + return this == &PublicSSLState()->IOLayerHelpers(); +} + +void +nsSSLIOLayerHelpers::addInsecureFallbackSite(const nsCString& hostname, + bool temporary) +{ + MOZ_ASSERT(NS_IsMainThread()); + { + MutexAutoLock lock(mutex); + if (mInsecureFallbackSites.Contains(hostname)) { + return; + } + mInsecureFallbackSites.PutEntry(hostname); + } + if (!isPublic() || temporary) { + return; + } + nsCString value; + Preferences::GetCString("security.tls.insecure_fallback_hosts", &value); + if (!value.IsEmpty()) { + value.Append(','); + } + value.Append(hostname); + Preferences::SetCString("security.tls.insecure_fallback_hosts", value); +} + +class FallbackPrefRemover final : public Runnable +{ +public: + explicit FallbackPrefRemover(const nsACString& aHost) + : mHost(aHost) + {} + NS_IMETHOD Run() override; +private: + nsCString mHost; +}; + +NS_IMETHODIMP +FallbackPrefRemover::Run() +{ + MOZ_ASSERT(NS_IsMainThread()); + nsCString oldValue; + Preferences::GetCString("security.tls.insecure_fallback_hosts", &oldValue); + nsCCharSeparatedTokenizer toker(oldValue, ','); + nsCString newValue; + while (toker.hasMoreTokens()) { + const nsCSubstring& host = toker.nextToken(); + if (host.Equals(mHost)) { + continue; + } + if (!newValue.IsEmpty()) { + newValue.Append(','); + } + newValue.Append(host); + } + Preferences::SetCString("security.tls.insecure_fallback_hosts", newValue); + return NS_OK; +} + +void +nsSSLIOLayerHelpers::removeInsecureFallbackSite(const nsACString& hostname, + uint16_t port) +{ + forgetIntolerance(hostname, port); + { + MutexAutoLock lock(mutex); + if (!mInsecureFallbackSites.Contains(hostname)) { + return; + } + mInsecureFallbackSites.RemoveEntry(hostname); + } + if (!isPublic()) { + return; + } + RefPtr runnable = new FallbackPrefRemover(hostname); + if (NS_IsMainThread()) { + runnable->Run(); + } else { + NS_DispatchToMainThread(runnable); + } +} + +bool +nsSSLIOLayerHelpers::isInsecureFallbackSite(const nsACString& hostname) +{ + MutexAutoLock lock(mutex); + return mInsecureFallbackSites.Contains(hostname); +} + +void +nsSSLIOLayerHelpers::setTreatUnsafeNegotiationAsBroken(bool broken) +{ + MutexAutoLock lock(mutex); + mTreatUnsafeNegotiationAsBroken = broken; +} + +bool +nsSSLIOLayerHelpers::treatUnsafeNegotiationAsBroken() +{ + MutexAutoLock lock(mutex); + return mTreatUnsafeNegotiationAsBroken; +} + +nsresult +nsSSLIOLayerNewSocket(int32_t family, + const char* host, + int32_t port, + nsIProxyInfo *proxy, + const NeckoOriginAttributes& originAttributes, + PRFileDesc** fd, + nsISupports** info, + bool forSTARTTLS, + uint32_t flags) +{ + + PRFileDesc* sock = PR_OpenTCPSocket(family); + if (!sock) return NS_ERROR_OUT_OF_MEMORY; + + nsresult rv = nsSSLIOLayerAddToSocket(family, host, port, proxy, + originAttributes, sock, info, + forSTARTTLS, flags); + if (NS_FAILED(rv)) { + PR_Close(sock); + return rv; + } + + *fd = sock; + return NS_OK; +} + +// Creates CA names strings from (CERTDistNames* caNames) +// +// - arena: arena to allocate strings on +// - caNameStrings: filled with CA names strings on return +// - caNames: CERTDistNames to extract strings from +// - return: SECSuccess if successful; error code otherwise +// +// Note: copied in its entirety from Nova code +static SECStatus +nsConvertCANamesToStrings(const UniquePLArenaPool& arena, char** caNameStrings, + CERTDistNames* caNames) +{ + MOZ_ASSERT(arena.get()); + MOZ_ASSERT(caNameStrings); + MOZ_ASSERT(caNames); + if (!arena.get() || !caNameStrings || !caNames) { + PR_SetError(SEC_ERROR_INVALID_ARGS, 0); + return SECFailure; + } + + SECItem* dername; + SECStatus rv; + int headerlen; + uint32_t contentlen; + SECItem newitem; + int n; + char* namestring; + + for (n = 0; n < caNames->nnames; n++) { + newitem.data = nullptr; + dername = &caNames->names[n]; + + rv = DER_Lengths(dername, &headerlen, &contentlen); + + if (rv != SECSuccess) { + goto loser; + } + + if (headerlen + contentlen != dername->len) { + // This must be from an enterprise 2.x server, which sent + // incorrectly formatted der without the outer wrapper of type and + // length. Fix it up by adding the top level header. + if (dername->len <= 127) { + newitem.data = (unsigned char*) PR_Malloc(dername->len + 2); + if (!newitem.data) { + goto loser; + } + newitem.data[0] = (unsigned char) 0x30; + newitem.data[1] = (unsigned char) dername->len; + (void) memcpy(&newitem.data[2], dername->data, dername->len); + } else if (dername->len <= 255) { + newitem.data = (unsigned char*) PR_Malloc(dername->len + 3); + if (!newitem.data) { + goto loser; + } + newitem.data[0] = (unsigned char) 0x30; + newitem.data[1] = (unsigned char) 0x81; + newitem.data[2] = (unsigned char) dername->len; + (void) memcpy(&newitem.data[3], dername->data, dername->len); + } else { + // greater than 256, better be less than 64k + newitem.data = (unsigned char*) PR_Malloc(dername->len + 4); + if (!newitem.data) { + goto loser; + } + newitem.data[0] = (unsigned char) 0x30; + newitem.data[1] = (unsigned char) 0x82; + newitem.data[2] = (unsigned char) ((dername->len >> 8) & 0xff); + newitem.data[3] = (unsigned char) (dername->len & 0xff); + memcpy(&newitem.data[4], dername->data, dername->len); + } + dername = &newitem; + } + + namestring = CERT_DerNameToAscii(dername); + if (!namestring) { + // XXX - keep going until we fail to convert the name + caNameStrings[n] = const_cast(""); + } else { + caNameStrings[n] = PORT_ArenaStrdup(arena.get(), namestring); + PR_Free(namestring); + if (!caNameStrings[n]) { + goto loser; + } + } + + if (newitem.data) { + PR_Free(newitem.data); + } + } + + return SECSuccess; +loser: + if (newitem.data) { + PR_Free(newitem.data); + } + return SECFailure; +} + +// Possible behaviors for choosing a cert for client auth. +enum class UserCertChoice { + // Ask the user to choose a cert. + Ask = 0, + // Automatically choose a cert. + Auto = 1, +}; + +// Returns the most appropriate user cert choice based on the value of the +// security.default_personal_cert preference. +UserCertChoice +nsGetUserCertChoice() +{ + nsAutoCString value; + nsresult rv = Preferences::GetCString("security.default_personal_cert", &value); + if (NS_FAILED(rv)) { + return UserCertChoice::Ask; + } + + // There are three cases for what the preference could be set to: + // 1. "Select Automatically" -> Auto. + // 2. "Ask Every Time" -> Ask. + // 3. Something else -> Ask. This might be a nickname from a migrated cert, + // but we no longer support this case. + return value.EqualsLiteral("Select Automatically") ? UserCertChoice::Auto + : UserCertChoice::Ask; +} + +static bool +hasExplicitKeyUsageNonRepudiation(CERTCertificate* cert) +{ + // There is no extension, v1 or v2 certificate + if (!cert->extensions) + return false; + + SECStatus srv; + SECItem keyUsageItem; + keyUsageItem.data = nullptr; + + srv = CERT_FindKeyUsageExtension(cert, &keyUsageItem); + if (srv == SECFailure) + return false; + + unsigned char keyUsage = keyUsageItem.data[0]; + PORT_Free (keyUsageItem.data); + + return !!(keyUsage & KU_NON_REPUDIATION); +} + +class ClientAuthDataRunnable : public SyncRunnableBase +{ +public: + ClientAuthDataRunnable(CERTDistNames* caNames, + CERTCertificate** pRetCert, + SECKEYPrivateKey** pRetKey, + nsNSSSocketInfo* info, + const UniqueCERTCertificate& serverCert) + : mRV(SECFailure) + , mErrorCodeToReport(SEC_ERROR_NO_MEMORY) + , mPRetCert(pRetCert) + , mPRetKey(pRetKey) + , mCANames(caNames) + , mSocketInfo(info) + , mServerCert(serverCert.get()) + { + } + + SECStatus mRV; // out + PRErrorCode mErrorCodeToReport; // out + CERTCertificate** const mPRetCert; // in/out + SECKEYPrivateKey** const mPRetKey; // in/out +protected: + virtual void RunOnTargetThread(); +private: + CERTDistNames* const mCANames; // in + nsNSSSocketInfo* const mSocketInfo; // in + CERTCertificate* const mServerCert; // in +}; + +// This callback function is used to pull client certificate +// information upon server request +// +// - arg: SSL data connection +// - socket: SSL socket we're dealing with +// - caNames: list of CA names +// - pRetCert: returns a pointer to a pointer to a valid certificate if +// successful; otherwise nullptr +// - pRetKey: returns a pointer to a pointer to the corresponding key if +// successful; otherwise nullptr +SECStatus +nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket, + CERTDistNames* caNames, CERTCertificate** pRetCert, + SECKEYPrivateKey** pRetKey) +{ + nsNSSShutDownPreventionLock locker; + + if (!socket || !caNames || !pRetCert || !pRetKey) { + PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0); + return SECFailure; + } + + RefPtr info( + BitwiseCast(socket->higher->secret)); + + UniqueCERTCertificate serverCert(SSL_PeerCertificate(socket)); + if (!serverCert) { + NS_NOTREACHED("Missing server certificate should have been detected during " + "server cert authentication."); + PR_SetError(SSL_ERROR_NO_CERTIFICATE, 0); + return SECFailure; + } + + if (info->GetJoined()) { + // We refuse to send a client certificate when there are multiple hostnames + // joined on this connection, because we only show the user one hostname + // (mHostName) in the client certificate UI. + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] Not returning client cert due to previous join\n", socket)); + *pRetCert = nullptr; + *pRetKey = nullptr; + return SECSuccess; + } + + // XXX: This should be done asynchronously; see bug 696976 + RefPtr runnable( + new ClientAuthDataRunnable(caNames, pRetCert, pRetKey, info, serverCert)); + nsresult rv = runnable->DispatchToMainThreadAndWait(); + if (NS_FAILED(rv)) { + PR_SetError(SEC_ERROR_NO_MEMORY, 0); + return SECFailure; + } + + if (runnable->mRV != SECSuccess) { + PR_SetError(runnable->mErrorCodeToReport, 0); + } else if (*runnable->mPRetCert || *runnable->mPRetKey) { + // Make joinConnection prohibit joining after we've sent a client cert + info->SetSentClientCert(); + } + + return runnable->mRV; +} + +void +ClientAuthDataRunnable::RunOnTargetThread() +{ + // We check the value of a pref in this runnable, so this runnable should only + // be run on the main thread. + MOZ_ASSERT(NS_IsMainThread()); + + UniquePLArenaPool arena; + char** caNameStrings; + UniqueCERTCertificate cert; + UniqueSECKEYPrivateKey privKey; + void* wincx = mSocketInfo; + nsresult rv; + + nsCOMPtr socketClientCert; + mSocketInfo->GetClientCert(getter_AddRefs(socketClientCert)); + + // If a client cert preference was set on the socket info, use that and skip + // the client cert UI and/or search of the user's past cert decisions. + if (socketClientCert) { + cert.reset(socketClientCert->GetCert()); + if (!cert) { + goto loser; + } + + // Get the private key + privKey.reset(PK11_FindKeyByAnyCert(cert.get(), wincx)); + if (!privKey) { + goto loser; + } + + *mPRetCert = cert.release(); + *mPRetKey = privKey.release(); + mRV = SECSuccess; + return; + } + + // create caNameStrings + arena.reset(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + goto loser; + } + + caNameStrings = static_cast( + PORT_ArenaAlloc(arena.get(), sizeof(char*) * mCANames->nnames)); + if (!caNameStrings) { + goto loser; + } + + mRV = nsConvertCANamesToStrings(arena, caNameStrings, mCANames); + if (mRV != SECSuccess) { + goto loser; + } + + // find valid user cert and key pair + if (nsGetUserCertChoice() == UserCertChoice::Auto) { + // automatically find the right cert + + // find all user certs that are valid and for SSL + UniqueCERTCertList certList( + CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient, + false, true, wincx)); + if (!certList) { + goto loser; + } + + // filter the list to those issued by CAs supported by the server + mRV = CERT_FilterCertListByCANames(certList.get(), mCANames->nnames, + caNameStrings, certUsageSSLClient); + if (mRV != SECSuccess) { + goto loser; + } + + // make sure the list is not empty + if (CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) { + goto loser; + } + + UniqueCERTCertificate lowPrioNonrepCert; + + // loop through the list until we find a cert with a key + for (CERTCertListNode* node = CERT_LIST_HEAD(certList); + !CERT_LIST_END(node, certList); + node = CERT_LIST_NEXT(node)) { + // if the certificate has restriction and we do not satisfy it we do not + // use it + privKey.reset(PK11_FindKeyByAnyCert(node->cert, wincx)); + if (privKey) { + if (hasExplicitKeyUsageNonRepudiation(node->cert)) { + privKey = nullptr; + // Not a preferred cert + if (!lowPrioNonrepCert) { // did not yet find a low prio cert + lowPrioNonrepCert.reset(CERT_DupCertificate(node->cert)); + } + } else { + // this is a good cert to present + cert.reset(CERT_DupCertificate(node->cert)); + break; + } + } + if (PR_GetError() == SEC_ERROR_BAD_PASSWORD) { + // problem with password: bail + goto loser; + } + } + + if (!cert && lowPrioNonrepCert) { + cert = Move(lowPrioNonrepCert); + privKey.reset(PK11_FindKeyByAnyCert(cert.get(), wincx)); + } + + if (!cert) { + goto loser; + } + } else { // Not Auto => ask + // Get the SSL Certificate + + nsXPIDLCString hostname; + mSocketInfo->GetHostName(getter_Copies(hostname)); + + RefPtr cars = + mSocketInfo->SharedState().GetClientAuthRememberService(); + + bool hasRemembered = false; + nsCString rememberedDBKey; + if (cars) { + bool found; + rv = cars->HasRememberedDecision(hostname, + mSocketInfo->GetOriginAttributes(), + mServerCert, rememberedDBKey, &found); + if (NS_SUCCEEDED(rv) && found) { + hasRemembered = true; + } + } + + if (hasRemembered && !rememberedDBKey.IsEmpty()) { + nsCOMPtr certdb = do_GetService(NS_X509CERTDB_CONTRACTID); + if (certdb) { + nsCOMPtr foundCert; + rv = certdb->FindCertByDBKey(rememberedDBKey.get(), + getter_AddRefs(foundCert)); + if (NS_SUCCEEDED(rv) && foundCert) { + nsNSSCertificate* objCert = + BitwiseCast(foundCert.get()); + if (objCert) { + cert.reset(objCert->GetCert()); + } + } + + if (!cert) { + hasRemembered = false; + } + } + } + + if (!hasRemembered) { + // user selects a cert to present + nsCOMPtr dialogs; + + // find all user certs that are for SSL + // note that we are allowing expired certs in this list + UniqueCERTCertList certList( + CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient, + false, false, wincx)); + if (!certList) { + goto loser; + } + + if (mCANames->nnames != 0) { + // filter the list to those issued by CAs supported by the server + mRV = CERT_FilterCertListByCANames(certList.get(), + mCANames->nnames, + caNameStrings, + certUsageSSLClient); + if (mRV != SECSuccess) { + goto loser; + } + } + + if (CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) { + // list is empty - no matching certs + goto loser; + } + + int32_t port; + mSocketInfo->GetPort(&port); + + UniquePORTString corg(CERT_GetOrgName(&mServerCert->subject)); + nsAutoCString org(corg.get()); + + UniquePORTString cissuer(CERT_GetOrgName(&mServerCert->issuer)); + nsAutoCString issuer(cissuer.get()); + + nsCOMPtr certArray = nsArrayBase::Create(); + if (!certArray) { + goto loser; + } + + for (CERTCertListNode* node = CERT_LIST_HEAD(certList); + !CERT_LIST_END(node, certList); + node = CERT_LIST_NEXT(node)) { + nsCOMPtr tempCert = nsNSSCertificate::Create(node->cert); + if (!tempCert) { + goto loser; + } + + rv = certArray->AppendElement(tempCert, false); + if (NS_FAILED(rv)) { + goto loser; + } + } + + // Throw up the client auth dialog and get back the index of the selected cert + rv = getNSSDialogs(getter_AddRefs(dialogs), + NS_GET_IID(nsIClientAuthDialogs), + NS_CLIENTAUTHDIALOGS_CONTRACTID); + + if (NS_FAILED(rv)) { + goto loser; + } + + uint32_t selectedIndex = 0; + bool certChosen = false; + rv = dialogs->ChooseCertificate(mSocketInfo, hostname, port, org, issuer, + certArray, &selectedIndex, &certChosen); + if (NS_FAILED(rv)) { + goto loser; + } + + // even if the user has canceled, we want to remember that, to avoid repeating prompts + bool wantRemember = false; + mSocketInfo->GetRememberClientAuthCertificate(&wantRemember); + + if (certChosen) { + nsCOMPtr selectedCert = do_QueryElementAt(certArray, + selectedIndex); + if (!selectedCert) { + goto loser; + } + cert.reset(selectedCert->GetCert()); + } + + if (cars && wantRemember) { + cars->RememberDecision(hostname, mSocketInfo->GetOriginAttributes(), + mServerCert, certChosen ? cert.get() : nullptr); + } + } + + if (!cert) { + goto loser; + } + + // go get the private key + privKey.reset(PK11_FindKeyByAnyCert(cert.get(), wincx)); + if (!privKey) { + goto loser; + } + } + goto done; + +loser: + if (mRV == SECSuccess) { + mRV = SECFailure; + } +done: + int error = PR_GetError(); + + *mPRetCert = cert.release(); + *mPRetKey = privKey.release(); + + if (mRV == SECFailure) { + mErrorCodeToReport = error; + } +} + +static PRFileDesc* +nsSSLIOLayerImportFD(PRFileDesc* fd, + nsNSSSocketInfo* infoObject, + const char* host) +{ + nsNSSShutDownPreventionLock locker; + PRFileDesc* sslSock = SSL_ImportFD(nullptr, fd); + if (!sslSock) { + NS_ASSERTION(false, "NSS: Error importing socket"); + return nullptr; + } + SSL_SetPKCS11PinArg(sslSock, (nsIInterfaceRequestor*) infoObject); + SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject); + SSL_SetCanFalseStartCallback(sslSock, CanFalseStartCallback, infoObject); + + // Disable this hook if we connect anonymously. See bug 466080. + uint32_t flags = 0; + infoObject->GetProviderFlags(&flags); + if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { + SSL_GetClientAuthDataHook(sslSock, nullptr, infoObject); + } else { + SSL_GetClientAuthDataHook(sslSock, + (SSLGetClientAuthData) nsNSS_SSLGetClientAuthData, + infoObject); + } + if (flags & nsISocketProvider::MITM_OK) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] nsSSLIOLayerImportFD: bypass authentication flag\n", fd)); + infoObject->SetBypassAuthentication(true); + } + if (SECSuccess != SSL_AuthCertificateHook(sslSock, AuthCertificateHook, + infoObject)) { + NS_NOTREACHED("failed to configure AuthCertificateHook"); + goto loser; + } + + if (SECSuccess != SSL_SetURL(sslSock, host)) { + NS_NOTREACHED("SSL_SetURL failed"); + goto loser; + } + + return sslSock; +loser: + if (sslSock) { + PR_Close(sslSock); + } + return nullptr; +} + +static const SSLSignatureScheme sEnabledSignatureSchemes[] = { + ssl_sig_ecdsa_secp256r1_sha256, + ssl_sig_ecdsa_secp384r1_sha384, + ssl_sig_ecdsa_secp521r1_sha512, + ssl_sig_rsa_pss_sha256, + ssl_sig_rsa_pss_sha384, + ssl_sig_rsa_pss_sha512, + ssl_sig_rsa_pkcs1_sha256, + ssl_sig_rsa_pkcs1_sha384, + ssl_sig_rsa_pkcs1_sha512, + ssl_sig_ecdsa_sha1, + ssl_sig_rsa_pkcs1_sha1, +}; + +static nsresult +nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS, + bool haveProxy, const char* host, int32_t port, + nsNSSSocketInfo* infoObject) +{ + nsNSSShutDownPreventionLock locker; + if (forSTARTTLS || haveProxy) { + if (SECSuccess != SSL_OptionSet(fd, SSL_SECURITY, false)) { + return NS_ERROR_FAILURE; + } + } + + SSLVersionRange range; + if (SSL_VersionRangeGet(fd, &range) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + if ((infoObject->GetProviderFlags() & nsISocketProvider::BE_CONSERVATIVE) && + (range.max > SSL_LIBRARY_VERSION_TLS_1_2)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] nsSSLIOLayerSetOptions: range.max limited to 1.2 due to BE_CONSERVATIVE flag\n", + fd)); + range.max = SSL_LIBRARY_VERSION_TLS_1_2; + } + + uint16_t maxEnabledVersion = range.max; + StrongCipherStatus strongCiphersStatus = StrongCipherStatusUnknown; + infoObject->SharedState().IOLayerHelpers() + .adjustForTLSIntolerance(infoObject->GetHostName(), infoObject->GetPort(), + range, strongCiphersStatus); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] nsSSLIOLayerSetOptions: using TLS version range (0x%04x,0x%04x)%s\n", + fd, static_cast(range.min), + static_cast(range.max), + strongCiphersStatus == StrongCiphersFailed ? " with weak ciphers" : "")); + + if (SSL_VersionRangeSet(fd, &range) != SECSuccess) { + return NS_ERROR_FAILURE; + } + infoObject->SetTLSVersionRange(range); + + if (strongCiphersStatus == StrongCiphersFailed) { + nsNSSComponent::UseWeakCiphersOnSocket(fd); + } + + // when adjustForTLSIntolerance tweaks the maximum version downward, + // we tell the server using this SCSV so they can detect a downgrade attack + if (range.max < maxEnabledVersion) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[%p] nsSSLIOLayerSetOptions: enabling TLS_FALLBACK_SCSV\n", fd)); + // Some servers will choke if we send the fallback SCSV with TLS 1.2. + if (range.max < SSL_LIBRARY_VERSION_TLS_1_2) { + if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_FALLBACK_SCSV, true)) { + return NS_ERROR_FAILURE; + } + } + // tell NSS the max enabled version to make anti-downgrade effective + if (SECSuccess != SSL_SetDowngradeCheckVersion(fd, maxEnabledVersion)) { + return NS_ERROR_FAILURE; + } + } + + // Include a modest set of named groups. + const SSLNamedGroup namedGroups[] = { + ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1, + ssl_grp_ec_secp521r1, ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072 + }; + if (SECSuccess != SSL_NamedGroupConfig(fd, namedGroups, + mozilla::ArrayLength(namedGroups))) { + return NS_ERROR_FAILURE; + } + // This ensures that we send key shares for X25519 and P-256 in TLS 1.3, so + // that servers are less likely to use HelloRetryRequest. + if (SECSuccess != SSL_SendAdditionalKeyShares(fd, 1)) { + return NS_ERROR_FAILURE; + } + + if (SECSuccess != SSL_SignatureSchemePrefSet(fd, sEnabledSignatureSchemes, + mozilla::ArrayLength(sEnabledSignatureSchemes))) { + return NS_ERROR_FAILURE; + } + + bool enabled = infoObject->SharedState().IsOCSPStaplingEnabled(); + if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, enabled)) { + return NS_ERROR_FAILURE; + } + + bool sctsEnabled = infoObject->SharedState().IsSignedCertTimestampsEnabled(); + if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, + sctsEnabled)) { + return NS_ERROR_FAILURE; + } + + if (SECSuccess != SSL_OptionSet(fd, SSL_HANDSHAKE_AS_CLIENT, true)) { + return NS_ERROR_FAILURE; + } + + // Set the Peer ID so that SSL proxy connections work properly and to + // separate anonymous and/or private browsing connections. + uint32_t flags = infoObject->GetProviderFlags(); + nsAutoCString peerId; + if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080 + peerId.AppendLiteral("anon:"); + } + if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) { + peerId.AppendLiteral("private:"); + } + if (flags & nsISocketProvider::MITM_OK) { + peerId.AppendLiteral("bypassAuth:"); + } + if (flags & nsISocketProvider::BE_CONSERVATIVE) { + peerId.AppendLiteral("beConservative:"); + } + peerId.Append(host); + peerId.Append(':'); + peerId.AppendInt(port); + nsAutoCString suffix; + infoObject->GetOriginAttributes().CreateSuffix(suffix); + peerId.Append(suffix); + if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) { + return NS_ERROR_FAILURE; + } + + return NS_OK; +} + +nsresult +nsSSLIOLayerAddToSocket(int32_t family, + const char* host, + int32_t port, + nsIProxyInfo* proxy, + const NeckoOriginAttributes& originAttributes, + PRFileDesc* fd, + nsISupports** info, + bool forSTARTTLS, + uint32_t providerFlags) +{ + nsNSSShutDownPreventionLock locker; + PRFileDesc* layer = nullptr; + PRFileDesc* plaintextLayer = nullptr; + nsresult rv; + PRStatus stat; + + SharedSSLState* sharedState = + providerFlags & nsISocketProvider::NO_PERMANENT_STORAGE ? PrivateSSLState() : PublicSSLState(); + nsNSSSocketInfo* infoObject = new nsNSSSocketInfo(*sharedState, providerFlags); + if (!infoObject) return NS_ERROR_FAILURE; + + NS_ADDREF(infoObject); + infoObject->SetForSTARTTLS(forSTARTTLS); + infoObject->SetHostName(host); + infoObject->SetPort(port); + infoObject->SetOriginAttributes(originAttributes); + + bool haveProxy = false; + if (proxy) { + nsCString proxyHost; + proxy->GetHost(proxyHost); + haveProxy = !proxyHost.IsEmpty(); + } + + // A plaintext observer shim is inserted so we can observe some protocol + // details without modifying nss + plaintextLayer = PR_CreateIOLayerStub(nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity, + &nsSSLIOLayerHelpers::nsSSLPlaintextLayerMethods); + if (plaintextLayer) { + plaintextLayer->secret = (PRFilePrivate*) infoObject; + stat = PR_PushIOLayer(fd, PR_TOP_IO_LAYER, plaintextLayer); + if (stat == PR_FAILURE) { + plaintextLayer->dtor(plaintextLayer); + plaintextLayer = nullptr; + } + } + + PRFileDesc* sslSock = nsSSLIOLayerImportFD(fd, infoObject, host); + if (!sslSock) { + NS_ASSERTION(false, "NSS: Error importing socket"); + goto loser; + } + + infoObject->SetFileDescPtr(sslSock); + + rv = nsSSLIOLayerSetOptions(sslSock, forSTARTTLS, haveProxy, host, port, + infoObject); + + if (NS_FAILED(rv)) + goto loser; + + // Now, layer ourselves on top of the SSL socket... + layer = PR_CreateIOLayerStub(nsSSLIOLayerHelpers::nsSSLIOLayerIdentity, + &nsSSLIOLayerHelpers::nsSSLIOLayerMethods); + if (!layer) + goto loser; + + layer->secret = (PRFilePrivate*) infoObject; + stat = PR_PushIOLayer(sslSock, PR_GetLayersIdentity(sslSock), layer); + + if (stat == PR_FAILURE) { + goto loser; + } + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Socket set up\n", (void*) sslSock)); + infoObject->QueryInterface(NS_GET_IID(nsISupports), (void**) (info)); + + // We are going use a clear connection first // + if (forSTARTTLS || haveProxy) { + infoObject->SetHandshakeNotPending(); + } + + infoObject->SharedState().NoteSocketCreated(); + + return NS_OK; + loser: + NS_IF_RELEASE(infoObject); + if (layer) { + layer->dtor(layer); + } + if (plaintextLayer) { + PR_PopIOLayer(fd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity); + plaintextLayer->dtor(plaintextLayer); + } + return NS_ERROR_FAILURE; +} diff --git a/security/manager/ssl/nsNSSIOLayer.h b/security/manager/ssl/nsNSSIOLayer.h new file mode 100644 index 000000000..b0b6281a8 --- /dev/null +++ b/security/manager/ssl/nsNSSIOLayer.h @@ -0,0 +1,263 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSIOLayer_h +#define nsNSSIOLayer_h + +#include "TransportSecurityInfo.h" +#include "mozilla/TimeStamp.h" +#include "nsCOMPtr.h" +#include "nsDataHashtable.h" +#include "nsIClientAuthDialogs.h" +#include "nsIProxyInfo.h" +#include "nsISSLSocketControl.h" +#include "nsNSSCertificate.h" +#include "nsTHashtable.h" +#include "sslt.h" + +namespace mozilla { +class NeckoOriginAttributes; +namespace psm { +class SharedSSLState; +} // namespace psm +} // namespace mozilla + +using mozilla::NeckoOriginAttributes; + +class nsIObserver; + +class nsNSSSocketInfo final : public mozilla::psm::TransportSecurityInfo, + public nsISSLSocketControl, + public nsIClientAuthUserDecision +{ +public: + nsNSSSocketInfo(mozilla::psm::SharedSSLState& aState, uint32_t providerFlags); + + NS_DECL_ISUPPORTS_INHERITED + NS_DECL_NSISSLSOCKETCONTROL + NS_DECL_NSICLIENTAUTHUSERDECISION + + void SetForSTARTTLS(bool aForSTARTTLS); + bool GetForSTARTTLS(); + + nsresult GetFileDescPtr(PRFileDesc** aFilePtr); + nsresult SetFileDescPtr(PRFileDesc* aFilePtr); + + bool IsHandshakePending() const { return mHandshakePending; } + void SetHandshakeNotPending() { mHandshakePending = false; } + + void SetTLSVersionRange(SSLVersionRange range) { mTLSVersionRange = range; } + SSLVersionRange GetTLSVersionRange() const { return mTLSVersionRange; }; + + PRStatus CloseSocketAndDestroy( + const nsNSSShutDownPreventionLock& proofOfLock); + + void SetNegotiatedNPN(const char* value, uint32_t length); + void SetEarlyDataAccepted(bool aAccepted); + + void SetHandshakeCompleted(); + void NoteTimeUntilReady(); + + + void SetFalseStartCallbackCalled() { mFalseStartCallbackCalled = true; } + void SetFalseStarted() { mFalseStarted = true; } + + // Note that this is only valid *during* a handshake; at the end of the handshake, + // it gets reset back to false. + void SetFullHandshake() { mIsFullHandshake = true; } + bool IsFullHandshake() const { return mIsFullHandshake; } + + bool GetJoined() { return mJoined; } + void SetSentClientCert() { mSentClientCert = true; } + + uint32_t GetProviderFlags() const { return mProviderFlags; } + + mozilla::psm::SharedSSLState& SharedState(); + + // XXX: These are only used on for diagnostic purposes + enum CertVerificationState { + before_cert_verification, + waiting_for_cert_verification, + after_cert_verification + }; + void SetCertVerificationWaiting(); + // Use errorCode == 0 to indicate success; in that case, errorMessageType is + // ignored. + void SetCertVerificationResult(PRErrorCode errorCode, + ::mozilla::psm::SSLErrorMessageType errorMessageType); + + // for logging only + PRBool IsWaitingForCertVerification() const + { + return mCertVerificationState == waiting_for_cert_verification; + } + void AddPlaintextBytesRead(uint64_t val) { mPlaintextBytesRead += val; } + + bool IsPreliminaryHandshakeDone() const { return mPreliminaryHandshakeDone; } + void SetPreliminaryHandshakeDone() { mPreliminaryHandshakeDone = true; } + + void SetKEAUsed(uint16_t kea) { mKEAUsed = kea; } + + void SetKEAKeyBits(uint32_t keaBits) { mKEAKeyBits = keaBits; } + + void SetBypassAuthentication(bool val) + { + if (!mHandshakeCompleted) { + mBypassAuthentication = val; + } + } + + void SetSSLVersionUsed(int16_t version) + { + mSSLVersionUsed = version; + } + + void SetMACAlgorithmUsed(int16_t mac) { mMACAlgorithmUsed = mac; } + +protected: + virtual ~nsNSSSocketInfo(); + +private: + PRFileDesc* mFd; + + CertVerificationState mCertVerificationState; + + mozilla::psm::SharedSSLState& mSharedState; + bool mForSTARTTLS; + SSLVersionRange mTLSVersionRange; + bool mHandshakePending; + bool mRememberClientAuthCertificate; + bool mPreliminaryHandshakeDone; // after false start items are complete + + nsresult ActivateSSL(); + + nsCString mNegotiatedNPN; + bool mNPNCompleted; + bool mEarlyDataAccepted; + bool mFalseStartCallbackCalled; + bool mFalseStarted; + bool mIsFullHandshake; + bool mHandshakeCompleted; + bool mJoined; + bool mSentClientCert; + bool mNotedTimeUntilReady; + bool mFailedVerification; + + // mKEA* are used in false start and http/2 detetermination + // Values are from nsISSLSocketControl + int16_t mKEAUsed; + uint32_t mKEAKeyBits; + int16_t mSSLVersionUsed; + int16_t mMACAlgorithmUsed; + bool mBypassAuthentication; + + uint32_t mProviderFlags; + mozilla::TimeStamp mSocketCreationTimestamp; + uint64_t mPlaintextBytesRead; + + nsCOMPtr mClientCert; +}; + +enum StrongCipherStatus { + StrongCipherStatusUnknown, + StrongCiphersWorked, + StrongCiphersFailed +}; + +class nsSSLIOLayerHelpers +{ +public: + nsSSLIOLayerHelpers(); + ~nsSSLIOLayerHelpers(); + + nsresult Init(); + void Cleanup(); + + static bool nsSSLIOLayerInitialized; + static PRDescIdentity nsSSLIOLayerIdentity; + static PRDescIdentity nsSSLPlaintextLayerIdentity; + static PRIOMethods nsSSLIOLayerMethods; + static PRIOMethods nsSSLPlaintextLayerMethods; + + bool mTreatUnsafeNegotiationAsBroken; + + void setTreatUnsafeNegotiationAsBroken(bool broken); + bool treatUnsafeNegotiationAsBroken(); + +private: + struct IntoleranceEntry + { + uint16_t tolerant; + uint16_t intolerant; + PRErrorCode intoleranceReason; + StrongCipherStatus strongCipherStatus; + + void AssertInvariant() const + { + MOZ_ASSERT(intolerant == 0 || tolerant < intolerant); + } + }; + nsDataHashtable mTLSIntoleranceInfo; + // Sites that require insecure fallback to TLS 1.0, set by the pref + // security.tls.insecure_fallback_hosts, which is a comma-delimited + // list of domain names. + nsTHashtable mInsecureFallbackSites; +public: + void rememberTolerantAtVersion(const nsACString& hostname, int16_t port, + uint16_t tolerant); + bool fallbackLimitReached(const nsACString& hostname, uint16_t intolerant); + bool rememberIntolerantAtVersion(const nsACString& hostname, int16_t port, + uint16_t intolerant, uint16_t minVersion, + PRErrorCode intoleranceReason); + bool rememberStrongCiphersFailed(const nsACString& hostName, int16_t port, + PRErrorCode intoleranceReason); + void forgetIntolerance(const nsACString& hostname, int16_t port); + void adjustForTLSIntolerance(const nsACString& hostname, int16_t port, + /*in/out*/ SSLVersionRange& range, + /*out*/ StrongCipherStatus& strongCipherStatus); + PRErrorCode getIntoleranceReason(const nsACString& hostname, int16_t port); + + void clearStoredData(); + void loadVersionFallbackLimit(); + void setInsecureFallbackSites(const nsCString& str); + void initInsecureFallbackSites(); + bool isPublic() const; + void addInsecureFallbackSite(const nsCString& hostname, bool temporary); + void removeInsecureFallbackSite(const nsACString& hostname, uint16_t port); + bool isInsecureFallbackSite(const nsACString& hostname); + + bool mFalseStartRequireNPN; + bool mUnrestrictedRC4Fallback; + uint16_t mVersionFallbackLimit; +private: + mozilla::Mutex mutex; + nsCOMPtr mPrefObserver; +}; + +nsresult nsSSLIOLayerNewSocket(int32_t family, + const char* host, + int32_t port, + nsIProxyInfo *proxy, + const NeckoOriginAttributes& originAttributes, + PRFileDesc** fd, + nsISupports** securityInfo, + bool forSTARTTLS, + uint32_t flags); + +nsresult nsSSLIOLayerAddToSocket(int32_t family, + const char* host, + int32_t port, + nsIProxyInfo *proxy, + const NeckoOriginAttributes& originAttributes, + PRFileDesc* fd, + nsISupports** securityInfo, + bool forSTARTTLS, + uint32_t flags); + +nsresult nsSSLIOLayerFreeTLSIntolerantSites(); +nsresult displayUnknownCertErrorAlert(nsNSSSocketInfo* infoObject, int error); + +#endif // nsNSSIOLayer_h diff --git a/security/manager/ssl/nsNSSModule.cpp b/security/manager/ssl/nsNSSModule.cpp new file mode 100644 index 000000000..e43d7d23d --- /dev/null +++ b/security/manager/ssl/nsNSSModule.cpp @@ -0,0 +1,348 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "CertBlocklist.h" +#include "ContentSignatureVerifier.h" +#include "NSSErrorsService.h" +#include "PSMContentListener.h" +#include "SecretDecoderRing.h" +#include "TransportSecurityInfo.h" +#include "WeakCryptoOverride.h" +#include "mozilla/ModuleUtils.h" +#include "nsCURILoader.h" +#include "nsCertOverrideService.h" +#include "nsCrypto.h" +#include "nsCryptoHash.h" +#include "nsDOMCID.h" // For the NS_CRYPTO_CONTRACTID define +#include "nsDataSignatureVerifier.h" +#include "nsICategoryManager.h" +#include "nsKeyModule.h" +#include "nsKeygenHandler.h" +#include "nsNSSCertificate.h" +#include "nsNSSCertificateDB.h" +#include "nsNSSCertificateFakeTransport.h" +#include "nsNSSComponent.h" +#include "nsNSSU2FToken.h" +#include "nsNSSVersion.h" +#include "nsNTLMAuthModule.h" +#include "nsNetCID.h" +#include "nsPK11TokenDB.h" +#include "nsPKCS11Slot.h" +#include "nsRandomGenerator.h" +#include "nsSSLSocketProvider.h" +#include "nsSSLStatus.h" +#include "nsSecureBrowserUIImpl.h" +#include "nsSiteSecurityService.h" +#include "nsTLSSocketProvider.h" +#include "nsXULAppAPI.h" + +#ifdef MOZ_XUL +#include "nsCertTree.h" +#endif + +#define NS_IS_PROCESS_DEFAULT \ + (GeckoProcessType_Default == XRE_GetProcessType()) + +#define NS_NSS_INSTANTIATE(ensureOperator, _InstanceClass) \ + PR_BEGIN_MACRO \ + _InstanceClass * inst; \ + inst = new _InstanceClass(); \ + NS_ADDREF(inst); \ + rv = inst->QueryInterface(aIID, aResult); \ + NS_RELEASE(inst); \ + PR_END_MACRO + +#define NS_NSS_INSTANTIATE_INIT(ensureOperator, _InstanceClass, _InitMethod) \ + PR_BEGIN_MACRO \ + _InstanceClass * inst; \ + inst = new _InstanceClass(); \ + NS_ADDREF(inst); \ + rv = inst->_InitMethod(); \ + if(NS_SUCCEEDED(rv)) { \ + rv = inst->QueryInterface(aIID, aResult); \ + } \ + NS_RELEASE(inst); \ + PR_END_MACRO + + +#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(ensureOperator, \ + _InstanceClass) \ + NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(ensureOperator, \ + _InstanceClass, \ + _InstanceClass) + +// These two macros are ripped off from nsIGenericFactory.h and slightly +// modified. +#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(ensureOperator, \ + _InstanceClassChrome, \ + _InstanceClassContent) \ +static nsresult \ +_InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID, \ + void **aResult) \ +{ \ + nsresult rv; \ + \ + *aResult = nullptr; \ + if (nullptr != aOuter) { \ + rv = NS_ERROR_NO_AGGREGATION; \ + return rv; \ + } \ + \ + if (!NS_IS_PROCESS_DEFAULT && \ + ensureOperator == nssEnsureChromeOrContent) { \ + if (!EnsureNSSInitializedChromeOrContent()) { \ + return NS_ERROR_FAILURE; \ + } \ + } else if (!EnsureNSSInitialized(ensureOperator)) { \ + return NS_ERROR_FAILURE; \ + } \ + \ + if (NS_IS_PROCESS_DEFAULT) \ + NS_NSS_INSTANTIATE(ensureOperator, _InstanceClassChrome); \ + else \ + NS_NSS_INSTANTIATE(ensureOperator, _InstanceClassContent); \ + \ + if (ensureOperator == nssLoadingComponent) \ + { \ + if (NS_SUCCEEDED(rv)) \ + EnsureNSSInitialized(nssInitSucceeded); \ + else \ + EnsureNSSInitialized(nssInitFailed); \ + } \ + \ + return rv; \ +} + + +#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(ensureOperator, \ + _InstanceClass, \ + _InitMethod) \ + NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT_BYPROCESS(ensureOperator, \ + _InstanceClass, \ + _InstanceClass, \ + _InitMethod) + +#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT_BYPROCESS(ensureOperator, \ + _InstanceClassChrome, \ + _InstanceClassContent, \ + _InitMethod) \ +static nsresult \ +_InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID, \ + void **aResult) \ +{ \ + nsresult rv; \ + \ + *aResult = nullptr; \ + if (nullptr != aOuter) { \ + rv = NS_ERROR_NO_AGGREGATION; \ + return rv; \ + } \ + \ + if (!NS_IS_PROCESS_DEFAULT && \ + ensureOperator == nssEnsureChromeOrContent) { \ + if (!EnsureNSSInitializedChromeOrContent()) { \ + return NS_ERROR_FAILURE; \ + } \ + } else if (!EnsureNSSInitialized(ensureOperator)) { \ + return NS_ERROR_FAILURE; \ + } \ + \ + if (NS_IS_PROCESS_DEFAULT) \ + NS_NSS_INSTANTIATE_INIT(ensureOperator, \ + _InstanceClassChrome, \ + _InitMethod); \ + else \ + NS_NSS_INSTANTIATE_INIT(ensureOperator, \ + _InstanceClassContent, \ + _InitMethod); \ + \ + if (ensureOperator == nssLoadingComponent) \ + { \ + if (NS_SUCCEEDED(rv)) \ + EnsureNSSInitialized(nssInitSucceeded); \ + else \ + EnsureNSSInitialized(nssInitFailed); \ + } \ + \ + return rv; \ +} + +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssLoadingComponent, nsNSSComponent, + Init) + +using namespace mozilla::psm; + +namespace { + +// Use the special factory constructor for everything this module implements, +// because all code could potentially require the NSS library. +// Our factory constructor takes an additional boolean parameter. +// Only for the nsNSSComponent, set this to true. +// All other classes must have this set to false. + +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsSSLSocketProvider) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsTLSSocketProvider) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, SecretDecoderRing) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPK11TokenDB) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPKCS11ModuleDB) +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PSMContentListener, init) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly, + nsNSSCertificate, + nsNSSCertificateFakeTransport) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsNSSCertificateDB) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly, + nsNSSCertList, + nsNSSCertListFakeTransport) +#ifdef MOZ_XUL +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertTree) +#endif +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPkcs11) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHash) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHMAC) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsKeyObject) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsKeyObjectFactory) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, ContentSignatureVerifier) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsRandomGenerator) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNSSU2FToken, Init) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, TransportSecurityInfo) + +typedef mozilla::psm::NSSErrorsService NSSErrorsService; +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(NSSErrorsService, Init) +NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSVersion) +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsCertOverrideService, Init) +NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl) +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertBlocklist, Init) +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSiteSecurityService, Init) +NS_GENERIC_FACTORY_CONSTRUCTOR(WeakCryptoOverride) + +NS_DEFINE_NAMED_CID(NS_NSSCOMPONENT_CID); +NS_DEFINE_NAMED_CID(NS_SSLSOCKETPROVIDER_CID); +NS_DEFINE_NAMED_CID(NS_STARTTLSSOCKETPROVIDER_CID); +NS_DEFINE_NAMED_CID(NS_SECRETDECODERRING_CID); +NS_DEFINE_NAMED_CID(NS_PK11TOKENDB_CID); +NS_DEFINE_NAMED_CID(NS_PKCS11MODULEDB_CID); +NS_DEFINE_NAMED_CID(NS_PSMCONTENTLISTEN_CID); +NS_DEFINE_NAMED_CID(NS_X509CERT_CID); +NS_DEFINE_NAMED_CID(NS_X509CERTDB_CID); +NS_DEFINE_NAMED_CID(NS_X509CERTLIST_CID); +NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID); +#ifdef MOZ_XUL +NS_DEFINE_NAMED_CID(NS_CERTTREE_CID); +#endif +NS_DEFINE_NAMED_CID(NS_PKCS11_CID); +NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID); +NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID); +NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID); +NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID); +NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID); +NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID); +NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID); +NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID); +NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID); +NS_DEFINE_NAMED_CID(NS_NSSU2FTOKEN_CID); +NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID); +NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID); +NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID); +NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID); +NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID); +NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID); +NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID); +NS_DEFINE_NAMED_CID(NS_WEAKCRYPTOOVERRIDE_CID); + +static const mozilla::Module::CIDEntry kNSSCIDs[] = { + { &kNS_NSSCOMPONENT_CID, false, nullptr, nsNSSComponentConstructor }, + { &kNS_SSLSOCKETPROVIDER_CID, false, nullptr, nsSSLSocketProviderConstructor }, + { &kNS_STARTTLSSOCKETPROVIDER_CID, false, nullptr, nsTLSSocketProviderConstructor }, + { &kNS_SECRETDECODERRING_CID, false, nullptr, SecretDecoderRingConstructor }, + { &kNS_PK11TOKENDB_CID, false, nullptr, nsPK11TokenDBConstructor }, + { &kNS_PKCS11MODULEDB_CID, false, nullptr, nsPKCS11ModuleDBConstructor }, + { &kNS_PSMCONTENTLISTEN_CID, false, nullptr, PSMContentListenerConstructor }, + { &kNS_X509CERT_CID, false, nullptr, nsNSSCertificateConstructor }, + { &kNS_X509CERTDB_CID, false, nullptr, nsNSSCertificateDBConstructor }, + { &kNS_X509CERTLIST_CID, false, nullptr, nsNSSCertListConstructor }, + { &kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create }, +#ifdef MOZ_XUL + { &kNS_CERTTREE_CID, false, nullptr, nsCertTreeConstructor }, +#endif + { &kNS_PKCS11_CID, false, nullptr, nsPkcs11Constructor }, + { &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor }, + { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor }, + { &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor }, + { &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor }, + { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor }, + { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor }, + { &kNS_CONTENTSIGNATUREVERIFIER_CID, false, nullptr, ContentSignatureVerifierConstructor }, + { &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor }, + { &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor }, + { &kNS_NSSU2FTOKEN_CID, false, nullptr, nsNSSU2FTokenConstructor }, + { &kNS_SSLSTATUS_CID, false, nullptr, nsSSLStatusConstructor }, + { &kTRANSPORTSECURITYINFO_CID, false, nullptr, TransportSecurityInfoConstructor }, + { &kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor }, + { &kNS_NSSVERSION_CID, false, nullptr, nsNSSVersionConstructor }, + { &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor }, + { &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, nsSiteSecurityServiceConstructor }, + { &kNS_CERT_BLOCKLIST_CID, false, nullptr, CertBlocklistConstructor}, + { &kNS_WEAKCRYPTOOVERRIDE_CID, false, nullptr, WeakCryptoOverrideConstructor }, + { nullptr } +}; + +static const mozilla::Module::ContractIDEntry kNSSContracts[] = { + { PSM_COMPONENT_CONTRACTID, &kNS_NSSCOMPONENT_CID }, + { NS_NSS_ERRORS_SERVICE_CONTRACTID, &kNS_NSSERRORSSERVICE_CID }, + { NS_NSSVERSION_CONTRACTID, &kNS_NSSVERSION_CID }, + { NS_SSLSOCKETPROVIDER_CONTRACTID, &kNS_SSLSOCKETPROVIDER_CID }, + { NS_STARTTLSSOCKETPROVIDER_CONTRACTID, &kNS_STARTTLSSOCKETPROVIDER_CID }, + { NS_SECRETDECODERRING_CONTRACTID, &kNS_SECRETDECODERRING_CID }, + { NS_PK11TOKENDB_CONTRACTID, &kNS_PK11TOKENDB_CID }, + { NS_PKCS11MODULEDB_CONTRACTID, &kNS_PKCS11MODULEDB_CID }, + { NS_PSMCONTENTLISTEN_CONTRACTID, &kNS_PSMCONTENTLISTEN_CID }, + { NS_X509CERTDB_CONTRACTID, &kNS_X509CERTDB_CID }, + { NS_X509CERTLIST_CONTRACTID, &kNS_X509CERTLIST_CID }, + { NS_FORMPROCESSOR_CONTRACTID, &kNS_FORMPROCESSOR_CID }, +#ifdef MOZ_XUL + { NS_CERTTREE_CONTRACTID, &kNS_CERTTREE_CID }, +#endif + { NS_PKCS11_CONTRACTID, &kNS_PKCS11_CID }, + { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID }, + { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID }, + { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID }, + { NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID }, + { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID }, + { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID }, + { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID }, + { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID }, + { NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID }, + { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID }, + { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID }, + { NS_NSSU2FTOKEN_CONTRACTID, &kNS_NSSU2FTOKEN_CID }, + { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID }, + { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID }, + { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID }, + { NS_WEAKCRYPTOOVERRIDE_CONTRACTID, &kNS_WEAKCRYPTOOVERRIDE_CID }, + { nullptr } +}; + +static const mozilla::Module::CategoryEntry kNSSCategories[] = { + { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-ca-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" }, + { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-server-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" }, + { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-user-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" }, + { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-email-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" }, + { nullptr } +}; + +static const mozilla::Module kNSSModule = { + mozilla::Module::kVersion, + kNSSCIDs, + kNSSContracts, + kNSSCategories +}; + +} // unnamed namespace + +NSMODULE_DEFN(NSS) = &kNSSModule; diff --git a/security/manager/ssl/nsNSSShutDown.cpp b/security/manager/ssl/nsNSSShutDown.cpp new file mode 100644 index 000000000..cffebac1e --- /dev/null +++ b/security/manager/ssl/nsNSSShutDown.cpp @@ -0,0 +1,288 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSShutDown.h" + +#include "mozilla/Casting.h" +#include "nsCOMPtr.h" + +using namespace mozilla; + +extern LazyLogModule gPIPNSSLog; + +struct ObjectHashEntry : PLDHashEntryHdr { + nsNSSShutDownObject *obj; +}; + +static bool +ObjectSetMatchEntry(const PLDHashEntryHdr *hdr, const void *key) +{ + const ObjectHashEntry *entry = static_cast(hdr); + return entry->obj == static_cast(key); +} + +static void +ObjectSetInitEntry(PLDHashEntryHdr *hdr, const void *key) +{ + ObjectHashEntry *entry = static_cast(hdr); + entry->obj = const_cast(static_cast(key)); +} + +static const PLDHashTableOps gSetOps = { + PLDHashTable::HashVoidPtrKeyStub, + ObjectSetMatchEntry, + PLDHashTable::MoveEntryStub, + PLDHashTable::ClearEntryStub, + ObjectSetInitEntry +}; + +StaticMutex sListLock; +Atomic sInShutdown(false); +nsNSSShutDownList *singleton = nullptr; + +nsNSSShutDownList::nsNSSShutDownList() + : mObjects(&gSetOps, sizeof(ObjectHashEntry)) + , mPK11LogoutCancelObjects(&gSetOps, sizeof(ObjectHashEntry)) +{ +} + +nsNSSShutDownList::~nsNSSShutDownList() +{ + PR_ASSERT(this == singleton); + singleton = nullptr; +} + +void nsNSSShutDownList::remember(nsNSSShutDownObject *o) +{ + StaticMutexAutoLock lock(sListLock); + if (!nsNSSShutDownList::construct(lock)) { + return; + } + + PR_ASSERT(o); + singleton->mObjects.Add(o, fallible); +} + +void nsNSSShutDownList::forget(nsNSSShutDownObject *o) +{ + StaticMutexAutoLock lock(sListLock); + if (!singleton) { + return; + } + + PR_ASSERT(o); + singleton->mObjects.Remove(o); +} + +void nsNSSShutDownList::remember(nsOnPK11LogoutCancelObject *o) +{ + StaticMutexAutoLock lock(sListLock); + if (!nsNSSShutDownList::construct(lock)) { + return; + } + + PR_ASSERT(o); + singleton->mPK11LogoutCancelObjects.Add(o, fallible); +} + +void nsNSSShutDownList::forget(nsOnPK11LogoutCancelObject *o) +{ + StaticMutexAutoLock lock(sListLock); + if (!singleton) { + return; + } + + PR_ASSERT(o); + singleton->mPK11LogoutCancelObjects.Remove(o); +} + +nsresult nsNSSShutDownList::doPK11Logout() +{ + StaticMutexAutoLock lock(sListLock); + if (!singleton) { + return NS_OK; + } + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("canceling all open SSL sockets to disallow future IO\n")); + + // During our iteration we will set a bunch of PRBools to true. + // Nobody else ever modifies that bool, only we do. + // We only must ensure that our objects do not go away. + // This is guaranteed by holding the list lock. + + for (auto iter = singleton->mPK11LogoutCancelObjects.Iter(); + !iter.Done(); + iter.Next()) { + auto entry = static_cast(iter.Get()); + nsOnPK11LogoutCancelObject* pklco = + BitwiseCast(entry->obj); + if (pklco) { + pklco->logout(); + } + } + + return NS_OK; +} + +nsresult nsNSSShutDownList::evaporateAllNSSResources() +{ + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + if (!NS_IsMainThread()) { + return NS_ERROR_NOT_SAME_THREAD; + } + + StaticMutexAutoLock lock(sListLock); + // Other threads can acquire an nsNSSShutDownPreventionLock and cause this + // thread to block when it calls restructActivityToCurrentThread, below. If + // those other threads then attempt to create an object that must be + // remembered by the shut down list, they will call + // nsNSSShutDownList::remember, which attempts to acquire sListLock. + // Consequently, holding sListLock while we're in + // restrictActivityToCurrentThread would result in deadlock. sListLock + // protects the singleton, so if we enforce that the singleton only be created + // and destroyed on the main thread, and if we similarly enforce that this + // function is only called on the main thread, what we can do is check that + // the singleton hasn't already gone away and then we don't actually have to + // hold sListLock while calling restrictActivityToCurrentThread. + if (!singleton) { + return NS_OK; + } + + { + StaticMutexAutoUnlock unlock(sListLock); + PRStatus rv = singleton->mActivityState.restrictActivityToCurrentThread(); + if (rv != PR_SUCCESS) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("failed to restrict activity to current thread")); + return NS_ERROR_FAILURE; + } + } + + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("now evaporating NSS resources")); + + // Never free more than one entry, because other threads might be calling + // us and remove themselves while we are iterating over the list, + // and the behaviour of changing the list while iterating is undefined. + while (singleton) { + auto iter = singleton->mObjects.Iter(); + if (iter.Done()) { + break; + } + auto entry = static_cast(iter.Get()); + { + StaticMutexAutoUnlock unlock(sListLock); + entry->obj->shutdown(nsNSSShutDownObject::ShutdownCalledFrom::List); + } + iter.Remove(); + } + + if (!singleton) { + return NS_ERROR_FAILURE; + } + + singleton->mActivityState.releaseCurrentThreadActivityRestriction(); + return NS_OK; +} + +void nsNSSShutDownList::enterActivityState() +{ + StaticMutexAutoLock lock(sListLock); + if (nsNSSShutDownList::construct(lock)) { + singleton->mActivityState.enter(); + } +} + +void nsNSSShutDownList::leaveActivityState() +{ + StaticMutexAutoLock lock(sListLock); + if (singleton) { + singleton->mActivityState.leave(); + } +} + +bool nsNSSShutDownList::construct(const StaticMutexAutoLock& /*proofOfLock*/) +{ + if (!singleton && !sInShutdown && XRE_IsParentProcess()) { + singleton = new nsNSSShutDownList(); + } + + return !!singleton; +} + +void nsNSSShutDownList::shutdown() +{ + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + StaticMutexAutoLock lock(sListLock); + sInShutdown = true; + + if (singleton) { + delete singleton; + } +} + +nsNSSActivityState::nsNSSActivityState() +:mNSSActivityStateLock("nsNSSActivityState.mNSSActivityStateLock"), + mNSSActivityChanged(mNSSActivityStateLock, + "nsNSSActivityState.mNSSActivityStateLock"), + mNSSActivityCounter(0), + mNSSRestrictedThread(nullptr) +{ +} + +nsNSSActivityState::~nsNSSActivityState() +{ +} + +void nsNSSActivityState::enter() +{ + MutexAutoLock lock(mNSSActivityStateLock); + + while (mNSSRestrictedThread && mNSSRestrictedThread != PR_GetCurrentThread()) { + mNSSActivityChanged.Wait(); + } + + ++mNSSActivityCounter; +} + +void nsNSSActivityState::leave() +{ + MutexAutoLock lock(mNSSActivityStateLock); + + --mNSSActivityCounter; + + mNSSActivityChanged.NotifyAll(); +} + +PRStatus nsNSSActivityState::restrictActivityToCurrentThread() +{ + MutexAutoLock lock(mNSSActivityStateLock); + + while (mNSSActivityCounter > 0) { + mNSSActivityChanged.Wait(PR_TicksPerSecond()); + } + + mNSSRestrictedThread = PR_GetCurrentThread(); + + return PR_SUCCESS; +} + +void nsNSSActivityState::releaseCurrentThreadActivityRestriction() +{ + MutexAutoLock lock(mNSSActivityStateLock); + + mNSSRestrictedThread = nullptr; + + mNSSActivityChanged.NotifyAll(); +} + +nsNSSShutDownPreventionLock::nsNSSShutDownPreventionLock() +{ + nsNSSShutDownList::enterActivityState(); +} + +nsNSSShutDownPreventionLock::~nsNSSShutDownPreventionLock() +{ + nsNSSShutDownList::leaveActivityState(); +} diff --git a/security/manager/ssl/nsNSSShutDown.h b/security/manager/ssl/nsNSSShutDown.h new file mode 100644 index 000000000..00d017239 --- /dev/null +++ b/security/manager/ssl/nsNSSShutDown.h @@ -0,0 +1,271 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSShutDown_h +#define nsNSSShutDown_h + +#include "PLDHashTable.h" +#include "mozilla/Assertions.h" +#include "mozilla/CondVar.h" +#include "mozilla/Mutex.h" +#include "mozilla/StaticMutex.h" +#include "nscore.h" +#include "nspr.h" + +class nsNSSShutDownObject; +class nsOnPK11LogoutCancelObject; + +// Singleton, owned by nsNSSShutDownList +class nsNSSActivityState +{ +public: + nsNSSActivityState(); + ~nsNSSActivityState(); + + // Call enter/leave when PSM enters a scope during which + // shutting down NSS is prohibited. + void enter(); + void leave(); + // Wait for all activity to stop, and block any other thread on entering + // relevant PSM code. + PRStatus restrictActivityToCurrentThread(); + + // Go back to normal state. + void releaseCurrentThreadActivityRestriction(); + +private: + // The lock protecting all our member variables. + mozilla::Mutex mNSSActivityStateLock; + + // The activity variable, bound to our lock, + // used either to signal the activity counter reaches zero, + // or a thread restriction has been released. + mozilla::CondVar mNSSActivityChanged; + + // The number of active scopes holding resources. + int mNSSActivityCounter; + + // nullptr means "no restriction" + // if not null, activity is only allowed on that thread + PRThread* mNSSRestrictedThread; +}; + +// Helper class that automatically enters/leaves the global activity state +class nsNSSShutDownPreventionLock +{ +public: + nsNSSShutDownPreventionLock(); + ~nsNSSShutDownPreventionLock(); +}; + +// Singleton, used by nsNSSComponent to track the list of PSM objects, +// which hold NSS resources and support the "early cleanup mechanism". +class nsNSSShutDownList +{ +public: + static void shutdown(); + + // track instances that support early cleanup + static void remember(nsNSSShutDownObject *o); + static void forget(nsNSSShutDownObject *o); + + // track instances that would like notification when + // a PK11 logout operation is performed. + static void remember(nsOnPK11LogoutCancelObject *o); + static void forget(nsOnPK11LogoutCancelObject *o); + + // Do the "early cleanup", if possible. + static nsresult evaporateAllNSSResources(); + + // PSM has been asked to log out of a token. + // Notify all registered instances that want to react to that event. + static nsresult doPK11Logout(); + + // Signal entering/leaving a scope where shutting down NSS is prohibited. + static void enterActivityState(); + static void leaveActivityState(); + +private: + static bool construct(const mozilla::StaticMutexAutoLock& /*proofOfLock*/); + + nsNSSShutDownList(); + ~nsNSSShutDownList(); + +protected: + PLDHashTable mObjects; + PLDHashTable mPK11LogoutCancelObjects; + nsNSSActivityState mActivityState; +}; + +/* + A class deriving from nsNSSShutDownObject will have its instances + automatically tracked in a list. However, it must follow some rules + to assure correct behaviour. + + The tricky part is that it is not possible to call virtual + functions from a destructor. + + The deriving class must override virtualDestroyNSSReference(). + Within this function, it should clean up all resources held to NSS. + The function will be called by the global list, if it is time to + shut down NSS before all references have been freed. + + The same code that goes into virtualDestroyNSSReference must + also be called from the destructor of the deriving class, + which is the standard cleanup (not called from the tracking list). + + Because of that duplication, it is suggested to implement a + function destructorSafeDestroyNSSReference() in the deriving + class, and make the implementation of virtualDestroyNSSReference() + call destructorSafeDestroyNSSReference(). + + The destructor of the derived class must prevent NSS shutdown on + another thread by acquiring an nsNSSShutDownPreventionLock. It must + then check to see if NSS has already been shut down by calling + isAlreadyShutDown(). If NSS has not been shut down, the destructor + must then call destructorSafeDestroyNSSReference() and then + shutdown(ShutdownCalledFrom::Object). The second call will deregister with + the tracking list, to ensure no additional attempt to free the resources + will be made. + + ---------------------------------------------------------------------------- + IMPORTANT NOTE REGARDING CLASSES THAT IMPLEMENT nsNSSShutDownObject BUT DO + NOT DIRECTLY HOLD NSS RESOURCES: + ---------------------------------------------------------------------------- + Currently, classes that do not hold NSS resources but do call NSS functions + inherit from nsNSSShutDownObject (and use the lock/isAlreadyShutDown + mechanism) as a way of ensuring it is safe to call those functions. Because + these classes do not hold any resources, however, it is tempting to skip the + destructor component of this interface. This MUST NOT be done, because + if an object of such a class is destructed before the nsNSSShutDownList + processes all of its entries, this essentially causes a use-after-free when + nsNSSShutDownList reaches the entry that has been destroyed. The safe way to + do this is to implement the destructor as usual but omit the call to + destructorSafeDestroyNSSReference() as it is unnecessary and probably isn't + defined for that class. + + destructorSafeDestroyNSSReference() does not need to acquire an + nsNSSShutDownPreventionLock or check isAlreadyShutDown() as long as it + is only called by the destructor that has already acquired the lock and + checked for shutdown or by the NSS shutdown code itself (which acquires + the same lock and checks if objects it cleans up have already cleaned + up themselves). + + destructorSafeDestroyNSSReference() MUST NOT cause any other + nsNSSShutDownObject to be deconstructed. Doing so can cause + unsupported concurrent operations on the hash table in the + nsNSSShutDownList. + + class derivedClass : public nsISomeInterface, + public nsNSSShutDownObject + { + virtual void virtualDestroyNSSReference() + { + destructorSafeDestroyNSSReference(); + } + + void destructorSafeDestroyNSSReference() + { + // clean up all NSS resources here + } + + virtual ~derivedClass() + { + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); + } + + NS_IMETHODIMP doSomething() + { + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + // use the NSS resources and do something + } + }; +*/ + +class nsNSSShutDownObject +{ +public: + enum class ShutdownCalledFrom { + List, + Object, + }; + + nsNSSShutDownObject() + { + mAlreadyShutDown = false; + nsNSSShutDownList::remember(this); + } + + virtual ~nsNSSShutDownObject() + { + // The derived class must call + // shutdown(ShutdownCalledFrom::Object); + // in its destructor + } + + void shutdown(ShutdownCalledFrom calledFrom) + { + if (!mAlreadyShutDown) { + switch (calledFrom) { + case ShutdownCalledFrom::Object: + nsNSSShutDownList::forget(this); + break; + case ShutdownCalledFrom::List: + virtualDestroyNSSReference(); + break; + default: + MOZ_CRASH("shutdown() called from an unknown source"); + } + mAlreadyShutDown = true; + } + } + + bool isAlreadyShutDown() const { return mAlreadyShutDown; } + +protected: + virtual void virtualDestroyNSSReference() = 0; +private: + volatile bool mAlreadyShutDown; +}; + +class nsOnPK11LogoutCancelObject +{ +public: + nsOnPK11LogoutCancelObject() + : mIsLoggedOut(false) + { + nsNSSShutDownList::remember(this); + } + + virtual ~nsOnPK11LogoutCancelObject() + { + nsNSSShutDownList::forget(this); + } + + void logout() + { + // We do not care for a race condition. + // Once the bool arrived at false, + // later calls to isPK11LoggedOut() will see it. + // This is a one-time change from 0 to 1. + mIsLoggedOut = true; + } + + bool isPK11LoggedOut() + { + return mIsLoggedOut; + } + +private: + volatile bool mIsLoggedOut; +}; + +#endif // nsNSSShutDown_h diff --git a/security/manager/ssl/nsNSSU2FToken.cpp b/security/manager/ssl/nsNSSU2FToken.cpp new file mode 100644 index 000000000..f8492df02 --- /dev/null +++ b/security/manager/ssl/nsNSSU2FToken.cpp @@ -0,0 +1,752 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSU2FToken.h" + +#include "CryptoBuffer.h" +#include "mozilla/Casting.h" +#include "nsNSSComponent.h" +#include "pk11pub.h" +#include "prerror.h" +#include "secerr.h" +#include "WebCryptoCommon.h" + +using namespace mozilla; +using mozilla::dom::CreateECParamsForCurve; + +NS_IMPL_ISUPPORTS(nsNSSU2FToken, nsIU2FToken, nsINSSU2FToken) + +// Not named "security.webauth.u2f_softtoken_counter" because setting that +// name causes the window.u2f object to disappear until preferences get +// reloaded, as its' pref is a substring! +#define PREF_U2F_NSSTOKEN_COUNTER "security.webauth.softtoken_counter" + +const nsCString nsNSSU2FToken::mSecretNickname = + NS_LITERAL_CSTRING("U2F_NSSTOKEN"); +const nsString nsNSSU2FToken::mVersion = + NS_LITERAL_STRING("U2F_V2"); +NS_NAMED_LITERAL_CSTRING(kAttestCertSubjectName, "CN=Firefox U2F Soft Token"); + +// This U2F-compatible soft token uses FIDO U2F-compatible ECDSA keypairs +// on the SEC_OID_SECG_EC_SECP256R1 curve. When asked to Register, it will +// generate and return a new keypair KP, where the private component is wrapped +// using AES-KW with the 128-bit mWrappingKey to make an opaque "key handle". +// In other words, Register yields { KP_pub, AES-KW(KP_priv, key=mWrappingKey) } +// +// The value mWrappingKey is long-lived; it is persisted as part of the NSS DB +// for the current profile. The attestation certificates that are produced are +// ephemeral to counteract profiling. They have little use for a soft-token +// at any rate, but are required by the specification. + +const uint32_t kParamLen = 32; +const uint32_t kPublicKeyLen = 65; +const uint32_t kWrappedKeyBufLen = 256; +const uint32_t kWrappingKeyByteLen = 128/8; +NS_NAMED_LITERAL_STRING(kEcAlgorithm, WEBCRYPTO_NAMED_CURVE_P256); + +const PRTime kOneDay = PRTime(PR_USEC_PER_SEC) + * PRTime(60) // sec + * PRTime(60) // min + * PRTime(24); // hours +const PRTime kExpirationSlack = kOneDay; // Pre-date for clock skew +const PRTime kExpirationLife = kOneDay; + +static mozilla::LazyLogModule gNSSTokenLog("webauth_u2f"); + +nsNSSU2FToken::nsNSSU2FToken() + : mInitialized(false) +{} + +nsNSSU2FToken::~nsNSSU2FToken() +{ + nsNSSShutDownPreventionLock locker; + + if (isAlreadyShutDown()) { + return; + } + + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +void +nsNSSU2FToken::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void +nsNSSU2FToken::destructorSafeDestroyNSSReference() +{ + mWrappingKey = nullptr; +} + +/** + * Gets the first key with the given nickname from the given slot. Any other + * keys found are not returned. + * PK11_GetNextSymKey() should not be called on the returned key. + * + * @param aSlot Slot to search. + * @param aNickname Nickname the key should have. + * @return The first key found. nullptr if no key could be found. + */ +static UniquePK11SymKey +GetSymKeyByNickname(const UniquePK11SlotInfo& aSlot, + const nsCString& aNickname, + const nsNSSShutDownPreventionLock&) +{ + MOZ_ASSERT(aSlot); + if (!aSlot) { + return nullptr; + } + + MOZ_LOG(gNSSTokenLog, LogLevel::Debug, + ("Searching for a symmetric key named %s", aNickname.get())); + + UniquePK11SymKey keyListHead( + PK11_ListFixedKeysInSlot(aSlot.get(), const_cast(aNickname.get()), + /* wincx */ nullptr)); + if (!keyListHead) { + MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("Symmetric key not found.")); + return nullptr; + } + + // Sanity check PK11_ListFixedKeysInSlot() only returns keys with the correct + // nickname. + MOZ_ASSERT(aNickname == + UniquePORTString(PK11_GetSymKeyNickname(keyListHead.get())).get()); + MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("Symmetric key found!")); + + // Free any remaining keys in the key list. + UniquePK11SymKey freeKey(PK11_GetNextSymKey(keyListHead.get())); + while (freeKey) { + freeKey = UniquePK11SymKey(PK11_GetNextSymKey(freeKey.get())); + } + + return keyListHead; +} + +static nsresult +GenEcKeypair(const UniquePK11SlotInfo& aSlot, + /*out*/ UniqueSECKEYPrivateKey& aPrivKey, + /*out*/ UniqueSECKEYPublicKey& aPubKey, + const nsNSSShutDownPreventionLock&) +{ + MOZ_ASSERT(aSlot); + if (!aSlot) { + return NS_ERROR_INVALID_ARG; + } + + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_OUT_OF_MEMORY; + } + + // Set the curve parameters; keyParams belongs to the arena memory space + SECItem* keyParams = CreateECParamsForCurve(kEcAlgorithm, arena.get()); + if (!keyParams) { + return NS_ERROR_OUT_OF_MEMORY; + } + + // Generate a key pair + CK_MECHANISM_TYPE mechanism = CKM_EC_KEY_PAIR_GEN; + + SECKEYPublicKey* pubKeyRaw; + aPrivKey = UniqueSECKEYPrivateKey( + PK11_GenerateKeyPair(aSlot.get(), mechanism, keyParams, &pubKeyRaw, + /* ephemeral */ false, false, + /* wincx */ nullptr)); + aPubKey = UniqueSECKEYPublicKey(pubKeyRaw); + pubKeyRaw = nullptr; + if (!aPrivKey.get() || !aPubKey.get()) { + return NS_ERROR_FAILURE; + } + + // Check that the public key has the correct length + if (aPubKey->u.ec.publicValue.len != kPublicKeyLen) { + return NS_ERROR_FAILURE; + } + + return NS_OK; +} + +nsresult +nsNSSU2FToken::GetOrCreateWrappingKey(const UniquePK11SlotInfo& aSlot, + const nsNSSShutDownPreventionLock& locker) +{ + MOZ_ASSERT(aSlot); + if (!aSlot) { + return NS_ERROR_INVALID_ARG; + } + + // Search for an existing wrapping key. If we find it, + // store it for later and mark ourselves initialized. + mWrappingKey = GetSymKeyByNickname(aSlot, mSecretNickname, locker); + if (mWrappingKey) { + MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("U2F Soft Token Key found.")); + mInitialized = true; + return NS_OK; + } + + MOZ_LOG(gNSSTokenLog, LogLevel::Info, + ("No keys found. Generating new U2F Soft Token wrapping key.")); + + // We did not find an existing wrapping key, so we generate one in the + // persistent database (e.g, Token). + mWrappingKey = UniquePK11SymKey( + PK11_TokenKeyGenWithFlags(aSlot.get(), CKM_AES_KEY_GEN, + /* default params */ nullptr, + kWrappingKeyByteLen, + /* empty keyid */ nullptr, + /* flags */ CKF_WRAP | CKF_UNWRAP, + /* attributes */ PK11_ATTR_TOKEN | + PK11_ATTR_PRIVATE, + /* wincx */ nullptr)); + + if (!mWrappingKey) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to store wrapping key, NSS error #%d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + + SECStatus srv = PK11_SetSymKeyNickname(mWrappingKey.get(), + mSecretNickname.get()); + if (srv != SECSuccess) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to set nickname, NSS error #%d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + + MOZ_LOG(gNSSTokenLog, LogLevel::Debug, + ("Key stored, nickname set to %s.", mSecretNickname.get())); + + Preferences::SetUint(PREF_U2F_NSSTOKEN_COUNTER, 0); + return NS_OK; +} + +static nsresult +GetAttestationCertificate(const UniquePK11SlotInfo& aSlot, + /*out*/ UniqueSECKEYPrivateKey& aAttestPrivKey, + /*out*/ UniqueCERTCertificate& aAttestCert, + const nsNSSShutDownPreventionLock& locker) +{ + MOZ_ASSERT(aSlot); + if (!aSlot) { + return NS_ERROR_INVALID_ARG; + } + + UniqueSECKEYPublicKey pubKey; + + // Construct an ephemeral keypair for this Attestation Certificate + nsresult rv = GenEcKeypair(aSlot, aAttestPrivKey, pubKey, locker); + if (NS_FAILED(rv) || !aAttestPrivKey || !pubKey) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to gen keypair, NSS error #%d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + + // Construct the Attestation Certificate itself + UniqueCERTName subjectName(CERT_AsciiToName(kAttestCertSubjectName.get())); + if (!subjectName) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to set subject name, NSS error #%d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + + UniqueCERTSubjectPublicKeyInfo spki( + SECKEY_CreateSubjectPublicKeyInfo(pubKey.get())); + if (!spki) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to set SPKI, NSS error #%d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + + UniqueCERTCertificateRequest certreq( + CERT_CreateCertificateRequest(subjectName.get(), spki.get(), nullptr)); + if (!certreq) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to gen CSR, NSS error #%d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + + PRTime now = PR_Now(); + PRTime notBefore = now - kExpirationSlack; + PRTime notAfter = now + kExpirationLife; + + UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter)); + if (!validity) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to gen validity, NSS error #%d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + + unsigned long serial; + unsigned char* serialBytes = + mozilla::BitwiseCast(&serial); + SECStatus srv = PK11_GenerateRandomOnSlot(aSlot.get(), serialBytes, + sizeof(serial)); + if (srv != SECSuccess) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to gen serial, NSS error #%d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + // Ensure that the most significant bit isn't set (which would + // indicate a negative number, which isn't valid for serial + // numbers). + serialBytes[0] &= 0x7f; + // Also ensure that the least significant bit on the most + // significant byte is set (to prevent a leading zero byte, + // which also wouldn't be valid). + serialBytes[0] |= 0x01; + + aAttestCert = UniqueCERTCertificate( + CERT_CreateCertificate(serial, subjectName.get(), validity.get(), + certreq.get())); + if (!aAttestCert) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to gen certificate, NSS error #%d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + + PLArenaPool* arena = aAttestCert->arena; + + srv = SECOID_SetAlgorithmID(arena, &aAttestCert->signature, + SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, + /* wincx */ nullptr); + if (srv != SECSuccess) { + return NS_ERROR_FAILURE; + } + + // Set version to X509v3. + *(aAttestCert->version.data) = SEC_CERTIFICATE_VERSION_3; + aAttestCert->version.len = 1; + + SECItem innerDER = { siBuffer, nullptr, 0 }; + if (!SEC_ASN1EncodeItem(arena, &innerDER, aAttestCert.get(), + SEC_ASN1_GET(CERT_CertificateTemplate))) { + return NS_ERROR_FAILURE; + } + + SECItem* signedCert = PORT_ArenaZNew(arena, SECItem); + if (!signedCert) { + return NS_ERROR_FAILURE; + } + + srv = SEC_DerSignData(arena, signedCert, innerDER.data, innerDER.len, + aAttestPrivKey.get(), + SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE); + if (srv != SECSuccess) { + return NS_ERROR_FAILURE; + } + aAttestCert->derCert = *signedCert; + + MOZ_LOG(gNSSTokenLog, LogLevel::Debug, + ("U2F Soft Token attestation certificate generated.")); + return NS_OK; +} + +// Set up the context for the soft U2F Token. This is called by NSS +// initialization. +NS_IMETHODIMP +nsNSSU2FToken::Init() +{ + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(!mInitialized); + if (mInitialized) { + return NS_ERROR_FAILURE; + } + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + MOZ_ASSERT(slot.get()); + + // Search for an existing wrapping key, or create one. + nsresult rv = GetOrCreateWrappingKey(slot, locker); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + mInitialized = true; + MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("U2F Soft Token initialized.")); + return NS_OK; +} + +// Convert a Private Key object into an opaque key handle, using AES Key Wrap +// and aWrappingKey to convert aPrivKey. +static UniqueSECItem +KeyHandleFromPrivateKey(const UniquePK11SlotInfo& aSlot, + const UniquePK11SymKey& aWrappingKey, + const UniqueSECKEYPrivateKey& aPrivKey, + const nsNSSShutDownPreventionLock&) +{ + MOZ_ASSERT(aSlot); + MOZ_ASSERT(aWrappingKey); + MOZ_ASSERT(aPrivKey); + if (!aSlot || !aWrappingKey || !aPrivKey) { + return nullptr; + } + + UniqueSECItem wrappedKey(SECITEM_AllocItem(/* default arena */ nullptr, + /* no buffer */ nullptr, + kWrappedKeyBufLen)); + if (!wrappedKey) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to allocate memory, NSS error #%d", PORT_GetError())); + return nullptr; + } + + UniqueSECItem param(PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP_PAD, + /* default IV */ nullptr )); + + SECStatus srv = PK11_WrapPrivKey(aSlot.get(), aWrappingKey.get(), + aPrivKey.get(), CKM_NSS_AES_KEY_WRAP_PAD, + param.get(), wrappedKey.get(), + /* wincx */ nullptr); + if (srv != SECSuccess) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Failed to wrap U2F key, NSS error #%d", PORT_GetError())); + return nullptr; + } + + return wrappedKey; +} + +// Convert an opaque key handle aKeyHandle back into a Private Key object, using +// aWrappingKey and the AES Key Wrap algorithm. +static UniqueSECKEYPrivateKey +PrivateKeyFromKeyHandle(const UniquePK11SlotInfo& aSlot, + const UniquePK11SymKey& aWrappingKey, + uint8_t* aKeyHandle, uint32_t aKeyHandleLen, + const nsNSSShutDownPreventionLock&) +{ + MOZ_ASSERT(aSlot); + MOZ_ASSERT(aWrappingKey); + MOZ_ASSERT(aKeyHandle); + if (!aSlot || !aWrappingKey || !aKeyHandle) { + return nullptr; + } + + ScopedAutoSECItem pubKey(kPublicKeyLen); + + ScopedAutoSECItem keyHandleItem(aKeyHandleLen); + memcpy(keyHandleItem.data, aKeyHandle, keyHandleItem.len); + + UniqueSECItem param(PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP_PAD, + /* default IV */ nullptr )); + + CK_ATTRIBUTE_TYPE usages[] = { CKA_SIGN }; + int usageCount = 1; + + UniqueSECKEYPrivateKey unwrappedKey( + PK11_UnwrapPrivKey(aSlot.get(), aWrappingKey.get(), CKM_NSS_AES_KEY_WRAP_PAD, + param.get(), &keyHandleItem, + /* no nickname */ nullptr, + /* discard pubkey */ &pubKey, + /* not permanent */ false, + /* non-exportable */ true, + CKK_EC, usages, usageCount, + /* wincx */ nullptr)); + if (!unwrappedKey) { + // Not our key. + MOZ_LOG(gNSSTokenLog, LogLevel::Debug, + ("Could not unwrap key handle, NSS Error #%d", PORT_GetError())); + return nullptr; + } + + return unwrappedKey; +} + +// Return whether the provided version is supported by this token. +NS_IMETHODIMP +nsNSSU2FToken::IsCompatibleVersion(const nsAString& aVersion, bool* aResult) +{ + NS_ENSURE_ARG_POINTER(aResult); + MOZ_ASSERT(mInitialized); + *aResult = (mVersion == aVersion); + return NS_OK; +} + +// IsRegistered determines if the provided key handle is usable by this token. +NS_IMETHODIMP +nsNSSU2FToken::IsRegistered(uint8_t* aKeyHandle, uint32_t aKeyHandleLen, + bool* aResult) +{ + NS_ENSURE_ARG_POINTER(aKeyHandle); + NS_ENSURE_ARG_POINTER(aResult); + + if (!NS_IsMainThread()) { + NS_ERROR("nsNSSU2FToken::IsRegistered called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_FAILURE; + } + + MOZ_ASSERT(mInitialized); + if (!mInitialized) { + return NS_ERROR_FAILURE; + } + + UniquePK11SlotInfo slot(PK11_GetInternalSlot()); + MOZ_ASSERT(slot.get()); + + // Decode the key handle + UniqueSECKEYPrivateKey privKey = PrivateKeyFromKeyHandle(slot, mWrappingKey, + aKeyHandle, + aKeyHandleLen, + locker); + *aResult = (privKey.get() != nullptr); + return NS_OK; +} + +// A U2F Register operation causes a new key pair to be generated by the token. +// The token then returns the public key of the key pair, and a handle to the +// private key, which is a fancy way of saying "key wrapped private key", as +// well as the generated attestation certificate and a signature using that +// certificate's private key. +// +// The KeyHandleFromPrivateKey and PrivateKeyFromKeyHandle methods perform +// the actual key wrap/unwrap operations. +// +// The format of the return registration data is as follows: +// +// Bytes Value +// 1 0x05 +// 65 public key +// 1 key handle length +// * key handle +// ASN.1 attestation certificate +// * attestation signature +// +NS_IMETHODIMP +nsNSSU2FToken::Register(uint8_t* aApplication, + uint32_t aApplicationLen, + uint8_t* aChallenge, + uint32_t aChallengeLen, + uint8_t** aRegistration, + uint32_t* aRegistrationLen) +{ + NS_ENSURE_ARG_POINTER(aApplication); + NS_ENSURE_ARG_POINTER(aChallenge); + NS_ENSURE_ARG_POINTER(aRegistration); + NS_ENSURE_ARG_POINTER(aRegistrationLen); + + if (!NS_IsMainThread()) { + NS_ERROR("nsNSSU2FToken::Register called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + MOZ_ASSERT(mInitialized); + if (!mInitialized) { + return NS_ERROR_NOT_INITIALIZED; + } + + // We should already have a wrapping key + MOZ_ASSERT(mWrappingKey); + + UniquePK11SlotInfo slot(PK11_GetInternalSlot()); + MOZ_ASSERT(slot.get()); + + // Construct a one-time-use Attestation Certificate + UniqueSECKEYPrivateKey attestPrivKey; + UniqueCERTCertificate attestCert; + nsresult rv = GetAttestationCertificate(slot, attestPrivKey, attestCert, + locker); + if (NS_WARN_IF(NS_FAILED(rv))) { + return NS_ERROR_FAILURE; + } + MOZ_ASSERT(attestCert); + MOZ_ASSERT(attestPrivKey); + + // Generate a new keypair; the private will be wrapped into a Key Handle + UniqueSECKEYPrivateKey privKey; + UniqueSECKEYPublicKey pubKey; + rv = GenEcKeypair(slot, privKey, pubKey, locker); + if (NS_WARN_IF(NS_FAILED(rv))) { + return NS_ERROR_FAILURE; + } + + // The key handle will be the result of keywrap(privKey, key=mWrappingKey) + UniqueSECItem keyHandleItem = KeyHandleFromPrivateKey(slot, mWrappingKey, + privKey, locker); + if (!keyHandleItem.get()) { + return NS_ERROR_FAILURE; + } + + // Sign the challenge using the Attestation privkey (from attestCert) + mozilla::dom::CryptoBuffer signedDataBuf; + if (!signedDataBuf.SetCapacity(1 + aApplicationLen + aChallengeLen + + keyHandleItem->len + kPublicKeyLen, + mozilla::fallible)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + // It's OK to ignore the return values here because we're writing into + // pre-allocated space + signedDataBuf.AppendElement(0x00, mozilla::fallible); + signedDataBuf.AppendElements(aApplication, aApplicationLen, mozilla::fallible); + signedDataBuf.AppendElements(aChallenge, aChallengeLen, mozilla::fallible); + signedDataBuf.AppendSECItem(keyHandleItem.get()); + signedDataBuf.AppendSECItem(pubKey->u.ec.publicValue); + + ScopedAutoSECItem signatureItem; + SECStatus srv = SEC_SignData(&signatureItem, signedDataBuf.Elements(), + signedDataBuf.Length(), attestPrivKey.get(), + SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE); + if (srv != SECSuccess) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Signature failure: %d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + + // Serialize the registration data + mozilla::dom::CryptoBuffer registrationBuf; + if (!registrationBuf.SetCapacity(1 + kPublicKeyLen + 1 + keyHandleItem->len + + attestCert.get()->derCert.len + + signatureItem.len, mozilla::fallible)) { + return NS_ERROR_OUT_OF_MEMORY; + } + registrationBuf.AppendElement(0x05, mozilla::fallible); + registrationBuf.AppendSECItem(pubKey->u.ec.publicValue); + registrationBuf.AppendElement(keyHandleItem->len, mozilla::fallible); + registrationBuf.AppendSECItem(keyHandleItem.get()); + registrationBuf.AppendSECItem(attestCert.get()->derCert); + registrationBuf.AppendSECItem(signatureItem); + if (!registrationBuf.ToNewUnsignedBuffer(aRegistration, aRegistrationLen)) { + return NS_ERROR_FAILURE; + } + + return NS_OK; +} + +// A U2F Sign operation creates a signature over the "param" arguments (plus +// some other stuff) using the private key indicated in the key handle argument. +// +// The format of the signed data is as follows: +// +// 32 Application parameter +// 1 User presence (0x01) +// 4 Counter +// 32 Challenge parameter +// +// The format of the signature data is as follows: +// +// 1 User presence +// 4 Counter +// * Signature +// +NS_IMETHODIMP +nsNSSU2FToken::Sign(uint8_t* aApplication, uint32_t aApplicationLen, + uint8_t* aChallenge, uint32_t aChallengeLen, + uint8_t* aKeyHandle, uint32_t aKeyHandleLen, + uint8_t** aSignature, uint32_t* aSignatureLen) +{ + NS_ENSURE_ARG_POINTER(aApplication); + NS_ENSURE_ARG_POINTER(aChallenge); + NS_ENSURE_ARG_POINTER(aKeyHandle); + NS_ENSURE_ARG_POINTER(aKeyHandleLen); + NS_ENSURE_ARG_POINTER(aSignature); + NS_ENSURE_ARG_POINTER(aSignatureLen); + + if (!NS_IsMainThread()) { + NS_ERROR("nsNSSU2FToken::Sign called off the main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + MOZ_ASSERT(mInitialized); + if (!mInitialized) { + return NS_ERROR_NOT_INITIALIZED; + } + + MOZ_ASSERT(mWrappingKey); + + UniquePK11SlotInfo slot(PK11_GetInternalSlot()); + MOZ_ASSERT(slot.get()); + + if ((aChallengeLen != kParamLen) || (aApplicationLen != kParamLen)) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Parameter lengths are wrong! challenge=%d app=%d expected=%d", + aChallengeLen, aApplicationLen, kParamLen)); + + return NS_ERROR_ILLEGAL_VALUE; + } + + // Decode the key handle + UniqueSECKEYPrivateKey privKey = PrivateKeyFromKeyHandle(slot, mWrappingKey, + aKeyHandle, + aKeyHandleLen, + locker); + if (!privKey.get()) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, ("Couldn't get the priv key!")); + return NS_ERROR_FAILURE; + } + + // Increment the counter and turn it into a SECItem + uint32_t counter = Preferences::GetUint(PREF_U2F_NSSTOKEN_COUNTER) + 1; + Preferences::SetUint(PREF_U2F_NSSTOKEN_COUNTER, counter); + ScopedAutoSECItem counterItem(4); + counterItem.data[0] = (counter >> 24) & 0xFF; + counterItem.data[1] = (counter >> 16) & 0xFF; + counterItem.data[2] = (counter >> 8) & 0xFF; + counterItem.data[3] = (counter >> 0) & 0xFF; + + // Compute the signature + mozilla::dom::CryptoBuffer signedDataBuf; + if (!signedDataBuf.SetCapacity(1 + 4 + (2 * kParamLen), mozilla::fallible)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + // It's OK to ignore the return values here because we're writing into + // pre-allocated space + signedDataBuf.AppendElements(aApplication, aApplicationLen, mozilla::fallible); + signedDataBuf.AppendElement(0x01, mozilla::fallible); + signedDataBuf.AppendSECItem(counterItem); + signedDataBuf.AppendElements(aChallenge, aChallengeLen, mozilla::fallible); + + ScopedAutoSECItem signatureItem; + SECStatus srv = SEC_SignData(&signatureItem, signedDataBuf.Elements(), + signedDataBuf.Length(), privKey.get(), + SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE); + if (srv != SECSuccess) { + MOZ_LOG(gNSSTokenLog, LogLevel::Warning, + ("Signature failure: %d", PORT_GetError())); + return NS_ERROR_FAILURE; + } + + // Assemble the signature data into a buffer for return + mozilla::dom::CryptoBuffer signatureBuf; + if (!signatureBuf.SetCapacity(1 + counterItem.len + signatureItem.len, + mozilla::fallible)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + // It's OK to ignore the return values here because we're writing into + // pre-allocated space + signatureBuf.AppendElement(0x01, mozilla::fallible); + signatureBuf.AppendSECItem(counterItem); + signatureBuf.AppendSECItem(signatureItem); + + if (!signatureBuf.ToNewUnsignedBuffer(aSignature, aSignatureLen)) { + return NS_ERROR_FAILURE; + } + return NS_OK; +} diff --git a/security/manager/ssl/nsNSSU2FToken.h b/security/manager/ssl/nsNSSU2FToken.h new file mode 100644 index 000000000..818e19a50 --- /dev/null +++ b/security/manager/ssl/nsNSSU2FToken.h @@ -0,0 +1,44 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSU2FToken_h +#define nsNSSU2FToken_h + +#include "nsINSSU2FToken.h" + +#include "nsNSSShutDown.h" +#include "ScopedNSSTypes.h" + +#define NS_NSSU2FTOKEN_CID \ + {0x79f95a6c, 0xd0f7, 0x4d7d, {0xae, 0xaa, 0xcd, 0x0a, 0x04, 0xb6, 0x50, 0x89}} + +class nsNSSU2FToken : public nsINSSU2FToken, + public nsNSSShutDownObject +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIU2FTOKEN + NS_DECL_NSINSSU2FTOKEN + + nsNSSU2FToken(); + + // For nsNSSShutDownObject + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); + +private: + bool mInitialized; + mozilla::UniquePK11SymKey mWrappingKey; + + static const nsCString mSecretNickname; + static const nsString mVersion; + + ~nsNSSU2FToken(); + nsresult GetOrCreateWrappingKey(const mozilla::UniquePK11SlotInfo& aSlot, + const nsNSSShutDownPreventionLock&); +}; + +#endif // nsNSSU2FToken_h diff --git a/security/manager/ssl/nsNSSVersion.cpp b/security/manager/ssl/nsNSSVersion.cpp new file mode 100644 index 000000000..854f7fb57 --- /dev/null +++ b/security/manager/ssl/nsNSSVersion.cpp @@ -0,0 +1,92 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSVersion.h" +#include "nsString.h" +#include "prinit.h" +#include "nss.h" +#include "nssutil.h" +#include "ssl.h" +#include "smime.h" + +NS_IMPL_ISUPPORTS(nsNSSVersion, nsINSSVersion) + +nsNSSVersion::nsNSSVersion() +{ +} + +nsNSSVersion::~nsNSSVersion() +{ +} + +NS_IMETHODIMP +nsNSSVersion::GetNSPR_Version(nsAString & v) +{ + CopyUTF8toUTF16(PR_GetVersion(), v); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSVersion::GetNSS_Version(nsAString & v) +{ + CopyUTF8toUTF16(NSS_GetVersion(), v); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSVersion::GetNSSUTIL_Version(nsAString & v) +{ + CopyUTF8toUTF16(NSSUTIL_GetVersion(), v); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSVersion::GetNSSSSL_Version(nsAString & v) +{ + CopyUTF8toUTF16(NSSSSL_GetVersion(), v); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSVersion::GetNSSSMIME_Version(nsAString & v) +{ + CopyUTF8toUTF16(NSSSMIME_GetVersion(), v); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSVersion::GetNSPR_MinVersion(nsAString & v) +{ + CopyUTF8toUTF16(PR_VERSION, v); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSVersion::GetNSS_MinVersion(nsAString & v) +{ + CopyUTF8toUTF16(NSS_VERSION, v); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSVersion::GetNSSUTIL_MinVersion(nsAString & v) +{ + CopyUTF8toUTF16(NSSUTIL_VERSION, v); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSVersion::GetNSSSSL_MinVersion(nsAString & v) +{ + CopyUTF8toUTF16(NSS_VERSION, v); + return NS_OK; +} + +NS_IMETHODIMP +nsNSSVersion::GetNSSSMIME_MinVersion(nsAString & v) +{ + CopyUTF8toUTF16(NSS_VERSION, v); + return NS_OK; +} diff --git a/security/manager/ssl/nsNSSVersion.h b/security/manager/ssl/nsNSSVersion.h new file mode 100644 index 000000000..277a552e0 --- /dev/null +++ b/security/manager/ssl/nsNSSVersion.h @@ -0,0 +1,27 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _NS_NSSVERSION_H_ +#define _NS_NSSVERSION_H_ + +#include "nsINSSVersion.h" +#include "mozilla/Attributes.h" + +class nsNSSVersion final : public nsINSSVersion +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSINSSVERSION + + nsNSSVersion(); + +private: + ~nsNSSVersion(); +}; + +#define NS_NSSVERSION_CID \ + { 0x23ad3531, 0x11d2, 0x4e8e, { 0x80, 0x5a, 0x6a, 0x75, 0x2e, 0x91, 0x68, 0x1a } } + +#endif diff --git a/security/manager/ssl/nsNTLMAuthModule.cpp b/security/manager/ssl/nsNTLMAuthModule.cpp new file mode 100644 index 000000000..a0564118a --- /dev/null +++ b/security/manager/ssl/nsNTLMAuthModule.cpp @@ -0,0 +1,1179 @@ +/* vim:set ts=2 sw=2 et cindent: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNTLMAuthModule.h" + +#include + +#include "ScopedNSSTypes.h" +#include "md4.h" +#include "mozilla/Base64.h" +#include "mozilla/Casting.h" +#include "mozilla/CheckedInt.h" +#include "mozilla/EndianUtils.h" +#include "mozilla/Likely.h" +#include "mozilla/Logging.h" +#include "mozilla/Preferences.h" +#include "mozilla/Sprintf.h" +#include "mozilla/Telemetry.h" +#include "nsCOMPtr.h" +#include "nsComponentManagerUtils.h" +#include "nsICryptoHMAC.h" +#include "nsICryptoHash.h" +#include "nsIKeyModule.h" +#include "nsKeyModule.h" +#include "nsNSSShutDown.h" +#include "nsNativeCharsetUtils.h" +#include "nsNetCID.h" +#include "nsUnicharUtils.h" +#include "pk11pub.h" +#include "prsystem.h" + +static bool sNTLMv1Forced = false; +static mozilla::LazyLogModule sNTLMLog("NTLM"); + +#define LOG(x) MOZ_LOG(sNTLMLog, mozilla::LogLevel::Debug, x) +#define LOG_ENABLED() MOZ_LOG_TEST(sNTLMLog, mozilla::LogLevel::Debug) + +static void des_makekey(const uint8_t *raw, uint8_t *key); +static void des_encrypt(const uint8_t *key, const uint8_t *src, uint8_t *hash); + +//----------------------------------------------------------------------------- +// this file contains a cross-platform NTLM authentication implementation. it +// is based on documentation from: http://davenport.sourceforge.net/ntlm.html +//----------------------------------------------------------------------------- + +#define NTLM_NegotiateUnicode 0x00000001 +#define NTLM_NegotiateOEM 0x00000002 +#define NTLM_RequestTarget 0x00000004 +#define NTLM_Unknown1 0x00000008 +#define NTLM_NegotiateSign 0x00000010 +#define NTLM_NegotiateSeal 0x00000020 +#define NTLM_NegotiateDatagramStyle 0x00000040 +#define NTLM_NegotiateLanManagerKey 0x00000080 +#define NTLM_NegotiateNetware 0x00000100 +#define NTLM_NegotiateNTLMKey 0x00000200 +#define NTLM_Unknown2 0x00000400 +#define NTLM_Unknown3 0x00000800 +#define NTLM_NegotiateDomainSupplied 0x00001000 +#define NTLM_NegotiateWorkstationSupplied 0x00002000 +#define NTLM_NegotiateLocalCall 0x00004000 +#define NTLM_NegotiateAlwaysSign 0x00008000 +#define NTLM_TargetTypeDomain 0x00010000 +#define NTLM_TargetTypeServer 0x00020000 +#define NTLM_TargetTypeShare 0x00040000 +#define NTLM_NegotiateNTLM2Key 0x00080000 +#define NTLM_RequestInitResponse 0x00100000 +#define NTLM_RequestAcceptResponse 0x00200000 +#define NTLM_RequestNonNTSessionKey 0x00400000 +#define NTLM_NegotiateTargetInfo 0x00800000 +#define NTLM_Unknown4 0x01000000 +#define NTLM_Unknown5 0x02000000 +#define NTLM_Unknown6 0x04000000 +#define NTLM_Unknown7 0x08000000 +#define NTLM_Unknown8 0x10000000 +#define NTLM_Negotiate128 0x20000000 +#define NTLM_NegotiateKeyExchange 0x40000000 +#define NTLM_Negotiate56 0x80000000 + +// we send these flags with our type 1 message +#define NTLM_TYPE1_FLAGS \ + (NTLM_NegotiateUnicode | \ + NTLM_NegotiateOEM | \ + NTLM_RequestTarget | \ + NTLM_NegotiateNTLMKey | \ + NTLM_NegotiateAlwaysSign | \ + NTLM_NegotiateNTLM2Key) + +static const char NTLM_SIGNATURE[] = "NTLMSSP"; +static const char NTLM_TYPE1_MARKER[] = { 0x01, 0x00, 0x00, 0x00 }; +static const char NTLM_TYPE2_MARKER[] = { 0x02, 0x00, 0x00, 0x00 }; +static const char NTLM_TYPE3_MARKER[] = { 0x03, 0x00, 0x00, 0x00 }; + +#define NTLM_TYPE1_HEADER_LEN 32 +#define NTLM_TYPE2_HEADER_LEN 48 +#define NTLM_TYPE3_HEADER_LEN 64 + +/** + * We don't actually send a LM response, but we still have to send something in this spot + */ +#define LM_RESP_LEN 24 + +#define NTLM_CHAL_LEN 8 + +#define NTLM_HASH_LEN 16 +#define NTLMv2_HASH_LEN 16 +#define NTLM_RESP_LEN 24 +#define NTLMv2_RESP_LEN 16 +#define NTLMv2_BLOB1_LEN 28 + +//----------------------------------------------------------------------------- + +/** + * Prints a description of flags to the NSPR Log, if enabled. + */ +static void LogFlags(uint32_t flags) +{ + if (!LOG_ENABLED()) + return; +#define TEST(_flag) \ + if (flags & NTLM_ ## _flag) \ + PR_LogPrint(" 0x%08x (" # _flag ")\n", NTLM_ ## _flag) + + TEST(NegotiateUnicode); + TEST(NegotiateOEM); + TEST(RequestTarget); + TEST(Unknown1); + TEST(NegotiateSign); + TEST(NegotiateSeal); + TEST(NegotiateDatagramStyle); + TEST(NegotiateLanManagerKey); + TEST(NegotiateNetware); + TEST(NegotiateNTLMKey); + TEST(Unknown2); + TEST(Unknown3); + TEST(NegotiateDomainSupplied); + TEST(NegotiateWorkstationSupplied); + TEST(NegotiateLocalCall); + TEST(NegotiateAlwaysSign); + TEST(TargetTypeDomain); + TEST(TargetTypeServer); + TEST(TargetTypeShare); + TEST(NegotiateNTLM2Key); + TEST(RequestInitResponse); + TEST(RequestAcceptResponse); + TEST(RequestNonNTSessionKey); + TEST(NegotiateTargetInfo); + TEST(Unknown4); + TEST(Unknown5); + TEST(Unknown6); + TEST(Unknown7); + TEST(Unknown8); + TEST(Negotiate128); + TEST(NegotiateKeyExchange); + TEST(Negotiate56); + +#undef TEST +} + +/** + * Prints a hexdump of buf to the NSPR Log, if enabled. + * @param tag Description of the data, will be printed in front of the data + * @param buf the data to print + * @param bufLen length of the data + */ +static void +LogBuf(const char *tag, const uint8_t *buf, uint32_t bufLen) +{ + int i; + + if (!LOG_ENABLED()) + return; + + PR_LogPrint("%s =\n", tag); + char line[80]; + while (bufLen > 0) + { + int count = bufLen; + if (count > 8) + count = 8; + + strcpy(line, " "); + for (i=0; i(token), tokenLen); + nsAutoCString base64Token; + nsresult rv = mozilla::Base64Encode(tokenString, base64Token); + if (NS_FAILED(rv)) { + return; + } + + PR_LogPrint("%s: %s\n", name, base64Token.get()); +} + +//----------------------------------------------------------------------------- + +// byte order swapping +#define SWAP16(x) ((((x) & 0xff) << 8) | (((x) >> 8) & 0xff)) +#define SWAP32(x) ((SWAP16((x) & 0xffff) << 16) | (SWAP16((x) >> 16))) + +static void * +WriteBytes(void *buf, const void *data, uint32_t dataLen) +{ + memcpy(buf, data, dataLen); + return (uint8_t *) buf + dataLen; +} + +static void * +WriteDWORD(void *buf, uint32_t dword) +{ +#ifdef IS_BIG_ENDIAN + // NTLM uses little endian on the wire + dword = SWAP32(dword); +#endif + return WriteBytes(buf, &dword, sizeof(dword)); +} + +static void * +WriteSecBuf(void *buf, uint16_t length, uint32_t offset) +{ +#ifdef IS_BIG_ENDIAN + length = SWAP16(length); + offset = SWAP32(offset); +#endif + buf = WriteBytes(buf, &length, sizeof(length)); + buf = WriteBytes(buf, &length, sizeof(length)); + buf = WriteBytes(buf, &offset, sizeof(offset)); + return buf; +} + +#ifdef IS_BIG_ENDIAN +/** + * WriteUnicodeLE copies a unicode string from one buffer to another. The + * resulting unicode string is in little-endian format. The input string is + * assumed to be in the native endianness of the local machine. It is safe + * to pass the same buffer as both input and output, which is a handy way to + * convert the unicode buffer to little-endian on big-endian platforms. + */ +static void * +WriteUnicodeLE(void *buf, const char16_t *str, uint32_t strLen) +{ + // convert input string from BE to LE + uint8_t *cursor = (uint8_t *) buf, + *input = (uint8_t *) str; + for (uint32_t i=0; i(inBuf); + + // verify NTLMSSP signature + if (memcmp(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) != 0) + return NS_ERROR_UNEXPECTED; + + cursor += sizeof(NTLM_SIGNATURE); + + // verify Type-2 marker + if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0) + return NS_ERROR_UNEXPECTED; + + cursor += sizeof(NTLM_TYPE2_MARKER); + + // Read target name security buffer: ... + // ... read target length. + uint32_t targetLen = ReadUint16(cursor); + // ... skip next 16-bit "allocated space" value. + ReadUint16(cursor); + // ... read offset from inBuf. + uint32_t offset = ReadUint32(cursor); + mozilla::CheckedInt targetEnd = offset; + targetEnd += targetLen; + // Check the offset / length combo is in range of the input buffer, including + // integer overflow checking. + if (MOZ_LIKELY(targetEnd.isValid() && targetEnd.value() <= inLen)) { + msg->targetLen = targetLen; + msg->target = static_cast(inBuf) + offset; + } else { + // Do not error out, for (conservative) backward compatibility. + msg->targetLen = 0; + msg->target = nullptr; + } + + // read flags + msg->flags = ReadUint32(cursor); + + // read challenge + memcpy(msg->challenge, cursor, sizeof(msg->challenge)); + cursor += sizeof(msg->challenge); + + LOG(("NTLM type 2 message:\n")); + LogBuf("target", msg->target, msg->targetLen); + LogBuf("flags", + mozilla::BitwiseCast(&msg->flags), 4); + LogFlags(msg->flags); + LogBuf("challenge", msg->challenge, sizeof(msg->challenge)); + + // Read (and skip) the reserved field + ReadUint32(cursor); + ReadUint32(cursor); + // Read target name security buffer: ... + // ... read target length. + uint32_t targetInfoLen = ReadUint16(cursor); + // ... skip next 16-bit "allocated space" value. + ReadUint16(cursor); + // ... read offset from inBuf. + offset = ReadUint32(cursor); + mozilla::CheckedInt targetInfoEnd = offset; + targetInfoEnd += targetInfoLen; + // Check the offset / length combo is in range of the input buffer, including + // integer overflow checking. + if (MOZ_LIKELY(targetInfoEnd.isValid() && targetInfoEnd.value() <= inLen)) { + msg->targetInfoLen = targetInfoLen; + msg->targetInfo = static_cast(inBuf) + offset; + } else { + NS_ERROR("failed to get NTLMv2 target info"); + return NS_ERROR_UNEXPECTED; + } + + return NS_OK; +} + +static nsresult +GenerateType3Msg(const nsString &domain, + const nsString &username, + const nsString &password, + const void *inBuf, + uint32_t inLen, + void **outBuf, + uint32_t *outLen) +{ + // inBuf contains Type-2 msg (the challenge) from server + MOZ_ASSERT(NS_IsMainThread()); + nsresult rv; + Type2Msg msg; + + rv = ParseType2Msg(inBuf, inLen, &msg); + if (NS_FAILED(rv)) + return rv; + + bool unicode = (msg.flags & NTLM_NegotiateUnicode); + + // There is no negotiation for NTLMv2, so we just do it unless we are forced + // by explict user configuration to use the older DES-based cryptography. + bool ntlmv2 = (sNTLMv1Forced == false); + + // temporary buffers for unicode strings +#ifdef IS_BIG_ENDIAN + nsAutoString ucsDomainBuf, ucsUserBuf; +#endif + nsAutoCString hostBuf; + nsAutoString ucsHostBuf; + // temporary buffers for oem strings + nsAutoCString oemDomainBuf, oemUserBuf, oemHostBuf; + // pointers and lengths for the string buffers; encoding is unicode if + // the "negotiate unicode" flag was set in the Type-2 message. + const void *domainPtr, *userPtr, *hostPtr; + uint32_t domainLen, userLen, hostLen; + + // This is for NTLM, for NTLMv2 we set the new full length once we know it + mozilla::CheckedInt ntlmRespLen = NTLM_RESP_LEN; + + // + // get domain name + // + if (unicode) + { +#ifdef IS_BIG_ENDIAN + ucsDomainBuf = domain; + domainPtr = ucsDomainBuf.get(); + domainLen = ucsDomainBuf.Length() * 2; + WriteUnicodeLE(const_cast(domainPtr), + static_cast(domainPtr), + ucsDomainBuf.Length()); +#else + domainPtr = domain.get(); + domainLen = domain.Length() * 2; +#endif + } + else + { + NS_CopyUnicodeToNative(domain, oemDomainBuf); + domainPtr = oemDomainBuf.get(); + domainLen = oemDomainBuf.Length(); + } + + // + // get user name + // + if (unicode) + { +#ifdef IS_BIG_ENDIAN + ucsUserBuf = username; + userPtr = ucsUserBuf.get(); + userLen = ucsUserBuf.Length() * 2; + WriteUnicodeLE(const_cast(userPtr), + static_cast(userPtr), + ucsUserBuf.Length()); +#else + userPtr = username.get(); + userLen = username.Length() * 2; +#endif + } + else + { + NS_CopyUnicodeToNative(username, oemUserBuf); + userPtr = oemUserBuf.get(); + userLen = oemUserBuf.Length(); + } + + // + // get workstation name + // (do not use local machine's hostname after bug 1046421) + // + rv = mozilla::Preferences::GetCString("network.generic-ntlm-auth.workstation", + &hostBuf); + if (NS_FAILED(rv)) { + return rv; + } + + if (unicode) + { + ucsHostBuf = NS_ConvertUTF8toUTF16(hostBuf); + hostPtr = ucsHostBuf.get(); + hostLen = ucsHostBuf.Length() * 2; +#ifdef IS_BIG_ENDIAN + WriteUnicodeLE(const_cast(hostPtr), + static_cast(hostPtr), + ucsHostBuf.Length()); +#endif + } + else + { + hostPtr = hostBuf.get(); + hostLen = hostBuf.Length(); + } + + // + // now that we have generated all of the strings, we can allocate outBuf. + // + // + // next, we compute the NTLM or NTLM2 responses. + // + uint8_t lmResp[LM_RESP_LEN]; + uint8_t ntlmResp[NTLM_RESP_LEN]; + uint8_t ntlmv2Resp[NTLMv2_RESP_LEN]; + uint8_t ntlmHash[NTLM_HASH_LEN]; + uint8_t ntlmv2_blob1[NTLMv2_BLOB1_LEN]; + if (ntlmv2) { + // NTLMv2 mode, the default + nsString userUpper, domainUpper; + nsAutoCString ntlmHashStr; + nsAutoCString ntlmv2HashStr; + nsAutoCString lmv2ResponseStr; + nsAutoCString ntlmv2ResponseStr; + + // temporary buffers for unicode strings + nsAutoString ucsDomainUpperBuf; + nsAutoString ucsUserUpperBuf; + const void *domainUpperPtr; + const void *userUpperPtr; + uint32_t domainUpperLen; + uint32_t userUpperLen; + + if (msg.targetInfoLen == 0) { + NS_ERROR("failed to get NTLMv2 target info, can not do NTLMv2"); + return NS_ERROR_UNEXPECTED; + } + + ToUpperCase(username, ucsUserUpperBuf); + userUpperPtr = ucsUserUpperBuf.get(); + userUpperLen = ucsUserUpperBuf.Length() * 2; +#ifdef IS_BIG_ENDIAN + WriteUnicodeLE(const_cast(userUpperPtr), + static_cast(userUpperPtr), + ucsUserUpperBuf.Length()); +#endif + ToUpperCase(domain, ucsDomainUpperBuf); + domainUpperPtr = ucsDomainUpperBuf.get(); + domainUpperLen = ucsDomainUpperBuf.Length() * 2; +#ifdef IS_BIG_ENDIAN + WriteUnicodeLE(const_cast(domainUpperPtr), + static_cast(domainUpperPtr), + ucsDomainUpperBuf.Length()); +#endif + + NTLM_Hash(password, ntlmHash); + ntlmHashStr = nsAutoCString( + mozilla::BitwiseCast(ntlmHash), NTLM_HASH_LEN); + + nsCOMPtr keyFactory = + do_CreateInstance(NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &rv); + + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr ntlmKey = + do_CreateInstance(NS_KEYMODULEOBJECT_CONTRACTID, &rv); + if (NS_FAILED(rv)) { + return rv; + } + + rv = keyFactory->KeyFromString(nsIKeyObject::HMAC, ntlmHashStr, getter_AddRefs(ntlmKey)); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr hasher = + do_CreateInstance(NS_CRYPTO_HMAC_CONTRACTID, &rv); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Init(nsICryptoHMAC::MD5, ntlmKey); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Update(static_cast(userUpperPtr), userUpperLen); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Update(static_cast(domainUpperPtr), + domainUpperLen); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Finish(false, ntlmv2HashStr); + if (NS_FAILED(rv)) { + return rv; + } + + uint8_t client_random[NTLM_CHAL_LEN]; + PK11_GenerateRandom(client_random, NTLM_CHAL_LEN); + + nsCOMPtr ntlmv2Key = + do_CreateInstance(NS_KEYMODULEOBJECT_CONTRACTID, &rv); + if (NS_FAILED(rv)) { + return rv; + } + + // Prepare the LMv2 response + rv = keyFactory->KeyFromString(nsIKeyObject::HMAC, ntlmv2HashStr, getter_AddRefs(ntlmv2Key)); + if (NS_FAILED(rv)) { + return rv; + } + + rv = hasher->Init(nsICryptoHMAC::MD5, ntlmv2Key); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Update(msg.challenge, NTLM_CHAL_LEN); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Update(client_random, NTLM_CHAL_LEN); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Finish(false, lmv2ResponseStr); + if (NS_FAILED(rv)) { + return rv; + } + + if (lmv2ResponseStr.Length() != NTLMv2_HASH_LEN) { + return NS_ERROR_UNEXPECTED; + } + + memcpy(lmResp, lmv2ResponseStr.get(), NTLMv2_HASH_LEN); + memcpy(lmResp + NTLMv2_HASH_LEN, client_random, NTLM_CHAL_LEN); + + memset(ntlmv2_blob1, 0, NTLMv2_BLOB1_LEN); + + time_t unix_time; + uint64_t nt_time = time(&unix_time); + nt_time += 11644473600LL; // Number of seconds betwen 1601 and 1970 + nt_time *= 1000 * 1000 * 10; // Convert seconds to 100 ns units + + ntlmv2_blob1[0] = 1; + ntlmv2_blob1[1] = 1; + mozilla::LittleEndian::writeUint64(&ntlmv2_blob1[8], nt_time); + PK11_GenerateRandom(&ntlmv2_blob1[16], NTLM_CHAL_LEN); + + rv = hasher->Init(nsICryptoHMAC::MD5, ntlmv2Key); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Update(msg.challenge, NTLM_CHAL_LEN); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Update(ntlmv2_blob1, NTLMv2_BLOB1_LEN); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Update(msg.targetInfo, msg.targetInfoLen); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Finish(false, ntlmv2ResponseStr); + if (NS_FAILED(rv)) { + return rv; + } + + if (ntlmv2ResponseStr.Length() != NTLMv2_RESP_LEN) { + return NS_ERROR_UNEXPECTED; + } + + memcpy(ntlmv2Resp, ntlmv2ResponseStr.get(), NTLMv2_RESP_LEN); + ntlmRespLen = NTLMv2_RESP_LEN + NTLMv2_BLOB1_LEN; + ntlmRespLen += msg.targetInfoLen; + if (!ntlmRespLen.isValid()) { + NS_ERROR("failed to do NTLMv2: integer overflow?!?"); + return NS_ERROR_UNEXPECTED; + } + } else if (msg.flags & NTLM_NegotiateNTLM2Key) { + // compute NTLM2 session response + nsCString sessionHashString; + + PK11_GenerateRandom(lmResp, NTLM_CHAL_LEN); + memset(lmResp + NTLM_CHAL_LEN, 0, LM_RESP_LEN - NTLM_CHAL_LEN); + + nsCOMPtr hasher = + do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Init(nsICryptoHash::MD5); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Update(msg.challenge, NTLM_CHAL_LEN); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Update(lmResp, NTLM_CHAL_LEN); + if (NS_FAILED(rv)) { + return rv; + } + rv = hasher->Finish(false, sessionHashString); + if (NS_FAILED(rv)) { + return rv; + } + + auto sessionHash = mozilla::BitwiseCast( + sessionHashString.get()); + + LogBuf("NTLM2 effective key: ", sessionHash, 8); + + NTLM_Hash(password, ntlmHash); + LM_Response(ntlmHash, sessionHash, ntlmResp); + } else { + NTLM_Hash(password, ntlmHash); + LM_Response(ntlmHash, msg.challenge, ntlmResp); + + // According to http://davenport.sourceforge.net/ntlm.html#ntlmVersion2, + // the correct way to not send the LM hash is to send the NTLM hash twice + // in both the LM and NTLM response fields. + LM_Response(ntlmHash, msg.challenge, lmResp); + } + + mozilla::CheckedInt totalLen = NTLM_TYPE3_HEADER_LEN + LM_RESP_LEN; + totalLen += hostLen; + totalLen += domainLen; + totalLen += userLen; + totalLen += ntlmRespLen.value(); + + if (!totalLen.isValid()) { + NS_ERROR("failed preparing to allocate NTLM response: integer overflow?!?"); + return NS_ERROR_FAILURE; + } + *outBuf = moz_xmalloc(totalLen.value()); + *outLen = totalLen.value(); + if (!*outBuf) { + return NS_ERROR_OUT_OF_MEMORY; + } + + // + // finally, we assemble the Type-3 msg :-) + // + void *cursor = *outBuf; + mozilla::CheckedInt offset; + + // 0 : signature + cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); + + // 8 : marker + cursor = WriteBytes(cursor, NTLM_TYPE3_MARKER, sizeof(NTLM_TYPE3_MARKER)); + + // 12 : LM response sec buf + offset = NTLM_TYPE3_HEADER_LEN; + offset += domainLen; + offset += userLen; + offset += hostLen; + if (!offset.isValid()) { + NS_ERROR("failed preparing to write NTLM response: integer overflow?!?"); + return NS_ERROR_UNEXPECTED; + } + cursor = WriteSecBuf(cursor, LM_RESP_LEN, offset.value()); + memcpy(static_cast(*outBuf) + offset.value(), lmResp, LM_RESP_LEN); + + // 20 : NTLM or NTLMv2 response sec buf + offset += LM_RESP_LEN; + if (!offset.isValid()) { + NS_ERROR("failed preparing to write NTLM response: integer overflow?!?"); + return NS_ERROR_UNEXPECTED; + } + cursor = WriteSecBuf(cursor, ntlmRespLen.value(), offset.value()); + if (ntlmv2) { + memcpy(static_cast(*outBuf) + offset.value(), ntlmv2Resp, + NTLMv2_RESP_LEN); + offset += NTLMv2_RESP_LEN; + if (!offset.isValid()) { + NS_ERROR("failed preparing to write NTLM response: integer overflow?!?"); + return NS_ERROR_UNEXPECTED; + } + memcpy(static_cast(*outBuf) + offset.value(), ntlmv2_blob1, + NTLMv2_BLOB1_LEN); + offset += NTLMv2_BLOB1_LEN; + if (!offset.isValid()) { + NS_ERROR("failed preparing to write NTLM response: integer overflow?!?"); + return NS_ERROR_UNEXPECTED; + } + memcpy(static_cast(*outBuf) + offset.value(), msg.targetInfo, + msg.targetInfoLen); + } else { + memcpy(static_cast(*outBuf) + offset.value(), ntlmResp, + NTLM_RESP_LEN); + } + // 28 : domain name sec buf + offset = NTLM_TYPE3_HEADER_LEN; + cursor = WriteSecBuf(cursor, domainLen, offset.value()); + memcpy(static_cast(*outBuf) + offset.value(), domainPtr, domainLen); + + // 36 : user name sec buf + offset += domainLen; + if (!offset.isValid()) { + NS_ERROR("failed preparing to write NTLM response: integer overflow?!?"); + return NS_ERROR_UNEXPECTED; + } + cursor = WriteSecBuf(cursor, userLen, offset.value()); + memcpy(static_cast(*outBuf) + offset.value(), userPtr, userLen); + + // 44 : workstation (host) name sec buf + offset += userLen; + if (!offset.isValid()) { + NS_ERROR("failed preparing to write NTLM response: integer overflow?!?"); + return NS_ERROR_UNEXPECTED; + } + cursor = WriteSecBuf(cursor, hostLen, offset.value()); + memcpy(static_cast(*outBuf) + offset.value(), hostPtr, hostLen); + + // 52 : session key sec buf (not used) + cursor = WriteSecBuf(cursor, 0, 0); + + // 60 : negotiated flags + cursor = WriteDWORD(cursor, msg.flags & NTLM_TYPE1_FLAGS); + + return NS_OK; +} + +//----------------------------------------------------------------------------- + +NS_IMPL_ISUPPORTS(nsNTLMAuthModule, nsIAuthModule) + +nsNTLMAuthModule::~nsNTLMAuthModule() +{ + ZapString(mPassword); +} + +nsresult +nsNTLMAuthModule::InitTest() +{ + static bool prefObserved = false; + if (!prefObserved) { + mozilla::Preferences::AddBoolVarCache( + &sNTLMv1Forced, "network.auth.force-generic-ntlm-v1", sNTLMv1Forced); + prefObserved = true; + } + + nsNSSShutDownPreventionLock locker; + // + // disable NTLM authentication when FIPS mode is enabled. + // + return PK11_IsFIPS() ? NS_ERROR_NOT_AVAILABLE : NS_OK; +} + +NS_IMETHODIMP +nsNTLMAuthModule::Init(const char *serviceName, + uint32_t serviceFlags, + const char16_t *domain, + const char16_t *username, + const char16_t *password) +{ + NS_ASSERTION((serviceFlags & ~nsIAuthModule::REQ_PROXY_AUTH) == nsIAuthModule::REQ_DEFAULT, + "unexpected service flags"); + + mDomain = domain; + mUsername = username; + mPassword = password; + mNTLMNegotiateSent = false; + + static bool sTelemetrySent = false; + if (!sTelemetrySent) { + mozilla::Telemetry::Accumulate( + mozilla::Telemetry::NTLM_MODULE_USED_2, + serviceFlags & nsIAuthModule::REQ_PROXY_AUTH + ? NTLM_MODULE_GENERIC_PROXY + : NTLM_MODULE_GENERIC_DIRECT); + sTelemetrySent = true; + } + + return NS_OK; +} + +NS_IMETHODIMP +nsNTLMAuthModule::GetNextToken(const void *inToken, + uint32_t inTokenLen, + void **outToken, + uint32_t *outTokenLen) +{ + nsresult rv; + nsNSSShutDownPreventionLock locker; + // + // disable NTLM authentication when FIPS mode is enabled. + // + if (PK11_IsFIPS()) + return NS_ERROR_NOT_AVAILABLE; + + if (mNTLMNegotiateSent) { + // if inToken is non-null, and we have sent the NTLMSSP_NEGOTIATE (type 1), + // then the NTLMSSP_CHALLENGE (type 2) is expected + if (inToken) { + LogToken("in-token", inToken, inTokenLen); + // Now generate the NTLMSSP_AUTH (type 3) + rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken, + inTokenLen, outToken, outTokenLen); + } else { + LOG(("NTLMSSP_NEGOTIATE already sent and presumably " + "rejected by the server, refusing to send another")); + rv = NS_ERROR_UNEXPECTED; + } + } else { + if (inToken) { + LOG(("NTLMSSP_NEGOTIATE not sent but NTLM reply already received?!?")); + rv = NS_ERROR_UNEXPECTED; + } else { + rv = GenerateType1Msg(outToken, outTokenLen); + if (NS_SUCCEEDED(rv)) { + mNTLMNegotiateSent = true; + } + } + } + + if (NS_SUCCEEDED(rv)) + LogToken("out-token", *outToken, *outTokenLen); + + return rv; +} + +NS_IMETHODIMP +nsNTLMAuthModule::Unwrap(const void *inToken, + uint32_t inTokenLen, + void **outToken, + uint32_t *outTokenLen) +{ + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsNTLMAuthModule::Wrap(const void *inToken, + uint32_t inTokenLen, + bool confidential, + void **outToken, + uint32_t *outTokenLen) +{ + return NS_ERROR_NOT_IMPLEMENTED; +} + +//----------------------------------------------------------------------------- +// DES support code + +// set odd parity bit (in least significant bit position) +static uint8_t +des_setkeyparity(uint8_t x) +{ + if ((((x >> 7) ^ (x >> 6) ^ (x >> 5) ^ + (x >> 4) ^ (x >> 3) ^ (x >> 2) ^ + (x >> 1)) & 0x01) == 0) + x |= 0x01; + else + x &= 0xfe; + return x; +} + +// build 64-bit des key from 56-bit raw key +static void +des_makekey(const uint8_t *raw, uint8_t *key) +{ + key[0] = des_setkeyparity(raw[0]); + key[1] = des_setkeyparity((raw[0] << 7) | (raw[1] >> 1)); + key[2] = des_setkeyparity((raw[1] << 6) | (raw[2] >> 2)); + key[3] = des_setkeyparity((raw[2] << 5) | (raw[3] >> 3)); + key[4] = des_setkeyparity((raw[3] << 4) | (raw[4] >> 4)); + key[5] = des_setkeyparity((raw[4] << 3) | (raw[5] >> 5)); + key[6] = des_setkeyparity((raw[5] << 2) | (raw[6] >> 6)); + key[7] = des_setkeyparity((raw[6] << 1)); +} + +// run des encryption algorithm (using NSS) +static void +des_encrypt(const uint8_t *key, const uint8_t *src, uint8_t *hash) +{ + CK_MECHANISM_TYPE cipherMech = CKM_DES_ECB; + PK11SymKey *symkey = nullptr; + PK11Context *ctxt = nullptr; + SECItem keyItem; + mozilla::UniqueSECItem param; + SECStatus rv; + unsigned int n; + + mozilla::UniquePK11SlotInfo slot(PK11_GetBestSlot(cipherMech, nullptr)); + if (!slot) + { + NS_ERROR("no slot"); + goto done; + } + + keyItem.data = const_cast(key); + keyItem.len = 8; + symkey = PK11_ImportSymKey(slot.get(), cipherMech, + PK11_OriginUnwrap, CKA_ENCRYPT, + &keyItem, nullptr); + if (!symkey) + { + NS_ERROR("no symkey"); + goto done; + } + + // no initialization vector required + param = mozilla::UniqueSECItem(PK11_ParamFromIV(cipherMech, nullptr)); + if (!param) + { + NS_ERROR("no param"); + goto done; + } + + ctxt = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT, + symkey, param.get()); + if (!ctxt) { + NS_ERROR("no context"); + goto done; + } + + rv = PK11_CipherOp(ctxt, hash, (int *) &n, 8, (uint8_t *) src, 8); + if (rv != SECSuccess) { + NS_ERROR("des failure"); + goto done; + } + + rv = PK11_DigestFinal(ctxt, hash+8, &n, 0); + if (rv != SECSuccess) { + NS_ERROR("des failure"); + goto done; + } + +done: + if (ctxt) + PK11_DestroyContext(ctxt, true); + if (symkey) + PK11_FreeSymKey(symkey); +} diff --git a/security/manager/ssl/nsNTLMAuthModule.h b/security/manager/ssl/nsNTLMAuthModule.h new file mode 100644 index 000000000..27bf2999f --- /dev/null +++ b/security/manager/ssl/nsNTLMAuthModule.h @@ -0,0 +1,44 @@ +/* vim:set ts=2 sw=2 et cindent: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNTLMAuthModule_h__ +#define nsNTLMAuthModule_h__ + +#include "nsIAuthModule.h" +#include "nsString.h" + +class nsNTLMAuthModule : public nsIAuthModule +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIAUTHMODULE + + nsNTLMAuthModule() {} + + nsresult InitTest(); + + static void SetSendLM(bool sendLM); + +protected: + virtual ~nsNTLMAuthModule(); + +private: + nsString mDomain; + nsString mUsername; + nsString mPassword; + bool mNTLMNegotiateSent; +}; + +#define NS_NTLMAUTHMODULE_CONTRACTID \ + NS_AUTH_MODULE_CONTRACTID_PREFIX "ntlm" +#define NS_NTLMAUTHMODULE_CID \ +{ /* a4e5888f-4fe4-4632-8e7e-745196ea7c70 */ \ + 0xa4e5888f, \ + 0x4fe4, \ + 0x4632, \ + {0x8e, 0x7e, 0x74, 0x51, 0x96, 0xea, 0x7c, 0x70} \ +} + +#endif // nsNTLMAuthModule_h__ diff --git a/security/manager/ssl/nsPK11TokenDB.cpp b/security/manager/ssl/nsPK11TokenDB.cpp new file mode 100644 index 000000000..7743b7d5d --- /dev/null +++ b/security/manager/ssl/nsPK11TokenDB.cpp @@ -0,0 +1,498 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#include "nsPK11TokenDB.h" + +#include + +#include "ScopedNSSTypes.h" +#include "mozilla/Casting.h" +#include "mozilla/Unused.h" +#include "nsIMutableArray.h" +#include "nsISupports.h" +#include "nsNSSComponent.h" +#include "nsPromiseFlatString.h" +#include "nsReadableUtils.h" +#include "nsServiceManagerUtils.h" +#include "prerror.h" +#include "secerr.h" + +extern mozilla::LazyLogModule gPIPNSSLog; + +NS_IMPL_ISUPPORTS(nsPK11Token, nsIPK11Token) + +nsPK11Token::nsPK11Token(PK11SlotInfo* slot) + : mUIContext(new PipUIContext()) +{ + MOZ_ASSERT(slot); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return; + + mSlot.reset(PK11_ReferenceSlot(slot)); + mSeries = PK11_GetSlotSeries(slot); + + Unused << refreshTokenInfo(locker); +} + +nsresult +nsPK11Token::refreshTokenInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + mTokenName = PK11_GetTokenName(mSlot.get()); + + CK_TOKEN_INFO tokInfo; + nsresult rv = MapSECStatus(PK11_GetTokenInfo(mSlot.get(), &tokInfo)); + if (NS_FAILED(rv)) { + return rv; + } + + // Set the Label field + const char* ccLabel = mozilla::BitwiseCast(tokInfo.label); + mTokenLabel.Assign(ccLabel, strnlen(ccLabel, sizeof(tokInfo.label))); + mTokenLabel.Trim(" ", false, true); + + // Set the Manufacturer field + const char* ccManID = + mozilla::BitwiseCast(tokInfo.manufacturerID); + mTokenManufacturerID.Assign( + ccManID, + strnlen(ccManID, sizeof(tokInfo.manufacturerID))); + mTokenManufacturerID.Trim(" ", false, true); + + // Set the Hardware Version field + mTokenHWVersion.Truncate(); + mTokenHWVersion.AppendInt(tokInfo.hardwareVersion.major); + mTokenHWVersion.Append('.'); + mTokenHWVersion.AppendInt(tokInfo.hardwareVersion.minor); + + // Set the Firmware Version field + mTokenFWVersion.Truncate(); + mTokenFWVersion.AppendInt(tokInfo.firmwareVersion.major); + mTokenFWVersion.Append('.'); + mTokenFWVersion.AppendInt(tokInfo.firmwareVersion.minor); + + // Set the Serial Number field + const char* ccSerial = + mozilla::BitwiseCast(tokInfo.serialNumber); + mTokenSerialNum.Assign(ccSerial, + strnlen(ccSerial, sizeof(tokInfo.serialNumber))); + mTokenSerialNum.Trim(" ", false, true); + + return NS_OK; +} + +nsPK11Token::~nsPK11Token() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +void +nsPK11Token::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void +nsPK11Token::destructorSafeDestroyNSSReference() +{ + mSlot = nullptr; +} + +nsresult +nsPK11Token::GetAttributeHelper(const nsACString& attribute, + /*out*/ nsACString& xpcomOutParam) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + // Handle removals/insertions. + if (PK11_GetSlotSeries(mSlot.get()) != mSeries) { + nsresult rv = refreshTokenInfo(locker); + if (NS_FAILED(rv)) { + return rv; + } + } + + xpcomOutParam = attribute; + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::GetTokenName(/*out*/ nsACString& tokenName) +{ + return GetAttributeHelper(mTokenName, tokenName); +} + +NS_IMETHODIMP +nsPK11Token::GetTokenLabel(/*out*/ nsACString& tokenLabel) +{ + return GetAttributeHelper(mTokenLabel, tokenLabel); +} + +NS_IMETHODIMP +nsPK11Token::GetTokenManID(/*out*/ nsACString& tokenManufacturerID) +{ + return GetAttributeHelper(mTokenManufacturerID, tokenManufacturerID); +} + +NS_IMETHODIMP +nsPK11Token::GetTokenHWVersion(/*out*/ nsACString& tokenHWVersion) +{ + return GetAttributeHelper(mTokenHWVersion, tokenHWVersion); +} + +NS_IMETHODIMP +nsPK11Token::GetTokenFWVersion(/*out*/ nsACString& tokenFWVersion) +{ + return GetAttributeHelper(mTokenFWVersion, tokenFWVersion); +} + +NS_IMETHODIMP +nsPK11Token::GetTokenSerialNumber(/*out*/ nsACString& tokenSerialNum) +{ + return GetAttributeHelper(mTokenSerialNum, tokenSerialNum); +} + +NS_IMETHODIMP +nsPK11Token::IsLoggedIn(bool* _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + *_retval = PK11_IsLoggedIn(mSlot.get(), 0); + + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::Login(bool force) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + nsresult rv; + bool test; + rv = this->NeedsLogin(&test); + if (NS_FAILED(rv)) return rv; + if (test && force) { + rv = this->LogoutSimple(); + if (NS_FAILED(rv)) return rv; + } + rv = setPassword(mSlot.get(), mUIContext, locker); + if (NS_FAILED(rv)) return rv; + + return MapSECStatus(PK11_Authenticate(mSlot.get(), true, mUIContext)); +} + +NS_IMETHODIMP +nsPK11Token::LogoutSimple() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + // PK11_Logout() can fail if the user wasn't logged in beforehand. We want + // this method to succeed even in this case, so we ignore the return value. + Unused << PK11_Logout(mSlot.get()); + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::LogoutAndDropAuthenticatedResources() +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + nsresult rv = LogoutSimple(); + + if (NS_FAILED(rv)) + return rv; + + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + if (NS_FAILED(rv)) + return rv; + + return nssComponent->LogoutAuthenticatedPK11(); +} + +NS_IMETHODIMP +nsPK11Token::Reset() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + return MapSECStatus(PK11_ResetToken(mSlot.get(), nullptr)); +} + +NS_IMETHODIMP +nsPK11Token::GetMinimumPasswordLength(int32_t* aMinimumPasswordLength) +{ + NS_ENSURE_ARG_POINTER(aMinimumPasswordLength); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + *aMinimumPasswordLength = PK11_GetMinimumPwdLength(mSlot.get()); + + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::GetNeedsUserInit(bool* aNeedsUserInit) +{ + NS_ENSURE_ARG_POINTER(aNeedsUserInit); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + *aNeedsUserInit = PK11_NeedUserInit(mSlot.get()); + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::CheckPassword(const nsACString& password, bool* _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + SECStatus srv = + PK11_CheckUserPassword(mSlot.get(), PromiseFlatCString(password).get()); + if (srv != SECSuccess) { + *_retval = false; + PRErrorCode error = PR_GetError(); + if (error != SEC_ERROR_BAD_PASSWORD) { + /* something really bad happened - throw an exception */ + return mozilla::psm::GetXPCOMFromNSSError(error); + } + } else { + *_retval = true; + } + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::InitPassword(const nsACString& initialPassword) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + return MapSECStatus( + PK11_InitPin(mSlot.get(), "", PromiseFlatCString(initialPassword).get())); +} + +NS_IMETHODIMP +nsPK11Token::GetAskPasswordTimes(int32_t* askTimes) +{ + NS_ENSURE_ARG_POINTER(askTimes); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + int askTimeout; + PK11_GetSlotPWValues(mSlot.get(), askTimes, &askTimeout); + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::GetAskPasswordTimeout(int32_t* askTimeout) +{ + NS_ENSURE_ARG_POINTER(askTimeout); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + int askTimes; + PK11_GetSlotPWValues(mSlot.get(), &askTimes, askTimeout); + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::SetAskPasswordDefaults(const int32_t askTimes, + const int32_t askTimeout) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + PK11_SetSlotPWValues(mSlot.get(), askTimes, askTimeout); + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::ChangePassword(const nsACString& oldPassword, + const nsACString& newPassword) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + // PK11_ChangePW() has different semantics for the empty string and for + // nullptr. In order to support this difference, we need to check IsVoid() to + // find out if our caller supplied null/undefined args or just empty strings. + // See Bug 447589. + return MapSECStatus(PK11_ChangePW( + mSlot.get(), + oldPassword.IsVoid() ? nullptr : PromiseFlatCString(oldPassword).get(), + newPassword.IsVoid() ? nullptr : PromiseFlatCString(newPassword).get())); +} + +NS_IMETHODIMP +nsPK11Token::IsHardwareToken(bool* _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + *_retval = PK11_IsHW(mSlot.get()); + + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::NeedsLogin(bool* _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + *_retval = PK11_NeedLogin(mSlot.get()); + + return NS_OK; +} + +NS_IMETHODIMP +nsPK11Token::IsFriendly(bool* _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + *_retval = PK11_IsFriendly(mSlot.get()); + + return NS_OK; +} + +/*=========================================================*/ + +NS_IMPL_ISUPPORTS(nsPK11TokenDB, nsIPK11TokenDB) + +nsPK11TokenDB::nsPK11TokenDB() +{ +} + +nsPK11TokenDB::~nsPK11TokenDB() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + shutdown(ShutdownCalledFrom::Object); +} + +NS_IMETHODIMP +nsPK11TokenDB::GetInternalKeyToken(nsIPK11Token** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr token = new nsPK11Token(slot.get()); + token.forget(_retval); + + return NS_OK; +} + +NS_IMETHODIMP +nsPK11TokenDB::FindTokenByName(const nsACString& tokenName, + /*out*/ nsIPK11Token** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniquePK11SlotInfo slot( + PK11_FindSlotByName(PromiseFlatCString(tokenName).get())); + if (!slot) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr token = new nsPK11Token(slot.get()); + token.forget(_retval); + + return NS_OK; +} + +NS_IMETHODIMP +nsPK11TokenDB::ListTokens(nsISimpleEnumerator** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsCOMPtr array = do_CreateInstance(NS_ARRAY_CONTRACTID); + if (!array) { + return NS_ERROR_FAILURE; + } + + *_retval = nullptr; + + UniquePK11SlotList list( + PK11_GetAllTokens(CKM_INVALID_MECHANISM, false, false, 0)); + if (!list) { + return NS_ERROR_FAILURE; + } + + for (PK11SlotListElement* le = PK11_GetFirstSafe(list.get()); le; + le = PK11_GetNextSafe(list.get(), le, false)) { + nsCOMPtr token = new nsPK11Token(le->slot); + nsresult rv = array->AppendElement(token, false); + if (NS_FAILED(rv)) { + return rv; + } + } + + return array->Enumerate(_retval); +} diff --git a/security/manager/ssl/nsPK11TokenDB.h b/security/manager/ssl/nsPK11TokenDB.h new file mode 100644 index 000000000..1d29e592f --- /dev/null +++ b/security/manager/ssl/nsPK11TokenDB.h @@ -0,0 +1,71 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsPK11TokenDB_h +#define nsPK11TokenDB_h + +#include "nsCOMPtr.h" +#include "nsIPK11Token.h" +#include "nsIPK11TokenDB.h" +#include "nsISupports.h" +#include "nsNSSHelper.h" +#include "nsNSSShutDown.h" +#include "nsString.h" +#include "pk11func.h" +#include "ScopedNSSTypes.h" + +class nsPK11Token : public nsIPK11Token, + public nsNSSShutDownObject +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIPK11TOKEN + + explicit nsPK11Token(PK11SlotInfo *slot); + +protected: + virtual ~nsPK11Token(); + +private: + friend class nsPK11TokenDB; + nsresult refreshTokenInfo(const nsNSSShutDownPreventionLock& proofOfLock); + + nsCString mTokenName; + nsCString mTokenLabel; + nsCString mTokenManufacturerID; + nsCString mTokenHWVersion; + nsCString mTokenFWVersion; + nsCString mTokenSerialNum; + mozilla::UniquePK11SlotInfo mSlot; + int mSeries; + nsCOMPtr mUIContext; + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); + nsresult GetAttributeHelper(const nsACString& attribute, + /*out*/ nsACString& xpcomOutParam); +}; + +class nsPK11TokenDB : public nsIPK11TokenDB + , public nsNSSShutDownObject +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIPK11TOKENDB + + nsPK11TokenDB(); + +protected: + virtual ~nsPK11TokenDB(); + + // Nothing to release. + virtual void virtualDestroyNSSReference() override {} +}; + +#define NS_PK11TOKENDB_CID \ +{ 0xb084a2ce, 0x1dd1, 0x11b2, \ + { 0xbf, 0x10, 0x83, 0x24, 0xf8, 0xe0, 0x65, 0xcc }} + +#endif // nsPK11TokenDB_h diff --git a/security/manager/ssl/nsPKCS11Slot.cpp b/security/manager/ssl/nsPKCS11Slot.cpp new file mode 100644 index 000000000..780a7c4b2 --- /dev/null +++ b/security/manager/ssl/nsPKCS11Slot.cpp @@ -0,0 +1,569 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsPKCS11Slot.h" + +#include + +#include "mozilla/Casting.h" +#include "mozilla/Logging.h" +#include "mozilla/Telemetry.h" +#include "mozilla/Unused.h" +#include "nsCOMPtr.h" +#include "nsIMutableArray.h" +#include "nsPK11TokenDB.h" +#include "nsPromiseFlatString.h" +#include "secmod.h" + +using mozilla::LogLevel; + +extern mozilla::LazyLogModule gPIPNSSLog; + +NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot) + +nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo* slot) +{ + MOZ_ASSERT(slot); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return; + + mSlot.reset(PK11_ReferenceSlot(slot)); + mSeries = PK11_GetSlotSeries(slot); + Unused << refreshSlotInfo(locker); +} + +nsresult +nsPKCS11Slot::refreshSlotInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + CK_SLOT_INFO slotInfo; + nsresult rv = MapSECStatus(PK11_GetSlotInfo(mSlot.get(), &slotInfo)); + if (NS_FAILED(rv)) { + return rv; + } + + // Set the Description field + const char* ccDesc = + mozilla::BitwiseCast(slotInfo.slotDescription); + mSlotDesc.Assign(ccDesc, strnlen(ccDesc, sizeof(slotInfo.slotDescription))); + mSlotDesc.Trim(" ", false, true); + + // Set the Manufacturer field + const char* ccManID = + mozilla::BitwiseCast(slotInfo.manufacturerID); + mSlotManufacturerID.Assign( + ccManID, + strnlen(ccManID, sizeof(slotInfo.manufacturerID))); + mSlotManufacturerID.Trim(" ", false, true); + + // Set the Hardware Version field + mSlotHWVersion.Truncate(); + mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.major); + mSlotHWVersion.Append('.'); + mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.minor); + + // Set the Firmware Version field + mSlotFWVersion.Truncate(); + mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.major); + mSlotFWVersion.Append('.'); + mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.minor); + + return NS_OK; +} + +nsPKCS11Slot::~nsPKCS11Slot() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +void +nsPKCS11Slot::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void +nsPKCS11Slot::destructorSafeDestroyNSSReference() +{ + mSlot = nullptr; +} + +nsresult +nsPKCS11Slot::GetAttributeHelper(const nsACString& attribute, + /*out*/ nsACString& xpcomOutParam) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + if (PK11_GetSlotSeries(mSlot.get()) != mSeries) { + nsresult rv = refreshSlotInfo(locker); + if (NS_FAILED(rv)) { + return rv; + } + } + + xpcomOutParam = attribute; + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11Slot::GetName(/*out*/ nsACString& name) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + // |csn| is non-owning. + char* csn = PK11_GetSlotName(mSlot.get()); + if (csn && *csn) { + name = csn; + } else if (PK11_HasRootCerts(mSlot.get())) { + // This is a workaround to an Root Module bug - the root certs module has + // no slot name. Not bothering to localize, because this is a workaround + // and for now all the slot names returned by NSS are char * anyway. + name = NS_LITERAL_CSTRING("Root Certificates"); + } else { + // same as above, this is a catch-all + name = NS_LITERAL_CSTRING("Unnamed Slot"); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11Slot::GetDesc(/*out*/ nsACString& desc) +{ + return GetAttributeHelper(mSlotDesc, desc); +} + +NS_IMETHODIMP +nsPKCS11Slot::GetManID(/*out*/ nsACString& manufacturerID) +{ + return GetAttributeHelper(mSlotManufacturerID, manufacturerID); +} + +NS_IMETHODIMP +nsPKCS11Slot::GetHWVersion(/*out*/ nsACString& hwVersion) +{ + return GetAttributeHelper(mSlotHWVersion, hwVersion); +} + +NS_IMETHODIMP +nsPKCS11Slot::GetFWVersion(/*out*/ nsACString& fwVersion) +{ + return GetAttributeHelper(mSlotFWVersion, fwVersion); +} + +NS_IMETHODIMP +nsPKCS11Slot::GetToken(nsIPK11Token** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + nsCOMPtr token = new nsPK11Token(mSlot.get()); + token.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11Slot::GetTokenName(/*out*/ nsACString& tokenName) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + if (!PK11_IsPresent(mSlot.get())) { + tokenName.SetIsVoid(true); + return NS_OK; + } + + if (PK11_GetSlotSeries(mSlot.get()) != mSeries) { + nsresult rv = refreshSlotInfo(locker); + if (NS_FAILED(rv)) { + return rv; + } + } + + tokenName = PK11_GetTokenName(mSlot.get()); + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11Slot::GetStatus(uint32_t* _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + if (PK11_IsDisabled(mSlot.get())) { + *_retval = SLOT_DISABLED; + } else if (!PK11_IsPresent(mSlot.get())) { + *_retval = SLOT_NOT_PRESENT; + } else if (PK11_NeedLogin(mSlot.get()) && PK11_NeedUserInit(mSlot.get())) { + *_retval = SLOT_UNINITIALIZED; + } else if (PK11_NeedLogin(mSlot.get()) && + !PK11_IsLoggedIn(mSlot.get(), nullptr)) { + *_retval = SLOT_NOT_LOGGED_IN; + } else if (PK11_NeedLogin(mSlot.get())) { + *_retval = SLOT_LOGGED_IN; + } else { + *_retval = SLOT_READY; + } + return NS_OK; +} + +NS_IMPL_ISUPPORTS(nsPKCS11Module, nsIPKCS11Module) + +nsPKCS11Module::nsPKCS11Module(SECMODModule* module) +{ + MOZ_ASSERT(module); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return; + + mModule.reset(SECMOD_ReferenceModule(module)); +} + +nsPKCS11Module::~nsPKCS11Module() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +void +nsPKCS11Module::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void +nsPKCS11Module::destructorSafeDestroyNSSReference() +{ + mModule = nullptr; +} + +NS_IMETHODIMP +nsPKCS11Module::GetName(/*out*/ nsACString& name) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + name = mModule->commonName; + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11Module::GetLibName(/*out*/ nsACString& libName) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + if (mModule->dllName) { + libName = mModule->dllName; + } else { + libName.SetIsVoid(true); + } + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11Module::FindSlotByName(const nsACString& name, + /*out*/ nsIPKCS11Slot** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) + return NS_ERROR_NOT_AVAILABLE; + + const nsCString& flatName = PromiseFlatCString(name); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting \"%s\"", flatName.get())); + UniquePK11SlotInfo slotInfo; + UniquePK11SlotList slotList(PK11_FindSlotsByNames(mModule->dllName, + flatName.get() /*slotName*/, + nullptr /*tokenName*/, + false)); + if (!slotList) { + /* name must be the token name */ + slotList.reset(PK11_FindSlotsByNames(mModule->dllName, nullptr /*slotName*/, + flatName.get() /*tokenName*/, false)); + } + if (slotList && slotList->head && slotList->head->slot) { + slotInfo.reset(PK11_ReferenceSlot(slotList->head->slot)); + } + if (!slotInfo) { + // workaround - the builtin module has no name + if (!flatName.EqualsLiteral("Root Certificates")) { + // Give up. + return NS_ERROR_FAILURE; + } + + slotInfo.reset(PK11_ReferenceSlot(mModule->slots[0])); + } + + nsCOMPtr slot = new nsPKCS11Slot(slotInfo.get()); + slot.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11Module::ListSlots(nsISimpleEnumerator** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsCOMPtr array = do_CreateInstance(NS_ARRAY_CONTRACTID); + if (!array) { + return NS_ERROR_FAILURE; + } + + /* applications which allow new slot creation (which Firefox now does + * since it uses the WaitForSlotEvent call) need to hold the + * ModuleList Read lock to prevent the slot array from changing out + * from under it. */ + AutoSECMODListReadLock lock; + for (int i = 0; i < mModule->slotCount; i++) { + if (mModule->slots[i]) { + nsCOMPtr slot = new nsPKCS11Slot(mModule->slots[i]); + nsresult rv = array->AppendElement(slot, false); + if (NS_FAILED(rv)) { + return rv; + } + } + } + + return array->Enumerate(_retval); +} + +NS_IMPL_ISUPPORTS(nsPKCS11ModuleDB, nsIPKCS11ModuleDB, nsICryptoFIPSInfo) + +nsPKCS11ModuleDB::nsPKCS11ModuleDB() +{ +} + +nsPKCS11ModuleDB::~nsPKCS11ModuleDB() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + shutdown(ShutdownCalledFrom::Object); +} + +NS_IMETHODIMP +nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniqueSECMODModule nssMod( + SECMOD_CreateModule(nullptr, SECMOD_INT_NAME, nullptr, SECMOD_INT_FLAGS)); + if (!nssMod) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr module = new nsPKCS11Module(nssMod.get()); + module.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniqueSECMODModule nssMod( + SECMOD_CreateModule(nullptr, SECMOD_FIPS_NAME, nullptr, SECMOD_FIPS_FLAGS)); + if (!nssMod) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr module = new nsPKCS11Module(nssMod.get()); + module.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11ModuleDB::FindModuleByName(const nsACString& name, + /*out*/ nsIPKCS11Module** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniqueSECMODModule mod(SECMOD_FindModule(PromiseFlatCString(name).get())); + if (!mod) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr module = new nsPKCS11Module(mod.get()); + module.forget(_retval); + return NS_OK; +} + +/* This is essentially the same as nsIPK11Token::findTokenByName, except + * that it returns an nsIPKCS11Slot, which may be desired. + */ +NS_IMETHODIMP +nsPKCS11ModuleDB::FindSlotByName(const nsACString& name, + /*out*/ nsIPKCS11Slot** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + UniquePK11SlotInfo slotInfo( + PK11_FindSlotByName(PromiseFlatCString(name).get())); + if (!slotInfo) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr slot = new nsPKCS11Slot(slotInfo.get()); + slot.forget(_retval); + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11ModuleDB::ListModules(nsISimpleEnumerator** _retval) +{ + NS_ENSURE_ARG_POINTER(_retval); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsCOMPtr array = do_CreateInstance(NS_ARRAY_CONTRACTID); + if (!array) { + return NS_ERROR_FAILURE; + } + + /* lock down the list for reading */ + AutoSECMODListReadLock lock; + for (SECMODModuleList* list = SECMOD_GetDefaultModuleList(); list; + list = list->next) { + nsCOMPtr module = new nsPKCS11Module(list->module); + nsresult rv = array->AppendElement(module, false); + if (NS_FAILED(rv)) { + return rv; + } + } + + /* Get the modules in the database that didn't load */ + for (SECMODModuleList* list = SECMOD_GetDeadModuleList(); list; + list = list->next) { + nsCOMPtr module = new nsPKCS11Module(list->module); + nsresult rv = array->AppendElement(module, false); + if (NS_FAILED(rv)) { + return rv; + } + } + + return array->Enumerate(_retval); +} + +NS_IMETHODIMP +nsPKCS11ModuleDB::GetCanToggleFIPS(bool* aCanToggleFIPS) +{ + NS_ENSURE_ARG_POINTER(aCanToggleFIPS); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + *aCanToggleFIPS = SECMOD_CanDeleteInternalModule(); + return NS_OK; +} + + +NS_IMETHODIMP +nsPKCS11ModuleDB::ToggleFIPSMode() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + // The way to toggle FIPS mode in NSS is extremely obscure. Basically, we + // delete the internal module, and it gets replaced with the opposite module + // (i.e. if it was FIPS before, then it becomes non-FIPS next). + // SECMOD_GetInternalModule() returns a pointer to a local copy of the + // internal module stashed in NSS. We don't want to delete it since it will + // cause much pain in NSS. + SECMODModule* internal = SECMOD_GetInternalModule(); + if (!internal) { + return NS_ERROR_FAILURE; + } + + if (SECMOD_DeleteInternalModule(internal->commonName) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + if (PK11_IsFIPS()) { + Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11ModuleDB::GetIsFIPSEnabled(bool* aIsFIPSEnabled) +{ + NS_ENSURE_ARG_POINTER(aIsFIPSEnabled); + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + *aIsFIPSEnabled = PK11_IsFIPS(); + return NS_OK; +} + +NS_IMETHODIMP +nsPKCS11ModuleDB::GetIsFIPSModeActive(bool* aIsFIPSModeActive) +{ + return GetIsFIPSEnabled(aIsFIPSModeActive); +} diff --git a/security/manager/ssl/nsPKCS11Slot.h b/security/manager/ssl/nsPKCS11Slot.h new file mode 100644 index 000000000..978df377c --- /dev/null +++ b/security/manager/ssl/nsPKCS11Slot.h @@ -0,0 +1,88 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsPKCS11Slot_h +#define nsPKCS11Slot_h + +#include "ScopedNSSTypes.h" +#include "nsICryptoFIPSInfo.h" +#include "nsIPKCS11Module.h" +#include "nsIPKCS11ModuleDB.h" +#include "nsIPKCS11Slot.h" +#include "nsISupports.h" +#include "nsNSSShutDown.h" +#include "nsString.h" +#include "pk11func.h" + +class nsPKCS11Slot : public nsIPKCS11Slot, + public nsNSSShutDownObject +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIPKCS11SLOT + + explicit nsPKCS11Slot(PK11SlotInfo* slot); + +protected: + virtual ~nsPKCS11Slot(); + +private: + mozilla::UniquePK11SlotInfo mSlot; + nsCString mSlotDesc; + nsCString mSlotManufacturerID; + nsCString mSlotHWVersion; + nsCString mSlotFWVersion; + int mSeries; + + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); + nsresult refreshSlotInfo(const nsNSSShutDownPreventionLock& proofOfLock); + nsresult GetAttributeHelper(const nsACString& attribute, + /*out*/ nsACString& xpcomOutParam); +}; + +class nsPKCS11Module : public nsIPKCS11Module, + public nsNSSShutDownObject +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIPKCS11MODULE + + explicit nsPKCS11Module(SECMODModule* module); + +protected: + virtual ~nsPKCS11Module(); + +private: + mozilla::UniqueSECMODModule mModule; + + virtual void virtualDestroyNSSReference() override; + void destructorSafeDestroyNSSReference(); +}; + +class nsPKCS11ModuleDB : public nsIPKCS11ModuleDB + , public nsICryptoFIPSInfo + , public nsNSSShutDownObject +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIPKCS11MODULEDB + NS_DECL_NSICRYPTOFIPSINFO + + nsPKCS11ModuleDB(); + +protected: + virtual ~nsPKCS11ModuleDB(); + + // Nothing to release. + virtual void virtualDestroyNSSReference() override {} +}; + +#define NS_PKCS11MODULEDB_CID \ +{ 0xff9fbcd7, 0x9517, 0x4334, \ + { 0xb9, 0x7a, 0xce, 0xed, 0x78, 0x90, 0x99, 0x74 }} + +#endif // nsPKCS11Slot_h diff --git a/security/manager/ssl/nsPKCS12Blob.cpp b/security/manager/ssl/nsPKCS12Blob.cpp new file mode 100644 index 000000000..e3d80a398 --- /dev/null +++ b/security/manager/ssl/nsPKCS12Blob.cpp @@ -0,0 +1,644 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsPKCS12Blob.h" + +#include "ScopedNSSTypes.h" +#include "mozilla/Casting.h" +#include "nsCRT.h" +#include "nsCRTGlue.h" +#include "nsDirectoryServiceDefs.h" +#include "nsICertificateDialogs.h" +#include "nsIDirectoryService.h" +#include "nsIFile.h" +#include "nsIInputStream.h" +#include "nsKeygenHandler.h" // For GetSlotWithMechanism +#include "nsNSSCertificate.h" +#include "nsNSSComponent.h" +#include "nsNSSHelper.h" +#include "nsNSSShutDown.h" +#include "nsNetUtil.h" +#include "nsPK11TokenDB.h" +#include "nsReadableUtils.h" +#include "nsString.h" +#include "nsThreadUtils.h" +#include "pkix/pkixtypes.h" +#include "prmem.h" +#include "prprf.h" +#include "secerr.h" + +using namespace mozilla; +extern LazyLogModule gPIPNSSLog; + +#define PIP_PKCS12_TMPFILENAME NS_LITERAL_CSTRING(".pip_p12tmp") +#define PIP_PKCS12_BUFFER_SIZE 2048 +#define PIP_PKCS12_RESTORE_OK 1 +#define PIP_PKCS12_BACKUP_OK 2 +#define PIP_PKCS12_USER_CANCELED 3 +#define PIP_PKCS12_NOSMARTCARD_EXPORT 4 +#define PIP_PKCS12_RESTORE_FAILED 5 +#define PIP_PKCS12_BACKUP_FAILED 6 +#define PIP_PKCS12_NSS_ERROR 7 + +// constructor +nsPKCS12Blob::nsPKCS12Blob():mCertArray(nullptr), + mTmpFile(nullptr), + mTokenSet(false) +{ + mUIContext = new PipUIContext(); +} + +// destructor +nsPKCS12Blob::~nsPKCS12Blob() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + + shutdown(ShutdownCalledFrom::Object); +} + +// nsPKCS12Blob::SetToken +// +// Set the token to use for import/export +nsresult +nsPKCS12Blob::SetToken(nsIPK11Token *token) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + nsresult rv = NS_OK; + if (token) { + mToken = token; + } else { + PK11SlotInfo *slot; + rv = GetSlotWithMechanism(CKM_RSA_PKCS, mUIContext, &slot, locker); + if (NS_FAILED(rv)) { + mToken = nullptr; + } else { + mToken = new nsPK11Token(slot); + PK11_FreeSlot(slot); + } + } + mTokenSet = true; + return rv; +} + +// nsPKCS12Blob::ImportFromFile +// +// Given a file handle, read a PKCS#12 blob from that file, decode it, +// and import the results into the token. +nsresult +nsPKCS12Blob::ImportFromFile(nsIFile *file) +{ + nsNSSShutDownPreventionLock locker; + nsresult rv = NS_OK; + + if (!mToken) { + if (!mTokenSet) { + rv = SetToken(nullptr); // Ask the user to pick a slot + if (NS_FAILED(rv)) { + handleError(PIP_PKCS12_USER_CANCELED); + return rv; + } + } + } + + if (!mToken) { + handleError(PIP_PKCS12_RESTORE_FAILED); + return NS_ERROR_NOT_AVAILABLE; + } + + // init slot + rv = mToken->Login(true); + if (NS_FAILED(rv)) return rv; + + RetryReason wantRetry; + + do { + rv = ImportFromFileHelper(file, im_standard_prompt, wantRetry); + + if (NS_SUCCEEDED(rv) && wantRetry == rr_auto_retry_empty_password_flavors) + { + rv = ImportFromFileHelper(file, im_try_zero_length_secitem, wantRetry); + } + } + while (NS_SUCCEEDED(rv) && (wantRetry != rr_do_not_retry)); + + return rv; +} + +nsresult +nsPKCS12Blob::ImportFromFileHelper(nsIFile *file, + nsPKCS12Blob::ImportMode aImportMode, + nsPKCS12Blob::RetryReason &aWantRetry) +{ + nsNSSShutDownPreventionLock locker; + nsresult rv = NS_OK; + SECStatus srv = SECSuccess; + SEC_PKCS12DecoderContext *dcx = nullptr; + SECItem unicodePw; + + UniquePK11SlotInfo slot; + nsAutoCString tokenName; + unicodePw.data = nullptr; + + aWantRetry = rr_do_not_retry; + + if (aImportMode == im_try_zero_length_secitem) + { + unicodePw.len = 0; + } + else + { + // get file password (unicode) + rv = getPKCS12FilePassword(&unicodePw); + if (NS_FAILED(rv)) goto finish; + if (!unicodePw.data) { + handleError(PIP_PKCS12_USER_CANCELED); + return NS_OK; + } + } + + rv = mToken->GetTokenName(tokenName); + if (NS_FAILED(rv)) { + goto finish; + } + slot = UniquePK11SlotInfo(PK11_FindSlotByName(tokenName.get())); + if (!slot) { + srv = SECFailure; + goto finish; + } + + // initialize the decoder + dcx = SEC_PKCS12DecoderStart(&unicodePw, slot.get(), nullptr, nullptr, + nullptr, nullptr, nullptr, nullptr); + if (!dcx) { + srv = SECFailure; + goto finish; + } + // read input file and feed it to the decoder + rv = inputToDecoder(dcx, file); + if (NS_FAILED(rv)) { + if (NS_ERROR_ABORT == rv) { + // inputToDecoder indicated a NSS error + srv = SECFailure; + } + goto finish; + } + // verify the blob + srv = SEC_PKCS12DecoderVerify(dcx); + if (srv) goto finish; + // validate bags + srv = SEC_PKCS12DecoderValidateBags(dcx, nickname_collision); + if (srv) goto finish; + // import cert and key + srv = SEC_PKCS12DecoderImportBags(dcx); + if (srv) goto finish; + // Later - check to see if this should become default email cert + handleError(PIP_PKCS12_RESTORE_OK); +finish: + // If srv != SECSuccess, NSS probably set a specific error code. + // We should use that error code instead of inventing a new one + // for every error possible. + if (srv != SECSuccess) { + if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) { + if (unicodePw.len == sizeof(char16_t)) + { + // no password chars available, + // unicodeToItem allocated space for the trailing zero character only. + aWantRetry = rr_auto_retry_empty_password_flavors; + } + else + { + aWantRetry = rr_bad_password; + handleError(PIP_PKCS12_NSS_ERROR); + } + } + else + { + handleError(PIP_PKCS12_NSS_ERROR); + } + } else if (NS_FAILED(rv)) { + handleError(PIP_PKCS12_RESTORE_FAILED); + } + // finish the decoder + if (dcx) + SEC_PKCS12DecoderFinish(dcx); + SECITEM_ZfreeItem(&unicodePw, false); + return NS_OK; +} + +static bool +isExtractable(SECKEYPrivateKey *privKey) +{ + ScopedAutoSECItem value; + SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, privKey, + CKA_EXTRACTABLE, &value); + if (rv != SECSuccess) { + return false; + } + + bool isExtractable = false; + if ((value.len == 1) && value.data) { + isExtractable = !!(*(CK_BBOOL*)value.data); + } + return isExtractable; +} + +// nsPKCS12Blob::ExportToFile +// +// Having already loaded the certs, form them into a blob (loading the keys +// also), encode the blob, and stuff it into the file. +// +// TODO: handle slots correctly +// mirror "slotToUse" behavior from PSM 1.x +// verify the cert array to start off with? +// open output file as nsIFileStream object? +// set appropriate error codes +nsresult +nsPKCS12Blob::ExportToFile(nsIFile *file, + nsIX509Cert **certs, int numCerts) +{ + nsNSSShutDownPreventionLock locker; + nsresult rv; + SECStatus srv = SECSuccess; + SEC_PKCS12ExportContext *ecx = nullptr; + SEC_PKCS12SafeInfo *certSafe = nullptr, *keySafe = nullptr; + SECItem unicodePw; + nsAutoString filePath; + int i; + nsCOMPtr localFileRef; + NS_ASSERTION(mToken, "Need to set the token before exporting"); + // init slot + + bool InformedUserNoSmartcardBackup = false; + int numCertsExported = 0; + + rv = mToken->Login(true); + if (NS_FAILED(rv)) goto finish; + // get file password (unicode) + unicodePw.data = nullptr; + rv = newPKCS12FilePassword(&unicodePw); + if (NS_FAILED(rv)) goto finish; + if (!unicodePw.data) { + handleError(PIP_PKCS12_USER_CANCELED); + return NS_OK; + } + // what about slotToUse in psm 1.x ??? + // create export context + ecx = SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr /*slot*/, nullptr); + if (!ecx) { + srv = SECFailure; + goto finish; + } + // add password integrity + srv = SEC_PKCS12AddPasswordIntegrity(ecx, &unicodePw, SEC_OID_SHA1); + if (srv) goto finish; + for (i=0; iGetCert()); + if (!nssCert) { + rv = NS_ERROR_FAILURE; + goto finish; + } + // We can only successfully export certs that are on + // internal token. Most, if not all, smart card vendors + // won't let you extract the private key (in any way + // shape or form) from the card. So let's punt if + // the cert is not in the internal db. + if (nssCert->slot && !PK11_IsInternal(nssCert->slot)) { + // we aren't the internal token, see if the key is extractable. + SECKEYPrivateKey *privKey=PK11_FindKeyByDERCert(nssCert->slot, + nssCert.get(), this); + + if (privKey) { + bool privKeyIsExtractable = isExtractable(privKey); + + SECKEY_DestroyPrivateKey(privKey); + + if (!privKeyIsExtractable) { + if (!InformedUserNoSmartcardBackup) { + InformedUserNoSmartcardBackup = true; + handleError(PIP_PKCS12_NOSMARTCARD_EXPORT); + } + continue; + } + } + } + + // XXX this is why, to verify the slot is the same + // PK11_FindObjectForCert(nssCert, nullptr, slot); + // create the cert and key safes + keySafe = SEC_PKCS12CreateUnencryptedSafe(ecx); + if (!SEC_PKCS12IsEncryptionAllowed() || PK11_IsFIPS()) { + certSafe = keySafe; + } else { + certSafe = SEC_PKCS12CreatePasswordPrivSafe(ecx, &unicodePw, + SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC); + } + if (!certSafe || !keySafe) { + rv = NS_ERROR_FAILURE; + goto finish; + } + // add the cert and key to the blob + srv = SEC_PKCS12AddCertAndKey(ecx, certSafe, nullptr, nssCert.get(), + CERT_GetDefaultCertDB(), // XXX + keySafe, nullptr, true, &unicodePw, + SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC); + if (srv) goto finish; + // cert was dup'ed, so release it + ++numCertsExported; + } + + if (!numCertsExported) goto finish; + + // prepare the instance to write to an export file + this->mTmpFile = nullptr; + file->GetPath(filePath); + // Use the nsCOMPtr var localFileRef so that + // the reference to the nsIFile we create gets released as soon as + // we're out of scope, ie when this function exits. + if (filePath.RFind(".p12", true, -1, 4) < 0) { + // We're going to add the .p12 extension to the file name just like + // Communicator used to. We create a new nsIFile and initialize + // it with the new patch. + filePath.AppendLiteral(".p12"); + localFileRef = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv); + if (NS_FAILED(rv)) goto finish; + localFileRef->InitWithPath(filePath); + file = localFileRef; + } + rv = file->OpenNSPRFileDesc(PR_RDWR|PR_CREATE_FILE|PR_TRUNCATE, 0664, + &mTmpFile); + if (NS_FAILED(rv) || !this->mTmpFile) goto finish; + // encode and write + srv = SEC_PKCS12Encode(ecx, write_export_file, this); + if (srv) goto finish; + handleError(PIP_PKCS12_BACKUP_OK); +finish: + if (NS_FAILED(rv) || srv != SECSuccess) { + handleError(PIP_PKCS12_BACKUP_FAILED); + } + if (ecx) + SEC_PKCS12DestroyExportContext(ecx); + if (this->mTmpFile) { + PR_Close(this->mTmpFile); + this->mTmpFile = nullptr; + } + SECITEM_ZfreeItem(&unicodePw, false); + return rv; +} + +/////////////////////////////////////////////////////////////////////// +// +// private members +// +/////////////////////////////////////////////////////////////////////// + +// unicodeToItem +// +// For the NSS PKCS#12 library, must convert PRUnichars (shorts) to +// a buffer of octets. Must handle byte order correctly. +nsresult +nsPKCS12Blob::unicodeToItem(const char16_t *uni, SECItem *item) +{ + uint32_t len = NS_strlen(uni) + 1; + if (!SECITEM_AllocItem(nullptr, item, sizeof(char16_t) * len)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + mozilla::NativeEndian::copyAndSwapToBigEndian(item->data, uni, len); + + return NS_OK; +} + +// newPKCS12FilePassword +// +// Launch a dialog requesting the user for a new PKCS#12 file passowrd. +// Handle user canceled by returning null password (caller must catch). +nsresult +nsPKCS12Blob::newPKCS12FilePassword(SECItem *unicodePw) +{ + nsresult rv = NS_OK; + nsAutoString password; + nsCOMPtr certDialogs; + rv = ::getNSSDialogs(getter_AddRefs(certDialogs), + NS_GET_IID(nsICertificateDialogs), + NS_CERTIFICATEDIALOGS_CONTRACTID); + if (NS_FAILED(rv)) return rv; + bool pressedOK; + rv = certDialogs->SetPKCS12FilePassword(mUIContext, password, &pressedOK); + if (NS_FAILED(rv) || !pressedOK) return rv; + return unicodeToItem(password.get(), unicodePw); +} + +// getPKCS12FilePassword +// +// Launch a dialog requesting the user for the password to a PKCS#12 file. +// Handle user canceled by returning null password (caller must catch). +nsresult +nsPKCS12Blob::getPKCS12FilePassword(SECItem *unicodePw) +{ + nsresult rv = NS_OK; + nsAutoString password; + nsCOMPtr certDialogs; + rv = ::getNSSDialogs(getter_AddRefs(certDialogs), + NS_GET_IID(nsICertificateDialogs), + NS_CERTIFICATEDIALOGS_CONTRACTID); + if (NS_FAILED(rv)) return rv; + bool pressedOK; + rv = certDialogs->GetPKCS12FilePassword(mUIContext, password, &pressedOK); + if (NS_FAILED(rv) || !pressedOK) return rv; + return unicodeToItem(password.get(), unicodePw); +} + +// inputToDecoder +// +// Given a decoder, read bytes from file and input them to the decoder. +nsresult +nsPKCS12Blob::inputToDecoder(SEC_PKCS12DecoderContext *dcx, nsIFile *file) +{ + nsNSSShutDownPreventionLock locker; + nsresult rv; + SECStatus srv; + uint32_t amount; + char buf[PIP_PKCS12_BUFFER_SIZE]; + + nsCOMPtr fileStream; + rv = NS_NewLocalFileInputStream(getter_AddRefs(fileStream), file); + + if (NS_FAILED(rv)) { + return rv; + } + + while (true) { + rv = fileStream->Read(buf, PIP_PKCS12_BUFFER_SIZE, &amount); + if (NS_FAILED(rv)) { + return rv; + } + // feed the file data into the decoder + srv = SEC_PKCS12DecoderUpdate(dcx, + (unsigned char*) buf, + amount); + if (srv) { + // don't allow the close call to overwrite our precious error code + int pr_err = PORT_GetError(); + PORT_SetError(pr_err); + return NS_ERROR_ABORT; + } + if (amount < PIP_PKCS12_BUFFER_SIZE) + break; + } + return NS_OK; +} + +// nickname_collision +// what to do when the nickname collides with one already in the db. +// TODO: not handled, throw a dialog allowing the nick to be changed? +SECItem * +nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx) +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + nsNSSShutDownPreventionLock locker; + *cancel = false; + nsresult rv; + nsCOMPtr nssComponent(do_GetService(kNSSComponentCID, &rv)); + if (NS_FAILED(rv)) return nullptr; + int count = 1; + nsCString nickname; + nsAutoString nickFromProp; + nssComponent->GetPIPNSSBundleString("P12DefaultNickname", nickFromProp); + NS_ConvertUTF16toUTF8 nickFromPropC(nickFromProp); + // The user is trying to import a PKCS#12 file that doesn't have the + // attribute we use to set the nickname. So in order to reduce the + // number of interactions we require with the user, we'll build a nickname + // for the user. The nickname isn't prominently displayed in the UI, + // so it's OK if we generate one on our own here. + // XXX If the NSS API were smarter and actually passed a pointer to + // the CERTCertificate* we're importing we could actually just + // call default_nickname (which is what the issuance code path + // does) and come up with a reasonable nickname. Alas, the NSS + // API limits our ability to produce a useful nickname without + // bugging the user. :( + while (1) { + // If we've gotten this far, that means there isn't a certificate + // in the database that has the same subject name as the cert we're + // trying to import. So we need to come up with a "nickname" to + // satisfy the NSS requirement or fail in trying to import. + // Basically we use a default nickname from a properties file and + // see if a certificate exists with that nickname. If there isn't, then + // create update the count by one and append the string '#1' Or + // whatever the count currently is, and look for a cert with + // that nickname. Keep updating the count until we find a nickname + // without a corresponding cert. + // XXX If a user imports *many* certs without the 'friendly name' + // attribute, then this may take a long time. :( + nickname = nickFromPropC; + if (count > 1) { + nickname.AppendPrintf(" #%d", count); + } + UniqueCERTCertificate cert(CERT_FindCertByNickname(CERT_GetDefaultCertDB(), + nickname.get())); + if (!cert) { + break; + } + count++; + } + SECItem *newNick = new SECItem; + if (!newNick) + return nullptr; + + newNick->type = siAsciiString; + newNick->data = (unsigned char*) strdup(nickname.get()); + newNick->len = strlen((char*)newNick->data); + return newNick; +} + +// write_export_file +// write bytes to the exported PKCS#12 file +void +nsPKCS12Blob::write_export_file(void *arg, const char *buf, unsigned long len) +{ + nsPKCS12Blob *cx = (nsPKCS12Blob *)arg; + PR_Write(cx->mTmpFile, buf, len); +} + +// pip_ucs2_ascii_conversion_fn +// required to be set by NSS (to do PKCS#12), but since we've already got +// unicode make this a no-op. +PRBool +pip_ucs2_ascii_conversion_fn(PRBool toUnicode, + unsigned char *inBuf, + unsigned int inBufLen, + unsigned char *outBuf, + unsigned int maxOutBufLen, + unsigned int *outBufLen, + PRBool swapBytes) +{ + // do a no-op, since I've already got unicode. Hah! + *outBufLen = inBufLen; + memcpy(outBuf, inBuf, inBufLen); + return true; +} + +void +nsPKCS12Blob::handleError(int myerr) +{ + static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID); + + if (!NS_IsMainThread()) { + NS_ERROR("nsPKCS12Blob::handleError called off the mai nthread."); + return; + } + + int prerr = PORT_GetError(); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PKCS12: NSS/NSPR error(%d)", prerr)); + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PKCS12: I called(%d)", myerr)); + + const char * msgID = nullptr; + + switch (myerr) { + case PIP_PKCS12_RESTORE_OK: msgID = "SuccessfulP12Restore"; break; + case PIP_PKCS12_BACKUP_OK: msgID = "SuccessfulP12Backup"; break; + case PIP_PKCS12_USER_CANCELED: + return; /* Just ignore it for now */ + case PIP_PKCS12_NOSMARTCARD_EXPORT: msgID = "PKCS12InfoNoSmartcardBackup"; break; + case PIP_PKCS12_RESTORE_FAILED: msgID = "PKCS12UnknownErrRestore"; break; + case PIP_PKCS12_BACKUP_FAILED: msgID = "PKCS12UnknownErrBackup"; break; + case PIP_PKCS12_NSS_ERROR: + switch (prerr) { + // The following errors have the potential to be "handled", by asking + // the user (via a dialog) whether s/he wishes to continue + case 0: break; + case SEC_ERROR_PKCS12_CERT_COLLISION: + /* pop a dialog saying the cert is already in the database */ + /* ask to keep going? what happens if one collision but others ok? */ + // The following errors cannot be "handled", notify the user (via an alert) + // that the operation failed. + case SEC_ERROR_BAD_PASSWORD: msgID = "PK11BadPassword"; break; + + case SEC_ERROR_BAD_DER: + case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE: + case SEC_ERROR_PKCS12_INVALID_MAC: + msgID = "PKCS12DecodeErr"; + break; + + case SEC_ERROR_PKCS12_DUPLICATE_DATA: msgID = "PKCS12DupData"; break; + } + break; + } + + if (!msgID) + msgID = "PKCS12UnknownErr"; + + nsresult rv; + nsCOMPtr nssComponent = do_GetService(kNSSComponentCID, &rv); + if (NS_SUCCEEDED(rv)) + (void) nssComponent->ShowAlertFromStringBundle(msgID); +} diff --git a/security/manager/ssl/nsPKCS12Blob.h b/security/manager/ssl/nsPKCS12Blob.h new file mode 100644 index 000000000..35891182c --- /dev/null +++ b/security/manager/ssl/nsPKCS12Blob.h @@ -0,0 +1,87 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* $Id: nsPKCS12Blob.h,v 1.16 2006/04/12 15:43:32 benjamin%smedbergs.us Exp $ */ + +#ifndef _NS_PKCS12BLOB_H_ +#define _NS_PKCS12BLOB_H_ + +#include "nsCOMPtr.h" +#include "nsString.h" +#include "nsIFile.h" +#include "nsIPK11TokenDB.h" +#include "nsNSSHelper.h" +#include "nsIPK11Token.h" +#include "nsIMutableArray.h" + +#include "nss.h" + +#include "pkcs12.h" +#include "p12plcy.h" + +class nsIX509Cert; + +// +// nsPKCS12Blob +// +// Class for importing/exporting PKCS#12 blobs +// +class nsPKCS12Blob : public nsNSSShutDownObject +{ +public: + nsPKCS12Blob(); + virtual ~nsPKCS12Blob(); + + // Nothing to release. + virtual void virtualDestroyNSSReference() override {} + + // Set the token to use (default is internal) + nsresult SetToken(nsIPK11Token *token); + + // PKCS#12 Import + nsresult ImportFromFile(nsIFile *file); + + // PKCS#12 Export + nsresult ExportToFile(nsIFile *file, nsIX509Cert **certs, int numCerts); + +private: + + nsCOMPtr mToken; + nsCOMPtr mCertArray; + nsCOMPtr mUIContext; + + // local helper functions + nsresult getPKCS12FilePassword(SECItem *); + nsresult newPKCS12FilePassword(SECItem *); + nsresult inputToDecoder(SEC_PKCS12DecoderContext *, nsIFile *); + nsresult unicodeToItem(const char16_t *, SECItem *); + void handleError(int myerr = 0); + + // RetryReason and ImportMode are used when importing a PKCS12 file. + // There are two reasons that cause us to retry: + // - When the password entered by the user is incorrect. + // The user will be prompted to try again. + // - When the user entered a zero length password. + // An empty password should be represented as an empty + // string (a SECItem that contains a single terminating + // null UTF16 character), but some applications use a + // zero length SECItem. + // We try both variations, zero length item and empty string, + // without giving a user prompt when trying the different empty password flavors. + + enum RetryReason { rr_do_not_retry, rr_bad_password, rr_auto_retry_empty_password_flavors }; + enum ImportMode { im_standard_prompt, im_try_zero_length_secitem }; + + nsresult ImportFromFileHelper(nsIFile *file, ImportMode aImportMode, RetryReason &aWantRetry); + + // NSPR file I/O for export file + PRFileDesc *mTmpFile; + + bool mTokenSet; + + static SECItem * nickname_collision(SECItem *, PRBool *, void *); + static void write_export_file(void *arg, const char *buf, unsigned long len); + +}; + +#endif /* _NS_PKCS12BLOB_H_ */ diff --git a/security/manager/ssl/nsProtectedAuthThread.cpp b/security/manager/ssl/nsProtectedAuthThread.cpp new file mode 100644 index 000000000..ea511b24a --- /dev/null +++ b/security/manager/ssl/nsProtectedAuthThread.cpp @@ -0,0 +1,146 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "pk11func.h" +#include "mozilla/DebugOnly.h" +#include "mozilla/RefPtr.h" +#include "nsCOMPtr.h" +#include "PSMRunnable.h" +#include "nsString.h" +#include "nsReadableUtils.h" +#include "nsPKCS11Slot.h" +#include "nsProtectedAuthThread.h" + +using namespace mozilla; +using namespace mozilla::psm; + +NS_IMPL_ISUPPORTS(nsProtectedAuthThread, nsIProtectedAuthThread) + +static void nsProtectedAuthThreadRunner(void *arg) +{ + PR_SetCurrentThreadName("Protected Auth"); + + nsProtectedAuthThread *self = static_cast(arg); + self->Run(); +} + +nsProtectedAuthThread::nsProtectedAuthThread() +: mMutex("nsProtectedAuthThread.mMutex") +, mIAmRunning(false) +, mLoginReady(false) +, mThreadHandle(nullptr) +, mSlot(0) +, mLoginResult(SECFailure) +{ +} + +nsProtectedAuthThread::~nsProtectedAuthThread() +{ +} + +NS_IMETHODIMP nsProtectedAuthThread::Login(nsIObserver *aObserver) +{ + NS_ENSURE_ARG(aObserver); + + if (!mSlot) + // We need pointer to the slot + return NS_ERROR_FAILURE; + + MutexAutoLock lock(mMutex); + + if (mIAmRunning || mLoginReady) { + return NS_OK; + } + + if (aObserver) { + // We must AddRef aObserver here on the main thread, because it probably + // does not implement a thread-safe AddRef. + mNotifyObserver = new NotifyObserverRunnable(aObserver, + "operation-completed"); + } + + mIAmRunning = true; + + mThreadHandle = PR_CreateThread(PR_USER_THREAD, nsProtectedAuthThreadRunner, static_cast(this), + PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0); + + // bool thread_started_ok = (threadHandle != nullptr); + // we might want to return "thread started ok" to caller in the future + NS_ASSERTION(mThreadHandle, "Could not create nsProtectedAuthThreadRunner thread\n"); + + return NS_OK; +} + +NS_IMETHODIMP nsProtectedAuthThread::GetTokenName(nsAString &_retval) +{ + MutexAutoLock lock(mMutex); + + // Get token name + CopyUTF8toUTF16(nsDependentCString(PK11_GetTokenName(mSlot)), _retval); + + return NS_OK; +} + +NS_IMETHODIMP nsProtectedAuthThread::GetSlot(nsIPKCS11Slot **_retval) +{ + RefPtr slot; + { + MutexAutoLock lock(mMutex); + slot = new nsPKCS11Slot(mSlot); + } + + slot.forget(_retval); + return NS_OK; +} + +void nsProtectedAuthThread::SetParams(PK11SlotInfo* aSlot) +{ + MutexAutoLock lock(mMutex); + + mSlot = (aSlot) ? PK11_ReferenceSlot(aSlot) : 0; +} + +SECStatus nsProtectedAuthThread::GetResult() +{ + return mLoginResult; +} + +void nsProtectedAuthThread::Run(void) +{ + // Login with null password. This call will also do C_Logout() but + // it is harmless here + mLoginResult = PK11_CheckUserPassword(mSlot, 0); + + nsCOMPtr notifyObserver; + { + MutexAutoLock lock(mMutex); + + mLoginReady = true; + mIAmRunning = false; + + // Forget the slot + if (mSlot) + { + PK11_FreeSlot(mSlot); + mSlot = 0; + } + + notifyObserver.swap(mNotifyObserver); + } + + if (notifyObserver) { + DebugOnly rv = NS_DispatchToMainThread(notifyObserver); + NS_ASSERTION(NS_SUCCEEDED(rv), + "failed to dispatch protected auth observer to main thread"); + } +} + +void nsProtectedAuthThread::Join() +{ + if (!mThreadHandle) + return; + + PR_JoinThread(mThreadHandle); + mThreadHandle = nullptr; +} diff --git a/security/manager/ssl/nsProtectedAuthThread.h b/security/manager/ssl/nsProtectedAuthThread.h new file mode 100644 index 000000000..d6bea8e13 --- /dev/null +++ b/security/manager/ssl/nsProtectedAuthThread.h @@ -0,0 +1,56 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef NSPROTECTEDAUTHTHREAD_H_ +#define NSPROTECTEDAUTHTHREAD_H_ + +#include +#include "keyhi.h" +#include "nspr.h" + +#include "mozilla/Mutex.h" +#include "nsIProtectedAuthThread.h" + +class nsIRunnable; + +class nsProtectedAuthThread : public nsIProtectedAuthThread +{ +private: + mozilla::Mutex mMutex; + + nsCOMPtr mNotifyObserver; + + bool mIAmRunning; + bool mLoginReady; + + PRThread *mThreadHandle; + + // Slot to do authentication on + PK11SlotInfo* mSlot; + + // Result of the authentication + SECStatus mLoginResult; + +public: + + nsProtectedAuthThread(); + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIPROTECTEDAUTHTHREAD + + // Sets parameters for the thread + void SetParams(PK11SlotInfo *slot); + + // Gets result of the protected authentication operation + SECStatus GetResult(); + + void Join(void); + + void Run(void); + +protected: + virtual ~nsProtectedAuthThread(); +}; + +#endif // NSPROTECTEDAUTHTHREAD_H_ diff --git a/security/manager/ssl/nsRandomGenerator.cpp b/security/manager/ssl/nsRandomGenerator.cpp new file mode 100644 index 000000000..6e41fae60 --- /dev/null +++ b/security/manager/ssl/nsRandomGenerator.cpp @@ -0,0 +1,55 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsRandomGenerator.h" + +#include "ScopedNSSTypes.h" +#include "nsNSSComponent.h" +#include "pk11pub.h" +#include "prerror.h" +#include "secerr.h" + +NS_IMPL_ISUPPORTS(nsRandomGenerator, nsIRandomGenerator) + +NS_IMETHODIMP +nsRandomGenerator::GenerateRandomBytes(uint32_t aLength, + uint8_t** aBuffer) +{ + NS_ENSURE_ARG_POINTER(aBuffer); + *aBuffer = nullptr; + + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return NS_ERROR_NOT_AVAILABLE; + } + + mozilla::UniquePK11SlotInfo slot(PK11_GetInternalSlot()); + if (!slot) { + return NS_ERROR_FAILURE; + } + + auto buf = static_cast(moz_xmalloc(aLength)); + if (!buf) { + return NS_ERROR_OUT_OF_MEMORY; + } + + SECStatus srv = PK11_GenerateRandomOnSlot(slot.get(), buf, aLength); + if (srv != SECSuccess) { + free(buf); + return NS_ERROR_FAILURE; + } + + *aBuffer = buf; + + return NS_OK; +} + +nsRandomGenerator::~nsRandomGenerator() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + shutdown(ShutdownCalledFrom::Object); +} diff --git a/security/manager/ssl/nsRandomGenerator.h b/security/manager/ssl/nsRandomGenerator.h new file mode 100644 index 000000000..197f2d747 --- /dev/null +++ b/security/manager/ssl/nsRandomGenerator.h @@ -0,0 +1,30 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsRandomGenerator_h +#define nsRandomGenerator_h + +#include "mozilla/Attributes.h" +#include "nsIRandomGenerator.h" +#include "nsNSSShutDown.h" + +#define NS_RANDOMGENERATOR_CID \ + {0xbe65e2b7, 0xfe46, 0x4e0f, {0x88, 0xe0, 0x4b, 0x38, 0x5d, 0xb4, 0xd6, 0x8a}} + +#define NS_RANDOMGENERATOR_CONTRACTID \ + "@mozilla.org/security/random-generator;1" + +class nsRandomGenerator final : public nsIRandomGenerator + , public nsNSSShutDownObject +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIRANDOMGENERATOR + +private: + ~nsRandomGenerator(); + virtual void virtualDestroyNSSReference() override {} +}; + +#endif // nsRandomGenerator_h diff --git a/security/manager/ssl/nsSSLSocketProvider.cpp b/security/manager/ssl/nsSSLSocketProvider.cpp new file mode 100644 index 000000000..c0fe8586f --- /dev/null +++ b/security/manager/ssl/nsSSLSocketProvider.cpp @@ -0,0 +1,68 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/BasePrincipal.h" +#include "nsSSLSocketProvider.h" +#include "nsNSSIOLayer.h" +#include "nsError.h" + +using mozilla::NeckoOriginAttributes; + +nsSSLSocketProvider::nsSSLSocketProvider() +{ +} + +nsSSLSocketProvider::~nsSSLSocketProvider() +{ +} + +NS_IMPL_ISUPPORTS(nsSSLSocketProvider, nsISocketProvider) + +NS_IMETHODIMP +nsSSLSocketProvider::NewSocket(int32_t family, + const char *host, + int32_t port, + nsIProxyInfo *proxy, + const NeckoOriginAttributes &originAttributes, + uint32_t flags, + PRFileDesc **_result, + nsISupports **securityInfo) +{ + nsresult rv = nsSSLIOLayerNewSocket(family, + host, + port, + proxy, + originAttributes, + _result, + securityInfo, + false, + flags); + return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK; +} + +// Add the SSL IO layer to an existing socket +NS_IMETHODIMP +nsSSLSocketProvider::AddToSocket(int32_t family, + const char *host, + int32_t port, + nsIProxyInfo *proxy, + const NeckoOriginAttributes &originAttributes, + uint32_t flags, + PRFileDesc *aSocket, + nsISupports **securityInfo) +{ + nsresult rv = nsSSLIOLayerAddToSocket(family, + host, + port, + proxy, + originAttributes, + aSocket, + securityInfo, + false, + flags); + + return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK; +} diff --git a/security/manager/ssl/nsSSLSocketProvider.h b/security/manager/ssl/nsSSLSocketProvider.h new file mode 100644 index 000000000..95132f204 --- /dev/null +++ b/security/manager/ssl/nsSSLSocketProvider.h @@ -0,0 +1,29 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _NSSSLSOCKETPROVIDER_H_ +#define _NSSSLSOCKETPROVIDER_H_ + +#include "nsISocketProvider.h" + +/* 217d014a-1dd2-11b2-999c-b0c4df79b324 */ +#define NS_SSLSOCKETPROVIDER_CID \ +{ 0x217d014a, 0x1dd2, 0x11b2, {0x99, 0x9c, 0xb0, 0xc4, 0xdf, 0x79, 0xb3, 0x24}} + + +class nsSSLSocketProvider : public nsISocketProvider +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSISOCKETPROVIDER + + // nsSSLSocketProvider methods: + nsSSLSocketProvider(); +protected: + virtual ~nsSSLSocketProvider(); +}; + +#endif /* _NSSSLSOCKETPROVIDER_H_ */ diff --git a/security/manager/ssl/nsSSLStatus.cpp b/security/manager/ssl/nsSSLStatus.cpp new file mode 100644 index 000000000..1538b2aa7 --- /dev/null +++ b/security/manager/ssl/nsSSLStatus.cpp @@ -0,0 +1,379 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/Casting.h" +#include "nsSSLStatus.h" +#include "nsIClassInfoImpl.h" +#include "nsIObjectOutputStream.h" +#include "nsIObjectInputStream.h" +#include "nsNSSCertificate.h" +#include "SignedCertificateTimestamp.h" +#include "ssl.h" + +NS_IMETHODIMP +nsSSLStatus::GetServerCert(nsIX509Cert** aServerCert) +{ + NS_ENSURE_ARG_POINTER(aServerCert); + + nsCOMPtr cert = mServerCert; + cert.forget(aServerCert); + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetKeyLength(uint32_t* aKeyLength) +{ + NS_ENSURE_ARG_POINTER(aKeyLength); + if (!mHaveCipherSuiteAndProtocol) { + return NS_ERROR_NOT_AVAILABLE; + } + + SSLCipherSuiteInfo cipherInfo; + if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo, + sizeof(cipherInfo)) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + *aKeyLength = cipherInfo.symKeyBits; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetSecretKeyLength(uint32_t* aSecretKeyLength) +{ + NS_ENSURE_ARG_POINTER(aSecretKeyLength); + if (!mHaveCipherSuiteAndProtocol) { + return NS_ERROR_NOT_AVAILABLE; + } + + SSLCipherSuiteInfo cipherInfo; + if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo, + sizeof(cipherInfo)) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + *aSecretKeyLength = cipherInfo.effectiveKeyBits; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetCipherName(nsACString& aCipherName) +{ + if (!mHaveCipherSuiteAndProtocol) { + return NS_ERROR_NOT_AVAILABLE; + } + + SSLCipherSuiteInfo cipherInfo; + if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo, + sizeof(cipherInfo)) != SECSuccess) { + return NS_ERROR_FAILURE; + } + + aCipherName.Assign(cipherInfo.cipherSuiteName); + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetProtocolVersion(uint16_t* aProtocolVersion) +{ + NS_ENSURE_ARG_POINTER(aProtocolVersion); + if (!mHaveCipherSuiteAndProtocol) { + return NS_ERROR_NOT_AVAILABLE; + } + + *aProtocolVersion = mProtocolVersion; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetCertificateTransparencyStatus( + uint16_t* aCertificateTransparencyStatus) +{ + NS_ENSURE_ARG_POINTER(aCertificateTransparencyStatus); + + *aCertificateTransparencyStatus = mCertificateTransparencyStatus; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetIsDomainMismatch(bool* aIsDomainMismatch) +{ + NS_ENSURE_ARG_POINTER(aIsDomainMismatch); + + *aIsDomainMismatch = mHaveCertErrorBits && mIsDomainMismatch; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetIsNotValidAtThisTime(bool* aIsNotValidAtThisTime) +{ + NS_ENSURE_ARG_POINTER(aIsNotValidAtThisTime); + + *aIsNotValidAtThisTime = mHaveCertErrorBits && mIsNotValidAtThisTime; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetIsUntrusted(bool* aIsUntrusted) +{ + NS_ENSURE_ARG_POINTER(aIsUntrusted); + + *aIsUntrusted = mHaveCertErrorBits && mIsUntrusted; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetIsExtendedValidation(bool* aIsEV) +{ + NS_ENSURE_ARG_POINTER(aIsEV); + *aIsEV = false; + + // Never allow bad certs for EV, regardless of overrides. + if (mHaveCertErrorBits) { + return NS_OK; + } + + if (mHasIsEVStatus) { + *aIsEV = mIsEV; + return NS_OK; + } + + return NS_ERROR_NOT_AVAILABLE; +} + +NS_IMETHODIMP +nsSSLStatus::Read(nsIObjectInputStream* aStream) +{ + nsCOMPtr cert; + nsresult rv = aStream->ReadObject(true, getter_AddRefs(cert)); + NS_ENSURE_SUCCESS(rv, rv); + + mServerCert = do_QueryInterface(cert); + if (!mServerCert) { + return NS_NOINTERFACE; + } + + rv = aStream->Read16(&mCipherSuite); + NS_ENSURE_SUCCESS(rv, rv); + + // The code below is a workaround to allow serializing new fields + // while preserving binary compatibility with older streams. For more details + // on the binary compatibility requirement, refer to bug 1248628. + // Here, we take advantage of the fact that mProtocolVersion was originally + // stored as a 16 bits integer, but the highest 8 bits were never used. + // These bits are now used for stream versioning. + uint16_t protocolVersionAndStreamFormatVersion; + rv = aStream->Read16(&protocolVersionAndStreamFormatVersion); + NS_ENSURE_SUCCESS(rv, rv); + mProtocolVersion = protocolVersionAndStreamFormatVersion & 0xFF; + const uint8_t streamFormatVersion = + (protocolVersionAndStreamFormatVersion >> 8) & 0xFF; + + rv = aStream->ReadBoolean(&mIsDomainMismatch); + NS_ENSURE_SUCCESS(rv, rv); + rv = aStream->ReadBoolean(&mIsNotValidAtThisTime); + NS_ENSURE_SUCCESS(rv, rv); + rv = aStream->ReadBoolean(&mIsUntrusted); + NS_ENSURE_SUCCESS(rv, rv); + rv = aStream->ReadBoolean(&mIsEV); + NS_ENSURE_SUCCESS(rv, rv); + + rv = aStream->ReadBoolean(&mHasIsEVStatus); + NS_ENSURE_SUCCESS(rv, rv); + rv = aStream->ReadBoolean(&mHaveCipherSuiteAndProtocol); + NS_ENSURE_SUCCESS(rv, rv); + rv = aStream->ReadBoolean(&mHaveCertErrorBits); + NS_ENSURE_SUCCESS(rv, rv); + + // Added in version 1 (see bug 1305289). + if (streamFormatVersion >= 1) { + rv = aStream->Read16(&mCertificateTransparencyStatus); + NS_ENSURE_SUCCESS(rv, rv); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::Write(nsIObjectOutputStream* aStream) +{ + // The current version of the binary stream format. + const uint8_t STREAM_FORMAT_VERSION = 1; + + nsresult rv = aStream->WriteCompoundObject(mServerCert, + NS_GET_IID(nsIX509Cert), + true); + NS_ENSURE_SUCCESS(rv, rv); + + rv = aStream->Write16(mCipherSuite); + NS_ENSURE_SUCCESS(rv, rv); + + uint16_t protocolVersionAndStreamFormatVersion = + mozilla::AssertedCast(mProtocolVersion) | + (STREAM_FORMAT_VERSION << 8); + rv = aStream->Write16(protocolVersionAndStreamFormatVersion); + NS_ENSURE_SUCCESS(rv, rv); + + rv = aStream->WriteBoolean(mIsDomainMismatch); + NS_ENSURE_SUCCESS(rv, rv); + rv = aStream->WriteBoolean(mIsNotValidAtThisTime); + NS_ENSURE_SUCCESS(rv, rv); + rv = aStream->WriteBoolean(mIsUntrusted); + NS_ENSURE_SUCCESS(rv, rv); + rv = aStream->WriteBoolean(mIsEV); + NS_ENSURE_SUCCESS(rv, rv); + + rv = aStream->WriteBoolean(mHasIsEVStatus); + NS_ENSURE_SUCCESS(rv, rv); + rv = aStream->WriteBoolean(mHaveCipherSuiteAndProtocol); + NS_ENSURE_SUCCESS(rv, rv); + rv = aStream->WriteBoolean(mHaveCertErrorBits); + NS_ENSURE_SUCCESS(rv, rv); + + // Added in version 1. + rv = aStream->Write16(mCertificateTransparencyStatus); + NS_ENSURE_SUCCESS(rv, rv); + + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetInterfaces(uint32_t* aCount, nsIID*** aArray) +{ + *aCount = 0; + *aArray = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetScriptableHelper(nsIXPCScriptable** aHelper) +{ + *aHelper = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetContractID(char** aContractID) +{ + *aContractID = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetClassDescription(char** aClassDescription) +{ + *aClassDescription = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +nsSSLStatus::GetClassID(nsCID** aClassID) +{ + *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID)); + if (!*aClassID) { + return NS_ERROR_OUT_OF_MEMORY; + } + return GetClassIDNoAlloc(*aClassID); +} + +NS_IMETHODIMP +nsSSLStatus::GetFlags(uint32_t* aFlags) +{ + *aFlags = 0; + return NS_OK; +} + +static NS_DEFINE_CID(kSSLStatusCID, NS_SSLSTATUS_CID); + +NS_IMETHODIMP +nsSSLStatus::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) +{ + *aClassIDNoAlloc = kSSLStatusCID; + return NS_OK; +} + +nsSSLStatus::nsSSLStatus() +: mCipherSuite(0) +, mProtocolVersion(0) +, mCertificateTransparencyStatus(nsISSLStatus:: + CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE) +, mIsDomainMismatch(false) +, mIsNotValidAtThisTime(false) +, mIsUntrusted(false) +, mIsEV(false) +, mHasIsEVStatus(false) +, mHaveCipherSuiteAndProtocol(false) +, mHaveCertErrorBits(false) +{ +} + +NS_IMPL_ISUPPORTS(nsSSLStatus, nsISSLStatus, nsISerializable, nsIClassInfo) + +nsSSLStatus::~nsSSLStatus() +{ +} + +void +nsSSLStatus::SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus) +{ + MOZ_ASSERT(aServerCert); + + mServerCert = aServerCert; + mIsEV = (aEVStatus == EVStatus::EV); + mHasIsEVStatus = true; +} + +void +nsSSLStatus::SetCertificateTransparencyInfo( + const mozilla::psm::CertificateTransparencyInfo& info) +{ + using mozilla::ct::SignedCertificateTimestamp; + + if (!info.enabled) { + // CT disabled. + mCertificateTransparencyStatus = + nsISSLStatus::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE; + return; + } + + if (!info.processedSCTs) { + // No SCTs processed on the connection. + mCertificateTransparencyStatus = + nsISSLStatus::CERTIFICATE_TRANSPARENCY_NONE; + return; + } + + bool hasOKSCTs = false; + bool hasUnknownLogSCTs = false; + bool hasInvalidSCTs = false; + for (const SignedCertificateTimestamp& sct : info.verifyResult.scts) { + switch (sct.verificationStatus) { + case SignedCertificateTimestamp::VerificationStatus::OK: + hasOKSCTs = true; + break; + case SignedCertificateTimestamp::VerificationStatus::UnknownLog: + hasUnknownLogSCTs = true; + break; + case SignedCertificateTimestamp::VerificationStatus::InvalidSignature: + case SignedCertificateTimestamp::VerificationStatus::InvalidTimestamp: + hasInvalidSCTs = true; + break; + default: + MOZ_ASSERT_UNREACHABLE("Unexpected SCT::VerificationStatus type"); + } + } + + if (hasOKSCTs) { + mCertificateTransparencyStatus = + nsISSLStatus::CERTIFICATE_TRANSPARENCY_OK; + } else if (hasUnknownLogSCTs) { + mCertificateTransparencyStatus = + nsISSLStatus::CERTIFICATE_TRANSPARENCY_UNKNOWN_LOG; + } else if (hasInvalidSCTs) { + mCertificateTransparencyStatus = + nsISSLStatus::CERTIFICATE_TRANSPARENCY_INVALID; + } +} diff --git a/security/manager/ssl/nsSSLStatus.h b/security/manager/ssl/nsSSLStatus.h new file mode 100644 index 000000000..2a8343407 --- /dev/null +++ b/security/manager/ssl/nsSSLStatus.h @@ -0,0 +1,74 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _NSSSLSTATUS_H +#define _NSSSLSTATUS_H + +#include "CertVerifier.h" // For CertificateTransparencyInfo +#include "nsISSLStatus.h" +#include "nsCOMPtr.h" +#include "nsXPIDLString.h" +#include "nsIX509Cert.h" +#include "nsISerializable.h" +#include "nsIClassInfo.h" + +class nsNSSCertificate; + +enum class EVStatus { + NotEV = 0, + EV = 1, +}; + +class nsSSLStatus final + : public nsISSLStatus + , public nsISerializable + , public nsIClassInfo +{ +protected: + virtual ~nsSSLStatus(); +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSISSLSTATUS + NS_DECL_NSISERIALIZABLE + NS_DECL_NSICLASSINFO + + nsSSLStatus(); + + void SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus); + + bool HasServerCert() { + return mServerCert != nullptr; + } + + void SetCertificateTransparencyInfo( + const mozilla::psm::CertificateTransparencyInfo& info); + + /* public for initilization in this file */ + uint16_t mCipherSuite; + uint16_t mProtocolVersion; + uint16_t mCertificateTransparencyStatus; + + bool mIsDomainMismatch; + bool mIsNotValidAtThisTime; + bool mIsUntrusted; + bool mIsEV; + + bool mHasIsEVStatus; + bool mHaveCipherSuiteAndProtocol; + + /* mHaveCertErrrorBits is relied on to determine whether or not a SPDY + connection is eligible for joining in nsNSSSocketInfo::JoinConnection() */ + bool mHaveCertErrorBits; + +private: + nsCOMPtr mServerCert; +}; + +#define NS_SSLSTATUS_CID \ +{ 0xe2f14826, 0x9e70, 0x4647, \ + { 0xb2, 0x3f, 0x10, 0x10, 0xf5, 0x12, 0x46, 0x28 } } + +#endif diff --git a/security/manager/ssl/nsSTSPreloadList.errors b/security/manager/ssl/nsSTSPreloadList.errors new file mode 100644 index 000000000..647f31527 --- /dev/null +++ b/security/manager/ssl/nsSTSPreloadList.errors @@ -0,0 +1,10853 @@ +0-1.party: did not receive HSTS header +00001.am: did not receive HSTS header +00002.am: did not receive HSTS header +0005.com: could not connect to host +0005aa.com: could not connect to host +00220022.net: could not connect to host +007sascha.de: did not receive HSTS header +01100010011001010111001101110100.com: could not connect to host +020wifi.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +0222aa.com: did not receive HSTS header +040fit.nl: did not receive HSTS header +048.ag: could not connect to host +050508.com: could not connect to host +070709.net: could not connect to host +07733.win: could not connect to host +0day.su: could not connect to host +0f.io: could not connect to host +0fl.com: did not receive HSTS header +0g.org.uk: could not connect to host +0i0.nl: could not connect to host +0o0.ooo: could not connect to host +0p.no: did not receive HSTS header +0vi.org: could not connect to host +0w0.vc: could not connect to host +0x0a.net: could not connect to host +0x1337.eu: could not connect to host +0x44.net: did not receive HSTS header +0x4b0c131e.pub: could not connect to host +0x52.org: could not connect to host +0x539.pw: could not connect to host +0x90.fi: could not connect to host +0xa.in: could not connect to host +0xb612.org: could not connect to host +1017scribes.com: could not connect to host +1018hosting.nl: did not receive HSTS header +1022996493.rsc.cdn77.org: could not connect to host +1091.jp: could not connect to host +10gb.io: could not connect to host +10ppm.com: did not receive HSTS header +10seos.com: did not receive HSTS header +10tacle.io: could not connect to host +12.net: did not receive HSTS header +120dayweightloss.com: could not connect to host +123.gg: could not connect to host +123share.org: could not connect to host +123test.de: did not receive HSTS header +123test.es: did not receive HSTS header +123test.fr: did not receive HSTS header +126ium.moe: could not connect to host +127011-networks.ch: did not receive HSTS header +12vpn.org: could not connect to host +12vpnchina.com: could not connect to host +135vv.com: could not connect to host +13826145000.com: could not connect to host +1391kj.com: did not receive HSTS header +1396.cc: did not receive HSTS header +1536.cf: could not connect to host +163pwd.com: could not connect to host +166166.com: could not connect to host +16deza.com: did not receive HSTS header +16packets.com: could not connect to host +173vpn.cn: could not connect to host +173vpns.com: did not receive HSTS header +173vpnv.com: could not connect to host +188betwarriors.co.uk: could not connect to host +188trafalgar.ca: did not receive HSTS header +195gm.com: could not connect to host +1a-jva.de: could not connect to host +1atic.com: could not connect to host +1co-jp.net: did not receive HSTS header +1cover.com: could not connect to host +1k8b.com: could not connect to host +1ll.uk: did not receive HSTS header +1nian.vip: could not connect to host +1q365a.com: could not connect to host +1s.tn: did not receive HSTS header +1stcapital.com.sg: did not receive HSTS header +1three1.net: did not receive HSTS header +1xcess.com: did not receive HSTS header +1years.cc: could not connect to host +2-cpu.de: did not receive HSTS header +206rc.net: max-age too low: 2592000 +20hs.cn: did not receive HSTS header +21lg.co: could not connect to host +247quickbooks.com: did not receive HSTS header +2488.ch: did not receive HSTS header +24hourpaint.com: could not connect to host +24hrs.shopping: could not connect to host +24sihu.com: could not connect to host +25daysof.io: could not connect to host +2859cc.com: could not connect to host +28spots.net: could not connect to host +2acbi-asso.fr: did not receive HSTS header +2bizi.ru: could not connect to host +2brokegirls.org: could not connect to host +2carpros.com: did not receive HSTS header +2intermediate.co.uk: did not receive HSTS header +2or3.tk: could not connect to host +2smart4food.com: did not receive HSTS header +2ss.jp: could not connect to host +300651.ru: did not receive HSTS header +300mbmovie24.com: could not connect to host +300mbmovies4u.cc: could not connect to host +301.website: could not connect to host +302.nyc: could not connect to host +314166.com: could not connect to host +314chan.org: could not connect to host +32ph.com: could not connect to host +33836.com: did not receive HSTS header +33drugstore.com: did not receive HSTS header +341.mg: could not connect to host +3555aa.com: could not connect to host +35792.de: could not connect to host +360gradus.com: did not receive HSTS header +365.or.jp: could not connect to host +368mibn.com: could not connect to host +3778xl.com: did not receive HSTS header +38sihu.com: could not connect to host +39sihu.com: could not connect to host +3bigking.com: could not connect to host +3chit.cf: could not connect to host +3click-loan.com: could not connect to host +3d-bastler.de: could not connect to host +3dcart.com: did not receive HSTS header +3delivered.com: could not connect to host +3dproteinimaging.com: did not receive HSTS header +3fl.com: did not receive HSTS header +3sreporting.com: did not receive HSTS header +3vlnaeet.cz: could not connect to host +3wecommerce.com.br: could not connect to host +404.sh: could not connect to host +404404.info: could not connect to host +411film.com: could not connect to host +41844.de: could not connect to host +420dongstorm.com: could not connect to host +42ms.org: could not connect to host +439191.com: could not connect to host +440hz-radio.de: did not receive HSTS header +4455software.com: could not connect to host +44957.com: could not connect to host +4679.space: could not connect to host +47tech.com: could not connect to host +4azino777.ru: did not receive HSTS header +4cclothing.com: could not connect to host +4d2.xyz: could not connect to host +4eyes.ch: did not receive HSTS header +4loc.us: could not connect to host +4miners.net: could not connect to host +4mybaby.ch: did not receive HSTS header +4ourty2.org: did not receive HSTS header +4sqsu.eu: could not connect to host +4w-performers.link: could not connect to host +4web-hosting.com: could not connect to host +4x4.lk: could not connect to host +5000yz.com: could not connect to host +50millionablaze.org: could not connect to host +513vpn.net: did not receive HSTS header +517vpn.cn: could not connect to host +518maicai.com: did not receive HSTS header +52kb1.com: could not connect to host +52neptune.com: could not connect to host +540.co: did not receive HSTS header +54bf.com: could not connect to host +555fl.com: did not receive HSTS header +56ct.com: could not connect to host +5ece.de: could not connect to host +5piecesofadvice.com: could not connect to host +605508.cc: did not receive HSTS header +605508.com: did not receive HSTS header +60ych.net: did not receive HSTS header +6120.eu: did not receive HSTS header +64616e.xyz: could not connect to host +660011.com: max-age too low: 0 +68277.me: could not connect to host +69mentor.com: could not connect to host +69square.com: could not connect to host +721av.com: max-age too low: 2592000 +7261696e626f77.net: could not connect to host +7777av.co: did not receive HSTS header +7f-wgg.cf: could not connect to host +7kovrikov.ru: did not receive HSTS header +7thheavenrestaurant.com: could not connect to host +7trade8.com: could not connect to host +8.net.co: could not connect to host +808.lv: did not receive HSTS header +83i.net: could not connect to host +8522.am: could not connect to host +8522cn.com: did not receive HSTS header +8560.be: could not connect to host +87577.com: could not connect to host +88.to: could not connect to host +8887999.com: could not connect to host +8888av.co: did not receive HSTS header +888azino.com: did not receive HSTS header +888lu.co: could not connect to host +88laohu.cc: could not connect to host +88laohu.com: could not connect to host +89955.com: could not connect to host +899699.com: did not receive HSTS header +8ballbombom.uk: could not connect to host +8mpay.com: did not receive HSTS header +8t88.biz: could not connect to host +90smthng.com: could not connect to host +91-freedom.com: could not connect to host +9118b.com: could not connect to host +911911.pw: could not connect to host +915ers.com: did not receive HSTS header +922.be: could not connect to host +92bmh.com: did not receive HSTS header +960news.ca: could not connect to host +9651678.ru: could not connect to host +99511.fi: did not receive HSTS header +9iwan.net: did not receive HSTS header +9jadirect.com: could not connect to host +9point6.com: could not connect to host +9ss6.com: could not connect to host +9tolife.be: did not receive HSTS header +a-plus.space: could not connect to host +a-rickroll-n.pw: could not connect to host +a-theme.com: could not connect to host +a1-autopartsglasgow.com: did not receive HSTS header +a200k.xyz: did not receive HSTS header +a3workshop.swiss: could not connect to host +a9c.co: could not connect to host +aa7733.com: did not receive HSTS header +aaeblog.com: did not receive HSTS header +aaeblog.net: did not receive HSTS header +aaeblog.org: did not receive HSTS header +aaoo.net: could not connect to host +aapp.space: could not connect to host +aaron-gustafson.com: did not receive HSTS header +aaronkimmig.de: did not receive HSTS header +abareplace.com: did not receive HSTS header +abcdentalcare.com: did not receive HSTS header +abearofsoap.com: could not connect to host +aberdeenalmeras.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +abilitylist.org: did not receive HSTS header +abioniere.de: could not connect to host +ablogagency.net: could not connect to host +abloop.com: could not connect to host +abmahnhelfer.de: did not receive HSTS header +abnarnro.com: could not connect to host +abolition.co: could not connect to host +abona24.pl: max-age too low: 0 +about.ge: did not receive HSTS header +aboutmyip.info: did not receive HSTS header +aboutmyproperty.ca: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +aboutyou-deals.de: could not connect to host +absinthium.ch: could not connect to host +abt.de: did not receive HSTS header +abtom.de: did not receive HSTS header +abury.fr: did not receive HSTS header +abury.me: did not receive HSTS header +abyssproject.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +ac0g.dyndns.org: could not connect to host +acabadosboston.com: could not connect to host +academialowcost.com.br: did not receive HSTS header +academicenterprise.org: could not connect to host +acai51.net: could not connect to host +acbc.ie: max-age too low: 0 +accelerole.com: did not receive HSTS header +accelight.co.jp: did not receive HSTS header +accelight.jp: did not receive HSTS header +access-sofia.org: did not receive HSTS header +accommodation-berry.com.au: max-age too low: 300 +accountradar.com: max-age too low: 86400 +accounts-p.com: could not connect to host +accuritpresence.com: did not receive HSTS header +accwing.com: could not connect to host +acg.sb: could not connect to host +acgaudio.com: could not connect to host +acgmoon.org: did not receive HSTS header +acheirj.com.br: could not connect to host +acheritage.co.uk: did not receive HSTS header +achterhoekseveiligheidsbeurs.nl: could not connect to host +acisonline.net: did not receive HSTS header +acoffeeshops.com: could not connect to host +acpinformatique.fr: could not connect to host +acr.im: could not connect to host +acrepairdrippingsprings.com: could not connect to host +acritelli.com: did not receive HSTS header +acrossgw.com: could not connect to host +acslimited.co.uk: did not receive HSTS header +activateplay.com: max-age too low: 86400 +active-escape.com: did not receive HSTS header +activeclearweb.com: could not connect to host +activeweb.top: could not connect to host +activiti.alfresco.com: did not receive HSTS header +actu-medias.com: could not connect to host +actualite-videos.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +acuve.jp: could not connect to host +ada.is: max-age too low: 2592000 +adajwells.me: could not connect to host +adambryant.ca: could not connect to host +adamdixon.co.uk: could not connect to host +adamricheimer.com: could not connect to host +adamwk.com: did not receive HSTS header +adastra.re: could not connect to host +adboos.com: could not connect to host +addaxpetroleum.com: could not connect to host +addvocate.com: could not connect to host +adec-emsa.ae: could not connect to host +adelevie.com: could not connect to host +adelinlydia-coach.com: did not receive HSTS header +adequatetechnology.com: could not connect to host +aderal.io: could not connect to host +adesa-asesoria.com: did not receive HSTS header +adfa-1.com: could not connect to host +adhosting.nl: did not receive HSTS header +adhs-chaoten.net: did not receive HSTS header +adindexr.com: could not connect to host +admin.google.com: did not receive HSTS header (error ignored - included regardless) +admiral.dp.ua: did not receive HSTS header +admitcard.co.in: did not receive HSTS header +admsel.ec: could not connect to host +adoge.me: could not connect to host +adonairelogios.com.br: could not connect to host +adopteunsiteflash.com: could not connect to host +adquisitio.de: could not connect to host +adquisitio.in: could not connect to host +adriancohea.ninja: did not receive HSTS header +adrianseo.ro: did not receive HSTS header +adrl.ca: could not connect to host +adsfund.org: could not connect to host +aduedu.de: did not receive HSTS header +adult.properties: could not connect to host +adunanza.net: did not receive HSTS header +advancedstudio.ro: did not receive HSTS header +advantagemechanicalinc.com: did not receive HSTS header +adventures.is: did not receive HSTS header +adver.top: did not receive HSTS header +adviespuntklokkenluiders.nl: could not connect to host +adzuna.co.uk: did not receive HSTS header +aemoria.com: could not connect to host +aerialmediapro.net: could not connect to host +aerolog.co: did not receive HSTS header +aerotheque.fr: did not receive HSTS header +aes256.ru: could not connect to host +aether.pw: could not connect to host +aevpn.net: could not connect to host +aevpn.org: could not connect to host +aeyoun.com: did not receive HSTS header +af-fotografie.net: did not receive HSTS header +afdkompakt.de: max-age too low: 86400 +affily.io: could not connect to host +aficotroceni.ro: did not receive HSTS header +afiru.net: could not connect to host +afmchandler.com: did not receive HSTS header +afp548.tk: could not connect to host +africantourer.com: did not receive HSTS header +after.im: did not receive HSTS header +afterstack.net: could not connect to host +afvallendoeje.nu: could not connect to host +afyou.co.kr: could not connect to host +afzco.asia: did not receive HSTS header +agalaxyfarfaraway.co.uk: could not connect to host +agatheetraphael.fr: could not connect to host +agbremen.de: did not receive HSTS header +agentseeker.ca: could not connect to host +agevio.com: could not connect to host +agonswim.com: could not connect to host +agrias.com.br: did not receive HSTS header +agrimap.com: did not receive HSTS header +agro-id.gov.ua: did not receive HSTS header +agtv.com.br: did not receive HSTS header +ahabingo.com: did not receive HSTS header +ahfazahmed.net: did not receive HSTS header +ahoynetwork.com: did not receive HSTS header +ahri.ovh: could not connect to host +ahwah.net: could not connect to host +ahwatukeefoothillsmontessori.com: did not receive HSTS header +aicial.com.au: could not connect to host +aidanmontare.net: could not connect to host +aidanwoods.com: did not receive HSTS header +aidikofflaw.com: did not receive HSTS header +aids.gov: did not receive HSTS header +aifreeze.ru: could not connect to host +aify.eu: could not connect to host +aiicy.org: could not connect to host +aim-consultants.com: could not connect to host +ainrb.com: could not connect to host +aip-marine.com: could not connect to host +aiponne.com: could not connect to host +airlea.com: could not connect to host +airlinecheckins.com: did not receive HSTS header +airmazinginflatables.com: did not receive HSTS header +airproto.com: did not receive HSTS header +aishnair.com: could not connect to host +aisle3.space: could not connect to host +aiticon.de: did not receive HSTS header +aiw-thkoeln.online: could not connect to host +ajmahal.com: could not connect to host +ajouin.com: could not connect to host +aka.my: did not receive HSTS header +akboy.pw: could not connect to host +akclinics.org: did not receive HSTS header +akerek.hu: could not connect to host +akgundemirbas.com: could not connect to host +akiba-server.info: could not connect to host +akita-stream.com: could not connect to host +akkadia.cc: could not connect to host +akombakom.net: could not connect to host +akoww.de: could not connect to host +akselimedia.fi: did not receive HSTS header +akstudentsfirst.org: did not receive HSTS header +aktivist.in: did not receive HSTS header +akul.co.in: could not connect to host +al-f.net: could not connect to host +al-shami.net: could not connect to host +aladdin.ie: did not receive HSTS header +alair.cn: did not receive HSTS header +alanlee.net: could not connect to host +alanrickmanflipstable.com: could not connect to host +alariel.de: did not receive HSTS header +alarme-gps.ch: could not connect to host +alarmegps.ch: could not connect to host +alarmsystemreviews.com: did not receive HSTS header +alasta.info: could not connect to host +alauda-home.de: could not connect to host +albanien.guide: could not connect to host +alberguecimballa.es: could not connect to host +albertbogdanowicz.pl: did not receive HSTS header +albertopimienta.com: did not receive HSTS header +alcantarafleuriste.com: did not receive HSTS header +alcatraz.online: could not connect to host +alcazaar.com: could not connect to host +alcnutrition.com: could not connect to host +aldorr.net: could not connect to host +alecvannoten.be: did not receive HSTS header +alenan.org: could not connect to host +alessandro.pw: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +alessandroz.pro: could not connect to host +alethearose.com: did not receive HSTS header +alexandernorth.ch: could not connect to host +alexandre.sh: did not receive HSTS header +alexdodge.ca: could not connect to host +alexei.su: could not connect to host +alexkidd.de: did not receive HSTS header +alexmol.tk: could not connect to host +alexperry.io: could not connect to host +alfa24.pro: could not connect to host +alfredxing.com: did not receive HSTS header +alilialili.ga: could not connect to host +alistairpialek.com: max-age too low: 86400 +alittlebitcheeky.com: did not receive HSTS header +aljaspod.net: did not receive HSTS header +aljmz.com: did not receive HSTS header +alkami.com: could not connect to host +alkamitech.com: did not receive HSTS header +all-subtitles.com: could not connect to host +all.tf: could not connect to host +all4os.com: did not receive HSTS header +alldaymonitoring.com: could not connect to host +alldm.ru: could not connect to host +allegro-inc.com: did not receive HSTS header +allinnote.com: could not connect to host +allmbw.com: could not connect to host +allmystery.de: did not receive HSTS header +allo-symo.fr: did not receive HSTS header +allods-zone.ru: could not connect to host +alloffice.com.ua: did not receive HSTS header +alloinformatique.net: could not connect to host +allrealty.co.za: could not connect to host +allscammers.exposed: could not connect to host +allsortscastles.co.uk: did not receive HSTS header +allstarswithus.com: could not connect to host +aloalabs.com: did not receive HSTS header +alpha.irccloud.com: could not connect to host +alphabit-secure.com: could not connect to host +alphabuild.io: could not connect to host +alphagamers.net: did not receive HSTS header +alphalabs.xyz: could not connect to host +alphasall.com: could not connect to host +als-hardware.co.za: did not receive HSTS header +alspolska.pl: could not connect to host +alt33c3.org: could not connect to host +altahrim.net: could not connect to host +altailife.ru: did not receive HSTS header +altamarea.se: could not connect to host +alteqnia.com: could not connect to host +altfire.ca: could not connect to host +altmv.com: max-age too low: 7776000 +aluminium-scaffolding.co.uk: could not connect to host +alunjam.es: did not receive HSTS header +alusta.co: could not connect to host +am8888.top: could not connect to host +amandaonishi.com: could not connect to host +amateurvoicetalent.com: could not connect to host +amavis.org: did not receive HSTS header +amazing-gaming.fr: could not connect to host +amcvega.com: did not receive HSTS header +amdouglas.uk: could not connect to host +amerhd.com: could not connect to host +american-truck-simulator.de: could not connect to host +american-truck-simulator.net: could not connect to host +americandistribuidora.com: could not connect to host +americansportsinstitute.org: did not receive HSTS header +americanworkwear.nl: did not receive HSTS header +amigogeek.net: could not connect to host +amilx.com: could not connect to host +amilx.org: could not connect to host +amimoto-ami.com: max-age too low: 3153600 +amishsecurity.com: could not connect to host +amitse.com: did not receive HSTS header +amitube.com: did not receive HSTS header +amlvfs.net: could not connect to host +ammoulianiapartments.com: did not receive HSTS header +amo-entreprise-et-commerce.fr: could not connect to host +amoory.com: could not connect to host +amorimendes.com.br: could not connect to host +amri.nl: did not receive HSTS header +amua.fr: could not connect to host +amunoz.org: could not connect to host +anabol.nl: could not connect to host +anacruz.es: did not receive HSTS header +anadoluefessporkulubu.org: could not connect to host +anagra.ms: could not connect to host +analytic-s.ml: could not connect to host +analyticsinmotion.net: could not connect to host +analyzemyfriends.com: could not connect to host +ancientcraft.eu: did not receive HSTS header +ancientkarma.com: could not connect to host +andere-gedanken.net: max-age too low: 10 +anderslind.dk: could not connect to host +andiplusben.com: could not connect to host +andre-ballensiefen.de: did not receive HSTS header +andreas-kluge.eu: could not connect to host +andreasanti.net: did not receive HSTS header +andreasbreitenlohner.de: max-age too low: 600000 +andreasfritz-fotografie.de: could not connect to host +andreaskluge.eu: could not connect to host +andreastoneman.com: could not connect to host +andrei-coman.com: could not connect to host +andreigec.net: did not receive HSTS header +andrerose.ca: did not receive HSTS header +andrew.fi: did not receive HSTS header +andrew.london: did not receive HSTS header +andrewbroekman.com: did not receive HSTS header +andrewdaws.co: could not connect to host +andrewdaws.info: could not connect to host +andrewdaws.me: could not connect to host +andrewdaws.tv: could not connect to host +andrewmichaud.beer: could not connect to host +andrewrdaws.com: could not connect to host +andrewregan.me: could not connect to host +andrewvoce.com: did not receive HSTS header +andrewx.net: could not connect to host +andrewyg.net: could not connect to host +andreypopp.com: did not receive HSTS header +androidprosmart.com: could not connect to host +androled.fr: max-age too low: 5184000 +androoz.se: could not connect to host +anduril.de: could not connect to host +anduril.eu: could not connect to host +andyclark.io: could not connect to host +andymartin.cc: could not connect to host +andyuk.org: did not receive HSTS header +anfsanchezo.co: could not connect to host +anfsanchezo.me: could not connect to host +angeloroberto.ch: did not receive HSTS header +anghami.com: did not receive HSTS header +anglesya.win: did not receive HSTS header +anglictinatabor.cz: could not connect to host +angrydragonproductions.com: could not connect to host +angryroute.com: could not connect to host +animal-nature-human.com: did not receive HSTS header +anime1video.tk: could not connect to host +animeday.ml: could not connect to host +animesfusion.com.br: could not connect to host +animurecs.com: did not receive HSTS header +aniplus.cf: could not connect to host +aniplus.gq: could not connect to host +aniplus.ml: could not connect to host +anisekai.com: max-age too low: 2592000 +anitklib.ml: could not connect to host +ankakaak.com: could not connect to host +ankaraprofesyonelnakliyat.com: did not receive HSTS header +ankaraprofesyonelnakliyat.com.tr: did not receive HSTS header +ankarayilmaznakliyat.com: did not receive HSTS header +ankarayucelnakliyat.com: did not receive HSTS header +annabellaw.com: did not receive HSTS header +annahmeschluss.de: did not receive HSTS header +annetaan.fi: could not connect to host +annonasoftware.com: could not connect to host +anomaly.ws: did not receive HSTS header +anonymo.co.uk: could not connect to host +anonymo.uk: could not connect to host +anonymousstatecollegelulzsec.com: could not connect to host +anook.com: max-age too low: 0 +anoxinon.de: did not receive HSTS header +ansdell.info: could not connect to host +anshuman-chatterjee.com: did not receive HSTS header +ansibeast.net: could not connect to host +anstoncs.com.au: max-age too low: 86400 +answers-online.ru: could not connect to host +ant.land: could not connect to host +anthenor.co.uk: could not connect to host +anthonyavon.com: could not connect to host +antimatiere.space: could not connect to host +antimine.kr: could not connect to host +antoine-roux.fr: could not connect to host +antoined.fr: did not receive HSTS header +antoinemary.io: could not connect to host +antoineschaller.ch: did not receive HSTS header +antoniomarques.eu: did not receive HSTS header +antoniorequena.com.ve: could not connect to host +antscript.com: did not receive HSTS header +anttitenhunen.com: could not connect to host +anycoin.me: could not connect to host +anymetrix.io: did not receive HSTS header +anyways.at: could not connect to host +aocast.info: could not connect to host +aojf.fr: could not connect to host +aopedeure.nl: could not connect to host +aov.io: could not connect to host +aozora.moe: could not connect to host +apachelounge.com: did not receive HSTS header +apadrinaunolivo.org: did not receive HSTS header +apaginastore.com.br: could not connect to host +apeasternpower.com: could not connect to host +aperture-laboratories.science: did not receive HSTS header +api.mega.co.nz: could not connect to host +apibot.de: could not connect to host +apis.google.com: did not receive HSTS header (error ignored - included regardless) +apis.world: could not connect to host +apkoyunlar.club: could not connect to host +apm.com.tw: did not receive HSTS header +apmg-certified.com: did not receive HSTS header +apmg-cyber.com: did not receive HSTS header +apnakliyat.com: did not receive HSTS header +apolloyl.com: could not connect to host +aponkral.site: could not connect to host +aponkralsunucu.com: could not connect to host +aponow.de: did not receive HSTS header +app: could not connect to host +app-arena.com: did not receive HSTS header +app.lookout.com: did not receive HSTS header +app.manilla.com: could not connect to host +apparels24.com: could not connect to host +appart.ninja: could not connect to host +appdb.cc: did not receive HSTS header +appdrinks.com: could not connect to host +appengine.google.com: did not receive HSTS header (error ignored - included regardless) +apple.ax: could not connect to host +applez.xyz: could not connect to host +applic8.com: did not receive HSTS header +appraisal-comps.com: could not connect to host +appreciationkards.com: did not receive HSTS header +approlys.fr: did not receive HSTS header +apps-for-fishing.com: could not connect to host +appsbystudio.co.uk: did not receive HSTS header +appsdash.io: could not connect to host +appuro.com: did not receive HSTS header +aquapoint.kiev.ua: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +aquariumaccessories.shop: did not receive HSTS header +aquilalab.com: could not connect to host +arabdigitalexpression.org: did not receive HSTS header +aradulconteaza.ro: could not connect to host +aran.me.uk: could not connect to host +arboineuropa.nl: did not receive HSTS header +arboleda-hurtado.com: could not connect to host +arbu.eu: max-age too low: 2419200 +ardao.me: did not receive HSTS header +ardorlabs.se: could not connect to host +area3.org: could not connect to host +arenlor.com: could not connect to host +arenlor.info: could not connect to host +arenns.com: could not connect to host +arent.kz: could not connect to host +arewedubstepyet.com: did not receive HSTS header +areyouever.me: did not receive HSTS header +argennon.xyz: could not connect to host +argh.io: could not connect to host +arguggi.co.uk: could not connect to host +ariacreations.net: did not receive HSTS header +arislight.com: could not connect to host +arkadiyt.com: did not receive HSTS header +arlen.io: could not connect to host +arlen.se: could not connect to host +armenians.online: could not connect to host +armingrodon.de: max-age too low: 0 +armor.com: did not receive HSTS header +armored.ninja: could not connect to host +armory.consulting: could not connect to host +armory.supplies: could not connect to host +armsday.com: could not connect to host +armytricka.cz: did not receive HSTS header +arne-petersen.net: could not connect to host +arod.tk: could not connect to host +aromaclub.nl: did not receive HSTS header +aroundme.org: did not receive HSTS header +arpa.ph: did not receive HSTS header +arpr.co: did not receive HSTS header +arrayify.com: could not connect to host +arresttracker.com: could not connect to host +arrow-cloud.nl: could not connect to host +arrowfunction.com: could not connect to host +ars-design.net: could not connect to host +art2web.net: could not connect to host +artartefatos.com.br: could not connect to host +artegusto.ru: did not receive HSTS header +artesupra.com: did not receive HSTS header +arthan.me: could not connect to host +articaexports.com: could not connect to host +artifex21.com: could not connect to host +artifex21.fr: could not connect to host +artiming.com: could not connect to host +artisanhd.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +artisavotins.com: could not connect to host +artisense.de: could not connect to host +artisticedgegranite.net: could not connect to host +artistnetwork.nl: did not receive HSTS header +arto.bg: did not receive HSTS header +arturkohut.com: could not connect to host +artyland.ru: did not receive HSTS header +arvamus.eu: could not connect to host +arzaroth.com: did not receive HSTS header +as.se: could not connect to host +as9178.net: could not connect to host +asahikoji.net: could not connect to host +asasuou.pw: could not connect to host +asc16.com: could not connect to host +ascamso.com: could not connect to host +aschaefer.net: could not connect to host +asdpress.cn: could not connect to host +ashlane-cottages.com: could not connect to host +ashleyadum.com: could not connect to host +ashleymedway.com: did not receive HSTS header +asianodor.com: could not connect to host +ask.pe: did not receive HSTS header +askfit.cz: did not receive HSTS header +askmagicconch.com: could not connect to host +asmui.ga: could not connect to host +asmui.ml: could not connect to host +asphaltfruehling.de: could not connect to host +asral7.com: could not connect to host +ass.org.au: could not connect to host +assdecoeur.org: could not connect to host +assekuranzjobs.de: could not connect to host +asset-alive.com: did not receive HSTS header +asset-alive.net: did not receive HSTS header +assindia.nl: could not connect to host +asthon.cn: could not connect to host +astral.gq: could not connect to host +astrea-voetbal-groningen.nl: could not connect to host +astrolpost.com: could not connect to host +astromelody.com: did not receive HSTS header +asuhe.xyz: could not connect to host +at-one.ca: could not connect to host +at1.co: could not connect to host +atavio.at: could not connect to host +atavio.ch: could not connect to host +atavio.de: did not receive HSTS header +atbeckett.com: did not receive HSTS header +atcreform.gov: did not receive HSTS header +atelier-rk.com: did not receive HSTS header +atencionbimbo.com: max-age too low: 86400 +athaliasoft.com: could not connect to host +athenelive.com: could not connect to host +athensbusinessresources.us: did not receive HSTS header +athi.pl: could not connect to host +athul.xyz: could not connect to host +atigerseye.com: could not connect to host +atlex.nl: did not receive HSTS header +atlseccon.com: did not receive HSTS header +atomic.menu: could not connect to host +atomik.pro: could not connect to host +atop.io: could not connect to host +attic118.com: could not connect to host +attimidesigns.com: did not receive HSTS header +attogproductions.com: could not connect to host +au-pair24.de: did not receive HSTS header +au.search.yahoo.com: max-age too low: 172800 +au2pb.net: could not connect to host +aubiosales.com: could not connect to host +aucubin.moe: could not connect to host +audiovisualdevices.com.au: did not receive HSTS header +auditmatrix.com: did not receive HSTS header +aufmerksamkeitsstudie.com: could not connect to host +augias.org: could not connect to host +augrandinquisiteur.com: did not receive HSTS header +aujapan.ru: could not connect to host +aurainfosec.com: did not receive HSTS header +aurainfosec.com.au: did not receive HSTS header +auraredeye.com: could not connect to host +auraredshield.com: could not connect to host +aurora-terraria.org: did not receive HSTS header +auroratownshipfd.org: could not connect to host +aurugs.com: did not receive HSTS header +ausec.ch: could not connect to host +ausnah.me: could not connect to host +ausoptic.com.au: max-age too low: 2592000 +aussiecable.org: did not receive HSTS header +austinsutphin.com: could not connect to host +australiancattle.dog: could not connect to host +auth.mail.ru: did not receive HSTS header +authentication.io: could not connect to host +authint.com: could not connect to host +authland.com: could not connect to host +author24.ru: did not receive HSTS header +authoritynutrition.com: did not receive HSTS header +authsrv.nl.eu.org: could not connect to host +auto-serwis.zgorzelec.pl: did not receive HSTS header +auto3d.cn: could not connect to host +auto4trade.nl: could not connect to host +autobedarf.net: did not receive HSTS header +autodeploy.it: could not connect to host +autoecolebudget.ch: did not receive HSTS header +autoeet.cz: did not receive HSTS header +autoepc.ro: did not receive HSTS header +autojuhos.sk: could not connect to host +autokovrik-diskont.ru: did not receive HSTS header +automobiles5.com: could not connect to host +autosearch.me: could not connect to host +autosiero.nl: did not receive HSTS header +autostop-occasions.be: could not connect to host +autotsum.com: could not connect to host +autumnwindsagility.com: could not connect to host +auverbox.ovh: could not connect to host +aux-arts-de-la-table.com: did not receive HSTS header +auxetek.se: could not connect to host +auxiliumincrementum.co.uk: could not connect to host +av.de: did not receive HSTS header +avadatravel.com: did not receive HSTS header +avantmfg.com: did not receive HSTS header +avdelivers.com: could not connect to host +avec-ou-sans-ordonnance.fr: could not connect to host +aveling-adventure.co.uk: did not receive HSTS header +avepol.cz: did not receive HSTS header +avepol.eu: did not receive HSTS header +aviacao.pt: did not receive HSTS header +avidcruiser.com: did not receive HSTS header +aviodeals.com: could not connect to host +avonlearningcampus.com: could not connect to host +avqueen.cn: could not connect to host +avus-automobile.com: did not receive HSTS header +awan.tech: could not connect to host +awanderlustadventure.com: did not receive HSTS header +awf0.xyz: could not connect to host +awg-mode.de: did not receive HSTS header +aww.moe: did not receive HSTS header +axado.com.br: did not receive HSTS header +axel-fischer.science: could not connect to host +axelchv.fr: did not receive HSTS header +axeny.com: did not receive HSTS header +axg.io: did not receive HSTS header +axolsoft.com: max-age too low: 10540800 +ayahuascaadvisor.com: could not connect to host +ayor.jp: could not connect to host +ayor.tech: could not connect to host +ayuru.info: could not connect to host +azamra.com: did not receive HSTS header +azazy.net: max-age too low: 2592000 +azirevpn.com: did not receive HSTS header +azlo.com: did not receive HSTS header +azprep.us: could not connect to host +b-landia.net: did not receive HSTS header +b-rickroll-e.pw: could not connect to host +b-space.de: did not receive HSTS header +b2bpromoteit.com: did not receive HSTS header +b303.me: did not receive HSTS header +b3orion.com: max-age too low: 0 +b8a.me: could not connect to host +babelfisch.eu: could not connect to host +baby-click.de: did not receive HSTS header +babybee.ie: could not connect to host +babybic.hu: did not receive HSTS header +babycs.house: could not connect to host +babyhouse.xyz: could not connect to host +babymasaze.cz: did not receive HSTS header +babysaying.me: could not connect to host +bacchanallia.com: could not connect to host +back-bone.nl: did not receive HSTS header +backgroundchecks.online: did not receive HSTS header +backintomotionphysiotherapy.com: did not receive HSTS header +backyardbbqbash.com: did not receive HSTS header +bad.pet: could not connect to host +bad.show: could not connect to host +badcronjob.com: could not connect to host +badenhard.eu: could not connect to host +badkamergigant.com: could not connect to host +badlink.org: could not connect to host +baff.lu: could not connect to host +bageez.us: could not connect to host +bagiobella.com: max-age too low: 0 +baiduaccount.com: could not connect to host +bailbondsaffordable.com: did not receive HSTS header +bair.io: could not connect to host +baito-j.jp: did not receive HSTS header +baiyangliu.com: could not connect to host +baka.network: could not connect to host +bakaweb.fr: could not connect to host +bakhansen.com: did not receive HSTS header +bakingstone.com: could not connect to host +bakkerdesignandbuild.com: did not receive HSTS header +balatoni-nyar.hu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +balcan-underground.net: could not connect to host +baldwinkoo.com: could not connect to host +baleares.party: could not connect to host +balihai.com: did not receive HSTS header +balloonphp.com: could not connect to host +ballparkbuns.com: max-age too low: 86400 +balnearionaturaspa.com: did not receive HSTS header +balonmano.co: could not connect to host +bambooforest.nl: could not connect to host +bambumania.com.br: could not connect to host +bananabandy.com: could not connect to host +bananium.fr: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +banbanchs.com: could not connect to host +banchethai.com: could not connect to host +bandally.net: could not connect to host +bandarifamily.com: could not connect to host +bandb.xyz: could not connect to host +bandrcrafts.com: did not receive HSTS header +bangzafran.com: did not receive HSTS header +bank: could not connect to host +bankmilhas.com.br: did not receive HSTS header +banksaround.com: did not receive HSTS header +bannisbierblog.de: could not connect to host +banqingdiao.com: could not connect to host +baobaobooks.net: did not receive HSTS header +baobeiglass.com: did not receive HSTS header +barcel.com.mx: max-age too low: 86400 +barely.sexy: did not receive HSTS header +barracuda.blog: could not connect to host +barreaudenice.com: could not connect to host +barrelhead.org: could not connect to host +barrut.me: did not receive HSTS header +barshout.co.uk: could not connect to host +bartbania.com: did not receive HSTS header +bartlamboo.nl: could not connect to host +barunisystems.com: could not connect to host +bashcode.ninja: could not connect to host +basicsolutionsus.com: did not receive HSTS header +basilisk.io: could not connect to host +bassh.net: did not receive HSTS header +batfoundry.com: could not connect to host +baud.ninja: could not connect to host +baudairenergyservices.com: did not receive HSTS header +baum.ga: could not connect to host +baumstark.ca: could not connect to host +baysse.eu: could not connect to host +bazarstupava.sk: could not connect to host +bazisszoftver.hu: did not receive HSTS header +bb-shiokaze.jp: did not receive HSTS header +bbb1991.me: could not connect to host +bbdos.ru: could not connect to host +bbka.org.uk: could not connect to host +bblovess.cn: could not connect to host +bbnx.net: could not connect to host +bbrinck.eu: could not connect to host +bbuio.com: max-age too low: 86400 +bbwdom.xyz: could not connect to host +bbwfacesitting.xyz: could not connect to host +bbwfight.xyz: could not connect to host +bbwteens.org: could not connect to host +bcbsmagentprofile.com: could not connect to host +bcchack.com: could not connect to host +bccx.com: could not connect to host +bcheng.cf: did not receive HSTS header +bchep.com: could not connect to host +bckp.de: could not connect to host +bcm.com.au: did not receive HSTS header +bcnx.de: max-age too low: 0 +bcradio.org: could not connect to host +bcsytv.com: could not connect to host +bcvps.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +bcweightlifting.ca: could not connect to host +bddemir.com: could not connect to host +bde-epitech.fr: could not connect to host +bdsmxxxpics.com: could not connect to host +bdvg.org: could not connect to host +be-real.life: did not receive HSTS header +beach-inspector.com: did not receive HSTS header +beachi.es: could not connect to host +beaglewatch.com: could not connect to host +beamitapp.com: could not connect to host +bearden.io: could not connect to host +beardydave.com: did not receive HSTS header +beasel.biz: could not connect to host +beastlog.tk: could not connect to host +beastowner.com: did not receive HSTS header +beautyconcept.co: did not receive HSTS header +beavers.io: could not connect to host +bebeefy.uk: could not connect to host +bebesurdoue.com: could not connect to host +bedabox.com: max-age too low: 0 +bedeta.de: could not connect to host +bedreid.dk: did not receive HSTS header +bedrijvenadministratie.nl: could not connect to host +beerboutique.com.br: could not connect to host +beetleroadstories.com: could not connect to host +befundup.com: could not connect to host +behere.be: could not connect to host +beholdthehurricane.com: could not connect to host +beier.io: did not receive HSTS header +beikeil.de: max-age too low: 86400 +belairsewvac.com: could not connect to host +belewpictures.com: could not connect to host +belgien.guide: could not connect to host +belize-firmengruendung.com: could not connect to host +bellavistaoutdoor.com: could not connect to host +belliash.eu.org: did not receive HSTS header +belltower.io: could not connect to host +belmontprom.com: could not connect to host +belpbleibtbelp.ch: could not connect to host +belwederczykow.eu: could not connect to host +bemyvictim.com: max-age too low: 2678400 +bendechrai.com: did not receive HSTS header +beneffy.com: did not receive HSTS header +benjakesjohnson.com: could not connect to host +benjamin-horvath.com: could not connect to host +benjamin-suess.de: could not connect to host +benk.press: could not connect to host +benny003.de: could not connect to host +benohead.com: did not receive HSTS header +bentphotos.se: could not connect to host +benwattie.com: could not connect to host +benzkosmetik.de: did not receive HSTS header +benzou-space.com: could not connect to host +beourvictim.com: max-age too low: 2678400 +bep362.vn: could not connect to host +beraru.tk: could not connect to host +berduri.com: could not connect to host +berger.work: could not connect to host +bergland-seefeld.at: did not receive HSTS header +berlatih.com: did not receive HSTS header +berlinleaks.com: could not connect to host +bermytraq.bm: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +bernexskiclub.ch: did not receive HSTS header +bernieware.de: could not connect to host +berrymark.be: max-age too low: 0 +berthelier.me: could not connect to host +besixdouze.world: could not connect to host +beslider.com: could not connect to host +besnik.de: could not connect to host +besola.de: did not receive HSTS header +bestbeards.ca: could not connect to host +bestcellular.com: did not receive HSTS header +bestellipticalmachinereview.info: could not connect to host +bestfitnesswatchreview.info: could not connect to host +besthost.cz: did not receive HSTS header +besthotsales.com: could not connect to host +bestof1001.de: did not receive HSTS header +bestorangeseo.com: could not connect to host +betaclean.fr: did not receive HSTS header +betafive.net: could not connect to host +betakah.net: could not connect to host +betcafearena.ro: did not receive HSTS header +bethanyduke.com: did not receive HSTS header +bethditto.com: did not receive HSTS header +betnet.fr: could not connect to host +betobaccofree.gov: could not connect to host +betplanning.it: did not receive HSTS header +bets.de: did not receive HSTS header +betterlifemakers.com: max-age too low: 200 +bettween.com: did not receive HSTS header +betz.ro: did not receive HSTS header +beulahtabernacle.com: could not connect to host +bevapehappy.com: did not receive HSTS header +bewerbungsfibel.de: did not receive HSTS header +bey.io: could not connect to host +beyond-edge.com: could not connect to host +beyuna.co.uk: did not receive HSTS header +beyuna.eu: did not receive HSTS header +beyuna.nl: did not receive HSTS header +bezorg.ninja: could not connect to host +bezprawnik.pl: did not receive HSTS header +bf.am: max-age too low: 0 +bfd.vodka: did not receive HSTS header +bfear.com: could not connect to host +bfelob.gov: could not connect to host +bffm.biz: could not connect to host +bfrailwayclub.cf: could not connect to host +bgcparkstad.nl: did not receive HSTS header +bgmn.net: could not connect to host +bhatia.at: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +biapinheiro.com.br: max-age too low: 5184000 +bible-maroc.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +biblerhymes.com: did not receive HSTS header +bidon.ca: did not receive HSTS header +bie.edu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +bieberium.de: could not connect to host +biego.cn: did not receive HSTS header +bielsa.me: could not connect to host +bienenblog.cc: could not connect to host +bierbringer.at: could not connect to host +big-black.de: did not receive HSTS header +bigbbqbrush.bid: could not connect to host +bigbounceentertainment.co.uk: did not receive HSTS header +bigbrownpromotions.com.au: did not receive HSTS header +bigerbio.com: could not connect to host +biglou.com: max-age too low: 3153600 +bigshinylock.minazo.net: could not connect to host +biguixhe.net: did not receive HSTS header +bijouxdegriffe.com.br: could not connect to host +bijugeral.com.br: could not connect to host +bikermusic.net: could not connect to host +bildiri.ci: did not receive HSTS header +biletua.de: could not connect to host +billin.net: did not receive HSTS header +billkiss.com: could not connect to host +billninja.com: did not receive HSTS header +billrusling.com: could not connect to host +bimbo.com: did not receive HSTS header +bimbo.com.ar: max-age too low: 86400 +bimbobakeriesusa.com: max-age too low: 86400 +binam.center: could not connect to host +binaryfigments.com: max-age too low: 86400 +binderapp.net: could not connect to host +bingcheung.com: could not connect to host +binimo.com: could not connect to host +binsp.net: could not connect to host +bioespuna.eu: did not receive HSTS header +biofam.ru: did not receive HSTS header +bioknowme.com: did not receive HSTS header +bionicspirit.com: could not connect to host +biophysik-ssl.de: did not receive HSTS header +bip.gov.sa: could not connect to host +birkman.com: did not receive HSTS header +birminghamsunset.com: could not connect to host +biscuits-rec.com: could not connect to host +biscuits-shop.com: could not connect to host +bismarck.moe: did not receive HSTS header +bisterfeldt.com: could not connect to host +bitbit.org: did not receive HSTS header +bitbr.net: did not receive HSTS header +bitcantor.com: did not receive HSTS header +bitchan.it: could not connect to host +bitcoin-class.com: could not connect to host +bitcoin-daijin.com: could not connect to host +bitcoinjpn.com: could not connect to host +bitcoinprivacy.net: did not receive HSTS header +bitcoinworld.me: did not receive HSTS header +bitconcepts.co.uk: could not connect to host +biteoftech.com: did not receive HSTS header +bitf.ly: could not connect to host +bitfactory.ws: could not connect to host +bitfarm-archiv.com: did not receive HSTS header +bitfarm-archiv.de: did not receive HSTS header +bitheus.com: could not connect to host +bithosting.io: did not receive HSTS header +bitlish.com: max-age too low: 86400 +bitmaincare.com.ua: could not connect to host +bitmaincare.ru: could not connect to host +bitnet.io: did not receive HSTS header +bitrage.de: could not connect to host +bitraum.io: could not connect to host +bitsafe.systems: did not receive HSTS header +bitvigor.com: did not receive HSTS header +bitwrought.net: could not connect to host +bityes.org: could not connect to host +bivsi.com: could not connect to host +bizcms.com: did not receive HSTS header +bizon.sk: did not receive HSTS header +bizpare.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +bizzartech.com: did not receive HSTS header +bizzybeebouncers.co.uk: did not receive HSTS header +bjgongyi.com: could not connect to host +bjs.gov: did not receive HSTS header +bjtxl.cn: could not connect to host +bkb-skandal.ch: could not connect to host +black-armada.com: could not connect to host +black-armada.com.pl: could not connect to host +black-armada.pl: could not connect to host +black-octopus.ru: could not connect to host +black-raven.fr: did not receive HSTS header +blackburn.link: could not connect to host +blackdiam.net: could not connect to host +blacklane.com: did not receive HSTS header +blackly.uk: max-age too low: 0 +blackpayment.ru: could not connect to host +blackunicorn.wtf: could not connect to host +bladesmith.io: did not receive HSTS header +blakerandall.xyz: could not connect to host +blantik.net: could not connect to host +blauwwit.be: did not receive HSTS header +blazeit.io: could not connect to host +blazor.nl: did not receive HSTS header +blendlecdn.com: could not connect to host +blenheimchalcot.com: did not receive HSTS header +blessnet.jp: did not receive HSTS header +blha303.com.au: could not connect to host +blindaryproduction.tk: could not connect to host +blindsexdate.nl: did not receive HSTS header +blinkenlight.co.uk: could not connect to host +blinkenlight.com.au: could not connect to host +blitzprog.org: could not connect to host +blmiller.com: could not connect to host +blocksatz-medien.de: could not connect to host +blog-ritaline.com: could not connect to host +blog.coffee: could not connect to host +blog.cyveillance.com: did not receive HSTS header +blog.gparent.org: could not connect to host +blog.torproject.org: max-age too low: 1000 +bloglife-bb.com: did not receive HSTS header +bloglikepro.com: could not connect to host +blognone.com: did not receive HSTS header +blogonblogspot.com: did not receive HSTS header +blokuhaka.fr: could not connect to host +bloomnbud.com: did not receive HSTS header +bloomzoomy.ru: max-age too low: 172800 +blowjs.com: could not connect to host +bltc.co: could not connect to host +blubbablasen.de: could not connect to host +blucas.org: did not receive HSTS header +blue17.co.uk: did not receive HSTS header +bluebill.net: did not receive HSTS header +bluecon.eu: did not receive HSTS header +bluefrag.com: did not receive HSTS header +blueglobalmedia.com: did not receive HSTS header +blueliv.com: did not receive HSTS header +bluepearl.tk: could not connect to host +bluescloud.xyz: could not connect to host +bluetenmeer.com: did not receive HSTS header +bluketing.com: did not receive HSTS header +blumen-garage.de: could not connect to host +bluserv.net: could not connect to host +bluteklab.com: did not receive HSTS header +blutroyal.de: could not connect to host +bm-i.ch: could not connect to host +bm-trading.nl: did not receive HSTS header +bngsecure.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +bnhlibrary.com: did not receive HSTS header +board-buy.ru: could not connect to host +bodo-wolff.de: could not connect to host +bodrumfarm.com: could not connect to host +bodyblog.nl: did not receive HSTS header +bodybuilding-legends.com: could not connect to host +bodyweightsolution.com: could not connect to host +boensou.com: did not receive HSTS header +bogosity.se: could not connect to host +bohaishibei.com: did not receive HSTS header +bohan.life: could not connect to host +bohramt.de: did not receive HSTS header +boiadeirodeberna.com: could not connect to host +boltdata.io: could not connect to host +bolwerk.com.br: could not connect to host +bomberus.de: could not connect to host +bonapp.restaurant: could not connect to host +boneko.de: could not connect to host +bonitabrazilian.co.nz: did not receive HSTS header +bonobo.cz: could not connect to host +bonop.com: did not receive HSTS header +bonta.one: did not receive HSTS header +book-of-ra.de: did not receive HSTS header +bookcelerator.com: did not receive HSTS header +booked.holiday: could not connect to host +bookofraonlinecasinos.com: did not receive HSTS header +bookshopofindia.com: could not connect to host +boomerang.com: did not receive HSTS header +boosterlearnpro.com: did not receive HSTS header +booth.in.th: could not connect to host +bootikexpress.fr: did not receive HSTS header +boozinyan.com: could not connect to host +borchers-media.de: could not connect to host +borderlinegroup.com: could not connect to host +boringsecurity.net: could not connect to host +boris.one: did not receive HSTS header +boris64.net: did not receive HSTS header +borisbesemer.com: could not connect to host +borrelioz.com: did not receive HSTS header +borscheid-wenig.com: did not receive HSTS header +bosabosa.org: could not connect to host +boschee.net: could not connect to host +botox.bz: did not receive HSTS header +botstack.host: did not receive HSTS header +bounceboxspc.com: did not receive HSTS header +bouncecoffee.com: did not receive HSTS header +bouncelanduk.co.uk: did not receive HSTS header +bouncing-bugs.co.uk: could not connect to host +bouwbedrijfpurmerend.nl: did not receive HSTS header +bowlroll.net: max-age too low: 0 +boxcryptor.com: did not receive HSTS header +boxing-austria.eu: did not receive HSTS header +boxintense.com: did not receive HSTS header +boxlitepackaging.com: did not receive HSTS header +boyan.in: did not receive HSTS header +boyfriendhusband.men: did not receive HSTS header +bp-wahl.at: did not receive HSTS header +bqcp.net: could not connect to host +bqtoolbox.com: could not connect to host +bragasoft.com.br: did not receive HSTS header +brage.info: could not connect to host +braineet.com: did not receive HSTS header +brainfork.ml: could not connect to host +brainfpv.com: did not receive HSTS header +braintensive.com: could not connect to host +braintm.com: could not connect to host +braintreebouncycastles.com: did not receive HSTS header +braintreegateway.com: did not receive HSTS header +braintreepayments.com: did not receive HSTS header +brainvation.de: did not receive HSTS header +brambogaerts.nl: did not receive HSTS header +bran.cc: could not connect to host +branchtrack.com: did not receive HSTS header +branchzero.com: did not receive HSTS header +brandnewdays.nl: could not connect to host +brandon.so: could not connect to host +brandons.site: did not receive HSTS header +brandontaylor-black.com: could not connect to host +brandred.net: could not connect to host +brandspray.com: could not connect to host +brasilien.guide: could not connect to host +brasilmorar.com: could not connect to host +bravz.de: could not connect to host +breathingblanket.com: could not connect to host +brenden.net.au: could not connect to host +bress.cloud: could not connect to host +brettpemberton.xyz: did not receive HSTS header +briangarcia.ga: could not connect to host +brianpcurran.com: could not connect to host +brickoo.com: could not connect to host +brickyardbuffalo.com: did not receive HSTS header +bridholm.se: could not connect to host +brightonchilli.org.uk: could not connect to host +brightstarkids.co.uk: did not receive HSTS header +brightstarkids.com.au: did not receive HSTS header +brightstarkids.net: did not receive HSTS header +brightstarkids.sg: did not receive HSTS header +brilliantbuilders.co.uk: did not receive HSTS header +brio-ukraine.store: could not connect to host +britzer-toner.de: did not receive HSTS header +brix.ninja: did not receive HSTS header +brks.xyz: could not connect to host +broken-oak.com: could not connect to host +brookechase.com: did not receive HSTS header +brookframework.org: could not connect to host +browserid.org: could not connect to host +brrd.io: did not receive HSTS header +brrr.fr: could not connect to host +brunix.net: did not receive HSTS header +brunohenc.from.hr: could not connect to host +brunoonline.co.uk: could not connect to host +bryn.xyz: could not connect to host +brynnan.nl: could not connect to host +bs12v.ru: did not receive HSTS header +bsalyzer.com: could not connect to host +bsdtips.com: could not connect to host +bsklabels.com: did not receive HSTS header +bsktweetup.info: could not connect to host +bslim-e-boutique.com: could not connect to host +bsuess.de: could not connect to host +btc-e.com: did not receive HSTS header +btcdlc.com: could not connect to host +btcpot.ltd: did not receive HSTS header +btxiaobai.com: did not receive HSTS header +buben.tech: did not receive HSTS header +bubulazi.com: did not receive HSTS header +bubulazy.com: did not receive HSTS header +buch-cuber.de: max-age too low: 0 +buchheld.at: did not receive HSTS header +bucket.tk: could not connect to host +budgetthostels.nl: did not receive HSTS header +budskap.eu: could not connect to host +buenosairesestetica.com.ar: could not connect to host +bugginslab.co.uk: could not connect to host +bugsmashed.com: could not connect to host +bugtrack.io: could not connect to host +buhler.pro: did not receive HSTS header +build.chromium.org: did not receive HSTS header (error ignored - included regardless) +buildci.asia: could not connect to host +buildify.co.za: could not connect to host +buildingclouds.at: could not connect to host +buildingclouds.ch: could not connect to host +buildingclouds.de: did not receive HSTS header +buildingclouds.es: could not connect to host +buildingclouds.eu: could not connect to host +buildingclouds.fr: could not connect to host +buildsaver.co.za: did not receive HSTS header +builmaker.com: did not receive HSTS header +built.by: did not receive HSTS header +bukatv.cz: could not connect to host +bulgarien.guide: could not connect to host +bulkbuy.tech: could not connect to host +bullbits.com: max-age too low: 0 +bulletbabu.com: could not connect to host +bulletpoint.cz: could not connect to host +bullterrier.me: could not connect to host +bulmafox.com: could not connect to host +bumarkamoda.com: did not receive HSTS header +bunaken.asia: did not receive HSTS header +bunbomenu.de: could not connect to host +bunsenlabs.org: max-age too low: 2592000 +bupu.ml: did not receive HSTS header +bureaubolster.nl: did not receive HSTS header +bureaugravity.com: did not receive HSTS header +burian-server.cz: could not connect to host +burlesquemakeup.com: did not receive HSTS header +burningcrash.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +burpsuite.site: could not connect to host +burrow.ovh: could not connect to host +burrowingsec.com: could not connect to host +burtrum.top: could not connect to host +buryat-mongol.cf: could not connect to host +bush41.org: did not receive HSTS header +business.lookout.com: could not connect to host +business.medbank.com.mt: did not receive HSTS header +businessfurs.info: could not connect to host +businesshosting.nl: did not receive HSTS header +businesshub.cz: could not connect to host +businessloanconnection.org: did not receive HSTS header +businessmodeler.se: could not connect to host +busold.ws: could not connect to host +bustimes.org.uk: did not receive HSTS header +butchersworkshop.com: did not receive HSTS header +butian518.com: did not receive HSTS header +buttercoin.com: could not connect to host +butterfieldstraining.com: did not receive HSTS header +buvinghausen.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +buybaby.eu: did not receive HSTS header +buyfox.de: did not receive HSTS header +buyingsellingflorida.com: could not connect to host +buynowdepot.com: did not receive HSTS header +buyshoe.org: could not connect to host +buzzconcert.com: could not connect to host +buzztelco.com.au: did not receive HSTS header +bvexplained.co.uk: could not connect to host +bw81.xyz: could not connect to host +bwear4all.de: could not connect to host +by1898.com: could not connect to host +by4cqb.cn: could not connect to host +bydisk.com: could not connect to host +byji.com: could not connect to host +bynet.cz: could not connect to host +bynumlaw.net: did not receive HSTS header +bypass.kr: could not connect to host +bypassed.bid: could not connect to host +bypassed.cc: could not connect to host +bypassed.club: could not connect to host +bypassed.date: could not connect to host +bypassed.download: could not connect to host +bypassed.faith: could not connect to host +bypassed.host: could not connect to host +bypassed.me: could not connect to host +bypassed.online: could not connect to host +bypassed.org: did not receive HSTS header +bypassed.party: could not connect to host +bypassed.press: could not connect to host +bypassed.pw: could not connect to host +bypassed.rocks: did not receive HSTS header +bypassed.site: could not connect to host +bypassed.st: did not receive HSTS header +bypassed.today: could not connect to host +bypassed.works: could not connect to host +bypassed.world: could not connect to host +bypro.xyz: could not connect to host +bysymphony.com: max-age too low: 0 +byte.chat: did not receive HSTS header +byte.wtf: did not receive HSTS header +bytepark.de: did not receive HSTS header +bytesatwork.eu: could not connect to host +byteshift.ca: could not connect to host +bytesund.biz: could not connect to host +byurudraw.pics: could not connect to host +c-rickroll-v.pw: could not connect to host +c0rn3j.com: did not receive HSTS header +c16t.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +c1yd3i.me: could not connect to host +c2lab.net: did not receive HSTS header +c3-compose.com: could not connect to host +c3b.info: could not connect to host +cabsites.com: could not connect to host +cabusar.fr: did not receive HSTS header +caconnect.org: could not connect to host +cadao.me: did not receive HSTS header +caesreon.com: could not connect to host +cafe-murr.de: could not connect to host +cafe-scientifique.org.ec: could not connect to host +cafe-service.ru: did not receive HSTS header +cafesg.net: could not connect to host +caim.cz: did not receive HSTS header +caipai.fm: could not connect to host +cajapopcorn.com: did not receive HSTS header +cake.care: could not connect to host +calcularpagerank.com.br: could not connect to host +calculatoaresecondhand.xyz: could not connect to host +calgaryconstructionjobs.com: did not receive HSTS header +calix.com: max-age too low: 0 +callabs.net: could not connect to host +callsigns.ca: could not connect to host +calltrackingreports.com: could not connect to host +calomel.org: max-age too low: 2764800 +caltonnutrition.com: did not receive HSTS header +calvin.me: max-age too low: 2592000 +calvinallen.net: did not receive HSTS header +calypsogames.net: did not receive HSTS header +camashop.de: did not receive HSTS header +cambridgeanalytica.net: could not connect to host +cambridgeanalytica.org: did not receive HSTS header +camda.online: could not connect to host +camelservers.com: did not receive HSTS header +camisadotorcedor.com.br: could not connect to host +camjackson.net: did not receive HSTS header +cammarkets.com: could not connect to host +camolist.com: could not connect to host +campaignelves.com: did not receive HSTS header +campbellsoftware.co.uk: could not connect to host +campfire.co.il: did not receive HSTS header +campingcarlovers.com: could not connect to host +campusdrugprevention.gov: did not receive HSTS header +camsanalytics.com: could not connect to host +canadabread.com: max-age too low: 86400 +canadiangamblingchoice.com: did not receive HSTS header +cancelmyprofile.com: could not connect to host +cancreate.nl: did not receive HSTS header +candicontrols.com: did not receive HSTS header +candratech.com: could not connect to host +candygirl.shop: could not connect to host +canyonshoa.com: did not receive HSTS header +capecycles.co.za: did not receive HSTS header +capeyorkfire.com.au: did not receive HSTS header +capogna.com: did not receive HSTS header +caps.is: could not connect to host +capsogusto.com: did not receive HSTS header +captchatheprize.com: could not connect to host +captianseb.de: could not connect to host +captivatedbytabrett.com: could not connect to host +capturethepen.co.uk: could not connect to host +car-navi.ph: did not receive HSTS header +carano-service.de: did not receive HSTS header +caraudio69.cz: could not connect to host +carboneselectricosnettosl.info: max-age too low: 0 +card-toka.jp: did not receive HSTS header +cardloan-manual.net: could not connect to host +cardoni.net: did not receive HSTS header +cardse.net: could not connect to host +cardstream.com: did not receive HSTS header +cardurl.com: did not receive HSTS header +careerstuds.com: could not connect to host +caringladies.org: could not connect to host +carlo.mx: did not receive HSTS header +carlolly.co.uk: could not connect to host +carlosalves.info: did not receive HSTS header +carloshmm.stream: could not connect to host +carlovanwyk.com: could not connect to host +carpliyz.com: could not connect to host +carroarmato0.be: did not receive HSTS header +carsforbackpackers.com: could not connect to host +carstenfeuls.de: did not receive HSTS header +cartesunicef.be: did not receive HSTS header +cartoonhd.cc: did not receive HSTS header +carwashvapeur.be: could not connect to host +casashopp.com.br: could not connect to host +casc.cz: did not receive HSTS header +casedi.org: max-age too low: 0 +casefall.com: could not connect to host +cash-pos.com: could not connect to host +cashmyphone.ch: could not connect to host +casino-cashflow.ru: did not receive HSTS header +casinoreal.com: could not connect to host +casinostest.com: could not connect to host +casioshop.eu: did not receive HSTS header +casovi.cf: could not connect to host +castagnonavocats.com: did not receive HSTS header +cata.ga: could not connect to host +catalin.pw: could not connect to host +catarsisvr.com: could not connect to host +catinmay.com: did not receive HSTS header +catnapstudios.com: could not connect to host +catsmagic.pp.ua: could not connect to host +caughtredhanded.co.nz: could not connect to host +cavaleria.ro: did not receive HSTS header +caveclan.org: did not receive HSTS header +cavedevs.de: could not connect to host +cavedroid.xyz: could not connect to host +cavern.tv: did not receive HSTS header +cayafashion.de: did not receive HSTS header +cbengineeringinc.com: could not connect to host +cbhq.net: could not connect to host +ccblog.de: did not receive HSTS header +ccretreatandfarm.com: did not receive HSTS header +ccsys.com: could not connect to host +cctech.ph: could not connect to host +cctld.com: could not connect to host +cd0.us: could not connect to host +cdcpartners.gov: could not connect to host +cdeck.net: could not connect to host +cdnb.co: could not connect to host +cdndepo.com: could not connect to host +cdnk39.com: could not connect to host +cdreporting.co.uk: did not receive HSTS header +cdt.org: did not receive HSTS header +ce-agentur.de: did not receive HSTS header +cee.io: could not connect to host +cegfw.com: could not connect to host +celebphotos.blog: did not receive HSTS header +celeirorural.com.br: did not receive HSTS header +celina-reads.de: did not receive HSTS header +cellsites.nz: could not connect to host +celuliteonline.com: could not connect to host +cencalvia.org: could not connect to host +centennialrewards.com: did not receive HSTS header +centos.pub: could not connect to host +centrallead.net: could not connect to host +centralpoint.be: did not receive HSTS header +centralpoint.nl: did not receive HSTS header +centralvacsunlimited.net: did not receive HSTS header +centralync.com: could not connect to host +centrepoint-community.com: could not connect to host +centsforchange.net: could not connect to host +ceresia.ch: could not connect to host +ceritamalam.net: could not connect to host +cerize.love: could not connect to host +cernega.ro: did not receive HSTS header +cert.se: max-age too low: 2628001 +certifi.io: could not connect to host +certmgr.org: could not connect to host +cesal.net: could not connect to host +cesidianroot.eu: could not connect to host +cevrimici.com: could not connect to host +cfcnexus.org: could not connect to host +cfcproperties.com: did not receive HSTS header +cfetengineering.com: could not connect to host +cfoitplaybook.com: could not connect to host +cganx.org: could not connect to host +cgerstner.eu: did not receive HSTS header +cgsshelper.tk: could not connect to host +cgtx.us: could not connect to host +chadklass.com: could not connect to host +chahub.com: could not connect to host +chainmonitor.com: could not connect to host +challengeskins.com: could not connect to host +champ.dog: did not receive HSTS header +championnat-romand-cuisiniers-amateurs.ch: could not connect to host +championsofregnum.com: did not receive HSTS header +champserver.net: could not connect to host +chandlerredding.com: did not receive HSTS header +changelab.cc: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +changetip.com: did not receive HSTS header +channellife.asia: could not connect to host +chanshiyu.com: did not receive HSTS header +chaos.fail: could not connect to host +chaoswebs.net: did not receive HSTS header +chaouby.com: could not connect to host +charbonnel.eu: could not connect to host +chargejuice.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +charityclear.com: did not receive HSTS header +charitystreet.co.uk: could not connect to host +charlenevondell.com: could not connect to host +charliemcneive.com: did not receive HSTS header +charlipopkids.com.au: could not connect to host +charnleyhouse.co.uk: did not receive HSTS header +charonsecurity.com: could not connect to host +charp.eu: could not connect to host +chartstoffarm.de: max-age too low: 10 +chaska.co.za: did not receive HSTS header +chat-porc.eu: did not receive HSTS header +chatbot.me: did not receive HSTS header +chateauconstellation.ch: did not receive HSTS header +chatup.cf: could not connect to host +chaulootz.com: did not receive HSTS header +chcemvediet.sk: max-age too low: 1555200 +cheapdns.org: could not connect to host +cheapwritingservice.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +cheatturnitin.com: did not receive HSTS header +cheazey.net: did not receive HSTS header +chebedara.com: could not connect to host +checkout.google.com: did not receive HSTS header (error ignored - included regardless) +cheerflow.com: could not connect to host +cheesefusion.com: could not connect to host +cheesetart.my: could not connect to host +cheetah85.de: could not connect to host +chefgalles.com.br: could not connect to host +chejianer.cn: could not connect to host +chelema.xyz: could not connect to host +chenfengyi.com: could not connect to host +chensir.net: could not connect to host +chepaofen.com: did not receive HSTS header +cherekerry.com: could not connect to host +cherysunzhang.com: did not receive HSTS header +chesterbrass.uk: did not receive HSTS header +chiamata-aiuto.ch: could not connect to host +chib.chat: could not connect to host +chihiro.xyz: did not receive HSTS header +chijiokeindustries.co.uk: could not connect to host +childcaresolutionscny.org: did not receive HSTS header +childrendeservebetter.org: could not connect to host +china-line.org: could not connect to host +chinternet.xyz: could not connect to host +chiphell.com: did not receive HSTS header +chirgui.eu: could not connect to host +chiropracticwpb.com: could not connect to host +chloe.re: could not connect to host +chlouis.net: could not connect to host +chm.vn: did not receive HSTS header +chodobien.com: could not connect to host +choiralberta.ca: could not connect to host +chontalpa.pw: could not connect to host +chordso.com: could not connect to host +choruscrowd.com: could not connect to host +chotu.net: could not connect to host +chris-web.info: could not connect to host +chrisandsarahinasia.com: did not receive HSTS header +chrisbrakebill.com: could not connect to host +chrisbrown.id.au: could not connect to host +chrisfaber.com: could not connect to host +chriskirchner.de: did not receive HSTS header +chriskyrouac.com: could not connect to host +chrisopperwall.com: did not receive HSTS header +chrisself.xyz: did not receive HSTS header +christiaandruif.nl: could not connect to host +christianbro.gq: could not connect to host +christianhoffmann.info: could not connect to host +christina-quast.de: did not receive HSTS header +christophercolumbusfoundation.gov: could not connect to host +christophersole.com: could not connect to host +christophheich.me: did not receive HSTS header +chrisupjohn.com: could not connect to host +chrisvicmall.com: did not receive HSTS header +chromaryu.net: could not connect to host +chrome: could not connect to host +chrome-devtools-frontend.appspot.com: did not receive HSTS header (error ignored - included regardless) +chrome.google.com: did not receive HSTS header (error ignored - included regardless) +chrst.ph: could not connect to host +chs.us: did not receive HSTS header +chua.cf: could not connect to host +chuckame.fr: did not receive HSTS header +chulado.com: did not receive HSTS header +churchux.co: did not receive HSTS header +churrasqueirafacil.com.br: could not connect to host +chziyue.com: could not connect to host +ci-labo.com.tw: max-age too low: 7889238 +cidr.ml: could not connect to host +cienbeaute-lidl.fr: did not receive HSTS header +cigarblogs.net: could not connect to host +cigi.site: could not connect to host +ciicutini.ro: did not receive HSTS header +cim2b.de: could not connect to host +cimalando.eu: could not connect to host +cinartelorgu.com: did not receive HSTS header +cintdirect.com: could not connect to host +cioconference.co.nz: could not connect to host +cipher.land: could not connect to host +ciplanutrition.com: did not receive HSTS header +circ-logic.com: did not receive HSTS header +ciscohomeanalytics.com: could not connect to host +ciscommerce.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +citiagent.cz: could not connect to host +citimarinestore.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +cityoflaurel.org: did not receive HSTS header +citywalkr.com: could not connect to host +cium.ru: could not connect to host +cjcaron.org: could not connect to host +cjr.host: could not connect to host +cjtkfan.club: could not connect to host +claimit.ml: could not connect to host +clan-ww.com: did not receive HSTS header +clara-baumert.de: could not connect to host +claralabs.com: did not receive HSTS header +clarity-c2ced.appspot.com: did not receive HSTS header +classicday.nl: could not connect to host +classicsandexotics.com: could not connect to host +classicshop.ua: did not receive HSTS header +classicspublishing.com: could not connect to host +classifiedssa.co.za: could not connect to host +clcleaningco.com: could not connect to host +cleanexperts.co.uk: could not connect to host +cleaningsquad.ca: could not connect to host +cleanmta.com: could not connect to host +clearc.tk: could not connect to host +clearchatsandbox.com: could not connect to host +clearsky.me: did not receive HSTS header +clearviewwealthprojector.com.au: could not connect to host +clerkendweller.uk: did not receive HSTS header +clickandgo.com: did not receive HSTS header +clickandshoot.nl: did not receive HSTS header +clickclickphish.com: did not receive HSTS header +clickgram.biz: could not connect to host +clicn.bio: could not connect to host +clicnbio.com: did not receive HSTS header +cliftons.com: did not receive HSTS header +clinicaferrusbratos.com: did not receive HSTS header +clintonbloodworth.com: could not connect to host +clintonbloodworth.io: could not connect to host +clintwilson.technology: max-age too low: 2592000 +clip.ovh: did not receive HSTS header +clipped4u.com: could not connect to host +closient.com: did not receive HSTS header +cloud-crowd.com.au: did not receive HSTS header +cloud-project.com: could not connect to host +cloud.wtf: could not connect to host +cloud42.ch: did not receive HSTS header +cloudapi.vc: could not connect to host +cloudbasedsite.com: did not receive HSTS header +cloudbleed.info: could not connect to host +cloudcert.org: did not receive HSTS header +cloudcy.net: could not connect to host +clouddesktop.co.nz: could not connect to host +cloudey.net: did not receive HSTS header +cloudfren.com: did not receive HSTS header +cloudimag.es: could not connect to host +cloudimproved.com: could not connect to host +cloudimprovedtest.com: could not connect to host +cloudlink.club: could not connect to host +cloudns.com.au: could not connect to host +cloudopt.net: did not receive HSTS header +clouds.webcam: could not connect to host +cloudspotterapp.com: did not receive HSTS header +cloudstoragemaus.com: could not connect to host +cloudstorm.me: could not connect to host +cloudstrike.co: could not connect to host +cloudwalk.io: did not receive HSTS header +clounix.online: could not connect to host +clovissantos.com: did not receive HSTS header +clowde.in: could not connect to host +clownaroundbouncycastles.co.uk: did not receive HSTS header +clownish.co.il: could not connect to host +club-adulti.ro: did not receive HSTS header +clubalfa.it: did not receive HSTS header +clubmix.co.kr: could not connect to host +cluster.id: did not receive HSTS header +clvrwebdesign.com: did not receive HSTS header +clycat.ru: could not connect to host +clywedogmaths.co.uk: could not connect to host +cmc-versand.de: did not receive HSTS header +cmci.dk: did not receive HSTS header +cms-weble.jp: could not connect to host +cmsbattle.com: could not connect to host +cmscafe.ru: did not receive HSTS header +cmso-cal.com: could not connect to host +cncn.us: did not receive HSTS header +cnlic.com: could not connect to host +cnwage.com: could not connect to host +cnwarn.com: could not connect to host +co-driversphoto.se: could not connect to host +co-yutaka.com: could not connect to host +coach-sportif.paris: did not receive HSTS header +cobaltlp.com: could not connect to host +cobrax.net: could not connect to host +coccolebenessere.it: could not connect to host +cocktailfuture.fr: could not connect to host +cocolovesdaddy.com: could not connect to host +codabix.com: did not receive HSTS header +codabix.de: could not connect to host +codabix.net: could not connect to host +code-35.com: could not connect to host +code-digsite.com: could not connect to host +code-judge.tk: did not receive HSTS header +code.google.com: did not receive HSTS header (error ignored - included regardless) +codealkemy.co: max-age too low: 43200 +codeco.pw: could not connect to host +codecontrollers.de: could not connect to host +codeforce.io: could not connect to host +codeforhakodate.org: did not receive HSTS header +codejunkie.de: did not receive HSTS header +codelayer.ca: could not connect to host +codelitmus.com: did not receive HSTS header +codelove.de: did not receive HSTS header +codemonkeyrawks.net: could not connect to host +codenlife.xyz: could not connect to host +codepoet.de: did not receive HSTS header +codepx.com: did not receive HSTS header +codercross.com: could not connect to host +codes.pk: did not receive HSTS header +codewiththepros.org: could not connect to host +codewiz.xyz: could not connect to host +codigosddd.com.br: did not receive HSTS header +coffeeetc.co.uk: max-age too low: 7889238 +coffeestrategies.com: max-age too low: 5184000 +cogniflex.com: did not receive HSTS header +cogumelosmagicos.org: could not connect to host +cohesive.io: did not receive HSTS header +coin.dance: did not receive HSTS header +coinbit.trade: did not receive HSTS header +coindam.com: could not connect to host +colasjourdain.fr: did not receive HSTS header +coldlostsick.net: could not connect to host +colearnr.com: could not connect to host +collabra.email: did not receive HSTS header +collard.tk: did not receive HSTS header +collectosaurus.com: did not receive HSTS header +colleencornez.com: could not connect to host +collegepulse.org: could not connect to host +collies.eu: max-age too low: 3 +collins.kg: could not connect to host +collins.press: did not receive HSTS header +collinsartworks.com: did not receive HSTS header +collision.fyi: could not connect to host +colmexpro.com: did not receive HSTS header +colognegaming.net: could not connect to host +coloradocomputernetworking.net: could not connect to host +colorlib.com: did not receive HSTS header +colorunhas.com.br: could not connect to host +comalia.com: could not connect to host +combatshield.cz: could not connect to host +comeoncolleen.com: did not receive HSTS header +comfortdom.ua: did not receive HSTS header +comfortticket.de: did not receive HSTS header +comfy.cafe: did not receive HSTS header +comfy.moe: did not receive HSTS header +comico.info: did not receive HSTS header +comicspines.com: could not connect to host +comitesaustria.at: could not connect to host +comiteshopping.com: could not connect to host +commerciallocker.com: did not receive HSTS header +commercialplanet.eu: could not connect to host +commune-preuilly.fr: did not receive HSTS header +comocurarlashemorroides.org: could not connect to host +comocurarlashemorroidesya.com: did not receive HSTS header +comotalk.com: could not connect to host +compalytics.com: could not connect to host +comparamejor.com: did not receive HSTS header +compareandrecycle.co.uk: did not receive HSTS header +comparejewelleryprices.co.uk: could not connect to host +comparetravelinsurance.com.au: did not receive HSTS header +compassionate-biology.com: could not connect to host +compiledworks.com: could not connect to host +completesportperformance.com: did not receive HSTS header +completionist.audio: could not connect to host +complt.xyz: could not connect to host +complymd.com: did not receive HSTS header +comprehensiveihc.com: could not connect to host +compsmag.com: did not receive HSTS header +compucorner.com.mx: could not connect to host +computertal.de: could not connect to host +comyuno.com: did not receive HSTS header +concentrade.de: did not receive HSTS header +conception.sk: could not connect to host +concord-group.co.jp: did not receive HSTS header +confirm365.com: could not connect to host +conflux.tw: did not receive HSTS header +conformal.com: could not connect to host +confucio.cl: did not receive HSTS header +congz.me: could not connect to host +conjugacao.com.br: did not receive HSTS header +connect.ua: could not connect to host +connected-verhuurservice.nl: did not receive HSTS header +connectfss.com: could not connect to host +connectingconcepts.com: did not receive HSTS header +conniesacademy.com: could not connect to host +conrad.am: could not connect to host +consciousandglamorous.com: could not connect to host +consciousbrand.org.au: could not connect to host +consciousbranding.org.au: could not connect to host +consciousbrands.net.au: could not connect to host +console.python.org: did not receive HSTS header +console.support: did not receive HSTS header +construct-trust.com: could not connect to host +consultcelerity.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +contactbig.com: did not receive HSTS header +contactsingapore.sg: did not receive HSTS header +contaimo.com: did not receive HSTS header +container-lion.com: did not receive HSTS header +containerstatistics.com: could not connect to host +contarkos.xyz: could not connect to host +content-design.de: did not receive HSTS header +continuumgaming.com: could not connect to host +controlcenter.gigahost.dk: did not receive HSTS header +controleer-maar-een-ander.nl: did not receive HSTS header +convert.zone: did not receive HSTS header +cooink.net: could not connect to host +coolaj86.com: did not receive HSTS header +coolbutbroken.com: did not receive HSTS header +coolchevy.org.ua: did not receive HSTS header +coole-meister.de: could not connect to host +coolrc.me: could not connect to host +coolvox.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +cooxa.com: did not receive HSTS header +copshop.com.br: could not connect to host +cor-ser.es: could not connect to host +coralproject.net: did not receive HSTS header +coralrosado.com.br: did not receive HSTS header +coramcdaniel.com: did not receive HSTS header +corderoscleaning.com: did not receive HSTS header +cordial-restaurant.com: did not receive HSTS header +core.mx: could not connect to host +core4system.de: could not connect to host +corecdn.org: could not connect to host +corenetworking.de: could not connect to host +corex.io: did not receive HSTS header +corgicloud.com: could not connect to host +corinnanese.de: could not connect to host +corkyoga.site: could not connect to host +cormactagging.ie: could not connect to host +cormilu.com.br: did not receive HSTS header +cornishcamels.com: did not receive HSTS header +coroasdefloresonline.com.br: could not connect to host +corozanu.ro: did not receive HSTS header +corpoatletico.com.br: could not connect to host +corporateencryption.com: could not connect to host +corporatesubscriptions.com.au: did not receive HSTS header +correct.horse: could not connect to host +correctpaardbatterijnietje.nl: did not receive HSTS header +corruption-mc.net: could not connect to host +corruption-rsps.net: could not connect to host +corruption-server.net: could not connect to host +cosmeticosdelivery.com.br: could not connect to host +cosplayer.com: could not connect to host +costow.club: could not connect to host +coughlan.de: did not receive HSTS header +count.sh: could not connect to host +couponcodeq.com: could not connect to host +couragewhispers.ca: could not connect to host +coursdeprogrammation.com: could not connect to host +coursella.com: did not receive HSTS header +covenantbank.net: could not connect to host +coverdat.com: did not receive HSTS header +coverduck.ru: could not connect to host +cpaneltips.com: could not connect to host +cpuvinf.eu.org: could not connect to host +cracking.org: did not receive HSTS header +crackingking.com: did not receive HSTS header +crackpfer.de: could not connect to host +crackslut.eu: could not connect to host +craftbeerbarn.co.uk: could not connect to host +craftedge.xyz: could not connect to host +craftmain.eu: could not connect to host +cranems.com.ua: did not receive HSTS header +cranioschule.com: did not receive HSTS header +crate.io: did not receive HSTS header +cravelyrics.com: could not connect to host +crazifyngers.com: could not connect to host +crazy-crawler.de: did not receive HSTS header +crazycen.com: did not receive HSTS header +crazycraftland.de: could not connect to host +crazycraftland.net: did not receive HSTS header +crazyhotseeds.com: did not receive HSTS header +crazyker.com: did not receive HSTS header +crbug.com: did not receive HSTS header (error ignored - included regardless) +creaescola.com: did not receive HSTS header +create-test-publish.co.uk: could not connect to host +creative-wave.fr: could not connect to host +creativeapple.ltd: did not receive HSTS header +creativeartifice.com: did not receive HSTS header +creativecommonscatpictures.com: could not connect to host +creativephysics.ml: could not connect to host +creativeplayuk.com: did not receive HSTS header +crecket.me: could not connect to host +creditclear.com.au: did not receive HSTS header +crendontech.com: could not connect to host +crestoncottage.com: could not connect to host +crimewatch.net.za: could not connect to host +crisissurvivalspecialists.com: could not connect to host +cristiandeluxe.com: did not receive HSTS header +cristianhares.com: could not connect to host +criticalaim.com: could not connect to host +crizk.com: could not connect to host +crmdemo.website: did not receive HSTS header +crockett.io: did not receive HSTS header +croco.vision: did not receive HSTS header +croome.no-ip.org: could not connect to host +crosbug.com: did not receive HSTS header (error ignored - included regardless) +crosssec.com: did not receive HSTS header +crowd.supply: did not receive HSTS header +crowdcloud.be: could not connect to host +crowdcurity.com: did not receive HSTS header +crowdjuris.com: could not connect to host +crownruler.com: did not receive HSTS header +crows.io: max-age too low: 60 +crox.co: could not connect to host +crrev.com: did not receive HSTS header (error ignored - included regardless) +crtvmgmt.com: could not connect to host +crudysql.com: could not connect to host +crufad.org: did not receive HSTS header +cruikshank.com.au: could not connect to host +cruzr.xyz: could not connect to host +crypt.guru: did not receive HSTS header +crypticshell.co.uk: could not connect to host +cryptify.eu: could not connect to host +cryptobin.org: could not connect to host +cryptodash.net: could not connect to host +cryptojar.io: did not receive HSTS header +cryptolab.pro: could not connect to host +cryptolab.tk: could not connect to host +cryptopartyatx.org: could not connect to host +cryptopartynewcastle.org: could not connect to host +cryptopush.com: did not receive HSTS header +crysadm.com: could not connect to host +crystalclassics.co.uk: did not receive HSTS header +crystalmate.eu: did not receive HSTS header +cs-ubladego.pl: could not connect to host +csapak.com: did not receive HSTS header +csawctf.poly.edu: could not connect to host +cselzer.com: could not connect to host +csfs.org.uk: could not connect to host +csgf.ru: did not receive HSTS header +csgo77.com: could not connect to host +csgodicegame.com: did not receive HSTS header +csgoelemental.com: did not receive HSTS header +csgokings.eu: could not connect to host +csgoshifter.com: could not connect to host +csinfo.us: could not connect to host +csohack.tk: could not connect to host +cspbuilder.info: could not connect to host +cspeti.hu: could not connect to host +cssps.org: could not connect to host +cssu.in: did not receive HSTS header +csuw.net: could not connect to host +csvalpha.nl: did not receive HSTS header +csvape.com: did not receive HSTS header +ct-status.org: could not connect to host +ct-watches.dk: did not receive HSTS header +cthulhuden.com: could not connect to host +ctj.im: could not connect to host +ctrl.blog: did not receive HSTS header +cu247secure.ie: did not receive HSTS header +cuanhua3s.com: did not receive HSTS header +cubecart-demo.co.uk: did not receive HSTS header +cubecart-hosting.co.uk: did not receive HSTS header +cubecart.net: did not receive HSTS header +cubeserver.eu: could not connect to host +cubewano.com: could not connect to host +cucc.date: did not receive HSTS header +cuecamania.com.br: did not receive HSTS header +cujanovic.com: did not receive HSTS header +cujba.com: could not connect to host +culinae.nl: could not connect to host +cumshots-video.ru: could not connect to host +cunha.be: could not connect to host +cuntflaps.me: could not connect to host +cuongquach.com: did not receive HSTS header +cuonic.com: could not connect to host +curacao-license.com: could not connect to host +curlyroots.com: did not receive HSTS header +currentobserver.com: could not connect to host +curroapp.com: could not connect to host +curveweb.co.uk: did not receive HSTS header +cusfit.com: did not receive HSTS header +custe.rs: could not connect to host +customadesign.com: did not receive HSTS header +customfilmworks.com: could not connect to host +cutorrent.com: could not connect to host +cuvva.insure: did not receive HSTS header +cvjm-memmingen.de: did not receive HSTS header +cvtparking.co.uk: did not receive HSTS header +cwage.com: could not connect to host +cyanogenmod.xxx: could not connect to host +cyber-computer.club: could not connect to host +cybercecurity.com: did not receive HSTS header +cyberfrancais.ro: did not receive HSTS header +cyberlab.kiev.ua: did not receive HSTS header +cyberlab.team: did not receive HSTS header +cyberpeace.nl: could not connect to host +cyberpunk.ca: could not connect to host +cybersafesolutions.com: did not receive HSTS header +cybershambles.com: could not connect to host +cybersmart.co.uk: did not receive HSTS header +cyberstatus.de: could not connect to host +cycleluxembourg.lu: did not receive HSTS header +cyclingjunkies.com: could not connect to host +cydia-search.io: could not connect to host +cymtech.net: did not receive HSTS header +cynoshair.com: could not connect to host +cyoda.com: did not receive HSTS header +cypherpunk.ws: could not connect to host +cyphertite.com: could not connect to host +cytadel.fr: did not receive HSTS header +cyyzaid.cn: could not connect to host +czlx.co: could not connect to host +d-rickroll-e.pw: could not connect to host +d1ves.io: did not receive HSTS header +d4rkdeagle.tk: could not connect to host +d8studio.net: could not connect to host +dabbot.org: did not receive HSTS header +dad256.tk: could not connect to host +dadtheimpaler.com: could not connect to host +dah5.com: did not receive HSTS header +dahl-pind.dk: did not receive HSTS header +dai-rin.co.jp: could not connect to host +dailybits.be: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +dailystormerpodcasts.com: could not connect to host +daimadi.com: could not connect to host +daisuki.pw: did not receive HSTS header +dakerealestate.com: did not receive HSTS header +dakl-shop.de: did not receive HSTS header +dakrib.net: could not connect to host +daku.gdn: could not connect to host +dalingk.co: could not connect to host +daltonedwards.me: could not connect to host +dam74.com.ar: could not connect to host +damianuv-blog.cz: did not receive HSTS header +danbarrett.com.au: did not receive HSTS header +dancerdates.net: could not connect to host +dane-bre.net: did not receive HSTS header +daniel-mosquera.com: could not connect to host +daniel-stahl.net: could not connect to host +daniel-steuer.de: could not connect to host +danielcowie.me: could not connect to host +danieldk.eu: did not receive HSTS header +danielheal.net: could not connect to host +danieliancu.com: could not connect to host +danielthompson.info: could not connect to host +danielworthy.com: did not receive HSTS header +danijobs.com: could not connect to host +danishenanigans.com: could not connect to host +dankeblog.com: could not connect to host +danmark.guide: could not connect to host +dannycrichton.com: did not receive HSTS header +danpiel.net: could not connect to host +danrl.de: could not connect to host +danwillenberg.com: did not receive HSTS header +daolerp.xyz: could not connect to host +dargasia.is: could not connect to host +dario.im: could not connect to host +dariosirangelo.me: did not receive HSTS header +dark-x.cf: could not connect to host +darkag.ovh: could not connect to host +darkanzali.pl: max-age too low: 0 +darkfriday.ddns.net: could not connect to host +darkhole.cn: did not receive HSTS header +darkkeepers.dk: max-age too low: 172800 +darknebula.space: could not connect to host +darkpony.ru: could not connect to host +darksideof.it: could not connect to host +darkstance.org: could not connect to host +darktree.in: could not connect to host +darlo.co.uk: could not connect to host +darrenellis.xyz: did not receive HSTS header +dash-board.jp: did not receive HSTS header +dash.rocks: did not receive HSTS header +dashburst.com: did not receive HSTS header +dashnimorad.com: did not receive HSTS header +data-abundance.com: could not connect to host +data-detox.com: could not connect to host +data.haus: could not connect to host +data.qld.gov.au: did not receive HSTS header +datacool.tk: could not connect to host +datarank.com: max-age too low: 0 +dataretention.solutions: could not connect to host +datascience.cafe: did not receive HSTS header +datasnitch.co.uk: could not connect to host +datatekniikka.com: could not connect to host +datedeposit.com: could not connect to host +datengrab.ws: could not connect to host +datenkeks.de: did not receive HSTS header +datenreiter.cf: did not receive HSTS header +datenreiter.gq: did not receive HSTS header +datenreiter.ml: did not receive HSTS header +datenreiter.tk: did not receive HSTS header +datorb.com: could not connect to host +datortipsen.se: did not receive HSTS header +davidandkailey.com: could not connect to host +davidglidden.eu: did not receive HSTS header +davidgrudl.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +davidhunter.scot: did not receive HSTS header +davidnoren.com: did not receive HSTS header +davidreinhardt.de: could not connect to host +davidscherzer.at: could not connect to host +davros.eu: could not connect to host +davros.ru: could not connect to host +dawnson.is: could not connect to host +dawnsonb.com: could not connect to host +day.vip: did not receive HSTS header +daylightcompany.com: did not receive HSTS header +days.one: could not connect to host +daytonaseaside.com: did not receive HSTS header +db.gy: could not connect to host +dbcom.ru: could not connect to host +dbox.ga: could not connect to host +dbx.ovh: could not connect to host +dcaracing.nl: could not connect to host +dcc.moe: could not connect to host +dccode.gov: could not connect to host +dccoffeeproducts.com: did not receive HSTS header +dccraft.net: could not connect to host +dcl.re: did not receive HSTS header +dcpower.eu: max-age too low: 600 +dctxf.com: did not receive HSTS header +dcuofriends.net: could not connect to host +dcurt.is: did not receive HSTS header +dcw.io: did not receive HSTS header +ddatsh.com: could not connect to host +dden.website: could not connect to host +dden.xyz: could not connect to host +ddepot.us: did not receive HSTS header +de-gucci.com: could not connect to host +de-servers.de: could not connect to host +deadsoul.net: max-age too low: 0 +debank.tv: did not receive HSTS header +debatch.se: could not connect to host +debian-vhost.de: could not connect to host +debiton.dk: could not connect to host +debtkit.co.uk: did not receive HSTS header +debtprotectionreporting.com: did not receive HSTS header +decafu.co: could not connect to host +decesus.com: could not connect to host +decibelios.li: could not connect to host +decloverly.com: did not receive HSTS header +deco.me: could not connect to host +decoboutique.com: did not receive HSTS header +decofire.pl: did not receive HSTS header +deconsolutions.com: did not receive HSTS header +decorland.com.ua: did not receive HSTS header +decoyrouting.com: could not connect to host +dedeo.tk: did not receive HSTS header +dedicatutiempo.es: could not connect to host +dedietrich-asia.com: could not connect to host +deepcovelabs.net: could not connect to host +deepcreampie.com: could not connect to host +deepearth.uk: could not connect to host +deeprecce.com: did not receive HSTS header +deeprecce.link: could not connect to host +deeprecce.tech: could not connect to host +deepspace.dedyn.io: could not connect to host +deepvision.com.ua: did not receive HSTS header +deetz.nl: did not receive HSTS header +deetzen.de: did not receive HSTS header +defiler.tk: could not connect to host +deflumeri.com: did not receive HSTS header +degroetenvanrosaline.nl: did not receive HSTS header +deight.co: could not connect to host +deinserverhost.de: did not receive HSTS header +dekasan.ru: could not connect to host +delayrefunds.co.uk: could not connect to host +deliverance.co.uk: could not connect to host +deloittequant.com: could not connect to host +deltaconcepts.de: did not receive HSTS header +delvj.org: could not connect to host +demdis.org: could not connect to host +demilitarized.ninja: could not connect to host +demo-server.us: could not connect to host +demomanca.com: did not receive HSTS header +demotops.com: could not connect to host +dempsters.ca: max-age too low: 86400 +denh.am: could not connect to host +denisjean.fr: could not connect to host +dentaldomain.org: did not receive HSTS header +dentaldomain.ph: could not connect to host +denvercybersecurity.com: did not receive HSTS header +denverprophit.us: did not receive HSTS header +deped.blog: could not connect to host +depedtayo.com: did not receive HSTS header +depijl-mz.nl: did not receive HSTS header +depixion.agency: could not connect to host +depo.space: could not connect to host +dequehablamos.es: could not connect to host +derbyshiredotnet.co.uk: did not receive HSTS header +derchris.me: could not connect to host +derevtsov.com: did not receive HSTS header +derivativeshub.pro: could not connect to host +dermacarecomplex.com: could not connect to host +derpumpkinfuhrer.com: could not connect to host +derrickemery.com: could not connect to host +derwaldschrat.net: did not receive HSTS header +derwolfe.net: did not receive HSTS header +desiccantpackets.com: did not receive HSTS header +designandmore.it: did not receive HSTS header +designgears.com: did not receive HSTS header +designthinking.or.jp: did not receive HSTS header +despora.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +desserteagleselvenar.tk: could not connect to host +destinationbijoux.fr: could not connect to host +destom.be: could not connect to host +detecte-fuite.ch: could not connect to host +detecte.ch: could not connect to host +detectefuite.ch: could not connect to host +detector.exposed: could not connect to host +detest.org: could not connect to host +detteflies.com: max-age too low: 7889238 +detutorial.com: max-age too low: 36000 +deuxvia.com: could not connect to host +dev: could not connect to host +dev-aegon.azurewebsites.net: did not receive HSTS header +dev-bluep.pantheonsite.io: did not receive HSTS header +dev-talk.eu: could not connect to host +devcu.net: could not connect to host +develop.fitness: could not connect to host +developersclub.website: could not connect to host +developyourelement.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +deviltraxxx.de: could not connect to host +devincrow.me: could not connect to host +devisonline.ch: could not connect to host +devistravaux.org: did not receive HSTS header +devkid.net: could not connect to host +devmsg.com: did not receive HSTS header +devnsec.com: could not connect to host +devnull.team: could not connect to host +devopps.me: did not receive HSTS header +devops.moe: could not connect to host +devopsconnected.com: could not connect to host +devtub.com: did not receive HSTS header +devuan.org: did not receive HSTS header +dewebwerf.nl: did not receive HSTS header +dewin.io: could not connect to host +dfnet.ml: did not receive HSTS header +dfrance.com.br: could not connect to host +dfviana.com.br: max-age too low: 2592000 +dhaynes.xyz: max-age too low: 2592000 +dhl-smart.ch: could not connect to host +dhpcs.com: did not receive HSTS header +dhpiggott.net: did not receive HSTS header +dhub.xyz: could not connect to host +dhuy.net: could not connect to host +diablotine.rocks: could not connect to host +diagnosia.com: did not receive HSTS header +diagonale-deco.fr: did not receive HSTS header +diamondcare.com.br: could not connect to host +dianlujitao.com: did not receive HSTS header +diannaobos.com: did not receive HSTS header +diasp.cz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +dicando.com: could not connect to host +diceduels.com: could not connect to host +dicelab.co.uk: could not connect to host +dicgaming.net: could not connect to host +dicionariofinanceiro.com: did not receive HSTS header +dicionariopopular.com: did not receive HSTS header +dick.red: could not connect to host +didierlaumen.be: could not connect to host +dieb.photo: could not connect to host +diejanssens.net: did not receive HSTS header +diemogebhardt.com: could not connect to host +dierenkruiden.nl: could not connect to host +dieser.me: could not connect to host +diewebstube.de: could not connect to host +diezel.com: could not connect to host +diferenca.com: did not receive HSTS header +diggable.co: did not receive HSTS header +digihyp.ch: could not connect to host +digioccumss.ddns.net: could not connect to host +digired.xyz: could not connect to host +digitalbank.kz: could not connect to host +digitaldaddy.net: could not connect to host +digitalero.rip: did not receive HSTS header +digitalhurricane.io: could not connect to host +digitaljungle.net: could not connect to host +digitallocker.com: did not receive HSTS header +digitalnonplus.com: could not connect to host +digitalquery.com: did not receive HSTS header +digitalriver.tk: did not receive HSTS header +digitalskillswap.com: could not connect to host +diguass.us: could not connect to host +dijks.com: could not connect to host +dikshant.net: did not receive HSTS header +diletec.com.br: did not receive HSTS header +dim.lighting: could not connect to host +dimitrisotiropoulosbooks.com: max-age too low: 7889238 +dimonb.com: could not connect to host +din-tools.com: did not receive HSTS header +dinamoelektrik.com: could not connect to host +dingcc.me: could not connect to host +dingcc.org: could not connect to host +dingcc.xyz: could not connect to host +dinkum.online: could not connect to host +dipconsultants.com: could not connect to host +directhskincream.com: could not connect to host +directorinegocis.cat: could not connect to host +direnv.net: did not receive HSTS header +dirk-weise.de: did not receive HSTS header +dirtycat.ru: could not connect to host +disability.gov: could not connect to host +disadattamentolavorativo.it: could not connect to host +disclosure.io: did not receive HSTS header +disco-crazy-world.de: could not connect to host +discovery.lookout.com: did not receive HSTS header +discoveryballoon.org: could not connect to host +discoveryottawa.ca: could not connect to host +dise-online.de: did not receive HSTS header +disking.co.uk: did not receive HSTS header +dislocated.de: did not receive HSTS header +disorderboutique.com: did not receive HSTS header +disruptivelabs.net: could not connect to host +disruptivelabs.org: could not connect to host +dissimulo.me: could not connect to host +distinctivephotography.com.au: could not connect to host +distractionco.de: did not receive HSTS header +ditch.ch: could not connect to host +ditrutoancau.vn: could not connect to host +dittvertshus.no: could not connect to host +diva-ey.com: could not connect to host +divvymonkey.com: did not receive HSTS header +divvyradio.com: did not receive HSTS header +dixiediner.com: did not receive HSTS header +dixmag.com: could not connect to host +diyvideoeditor.com: did not receive HSTS header +dizihocasi.com: could not connect to host +dizorg.net: could not connect to host +dj4et.de: could not connect to host +djieno.com: did not receive HSTS header +djxmmx.net: did not receive HSTS header +djz4music.com: did not receive HSTS header +dkniss.de: could not connect to host +dl.google.com: did not receive HSTS header (error ignored - included regardless) +dlc.viasinc.com: could not connect to host +dlemper.de: did not receive HSTS header +dlitz.net: could not connect to host +dlouwrink.nl: could not connect to host +dlyl888.com: could not connect to host +dmcibulldog.com: did not receive HSTS header +dmix.ca: could not connect to host +dmtry.me: did not receive HSTS header +dmwall.cn: could not connect to host +dmz.ninja: could not connect to host +dns.google.com: did not receive HSTS header (error ignored - included regardless) +dnsbird.net: could not connect to host +dnscrypt.org: could not connect to host +dnsknowledge.com: did not receive HSTS header +do-do.tk: could not connect to host +doak.io: could not connect to host +dobet.in: could not connect to host +dobrisan.ro: could not connect to host +docid.io: could not connect to host +docket.news: could not connect to host +doclot.io: did not receive HSTS header +docset.io: could not connect to host +docufiel.com: could not connect to host +doculus.io: did not receive HSTS header +docxtemplater.com: did not receive HSTS header +doeswindowssuckforeveryoneorjustme.com: could not connect to host +dogbox.se: could not connect to host +dogcratereview.info: could not connect to host +dogespeed.ga: could not connect to host +dogfi.sh: did not receive HSTS header +doggieholic.net: could not connect to host +dognlife.com: could not connect to host +dogoodbehappyllc.com: did not receive HSTS header +dohosting.ru: could not connect to host +dojifish.space: could not connect to host +dojin.nagoya: did not receive HSTS header +dokan.online: did not receive HSTS header +doked.io: could not connect to host +dolevik.com: could not connect to host +dollarstore24.com: could not connect to host +dollywiki.co.uk: could not connect to host +dolphin-cloud.com: could not connect to host +dolphincorp.co.uk: did not receive HSTS header +dolphinswithlasers.com: could not connect to host +domaine-aigoual-cevennes.com: did not receive HSTS header +domainelaremejeanne.com: did not receive HSTS header +domaris.de: could not connect to host +domengrad.ru: could not connect to host +domenicocatelli.com: did not receive HSTS header +domfee.com: could not connect to host +dominikanskarepubliken.guide: could not connect to host +dominioanimal.com: could not connect to host +dominique-mueller.de: did not receive HSTS header +don.yokohama: could not connect to host +donmez.uk: could not connect to host +donmez.ws: could not connect to host +donttrustrobots.nl: could not connect to host +donzelot.co.uk: did not receive HSTS header +doobydude.us: could not connect to host +doodledraw.ninja: did not receive HSTS header +dooku.cz: could not connect to host +doomleika.com: could not connect to host +doooonoooob.com: could not connect to host +doop.im: could not connect to host +doopdidoop.com: could not connect to host +dopost.it: could not connect to host +doridian.com: could not connect to host +doridian.de: could not connect to host +doridian.net: did not receive HSTS header +doridian.org: could not connect to host +doriginal.es: did not receive HSTS header +dorkfarm.com: did not receive HSTS header +dosenbierrepublik.com: did not receive HSTS header +dostavkakurierom.ru: could not connect to host +dot42.no: could not connect to host +dotadata.me: could not connect to host +dotspaperie.com: could not connect to host +doublethink.online: could not connect to host +doubleyummy.uk: did not receive HSTS header +doujin.nagoya: did not receive HSTS header +dovecotadmin.org: could not connect to host +doveholesband.co.uk: did not receive HSTS header +dovetailnow.com: could not connect to host +download.jitsi.org: did not receive HSTS header +downsouthweddings.com.au: could not connect to host +doxcelerate.com: max-age too low: 69 +doyoulyft.com: could not connect to host +doze-cloud.tech: could not connect to host +dpsg-roden.de: could not connect to host +dr-becarelli-philippe.chirurgiens-dentistes.fr: did not receive HSTS header +dr2dr.ca: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +drach.xyz: did not receive HSTS header +dragonisles.net: could not connect to host +dragons-of-highlands.cz: did not receive HSTS header +dragonsmoke.cloud: could not connect to host +dragonstower.net: could not connect to host +dragonteam.ninja: could not connect to host +drainagebuizen.nl: did not receive HSTS header +drakefortreasurer.sexy: could not connect to host +drakenson.de: did not receive HSTS header +dralexjimenez.com: did not receive HSTS header +drastosasports.com.br: could not connect to host +drawvesly.ovh: did not receive HSTS header +drdevil.ru: could not connect to host +dreadbyte.com: could not connect to host +dreamcatcherblog.de: could not connect to host +dreaming.solutions: could not connect to host +dreamlighteyeserum.com: could not connect to host +dreamsforabetterworld.com.au: did not receive HSTS header +dredgepress.com: did not receive HSTS header +drewgle.net: could not connect to host +drhopeson.com: could not connect to host +driesjtuver.nl: could not connect to host +drinknaturespower.com: could not connect to host +drinkvabeer.com: could not connect to host +drishti.guru: could not connect to host +drivercopilot.com: could not connect to host +driving-lessons.co.uk: could not connect to host +drivinghorror.com: could not connect to host +drixn.cn: could not connect to host +drixn.info: could not connect to host +drixn.net: could not connect to host +drizz.com.br: could not connect to host +drogoz.moe: could not connect to host +droidboss.com: did not receive HSTS header +droncentrum.pl: could not connect to host +dronexpertos.com: could not connect to host +droomhuis-in-brielle-kopen.nl: could not connect to host +droomhuis-in-de-friese-meren-kopen.nl: could not connect to host +droomhuis-in-delfzijl-kopen.nl: could not connect to host +droomhuis-in-friesland-kopen.nl: could not connect to host +droomhuis-in-laren-kopen.nl: could not connect to host +droomhuis-in-pekela-kopen.nl: could not connect to host +droomhuis-in-rijnwaarden-kopen.nl: could not connect to host +droomhuis-in-sudwest-fryslan-kopen.nl: could not connect to host +droomhuis-in-veendam-kopen.nl: could not connect to host +droomhuis-in-zeeland-kopen.nl: could not connect to host +droomhuis-in-zuid-holland-kopen.nl: could not connect to host +droomhuisindestadverkopen.nl: could not connect to host +droomhuisophetplattelandverkopen.nl: could not connect to host +dropcam.com: did not receive HSTS header +drostschocolates.com: did not receive HSTS header +drtroyhendrickson.com: could not connect to host +drtti.io: could not connect to host +drumbandesperanto.nl: did not receive HSTS header +drunkscifi.com: could not connect to host +drupal123.com: could not connect to host +dryan.com: did not receive HSTS header +drycreekapiary.com: could not connect to host +ds-christiansen.de: could not connect to host +dshiv.io: could not connect to host +dtub.co: could not connect to host +dubik.su: did not receive HSTS header +dubrovskiy.net: could not connect to host +dubrovskiy.pro: could not connect to host +duch.cloud: could not connect to host +ducohosting.com: max-age too low: 2592000 +dudesunderwear.com.br: could not connect to host +duelsow.eu: could not connect to host +duelysthub.com: could not connect to host +duerls.de: did not receive HSTS header +dukec.me: did not receive HSTS header +duks.com.br: could not connect to host +dullsir.com: could not connect to host +dune.io: did not receive HSTS header +dunea.nl: did not receive HSTS header +dungi.org: could not connect to host +duo.money: could not connect to host +duole30.com: did not receive HSTS header +duongpho.com: did not receive HSTS header +durangoenergyllc.com: could not connect to host +duskopy.top: could not connect to host +dutchessuganda.com: did not receive HSTS header +dutchrank.com: did not receive HSTS header +dutchwanderers.nl: could not connect to host +duuu.ch: could not connect to host +dwhd.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +dwnld.me: could not connect to host +dycem-ns.com: did not receive HSTS header +dycoa.com: could not connect to host +dycontrol.de: could not connect to host +dylanscott.com.au: did not receive HSTS header +dymersion.com: did not receive HSTS header +dynamic-innovations.net: could not connect to host +dynamize.solutions: did not receive HSTS header +dzimejl.sk: did not receive HSTS header +dzlibs.io: could not connect to host +dznn.nl: could not connect to host +e-aut.net: could not connect to host +e-biografias.net: did not receive HSTS header +e-deca2.org: did not receive HSTS header +e-isfa.eu: did not receive HSTS header +e-mak.eu: could not connect to host +e-newshub.com: could not connect to host +e-pokupki.eu: did not receive HSTS header +e-rickroll-r.pw: could not connect to host +e-sa.com: did not receive HSTS header +e-verify.gov: did not receive HSTS header +e-wishlist.net: could not connect to host +e30gruppe.com: did not receive HSTS header +e3amn2l.com: could not connect to host +eagle-aluminum.com: did not receive HSTS header +eam-gmbh.com: did not receive HSTS header +earga.sm: could not connect to host +earlybirdsnacks.com: could not connect to host +earthrise16.com: could not connect to host +earthsystemprediction.gov: did not receive HSTS header +easez.net: did not receive HSTS header +easthokkaido-5airport.jp: did not receive HSTS header +easychiller.org: could not connect to host +easykonto.de: could not connect to host +easyplane.it: did not receive HSTS header +eatfitoutlet.com.br: could not connect to host +eatry.io: could not connect to host +eatvisor.co.uk: could not connect to host +eauclairecommerce.com: could not connect to host +eaucube.com: did not receive HSTS header +ebankcbt.com: could not connect to host +ebcs-solutions.com: did not receive HSTS header +ebecs.com: did not receive HSTS header +ebertek.com: did not receive HSTS header +ebiografia.com: did not receive HSTS header +ebiografias.com.br: could not connect to host +ebolsa.com.br: did not receive HSTS header +ebolsas.com.br: did not receive HSTS header +ebonyriddle.com: could not connect to host +ebooksgratuits.org: did not receive HSTS header +ebp2p.com: did not receive HSTS header +ebpglobal.com: did not receive HSTS header +ebraph.com: could not connect to host +ecake.in: could not connect to host +ecc-kaufbeuren.de: could not connect to host +ecdn.cz: could not connect to host +ecfs.link: could not connect to host +ecg.fr: could not connect to host +echipstore.com: did not receive HSTS header +eckro.com: did not receive HSTS header +ecole-en-danger.fr: could not connect to host +ecole-maternelle-saint-joseph.be: could not connect to host +ecology-21.ru: did not receive HSTS header +ecomlane.com: could not connect to host +ecomparemo.com: did not receive HSTS header +ecorus.eu: did not receive HSTS header +ecrimex.net: did not receive HSTS header +ectora.com: could not connect to host +edanni.io: did not receive HSTS header +edati.lv: could not connect to host +edcphenix.tk: could not connect to host +eddmixpanel.com: could not connect to host +eddyn.net: did not receive HSTS header +edelblack.ch: could not connect to host +edelsteincosmetic.com: did not receive HSTS header +eden-mobility.co.uk: did not receive HSTS header +eden-noel.at: could not connect to host +edenaya.com: did not receive HSTS header +edgecustomersportal.com: could not connect to host +edgereinvent.com: did not receive HSTS header +ediscomp.sk: did not receive HSTS header +edissecurity.sk: did not receive HSTS header +edited.de: did not receive HSTS header +edix.ru: could not connect to host +edk.com.tr: did not receive HSTS header +edmodo.com: did not receive HSTS header +edpubs.gov: did not receive HSTS header +edsh.de: did not receive HSTS header +eduardnikolenko.ru: could not connect to host +educatio.tech: could not connect to host +educourse.ga: could not connect to host +eduif.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +edusantorini.com: could not connect to host +eduvance.in: did not receive HSTS header +eeb98.com: could not connect to host +eengezinswoning-in-alphen-aan-den-rijn-kopen.nl: could not connect to host +eengezinswoning-in-de-friese-meren-kopen.nl: could not connect to host +eengezinswoning-in-friesland-kopen.nl: could not connect to host +eengezinswoning-in-leeuwarden-kopen.nl: could not connect to host +eengezinswoning-in-pekela-kopen.nl: could not connect to host +eengezinswoning-in-rijnwaarden-kopen.nl: could not connect to host +eengezinswoning-in-sudwest-fryslan-kopen.nl: could not connect to host +eengezinswoning-in-zeeland-kopen.nl: could not connect to host +eengezinswoning-in-zuid-holland-kopen.nl: could not connect to host +eengezinswoning-in-zuidplas-kopen.nl: could not connect to host +eengezinswoning-in-zwartewaterland-kopen.nl: could not connect to host +eengezinswoningverkopen.nl: could not connect to host +eenhoorn.ga: could not connect to host +eesistumine2017.ee: could not connect to host +efficienthealth.com: did not receive HSTS header +effortlesshr.com: did not receive HSTS header +eftcorp.biz: max-age too low: 0 +egge.com: max-age too low: 0 +egit.co: could not connect to host +ego-world.org: could not connect to host +ehealthcounselor.com: could not connect to host +ehipaadev.com: could not connect to host +ehito.ovh: could not connect to host +ehrenamt-skpfcw.de: could not connect to host +ehuber.info: could not connect to host +eicfood.com: could not connect to host +eidolonhost.com: did not receive HSTS header +eifelindex.de: did not receive HSTS header +eigo.work: could not connect to host +einhorn.space: could not connect to host +einsatzstiefel.info: could not connect to host +ekbanden.nl: could not connect to host +ekobudisantoso.net: could not connect to host +eksik.com: did not receive HSTS header +el-soul.com: did not receive HSTS header +elaintehtaat.fi: could not connect to host +elan-organics.com: did not receive HSTS header +elanguest.pl: could not connect to host +elanguest.ro: could not connect to host +elanguest.ru: could not connect to host +elastic7.uk: could not connect to host +elbetech.net: could not connect to host +elblein.de: did not receive HSTS header +electricant.com: did not receive HSTS header +electricant.nl: did not receive HSTS header +electricianforum.co.uk: did not receive HSTS header +electricoperaduo.com: did not receive HSTS header +electromc.com: could not connect to host +electrostatics.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +eleicoes2016.com.br: did not receive HSTS header +elektronring.com: could not connect to host +element-43.com: did not receive HSTS header +elemenx.com: could not connect to host +elemprendedor.com.ve: could not connect to host +elenag.ga: could not connect to host +elenagherta.ga: could not connect to host +elenoon.ir: did not receive HSTS header +elenorsmadness.org: could not connect to host +elgacien.de: could not connect to host +elglobo.com.mx: max-age too low: 86400 +elia.cloud: could not connect to host +elimdengelen.com: did not receive HSTS header +eliolita.com: could not connect to host +elite-porno.ru: could not connect to host +elitecovering.fr: did not receive HSTS header +elitefishtank.com: could not connect to host +ellen-skye.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +elmar-kraamzorg.nl: did not receive HSTS header +elnutricionista.es: could not connect to host +elohna.ch: did not receive HSTS header +elonbase.com: could not connect to host +eloxt.com: did not receive HSTS header +elpay.kz: did not receive HSTS header +elpo.xyz: could not connect to host +elsamakhin.com: could not connect to host +elsemanario.com: did not receive HSTS header +elsitar.com: could not connect to host +elsword.moe: could not connect to host +eltransportquevolem.org: could not connect to host +email.lookout.com: could not connect to host +email2rss.net: could not connect to host +emanatepixels.com: could not connect to host +emanga.su: did not receive HSTS header +embellir-aroma.com: could not connect to host +embellir-kyujin.com: could not connect to host +embracethedarkness.co.uk: could not connect to host +embroidered-stuff.com: could not connect to host +emeldi-commerce.com: max-age too low: 0 +emesolutions.net: did not receive HSTS header +emiele.com.br: could not connect to host +emilyhorsman.com: did not receive HSTS header +emilyjohnson.ga: could not connect to host +eminovic.me: could not connect to host +emjainteractive.com: did not receive HSTS header +emjimadhu.com: could not connect to host +emkei.cz: could not connect to host +emmable.com: could not connect to host +emnitech.com: could not connect to host +empleosentorreon.mx: could not connect to host +empleostampico.com: did not receive HSTS header +employeestore.org: did not receive HSTS header +employer.gov: could not connect to host +empty-r.com: could not connect to host +emptypath.com: did not receive HSTS header +enaah.de: did not receive HSTS header +enaia.fr: did not receive HSTS header +encode.space: could not connect to host +encode.uk.com: did not receive HSTS header +encoder.pw: could not connect to host +encontrebarato.com.br: did not receive HSTS header +encrypted.google.com: did not receive HSTS header (error ignored - included regardless) +encryptio.com: could not connect to host +end.pp.ua: could not connect to host +endlessdark.net: max-age too low: 600 +endlesshorizon.net: could not connect to host +endlesstone.com: could not connect to host +endohaus.ca: could not connect to host +endohaus.com: could not connect to host +endohaus.eu: could not connect to host +endspamwith.us: could not connect to host +enecoshop.nl: did not receive HSTS header +enefan.jp: could not connect to host +engelwerbung.com: did not receive HSTS header +enginsight.com: did not receive HSTS header +englishyamal.ru: did not receive HSTS header +enigmacpt.com: did not receive HSTS header +enigmail.net: did not receive HSTS header +enjen.net: did not receive HSTS header +enjoymayfield.com: max-age too low: 0 +enpalmademallorca.info: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +enteente.club: could not connect to host +enteente.space: could not connect to host +enteente.xyz: could not connect to host +enterdev.co: did not receive HSTS header +enterprisecarclub.co.uk: did not receive HSTS header +entersynapse.com: did not receive HSTS header +entourneebeetle.com: could not connect to host +entrepreneur.or.id: did not receive HSTS header +enum.eu.org: could not connect to host +enumify.com: could not connect to host +enviapresentes.com.br: could not connect to host +envygeeks.com: could not connect to host +envygeeks.io: could not connect to host +eol34.com: could not connect to host +eoldb.org: could not connect to host +epanurse.com: could not connect to host +ephry.com: could not connect to host +epicmc.games: could not connect to host +epoxate.com: could not connect to host +eq8.net.au: could not connect to host +eqib.nl: did not receive HSTS header +eqim.me: could not connect to host +equate.net.au: did not receive HSTS header +equatetechnologies.com.au: did not receive HSTS header +equilibre-yoga-jennifer-will.com: could not connect to host +equitee.co: did not receive HSTS header +equityflows.com: did not receive HSTS header +er-music.com: could not connect to host +erawanarifnugroho.com: did not receive HSTS header +eressea.xyz: could not connect to host +ergorium.com: max-age too low: 0 +ergorium.eu: max-age too low: 0 +ericbond.net: could not connect to host +erichalv.com: could not connect to host +ericorporation.com: did not receive HSTS header +ericyl.com: could not connect to host +eridanus.uk: could not connect to host +eriel.com.br: could not connect to host +erikwalther.eu: could not connect to host +eriser.fr: did not receive HSTS header +ernaehrungsberatung-rapperswil.ch: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +ernaehrungsberatung-zurich.ch: could not connect to host +ernesto.at: could not connect to host +eromixx.com: did not receive HSTS header +erotalia.es: could not connect to host +eroticen.com: did not receive HSTS header +eroticforce.com: did not receive HSTS header +erotische-aanbiedingen.nl: could not connect to host +errolz.com: could not connect to host +errors.zenpayroll.com: could not connect to host +ersindemirtas.com: did not receive HSTS header +erspro.net: could not connect to host +eru.me: did not receive HSTS header +erwinvanlonden.net: did not receive HSTS header +erwinwensveen.nl: could not connect to host +escalate.eu: could not connect to host +escolaengenharia.com.br: did not receive HSTS header +escotour.com: could not connect to host +esec.rs: did not receive HSTS header +esko.bar: could not connect to host +esln.org: did not receive HSTS header +esn-ypci.com: could not connect to host +esocweb.com: could not connect to host +esp8285.store: could not connect to host +espace-gestion.fr: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +espacemontmorency.com: did not receive HSTS header +especificosba.com.mx: could not connect to host +espo.com.ua: did not receive HSTS header +espra.com: could not connect to host +esquonic.com: could not connect to host +essenzialeenxovais.com.br: could not connect to host +essexghosthunters.co.uk: did not receive HSTS header +estaciona.guru: could not connect to host +estebanborges.com: did not receive HSTS header +estilosapeca.com: could not connect to host +estland.guide: could not connect to host +et-buchholz.de: could not connect to host +et180.com: could not connect to host +etangs-magazine.com: could not connect to host +etaoinwu.tk: could not connect to host +etdonline.co.uk: could not connect to host +eternitylove.us: could not connect to host +eth9.net: could not connect to host +etheria-software.tk: did not receive HSTS header +etherpad.fr: did not receive HSTS header +ethicalexploiting.com: did not receive HSTS header +ethicall.org.uk: did not receive HSTS header +ethil-faer.fr: could not connect to host +ethiobaba.com: could not connect to host +etk2000.com: did not receive HSTS header +etmirror.top: could not connect to host +etmirror.xyz: could not connect to host +etoto.pl: did not receive HSTS header +etproxy.tech: could not connect to host +etrker.com: did not receive HSTS header +ets2mp.de: did not receive HSTS header +etsysecure.com: could not connect to host +ettebiz.com: did not receive HSTS header +etula.ga: could not connect to host +etula.me: could not connect to host +euanbaines.com: did not receive HSTS header +eucl3d.com: did not receive HSTS header +euclideanpostulates.xyz: could not connect to host +eucollegetours.com: could not connect to host +euexia.fr: could not connect to host +eulerpi.io: could not connect to host +eupho.me: could not connect to host +euren.se: could not connect to host +eurocamping.se: could not connect to host +europeancupinline.eu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +euroshop24.net: could not connect to host +eurospecautowerks.com: did not receive HSTS header +eurostrategy.vn.ua: could not connect to host +ev-zertifikate.de: could not connect to host +evafojtova.cz: did not receive HSTS header +evanhandgraaf.nl: did not receive HSTS header +evankurniawan.com: could not connect to host +evdenevenakliyatankara.pw: could not connect to host +evecalm.com: did not receive HSTS header +events12.com: did not receive HSTS header +eventsafrica.net: did not receive HSTS header +everpcpc.com: did not receive HSTS header +everybooks.com: could not connect to host +everydaytherich.com: max-age too low: 7776000 +everygayporn.xyz: did not receive HSTS header +everylab.org: could not connect to host +everything.place: did not receive HSTS header +everytrycounts.gov: could not connect to host +eveseat.net: could not connect to host +eveshaiwu.com: could not connect to host +evi.be: did not receive HSTS header +evileden.com: could not connect to host +evilnerd.de: did not receive HSTS header +evilsay.com: could not connect to host +evin.ml: could not connect to host +evites.me: could not connect to host +evoludis.net: did not receive HSTS header +evomon.com: could not connect to host +evossd.tk: could not connect to host +evowl.com: could not connect to host +ewallet-optimizer.com: did not receive HSTS header +ewex.org: could not connect to host +excelgum.ca: did not receive HSTS header +exceptionalservices.us: could not connect to host +exfiles.cz: did not receive HSTS header +exgravitus.com: could not connect to host +exno.co: could not connect to host +exo.do: could not connect to host +exousiakaidunamis.xyz: could not connect to host +expertmile.com: did not receive HSTS header +exploit-db.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +expo-designers.com: did not receive HSTS header +expressfinance.co.za: did not receive HSTS header +exteriorservices.io: could not connect to host +extrathemeshowcase.net: could not connect to host +extratorrentlive.xyz: could not connect to host +extratorrents.tech: could not connect to host +extreemhost.nl: did not receive HSTS header +extremenetworking.net: could not connect to host +exy.pw: could not connect to host +eyasc.nl: could not connect to host +eye-carat.com: did not receive HSTS header +eyedarts.com: did not receive HSTS header +eyeglassuniverse.com: did not receive HSTS header +eyes-of-universe.eu: did not receive HSTS header +eyesoccer-didikh.rhcloud.com: could not connect to host +eyesonly.cc: did not receive HSTS header +eytosh.net: could not connect to host +ez.fi: could not connect to host +ezimoeko.net: could not connect to host +ezmod.org: could not connect to host +ezrefurb.co.uk: did not receive HSTS header +eztv.ch: did not receive HSTS header +f-rickroll-g.pw: could not connect to host +f-s-u.co.uk: could not connect to host +f00.ca: did not receive HSTS header +f2f.cash: could not connect to host +f8842.com: could not connect to host +faber.io: could not connect to host +fabhub.io: could not connect to host +fabian-kluge.de: could not connect to host +fabianfischer.de: did not receive HSTS header +fabled.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +fabriko.fr: did not receive HSTS header +facebook.ax: could not connect to host +facilitrak.com: could not connect to host +factorable.net: did not receive HSTS header +factorygw.com: did not receive HSTS header +factureenlinea.com: could not connect to host +fadilus.com: did not receive HSTS header +faesser.com: did not receive HSTS header +fafatiger.com: could not connect to host +fahmed.de: did not receive HSTS header +faidanoi.it: did not receive HSTS header +fail4free.de: did not receive HSTS header +failproof.be: max-age too low: 604800 +faircom.co.za: did not receive HSTS header +fairkey.dk: did not receive HSTS header +fairlyoddtreasures.com: did not receive HSTS header +faithwatch.org: could not connect to host +faizan.xyz: did not receive HSTS header +fakeletters.org: did not receive HSTS header +faktura.pl: did not receive HSTS header +falconfrag.com: could not connect to host +falconwiz.com: did not receive HSTS header +falkhusemann.de: did not receive HSTS header +falkp.no: did not receive HSTS header +falkus.net: could not connect to host +fallenangeldrinks.eu: could not connect to host +fallenangelspirits.uk: could not connect to host +fallofthecitadel.com: did not receive HSTS header +faluninfo.ba: did not receive HSTS header +fam-weyer.de: did not receive HSTS header +fame-agency.net: could not connect to host +famep.gov: could not connect to host +famer.me: could not connect to host +fameuxhosting.co.uk: could not connect to host +familie-sander.rocks: could not connect to host +familie-sprink.de: could not connect to host +familie-zimmermann.at: could not connect to host +famio.cn: did not receive HSTS header +fancy-bridge.com: could not connect to host +fanflow.com: did not receive HSTS header +fant.dk: did not receive HSTS header +fantasticgardenersmelbourne.com.au: did not receive HSTS header +fantasyfootballpundit.com: did not receive HSTS header +fanyl.cn: could not connect to host +farces.com: did not receive HSTS header +faretravel.co.uk: could not connect to host +farm24.co.uk: could not connect to host +farmaciaformula.com.br: could not connect to host +farwat.ru: did not receive HSTS header +fashion.net: did not receive HSTS header +fashioncare.cz: did not receive HSTS header +fashionholic.my: did not receive HSTS header +fashionoutfits24.com: did not receive HSTS header +fasset.jp: could not connect to host +fastaim.de: could not connect to host +fastbackmbg.be: could not connect to host +fastcomcorp.com: did not receive HSTS header +fastcomcorp.net: did not receive HSTS header +fastograph.com: could not connect to host +fastopen.ml: could not connect to host +fastworx.com: could not connect to host +fatdoge.cn: did not receive HSTS header +fatgeekflix.net: could not connect to host +fatherhood.gov: did not receive HSTS header +fatlossguide.xyz: could not connect to host +fator25.com.br: could not connect to host +fatwin.pw: could not connect to host +fatzebra.com.au: max-age too low: 0 +faxreader.net: could not connect to host +fayolle.info: did not receive HSTS header +fbox.li: could not connect to host +fcsic.gov: max-age too low: 2592000 +fdj.im: could not connect to host +fdt.name: did not receive HSTS header +feard.space: could not connect to host +fed51.com: could not connect to host +federalregister.gov: did not receive HSTS header +fedn.it: could not connect to host +fedo.moe: could not connect to host +feedstringer.com: could not connect to host +feedthebot.com: did not receive HSTS header +feedthefuture.gov: did not receive HSTS header +feezmodo.com: did not receive HSTS header +fefore.com: did not receive HSTS header +fegans.org.uk: did not receive HSTS header +feirlane.org: could not connect to host +feist.io: could not connect to host +felisslovakia.sk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +feliwyn.fr: did not receive HSTS header +felixrr.pro: could not connect to host +femaledom.xyz: could not connect to host +feminists.co: could not connect to host +fengyadi.com: could not connect to host +fenno.net: could not connect to host +fensdorf.de: did not receive HSTS header +fensterbau-mutscheller.de: did not receive HSTS header +fenteo.com: could not connect to host +feragon.net: did not receive HSTS header +feras-alhajjaji.com: could not connect to host +feriahuamantla.com: could not connect to host +fermanacuratampaparts.com: could not connect to host +fernangp.com: did not receive HSTS header +fernseher-kauf.de: could not connect to host +ferrolatino.com: could not connect to host +feschiyan.com: did not receive HSTS header +festember.com: did not receive HSTS header +festrip.com: could not connect to host +fetch.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +fetclips.se: could not connect to host +fettbrot.tk: did not receive HSTS header +feuerwehr-heiligenberg.de: did not receive HSTS header +fexmen.com: could not connect to host +ff-getzersdorf.at: did not receive HSTS header +ffb.gov: could not connect to host +ficklenote.net: could not connect to host +fics-twosigma.com: could not connect to host +fideleslaici.com: did not receive HSTS header +fiendishmasterplan.com: did not receive HSTS header +fierman.eu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +fierman.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +fierman.us: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +fifieldtech.com: could not connect to host +fiftyshadesofluca.ml: could not connect to host +fig.co: did not receive HSTS header +fightr.co: could not connect to host +figuurzagers.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +fiksel.info: did not receive HSTS header +fikt.space: could not connect to host +filebox.moe: could not connect to host +fileio.io: could not connect to host +filemeal.com: did not receive HSTS header +filey.co.uk: did not receive HSTS header +filmesubtitrate2017.online: could not connect to host +filo.xyz: did not receive HSTS header +filoitoupediou.gr: did not receive HSTS header +finalgear.com: did not receive HSTS header +finalvpn.com: could not connect to host +financieringsportaal.nl: did not receive HSTS header +finanzkontor.net: could not connect to host +findigo.fish: could not connect to host +findingmyname.com: did not receive HSTS header +findmybottleshop.com.au: could not connect to host +findtutorsnearme.com: did not receive HSTS header +fingent.com: did not receive HSTS header +finiteheap.com: did not receive HSTS header +finpt.com: did not receive HSTS header +finstererlebnis.de: could not connect to host +finsterlebnis.de: did not receive HSTS header +fintechnics.com: did not receive HSTS header +fiodental.com.br: did not receive HSTS header +firebaseio-demo.com: could not connect to host +firebaseio.com: could not connect to host (error ignored - included regardless) +firebird.io: could not connect to host +firefall.rocks: could not connect to host +fireinthedeep.com: could not connect to host +firemail.io: could not connect to host +firemudfm.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +firenza.org: did not receive HSTS header +fireorbit.de: did not receive HSTS header +firexarxa.de: could not connect to host +firmament.space: could not connect to host +firmenverzeichnis.nu: could not connect to host +firstdogonthemoon.com.au: did not receive HSTS header +firstforex.co.uk: did not receive HSTS header +firstlook.org: did not receive HSTS header +fit4medien.de: did not receive HSTS header +fitbylo.com: did not receive HSTS header +fitea.cz: did not receive HSTS header +fitiapp.com: could not connect to host +fitnesswerk.de: could not connect to host +fitshop.com.br: could not connect to host +fitsw.com: did not receive HSTS header +five.vn: did not receive HSTS header +fivestarsitters.com: did not receive HSTS header +fivestepfunnels.com: could not connect to host +fivezerocreative.com: did not receive HSTS header +fix-the-timeline.com: could not connect to host +fix-the-timeline.org: could not connect to host +fixico-staging.nl: could not connect to host +fixingdns.com: could not connect to host +fixmyglitch.com: could not connect to host +fixtectools.co.za: could not connect to host +fixthetimeline.com: could not connect to host +fixthetimeline.org: could not connect to host +fjruiz.es: did not receive HSTS header +fkcovering.be: could not connect to host +fl0000.com: did not receive HSTS header +fl010.com: did not receive HSTS header +fl0111.com: did not receive HSTS header +fl0222.com: did not receive HSTS header +fl0333.com: did not receive HSTS header +fl0555.com: did not receive HSTS header +fl0666.com: did not receive HSTS header +fl0777.com: did not receive HSTS header +fl0888.com: did not receive HSTS header +fl0999.com: did not receive HSTS header +flags.ninja: could not connect to host +flairbros.at: could not connect to host +flajshans.cz: did not receive HSTS header +flamewall.net: could not connect to host +flamingkeys.com.au: could not connect to host +flareon.net: could not connect to host +flatbellyreview.com: max-age too low: 2592000 +flawcheck.com: could not connect to host +flc111.com: did not receive HSTS header +flc999.com: did not receive HSTS header +fliexer.com: could not connect to host +flipkey.com: did not receive HSTS header +flirchi.com: could not connect to host +flixtor.net: could not connect to host +floless.co.uk: did not receive HSTS header +floorball-haunwoehr.de: did not receive HSTS header +florafiora.com.br: did not receive HSTS header +florian-lillpopp.de: max-age too low: 10 +florianlillpopp.de: max-age too low: 10 +floridaescapes.co.uk: did not receive HSTS header +flouartistique.ch: could not connect to host +flow.pe: could not connect to host +flow.su: could not connect to host +flowersandclouds.com: could not connect to host +floweslawncare.com: did not receive HSTS header +flowlo.me: could not connect to host +flugplatz-edvc.de: could not connect to host +fluidojobs.com: could not connect to host +flukethoughts.com: could not connect to host +flurrybridge.com: did not receive HSTS header +flushstudios.com: did not receive HSTS header +fly.moe: could not connect to host +flyaces.com: could not connect to host +flygpost.com: could not connect to host +flyingdoggy.net: could not connect to host +fm83.nl: could not connect to host +fm992.com: did not receive HSTS header +fnvsecurity.com: could not connect to host +fobc-usa.org: did not receive HSTS header +focalforest.com: could not connect to host +fojtova.cz: did not receive HSTS header +fojtovi.cz: did not receive HSTS header +fokan.ch: did not receive HSTS header +folioapp.io: could not connect to host +followback.net: did not receive HSTS header +fonetiq.io: could not connect to host +foo: could not connect to host +food4health.guide: could not connect to host +foodbuddy.ch: could not connect to host +foodiebox.no: did not receive HSTS header +foodies.my: did not receive HSTS header +foodievenues.com: could not connect to host +foodplantengineering.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +foodsafetyworkinggroup.gov: could not connect to host +footballmapped.com: could not connect to host +footlegende.fr: did not receive HSTS header +forafifty.co.za: could not connect to host +foraje-profesionale.ro: did not receive HSTS header +forbook.net: could not connect to host +forcamp.ga: could not connect to host +fordbydesign.com: could not connect to host +fordshop.by: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +foreignexchangeresource.com: did not receive HSTS header +forestfinance.fr: did not receive HSTS header +foreveralone.io: could not connect to host +forewordreviews.com: did not receive HSTS header +forex-dan.com: did not receive HSTS header +forgix.com: could not connect to host +formazioneopen.it: could not connect to host +formersessalaries.com: did not receive HSTS header +formula.cf: could not connect to host +forplanetsake.com: could not connect to host +forschbach-janssen.de: could not connect to host +forsyththeatre.com: could not connect to host +fortuna-loessnitz.de: could not connect to host +forty2.eu: did not receive HSTS header +forus.be: could not connect to host +foshanshequ.com: could not connect to host +fossewayflowers.co.uk: could not connect to host +fossewayflowers.com: could not connect to host +fossewaygardencentre.co.uk: did not receive HSTS header +fotiu.com: could not connect to host +fotocerita.net: could not connect to host +fotofaerie.net: could not connect to host +fotogiraffe.ru: could not connect to host +fotografosexpertos.com: did not receive HSTS header +fotopasja.info: could not connect to host +fourchin.net: could not connect to host +fourwheelpartloanssimple.com: did not receive HSTS header +foxdev.io: did not receive HSTS header +foxelbox.com: did not receive HSTS header +foxley-farm.co.uk: did not receive HSTS header +foxley-seeds.co.uk: did not receive HSTS header +foxleyseeds.co.uk: could not connect to host +foxtrot.pw: could not connect to host +foxyslut.com: could not connect to host +fr33d0m.link: could not connect to host +fragilesolar.cf: could not connect to host +fragnic.com: could not connect to host +fralef.me: did not receive HSTS header +francevpn.xyz: could not connect to host +franckyz.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +francois-vidit.com: did not receive HSTS header +frangor.info: did not receive HSTS header +frankierprofi.de: did not receive HSTS header +fransallen.com: could not connect to host +franta.biz: did not receive HSTS header +franta.email: did not receive HSTS header +franzt.de: could not connect to host +franzt.ovh: could not connect to host +frasesdeamizade.pt: could not connect to host +frasys.io: did not receive HSTS header +fraudempire.com: could not connect to host +frebib.net: could not connect to host +fredliang.cn: could not connect to host +fredtec.ru: could not connect to host +freeboson.org: could not connect to host +freeflow.tv: could not connect to host +freejidi.com: could not connect to host +freekdevries.nl: did not receive HSTS header +freelanced.co.za: could not connect to host +freelansir.com: could not connect to host +freelo.cz: did not receive HSTS header +freematthale.net: did not receive HSTS header +freeshkre.li: could not connect to host +freesoftwaredriver.com: could not connect to host +freethought.org.au: could not connect to host +freeutopia.org: did not receive HSTS header +freqlabs.com: did not receive HSTS header +freshfind.xyz: could not connect to host +freshlymind.com: did not receive HSTS header +frezbo.com: could not connect to host +frforms.com: did not receive HSTS header +frickenate.com: could not connect to host +fridaperfumaria.com.br: could not connect to host +fridolinka.cz: could not connect to host +friedhelm-wolf.de: could not connect to host +friendica.ch: could not connect to host +friendlyfiregameshow.com: could not connect to host +frimons.com: could not connect to host +frodriguez.xyz: could not connect to host +froggstack.de: could not connect to host +frolov.net: could not connect to host +fromlemaytoz.com: could not connect to host +fromthesoutherncross.com: could not connect to host +front-end.dog: could not connect to host +frontisme.nl: did not receive HSTS header +frontmin.com: did not receive HSTS header +frost-ci.xyz: could not connect to host +frosty-gaming.xyz: could not connect to host +froxlor.support: could not connect to host +frp-roleplay.de: could not connect to host +frsis2017.com: could not connect to host +fruitusers.com: could not connect to host +frumious.fyi: could not connect to host +frusky.net: could not connect to host +fs-gamenet.de: could not connect to host +fsapubs.gov: did not receive HSTS header +fsfi.is: could not connect to host +fsinf.at: did not receive HSTS header +fspphoto.com: could not connect to host +fsradio.eu: could not connect to host +fstfy.de: could not connect to host +ftctele.com: could not connect to host +fteproxy.org: did not receive HSTS header +ftpi.ml: could not connect to host +fuckbilibili.com: could not connect to host +fuckcf.cf: could not connect to host +fuckgfw233.org: could not connect to host +fugle.de: could not connect to host +fuitedeau.ch: could not connect to host +fukuko.biz: could not connect to host +fukuko.xyz: could not connect to host +fukushima-web.com: did not receive HSTS header +fuli.am: did not receive HSTS header +fulilingyu.info: could not connect to host +fuliydys.com: did not receive HSTS header +fullytrained.co.uk: did not receive HSTS header +fumiware.com: could not connect to host +fun9.cc: could not connect to host +fun99.cc: could not connect to host +fundacionhijosdelsol.org: could not connect to host +fungame.eu: did not receive HSTS header +funkes-ferien.de: did not receive HSTS header +funkyweddingideas.com.au: could not connect to host +funnyang.com: could not connect to host +funrun.com: did not receive HSTS header +funspins.com: could not connect to host +funtastic-event-hire.co.uk: did not receive HSTS header +fuorifuocogenova.it: did not receive HSTS header +furiffic.com: did not receive HSTS header +furnation.com: could not connect to host +furnishedproperty.com.au: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +furry.be: did not receive HSTS header +fusedrops.com: could not connect to host +fusionmate.com: did not receive HSTS header +futbol11.com: did not receive HSTS header +futos.de: could not connect to host +futurefundapp.com: did not receive HSTS header +futurestarsusa.org: did not receive HSTS header +futuretechnologi.es: could not connect to host +futureyouhealth.com: did not receive HSTS header +fuvpn.com: could not connect to host +fuzoku-sodan.com: could not connect to host +fws.gov: did not receive HSTS header +fx-rk.com: did not receive HSTS header +fyfywka.com: max-age too low: 86400 +fyodorpi.com: did not receive HSTS header +fyol.pw: could not connect to host +fysiohaenraets.nl: did not receive HSTS header +fzn.io: did not receive HSTS header +fzslm.me: could not connect to host +g-i-s.vn: did not receive HSTS header +g-marketing.ro: did not receive HSTS header +g-rickroll-o.pw: could not connect to host +g1jeu.com: could not connect to host +g2a.co: did not receive HSTS header +g2g.com: did not receive HSTS header +g4w.co: could not connect to host (error ignored - included regardless) +g5led.nl: could not connect to host +g77.ca: could not connect to host +gaasuper6.com: could not connect to host +gabber.scot: could not connect to host +gabi.com.es: could not connect to host +gabi.soy: did not receive HSTS header +gabi.uno: could not connect to host +gablaxian.com: max-age too low: 2592000 +gabriel.to: could not connect to host +gabriele-kluge.de: could not connect to host +gaelleetarnaud.com: did not receive HSTS header +gafachi.com: could not connect to host +gainesvillegoneaustin.org: did not receive HSTS header +gaiserik.com: could not connect to host +gaite.me: did not receive HSTS header +gakkainavi-epsilon.net: did not receive HSTS header +gakkainavi.jp: did not receive HSTS header +gakkainavi4.com: could not connect to host +gakkainavi4.net: did not receive HSTS header +gala.kiev.ua: could not connect to host +galardi.org: could not connect to host +galena.io: could not connect to host +galenskap.eu: could not connect to host +galeriadobimba.com.br: could not connect to host +gali.review: could not connect to host +gallery44.org: did not receive HSTS header +galletasgabi.com.mx: max-age too low: 86400 +galoisvpn.xyz: could not connect to host +gam3rs.de: could not connect to host +gambitcloud.net: could not connect to host +game-gentle.com: could not connect to host +game.yt: could not connect to host +gamecave.de: could not connect to host +gamechasm.com: could not connect to host +gamefund.me: did not receive HSTS header +gamehacks.me: could not connect to host +gameink.net: max-age too low: 0 +gamek.es: could not connect to host +gamenected.com: could not connect to host +gamenected.de: could not connect to host +gamepad.vg: could not connect to host +gamepader.com: could not connect to host +gameparade.de: could not connect to host +gamepiece.com: could not connect to host +gamerpoets.com: did not receive HSTS header +gamers-life.fr: could not connect to host +gamerslair.org: did not receive HSTS header +gamerz-point.de: could not connect to host +gamesdepartment.co.uk: did not receive HSTS header +gameserver-sponsor.de: did not receive HSTS header +gamesurferapp.com: could not connect to host +gameswitchers.uk: could not connect to host +gametium.com: could not connect to host +gametium.es: could not connect to host +gamingmedia.eu: did not receive HSTS header +gamoice.com: did not receive HSTS header +gampenhof.de: did not receive HSTS header +garageon.net: did not receive HSTS header +garciamartin.me: could not connect to host +garcinia--cambogia.com: could not connect to host +garden.trade: could not connect to host +gasbarkenora.com: could not connect to host +gasnews.net: could not connect to host +gasser-daniel.ch: did not receive HSTS header +gatapro.net: could not connect to host +gatorsa.es: did not receive HSTS header +gaussorgues.me: could not connect to host +gautham.it: could not connect to host +gautham.pro: could not connect to host +gaygeeks.de: could not connect to host +gc.net: could not connect to host +gchoic.com: could not connect to host +gdegem.org: did not receive HSTS header +gdevpenze.ru: could not connect to host +gdhzcgs.com: could not connect to host +gdz-otvety.com: could not connect to host +gebn.co.uk: did not receive HSTS header +gebn.uk: could not connect to host +gedankenbude.info: could not connect to host +geekbaba.com: could not connect to host +geekcast.co.uk: did not receive HSTS header +geekmind.org: max-age too low: 172800 +geeks.berlin: could not connect to host +geeks.lgbt: could not connect to host +geeky.software: could not connect to host +geemo.top: could not connect to host +gehrke.nrw: could not connect to host +geigr.de: could not connect to host +geli-graphics.com: did not receive HSTS header +gemsoftheworld.org: could not connect to host +gemuplay.com: could not connect to host +generationnext.pl: could not connect to host +genesischangelog.com: did not receive HSTS header +geneve.guide: could not connect to host +genossen.ru: could not connect to host +genshiken.org: could not connect to host +genuu.com: could not connect to host +genuxation.com: could not connect to host +genyaa.com: could not connect to host +genyhitch.com: did not receive HSTS header +geoffdev.com: could not connect to host +geoffreyrichard.com: did not receive HSTS header +geopals.net: did not receive HSTS header +geoponika.gr: did not receive HSTS header +george-brighton.co.uk: could not connect to host +georgebrighton.co.uk: could not connect to host +georgescarryout.com: could not connect to host +georgesonarthurs.com.au: did not receive HSTS header +gereja.ga: could not connect to host +gerencianet.com.br: did not receive HSTS header +gereon.ch: could not connect to host +geri.be: could not connect to host +geschenkly.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +gesiwista.net: could not connect to host +gesunde-smoothies.de: did not receive HSTS header +get-cctv.com: could not connect to host +get.zenpayroll.com: did not receive HSTS header +geta.pub: did not receive HSTS header +getable.com: did not receive HSTS header +getblys.com.au: did not receive HSTS header +getbooks.co.il: did not receive HSTS header +getcarefirst.com: could not connect to host +getcarina.com: could not connect to host +getcleartouch.com: did not receive HSTS header +getcolor.com: did not receive HSTS header +getfestify.com: did not receive HSTS header +getfilterlive.org: could not connect to host +getfirepress.com: could not connect to host +getgeek.dk: could not connect to host +getgeek.ee: could not connect to host +getgeek.es: could not connect to host +getgeek.eu: did not receive HSTS header +getgeek.fi: could not connect to host +getgeek.fr: could not connect to host +getgeek.io: could not connect to host +getgeek.no: could not connect to host +getgeek.nu: could not connect to host +getgeek.pl: could not connect to host +getgeek.se: did not receive HSTS header +getinternet.de: did not receive HSTS header +getkai.co.nz: did not receive HSTS header +getlantern.org: did not receive HSTS header +getlifti.com: could not connect to host +getlittleapps.com: could not connect to host +getlolaccount.com: did not receive HSTS header +getmassage.com.ng: could not connect to host +getmondo.co.uk: could not connect to host +getpake.com: could not connect to host +getpop.org: did not receive HSTS header +getpublii.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +getremembrall.com: could not connect to host +getronics.care: could not connect to host +getsello.com: could not connect to host +getspeaker.com: did not receive HSTS header +getwarden.net: could not connect to host +getwashdaddy.com: could not connect to host +gevaulug.fr: could not connect to host +gfbouncycastles.co.uk: could not connect to host +gfhgiro.nl: max-age too low: 0 +gfm.tech: could not connect to host +gfoss.gr: could not connect to host +gfwsb.ml: could not connect to host +gglks.com: could not connect to host +ggrks-asano.com: could not connect to host +ggss.cf: could not connect to host +ggss.ml: could not connect to host +gheorghe-sarcov.ga: could not connect to host +gheorghesarcov.ga: could not connect to host +gheorghesarcov.tk: could not connect to host +ghi.gov: could not connect to host +ghkim.net: could not connect to host +ghuntley.com: max-age too low: 0 +giakki.eu: could not connect to host +gianlucapartengo.photography: did not receive HSTS header +gibraltar-firma.com: did not receive HSTS header +gidea.nu: could not connect to host +gietvloergarant.nl: did not receive HSTS header +giftgofers.com: did not receive HSTS header +giftservices.nl: could not connect to host +gifzilla.net: could not connect to host +gigacloud.org: max-age too low: 0 +gigacog.com: could not connect to host +gigin.me: did not receive HSTS header +gilcloud.com: could not connect to host +gilgaz.com: did not receive HSTS header +gillet-cros.fr: could not connect to host +gilly.berlin: did not receive HSTS header +gilroywestwood.org: did not receive HSTS header +gina-architektur.design: could not connect to host +gincher.net: did not receive HSTS header +gingali.de: did not receive HSTS header +ginijony.com: did not receive HSTS header +gintenreiter-photography.com: did not receive HSTS header +giogadesign.com: did not receive HSTS header +gipsamsfashion.com: could not connect to host +gipsic.com: did not receive HSTS header +gis3m.org: did not receive HSTS header +gistfy.com: could not connect to host +git-stuff.tk: could not connect to host +git.co: could not connect to host +givemyanswer.com: could not connect to host +gizzo.sk: could not connect to host +glasner.photo: could not connect to host +glass.google.com: did not receive HSTS header (error ignored - included regardless) +glasslikes.com: did not receive HSTS header +glbg.eu: did not receive HSTS header +glentakahashi.com: could not connect to host +glittersjabloon.nl: did not receive HSTS header +glitzmirror.com: could not connect to host +global-adult-webcams.com: did not receive HSTS header +globalado.com: could not connect to host +globalbridge-japan.com: did not receive HSTS header +globalcomix.com: did not receive HSTS header +globalexpert.co.nz: could not connect to host +globalinsights.xyz: could not connect to host +globalittech.com: could not connect to host +globalmusic.ga: could not connect to host +globalsites.nl: did not receive HSTS header +glotter.com: did not receive HSTS header +gloucesterphotographer.com: did not receive HSTS header +glubbforum.de: did not receive HSTS header +glutenfreelife.co.nz: could not connect to host +glws.org: did not receive HSTS header +gm-assicurazioni.it: could not connect to host +gmail.com: did not receive HSTS header (error ignored - included regardless) +gmantra.org: could not connect to host +gmanukyan.com: could not connect to host +gmat.ovh: could not connect to host +gmoes.at: max-age too low: 600000 +gnom.me: could not connect to host +gnosticjade.net: could not connect to host +go.ax: did not receive HSTS header +go2sh.de: did not receive HSTS header +go4it.solutions: did not receive HSTS header +goabonga.com: could not connect to host +goalsetup.com: did not receive HSTS header +goaltree.ch: did not receive HSTS header +goarmy.eu: could not connect to host +goat.chat: did not receive HSTS header +goat.xyz: did not receive HSTS header +goben.ch: could not connect to host +goblins.net: did not receive HSTS header +godrealms.com: could not connect to host +goedeke.ml: could not connect to host +goerner.me: did not receive HSTS header +goge.site: could not connect to host +gogenenglish.com: could not connect to host +gogetssl.com: did not receive HSTS header +goggs.eu: could not connect to host +gogold-g.com: could not connect to host +goiaspropaganda.com.br: could not connect to host +gold24.in: did not receive HSTS header +goldegg-training.com: did not receive HSTS header +goldendata.io: could not connect to host +goldminer.ga: could not connect to host +goldpros.com: did not receive HSTS header +golocal-media.de: could not connect to host +gong8.win: could not connect to host +gongjuhao.com: could not connect to host +gonzalosanchez.mx: did not receive HSTS header +goodfurday.ca: did not receive HSTS header +goodtech.com.br: could not connect to host +goodwin43.ru: could not connect to host +google: could not connect to host (error ignored - included regardless) +google.ax: could not connect to host +googlemail.com: did not receive HSTS header (error ignored - included regardless) +googleplex.com: did not receive HSTS header (error ignored - included regardless) +googley.fr: max-age too low: 0 +goolok.com: could not connect to host +gootlijsten.nl: did not receive HSTS header +goozz.nl: did not receive HSTS header +gopay.cz: did not receive HSTS header +gopokego.cz: could not connect to host +goranrango.ch: could not connect to host +gorgiaxx.com: could not connect to host +gorilla-gym.site: could not connect to host +gorillow.com: could not connect to host +gosharewood.com: did not receive HSTS header +goshop.cz: did not receive HSTS header +gostream.asia: did not receive HSTS header +gotgenes.com: could not connect to host +goto.google.com: did not receive HSTS header (error ignored - included regardless) +goto.msk.ru: did not receive HSTS header +gotobrno.cz: did not receive HSTS header +gotocloud.ru: did not receive HSTS header +gotowned.org: max-age too low: 0 +gotspot.com: could not connect to host +gottcode.org: did not receive HSTS header +gottfridsberg.org: could not connect to host +gottfriedfeyen.com: did not receive HSTS header +gourmettia.com: did not receive HSTS header +gouv.ovh: did not receive HSTS header +gov.ax: could not connect to host +goverage.org: did not receive HSTS header +govillemo.ca: did not receive HSTS header +gozadentro.com: could not connect to host +gozel.com.tr: did not receive HSTS header +gparent.org: did not receive HSTS header +gpo.gov: did not receive HSTS header +gpstuner.com: did not receive HSTS header +graavaapi.elasticbeanstalk.com: could not connect to host +gracebaking.com: max-age too low: 86400 +gracechurchpc.net: max-age too low: 2592000 +gracesofgrief.com: could not connect to host +grachtenpandverkopen.nl: could not connect to host +gradsm-ci.net: could not connect to host +grafitec.ru: did not receive HSTS header +grana.com: did not receive HSTS header +grandlinecsk.ru: did not receive HSTS header +grandmascookieblog.com: did not receive HSTS header +grantedby.me: max-age too low: 0 +granth.io: could not connect to host +graph.no: did not receive HSTS header +graphire.io: could not connect to host +graphsearchengine.com: could not connect to host +gratis-app.com: did not receive HSTS header +gratisonlinesex.com: could not connect to host +gravitation.pro: could not connect to host +gravito.nl: did not receive HSTS header +gravity-net.de: could not connect to host +graycell.net: could not connect to host +grazetech.com: did not receive HSTS header +grcnode.co.uk: could not connect to host +great.nagoya: did not receive HSTS header +greatestwebsiteonearth.com: could not connect to host +greatideahub.com: did not receive HSTS header +greatnet.de: did not receive HSTS header +greatsong.net: did not receive HSTS header +greencardtalent.com: could not connect to host +greenesting.ch: could not connect to host +greenesting.com: could not connect to host +greenhillantiques.co.uk: did not receive HSTS header +greensolid.biz: could not connect to host +greenvines.com.tw: did not receive HSTS header +greenvpn.ltd: could not connect to host +greenvpn.pro: did not receive HSTS header +greggsfoundation.org.uk: could not connect to host +gregmartyn.com: could not connect to host +gregmilton.org: could not connect to host +gregorytlee.me: could not connect to host +grekland.guide: could not connect to host +gremots.com: could not connect to host +greplin.com: could not connect to host +gresb.com: did not receive HSTS header +gretchelizartistry.com: did not receive HSTS header +greuel.online: could not connect to host +grevesgarten.de: could not connect to host +greyline.se: could not connect to host +gribani.com: could not connect to host +grid2osm.org: could not connect to host +grigalanzsoftware.com: could not connect to host +grillinfools.com: did not receive HSTS header +gripopgriep.net: could not connect to host +gritte.net: could not connect to host +groenewoud.run: could not connect to host +groetzner.net: did not receive HSTS header +groseb.net: did not receive HSTS header +grossell.ru: could not connect to host +grossmann.gr: could not connect to host +grossmisconduct.news: could not connect to host +groupe-cassous.com: did not receive HSTS header +groups.google.com: did not receive HSTS header (error ignored - included regardless) +grow-shop.ee: could not connect to host +grow-shop.lt: could not connect to host +grow-shop.lv: could not connect to host +grozip.com: did not receive HSTS header +grunex.com: did not receive HSTS header +grupopgn.com.br: could not connect to host +gryffin.ga: could not connect to host +gryffin.ml: could not connect to host +gryffin.tk: could not connect to host +gsm-map.com: could not connect to host +gsnort.com: did not receive HSTS header +gtamodshop.org: could not connect to host +gtanda.tk: could not connect to host +gtech.work: did not receive HSTS header +gtldna.com: could not connect to host +gtlfsonlinepay.com: did not receive HSTS header +gtraxapp.com: could not connect to host +gts-schulsoftware.de: did not receive HSTS header +guarajubaimoveis.com.br: did not receive HSTS header +guava.studio: did not receive HSTS header +guentherhouse.com: did not receive HSTS header +guenthernoack.de: could not connect to host +guffrits.com: could not connect to host +gugaltika-ipb.org: could not connect to host +guge.gq: could not connect to host +gugga.dk: could not connect to host +guguke.net: did not receive HSTS header +guilde-vindicta.fr: did not receive HSTS header +guillaume-leduc.fr: did not receive HSTS header +guillaumematheron.fr: did not receive HSTS header +guinea-pig.co: could not connect to host +guineafruitcorp.com: could not connect to host +gulch.in.ua: did not receive HSTS header +gulenet.com: could not connect to host +gulfcoast-sandbox.com: could not connect to host +gunnarhafdal.com: did not receive HSTS header +gunnaro.com: could not connect to host +guntbert.net: could not connect to host +guoqiang.info: did not receive HSTS header +gurom.lv: could not connect to host +gurusupe.com: could not connect to host +gus.moe: could not connect to host +guso.gq: could not connect to host +guso.ml: could not connect to host +guso.site: could not connect to host +guso.tech: could not connect to host +gussi.is: did not receive HSTS header +gvchannel.xyz: could not connect to host +gvpt.sk: did not receive HSTS header +gvt2.com: could not connect to host (error ignored - included regardless) +gvt3.com: could not connect to host (error ignored - included regardless) +gw2oracle.com: could not connect to host +gw2reload.eu: could not connect to host +gwijaya.com: could not connect to host +gwtest.us: could not connect to host +gxlrx.net: could not connect to host +gyboche.com: could not connect to host +gyboche.science: could not connect to host +gycis.me: could not connect to host +gylauto.fr: could not connect to host +gym-old.de: max-age too low: 0 +gypthecat.com: did not receive HSTS header +gyz.io: could not connect to host +h-og.com: could not connect to host +h-rickroll-n.pw: could not connect to host +h2cdn.cloud: could not connect to host +h2check.org: did not receive HSTS header +h3artbl33d.nl: could not connect to host +haarkliniek.com: did not receive HSTS header +habbo.life: did not receive HSTS header +habbotalk.nl: could not connect to host +habeo.si: could not connect to host +hablemosdetecnologia.com.ve: could not connect to host +hac30.com: could not connect to host +hack.cz: could not connect to host +hack.li: could not connect to host +hacker8.cn: did not receive HSTS header +hackercat.ninja: did not receive HSTS header +hackerforever.com: did not receive HSTS header +hackerone-ext-adroll.com: could not connect to host +hackerspace-ntnu.no: did not receive HSTS header +hackest.org: did not receive HSTS header +hackit.im: could not connect to host +hackroyale.xyz: did not receive HSTS header +hacksnack.io: could not connect to host +hadaf.pro: could not connect to host +hadzic.co: could not connect to host +haeckdesign.com: did not receive HSTS header +haeckl.eu: did not receive HSTS header +haemmerle.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +haf.gr: could not connect to host +hafoda.com: did not receive HSTS header +hahayidu.org: could not connect to host +hainoni.com: did not receive HSTS header +hairlossstop.net: did not receive HSTS header +haitschi.com: could not connect to host +haitschi.de: did not receive HSTS header +haitschi.net: could not connect to host +haitschi.org: could not connect to host +haku.moe: could not connect to host +hakugin.me: could not connect to host +hakugin.org: could not connect to host +halcyonsbastion.com: could not connect to host +halkyon.net: could not connect to host +halletienne.fr: could not connect to host +halo.red: could not connect to host +halyul.cc: did not receive HSTS header +halyul.com: did not receive HSTS header +haman.nl: could not connect to host +hamu.blue: could not connect to host +hancc.net: could not connect to host +handenafvanhetmedischdossier.nl: could not connect to host +handicapindeles.nl: did not receive HSTS header +handiworker.com: could not connect to host +handleidingkwijt.com: did not receive HSTS header +handsandall.com: did not receive HSTS header +hanfu.la: could not connect to host +hang333.pw: could not connect to host +hangar18-modelismo.com.br: could not connect to host +hanimalis.fr: could not connect to host +hans-natur.de: did not receive HSTS header +hao2taiwan.com: max-age too low: 0 +haobo111.com: could not connect to host +haobo1111.com: could not connect to host +haobo222.com: could not connect to host +haobo2222.com: could not connect to host +haobo4444.com: could not connect to host +haobo5555.com: could not connect to host +haobo6666.com: could not connect to host +haobo7777.com: could not connect to host +haomwei.com: could not connect to host +haoyugao.com: could not connect to host +hapijs.cn: could not connect to host +happist.com: did not receive HSTS header +happix.nl: did not receive HSTS header +happyfabric.me: did not receive HSTS header +happygastro.com: could not connect to host +harambe.site: could not connect to host +harbourweb.net: did not receive HSTS header +hardline.xyz: could not connect to host +haribosupermix.com: could not connect to host +harisht.me: could not connect to host +harlentimberproducts.co.uk: did not receive HSTS header +harmonycosmetic.com: max-age too low: 300 +harristony.com: could not connect to host +harrypottereditor.net: could not connect to host +hartlep.eu: could not connect to host +hartmancpa.com: did not receive HSTS header +harvestrenewal.org: did not receive HSTS header +harz.cloud: could not connect to host +has.vision: could not connect to host +hasabig.wang: could not connect to host +hasalittle.wang: could not connect to host +hash-list.com: could not connect to host +hashidays.com: did not receive HSTS header +hashnode.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +hashplex.com: could not connect to host +hasilocke.de: did not receive HSTS header +hasinase.de: could not connect to host +haste.ch: could not connect to host +hastherebeenamassshooting.today: could not connect to host +hatoko.net: could not connect to host +haufschild.de: could not connect to host +haurumcraft.net: could not connect to host +hausarzt-stader-str.de: did not receive HSTS header +haveeruexaminer.com: could not connect to host +havenmoon.com: could not connect to host +havenswift-hosting.co.uk: did not receive HSTS header +hawthornharpist.com: could not connect to host +haxoff.com: could not connect to host +haxon.me: could not connect to host +haxx.hu: could not connect to host +haydenhill.us: could not connect to host +hazcod.com: could not connect to host +haze-productions.com: could not connect to host +haze.network: could not connect to host +haze.sucks: could not connect to host +hazyrom.net: could not connect to host +hb1111.com: could not connect to host +hb3333.com: could not connect to host +hb4444.com: could not connect to host +hbbet.com: could not connect to host +hbvip.com: could not connect to host +hbvip01.com: could not connect to host +hbvip02.com: could not connect to host +hbvip03.com: could not connect to host +hbvip04.com: could not connect to host +hbvip05.com: could not connect to host +hbvip06.com: could not connect to host +hbvip07.com: could not connect to host +hbvip08.com: could not connect to host +hcie.pl: could not connect to host +hcr.io: did not receive HSTS header +hcs-company.com: did not receive HSTS header +hcs-company.nl: did not receive HSTS header +hcstr.com: could not connect to host +hdm.io: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +hdrboundless.com: could not connect to host +hdserver.info: did not receive HSTS header +hdsmigrationtool.com: could not connect to host +hduin.xyz: could not connect to host +hdwallpapers.net: did not receive HSTS header +head-shop.lt: could not connect to host +head-shop.lv: could not connect to host +headmates.xyz: could not connect to host +healthjoy.com: did not receive HSTS header +healthyandnaturalliving.com: could not connect to host +healthycod.in: could not connect to host +healtious.com: could not connect to host +hearingshofar.com: could not connect to host +heart.ge: could not connect to host +heartlandrentals.com: did not receive HSTS header +hearty.ink: could not connect to host +hearty.space: could not connect to host +hearty.tw: did not receive HSTS header +heartyme.net: could not connect to host +heathmanners.com: could not connect to host +heavenlysmokenc.com: could not connect to host +heavystresser.com: could not connect to host +hebaus.com: could not connect to host +heidilein.info: did not receive HSTS header +heijblok.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +heimnetze.org: could not connect to host +heisenberg.co: could not connect to host +hejahanif.se: could not connect to host +hejsupport.se: could not connect to host +helencrump.co.uk: did not receive HSTS header +helgakristoffer.com: could not connect to host +helgakristoffer.wedding: could not connect to host +hellofilters.com: could not connect to host +hellomouse.tk: could not connect to host +helloworldhost.com: did not receive HSTS header +hellscanyonraft.com: did not receive HSTS header +helpadmin.net: could not connect to host +helpantiaging.com: could not connect to host +helpekwendenihospital.com: could not connect to host +helpium.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +helpmebuild.com: did not receive HSTS header +helsingfors.guide: could not connect to host +hemlockhillscabinrentals.com: did not receive HSTS header +hencagon.com: could not connect to host +hendersonrealestatepros.com: did not receive HSTS header +henriknoerr.com: could not connect to host +hentai.design: could not connect to host +hentaimaster.net: could not connect to host +herbandpat.org: could not connect to host +herbertmouwen.nl: could not connect to host +here.ml: could not connect to host +here4funpartysolutions.ie: did not receive HSTS header +heribe-maruo.com: could not connect to host +heritagedentistry.ca: did not receive HSTS header +heroin.org.uk: could not connect to host +herpaderp.net: could not connect to host +herrenfahrt.com: did not receive HSTS header +herzbotschaft.de: did not receive HSTS header +hetmeisjeachterpauw.nl: could not connect to host +hetmer.com: did not receive HSTS header +hetmer.cz: did not receive HSTS header +hetmer.net: did not receive HSTS header +heutger.net: did not receive HSTS header +hex2013.com: did not receive HSTS header +hexhu.com: could not connect to host +hexobind.com: could not connect to host +heyfringe.com: could not connect to host +heyguevara.com: could not connect to host +heywoodtown.co.uk: did not receive HSTS header +hfcbank.com.gh: did not receive HSTS header +hfi.me: could not connect to host +hfu.io: could not connect to host +hg881.com: could not connect to host +hibilog.com: could not connect to host +hicn.gq: could not connect to host +hiddendepth.ie: max-age too low: 0 +hiddenmail.xyz: could not connect to host +hiddenrefuge.eu.org: could not connect to host +hideftv.deals: could not connect to host +hiexmerida-mailing.com: did not receive HSTS header +higherpress.org: could not connect to host +highgrove.org.uk: could not connect to host +highseer.com: did not receive HSTS header +highsurf-miyazaki.com: could not connect to host +hightower.eu: could not connect to host +highvelocitydesign.com: could not connect to host +hiisukun.com: could not connect to host +hiitcentre.com: did not receive HSTS header +hikariempire.com: could not connect to host +hilinemerchandising.com: did not receive HSTS header +hill.selfip.net: could not connect to host +hillcity.org.nz: did not receive HSTS header +hilnu.tk: could not connect to host +hinkel-sohn.de: did not receive HSTS header +hintergedanken.com: did not receive HSTS header +hintermeier-rae.at: could not connect to host +hipercultura.com: did not receive HSTS header +hiphopconvention.nl: could not connect to host +hipnos.net: did not receive HSTS header +hiqhub.co.uk: could not connect to host +hirefitness.co.uk: did not receive HSTS header +hirevets.gov: did not receive HSTS header +hirokilog.com: could not connect to host +hirte-digital.de: could not connect to host +hitchunion.org: could not connect to host +hititgunesi-tr.com: did not receive HSTS header +hitoy.org: did not receive HSTS header +hitrek.ml: could not connect to host +hittipps.com: did not receive HSTS header +hiv.gov: did not receive HSTS header +hlyue.com: did not receive HSTS header +hm1ch.ovh: could not connect to host +hmksq.ae: max-age too low: 7776000 +hmm.nyc: could not connect to host +hmsseahawk.com: did not receive HSTS header +hoast.xyz: could not connect to host +hobaugh.social: did not receive HSTS header +hodamakade.com: did not receive HSTS header +hodne.io: could not connect to host +hoekwoningverkopen.nl: could not connect to host +hoerbuecher-und-hoerspiele.de: could not connect to host +hofiprojekt.cz: did not receive HSTS header +hogar123.es: could not connect to host +hohm.in: could not connect to host +hoiku-map.tokyo: could not connect to host +hoiku-navi.com: did not receive HSTS header +holgerlehner.com: could not connect to host +holidayincotswolds.co.uk: could not connect to host +holifestival-freyung.de: could not connect to host +holymoly.lu: could not connect to host +homa.website: could not connect to host +homads.com: did not receive HSTS header +homeandyarddetailing.com: could not connect to host +homeclouding.de: could not connect to host +homedna.com: did not receive HSTS header +homeexx.com: did not receive HSTS header +homeownersassociationmanagementla.com: could not connect to host +homeseller.co.uk: could not connect to host +hometownmall.com: max-age too low: 0 +homeyantra.com: did not receive HSTS header +homoglyph.net: could not connect to host +honeytracks.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +hongyd.online: could not connect to host +hongzhaxiaofendui.com: could not connect to host +honoo.com: could not connect to host +hoodoo.io: could not connect to host +hoodoo.tech: could not connect to host +hookandloom.com: did not receive HSTS header +hoopsacademyusa.com: could not connect to host +hoovism.com: did not receive HSTS header +hopesb.org: could not connect to host +horizonshypnosis.ca: did not receive HSTS header +horning.co: did not receive HSTS header +horosho.in: could not connect to host +horseboners.xxx: did not receive HSTS header +hortifarm.ro: did not receive HSTS header +horvathtom.com: could not connect to host +hosteasy.nl: did not receive HSTS header +hosted-oswa.org: could not connect to host +hostedtalkgadget.google.com: did not receive HSTS header (error ignored - included regardless) +hostelite.com: did not receive HSTS header +hostfuture.co.in: did not receive HSTS header +hostgarou.com: did not receive HSTS header +hostinaus.com.au: did not receive HSTS header +hostingfj.com: could not connect to host +hostisan.com: could not connect to host +hostworkz.com: did not receive HSTS header +hotartup.com: could not connect to host +hotchoc.io: did not receive HSTS header +hotel-tongruben.de: max-age too low: 0 +hotelaustria-wien.at: did not receive HSTS header +hotelmadhuwanvihar.com: could not connect to host +hotelvictoriaoax-mailing.com: did not receive HSTS header +hotelvillahermosa-mailing.com: did not receive HSTS header +hotelvue.nl: could not connect to host +houkago-step.com: did not receive HSTS header +housemaadiah.org: did not receive HSTS header +housingstudents.org.uk: could not connect to host +howardtyson.com: could not connect to host +howfargames.com: could not connect to host +howrandom.org: could not connect to host +howtocuremysciatica.com: could not connect to host +hozinga.de: could not connect to host +hp-work.net: could not connect to host +hpepub.asia: could not connect to host +hpepub.com: could not connect to host +hpepub.org: could not connect to host +hppub.info: could not connect to host +hppub.org: could not connect to host +hppub.site: could not connect to host +hqhost.net: did not receive HSTS header +hr-intranet.com: could not connect to host +hr98.tk: could not connect to host +hrackydomino.cz: did not receive HSTS header +hrk.io: could not connect to host +hserver.top: could not connect to host +hsir.me: could not connect to host +hsts.com.br: could not connect to host +hsts.date: could not connect to host +hszhyy120.com: could not connect to host +html-lab.tk: could not connect to host +http418.xyz: could not connect to host +httphacker.com: could not connect to host +https.ps: could not connect to host +httpstatuscode418.xyz: could not connect to host +huangh.com: could not connect to host +huarongdao.com: could not connect to host +hubert.systems: did not receive HSTS header +hugocollignon.fr: could not connect to host +huiser.nl: could not connect to host +hukkatavara.com: could not connect to host +humankode.com: did not receive HSTS header +humblefinances.com: did not receive HSTS header +humeurs.net: could not connect to host +humortuga.pt: could not connect to host +hump.dk: did not receive HSTS header +humpi.at: could not connect to host +humpteedumptee.in: did not receive HSTS header +hunger.im: could not connect to host +huntshomeinspections.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +huodongweb.com: could not connect to host +hup.blue: could not connect to host +huskybutt.dog: could not connect to host +huwjones.me: could not connect to host +huzu.com: did not receive HSTS header +huzurmetal.net: could not connect to host +hyakumachi.com: did not receive HSTS header +hyatt.com: did not receive HSTS header +hydra.ws: could not connect to host +hydrante.ch: could not connect to host +hydrodipcenter.nl: did not receive HSTS header +hydronium.cf: could not connect to host +hydronium.ga: could not connect to host +hydronium.me: could not connect to host +hydronium.ml: could not connect to host +hydronium.tk: could not connect to host +hypa.net.au: did not receive HSTS header +hyper69.com: did not receive HSTS header +hypnoresults.com.au: did not receive HSTS header +hypnos.hu: did not receive HSTS header +hypotheques24.ch: could not connect to host +hysg.me: could not connect to host +hzh.pub: could not connect to host +i-jp.net: could not connect to host +i-partners.sk: did not receive HSTS header +i-rickroll-n.pw: could not connect to host +i10z.com: could not connect to host +iacono.com.br: did not receive HSTS header +iadttaveras.com: could not connect to host +iamjoshellis.com: could not connect to host +iamokay.nl: did not receive HSTS header +iamreubin.co.uk: did not receive HSTS header +iamveto.com: could not connect to host +iapws.com: did not receive HSTS header +iban.is: could not connect to host +ibarf.nl: did not receive HSTS header +ibase.com: did not receive HSTS header +ibenchu.com: did not receive HSTS header +ibestreview.com: did not receive HSTS header +ibnuwebhost.com: could not connect to host +icabanken.se: did not receive HSTS header +icaforsakring.se: did not receive HSTS header +ice.yt: could not connect to host +icebound.cc: could not connect to host +iceloch.com: could not connect to host +icepink.com.br: could not connect to host +icewoman.net: did not receive HSTS header +icfl.com.br: could not connect to host +ich-find-den-g.net: could not connect to host +ich-mach-druck.eu: did not receive HSTS header +ichnichtskaufmann.de: could not connect to host +ichoosebtec.com: did not receive HSTS header +icity.ly: did not receive HSTS header +icloud.net: could not connect to host +icntorrent.download: could not connect to host +icreative.nl: could not connect to host +ictpro.info: could not connect to host +icusignature.com: could not connect to host +id-co.in: could not connect to host +id-conf.com: did not receive HSTS header +id.fedoraproject.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +idcrane.com: could not connect to host +ideadozz.hu: could not connect to host +ideal-envelopes.co.uk: did not receive HSTS header +idealmoto.com: did not receive HSTS header +idealmykonos.com: did not receive HSTS header +ideaman924.com: did not receive HSTS header +ideaplus.me: could not connect to host +ideasmeetingpoint.com: could not connect to host +ideation-inc.co.jp: could not connect to host +idedr.com: could not connect to host +idemo.in: could not connect to host +identitylabs.uk: could not connect to host +identitysandbox.gov: could not connect to host +idgsupply.com: did not receive HSTS header +idinby.dk: did not receive HSTS header +idisplay.es: did not receive HSTS header +idlekernel.com: could not connect to host +idol-bikes.ru: could not connect to host +idontexist.me: did not receive HSTS header +iemb.cf: could not connect to host +iemb.tk: did not receive HSTS header +ierna.com: did not receive HSTS header +ies-italia.it: did not receive HSTS header +ies.id.lv: could not connect to host +ievgenialehner.com: could not connect to host +ifad.org: did not receive HSTS header +ifastuniversity.com: did not receive HSTS header +ifengge.me: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +ifleurs.com: could not connect to host +ifoss.me: could not connect to host +ifx.ee: could not connect to host +ifxnet.com: could not connect to host +igforums.com: could not connect to host +igi.codes: did not receive HSTS header +igiftcards.nl: did not receive HSTS header +ignatisd.gr: did not receive HSTS header +igule.net: could not connect to host +ihotel.io: did not receive HSTS header +ihrlotto.de: could not connect to host +ihrnationalrat.ch: could not connect to host +ihsbsd.me: could not connect to host +ihsbsd.tk: could not connect to host +iispeed.com: did not receive HSTS header +ijn-dd.nl: could not connect to host +ijoda.com: could not connect to host +ikenmeyer.com: could not connect to host +ikenmeyer.eu: could not connect to host +ikocik.sk: did not receive HSTS header +ikon.name: did not receive HSTS header +ikwilguidobellen.nl: could not connect to host +ikzoekeengoedkopeauto.nl: could not connect to host +ikzoekjeugdhulp.nl: did not receive HSTS header +ilbuongiorno.it: did not receive HSTS header +ileat.com: could not connect to host +ilgi.work: could not connect to host +ilhansubasi.com: did not receive HSTS header +ilikerainbows.co: could not connect to host +ilikerainbows.co.uk: could not connect to host +ilikfreshweedstores.com: did not receive HSTS header +illegalpornography.me: could not connect to host +ilmconpm.de: could not connect to host +ilona.graphics: did not receive HSTS header +iluvscotland.co.uk: max-age too low: 7889238 +imakepoems.net: could not connect to host +ime.moe: could not connect to host +imed.com.pt: did not receive HSTS header +imed.pt: did not receive HSTS header +img.ovh: could not connect to host +imgencrypt.com: could not connect to host +imgup.co: did not receive HSTS header +imim.pw: could not connect to host +imjiangtao.com: did not receive HSTS header +imlinan.cn: could not connect to host +imlinan.info: could not connect to host +imlinan.net: could not connect to host +immaterium.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +immersion-pictures.com: did not receive HSTS header +immersionwealth.com: could not connect to host +immoprotect.ca: did not receive HSTS header +immortals-co.com: did not receive HSTS header +immoverkauf24.at: did not receive HSTS header +immoverkauf24.de: did not receive HSTS header +immunicity.cc: could not connect to host +immunicity.date: did not receive HSTS header +immunicity.eu: did not receive HSTS header +immunicity.host: could not connect to host +immunicity.info: could not connect to host +immunicity.online: could not connect to host +immunicity.press: could not connect to host +immunicity.rocks: could not connect to host +immunicity.st: did not receive HSTS header +immunicity.today: could not connect to host +immunicity.top: could not connect to host +immunicity.win: could not connect to host +immunicity.works: could not connect to host +immunicity.world: could not connect to host +imolug.org: did not receive HSTS header +imoni-blog.net: could not connect to host +imoto.me: could not connect to host +imouto.my: max-age too low: 5184000 +imperdintechnologies.com: could not connect to host +imperialwebsolutions.com: did not receive HSTS header +implicitdenial.com: could not connect to host +imu.li: did not receive HSTS header +imusic.dk: did not receive HSTS header +inb4.us: could not connect to host +inbox.li: did not receive HSTS header +incendiary-arts.com: could not connect to host +inche-ali.com: did not receive HSTS header +inchomatic.com: did not receive HSTS header +increasetestosteronelevels.org: could not connect to host +indicateurs-flash.fr: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +indiecert.net: could not connect to host +indiemods.com: could not connect to host +indien.guide: could not connect to host +indochina.io: could not connect to host +indoorskiassen.nl: did not receive HSTS header +indredouglas.me: could not connect to host +industreiler.com: could not connect to host +industreiler.com.br: could not connect to host +industrybazar.com: did not receive HSTS header +ineed.com.mt: could not connect to host +inexpensivecomputers.net: could not connect to host +infcof.com: did not receive HSTS header +infilock.com: could not connect to host +infinitude.me.uk: could not connect to host +infinitude.xyz: could not connect to host +infinitudecloud.com: could not connect to host +infinitusgaming.eu: could not connect to host +infinity-freedom.com: could not connect to host +infinity-freedom.de: could not connect to host +infinity-lifestyle.de: could not connect to host +inflatadays.co.uk: could not connect to host +inflation.ml: could not connect to host +info-sys.tk: could not connect to host +infoduv.fr: did not receive HSTS header +infogrfx.com: did not receive HSTS header +inforichjapan.com: did not receive HSTS header +informaticapremium.com: did not receive HSTS header +informatik.zone: could not connect to host +infosec.rip: could not connect to host +infosoph.org: could not connect to host +infotics.es: did not receive HSTS header +infoworm.org: could not connect to host +infranix.eu: max-age too low: 7360000 +infura.co.th: could not connect to host +ingesol.fr: did not receive HSTS header +inhelix.com: could not connect to host +injertoshorticolas.com: did not receive HSTS header +injigo.com: did not receive HSTS header +injust.cf: could not connect to host +injust.ga: could not connect to host +injust.gq: could not connect to host +injust.me: could not connect to host +injust.ml: could not connect to host +injust.tk: could not connect to host +inked-guy.de: could not connect to host +inkedguy.de: could not connect to host +inkstory.gr: did not receive HSTS header +inksupply.com: did not receive HSTS header +inkvisual.tk: could not connect to host +inleaked.com: could not connect to host +inmyarea.com: max-age too low: 0 +innolabfribourg.ch: could not connect to host +innophate-security.nl: could not connect to host +inondation.ch: could not connect to host +inplacers.ru: did not receive HSTS header +inquisitive.io: did not receive HSTS header +insane-bullets.com: could not connect to host +inscript.pl: could not connect to host +insite-feedback.com: could not connect to host +insouciant.org: could not connect to host +inspire-av.com: did not receive HSTS header +inspiroinc.com: could not connect to host +instacart.com: did not receive HSTS header +instant-hack.com: did not receive HSTS header +instantdev.io: could not connect to host +instaquiz.ru: could not connect to host +instasex.ch: could not connect to host +institutoflordelavida.com: could not connect to host +institutolancaster.com: did not receive HSTS header +instruktor.io: could not connect to host +insurance: could not connect to host +insurance321.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +intel.gov: did not receive HSTS header +intel.li: could not connect to host +intelldynamics.com: could not connect to host +interboursegeneva.ch: did not receive HSTS header +interference.io: could not connect to host +interhosts.co.za: could not connect to host +interim-cto.de: could not connect to host +interleucina.org: did not receive HSTS header +interlocal.co.uk: could not connect to host +interlun.com: could not connect to host +intermezzo-emmerich.de: did not receive HSTS header +intermezzo-emmerich.nl: did not receive HSTS header +internaldh.com: could not connect to host +internet-pornografie.de: did not receive HSTS header +internetcasinos.de: could not connect to host +internetcensus.org: could not connect to host +internetdentalalliance.com: did not receive HSTS header +internetpro.me: could not connect to host +internetradiocharts.de: did not receive HSTS header +internshipandwork.com: did not receive HSTS header +internshipandwork.ru: did not receive HSTS header +intersectraven.net: did not receive HSTS header +interserved.com: did not receive HSTS header +interviewpipeline.co.uk: could not connect to host +intervisteperstrada.com: could not connect to host +intexplore.org: could not connect to host +intim-uslugi-kazan.net: could not connect to host +intimateperrierjouet.com: could not connect to host +intimici.com.br: could not connect to host +intimtoy.com.ua: could not connect to host +intocities.de: did not receive HSTS header +intranetsec.fr: could not connect to host +intrp.net: did not receive HSTS header +inverselink-user-content.com: could not connect to host +inverselink.com: could not connect to host +investnext.com: max-age too low: 43200 +investor.gov: did not receive HSTS header +investorloanshub.com: could not connect to host +invictusmc.uk: could not connect to host +invinsec.cloud: did not receive HSTS header +inviosolutions.com: max-age too low: 0 +invite24.pro: could not connect to host +iolife.dk: could not connect to host +ionas-law.ro: did not receive HSTS header +iop.intuit.com: max-age too low: 86400 +iora.fr: could not connect to host +iosmods.com: did not receive HSTS header +iostips.ru: could not connect to host +ip.or.at: could not connect to host +ip6.im: did not receive HSTS header +ipbill.org.uk: could not connect to host +iphonechina.net: could not connect to host +iplife.cn: could not connect to host +ipmimagazine.com: did not receive HSTS header +ipnetworking.net: could not connect to host +iprice.co.id: did not receive HSTS header +iprice.hk: did not receive HSTS header +iprice.my: did not receive HSTS header +iprice.ph: did not receive HSTS header +iprice.sg: did not receive HSTS header +iprice.vn: did not receive HSTS header +ipricethailand.com: did not receive HSTS header +iprody.com: max-age too low: 7889238 +iptel.ro: could not connect to host +ipuservicedesign.com: could not connect to host +ipv6.watch: did not receive HSTS header +ipv6cloud.club: could not connect to host +ipv6only.network: could not connect to host +ipvsec.nl: could not connect to host +iqcn.co: could not connect to host +iqualtech.com: max-age too low: 7889238 +ir-saitama.com: could not connect to host +iranianlawschool.com: could not connect to host +iraqidinar.org: did not receive HSTS header +irazimina.ru: did not receive HSTS header +irccloud.com: did not receive HSTS header +irelandesign.com: could not connect to host +irinkeby.nu: could not connect to host +irland.guide: could not connect to host +irmtrudjurke.de: did not receive HSTS header +irugs.ch: did not receive HSTS header +irugs.co.uk: did not receive HSTS header +irugs.com.sg: did not receive HSTS header +irukandjilabs.com: could not connect to host +irvinepa.org: max-age too low: 10540800 +is-a-furry.org: did not receive HSTS header +isabellehogarth.co.uk: could not connect to host +isamiok.com: could not connect to host +ischool.co.jp: did not receive HSTS header +isdf.me: could not connect to host +isef-eg.com: did not receive HSTS header +iseulde.com: did not receive HSTS header +ishadowsocks.ltd: could not connect to host +ishangirdhar.com: could not connect to host +ishillaryclintoninprisonyet.com: could not connect to host +isitamor.pm: could not connect to host +iskai.net: did not receive HSTS header +iskaz.rs: did not receive HSTS header +islandzero.net: did not receive HSTS header +islief.com: did not receive HSTS header +ismetroonfiretoday.com: could not connect to host +isoface33.fr: did not receive HSTS header +isogen5.com: could not connect to host +isogram.nl: could not connect to host +istanbul.systems: did not receive HSTS header +istanbultravelguide.info: could not connect to host +istaspirtslietas.lv: did not receive HSTS header +isz.no: could not connect to host +it-cave.com: could not connect to host +it-go.net: did not receive HSTS header +it-schwerin.de: could not connect to host +itad.top: could not connect to host +itechgeek.com: max-age too low: 0 +items.lv: did not receive HSTS header +itemton.com: could not connect to host +itfaq.nl: did not receive HSTS header +ithakama.com: did not receive HSTS header +ithakama.cz: did not receive HSTS header +itinsight.hu: did not receive HSTS header +itos.asia: did not receive HSTS header +itos.pl: did not receive HSTS header +itpol.dk: did not receive HSTS header +itpro-mg.de: could not connect to host +itproject.guru: did not receive HSTS header +itrack.in.th: did not receive HSTS header +itriskltd.com: did not receive HSTS header +its-schindler.de: could not connect to host +itsadog.co.uk: did not receive HSTS header +itsagadget.com: did not receive HSTS header +itsamurai.ru: max-age too low: 2592000 +itsatrap.nl: could not connect to host +itsecurityassurance.pw: could not connect to host +itsg-faq.de: could not connect to host +itshost.ru: could not connect to host +itspawned.com: max-age too low: 200 +itu2015.de: could not connect to host +ius.io: did not receive HSTS header +iuscommunity.org: did not receive HSTS header +ivanilla.org: could not connect to host +ivanpolchenko.com: could not connect to host +ivi-co.com: max-age too low: 0 +ivi-fertility.com: max-age too low: 0 +ivi.es: max-age too low: 0 +ivk.website: could not connect to host +ivklombard.ru: did not receive HSTS header +iwannarefill.com: could not connect to host +iwilcox.me.uk: could not connect to host +iwpbk.com: could not connect to host +ix8.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +ixec2.tk: could not connect to host +ixh.me: did not receive HSTS header +izdiwho.com: could not connect to host +izolight.ch: could not connect to host +izoox.com: did not receive HSTS header +izzzorgconcerten.nl: could not connect to host +j-lsolutions.com: could not connect to host +j-rickroll-a.pw: could not connect to host +j0ng.xyz: could not connect to host +ja-publications.com: did not receive HSTS header +jaan.su: could not connect to host +jackalworks.com: could not connect to host +jackdoan.com: did not receive HSTS header +jackfahnestock.com: could not connect to host +jacobdevans.com: could not connect to host +jacobparry.ca: did not receive HSTS header +jacobsenarquitetura.com: max-age too low: 5184000 +jagido.de: did not receive HSTS header +jahliveradio.com: could not connect to host +jaimechanaga.com: could not connect to host +jaion.ml: could not connect to host +jakerullman.com: could not connect to host +jakincode.army: could not connect to host +jaksel.id: could not connect to host +jamanji.com.ng: could not connect to host +james-parker.com: did not receive HSTS header +james.je: could not connect to host +jamesandanneke.com: did not receive HSTS header +jamesandpame.la: could not connect to host +jamesburton.london: could not connect to host +jamesbywater.co.uk: could not connect to host +jamesbywater.com: could not connect to host +jamesbywater.me: could not connect to host +jamesbywater.me.uk: could not connect to host +jamesbywater.uk: could not connect to host +jamesconroyfinn.com: did not receive HSTS header +jamescostian.com: did not receive HSTS header +jamesdoell.com: could not connect to host +jamesdoylephoto.com: did not receive HSTS header +jamesf.xyz: could not connect to host +jamesforman.co.nz: did not receive HSTS header +jameshale.me: did not receive HSTS header +jamesheald.com: could not connect to host +jamesmaurer.com: did not receive HSTS header +jami.am: did not receive HSTS header +jamourtney.com: could not connect to host +jan-and-maaret.de: could not connect to host +jan-cermak.cz: did not receive HSTS header +jan-daniels.de: did not receive HSTS header +jan-roenspies.de: could not connect to host +jan27.org: did not receive HSTS header +janario.me: could not connect to host +janbrodda.de: max-age too low: 2592000 +jangho.me: could not connect to host +janking.de: did not receive HSTS header +jannyrijneveld.nl: did not receive HSTS header +janssen.fm: could not connect to host +janus-engineering.de: did not receive HSTS header +japaripark.com: could not connect to host +japlex.com: could not connect to host +jaqen.ch: could not connect to host +jardins-utopie.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +jaredbates.net: did not receive HSTS header +jaredfraser.com: could not connect to host +jarivisual.com: did not receive HSTS header +jarnail.ca: did not receive HSTS header +jaroslavtrsek.cz: did not receive HSTS header +jarsater.com: could not connect to host +jartza.org: could not connect to host +jasmineconseil.com: did not receive HSTS header +jasoncosper.com: did not receive HSTS header +jasonrobinson.me: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +jasonroe.me: could not connect to host +jasperespejo.com: could not connect to host +jastoria.pl: did not receive HSTS header +jav-collective.com: could not connect to host +java-board.com: could not connect to host +javachip.win: could not connect to host +javan.ga: could not connect to host +javascriptlab.fr: could not connect to host +javelinsms.com: could not connect to host +javilacat.info: could not connect to host +jayblock.com: did not receive HSTS header +jaylen.com.ar: did not receive HSTS header +jayna.design: did not receive HSTS header +jayschulman.com: did not receive HSTS header +jayscoaching.com: could not connect to host +jayshao.com: did not receive HSTS header +jballelectronics.com: did not receive HSTS header +jbelien.be: did not receive HSTS header +jbelien.photography: did not receive HSTS header +jbfp.dk: did not receive HSTS header +jbj.co.uk: did not receive HSTS header +jbn.mx: could not connect to host +jbrowndesign.me: did not receive HSTS header +jccars-occasions.be: could not connect to host +jcch.de: could not connect to host +jccrew.org: could not connect to host +jcf-office.com: did not receive HSTS header +jcor.me: did not receive HSTS header +jcoscia.com: could not connect to host +jcraft.us: could not connect to host +jctf.io: could not connect to host +jdav-leipzig.de: could not connect to host +jebengotai.com: did not receive HSTS header +jecho.cn: did not receive HSTS header +jeff393.com: could not connect to host +jeffersonregan.org: could not connect to host +jeffreymagee.com: could not connect to host +jeil-makes.co.kr: could not connect to host +jellow.nl: did not receive HSTS header +jenjoit.de: could not connect to host +jennifercherniack.com: did not receive HSTS header +jens-prangenberg.de: did not receive HSTS header +jens.hk: could not connect to host +jensenbanden.no: could not connect to host +jeremyc.ca: could not connect to host +jeremye77.com: did not receive HSTS header +jeroenseegers.com: could not connect to host +jesorsenville.com: did not receive HSTS header +jessicabenedictus.nl: could not connect to host +jessicah.org: could not connect to host +jesuisformidable.nl: could not connect to host +jet-code.com: could not connect to host +jetaprices.com: max-age too low: 0 +jetflex.de: did not receive HSTS header +jetlagphotography.com: could not connect to host +jeton.com: did not receive HSTS header +jetsetcharge.com: could not connect to host +jetsetpay.com: could not connect to host +jettlarue.com: could not connect to host +jettshome.org: could not connect to host +jewellerydesignstore.com: could not connect to host +jfmel.com: did not receive HSTS header +jfnllc.com: did not receive HSTS header +jfx.space: did not receive HSTS header +jh-media.eu: could not connect to host +jhburton.co.uk: could not connect to host +jhburton.uk: could not connect to host +jhejderup.me: could not connect to host +jia1hao.com: could not connect to host +jiaidu.com: could not connect to host +jiangzequn.com: could not connect to host +jiangzm.com: could not connect to host +jianjiantv.com: did not receive HSTS header +jiaqiang.vip: could not connect to host +jichi.me: could not connect to host +jief.me: did not receive HSTS header +jikken.de: could not connect to host +jimas.eu: did not receive HSTS header +jimenacocina.com: did not receive HSTS header +jimgao.tk: did not receive HSTS header +jimmehcai.com: could not connect to host +jimmycai.org: could not connect to host +jingyuesi.com: could not connect to host +jinmaguoji.com: did not receive HSTS header +jinshavip.com: did not receive HSTS header +jirav.io: could not connect to host +jisaku-homepage.com: did not receive HSTS header +jitsi.org: did not receive HSTS header +jiyue.com: did not receive HSTS header +jjf.org.au: did not receive HSTS header +jka.io: did not receive HSTS header +jkb.pics: could not connect to host +jkbuster.com: could not connect to host +jko.works: could not connect to host +jm06.com: did not receive HSTS header +jm22.com: did not receive HSTS header +jmbelloteau.com: did not receive HSTS header +jmdekker.it: could not connect to host +jmoreau.ddns.net: could not connect to host +jn1.me: did not receive HSTS header +joakimalgroy.com: could not connect to host +jobflyapp.com: could not connect to host +jobmedic.com: could not connect to host +jobshq.com: did not receive HSTS header +jobss.co.uk: did not receive HSTS header +joecod.es: could not connect to host +joelgonewild.com: did not receive HSTS header +joetyson.io: could not connect to host +johannes-sprink.de: could not connect to host +johnbrownphotography.ch: did not receive HSTS header +johncardell.com: did not receive HSTS header +johners.me: could not connect to host +johngaltgroup.com: did not receive HSTS header +johngo.tk: could not connect to host +johnhgaunt.com: did not receive HSTS header +johnmcgovern.com: max-age too low: 43200 +johnrom.com: did not receive HSTS header +johnverkerk.com: could not connect to host +jointoweb.com: could not connect to host +jonas-keidel.de: did not receive HSTS header +jonasgroth.se: did not receive HSTS header +jonathan.ir: could not connect to host +jonathanreyes.com: did not receive HSTS header +jonathansanchez.pro: could not connect to host +jongha.me: could not connect to host +jonn.me: could not connect to host +jonnichols.info: did not receive HSTS header +jonsno.ws: could not connect to host +joostbovee.nl: could not connect to host +jooto.com: could not connect to host +jordanhamilton.me: could not connect to host +jordanstrustcompany.cn: could not connect to host +jordanstrustcompany.ru: could not connect to host +jordikroon.nl: did not receive HSTS header +joretapo.fr: could not connect to host +jorgemesa.me: could not connect to host +josahrens.me: could not connect to host +josecage.com: could not connect to host +joshi.su: could not connect to host +joshplant.co.uk: did not receive HSTS header +joshstroup.me: could not connect to host +jotpics.com: could not connect to host +jottit.com: could not connect to host +joyceclerkx.com: could not connect to host +joyjohnston.ca: did not receive HSTS header +joyqi.com: did not receive HSTS header +jpaglier.com: could not connect to host +jpbike.cz: did not receive HSTS header +jpeaches.xyz: could not connect to host +jptun.com: could not connect to host +jrgold.me: could not connect to host +jrmd.io: could not connect to host +jrvar.com: could not connect to host +js88.sg: could not connect to host +jsanders.us: did not receive HSTS header +jsbentertainment.nl: did not receive HSTS header +jsc7776.com: could not connect to host +jsg-technologies.de: did not receive HSTS header +jsjyhzy.cc: could not connect to host +jualautoclave.com: did not receive HSTS header +jualssh.com: could not connect to host +juandesouza.com: did not receive HSTS header +judosaintdenis.fr: did not receive HSTS header +juka.pp.ua: did not receive HSTS header +juliamweber.de: could not connect to host +julian-kipka.de: did not receive HSTS header +julian-witusch.de: could not connect to host +juliaoantiguidades.com.br: could not connect to host +juliawebber.co.za: could not connect to host +julido.de: did not receive HSTS header +jumbopan.com: could not connect to host +jumbopan.net: could not connect to host +jumbox.xyz: could not connect to host +jumbster.com: max-age too low: 2592000 +jumping-duck.com: could not connect to host +junaos.com: did not receive HSTS header +junaos.xyz: did not receive HSTS header +jundimax.com.br: could not connect to host +junge-selbsthilfe.info: could not connect to host +junglegoat.xyz: did not receive HSTS header +junjung.me: could not connect to host +junqtion.com: could not connect to host +jupp0r.de: did not receive HSTS header +juristas.com.br: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +just-pools.co.za: could not connect to host +justiceforfathers.com: could not connect to host +justinharrison.ca: could not connect to host +justinlemay.com: could not connect to host +justlikethat.hosting: did not receive HSTS header +justmy.website: did not receive HSTS header +justnaw.co.uk: could not connect to host +justudin.com: did not receive HSTS header +justwood.cz: did not receive HSTS header +justzz.xyz: could not connect to host +jutella.de: did not receive HSTS header +juvenex.co: could not connect to host +juventusmania1897.com: could not connect to host +juwairen.cn: could not connect to host +jvoice.net: could not connect to host +jwilsson.me: could not connect to host +jxm.in: could not connect to host +jym.fit: did not receive HSTS header +jysperm.me: did not receive HSTS header +jznet.org: could not connect to host +k-dev.de: could not connect to host +k-rickroll-g.pw: could not connect to host +k-wallet.com: did not receive HSTS header +k1cp.com: could not connect to host +k33k00.com: could not connect to host +k3nny.fr: did not receive HSTS header +ka-clan.com: could not connect to host +kaasbijwijn.nl: could not connect to host +kaashosting.nl: did not receive HSTS header +kabinapp.com: could not connect to host +kabuabc.com: could not connect to host +kackscharf.de: could not connect to host +kadioglumakina.com.tr: did not receive HSTS header +kaela.design: could not connect to host +kahopoon.net: could not connect to host +kaibol.com: could not connect to host +kaika-facilitymanagement.de: could not connect to host +kaisers.de: did not receive HSTS header +kaiyuewu.com: could not connect to host +kaketalk.com: did not receive HSTS header +kalami.nl: could not connect to host +kaleidomarketing.com: did not receive HSTS header +kaloix.de: could not connect to host +kambodja.guide: could not connect to host +kamcvicit.sk: could not connect to host +kamikano.com: could not connect to host +kamitech.ch: could not connect to host +kanaanonline.org: max-age too low: 86400 +kanada.guide: could not connect to host +kaneo-gmbh.de: did not receive HSTS header +kanganer.com: could not connect to host +kangzaber.com: could not connect to host +kaniklani.co.za: could not connect to host +kanscooking.org: could not connect to host +kany.me: did not receive HSTS header +kanzlei-wirtschaftsrecht.berlin: max-age too low: 600000 +kaohub.com: could not connect to host +kaplatz.is: could not connect to host +kapo.info: could not connect to host +kapucini.si: max-age too low: 0 +kaputt.com: did not receive HSTS header +kapverde.guide: could not connect to host +karamna.com: could not connect to host +karanlyons.com: could not connect to host +karaoketonight.com: could not connect to host +karenledger.ca: could not connect to host +karlic.net: could not connect to host +karloskontana.tk: could not connect to host +karsofsystems.com: could not connect to host +karting34.com: did not receive HSTS header +karuneshjohri.com: could not connect to host +kashdash.ca: could not connect to host +katalogakci.cz: did not receive HSTS header +katiaetdavid.fr: could not connect to host +katoju.co.jp: could not connect to host +katproxy.al: could not connect to host +katproxy.online: could not connect to host +katproxy.site: could not connect to host +katproxy.tech: could not connect to host +katproxy.top: did not receive HSTS header +katrinjanke.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +katyusha.net: did not receive HSTS header +katzen.me: could not connect to host +kaufkraftkiel.de: could not connect to host +kauplusprofesional.com: did not receive HSTS header +kausch.at: could not connect to host +kavinvin.me: could not connect to host +kawaii.io: could not connect to host +kawaiiku.com: could not connect to host +kawaiiku.de: could not connect to host +kcluster.io: could not connect to host +kd-plus.pp.ua: could not connect to host +kdata.it: did not receive HSTS header +kdbx.online: could not connect to host +kdm-online.de: did not receive HSTS header +keeley.gq: could not connect to host +keeley.ml: could not connect to host +keeleysam.me: could not connect to host +keepaa.com: could not connect to host +keepassa.co: could not connect to host +keepclean.me: could not connect to host +keepcoalintheground.org: could not connect to host +keepflow.io: could not connect to host +kefaloniatoday.com: did not receive HSTS header +kelm.me: could not connect to host +kenkoelectric.com: did not receive HSTS header +kentacademiestrust.org.uk: did not receive HSTS header +kenvix.com: could not connect to host +kenyons.info: could not connect to host +kepkonyvtar.hu: could not connect to host +kerangalam.com: did not receive HSTS header +kerksanders.nl: did not receive HSTS header +kermadec.blog: could not connect to host +kermadec.net: did not receive HSTS header +kernl.us: did not receive HSTS header +keskeces.com: did not receive HSTS header +kevinbowers.me: could not connect to host +kevindekoninck.com: could not connect to host +keymaster.lookout.com: did not receive HSTS header +keyserver.sexy: could not connect to host +kfbrussels.be: could not connect to host +kg-rating.com: could not connect to host +kgb.us: could not connect to host +kgm-irm.be: could not connect to host +kgxtech.com: max-age too low: 2592000 +khaganat.net: did not receive HSTS header +ki-on.net: did not receive HSTS header +kialo.com: did not receive HSTS header +kickass-proxies.org: could not connect to host +kickass.al: could not connect to host +kickasstorrents.gq: did not receive HSTS header +kickstart.com.pk: did not receive HSTS header +kid-dachau.de: did not receive HSTS header +kidbacker.com: could not connect to host +kidkat.cn: could not connect to host +kids2day.in: did not receive HSTS header +kiedys.net: could not connect to host +kiel-media.de: did not receive HSTS header +kieranjones.uk: did not receive HSTS header +kieranweightman.me: could not connect to host +kievradio.com: could not connect to host +kimana.pe: could not connect to host +kimberg.co.uk: did not receive HSTS header +kimpost.org: could not connect to host +kina.guide: could not connect to host +kinderly.co.uk: did not receive HSTS header +kinderwagen-test24.de: could not connect to host +kindlyfire.com: could not connect to host +kindof.ninja: could not connect to host +kinepolis-studio.ga: could not connect to host +kingbird.me: could not connect to host +kingclass.cn: could not connect to host +kingmanhall.org: could not connect to host +kingopen.cn: max-age too low: 0 +kinkdr.com: could not connect to host +kinniyaonlus.com: could not connect to host +kinnon.enterprises: could not connect to host +kintoandar.com: max-age too low: 0 +kintrip.com: did not receive HSTS header +kionetworks.com: did not receive HSTS header +kipin.fr: did not receive HSTS header +kipira.com: could not connect to host +kirainmoe.com: max-age too low: 233000 +kirara.eu: could not connect to host +kirill.ws: could not connect to host +kirkforcongress.com: could not connect to host +kirkforsenate.com: could not connect to host +kirkpatrickdavis.com: could not connect to host +kisa.io: could not connect to host +kisalt.im: did not receive HSTS header +kiss-register.org: did not receive HSTS header +kissart.net: could not connect to host +kisstyle.ru: did not receive HSTS header +kisun.co.jp: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +kita.id: did not receive HSTS header +kitabgaul.com: did not receive HSTS header +kitakemon.com: could not connect to host +kitashop.com.br: did not receive HSTS header +kitatec.com.br: could not connect to host +kitchen-profi.kz: could not connect to host +kitchenaccessories.pro: did not receive HSTS header +kitchenchaos.de: could not connect to host +kitchenpunx.com: could not connect to host +kitestar.co.uk: did not receive HSTS header +kitk.at: could not connect to host +kitsostech.com: could not connect to host +kitsta.com: could not connect to host +kiwiirc.com: max-age too low: 5256000 +kiyo.space: could not connect to host +kizil.net: could not connect to host +kj1391.com: did not receive HSTS header +kj1396.net: could not connect to host +kj1397.com: did not receive HSTS header +kjaermaxi.me: did not receive HSTS header +kjchernov.info: could not connect to host +kjg-bachrain.de: could not connect to host +kjoglum.me: could not connect to host +klas.or.id: did not receive HSTS header +klauwd.com: could not connect to host +klaxn.org: could not connect to host +klean-ritekc.com: did not receive HSTS header +kleertjesvoordelig.nl: could not connect to host +kleinblogje.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +kleinerarchitekturfuehrer.de: could not connect to host +klempnershop.eu: did not receive HSTS header +kleppe.co: could not connect to host +kletterkater.com: did not receive HSTS header +klicktojob.de: could not connect to host +klingeletest.de: could not connect to host +kloentrup.de: did not receive HSTS header +klunkergarten.org: could not connect to host +knapen.io: max-age too low: 604800 +knccloud.com: could not connect to host +knigadel.com: did not receive HSTS header +knightsbridgegroup.org: could not connect to host +knightsweep.com: could not connect to host +knowdebt.org: did not receive HSTS header +knowledgesnap.com: could not connect to host +knowledgesnapsites.com: could not connect to host +knownsec.cf: could not connect to host +kodakit.com: max-age too low: 0 +koddsson.com: did not receive HSTS header +kodexplorer.ml: could not connect to host +kodiaklabs.org: could not connect to host +kodokushi.fr: could not connect to host +koen.io: max-age too low: 86400 +koenrouwhorst.nl: did not receive HSTS header +koenvdheuvel.me: did not receive HSTS header +koerperimpuls.ch: did not receive HSTS header +koez-mangal.ch: could not connect to host +koezmangal.ch: could not connect to host +koik.io: could not connect to host +kojima-life.co.jp: max-age too low: 0 +kojipkgs.fedoraproject.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +kokenmetaanbiedingen.nl: could not connect to host +kola-entertainments.de: did not receive HSTS header +kolaykaydet.com: did not receive HSTS header +kollawat.me: could not connect to host +kolozsvaricsuhe.hu: did not receive HSTS header +komikito.com: could not connect to host +komiksbaza.pl: could not connect to host +kompetenzwerft.de: did not receive HSTS header +konata.us: could not connect to host +kongbaofang.com: could not connect to host +konicaprinterdriver.com: could not connect to host +kontaxis.network: could not connect to host +konventseliten.se: could not connect to host +koop-bremen.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +koopjesnel.nl: did not receive HSTS header +koordinate.net: could not connect to host +kori.ml: did not receive HSTS header +koriyoukai.net: did not receive HSTS header +kornersafe.com: did not receive HSTS header +korni22.org: did not receive HSTS header +korsanparti.org: could not connect to host +kostuumstore.nl: could not connect to host +kotois.com: could not connect to host +kotonehoko.net: could not connect to host +kotorimusic.ga: could not connect to host +kotovstyle.ru: could not connect to host +koukni.cz: did not receive HSTS header +kourpe.online: could not connect to host +kousaku.jp: did not receive HSTS header +kozmik.co: could not connect to host +kpdyer.com: did not receive HSTS header +kprog.net: could not connect to host +kraftfleisch.de: did not receive HSTS header +kraigwalker.com: could not connect to host +kralik.xyz: could not connect to host +krampus-fischamend.at: could not connect to host +kravelindo-adventure.com: could not connect to host +krayx.com: max-age too low: 0 +kream.io: did not receive HSTS header +kreavis.com: did not receive HSTS header +kreb.io: could not connect to host +kredietpaspoort.nl: did not receive HSTS header +kredite.sale: could not connect to host +krestanskydarek.cz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +kriegt.es: did not receive HSTS header +kriptosec.com: could not connect to host +kristjanrang.eu: did not receive HSTS header +kristofferkoch.com: could not connect to host +krizevackapajdasija.hr: could not connect to host +krmela.com: did not receive HSTS header +kroetenfuchs.de: could not connect to host +kroodle.nl: did not receive HSTS header +krouzkyliduska.cz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +kruegerrand-wert.de: did not receive HSTS header +krunut.com: did not receive HSTS header +krypteia.org: could not connect to host +kryptomech.com: could not connect to host +ksero.center: could not connect to host +ksfh-mail.de: could not connect to host +kstan.me: could not connect to host +ksukelife.com: did not receive HSTS header +kswriter.com: could not connect to host +kteen.info: could not connect to host +ktube.yt: could not connect to host +kuba.guide: could not connect to host +kubusadvocaten.nl: could not connect to host +kucom.it: could not connect to host +kudo.co.id: did not receive HSTS header +kuechenplan.online: could not connect to host +kueulangtahunanak.net: could not connect to host +kuko-crews.org: could not connect to host +kultmobil.se: did not receive HSTS header +kum.com: could not connect to host +kummerlaender.eu: did not receive HSTS header +kupelne-ptacek.sk: did not receive HSTS header +kuppingercole.com: did not receive HSTS header +kura.io: could not connect to host +kurehun.org: could not connect to host +kuro346.moe: could not connect to host +kurtmclester.com: did not receive HSTS header +kurz.pw: could not connect to host +kurzonline.com.br: could not connect to host +kvt.berlin: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +kweddingplanning.com: did not receive HSTS header +kwikmed.eu: could not connect to host +kwok.tv: did not receive HSTS header +kwondratsch.com: could not connect to host +kxind.cn: could not connect to host +kyanite.co: could not connect to host +kylapps.com: did not receive HSTS header +kyle.place: could not connect to host +kylebaldw.in: could not connect to host +kylling.io: could not connect to host +kyochon.fr: could not connect to host +kyujin-office.net: could not connect to host +kzjnet.com: could not connect to host +l-rickroll-i.pw: could not connect to host +l18.io: could not connect to host +l2guru.ru: could not connect to host +la-flora-negra.de: could not connect to host +la-grande-jaugue.fr: did not receive HSTS header +la-retraite-info.com: did not receive HSTS header +la-serendipite.fr: did not receive HSTS header +labaia.info: could not connect to host +labella-umbrella.com: did not receive HSTS header +labina.com.tr: did not receive HSTS header +laboiteapc.fr: did not receive HSTS header +labordata.io: could not connect to host +laborie.io: could not connect to host +laboutiquemarocaineduconvoyeur.com: could not connect to host +laboutiquemarocaineduconvoyeur.ma: could not connect to host +labrador-retrievers.com.au: did not receive HSTS header +labrasaq8.com: did not receive HSTS header +labs.directory: could not connect to host +labs.moscow: did not receive HSTS header +lacarpesaintaubinoise.fr: did not receive HSTS header +lacasa.fr: could not connect to host +lacasseroy.com: could not connect to host +lacaverne.nl: could not connect to host +lacentral.com: did not receive HSTS header +lachlankidson.net: did not receive HSTS header +lacledeslan.ninja: could not connect to host +lacocinadelila.com: did not receive HSTS header +ladylikeit.com: could not connect to host +ladylucks.co.uk: did not receive HSTS header +laemen.com: did not receive HSTS header +laemen.nl: could not connect to host +laf.in.net: could not connect to host +lafr4nc3.xyz: could not connect to host +lagalerievirtuelle.fr: did not receive HSTS header +lagier.xyz: could not connect to host +lagoza.name: could not connect to host +lainchan.org: did not receive HSTS header +laisashop.com.br: could not connect to host +lakarwebb.se: did not receive HSTS header +lakewoodcomputerservices.com: could not connect to host +lamaland.ru: did not receive HSTS header +lambda-complex.org: could not connect to host +lambdafive.co.uk: could not connect to host +lamboo.be: could not connect to host +lamomebijou.paris: did not receive HSTS header +lampl.info: did not receive HSTS header +lanauzedesigns.com: did not receive HSTS header +lanboll.com: could not connect to host +lancehoteis.com: did not receive HSTS header +lancehoteis.com.br: did not receive HSTS header +land-links.org: did not receive HSTS header +landbetweenthelakes.us: did not receive HSTS header +landell.ml: could not connect to host +landgoedverkopen.nl: could not connect to host +landhuisverkopen.nl: could not connect to host +landscape.canonical.com: max-age too low: 2592000 +landscapingmedic.com: did not receive HSTS header +langenbach.rocks: could not connect to host +langendries.eu: could not connect to host +langhun.me: did not receive HSTS header +laniakean.com: could not connect to host +lanonfire.com: could not connect to host +lanseyujie.com: max-age too low: 2592000 +lansinoh.co.uk: did not receive HSTS header +lanzainc.xyz: did not receive HSTS header +laobox.fr: could not connect to host +laplaceduvillage.net: could not connect to host +laquack.com: could not connect to host +laredsemanario.com: could not connect to host +lasepiataca.com: did not receive HSTS header +lasercloud.ml: could not connect to host +laserfuchs.de: did not receive HSTS header +lashstuff.com: did not receive HSTS header +latelierdekathy.com: could not connect to host +latg.com: max-age too low: 300 +lathamlabs.com: could not connect to host +lathamlabs.net: could not connect to host +lathamlabs.org: could not connect to host +latinred.com: could not connect to host +latus.xyz: could not connect to host +launchkey.com: did not receive HSTS header +laurel4th.org: did not receive HSTS header +laureltv.org: did not receive HSTS header +lausitzer-widerstand.de: did not receive HSTS header +lavapot.com: could not connect to host +laventainnhotel-mailing.com: could not connect to host +lavine.ch: did not receive HSTS header +lavito.cz: could not connect to host +lavoiepharmd.com: could not connect to host +lawly.org: could not connect to host +laxatus.com: could not connect to host +laxiongames.es: could not connect to host +layer8.tk: could not connect to host +lazulu.com: could not connect to host +lbarrios.es: could not connect to host +lbrls.tk: could not connect to host +lbrt.xyz: could not connect to host +lcti.biz: could not connect to host +ldarby.me.uk: could not connect to host +ldcraft.pw: could not connect to host +leadbook.ru: max-age too low: 604800 +leadership9.com: could not connect to host +leardev.de: did not receive HSTS header +learnedovo.com: did not receive HSTS header +learnfrenchfluently.com: could not connect to host +learningorder.com: could not connect to host +lebal.se: could not connect to host +lebrun.org: could not connect to host +lecourtier.fr: did not receive HSTS header +leddruckalarm.de: did not receive HSTS header +ledgerscope.net: could not connect to host +leebiblestudycentre.net: could not connect to host +leebiblestudycentre.org: could not connect to host +leefindlow.com: could not connect to host +leen.io: did not receive HSTS header +legal.farm: could not connect to host +legarage.org: could not connect to host +legavenue.com.br: did not receive HSTS header +legioniv.org: could not connect to host +legitaxi.com: could not connect to host +legymnase.eu: did not receive HSTS header +lehtinen.xyz: did not receive HSTS header +leighneithardt.com: could not connect to host +leinir.dk: did not receive HSTS header +leitner.com.au: did not receive HSTS header +leiyun.me: did not receive HSTS header +lellyboi.ml: could not connect to host +lelongbank.com: did not receive HSTS header +lemp.io: did not receive HSTS header +lenders.direct: could not connect to host +lenn1.de: did not receive HSTS header +lennarth.com: could not connect to host +lennartheinrich.de: could not connect to host +lenovogaming.com: could not connect to host +lentri.com: did not receive HSTS header +leob.in: could not connect to host +leolana.com: could not connect to host +leon-jaekel.com: could not connect to host +leonardcamacho.me: could not connect to host +leonhooijer.nl: could not connect to host +leonmahler.consulting: did not receive HSTS header +leopold.email: could not connect to host +leopotamgroup.com: could not connect to host +leovanna.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +lepont.pl: could not connect to host +leppis-it.de: did not receive HSTS header +lerasenglish.com: max-age too low: 0 +lerlivros.online: could not connect to host +lerner.moscow: did not receive HSTS header +les-corsaires.net: could not connect to host +les-voitures-electriques.com: did not receive HSTS header +lescomptoirsdepierrot.com: could not connect to host +lesdouceursdeliyana.com: could not connect to host +lesecuadors.com: did not receive HSTS header +lesharris.com: could not connect to host +lesliekearney.com: did not receive HSTS header +lesperlesdunet.fr: could not connect to host +lesquerda.cat: did not receive HSTS header +lessets-graphiques.com: could not connect to host +letitfly.me: did not receive HSTS header +letras.mus.br: did not receive HSTS header +letsmultiplayerplay.com: did not receive HSTS header +letstox.com: could not connect to host +letustravel.tk: could not connect to host +levatc.tk: did not receive HSTS header +level-10.net: did not receive HSTS header +levelcheat.com: did not receive HSTS header +levelum.com: did not receive HSTS header +leveredge.net: could not connect to host +levert.ch: could not connect to host +lewisjuggins.co.uk: did not receive HSTS header +lexpierce.social: could not connect to host +lez-cuties.com: could not connect to host +lezdomsm.com: could not connect to host +lfaz.org: could not connect to host +lfullerdesign.com: could not connect to host +lg21.co: could not connect to host +lgiswa.com.au: did not receive HSTS header +lgrs.com.au: did not receive HSTS header +lgts.se: could not connect to host +lheinrich.org: could not connect to host +lhsj28.com: could not connect to host +lhsj68.com: could not connect to host +lhsj78.com: could not connect to host +liaillustr.at: did not receive HSTS header +liam-w.com: did not receive HSTS header +liamjack.fr: could not connect to host +lianye.in: could not connect to host +lianyexiuchang.in: could not connect to host +liaoshuma.com: could not connect to host +liautard.fr: could not connect to host +libanco.com: could not connect to host +libertas-tech.com: could not connect to host +libertyrp.org: did not receive HSTS header +libfte.org: did not receive HSTS header +libnull.com: could not connect to host +library.linode.com: did not receive HSTS header +librechan.net: could not connect to host +libreduca.com: could not connect to host +lichess4545.com: did not receive HSTS header +lichess4545.tv: did not receive HSTS header +liebach.me: did not receive HSTS header +liebestarot.at: did not receive HSTS header +liemen.net: did not receive HSTS header +life-time.nl: did not receive HSTS header +lifecoach.tw: did not receive HSTS header +lifecoachproviders.com: did not receive HSTS header +lifeguard.aecom.com: did not receive HSTS header +lifeinitsownway.com: could not connect to host +lifeng.us: did not receive HSTS header +lifeskillsdirect.com: did not receive HSTS header +lifestyler.me: could not connect to host +lifetimemoneymachine.com: did not receive HSTS header +lightarmory.com: could not connect to host +lightning-ashe.com: did not receive HSTS header +lightnovelsekai.com: did not receive HSTS header +lightpaste.com: could not connect to host +lightworkerandempathsupport.com: max-age too low: 300 +lightworx.io: did not receive HSTS header +likenosis.com: could not connect to host +lila.pink: did not receive HSTS header +lillepuu.com: did not receive HSTS header +lillpopp.eu: did not receive HSTS header +lilpwny.com: could not connect to host +lilycms.com: could not connect to host +lim-light.com: did not receive HSTS header +limalama.eu: max-age too low: 1 +limeyeti.com: could not connect to host +limiteddata.co.uk: did not receive HSTS header +limodo-shop.de: did not receive HSTS header +limpens.net: did not receive HSTS header +limpido.it: could not connect to host +lincolnwayflorist.com: could not connect to host +lindberg.io: did not receive HSTS header +lingerie.net.br: did not receive HSTS header +lingerieonline.com.br: did not receive HSTS header +lingolia.com: did not receive HSTS header +lingros-test.tk: could not connect to host +linguaquote.com: did not receive HSTS header +linguatrip.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +linhaoyi.com: did not receive HSTS header +link.ba: could not connect to host +link2serve.com: did not receive HSTS header +linkage.ph: did not receive HSTS header +linkages.org: could not connect to host +linksanitizer.com: could not connect to host +linksextremist.at: could not connect to host +linley.de: could not connect to host +linmi.cc: did not receive HSTS header +linno.me: could not connect to host +linorman1997.me: could not connect to host +linux-admin-california.com: could not connect to host +linux-mint.cz: could not connect to host +linux.sb: could not connect to host +linuxandstuff.de: could not connect to host +linuxcode.net: could not connect to host +linuxeyecandy.com: could not connect to host +linuxfixed.it: could not connect to host +linuxforyou.com: could not connect to host +linuxgeek.ro: could not connect to host +linuxmint.cz: could not connect to host +linuxmonitoring.net: did not receive HSTS header +liquid.solutions: did not receive HSTS header +liquidcomm.net: could not connect to host +liquorsanthe.in: could not connect to host +lisaco.de: could not connect to host +lisbongold.com: did not receive HSTS header +lisgade.dk: could not connect to host +lisieuxarquitetura.com.br: could not connect to host +lissabon.guide: could not connect to host +listafirmelor.com: could not connect to host +listage.ovh: did not receive HSTS header +litespeed.io: could not connect to host +little.pw: did not receive HSTS header +littlefreelibrary.org: did not receive HSTS header +littleqiu.net: could not connect to host +littleservice.cn: could not connect to host +liujunyang.com: did not receive HSTS header +liukang.tech: could not connect to host +livedemo.io: could not connect to host +livej.am: could not connect to host +liverewrite.com: could not connect to host +liviababynet.com.br: could not connect to host +livrariahugodesaovitor.com.br: did not receive HSTS header +lixiang.one: could not connect to host +lixingcong.com: could not connect to host +lkp111138.me: could not connect to host +llamasweet.tech: could not connect to host +llvm.us: could not connect to host +lmkts.com: max-age too low: 0 +loacg.com: did not receive HSTS header +loadingdeck.com: did not receive HSTS header +loadso.me: could not connect to host +loafbox.com: could not connect to host +loansonline.today: could not connect to host +loanstreet.be: could not connect to host +lobosdomain.no-ip.info: could not connect to host +lobste.rs: did not receive HSTS header +localchum.com: could not connect to host +localdrive.me: could not connect to host +localnetwork.nz: could not connect to host +locker3.com: could not connect to host +locksmithrandburg24-7.co.za: could not connect to host +locktheirphone.com: could not connect to host +lockyourcomputer.pw: did not receive HSTS header +locomotive.ca: did not receive HSTS header +locvis.ru: did not receive HSTS header +loforo.com: did not receive HSTS header +loftboard.eu: could not connect to host +log2n.uk: could not connect to host +logario.com.br: could not connect to host +logcat.info: could not connect to host +logic8.ml: could not connect to host +logicaladvertising.com: could not connect to host +logimagine.com: could not connect to host +login.corp.google.com: max-age too low: 7776000 (error ignored - included regardless) +login.persona.org: could not connect to host +loginseite.com: could not connect to host +logistify.com.mx: did not receive HSTS header +lognot.net: could not connect to host +logue.be: could not connect to host +logymedia.com: could not connect to host +loisircreatif.net: did not receive HSTS header +lojadocristaozinho.com.br: did not receive HSTS header +lojashowdecozinha.com.br: could not connect to host +lojasviavento.com.br: could not connect to host +lojavalcapelli.com.br: could not connect to host +loli.bz: did not receive HSTS header +lolicore.ch: could not connect to host +lolidunno.com: could not connect to host +london-transfers.com: did not receive HSTS header +londoncalling.co: did not receive HSTS header +londonlanguageexchange.com: could not connect to host +lonerwolf.com: did not receive HSTS header +longboarding-ulm.de: could not connect to host +look-at-my.site: could not connect to host +lookatmysco.re: did not receive HSTS header +lookout.com: did not receive HSTS header +looktothestars.org: did not receive HSTS header +lookupclose.com: did not receive HSTS header +lookzook.com: did not receive HSTS header +loongsg.xyz: could not connect to host +loothole.com: could not connect to host +loqyu.co: could not connect to host +lordjevington.co.uk: did not receive HSTS header +losebellyfat.pro: could not connect to host +lostg.com: did not receive HSTS header +lostinsecurity.com: could not connect to host +lostinweb.eu: could not connect to host +lothai.re: did not receive HSTS header +lothuytinhsi.com: could not connect to host +lotos-ag.ch: did not receive HSTS header +lotsencafe.de: did not receive HSTS header +lotuscloud.org: could not connect to host +louduniverse.net: did not receive HSTS header +louiewatch.com: could not connect to host +loveable.de: could not connect to host +loveandloyalty.se: could not connect to host +lovelifelovelive.com: could not connect to host +lovelivewiki.com: did not receive HSTS header +lovelyblogacademy.com: did not receive HSTS header +lovelycorral.com: did not receive HSTS header +lovelyfriends.org: did not receive HSTS header +lovelytimes.net: did not receive HSTS header +loveto.at: could not connect to host +lovingearth.net: max-age too low: 0 +lowhangingfruitgrabber.com: could not connect to host +lowt.us: could not connect to host +lowtherpavilion.co.uk: did not receive HSTS header +loxis.be: did not receive HSTS header +loyaltech.ch: could not connect to host +lpak.nl: could not connect to host +lpgram.ga: could not connect to host +lrhsclubs.com: could not connect to host +lrhstsa.com: could not connect to host +ls-a.org: did not receive HSTS header +ls-reallife.de: did not receive HSTS header +lsky.cn: could not connect to host +lsp-sports.de: did not receive HSTS header +ltbytes.com: could not connect to host +ltechnologygroup.com: did not receive HSTS header +ltransferts.com: could not connect to host +ltu.social: could not connect to host +lucas-garte.com: did not receive HSTS header +lucascodes.com: could not connect to host +lucaterzini.com: could not connect to host +luclu7.pw: could not connect to host +lucyparsonslabs.com: did not receive HSTS header +ludwig.click: did not receive HSTS header +lufthansaexperts.com: max-age too low: 2592000 +luis-checa.com: could not connect to host +lukasunger.cz: could not connect to host +lukasunger.net: could not connect to host +lukaszdolan.com: did not receive HSTS header +lukasztkacz.com: could not connect to host +lukeng.me: could not connect to host +lukonet.com: did not receive HSTS header +luludapomerania.com: could not connect to host +lumd.me: could not connect to host +lumi.do: did not receive HSTS header +lumi.pw: could not connect to host +lunarift.com: could not connect to host +lunarlog.com: could not connect to host +lunarrift.net: could not connect to host +luneta.nearbuysystems.com: could not connect to host +luno.io: could not connect to host +luody.info: could not connect to host +luoe.ml: could not connect to host +luom.net: could not connect to host +luoxiao.im: could not connect to host +luripump.se: could not connect to host +lusis.fr: did not receive HSTS header +lusis.net: did not receive HSTS header +lustrumxi.nl: could not connect to host +luther.fi: did not receive HSTS header +luxinmo.com: did not receive HSTS header +luxonetwork.com: could not connect to host +luxus-russen.de: did not receive HSTS header +luzeshomologadas.com.br: could not connect to host +luzfaltex.com: did not receive HSTS header +lvmoo.com: did not receive HSTS header +lycly.top: could not connect to host +lydia-und-simon.de: could not connect to host +lydiagorstein.com: could not connect to host +lymia.moe: could not connect to host +lyonelkaufmann.ch: did not receive HSTS header +lyuba.fr: could not connect to host +lzahq.tech: did not receive HSTS header +lzh.one: could not connect to host +lzkill.com: did not receive HSTS header +lzzr.me: did not receive HSTS header +m-ali.xyz: did not receive HSTS header +m-rickroll-v.pw: could not connect to host +m.gparent.org: could not connect to host +m.nu: did not receive HSTS header +m0wef.uk: could not connect to host +m2tc.fr: could not connect to host +m3-gmbh.de: did not receive HSTS header +m4570.xyz: could not connect to host +m4g.ru: could not connect to host +m82labs.com: did not receive HSTS header +ma-musique.fr: did not receive HSTS header +maarten.nyc: could not connect to host +maartenterpstra.xyz: could not connect to host +mac-torrents.me: did not receive HSTS header +macbolo.com: could not connect to host +macchaberrycream.com: could not connect to host +macchedil.com: did not receive HSTS header +macdj.tk: could not connect to host +macedopesca.com.br: did not receive HSTS header +macgeneral.de: did not receive HSTS header +mach1club.com: did not receive HSTS header +macinyasha.net: could not connect to host +macleodnc.com: did not receive HSTS header +macsandcheesedreams.com: could not connect to host +macustar.eu: could not connect to host +madars.org: did not receive HSTS header +maddin.ga: could not connect to host +madebyfalcon.co.uk: did not receive HSTS header +madebymagnitude.com: did not receive HSTS header +madeinorder.com: did not receive HSTS header +madeintucson.org: could not connect to host +mademoiselle-emma.be: did not receive HSTS header +mademoiselle-emma.fr: did not receive HSTS header +maderwin.com: did not receive HSTS header +madesoftware.com.br: could not connect to host +madusecurity.com: could not connect to host +mafamane.com: could not connect to host +mafiareturns.com: max-age too low: 2592000 +magazin3513.com: could not connect to host +magenx.com: did not receive HSTS header +magia360.com: did not receive HSTS header +magicbroccoli.de: did not receive HSTS header +magnacumlaude.co: could not connect to host +magneticanvil.com: did not receive HSTS header +magyarokegyhelyen.hu: did not receive HSTS header +mahamed91.pw: could not connect to host +mahfouzadedimeji.com: did not receive HSTS header +maidofhonorcleaning.net: max-age too low: 200 +maik-mahlow.de: could not connect to host +mail-settings.google.com: did not receive HSTS header (error ignored - included regardless) +mail.google.com: did not receive HSTS header (error ignored - included regardless) +mailchuck.com: could not connect to host +maildragon.com: could not connect to host +mailgarant.nl: could not connect to host +mailhost.it: could not connect to host +mailing-femprendedores.com: did not receive HSTS header +mailing-jbgg.com: did not receive HSTS header +mailon.ga: could not connect to host +main-street-seo.com: did not receive HSTS header +mainlywrenches.co: max-age too low: 0 +maintainerheaven.ch: could not connect to host +maisalto.ind.br: could not connect to host +majesnix.org: did not receive HSTS header +majncloud.tk: could not connect to host +make-pizza.info: could not connect to host +makedonien.guide: could not connect to host +makeitdynamic.com: could not connect to host +makerstuff.net: did not receive HSTS header +makeshiftco.de: did not receive HSTS header +makeyourank.com: max-age too low: 200 +maldiverna.guide: could not connect to host +maleexcel.com: did not receive HSTS header +malena.com.ua: did not receive HSTS header +malerversand.de: did not receive HSTS header +malesbdsm.com: could not connect to host +malfait.nl: could not connect to host +malgraph.net: could not connect to host +malibubeachrecoverycenter.com: did not receive HSTS header +maljaars-media.nl: could not connect to host +malmstroms-co.se: could not connect to host +maltes.website: could not connect to host +malwaretips.com: did not receive HSTS header +malwre.io: could not connect to host +malya.fr: could not connect to host +mamaison.io: could not connect to host +mamaxi.org: did not receive HSTS header +mammothmail.com: could not connect to host +mammothmail.net: could not connect to host +mammothmail.org: could not connect to host +mammut.space: could not connect to host +mamochka.org.ua: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +manaboutahor.se: did not receive HSTS header +manage.zenpayroll.com: did not receive HSTS header +manage4all.com: could not connect to host +manageall.de: could not connect to host +manageforall.com: could not connect to host +manageforall.de: could not connect to host +managemynetsuite.com: did not receive HSTS header +manantial.mx: did not receive HSTS header +mandpress.com: did not receive HSTS header +mangazuki.co: did not receive HSTS header +maniadeprazer.com.br: could not connect to host +manifestbin.com: did not receive HSTS header +manipulatedtme.com: could not connect to host +manitasicily.com: did not receive HSTS header +manningbrothers.com: did not receive HSTS header +manns-solutions.com: did not receive HSTS header +manns-solutions.ru: did not receive HSTS header +mannsolutions.co.uk: did not receive HSTS header +mansfieldplacevt.com: did not receive HSTS header +manshop24.com: could not connect to host +mansion-note.com: did not receive HSTS header +manududu.com.br: did not receive HSTS header +maomaofuli.vip: could not connect to host +maosi.xin: did not receive HSTS header +maple5.com: did not receive HSTS header +mapresidentielle.fr: could not connect to host +marbinvest.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +marcelmarnitz.com: could not connect to host +marcelparra.com: could not connect to host +marchagen.nl: did not receive HSTS header +marche-nordic-jorat.ch: could not connect to host +marco01809.net: could not connect to host +marcoececilia.it: did not receive HSTS header +marcofinke.de: could not connect to host +marcontrol.com: did not receive HSTS header +marcosteixeira.tk: could not connect to host +marcschlagenhauf.de: could not connect to host +marcus-scheffler.com: did not receive HSTS header +marcush.de: could not connect to host +mardelcupon.com: could not connect to host +mare92.cz: could not connect to host +margaretrosefashions.co.uk: could not connect to host +marialempke.com: max-age too low: 0 +mariannematthew.com: could not connect to host +marie-curie.fr: could not connect to host +marie-elisabeth.dk: did not receive HSTS header +marie-en-provence.com: did not receive HSTS header +marienschule-sundern.de: did not receive HSTS header +marilsnijders.nl: could not connect to host +marinela.com.mx: max-age too low: 86400 +marinelausa.com: max-age too low: 86400 +markaconnor.com: did not receive HSTS header +markayapilandirma.com: could not connect to host +markcp.me: could not connect to host +market.android.com: did not receive HSTS header (error ignored - included regardless) +marketespace.fr: did not receive HSTS header +marketingdesignu.cz: could not connect to host +markllego.com: could not connect to host +marko-fenster24.de: could not connect to host +markorszulak.com: did not receive HSTS header +markrobin.de: did not receive HSTS header +marksill.com: could not connect to host +marktboten.de: did not receive HSTS header +markusabraham.com: did not receive HSTS header +markusweimar.de: did not receive HSTS header +marleyresort.com: did not receive HSTS header +marriottvetcareers.com: could not connect to host +marshut.net: could not connect to host +martensson.io: did not receive HSTS header +martialc.be: could not connect to host +martiert.com: could not connect to host +martijnvhoof.nl: could not connect to host +martinec.co.uk: could not connect to host +martinestyle.com: could not connect to host +martineve.com: did not receive HSTS header +martinp.no: could not connect to host +martinreed.net: did not receive HSTS header +martinrogalla.com: did not receive HSTS header +martynhare.co.uk: could not connect to host +martynhare.uk: could not connect to host +marumagic.com: did not receive HSTS header +marxist.party: could not connect to host +marykshoup.com: did not receive HSTS header +masa-yoga.com: did not receive HSTS header +masa.li: could not connect to host +mashnew.com: could not connect to host +masjidtawheed.net: did not receive HSTS header +maskt.pw: could not connect to host +massivum.de: did not receive HSTS header +massot.eu: did not receive HSTS header +masterapi.ninja: did not receive HSTS header +masteringtheterminal.com: did not receive HSTS header +masterofbytes.ch: did not receive HSTS header +mastichor.info: could not connect to host +mastimtibetano.com: could not connect to host +mastod.life: could not connect to host +mastodon.direct: could not connect to host +mastodon.engineering: could not connect to host +mastodon.expert: could not connect to host +mastodon.my: could not connect to host +mastodon.pl: could not connect to host +mastodones.club: could not connect to host +masty.nl: could not connect to host +matarrosabierzo.com: could not connect to host +matatall.com: could not connect to host +matchneedle.com: could not connect to host +maternalsafety.org: did not receive HSTS header +mateusmeyer.com.br: could not connect to host +mathers.ovh: did not receive HSTS header +mathijskingma.nl: could not connect to host +matillat.ovh: did not receive HSTS header +matomeplus.co: could not connect to host +matrict.com: could not connect to host +matrip.de: could not connect to host +matrixcheats.net: could not connect to host +matsuz.com: could not connect to host +matt.tf: did not receive HSTS header +mattandreko.com: did not receive HSTS header +mattberryman.com: max-age too low: 43200 +matterconcern.com: could not connect to host +matthewprenger.com: could not connect to host +matthewtester.com: could not connect to host +matthiassteen.be: max-age too low: 0 +matthiasweiler.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +mattia98.org: could not connect to host +mattli.us: could not connect to host +mattressinsider.com: max-age too low: 3153600 +mattsvensson.com: max-age too low: 0 +mattwb65.com: could not connect to host +matty.digital: did not receive HSTS header +matze.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +maultrom.ml: could not connect to host +maupiknik.com: did not receive HSTS header +maur.cz: did not receive HSTS header +maurus-automation.de: did not receive HSTS header +mausi.co: did not receive HSTS header +mavisang.cf: could not connect to host +mawe.red: could not connect to host +maximov.space: could not connect to host +maxmachine.ind.br: could not connect to host +maxr1998.de: did not receive HSTS header +maxserver.com: did not receive HSTS header +maya.mg: could not connect to host +maynardnetworks.com: could not connect to host +mazurlabs.tk: could not connect to host +mazyun.com: max-age too low: 3600 +mazz-tech.com: could not connect to host +mb-is.info: could not connect to host +mbconsultancy.nu: did not receive HSTS header +mbdrogenbos-usedcars.be: could not connect to host +mbsec.net: could not connect to host +mbwemmel-usedcars.be: could not connect to host +mc81.com: did not receive HSTS header +mca2017.org: did not receive HSTS header +mcard.vn: did not receive HSTS header +mcb-bank.com: did not receive HSTS header +mcc.re: could not connect to host +mccarty.io: could not connect to host +mcdanieldevelopmentservices.com: could not connect to host +mcdonalds.ru: did not receive HSTS header +mcga.media: could not connect to host +mckinley1.com: could not connect to host +mclab.su: max-age too low: 2592000 +mclist.it: could not connect to host +mclyr.com: did not receive HSTS header +mcmillansedationdentistry.com: did not receive HSTS header +mcooperlaw.com: did not receive HSTS header +mcsa-usa.org: could not connect to host +mcsnovatamabayan.com: could not connect to host +mctherealm.net: could not connect to host +mcuexchange.com: did not receive HSTS header +mdfnet.se: did not receive HSTS header +mdkr.nl: did not receive HSTS header +mdscomp.net: did not receive HSTS header +me-dc.com: could not connect to host +meadowfen.farm: could not connect to host +meadowfenfarm.com: could not connect to host +meamod.com: max-age too low: 0 +meanevo.com: could not connect to host +meat-education.com: could not connect to host +meathealth.com: could not connect to host +mebio.us: could not connect to host +mecanicadom.com: could not connect to host +mecenat-cassous.com: did not receive HSTS header +mechmk1.me: did not receive HSTS header +medallia.io: could not connect to host +mediacru.sh: could not connect to host +mediadandy.com: could not connect to host +mediafinancelab.org: did not receive HSTS header +mediamag.am: max-age too low: 0 +mediawikicn.org: could not connect to host +medicinskavranje.edu.rs: could not connect to host +medienservice-fritz.de: did not receive HSTS header +medirich.co: could not connect to host +meditek-dv.ru: did not receive HSTS header +mediterenopmaandag.nl: did not receive HSTS header +mediweed.tk: could not connect to host +medm-test.com: could not connect to host +medy-me.com: could not connect to host +medzinenews.com: did not receive HSTS header +meedoennoordkop.nl: did not receive HSTS header +meedoenzaanstad.nl: did not receive HSTS header +meeko.cc: could not connect to host +meetfinch.com: could not connect to host +meetscompany.jp: did not receive HSTS header +megaflowers.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +megakiste.de: could not connect to host +megashur.se: did not receive HSTS header +meghudson.com: could not connect to host +meifrench.com: could not connect to host +mein-gesundheitsmanager.com: max-age too low: 0 +meincloudspeicher.de: could not connect to host +meinebo.it: could not connect to host +mekatrotekno.com: did not receive HSTS header +melangebrasil.com: could not connect to host +melaniebilodeau.com: did not receive HSTS header +melcher.it: did not receive HSTS header +melhoresdominios.net: could not connect to host +melhorproduto.com.br: could not connect to host +melonstudios.net: could not connect to host +melpomene.me: could not connect to host +melted.pw: could not connect to host +melvinlow.com: could not connect to host +memberpress.com: did not receive HSTS header +members.mayfirst.org: did not receive HSTS header +memeblast.ninja: could not connect to host +memory-plus-180.com: could not connect to host +memorytrace.space: could not connect to host +menchez.me: could not connect to host +menkyo-blog.com: did not receive HSTS header +mensmaximus.de: did not receive HSTS header +mentax.net: did not receive HSTS header +menthix.net: could not connect to host +menudrivetest.com: could not connect to host +menzaijia.com: could not connect to host +meow.cloud: could not connect to host +meozcraft.com: could not connect to host +mercanix.co.uk: could not connect to host +merccorp.de: did not receive HSTS header +mercedes-benz-usedcars.be: could not connect to host +mereckas.com: could not connect to host +meredithkm.info: did not receive HSTS header +meritz.rocks: could not connect to host +mersinunivercity.com: could not connect to host +merson.me: could not connect to host +meshlab.co: could not connect to host +meskdeals.com: could not connect to host +mesmoque.com: could not connect to host +metadistribution.com: did not receive HSTS header +metagrader.com: could not connect to host +metasyntactic.xyz: could not connect to host +metebalci.com: did not receive HSTS header +meteosherbrooke.com: could not connect to host +meteosky.net: could not connect to host +meter.md: could not connect to host +metin2blog.de: did not receive HSTS header +metis.pw: could not connect to host +metrans-spedition.de: could not connect to host +metricaid.com: did not receive HSTS header +metrix-money-ptc.com: could not connect to host +metrix.design: could not connect to host +metzgerei-birkenhof.de: could not connect to host +meucosmetico.com.br: could not connect to host +meuemail.pro: could not connect to host +mexbt.com: could not connect to host +mexicanbusinessweb.mx: did not receive HSTS header +mexicansbook.ru: did not receive HSTS header +mexior.nl: could not connect to host +meyeraviation.com: could not connect to host +mfcatalin.com: could not connect to host +mfedderke.com: could not connect to host +mfiles.pl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +mgdigital.fr: did not receive HSTS header +mgiay.com: did not receive HSTS header +mh-bloemen.co.jp: could not connect to host +mhdsyarif.com: did not receive HSTS header +mhealthdemocamp.com: could not connect to host +mhertel.com: did not receive HSTS header +mhict.nl: could not connect to host +mhjuma.com: could not connect to host +mht-travel.com: could not connect to host +mhx.pw: could not connect to host +mianfei-vpn.com: did not receive HSTS header +michaeldemuth.com: could not connect to host +michaelfitzpatrickruth.com: could not connect to host +michaelmorpurgo.com: did not receive HSTS header +michaeln.net: did not receive HSTS header +michaelscrivo.com: did not receive HSTS header +michaelsulzer.com: could not connect to host +michaelsulzer.eu: could not connect to host +michaelwaite.org: could not connect to host +michal-kral.cz: could not connect to host +michalborka.cz: could not connect to host +michiganmetalartwork.com: max-age too low: 7889238 +miconware.de: could not connect to host +micro-dv.ru: could not connect to host +micro-rain-systems.com: did not receive HSTS header +microme.ga: could not connect to host +micropple.net: could not connect to host +microtalk.org: could not connect to host +midirs.org: did not receive HSTS header +midonet.org: did not receive HSTS header +midriversmotorsllc.com: could not connect to host +midwestwomenworkers.org: could not connect to host +miegl.cz: could not connect to host +miemie.jp: could not connect to host +migeeks.de: did not receive HSTS header +mightydicks.io: could not connect to host +mightydicks.tech: could not connect to host +mightysounds.cz: max-age too low: 0 +migrator.co: could not connect to host +miguksaram.com: could not connect to host +mijcorijneveld.nl: did not receive HSTS header +mijn-email.org: could not connect to host +mijnetickets.nl: did not receive HSTS header +mijnkredietpaspoort.nl: could not connect to host +mikadesign.se: did not receive HSTS header +mikaelemilsson.net: did not receive HSTS header +mikeburns.com: could not connect to host +mikedugan.org: did not receive HSTS header +mikeg.de: did not receive HSTS header +mikek.work: did not receive HSTS header +mikeology.org: could not connect to host +mikepair.net: could not connect to host +mikeybot.com: could not connect to host +mikii.club: could not connect to host +mikk.cz: could not connect to host +miku.be: could not connect to host +miku.hatsune.my: max-age too low: 5184000 +mikusinec.com: could not connect to host +milang.xyz: could not connect to host +milanpala.cz: did not receive HSTS header +milatrans.pl: did not receive HSTS header +milcoresonline.com: could not connect to host +milesgeek.com: did not receive HSTS header +military-portal.cz: did not receive HSTS header +militarycarlot.com: did not receive HSTS header +millenniumweb.com: max-age too low: 86400 +mimeit.de: could not connect to host +mimoderoupa.pt: could not connect to host +mind.sh: did not receive HSTS header +mindcraft.ga: could not connect to host +mine.world: could not connect to host +minecraft-forum.cf: could not connect to host +minecraft-forum.ga: could not connect to host +minecraft-forum.gq: could not connect to host +minecraft-forum.ml: could not connect to host +minecraft-forums.cf: could not connect to host +minecraft-forums.ga: could not connect to host +minecraft-forums.gq: could not connect to host +minecraftforum.ch: could not connect to host +minecraftforums.cf: could not connect to host +minecraftforums.gq: could not connect to host +minecraftforums.ml: could not connect to host +minecraftserverz.com: could not connect to host +minecraftvoter.com: could not connect to host +mineover.es: could not connect to host +mingming.info: did not receive HSTS header +mingo.nl: max-age too low: 2592000 +mingy.ddns.net: could not connect to host +mingyueli.com: could not connect to host +minh.at: could not connect to host +mini-piraten.de: did not receive HSTS header +minikneet.nl: could not connect to host +minimaliston.com: did not receive HSTS header +minimoo.se: could not connect to host +minis-hip.de: max-age too low: 172800 +minitruckin.net: could not connect to host +minkondom.nu: could not connect to host +minnesotadata.com: could not connect to host +minobar.com: could not connect to host +minora.io: could not connect to host +minoris.se: could not connect to host +mintea-noua.ro: did not receive HSTS header +miragrow.com: could not connect to host +mirindadomo.ru: did not receive HSTS header +mironized.com: did not receive HSTS header +mirrorx.com: did not receive HSTS header +misgluteosperfectos.com: did not receive HSTS header +misiondelosangeles-mailing.com: did not receive HSTS header +missrain.tw: could not connect to host +mist.ink: could not connect to host +mister.hosting: did not receive HSTS header +misterl.net: did not receive HSTS header +mitarbeiter-pc.de: did not receive HSTS header +mitchellrenouf.ca: could not connect to host +mitm-software.badssl.com: could not connect to host +mittenhacks.com: could not connect to host +mivcon.net: could not connect to host +miweb.cr: did not receive HSTS header +mizd.at: could not connect to host +mizi.name: could not connect to host +mjcaffarattilaw.com: did not receive HSTS header +mjhsc.nl: could not connect to host +mk-dizajn.com: did not receive HSTS header +mkfs.be: could not connect to host +mkfs.fr: could not connect to host +mlcdn.co: could not connect to host +mlp.ee: did not receive HSTS header +mlpchan.net: could not connect to host +mlpepilepsy.org: could not connect to host +mlpvc-rr.ml: did not receive HSTS header +mmgazhomeloans.com: could not connect to host +mmmm.com: could not connect to host +mmstick.tk: could not connect to host +mnemotiv.com: could not connect to host +mnetworkingsolutions.co.uk: could not connect to host +mnmt.no: did not receive HSTS header +mnwt.nl: could not connect to host +moar.so: did not receive HSTS header +mobaircon.com: did not receive HSTS header +mobile-gesundheit.org: did not receive HSTS header +mobile.eti.br: could not connect to host +mobilebay.top: could not connect to host +mobilecoach.com: did not receive HSTS header +mobilekey.co: could not connect to host +mobilemedics.com: did not receive HSTS header +mobilethreat.net: could not connect to host +mobilethreatnetwork.net: could not connect to host +mobilpass.no: could not connect to host +mobiwalk.com: could not connect to host +mobix5.com: did not receive HSTS header +mockmyapp.com: could not connect to host +mocloud.eu: could not connect to host +mocsuite.club: could not connect to host +mocurio.com: could not connect to host +modaperuimport.com: could not connect to host +modded-minecraft-server-list.com: could not connect to host +moddedark.com: could not connect to host +mode-marine.com: could not connect to host +model9.io: did not receive HSTS header +modeldimension.com: did not receive HSTS header +modelsclub.org.ua: did not receive HSTS header +modemagazines.co.uk: could not connect to host +moderatortv.de: did not receive HSTS header +moderntld.net: could not connect to host +modx.by: max-age too low: 31536 +modx.io: could not connect to host +modydev.club: could not connect to host +moe-max.jp: could not connect to host +moe4sale.in: could not connect to host +moebel-nagel.de: did not receive HSTS header +moegirl.org: did not receive HSTS header +moellers.it: could not connect to host +moeloli.pw: could not connect to host +moelord.org: could not connect to host +moen.io: could not connect to host +moevenpick-cafe.com: did not receive HSTS header +mogry.net: did not receive HSTS header +moho.kr: could not connect to host +mohs.es: could not connect to host +moitur.com: could not connect to host +mojizuri.jp: max-age too low: 86400 +mols.me: did not receive HSTS header +molun.net: did not receive HSTS header +mommel.com: could not connect to host +mommelonline.de: could not connect to host +momoka.moe: could not connect to host +mon-a-lisa.com: did not receive HSTS header +mona.lu: could not connect to host +monarca.systems: could not connect to host +monasterialis.eu: could not connect to host +monautoneuve.fr: did not receive HSTS header +mondar.io: could not connect to host +mondopoint.com: did not receive HSTS header +mondwandler.de: could not connect to host +moneromerchant.com: could not connect to host +moneycrownmedia.com: could not connect to host +mongla168.net: could not connect to host +mongla88.net: could not connect to host +monika-sokol.de: did not receive HSTS header +monitaure.io: could not connect to host +monitman.com: did not receive HSTS header +monitori.ng: could not connect to host +montanacures.org: could not connect to host +montanwerk.de: did not receive HSTS header +montonicms.com: could not connect to host +moobo.xyz: could not connect to host +moon.lc: could not connect to host +moonless.net: could not connect to host +moonloupe.com: could not connect to host +moonysbouncycastles.co.uk: did not receive HSTS header +moosemanstudios.com: could not connect to host +moov.is: could not connect to host +moparcraft.com: could not connect to host +moparcraft.org: could not connect to host +moparisthebest.biz: could not connect to host +moparisthebest.info: could not connect to host +moparscape.org: did not receive HSTS header +mopsuite.club: could not connect to host +mor.cloud: could not connect to host +mor.gl: could not connect to host +mordrum.com: could not connect to host +morethanadream.lv: could not connect to host +morethandigital.info: did not receive HSTS header +morfitronik.pl: could not connect to host +morganestes.com: max-age too low: 0 +morningcalculation.com: could not connect to host +morninglory.com: max-age too low: 2592000 +mornings.com: did not receive HSTS header +morotech.com.br: could not connect to host +morpheusx.at: could not connect to host +morpheusxaut.net: could not connect to host +morpork.xyz: could not connect to host +mortgagecentersmo.com: did not receive HSTS header +morz.org: could not connect to host +mosaique-lachenaie.fr: could not connect to host +moskva.guide: could not connect to host +mostwuat.com: could not connect to host +motherbase.io: could not connect to host +motionfreight.com: could not connect to host +motionpicturesolutions.com: did not receive HSTS header +motocyklovedily.cz: did not receive HSTS header +motomorgen.com: could not connect to host +motorbiketourhanoi.com: could not connect to host +mottvd.com: could not connect to host +moudicat.com: max-age too low: 6307200 +moula.com.au: did not receive HSTS header +mountainadventureseminars.com: could not connect to host +mountainmusicpromotions.com: did not receive HSTS header +movabletype.net: max-age too low: 3600 +moviedollars.com: did not receive HSTS header +moviesabout.net: could not connect to host +moving-pixtures.de: could not connect to host +movio.ga: did not receive HSTS header +mowalls.net: could not connect to host +moy-gorod.od.ua: did not receive HSTS header +moy.cat: did not receive HSTS header +mozart-game.cz: did not receive HSTS header +mozartgame.cz: did not receive HSTS header +mozoa.net: could not connect to host +mozzilla.cz: could not connect to host +mp3donusturucu.com: did not receive HSTS header +mp3donusturucu.net: did not receive HSTS header +mp3juices.is: could not connect to host +mpkossen.com: did not receive HSTS header +mpserver12.org: could not connect to host +mqas.net: could not connect to host +mr-hosting.com: could not connect to host +mrafrohead.com: could not connect to host +mrawe.com: could not connect to host +mrdani.net: could not connect to host +mredsanders.net: did not receive HSTS header +mremallin.ca: could not connect to host +mrettich.org: did not receive HSTS header +mrhee.com: did not receive HSTS header +mrizzio.com: could not connect to host +mrjooz.com: could not connect to host +mrksk.com: did not receive HSTS header +mrliu.me: could not connect to host +mrning.com: did not receive HSTS header +mrnonz.com: max-age too low: 0 +mrpopat.in: did not receive HSTS header +mrs-shop.com: did not receive HSTS header +mrsbairds.com: max-age too low: 86400 +msc-seereisen.net: max-age too low: 0 +msgallery.tk: could not connect to host +mstd.tokyo: did not receive HSTS header +mstdn-tech.jp: could not connect to host +mszaki.com: did not receive HSTS header +mt.me.uk: could not connect to host +mtamaki.com: could not connect to host +mtcgf.com: did not receive HSTS header +mtdn.jp: could not connect to host +mtg-esport.de: did not receive HSTS header +mtn.cc: could not connect to host +muevetumundo.com.mx: max-age too low: 86400 +muj-svet.cz: could not connect to host +mujadin.se: did not receive HSTS header +mullen.net.au: did not receive HSTS header +multimarques.com: max-age too low: 86400 +munch.me: could not connect to host +mundodapoesia.com: did not receive HSTS header +munduch.cz: could not connect to host +munecoscabezones.com: did not receive HSTS header +munich-rage.de: could not connect to host +munkiepus.com: did not receive HSTS header +munuc.org: did not receive HSTS header +munzee.com: did not receive HSTS header +muonium.ch: could not connect to host +muriburi.land: could not connect to host +muriburiland.com: could not connect to host +murodese.org: could not connect to host +murraycolin.org: could not connect to host +murrayrun.com: did not receive HSTS header +murz.tv: could not connect to host +museminder2.com: did not receive HSTS header +musewearflipflops.com: could not connect to host +mushroomandfern.com: could not connect to host +musi.cx: could not connect to host +musicalbim.com.br: could not connect to host +musikkfondene.no: did not receive HSTS header +musikzug-bookholzberg.de: did not receive HSTS header +muslimbanter.co.za: could not connect to host +mustardking.me: did not receive HSTS header +mustika.cf: could not connect to host +mutamatic.com: could not connect to host +mutuelle-obligatoire-pme.fr: did not receive HSTS header +muzeumkomiksu.eu: could not connect to host +muzgra.in: did not receive HSTS header +muzykaprzeszladoplay.pl: could not connect to host +mvanmarketing.nl: did not receive HSTS header +mvnet.com.br: did not receive HSTS header +mvsecurity.nl: could not connect to host +mwohlfarth.de: did not receive HSTS header +my-demo.co: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +my-owncloud.com: could not connect to host +my.alfresco.com: did not receive HSTS header +my.swedbank.se: did not receive HSTS header +myairshop.gr: could not connect to host +myandroid.tools: could not connect to host +myandroidtools.cc: could not connect to host +myandroidtools.pro: could not connect to host +mybeautyjobs.de: could not connect to host +mybudget.xyz: could not connect to host +mybuilderinlondon.co.uk: did not receive HSTS header +mybusiness.cm: did not receive HSTS header +mycamda.com: could not connect to host +mychocolateweightloss.com: could not connect to host +myclientsplus.com: did not receive HSTS header +mycollab.net: could not connect to host +mycoted.com: did not receive HSTS header +mydeos.com: could not connect to host +mydigipass.com: did not receive HSTS header +mydmdi.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +mydnaresults.com: could not connect to host +mydnatest.com: did not receive HSTS header +mydriversedge.com: did not receive HSTS header +myfappening.org: could not connect to host +myfdic.gov: could not connect to host +mygate.at: could not connect to host +mygivingcircle.org: did not receive HSTS header +mygooder.com: did not receive HSTS header +mygov.scot: did not receive HSTS header +myhair.asia: did not receive HSTS header +myicare.org: did not receive HSTS header +myiocc.org: could not connect to host +myip.tech: max-age too low: 2592000 +myjumpsuit.de: did not receive HSTS header +mykolab.com: did not receive HSTS header +mykreuzfahrt.de: could not connect to host +mymp3singer.site: did not receive HSTS header +mynetblog.com: did not receive HSTS header +mynetworkingbuddy.com: could not connect to host +mynewleaf.co: did not receive HSTS header +mynewselfbariatrics.com: did not receive HSTS header +myni.io: could not connect to host +mynigma.org: did not receive HSTS header +mypagella.com: could not connect to host +mypagella.eu: could not connect to host +mypagella.it: could not connect to host +mypension.ca: could not connect to host +myphonebox.de: could not connect to host +myraytech.net: did not receive HSTS header +myrepublic.co.id: max-age too low: 0 +myrig.net: could not connect to host +myrsa.in: did not receive HSTS header +mysecretcase.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +mysecretrewards.com: could not connect to host +myshirtsize.com: could not connect to host +myspa.asia: did not receive HSTS header +mystery-science-theater-3000.de: did not receive HSTS header +mysteryblog.de: did not receive HSTS header +mythlogic.com: did not receive HSTS header +mythslegendscollection.com: did not receive HSTS header +mytravelblog.de: could not connect to host +mytweeps.com: did not receive HSTS header +myweb360.de: did not receive HSTS header +myzone.com: did not receive HSTS header +mzlog.win: could not connect to host +n-rickroll-e.pw: could not connect to host +n0099.cf: could not connect to host +n0psled.nl: could not connect to host +n2x.in: could not connect to host +n4l.pw: could not connect to host +n8ch.net: could not connect to host +naano.org: could not connect to host +nabru.co.uk: did not receive HSTS header +nabu-bad-nauheim.de: did not receive HSTS header +nabytko.cz: could not connect to host +nacktetatsachen.at: did not receive HSTS header +nadia.pt: could not connect to host +nagios.by: did not receive HSTS header +nagoya-kyuyo.com: could not connect to host +naiharngym.com: did not receive HSTS header +najedlo.sk: could not connect to host +nakamastreamingcommunity.com: could not connect to host +nakliyatsirketi.biz: could not connect to host +nakuro.de: could not connect to host +nalifornia.com: did not receive HSTS header +nalinux.cz: did not receive HSTS header +nallon.com.br: could not connect to host +namacindia.com: did not receive HSTS header +namaho.com: could not connect to host +named.ga: could not connect to host +nametaken-cloud.duckdns.org: could not connect to host +namethatbone.com: could not connect to host +namorico.me: could not connect to host +nan.ci: did not receive HSTS header +nan.zone: could not connect to host +nandex.org: could not connect to host +naniki.co.uk: did not receive HSTS header +nanogeneinc.com: could not connect to host +nanokamo.com: did not receive HSTS header +nanrenba.net: could not connect to host +nansay.cn: could not connect to host +nanto.eu: could not connect to host +naphex.rocks: could not connect to host +narodniki.com: did not receive HSTS header +narodsovety.ru: could not connect to host +narrenverein-wolkenschieber.de: did not receive HSTS header +narviz.com: did not receive HSTS header +nashira.cz: did not receive HSTS header +nasralmabrooka.com: did not receive HSTS header +natalia-fadeeva.ru: could not connect to host +natalia.io: could not connect to host +natalieandjoshua.com: could not connect to host +natalt.org: did not receive HSTS header +nathanmfarrugia.com: did not receive HSTS header +nationalmall.gov: could not connect to host +nationwidevehiclecontracts.co.uk: did not receive HSTS header +natural-progesterone.net: could not connect to host +naturecoaster.com: did not receive HSTS header +naturesharvestbread.com: max-age too low: 86400 +natuurbehangnederland.nl: could not connect to host +nauck.org: did not receive HSTS header +naudles.me: could not connect to host +nav.jobs: could not connect to host +naval.tf: could not connect to host +navjobs.com: did not receive HSTS header +nbb.io: could not connect to host +nbg-ha.de: could not connect to host +ncc60205.info: could not connect to host +ncdesigns-studio.com: could not connect to host +ncpc.gov: could not connect to host +nct.org.uk: did not receive HSTS header +nctx.co.uk: did not receive HSTS header +ndtmarket.place: could not connect to host +near.st: did not receive HSTS header +nearbiwa.com: did not receive HSTS header +neavision.de: did not receive HSTS header +nebulousenhanced.com: could not connect to host +nedcf.org.uk: did not receive HSTS header +nedwave.com: did not receive HSTS header +nedzad.me: could not connect to host +neels.ch: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +neer.io: could not connect to host +neftaly.com: did not receive HSTS header +negativecurvature.net: could not connect to host +negativzinsen.info: did not receive HSTS header +neilgreen.net: did not receive HSTS header +nejnamc.org: could not connect to host +neko-life.com: did not receive HSTS header +neko-system.com: did not receive HSTS header +nemno.de: could not connect to host +nemovement.org: could not connect to host +neoani.me: did not receive HSTS header +neofelhz.space: could not connect to host +neonisi.com: could not connect to host +neonnuke.tech: could not connect to host +neosolution.ca: did not receive HSTS header +nephy.jp: could not connect to host +nepustil.net: did not receive HSTS header +nerd42.de: could not connect to host +nerdhouse.io: could not connect to host +nerfroute.com: could not connect to host +neris.io: could not connect to host +nerpa-club.ru: did not receive HSTS header +nestedquotes.ca: could not connect to host +nestone.ru: could not connect to host +net-navi.cc: did not receive HSTS header +net2o.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +net2o.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +net2o.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +net4it.de: did not receive HSTS header +netbox.cc: could not connect to host +netbrief.ml: did not receive HSTS header +netherwind.eu: did not receive HSTS header +netlilo.com: could not connect to host +netloanusa.com: could not connect to host +netmagik.com: did not receive HSTS header +netprofile.com.au: could not connect to host +netraising.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +netresourcedesign.com: could not connect to host +netsparkercloud.com: did not receive HSTS header +nettefoundation.com: could not connect to host +networx-online.de: could not connect to host +netzbit.de: could not connect to host +netzpolitik.org: max-age too low: 2592000 +netztest.at: did not receive HSTS header +netzvieh.de: did not receive HSTS header +netzzwerg4u.de: could not connect to host +neueonlinecasino2016.com: could not connect to host +neuralgic.net: could not connect to host +neuro-plus-100.com: could not connect to host +neuronfactor.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +nevadafiber.net: could not connect to host +never-afk.de: did not receive HSTS header +never.pet: did not receive HSTS header +neveta.com: could not connect to host +newbieboss.com: did not receive HSTS header +newcityinfo.info: could not connect to host +newedivideo.it: could not connect to host +newgenerationplus.org: could not connect to host +newhdmovies.io: could not connect to host +newkaliningrad.ru: did not receive HSTS header +newlooknow.com: did not receive HSTS header +newmelalife.com: did not receive HSTS header +newparadigmventures.net: did not receive HSTS header +newportpropertygroup.com: could not connect to host +newstarnootropics.com: max-age too low: 7889238 +newtonwarp.com: could not connect to host +nexgeneration-solutions.com: could not connect to host +next176.sk: did not receive HSTS header +next47.com: did not receive HSTS header +nextcloud.org: could not connect to host +nextgenthemes.com: did not receive HSTS header +nexth.de: could not connect to host +nexth.net: could not connect to host +nexth.us: could not connect to host +nextpages.de: could not connect to host +nextproject.us: could not connect to host +nexusbyte.de: could not connect to host +nexuscorporation.in: could not connect to host +nfluence.org: could not connect to host +nfo.so: could not connect to host +ng-security.com: could not connect to host +ngine.ch: did not receive HSTS header +nginxnudes.com: could not connect to host +nglr.org: could not connect to host +ngt-service.ru: did not receive HSTS header +ngtoys.com.br: could not connect to host +nibiisclaim.com: could not connect to host +nicesco.re: did not receive HSTS header +nicestresser.fr: could not connect to host +nicky.io: did not receive HSTS header +nico.one: could not connect to host +nico.st: could not connect to host +nicoborghuis.nl: could not connect to host +nicolas-simond.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +nicolasbettag.me: did not receive HSTS header +nicolasdutour.com: did not receive HSTS header +niconiconi.xyz: could not connect to host +niconode.com: could not connect to host +nidux.com: did not receive HSTS header +niduxcomercial.com: could not connect to host +nien.chat: could not connect to host +nienfun.com: could not connect to host +nifpnet.nl: did not receive HSTS header +nightsnack.cf: could not connect to host +niho.jp: did not receive HSTS header +nikcub.com: could not connect to host +nikklassen.ca: did not receive HSTS header +nikksno.io: could not connect to host +niklaslindblad.se: did not receive HSTS header +nikolaichik.photo: did not receive HSTS header +nikolasbradshaw.com: could not connect to host +nil2.org: did not receive HSTS header +niloxy.com: did not receive HSTS header +ninchisho-online.com: did not receive HSTS header +ninhs.org: could not connect to host +ninjan.co: did not receive HSTS header +ninjaspiders.com: did not receive HSTS header +niouininon.eu: could not connect to host +nippler.org: could not connect to host +nippombashi.net: did not receive HSTS header +nipponcareers.com: did not receive HSTS header +nirada.info: could not connect to host +nishikino-maki.com: could not connect to host +niva.synology.me: could not connect to host +nixien.fr: could not connect to host +nixmag.net: could not connect to host +nkadvertising.online: could not connect to host +nkautoservice.nl: did not receive HSTS header +nkb.in.th: could not connect to host +nll.fi: could not connect to host +nmadda.com: could not connect to host +nmctest.net: could not connect to host +nmueller.at: could not connect to host +nnote.net: did not receive HSTS header +nnya.cat: could not connect to host +no-ip.cz: did not receive HSTS header +no17sifangjie.cc: could not connect to host +nocallaghan.com: could not connect to host +noclegi-online.pl: did not receive HSTS header +noctinus.tk: could not connect to host +node-core-app.com: could not connect to host +nodebrewery.com: could not connect to host +nodelab-it.de: did not receive HSTS header +nodepanel.net: could not connect to host +nodeselect.com: could not connect to host +nodespin.com: could not connect to host +nodetemple.com: could not connect to host +nodi.at: did not receive HSTS header +noexpect.org: could not connect to host +noima.com: did not receive HSTS header +nolag.host: could not connect to host +nolatepayments.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +nolberg.net: did not receive HSTS header +nolimitsbook.de: did not receive HSTS header +nolte.work: could not connect to host +nomorebytes.de: could not connect to host +nonemu.ninja: could not connect to host +noodlesandwich.com: did not receive HSTS header +noodplan.co.za: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +nootropicsource.com: did not receive HSTS header +nope.website: could not connect to host +nopex.no: could not connect to host +nopol.de: could not connect to host +norad.sytes.net: could not connect to host +norandom.com: could not connect to host +norb.at: could not connect to host +nordlicht.photography: did not receive HSTS header +nordseeblicke.de: could not connect to host +norge.guide: could not connect to host +northcutt.com: did not receive HSTS header +northwest-events.co.uk: did not receive HSTS header +nosbenevolesontdutalent.com: could not connect to host +nosecretshop.com: could not connect to host +nostraspace.com: did not receive HSTS header +notadd.io: could not connect to host +notarankastojkovic.me: could not connect to host +notarobot.fr: could not connect to host +note7forever.com: could not connect to host +notenoughtime.de: could not connect to host +notesforpebble.com: could not connect to host +notevencode.com: could not connect to host +nothing.net.nz: max-age too low: 7776000 +nothing.org.uk: could not connect to host +noticia.do: did not receive HSTS header +notjustbitchy.com: did not receive HSTS header +nottheonion.net: did not receive HSTS header +nou.si: could not connect to host +nouvelle-vague-saint-cast.fr: did not receive HSTS header +nova-elearning.com: could not connect to host +novaco.in: max-age too low: 3600 +novacraft.me: did not receive HSTS header +novascan.net: could not connect to host +novatrucking.de: could not connect to host +novavoidhowl.com: did not receive HSTS header +novelabs.de: could not connect to host +novelabs.eu: could not connect to host +novelshouse.com: did not receive HSTS header +novtest.ru: did not receive HSTS header +novurania.com: did not receive HSTS header +nowak.ninja: did not receive HSTS header +noworrywp.com: could not connect to host +nowprotein.com: did not receive HSTS header +nowremindme.com: could not connect to host +nozoe.jp: could not connect to host +npol.de: could not connect to host +nq7.pl: could not connect to host +nrechn.de: could not connect to host +nrizzio.me: could not connect to host +nrnjn.xyz: did not receive HSTS header +nsbfalconacademy.org: could not connect to host +nsdev.cn: could not connect to host +nsmail.cn: could not connect to host +nsweb.solutions: could not connect to host +ntbs.pro: could not connect to host +ntse.xyz: could not connect to host +nu3.at: did not receive HSTS header +nu3.ch: did not receive HSTS header +nu3.co.uk: could not connect to host +nu3.com: did not receive HSTS header +nu3.de: did not receive HSTS header +nu3.dk: did not receive HSTS header +nu3.fi: did not receive HSTS header +nu3.fr: did not receive HSTS header +nu3.no: did not receive HSTS header +nu3.se: did not receive HSTS header +nube.ninja: did not receive HSTS header +nudel.ninja: could not connect to host +nufla.de: could not connect to host +nuiguru.me: could not connect to host +nukenet.se: could not connect to host +nukute.com: did not receive HSTS header +null-pointer.eu: did not receive HSTS header +null-sec.ru: could not connect to host +null.cat: did not receive HSTS header +null.tips: could not connect to host +nullpoint.at: did not receive HSTS header +nullpro.com: could not connect to host +numericacu.com: did not receive HSTS header +numero-di-telefono.it: could not connect to host +numista.com: did not receive HSTS header +nunnun.jp: could not connect to host +nuovamoda.al: did not receive HSTS header +nup.pw: could not connect to host +nuriacamaras.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +nurserybook.co: did not receive HSTS header +nurture.be: did not receive HSTS header +nusatrip-api.com: did not receive HSTS header +nutricuerpo.com: did not receive HSTS header +nutritionculture.com: could not connect to host +nutsandboltsmedia.com: did not receive HSTS header +nuttyveg.com: did not receive HSTS header +nwa.xyz: could not connect to host +nweb.co.nz: could not connect to host +nwork.media: could not connect to host +nyanpasu.tv: could not connect to host +nyazeeland.guide: could not connect to host +nycroth.com: could not connect to host +nyesider.org: could not connect to host +nyored.com: did not receive HSTS header +nyphox.net: could not connect to host +nysepho.pw: could not connect to host +nysifclaimcentral.com: did not receive HSTS header +nystart.no: did not receive HSTS header +nyxi.eu: could not connect to host +nz.search.yahoo.com: max-age too low: 172800 +nzbs.io: could not connect to host +nzmk.cz: did not receive HSTS header +nzquakes.maori.nz: could not connect to host +o-rickroll-y.pw: could not connect to host +o0o.one: could not connect to host +oasis.mobi: could not connect to host +oasisim.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +obdolbacca.ru: could not connect to host +oben.pl: did not receive HSTS header +oberam.de: could not connect to host +oberhof.co: could not connect to host +obscuredfiles.com: could not connect to host +obsydian.org: could not connect to host +occupymedia.org: did not receive HSTS header +ochaken.cf: could not connect to host +ocmeulebeke.be: did not receive HSTS header +ocrami.us: did not receive HSTS header +octocat.ninja: could not connect to host +oddmouse.com: could not connect to host +odin.xxx: could not connect to host +odinkapital.no: did not receive HSTS header +odinoffice.no: did not receive HSTS header +odysseyandco.com: could not connect to host +oe8.bet: could not connect to host +ofcourselanguages.com: could not connect to host +ofer.site: did not receive HSTS header +off-the-clock.us: could not connect to host +offenedialoge.de: max-age too low: 2592000 +offgames.pro: could not connect to host +office-ruru.com: could not connect to host +officeclub.com.mx: did not receive HSTS header +offshore-firma.org: could not connect to host +offshore-unternehmen.com: could not connect to host +offshorefirma-gruenden.com: could not connect to host +offshoremarineparts.com: did not receive HSTS header +oficinadocelular.com.br: could not connect to host +ofo2.com: did not receive HSTS header +oganek.ie: could not connect to host +oganime.com: could not connect to host +ogogoshop.com: could not connect to host +ohm2013.org: could not connect to host +ohsocool.org: did not receive HSTS header +ohyooo.com: could not connect to host +oiepoie.nl: could not connect to host +oishioffice.com: did not receive HSTS header +ojls.co: could not connect to host +okane.love: could not connect to host +okok-rent.com: could not connect to host +okok.rent: could not connect to host +okutama.in.th: could not connect to host +olafnorge.de: did not receive HSTS header +olanderflorist.com: could not connect to host +olcso-vps-szerver.hu: could not connect to host +oldnews.news: could not connect to host +oldoakflorist.com: could not connect to host +oliverdunk.com: did not receive HSTS header +oliverspringer.eu: could not connect to host +ollehbizev.co.kr: could not connect to host +ols.io: did not receive HSTS header +olswangtrainees.com: could not connect to host +omacostudio.com: could not connect to host +omgaanmetidealen.com: could not connect to host +ominto.com: did not receive HSTS header +omnibot.tv: could not connect to host +omniti.com: max-age too low: 1 +omquote.gq: could not connect to host +omskit.ru: did not receive HSTS header +one---line.com: could not connect to host +one-pe.com: did not receive HSTS header +onearth.one: did not receive HSTS header +oneb4nk.com: could not connect to host +onecycling.my: could not connect to host +onecycling.world: could not connect to host +onefour.co: could not connect to host +onehourloan.com: could not connect to host +onehourloan.sg: did not receive HSTS header +oneiros.cc: could not connect to host +oneminute.io: did not receive HSTS header +oneminutefilm.tv: could not connect to host +onepathnetwork.com: max-age too low: 7776000 +onepluscamps.com: could not connect to host +onepopstore.com: could not connect to host +onespiritinc.com: did not receive HSTS header +onet.space: could not connect to host +onetwentyseven001.com: did not receive HSTS header +onewebdev.info: could not connect to host +oneworldbank.com: did not receive HSTS header +onewpst.com: did not receive HSTS header +oniichan.us: did not receive HSTS header +onioncloud.org: could not connect to host +onionsburg.com: could not connect to host +online-casino.eu: did not receive HSTS header +online-pr.at: did not receive HSTS header +online-wetten.de: did not receive HSTS header +onlinebiller.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +onlinebillingform.com: did not receive HSTS header +onlinecompliance.org: did not receive HSTS header +onlinedemo.hu: could not connect to host +onlinedeposit.us: could not connect to host +onlinekasino.de: did not receive HSTS header +onlinepollsph.com: could not connect to host +onlineschadestaat.nl: did not receive HSTS header +onlinespielothek.com: did not receive HSTS header +onlinewetten.de: could not connect to host +only-roses.co.uk: did not receive HSTS header +only-roses.com: did not receive HSTS header +onlyshopstation.com: did not receive HSTS header +onlyzero.net: could not connect to host +onmuvo.com: did not receive HSTS header +onovlena.dn.ua: could not connect to host +onpatient.com: did not receive HSTS header +onsitemassageco.com: did not receive HSTS header +onstud.com: could not connect to host +ontimestamp.com: did not receive HSTS header +ontras.com: could not connect to host +onwie.fr: could not connect to host +onyxwall.com: could not connect to host +onyxwall.link: could not connect to host +onyxwall.net: could not connect to host +oo.edu.rs: did not receive HSTS header +ooeste.com: could not connect to host +oogami.name: could not connect to host +ookjesprookje.nl: could not connect to host +ooooush.co.uk: could not connect to host +oopsmycase.com: could not connect to host +oopsorup.com: could not connect to host +oost.io: could not connect to host +open-mx.de: could not connect to host +open-to-repair.fr: max-age too low: 86400 +openas.org: could not connect to host +openconcept.no: did not receive HSTS header +opendesk.cc: did not receive HSTS header +opengateway.fr: did not receive HSTS header +openmind-shop.de: did not receive HSTS header +openmtbmap.org: did not receive HSTS header +openpriv.pw: could not connect to host +openprovider.nl: did not receive HSTS header +openshift.redhat.com: did not receive HSTS header +opensourcehouse.net: could not connect to host +openspace.xxx: did not receive HSTS header +opensrd.com: could not connect to host +openssf.org: did not receive HSTS header +openxmpp.com: could not connect to host +opim.ca: did not receive HSTS header +opioids.gov: could not connect to host +opium.io: could not connect to host +opoleo.com: could not connect to host +opperwall.net: could not connect to host +opsafewinter.net: could not connect to host +opsbears.com: did not receive HSTS header +opstacks.com: did not receive HSTS header +optenhoefel.de: could not connect to host +optimal-e.com: did not receive HSTS header +optimista.soy: could not connect to host +optometriepunt.nl: did not receive HSTS header +optumrxhealthstore.com: could not connect to host +oracaodocredo.com.br: could not connect to host +orbiosales.com: could not connect to host +orbitcom.de: did not receive HSTS header +orbograph-hrcm.com: could not connect to host +order.one: could not connect to host +ordereat.fr: could not connect to host +orderlounge.de: did not receive HSTS header +organic-superfood.net: could not connect to host +organisationsberatung-jacobi.de: did not receive HSTS header +originalmockups.com: did not receive HSTS header +originpc.com: did not receive HSTS header +orioncustompcs.com: could not connect to host +orionfcu.com: did not receive HSTS header +orionrebellion.com: did not receive HSTS header +orleika.ml: could not connect to host +oroweatorganic.com: could not connect to host +orthodoxy.lt: did not receive HSTS header +osaiyuwu.com: could not connect to host +oscarmashauri.com: could not connect to host +oscloud.com: could not connect to host +oscloud.com.ua: could not connect to host +oscreen.me: could not connect to host +oscreen.org: could not connect to host +oscsdp.cz: could not connect to host +osdls.gov: could not connect to host +oslfoundation.org: could not connect to host +osmanlitorunu.com: could not connect to host +osp.cx: could not connect to host +ossan-kobe-gourmet.com: did not receive HSTS header +ossbinaries.com: could not connect to host +osteammate.com: could not connect to host +ostendorf.com: did not receive HSTS header +osticketawesome.com: did not receive HSTS header +oswaldmattgroup.com: did not receive HSTS header +otakuworld.de: could not connect to host +othercode.nl: could not connect to host +othermedia.cc: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +otherstuff.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +otichi.com: did not receive HSTS header +otinane.eu: could not connect to host +otokonna.com: did not receive HSTS header +otrsdemo.hu: did not receive HSTS header +ottospora.nl: could not connect to host +ourbank.com: did not receive HSTS header +ourchoice2016.com: could not connect to host +outdooradventures.pro: did not receive HSTS header +outdoorproducts.com: did not receive HSTS header +outetc.com: could not connect to host +outreachbuddy.com: could not connect to host +outsider.im: could not connect to host +outurnate.com: did not receive HSTS header +ouvirmusica.com.br: did not receive HSTS header +ovenapp.io: did not receive HSTS header +over25tips.com: did not receive HSTS header +override.io: could not connect to host +oversight.io: could not connect to host +ovuscloud.de: could not connect to host +ovvy.net: did not receive HSTS header +owennelson.me: could not connect to host +owlscrap.ru: could not connect to host +owncloud.help: could not connect to host +ownmovies.fr: could not connect to host +oxro.co: could not connect to host +oxygaming.com: did not receive HSTS header +oxygenabsorbers.com: did not receive HSTS header +oxymc.com: did not receive HSTS header +oxynux.fr: could not connect to host +oxynux.xyz: could not connect to host +oyste.in: could not connect to host +ozoz.cc: could not connect to host +p-rickroll-o.pw: could not connect to host +p.linode.com: could not connect to host +p1c.pw: could not connect to host +p3.marketing: did not receive HSTS header +p3in.com: could not connect to host +p8r.de: could not connect to host +paavolastudio.com: could not connect to host +pablocamino.tk: could not connect to host +packlane.com: did not receive HSTS header +pactocore.org: could not connect to host +pader-deko.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +paestbin.com: could not connect to host +page: could not connect to host +pagerate.io: did not receive HSTS header +pagetoimage.com: could not connect to host +pahlawanpulsa.com: did not receive HSTS header +paichai.space: could not connect to host +paigeglass.com: did not receive HSTS header +paino.cloud: could not connect to host +paintingat.com: could not connect to host +paio2-rec.com: could not connect to host +paio2.com: could not connect to host +paisaone.com: did not receive HSTS header +pajonzeck.de: could not connect to host +paket.io: did not receive HSTS header +pakho.xyz: could not connect to host +paku.me: could not connect to host +palmer.im: could not connect to host +pammbook.com: did not receive HSTS header +pamplona.tv: could not connect to host +pamsoft.pl: max-age too low: 0 +pan.tips: could not connect to host +panaceallc.net: could not connect to host +panama-gbs.com: did not receive HSTS header +panamaequity.com: did not receive HSTS header +panamateakforestry.com: did not receive HSTS header +panasca.is: could not connect to host +panascais.co: could not connect to host +panascais.com: could not connect to host +panascais.de: could not connect to host +panascais.eu: could not connect to host +panascais.host: could not connect to host +panascais.io: could not connect to host +panascais.me: could not connect to host +panascais.net: did not receive HSTS header +panascais.pw: could not connect to host +panascais.site: could not connect to host +panascais.tech: could not connect to host +panascais.us: could not connect to host +pandapsy.com: could not connect to host +panelomix.net: did not receive HSTS header +panicparts.com: max-age too low: 10540800 +panni.me: could not connect to host +panoranordic.net: could not connect to host +pansu.space: could not connect to host +pants-off.xyz: could not connect to host +pantsu.cat: did not receive HSTS header +papalytics.com: could not connect to host +papeda.net: could not connect to host +papelariadante.com.br: could not connect to host +papercard.co.uk: did not receive HSTS header +papercrunch.io: could not connect to host +paperwallets.io: did not receive HSTS header +papierniak.net: could not connect to host +papygeek.com: could not connect to host +parabhairavayoga.com: max-age too low: 0 +pardnoy.com: could not connect to host +parent5446.us: could not connect to host +parentmail.co.uk: did not receive HSTS header +parfum-baza.ru: could not connect to host +paris-cyber.fr: did not receive HSTS header +parisvox.info: did not receive HSTS header +parithy.net: could not connect to host +parkingplus.co.il: could not connect to host +parkrocker.com: max-age too low: 604800 +parkwithark.com: could not connect to host +parodybit.net: did not receive HSTS header +parpaing-paillette.net: could not connect to host +particonpsplus.it: could not connect to host +partiono.com: did not receive HSTS header +partirkyoto.jp: did not receive HSTS header +partnercardservices.com: did not receive HSTS header +partnersfcu.org: did not receive HSTS header +partyhaus.ovh: could not connect to host +partyhireformby.co.uk: did not receive HSTS header +partyvan.eu: could not connect to host +partyvan.it: could not connect to host +partyvan.moe: could not connect to host +partyvan.nl: could not connect to host +partyvan.se: could not connect to host +pascalchristen.ch: did not receive HSTS header +passrhce.com: could not connect to host +passrhcsa.com: could not connect to host +passumpsicbank.com: did not receive HSTS header +passwd.io: could not connect to host +passwordbox.com: did not receive HSTS header +passwordrevelator.net: did not receive HSTS header +pastaf.com: could not connect to host +pastdream.xyz: could not connect to host +paste.linode.com: could not connect to host +pastebin.linode.com: could not connect to host +pastenib.com: could not connect to host +paster.li: did not receive HSTS header +pastie.se: could not connect to host +pataua.kiwi: did not receive HSTS header +paternitydnatest.com: could not connect to host +patfs.com: did not receive HSTS header +patientinsight.net: did not receive HSTS header +patrickbusch.net: could not connect to host +patrickneuro.de: could not connect to host +patt.us: did not receive HSTS header +patterson.mp: could not connect to host +paul-kerebel.pro: could not connect to host +paulbramhall.uk: could not connect to host +paulbunyanmls.com: did not receive HSTS header +paulewen.ca: could not connect to host +paulproell.at: could not connect to host +paulrudge.codes: could not connect to host +paulshir.com: could not connect to host +paulshir.is: could not connect to host +paulyang.cn: did not receive HSTS header +pavelfojt.cz: did not receive HSTS header +pavelkahouseforcisco.com: did not receive HSTS header +paxdei.com.br: could not connect to host +paxwinkel.nl: did not receive HSTS header +pay.gigahost.dk: did not receive HSTS header +payfreez.com: could not connect to host +payments-reference.org: could not connect to host +payments.google.com: did not receive HSTS header (error ignored - included regardless) +paymon.tj: could not connect to host +paypod.org: could not connect to host +payroll.ch: could not connect to host +paytwopay.com: could not connect to host +pbapp.net: did not receive HSTS header +pbbr.com: did not receive HSTS header +pbprint.ru: did not receive HSTS header +pc-nf.de: did not receive HSTS header +pcat.io: could not connect to host +pcfun.net: could not connect to host +pchax.net: could not connect to host +pchospital.cc: could not connect to host +pcmr.info: did not receive HSTS header +pcvirusclear.com: could not connect to host +pdamsidoarjo.co.id: could not connect to host +pdevio.com: could not connect to host +pdf.yt: could not connect to host +pe-bank.co.jp: max-age too low: 604800 +pe-kyousai.jp: did not receive HSTS header +peaceandwool.com: did not receive HSTS header +peakapp.nl: could not connect to host +pear2pear.de: could not connect to host +pebblesdemo.com: could not connect to host +peekops.com: could not connect to host +peerherrmann.de: could not connect to host +peirong.me: could not connect to host +peissen.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +pekkapikkarainen.fi: did not receive HSTS header +pekkarik.ru: could not connect to host +peliculasaudiolatinoonline.com: could not connect to host +peliseries24.com: did not receive HSTS header +pemberton.at: did not receive HSTS header +penablog.com: did not receive HSTS header +pengisatelier.net: could not connect to host +pengui.uk: could not connect to host +penguinclientsystem.com: did not receive HSTS header +pennylane.me.uk: did not receive HSTS header +pensanisso.com: max-age too low: 2592000 +pentagram.me: max-age too low: 2592000 +pentano.net: could not connect to host +people-mozilla.org: could not connect to host +peperiot.com: did not receive HSTS header +pepperhead.com: did not receive HSTS header +pepperworldhotshop.de: did not receive HSTS header +pepsicoemployeepreferencesurvey.com: could not connect to host +perdel.cn: did not receive HSTS header +perfect-radiant-wrinkles.com: could not connect to host +perfectionis.me: could not connect to host +perfectseourl.com: did not receive HSTS header +performaterm.ro: could not connect to host +performous.org: could not connect to host +perfumista.vn: did not receive HSTS header +periscopeliveweb.com: could not connect to host +perlwork.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +pernatie.ru: could not connect to host +perplex.nl: did not receive HSTS header +perroud.pro: did not receive HSTS header +persjrp.ca: could not connect to host +persoform.ch: could not connect to host +personalcommunicationsecurity.com: could not connect to host +personaldatabasen.no: could not connect to host +personalinjurylist.com: could not connect to host +personalizedtouch.co: could not connect to host +perthdevicelab.com: did not receive HSTS header +pestalozzishop.com.br: could not connect to host +pet-nsk.ru: could not connect to host +petbooking.it: did not receive HSTS header +petchart.net: could not connect to host +peterkshultz.com: did not receive HSTS header +petersmark.com: did not receive HSTS header +pethub.com: did not receive HSTS header +petit.site: could not connect to host +petlife.od.ua: could not connect to host +petplum.com: could not connect to host +petravdbos.nl: did not receive HSTS header +petrkrapek.cz: could not connect to host +petrolplus.ru: max-age too low: 7776000 +petrovsky.pro: could not connect to host +petsittersservices.com: could not connect to host +pettsy.com: could not connect to host +peuf.shop: could not connect to host +pewboards.com: could not connect to host +pexieapp.com: did not receive HSTS header +peykezamin.ir: could not connect to host +peytonfarrar.com: did not receive HSTS header +pfgshop.com.br: could not connect to host +pflegedienst-gratia.de: max-age too low: 300 +pgcpbc.com: could not connect to host +pgmsource.com: could not connect to host +pgpm.io: could not connect to host +pgtb.be: did not receive HSTS header +phalconist.com: could not connect to host +pharmgkb.org: could not connect to host +phdsupply.com: could not connect to host +phdwuda.com: could not connect to host +phil.tw: could not connect to host +philadelphiacandies.com: did not receive HSTS header +philippa.cool: could not connect to host +phillmoore.com: did not receive HSTS header +philpropertygroup.com: could not connect to host +phoebe.co.nz: did not receive HSTS header +phoenicis.com.ua: did not receive HSTS header +phonenumberinfo.co.uk: could not connect to host +phongmay24h.com: could not connect to host +photoblogverona.com: could not connect to host +photoboothpartyhire.co.uk: did not receive HSTS header +photops.fr: could not connect to host +phototag.org: did not receive HSTS header +php-bach.org: could not connect to host +phperformances.fr: did not receive HSTS header +phpfashion.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +phrasing.me: could not connect to host +physicaltherapist.com: did not receive HSTS header +pi-eng.fr: did not receive HSTS header +pianetaottica.eu: could not connect to host +pianetaottica.net: could not connect to host +pianetaottica.org: could not connect to host +picallo.es: could not connect to host +picardiascr.com: did not receive HSTS header +pickersurvey.org: could not connect to host +pickr.co: did not receive HSTS header +picotronic.biz: could not connect to host +picscare.co.uk: did not receive HSTS header +pidatacenters.com: did not receive HSTS header +pidomex.com: did not receive HSTS header +pierrejeansuau.fr: could not connect to host +pieterhordijk.com: could not connect to host +pieterjangeeroms.me: could not connect to host +piggott.me.uk: did not receive HSTS header +pilgermaske.org: did not receive HSTS header +piligrimname.com: could not connect to host +pillowandpepper.com: did not receive HSTS header +pilotcrowd.nl: did not receive HSTS header +pimpmymac.ru: did not receive HSTS header +pims.global: did not receive HSTS header +pimspage.nl: could not connect to host +pinebaylibrary.org: could not connect to host +pinkyf.com: could not connect to host +pioche.ovh: did not receive HSTS header +pippen.io: could not connect to host +pips.rocks: did not receive HSTS header +pir9.com: did not receive HSTS header +pirata.ga: did not receive HSTS header +piratebit.tech: could not connect to host +piratedb.com: could not connect to host +piratedot.com: could not connect to host +piratelist.online: could not connect to host +piratenlogin.de: could not connect to host +pirateproxy.pe: could not connect to host +pirateproxy.sx: did not receive HSTS header +pirateproxy.vip: could not connect to host +pirati.cz: did not receive HSTS header +piratte.net: did not receive HSTS header +pirlitu.com: did not receive HSTS header +pisexy.me: did not receive HSTS header +pisidia.de: could not connect to host +pitchup.com: did not receive HSTS header +pitonarms.com: could not connect to host +pittonpreschool.com: did not receive HSTS header +piwko.co: could not connect to host +pixdigital.net: did not receive HSTS header +pixeame.com: did not receive HSTS header +pixel.google.com: did not receive HSTS header (error ignored - included regardless) +pixelcode.com.au: could not connect to host +pixelgliders.de: could not connect to host +pixelhero.co.uk: did not receive HSTS header +pixi.chat: could not connect to host +pixi.me: did not receive HSTS header +pizzadoc.ch: could not connect to host +pizzahut.ru: did not receive HSTS header +pj83.duckdns.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +pjbet.mg: did not receive HSTS header +pkautodesign.com: did not receive HSTS header +pkschat.com: could not connect to host +plaasprodukte.com: could not connect to host +placollection.org: could not connect to host +plaettliaktion.ch: did not receive HSTS header +planbox.info: could not connect to host +planpharmacy.com: could not connect to host +plant.ml: did not receive HSTS header +plass.hamburg: could not connect to host +plasvilledescartaveis.com.br: could not connect to host +plataformadeinformacion.es: max-age too low: 30000 +platform.lookout.com: could not connect to host +platomania.eu: did not receive HSTS header +play.google.com: did not receive HSTS header (error ignored - included regardless) +playerhunter.com: did not receive HSTS header +playerscout.net: did not receive HSTS header +playflick.com: did not receive HSTS header +playmaker.io: could not connect to host +playmaza.live: did not receive HSTS header +playnation.io: did not receive HSTS header +playsharp.com: could not connect to host +pleasure.forsale: could not connect to host +pleier-it.de: did not receive HSTS header +pleier.it: did not receive HSTS header +plfgr.eu.org: could not connect to host +plhdb.org: did not receive HSTS header +plirt.ru: could not connect to host +plixer.com: did not receive HSTS header +plogable.co: could not connect to host +plombirator.kz: did not receive HSTS header +plothost.com: did not receive HSTS header +ploup.net: could not connect to host +ploxel.com: did not receive HSTS header +pluff.nl: did not receive HSTS header +plur.com.au: did not receive HSTS header +plus-digital.net: did not receive HSTS header +plus-u.com.au: did not receive HSTS header +plus.sandbox.google.com: did not receive HSTS header (error ignored - included regardless) +plussizereviews.com: could not connect to host +plut.org: did not receive HSTS header +plymouthsoftplay.co.uk: could not connect to host +pm13-media.cz: could not connect to host +pmac.pt: could not connect to host +pmbremer.de: could not connect to host +pmemanager.fr: did not receive HSTS header +pmnts.io: could not connect to host +pnsc.is: could not connect to host +pnukee.com: did not receive HSTS header +pnyxnet.com: did not receive HSTS header +po.gl: did not receive HSTS header +pocketsix.com: could not connect to host +pocloud.homelinux.net: could not connect to host +podiumsdiskussion.org: did not receive HSTS header +pogs.us: could not connect to host +poiema.com.sg: did not receive HSTS header +poinsot.beer: could not connect to host +pointeringles.com: could not connect to host +pointpro.de: did not receive HSTS header +pokeduel.me: did not receive HSTS header +pokomichi.com: did not receive HSTS header +pol-expo.ru: did not receive HSTS header +pol.in.th: could not connect to host +polarityschule.com: did not receive HSTS header +pole.net.nz: could not connect to host +polen.guide: could not connect to host +policeiwitness.sg: could not connect to host +polimat.org: could not connect to host +polit.im: could not connect to host +politic.org.ua: could not connect to host +politically-incorrect.xyz: could not connect to host +politiewervingshop.nl: did not receive HSTS header +politologos.org: did not receive HSTS header +polycoise.com: could not connect to host +polycrypt.us: could not connect to host +polypho.nyc: could not connect to host +pomardaserra.com: could not connect to host +pompefunebrilariviera.it: could not connect to host +pompompoes.com: could not connect to host +ponteencima.com: could not connect to host +pontokay.com.br: could not connect to host +pontualcomp.com: could not connect to host +pony.today: could not connect to host +ponythread.com: did not receive HSTS header +poolinstallers.co.za: could not connect to host +poolsandstuff.com: did not receive HSTS header +poon.tech: could not connect to host +popi.se: did not receive HSTS header +popkins.ml: could not connect to host +poris.web.id: could not connect to host +porno-gif.ru: did not receive HSTS header +pornstars.me: did not receive HSTS header +portalm.tk: could not connect to host +portalplatform.net: could not connect to host +portaluniversalista.org: could not connect to host +portalzine.de: did not receive HSTS header +poshpak.com: max-age too low: 86400 +posoiu.net: could not connect to host +postcodewise.co.uk: did not receive HSTS header +postscheduler.org: could not connect to host +posylka.de: did not receive HSTS header +potatoheads.net: could not connect to host +potbar.com: could not connect to host +potlytics.com: could not connect to host +potsky.com: did not receive HSTS header +pouets.ovh: could not connect to host +pourmesloisirs.com: did not receive HSTS header +poussinooz.fr: could not connect to host +povitria.net: could not connect to host +power-l.ch: did not receive HSTS header +power-of-interest.com: did not receive HSTS header +power99press.com: did not receive HSTS header +powerentertainment.tv: could not connect to host +poweroff.win: could not connect to host +powerplannerapp.com: could not connect to host +powershift.ne.jp: did not receive HSTS header +powerxequality.com: could not connect to host +poy-tech.com: could not connect to host +pozniak.at: did not receive HSTS header +pozyczka-bez-zaswiadczen.pl: did not receive HSTS header +ppr-truby.ru: could not connect to host +ppro.com: did not receive HSTS header +ppuu.org: did not receive HSTS header +ppy3.com: could not connect to host +practicallabs.com: could not connect to host +practodev.com: could not connect to host +pratinav.xyz: could not connect to host +prattpokemon.com: could not connect to host +praxis-research.info: could not connect to host +precisionaeroimaging.com: did not receive HSTS header +prediksisydney.com: could not connect to host +preezzie.com: could not connect to host +prefis.com: did not receive HSTS header +prefontaine.name: could not connect to host +prego-shop.de: did not receive HSTS header +preissler.co.uk: could not connect to host +prelist.org: did not receive HSTS header +prelogica.com.br: did not receive HSTS header +prepandgo-euro.com: could not connect to host +preppertactics.com: did not receive HSTS header +presidentials2016.com: could not connect to host +press-anime-nenkan.com: did not receive HSTS header +pressenews.net: did not receive HSTS header +pressfreedomfoundation.org: did not receive HSTS header +prettygrouse.com: did not receive HSTS header +prettyphotoart.de: did not receive HSTS header +pretzlaff.info: did not receive HSTS header +preworkout.me: could not connect to host +prezola.com: max-age too low: 0 +prgslab.net: could not connect to host +pridoc.se: did not receive HSTS header +prilock.com: did not receive HSTS header +primecaplending.com: did not receive HSTS header +prinbanat.ngo: did not receive HSTS header +princessbackpack.de: could not connect to host +printerest.io: could not connect to host +printersonline.be: did not receive HSTS header +printery.be: could not connect to host +printfn.com: could not connect to host +priolkar.com: did not receive HSTS header +prism-communication.com: could not connect to host +privacylabs.io: did not receive HSTS header +privacymanatee.com: could not connect to host +privacyrup.net: could not connect to host +privcloud.org: could not connect to host +privilegevisa.fr: could not connect to host +privytime.com: could not connect to host +prnt.li: did not receive HSTS header +pro-zone.com: could not connect to host +proactive.run: could not connect to host +probas.de: max-age too low: 0 +procode.gq: could not connect to host +prodpad.com: did not receive HSTS header +production.vn: did not receive HSTS header +producto8.com: did not receive HSTS header +profhome-shop.com: did not receive HSTS header +profi-durchgangsmelder.de: did not receive HSTS header +profivps.com: could not connect to host +profloorstl.com: did not receive HSTS header +profpay.com: could not connect to host +profundr.com: could not connect to host +profusion.io: did not receive HSTS header +progblog.net: could not connect to host +progress-technologies.com: could not connect to host +progressivecfo.co.nz: could not connect to host +prohostonline.fi: could not connect to host +proitconsulting.com.au: could not connect to host +project-sparks.eu: did not receive HSTS header +projectascension.io: could not connect to host +projectasterk.com: could not connect to host +projectdp.net: could not connect to host +projectmercury.space: could not connect to host +projectvault.ovh: did not receive HSTS header +projectx.top: could not connect to host +projektik.cz: did not receive HSTS header +projetoresecia.com: could not connect to host +prokop.ovh: could not connect to host +prolan.pw: did not receive HSTS header +promarketer.net: did not receive HSTS header +promecon-gmbh.de: did not receive HSTS header +prontocleaners.co.uk: did not receive HSTS header +prontolight.com: did not receive HSTS header +prontomovers.co.uk: could not connect to host +propactrading.com: could not connect to host +propmag.co: could not connect to host +prosoft.sk: did not receive HSTS header +prosperident.com: did not receive HSTS header +protoyou.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +provitacare.com: could not connect to host +prowhisky.de: did not receive HSTS header +proximato.com: could not connect to host +proxybay.al: could not connect to host +proxybay.club: could not connect to host +proxybay.info: did not receive HSTS header +proxybay.top: did not receive HSTS header +proxydesk.eu: could not connect to host +proxydesk.net: could not connect to host +proxyowl.pw: could not connect to host +proxyrox.com: could not connect to host +proxyweb.us: did not receive HSTS header +prpsss.com: could not connect to host +pruikshop.nl: could not connect to host +prxio.date: could not connect to host +prxio.site: could not connect to host +prytkov.com: could not connect to host +pscleaningsolutions.co.uk: could not connect to host +pshostpk.com: did not receive HSTS header +psicologia.co.ve: could not connect to host +psncardplus.be: could not connect to host +psncardplus.com: could not connect to host +psncardplus.dk: could not connect to host +psncardplus.nl: could not connect to host +psncardplus.se: could not connect to host +pstudio.me: did not receive HSTS header +psw.academy: could not connect to host +psw.consulting: could not connect to host +psychoco.net: could not connect to host +ptn.moscow: could not connect to host +ptonet.com: could not connect to host +pubkey.is: could not connect to host +publications.qld.gov.au: did not receive HSTS header +publicidadnovagrass.com.mx: did not receive HSTS header +publicspeakingcamps.com: could not connect to host +publimepa.it: could not connect to host +puentes.info: did not receive HSTS header +pugilares.com.pl: could not connect to host +pugliese.fr: could not connect to host +puhe.se: could not connect to host +puiterwijk.org: could not connect to host +pulsar.guru: did not receive HSTS header +pult.co: could not connect to host +pumpgames.net: could not connect to host +punchkickinteractive.com: did not receive HSTS header +punchr-kamikazee.rhcloud.com: did not receive HSTS header +puppydns.com: did not receive HSTS header +purewebmasters.com: could not connect to host +purplebricks.com: did not receive HSTS header +purplemoon.mobi: did not receive HSTS header +purplestar.mobi: did not receive HSTS header +purpoz.com.br: could not connect to host +push.world: did not receive HSTS header +pushapp.org: did not receive HSTS header +pushstar.com: max-age too low: 0 +pvagner.tk: did not receive HSTS header +pwd.ovh: could not connect to host +pwm.jp: could not connect to host +pwnsdx.pw: could not connect to host +pycrypto.org: could not connect to host +pyol.org: could not connect to host +pypi-mirrors.org: could not connect to host +pypi-status.org: could not connect to host +pyplo.org: did not receive HSTS header +pypt.lt: did not receive HSTS header +pyrrhonism.org: could not connect to host +pysays.net: did not receive HSTS header +pythia.nz: could not connect to host +pythonic.guru: could not connect to host +pythonic.training: could not connect to host +pzgreni.ch: did not receive HSTS header +pzme.me: could not connect to host +q-rickroll-u.pw: could not connect to host +q2.si: did not receive HSTS header +q8mp3.me: did not receive HSTS header +qa.fedoraproject.org: could not connect to host +qbik.de: did not receive HSTS header +qbnt.ca: could not connect to host +qccqld.org.au: could not connect to host +qforum.org: could not connect to host +qiannews.net: could not connect to host +qikan.net: could not connect to host +qiliang.wang: did not receive HSTS header +qingxuan.info: could not connect to host +qinxi1992.com: could not connect to host +qionglu.pw: could not connect to host +qipp.com: did not receive HSTS header +qixxit.de: did not receive HSTS header +qldconservation.org: could not connect to host +qldformulaford.org: could not connect to host +qnatek.org: could not connect to host +qonqa.de: did not receive HSTS header +qop.io: could not connect to host +qoqo.us: could not connect to host +qorm.co.uk: did not receive HSTS header +qqq.gg: could not connect to host +qr-city.org: did not receive HSTS header +qrara.net: did not receive HSTS header +qredo.com: did not receive HSTS header +qrforex.com: did not receive HSTS header +qrlending.com: could not connect to host +qrlfinancial.com: could not connect to host +qscloud.de: could not connect to host +qswoo.org: could not connect to host +qto.net: could not connect to host +quail.solutions: could not connect to host +quakerlens.com: did not receive HSTS header +quality1.com.br: did not receive HSTS header +qualityology.com: did not receive HSTS header +quanglepro.com: could not connect to host +quantacloud.ch: could not connect to host +quantenteranik.eu: could not connect to host +quantum-cloud.xyz: could not connect to host +quantum-ethics.com: could not connect to host +quantumcourse.org: did not receive HSTS header +quay.net: could not connect to host +quebecmailbox.com: could not connect to host +queenbrownie.com.br: could not connect to host +quelmandataire.fr: did not receive HSTS header +queryplayground.com: could not connect to host +questsandrewards.com: could not connect to host +quickandroid.tools: could not connect to host +quickpayservice.com: could not connect to host +quizionic.com: could not connect to host +quizmemes.org: could not connect to host +quotehex.com: could not connect to host +quotemaster.co.za: could not connect to host +quranserver.net: could not connect to host +qwilink.me: did not receive HSTS header +r-ay.club: did not receive HSTS header +r-ay.cn: could not connect to host +r-core.ru: could not connect to host +r-rickroll-u.pw: could not connect to host +r10n.com: did not receive HSTS header +r15.me: did not receive HSTS header +r3bl.me: did not receive HSTS header +ra-schaal.de: did not receive HSTS header +raajheshkannaa.com: could not connect to host +rabota-x.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +rackblue.com: could not connect to host +radeticlaw.com: max-age too low: 0 +radicaleducation.net: could not connect to host +radioheteroglossia.com: did not receive HSTS header +radishmoon.com: max-age too low: 0 +rafaelcz.de: could not connect to host +ragingserenity.com: did not receive HSTS header +raiblockscommunity.net: could not connect to host +raidensnakesden.co.uk: could not connect to host +raidensnakesden.com: could not connect to host +raidensnakesden.net: could not connect to host +raidstone.com: could not connect to host +raidstone.net: could not connect to host +raidstone.rocks: could not connect to host +rainbin.com: could not connect to host +rainbowbarracuda.com: could not connect to host +ramarka.de: could not connect to host +ramon-c.nl: could not connect to host +ramonj.nl: could not connect to host +randomcage.com: did not receive HSTS header +randomcloud.net: could not connect to host +randomhero.cloud: could not connect to host +randomwinpicker.de: could not connect to host +randy.pw: could not connect to host +ranegroup.hosting: could not connect to host +rankthespot.com: could not connect to host +ranktopay.com: did not receive HSTS header +rannseier.org: could not connect to host +ranos.org: could not connect to host +rany.duckdns.org: could not connect to host +rany.io: could not connect to host +rany.pw: could not connect to host +rapdogg.com: could not connect to host +rapidresearch.me: could not connect to host +rapidthunder.io: could not connect to host +rasing.me: could not connect to host +rastreador.com.es: did not receive HSTS header +ratajczak.fr: could not connect to host +rate-esport.de: could not connect to host +rationem.nl: did not receive HSTS header +ratuseks.com: could not connect to host +ratuseks.net: could not connect to host +ratuseks.us: could not connect to host +rauchenwald.net: did not receive HSTS header +raulfraile.net: could not connect to host +ravage.fm: did not receive HSTS header +raven.lipetsk.ru: could not connect to host +ravengergaming.ga: did not receive HSTS header +ravengergaming.net: could not connect to host +ravkr.duckdns.org: max-age too low: 360000 +ravse.dk: could not connect to host +raw-diets.com: did not receive HSTS header +rawet.se: could not connect to host +rawoil.com: could not connect to host +rawstorieslondon.com: could not connect to host +raycarruthersphotography.co.uk: could not connect to host +raydan.space: could not connect to host +raydobe.me: could not connect to host +raytron.org: could not connect to host +razeencheng.com: could not connect to host +razlaw.name: did not receive HSTS header +razzolini.com.br: could not connect to host +rbhighinc.org: could not connect to host +rbose.org: could not connect to host +rbqcloud.com: did not receive HSTS header +rbti.me: could not connect to host +rc-rp.com: could not connect to host +rc4.io: could not connect to host +rcafox.com: could not connect to host +rcoliveira.com: could not connect to host +rcorporation.be: did not receive HSTS header +rcpcbd.com: could not connect to host +rcraigmurphy.net: did not receive HSTS header +rcvd.io: did not receive HSTS header +rdfz.tech: could not connect to host +rdns.im: did not receive HSTS header +rdyrda.fr: could not connect to host +re-customer.net: did not receive HSTS header +reachr.com: could not connect to host +reader.ga: could not connect to host +readify.com.au: did not receive HSTS header +readityourself.net: could not connect to host +readmeeatmedrinkme.com: did not receive HSTS header +readr.pw: could not connect to host +readydok.com: did not receive HSTS header +reagir43.fr: did not receive HSTS header +reaiaer.com: could not connect to host +real-compare.com: could not connect to host +realcli.com: could not connect to host +realmic.net: could not connect to host +realmofespionage.com: could not connect to host +realraghavgupta.com: could not connect to host +realwoo.com: could not connect to host +reapdrive.net: did not receive HSTS header +reaper.rip: could not connect to host +reardenporn.com: could not connect to host +rebekaesgabor.online: could not connect to host +rebootmc.com: could not connect to host +redable.nl: did not receive HSTS header +redair.es: did not receive HSTS header +redar.xyz: could not connect to host +reddiseals.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +reddit.com: did not receive HSTS header +rede.ca: did not receive HSTS header +redhorsemountainranch.com: did not receive HSTS header +redicabo.de: could not connect to host +redirectman.com: did not receive HSTS header +redlatam.org: did not receive HSTS header +redmbk.com: did not receive HSTS header +redner.cc: did not receive HSTS header +rednertv.de: did not receive HSTS header +redoakmedia.net: did not receive HSTS header +redports.org: could not connect to host +redra.ws: did not receive HSTS header +redy.host: did not receive HSTS header +reevu.net: could not connect to host +referenten.org: did not receive HSTS header +refitplanner.com: did not receive HSTS header +reflecton.io: could not connect to host +reg.ru: did not receive HSTS header +regaloaks.com: did not receive HSTS header +regalpalms.com: did not receive HSTS header +regenbogenwald.de: did not receive HSTS header +regendevices.eu: could not connect to host +regenerescence.com: did not receive HSTS header +reggae-cdmx.com: could not connect to host +regio-salland.nl: could not connect to host +regionale.org: did not receive HSTS header +registertovoteflorida.gov: did not receive HSTS header +rehabthailand.nl: could not connect to host +reic.me: could not connect to host +reidascuecas.com.br: did not receive HSTS header +reignsphere.net: could not connect to host +reikiqueen.uk: could not connect to host +reismil.ch: could not connect to host +reisyukaku.org: did not receive HSTS header +reithguard-it.de: did not receive HSTS header +rejo.in: could not connect to host +rejuvemedspa.com: did not receive HSTS header +relayawards.com: could not connect to host +reldoc.com.mx: did not receive HSTS header +reliable-mail.de: could not connect to host +relisten.nl: did not receive HSTS header +relvan.com: did not receive HSTS header +rem.pe: did not receive HSTS header +rema.site: could not connect to host +remaimodern.org: did not receive HSTS header +remedica.fr: did not receive HSTS header +remedioskaseros.com: did not receive HSTS header +remedium.de: did not receive HSTS header +rememberthis.co.za: could not connect to host +remitatm.com: could not connect to host +remodela.com.ve: could not connect to host +remonttitekniikka.fi: could not connect to host +remoteham.com: could not connect to host +remotestance.com: did not receive HSTS header +rencaijia.com: did not receive HSTS header +renemayrhofer.com: could not connect to host +rengarenkblog.com: could not connect to host +renideo.fr: could not connect to host +renkhosting.com: did not receive HSTS header +renlong.org: did not receive HSTS header +renrenss.com: could not connect to host +renscreations.com: did not receive HSTS header +rentacarcluj.xyz: could not connect to host +rentbrowser.com: could not connect to host +rentbrowsertrain.me: could not connect to host +rentcarassist.com: could not connect to host +renteater.com: could not connect to host +rentex.com: did not receive HSTS header +renyiyou.com: could not connect to host +replacemychina.com: could not connect to host +report-incident.de: could not connect to host +report-to.com: did not receive HSTS header +report-to.io: did not receive HSTS header +report-uri.io: did not receive HSTS header +report-url.com: did not receive HSTS header +report-url.io: did not receive HSTS header +reported.ly: did not receive HSTS header +reporturl.com: did not receive HSTS header +reporturl.io: did not receive HSTS header +reprolife.co.uk: could not connect to host +reqognize.com: could not connect to host +res-rheingau.de: did not receive HSTS header +res42.com: could not connect to host +research.md: could not connect to host +reserve-online.net: did not receive HSTS header +residentsinsurance.co.uk: did not receive HSTS header +resl20.servehttp.com: could not connect to host +respice.xyz: could not connect to host +ressl.ch: could not connect to host +restaurace-klokocka.cz: did not receive HSTS header +restchart.com: did not receive HSTS header +reth.ch: could not connect to host +retroarms.com: did not receive HSTS header +retroarms.cz: did not receive HSTS header +retube.ga: could not connect to host +returnofwar.com: could not connect to host +revapost.ch: could not connect to host +revealdata.com: did not receive HSTS header +revelaciones.tv: could not connect to host +revello.org: did not receive HSTS header +reverie.pw: could not connect to host +review.info: did not receive HSTS header +reviewbestseller.com: did not receive HSTS header +reviewjust.com: did not receive HSTS header +reviews.anime.my: max-age too low: 5184000 +revtut.net: could not connect to host +rewardstock.com: max-age too low: 0 +rewopit.net: did not receive HSTS header +reykjavik.guide: could not connect to host +rezept-planer.de: could not connect to host +rhapsodhy.hu: could not connect to host +rhdigital.pro: could not connect to host +rhering.de: could not connect to host +rhodosdreef.nl: could not connect to host +riaucybersolution.net: did not receive HSTS header +ribopierre.fr: could not connect to host +riceglue.com: could not connect to host +richeza.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +richiemail.net: could not connect to host +richmondsunlight.com: did not receive HSTS header +richmtdriver.com: could not connect to host +richsiciliano.com: could not connect to host +richterphilipp.com: could not connect to host +rid-wan.com: could not connect to host +rideaudiscount.com: did not receive HSTS header +rideforwade.com: could not connect to host +rideforwade.net: could not connect to host +rideforwade.org: could not connect to host +rideworks.com: did not receive HSTS header +ridwan.co: could not connect to host +right-to-love.name: did not receive HSTS header +right2.org: could not connect to host +righttoknow.ie: did not receive HSTS header +rigolitch.fr: did not receive HSTS header +riiconnect24.net: max-age too low: 0 +rijndael.xyz: could not connect to host +rijnmondeg.nl: did not receive HSTS header +rika.me: could not connect to host +ring0.xyz: did not receive HSTS header +ringh.am: could not connect to host +rionewyork.com.br: could not connect to host +ripa.io: did not receive HSTS header +rippleunion.com: could not connect to host +riskmgt.com.au: could not connect to host +rithm.ch: could not connect to host +rivercruiseadvisor.com: did not receive HSTS header +rivlo.com: could not connect to host +rizon.me: could not connect to host +rj.gg: could not connect to host +rk6.cz: could not connect to host +rkkhok.hu: did not receive HSTS header +rkmantpur.org: did not receive HSTS header +rmaqequipamentos.com.br: did not receive HSTS header +rme.li: did not receive HSTS header +roadfeast.com: could not connect to host +roan24.pl: did not receive HSTS header +robi-net.it: could not connect to host +robigalia.org: did not receive HSTS header +robomonkey.org: could not connect to host +robteix.com: did not receive HSTS header +robtex.com: did not receive HSTS header +robtex.net: did not receive HSTS header +robtex.org: did not receive HSTS header +robust.ga: could not connect to host +rochman.id: could not connect to host +rocket-wars.de: did not receive HSTS header +rocketgnomes.com: could not connect to host +rocketnet.ml: could not connect to host +rockeyscrivo.com: did not receive HSTS header +rocksberg.net: could not connect to host +rockz.io: did not receive HSTS header +roddis.net: did not receive HSTS header +rodehutskors.net: could not connect to host +rodney.id.au: did not receive HSTS header +rodneybrooksjr.com: did not receive HSTS header +rodosto.com: did not receive HSTS header +roeper.party: could not connect to host +roesemann.email: could not connect to host +rofrank.space: could not connect to host +roguelikecenter.fr: did not receive HSTS header +rohanbassett.com: could not connect to host +rohlik.cz: did not receive HSTS header +roketix.co.uk: did not receive HSTS header +rolandslate.com: did not receive HSTS header +rolemaster.net: could not connect to host +roleplayhome.com: could not connect to host +rolroer.co.za: could not connect to host +romaimperator.com: did not receive HSTS header +romainmuller.xyz: did not receive HSTS header +romans-place.me.uk: could not connect to host +romanticschemer.com: could not connect to host +romanticvillas.com.au: could not connect to host +romeoferraris.com: did not receive HSTS header +romulusapp.com: could not connect to host +ron2k.za.net: could not connect to host +ronanrbr.com: did not receive HSTS header +rondoniatec.com.br: did not receive HSTS header +ronghexx.com: could not connect to host +ronvandordt.info: could not connect to host +ronwo.de: max-age too low: 1 +roolevoi.ru: could not connect to host +room-checkin24.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +rootbsd.at: could not connect to host +rootforum.org: did not receive HSTS header +rootservice.org: did not receive HSTS header +rootwpn.com: could not connect to host +rop.io: could not connect to host +roquecenter.org: did not receive HSTS header +rorymcdaniel.com: did not receive HSTS header +rospa100.com: could not connect to host +rossen.be: did not receive HSTS header +rotex1840.de: did not receive HSTS header +rotozen.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +rotter-dam.nl: did not receive HSTS header +rotterdamjazz.info: could not connect to host +rough.nu: could not connect to host +roundtheme.com: did not receive HSTS header +rous.se: could not connect to host +rouvray.org: could not connect to host +royal-forest.org: max-age too low: 0 +royalhop.co: could not connect to host +royalpub.net: did not receive HSTS header +royalsignaturecruise.com: could not connect to host +roychan.org: max-age too low: 0 +royzez.com: could not connect to host +rozalisbengal.ro: did not receive HSTS header +rozalynne-dawn.ga: could not connect to host +rozeapp.nl: could not connect to host +rpasafrica.com: could not connect to host +rr.in.th: could not connect to host +rrke.cc: did not receive HSTS header +rs-devdemo.host: could not connect to host +rsajeey.info: could not connect to host +rsampaio.info: did not receive HSTS header +rsblake.net: could not connect to host +rsf.io: could not connect to host +rsldb.com: could not connect to host +rsmaps.org: could not connect to host +rtc.fun: could not connect to host +rubbereggs.ca: could not connect to host +rubecodeberg.com: could not connect to host +rubendv.be: could not connect to host +rubenschulz.nl: could not connect to host +rubi-ka.net: max-age too low: 0 +ruborr.se: did not receive HSTS header +rubysecurity.org: did not receive HSTS header +rubyshop.nl: max-age too low: 604800 +rudeotter.com: did not receive HSTS header +rue-de-la-vieille.fr: max-age too low: 0 +rugirlfriend.com: could not connect to host +rugs.ca: did not receive HSTS header +rugstorene.co.uk: did not receive HSTS header +ruhr3.de: could not connect to host +ruig.jp: could not connect to host +ruitershoponline.nl: did not receive HSTS header +rumoterra.com.br: could not connect to host +runawebinar.nl: could not connect to host +runcarina.com: could not connect to host +rundumcolumn.xyz: could not connect to host +runementors.com: could not connect to host +runhardt.eu: did not receive HSTS header +runtl.com: did not receive HSTS header +runtondev.com: did not receive HSTS header +ruqu.nl: could not connect to host +rusadmin.biz: did not receive HSTS header +ruska-modra.cz: did not receive HSTS header +ruskamodra.cz: did not receive HSTS header +rusl.me: could not connect to host +russmarshall.com: could not connect to host +rustfanatic.com: did not receive HSTS header +ruudkoot.nl: could not connect to host +ruxit.com: did not receive HSTS header +rw-solutions.tech: could not connect to host +rww.name: could not connect to host +rxprep.com: did not receive HSTS header +rxt.social: could not connect to host +rxv.cc: could not connect to host +ryansmithphotography.com: did not receive HSTS header +ryanteck.uk: did not receive HSTS header +rylin.net: did not receive HSTS header +ryssland.guide: could not connect to host +rzegroup.com: could not connect to host +s-d-v.ch: could not connect to host +s-rickroll-p.pw: could not connect to host +s.how: could not connect to host +s0923.com: could not connect to host +s1mplescripts.de: did not receive HSTS header +s3n.se: could not connect to host +sa.net: could not connect to host +saabwa.org: did not receive HSTS header +sabine-forschbach.de: could not connect to host +sabineforschbach.de: could not connect to host +sadsu.com: did not receive HSTS header +safeex.com: did not receive HSTS header +safejourney.education: could not connect to host +safelist.eu: did not receive HSTS header +safematix.com: could not connect to host +safemovescheme.co.uk: could not connect to host +saferedirectlink.com: could not connect to host +safersurfing.eu: did not receive HSTS header +safetyrisk.net: did not receive HSTS header +safewings-nh.nl: could not connect to host +safing.me: did not receive HSTS header +sagarhandicraft.com: could not connect to host +sageth.com: max-age too low: 0 +sah3.net: could not connect to host +saharalondon.com: max-age too low: 0 +saharmassachi.com: could not connect to host +saigonstar.de: did not receive HSTS header +sail-nyc.com: did not receive HSTS header +saint-astier-triathlon.com: did not receive HSTS header +saintjohnlutheran.church: did not receive HSTS header +sairai.bid: did not receive HSTS header +sajdowski.de: could not connect to host +sakaki.anime.my: max-age too low: 5184000 +sakaserver.com: did not receive HSTS header +sakib.ninja: did not receive HSTS header +sakurabuff.com: could not connect to host +saleslift.pl: did not receive HSTS header +sallysubs.com: could not connect to host +salserocafe.com: did not receive HSTS header +salserototal.com: could not connect to host +saltedskies.com: could not connect to host +saltra.online: did not receive HSTS header +salzamt.tk: could not connect to host +samaritan.tech: could not connect to host +samegoal.org: did not receive HSTS header +sametovymesic.cz: could not connect to host +saml2.com: could not connect to host +sampcup.com: could not connect to host +sampoznay.ru: did not receive HSTS header +samraskauskas.com: could not connect to host +samsen.club: could not connect to host +samsungmobile.it: did not receive HSTS header +sanael.net: could not connect to host +sanasalud.org: could not connect to host +sanatfilan.com: did not receive HSTS header +sanatrans.com: could not connect to host +sandviks.com: did not receive HSTS header +sanguoxiu.com: could not connect to host +sanhei.ch: did not receive HSTS header +sanik.my: did not receive HSTS header +sanissimo.com.mx: max-age too low: 86400 +sanmuding.com: could not connect to host +sansage.com.br: could not connect to host +sansdev.com: could not connect to host +sansemea.com: did not receive HSTS header +santi.eu: did not receive HSTS header +santing.net: did not receive HSTS header +santouri.be: could not connect to host +saotn.org: did not receive HSTS header +sarah-beckett-harpist.com: did not receive HSTS header +sarahsweetlife.com: could not connect to host +sarahsweger.com: could not connect to host +sarakas.com: could not connect to host +saraleebread.com: max-age too low: 86400 +sarangsemutbandung.com: could not connect to host +sarindia.com: could not connect to host +sarindia.de: could not connect to host +sarisonproductions.com: did not receive HSTS header +sarkarischeme.in: could not connect to host +sarndipity.com: could not connect to host +saruwebshop.co.za: could not connect to host +sat.rent: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +sat7a-riyadh.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +satanichia.moe: could not connect to host +satmep.com: did not receive HSTS header +satoshicrypt.com: did not receive HSTS header +satragreen.com: did not receive HSTS header +satrent.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +satrent.se: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +satriyowibowo.my.id: did not receive HSTS header +satsukii.moe: did not receive HSTS header +saturne.tk: could not connect to host +saturngames.co.uk: did not receive HSTS header +saucyfox.net: did not receive HSTS header +saudeeconforto.com.br: did not receive HSTS header +sauerbrey.eu: could not connect to host +saumon.xyz: could not connect to host +saunasandstuff.ca: did not receive HSTS header +saunasandstuff.com: did not receive HSTS header +sauvagebridge.nl: could not connect to host +save.gov: could not connect to host +saveaward.gov: could not connect to host +savecashindia.com: could not connect to host +savethedogfishfoundation.org: could not connect to host +saveyour.biz: could not connect to host +savingrecipe.com: did not receive HSTS header +savvysuit.com: did not receive HSTS header +sawamura-rental.com: did not receive HSTS header +say-hanabi.com: could not connect to host +sayhanabi.com: could not connect to host +sazima.ru: did not receive HSTS header +sbm.cloud: could not connect to host +sbobetfun.com: did not receive HSTS header +sbox-archives.com: could not connect to host +sby.de: could not connect to host +sc4le.com: could not connect to host +scala.click: did not receive HSTS header +scannabi.com: could not connect to host +schaafenstrasse.koeln: could not connect to host +schachburg.de: did not receive HSTS header +schadegarant.net: could not connect to host +schatmeester.be: could not connect to host +schau-rein.co.at: max-age too low: 0 +schauer.so: could not connect to host +schermreparatierotterdam.nl: did not receive HSTS header +schmitt.ovh: could not connect to host +schmitt.ws: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +schnapke.name: could not connect to host +schnell-abnehmen.tips: did not receive HSTS header +schnell-gold.com: could not connect to host +scholl.io: did not receive HSTS header +schooltrends.co.uk: did not receive HSTS header +schoop.me: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +schreiber-netzwerk.eu: did not receive HSTS header +schrikdraad.net: did not receive HSTS header +schrodinger.io: could not connect to host +schroepfglas-versand.de: did not receive HSTS header +schroettle.com: did not receive HSTS header +schulterglatzen-altenwalde.de: could not connect to host +schultzflorists.com: could not connect to host +schuppentier.org: did not receive HSTS header +schwarzkopfforyou.de: did not receive HSTS header +schweiz.guide: could not connect to host +schweizerbolzonello.net: could not connect to host +schwetz.net: could not connect to host +scicasts.com: max-age too low: 7776000 +scienceathome.org: did not receive HSTS header +sciencebase.gov: did not receive HSTS header +sciencemonster.co.uk: could not connect to host +scivillage.com: did not receive HSTS header +sclgroup.cc: did not receive HSTS header +scooshonline.co.uk: did not receive HSTS header +score-savers.com: max-age too low: 10540800 +scores4schools.com: could not connect to host +scotbirchfield.com: did not receive HSTS header +scottainslie.me.uk: could not connect to host +scottdial.com: did not receive HSTS header +scottferguson.com.au: did not receive HSTS header +scottnicol.co.uk: could not connect to host +scourt.info: could not connect to host +scourt.org.ua: could not connect to host +scrambl.is: could not connect to host +scramble.io: did not receive HSTS header +scrambler.in: could not connect to host +scrapings.net: could not connect to host +screencaster.io: did not receive HSTS header +screenresolution.space: could not connect to host +screensaversplanet.com: did not receive HSTS header +scribbleserver.com: could not connect to host +scribe.systems: could not connect to host +scrion.com: could not connect to host +script.google.com: did not receive HSTS header (error ignored - included regardless) +scriptenforcer.net: could not connect to host +scripthost.org: could not connect to host +scriptict.nl: could not connect to host +scriptjunkie.us: could not connect to host +scrollstory.com: did not receive HSTS header +sctm.at: could not connect to host +sdhmanagementgroup.com: could not connect to host +sdia.ru: could not connect to host +sdmoscow.ru: could not connect to host +sdrobs.com: did not receive HSTS header +sdsl-speedtest.de: could not connect to host +se7ensins.com: did not receive HSTS header +seans.cc: did not receive HSTS header +seatshare.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +seavancouver.com: could not connect to host +sebastian-bair.de: could not connect to host +sebastianhampl.de: could not connect to host +sebastiensenechal.com: did not receive HSTS header +sebster.com: did not receive HSTS header +secandtech.com: could not connect to host +seceye.cn: could not connect to host +secitem.de: could not connect to host +secnet.ga: could not connect to host +secondary-survivor.com: could not connect to host +secondary-survivor.help: could not connect to host +secondary-survivor.net: could not connect to host +secondarysurvivor.help: could not connect to host +secondarysurvivorportal.com: could not connect to host +secondarysurvivorportal.help: could not connect to host +secondbyte.nl: could not connect to host +secondpay.nl: could not connect to host +secondspace.ca: could not connect to host +secretnation.net: did not receive HSTS header +sectest.ml: could not connect to host +sectia22.ro: did not receive HSTS header +sectun.com: did not receive HSTS header +secur3.us: did not receive HSTS header +secure-automotive-cloud.com: could not connect to host +secure-automotive-cloud.org: could not connect to host +secure-games.us: could not connect to host +secure.link: did not receive HSTS header +securechat4.me: could not connect to host +securedevelop.net: could not connect to host +securefuture.nl: did not receive HSTS header +secureindia.co: could not connect to host +secureobscure.com: could not connect to host +secureradio.net: could not connect to host +securesuisse.ch: could not connect to host +securita.eu: did not receive HSTS header +security-carpet.com: could not connect to host +security-thoughts.org: could not connect to host +security.google.com: did not receive HSTS header (error ignored - included regardless) +security.xn--q9jyb4c: could not connect to host +securityarena.com: could not connect to host +securitybsides.pl: did not receive HSTS header +securityglance.com: could not connect to host +securityinet.biz: did not receive HSTS header +securityinet.net: did not receive HSTS header +securityinet.org.il: could not connect to host +securitysoapbox.com: could not connect to host +securiviera.ch: did not receive HSTS header +securon.io: could not connect to host +securoswiss.ch: could not connect to host +sedoexpert.nl: could not connect to host +sedoexperts.nl: could not connect to host +sedrubal.de: could not connect to host +sedziapilkarski.pl: did not receive HSTS header +seedboxers.net: could not connect to host +seefirm.com: could not connect to host +seefunk.net: did not receive HSTS header +seele.ca: could not connect to host +seen.life: could not connect to host +sehenderson.com: did not receive HSTS header +seiko-dojo.com: could not connect to host +seiler-bad.de: did not receive HSTS header +seizoushokoyuubangou.com: did not receive HSTS header +sektor.team: could not connect to host +selcusters.nl: could not connect to host +selecadm.name: could not connect to host +selectary.com: could not connect to host +selectcertifiedautos.com: did not receive HSTS header +selectruckscalltrackingreports.com: could not connect to host +seleondar.ru: could not connect to host +selfdefenserx.com: did not receive HSTS header +selfie-france.fr: could not connect to host +selfserverx.com: could not connect to host +selldorado.com: could not connect to host +sellercritic.com: did not receive HSTS header +sellmoretires.com: could not connect to host +sello.com: did not receive HSTS header +sellocdn.com: could not connect to host +sellservs.co.za: could not connect to host +semaf.at: max-age too low: 86400 +semantheme.fr: did not receive HSTS header +semen3325.xyz: could not connect to host +semenkovich.com: did not receive HSTS header +semenov.su: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +semps-servers.de: could not connect to host +semps.de: did not receive HSTS header +sendash.com: could not connect to host +sendmeback.de: did not receive HSTS header +senedirect.com: could not connect to host +sens2lavie.com: did not receive HSTS header +senseofnumber.co.uk: did not receive HSTS header +sensiblemn.org: could not connect to host +sensibus.com: did not receive HSTS header +seo-lagniappe.com: did not receive HSTS header +seobot.com.au: could not connect to host +seomobo.com: could not connect to host +seosanantonioinc.com: did not receive HSTS header +seoscribe.net: could not connect to host +seowarp.net: did not receive HSTS header +sep23.ru: did not receive HSTS header +seq.tf: did not receive HSTS header +serathius.ovh: could not connect to host +serbien.guide: could not connect to host +serenitycreams.com: did not receive HSTS header +serfdom.io: did not receive HSTS header +serized.pw: could not connect to host +servecrypt.com: could not connect to host +server-essentials.com: could not connect to host +serverangels.co.uk: did not receive HSTS header +servercode.ca: did not receive HSTS header +serverdensity.io: did not receive HSTS header +servergno.me: did not receive HSTS header +serverlauget.no: could not connect to host +servermonkey.nl: could not connect to host +serverpedia.de: could not connect to host +servfefe.com: could not connect to host +servicevie.com: did not receive HSTS header +servu.de: did not receive HSTS header +seryo.moe: could not connect to host +seryo.net: could not connect to host +seryovpn.com: could not connect to host +sesha.co.za: could not connect to host +sessionslogning.dk: could not connect to host +setphaserstostun.org: could not connect to host +setuid.de: could not connect to host +setuid.io: did not receive HSTS header +sexplicit.co.uk: could not connect to host +seyahatsagliksigortalari.com: could not connect to host +seydaozcan.com: did not receive HSTS header +sfashion.si: did not receive HSTS header +sfhobbies.com.br: could not connect to host +sfsltd.com: did not receive HSTS header +sgcaccounts.co.uk: did not receive HSTS header +sgovaard.nl: did not receive HSTS header +sh11.pp.ua: did not receive HSTS header +sha2017.org: did not receive HSTS header +shadex.net: could not connect to host +shadiku.com: could not connect to host +shadoom.com: did not receive HSTS header +shadow-socks.net: did not receive HSTS header +shadow-socks.org: did not receive HSTS header +shadow-socks.pro: did not receive HSTS header +shadowguardian507-irl.tk: did not receive HSTS header +shadowguardian507.tk: did not receive HSTS header +shadowmorph.info: did not receive HSTS header +shadowplus.net: could not connect to host +shadowrocket.net: could not connect to host +shadowroket.com: did not receive HSTS header +shadowshocks.net: did not receive HSTS header +shadowsocks.gift: did not receive HSTS header +shadowsocks.net: could not connect to host +shadowsocks.vc: did not receive HSTS header +shadowsocks.wiki: did not receive HSTS header +shadowsocksvpn.com: did not receive HSTS header +shadowsoks.com: could not connect to host +shadowsu.info: did not receive HSTS header +shadowsu.top: did not receive HSTS header +shagi29.ru: did not receive HSTS header +shahbeat.com: did not receive HSTS header +shakebox.de: could not connect to host +shanekoster.net: could not connect to host +shanesage.com: could not connect to host +shang-yu.cn: could not connect to host +shanxiapark.com: could not connect to host +shaobin.wang: could not connect to host +shapesedinburgh.co.uk: did not receive HSTS header +shardsoft.com: could not connect to host +shareimg.xyz: could not connect to host +sharejoy.cn: did not receive HSTS header +sharekey.com: did not receive HSTS header +sharepass.pw: could not connect to host +sharepic.xyz: could not connect to host +sharezen.de: could not connect to host +sharingcode.com: did not receive HSTS header +shauncrowley.co.uk: could not connect to host +shaunwheelhou.se: could not connect to host +shavegazette.com: did not receive HSTS header +shavingks.com: could not connect to host +shawnbsmith.me: did not receive HSTS header +shawnh.net: could not connect to host +shellsec.pw: did not receive HSTS header +shep.co.il: did not receive HSTS header +sheratan.web.id: max-age too low: 2592000 +shereallyheals.com: did not receive HSTS header +shervik.ga: could not connect to host +sheying.tm: could not connect to host +shg-pornographieabhaengigkeit.de: did not receive HSTS header +shiatsu-institut.ch: did not receive HSTS header +shibe.club: could not connect to host +shiftins.com: could not connect to host +shiftnrg.org: did not receive HSTS header +shiftplanning.com: did not receive HSTS header +shiinko.com: could not connect to host +shindorei.fr: could not connect to host +shinebijoux.com.br: could not connect to host +shinju.moe: could not connect to host +shiona.xyz: could not connect to host +shipinsight.com: did not receive HSTS header +shipmile.com: did not receive HSTS header +shipping24h.com: did not receive HSTS header +shirakaba-cc.com: could not connect to host +shirosaki.org: could not connect to host +shitfest.info: did not receive HSTS header +shitposting.life: could not connect to host +shm-forum.org.uk: could not connect to host +shocksrv.com: did not receive HSTS header +shooshosha.com: could not connect to host +shopherbal.co.za: did not receive HSTS header +shopods.com: did not receive HSTS header +shopontarget.com: did not receive HSTS header +shoppeno5.com: did not receive HSTS header +shoppingreview.org: could not connect to host +shoprose.ru: could not connect to host +shops.neonisi.com: could not connect to host +short-biography.com: did not receive HSTS header +shorten.ninja: could not connect to host +shortr.li: could not connect to host +shota.party: could not connect to host +showkeeper.tv: did not receive HSTS header +showmethemoney.ru: did not receive HSTS header +shoxmusic.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +shred.ch: could not connect to host +shredoptics.ch: could not connect to host +shukatsu-note.com: could not connect to host +shurita.org: could not connect to host +shuzicai.cn: could not connect to host +shv25.se: could not connect to host +shwongacc.com: could not connect to host +shymeck.pw: could not connect to host +shypp.it: could not connect to host +shyrydan.es: could not connect to host +siamega.com: could not connect to host +siammedia.co: could not connect to host +sianimacion.com: could not connect to host +sichere-kartenakzeptanz.de: could not connect to host +siciliadigitale.pro: could not connect to host +sickfile.com: could not connect to host +siddhant.me: max-age too low: 0 +siebens.net: could not connect to host +sifls.com: could not connect to host +sifreuret.com: could not connect to host +signoracle.com: could not connect to host +signosquecombinam.com.br: could not connect to host +sigterm.no: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +sijimi.cn: could not connect to host +sikatehtaat.fi: could not connect to host +sikayetvar.com: did not receive HSTS header +siku.pro: could not connect to host +silaslova-ekb.ru: did not receive HSTS header +silent.live: could not connect to host +silentcircle.com: did not receive HSTS header +silentcircle.org: could not connect to host +silentlink.io: could not connect to host +silicagelpackets.ca: did not receive HSTS header +silver-drachenkrieger.de: did not receive HSTS header +silverhome.ninja: could not connect to host +silverpvp.com: could not connect to host +silvistefi.com: could not connect to host +simbast.com: could not connect to host +simbihaiti.com: max-age too low: 7889238 +simccorp.com: did not receive HSTS header +simeon.us: max-age too low: 2592000 +simfri.com: did not receive HSTS header +simnovo.net: did not receive HSTS header +simobilklub.si: could not connect to host +simod.org: could not connect to host +simon-pokorny.com: did not receive HSTS header +simon.butcher.name: max-age too low: 2629743 +simongong.net: did not receive HSTS header +simonsaxon.com: did not receive HSTS header +simpan.id: did not receive HSTS header +simpleai.net: max-age too low: 600 +simplefraud.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +simplelearner.com: could not connect to host +simplepractice.com: did not receive HSTS header +simplerses.com: could not connect to host +simplexsupport.com: did not receive HSTS header +simplixos.org: could not connect to host +simplyenak.com: did not receive HSTS header +sims4hub.ga: could not connect to host +simtin-net.de: did not receive HSTS header +simyo.nl: did not receive HSTS header +sin30.net: could not connect to host +sincai666.com: could not connect to host +sincron.org: could not connect to host +sinful.pw: could not connect to host +sinfulforums.net: could not connect to host +singul4rity.com: could not connect to host +sinneserweiterung.de: could not connect to host +sinosky.org: did not receive HSTS header +sinsojb.me: did not receive HSTS header +sinusbot.online: did not receive HSTS header +sipc.org: did not receive HSTS header +siqi.wang: could not connect to host +siriad.com: could not connect to host +sirius-lee.net: could not connect to host +siro.gq: did not receive HSTS header +sistemasespecializados.com: did not receive HSTS header +sitehost.io: did not receive HSTS header +sitemaxiphilippe.ch: could not connect to host +sitennisclub.com: did not receive HSTS header +siterip.org: could not connect to host +sites.google.com: did not receive HSTS header (error ignored - included regardless) +sitesforward.com: did not receive HSTS header +sitesten.com: did not receive HSTS header +sittinginoblivion.com: did not receive HSTS header +sizingservers.be: did not receive HSTS header +sizzle.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +skandiabanken.no: did not receive HSTS header +skaraborgsassistans.com: did not receive HSTS header +skarox.ru: could not connect to host +ski-insurance.com.au: did not receive HSTS header +skidstresser.com: could not connect to host +skiinstructor.services: did not receive HSTS header +skillproxy.com: could not connect to host +skillproxy.net: could not connect to host +skillproxy.org: could not connect to host +skk.io: could not connect to host +skoda-clever-lead.de: could not connect to host +skoda-nurdiebesten.de: did not receive HSTS header +skoda-service-team-cup.de: did not receive HSTS header +skotty.io: did not receive HSTS header +skpdev.net: could not connect to host +skullhouse.nyc: did not receive HSTS header +sky-aroma.com: could not connect to host +skyasker.cn: could not connect to host +skyasker.com: did not receive HSTS header +skyflix.me: could not connect to host +skyline.link: could not connect to host +skyline.tw: did not receive HSTS header +skylocker.net: could not connect to host +skylocker.nl: could not connect to host +skynethk.com: did not receive HSTS header +skyoy.com: did not receive HSTS header +skyrunners.ch: could not connect to host +skyveo.ml: did not receive HSTS header +skyway.capital: did not receive HSTS header +sl1pkn07.wtf: could not connect to host +slanterns.net: could not connect to host +slaps.be: could not connect to host +slash-dev.de: did not receive HSTS header +slashand.co: could not connect to host +slashdesign.it: did not receive HSTS header +slashem.me: did not receive HSTS header +slattery.co: could not connect to host +slauber.de: did not receive HSTS header +sleeklounge.com: did not receive HSTS header +sleep10.com: could not connect to host +sleepstar.com.mt: did not receive HSTS header +slicketl.com: did not receive HSTS header +slightfuture.click: could not connect to host +slightfuture.com: did not receive HSTS header +slix.io: could not connect to host +slope.haus: could not connect to host +slovakiana.sk: did not receive HSTS header +slovoice.org: could not connect to host +sluplift.com: did not receive HSTS header +slycurity.de: did not receive HSTS header +slytech.ch: could not connect to host +smablo.com: did not receive HSTS header +smallcdn.rocks: could not connect to host +smallchat.nl: could not connect to host +smalldata.tech: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +smallshopit.com: did not receive HSTS header +smart-mirror.de: did not receive HSTS header +smart-ov.nl: could not connect to host +smartbuyelectric.com: could not connect to host +smartcleaningcenter.nl: did not receive HSTS header +smartcoin.com.br: could not connect to host +smarterskies.gov: did not receive HSTS header +smartfon4you.ru: max-age too low: 0 +smarthomedna.com: did not receive HSTS header +smartofficesandsmarthomes.com: did not receive HSTS header +smartphone.continental.com: could not connect to host +smartrak.co.nz: did not receive HSTS header +smdev.fr: could not connect to host +smet.us: could not connect to host +smexpt.com: did not receive HSTS header +smileawei.com: did not receive HSTS header +smimea.com: could not connect to host +smirkingwhorefromhighgarden.pro: could not connect to host +smith.is: could not connect to host +smittix.co.uk: did not receive HSTS header +smkn1lengkong.sch.id: did not receive HSTS header +smksi2.com: could not connect to host +smksultanismail2.com: did not receive HSTS header +sml.lc: could not connect to host +smol.cat: did not receive HSTS header +smove.sg: did not receive HSTS header +smplix.com: could not connect to host +smspodmena.ru: did not receive HSTS header +smtp.bz: did not receive HSTS header +smuhelper.cn: could not connect to host +smusg.com: did not receive HSTS header +smzsq.com: did not receive HSTS header +snailing.org: could not connect to host +snakehosting.dk: did not receive HSTS header +snapworks.net: did not receive HSTS header +snekchat.moe: could not connect to host +snelwerk.be: could not connect to host +sng.my: could not connect to host +snip.host: could not connect to host +snippet.host: could not connect to host +snoozedds.com: max-age too low: 600 +snoqualmiefiber.org: could not connect to host +snowdy.eu: could not connect to host +sobabox.ru: could not connect to host +soboleva-pr.com.ua: could not connect to host +soccergif.com: could not connect to host +social-journey.com: could not connect to host +socialbillboard.com: could not connect to host +socialcs.xyz: could not connect to host +socialgrowing.cl: did not receive HSTS header +socialhead.io: could not connect to host +socialhub.com: did not receive HSTS header +socializam.com: did not receive HSTS header +socialprize.com: could not connect to host +socialspirit.com.br: did not receive HSTS header +socialworkout.com: could not connect to host +socialworkout.net: could not connect to host +socialworkout.org: could not connect to host +socialworkout.tv: could not connect to host +socketize.com: could not connect to host +sockeye.cc: could not connect to host +socomponents.co.uk: could not connect to host +sodacore.com: could not connect to host +softballsavings.com: did not receive HSTS header +sogeek.me: could not connect to host +sogravatas.net.br: could not connect to host +sohamroy.me: could not connect to host +sojingle.net: could not connect to host +sokolka.tv: did not receive HSTS header +sol-3.de: did not receive HSTS header +sol.works: did not receive HSTS header +solarcom.com.br: could not connect to host +soldbygold.net: did not receive HSTS header +solentes.com.br: could not connect to host +solidfuelappliancespares.co.uk: did not receive HSTS header +solidtuesday.com: could not connect to host +solidus.systems: did not receive HSTS header +solinter.com.br: did not receive HSTS header +soljem.com: did not receive HSTS header +soll-i.ch: did not receive HSTS header +solosmusic.xyz: could not connect to host +solsystems.ru: could not connect to host +solutive.fi: did not receive HSTS header +solymar.co: could not connect to host +some.rip: max-age too low: 6307200 +someshit.xyz: could not connect to host +something-else.cf: could not connect to host +somethingnew.xyz: could not connect to host +sonafe.info: could not connect to host +sonerezh.bzh: did not receive HSTS header +sonic.network: did not receive HSTS header +sonicrainboom.rocks: could not connect to host +sonyforum.no: did not receive HSTS header +soobi.org: did not receive HSTS header +soondy.com: did not receive HSTS header +soply.com: did not receive HSTS header +soporte.cc: could not connect to host +sorensen-online.com: could not connect to host +sortaweird.net: could not connect to host +sosaka.ml: could not connect to host +sosiolog.com: did not receive HSTS header +sotor.de: did not receive HSTS header +soucorneteiro.com.br: could not connect to host +soulema.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +soulfulglamour.uk: could not connect to host +soundforsound.co.uk: did not receive HSTS header +sourcelair.com: did not receive HSTS header +sourcitec.com: did not receive HSTS header +southcoastswords.com: did not receive HSTS header +southernjamusa.com: did not receive HSTS header +southgale.condos: could not connect to host +southside-crew.club: could not connect to host +southworcestershiregpservices.co.uk: could not connect to host +souvik.me: did not receive HSTS header +souyar.de: could not connect to host +souyar.net: could not connect to host +souyar.us: could not connect to host +sovereignshare.com: could not connect to host +sown.dyndns.org: could not connect to host +sowncloud.de: could not connect to host +soz6.com: did not receive HSTS header +sp.rw: could not connect to host +spacedust.xyz: could not connect to host +spacefish.biz: could not connect to host +spacehq.org: could not connect to host +spacemo.com: did not receive HSTS header +spacountryexplorer.org.au: did not receive HSTS header +spaggel.nl: did not receive HSTS header +spamloco.net: did not receive HSTS header +spangehlassociates.com: did not receive HSTS header +spanien.guide: could not connect to host +sparelib.com: max-age too low: 3650 +spark.team: could not connect to host +sparklingsparklers.com: did not receive HSTS header +sparmedo.de: did not receive HSTS header +sparsa.army: could not connect to host +sparta-trade.com: could not connect to host +spauted.com: could not connect to host +spdysync.com: could not connect to host +specialedesigns.com: could not connect to host +speculor.net: could not connect to host +spedition-transport-umzug.de: did not receive HSTS header +speed-mailer.com: could not connect to host +speedcounter.net: did not receive HSTS header +speedy.lt: max-age too low: 0 +speedyprep.com: did not receive HSTS header +speidel.com.tr: did not receive HSTS header +spencerbaer.com: could not connect to host +sperohub.io: could not connect to host +spha.info: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +sphinx.network: could not connect to host +spicywombat.com: could not connect to host +spiegels.nl: could not connect to host +spielcasinos.com: did not receive HSTS header +spikeykc.me: did not receive HSTS header +spillmaker.no: did not receive HSTS header +spilsbury.io: could not connect to host +spineandscoliosis.com: did not receive HSTS header +spirit-dev.net: max-age too low: 0 +spiritfanfics.com: did not receive HSTS header +spisoggrin.dk: did not receive HSTS header +spitefultowel.com: did not receive HSTS header +spititout.it: could not connect to host +spittersberger.recipes: did not receive HSTS header +split.is: could not connect to host +spokonline.com: could not connect to host +sponsortobias.com: could not connect to host +sportchirp-internal.azurewebsites.net: did not receive HSTS header +sporthit.ru: did not receive HSTS header +sportifik.com: did not receive HSTS header +sportingoods.com.br: could not connect to host +sportscollection.com.br: could not connect to host +sportsmanadvisor.com: could not connect to host +sportwette.eu: did not receive HSTS header +spot-events.com: could not connect to host +spotifyripper.tk: could not connect to host +spotlightsrule.ddns.net: could not connect to host +spr.id.au: did not receive HSTS header +spreadsheets.google.com: did not receive HSTS header (error ignored - included regardless) +spresso.me: did not receive HSTS header +sprint.ml: did not receive HSTS header +sprk.fitness: did not receive HSTS header +sproutconnections.com: could not connect to host +sprutech.de: could not connect to host +spyroszarzonis.com: could not connect to host +squaddraft.com: could not connect to host +square.gs: could not connect to host +squatldf.org: did not receive HSTS header +squids.space: could not connect to host +squirtlesbians.net: could not connect to host +sqzryang.com: could not connect to host +srcc.fr: could not connect to host +srevilak.net: did not receive HSTS header +sritest.io: could not connect to host +srmaximo.com: could not connect to host +srna.sk: did not receive HSTS header +srpdb.com: did not receive HSTS header +srrr.ca: could not connect to host +srvonfire.com: could not connect to host +ss-free.net: could not connect to host +ss.wtf: could not connect to host +ssl.panoramio.com: did not receive HSTS header +ssl.rip: could not connect to host +ssmato.me: could not connect to host +ssn1.ru: did not receive HSTS header +sspanda.com: could not connect to host +ssworld.ga: could not connect to host +staack.com: could not connect to host +stabletoken.com: could not connect to host +stackfiles.io: could not connect to host +stadionmanager.com: could not connect to host +stadjerspasonline.nl: could not connect to host +stadtbauwerk.at: did not receive HSTS header +stadtgartenla.com: could not connect to host +staffjoy.com: did not receive HSTS header +staffjoystaging.com: could not connect to host +stahl.xyz: could not connect to host +stalkerhispano.com: max-age too low: 0 +stalkerteam.pl: did not receive HSTS header +stalkthe.net: could not connect to host +stalschermer.nl: could not connect to host +stamonicatourandtravel.com: could not connect to host +stamparmakarije.me: could not connect to host +stanandjerre.org: could not connect to host +standardssuck.org: did not receive HSTS header +standingmist.com: did not receive HSTS header +stannahtrapliften.nl: did not receive HSTS header +starandshield.com: did not receive HSTS header +starapple.nl: did not receive HSTS header +starfeeling.net: could not connect to host +stargatepartners.com: did not receive HSTS header +starmusic.ga: did not receive HSTS header +startuponcloud.com: max-age too low: 2678400 +startupsort.com: did not receive HSTS header +stash.ai: did not receive HSTS header +state-sponsored-actors.net: could not connect to host +statementinsertsforless.com: did not receive HSTS header +stateofexception.io: could not connect to host +statgram.me: could not connect to host +static-assets.io: could not connect to host +static.hosting: could not connect to host +static.or.at: did not receive HSTS header +staticanime.net: could not connect to host +staticisnoise.com: could not connect to host +stationaryjourney.com: did not receive HSTS header +stationcharlie.com: could not connect to host +stationnementdenuit.ca: did not receive HSTS header +status-sprueche.de: did not receive HSTS header +statusbot.io: could not connect to host +statuschecks.net: could not connect to host +stavebnice.net: did not receive HSTS header +stayokhotelscdc-mailing.com: could not connect to host +stcable.net: did not receive HSTS header +stcomex.com: did not receive HSTS header +steampunkrobot.com: did not receive HSTS header +steelbea.ms: could not connect to host +steem.io: did not receive HSTS header +stefanweiser.de: did not receive HSTS header +steffi-in-australien.com: could not connect to host +stepbystep3d.com: did not receive HSTS header +steph-autoecole.ch: did not receive HSTS header +stephanierxo.com: did not receive HSTS header +stephanos.me: could not connect to host +stephenandburns.com: did not receive HSTS header +stevechekblain.win: could not connect to host +steven-bennett.com: could not connect to host +stevenroddis.com: did not receive HSTS header +stevensheffey.me: did not receive HSTS header +stevensononthe.net: did not receive HSTS header +stevenz.net: did not receive HSTS header +stewartremodelingadvantage.com: could not connect to host +sticklerjs.org: could not connect to host +stickswag.cf: could not connect to host +stig.io: could not connect to host +stigroom.com: could not connect to host +stilettomoda.com.br: could not connect to host +stillblackhat.id: could not connect to host +stinkytrashhound.com: could not connect to host +stirlingpoon.net: could not connect to host +stirlingpoon.xyz: could not connect to host +stkbn.com: did not receive HSTS header +stkeverneparishcouncil.org.uk: did not receive HSTS header +stl.news: did not receive HSTS header +stmbgr.com: could not connect to host +stn.me.uk: did not receive HSTS header +stockseyeserum.com: could not connect to host +stocktrade.de: could not connect to host +stoffe-monster.de: did not receive HSTS header +stoick.me: could not connect to host +stole-my.bike: could not connect to host +stole-my.tv: could not connect to host +stomt.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +stonecutterscommunity.com: could not connect to host +stonemanbrasil.com.br: could not connect to host +stopbreakupnow.org: did not receive HSTS header +stopwoodfin.org: could not connect to host +storbritannien.guide: could not connect to host +store-host.com: did not receive HSTS header +storecove.com: did not receive HSTS header +storeden.com: did not receive HSTS header +storefrontify.com: did not receive HSTS header +storiesofhealth.org: did not receive HSTS header +storillo.com: did not receive HSTS header +stormhub.org: could not connect to host +stormyyd.com: did not receive HSTS header +stqry.com: did not receive HSTS header +str0.at: did not receive HSTS header +strasweb.fr: did not receive HSTS header +strbt.de: could not connect to host +strchr.com: did not receive HSTS header +stream.pub: could not connect to host +streamingmagazin.de: could not connect to host +streams.dyndns.org: could not connect to host +strictlysudo.com: could not connect to host +strife.tk: could not connect to host +strila.me: could not connect to host +strivephysmed.com: did not receive HSTS header +stroeercrm.de: could not connect to host +strongest-privacy.com: could not connect to host +stuartbaxter.co: could not connect to host +student-scientist.org: did not receive HSTS header +studentrdh.com: did not receive HSTS header +studentresearcher.org: did not receive HSTS header +studentshare.net: max-age too low: 0 +studentskydenik.cz: could not connect to host +studenttravel.cz: did not receive HSTS header +studinf.xyz: could not connect to host +studio-panic.com: did not receive HSTS header +studiozelden.com: did not receive HSTS header +studybay.com: did not receive HSTS header +studydrive.net: did not receive HSTS header +studyhub.cf: did not receive HSTS header +stugb.de: did not receive HSTS header +stupendous.net: could not connect to host +sturbock.me: did not receive HSTS header +sturdio.com.br: could not connect to host +stylenda.com: could not connect to host +stylle.me: could not connect to host +subbing.work: could not connect to host +subdimension.org: did not receive HSTS header +subeesu.com: could not connect to host +subhacker.net: did not receive HSTS header +subsys.no: did not receive HSTS header +subtitle.rip: could not connect to host +subwayz.de: did not receive HSTS header +sudo.im: could not connect to host +sudo.li: did not receive HSTS header +sudokian.io: did not receive HSTS header +sudosu.fr: could not connect to host +sugarsweetorsour.com: did not receive HSTS header +suian.or.jp: max-age too low: 86400 +suite73.org: could not connect to host +suitocracy.com: could not connect to host +sulek.eu: could not connect to host +summer.ga: could not connect to host +summitbankofkc.com: did not receive HSTS header +sumoatm.com: did not receive HSTS header +sumoscout.de: could not connect to host +sun-wellness-online.com.vn: did not receive HSTS header +suncountrymarine.com: did not receive HSTS header +suneilpatel.com: could not connect to host +sunfireshop.com.br: could not connect to host +sunflyer.cn: did not receive HSTS header +sungo.wtf: did not receive HSTS header +sunlandsg.vn: did not receive HSTS header +sunnyfruit.ru: could not connect to host +sunshinepress.org: could not connect to host +sunxchina.com: could not connect to host +sunyanzi.tk: could not connect to host +suos.io: could not connect to host +supcro.com: could not connect to host +super-erotica.ru: could not connect to host +super-garciniaslim.com: could not connect to host +super-radiant-skin.com: could not connect to host +super-ripped-power.com: could not connect to host +super-slim-coffee.com: could not connect to host +superbabysitting.ch: could not connect to host +superbart.nl: could not connect to host +superbdistribute.com: could not connect to host +superbike.tw: could not connect to host +supercreepsvideo.com: could not connect to host +supereight.net: did not receive HSTS header +superiorfloridavacation.com: did not receive HSTS header +superklima.ro: did not receive HSTS header +superlandnetwork.de: did not receive HSTS header +superlentes.com.br: could not connect to host +supernovabrasil.com.br: did not receive HSTS header +superpase.com: could not connect to host +supersalescontest.nl: did not receive HSTS header +superschnappchen.de: could not connect to host +supersecurefancydomain.com: could not connect to host +supertramp-dafonseca.com: did not receive HSTS header +superuser.fi: could not connect to host +superwally.org: could not connect to host +supes.io: did not receive HSTS header +support4server.de: did not receive HSTS header +suprlink.net: could not connect to host +supweb.ovh: did not receive HSTS header +surasak.io: could not connect to host +surasak.org: could not connect to host +surasak.xyz: could not connect to host +surdam.casa: could not connect to host +surfeasy.com: did not receive HSTS header +surfone-leucate.com: did not receive HSTS header +survivalistplanet.com: could not connect to host +susconam.org: could not connect to host +suspiciousdarknet.xyz: could not connect to host +sussexwebdesigns.com: did not receive HSTS header +sussexwebdesigns.info: did not receive HSTS header +sustainability.gov: did not receive HSTS header +suzukikenichi.com: did not receive HSTS header +svatba-frantovi.cz: could not connect to host +svenluijten.com: did not receive HSTS header +svenskacasino.com: did not receive HSTS header +svenskaservern.se: could not connect to host +svetjakonadlani.cz: did not receive HSTS header +swaggerdile.com: could not connect to host +swaleacademiestrust.org.uk: max-age too low: 2592000 +swanseapartyhire.co.uk: did not receive HSTS header +swdatlantico.pt: could not connect to host +sweetlegs.jp: could not connect to host +sweetstreats.ca: could not connect to host +swiggy.com: did not receive HSTS header +swimming.ca: did not receive HSTS header +swisstranslate.ch: did not receive HSTS header +swisstranslate.fr: did not receive HSTS header +swite.com: did not receive HSTS header +swmd5c.org: could not connect to host +swu.party: could not connect to host +sx3.no: could not connect to host +sxbk.pw: could not connect to host +sy-anduril.de: could not connect to host +syam.cc: could not connect to host +sydgrabber.tk: could not connect to host +sykl.us: could not connect to host +sylvangarden.org: could not connect to host +sylvanorder.com: could not connect to host +synackr.com: could not connect to host +synapticconsulting.co.uk: could not connect to host +syncappate.com: could not connect to host +syncclinicalstudy.com: could not connect to host +syncer.jp: did not receive HSTS header +syncserve.net: did not receive HSTS header +syneic.com: did not receive HSTS header +synergisticsoccer.com: could not connect to host +syno.gq: could not connect to host +syntaxoff.com: could not connect to host +syrocon.ch: could not connect to host +sysadminstory.com: could not connect to host +sysdb.io: could not connect to host +sysgeek.cn: could not connect to host +syso.name: could not connect to host +syspen.space: did not receive HSTS header +sysrq.tech: could not connect to host +syss.de: did not receive HSTS header +systemd.me: could not connect to host +syy.hk: could not connect to host +szaszm.tk: max-age too low: 0 +t-complex.space: could not connect to host +t-ken.xyz: could not connect to host +t-tz.com: could not connect to host +t0dd.eu: could not connect to host +t3rror.net: could not connect to host +t4c-rebirth.com: could not connect to host +t4x.org: could not connect to host +taabe.xyz: could not connect to host +tabelfirme.ro: did not receive HSTS header +tadigitalstore.com: could not connect to host +tafoma.com: did not receive HSTS header +tageau.com: could not connect to host +taglondon.org: did not receive HSTS header +tahakomat.cz: could not connect to host +taichi-jade.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +tailify.com: did not receive HSTS header +tails.com.ar: did not receive HSTS header +takumi-s.net: did not receive HSTS header +takusan.ru: could not connect to host +talentuar.com: did not receive HSTS header +tales-of-interia.de: could not connect to host +talheim-records.ca: could not connect to host +talk.google.com: did not receive HSTS header (error ignored - included regardless) +talkitup.mx: could not connect to host +talkitup.online: did not receive HSTS header +talklifestyle.nl: could not connect to host +talktwincities.com: could not connect to host +tallr.se: could not connect to host +tallshoe.com: could not connect to host +tamex.xyz: could not connect to host +tandarts-haarlem.nl: did not receive HSTS header +tandem-trade.ru: could not connect to host +tangel.me: could not connect to host +tangibilizing.com: could not connect to host +tangyue.date: could not connect to host +tangzhao.net: could not connect to host +taniesianie.pl: did not receive HSTS header +tankfreunde.de: did not receive HSTS header +tante-bugil.net: could not connect to host +tantotiempo.de: could not connect to host +tanze-jetzt.de: could not connect to host +taotuba.net: did not receive HSTS header +taozj.org: did not receive HSTS header +tapfinder.ca: could not connect to host +tapka.cz: did not receive HSTS header +tappublisher.com: did not receive HSTS header +targaryen.house: could not connect to host +tarhauskielto.fi: could not connect to host +tartaros.fi: could not connect to host +tas2580.net: could not connect to host +taskstats.com: could not connect to host +taskulu.ir: could not connect to host +tasmansecurity.com: could not connect to host +tassup.com: could not connect to host +tastyyy.co: could not connect to host +tatilbus.com: did not receive HSTS header +tatt.io: could not connect to host +tattvaayoga.com: did not receive HSTS header +tauchkater.de: could not connect to host +tavoittaja.fi: did not receive HSTS header +tavopica.lt: did not receive HSTS header +taxbench.com: could not connect to host +taxsnaps.co.nz: did not receive HSTS header +tazj.in: did not receive HSTS header +tazz.in: could not connect to host +tbspace.de: did not receive HSTS header +tc-bonito.de: did not receive HSTS header +tcao.info: could not connect to host +tcby45.xyz: could not connect to host +tcdw.net: did not receive HSTS header +tcl.ath.cx: did not receive HSTS header +tcomms.org: max-age too low: 0 +tcp.expert: did not receive HSTS header +tcpweb.net: could not connect to host +tcwebvn.com: could not connect to host +tdelmas.eu: could not connect to host +tdelmas.ovh: could not connect to host +tdsb.cf: could not connect to host +tdsb.ga: could not connect to host +tdsb.gq: could not connect to host +tdsb.ml: could not connect to host +tdsbhack.cf: could not connect to host +tdsbhack.ga: could not connect to host +tdsbhack.gq: could not connect to host +tdsbhack.ml: could not connect to host +tdsbhack.tk: could not connect to host +teachforcanada.ca: did not receive HSTS header +tealdrones.com: did not receive HSTS header +team-teasers.com: could not connect to host +teambeoplay.co.uk: did not receive HSTS header +teamblueridge.org: could not connect to host +teamhood.io: did not receive HSTS header +teampoint.cz: could not connect to host +teamsocial.co: did not receive HSTS header +teamup.rocks: did not receive HSTS header +teamzeus.cz: could not connect to host +tearoy.faith: could not connect to host +tebieer.com: could not connect to host +tech-blog.fr: did not receive HSTS header +tech-finder.fr: could not connect to host +tech55i.com: could not connect to host +techandtux.de: could not connect to host +techask.it: could not connect to host +techassist.io: did not receive HSTS header +techcavern.ml: did not receive HSTS header +techelements.co: did not receive HSTS header +techfactslive.com: did not receive HSTS header +techhipster.net: could not connect to host +techhub.ml: could not connect to host +techiehall.com: could not connect to host +techllage.com: could not connect to host +techloaner.com: could not connect to host +techmasters.andover.edu: could not connect to host +techmatehq.com: could not connect to host +technogroup.cz: did not receive HSTS header +technosavvyport.com: did not receive HSTS header +technotonic.com.au: did not receive HSTS header +techpit.us: could not connect to host +techpointed.com: could not connect to host +techproud.com: did not receive HSTS header +techreview.link: could not connect to host +techtoy.store: did not receive HSTS header +techtraveller.com.au: did not receive HSTS header +techview.link: did not receive HSTS header +tecnimotos.com: did not receive HSTS header +tecnogaming.com: did not receive HSTS header +tecture.de: did not receive HSTS header +tedovo.com: did not receive HSTS header +tedxkmitl.com: could not connect to host +teehaus-shila.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +tefl.io: could not connect to host +tegelsensanitaironline.nl: did not receive HSTS header +tehotuotanto.net: did not receive HSTS header +teknologi.or.id: max-age too low: 36000 +teknotes.co.uk: could not connect to host +tekshrek.com: did not receive HSTS header +tektoria.de: could not connect to host +tel-dithmarschen.de: did not receive HSTS header +teleallarme.ch: could not connect to host +telefisk.org: did not receive HSTS header +telefonnummer.online: could not connect to host +telefoonnummerinfo.nl: could not connect to host +telekollektiv.org: could not connect to host +telescam.com: could not connect to host +teletechnology.in: did not receive HSTS header +teletra.ru: could not connect to host +tellingua.com: did not receive HSTS header +temasa.net: did not receive HSTS header +temehu.com: did not receive HSTS header +tempcraft.net: could not connect to host +tempo.co: did not receive HSTS header +tempodecolheita.com.br: could not connect to host +tendertool.nl: could not connect to host +tendoryu-aikido.org: did not receive HSTS header +tenerife-villas.com: did not receive HSTS header +tengroup.com: max-age too low: 0 +tenispopular.com: could not connect to host +tenni.xyz: could not connect to host +tensei-slime.com: did not receive HSTS header +tensionup.com: could not connect to host +tentins.com: could not connect to host +teoleonie.com: did not receive HSTS header +teos.online: could not connect to host +terra-x.net: could not connect to host +terra.by: did not receive HSTS header +terrax.berlin: could not connect to host +terrax.info: could not connect to host +terrax.net: could not connect to host +teru.com.br: could not connect to host +test02.dk: did not receive HSTS header +testandroid.xyz: could not connect to host +testovaci.ml: could not connect to host +tetramax.eu: did not receive HSTS header +tetsai.com: could not connect to host +teufelsystem.de: could not connect to host +teulon.eu: could not connect to host +texte-zur-taufe.de: did not receive HSTS header +texter.at: did not receive HSTS header +textoplano.xyz: could not connect to host +textracer.dk: could not connect to host +tf2stadium.com: did not receive HSTS header +tfcoms-sp-tracker-client.azurewebsites.net: could not connect to host +tffans.com: could not connect to host +tfl.lu: did not receive HSTS header +tgr.re: could not connect to host +th-bl.de: did not receive HSTS header +th3nd.com: did not receive HSTS header +thagki9.com: did not receive HSTS header +thaigirls.xyz: could not connect to host +thaihostcool.com: did not receive HSTS header +thailandpropertylisting.com: did not receive HSTS header +thailandpropertylistings.com: did not receive HSTS header +thalmann.fr: did not receive HSTS header +thatvizsla.life: did not receive HSTS header +the-construct.com: could not connect to host +the-delta.net.eu.org: could not connect to host +the-digitale.com: could not connect to host +the-finance-blog.com: could not connect to host +the-gist.io: could not connect to host +the-sky-of-valkyries.com: could not connect to host +the.ie: did not receive HSTS header +theamateurs.net: did not receive HSTS header +theamp.com: did not receive HSTS header +theater.cf: could not connect to host +theavenuegallery.com: did not receive HSTS header +thebakingclass.com: did not receive HSTS header +thebasementguys.com: could not connect to host +thebeautifulmusic.net: did not receive HSTS header +thebeginningisnye.com: could not connect to host +theberkshirescompany.com: could not connect to host +thebigfail.net: could not connect to host +thebrightons.co.uk: did not receive HSTS header +thebrightons.uk: could not connect to host +thebrotherswarde.com: could not connect to host +thecapitalbank.com: did not receive HSTS header +thecharlestonwaldorf.com: did not receive HSTS header +thechunk.net: could not connect to host +theclementinebutchers.com: could not connect to host +theclubjersey.com: did not receive HSTS header +thecodeninja.net: did not receive HSTS header +thecoffeehouse.xyz: could not connect to host +thecuriousdev.com: did not receive HSTS header +thedarkartsandcrafts.com: could not connect to host +thedrop.pw: did not receive HSTS header +thedystance.com: could not connect to host +theelitebuzz.com: did not receive HSTS header +theendofzion.com: did not receive HSTS header +theepankar.com: could not connect to host +theescapistswiki.com: could not connect to host +theeyeopener.com: did not receive HSTS header +thefarbeyond.com: could not connect to host +theflowerbasketonline.com: could not connect to host +thefootballanalyst.com: did not receive HSTS header +thefox.co: could not connect to host +thefreebirds.in: could not connect to host +thefrk.xyz: could not connect to host +thefrozenfire.com: did not receive HSTS header +thefutureharrills.com: could not connect to host +thegamerscamp.com: max-age too low: 0 +thego2swatking.com: could not connect to host +thegoldregister.co.uk: could not connect to host +thegreenvpn.com: did not receive HSTS header +thehiddenbay.eu: could not connect to host +thehiddenbay.me: could not connect to host +thehiddenbay.net: could not connect to host +thehighersideclothing.com: did not receive HSTS header +thehistory.me: could not connect to host +thehonorguard.org: did not receive HSTS header +thehoopsarchive.com: could not connect to host +thehotfix.net: could not connect to host +theimagesalon.com: max-age too low: 43200 +theinvisibletrailer.com: could not connect to host +theitsage.com: did not receive HSTS header +thejobauction.com: did not receive HSTS header +thejserver.de: could not connect to host +thelapine.ca: did not receive HSTS header +thelostyankee.com: could not connect to host +themadmechanic.net: could not connect to host +themanufacturingmarketingagency.com: could not connect to host +themarble.co: could not connect to host +themathbehindthe.science: could not connect to host +themathematician.uk: could not connect to host +themerchandiser.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +themicrocapital.com: could not connect to host +themimitoof.fr: did not receive HSTS header +themoderate.xyz: could not connect to host +thenextstep.events: could not connect to host +thenorthschool.org.uk: did not receive HSTS header +thenrdhrd.nl: could not connect to host +theodorejones.info: could not connect to host +thepartywarehouse.co.uk: did not receive HSTS header +thepcweb.tk: could not connect to host +thepiratebay.al: could not connect to host +thepiratebay.poker: could not connect to host +thepiratebay.tech: could not connect to host +theprincegame.com: could not connect to host +theprivacysolution.com: could not connect to host +thequillmagazine.org: could not connect to host +therise.ca: max-age too low: 300 +thermique.ch: could not connect to host +therockawaysny.com: did not receive HSTS header +thescientists.nl: could not connect to host +thesearchnerds.co.uk: did not receive HSTS header +thesecurityteam.net: could not connect to host +thesehighsandlows.com: could not connect to host +theserver201.tk: could not connect to host +theshopally.com: did not receive HSTS header +theskingym.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +thesplit.is: could not connect to host +thestack.xyz: could not connect to host +thestagchorleywood.co.uk: did not receive HSTS header +thesteins.org: could not connect to host +thetechnical.me: did not receive HSTS header +thethirdroad.com: could not connect to host +thetradinghall.com: could not connect to host +theurbanyoga.com: did not receive HSTS header +thevintagenews.com: did not receive HSTS header +thewallset.com: did not receive HSTS header +thewebfellas.com: did not receive HSTS header +theweilai.com: did not receive HSTS header +theworkingeye.nl: could not connect to host +thewp.pro: could not connect to host +thezonders.com: did not receive HSTS header +thgros.fr: could not connect to host +thierfreund.de: could not connect to host +thierryhayoz.ch: could not connect to host +thinkcash.nl: could not connect to host +thinkcoding.de: could not connect to host +thinkcoding.org: could not connect to host +thinkdo.jp: could not connect to host +thinkheaddesign.com: did not receive HSTS header +thinlyveiledcontempt.com: could not connect to host +thirdpartytrade.com: did not receive HSTS header +thirty5.net: did not receive HSTS header +thisisacompletetest.ga: could not connect to host +thisisforager.com: could not connect to host +thiswasalreadymyusername.tk: could not connect to host +thiswebhost.com: did not receive HSTS header +thkb.net: could not connect to host +thomas-ferney.fr: did not receive HSTS header +thomas-gibertie.fr: did not receive HSTS header +thomasbreads.com: max-age too low: 86400 +thomascloud.ddns.net: could not connect to host +thomasharvey.me: did not receive HSTS header +thomaskliszowski.fr: did not receive HSTS header +thomasmeester.nl: did not receive HSTS header +thomasnet.fr: could not connect to host +thomasschweizer.net: could not connect to host +thompsonfamily.cloud: could not connect to host +thorncreek.net: did not receive HSTS header +threv.net: could not connect to host +thriveapproach.co.uk: did not receive HSTS header +thrivewellnesshub.co.za: did not receive HSTS header +throughthelookingglasslens.co.uk: could not connect to host +thumbtack.com: did not receive HSTS header +thundercampaign.com: could not connect to host +ti.blog.br: could not connect to host +tianxicaipiao.win: could not connect to host +tianxicp.com: could not connect to host +tianxing.pro: did not receive HSTS header +tianxingvpn.pro: could not connect to host +ticketoplichting.nl: did not receive HSTS header +tickopa.co.uk: could not connect to host +tickreport.com: did not receive HSTS header +ticktock.today: did not receive HSTS header +tictactux.de: could not connect to host +tidmore.us: could not connect to host +tidycustoms.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +tiendschuurstraat.nl: could not connect to host +tiensnet.com: could not connect to host +tierrarp.com: could not connect to host +tiffnix.com: could not connect to host +tightlineproductions.com: did not receive HSTS header +tikutiku.pl: could not connect to host +tildebot.com: could not connect to host +tilient.eu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +tilikum.io: did not receive HSTS header +tilkah.com.au: did not receive HSTS header +tillcraft.com: could not connect to host +timbeilby.com: could not connect to host +timbuktutimber.com: did not receive HSTS header +timcamara.com: could not connect to host +time-river.xyz: could not connect to host +timeatlas.com: did not receive HSTS header +timesavingplugins.com: could not connect to host +timesavingplugins.net: could not connect to host +timeserver0.de: could not connect to host +timeserver1.de: could not connect to host +timeserver2.de: could not connect to host +timeserver3.de: could not connect to host +timestamp.io: did not receive HSTS header +timhjalpen.se: could not connect to host +timnash.co.uk: max-age too low: 2592000 +timotrans.de: did not receive HSTS header +timotrans.eu: did not receive HSTS header +timowi.de: could not connect to host +timowi.net: could not connect to host +timschubert.net: max-age too low: 172800 +timvandekamp.nl: did not receive HSTS header +timwittenberg.com: could not connect to host +tinchbear.xyz: could not connect to host +tindewen.net: could not connect to host +tink.network: could not connect to host +tintenprofi.de: max-age too low: 6307200 +tipsyk.ru: could not connect to host +tiredofeating.com: could not connect to host +tiremoni.ch: did not receive HSTS header +tirex.media: did not receive HSTS header +titanlab.de: could not connect to host +titanleaf.com: could not connect to host +titouan.co: did not receive HSTS header +tittarpuls.se: could not connect to host +titties.ml: could not connect to host +tjc.wiki: could not connect to host +tjeckien.guide: could not connect to host +tkappertjedemetamorfose.nl: could not connect to host +tkarstens.de: did not receive HSTS header +tkn.tokyo: could not connect to host +tkonstantopoulos.tk: could not connect to host +tlcdn.net: could not connect to host +tlo.hosting: could not connect to host +tlo.link: could not connect to host +tlo.network: could not connect to host +tls.li: could not connect to host +tlsbv.nl: did not receive HSTS header +tlshost.net: could not connect to host +tm-solutions.eu: could not connect to host +tmaward.net: could not connect to host +tmhlive.com: could not connect to host +tmitchell.io: could not connect to host +tmprod.com: did not receive HSTS header +tmtradingmorocco.ma: did not receive HSTS header +tnb-plattform.de: could not connect to host +tncnanet.com.br: could not connect to host +tno.io: could not connect to host +tnrsca.jp: did not receive HSTS header +tobaby.com.br: could not connect to host +tobaccore.eu: could not connect to host +tobaccore.sk: could not connect to host +tobias-bielefeld.de: did not receive HSTS header +tobiasmathes.com: could not connect to host +tobiasmathes.name: could not connect to host +tobiasofficial.at: could not connect to host +tobiassachs.cf: could not connect to host +tobiassachs.tk: could not connect to host +todapolitica.com: did not receive HSTS header +todesschaf.org: could not connect to host +todo.is: did not receive HSTS header +todobazar.es: could not connect to host +todoscomciro.com: did not receive HSTS header +todosrv.com: could not connect to host +tofu.im: could not connect to host +togelonlinecommunity.com: did not receive HSTS header +toka.sg: did not receive HSTS header +tokenloan.com: could not connect to host +tokkee.org: could not connect to host +tokoindo.top: could not connect to host +tokoone.com: did not receive HSTS header +tokotamz.net: could not connect to host +tokotimbangandigitalmurah.web.id: did not receive HSTS header +tokoyo.biz: could not connect to host +tollmanz.com: did not receive HSTS header +tollsjekk.no: could not connect to host +tolud.com: did not receive HSTS header +tom.run: did not receive HSTS header +tomeara.net: could not connect to host +tomevans.io: did not receive HSTS header +tomlankhorst.nl: did not receive HSTS header +tomli.me: could not connect to host +tomm.yt: could not connect to host +tommounsey.com: could not connect to host +tommsy.com: did not receive HSTS header +tommyads.com: could not connect to host +tommyweber.de: did not receive HSTS header +tomphill.co.uk: could not connect to host +tonburi.jp: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +toncusters.nl: could not connect to host +tongmu.me: did not receive HSTS header +tonyfantjr.com: could not connect to host +toomanypillows.com: could not connect to host +tooolroc.org: could not connect to host +top-stage.net: could not connect to host +topbestsellerproduct.com: did not receive HSTS header +topdeskdev.net: could not connect to host +topdetoxcleanse.com: could not connect to host +topmarine.se: could not connect to host +topnewstoday.org: could not connect to host +topnotchendings.com: could not connect to host +topnovini.com: did not receive HSTS header +toppik.com.br: could not connect to host +topshelfguild.com: could not connect to host +toptenthebest.com: did not receive HSTS header +toptranslation.com: did not receive HSTS header +topyx.com: did not receive HSTS header +tor2web.org: could not connect to host +torahanytime.com: did not receive HSTS header +torchl.it: could not connect to host +torlock.download: could not connect to host +torproject.org.uk: could not connect to host +torrentdownloads.bid: did not receive HSTS header +torrenttop100.net: did not receive HSTS header +torrentz.website: could not connect to host +tortugalife.de: could not connect to host +torv.rocks: did not receive HSTS header +tosecure.link: could not connect to host +toshnix.com: could not connect to host +toshub.com: could not connect to host +totalle.com.br: could not connect to host +totallynotaserver.com: could not connect to host +totalsystemcare.com: did not receive HSTS header +totalworkout.fitness: did not receive HSTS header +totch.de: could not connect to host +totem-eshop.cz: could not connect to host +totoro.pub: did not receive HSTS header +totot.net: could not connect to host +toucedo.de: could not connect to host +touch-up-net.com: could not connect to host +touchbasemail.com: did not receive HSTS header +touchpointidg.us: could not connect to host +touchscreen-handy.de: did not receive HSTS header +touchstonefms.co.uk: did not receive HSTS header +touchtable.nl: did not receive HSTS header +touchwoodtrees.com.au: did not receive HSTS header +tourpeer.com: did not receive HSTS header +toursandtransfers.it: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +toxicip.com: could not connect to host +toxme.se: did not receive HSTS header +toyotamotala.se: could not connect to host +tpbcdn.com: could not connect to host +tpblist.xyz: could not connect to host +tpe-edu.com: could not connect to host +tpms4u.at: did not receive HSTS header +tppdebate.org: did not receive HSTS header +tracetracker.com: did not receive HSTS header +track.plus: could not connect to host +trackdays4fun.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +tracker-gps.ch: could not connect to host +tracktivity.com.au: could not connect to host +trade-smart.ru: could not connect to host +tradingcentre.com.au: did not receive HSTS header +tradinghope.com: could not connect to host +traditional-knowledge.tk: did not receive HSTS header +trafficquality.org: could not connect to host +traffictigers.com: max-age too low: 2592000 +traforet.win: could not connect to host +traindb.nl: did not receive HSTS header +training4girls.ru: could not connect to host +traininglist.org: did not receive HSTS header +trainingproviderresults.gov: could not connect to host +trainut.com: could not connect to host +trakfusion.com: could not connect to host +trance-heal.com: did not receive HSTS header +trance-heal.de: did not receive HSTS header +trance-heal.me: did not receive HSTS header +tranceheal.com: did not receive HSTS header +tranceheal.de: did not receive HSTS header +tranceheal.me: did not receive HSTS header +tranos.de: did not receive HSTS header +transcendmotor.sg: could not connect to host +transcriptionwave.com: did not receive HSTS header +transdirect.com.au: did not receive HSTS header +transformify.org: did not receive HSTS header +transl8.eu: did not receive HSTS header +translate.googleapis.com: did not receive HSTS header (error ignored - included regardless) +transportal.sk: did not receive HSTS header +traumhuetten.de: did not receive HSTS header +travality.ru: could not connect to host +travel-kuban.ru: did not receive HSTS header +travelinsightswriter.com: could not connect to host +travelinsurance.co.nz: did not receive HSTS header +travotion.com: could not connect to host +trazosdearte.com: did not receive HSTS header +treasuredinheritanceministry.com: max-age too low: 2592000 +treatprostatewithhifu.com: could not connect to host +treeby.net: could not connect to host +treeremovaljohannesburg.co.za: could not connect to host +treino.blog.br: could not connect to host +treker.us: could not connect to host +trell.co.in: did not receive HSTS header +trendberry.ru: could not connect to host +triadwars.com: did not receive HSTS header +trialmock.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +tridimage.com: did not receive HSTS header +trileg.net: could not connect to host +trinityaffirmations.com: max-age too low: 0 +trinitycore.org: max-age too low: 2592000 +tripdelta.com: did not receive HSTS header +tripinsider.club: did not receive HSTS header +tristanfarkas.one: could not connect to host +trixies-wish.nz: could not connect to host +trixy.com.br: could not connect to host +troi.de: did not receive HSTS header +trollme.me: could not connect to host +trollscave.xyz: could not connect to host +troo.ly: could not connect to host +true.ink: did not receive HSTS header +truebred-labradors.com: did not receive HSTS header +trunkjunk.co: did not receive HSTS header +trustedinnovators.com: did not receive HSTS header +trusteecar.com: did not receive HSTS header +trustmeimfancy.com: could not connect to host +trybind.com: could not connect to host +trynowrinkleseyeserum.com: could not connect to host +tryoneday.co: did not receive HSTS header +ts2.se: could not connect to host +ts3.consulting: could not connect to host +tsaro.io: could not connect to host +tsdom.net: could not connect to host +tsecy.com: could not connect to host +tsgoc.com: did not receive HSTS header +tsrstore.gq: could not connect to host +tssouthernpower.com: max-age too low: 0 +tsumegumi.net: could not connect to host +tsurezurematome.ga: could not connect to host +tsurimap.com: could not connect to host +tsutsumi-kogyo.jp: could not connect to host +ttackmedical.com.br: could not connect to host +tts.co.nz: did not receive HSTS header +tuamoronline.com: could not connect to host +tubbutec.de: did not receive HSTS header +tubepro.de: did not receive HSTS header +tubetoon.com: did not receive HSTS header +tubetooncartoons.com: did not receive HSTS header +tubex.ga: could not connect to host +tucidi.net: could not connect to host +tucker.wales: could not connect to host +tucnak.eu: could not connect to host +tunai.id: could not connect to host +tunca.it: did not receive HSTS header +tunebitfm.de: could not connect to host +tupizm.com: could not connect to host +turkiet.guide: could not connect to host +turkrock.com: did not receive HSTS header +turn-sticks.com: could not connect to host +turnik-67.ru: could not connect to host +turniker.ru: could not connect to host +turnsticks.com: could not connect to host +turtlementors.com: could not connect to host +tusb.ml: did not receive HSTS header +tussengelegenwoningverkopen.nl: could not connect to host +tuthowto.com: did not receive HSTS header +tutiendaroja.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +tutiendarosa.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +tuturulianda.com: did not receive HSTS header +tuvalie.com: could not connect to host +tuxcall.de: could not connect to host +tuxhound.org: could not connect to host +tuxz.net: could not connect to host +tv.search.yahoo.com: could not connect to host +tverdohleb.com: could not connect to host +tvtubeflix.com: did not receive HSTS header +tvz-materijali.com: could not connect to host +tw2-tools.ga: could not connect to host +twarog.cc: could not connect to host +twee-onder-een-kap-woning-in-alphen-aan-den-rijn-kopen.nl: could not connect to host +twee-onder-een-kap-woning-in-brielle-kopen.nl: could not connect to host +twee-onder-een-kap-woning-in-de-friese-meren-kopen.nl: could not connect to host +twee-onder-een-kap-woning-in-delfzijl-kopen.nl: could not connect to host +twee-onder-een-kap-woning-in-leeuwarden-kopen.nl: could not connect to host +twee-onder-een-kap-woning-in-pekela-kopen.nl: could not connect to host +twee-onder-een-kap-woning-in-rijnwaarden-kopen.nl: could not connect to host +twee-onder-een-kap-woning-in-sudwest-fryslan-kopen.nl: could not connect to host +twee-onder-een-kap-woning-in-veendam-kopen.nl: could not connect to host +twee-onder-een-kap-woning-in-zuidplas-kopen.nl: could not connect to host +twee-onder-een-kap-woning-in-zwartewaterland-kopen.nl: could not connect to host +tweeondereenkapverkopen.nl: could not connect to host +tweeondereenkapwoningverkopen.nl: could not connect to host +tweetify.io: could not connect to host +twelverocks.com: did not receive HSTS header +twillionmas.com: could not connect to host +twinkieman.com: could not connect to host +twinkseason.ca: could not connect to host +twinkseason.co: could not connect to host +twinkseason.co.uk: could not connect to host +twinkseason.net: could not connect to host +twinkseason.org: could not connect to host +twinkseason.xyz: could not connect to host +twiri.net: could not connect to host +twist.party: could not connect to host +twittelzie.nl: could not connect to host +twitter.ax: could not connect to host +twogo.com: did not receive HSTS header +twolinepassbrewing.com: could not connect to host +twolivelife.com: could not connect to host +twotube.ie: could not connect to host +tx041cap.org: did not receive HSTS header +txclimbers.com: could not connect to host +txcp01.com: did not receive HSTS header +txcp02.com: did not receive HSTS header +txf.pw: could not connect to host +ty2u.com: did not receive HSTS header +tykoon.com: could not connect to host +tylerharcourt.com: could not connect to host +tylian.net: max-age too low: 0 +typeofweb.com: did not receive HSTS header +typingrevolution.com: did not receive HSTS header +tyreis.com: did not receive HSTS header +tyrelius.com: could not connect to host +tyroproducts.eu: did not receive HSTS header +tyroremotes.eu: did not receive HSTS header +tyroremotes.no: did not receive HSTS header +tyskland.guide: could not connect to host +tysye.ca: could not connect to host +tzappa.net: could not connect to host +tzwe.com: could not connect to host +u-blox.com: max-age too low: 0 +uadp.pw: did not receive HSTS header +uber.com.au: did not receive HSTS header +uberfunction.com: did not receive HSTS header +ubi.gg: could not connect to host +ubicloud.de: did not receive HSTS header +ubicv.com: could not connect to host +ublox.com: did not receive HSTS header +uborcare.com: could not connect to host +ubuntuhot.com: did not receive HSTS header +uddi.ng: did not receive HSTS header +uefeng.com: did not receive HSTS header +uega.net: did not receive HSTS header +ueu.me: could not connect to host +ufgaming.com: did not receive HSTS header +ufotable.uk: could not connect to host +ugisgutless.com: did not receive HSTS header +ugo.ninja: could not connect to host +ugosadventures.com: could not connect to host +uhm.io: could not connect to host +ukas.com: did not receive HSTS header +ukdropshipment.co.uk: did not receive HSTS header +ukdropshipment.com: did not receive HSTS header +ukk.dk: did not receive HSTS header +ukrgadget.com: could not connect to host +ulabox.cat: did not receive HSTS header +ulabox.es: did not receive HSTS header +ullamodaintima.com.br: could not connect to host +ulmer-schneesport.de: did not receive HSTS header +ulmo.dk: could not connect to host +ulti.gq: could not connect to host +ultimate-garcinia-plus.com: could not connect to host +ultimate-glow-skin.com: could not connect to host +ultimate-memoryplus.com: could not connect to host +ultimate-neuroplus.com: could not connect to host +ultros.io: did not receive HSTS header +umaimise.info: did not receive HSTS header +umgardi.ca: could not connect to host +umidev.com: did not receive HSTS header +umie.cc: did not receive HSTS header +umsapi.com: could not connect to host +umwandeln-online.de: did not receive HSTS header +unart.info: could not connect to host +unbanthe.net: could not connect to host +unblockat.tk: could not connect to host +unblocked-networks.org: could not connect to host +unblocked.date: could not connect to host +unblocked.faith: could not connect to host +unblocked.host: could not connect to host +unblocked.party: could not connect to host +unblocked.st: did not receive HSTS header +unblocked.today: could not connect to host +unblocked.win: did not receive HSTS header +unblocked.works: could not connect to host +unblocked.world: could not connect to host +unblockedall.site: could not connect to host +unblockerproxy.site: could not connect to host +unblockerproxy.top: could not connect to host +unblockmy.party: could not connect to host +unblockmy.tech: did not receive HSTS header +unblockmy.xyz: did not receive HSTS header +unblockmyproxy.site: could not connect to host +unblockthe.site: did not receive HSTS header +unblockthe.top: could not connect to host +unccdesign.club: could not connect to host +unclegen.xyz: could not connect to host +under30stravelinsurance.com.au: did not receive HSTS header +underkin.com: could not connect to host +unefuite.ch: could not connect to host +unexpected.nu: could not connect to host +unfiltered.nyc: could not connect to host +ungern.guide: could not connect to host +unhu.fr: could not connect to host +uni-games.com: could not connect to host +uni2share.com: could not connect to host +unicefkaarten.be: did not receive HSTS header +unicooo.com: could not connect to host +unicorn.li: could not connect to host +unifei.edu.br: did not receive HSTS header +uniformecomgas.com.br: could not connect to host +uniformehumboldt.com.br: did not receive HSTS header +unikitty-on-tour.com: could not connect to host +unionstationapp.com: could not connect to host +unison.com: did not receive HSTS header +unisyssecurity.com: did not receive HSTS header +uniteasia.org: did not receive HSTS header +unitedcyberdevelopment.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +unitlabs.net: could not connect to host +unitrade-425.co.za: did not receive HSTS header +university4industry.com: did not receive HSTS header +univz.com: could not connect to host +unixtime.pro: could not connect to host +unknownbreakup.com: did not receive HSTS header +unknownphenomena.net: could not connect to host +unplugg3r.dk: could not connect to host +unravel.ie: could not connect to host +unsupervised.ca: did not receive HSTS header +unsystem.net: could not connect to host +unwiredbrain.com: could not connect to host +unwomen.is: did not receive HSTS header +unyq.me: did not receive HSTS header +uonstaffhub.com: could not connect to host +uow.ninja: could not connect to host +up1.ca: could not connect to host +upaknship.com: did not receive HSTS header +upboard.jp: could not connect to host +upldr.pw: could not connect to host +uploadbro.com: could not connect to host +uporoops.com: could not connect to host +uprotect.it: could not connect to host +upstats.eu: could not connect to host +uptic.net: did not receive HSTS header +ur-lauber.de: did not receive HSTS header +urandom.eu.org: did not receive HSTS header +urban-garden.lt: could not connect to host +urban-garden.lv: could not connect to host +urbanstylestaging.com: did not receive HSTS header +urbpic.com: could not connect to host +urcentral.org: could not connect to host +urlchomp.com: did not receive HSTS header +urown.net: could not connect to host +urphp.com: could not connect to host +us-immigration.com: did not receive HSTS header +usaab.org: did not receive HSTS header +usbirthcertificate.com: could not connect to host +usbtypeccompliant.com: could not connect to host +uscitizenship.info: did not receive HSTS header +uscntalk.com: could not connect to host +uscp8.com: could not connect to host +uscurrency.gov: did not receive HSTS header +used-in.jp: could not connect to host +user-new.com: did not receive HSTS header +usercare.com: did not receive HSTS header +userify.com: max-age too low: 0 +uslab.io: could not connect to host +usportsgo.com: could not connect to host +usr.nz: did not receive HSTS header +ustr.gov: max-age too low: 86400 +utdscanner.com: did not receive HSTS header +utilitronium-shockwave.com: could not connect to host +utleieplassen.no: could not connect to host +utopiagalaxy.space: could not connect to host +utopian-surgery.com: could not connect to host +utopianconcept.com: did not receive HSTS header +utopianhomespa.com: did not receive HSTS header +utopianrealms.org: did not receive HSTS header +utopians.dk: did not receive HSTS header +uttnetgroup.fr: did not receive HSTS header +utumno.ch: could not connect to host +utvbloggen.se: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +uvarov.pw: did not receive HSTS header +uwesander.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +uwstartups.com: could not connect to host +uxux.pl: could not connect to host +uygindir.ml: could not connect to host +uyym.com: could not connect to host +uzmandroid.com: did not receive HSTS header +uzmandroid.net: could not connect to host +uzmandroid.top: could not connect to host +v-desk.ga: did not receive HSTS header +v0rtex.xyz: could not connect to host +v0tti.com: could not connect to host +v12.co.uk: did not receive HSTS header +v2.pw: did not receive HSTS header +v2ex.us: could not connect to host +v4s.ro: did not receive HSTS header +v4veedu.com: could not connect to host +v7.cl: could not connect to host +v789xl.com: did not receive HSTS header +vaaddress.co: could not connect to host +vaalmarketplace.co.za: did not receive HSTS header +vacationality.com: could not connect to host +vacationfund.co: could not connect to host +vackerbetong.se: could not connect to host +vacuumreviewcenter.com: did not receive HSTS header +vaddder.com: could not connect to host +vadik.me: could not connect to host +vadodesign.nl: did not receive HSTS header +vaeplatform.com: could not connect to host +vaioswolke.xyz: could not connect to host +valaeris.de: could not connect to host +valecnatechnika.cz: could not connect to host +valenhub.com: could not connect to host +valenhub.es: could not connect to host +valenscaelum.com: could not connect to host +valethound.com: could not connect to host +valhalla-agency.com: max-age too low: 0 +valhallacostarica.com: could not connect to host +valhallamovement.com: did not receive HSTS header +valitron.se: did not receive HSTS header +valkyrja.xyz: could not connect to host +valleyridgepta.org: could not connect to host +vallis.net: did not receive HSTS header +valmagus.com: could not connect to host +vamoaeturismo.com.br: could not connect to host +vampirism.eu: could not connect to host +vanacht.co.za: did not receive HSTS header +vanajahosting.com: did not receive HSTS header +vanderkley.it: could not connect to host +vanderstraeten.dynv6.net: could not connect to host +vanestack.com: could not connect to host +vanitas.xyz: could not connect to host +vanitynailworkz.com: could not connect to host +vansieleghem.com: could not connect to host +vapecraftinc.com: did not receive HSTS header +vapeshopsupply.com: could not connect to host +varela-electricite.fr: could not connect to host +vasa-webstranka.sk: did not receive HSTS header +vasanth.org: could not connect to host +vayaport.com: could not connect to host +vbest.net: could not connect to host +vbhelp.org: did not receive HSTS header +vbulletin-russia.com: could not connect to host +vbulletinrussia.com: could not connect to host +vcdove.com: could not connect to host +vcr.re: could not connect to host +vdhco.be: did not receive HSTS header +veblen.com: did not receive HSTS header +vechkasov.ru: did not receive HSTS header +vedatkamer.com: did not receive HSTS header +vega.dyndns.info: could not connect to host +veganosonline.com: could not connect to host +veggiefasting.com: could not connect to host +veggiesbourg.fr: did not receive HSTS header +vegis.ro: did not receive HSTS header +vehent.org: did not receive HSTS header +vehicleuplift.co.uk: did not receive HSTS header +velen.io: could not connect to host +vemokin.net: could not connect to host +venixplays-stream.ml: could not connect to host +venmos.com: did not receive HSTS header +vennet.fr: max-age too low: 0 +venoom.eu: did not receive HSTS header +venturavwparts.com: could not connect to host +venturepro.com: did not receive HSTS header +ventzke.com: did not receive HSTS header +venzocrm.com: did not receive HSTS header +verdeandco.co.uk: could not connect to host +verifiedinvesting.com: did not receive HSTS header +verifikatorindonesia.com: could not connect to host +veristor.com: did not receive HSTS header +vermontcareergateway.org: could not connect to host +versfin.net: could not connect to host +versia.ru: did not receive HSTS header +veryhax.de: could not connect to host +veryyounglesbians.com: could not connect to host +vestacp.top: could not connect to host +vetdnacenter.com: did not receive HSTS header +veterinaire-cazeres-foucault.fr: could not connect to host +vethouse.com.ua: did not receive HSTS header +vetmgmt.com: could not connect to host +veto.fish: could not connect to host +vfree.org: could not connect to host +vgatest.nl: could not connect to host +vglimg.com: could not connect to host +vh.net: could not connect to host +vhost.co.id: could not connect to host +viabemestar.com.br: could not connect to host +viadeux.com: did not receive HSTS header +viasinc.com: did not receive HSTS header +vicenage.com: could not connect to host +viceversa.xyz: did not receive HSTS header +vicianovi.cz: could not connect to host +victorenxovais.com.br: could not connect to host +victoriapemberton.com: did not receive HSTS header +vid.me: did not receive HSTS header +vidbuchanan.co.uk: did not receive HSTS header +viddiaz.com: did not receive HSTS header +videomail.io: did not receive HSTS header +videomuz.com: could not connect to host +videorullen.se: could not connect to host +videotogel.net: did not receive HSTS header +videoueberwachung-set.de: did not receive HSTS header +vider.ga: could not connect to host +vidid.net: did not receive HSTS header +vidz.ga: could not connect to host +vietnamchevrolet.net: did not receive HSTS header +vietnamphotographytours.com: could not connect to host +vigilo.cf: could not connect to host +vigilo.ga: could not connect to host +vijos.org: did not receive HSTS header +vikasbabyworld.de: could not connect to host +viktor-machnik.de: could not connect to host +viktorsvantesson.net: did not receive HSTS header +vilaydin.com: could not connect to host +vilight.com.br: could not connect to host +villacarmela.com.br: did not receive HSTS header +villenvinkit.com: did not receive HSTS header +vimeosucks.nyc: could not connect to host +vinasec.se: could not connect to host +vinbet.org: could not connect to host +vinbet000.com: could not connect to host +vinbet111.com: could not connect to host +vinbet222.com: could not connect to host +vinbet333.com: could not connect to host +vinbet444.com: could not connect to host +vinbet555.com: could not connect to host +vinbet666.com: could not connect to host +vinbet888.com: could not connect to host +vincentkooijman.at: did not receive HSTS header +vincentkooijman.nl: could not connect to host +vinciconps4.it: could not connect to host +vinesauce.info: could not connect to host +vinetalk.net: could not connect to host +viniferawineclub.com: did not receive HSTS header +vinsetchampagne.fr: did not receive HSTS header +vintageheartcoffee.com: max-age too low: 0 +vio.no: did not receive HSTS header +violenceinterrupted.org: did not receive HSTS header +viosey.com: could not connect to host +viperdns.com: could not connect to host +viphospitality.se: could not connect to host +viplentes.com.br: did not receive HSTS header +vipmusic.ga: could not connect to host +viral8.jp: could not connect to host +virginiacrimeanalysisnetwork.org: did not receive HSTS header +virtualstrongbox.ca: could not connect to host +visanhigia.com: could not connect to host +viserproject.com: did not receive HSTS header +vision-painting.com: did not receive HSTS header +visiongamestudios.com: could not connect to host +visionthroughknowledge.com: could not connect to host +visiontree.eu: could not connect to host +visitbroadstairs.com: could not connect to host +vissanum.com: did not receive HSTS header +vissersgrootboek.nl: did not receive HSTS header +vistarait.com: could not connect to host +visualvotes.co.uk: could not connect to host +vitagenda.nl: could not connect to host +vitalita.cz: did not receive HSTS header +vitalorange.com: max-age too low: 7889238 +vitamaxxi.com.br: could not connect to host +vitta.me: did not receive HSTS header +viva-french.com: did not receive HSTS header +vivasports.com.br: could not connect to host +vivocloud.com: could not connect to host +vivremoinscher.fr: did not receive HSTS header +vizeat.com: did not receive HSTS header +vlastimilburian.cz: did not receive HSTS header +vlogge.com: could not connect to host +vlora.city: could not connect to host +vm0.eu: could not connect to host +vmrdev.com: could not connect to host +voceinveste.com: did not receive HSTS header +voeux.io: could not connect to host +vogt.tech: could not connect to host +voicesuk.co.uk: did not receive HSTS header +voidi.ca: could not connect to host +voidserv.net: could not connect to host +volcain.io: could not connect to host +volcrado.com: did not receive HSTS header +volkden.com: could not connect to host +vomitb.in: did not receive HSTS header +vonavy-cukor.sk: could not connect to host +vonavycukor.sk: could not connect to host +vonterra.us: did not receive HSTS header +vooreenveiligthuis.nl: did not receive HSTS header +voorjou.com: did not receive HSTS header +vorangerie.com: could not connect to host +vorderklier.de: could not connect to host +vorlif.org: could not connect to host +vorodevops.com: could not connect to host +vortexhobbies.com: did not receive HSTS header +vosjesweb.nl: could not connect to host +votresiteweb.ch: could not connect to host +vowsy.club: did not receive HSTS header +vox.vg: did not receive HSTS header +vpip.net: could not connect to host +vpl.me: did not receive HSTS header +vpls.co.th: max-age too low: 0 +vpls.com: did not receive HSTS header +vpls.net: max-age too low: 0 +vplssolutions.com: did not receive HSTS header +vpn-byen.dk: did not receive HSTS header +vpn.pics: did not receive HSTS header +vpnhot.com: could not connect to host +vps-szerver-berles.hu: could not connect to host +vpsmojo.com: could not connect to host +vratny.space: could not connect to host +vriendenvoordeel.com: did not receive HSTS header +vrijstaandhuis-in-alphen-aan-den-rijn-kopen.nl: could not connect to host +vrijstaandhuis-in-brielle-kopen.nl: could not connect to host +vrijstaandhuis-in-delfzijl-kopen.nl: could not connect to host +vrijstaandhuis-in-friesland-kopen.nl: could not connect to host +vrijstaandhuis-in-laren-kopen.nl: could not connect to host +vrijstaandhuis-in-leeuwarden-kopen.nl: could not connect to host +vrijstaandhuis-in-veendam-kopen.nl: could not connect to host +vrijstaandhuis-in-zeeland-kopen.nl: could not connect to host +vrijstaandhuis-in-zuid-holland-kopen.nl: could not connect to host +vrijstaandhuis-in-zuidplas-kopen.nl: could not connect to host +vrijstaandhuis-in-zwartewaterland-kopen.nl: could not connect to host +vrijstaandhuisverkopen.nl: could not connect to host +vrobert.fr: could not connect to host +vrtouring.org: could not connect to host +vsc-don-stocksport.de: did not receive HSTS header +vsestiralnie.com: did not receive HSTS header +vvl.me: did not receive HSTS header +vxapps.com: could not connect to host +vxml.club: could not connect to host +vxstream-sandbox.com: did not receive HSTS header +vyncke.org: max-age too low: 2678400 +vyvybean.cf: could not connect to host +vyvygen.com: did not receive HSTS header +vzk.io: could not connect to host +w2gshop.com.br: could not connect to host +w4a.fr: could not connect to host +w4nvu.org: could not connect to host +w4xzr.top: could not connect to host +w4xzr.xyz: could not connect to host +wabifoggynuts.com: could not connect to host +wachtwoordencheck.nl: could not connect to host +wahhoi.net: did not receive HSTS header +wait.moe: could not connect to host +waixingrenfuli7.vip: could not connect to host +wakapp.de: could not connect to host +wakened.net: did not receive HSTS header +walkeryoung.ca: could not connect to host +wallabag.it: did not receive HSTS header +wallabag.org: did not receive HSTS header +wallet.google.com: did not receive HSTS header (error ignored - included regardless) +wallpapers.pub: could not connect to host +wallsblog.dk: could not connect to host +walnutgaming.co.uk: could not connect to host +walterlynnmosley.com: did not receive HSTS header +wanashi.com: could not connect to host +wanban.io: could not connect to host +wanda76.com: could not connect to host +wanda78.com: could not connect to host +wanda79.com: could not connect to host +wanda96.com: could not connect to host +wanda97.com: could not connect to host +wanda98.com: could not connect to host +wangjun.me: did not receive HSTS header +wangkezun.com: could not connect to host +wangqiliang.cn: did not receive HSTS header +wangqiliang.org: did not receive HSTS header +wangqiliang.xn--fiqs8s: could not connect to host +wangzuan168.cc: could not connect to host +wapjt.cn: could not connect to host +wapt.fr: did not receive HSTS header +warandpeace.xyz: could not connect to host +wardsegers.be: did not receive HSTS header +warehost.de: did not receive HSTS header +warhistoryonline.com: did not receive HSTS header +warlions.info: could not connect to host +warp-radio.com: could not connect to host +warp-radio.tv: could not connect to host +warped.com: could not connect to host +warrencreative.com: did not receive HSTS header +warsentech.com: could not connect to host +warsh.moe: did not receive HSTS header +warumsuchen.at: max-age too low: 0 +watchium.com: did not receive HSTS header +watchweasel.com: could not connect to host +waterforlife.net.au: did not receive HSTS header +waterpoint.com.br: could not connect to host +watersportmarkt.net: did not receive HSTS header +watsonhall.uk: could not connect to host +wave.is: could not connect to host +wavefloatrooms.com: did not receive HSTS header +wavefrontsystemstech.com: could not connect to host +wavesboardshop.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +waxdramatic.com: could not connect to host +we.serveftp.net: could not connect to host +wear2work.nl: did not receive HSTS header +weareincognito.org: could not connect to host +weaverhairextensions.nl: could not connect to host +web-industry.fr: could not connect to host +web-insider.net: could not connect to host +web-vision.de: did not receive HSTS header +web4all.fr: did not receive HSTS header +web4pro.fr: could not connect to host +webandwords.com.au: could not connect to host +webanker.sh: did not receive HSTS header +webapps.directory: could not connect to host +webart-factory.de: could not connect to host +webassadors.com: could not connect to host +webbson.net: could not connect to host +webbx.se: max-age too low: 2592000 +webcatechism.com: could not connect to host +webchat.domains: did not receive HSTS header +webdeflect.com: did not receive HSTS header +webdesign-kronberg.de: did not receive HSTS header +webdev.mobi: could not connect to host +webeau.com: could not connect to host +webeconomia.it: did not receive HSTS header +webelement.sk: did not receive HSTS header +weberjulia.com: could not connect to host +webfronten.dk: did not receive HSTS header +webhackspro.com: could not connect to host +webhosting4.net: did not receive HSTS header +webhostingpros.ml: could not connect to host +webies.ro: did not receive HSTS header +webm.to: could not connect to host +webmail.mayfirst.org: did not receive HSTS header +webmaniabr.com: did not receive HSTS header +webmarketingfestival.it: did not receive HSTS header +webninja.work: could not connect to host +webnosql.com: could not connect to host +webperformance.ru: could not connect to host +webproject.rocks: could not connect to host +webproshosting.tk: could not connect to host +webpublica.pt: could not connect to host +webrebels.org: could not connect to host +websandbox.uk: did not receive HSTS header +websitedesign.bg: did not receive HSTS header +webspotter.nl: could not connect to host +webstationservice.fr: could not connect to host +webstellung.com: did not receive HSTS header +webstory.xyz: did not receive HSTS header +webswitch.io: could not connect to host +webtar.info: could not connect to host +webtech.com.br: could not connect to host +webtechgadgetry.com: could not connect to host +webthings.com.br: could not connect to host +webtiles.co.uk: could not connect to host +webuni.hu: did not receive HSTS header +webveloper.com: max-age too low: 0 +webwork.pw: could not connect to host +webypass.xyz: could not connect to host +wecanfindit.co.za: could not connect to host +wecanvisit.com: could not connect to host +weddingenvelopes.co.uk: did not receive HSTS header +weddingibiza.nl: could not connect to host +weebsr.us: could not connect to host +weed.ren: could not connect to host +weekly.fyi: could not connect to host +wegenaer.nl: could not connect to host +weiji.ga: could not connect to host +weiler.xyz: could not connect to host +weiyuz.com: max-age too low: 6585555 +wejumall.com: could not connect to host +wekibe.de: could not connect to host +welby.cat: could not connect to host +welkers.org: could not connect to host +wellastore.ru: could not connect to host +wellcomp.com.br: did not receive HSTS header +wellies.com.au: max-age too low: 7889238 +wellness.so: could not connect to host +wellproducedwines.com: did not receive HSTS header +wellsolveit.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +welpy.com: could not connect to host +weltentreff.com: could not connect to host +weltmeisterschaft.net: could not connect to host +weme.eu: could not connect to host +wendalyncheng.com: did not receive HSTS header +wenz.io: did not receive HSTS header +werdeeintimo.de: did not receive HSTS header +wereldplanner.nl: could not connect to host +werhatunsverraten.eu: could not connect to host +werkenbijkfc.nl: did not receive HSTS header +werkplaatsoost.nl: did not receive HSTS header +werkruimtebottendaal.nl: did not receive HSTS header +wesleyharris.ca: did not receive HSTS header +wespeakgeek.co.za: could not connect to host +westendzone.com: max-age too low: 0 +westerhoud.nl: did not receive HSTS header +westlinwinds.com: did not receive HSTS header +westsussexconnecttosupport.org: could not connect to host +wetoxic.com: did not receive HSTS header +wettbonus.info: did not receive HSTS header +wettbuero.de: did not receive HSTS header +wetten.eu: did not receive HSTS header +wettertoertchen.com: could not connect to host +wetthost.com: could not connect to host +wetttipps.com: could not connect to host +wetttipps.de: could not connect to host +wevahoo.com: could not connect to host +wevg.org: could not connect to host +wevolver.com: did not receive HSTS header +wewillgo.com: could not connect to host +wewillgo.org: did not receive HSTS header +wewlad.me: did not receive HSTS header +wftda.com: did not receive HSTS header +wg-tools.de: could not connect to host +whatnext.limited: did not receive HSTS header +whats.io: could not connect to host +whatsstalk.me: could not connect to host +whatsyouroffer.co.uk: did not receive HSTS header +when-release.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +whereisjason.com: could not connect to host +whereismyorigin.cf: could not connect to host +wheresben.today: could not connect to host +whilsttraveling.com: could not connect to host +whisker.network: could not connect to host +whiskyglazen.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +whitehat.id: could not connect to host +whiterabbit.org: did not receive HSTS header +whiterabbitcakery.com: could not connect to host +whitestagforge.com: did not receive HSTS header +whitewinterwolf.com: could not connect to host +whitworth.nyc: could not connect to host +whoclicks.net: could not connect to host +whoisapi.online: could not connect to host +wholebites.com: max-age too low: 7889238 +wholesomeharvestbread.com: max-age too low: 86400 +whoshotya.de: did not receive HSTS header +whysuck.com: could not connect to host +wibuw.com: could not connect to host +wienholding.at: max-age too low: 0 +wieninternational.at: did not receive HSTS header +wificafehosting.com: did not receive HSTS header +wifimapa.cz: could not connect to host +wiiforum.no: did not receive HSTS header +wiire.me: could not connect to host +wikiclash.info: could not connect to host +wikipeter.nl: did not receive HSTS header +wikisports.eu: could not connect to host +wildbee.org: could not connect to host +wilddog.com: did not receive HSTS header +wildewood.ca: could not connect to host +wilf1rst.com: could not connect to host +wilhelm-nathan.de: could not connect to host +willcipriano.com: could not connect to host +william.si: did not receive HSTS header +williamsapiens.com: could not connect to host +willkommen-fuerstenberg.de: could not connect to host +willosagiede.com: did not receive HSTS header +winaes.com: did not receive HSTS header +winclient.cn: could not connect to host +windowsforum.com: max-age too low: 0 +winds.cf: could not connect to host +winecodeavocado.com: could not connect to host +winfield.me.uk: did not receive HSTS header +winged.io: could not connect to host +wingos.net: could not connect to host +wingumd.net: could not connect to host +winnersports.co: could not connect to host +winpack.cf: could not connect to host +winpack.eu.org: could not connect to host +winsec.nl: could not connect to host +winshiplending.com: did not receive HSTS header +winsufi.biz: could not connect to host +wintercircle.co: did not receive HSTS header +wipc.net: could not connect to host +wipply.com: did not receive HSTS header +wirc.gr: could not connect to host +wireframesoftware.com: could not connect to host +wisak.eu: could not connect to host +wiseloan.com: did not receive HSTS header +wishcert.com: could not connect to host +wishesbee.com: could not connect to host +wispapp.com: did not receive HSTS header +wissl.org: could not connect to host +withgoogle.com: did not receive HSTS header (error ignored - included regardless) +withmy.beer: could not connect to host +withustrading.com: could not connect to host +withyoutube.com: did not receive HSTS header (error ignored - included regardless) +wittcher.com: could not connect to host +wittydonut.com: could not connect to host +witzemaschine.com: did not receive HSTS header +wiz.biz: could not connect to host +wizznab.tk: could not connect to host +wk-cpm.com: could not connect to host +wlzhiyin.cn: could not connect to host +wmawri.com: could not connect to host +wmcuk.net: could not connect to host +wmfinanz.com: could not connect to host +wmoda.com.br: could not connect to host +wnmm.nl: could not connect to host +wnnc.co.uk: did not receive HSTS header +wobblylang.org: could not connect to host +wochenentwicklung.com: did not receive HSTS header +wodice.com: could not connect to host +wohnungsbau-ludwigsburg.de: did not receive HSTS header +woima.fi: max-age too low: 604800 +wolfemg.com: could not connect to host +wolfenland.net: could not connect to host +wolfesden.com: could not connect to host +wolfwings.us: could not connect to host +womf.org: did not receive HSTS header +womosale.de: could not connect to host +wonder.com.mx: max-age too low: 86400 +wonderbooks.club: could not connect to host +wonderfall.xyz: could not connect to host +wondy.com: could not connect to host +woodlandschurch.net: max-age too low: 43200 +woodmafia.com.au: could not connect to host +woodworkertip.com: did not receive HSTS header +woomu.me: could not connect to host +woording.com: could not connect to host +wootton95.com: could not connect to host +wooviet.com: could not connect to host +work-and-jockel.de: did not receive HSTS header +workemy.com: could not connect to host +workfone.io: did not receive HSTS header +workgrouptech.org: could not connect to host +workingclassmedia.com: did not receive HSTS header +workpermit.com.vn: could not connect to host +worldfree4.org: could not connect to host +worldlist.org: could not connect to host +worldpeacetechnology.com: could not connect to host +worldsbeststory.com: did not receive HSTS header +worldwhisperer.net: could not connect to host +worshapp.com: could not connect to host +wow-foederation.de: could not connect to host +wowapi.org: could not connect to host +wowinvasion.com: did not receive HSTS header +wp-fastsearch.de: could not connect to host +wp-rescue.com.au: did not receive HSTS header +wp-stack.pro: could not connect to host +wp6.pw: could not connect to host +wpblog.com.tw: could not connect to host +wpcarer.pro: could not connect to host +wpdublin.com: did not receive HSTS header +wpfortify.com: did not receive HSTS header +wphome.org: could not connect to host +wphostingspot.com: did not receive HSTS header +wplatin.com: did not receive HSTS header +wpmetadatastandardsproject.org: could not connect to host +wpruby.com: did not receive HSTS header +wpturnedup.com: did not receive HSTS header +wpunpacked.com: could not connect to host +wpyecom.es: did not receive HSTS header +wpzhiku.com: did not receive HSTS header +wql.zj.cn: did not receive HSTS header +wrbunderwriting.com: did not receive HSTS header +wrightdoumawedding.com: could not connect to host +writeapp.me: did not receive HSTS header +wrldevelopment.com: did not receive HSTS header +wrwg.ca: could not connect to host +wscbiolo.id: did not receive HSTS header +wsdcap.com: could not connect to host +wsscompany.com.ve: could not connect to host +wsup.social: could not connect to host +wubocong.com: could not connect to host +wubthecaptain.eu: could not connect to host +wuchipc.com: could not connect to host +wuetix.de: max-age too low: 0 +wuhengmin.com: could not connect to host +wulpi.it: did not receive HSTS header +wundtherapie-schulung.de: could not connect to host +wurzelzwerg.net: could not connect to host +wusx.club: could not connect to host +wvr-law.de: did not receive HSTS header +ww2onlineshop.com: did not receive HSTS header +www-001133.com: could not connect to host +www-0385.com: could not connect to host +www-1116.com: did not receive HSTS header +www-1117.com: could not connect to host +www-39988.com: did not receive HSTS header +www-507.net: could not connect to host +www-68277.com: could not connect to host +www-746.com: could not connect to host +www-771122.com: did not receive HSTS header +www-8003.com: did not receive HSTS header +www-88599.com: did not receive HSTS header +www-8887999.com: could not connect to host +www-9995.com: did not receive HSTS header +www-djbet.com: did not receive HSTS header +www-jinshavip.com: could not connect to host +www.cueup.com: could not connect to host +www.cyveillance.com: did not receive HSTS header +www.developer.mydigipass.com: could not connect to host +www.elanex.biz: did not receive HSTS header +www.gamesdepartment.co.uk: did not receive HSTS header +www.gmail.com: did not receive HSTS header (error ignored - included regardless) +www.googlemail.com: did not receive HSTS header (error ignored - included regardless) +www.gpo.gov: did not receive HSTS header +www.greplin.com: could not connect to host +www.honeybadger.io: did not receive HSTS header +www.jitsi.org: did not receive HSTS header +www.ledgerscope.net: could not connect to host +www.logentries.com: did not receive HSTS header +www.moneybookers.com: did not receive HSTS header +www.neonisi.com: could not connect to host +www.paycheckrecords.com: did not receive HSTS header +www.re: could not connect to host +www.rme.li: did not receive HSTS header +www.sandbox.mydigipass.com: could not connect to host +www.sb: could not connect to host +www.surfeasy.com: did not receive HSTS header +www.viasinc.com: did not receive HSTS header +www.zenpayroll.com: did not receive HSTS header +www3.info: did not receive HSTS header +wxukang.cn: could not connect to host +wybmabiity.com: could not connect to host +wygluszanie.eu: did not receive HSTS header +wyzphoto.nl: did not receive HSTS header +x-power-detox.com: could not connect to host +x-ripped-hd.com: could not connect to host +x23.eu: could not connect to host +x2c0.net: did not receive HSTS header +x2w.io: could not connect to host +x3led.com: could not connect to host +x509.pub: could not connect to host +x509.pw: could not connect to host +xanderweaver.com: did not receive HSTS header +xandocs.com: could not connect to host +xat.re: could not connect to host +xavierbarroso.com: could not connect to host +xbc.nz: could not connect to host +xbind.io: could not connect to host +xchating.com: could not connect to host +xcoop.me: could not connect to host +xdd.io: could not connect to host +xehoivn.vn: did not receive HSTS header +xellos.ga: could not connect to host +xellos.ml: could not connect to host +xenesisziarovky.sk: could not connect to host +xeonlab.com: could not connect to host +xeonlab.de: could not connect to host +xett.com: did not receive HSTS header +xf-liam.com: did not receive HSTS header +xfd3.de: did not receive HSTS header +xfive.de: could not connect to host +xgusto.com: did not receive HSTS header +xia100.xyz: could not connect to host +xiangqiushi.com: did not receive HSTS header +xianguocy.com: could not connect to host +xiaody.me: could not connect to host +xiaolvmu.com: could not connect to host +xiaolvmu.me: could not connect to host +xiaoxiao.im: could not connect to host +ximens.me: could not connect to host +xinbiji.cn: could not connect to host +xing.ml: could not connect to host +xisa.it: could not connect to host +xivpn.com: could not connect to host +xiyu.moe: could not connect to host +xmr.my: could not connect to host +xmv.cz: could not connect to host +xn--3lqp21gwna.xn--fiqs8s: could not connect to host +xn--3lqp21gwna.xn--fiqz9s: could not connect to host +xn--3lqt7ir4md4tzwa.cn: did not receive HSTS header +xn--3lqt7ir4md4tzwa.xn--fiqs8s: did not receive HSTS header +xn--3px.jp: could not connect to host +xn--4dbjwf8c.cf: could not connect to host +xn--4dbjwf8c.ga: could not connect to host +xn--4dbjwf8c.gq: could not connect to host +xn--4dbjwf8c.ml: could not connect to host +xn--4dbjwf8c.tk: could not connect to host +xn--6cv66l79sp0n0ibo7s9ne.xyz: could not connect to host +xn--7rvz7ku3ppnr.jp: could not connect to host +xn--7v8h.cf: could not connect to host +xn--80aaihqncaejjobbu6v.xn--p1ai: did not receive HSTS header +xn--80ablh1c.online: could not connect to host +xn--80aocgsfei.xn--p1ai: could not connect to host +xn--98jm6m.jp: did not receive HSTS header +xn--9pr52k0p5a.com: did not receive HSTS header +xn--bstlinser-v2a.com: could not connect to host +xn--c5w27q.ml: could not connect to host +xn--datenrettung-mnchen-jbc.com: did not receive HSTS header +xn--ekr87w7se89ay98ezcs.biz: did not receive HSTS header +xn--gmq92k.nagoya: did not receive HSTS header +xn--jobbrse-d1a.de: max-age too low: 0 +xn--jp-6l5cs1yf3ivjsglphyv.net: could not connect to host +xn--l8j9d2b.jp: did not receive HSTS header +xn--lgb3a8bcpn.cf: could not connect to host +xn--lgb3a8bcpn.ga: could not connect to host +xn--lgb3a8bcpn.gq: could not connect to host +xn--lgb3a8bcpn.ml: could not connect to host +xn--ls8hi7a.tk: could not connect to host +xn--milchaufschumer-test-lzb.de: could not connect to host +xn--neb-tma3u8u.xyz: could not connect to host +xn--p8jskj.jp: did not receive HSTS header +xn--pck4e3a2ex597b4ml.xyz: did not receive HSTS header +xn--qckqc0nxbyc4cdb4527err7c.biz: did not receive HSTS header +xn--srenpind-54a.dk: could not connect to host +xn--t8j2a3042d.xyz: could not connect to host +xn--u9jy16ncfao19mo8i.nagoya: did not receive HSTS header +xn--uist1idrju3i.jp: did not receive HSTS header +xn--w22a.jp: did not receive HSTS header +xn--wmq.jp: did not receive HSTS header +xn--xdtx3pfzbiw3ar8e7yedqrhui.com: could not connect to host +xn--yj8h0m.ws: could not connect to host +xn--ykrp42k.com: could not connect to host +xn--yoamomisuasbcn-ynb.com: could not connect to host +xn--zck9a4b352yuua.jp: did not receive HSTS header +xobox.me: could not connect to host +xoda.pw: did not receive HSTS header +xoffy.com: did not receive HSTS header +xom.party: could not connect to host +xombra.com: did not receive HSTS header +xor-a.net: could not connect to host +xperiacodes.com: could not connect to host +xpi.fr: could not connect to host +xpj.sx: could not connect to host +xpwn.cz: could not connect to host +xrp.pw: could not connect to host +xtom.email: could not connect to host +xtream-hosting.com: could not connect to host +xtream-hosting.de: could not connect to host +xtream-hosting.eu: could not connect to host +xtreamhosting.eu: could not connect to host +xtrim.ru: did not receive HSTS header +xuexb.com: did not receive HSTS header +xunn.io: did not receive HSTS header +xuntaosms.com: could not connect to host +xuwei.de: max-age too low: 0 +xuyh0120.win: did not receive HSTS header +xwaretech.info: could not connect to host +xxbase.com: could not connect to host +xynex.us: could not connect to host +y-o-w.com: did not receive HSTS header +y-s.pw: could not connect to host +y3451.com: could not connect to host +yabrt.cn: could not connect to host +yachts-magazine.com: did not receive HSTS header +yagi2.com: could not connect to host +yahoo.ax: could not connect to host +yamamo10.com: could not connect to host +yameveo.com: did not receive HSTS header +yanwh.xyz: did not receive HSTS header +yaporn.tv: did not receive HSTS header +yarchives.jp: could not connect to host +yard-fu.com: could not connect to host +yardbird.us: could not connect to host +yarnhookup.com: did not receive HSTS header +yasinaydin.net: did not receive HSTS header +yasutomonodokoiko.com: did not receive HSTS header +yaucy.win: could not connect to host +ycc.wtf: could not connect to host +ycm2.wtf: could not connect to host +yd.io: could not connect to host +ydy.jp: could not connect to host +yecl.net: did not receive HSTS header +yello.website: could not connect to host +yellowcar.website: could not connect to host +yemekbaz.az: could not connect to host +yenniferallulli.com: could not connect to host +yenniferallulli.de: could not connect to host +yenniferallulli.es: did not receive HSTS header +yenniferallulli.moda: could not connect to host +yenniferallulli.nl: could not connect to host +yesdevnull.net: did not receive HSTS header +yesfone.com.br: could not connect to host +yestees.com: did not receive HSTS header +yetcore.io: could not connect to host +yffengshi.ml: could not connect to host +yggdar.ga: could not connect to host +yhori.xyz: could not connect to host +yhrd.org: did not receive HSTS header +yibin0831.com: could not connect to host +yikzu.cn: could not connect to host +yin.roma.it: did not receive HSTS header +ying299.com: could not connect to host +ying299.net: could not connect to host +yingsuo.ltd: could not connect to host +yingyj.com: did not receive HSTS header +yinhe12.net: did not receive HSTS header +yippie.nl: could not connect to host +yizhu.com: could not connect to host +ylk.io: could not connect to host +ynode.co: did not receive HSTS header +ynsn.nl: could not connect to host +yntongji.com: could not connect to host +yob.vn: could not connect to host +yobst.tk: could not connect to host +yoga-in-aying.de: did not receive HSTS header +yoga.is-an-engineer.com: could not connect to host +yogeshbeniwal.com: did not receive HSTS header +yohanesmario.com: did not receive HSTS header +yoiyado.info: did not receive HSTS header +yokeepo.com: max-age too low: 0 +yoloboatrentals.com: did not receive HSTS header +yoloprod.fr: could not connect to host +yoloseo.com: could not connect to host +yomepre.com: could not connect to host +yopers.com: did not receive HSTS header +yoru.me: did not receive HSTS header +yotilabs.com: could not connect to host +youcaitian.com: did not receive HSTS header +youcontrol.ru: could not connect to host +youfencun.com: did not receive HSTS header +youlog.net: could not connect to host +youngandunited.nl: did not receive HSTS header +youon.tokyo: could not connect to host +yourbapp.ch: could not connect to host +yourcomputer.expert: did not receive HSTS header +yourgame.co.il: did not receive HSTS header +yourhair.net: max-age too low: 518400 +yoursecondphone.co: could not connect to host +yourstrongbox.com: could not connect to host +yourznc.com: could not connect to host +yousite.by: could not connect to host +youyoulemon.com: did not receive HSTS header +ypiresia.fr: could not connect to host +ytcuber.xyz: could not connect to host +ytvwld.de: did not receive HSTS header +yu7.jp: did not receive HSTS header +yudan.com.br: could not connect to host +yude.ml: could not connect to host +yufan.me: did not receive HSTS header +yuhen.ru: did not receive HSTS header +yukiminami.net: could not connect to host +yuko.moe: could not connect to host +yukonrefugees.com: could not connect to host +yum.beer: could not connect to host +yum0.cn: could not connect to host +yummyfamilyrecipes.com: could not connect to host +yunpan.blue: did not receive HSTS header +yuntama.xyz: could not connect to host +yunzhan.io: did not receive HSTS header +yunzhu.li: did not receive HSTS header +yunzhu.org: could not connect to host +yuriykuzmin.com: did not receive HSTS header +yutabon.com: could not connect to host +yuushou.com: could not connect to host +yux.fr: could not connect to host +yux.io: did not receive HSTS header +ywei.org: could not connect to host +ywyz.tech: could not connect to host +yzal.io: could not connect to host +z3liff.com: could not connect to host +z3liff.net: could not connect to host +zachbolinger.com: could not connect to host +zadieheimlich.com: did not receive HSTS header +zakoncontrol.com: did not receive HSTS header +zamorano.edu: could not connect to host +zamos.ru: max-age too low: 0 +zaneweb.org: could not connect to host +zao.fi: could not connect to host +zaoext.com: could not connect to host +zaoshanghao-dajia.rhcloud.com: could not connect to host +zap.yt: did not receive HSTS header +zarooba.com: could not connect to host +zavca.com: did not receive HSTS header +zbasenem.pl: did not receive HSTS header +zbchen.com: could not connect to host +zbigniewgalucki.eu: did not receive HSTS header +zdravotnickasluzba.eu: could not connect to host +zdrowiepaleo.pl: did not receive HSTS header +zebbra.ro: did not receive HSTS header +zebrababy.cn: could not connect to host +zebry.nl: could not connect to host +zecrypto.com: could not connect to host +zeedroom.be: did not receive HSTS header +zefiris.org: did not receive HSTS header +zefu.ca: could not connect to host +zehntner.ch: could not connect to host +zeitzer-turngala.de: could not connect to host +zelfmoord.ga: could not connect to host +zelfstandigemakelaars.net: could not connect to host +zenghx.tk: could not connect to host +zenhaiku.com: did not receive HSTS header +zenpayroll.com: did not receive HSTS header +zentience.dk: did not receive HSTS header +zentience.net: did not receive HSTS header +zentience.org: could not connect to host +zentraler-kreditausschuss.de: did not receive HSTS header +zentralwolke.de: did not receive HSTS header +zenwears.com: could not connect to host +zera.com.au: could not connect to host +zerekin.net: did not receive HSTS header +zero-x-baadf00d.com: could not connect to host +zeroday.sk: did not receive HSTS header +zerofox.gq: could not connect to host +zerolab.org: could not connect to host +zeroml.ml: could not connect to host +zerosource.net: could not connect to host +zerudi.com: did not receive HSTS header +zeto365.pl: did not receive HSTS header +zett4.me: did not receive HSTS header +zeytin.pro: could not connect to host +zh1.li: could not connect to host +zhang.wtf: could not connect to host +zhangfangzhou.com: could not connect to host +zhangge.net: did not receive HSTS header +zhangruilin.com: did not receive HSTS header +zhangsir.net: could not connect to host +zhaochen.xyz: could not connect to host +zhaojin97.cn: could not connect to host +zhendingresources.com: did not receive HSTS header +zhenmeish.com: could not connect to host +zhh.in: could not connect to host +zhihua-lai.com: did not receive HSTS header +zhiin.net: could not connect to host +zhikin.com: could not connect to host +zhoujiashu.com: could not connect to host +zhuji.com.cn: could not connect to host +zi0r.com: did not receive HSTS header +zian.online: could not connect to host +zicklam.com: could not connect to host +zifb.in: did not receive HSTS header +zigcore.com.br: could not connect to host +zihao.me: did not receive HSTS header +zikirakhirzaman.com: could not connect to host +zinc-x.com: did not receive HSTS header +zinenapse.info: could not connect to host +zippy-download.com: could not connect to host +zippy-download.de: could not connect to host +zirtue.io: could not connect to host +zivagold.com: did not receive HSTS header +zivy-ruzenec.cz: did not receive HSTS header +ziyuanabc.xyz: could not connect to host +zizoo.com: did not receive HSTS header +zju.tv: could not connect to host +zjubtv.com: could not connect to host +zjutv.com: could not connect to host +zkillboard.com: did not receive HSTS header +zking.ga: could not connect to host +zlcp.com: could not connect to host +zmsastro.co.za: could not connect to host +zmy.im: could not connect to host +znacite.com: did not receive HSTS header +znd.jp: did not receive HSTS header +zobraz.cz: could not connect to host +zocken.com: did not receive HSTS header +zoe.vc: could not connect to host +zohar.link: could not connect to host +zokster.net: could not connect to host +zolotoy-standart.com.ua: did not receive HSTS header +zomiac.pp.ua: could not connect to host +zoneminder.com: did not receive HSTS header +zoners.si: did not receive HSTS header +zonky.io: could not connect to host +zoo24.de: did not receive HSTS header +zoofaeth.de: did not receive HSTS header +zoomingin.net: max-age too low: 5184000 +zoommailing.com: did not receive HSTS header +zoorigin.com: did not receive HSTS header +zorasvobodova.cz: did not receive HSTS header +zortium.report: could not connect to host +zoznamrealit.sk: did not receive HSTS header +zqhong.com: could not connect to host +zqjs.tk: could not connect to host +zqwqz.com: max-age too low: 0 +zrt.io: did not receive HSTS header +ztan.tk: could not connect to host +ztcaoll222.cn: did not receive HSTS header +ztytian.com: did not receive HSTS header +zubel.it: did not receive HSTS header +zudomc.me: could not connect to host +zuehlcke.de: could not connect to host +zunftmarke.de: did not receive HSTS header +zuram.net: could not connect to host +zuviel.space: could not connect to host +zvncloud.com: did not receive HSTS header +zwembadheeten.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121" data: no] +zwollemagazine.nl: did not receive HSTS header +zyf.pw: could not connect to host +zymbit.com: did not receive HSTS header +zync.ca: did not receive HSTS header +zypgr.com: could not connect to host +zyso.org: could not connect to host +zzb510.com: did not receive HSTS header +zzb6688.com: did not receive HSTS header +zzb8899.com: did not receive HSTS header +zzw.ca: could not connect to host diff --git a/security/manager/ssl/nsSTSPreloadList.inc b/security/manager/ssl/nsSTSPreloadList.inc new file mode 100644 index 000000000..ec59ba0dc --- /dev/null +++ b/security/manager/ssl/nsSTSPreloadList.inc @@ -0,0 +1,62431 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/*****************************************************************************/ +/* This is an automatically generated file. If you're not */ +/* nsSiteSecurityService.cpp, you shouldn't be #including it. */ +/*****************************************************************************/ + +#include +const PRTime gPreloadListExpirationTime = INT64_C(1527192147845000); + +static const char kSTSHostTable[] = { + /* "0.me.uk", true */ '0', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "0005pay.com", true */ '0', '0', '0', '5', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "0010100.net", true */ '0', '0', '1', '0', '1', '0', '0', '.', 'n', 'e', 't', '\0', + /* "007-preisvergleich.de", true */ '0', '0', '7', '-', 'p', 'r', 'e', 'i', 's', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "00881919.com", true */ '0', '0', '8', '8', '1', '9', '1', '9', '.', 'c', 'o', 'm', '\0', + /* "00f.net", true */ '0', '0', 'f', '.', 'n', 'e', 't', '\0', + /* "00wbf.com", true */ '0', '0', 'w', 'b', 'f', '.', 'c', 'o', 'm', '\0', + /* "0100dev.com", true */ '0', '1', '0', '0', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "0100dev.nl", true */ '0', '1', '0', '0', 'd', 'e', 'v', '.', 'n', 'l', '\0', + /* "01electronica.com.ar", true */ '0', '1', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "01seguridad.com.ar", true */ '0', '1', 's', 'e', 'g', 'u', 'r', 'i', 'd', 'a', 'd', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "0222.mg", true */ '0', '2', '2', '2', '.', 'm', 'g', '\0', + /* "023838.com", true */ '0', '2', '3', '8', '3', '8', '.', 'c', 'o', 'm', '\0', + /* "023sec.com", true */ '0', '2', '3', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "03-09-2016.wedding", true */ '0', '3', '-', '0', '9', '-', '2', '0', '1', '6', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0', + /* "040fitvitality.nl", true */ '0', '4', '0', 'f', 'i', 't', 'v', 'i', 't', 'a', 'l', 'i', 't', 'y', '.', 'n', 'l', '\0', + /* "046569.com", true */ '0', '4', '6', '5', '6', '9', '.', 'c', 'o', 'm', '\0', + /* "04sun.com", true */ '0', '4', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "050media.nl", true */ '0', '5', '0', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0', + /* "0513c.com", true */ '0', '5', '1', '3', 'c', '.', 'c', 'o', 'm', '\0', + /* "0573wk.com", true */ '0', '5', '7', '3', 'w', 'k', '.', 'c', 'o', 'm', '\0', + /* "06se.com", true */ '0', '6', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "0au.de", true */ '0', 'a', 'u', '.', 'd', 'e', '\0', + /* "0c.eu", true */ '0', 'c', '.', 'e', 'u', '\0', + /* "0c3.de", true */ '0', 'c', '3', '.', 'd', 'e', '\0', + /* "0cdn.ga", true */ '0', 'c', 'd', 'n', '.', 'g', 'a', '\0', + /* "0day.agency", true */ '0', 'd', 'a', 'y', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0', + /* "0ik.de", true */ '0', 'i', 'k', '.', 'd', 'e', '\0', + /* "0iz.net", true */ '0', 'i', 'z', '.', 'n', 'e', 't', '\0', + /* "0knowledge.de", true */ '0', 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', '.', 'd', 'e', '\0', + /* "0paste.com", true */ '0', 'p', 'a', 's', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "0wx.cat", true */ '0', 'w', 'x', '.', 'c', 'a', 't', '\0', + /* "0wx.es", true */ '0', 'w', 'x', '.', 'e', 's', '\0', + /* "0wx.eu", true */ '0', 'w', 'x', '.', 'e', 'u', '\0', + /* "0wx.org", true */ '0', 'w', 'x', '.', 'o', 'r', 'g', '\0', + /* "0x.cx", true */ '0', 'x', '.', 'c', 'x', '\0', + /* "0x.sk", true */ '0', 'x', '.', 's', 'k', '\0', + /* "0x00ff00ff.com", true */ '0', 'x', '0', '0', 'f', 'f', '0', '0', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "0x17.de", true */ '0', 'x', '1', '7', '.', 'd', 'e', '\0', + /* "0x52.net", true */ '0', 'x', '5', '2', '.', 'n', 'e', 't', '\0', + /* "0x539.be", true */ '0', 'x', '5', '3', '9', '.', 'b', 'e', '\0', + /* "0x65.net", true */ '0', 'x', '6', '5', '.', 'n', 'e', 't', '\0', + /* "0x7d.com", true */ '0', 'x', '7', 'd', '.', 'c', 'o', 'm', '\0', + /* "0x7fffffff.net", true */ '0', 'x', '7', 'f', 'f', 'f', 'f', 'f', 'f', 'f', '.', 'n', 'e', 't', '\0', + /* "0x90.in", true */ '0', 'x', '9', '0', '.', 'i', 'n', '\0', + /* "0x90.io", true */ '0', 'x', '9', '0', '.', 'i', 'o', '\0', + /* "0xaa55.me", true */ '0', 'x', 'a', 'a', '5', '5', '.', 'm', 'e', '\0', + /* "0xabe.io", true */ '0', 'x', 'a', 'b', 'e', '.', 'i', 'o', '\0', + /* "0xacab.org", true */ '0', 'x', 'a', 'c', 'a', 'b', '.', 'o', 'r', 'g', '\0', + /* "0xcafec0.de", true */ '0', 'x', 'c', 'a', 'f', 'e', 'c', '0', '.', 'd', 'e', '\0', + /* "0xda.de", true */ '0', 'x', 'd', 'a', '.', 'd', 'e', '\0', + /* "0xdc.io", false */ '0', 'x', 'd', 'c', '.', 'i', 'o', '\0', + /* "0xdefaced.de", true */ '0', 'x', 'd', 'e', 'f', 'a', 'c', 'e', 'd', '.', 'd', 'e', '\0', + /* "0xee.eu", true */ '0', 'x', 'e', 'e', '.', 'e', 'u', '\0', + /* "0xf00.ch", true */ '0', 'x', 'f', '0', '0', '.', 'c', 'h', '\0', + /* "0xfc.de", true */ '0', 'x', 'f', 'c', '.', 'd', 'e', '\0', + /* "0xn.de", true */ '0', 'x', 'n', '.', 'd', 'e', '\0', + /* "0yen.org", true */ '0', 'y', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "1-2-3bounce.co.uk", true */ '1', '-', '2', '-', '3', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "100-downloads.com", true */ '1', '0', '0', '-', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "10000v.ru", true */ '1', '0', '0', '0', '0', 'v', '.', 'r', 'u', '\0', + /* "1000hats.com", true */ '1', '0', '0', '0', 'h', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "1000minds.com", true */ '1', '0', '0', '0', 'm', 'i', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "1000serien.com", true */ '1', '0', '0', '0', 's', 'e', 'r', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "1001.best", true */ '1', '0', '0', '1', '.', 'b', 'e', 's', 't', '\0', + /* "1001kerstpakketten.com", false */ '1', '0', '0', '1', 'k', 'e', 'r', 's', 't', 'p', 'a', 'k', 'k', 'e', 't', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "100and1.jp", true */ '1', '0', '0', 'a', 'n', 'd', '1', '.', 'j', 'p', '\0', + /* "100kredite.de", true */ '1', '0', '0', 'k', 'r', 'e', 'd', 'i', 't', 'e', '.', 'd', 'e', '\0', + /* "100mani.it", true */ '1', '0', '0', 'm', 'a', 'n', 'i', '.', 'i', 't', '\0', + /* "100onrainkajino.com", true */ '1', '0', '0', 'o', 'n', 'r', 'a', 'i', 'n', 'k', 'a', 'j', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "100pounds.co.uk", true */ '1', '0', '0', 'p', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "100rembourse.be", true */ '1', '0', '0', 'r', 'e', 'm', 'b', 'o', 'u', 'r', 's', 'e', '.', 'b', 'e', '\0', + /* "1011100.com", true */ '1', '0', '1', '1', '1', '0', '0', '.', 'c', 'o', 'm', '\0', + /* "101sauna.kz", true */ '1', '0', '1', 's', 'a', 'u', 'n', 'a', '.', 'k', 'z', '\0', + /* "101sauna.ru", true */ '1', '0', '1', 's', 'a', 'u', 'n', 'a', '.', 'r', 'u', '\0', + /* "1041263497.rsc.cdn77.org", true */ '1', '0', '4', '1', '2', '6', '3', '4', '9', '7', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "1066.io", true */ '1', '0', '6', '6', '.', 'i', 'o', '\0', + /* "10gbit.ovh", true */ '1', '0', 'g', 'b', 'i', 't', '.', 'o', 'v', 'h', '\0', + /* "10hz.de", true */ '1', '0', 'h', 'z', '.', 'd', 'e', '\0', + /* "10og.de", true */ '1', '0', 'o', 'g', '.', 'd', 'e', '\0', + /* "10x.ooo", true */ '1', '0', 'x', '.', 'o', 'o', 'o', '\0', + /* "1100.so", true */ '1', '1', '0', '0', '.', 's', 'o', '\0', + /* "1116pay.com", true */ '1', '1', '1', '6', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "112app.nl", true */ '1', '1', '2', 'a', 'p', 'p', '.', 'n', 'l', '\0', + /* "112hz.com", true */ '1', '1', '2', 'h', 'z', '.', 'c', 'o', 'm', '\0', + /* "11loc.de", true */ '1', '1', 'l', 'o', 'c', '.', 'd', 'e', '\0', + /* "11scc.com", true */ '1', '1', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0', + /* "11thstreetcoffee.com", true */ '1', '1', 't', 'h', 's', 't', 'r', 'e', 'e', 't', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "11urss.com", true */ '1', '1', 'u', 'r', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "1212873467.rsc.cdn77.org", true */ '1', '2', '1', '2', '8', '7', '3', '4', '6', '7', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "1218641649.rsc.cdn77.org", true */ '1', '2', '1', '8', '6', '4', '1', '6', '4', '9', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "123comparer.fr", true */ '1', '2', '3', 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'r', '.', 'f', 'r', '\0', + /* "123djdrop.com", true */ '1', '2', '3', 'd', 'j', 'd', 'r', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "123midterm.com", true */ '1', '2', '3', 'm', 'i', 'd', 't', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "123movies.fyi", true */ '1', '2', '3', 'm', 'o', 'v', 'i', 'e', 's', '.', 'f', 'y', 'i', '\0', + /* "123pay.ir", true */ '1', '2', '3', 'p', 'a', 'y', '.', 'i', 'r', '\0', + /* "123plons.nl", true */ '1', '2', '3', 'p', 'l', 'o', 'n', 's', '.', 'n', 'l', '\0', + /* "123termpapers.com", true */ '1', '2', '3', 't', 'e', 'r', 'm', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "123test.com", true */ '1', '2', '3', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "123test.nl", true */ '1', '2', '3', 't', 'e', 's', 't', '.', 'n', 'l', '\0', + /* "125m125.de", true */ '1', '2', '5', 'm', '1', '2', '5', '.', 'd', 'e', '\0', + /* "12vpn.net", true */ '1', '2', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0', + /* "130.ua", true */ '1', '3', '0', '.', 'u', 'a', '\0', + /* "132kv.ch", true */ '1', '3', '2', 'k', 'v', '.', 'c', 'h', '\0', + /* "13318522.com", true */ '1', '3', '3', '1', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "1359826938.rsc.cdn77.org", true */ '1', '3', '5', '9', '8', '2', '6', '9', '3', '8', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "1395kj.com", true */ '1', '3', '9', '5', 'k', 'j', '.', 'c', 'o', 'm', '\0', + /* "1396.net", true */ '1', '3', '9', '6', '.', 'n', 'e', 't', '\0', + /* "13th-dover.uk", true */ '1', '3', 't', 'h', '-', 'd', 'o', 'v', 'e', 'r', '.', 'u', 'k', '\0', + /* "1453914078.rsc.cdn77.org", true */ '1', '4', '5', '3', '9', '1', '4', '0', '7', '8', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "1464424382.rsc.cdn77.org", true */ '1', '4', '6', '4', '4', '2', '4', '3', '8', '2', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "14it.de", true */ '1', '4', 'i', 't', '.', 'd', 'e', '\0', + /* "14x3.de", true */ '1', '4', 'x', '3', '.', 'd', 'e', '\0', + /* "15-10.com", true */ '1', '5', '-', '1', '0', '.', 'c', 'o', 'm', '\0', + /* "1511774230.rsc.cdn77.org", true */ '1', '5', '1', '1', '7', '7', '4', '2', '3', '0', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "1590284872.rsc.cdn77.org", true */ '1', '5', '9', '0', '2', '8', '4', '8', '7', '2', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "1600esplanade.com", true */ '1', '6', '0', '0', 'e', 's', 'p', 'l', 'a', 'n', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "16164f.com", true */ '1', '6', '1', '6', '4', 'f', '.', 'c', 'o', 'm', '\0', + /* "1644091933.rsc.cdn77.org", true */ '1', '6', '4', '4', '0', '9', '1', '9', '3', '3', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "174.net.nz", true */ '1', '7', '4', '.', 'n', 'e', 't', '.', 'n', 'z', '\0', + /* "1750studios.com", false */ '1', '7', '5', '0', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "17hats.com", true */ '1', '7', 'h', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "1844329061.rsc.cdn77.org", true */ '1', '8', '4', '4', '3', '2', '9', '0', '6', '1', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "188522.com", false */ '1', '8', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "18888msc.com", true */ '1', '8', '8', '8', '8', 'm', 's', 'c', '.', 'c', 'o', 'm', '\0', + /* "1888zr.com", true */ '1', '8', '8', '8', 'z', 'r', '.', 'c', 'o', 'm', '\0', + /* "188dv.com", true */ '1', '8', '8', 'd', 'v', '.', 'c', 'o', 'm', '\0', + /* "189dv.com", true */ '1', '8', '9', 'd', 'v', '.', 'c', 'o', 'm', '\0', + /* "18f.gov", true */ '1', '8', 'f', '.', 'g', 'o', 'v', '\0', + /* "18f.gsa.gov", false */ '1', '8', 'f', '.', 'g', 's', 'a', '.', 'g', 'o', 'v', '\0', + /* "1912x.com", true */ '1', '9', '1', '2', 'x', '.', 'c', 'o', 'm', '\0', + /* "19216811.online", true */ '1', '9', '2', '1', '6', '8', '1', '1', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "1921958389.rsc.cdn77.org", true */ '1', '9', '2', '1', '9', '5', '8', '3', '8', '9', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "1972969867.rsc.cdn77.org", true */ '1', '9', '7', '2', '9', '6', '9', '8', '6', '7', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "1981612088.rsc.cdn77.org", true */ '1', '9', '8', '1', '6', '1', '2', '0', '8', '8', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "19hundert84.de", true */ '1', '9', 'h', 'u', 'n', 'd', 'e', 'r', 't', '8', '4', '.', 'd', 'e', '\0', + /* "1a-diamantscheiben.de", true */ '1', 'a', '-', 'd', 'i', 'a', 'm', 'a', 'n', 't', 's', 'c', 'h', 'e', 'i', 'b', 'e', 'n', '.', 'd', 'e', '\0', + /* "1a-vermessung.at", true */ '1', 'a', '-', 'v', 'e', 'r', 'm', 'e', 's', 's', 'u', 'n', 'g', '.', 'a', 't', '\0', + /* "1a-werkstattgeraete.de", true */ '1', 'a', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', 'g', 'e', 'r', 'a', 'e', 't', 'e', '.', 'd', 'e', '\0', + /* "1cover.co.nz", true */ '1', 'c', 'o', 'v', 'e', 'r', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "1cover.com.au", true */ '1', 'c', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "1e9.nl", true */ '1', 'e', '9', '.', 'n', 'l', '\0', + /* "1er-secours.ch", true */ '1', 'e', 'r', '-', 's', 'e', 'c', 'o', 'u', 'r', 's', '.', 'c', 'h', '\0', + /* "1gsoft.com", true */ '1', 'g', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "1hourproofreading.com", true */ '1', 'h', 'o', 'u', 'r', 'p', 'r', 'o', 'o', 'f', 'r', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "1it.click", true */ '1', 'i', 't', '.', 'c', 'l', 'i', 'c', 'k', '\0', + /* "1item.co.il", true */ '1', 'i', 't', 'e', 'm', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "1js.de", true */ '1', 'j', 's', '.', 'd', 'e', '\0', + /* "1kando.com", false */ '1', 'k', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "1km.ro", true */ '1', 'k', 'm', '.', 'r', 'o', '\0', + /* "1kmi.co", true */ '1', 'k', 'm', 'i', '.', 'c', 'o', '\0', + /* "1morebounce.co.uk", true */ '1', 'm', 'o', 'r', 'e', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "1nfr.com", false */ '1', 'n', 'f', 'r', '.', 'c', 'o', 'm', '\0', + /* "1of16.de", true */ '1', 'o', 'f', '1', '6', '.', 'd', 'e', '\0', + /* "1on1on1.de", true */ '1', 'o', 'n', '1', 'o', 'n', '1', '.', 'd', 'e', '\0', + /* "1on1on1.tv", true */ '1', 'o', 'n', '1', 'o', 'n', '1', '.', 't', 'v', '\0', + /* "1p.ro", false */ '1', 'p', '.', 'r', 'o', '\0', + /* "1panorama.ru", true */ '1', 'p', 'a', 'n', 'o', 'r', 'a', 'm', 'a', '.', 'r', 'u', '\0', + /* "1para.net", true */ '1', 'p', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "1password.com", true */ '1', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "1pw.ca", true */ '1', 'p', 'w', '.', 'c', 'a', '\0', + /* "1px.tv", true */ '1', 'p', 'x', '.', 't', 'v', '\0', + /* "1rs.nl", true */ '1', 'r', 's', '.', 'n', 'l', '\0', + /* "1scope.com", true */ '1', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "1se2or3.com", true */ '1', 's', 'e', '2', 'o', 'r', '3', '.', 'c', 'o', 'm', '\0', + /* "1st-bounce.co.uk", true */ '1', 's', 't', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "1st-community.de", true */ '1', 's', 't', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'd', 'e', '\0', + /* "1st4abounce.co.uk", true */ '1', 's', 't', '4', 'a', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "1stchoicefun.co.uk", true */ '1', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "1stclassbouncycastles.co.uk", true */ '1', 's', 't', 'c', 'l', 'a', 's', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "1stforfun.co.uk", true */ '1', 's', 't', 'f', 'o', 'r', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "1stpeninsulabouncers.co.uk", true */ '1', 's', 't', 'p', 'e', 'n', 'i', 'n', 's', 'u', 'l', 'a', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "1ststop.co.uk", true */ '1', 's', 't', 's', 't', 'o', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "1whw.co.uk", true */ '1', 'w', 'h', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "1wirelog.de", true */ '1', 'w', 'i', 'r', 'e', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "1wl.uk", true */ '1', 'w', 'l', '.', 'u', 'k', '\0', + /* "2.wtf", true */ '2', '.', 'w', 't', 'f', '\0', + /* "2048-spiel.de", true */ '2', '0', '4', '8', '-', 's', 'p', 'i', 'e', 'l', '.', 'd', 'e', '\0', + /* "2048game.co.uk", true */ '2', '0', '4', '8', 'g', 'a', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "208.es", true */ '2', '0', '8', '.', 'e', 's', '\0', + /* "20denier.com", true */ '2', '0', 'd', 'e', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "21.co.uk", true */ '2', '1', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "21stnc.com", true */ '2', '1', 's', 't', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "21x9.org", true */ '2', '1', 'x', '9', '.', 'o', 'r', 'g', '\0', + /* "22scc.com", true */ '2', '2', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0', + /* "2333.press", true */ '2', '3', '3', '3', '.', 'p', 'r', 'e', 's', 's', '\0', + /* "2333666.xyz", true */ '2', '3', '3', '3', '6', '6', '6', '.', 'x', 'y', 'z', '\0', + /* "233abc.com", true */ '2', '3', '3', 'a', 'b', 'c', '.', 'c', 'o', 'm', '\0', + /* "233blog.com", true */ '2', '3', '3', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "24-7.jp", true */ '2', '4', '-', '7', '.', 'j', 'p', '\0', + /* "246060.ru", true */ '2', '4', '6', '0', '6', '0', '.', 'r', 'u', '\0', + /* "247a.co.uk", true */ '2', '4', '7', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "247healthshop.com", true */ '2', '4', '7', 'h', 'e', 'a', 'l', 't', 'h', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "247medplan.com", true */ '2', '4', '7', 'm', 'e', 'd', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "24ip.com", true */ '2', '4', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "24ip.de", true */ '2', '4', 'i', 'p', '.', 'd', 'e', '\0', + /* "24ip.fr", true */ '2', '4', 'i', 'p', '.', 'f', 'r', '\0', + /* "24kbet.com", true */ '2', '4', 'k', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "256k.me", true */ '2', '5', '6', 'k', '.', 'm', 'e', '\0', + /* "256pages.com", true */ '2', '5', '6', 'p', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "25reinyan25.net", true */ '2', '5', 'r', 'e', 'i', 'n', 'y', 'a', 'n', '2', '5', '.', 'n', 'e', 't', '\0', + /* "2600edinburgh.org", true */ '2', '6', '0', '0', 'e', 'd', 'i', 'n', 'b', 'u', 'r', 'g', 'h', '.', 'o', 'r', 'g', '\0', + /* "2600hq.com", true */ '2', '6', '0', '0', 'h', 'q', '.', 'c', 'o', 'm', '\0', + /* "263.info", true */ '2', '6', '3', '.', 'i', 'n', 'f', 'o', '\0', + /* "27728522.com", true */ '2', '7', '7', '2', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "281180.de", true */ '2', '8', '1', '1', '8', '0', '.', 'd', 'e', '\0', + /* "29227.com", true */ '2', '9', '2', '2', '7', '.', 'c', 'o', 'm', '\0', + /* "2b3b.com", true */ '2', 'b', '3', 'b', '.', 'c', 'o', 'm', '\0', + /* "2bas.nl", true */ '2', 'b', 'a', 's', '.', 'n', 'l', '\0', + /* "2bcompany.ch", true */ '2', 'b', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'h', '\0', + /* "2bis10.de", true */ '2', 'b', 'i', 's', '1', '0', '.', 'd', 'e', '\0', + /* "2bitout.com", true */ '2', 'b', 'i', 't', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "2bouncy.com", true */ '2', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "2c-b.com", true */ '2', 'c', '-', 'b', '.', 'c', 'o', 'm', '\0', + /* "2c-d.com", true */ '2', 'c', '-', 'd', '.', 'c', 'o', 'm', '\0', + /* "2c-e.com", true */ '2', 'c', '-', 'e', '.', 'c', 'o', 'm', '\0', + /* "2c-t-2.com", true */ '2', 'c', '-', 't', '-', '2', '.', 'c', 'o', 'm', '\0', + /* "2c-t-7.com", true */ '2', 'c', '-', 't', '-', '7', '.', 'c', 'o', 'm', '\0', + /* "2c-t-8.com", true */ '2', 'c', '-', 't', '-', '8', '.', 'c', 'o', 'm', '\0', + /* "2cash.ru", true */ '2', 'c', 'a', 's', 'h', '.', 'r', 'u', '\0', + /* "2cv-fahrer.de", true */ '2', 'c', 'v', '-', 'f', 'a', 'h', 'r', 'e', 'r', '.', 'd', 'e', '\0', + /* "2fm.ie", true */ '2', 'f', 'm', '.', 'i', 'e', '\0', + /* "2fraud.pro", true */ '2', 'f', 'r', 'a', 'u', 'd', '.', 'p', 'r', 'o', '\0', + /* "2gen.com", true */ '2', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "2heartsbookings.co.uk", true */ '2', 'h', 'e', 'a', 'r', 't', 's', 'b', 'o', 'o', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "2hypeenterprises.com", true */ '2', 'h', 'y', 'p', 'e', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "2kgwf.fi", true */ '2', 'k', 'g', 'w', 'f', '.', 'f', 'i', '\0', + /* "2krueger.de", true */ '2', 'k', 'r', 'u', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "2mb.solutions", true */ '2', 'm', 'b', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0', + /* "2nains.ch", true */ '2', 'n', 'a', 'i', 'n', 's', '.', 'c', 'h', '\0', + /* "2nerds1bit.com", true */ '2', 'n', 'e', 'r', 'd', 's', '1', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "2pay.fr", true */ '2', 'p', 'a', 'y', '.', 'f', 'r', '\0', + /* "2programmers.net", true */ '2', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "2stv.net", true */ '2', 's', 't', 'v', '.', 'n', 'e', 't', '\0', + /* "2ulcceria.nl", true */ '2', 'u', 'l', 'c', 'c', 'e', 'r', 'i', 'a', '.', 'n', 'l', '\0', + /* "300m.com", false */ '3', '0', '0', 'm', '.', 'c', 'o', 'm', '\0', + /* "30hzcollective.com", true */ '3', '0', 'h', 'z', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "3133780x.com", true */ '3', '1', '3', '3', '7', '8', '0', 'x', '.', 'c', 'o', 'm', '\0', + /* "31klabs.com", true */ '3', '1', 'k', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "31tv.ru", true */ '3', '1', 't', 'v', '.', 'r', 'u', '\0', + /* "321live.nl", true */ '3', '2', '1', 'l', 'i', 'v', 'e', '.', 'n', 'l', '\0', + /* "32h.de", true */ '3', '2', 'h', '.', 'd', 'e', '\0', + /* "33-km.ru", true */ '3', '3', '-', 'k', 'm', '.', 'r', 'u', '\0', + /* "330.net", true */ '3', '3', '0', '.', 'n', 'e', 't', '\0', + /* "33445.com", true */ '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0', + /* "33scc.com", true */ '3', '3', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0', + /* "3473-wiki.de", true */ '3', '4', '7', '3', '-', 'w', 'i', 'k', 'i', '.', 'd', 'e', '\0', + /* "360live.fr", true */ '3', '6', '0', 'l', 'i', 'v', 'e', '.', 'f', 'r', '\0', + /* "360woodworking.com", true */ '3', '6', '0', 'w', 'o', 'o', 'd', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "365365.com", true */ '3', '6', '5', '3', '6', '5', '.', 'c', 'o', 'm', '\0', + /* "365beautyworld.com", true */ '3', '6', '5', 'b', 'e', 'a', 'u', 't', 'y', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "365daysreview.com", true */ '3', '6', '5', 'd', 'a', 'y', 's', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "365healthworld.com", true */ '3', '6', '5', 'h', 'e', 'a', 'l', 't', 'h', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "365maya.com", true */ '3', '6', '5', 'm', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "365skulls.com", true */ '3', '6', '5', 's', 'k', 'u', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "3778vip.com", true */ '3', '7', '7', '8', 'v', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "379700.com", true */ '3', '7', '9', '7', '0', '0', '.', 'c', 'o', 'm', '\0', + /* "38888msc.com", true */ '3', '8', '8', '8', '8', 'm', 's', 'c', '.', 'c', 'o', 'm', '\0', + /* "38blog.com", true */ '3', '8', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "393335.ml", true */ '3', '9', '3', '3', '3', '5', '.', 'm', 'l', '\0', + /* "398.info", true */ '3', '9', '8', '.', 'i', 'n', 'f', 'o', '\0', + /* "3ags.de", true */ '3', 'a', 'g', 's', '.', 'd', 'e', '\0', + /* "3bakayottu.com", true */ '3', 'b', 'a', 'k', 'a', 'y', 'o', 't', 't', 'u', '.', 'c', 'o', 'm', '\0', + /* "3c-d.de", true */ '3', 'c', '-', 'd', '.', 'd', 'e', '\0', + /* "3chat.org", true */ '3', 'c', 'h', 'a', 't', '.', 'o', 'r', 'g', '\0', + /* "3circlefunding.ch", true */ '3', 'c', 'i', 'r', 'c', 'l', 'e', 'f', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "3countiescastlehire.co.uk", true */ '3', 'c', 'o', 'u', 'n', 't', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "3cs.ch", true */ '3', 'c', 's', '.', 'c', 'h', '\0', + /* "3dm.audio", true */ '3', 'd', 'm', '.', 'a', 'u', 'd', 'i', 'o', '\0', + /* "3dmedium.de", true */ '3', 'd', 'm', 'e', 'd', 'i', 'u', 'm', '.', 'd', 'e', '\0', + /* "3dmusiclab.nl", true */ '3', 'd', 'm', 'u', 's', 'i', 'c', 'l', 'a', 'b', '.', 'n', 'l', '\0', + /* "3do3dont.com", true */ '3', 'd', 'o', '3', 'd', 'o', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "3dprintsondemand.eu", true */ '3', 'd', 'p', 'r', 'i', 'n', 't', 's', 'o', 'n', 'd', 'e', 'm', 'a', 'n', 'd', '.', 'e', 'u', '\0', + /* "3drenaline.com", true */ '3', 'd', 'r', 'e', 'n', 'a', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "3haeuserprojekt.org", true */ '3', 'h', 'a', 'e', 'u', 's', 'e', 'r', 'p', 'r', 'o', 'j', 'e', 'k', 't', '.', 'o', 'r', 'g', '\0', + /* "3haueserprojekt.org", true */ '3', 'h', 'a', 'u', 'e', 's', 'e', 'r', 'p', 'r', 'o', 'j', 'e', 'k', 't', '.', 'o', 'r', 'g', '\0', + /* "3hl0.net", true */ '3', 'h', 'l', '0', '.', 'n', 'e', 't', '\0', + /* "3james.com", true */ '3', 'j', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "3logic.ru", true */ '3', 'l', 'o', 'g', 'i', 'c', '.', 'r', 'u', '\0', + /* "3mbo.de", true */ '3', 'm', 'b', 'o', '.', 'd', 'e', '\0', + /* "3phase.pw", true */ '3', 'p', 'h', 'a', 's', 'e', '.', 'p', 'w', '\0', + /* "3plusdesign.gr", true */ '3', 'p', 'l', 'u', 's', 'd', 'e', 's', 'i', 'g', 'n', '.', 'g', 'r', '\0', + /* "3queens.cz", true */ '3', 'q', 'u', 'e', 'e', 'n', 's', '.', 'c', 'z', '\0', + /* "3queens.io", true */ '3', 'q', 'u', 'e', 'e', 'n', 's', '.', 'i', 'o', '\0', + /* "3r.org.uk", true */ '3', 'r', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "3s-hosting.de", true */ '3', 's', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "3timegear.com", true */ '3', 't', 'i', 'm', 'e', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "3trees.tk", true */ '3', 't', 'r', 'e', 'e', 's', '.', 't', 'k', '\0', + /* "3v4l.org", true */ '3', 'v', '4', 'l', '.', 'o', 'r', 'g', '\0', + /* "3weekdietworks.com", true */ '3', 'w', 'e', 'e', 'k', 'd', 'i', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "3xx.link", true */ '3', 'x', 'x', '.', 'l', 'i', 'n', 'k', '\0', + /* "4-1-where.com", true */ '4', '-', '1', '-', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "4-it.de", true */ '4', '-', 'i', 't', '.', 'd', 'e', '\0', + /* "403.ch", true */ '4', '0', '3', '.', 'c', 'h', '\0', + /* "404forest.com", true */ '4', '0', '4', 'f', 'o', 'r', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "404notfound.com.br", true */ '4', '0', '4', 'n', 'o', 't', 'f', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "4096bit.de", true */ '4', '0', '9', '6', 'b', 'i', 't', '.', 'd', 'e', '\0', + /* "41-where.com", true */ '4', '1', '-', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "41199.com", true */ '4', '1', '1', '9', '9', '.', 'c', 'o', 'm', '\0', + /* "411movie.com", true */ '4', '1', '1', 'm', 'o', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "41where.com", true */ '4', '1', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "420java.com", true */ '4', '2', '0', 'j', 'a', 'v', 'a', '.', 'c', 'o', 'm', '\0', + /* "42day.info", true */ '4', '2', 'd', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "42entrepreneurs.fr", true */ '4', '2', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0', + /* "42t.ru", true */ '4', '2', 't', '.', 'r', 'u', '\0', + /* "441jj.com", false */ '4', '4', '1', 'j', 'j', '.', 'c', 'o', 'm', '\0', + /* "44scc.com", true */ '4', '4', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0', + /* "4500.co.il", true */ '4', '5', '0', '0', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "491mhz.net", true */ '4', '9', '1', 'm', 'h', 'z', '.', 'n', 'e', 't', '\0', + /* "49889.com", true */ '4', '9', '8', '8', '9', '.', 'c', 'o', 'm', '\0', + /* "49948522.com", true */ '4', '9', '9', '4', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "49dollaridahoregisteredagent.com", true */ '4', '9', 'd', 'o', 'l', 'l', 'a', 'r', 'i', 'd', 'a', 'h', 'o', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'e', 'd', 'a', 'g', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "4baby.com.br", true */ '4', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "4bike.eu", true */ '4', 'b', 'i', 'k', 'e', '.', 'e', 'u', '\0', + /* "4dbygg.se", true */ '4', 'd', 'b', 'y', 'g', 'g', '.', 's', 'e', '\0', + /* "4decor.org", true */ '4', 'd', 'e', 'c', 'o', 'r', '.', 'o', 'r', 'g', '\0', + /* "4elements.com", true */ '4', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "4freepress.com", true */ '4', 'f', 'r', 'e', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "4g-server.eu", false */ '4', 'g', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0', + /* "4garage.com.br", true */ '4', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "4host.ch", true */ '4', 'h', 'o', 's', 't', '.', 'c', 'h', '\0', + /* "4hvac.com", true */ '4', 'h', 'v', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "4mm.org", true */ '4', 'm', 'm', '.', 'o', 'r', 'g', '\0', + /* "4plebs.moe", true */ '4', 'p', 'l', 'e', 'b', 's', '.', 'm', 'o', 'e', '\0', + /* "4project.co.il", true */ '4', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "4share.tv", true */ '4', 's', 'h', 'a', 'r', 'e', '.', 't', 'v', '\0', + /* "4sics.se", true */ '4', 's', 'i', 'c', 's', '.', 's', 'e', '\0', + /* "4th-ave-studio.com", true */ '4', 't', 'h', '-', 'a', 'v', 'e', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "4u.services", true */ '4', 'u', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0', + /* "4u2ore.net", true */ '4', 'u', '2', 'o', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "4vector.com", true */ '4', 'v', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "4vf.de", true */ '4', 'v', 'f', '.', 'd', 'e', '\0', + /* "4winds.pt", true */ '4', 'w', 'i', 'n', 'd', 's', '.', 'p', 't', '\0', + /* "4x.fi", true */ '4', 'x', '.', 'f', 'i', '\0', + /* "4xlabs.co", true */ '4', 'x', 'l', 'a', 'b', 's', '.', 'c', 'o', '\0', + /* "500k.nl", true */ '5', '0', '0', 'k', '.', 'n', 'l', '\0', + /* "500p.xyz", true */ '5', '0', '0', 'p', '.', 'x', 'y', 'z', '\0', + /* "506pay.com", true */ '5', '0', '6', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "50lakeshore.com", true */ '5', '0', 'l', 'a', 'k', 'e', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "50ma.xyz", true */ '5', '0', 'm', 'a', '.', 'x', 'y', 'z', '\0', + /* "50north.de", true */ '5', '0', 'n', 'o', 'r', 't', 'h', '.', 'd', 'e', '\0', + /* "50plusnet.nl", true */ '5', '0', 'p', 'l', 'u', 's', 'n', 'e', 't', '.', 'n', 'l', '\0', + /* "525.info", true */ '5', '2', '5', '.', 'i', 'n', 'f', 'o', '\0', + /* "52kb365.com", true */ '5', '2', 'k', 'b', '3', '6', '5', '.', 'c', 'o', 'm', '\0', + /* "52sykb.com", true */ '5', '2', 's', 'y', 'k', 'b', '.', 'c', 'o', 'm', '\0', + /* "5432.cc", true */ '5', '4', '3', '2', '.', 'c', 'c', '\0', + /* "54below.com", true */ '5', '4', 'b', 'e', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "5533445.com", true */ '5', '5', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0', + /* "555xl.com", true */ '5', '5', '5', 'x', 'l', '.', 'c', 'o', 'm', '\0', + /* "55scc.com", true */ '5', '5', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0', + /* "57aromas.com", true */ '5', '7', 'a', 'r', 'o', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "5apps.com", true */ '5', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "5c1fd0f31022cbc40af9f785847baaf9.space", true */ '5', 'c', '1', 'f', 'd', '0', 'f', '3', '1', '0', '2', '2', 'c', 'b', 'c', '4', '0', 'a', 'f', '9', 'f', '7', '8', '5', '8', '4', '7', 'b', 'a', 'a', 'f', '9', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "5chat.it", true */ '5', 'c', 'h', 'a', 't', '.', 'i', 't', '\0', + /* "5crowd.com", true */ '5', 'c', 'r', 'o', 'w', 'd', '.', 'c', 'o', 'm', '\0', + /* "5francs.com", true */ '5', 'f', 'r', 'a', 'n', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "5gb.space", true */ '5', 'g', 'b', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "5h0r7.com", true */ '5', 'h', '0', 'r', '7', '.', 'c', 'o', 'm', '\0', + /* "5kraceforals.com", true */ '5', 'k', 'r', 'a', 'c', 'e', 'f', 'o', 'r', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "5starbouncycastlehire.co.uk", true */ '5', 's', 't', 'a', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "5w5.la", true */ '5', 'w', '5', '.', 'l', 'a', '\0', + /* "5y.fi", true */ '5', 'y', '.', 'f', 'i', '\0', + /* "62755.com", true */ '6', '2', '7', '5', '5', '.', 'c', 'o', 'm', '\0', + /* "646.io", false */ '6', '4', '6', '.', 'i', 'o', '\0', + /* "64bitgaming.de", true */ '6', '4', 'b', 'i', 't', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "6541166.com", true */ '6', '5', '4', '1', '1', '6', '6', '.', 'c', 'o', 'm', '\0', + /* "6542277.com", true */ '6', '5', '4', '2', '2', '7', '7', '.', 'c', 'o', 'm', '\0', + /* "6543399.com", true */ '6', '5', '4', '3', '3', '9', '9', '.', 'c', 'o', 'm', '\0', + /* "6548855.com", true */ '6', '5', '4', '8', '8', '5', '5', '.', 'c', 'o', 'm', '\0', + /* "6548877.com", true */ '6', '5', '4', '8', '8', '7', '7', '.', 'c', 'o', 'm', '\0', + /* "6633445.com", true */ '6', '6', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0', + /* "6660111.ru", true */ '6', '6', '6', '0', '1', '1', '1', '.', 'r', 'u', '\0', + /* "686848.com", true */ '6', '8', '6', '8', '4', '8', '.', 'c', 'o', 'm', '\0', + /* "692b8c32.de", true */ '6', '9', '2', 'b', '8', 'c', '3', '2', '.', 'd', 'e', '\0', + /* "6969.us", true */ '6', '9', '6', '9', '.', 'u', 's', '\0', + /* "69butterfly.com", true */ '6', '9', 'b', 'u', 't', 't', 'e', 'r', 'f', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "6lo.zgora.pl", true */ '6', 'l', 'o', '.', 'z', 'g', 'o', 'r', 'a', '.', 'p', 'l', '\0', + /* "6t-montjoye.org", true */ '6', 't', '-', 'm', 'o', 'n', 't', 'j', 'o', 'y', 'e', '.', 'o', 'r', 'g', '\0', + /* "6w6.la", true */ '6', 'w', '6', '.', 'l', 'a', '\0', + /* "700.az", true */ '7', '0', '0', '.', 'a', 'z', '\0', + /* "7183.org", true */ '7', '1', '8', '3', '.', 'o', 'r', 'g', '\0', + /* "724go.com", true */ '7', '2', '4', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "762.ch", true */ '7', '6', '2', '.', 'c', 'h', '\0', + /* "771122.tv", true */ '7', '7', '1', '1', '2', '2', '.', 't', 'v', '\0', + /* "7733445.com", true */ '7', '7', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0', + /* "776573.net", true */ '7', '7', '6', '5', '7', '3', '.', 'n', 'e', 't', '\0', + /* "777coin.com", true */ '7', '7', '7', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "7careconnect.com", true */ '7', 'c', 'a', 'r', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "7delights.com", true */ '7', 'd', 'e', 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "7delights.in", true */ '7', 'd', 'e', 'l', 'i', 'g', 'h', 't', 's', '.', 'i', 'n', '\0', + /* "7kicks.com", true */ '7', 'k', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "7links.com.br", true */ '7', 'l', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "7nw.eu", false */ '7', 'n', 'w', '.', 'e', 'u', '\0', + /* "7sons.de", true */ '7', 's', 'o', 'n', 's', '.', 'd', 'e', '\0', + /* "7thcircledesigns.com", true */ '7', 't', 'h', 'c', 'i', 'r', 'c', 'l', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "7x24servis.com", true */ '7', 'x', '2', '4', 's', 'e', 'r', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "8003pay.com", true */ '8', '0', '0', '3', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "8522.com", true */ '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "8522club.com", true */ '8', '5', '2', '2', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "8522top.com", true */ '8', '5', '2', '2', 't', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "86metro.ru", true */ '8', '6', 'm', 'e', 't', 'r', 'o', '.', 'r', 'u', '\0', + /* "8833445.com", true */ '8', '8', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0', + /* "888msc.vip", true */ '8', '8', '8', 'm', 's', 'c', '.', 'v', 'i', 'p', '\0', + /* "8ack.de", true */ '8', 'a', 'c', 'k', '.', 'd', 'e', '\0', + /* "8ackprotect.com", true */ '8', 'a', 'c', 'k', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "8azino777.ru", true */ '8', 'a', 'z', 'i', 'n', 'o', '7', '7', '7', '.', 'r', 'u', '\0', + /* "8pecxstudios.com", true */ '8', 'p', 'e', 'c', 'x', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "8svn.com", true */ '8', 's', 'v', 'n', '.', 'c', 'o', 'm', '\0', + /* "8t8.eu", true */ '8', 't', '8', '.', 'e', 'u', '\0', + /* "8tech.com.hk", true */ '8', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0', + /* "8thportsmouth.org.uk", true */ '8', 't', 'h', 'p', 'o', 'r', 't', 's', 'm', 'o', 'u', 't', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "8tuffbeers.com", true */ '8', 't', 'u', 'f', 'f', 'b', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "9118.com", true */ '9', '1', '1', '8', '.', 'c', 'o', 'm', '\0', + /* "91dh.cc", true */ '9', '1', 'd', 'h', '.', 'c', 'c', '\0', + /* "91lt.info", true */ '9', '1', 'l', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "91tianmi.com", false */ '9', '1', 't', 'i', 'a', 'n', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "91travel.info", true */ '9', '1', 't', 'r', 'a', 'v', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "92url.com", true */ '9', '2', 'u', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "9449-27a1-22a1-e0d9-4237-dd99-e75e-ac85-2f47-9d34.de", true */ '9', '4', '4', '9', '-', '2', '7', 'a', '1', '-', '2', '2', 'a', '1', '-', 'e', '0', 'd', '9', '-', '4', '2', '3', '7', '-', 'd', 'd', '9', '9', '-', 'e', '7', '5', 'e', '-', 'a', 'c', '8', '5', '-', '2', 'f', '4', '7', '-', '9', 'd', '3', '4', '.', 'd', 'e', '\0', + /* "94cs.cn", false */ '9', '4', 'c', 's', '.', 'c', 'n', '\0', + /* "9500years.com", true */ '9', '5', '0', '0', 'y', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "987987.com", true */ '9', '8', '7', '9', '8', '7', '.', 'c', 'o', 'm', '\0', + /* "98laba.com", true */ '9', '8', 'l', 'a', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "98laba.net", true */ '9', '8', 'l', 'a', 'b', 'a', '.', 'n', 'e', 't', '\0', + /* "9906753.net", true */ '9', '9', '0', '6', '7', '5', '3', '.', 'n', 'e', 't', '\0', + /* "9933445.com", true */ '9', '9', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0', + /* "99599.fi", true */ '9', '9', '5', '9', '9', '.', 'f', 'i', '\0', + /* "99599.net", true */ '9', '9', '5', '9', '9', '.', 'n', 'e', 't', '\0', + /* "99998522.com", true */ '9', '9', '9', '9', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "99buffets.com", true */ '9', '9', 'b', 'u', 'f', 'f', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "99rst.org", true */ '9', '9', 'r', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "9uelle.jp", true */ '9', 'u', 'e', 'l', 'l', 'e', '.', 'j', 'p', '\0', + /* "9vx.org", true */ '9', 'v', 'x', '.', 'o', 'r', 'g', '\0', + /* "9yw.me", true */ '9', 'y', 'w', '.', 'm', 'e', '\0', + /* "a-1indianawaterproofing.com", true */ 'a', '-', '1', 'i', 'n', 'd', 'i', 'a', 'n', 'a', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "a-allard.be", true */ 'a', '-', 'a', 'l', 'l', 'a', 'r', 'd', '.', 'b', 'e', '\0', + /* "a-classinflatables.co.uk", true */ 'a', '-', 'c', 'l', 'a', 's', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "a-intel.com", true */ 'a', '-', 'i', 'n', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "a-ix.net", true */ 'a', '-', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "a-little-linux-box.at", true */ 'a', '-', 'l', 'i', 't', 't', 'l', 'e', '-', 'l', 'i', 'n', 'u', 'x', '-', 'b', 'o', 'x', '.', 'a', 't', '\0', + /* "a-oben.org", true */ 'a', '-', 'o', 'b', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "a-starbouncycastles.co.uk", true */ 'a', '-', 's', 't', 'a', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "a1798.com", true */ 'a', '1', '7', '9', '8', '.', 'c', 'o', 'm', '\0', + /* "a1bouncycastlehire.com", true */ 'a', '1', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "a1jumpandbounce.co.uk", true */ 'a', '1', 'j', 'u', 'm', 'p', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "a1scuba.com", true */ 'a', '1', 's', 'c', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "a1scubastore.com", true */ 'a', '1', 's', 'c', 'u', 'b', 'a', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "a2a.net", true */ 'a', '2', 'a', '.', 'n', 'e', 't', '\0', + /* "a2c-co.net", true */ 'a', '2', 'c', '-', 'c', 'o', '.', 'n', 'e', 't', '\0', + /* "a2it.gr", true */ 'a', '2', 'i', 't', '.', 'g', 'r', '\0', + /* "a2nutrition.com.au", true */ 'a', '2', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "a7m2.me", true */ 'a', '7', 'm', '2', '.', 'm', 'e', '\0', + /* "aa-tour.ru", true */ 'a', 'a', '-', 't', 'o', 'u', 'r', '.', 'r', 'u', '\0', + /* "aaapl.com", true */ 'a', 'a', 'a', 'p', 'l', '.', 'c', 'o', 'm', '\0', + /* "aabanet.com.br", true */ 'a', 'a', 'b', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "aagetransport.no", true */ 'a', 'a', 'g', 'e', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'n', 'o', '\0', + /* "aalalbayt.com", true */ 'a', 'a', 'l', 'a', 'l', 'b', 'a', 'y', 't', '.', 'c', 'o', 'm', '\0', + /* "aalalbayt.net", true */ 'a', 'a', 'l', 'a', 'l', 'b', 'a', 'y', 't', '.', 'n', 'e', 't', '\0', + /* "aalstmotors-usedcars.be", true */ 'a', 'a', 'l', 's', 't', 'm', 'o', 't', 'o', 'r', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "aaltocapital.com", true */ 'a', 'a', 'l', 't', 'o', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "aamwa.com", true */ 'a', 'a', 'm', 'w', 'a', '.', 'c', 'o', 'm', '\0', + /* "aandeautobody.com", true */ 'a', 'a', 'n', 'd', 'e', 'a', 'u', 't', 'o', 'b', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "aandkevents.co.uk", true */ 'a', 'a', 'n', 'd', 'k', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aanmpc.com", true */ 'a', 'a', 'n', 'm', 'p', 'c', '.', 'c', 'o', 'm', '\0', + /* "aaomidi.com", true */ 'a', 'a', 'o', 'm', 'i', 'd', 'i', '.', 'c', 'o', 'm', '\0', + /* "aapas.org.ar", true */ 'a', 'a', 'p', 'a', 's', '.', 'o', 'r', 'g', '.', 'a', 'r', '\0', + /* "aardvarksolutions.co.za", true */ 'a', 'a', 'r', 'd', 'v', 'a', 'r', 'k', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "aariefhaafiz.com", true */ 'a', 'a', 'r', 'i', 'e', 'f', 'h', 'a', 'a', 'f', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "aarkue.eu", true */ 'a', 'a', 'r', 'k', 'u', 'e', '.', 'e', 'u', '\0', + /* "aaron.xin", true */ 'a', 'a', 'r', 'o', 'n', '.', 'x', 'i', 'n', '\0', + /* "aaronhorler.com", true */ 'a', 'a', 'r', 'o', 'n', 'h', 'o', 'r', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "aaronmcguire.me", false */ 'a', 'a', 'r', 'o', 'n', 'm', 'c', 'g', 'u', 'i', 'r', 'e', '.', 'm', 'e', '\0', + /* "aaronroyle.com", true */ 'a', 'a', 'r', 'o', 'n', 'r', 'o', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "aaronsilber.me", true */ 'a', 'a', 'r', 'o', 'n', 's', 'i', 'l', 'b', 'e', 'r', '.', 'm', 'e', '\0', + /* "aatf.us", true */ 'a', 'a', 't', 'f', '.', 'u', 's', '\0', + /* "aati.info", false */ 'a', 'a', 't', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "abaapplianceservice.com", true */ 'a', 'b', 'a', 'a', 'p', 'p', 'l', 'i', 'a', 'n', 'c', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "abacus-events.co.uk", true */ 'a', 'b', 'a', 'c', 'u', 's', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abacusbouncycastle.co.uk", true */ 'a', 'b', 'a', 'c', 'u', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abacustech.co.jp", true */ 'a', 'b', 'a', 'c', 'u', 's', 't', 'e', 'c', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "abacustech.net", true */ 'a', 'b', 'a', 'c', 'u', 's', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "abacustech.org", true */ 'a', 'b', 'a', 'c', 'u', 's', 't', 'e', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "abandonedmines.gov", true */ 'a', 'b', 'a', 'n', 'd', 'o', 'n', 'e', 'd', 'm', 'i', 'n', 'e', 's', '.', 'g', 'o', 'v', '\0', + /* "abasky.net", true */ 'a', 'b', 'a', 's', 'k', 'y', '.', 'n', 'e', 't', '\0', + /* "abbadabbabouncycastles.co.uk", true */ 'a', 'b', 'b', 'a', 'd', 'a', 'b', 'b', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abbas.ch", true */ 'a', 'b', 'b', 'a', 's', '.', 'c', 'h', '\0', + /* "abborsjo.fi", true */ 'a', 'b', 'b', 'o', 'r', 's', 'j', 'o', '.', 'f', 'i', '\0', + /* "abbotsparties.co.uk", true */ 'a', 'b', 'b', 'o', 't', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abbottscastles.co.uk", true */ 'a', 'b', 'b', 'o', 't', 't', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abbradar.net", true */ 'a', 'b', 'b', 'r', 'a', 'd', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "abbruch-star.de", true */ 'a', 'b', 'b', 'r', 'u', 'c', 'h', '-', 's', 't', 'a', 'r', '.', 'd', 'e', '\0', + /* "abc-rz.de", true */ 'a', 'b', 'c', '-', 'r', 'z', '.', 'd', 'e', '\0', + /* "abc.li", true */ 'a', 'b', 'c', '.', 'l', 'i', '\0', + /* "abcbouncycastlessurrey.co.uk", true */ 'a', 'b', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abcbouncyfactory.co.uk", true */ 'a', 'b', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abcdef.be", true */ 'a', 'b', 'c', 'd', 'e', 'f', '.', 'b', 'e', '\0', + /* "abcdobebe.com", true */ 'a', 'b', 'c', 'd', 'o', 'b', 'e', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "abcheck.se", true */ 'a', 'b', 'c', 'h', 'e', 'c', 'k', '.', 's', 'e', '\0', + /* "abcpartyhire.com", true */ 'a', 'b', 'c', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "abdullah.pw", true */ 'a', 'b', 'd', 'u', 'l', 'l', 'a', 'h', '.', 'p', 'w', '\0', + /* "abe-elektro.de", true */ 'a', 'b', 'e', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0', + /* "abe.cloud", false */ 'a', 'b', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "abecodes.net", true */ 'a', 'b', 'e', 'c', 'o', 'd', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "abeestrada.com", false */ 'a', 'b', 'e', 'e', 's', 't', 'r', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "abeilles-idapi.fr", true */ 'a', 'b', 'e', 'i', 'l', 'l', 'e', 's', '-', 'i', 'd', 'a', 'p', 'i', '.', 'f', 'r', '\0', + /* "abenteuer-ahnenforschung.de", true */ 'a', 'b', 'e', 'n', 't', 'e', 'u', 'e', 'r', '-', 'a', 'h', 'n', 'e', 'n', 'f', 'o', 'r', 's', 'c', 'h', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "abeontech.com", true */ 'a', 'b', 'e', 'o', 'n', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "aberdeencastles.co.uk", true */ 'a', 'b', 'e', 'r', 'd', 'e', 'e', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aberdeenjudo.co.uk", true */ 'a', 'b', 'e', 'r', 'd', 'e', 'e', 'n', 'j', 'u', 'd', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abeus.com", true */ 'a', 'b', 'e', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "abhisharma.me", true */ 'a', 'b', 'h', 'i', 's', 'h', 'a', 'r', 'm', 'a', '.', 'm', 'e', '\0', + /* "abi-2017.tk", true */ 'a', 'b', 'i', '-', '2', '0', '1', '7', '.', 't', 'k', '\0', + /* "abi-fvs.de", true */ 'a', 'b', 'i', '-', 'f', 'v', 's', '.', 'd', 'e', '\0', + /* "abiapp.net", true */ 'a', 'b', 'i', 'a', 'p', 'p', '.', 'n', 'e', 't', '\0', + /* "abibruce.co.uk", true */ 'a', 'b', 'i', 'b', 'r', 'u', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abidinginhesed.com", true */ 'a', 'b', 'i', 'd', 'i', 'n', 'g', 'i', 'n', 'h', 'e', 's', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "abigisp.com", true */ 'a', 'b', 'i', 'g', 'i', 's', 'p', '.', 'c', 'o', 'm', '\0', + /* "abilitycaresoftware.com", true */ 'a', 'b', 'i', 'l', 'i', 't', 'y', 'c', 'a', 'r', 'e', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "abilitynet.org.uk", true */ 'a', 'b', 'i', 'l', 'i', 't', 'y', 'n', 'e', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "abilma.com", true */ 'a', 'b', 'i', 'l', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "abilymp06.net", true */ 'a', 'b', 'i', 'l', 'y', 'm', 'p', '0', '6', '.', 'n', 'e', 't', '\0', + /* "abimelec.com", true */ 'a', 'b', 'i', 'm', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "abinyah.com", true */ 'a', 'b', 'i', 'n', 'y', 'a', 'h', '.', 'c', 'o', 'm', '\0', + /* "abiturma.de", true */ 'a', 'b', 'i', 't', 'u', 'r', 'm', 'a', '.', 'd', 'e', '\0', + /* "ablak-nyilaszaro.info", true */ 'a', 'b', 'l', 'a', 'k', '-', 'n', 'y', 'i', 'l', 'a', 's', 'z', 'a', 'r', 'o', '.', 'i', 'n', 'f', 'o', '\0', + /* "abmc.gov", true */ 'a', 'b', 'm', 'c', '.', 'g', 'o', 'v', '\0', + /* "abmgood.com", false */ 'a', 'b', 'm', 'g', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "abmledger.ca", true */ 'a', 'b', 'm', 'l', 'e', 'd', 'g', 'e', 'r', '.', 'c', 'a', '\0', + /* "abmtax.ca", true */ 'a', 'b', 'm', 't', 'a', 'x', '.', 'c', 'a', '\0', + /* "abn-consultants.ie", true */ 'a', 'b', 'n', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 't', 's', '.', 'i', 'e', '\0', + /* "abnehmen.com", true */ 'a', 'b', 'n', 'e', 'h', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "abnerchou.me", true */ 'a', 'b', 'n', 'e', 'r', 'c', 'h', 'o', 'u', '.', 'm', 'e', '\0', + /* "abobuch.de", true */ 'a', 'b', 'o', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0', + /* "aboces.org", true */ 'a', 'b', 'o', 'c', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "aboderenovation.co.uk", true */ 'a', 'b', 'o', 'd', 'e', 'r', 'e', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abolicionistas.com", true */ 'a', 'b', 'o', 'l', 'i', 'c', 'i', 'o', 'n', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "abolition.net", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "abolitionism.ca", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'c', 'a', '\0', + /* "abolitionism.co.uk", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abolitionism.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "abolitionism.in", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'i', 'n', '\0', + /* "abolitionism.net", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'n', 'e', 't', '\0', + /* "abolitionism.us", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'u', 's', '\0', + /* "abolitionist-project.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "abolitionist-society.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '-', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "abolitionist.ca", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'c', 'a', '\0', + /* "abolitionist.co.uk", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "abolitionist.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "abolitionist.in", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'i', 'n', '\0', + /* "abolitionist.net", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'n', 'e', 't', '\0', + /* "abolitionist.us", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'u', 's', '\0', + /* "abolitionistparty.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "abolitionistproject.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "abolitionistsociety.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "abolitionniste.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'n', 'i', 's', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "abolizionista.com", true */ 'a', 'b', 'o', 'l', 'i', 'z', 'i', 'o', 'n', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "abosav.com", true */ 'a', 'b', 'o', 's', 'a', 'v', '.', 'c', 'o', 'm', '\0', + /* "abou.to", false */ 'a', 'b', 'o', 'u', '.', 't', 'o', '\0', + /* "abouncycastleman.co.uk", true */ 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'm', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aboutassistedliving.org", true */ 'a', 'b', 'o', 'u', 't', 'a', 's', 's', 'i', 's', 't', 'e', 'd', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "abouthrm.nl", true */ 'a', 'b', 'o', 'u', 't', 'h', 'r', 'm', '.', 'n', 'l', '\0', + /* "aboutict.nl", true */ 'a', 'b', 'o', 'u', 't', 'i', 'c', 't', '.', 'n', 'l', '\0', + /* "aboutlegal.nl", true */ 'a', 'b', 'o', 'u', 't', 'l', 'e', 'g', 'a', 'l', '.', 'n', 'l', '\0', + /* "aboutmedia.nl", true */ 'a', 'b', 'o', 'u', 't', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0', + /* "aboutspice.com", true */ 'a', 'b', 'o', 'u', 't', 's', 'p', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "abox-kb.com", true */ 'a', 'b', 'o', 'x', '-', 'k', 'b', '.', 'c', 'o', 'm', '\0', + /* "abrakidabra.com.br", true */ 'a', 'b', 'r', 'a', 'k', 'i', 'd', 'a', 'b', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "abrilect.com", true */ 'a', 'b', 'r', 'i', 'l', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "abseits.org", true */ 'a', 'b', 's', 'e', 'i', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "absolem.cc", true */ 'a', 'b', 's', 'o', 'l', 'e', 'm', '.', 'c', 'c', '\0', + /* "absolutelyinflatables.co.uk", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'l', 'y', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "absoluterush.net", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'r', 'u', 's', 'h', '.', 'n', 'e', 't', '\0', + /* "absolutewaterproofingsolutions.com", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "absolutewebdesigns.com", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "abstraction21.com", true */ 'a', 'b', 's', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', '2', '1', '.', 'c', 'o', 'm', '\0', + /* "absynthe-inquisition.fr", true */ 'a', 'b', 's', 'y', 'n', 't', 'h', 'e', '-', 'i', 'n', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0', + /* "abthorpe.org", true */ 'a', 'b', 't', 'h', 'o', 'r', 'p', 'e', '.', 'o', 'r', 'g', '\0', + /* "abulanov.com", true */ 'a', 'b', 'u', 'l', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "abundent.com", true */ 'a', 'b', 'u', 'n', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "abuse.fi", true */ 'a', 'b', 'u', 's', 'e', '.', 'f', 'i', '\0', + /* "abuse.io", true */ 'a', 'b', 'u', 's', 'e', '.', 'i', 'o', '\0', + /* "abvent.net", true */ 'a', 'b', 'v', 'e', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "abvlbasketviganello.ch", true */ 'a', 'b', 'v', 'l', 'b', 'a', 's', 'k', 'e', 't', 'v', 'i', 'g', 'a', 'n', 'e', 'l', 'l', 'o', '.', 'c', 'h', '\0', + /* "abyssgaming.eu", true */ 'a', 'b', 'y', 's', 's', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'e', 'u', '\0', + /* "ac-admin.pl", true */ 'a', 'c', '-', 'a', 'd', 'm', 'i', 'n', '.', 'p', 'l', '\0', + /* "ac-epmservices.com", true */ 'a', 'c', '-', 'e', 'p', 'm', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ac-town.com", true */ 'a', 'c', '-', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "ac.milan.it", true */ 'a', 'c', '.', 'm', 'i', 'l', 'a', 'n', '.', 'i', 't', '\0', + /* "academicexperts.us", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'c', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'u', 's', '\0', + /* "academie-de-police.ch", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'e', '-', 'd', 'e', '-', 'p', 'o', 'l', 'i', 'c', 'e', '.', 'c', 'h', '\0', + /* "academy4.net", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'y', '4', '.', 'n', 'e', 't', '\0', + /* "academytv.com.au", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'y', 't', 'v', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "acadianapatios.com", true */ 'a', 'c', 'a', 'd', 'i', 'a', 'n', 'a', 'p', 'a', 't', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "acampar.com.br", true */ 'a', 'c', 'a', 'm', 'p', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "acaonegocios.com.br", true */ 'a', 'c', 'a', 'o', 'n', 'e', 'g', 'o', 'c', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "acara-yoga.de", true */ 'a', 'c', 'a', 'r', 'a', '-', 'y', 'o', 'g', 'a', '.', 'd', 'e', '\0', + /* "acat.io", true */ 'a', 'c', 'a', 't', '.', 'i', 'o', '\0', + /* "acbrussels-used.be", true */ 'a', 'c', 'b', 'r', 'u', 's', 's', 'e', 'l', 's', '-', 'u', 's', 'e', 'd', '.', 'b', 'e', '\0', + /* "accbay.com", true */ 'a', 'c', 'c', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "accelaway.com", true */ 'a', 'c', 'c', 'e', 'l', 'a', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "accelerate.network", true */ 'a', 'c', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "acceleratenetworks.com", true */ 'a', 'c', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'e', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "accelerateyourworld.org", true */ 'a', 'c', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'e', 'y', 'o', 'u', 'r', 'w', 'o', 'r', 'l', 'd', '.', 'o', 'r', 'g', '\0', + /* "accentthailand.com", true */ 'a', 'c', 'c', 'e', 'n', 't', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "accesloges.com", true */ 'a', 'c', 'c', 'e', 's', 'l', 'o', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "accessacab.co.uk", true */ 'a', 'c', 'c', 'e', 's', 's', 'a', 'c', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "accessauto-occasions.be", true */ 'a', 'c', 'c', 'e', 's', 's', 'a', 'u', 't', 'o', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0', + /* "accessmy.net", true */ 'a', 'c', 'c', 'e', 's', 's', 'm', 'y', '.', 'n', 'e', 't', '\0', + /* "accessoripersmartphone.it", true */ 'a', 'c', 'c', 'e', 's', 's', 'o', 'r', 'i', 'p', 'e', 'r', 's', 'm', 'a', 'r', 't', 'p', 'h', 'o', 'n', 'e', '.', 'i', 't', '\0', + /* "accolade.com.br", true */ 'a', 'c', 'c', 'o', 'l', 'a', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "accordiondoor.com", true */ 'a', 'c', 'c', 'o', 'r', 'd', 'i', 'o', 'n', 'd', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "accoun.technology", true */ 'a', 'c', 'c', 'o', 'u', 'n', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0', + /* "accounts.firefox.com", true */ 'a', 'c', 'c', 'o', 'u', 'n', 't', 's', '.', 'f', 'i', 'r', 'e', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "accounts.google.com", true */ 'a', 'c', 'c', 'o', 'u', 'n', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "accudraftpaintbooths.com", true */ 'a', 'c', 'c', 'u', 'd', 'r', 'a', 'f', 't', 'p', 'a', 'i', 'n', 't', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', 'm', '\0', + /* "accuritconsulting.com", true */ 'a', 'c', 'c', 'u', 'r', 'i', 't', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "aceadvisory.biz", true */ 'a', 'c', 'e', 'a', 'd', 'v', 'i', 's', 'o', 'r', 'y', '.', 'b', 'i', 'z', '\0', + /* "acecerts.co.uk", true */ 'a', 'c', 'e', 'c', 'e', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "acecolleges.edu.au", true */ 'a', 'c', 'e', 'c', 'o', 'l', 'l', 'e', 'g', 'e', 's', '.', 'e', 'd', 'u', '.', 'a', 'u', '\0', + /* "aceinflatables.com", true */ 'a', 'c', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "aceinstituteonline.com", true */ 'a', 'c', 'e', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "acelpb.com", true */ 'a', 'c', 'e', 'l', 'p', 'b', '.', 'c', 'o', 'm', '\0', + /* "acemobileforce.com", true */ 'a', 'c', 'e', 'm', 'o', 'b', 'i', 'l', 'e', 'f', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "acemypaper.com", true */ 'a', 'c', 'e', 'm', 'y', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "acendealuz.com.br", true */ 'a', 'c', 'e', 'n', 'd', 'e', 'a', 'l', 'u', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "acerislaw.com", true */ 'a', 'c', 'e', 'r', 'i', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "acessoeducacao.com", true */ 'a', 'c', 'e', 's', 's', 'o', 'e', 'd', 'u', 'c', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "acevik.de", true */ 'a', 'c', 'e', 'v', 'i', 'k', '.', 'd', 'e', '\0', + /* "acg.mn", true */ 'a', 'c', 'g', '.', 'm', 'n', '\0', + /* "acg18.us", false */ 'a', 'c', 'g', '1', '8', '.', 'u', 's', '\0', + /* "achalay.org", true */ 'a', 'c', 'h', 'a', 'l', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "acheconcursos.com.br", true */ 'a', 'c', 'h', 'e', 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "achenar.net", true */ 'a', 'c', 'h', 'e', 'n', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "achow101.com", true */ 'a', 'c', 'h', 'o', 'w', '1', '0', '1', '.', 'c', 'o', 'm', '\0', + /* "achromatisch.de", true */ 'a', 'c', 'h', 'r', 'o', 'm', 'a', 't', 'i', 's', 'c', 'h', '.', 'd', 'e', '\0', + /* "achterblog.de", true */ 'a', 'c', 'h', 't', 'e', 'r', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "achterstieg.dedyn.io", true */ 'a', 'c', 'h', 't', 'e', 'r', 's', 't', 'i', 'e', 'g', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0', + /* "achtzehn.eu", true */ 'a', 'c', 'h', 't', 'z', 'e', 'h', 'n', '.', 'e', 'u', '\0', + /* "achtzehnterachter.de", true */ 'a', 'c', 'h', 't', 'z', 'e', 'h', 'n', 't', 'e', 'r', 'a', 'c', 'h', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "acidbin.co", true */ 'a', 'c', 'i', 'd', 'b', 'i', 'n', '.', 'c', 'o', '\0', + /* "aciety.com", true */ 'a', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "aciksite.com", true */ 'a', 'c', 'i', 'k', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "ackis.duckdns.org", true */ 'a', 'c', 'k', 'i', 's', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "acksoft.fr", true */ 'a', 'c', 'k', 's', 'o', 'f', 't', '.', 'f', 'r', '\0', + /* "acksoftdemo.fr", true */ 'a', 'c', 'k', 's', 'o', 'f', 't', 'd', 'e', 'm', 'o', '.', 'f', 'r', '\0', + /* "aclu.org", false */ 'a', 'c', 'l', 'u', '.', 'o', 'r', 'g', '\0', + /* "acluva.org", false */ 'a', 'c', 'l', 'u', 'v', 'a', '.', 'o', 'r', 'g', '\0', + /* "acme.beer", true */ 'a', 'c', 'm', 'e', '.', 'b', 'e', 'e', 'r', '\0', + /* "acmexyz123.info", true */ 'a', 'c', 'm', 'e', 'x', 'y', 'z', '1', '2', '3', '.', 'i', 'n', 'f', 'o', '\0', + /* "acnpacific.com", true */ 'a', 'c', 'n', 'p', 'a', 'c', 'i', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "aconnor.xyz", true */ 'a', 'c', 'o', 'n', 'n', 'o', 'r', '.', 'x', 'y', 'z', '\0', + /* "acordes.online", true */ 'a', 'c', 'o', 'r', 'd', 'e', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "acorncastles.co.uk", true */ 'a', 'c', 'o', 'r', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "acorns.com", true */ 'a', 'c', 'o', 'r', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "acourse.io", true */ 'a', 'c', 'o', 'u', 'r', 's', 'e', '.', 'i', 'o', '\0', + /* "acousti-tech.com", true */ 'a', 'c', 'o', 'u', 's', 't', 'i', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "acoustique-tardy.com", true */ 'a', 'c', 'o', 'u', 's', 't', 'i', 'q', 'u', 'e', '-', 't', 'a', 'r', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "acperu.ch", true */ 'a', 'c', 'p', 'e', 'r', 'u', '.', 'c', 'h', '\0', + /* "acrevalue.com", true */ 'a', 'c', 'r', 'e', 'v', 'a', 'l', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "across.ml", true */ 'a', 'c', 'r', 'o', 's', 's', '.', 'm', 'l', '\0', + /* "acrylicwifi.com", true */ 'a', 'c', 'r', 'y', 'l', 'i', 'c', 'w', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0', + /* "acs-chantal.com", true */ 'a', 'c', 's', '-', 'c', 'h', 'a', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "acsc.gov.au", true */ 'a', 'c', 's', 'c', '.', 'g', 'o', 'v', '.', 'a', 'u', '\0', + /* "acsemb.org", true */ 'a', 'c', 's', 'e', 'm', 'b', '.', 'o', 'r', 'g', '\0', + /* "acsihostingsolutions.com", true */ 'a', 'c', 's', 'i', 'h', 'o', 's', 't', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "acsports.ca", true */ 'a', 'c', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'a', '\0', + /* "actc81.fr", true */ 'a', 'c', 't', 'c', '8', '1', '.', 'f', 'r', '\0', + /* "actgruppe.de", true */ 'a', 'c', 't', 'g', 'r', 'u', 'p', 'p', 'e', '.', 'd', 'e', '\0', + /* "actilove.ch", true */ 'a', 'c', 't', 'i', 'l', 'o', 'v', 'e', '.', 'c', 'h', '\0', + /* "actionlabs.net", true */ 'a', 'c', 't', 'i', 'o', 'n', 'l', 'a', 'b', 's', '.', 'n', 'e', 't', '\0', + /* "actionmadagascar.ch", true */ 'a', 'c', 't', 'i', 'o', 'n', 'm', 'a', 'd', 'a', 'g', 'a', 's', 'c', 'a', 'r', '.', 'c', 'h', '\0', + /* "actionsack.com", true */ 'a', 'c', 't', 'i', 'o', 'n', 's', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "actiontowingroundrock.com", true */ 'a', 'c', 't', 'i', 'o', 'n', 't', 'o', 'w', 'i', 'n', 'g', 'r', 'o', 'u', 'n', 'd', 'r', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "activatemyiphone.com", true */ 'a', 'c', 't', 'i', 'v', 'a', 't', 'e', 'm', 'y', 'i', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "activateudid.com", true */ 'a', 'c', 't', 'i', 'v', 'a', 't', 'e', 'u', 'd', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "active.hu", false */ 'a', 'c', 't', 'i', 'v', 'e', '.', 'h', 'u', '\0', + /* "activehire.co.uk", true */ 'a', 'c', 't', 'i', 'v', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "activeleisure.ie", true */ 'a', 'c', 't', 'i', 'v', 'e', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'i', 'e', '\0', + /* "activeworld.net", true */ 'a', 'c', 't', 'i', 'v', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'n', 'e', 't', '\0', + /* "activitesaintnicaise.org", true */ 'a', 'c', 't', 'i', 'v', 'i', 't', 'e', 's', 'a', 'i', 'n', 't', 'n', 'i', 'c', 'a', 'i', 's', 'e', '.', 'o', 'r', 'g', '\0', + /* "activityeventhire.co.uk", true */ 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "actorsroom.com", true */ 'a', 'c', 't', 'o', 'r', 's', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "actserv.co.ke", true */ 'a', 'c', 't', 's', 'e', 'r', 'v', '.', 'c', 'o', '.', 'k', 'e', '\0', + /* "actu-film.com", true */ 'a', 'c', 't', 'u', '-', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0', + /* "acuica.co.uk", false */ 'a', 'c', 'u', 'i', 'c', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "acul.me", true */ 'a', 'c', 'u', 'l', '.', 'm', 'e', '\0', + /* "acus.gov", true */ 'a', 'c', 'u', 's', '.', 'g', 'o', 'v', '\0', + /* "acwcerts.co.uk", true */ 'a', 'c', 'w', 'c', 'e', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "acwi.gov", true */ 'a', 'c', 'w', 'i', '.', 'g', 'o', 'v', '\0', + /* "ad-disruptio.fr", false */ 'a', 'd', '-', 'd', 'i', 's', 'r', 'u', 'p', 't', 'i', 'o', '.', 'f', 'r', '\0', + /* "ad-notam.asia", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'a', 's', 'i', 'a', '\0', + /* "ad-notam.ch", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'c', 'h', '\0', + /* "ad-notam.co.uk", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ad-notam.com", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "ad-notam.de", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'd', 'e', '\0', + /* "ad-notam.fr", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'f', 'r', '\0', + /* "ad-notam.it", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'i', 't', '\0', + /* "ad-notam.pt", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'p', 't', '\0', + /* "ad-notam.us", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'u', 's', '\0', + /* "ada.gov", true */ 'a', 'd', 'a', '.', 'g', 'o', 'v', '\0', + /* "adalis.org", true */ 'a', 'd', 'a', 'l', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "adam-kostecki.de", true */ 'a', 'd', 'a', 'm', '-', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0', + /* "adam-wilson.me", true */ 'a', 'd', 'a', 'm', '-', 'w', 'i', 'l', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "adamas-magicus.ru", true */ 'a', 'd', 'a', 'm', 'a', 's', '-', 'm', 'a', 'g', 'i', 'c', 'u', 's', '.', 'r', 'u', '\0', + /* "adambalogh.net", true */ 'a', 'd', 'a', 'm', 'b', 'a', 'l', 'o', 'g', 'h', '.', 'n', 'e', 't', '\0', + /* "adambyers.com", true */ 'a', 'd', 'a', 'm', 'b', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "adamek.online", true */ 'a', 'd', 'a', 'm', 'e', 'k', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "adamfontenot.com", true */ 'a', 'd', 'a', 'm', 'f', 'o', 'n', 't', 'e', 'n', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "adamh.us", true */ 'a', 'd', 'a', 'm', 'h', '.', 'u', 's', '\0', + /* "adamkaminski.com", true */ 'a', 'd', 'a', 'm', 'k', 'a', 'm', 'i', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "adamkostecki.de", true */ 'a', 'd', 'a', 'm', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0', + /* "adamoutler.com", true */ 'a', 'd', 'a', 'm', 'o', 'u', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "adamradocz.com", true */ 'a', 'd', 'a', 'm', 'r', 'a', 'd', 'o', 'c', 'z', '.', 'c', 'o', 'm', '\0', + /* "adams.dk", true */ 'a', 'd', 'a', 'm', 's', '.', 'd', 'k', '\0', + /* "adamsbouncycastles.co.uk", true */ 'a', 'd', 'a', 'm', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "adamstas.com", true */ 'a', 'd', 'a', 'm', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "adamwallington.co.uk", true */ 'a', 'd', 'a', 'm', 'w', 'a', 'l', 'l', 'i', 'n', 'g', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "adamwilcox.org", true */ 'a', 'd', 'a', 'm', 'w', 'i', 'l', 'c', 'o', 'x', '.', 'o', 'r', 'g', '\0', + /* "adapt-elektronik.com", true */ 'a', 'd', 'a', 'p', 't', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "adapt.de", true */ 'a', 'd', 'a', 'p', 't', '.', 'd', 'e', '\0', + /* "adapti.de", true */ 'a', 'd', 'a', 'p', 't', 'i', '.', 'd', 'e', '\0', + /* "adaptivemechanics.edu.au", true */ 'a', 'd', 'a', 'p', 't', 'i', 'v', 'e', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', 's', '.', 'e', 'd', 'u', '.', 'a', 'u', '\0', + /* "adawolfa.cz", true */ 'a', 'd', 'a', 'w', 'o', 'l', 'f', 'a', '.', 'c', 'z', '\0', + /* "adayinthelifeof.nl", true */ 'a', 'd', 'a', 'y', 'i', 'n', 't', 'h', 'e', 'l', 'i', 'f', 'e', 'o', 'f', '.', 'n', 'l', '\0', + /* "adblock.ovh", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', '.', 'o', 'v', 'h', '\0', + /* "adblockextreme.com", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', 'e', 'x', 't', 'r', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "adblockextreme.net", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', 'e', 'x', 't', 'r', 'e', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "adblockextreme.org", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', 'e', 'x', 't', 'r', 'e', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "addcrazy.com", true */ 'a', 'd', 'd', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0', + /* "addeekt.com", true */ 'a', 'd', 'd', 'e', 'e', 'k', 't', '.', 'c', 'o', 'm', '\0', + /* "adderall.space", true */ 'a', 'd', 'd', 'e', 'r', 'a', 'l', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "addicional.com", true */ 'a', 'd', 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "addictively.com", true */ 'a', 'd', 'd', 'i', 'c', 't', 'i', 'v', 'e', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "addiko.net", true */ 'a', 'd', 'd', 'i', 'k', 'o', '.', 'n', 'e', 't', '\0', + /* "addones.net", true */ 'a', 'd', 'd', 'o', 'n', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "addstar.jp", false */ 'a', 'd', 'd', 's', 't', 'a', 'r', '.', 'j', 'p', '\0', + /* "addtoany.com", true */ 'a', 'd', 'd', 't', 'o', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "adduono.com", true */ 'a', 'd', 'd', 'u', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "adelaides.com", true */ 'a', 'd', 'e', 'l', 'a', 'i', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "adelebeals.com", true */ 'a', 'd', 'e', 'l', 'e', 'b', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "adelightfulglow.com", true */ 'a', 'd', 'e', 'l', 'i', 'g', 'h', 't', 'f', 'u', 'l', 'g', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "adeline.mobi", true */ 'a', 'd', 'e', 'l', 'i', 'n', 'e', '.', 'm', 'o', 'b', 'i', '\0', + /* "adentalsolution.com", true */ 'a', 'd', 'e', 'n', 't', 'a', 'l', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "adevel.eu", true */ 'a', 'd', 'e', 'v', 'e', 'l', '.', 'e', 'u', '\0', + /* "adhesivelaundry.co.uk", true */ 'a', 'd', 'h', 'e', 's', 'i', 'v', 'e', 'l', 'a', 'u', 'n', 'd', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "adhigamindia.com", true */ 'a', 'd', 'h', 'i', 'g', 'a', 'm', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "adhoc.is", true */ 'a', 'd', 'h', 'o', 'c', '.', 'i', 's', '\0', + /* "adigitali.biz", true */ 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'i', '.', 'b', 'i', 'z', '\0', + /* "adimaja.com", true */ 'a', 'd', 'i', 'm', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0', + /* "adinariversloveschool.com", true */ 'a', 'd', 'i', 'n', 'a', 'r', 'i', 'v', 'e', 'r', 's', 'l', 'o', 'v', 'e', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "adiponectinsupplement.info", true */ 'a', 'd', 'i', 'p', 'o', 'n', 'e', 'c', 't', 'i', 'n', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "adiponectinsupplement.net", true */ 'a', 'd', 'i', 'p', 'o', 'n', 'e', 'c', 't', 'i', 'n', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "adjagu.org", true */ 'a', 'd', 'j', 'a', 'g', 'u', '.', 'o', 'r', 'g', '\0', + /* "adlershop.ch", true */ 'a', 'd', 'l', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0', + /* "adlerweb.info", true */ 'a', 'd', 'l', 'e', 'r', 'w', 'e', 'b', '.', 'i', 'n', 'f', 'o', '\0', + /* "adm-sarov.ru", true */ 'a', 'd', 'm', '-', 's', 'a', 'r', 'o', 'v', '.', 'r', 'u', '\0', + /* "adme.co.il", true */ 'a', 'd', 'm', 'e', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "admin-serv.net", true */ 'a', 'd', 'm', 'i', 'n', '-', 's', 'e', 'r', 'v', '.', 'n', 'e', 't', '\0', + /* "admin.fedoraproject.org", true */ 'a', 'd', 'm', 'i', 'n', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "admin.google.com", true */ 'a', 'd', 'm', 'i', 'n', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "admin.stg.fedoraproject.org", true */ 'a', 'd', 'm', 'i', 'n', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "adminforge.de", false */ 'a', 'd', 'm', 'i', 'n', 'f', 'o', 'r', 'g', 'e', '.', 'd', 'e', '\0', + /* "administratorserwera.pl", true */ 'a', 'd', 'm', 'i', 'n', 'i', 's', 't', 'r', 'a', 't', 'o', 'r', 's', 'e', 'r', 'w', 'e', 'r', 'a', '.', 'p', 'l', '\0', + /* "admino.cz", true */ 'a', 'd', 'm', 'i', 'n', 'o', '.', 'c', 'z', '\0', + /* "admins.tech", true */ 'a', 'd', 'm', 'i', 'n', 's', '.', 't', 'e', 'c', 'h', '\0', + /* "adminton.eu", true */ 'a', 'd', 'm', 'i', 'n', 't', 'o', 'n', '.', 'e', 'u', '\0', + /* "admody.com", true */ 'a', 'd', 'm', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "admongo.gov", true */ 'a', 'd', 'm', 'o', 'n', 'g', 'o', '.', 'g', 'o', 'v', '\0', + /* "adnot.am", true */ 'a', 'd', 'n', 'o', 't', '.', 'a', 'm', '\0', + /* "adnseguros.es", true */ 'a', 'd', 'n', 's', 'e', 'g', 'u', 'r', 'o', 's', '.', 'e', 's', '\0', + /* "adoal.net", true */ 'a', 'd', 'o', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "adonnante.com", true */ 'a', 'd', 'o', 'n', 'n', 'a', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "adoptionlink.co.uk", true */ 'a', 'd', 'o', 'p', 't', 'i', 'o', 'n', 'l', 'i', 'n', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "adora-illustrations.fr", true */ 'a', 'd', 'o', 'r', 'a', '-', 'i', 'l', 'l', 'u', 's', 't', 'r', 'a', 't', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0', + /* "adorade.ro", true */ 'a', 'd', 'o', 'r', 'a', 'd', 'e', '.', 'r', 'o', '\0', + /* "adorai.tk", true */ 'a', 'd', 'o', 'r', 'a', 'i', '.', 't', 'k', '\0', + /* "adorecricket.com", true */ 'a', 'd', 'o', 'r', 'e', 'c', 'r', 'i', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "adorewe.com", true */ 'a', 'd', 'o', 'r', 'e', 'w', 'e', '.', 'c', 'o', 'm', '\0', + /* "adoriasoft.com", false */ 'a', 'd', 'o', 'r', 'i', 'a', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "adprospb.com", true */ 'a', 'd', 'p', 'r', 'o', 's', 'p', 'b', '.', 'c', 'o', 'm', '\0', + /* "adquisitio.co.uk", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "adquisitio.es", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'e', 's', '\0', + /* "adquisitio.fr", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'f', 'r', '\0', + /* "adquisitio.it", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'i', 't', '\0', + /* "adr.gov", true */ 'a', 'd', 'r', '.', 'g', 'o', 'v', '\0', + /* "adrafinil.wiki", true */ 'a', 'd', 'r', 'a', 'f', 'i', 'n', 'i', 'l', '.', 'w', 'i', 'k', 'i', '\0', + /* "adrenaline-gaming.ru", true */ 'a', 'd', 'r', 'e', 'n', 'a', 'l', 'i', 'n', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'r', 'u', '\0', + /* "adrianajewelry.my", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'a', 'j', 'e', 'w', 'e', 'l', 'r', 'y', '.', 'm', 'y', '\0', + /* "adrianbechtold.de", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'b', 'e', 'c', 'h', 't', 'o', 'l', 'd', '.', 'd', 'e', '\0', + /* "adriancitu.com", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'c', 'i', 't', 'u', '.', 'c', 'o', 'm', '\0', + /* "adriancostin.ro", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'c', 'o', 's', 't', 'i', 'n', '.', 'r', 'o', '\0', + /* "adrianjensen.com", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'j', 'e', 'n', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "adrianmejias.com", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'm', 'e', 'j', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "adrienkohlbecker.com", true */ 'a', 'd', 'r', 'i', 'e', 'n', 'k', 'o', 'h', 'l', 'b', 'e', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "adrinet.tk", true */ 'a', 'd', 'r', 'i', 'n', 'e', 't', '.', 't', 'k', '\0', + /* "adsbouncycastles.co.uk", true */ 'a', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "adtgroup.com", true */ 'a', 'd', 't', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "adurra.com", true */ 'a', 'd', 'u', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "aduvi.de", true */ 'a', 'd', 'u', 'v', 'i', '.', 'd', 'e', '\0', + /* "advaithnikhi.ml", true */ 'a', 'd', 'v', 'a', 'i', 't', 'h', 'n', 'i', 'k', 'h', 'i', '.', 'm', 'l', '\0', + /* "advaithnikhi.tk", true */ 'a', 'd', 'v', 'a', 'i', 't', 'h', 'n', 'i', 'k', 'h', 'i', '.', 't', 'k', '\0', + /* "advanced-online.eu", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0', + /* "advanced-scribes.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', '-', 's', 'c', 'r', 'i', 'b', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "advanced.info", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "advancedoneroofing.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'o', 'n', 'e', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "advancedplasticsurgerycenter.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "advancedprotectionkey.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "advancedprotectionsecuritykey.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "advancedseotool.it", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 's', 'e', 'o', 't', 'o', 'o', 'l', '.', 'i', 't', '\0', + /* "advancedwriters.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'w', 'r', 'i', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "advancis.net", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "advantagehomeexteriors.com", true */ 'a', 'd', 'v', 'a', 'n', 't', 'a', 'g', 'e', 'h', 'o', 'm', 'e', 'e', 'x', 't', 'e', 'r', 'i', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "advara.com", true */ 'a', 'd', 'v', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "advelty.cz", true */ 'a', 'd', 'v', 'e', 'l', 't', 'y', '.', 'c', 'z', '\0', + /* "adventistdeploy.org", true */ 'a', 'd', 'v', 'e', 'n', 't', 'i', 's', 't', 'd', 'e', 'p', 'l', 'o', 'y', '.', 'o', 'r', 'g', '\0', + /* "advento.bg", true */ 'a', 'd', 'v', 'e', 'n', 't', 'o', '.', 'b', 'g', '\0', + /* "adventure-inn.com", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '-', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "adventureally.com", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'a', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "adventureforest.co.nz", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'f', 'o', 'r', 'e', 's', 't', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "adventureforest.de", false */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'f', 'o', 'r', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "adventuregamers.com", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'g', 'a', 'm', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "adventures.de", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'd', 'e', '\0', + /* "adventureswithlillie.ca", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', 'w', 'i', 't', 'h', 'l', 'i', 'l', 'l', 'i', 'e', '.', 'c', 'a', '\0', + /* "advocate-europe.eu", true */ 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', '-', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'e', 'u', '\0', + /* "advocaten-avocats.be", true */ 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', 'n', '-', 'a', 'v', 'o', 'c', 'a', 't', 's', '.', 'b', 'e', '\0', + /* "advocatenalkmaar.org", true */ 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', 'n', 'a', 'l', 'k', 'm', 'a', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "advokat-romanov.com", true */ 'a', 'd', 'v', 'o', 'k', 'a', 't', '-', 'r', 'o', 'm', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "adware.pl", true */ 'a', 'd', 'w', 'a', 'r', 'e', '.', 'p', 'l', '\0', + /* "adws.io", true */ 'a', 'd', 'w', 's', '.', 'i', 'o', '\0', + /* "adxperience.com", true */ 'a', 'd', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "adzie.xyz", true */ 'a', 'd', 'z', 'i', 'e', '.', 'x', 'y', 'z', '\0', + /* "adzuna.at", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'a', 't', '\0', + /* "adzuna.ca", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'a', '\0', + /* "adzuna.co.nz", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "adzuna.co.za", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "adzuna.com", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "adzuna.com.au", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "adzuna.com.br", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "adzuna.de", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'd', 'e', '\0', + /* "adzuna.fr", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'f', 'r', '\0', + /* "adzuna.in", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'i', 'n', '\0', + /* "adzuna.it", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'i', 't', '\0', + /* "adzuna.nl", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'n', 'l', '\0', + /* "adzuna.pl", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'p', 'l', '\0', + /* "adzuna.ru", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'r', 'u', '\0', + /* "adzuna.sg", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 's', 'g', '\0', + /* "aebian.org", true */ 'a', 'e', 'b', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "aegee-utrecht.nl", true */ 'a', 'e', 'g', 'e', 'e', '-', 'u', 't', 'r', 'e', 'c', 'h', 't', '.', 'n', 'l', '\0', + /* "aegisalarm.co.uk", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aegisalarm.com", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "aegisalarms.co.uk", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aegisalarms.com", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "aegrel.ee", true */ 'a', 'e', 'g', 'r', 'e', 'l', '.', 'e', 'e', '\0', + /* "aehe.us", true */ 'a', 'e', 'h', 'e', '.', 'u', 's', '\0', + /* "aelurus.com", true */ 'a', 'e', 'l', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "aeon.co", true */ 'a', 'e', 'o', 'n', '.', 'c', 'o', '\0', + /* "aeon.wiki", true */ 'a', 'e', 'o', 'n', '.', 'w', 'i', 'k', 'i', '\0', + /* "aeradesign.com", true */ 'a', 'e', 'r', 'a', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "aerandir.fr", true */ 'a', 'e', 'r', 'a', 'n', 'd', 'i', 'r', '.', 'f', 'r', '\0', + /* "aerelon.de", false */ 'a', 'e', 'r', 'e', 'l', 'o', 'n', '.', 'd', 'e', '\0', + /* "aergia.eu", true */ 'a', 'e', 'r', 'g', 'i', 'a', '.', 'e', 'u', '\0', + /* "aerisnetwork.com", true */ 'a', 'e', 'r', 'i', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "aero-pioneer.com", true */ 'a', 'e', 'r', 'o', '-', 'p', 'i', 'o', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "aerobotz.com", true */ 'a', 'e', 'r', 'o', 'b', 'o', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "aertel.ie", true */ 'a', 'e', 'r', 't', 'e', 'l', '.', 'i', 'e', '\0', + /* "aessencia.com.br", true */ 'a', 'e', 's', 's', 'e', 'n', 'c', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "aestheticdr.org", true */ 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 'd', 'r', '.', 'o', 'r', 'g', '\0', + /* "aesthetics-blog.com", true */ 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 's', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "aestore.by", true */ 'a', 'e', 's', 't', 'o', 'r', 'e', '.', 'b', 'y', '\0', + /* "aesym.de", true */ 'a', 'e', 's', 'y', 'm', '.', 'd', 'e', '\0', + /* "aetherc0r3.eu", true */ 'a', 'e', 't', 'h', 'e', 'r', 'c', '0', 'r', '3', '.', 'e', 'u', '\0', + /* "aetoscg.com", true */ 'a', 'e', 't', 'o', 's', 'c', 'g', '.', 'c', 'o', 'm', '\0', + /* "aetoscg.com.au", true */ 'a', 'e', 't', 'o', 's', 'c', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "aextron.com", true */ 'a', 'e', 'x', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "aextron.de", true */ 'a', 'e', 'x', 't', 'r', 'o', 'n', '.', 'd', 'e', '\0', + /* "aextron.org", true */ 'a', 'e', 'x', 't', 'r', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "af-internet.nl", true */ 'a', 'f', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'n', 'l', '\0', + /* "afavre.io", true */ 'a', 'f', 'a', 'v', 'r', 'e', '.', 'i', 'o', '\0', + /* "afb24.de", true */ 'a', 'f', 'b', '2', '4', '.', 'd', 'e', '\0', + /* "afbeelding.im", true */ 'a', 'f', 'b', 'e', 'e', 'l', 'd', 'i', 'n', 'g', '.', 'i', 'm', '\0', + /* "afbeeldinguploaden.nl", true */ 'a', 'f', 'b', 'e', 'e', 'l', 'd', 'i', 'n', 'g', 'u', 'p', 'l', 'o', 'a', 'd', 'e', 'n', '.', 'n', 'l', '\0', + /* "affichagepub3.com", true */ 'a', 'f', 'f', 'i', 'c', 'h', 'a', 'g', 'e', 'p', 'u', 'b', '3', '.', 'c', 'o', 'm', '\0', + /* "affiliateroyale.com", true */ 'a', 'f', 'f', 'i', 'l', 'i', 'a', 't', 'e', 'r', 'o', 'y', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "affiliatetest.azurewebsites.net", true */ 'a', 'f', 'f', 'i', 'l', 'i', 'a', 't', 'e', 't', 'e', 's', 't', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "affilie.de", true */ 'a', 'f', 'f', 'i', 'l', 'i', 'e', '.', 'd', 'e', '\0', + /* "affinity.vc", true */ 'a', 'f', 'f', 'i', 'n', 'i', 't', 'y', '.', 'v', 'c', '\0', + /* "affinitysync.com", true */ 'a', 'f', 'f', 'i', 'n', 'i', 't', 'y', 's', 'y', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "affordableazdivorce.com", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'a', 'z', 'd', 'i', 'v', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "affordablebouncycastle.co.uk", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "affordablemudjacking.com", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'm', 'u', 'd', 'j', 'a', 'c', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "affordablepapers.com", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "affordableracingparts.com.au", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'r', 'a', 'c', 'i', 'n', 'g', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "afghan.dating", true */ 'a', 'f', 'g', 'h', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "afi-business-consulting.com", true */ 'a', 'f', 'i', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "aficionados.com.br", true */ 'a', 'f', 'i', 'c', 'i', 'o', 'n', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "afinadoronline.com.br", true */ 'a', 'f', 'i', 'n', 'a', 'd', 'o', 'r', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "aflamtorrent.com", true */ 'a', 'f', 'l', 'a', 'm', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "aflfreebets.com", true */ 'a', 'f', 'l', 'f', 'r', 'e', 'e', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "aflowershop.ca", true */ 'a', 'f', 'l', 'o', 'w', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'a', '\0', + /* "afmt.fr", true */ 'a', 'f', 'm', 't', '.', 'f', 'r', '\0', + /* "afmtevents.com", true */ 'a', 'f', 'm', 't', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "afonso.io", true */ 'a', 'f', 'o', 'n', 's', 'o', '.', 'i', 'o', '\0', + /* "afp548.com", true */ 'a', 'f', 'p', '5', '4', '8', '.', 'c', 'o', 'm', '\0', + /* "afri.cc", true */ 'a', 'f', 'r', 'i', '.', 'c', 'c', '\0', + /* "africa.dating", true */ 'a', 'f', 'r', 'i', 'c', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "africanexponent.com", true */ 'a', 'f', 'r', 'i', 'c', 'a', 'n', 'e', 'x', 'p', 'o', 'n', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "africanimpact.com", true */ 'a', 'f', 'r', 'i', 'c', 'a', 'n', 'i', 'm', 'p', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "africatravel.de", true */ 'a', 'f', 'r', 'i', 'c', 'a', 't', 'r', 'a', 'v', 'e', 'l', '.', 'd', 'e', '\0', + /* "afrikarl.de", true */ 'a', 'f', 'r', 'i', 'k', 'a', 'r', 'l', '.', 'd', 'e', '\0', + /* "afrodigital.uk", true */ 'a', 'f', 'r', 'o', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'u', 'k', '\0', + /* "after.digital", true */ 'a', 'f', 't', 'e', 'r', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "afterhate.fr", true */ 'a', 'f', 't', 'e', 'r', 'h', 'a', 't', 'e', '.', 'f', 'r', '\0', + /* "afuh.de", true */ 'a', 'f', 'u', 'h', '.', 'd', 'e', '\0', + /* "afva.net", true */ 'a', 'f', 'v', 'a', '.', 'n', 'e', 't', '\0', + /* "ag-websolutions.de", true */ 'a', 'g', '-', 'w', 'e', 'b', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0', + /* "agalliasis.ch", true */ 'a', 'g', 'a', 'l', 'l', 'i', 'a', 's', 'i', 's', '.', 'c', 'h', '\0', + /* "agamsecurity.ch", true */ 'a', 'g', 'a', 'm', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'h', '\0', + /* "agate.pw", true */ 'a', 'g', 'a', 't', 'e', '.', 'p', 'w', '\0', + /* "agdalieso.com.ba", true */ 'a', 'g', 'd', 'a', 'l', 'i', 'e', 's', 'o', '.', 'c', 'o', 'm', '.', 'b', 'a', '\0', + /* "ageg.ca", true */ 'a', 'g', 'e', 'g', '.', 'c', 'a', '\0', + /* "agenciadeempregosdourados.com.br", true */ 'a', 'g', 'e', 'n', 'c', 'i', 'a', 'd', 'e', 'e', 'm', 'p', 'r', 'e', 'g', 'o', 's', 'd', 'o', 'u', 'r', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "agenciafiscal.pe", true */ 'a', 'g', 'e', 'n', 'c', 'i', 'a', 'f', 'i', 's', 'c', 'a', 'l', '.', 'p', 'e', '\0', + /* "agenciagriff.com", true */ 'a', 'g', 'e', 'n', 'c', 'i', 'a', 'g', 'r', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "agencymanager.be", true */ 'a', 'g', 'e', 'n', 'c', 'y', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'b', 'e', '\0', + /* "agenda-loto.net", false */ 'a', 'g', 'e', 'n', 'd', 'a', '-', 'l', 'o', 't', 'o', '.', 'n', 'e', 't', '\0', + /* "agenda21senden.de", true */ 'a', 'g', 'e', 'n', 'd', 'a', '2', '1', 's', 'e', 'n', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "agent-grow.com", true */ 'a', 'g', 'e', 'n', 't', '-', 'g', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "agent6.com.au", true */ 'a', 'g', 'e', 'n', 't', '6', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "agentprocessing.com", true */ 'a', 'g', 'e', 'n', 't', 'p', 'r', 'o', 'c', 'e', 's', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "agfmedia.com", true */ 'a', 'g', 'f', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "agglo-sion.ch", true */ 'a', 'g', 'g', 'l', 'o', '-', 's', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "aggr.pw", true */ 'a', 'g', 'g', 'r', '.', 'p', 'w', '\0', + /* "agia.ad", true */ 'a', 'g', 'i', 'a', '.', 'a', 'd', '\0', + /* "agiairini.cz", true */ 'a', 'g', 'i', 'a', 'i', 'r', 'i', 'n', 'i', '.', 'c', 'z', '\0', + /* "agilebits.com", true */ 'a', 'g', 'i', 'l', 'e', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "agilebits.net", false */ 'a', 'g', 'i', 'l', 'e', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0', + /* "agileecommerce.com.br", true */ 'a', 'g', 'i', 'l', 'e', 'e', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "agileui.com", true */ 'a', 'g', 'i', 'l', 'e', 'u', 'i', '.', 'c', 'o', 'm', '\0', + /* "agiley.se", true */ 'a', 'g', 'i', 'l', 'e', 'y', '.', 's', 'e', '\0', + /* "agilob.net", true */ 'a', 'g', 'i', 'l', 'o', 'b', '.', 'n', 'e', 't', '\0', + /* "aging.gov", true */ 'a', 'g', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0', + /* "agingstop.net", true */ 'a', 'g', 'i', 'n', 'g', 's', 't', 'o', 'p', '.', 'n', 'e', 't', '\0', + /* "agoodmind.com", true */ 'a', 'g', 'o', 'o', 'd', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "agoravox.fr", true */ 'a', 'g', 'o', 'r', 'a', 'v', 'o', 'x', '.', 'f', 'r', '\0', + /* "agoravox.it", true */ 'a', 'g', 'o', 'r', 'a', 'v', 'o', 'x', '.', 'i', 't', '\0', + /* "agoravox.tv", true */ 'a', 'g', 'o', 'r', 'a', 'v', 'o', 'x', '.', 't', 'v', '\0', + /* "agotnes.com", true */ 'a', 'g', 'o', 't', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "agouraelectrical.com", true */ 'a', 'g', 'o', 'u', 'r', 'a', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "agourahillselectrical.com", true */ 'a', 'g', 'o', 'u', 'r', 'a', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "agowa.eu", true */ 'a', 'g', 'o', 'w', 'a', '.', 'e', 'u', '\0', + /* "agowa338.de", true */ 'a', 'g', 'o', 'w', 'a', '3', '3', '8', '.', 'd', 'e', '\0', + /* "agr.asia", true */ 'a', 'g', 'r', '.', 'a', 's', 'i', 'a', '\0', + /* "agrarking.com", true */ 'a', 'g', 'r', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "agrarking.de", true */ 'a', 'g', 'r', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "agrarshop4u.de", true */ 'a', 'g', 'r', 'a', 'r', 's', 'h', 'o', 'p', '4', 'u', '.', 'd', 'e', '\0', + /* "agrekov.ru", true */ 'a', 'g', 'r', 'e', 'k', 'o', 'v', '.', 'r', 'u', '\0', + /* "agreor.com", true */ 'a', 'g', 'r', 'e', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "agricolo.ch", true */ 'a', 'g', 'r', 'i', 'c', 'o', 'l', 'o', '.', 'c', 'h', '\0', + /* "agridir.site", true */ 'a', 'g', 'r', 'i', 'd', 'i', 'r', '.', 's', 'i', 't', 'e', '\0', + /* "agrikulturchic.com", true */ 'a', 'g', 'r', 'i', 'k', 'u', 'l', 't', 'u', 'r', 'c', 'h', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "agrilinks.org", true */ 'a', 'g', 'r', 'i', 'l', 'i', 'n', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "agrios.de", true */ 'a', 'g', 'r', 'i', 'o', 's', '.', 'd', 'e', '\0', + /* "agroglass.com.br", true */ 'a', 'g', 'r', 'o', 'g', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "agroline.by", true */ 'a', 'g', 'r', 'o', 'l', 'i', 'n', 'e', '.', 'b', 'y', '\0', + /* "agroyard.com.ua", true */ 'a', 'g', 'r', 'o', 'y', 'a', 'r', 'd', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "agsb.ch", true */ 'a', 'g', 's', 'b', '.', 'c', 'h', '\0', + /* "agung-furniture.com", true */ 'a', 'g', 'u', 'n', 'g', '-', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "agwa.name", true */ 'a', 'g', 'w', 'a', '.', 'n', 'a', 'm', 'e', '\0', + /* "ahcpr.gov", false */ 'a', 'h', 'c', 'p', 'r', '.', 'g', 'o', 'v', '\0', + /* "ahd.com", false */ 'a', 'h', 'd', '.', 'c', 'o', 'm', '\0', + /* "ahelos.tk", true */ 'a', 'h', 'e', 'l', 'o', 's', '.', 't', 'k', '\0', + /* "aheng.me", true */ 'a', 'h', 'e', 'n', 'g', '.', 'm', 'e', '\0', + /* "ahero4all.org", true */ 'a', 'h', 'e', 'r', 'o', '4', 'a', 'l', 'l', '.', 'o', 'r', 'g', '\0', + /* "ahiru3.com", true */ 'a', 'h', 'i', 'r', 'u', '3', '.', 'c', 'o', 'm', '\0', + /* "ahkubiak.ovh", true */ 'a', 'h', 'k', 'u', 'b', 'i', 'a', 'k', '.', 'o', 'v', 'h', '\0', + /* "ahlaejaba.com", true */ 'a', 'h', 'l', 'a', 'e', 'j', 'a', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "ahlz.sk", true */ 'a', 'h', 'l', 'z', '.', 's', 'k', '\0', + /* "ahmad.works", true */ 'a', 'h', 'm', 'a', 'd', '.', 'w', 'o', 'r', 'k', 's', '\0', + /* "ahmadly.com", true */ 'a', 'h', 'm', 'a', 'd', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "ahmedabadflowermall.com", true */ 'a', 'h', 'm', 'e', 'd', 'a', 'b', 'a', 'd', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "ahmedcharles.com", true */ 'a', 'h', 'm', 'e', 'd', 'c', 'h', 'a', 'r', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ahmerjamilkhan.org", true */ 'a', 'h', 'm', 'e', 'r', 'j', 'a', 'm', 'i', 'l', 'k', 'h', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "aholic.co", true */ 'a', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'o', '\0', + /* "ahoy.travel", true */ 'a', 'h', 'o', 'y', '.', 't', 'r', 'a', 'v', 'e', 'l', '\0', + /* "ahoyconference.com", true */ 'a', 'h', 'o', 'y', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "ahrq.gov", false */ 'a', 'h', 'r', 'q', '.', 'g', 'o', 'v', '\0', + /* "ahughes03.com", true */ 'a', 'h', 'u', 'g', 'h', 'e', 's', '0', '3', '.', 'c', 'o', 'm', '\0', + /* "ahxxm.com", true */ 'a', 'h', 'x', 'x', 'm', '.', 'c', 'o', 'm', '\0', + /* "ai-english.jp", true */ 'a', 'i', '-', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'j', 'p', '\0', + /* "aia.de", true */ 'a', 'i', 'a', '.', 'd', 'e', '\0', + /* "aibenzi.com", true */ 'a', 'i', 'b', 'e', 'n', 'z', 'i', '.', 'c', 'o', 'm', '\0', + /* "aicial.co.uk", true */ 'a', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aicial.com", true */ 'a', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "aid-web.ch", true */ 'a', 'i', 'd', '-', 'w', 'e', 'b', '.', 'c', 'h', '\0', + /* "aide-valais.ch", true */ 'a', 'i', 'd', 'e', '-', 'v', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0', + /* "aiden.link", true */ 'a', 'i', 'd', 'e', 'n', '.', 'l', 'i', 'n', 'k', '\0', + /* "aidhan.net", true */ 'a', 'i', 'd', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "aie.de", true */ 'a', 'i', 'e', '.', 'd', 'e', '\0', + /* "aiesecarad.ro", true */ 'a', 'i', 'e', 's', 'e', 'c', 'a', 'r', 'a', 'd', '.', 'r', 'o', '\0', + /* "aiforsocialmedia.com", true */ 'a', 'i', 'f', 'o', 'r', 's', 'o', 'c', 'i', 'a', 'l', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "aigcev.org", true */ 'a', 'i', 'g', 'c', 'e', 'v', '.', 'o', 'r', 'g', '\0', + /* "aigenpul.se", true */ 'a', 'i', 'g', 'e', 'n', 'p', 'u', 'l', '.', 's', 'e', '\0', + /* "aiida.se", true */ 'a', 'i', 'i', 'd', 'a', '.', 's', 'e', '\0', + /* "aijsk.com", true */ 'a', 'i', 'j', 's', 'k', '.', 'c', 'o', 'm', '\0', + /* "aikenorganics.com", true */ 'a', 'i', 'k', 'e', 'n', 'o', 'r', 'g', 'a', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "aikenpromotions.com", true */ 'a', 'i', 'k', 'e', 'n', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "aikido-club-limburg.de", true */ 'a', 'i', 'k', 'i', 'd', 'o', '-', 'c', 'l', 'u', 'b', '-', 'l', 'i', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "aikido-linz.at", true */ 'a', 'i', 'k', 'i', 'd', 'o', '-', 'l', 'i', 'n', 'z', '.', 'a', 't', '\0', + /* "aikido-wels.at", true */ 'a', 'i', 'k', 'i', 'd', 'o', '-', 'w', 'e', 'l', 's', '.', 'a', 't', '\0', + /* "aimeeandalec.com", true */ 'a', 'i', 'm', 'e', 'e', 'a', 'n', 'd', 'a', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "aimgroup.co.tz", true */ 'a', 'i', 'm', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 't', 'z', '\0', + /* "aimotive.com", true */ 'a', 'i', 'm', 'o', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "aintevenmad.ch", true */ 'a', 'i', 'n', 't', 'e', 'v', 'e', 'n', 'm', 'a', 'd', '.', 'c', 'h', '\0', + /* "aioboot.com", true */ 'a', 'i', 'o', 'b', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "aiois.com", true */ 'a', 'i', 'o', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "aiphyron.com", true */ 'a', 'i', 'p', 'h', 'y', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "air-craftglass.com", true */ 'a', 'i', 'r', '-', 'c', 'r', 'a', 'f', 't', 'g', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "air-shots.ch", true */ 'a', 'i', 'r', '-', 's', 'h', 'o', 't', 's', '.', 'c', 'h', '\0', + /* "air-we-go.co.uk", true */ 'a', 'i', 'r', '-', 'w', 'e', '-', 'g', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "airbly.com", true */ 'a', 'i', 'r', 'b', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "airbnb.com", true */ 'a', 'i', 'r', 'b', 'n', 'b', '.', 'c', 'o', 'm', '\0', + /* "airbnbopen.com", true */ 'a', 'i', 'r', 'b', 'n', 'b', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "airborne-inflatables.co.uk", true */ 'a', 'i', 'r', 'b', 'o', 'r', 'n', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "airclass.com", true */ 'a', 'i', 'r', 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "aircomms.com", true */ 'a', 'i', 'r', 'c', 'o', 'm', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "airductclean.com", false */ 'a', 'i', 'r', 'd', 'u', 'c', 't', 'c', 'l', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "airdur.eu", true */ 'a', 'i', 'r', 'd', 'u', 'r', '.', 'e', 'u', '\0', + /* "airedaleterrier.com.br", true */ 'a', 'i', 'r', 'e', 'd', 'a', 'l', 'e', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "airetvie.com", true */ 'a', 'i', 'r', 'e', 't', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "airfax.io", true */ 'a', 'i', 'r', 'f', 'a', 'x', '.', 'i', 'o', '\0', + /* "airhart.me", true */ 'a', 'i', 'r', 'h', 'a', 'r', 't', '.', 'm', 'e', '\0', + /* "airhelp.com", true */ 'a', 'i', 'r', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0', + /* "airicy.com", true */ 'a', 'i', 'r', 'i', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "airmail.cc", true */ 'a', 'i', 'r', 'm', 'a', 'i', 'l', '.', 'c', 'c', '\0', + /* "airmaxinflatables.com", true */ 'a', 'i', 'r', 'm', 'a', 'x', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "airnow.gov", true */ 'a', 'i', 'r', 'n', 'o', 'w', '.', 'g', 'o', 'v', '\0', + /* "airpbx.com", true */ 'a', 'i', 'r', 'p', 'b', 'x', '.', 'c', 'o', 'm', '\0', + /* "airplay-inflatable-hire.co.uk", true */ 'a', 'i', 'r', 'p', 'l', 'a', 'y', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', '-', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "airplayradio.nl", true */ 'a', 'i', 'r', 'p', 'l', 'a', 'y', 'r', 'a', 'd', 'i', 'o', '.', 'n', 'l', '\0', + /* "airportlimototoronto.com", true */ 'a', 'i', 'r', 'p', 'o', 'r', 't', 'l', 'i', 'm', 'o', 't', 'o', 't', 'o', 'r', 'o', 'n', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "airpurifierproductsonline.com", true */ 'a', 'i', 'r', 'p', 'u', 'r', 'i', 'f', 'i', 'e', 'r', 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "airsoft.ch", true */ 'a', 'i', 'r', 's', 'o', 'f', 't', '.', 'c', 'h', '\0', + /* "airtimefranchise.com", true */ 'a', 'i', 'r', 't', 'i', 'm', 'e', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "airvpn.org", true */ 'a', 'i', 'r', 'v', 'p', 'n', '.', 'o', 'r', 'g', '\0', + /* "airvuz.com", true */ 'a', 'i', 'r', 'v', 'u', 'z', '.', 'c', 'o', 'm', '\0', + /* "airwegobouncycastles.co.uk", true */ 'a', 'i', 'r', 'w', 'e', 'g', 'o', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ais.fashion", true */ 'a', 'i', 's', '.', 'f', 'a', 's', 'h', 'i', 'o', 'n', '\0', + /* "aistockcharts.com", true */ 'a', 'i', 's', 't', 'o', 'c', 'k', 'c', 'h', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "ait.com.ar", true */ 'a', 'i', 't', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "aiticon.com", true */ 'a', 'i', 't', 'i', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "aitosoftware.com", true */ 'a', 'i', 't', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "aiutodomestico.ch", true */ 'a', 'i', 'u', 't', 'o', 'd', 'o', 'm', 'e', 's', 't', 'i', 'c', 'o', '.', 'c', 'h', '\0', + /* "aivd.lol", true */ 'a', 'i', 'v', 'd', '.', 'l', 'o', 'l', '\0', + /* "aiwdirect.com", true */ 'a', 'i', 'w', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "aixxe.net", true */ 'a', 'i', 'x', 'x', 'e', '.', 'n', 'e', 't', '\0', + /* "ajapaik.ee", true */ 'a', 'j', 'a', 'p', 'a', 'i', 'k', '.', 'e', 'e', '\0', + /* "ajarope.com", true */ 'a', 'j', 'a', 'r', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "ajbouncycastles.co.uk", true */ 'a', 'j', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ajces.com", true */ 'a', 'j', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ajdiaz.me", true */ 'a', 'j', 'd', 'i', 'a', 'z', '.', 'm', 'e', '\0', + /* "ajetaci.cz", true */ 'a', 'j', 'e', 't', 'a', 'c', 'i', '.', 'c', 'z', '\0', + /* "ajeventhire.co.uk", true */ 'a', 'j', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ajibot.com", true */ 'a', 'j', 'i', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "ajnasz.hu", true */ 'a', 'j', 'n', 'a', 's', 'z', '.', 'h', 'u', '\0', + /* "ak-varazdin.hr", true */ 'a', 'k', '-', 'v', 'a', 'r', 'a', 'z', 'd', 'i', 'n', '.', 'h', 'r', '\0', + /* "akachanikuji.com", true */ 'a', 'k', 'a', 'c', 'h', 'a', 'n', 'i', 'k', 'u', 'j', 'i', '.', 'c', 'o', 'm', '\0', + /* "akalashnikov.ru", true */ 'a', 'k', 'a', 'l', 'a', 's', 'h', 'n', 'i', 'k', 'o', 'v', '.', 'r', 'u', '\0', + /* "akamon.ac.jp", true */ 'a', 'k', 'a', 'm', 'o', 'n', '.', 'a', 'c', '.', 'j', 'p', '\0', + /* "akaoma.com", true */ 'a', 'k', 'a', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "akazakov.info", true */ 'a', 'k', 'a', 'z', 'a', 'k', 'o', 'v', '.', 'i', 'n', 'f', 'o', '\0', + /* "akdigitalegesellschaft.de", false */ 'a', 'k', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'g', 'e', 's', 'e', 'l', 'l', 's', 'c', 'h', 'a', 'f', 't', '.', 'd', 'e', '\0', + /* "akelius.de", false */ 'a', 'k', 'e', 'l', 'i', 'u', 's', '.', 'd', 'e', '\0', + /* "akhilindurti.com", false */ 'a', 'k', 'h', 'i', 'l', 'i', 'n', 'd', 'u', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "akhras.at", true */ 'a', 'k', 'h', 'r', 'a', 's', '.', 'a', 't', '\0', + /* "akihito.com", true */ 'a', 'k', 'i', 'h', 'i', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "akijo.de", true */ 'a', 'k', 'i', 'j', 'o', '.', 'd', 'e', '\0', + /* "akita-boutique.com", true */ 'a', 'k', 'i', 't', 'a', '-', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "akkbouncycastles.co.uk", true */ 'a', 'k', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "akoch.net", true */ 'a', 'k', 'o', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "akostecki.de", true */ 'a', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0', + /* "akovana.com", true */ 'a', 'k', 'o', 'v', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "akoya.fi", true */ 'a', 'k', 'o', 'y', 'a', '.', 'f', 'i', '\0', + /* "akpwebdesign.com", true */ 'a', 'k', 'p', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "akr.io", true */ 'a', 'k', 'r', '.', 'i', 'o', '\0', + /* "akritikos.info", true */ 'a', 'k', 'r', 'i', 't', 'i', 'k', 'o', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "akropolis-ravensburg.de", true */ 'a', 'k', 'r', 'o', 'p', 'o', 'l', 'i', 's', '-', 'r', 'a', 'v', 'e', 'n', 's', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "akselinurmio.fi", true */ 'a', 'k', 's', 'e', 'l', 'i', 'n', 'u', 'r', 'm', 'i', 'o', '.', 'f', 'i', '\0', + /* "aktiv-naturheilmittel.at", true */ 'a', 'k', 't', 'i', 'v', '-', 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'm', 'i', 't', 't', 'e', 'l', '.', 'a', 't', '\0', + /* "aktiv-naturheilmittel.ch", true */ 'a', 'k', 't', 'i', 'v', '-', 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'm', 'i', 't', 't', 'e', 'l', '.', 'c', 'h', '\0', + /* "aktiv-naturheilmittel.de", true */ 'a', 'k', 't', 'i', 'v', '-', 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'm', 'i', 't', 't', 'e', 'l', '.', 'd', 'e', '\0', + /* "aktivace.eu", true */ 'a', 'k', 't', 'i', 'v', 'a', 'c', 'e', '.', 'e', 'u', '\0', + /* "aktivierungscenter.de", true */ 'a', 'k', 't', 'i', 'v', 'i', 'e', 'r', 'u', 'n', 'g', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "akutun.cl", true */ 'a', 'k', 'u', 't', 'u', 'n', '.', 'c', 'l', '\0', + /* "akvorrat.at", true */ 'a', 'k', 'v', 'o', 'r', 'r', 'a', 't', '.', 'a', 't', '\0', + /* "al3xpro.com", true */ 'a', 'l', '3', 'x', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "alaboard.com", true */ 'a', 'l', 'a', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "aladdinschools.appspot.com", true */ 'a', 'l', 'a', 'd', 'd', 'i', 'n', 's', 'c', 'h', 'o', 'o', 'l', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "alainbaechlerphotography.ch", true */ 'a', 'l', 'a', 'i', 'n', 'b', 'a', 'e', 'c', 'h', 'l', 'e', 'r', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'h', '\0', + /* "alainmargot.ch", true */ 'a', 'l', 'a', 'i', 'n', 'm', 'a', 'r', 'g', 'o', 't', '.', 'c', 'h', '\0', + /* "alainwolf.ch", true */ 'a', 'l', 'a', 'i', 'n', 'w', 'o', 'l', 'f', '.', 'c', 'h', '\0', + /* "alainwolf.net", true */ 'a', 'l', 'a', 'i', 'n', 'w', 'o', 'l', 'f', '.', 'n', 'e', 't', '\0', + /* "alamgir.works", true */ 'a', 'l', 'a', 'm', 'g', 'i', 'r', '.', 'w', 'o', 'r', 'k', 's', '\0', + /* "alanhuang.name", true */ 'a', 'l', 'a', 'n', 'h', 'u', 'a', 'n', 'g', '.', 'n', 'a', 'm', 'e', '\0', + /* "alaninkenya.org", true */ 'a', 'l', 'a', 'n', 'i', 'n', 'k', 'e', 'n', 'y', 'a', '.', 'o', 'r', 'g', '\0', + /* "alaricfavier.eu", false */ 'a', 'l', 'a', 'r', 'i', 'c', 'f', 'a', 'v', 'i', 'e', 'r', '.', 'e', 'u', '\0', + /* "alarmcomplete.co.uk", true */ 'a', 'l', 'a', 'r', 'm', 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "alastairs-place.net", true */ 'a', 'l', 'a', 's', 't', 'a', 'i', 'r', 's', '-', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "alaundeil.xyz", true */ 'a', 'l', 'a', 'u', 'n', 'd', 'e', 'i', 'l', '.', 'x', 'y', 'z', '\0', + /* "alaxyjewellers.co.za", true */ 'a', 'l', 'a', 'x', 'y', 'j', 'e', 'w', 'e', 'l', 'l', 'e', 'r', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "alb-flirt.de", true */ 'a', 'l', 'b', '-', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0', + /* "albbounce.co.uk", true */ 'a', 'l', 'b', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "albersdruck.de", true */ 'a', 'l', 'b', 'e', 'r', 's', 'd', 'r', 'u', 'c', 'k', '.', 'd', 'e', '\0', + /* "albertathome.org", true */ 'a', 'l', 'b', 'e', 'r', 't', 'a', 't', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "albertify.xyz", true */ 'a', 'l', 'b', 'e', 'r', 't', 'i', 'f', 'y', '.', 'x', 'y', 'z', '\0', + /* "albion2.org", true */ 'a', 'l', 'b', 'i', 'o', 'n', '2', '.', 'o', 'r', 'g', '\0', + /* "alboweb.nl", true */ 'a', 'l', 'b', 'o', 'w', 'e', 'b', '.', 'n', 'l', '\0', + /* "albuic.tk", true */ 'a', 'l', 'b', 'u', 'i', 'c', '.', 't', 'k', '\0', + /* "alca31.com", true */ 'a', 'l', 'c', 'a', '3', '1', '.', 'c', 'o', 'm', '\0', + /* "alcatelonetouch.us", true */ 'a', 'l', 'c', 'a', 't', 'e', 'l', 'o', 'n', 'e', 't', 'o', 'u', 'c', 'h', '.', 'u', 's', '\0', + /* "alchemia.co.il", true */ 'a', 'l', 'c', 'h', 'e', 'm', 'i', 'a', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "alchimic.ch", true */ 'a', 'l', 'c', 'h', 'i', 'm', 'i', 'c', '.', 'c', 'h', '\0', + /* "alcorao.org", true */ 'a', 'l', 'c', 'o', 'r', 'a', 'o', '.', 'o', 'r', 'g', '\0', + /* "aldes.co.za", true */ 'a', 'l', 'd', 'e', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "aldien.com.br", true */ 'a', 'l', 'd', 'i', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "aldous-huxley.com", true */ 'a', 'l', 'd', 'o', 'u', 's', '-', 'h', 'u', 'x', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "aleax.me", true */ 'a', 'l', 'e', 'a', 'x', '.', 'm', 'e', '\0', + /* "alecpap.com", true */ 'a', 'l', 'e', 'c', 'p', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "alecpapierniak.com", true */ 'a', 'l', 'e', 'c', 'p', 'a', 'p', 'i', 'e', 'r', 'n', 'i', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "alecrust.com", true */ 'a', 'l', 'e', 'c', 'r', 'u', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "aleksejjocic.tk", true */ 'a', 'l', 'e', 'k', 's', 'e', 'j', 'j', 'o', 'c', 'i', 'c', '.', 't', 'k', '\0', + /* "aleksib.fi", true */ 'a', 'l', 'e', 'k', 's', 'i', 'b', '.', 'f', 'i', '\0', + /* "alela.fr", true */ 'a', 'l', 'e', 'l', 'a', '.', 'f', 'r', '\0', + /* "aleph.land", true */ 'a', 'l', 'e', 'p', 'h', '.', 'l', 'a', 'n', 'd', '\0', + /* "alertaenlinea.gov", true */ 'a', 'l', 'e', 'r', 't', 'a', 'e', 'n', 'l', 'i', 'n', 'e', 'a', '.', 'g', 'o', 'v', '\0', + /* "alertboxx.com", true */ 'a', 'l', 'e', 'r', 't', 'b', 'o', 'x', 'x', '.', 'c', 'o', 'm', '\0', + /* "alertonline.nl", true */ 'a', 'l', 'e', 'r', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0', + /* "alerts.sg", true */ 'a', 'l', 'e', 'r', 't', 's', '.', 's', 'g', '\0', + /* "alertwire.com", true */ 'a', 'l', 'e', 'r', 't', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "alessandroonline.com.br", true */ 'a', 'l', 'e', 's', 's', 'a', 'n', 'd', 'r', 'o', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "aletm.it", true */ 'a', 'l', 'e', 't', 'm', '.', 'i', 't', '\0', + /* "alex-ross.co.uk", true */ 'a', 'l', 'e', 'x', '-', 'r', 'o', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "alex97000.de", true */ 'a', 'l', 'e', 'x', '9', '7', '0', '0', '0', '.', 'd', 'e', '\0', + /* "alexander-beck.eu", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'e', 'r', '-', 'b', 'e', 'c', 'k', '.', 'e', 'u', '\0', + /* "alexandermuetzel.de", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'e', 'r', 'm', 'u', 'e', 't', 'z', 'e', 'l', '.', 'd', 'e', '\0', + /* "alexanderschimpf.de", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'e', 'r', 's', 'c', 'h', 'i', 'm', 'p', 'f', '.', 'd', 'e', '\0', + /* "alexandra-schulze.de", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'a', '-', 's', 'c', 'h', 'u', 'l', 'z', 'e', '.', 'd', 'e', '\0', + /* "alexandre-blond.fr", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'e', '-', 'b', 'l', 'o', 'n', 'd', '.', 'f', 'r', '\0', + /* "alexandros.io", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'o', 's', '.', 'i', 'o', '\0', + /* "alexbaker.org", true */ 'a', 'l', 'e', 'x', 'b', 'a', 'k', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "alexberts.ch", true */ 'a', 'l', 'e', 'x', 'b', 'e', 'r', 't', 's', '.', 'c', 'h', '\0', + /* "alexcoman.com", true */ 'a', 'l', 'e', 'x', 'c', 'o', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "alexdaniel.org", true */ 'a', 'l', 'e', 'x', 'd', 'a', 'n', 'i', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "alexdaulby.com", true */ 'a', 'l', 'e', 'x', 'd', 'a', 'u', 'l', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "alexey-shamara.ru", true */ 'a', 'l', 'e', 'x', 'e', 'y', '-', 's', 'h', 'a', 'm', 'a', 'r', 'a', '.', 'r', 'u', '\0', + /* "alexeykopytko.com", true */ 'a', 'l', 'e', 'x', 'e', 'y', 'k', 'o', 'p', 'y', 't', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "alexfisherhealth.com.au", true */ 'a', 'l', 'e', 'x', 'f', 'i', 's', 'h', 'e', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "alexgaynor.net", true */ 'a', 'l', 'e', 'x', 'g', 'a', 'y', 'n', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "alexhaydock.co.uk", true */ 'a', 'l', 'e', 'x', 'h', 'a', 'y', 'd', 'o', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "alexhd.de", true */ 'a', 'l', 'e', 'x', 'h', 'd', '.', 'd', 'e', '\0', + /* "alexisabarca.com", true */ 'a', 'l', 'e', 'x', 'i', 's', 'a', 'b', 'a', 'r', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "alexischaussy.xyz", true */ 'a', 'l', 'e', 'x', 'i', 's', 'c', 'h', 'a', 'u', 's', 's', 'y', '.', 'x', 'y', 'z', '\0', + /* "alexismeza.com", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "alexismeza.com.mx", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "alexismeza.dk", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'd', 'k', '\0', + /* "alexismeza.es", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'e', 's', '\0', + /* "alexismeza.nl", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'n', 'l', '\0', + /* "alexkott.com", true */ 'a', 'l', 'e', 'x', 'k', 'o', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "alexmak.net", true */ 'a', 'l', 'e', 'x', 'm', 'a', 'k', '.', 'n', 'e', 't', '\0', + /* "alexmerkel.com", true */ 'a', 'l', 'e', 'x', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "alexmerkel.me", true */ 'a', 'l', 'e', 'x', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'm', 'e', '\0', + /* "alexmerkel.xyz", true */ 'a', 'l', 'e', 'x', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'x', 'y', 'z', '\0', + /* "alexn.org", true */ 'a', 'l', 'e', 'x', 'n', '.', 'o', 'r', 'g', '\0', + /* "alexpavel.com", true */ 'a', 'l', 'e', 'x', 'p', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "alexpotter.net", false */ 'a', 'l', 'e', 'x', 'p', 'o', 't', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "alexs.de", true */ 'a', 'l', 'e', 'x', 's', '.', 'd', 'e', '\0', + /* "alexsergeyev.com", true */ 'a', 'l', 'e', 'x', 's', 'e', 'r', 'g', 'e', 'y', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "alexsexton.com", true */ 'a', 'l', 'e', 'x', 's', 'e', 'x', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "alextaffe.com", true */ 'a', 'l', 'e', 'x', 't', 'a', 'f', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "alextsang.net", true */ 'a', 'l', 'e', 'x', 't', 's', 'a', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "alexvdveen.nl", true */ 'a', 'l', 'e', 'x', 'v', 'd', 'v', 'e', 'e', 'n', '.', 'n', 'l', '\0', + /* "alexvetter.de", true */ 'a', 'l', 'e', 'x', 'v', 'e', 't', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "alexwardweb.com", true */ 'a', 'l', 'e', 'x', 'w', 'a', 'r', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "alexyang.me", true */ 'a', 'l', 'e', 'x', 'y', 'a', 'n', 'g', '.', 'm', 'e', '\0', + /* "alfa-tech.su", true */ 'a', 'l', 'f', 'a', '-', 't', 'e', 'c', 'h', '.', 's', 'u', '\0', + /* "alfaperfumes.com.br", true */ 'a', 'l', 'f', 'a', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "alfaponny.se", true */ 'a', 'l', 'f', 'a', 'p', 'o', 'n', 'n', 'y', '.', 's', 'e', '\0', + /* "alfirous.com", true */ 'a', 'l', 'f', 'i', 'r', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "algarmatic-automatismos.pt", true */ 'a', 'l', 'g', 'a', 'r', 'm', 'a', 't', 'i', 'c', '-', 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 's', 'm', 'o', 's', '.', 'p', 't', '\0', + /* "algebraaec.com", true */ 'a', 'l', 'g', 'e', 'b', 'r', 'a', 'a', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "alghanimcatering.com", true */ 'a', 'l', 'g', 'h', 'a', 'n', 'i', 'm', 'c', 'a', 't', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "algoentremanos.com", true */ 'a', 'l', 'g', 'o', 'e', 'n', 't', 'r', 'e', 'm', 'a', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "algolia.com", true */ 'a', 'l', 'g', 'o', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "aliacraft.net", true */ 'a', 'l', 'i', 'a', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "aliantsoft.pl", true */ 'a', 'l', 'i', 'a', 'n', 't', 's', 'o', 'f', 't', '.', 'p', 'l', '\0', + /* "aliaswp.com", true */ 'a', 'l', 'i', 'a', 's', 'w', 'p', '.', 'c', 'o', 'm', '\0', + /* "alibangash.com", true */ 'a', 'l', 'i', 'b', 'a', 'n', 'g', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "alibip.de", true */ 'a', 'l', 'i', 'b', 'i', 'p', '.', 'd', 'e', '\0', + /* "alice-noutore.com", true */ 'a', 'l', 'i', 'c', 'e', '-', 'n', 'o', 'u', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "alice.tw", true */ 'a', 'l', 'i', 'c', 'e', '.', 't', 'w', '\0', + /* "alicestudio.it", true */ 'a', 'l', 'i', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'i', 't', '\0', + /* "alicetone.net", true */ 'a', 'l', 'i', 'c', 'e', 't', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "alicialab.org", true */ 'a', 'l', 'i', 'c', 'i', 'a', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0', + /* "alien.bz", true */ 'a', 'l', 'i', 'e', 'n', '.', 'b', 'z', '\0', + /* "alienation.biz", true */ 'a', 'l', 'i', 'e', 'n', 'a', 't', 'i', 'o', 'n', '.', 'b', 'i', 'z', '\0', + /* "alienstat.com", true */ 'a', 'l', 'i', 'e', 'n', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "alignrs.com", true */ 'a', 'l', 'i', 'g', 'n', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "alinasmusicstudio.com", true */ 'a', 'l', 'i', 'n', 'a', 's', 'm', 'u', 's', 'i', 'c', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "alinode.com", true */ 'a', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "alisonisrealestate.com", true */ 'a', 'l', 'i', 's', 'o', 'n', 'i', 's', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "alisonlitchfield.com", true */ 'a', 'l', 'i', 's', 'o', 'n', 'l', 'i', 't', 'c', 'h', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "alistairstowing.com", true */ 'a', 'l', 'i', 's', 't', 'a', 'i', 'r', 's', 't', 'o', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "alisync.com", true */ 'a', 'l', 'i', 's', 'y', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "aliwebstore.com", true */ 'a', 'l', 'i', 'w', 'e', 'b', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "alix-board.de", true */ 'a', 'l', 'i', 'x', '-', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "alize-theatre.ch", true */ 'a', 'l', 'i', 'z', 'e', '-', 't', 'h', 'e', 'a', 't', 'r', 'e', '.', 'c', 'h', '\0', + /* "aljammaz.holdings", true */ 'a', 'l', 'j', 'a', 'm', 'm', 'a', 'z', '.', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 's', '\0', + /* "aljaspod.com", true */ 'a', 'l', 'j', 'a', 's', 'p', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "aljaspod.hu", true */ 'a', 'l', 'j', 'a', 's', 'p', 'o', 'd', '.', 'h', 'u', '\0', + /* "aljweb.com", true */ 'a', 'l', 'j', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "alkel.info", true */ 'a', 'l', 'k', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "all-connect.net", false */ 'a', 'l', 'l', '-', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'n', 'e', 't', '\0', + /* "all-markup-news.com", true */ 'a', 'l', 'l', '-', 'm', 'a', 'r', 'k', 'u', 'p', '-', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "all4hardware4u.de", true */ 'a', 'l', 'l', '4', 'h', 'a', 'r', 'd', 'w', 'a', 'r', 'e', '4', 'u', '.', 'd', 'e', '\0', + /* "allaboutbelgaum.com", true */ 'a', 'l', 'l', 'a', 'b', 'o', 'u', 't', 'b', 'e', 'l', 'g', 'a', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "allaboutfunuk.com", true */ 'a', 'l', 'l', 'a', 'b', 'o', 'u', 't', 'f', 'u', 'n', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "allactioneventhire.co.uk", true */ 'a', 'l', 'l', 'a', 'c', 't', 'i', 'o', 'n', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "allamericanmuslim.com", true */ 'a', 'l', 'l', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'm', 'u', 's', 'l', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "allamericatrans.com", true */ 'a', 'l', 'l', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 't', 'r', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "allangirvan.net", true */ 'a', 'l', 'l', 'a', 'n', 'g', 'i', 'r', 'v', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "allbenjoy.de", true */ 'a', 'l', 'l', 'b', 'e', 'n', 'j', 'o', 'y', '.', 'd', 'e', '\0', + /* "allbounceandplay.co.uk", true */ 'a', 'l', 'l', 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'n', 'd', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "allbouncesurrey.co.uk", true */ 'a', 'l', 'l', 'b', 'o', 'u', 'n', 'c', 'e', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "allbusiness.com", true */ 'a', 'l', 'l', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "allcapa.org", true */ 'a', 'l', 'l', 'c', 'a', 'p', 'a', '.', 'o', 'r', 'g', '\0', + /* "allcarepharmacy.com", true */ 'a', 'l', 'l', 'c', 'a', 'r', 'e', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "allcloud.com", true */ 'a', 'l', 'l', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "allcovered.nl", true */ 'a', 'l', 'l', 'c', 'o', 'v', 'e', 'r', 'e', 'd', '.', 'n', 'l', '\0', + /* "alldewall.de", true */ 'a', 'l', 'l', 'd', 'e', 'w', 'a', 'l', 'l', '.', 'd', 'e', '\0', + /* "alle.bg", true */ 'a', 'l', 'l', 'e', '.', 'b', 'g', '\0', + /* "allemobieleproviders.nl", true */ 'a', 'l', 'l', 'e', 'm', 'o', 'b', 'i', 'e', 'l', 'e', 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "allensun.org", true */ 'a', 'l', 'l', 'e', 'n', 's', 'u', 'n', '.', 'o', 'r', 'g', '\0', + /* "allesisonline.nl", true */ 'a', 'l', 'l', 'e', 's', 'i', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0', + /* "alleskomtgoed.org", true */ 'a', 'l', 'l', 'e', 's', 'k', 'o', 'm', 't', 'g', 'o', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "allesrocknroll.de", true */ 'a', 'l', 'l', 'e', 's', 'r', 'o', 'c', 'k', 'n', 'r', 'o', 'l', 'l', '.', 'd', 'e', '\0', + /* "allforyou.at", true */ 'a', 'l', 'l', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'a', 't', '\0', + /* "allfreelancers.su", true */ 'a', 'l', 'l', 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 'r', 's', '.', 's', 'u', '\0', + /* "alliance-compacts.com", true */ 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '-', 'c', 'o', 'm', 'p', 'a', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "alliances-faq.de", true */ 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', 's', '-', 'f', 'a', 'q', '.', 'd', 'e', '\0', + /* "alliances-globalsolutions.com", true */ 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', 's', '-', 'g', 'l', 'o', 'b', 'a', 'l', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "alliedfrozenstorage.com", true */ 'a', 'l', 'l', 'i', 'e', 'd', 'f', 'r', 'o', 'z', 'e', 'n', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "allinagency.com", true */ 'a', 'l', 'l', 'i', 'n', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "allinone-ranking150.com", true */ 'a', 'l', 'l', 'i', 'n', 'o', 'n', 'e', '-', 'r', 'a', 'n', 'k', 'i', 'n', 'g', '1', '5', '0', '.', 'c', 'o', 'm', '\0', + /* "allinonecyprus.com", true */ 'a', 'l', 'l', 'i', 'n', 'o', 'n', 'e', 'c', 'y', 'p', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "allis.studio", true */ 'a', 'l', 'l', 'i', 's', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "allladyboys.com", true */ 'a', 'l', 'l', 'l', 'a', 'd', 'y', 'b', 'o', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "allmebel.ru", true */ 'a', 'l', 'l', 'm', 'e', 'b', 'e', 'l', '.', 'r', 'u', '\0', + /* "allmend-ru.de", true */ 'a', 'l', 'l', 'm', 'e', 'n', 'd', '-', 'r', 'u', '.', 'd', 'e', '\0', + /* "allns.fr", true */ 'a', 'l', 'l', 'n', 's', '.', 'f', 'r', '\0', + /* "allo-credit.ch", true */ 'a', 'l', 'l', 'o', '-', 'c', 'r', 'e', 'd', 'i', 't', '.', 'c', 'h', '\0', + /* "alloutatl.com", true */ 'a', 'l', 'l', 'o', 'u', 't', 'a', 't', 'l', '.', 'c', 'o', 'm', '\0', + /* "alloydevil.nl", true */ 'a', 'l', 'l', 'o', 'y', 'd', 'e', 'v', 'i', 'l', '.', 'n', 'l', '\0', + /* "allplayer.tk", true */ 'a', 'l', 'l', 'p', 'l', 'a', 'y', 'e', 'r', '.', 't', 'k', '\0', + /* "allpointsblog.com", true */ 'a', 'l', 'l', 'p', 'o', 'i', 'n', 't', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "allproptonline.com", true */ 'a', 'l', 'l', 'p', 'r', 'o', 'p', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "allroundpvp.net", true */ 'a', 'l', 'l', 'r', 'o', 'u', 'n', 'd', 'p', 'v', 'p', '.', 'n', 'e', 't', '\0', + /* "allsearch.io", true */ 'a', 'l', 'l', 's', 'e', 'a', 'r', 'c', 'h', '.', 'i', 'o', '\0', + /* "allshousedesigns.com", true */ 'a', 'l', 'l', 's', 'h', 'o', 'u', 's', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "allstarautokiaparts.com", true */ 'a', 'l', 'l', 's', 't', 'a', 'r', 'a', 'u', 't', 'o', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "allstarpartyinflatables.co.uk", true */ 'a', 'l', 'l', 's', 't', 'a', 'r', 'p', 'a', 'r', 't', 'y', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "alltheducks.com", true */ 'a', 'l', 'l', 't', 'h', 'e', 'd', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "allthethings.co.nz", true */ 'a', 'l', 'l', 't', 'h', 'e', 't', 'h', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "allthings.me", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', '.', 'm', 'e', '\0', + /* "allthingsblogging.com", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "allthingsfpl.com", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 'f', 'p', 'l', '.', 'c', 'o', 'm', '\0', + /* "allthingssquared.com", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 's', 'q', 'u', 'a', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "allthingswild.co.uk", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 'w', 'i', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "alltubedownload.net", true */ 'a', 'l', 'l', 't', 'u', 'b', 'e', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '.', 'n', 'e', 't', '\0', + /* "allurescarves.com", true */ 'a', 'l', 'l', 'u', 'r', 'e', 's', 'c', 'a', 'r', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "alluvion.studio", true */ 'a', 'l', 'l', 'u', 'v', 'i', 'o', 'n', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "almaatlantica.com", true */ 'a', 'l', 'm', 'a', 'a', 't', 'l', 'a', 'n', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "almatinki.com", true */ 'a', 'l', 'm', 'a', 't', 'i', 'n', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "almavios.com", true */ 'a', 'l', 'm', 'a', 'v', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "almstrom.org", true */ 'a', 'l', 'm', 's', 't', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "alnitech.com", false */ 'a', 'l', 'n', 'i', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "alocato.com", true */ 'a', 'l', 'o', 'c', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "alohapartyevents.co.uk", true */ 'a', 'l', 'o', 'h', 'a', 'p', 'a', 'r', 't', 'y', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "alpca.org", true */ 'a', 'l', 'p', 'c', 'a', '.', 'o', 'r', 'g', '\0', + /* "alpe-d-or.dyn-o-saur.com", true */ 'a', 'l', 'p', 'e', '-', 'd', '-', 'o', 'r', '.', 'd', 'y', 'n', '-', 'o', '-', 's', 'a', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "alpencam.com", true */ 'a', 'l', 'p', 'e', 'n', 'c', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "alpencams.com", true */ 'a', 'l', 'p', 'e', 'n', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "alpengreis.ch", true */ 'a', 'l', 'p', 'e', 'n', 'g', 'r', 'e', 'i', 's', '.', 'c', 'h', '\0', + /* "alpenjuice.com", true */ 'a', 'l', 'p', 'e', 'n', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "alpertron.com.ar", true */ 'a', 'l', 'p', 'e', 'r', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "alpha-assistant.com", true */ 'a', 'l', 'p', 'h', 'a', '-', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "alpha-force.net", false */ 'a', 'l', 'p', 'h', 'a', '-', 'f', 'o', 'r', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "alpha.ch", true */ 'a', 'l', 'p', 'h', 'a', '.', 'c', 'h', '\0', + /* "alpha88uat.com", true */ 'a', 'l', 'p', 'h', 'a', '8', '8', 'u', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "alphabetsigns.com", true */ 'a', 'l', 'p', 'h', 'a', 'b', 'e', 't', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "alphabouncycastles.co.uk", true */ 'a', 'l', 'p', 'h', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "alphabrock.cn", true */ 'a', 'l', 'p', 'h', 'a', 'b', 'r', 'o', 'c', 'k', '.', 'c', 'n', '\0', + /* "alphachat.net", true */ 'a', 'l', 'p', 'h', 'a', 'c', 'h', 'a', 't', '.', 'n', 'e', 't', '\0', + /* "alphafiduciaryservices.ch", true */ 'a', 'l', 'p', 'h', 'a', 'f', 'i', 'd', 'u', 'c', 'i', 'a', 'r', 'y', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'h', '\0', + /* "alphahunks.com", true */ 'a', 'l', 'p', 'h', 'a', 'h', 'u', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "alphainflatablehire.com", true */ 'a', 'l', 'p', 'h', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "alphapengu.in", true */ 'a', 'l', 'p', 'h', 'a', 'p', 'e', 'n', 'g', 'u', '.', 'i', 'n', '\0', + /* "alpharotary.com", true */ 'a', 'l', 'p', 'h', 'a', 'r', 'o', 't', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "alphassl.de", true */ 'a', 'l', 'p', 'h', 'a', 's', 's', 'l', '.', 'd', 'e', '\0', + /* "alphatrash.de", true */ 'a', 'l', 'p', 'h', 'a', 't', 'r', 'a', 's', 'h', '.', 'd', 'e', '\0', + /* "alphera.nl", true */ 'a', 'l', 'p', 'h', 'e', 'r', 'a', '.', 'n', 'l', '\0', + /* "alphie.me", true */ 'a', 'l', 'p', 'h', 'i', 'e', '.', 'm', 'e', '\0', + /* "alphipneux.fr", true */ 'a', 'l', 'p', 'h', 'i', 'p', 'n', 'e', 'u', 'x', '.', 'f', 'r', '\0', + /* "alpineplanet.com", true */ 'a', 'l', 'p', 'i', 'n', 'e', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "alpinepubliclibrary.org", true */ 'a', 'l', 'p', 'i', 'n', 'e', 'p', 'u', 'b', 'l', 'i', 'c', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "alpinestarmassage.com", true */ 'a', 'l', 'p', 'i', 'n', 'e', 's', 't', 'a', 'r', 'm', 'a', 's', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "alqassam.net", true */ 'a', 'l', 'q', 'a', 's', 's', 'a', 'm', '.', 'n', 'e', 't', '\0', + /* "alrait.com", true */ 'a', 'l', 'r', 'a', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "alroniks.com", true */ 'a', 'l', 'r', 'o', 'n', 'i', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "als-japan.com", true */ 'a', 'l', 's', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "alstroemeria.org", true */ 'a', 'l', 's', 't', 'r', 'o', 'e', 'm', 'e', 'r', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "alt-three.com", true */ 'a', 'l', 't', '-', 't', 'h', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "alt.org", true */ 'a', 'l', 't', '.', 'o', 'r', 'g', '\0', + /* "altaide.com", true */ 'a', 'l', 't', 'a', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "altbinaries.com", true */ 'a', 'l', 't', 'b', 'i', 'n', 'a', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "altedirect.com", true */ 'a', 'l', 't', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "alter-news.fr", true */ 'a', 'l', 't', 'e', 'r', '-', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0', + /* "alterbaum.net", true */ 'a', 'l', 't', 'e', 'r', 'b', 'a', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "altercpa.ru", true */ 'a', 'l', 't', 'e', 'r', 'c', 'p', 'a', '.', 'r', 'u', '\0', + /* "alternador.com.br", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "alternative.bike", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', '.', 'b', 'i', 'k', 'e', '\0', + /* "alternativebit.fr", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', 'b', 'i', 't', '.', 'f', 'r', '\0', + /* "alternativedev.ca", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', 'd', 'e', 'v', '.', 'c', 'a', '\0', + /* "alternativet.party", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', 't', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "alterspalter.de", true */ 'a', 'l', 't', 'e', 'r', 's', 'p', 'a', 'l', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "altesses.eu", true */ 'a', 'l', 't', 'e', 's', 's', 'e', 's', '.', 'e', 'u', '\0', + /* "altestore.com", true */ 'a', 'l', 't', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "altkremsmuensterer.at", true */ 'a', 'l', 't', 'k', 'r', 'e', 'm', 's', 'm', 'u', 'e', 'n', 's', 't', 'e', 'r', 'e', 'r', '.', 'a', 't', '\0', + /* "altonblom.com", true */ 'a', 'l', 't', 'o', 'n', 'b', 'l', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "altopartners.com", true */ 'a', 'l', 't', 'o', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "altopia.com", true */ 'a', 'l', 't', 'o', 'p', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "altporn.xyz", true */ 'a', 'l', 't', 'p', 'o', 'r', 'n', '.', 'x', 'y', 'z', '\0', + /* "altstipendiaten.de", true */ 'a', 'l', 't', 's', 't', 'i', 'p', 'e', 'n', 'd', 'i', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "alttrackr.com", true */ 'a', 'l', 't', 't', 'r', 'a', 'c', 'k', 'r', '.', 'c', 'o', 'm', '\0', + /* "altunbas.info", true */ 'a', 'l', 't', 'u', 'n', 'b', 'a', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "alumni-kusa.jp", true */ 'a', 'l', 'u', 'm', 'n', 'i', '-', 'k', 'u', 's', 'a', '.', 'j', 'p', '\0', + /* "alunonaescola.com.br", true */ 'a', 'l', 'u', 'n', 'o', 'n', 'a', 'e', 's', 'c', 'o', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "alupferd.de", true */ 'a', 'l', 'u', 'p', 'f', 'e', 'r', 'd', '.', 'd', 'e', '\0', + /* "aluroof.eu", true */ 'a', 'l', 'u', 'r', 'o', 'o', 'f', '.', 'e', 'u', '\0', + /* "alvcs.com", true */ 'a', 'l', 'v', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "alviano.com", true */ 'a', 'l', 'v', 'i', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "alvicom.hu", true */ 'a', 'l', 'v', 'i', 'c', 'o', 'm', '.', 'h', 'u', '\0', + /* "alvosec.com", true */ 'a', 'l', 'v', 'o', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "alwaysdry.com.au", true */ 'a', 'l', 'w', 'a', 'y', 's', 'd', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "alwayslookingyourbest.com", true */ 'a', 'l', 'w', 'a', 'y', 's', 'l', 'o', 'o', 'k', 'i', 'n', 'g', 'y', 'o', 'u', 'r', 'b', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "alwaysmine.fi", true */ 'a', 'l', 'w', 'a', 'y', 's', 'm', 'i', 'n', 'e', '.', 'f', 'i', '\0', + /* "alyoung.com", true */ 'a', 'l', 'y', 'o', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "alza.at", true */ 'a', 'l', 'z', 'a', '.', 'a', 't', '\0', + /* "alza.co.uk", true */ 'a', 'l', 'z', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "alza.cz", true */ 'a', 'l', 'z', 'a', '.', 'c', 'z', '\0', + /* "alza.de", true */ 'a', 'l', 'z', 'a', '.', 'd', 'e', '\0', + /* "alza.hu", true */ 'a', 'l', 'z', 'a', '.', 'h', 'u', '\0', + /* "alza.sk", true */ 'a', 'l', 'z', 'a', '.', 's', 'k', '\0', + /* "alzashop.com", true */ 'a', 'l', 'z', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "am2s.fr", true */ 'a', 'm', '2', 's', '.', 'f', 'r', '\0', + /* "am3.se", true */ 'a', 'm', '3', '.', 's', 'e', '\0', + /* "ama.ne.jp", true */ 'a', 'm', 'a', '.', 'n', 'e', '.', 'j', 'p', '\0', + /* "amadilo.de", true */ 'a', 'm', 'a', 'd', 'i', 'l', 'o', '.', 'd', 'e', '\0', + /* "amadoraslindas.com", true */ 'a', 'm', 'a', 'd', 'o', 'r', 'a', 's', 'l', 'i', 'n', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "amadvice.com", true */ 'a', 'm', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "amaforro.com", true */ 'a', 'm', 'a', 'f', 'o', 'r', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "amaforums.org", true */ 'a', 'm', 'a', 'f', 'o', 'r', 'u', 'm', 's', '.', 'o', 'r', 'g', '\0', + /* "amagdic.com", true */ 'a', 'm', 'a', 'g', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "amagical.net", true */ 'a', 'm', 'a', 'g', 'i', 'c', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "amalfirock.it", true */ 'a', 'm', 'a', 'l', 'f', 'i', 'r', 'o', 'c', 'k', '.', 'i', 't', '\0', + /* "amandasage.ca", true */ 'a', 'm', 'a', 'n', 'd', 'a', 's', 'a', 'g', 'e', '.', 'c', 'a', '\0', + /* "amani-kinderdorf.de", true */ 'a', 'm', 'a', 'n', 'i', '-', 'k', 'i', 'n', 'd', 'e', 'r', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0', + /* "amaranthus.com.ph", true */ 'a', 'm', 'a', 'r', 'a', 'n', 't', 'h', 'u', 's', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0', + /* "amartinz.at", true */ 'a', 'm', 'a', 'r', 't', 'i', 'n', 'z', '.', 'a', 't', '\0', + /* "amateri.com", true */ 'a', 'm', 'a', 't', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "amato.tk", true */ 'a', 'm', 'a', 't', 'o', '.', 't', 'k', '\0', + /* "amazili-communication.com", true */ 'a', 'm', 'a', 'z', 'i', 'l', 'i', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "amazing-castles.co.uk", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "amazingbouncycastles.co.uk", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "amazingfloridagulfhomes.com", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'g', 'u', 'l', 'f', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "amazinginflatables.co.uk", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "amb.tf", true */ 'a', 'm', 'b', '.', 't', 'f', '\0', + /* "amberalert.gov", true */ 'a', 'm', 'b', 'e', 'r', 'a', 'l', 'e', 'r', 't', '.', 'g', 'o', 'v', '\0', + /* "amberglowleisure.co.uk", true */ 'a', 'm', 'b', 'e', 'r', 'g', 'l', 'o', 'w', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "amberlightleisure.com", true */ 'a', 'm', 'b', 'e', 'r', 'l', 'i', 'g', 'h', 't', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "ambholding-usedcars.be", true */ 'a', 'm', 'b', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "ambiancestudio.ro", true */ 'a', 'm', 'b', 'i', 'a', 'n', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'r', 'o', '\0', + /* "ambiente.one", true */ 'a', 'm', 'b', 'i', 'e', 'n', 't', 'e', '.', 'o', 'n', 'e', '\0', + /* "ambiq.nl", true */ 'a', 'm', 'b', 'i', 'q', '.', 'n', 'l', '\0', + /* "ambouncyhire.com", true */ 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "ambrosius.io", true */ 'a', 'm', 'b', 'r', 'o', 's', 'i', 'u', 's', '.', 'i', 'o', '\0', + /* "amcchemical.com", true */ 'a', 'm', 'c', 'c', 'h', 'e', 'm', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "amcfirst.com", true */ 'a', 'm', 'c', 'f', 'i', 'r', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "amdouglas.com", true */ 'a', 'm', 'd', 'o', 'u', 'g', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "ameego.com", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "ameego.it", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'i', 't', '\0', + /* "ameego.net", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'n', 'e', 't', '\0', + /* "ameego.nl", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'n', 'l', '\0', + /* "ameego.org", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'o', 'r', 'g', '\0', + /* "amees.me", true */ 'a', 'm', 'e', 'e', 's', '.', 'm', 'e', '\0', + /* "amelandadventure.nl", true */ 'a', 'm', 'e', 'l', 'a', 'n', 'd', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'n', 'l', '\0', + /* "americafamilylawcenter.org", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'f', 'a', 'm', 'i', 'l', 'y', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "american.dating", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "americanbio.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'b', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "americanfoundationbr.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', 'b', 'r', '.', 'c', 'o', 'm', '\0', + /* "americanmediainstitute.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'm', 'e', 'd', 'i', 'a', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "americanoutlawjeepparts.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'o', 'u', 't', 'l', 'a', 'w', 'j', 'e', 'e', 'p', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "americansforcommunitydevelopment.org", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 's', 'f', 'o', 'r', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "americasbasementcontractor.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 's', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "americkykongres.cz", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'k', 'y', 'k', 'o', 'n', 'g', 'r', 'e', 's', '.', 'c', 'z', '\0', + /* "amerigroup.com", true */ 'a', 'm', 'e', 'r', 'i', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "amerimarkdirect.com", true */ 'a', 'm', 'e', 'r', 'i', 'm', 'a', 'r', 'k', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "amerimex.cc", true */ 'a', 'm', 'e', 'r', 'i', 'm', 'e', 'x', '.', 'c', 'c', '\0', + /* "amesvacuumrepair.com", true */ 'a', 'm', 'e', 's', 'v', 'a', 'c', 'u', 'u', 'm', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "amethystcards.co.uk", true */ 'a', 'm', 'e', 't', 'h', 'y', 's', 't', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "amethystdevelopment.co.uk", true */ 'a', 'm', 'e', 't', 'h', 'y', 's', 't', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ameza.co.uk", true */ 'a', 'm', 'e', 'z', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ameza.com.mx", true */ 'a', 'm', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "ameza.io", true */ 'a', 'm', 'e', 'z', 'a', '.', 'i', 'o', '\0', + /* "ameza.me", true */ 'a', 'm', 'e', 'z', 'a', '.', 'm', 'e', '\0', + /* "ameza.net", true */ 'a', 'm', 'e', 'z', 'a', '.', 'n', 'e', 't', '\0', + /* "amf.to", true */ 'a', 'm', 'f', '.', 't', 'o', '\0', + /* "amg-microwave.com", true */ 'a', 'm', 'g', '-', 'm', 'i', 'c', 'r', 'o', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "amh-entertainments.co.uk", true */ 'a', 'm', 'h', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ami-de-bastanes.fr", true */ 'a', 'm', 'i', '-', 'd', 'e', '-', 'b', 'a', 's', 't', 'a', 'n', 'e', 's', '.', 'f', 'r', '\0', + /* "amicalecanyon.ch", true */ 'a', 'm', 'i', 'c', 'a', 'l', 'e', 'c', 'a', 'n', 'y', 'o', 'n', '.', 'c', 'h', '\0', + /* "amiciidogrescue.org.uk", true */ 'a', 'm', 'i', 'c', 'i', 'i', 'd', 'o', 'g', 'r', 'e', 's', 'c', 'u', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "amicsdelbus.com", true */ 'a', 'm', 'i', 'c', 's', 'd', 'e', 'l', 'b', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "amihub.com", true */ 'a', 'm', 'i', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "amilum.org", true */ 'a', 'm', 'i', 'l', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "amin.one", true */ 'a', 'm', 'i', 'n', '.', 'o', 'n', 'e', '\0', + /* "aminafrance.com", true */ 'a', 'm', 'i', 'n', 'a', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "amineptine.com", true */ 'a', 'm', 'i', 'n', 'e', 'p', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "amisharingstuff.com", true */ 'a', 'm', 'i', 's', 'h', 'a', 'r', 'i', 'n', 'g', 's', 't', 'u', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "amministratore.biz", true */ 'a', 'm', 'm', 'i', 'n', 'i', 's', 't', 'r', 'a', 't', 'o', 'r', 'e', '.', 'b', 'i', 'z', '\0', + /* "amministratorecondominio.roma.it", true */ 'a', 'm', 'm', 'i', 'n', 'i', 's', 't', 'r', 'a', 't', 'o', 'r', 'e', 'c', 'o', 'n', 'd', 'o', 'm', 'i', 'n', 'i', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "amnesy.fr", true */ 'a', 'm', 'n', 'e', 's', 'y', '.', 'f', 'r', '\0', + /* "amoozesh98.com", true */ 'a', 'm', 'o', 'o', 'z', 'e', 's', 'h', '9', '8', '.', 'c', 'o', 'm', '\0', + /* "amoozesh98.ir", true */ 'a', 'm', 'o', 'o', 'z', 'e', 's', 'h', '9', '8', '.', 'i', 'r', '\0', + /* "amorgos-aegialis.com", true */ 'a', 'm', 'o', 'r', 'g', 'o', 's', '-', 'a', 'e', 'g', 'i', 'a', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "amorim.ca", true */ 'a', 'm', 'o', 'r', 'i', 'm', '.', 'c', 'a', '\0', + /* "ampersandnbspsemicolon.com", true */ 'a', 'm', 'p', 'e', 'r', 's', 'a', 'n', 'd', 'n', 'b', 's', 'p', 's', 'e', 'm', 'i', 'c', 'o', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "amphetamines.org", true */ 'a', 'm', 'p', 'h', 'e', 't', 'a', 'm', 'i', 'n', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "amphibo.ly", true */ 'a', 'm', 'p', 'h', 'i', 'b', 'o', '.', 'l', 'y', '\0', + /* "ampledesigners.com", true */ 'a', 'm', 'p', 'l', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "ampleinfographics.com", true */ 'a', 'm', 'p', 'l', 'e', 'i', 'n', 'f', 'o', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "ams.co.rs", true */ 'a', 'm', 's', '.', 'c', 'o', '.', 'r', 's', '\0', + /* "amsportuk.com", true */ 'a', 'm', 's', 'p', 'o', 'r', 't', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "amsterdamian.com", true */ 'a', 'm', 's', 't', 'e', 'r', 'd', 'a', 'm', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "amtentertainments.co.uk", true */ 'a', 'm', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "amuq.net", true */ 'a', 'm', 'u', 'q', '.', 'n', 'e', 't', '\0', + /* "amv-crm.ru", true */ 'a', 'm', 'v', '-', 'c', 'r', 'm', '.', 'r', 'u', '\0', + /* "amyharrisonline.com", true */ 'a', 'm', 'y', 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "amyrussellhair.com", true */ 'a', 'm', 'y', 'r', 'u', 's', 's', 'e', 'l', 'l', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "amyyeung.com", true */ 'a', 'm', 'y', 'y', 'e', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "amzn.rocks", true */ 'a', 'm', 'z', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "anacreon.de", true */ 'a', 'n', 'a', 'c', 'r', 'e', 'o', 'n', '.', 'd', 'e', '\0', + /* "anadoluefessk.org", true */ 'a', 'n', 'a', 'd', 'o', 'l', 'u', 'e', 'f', 'e', 's', 's', 'k', '.', 'o', 'r', 'g', '\0', + /* "anaethelion.fr", true */ 'a', 'n', 'a', 'e', 't', 'h', 'e', 'l', 'i', 'o', 'n', '.', 'f', 'r', '\0', + /* "anaiscoachpersonal.es", true */ 'a', 'n', 'a', 'i', 's', 'c', 'o', 'a', 'c', 'h', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', '.', 'e', 's', '\0', + /* "anaisypirueta.es", true */ 'a', 'n', 'a', 'i', 's', 'y', 'p', 'i', 'r', 'u', 'e', 't', 'a', '.', 'e', 's', '\0', + /* "anajianu.ro", true */ 'a', 'n', 'a', 'j', 'i', 'a', 'n', 'u', '.', 'r', 'o', '\0', + /* "anakros.me", false */ 'a', 'n', 'a', 'k', 'r', 'o', 's', '.', 'm', 'e', '\0', + /* "analangelsteen.com", true */ 'a', 'n', 'a', 'l', 'a', 'n', 'g', 'e', 'l', 's', 't', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "analgesia.net", true */ 'a', 'n', 'a', 'l', 'g', 'e', 's', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "analpantyhose.org", true */ 'a', 'n', 'a', 'l', 'p', 'a', 'n', 't', 'y', 'h', 'o', 's', 'e', '.', 'o', 'r', 'g', '\0', + /* "analteengirls.net", true */ 'a', 'n', 'a', 'l', 't', 'e', 'e', 'n', 'g', 'i', 'r', 'l', 's', '.', 'n', 'e', 't', '\0', + /* "analytics-shop.com", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "analyticsinmotion.com", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', 'i', 'n', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "analyticum.at", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'a', 't', '\0', + /* "analyticum.com", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "analyticum.de", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'd', 'e', '\0', + /* "analyticum.eu", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'e', 'u', '\0', + /* "analyticum.net", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "ananke.io", true */ 'a', 'n', 'a', 'n', 'k', 'e', '.', 'i', 'o', '\0', + /* "anankecosmetics.com", true */ 'a', 'n', 'a', 'n', 'k', 'e', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "anantshri.info", true */ 'a', 'n', 'a', 'n', 't', 's', 'h', 'r', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "anarchistischegroepnijmegen.nl", false */ 'a', 'n', 'a', 'r', 'c', 'h', 'i', 's', 't', 'i', 's', 'c', 'h', 'e', 'g', 'r', 'o', 'e', 'p', 'n', 'i', 'j', 'm', 'e', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "anarka.org", true */ 'a', 'n', 'a', 'r', 'k', 'a', '.', 'o', 'r', 'g', '\0', + /* "anassiriphotography.com", false */ 'a', 'n', 'a', 's', 's', 'i', 'r', 'i', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "anastasia-shamara.ru", true */ 'a', 'n', 'a', 's', 't', 'a', 's', 'i', 'a', '-', 's', 'h', 'a', 'm', 'a', 'r', 'a', '.', 'r', 'u', '\0', + /* "anastasiafond.com", true */ 'a', 'n', 'a', 's', 't', 'a', 's', 'i', 'a', 'f', 'o', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "ancestramil.fr", true */ 'a', 'n', 'c', 'e', 's', 't', 'r', 'a', 'm', 'i', 'l', '.', 'f', 'r', '\0', + /* "anchev.net", true */ 'a', 'n', 'c', 'h', 'e', 'v', '.', 'n', 'e', 't', '\0', + /* "anchorgrounds.com", true */ 'a', 'n', 'c', 'h', 'o', 'r', 'g', 'r', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "anchorinmarinainc.com", true */ 'a', 'n', 'c', 'h', 'o', 'r', 'i', 'n', 'm', 'a', 'r', 'i', 'n', 'a', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "anchovy.nz", false */ 'a', 'n', 'c', 'h', 'o', 'v', 'y', '.', 'n', 'z', '\0', + /* "ancient-gates.de", true */ 'a', 'n', 'c', 'i', 'e', 'n', 't', '-', 'g', 'a', 't', 'e', 's', '.', 'd', 'e', '\0', + /* "ancolies-andre.com", true */ 'a', 'n', 'c', 'o', 'l', 'i', 'e', 's', '-', 'a', 'n', 'd', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "anconaswine.com", true */ 'a', 'n', 'c', 'o', 'n', 'a', 's', 'w', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "and-stuff.nl", true */ 'a', 'n', 'd', '-', 's', 't', 'u', 'f', 'f', '.', 'n', 'l', '\0', + /* "and.com", true */ 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "andarpersassi.it", true */ 'a', 'n', 'd', 'a', 'r', 'p', 'e', 'r', 's', 'a', 's', 's', 'i', '.', 'i', 't', '\0', + /* "andbraiz.com", true */ 'a', 'n', 'd', 'b', 'r', 'a', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "andel.info", true */ 'a', 'n', 'd', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "anders.hamburg", true */ 'a', 'n', 'd', 'e', 'r', 's', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0', + /* "anderskp.dk", true */ 'a', 'n', 'd', 'e', 'r', 's', 'k', 'p', '.', 'd', 'k', '\0', + /* "andersonshatch.com", true */ 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', 's', 'h', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "andisadhdspot.com", true */ 'a', 'n', 'd', 'i', 's', 'a', 'd', 'h', 'd', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "anditi.com", true */ 'a', 'n', 'd', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "andoms.fi", true */ 'a', 'n', 'd', 'o', 'm', 's', '.', 'f', 'i', '\0', + /* "andre-otto.com", true */ 'a', 'n', 'd', 'r', 'e', '-', 'o', 't', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "andrea-kiaora.de", true */ 'a', 'n', 'd', 'r', 'e', 'a', '-', 'k', 'i', 'a', 'o', 'r', 'a', '.', 'd', 'e', '\0', + /* "andrea-m.me", true */ 'a', 'n', 'd', 'r', 'e', 'a', '-', 'm', '.', 'm', 'e', '\0', + /* "andrea-wirthensohn.at", true */ 'a', 'n', 'd', 'r', 'e', 'a', '-', 'w', 'i', 'r', 't', 'h', 'e', 'n', 's', 'o', 'h', 'n', '.', 'a', 't', '\0', + /* "andreaboero.it", true */ 'a', 'n', 'd', 'r', 'e', 'a', 'b', 'o', 'e', 'r', 'o', '.', 'i', 't', '\0', + /* "andreamcnett.com", true */ 'a', 'n', 'd', 'r', 'e', 'a', 'm', 'c', 'n', 'e', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "andreaseracleous.com", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'e', 'r', 'a', 'c', 'l', 'e', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "andreasfeusi.ch", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'f', 'e', 'u', 's', 'i', '.', 'c', 'h', '\0', + /* "andreaskrasa.com", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'k', 'r', 'a', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "andreasolsson.se", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'o', 'l', 's', 's', 'o', 'n', '.', 's', 'e', '\0', + /* "andrefaber.nl", true */ 'a', 'n', 'd', 'r', 'e', 'f', 'a', 'b', 'e', 'r', '.', 'n', 'l', '\0', + /* "andrehansen.de", true */ 'a', 'n', 'd', 'r', 'e', 'h', 'a', 'n', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "andrepicard.de", true */ 'a', 'n', 'd', 'r', 'e', 'p', 'i', 'c', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "andrespaz.com", true */ 'a', 'n', 'd', 'r', 'e', 's', 'p', 'a', 'z', '.', 'c', 'o', 'm', '\0', + /* "andreundnina.de", true */ 'a', 'n', 'd', 'r', 'e', 'u', 'n', 'd', 'n', 'i', 'n', 'a', '.', 'd', 'e', '\0', + /* "andrewdavidwong.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'd', 'a', 'v', 'i', 'd', 'w', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "andrewdaws.io", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'd', 'a', 'w', 's', '.', 'i', 'o', '\0', + /* "andrewensley.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'e', 'n', 's', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "andrewhowden.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'h', 'o', 'w', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "andrewimeson.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'i', 'm', 'e', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "andrewin.ru", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'i', 'n', '.', 'r', 'u', '\0', + /* "andrewmichaud.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'm', 'i', 'c', 'h', 'a', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "andrewmichaud.me", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'm', 'i', 'c', 'h', 'a', 'u', 'd', '.', 'm', 'e', '\0', + /* "andrewpeng.net", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'p', 'e', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "andrewprokos.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'p', 'r', 'o', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "andrewrgoss.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'r', 'g', 'o', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "andrewryno.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'r', 'y', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "andrewsun.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "andrewtebert.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 't', 'e', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "andrewthelott.net", true */ 'a', 'n', 'd', 'r', 'e', 'w', 't', 'h', 'e', 'l', 'o', 't', 't', '.', 'n', 'e', 't', '\0', + /* "andrezadnik.com", true */ 'a', 'n', 'd', 'r', 'e', 'z', 'a', 'd', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "andro2id.com", true */ 'a', 'n', 'd', 'r', 'o', '2', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "andro4all.com", true */ 'a', 'n', 'd', 'r', 'o', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "android.re", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'r', 'e', '\0', + /* "androide.com", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "androidhry.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'h', 'r', 'y', '.', 'c', 'z', '\0', + /* "androidkatalog.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'k', 'a', 't', 'a', 'l', 'o', 'g', '.', 'c', 'z', '\0', + /* "androidnovinky.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'n', 'o', 'v', 'i', 'n', 'k', 'y', '.', 'c', 'z', '\0', + /* "androidtamer.com", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 't', 'a', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "androidtelefony.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 't', 'e', 'l', 'e', 'f', 'o', 'n', 'y', '.', 'c', 'z', '\0', + /* "androidzone.me", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'z', 'o', 'n', 'e', '.', 'm', 'e', '\0', + /* "andromedacenter.com", true */ 'a', 'n', 'd', 'r', 'o', 'm', 'e', 'd', 'a', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "andronika.net", true */ 'a', 'n', 'd', 'r', 'o', 'n', 'i', 'k', 'a', '.', 'n', 'e', 't', '\0', + /* "androticsdirect.com", true */ 'a', 'n', 'd', 'r', 'o', 't', 'i', 'c', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "andruvision.cz", true */ 'a', 'n', 'd', 'r', 'u', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'z', '\0', + /* "andsat.org", true */ 'a', 'n', 'd', 's', 'a', 't', '.', 'o', 'r', 'g', '\0', + /* "andschwa.com", true */ 'a', 'n', 'd', 's', 'c', 'h', 'w', 'a', '.', 'c', 'o', 'm', '\0', + /* "andybrett.com", true */ 'a', 'n', 'd', 'y', 'b', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "andycrockett.io", true */ 'a', 'n', 'd', 'y', 'c', 'r', 'o', 'c', 'k', 'e', 't', 't', '.', 'i', 'o', '\0', + /* "andymoore.info", true */ 'a', 'n', 'd', 'y', 'm', 'o', 'o', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "andyt.eu", true */ 'a', 'n', 'd', 'y', 't', '.', 'e', 'u', '\0', + /* "andzia.art.pl", true */ 'a', 'n', 'd', 'z', 'i', 'a', '.', 'a', 'r', 't', '.', 'p', 'l', '\0', + /* "anecuni-club.com", true */ 'a', 'n', 'e', 'c', 'u', 'n', 'i', '-', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "anecuni-rec.com", true */ 'a', 'n', 'e', 'c', 'u', 'n', 'i', '-', 'r', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "anedot-sandbox.com", true */ 'a', 'n', 'e', 'd', 'o', 't', '-', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "anedot.com", true */ 'a', 'n', 'e', 'd', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "anedot.space", true */ 'a', 'n', 'e', 'd', 'o', 't', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "anedot.xyz", true */ 'a', 'n', 'e', 'd', 'o', 't', '.', 'x', 'y', 'z', '\0', + /* "anekdotes.com", true */ 'a', 'n', 'e', 'k', 'd', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "anendlesssupply.co.uk", true */ 'a', 'n', 'e', 'n', 'd', 'l', 'e', 's', 's', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "anetaben.nl", true */ 'a', 'n', 'e', 't', 'a', 'b', 'e', 'n', '.', 'n', 'l', '\0', + /* "anextraordinaryday.net", true */ 'a', 'n', 'e', 'x', 't', 'r', 'a', 'o', 'r', 'd', 'i', 'n', 'a', 'r', 'y', 'd', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "anfenglish.com", true */ 'a', 'n', 'f', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "angel-body.com", true */ 'a', 'n', 'g', 'e', 'l', '-', 'b', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "angelic47.com", true */ 'a', 'n', 'g', 'e', 'l', 'i', 'c', '4', '7', '.', 'c', 'o', 'm', '\0', + /* "angelinahair.com", true */ 'a', 'n', 'g', 'e', 'l', 'i', 'n', 'a', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "angeloventuri.com", true */ 'a', 'n', 'g', 'e', 'l', 'o', 'v', 'e', 'n', 't', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "anginf.de", true */ 'a', 'n', 'g', 'i', 'n', 'f', '.', 'd', 'e', '\0', + /* "anglertanke.de", true */ 'a', 'n', 'g', 'l', 'e', 'r', 't', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0', + /* "anglictina-sojcak.cz", true */ 'a', 'n', 'g', 'l', 'i', 'c', 't', 'i', 'n', 'a', '-', 's', 'o', 'j', 'c', 'a', 'k', '.', 'c', 'z', '\0', + /* "anglictinasojcak.cz", true */ 'a', 'n', 'g', 'l', 'i', 'c', 't', 'i', 'n', 'a', 's', 'o', 'j', 'c', 'a', 'k', '.', 'c', 'z', '\0', + /* "anglingactive.co.uk", true */ 'a', 'n', 'g', 'l', 'i', 'n', 'g', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "angrapa.ru", true */ 'a', 'n', 'g', 'r', 'a', 'p', 'a', '.', 'r', 'u', '\0', + /* "angristan.fr", true */ 'a', 'n', 'g', 'r', 'i', 's', 't', 'a', 'n', '.', 'f', 'r', '\0', + /* "angrut.com", true */ 'a', 'n', 'g', 'r', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "angry.im", true */ 'a', 'n', 'g', 'r', 'y', '.', 'i', 'm', '\0', + /* "angrysnarl.com", true */ 'a', 'n', 'g', 'r', 'y', 's', 'n', 'a', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "angryteeth.net", true */ 'a', 'n', 'g', 'r', 'y', 't', 'e', 'e', 't', 'h', '.', 'n', 'e', 't', '\0', + /* "angularjs.org", true */ 'a', 'n', 'g', 'u', 'l', 'a', 'r', 'j', 's', '.', 'o', 'r', 'g', '\0', + /* "angusmak.com", true */ 'a', 'n', 'g', 'u', 's', 'm', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "anhaffen.lu", true */ 'a', 'n', 'h', 'a', 'f', 'f', 'e', 'n', '.', 'l', 'u', '\0', + /* "anim.ee", true */ 'a', 'n', 'i', 'm', '.', 'e', 'e', '\0', + /* "animacurse.moe", true */ 'a', 'n', 'i', 'm', 'a', 'c', 'u', 'r', 's', 'e', '.', 'm', 'o', 'e', '\0', + /* "animaemundi.be", true */ 'a', 'n', 'i', 'm', 'a', 'e', 'm', 'u', 'n', 'd', 'i', '.', 'b', 'e', '\0', + /* "animal-liberation.com", true */ 'a', 'n', 'i', 'm', 'a', 'l', '-', 'l', 'i', 'b', 'e', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "animal-rights.com", true */ 'a', 'n', 'i', 'm', 'a', 'l', '-', 'r', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "animalistic.io", true */ 'a', 'n', 'i', 'm', 'a', 'l', 'i', 's', 't', 'i', 'c', '.', 'i', 'o', '\0', + /* "animalnet.de", false */ 'a', 'n', 'i', 'm', 'a', 'l', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "animalstropic.com", true */ 'a', 'n', 'i', 'm', 'a', 'l', 's', 't', 'r', 'o', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "animaltesting.fr", true */ 'a', 'n', 'i', 'm', 'a', 'l', 't', 'e', 's', 't', 'i', 'n', 'g', '.', 'f', 'r', '\0', + /* "animationsmusicales.ch", true */ 'a', 'n', 'i', 'm', 'a', 't', 'i', 'o', 'n', 's', 'm', 'u', 's', 'i', 'c', 'a', 'l', 'e', 's', '.', 'c', 'h', '\0', + /* "anime-culture.com", true */ 'a', 'n', 'i', 'm', 'e', '-', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "anime.my", false */ 'a', 'n', 'i', 'm', 'e', '.', 'm', 'y', '\0', + /* "anime1.me", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 'm', 'e', '\0', + /* "anime1.moe", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 'm', 'o', 'e', '\0', + /* "anime1.pw", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 'p', 'w', '\0', + /* "anime1.top", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 't', 'o', 'p', '\0', + /* "animeai.com", true */ 'a', 'n', 'i', 'm', 'e', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "animefluxxx.com", true */ 'a', 'n', 'i', 'm', 'e', 'f', 'l', 'u', 'x', 'x', 'x', '.', 'c', 'o', 'm', '\0', + /* "animesharp.com", true */ 'a', 'n', 'i', 'm', 'e', 's', 'h', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "animorphsfanforum.com", true */ 'a', 'n', 'i', 'm', 'o', 'r', 'p', 'h', 's', 'f', 'a', 'n', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "anipassion.com", true */ 'a', 'n', 'i', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "anita-mukorom.hu", true */ 'a', 'n', 'i', 't', 'a', '-', 'm', 'u', 'k', 'o', 'r', 'o', 'm', '.', 'h', 'u', '\0', + /* "anitaalbersen.nl", true */ 'a', 'n', 'i', 't', 'a', 'a', 'l', 'b', 'e', 'r', 's', 'e', 'n', '.', 'n', 'l', '\0', + /* "anitube-nocookie.ch", true */ 'a', 'n', 'i', 't', 'u', 'b', 'e', '-', 'n', 'o', 'c', 'o', 'o', 'k', 'i', 'e', '.', 'c', 'h', '\0', + /* "anitube.ch", true */ 'a', 'n', 'i', 't', 'u', 'b', 'e', '.', 'c', 'h', '\0', + /* "anivar.net", true */ 'a', 'n', 'i', 'v', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "ankarakart.com.tr", true */ 'a', 'n', 'k', 'a', 'r', 'a', 'k', 'a', 'r', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "ankaraprofesyonelwebtasarim.com", true */ 'a', 'n', 'k', 'a', 'r', 'a', 'p', 'r', 'o', 'f', 'e', 's', 'y', 'o', 'n', 'e', 'l', 'w', 'e', 'b', 't', 'a', 's', 'a', 'r', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "ankarauzmanlarnakliyat.com", true */ 'a', 'n', 'k', 'a', 'r', 'a', 'u', 'z', 'm', 'a', 'n', 'l', 'a', 'r', 'n', 'a', 'k', 'l', 'i', 'y', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "ankenbrand.me", true */ 'a', 'n', 'k', 'e', 'n', 'b', 'r', 'a', 'n', 'd', '.', 'm', 'e', '\0', + /* "ankitha.in", true */ 'a', 'n', 'k', 'i', 't', 'h', 'a', '.', 'i', 'n', '\0', + /* "ankiuser.net", true */ 'a', 'n', 'k', 'i', 'u', 's', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "ankiweb.net", true */ 'a', 'n', 'k', 'i', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0', + /* "ankwanoma.com", true */ 'a', 'n', 'k', 'w', 'a', 'n', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "anna.info", true */ 'a', 'n', 'n', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "annaenemma.nl", true */ 'a', 'n', 'n', 'a', 'e', 'n', 'e', 'm', 'm', 'a', '.', 'n', 'l', '\0', + /* "annangela.moe", true */ 'a', 'n', 'n', 'a', 'n', 'g', 'e', 'l', 'a', '.', 'm', 'o', 'e', '\0', + /* "annarokina.com", true */ 'a', 'n', 'n', 'a', 'r', 'o', 'k', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "annasvapor.se", true */ 'a', 'n', 'n', 'a', 's', 'v', 'a', 'p', 'o', 'r', '.', 's', 'e', '\0', + /* "annedaniels.co.uk", true */ 'a', 'n', 'n', 'e', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "annejan.com", true */ 'a', 'n', 'n', 'e', 'j', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "annemakeslovelycandles.co.uk", true */ 'a', 'n', 'n', 'e', 'm', 'a', 'k', 'e', 's', 'l', 'o', 'v', 'e', 'l', 'y', 'c', 'a', 'n', 'd', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "annetta.com", true */ 'a', 'n', 'n', 'e', 't', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "annettewindlin.ch", true */ 'a', 'n', 'n', 'e', 't', 't', 'e', 'w', 'i', 'n', 'd', 'l', 'i', 'n', '.', 'c', 'h', '\0', + /* "annevankesteren.com", true */ 'a', 'n', 'n', 'e', 'v', 'a', 'n', 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "annevankesteren.nl", true */ 'a', 'n', 'n', 'e', 'v', 'a', 'n', 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0', + /* "annevankesteren.org", true */ 'a', 'n', 'n', 'e', 'v', 'a', 'n', 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "annicascakes.nl", true */ 'a', 'n', 'n', 'i', 'c', 'a', 's', 'c', 'a', 'k', 'e', 's', '.', 'n', 'l', '\0', + /* "anniversary-cruise.com", true */ 'a', 'n', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'y', '-', 'c', 'r', 'u', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "annotate.software", true */ 'a', 'n', 'n', 'o', 't', 'a', 't', 'e', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0', + /* "annoyingasfuk.com", true */ 'a', 'n', 'n', 'o', 'y', 'i', 'n', 'g', 'a', 's', 'f', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "annrusnak.com", true */ 'a', 'n', 'n', 'r', 'u', 's', 'n', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "annsbouncycastles.com", true */ 'a', 'n', 'n', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "annuaire-jcb.com", true */ 'a', 'n', 'n', 'u', 'a', 'i', 'r', 'e', '-', 'j', 'c', 'b', '.', 'c', 'o', 'm', '\0', + /* "annuaire-photographe.fr", false */ 'a', 'n', 'n', 'u', 'a', 'i', 'r', 'e', '-', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'f', 'r', '\0', + /* "anohana.org", true */ 'a', 'n', 'o', 'h', 'a', 'n', 'a', '.', 'o', 'r', 'g', '\0', + /* "anojan.com", true */ 'a', 'n', 'o', 'j', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "anon-next.de", true */ 'a', 'n', 'o', 'n', '-', 'n', 'e', 'x', 't', '.', 'd', 'e', '\0', + /* "anonboards.com", true */ 'a', 'n', 'o', 'n', 'b', 'o', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "anoncom.net", true */ 'a', 'n', 'o', 'n', 'c', 'o', 'm', '.', 'n', 'e', 't', '\0', + /* "anoneko.com", true */ 'a', 'n', 'o', 'n', 'e', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "anongoth.pl", true */ 'a', 'n', 'o', 'n', 'g', 'o', 't', 'h', '.', 'p', 'l', '\0', + /* "anonrea.ch", true */ 'a', 'n', 'o', 'n', 'r', 'e', 'a', '.', 'c', 'h', '\0', + /* "anons.fr", true */ 'a', 'n', 'o', 'n', 's', '.', 'f', 'r', '\0', + /* "anonukradio.org", true */ 'a', 'n', 'o', 'n', 'u', 'k', 'r', 'a', 'd', 'i', 'o', '.', 'o', 'r', 'g', '\0', + /* "anonym-surfen.de", true */ 'a', 'n', 'o', 'n', 'y', 'm', '-', 's', 'u', 'r', 'f', 'e', 'n', '.', 'd', 'e', '\0', + /* "anonyme-spieler.at", true */ 'a', 'n', 'o', 'n', 'y', 'm', 'e', '-', 's', 'p', 'i', 'e', 'l', 'e', 'r', '.', 'a', 't', '\0', + /* "another.ch", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', '.', 'c', 'h', '\0', + /* "anotherchef.com", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'c', 'h', 'e', 'f', '.', 'c', 'o', 'm', '\0', + /* "anotherfatgeek.net", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'f', 'a', 't', 'g', 'e', 'e', 'k', '.', 'n', 'e', 't', '\0', + /* "anothermanfilm.co.uk", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'm', 'a', 'n', 'f', 'i', 'l', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "anothermilan.net", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'm', 'i', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "anowicki.pl", true */ 'a', 'n', 'o', 'w', 'i', 'c', 'k', 'i', '.', 'p', 'l', '\0', + /* "ans-delft.nl", true */ 'a', 'n', 's', '-', 'd', 'e', 'l', 'f', 't', '.', 'n', 'l', '\0', + /* "ans-ge.ch", true */ 'a', 'n', 's', '-', 'g', 'e', '.', 'c', 'h', '\0', + /* "ansas.eu", true */ 'a', 'n', 's', 'a', 's', '.', 'e', 'u', '\0', + /* "ansas.net", true */ 'a', 'n', 's', 'a', 's', '.', 'n', 'e', 't', '\0', + /* "ansdell.net", true */ 'a', 'n', 's', 'd', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0', + /* "anseo.ninja", true */ 'a', 'n', 's', 'e', 'o', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "ansermet.net", true */ 'a', 'n', 's', 'e', 'r', 'm', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "ansgar-sonntag.de", true */ 'a', 'n', 's', 'g', 'a', 'r', '-', 's', 'o', 'n', 'n', 't', 'a', 'g', '.', 'd', 'e', '\0', + /* "ansgarsonntag.de", true */ 'a', 'n', 's', 'g', 'a', 'r', 's', 'o', 'n', 'n', 't', 'a', 'g', '.', 'd', 'e', '\0', + /* "anshumanbiswas.com", true */ 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'b', 'i', 's', 'w', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "ansichtssache.at", true */ 'a', 'n', 's', 'i', 'c', 'h', 't', 's', 's', 'a', 'c', 'h', 'e', '.', 'a', 't', '\0', + /* "ansogning-sg.dk", true */ 'a', 'n', 's', 'o', 'g', 'n', 'i', 'n', 'g', '-', 's', 'g', '.', 'd', 'k', '\0', + /* "anstaskforce.gov", true */ 'a', 'n', 's', 't', 'a', 's', 'k', 'f', 'o', 'r', 'c', 'e', '.', 'g', 'o', 'v', '\0', + /* "antama.eu", true */ 'a', 'n', 't', 'a', 'm', 'a', '.', 'e', 'u', '\0', + /* "antama.nl", true */ 'a', 'n', 't', 'a', 'm', 'a', '.', 'n', 'l', '\0', + /* "antarcti.co", true */ 'a', 'n', 't', 'a', 'r', 'c', 't', 'i', '.', 'c', 'o', '\0', + /* "antcas.com", true */ 'a', 'n', 't', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "antecim.fr", true */ 'a', 'n', 't', 'e', 'c', 'i', 'm', '.', 'f', 'r', '\0', + /* "antenasmundosat.com.br", true */ 'a', 'n', 't', 'e', 'n', 'a', 's', 'm', 'u', 'n', 'd', 'o', 's', 'a', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "antennista.milano.it", true */ 'a', 'n', 't', 'e', 'n', 'n', 'i', 's', 't', 'a', '.', 'm', 'i', 'l', 'a', 'n', 'o', '.', 'i', 't', '\0', + /* "antennista.pavia.it", true */ 'a', 'n', 't', 'e', 'n', 'n', 'i', 's', 't', 'a', '.', 'p', 'a', 'v', 'i', 'a', '.', 'i', 't', '\0', + /* "anthedesign.fr", true */ 'a', 'n', 't', 'h', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'f', 'r', '\0', + /* "anthony-rouanet.com", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', '-', 'r', 'o', 'u', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "anthonyaires.com", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', 'a', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "anthonycarbonaro.com", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', 'c', 'a', 'r', 'b', 'o', 'n', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "anthonygaidot.fr", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', 'g', 'a', 'i', 'd', 'o', 't', '.', 'f', 'r', '\0', + /* "anthro.id", true */ 'a', 'n', 't', 'h', 'r', 'o', '.', 'i', 'd', '\0', + /* "anthropoid.ca", true */ 'a', 'n', 't', 'h', 'r', 'o', 'p', 'o', 'i', 'd', '.', 'c', 'a', '\0', + /* "anti-bible.com", true */ 'a', 'n', 't', 'i', '-', 'b', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "anti-radar.org", true */ 'a', 'n', 't', 'i', '-', 'r', 'a', 'd', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "anticopyright.com", true */ 'a', 'n', 't', 'i', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "antihype.space", true */ 'a', 'n', 't', 'i', 'h', 'y', 'p', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "antikvariat.ru", true */ 'a', 'n', 't', 'i', 'k', 'v', 'a', 'r', 'i', 'a', 't', '.', 'r', 'u', '\0', + /* "antiled.by", true */ 'a', 'n', 't', 'i', 'l', 'e', 'd', '.', 'b', 'y', '\0', + /* "antimine.me", true */ 'a', 'n', 't', 'i', 'm', 'i', 'n', 'e', '.', 'm', 'e', '\0', + /* "antipa.ch", true */ 'a', 'n', 't', 'i', 'p', 'a', '.', 'c', 'h', '\0', + /* "antipolygraph.org", true */ 'a', 'n', 't', 'i', 'p', 'o', 'l', 'y', 'g', 'r', 'a', 'p', 'h', '.', 'o', 'r', 'g', '\0', + /* "antique-pedalcars.ch", true */ 'a', 'n', 't', 'i', 'q', 'u', 'e', '-', 'p', 'e', 'd', 'a', 'l', 'c', 'a', 'r', 's', '.', 'c', 'h', '\0', + /* "antirepressionbayarea.com", true */ 'a', 'n', 't', 'i', 'r', 'e', 'p', 'r', 'e', 's', 's', 'i', 'o', 'n', 'b', 'a', 'y', 'a', 'r', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "antispeciesism.com", true */ 'a', 'n', 't', 'i', 's', 'p', 'e', 'c', 'i', 'e', 's', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "antispeciesist.com", true */ 'a', 'n', 't', 'i', 's', 'p', 'e', 'c', 'i', 'e', 's', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "antivirusprotection.reviews", true */ 'a', 'n', 't', 'i', 'v', 'i', 'r', 'u', 's', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0', + /* "antocom.com", true */ 'a', 'n', 't', 'o', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "antoinebetas.be", true */ 'a', 'n', 't', 'o', 'i', 'n', 'e', 'b', 'e', 't', 'a', 's', '.', 'b', 'e', '\0', + /* "antoinedeschenes.com", true */ 'a', 'n', 't', 'o', 'i', 'n', 'e', 'd', 'e', 's', 'c', 'h', 'e', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "antoinemary.com", true */ 'a', 'n', 't', 'o', 'i', 'n', 'e', 'm', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "antonchen.com", true */ 'a', 'n', 't', 'o', 'n', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "antonellabb.eu", true */ 'a', 'n', 't', 'o', 'n', 'e', 'l', 'l', 'a', 'b', 'b', '.', 'e', 'u', '\0', + /* "antons.io", true */ 'a', 'n', 't', 'o', 'n', 's', '.', 'i', 'o', '\0', + /* "antragsgruen.de", true */ 'a', 'n', 't', 'r', 'a', 'g', 's', 'g', 'r', 'u', 'e', 'n', '.', 'd', 'e', '\0', + /* "anulowano.pl", true */ 'a', 'n', 'u', 'l', 'o', 'w', 'a', 'n', 'o', '.', 'p', 'l', '\0', + /* "anvartay.com", true */ 'a', 'n', 'v', 'a', 'r', 't', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "anwaltsindex.com", true */ 'a', 'n', 'w', 'a', 'l', 't', 's', 'i', 'n', 'd', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "anxietyspace.com", true */ 'a', 'n', 'x', 'i', 'e', 't', 'y', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "anxiolytics.com", true */ 'a', 'n', 'x', 'i', 'o', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "any.pm", false */ 'a', 'n', 'y', '.', 'p', 'm', '\0', + /* "anyfood.fi", true */ 'a', 'n', 'y', 'f', 'o', 'o', 'd', '.', 'f', 'i', '\0', + /* "anynode.net", true */ 'a', 'n', 'y', 'n', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "anyon.com", true */ 'a', 'n', 'y', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "anypeer.net", true */ 'a', 'n', 'y', 'p', 'e', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "anyprime.net", true */ 'a', 'n', 'y', 'p', 'r', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "anystack.xyz", true */ 'a', 'n', 'y', 's', 't', 'a', 'c', 'k', '.', 'x', 'y', 'z', '\0', + /* "anytonetech.com", true */ 'a', 'n', 'y', 't', 'o', 'n', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "anzeiger.ag", true */ 'a', 'n', 'z', 'e', 'i', 'g', 'e', 'r', '.', 'a', 'g', '\0', + /* "ao-dev.com", true */ 'a', 'o', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "ao2.it", true */ 'a', 'o', '2', '.', 'i', 't', '\0', + /* "aoku3d.com", true */ 'a', 'o', 'k', 'u', '3', 'd', '.', 'c', 'o', 'm', '\0', + /* "aolabs.nz", true */ 'a', 'o', 'l', 'a', 'b', 's', '.', 'n', 'z', '\0', + /* "aomberg.com", true */ 'a', 'o', 'm', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "aomonk.com", true */ 'a', 'o', 'm', 'o', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "aooobo.com", true */ 'a', 'o', 'o', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "aosc.io", false */ 'a', 'o', 's', 'c', '.', 'i', 'o', '\0', + /* "aosus.org", true */ 'a', 'o', 's', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "aotearoaleaks.org", true */ 'a', 'o', 't', 'e', 'a', 'r', 'o', 'a', 'l', 'e', 'a', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "aovcentrum.nl", true */ 'a', 'o', 'v', 'c', 'e', 'n', 't', 'r', 'u', 'm', '.', 'n', 'l', '\0', + /* "ap-swiss.ch", true */ 'a', 'p', '-', 's', 'w', 'i', 's', 's', '.', 'c', 'h', '\0', + /* "apac-tech.com", true */ 'a', 'p', 'a', 'c', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "apachehaus.de", false */ 'a', 'p', 'a', 'c', 'h', 'e', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0', + /* "apadvantage.com", true */ 'a', 'p', 'a', 'd', 'v', 'a', 'n', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "aparaatti.org", true */ 'a', 'p', 'a', 'r', 'a', 'a', 't', 't', 'i', '.', 'o', 'r', 'g', '\0', + /* "apartmanicg.me", true */ 'a', 'p', 'a', 'r', 't', 'm', 'a', 'n', 'i', 'c', 'g', '.', 'm', 'e', '\0', + /* "apartment-natik.fr", true */ 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '-', 'n', 'a', 't', 'i', 'k', '.', 'f', 'r', '\0', + /* "apartmentkroatien.at", true */ 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 'k', 'r', 'o', 'a', 't', 'i', 'e', 'n', '.', 'a', 't', '\0', + /* "apartmentregister.com.au", true */ 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "apbox.de", true */ 'a', 'p', 'b', 'o', 'x', '.', 'd', 'e', '\0', + /* "apcemporium.co.uk", true */ 'a', 'p', 'c', 'e', 'm', 'p', 'o', 'r', 'i', 'u', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "apcube.com", true */ 'a', 'p', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "apef.ch", true */ 'a', 'p', 'e', 'f', '.', 'c', 'h', '\0', + /* "apertis.org", true */ 'a', 'p', 'e', 'r', 't', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "aperturesciencelabs.de", true */ 'a', 'p', 'e', 'r', 't', 'u', 'r', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'l', 'a', 'b', 's', '.', 'd', 'e', '\0', + /* "apervita.net", true */ 'a', 'p', 'e', 'r', 'v', 'i', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "apexitsolutions.ca", true */ 'a', 'p', 'e', 'x', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'a', '\0', + /* "aphelionentertainment.com", true */ 'a', 'p', 'h', 'e', 'l', 'i', 'o', 'n', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "aphotrax.eu", true */ 'a', 'p', 'h', 'o', 't', 'r', 'a', 'x', '.', 'e', 'u', '\0', + /* "api-connect.com", true */ 'a', 'p', 'i', '-', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "api-geek.com", true */ 'a', 'p', 'i', '-', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "api.intercom.io", true */ 'a', 'p', 'i', '.', 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'i', 'o', '\0', + /* "api.lookout.com", false */ 'a', 'p', 'i', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "api.recurly.com", true */ 'a', 'p', 'i', '.', 'r', 'e', 'c', 'u', 'r', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "api.simple.com", false */ 'a', 'p', 'i', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "api.xero.com", false */ 'a', 'p', 'i', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "apiary.blog", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 'b', 'l', 'o', 'g', '\0', + /* "apiary.clothing", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0', + /* "apiary.shop", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 'h', 'o', 'p', '\0', + /* "apiary.store", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 't', 'o', 'r', 'e', '\0', + /* "apiary.supplies", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '\0', + /* "apiary.supply", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0', + /* "apience.com", true */ 'a', 'p', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "apila.care", true */ 'a', 'p', 'i', 'l', 'a', '.', 'c', 'a', 'r', 'e', '\0', + /* "apila.us", true */ 'a', 'p', 'i', 'l', 'a', '.', 'u', 's', '\0', + /* "apiled.io", true */ 'a', 'p', 'i', 'l', 'e', 'd', '.', 'i', 'o', '\0', + /* "apio.systems", true */ 'a', 'p', 'i', 'o', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0', + /* "apis.blue", true */ 'a', 'p', 'i', 's', '.', 'b', 'l', 'u', 'e', '\0', + /* "apis.google.com", true */ 'a', 'p', 'i', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "apis.moe", true */ 'a', 'p', 'i', 's', '.', 'm', 'o', 'e', '\0', + /* "apisyouwonthate.com", true */ 'a', 'p', 'i', 's', 'y', 'o', 'u', 'w', 'o', 'n', 't', 'h', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "apk.li", true */ 'a', 'p', 'k', '.', 'l', 'i', '\0', + /* "apk4fun.com", true */ 'a', 'p', 'k', '4', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "apl2bits.net", true */ 'a', 'p', 'l', '2', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0', + /* "aplikaceproandroid.cz", true */ 'a', 'p', 'l', 'i', 'k', 'a', 'c', 'e', 'p', 'r', 'o', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'z', '\0', + /* "aplis-online.de", false */ 'a', 'p', 'l', 'i', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "aplpackaging.co.uk", true */ 'a', 'p', 'l', 'p', 'a', 'c', 'k', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aplu.fr", true */ 'a', 'p', 'l', 'u', '.', 'f', 'r', '\0', + /* "apmpproject.org", true */ 'a', 'p', 'm', 'p', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "apn-dz.org", true */ 'a', 'p', 'n', '-', 'd', 'z', '.', 'o', 'r', 'g', '\0', + /* "apn-einstellungen.de", true */ 'a', 'p', 'n', '-', 'e', 'i', 'n', 's', 't', 'e', 'l', 'l', 'u', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "apoil.org", true */ 'a', 'p', 'o', 'i', 'l', '.', 'o', 'r', 'g', '\0', + /* "apollyon.work", true */ 'a', 'p', 'o', 'l', 'l', 'y', 'o', 'n', '.', 'w', 'o', 'r', 'k', '\0', + /* "apoly.de", true */ 'a', 'p', 'o', 'l', 'y', '.', 'd', 'e', '\0', + /* "aporia.io", true */ 'a', 'p', 'o', 'r', 'i', 'a', '.', 'i', 'o', '\0', + /* "aposke.com", true */ 'a', 'p', 'o', 's', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "aposke.net", true */ 'a', 'p', 'o', 's', 'k', 'e', '.', 'n', 'e', 't', '\0', + /* "aposke.org", true */ 'a', 'p', 'o', 's', 'k', 'e', '.', 'o', 'r', 'g', '\0', + /* "apothes.is", true */ 'a', 'p', 'o', 't', 'h', 'e', 's', '.', 'i', 's', '\0', + /* "app-at.work", true */ 'a', 'p', 'p', '-', 'a', 't', '.', 'w', 'o', 'r', 'k', '\0', + /* "app.recurly.com", true */ 'a', 'p', 'p', '.', 'r', 'e', 'c', 'u', 'r', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "app.simpletax.ca", true */ 'a', 'p', 'p', '.', 's', 'i', 'm', 'p', 'l', 'e', 't', 'a', 'x', '.', 'c', 'a', '\0', + /* "app.yinxiang.com", false */ 'a', 'p', 'p', '.', 'y', 'i', 'n', 'x', 'i', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "appartement-andrea.at", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', '-', 'a', 'n', 'd', 'r', 'e', 'a', '.', 'a', 't', '\0', + /* "appartement-evolene.net", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', '-', 'e', 'v', 'o', 'l', 'e', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "appartementhaus-badria.de", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', 'h', 'a', 'u', 's', '-', 'b', 'a', 'd', 'r', 'i', 'a', '.', 'd', 'e', '\0', + /* "appartementmarsum.nl", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', 'm', 'a', 'r', 's', 'u', 'm', '.', 'n', 'l', '\0', + /* "appchive.net", true */ 'a', 'p', 'p', 'c', 'h', 'i', 'v', 'e', '.', 'n', 'e', 't', '\0', + /* "appcoins.io", true */ 'a', 'p', 'p', 'c', 'o', 'i', 'n', 's', '.', 'i', 'o', '\0', + /* "appel-aide.ch", true */ 'a', 'p', 'p', 'e', 'l', '-', 'a', 'i', 'd', 'e', '.', 'c', 'h', '\0', + /* "appelboomdefilm.nl", true */ 'a', 'p', 'p', 'e', 'l', 'b', 'o', 'o', 'm', 'd', 'e', 'f', 'i', 'l', 'm', '.', 'n', 'l', '\0', + /* "appengine.google.com", true */ 'a', 'p', 'p', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "apperio.com", true */ 'a', 'p', 'p', 'e', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "appharbor.com", true */ 'a', 'p', 'p', 'h', 'a', 'r', 'b', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "apple-watch-zubehoer.de", true */ 'a', 'p', 'p', 'l', 'e', '-', 'w', 'a', 't', 'c', 'h', '-', 'z', 'u', 'b', 'e', 'h', 'o', 'e', 'r', '.', 'd', 'e', '\0', + /* "applejacks-bouncy-castles.co.uk", true */ 'a', 'p', 'p', 'l', 'e', 'j', 'a', 'c', 'k', 's', '-', 'b', 'o', 'u', 'n', 'c', 'y', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "applelife.ru", true */ 'a', 'p', 'p', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'r', 'u', '\0', + /* "applemon.com", true */ 'a', 'p', 'p', 'l', 'e', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "appleoosa.com", true */ 'a', 'p', 'p', 'l', 'e', 'o', 'o', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "appleranch.com", true */ 'a', 'p', 'p', 'l', 'e', 'r', 'a', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "applesana.es", true */ 'a', 'p', 'p', 'l', 'e', 's', 'a', 'n', 'a', '.', 'e', 's', '\0', + /* "applesencia.com", true */ 'a', 'p', 'p', 'l', 'e', 's', 'e', 'n', 'c', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "applewatch.co.nz", true */ 'a', 'p', 'p', 'l', 'e', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "applian.jp", true */ 'a', 'p', 'p', 'l', 'i', 'a', 'n', '.', 'j', 'p', '\0', + /* "apply.eu", true */ 'a', 'p', 'p', 'l', 'y', '.', 'e', 'u', '\0', + /* "appmeas.co.uk", true */ 'a', 'p', 'p', 'm', 'e', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "appmobile.io", true */ 'a', 'p', 'p', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'i', 'o', '\0', + /* "appninjas.com", true */ 'a', 'p', 'p', 'n', 'i', 'n', 'j', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "appointed.at", true */ 'a', 'p', 'p', 'o', 'i', 'n', 't', 'e', 'd', '.', 'a', 't', '\0', + /* "apponic.com", true */ 'a', 'p', 'p', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "apponline.com", true */ 'a', 'p', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "approbo.com", true */ 'a', 'p', 'p', 'r', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "approvedtreecare.com", true */ 'a', 'p', 'p', 'r', 'o', 'v', 'e', 'd', 't', 'r', 'e', 'e', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "apps.co", true */ 'a', 'p', 'p', 's', '.', 'c', 'o', '\0', + /* "apps.facebook.com", false */ 'a', 'p', 'p', 's', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "apps.fedoraproject.org", true */ 'a', 'p', 'p', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "apps.stg.fedoraproject.org", true */ 'a', 'p', 'p', 's', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "apps4inter.net", true */ 'a', 'p', 'p', 's', '4', 'i', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "appscloudplus.com", true */ 'a', 'p', 'p', 's', 'c', 'l', 'o', 'u', 'd', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "appseccalifornia.org", false */ 'a', 'p', 'p', 's', 'e', 'c', 'c', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "appson.co.uk", false */ 'a', 'p', 'p', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "appt.ch", true */ 'a', 'p', 'p', 't', '.', 'c', 'h', '\0', + /* "apptomics.com", true */ 'a', 'p', 'p', 't', 'o', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "apptoutou.com", true */ 'a', 'p', 'p', 't', 'o', 'u', 't', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "appuals.com", true */ 'a', 'p', 'p', 'u', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "appui-de-fenetre.fr", true */ 'a', 'p', 'p', 'u', 'i', '-', 'd', 'e', '-', 'f', 'e', 'n', 'e', 't', 'r', 'e', '.', 'f', 'r', '\0', + /* "appveyor.com", true */ 'a', 'p', 'p', 'v', 'e', 'y', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "appzoojoo.be", true */ 'a', 'p', 'p', 'z', 'o', 'o', 'j', 'o', 'o', '.', 'b', 'e', '\0', + /* "aprefix.com", true */ 'a', 'p', 'r', 'e', 'f', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "apretatuercas.es", true */ 'a', 'p', 'r', 'e', 't', 'a', 't', 'u', 'e', 'r', 'c', 'a', 's', '.', 'e', 's', '\0', + /* "aprovpn.com", true */ 'a', 'p', 'r', 'o', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0', + /* "aprpullmanportermuseum.org", true */ 'a', 'p', 'r', 'p', 'u', 'l', 'l', 'm', 'a', 'n', 'p', 'o', 'r', 't', 'e', 'r', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "aprr.org", true */ 'a', 'p', 'r', 'r', '.', 'o', 'r', 'g', '\0', + /* "aprsdroid.org", true */ 'a', 'p', 'r', 's', 'd', 'r', 'o', 'i', 'd', '.', 'o', 'r', 'g', '\0', + /* "aprz.de", true */ 'a', 'p', 'r', 'z', '.', 'd', 'e', '\0', + /* "apstudynotes.org", true */ 'a', 'p', 's', 't', 'u', 'd', 'y', 'n', 'o', 't', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "aptive.co.uk", true */ 'a', 'p', 't', 'i', 'v', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "apu-board.de", true */ 'a', 'p', 'u', '-', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "apv-ollon.ch", true */ 'a', 'p', 'v', '-', 'o', 'l', 'l', 'o', 'n', '.', 'c', 'h', '\0', + /* "aqilacademy.com.au", true */ 'a', 'q', 'i', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "aqqrate.com", true */ 'a', 'q', 'q', 'r', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "aqsiq.net", true */ 'a', 'q', 's', 'i', 'q', '.', 'n', 'e', 't', '\0', + /* "aqua-fitness-nacht.de", true */ 'a', 'q', 'u', 'a', '-', 'f', 'i', 't', 'n', 'e', 's', 's', '-', 'n', 'a', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "aqua-fotowelt.de", true */ 'a', 'q', 'u', 'a', '-', 'f', 'o', 't', 'o', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0', + /* "aquabar.co.il", true */ 'a', 'q', 'u', 'a', 'b', 'a', 'r', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "aquabio.ch", true */ 'a', 'q', 'u', 'a', 'b', 'i', 'o', '.', 'c', 'h', '\0', + /* "aquadonis.ch", true */ 'a', 'q', 'u', 'a', 'd', 'o', 'n', 'i', 's', '.', 'c', 'h', '\0', + /* "aquahomo.com", true */ 'a', 'q', 'u', 'a', 'h', 'o', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "aqualife.com.gr", true */ 'a', 'q', 'u', 'a', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'g', 'r', '\0', + /* "aqualifeprojects.com", true */ 'a', 'q', 'u', 'a', 'l', 'i', 'f', 'e', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "aquarium-supplement.net", true */ 'a', 'q', 'u', 'a', 'r', 'i', 'u', 'm', '-', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "aquaron.com", true */ 'a', 'q', 'u', 'a', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "aquaselect.eu", true */ 'a', 'q', 'u', 'a', 's', 'e', 'l', 'e', 'c', 't', '.', 'e', 'u', '\0', + /* "aquatechnologygroup.com", true */ 'a', 'q', 'u', 'a', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "aquaundine.net", true */ 'a', 'q', 'u', 'a', 'u', 'n', 'd', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "aquavitaedayspa.com.au", true */ 'a', 'q', 'u', 'a', 'v', 'i', 't', 'a', 'e', 'd', 'a', 'y', 's', 'p', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "aquila.co.uk", true */ 'a', 'q', 'u', 'i', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aquilaguild.com", false */ 'a', 'q', 'u', 'i', 'l', 'a', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "aquireceitas.com", true */ 'a', 'q', 'u', 'i', 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "aquitainebrasserie.com.au", true */ 'a', 'q', 'u', 'i', 't', 'a', 'i', 'n', 'e', 'b', 'r', 'a', 's', 's', 'e', 'r', 'i', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "aquitroc.com", true */ 'a', 'q', 'u', 'i', 't', 'r', 'o', 'c', '.', 'c', 'o', 'm', '\0', + /* "ar-informatique.ch", true */ 'a', 'r', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0', + /* "ar.al", true */ 'a', 'r', '.', 'a', 'l', '\0', + /* "arab.dating", true */ 'a', 'r', 'a', 'b', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "arabsexi.info", true */ 'a', 'r', 'a', 'b', 's', 'e', 'x', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "arachina.com", true */ 'a', 'r', 'a', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "arados.de", true */ 'a', 'r', 'a', 'd', 'o', 's', '.', 'd', 'e', '\0', + /* "arai21.net", true */ 'a', 'r', 'a', 'i', '2', '1', '.', 'n', 'e', 't', '\0', + /* "araleeniken.com", true */ 'a', 'r', 'a', 'l', 'e', 'e', 'n', 'i', 'k', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "aramado.com", true */ 'a', 'r', 'a', 'm', 'a', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "aramido.de", true */ 'a', 'r', 'a', 'm', 'i', 'd', 'o', '.', 'd', 'e', '\0', + /* "aranel.me", true */ 'a', 'r', 'a', 'n', 'e', 'l', '.', 'm', 'e', '\0', + /* "aranycsillag.net", true */ 'a', 'r', 'a', 'n', 'y', 'c', 's', 'i', 'l', 'l', 'a', 'g', '.', 'n', 'e', 't', '\0', + /* "araratour.com", true */ 'a', 'r', 'a', 'r', 'a', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "araro.ch", true */ 'a', 'r', 'a', 'r', 'o', '.', 'c', 'h', '\0', + /* "araseifudousan.com", true */ 'a', 'r', 'a', 's', 'e', 'i', 'f', 'u', 'd', 'o', 'u', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "arawaza.biz", true */ 'a', 'r', 'a', 'w', 'a', 'z', 'a', '.', 'b', 'i', 'z', '\0', + /* "arawaza.com", false */ 'a', 'r', 'a', 'w', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "arawaza.info", true */ 'a', 'r', 'a', 'w', 'a', 'z', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "araxis.com", true */ 'a', 'r', 'a', 'x', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "arbeitskreis-asyl-eningen.de", true */ 'a', 'r', 'b', 'e', 'i', 't', 's', 'k', 'r', 'e', 'i', 's', '-', 'a', 's', 'y', 'l', '-', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "arbeitslosenverwaltung.de", true */ 'a', 'r', 'b', 'e', 'i', 't', 's', 'l', 'o', 's', 'e', 'n', 'v', 'e', 'r', 'w', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "arbitrarion.com", true */ 'a', 'r', 'b', 'i', 't', 'r', 'a', 'r', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "arbitrary.ch", true */ 'a', 'r', 'b', 'i', 't', 'r', 'a', 'r', 'y', '.', 'c', 'h', '\0', + /* "arboworks.com", true */ 'a', 'r', 'b', 'o', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "arcadiaeng.com", true */ 'a', 'r', 'c', 'a', 'd', 'i', 'a', 'e', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "arcaik.net", true */ 'a', 'r', 'c', 'a', 'i', 'k', '.', 'n', 'e', 't', '\0', + /* "arcbit.io", true */ 'a', 'r', 'c', 'b', 'i', 't', '.', 'i', 'o', '\0', + /* "arcbouncycastles.co.uk", true */ 'a', 'r', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "arcenergy.co.uk", true */ 'a', 'r', 'c', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "archii.ca", true */ 'a', 'r', 'c', 'h', 'i', 'i', '.', 'c', 'a', '\0', + /* "archimedicx.com", true */ 'a', 'r', 'c', 'h', 'i', 'm', 'e', 'd', 'i', 'c', 'x', '.', 'c', 'o', 'm', '\0', + /* "archined.nl", true */ 'a', 'r', 'c', 'h', 'i', 'n', 'e', 'd', '.', 'n', 'l', '\0', + /* "architectdirect.nl", false */ 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'd', 'i', 'r', 'e', 'c', 't', '.', 'n', 'l', '\0', + /* "architecte-interieur.be", true */ 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'e', '-', 'i', 'n', 't', 'e', 'r', 'i', 'e', 'u', 'r', '.', 'b', 'e', '\0', + /* "archivesdelavieordinaire.ch", true */ 'a', 'r', 'c', 'h', 'i', 'v', 'e', 's', 'd', 'e', 'l', 'a', 'v', 'i', 'e', 'o', 'r', 'd', 'i', 'n', 'a', 'i', 'r', 'e', '.', 'c', 'h', '\0', + /* "archlinux.de", true */ 'a', 'r', 'c', 'h', 'l', 'i', 'n', 'u', 'x', '.', 'd', 'e', '\0', + /* "archlinux.org", true */ 'a', 'r', 'c', 'h', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0', + /* "archoit.org", false */ 'a', 'r', 'c', 'h', 'o', 'i', 't', '.', 'o', 'r', 'g', '\0', + /* "archsec.info", true */ 'a', 'r', 'c', 'h', 's', 'e', 'c', '.', 'i', 'n', 'f', 'o', '\0', + /* "arckr.com", true */ 'a', 'r', 'c', 'k', 'r', '.', 'c', 'o', 'm', '\0', + /* "arcobalabs.ca", true */ 'a', 'r', 'c', 'o', 'b', 'a', 'l', 'a', 'b', 's', '.', 'c', 'a', '\0', + /* "arctic.gov", true */ 'a', 'r', 'c', 't', 'i', 'c', '.', 'g', 'o', 'v', '\0', + /* "arcueil-cachan.fr", true */ 'a', 'r', 'c', 'u', 'e', 'i', 'l', '-', 'c', 'a', 'c', 'h', 'a', 'n', '.', 'f', 'r', '\0', + /* "arcusnova.de", true */ 'a', 'r', 'c', 'u', 's', 'n', 'o', 'v', 'a', '.', 'd', 'e', '\0', + /* "ardor.noip.me", true */ 'a', 'r', 'd', 'o', 'r', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0', + /* "ardtrade.ru", true */ 'a', 'r', 'd', 't', 'r', 'a', 'd', 'e', '.', 'r', 'u', '\0', + /* "area536.com", true */ 'a', 'r', 'e', 'a', '5', '3', '6', '.', 'c', 'o', 'm', '\0', + /* "areaclienti.net", true */ 'a', 'r', 'e', 'a', 'c', 'l', 'i', 'e', 'n', 't', 'i', '.', 'n', 'e', 't', '\0', + /* "areafiftylan.nl", true */ 'a', 'r', 'e', 'a', 'f', 'i', 'f', 't', 'y', 'l', 'a', 'n', '.', 'n', 'l', '\0', + /* "areallyneatwebsite.com", true */ 'a', 'r', 'e', 'a', 'l', 'l', 'y', 'n', 'e', 'a', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "areatrend.com", true */ 'a', 'r', 'e', 'a', 't', 'r', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "arendburgers.nl", true */ 'a', 'r', 'e', 'n', 'd', 'b', 'u', 'r', 'g', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "arenzanaphotography.com", true */ 'a', 'r', 'e', 'n', 'z', 'a', 'n', 'a', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "ares-trading.de", false */ 'a', 'r', 'e', 's', '-', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "arethsu.se", true */ 'a', 'r', 'e', 't', 'h', 's', 'u', '.', 's', 'e', '\0', + /* "arfad.ch", true */ 'a', 'r', 'f', 'a', 'd', '.', 'c', 'h', '\0', + /* "arg.zone", true */ 'a', 'r', 'g', '.', 'z', 'o', 'n', 'e', '\0', + /* "arganaderm.ch", true */ 'a', 'r', 'g', 'a', 'n', 'a', 'd', 'e', 'r', 'm', '.', 'c', 'h', '\0', + /* "argb.de", true */ 'a', 'r', 'g', 'b', '.', 'd', 'e', '\0', + /* "argekultur.at", true */ 'a', 'r', 'g', 'e', 'k', 'u', 'l', 't', 'u', 'r', '.', 'a', 't', '\0', + /* "argot.com", true */ 'a', 'r', 'g', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "argovpay.com", true */ 'a', 'r', 'g', 'o', 'v', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "arian.io", true */ 'a', 'r', 'i', 'a', 'n', '.', 'i', 'o', '\0', + /* "ariba.info", true */ 'a', 'r', 'i', 'b', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "ariege-pyrenees.net", true */ 'a', 'r', 'i', 'e', 'g', 'e', '-', 'p', 'y', 'r', 'e', 'n', 'e', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "arieswdd.com", true */ 'a', 'r', 'i', 'e', 's', 'w', 'd', 'd', '.', 'c', 'o', 'm', '\0', + /* "arifp.me", true */ 'a', 'r', 'i', 'f', 'p', '.', 'm', 'e', '\0', + /* "arigato-java.download", true */ 'a', 'r', 'i', 'g', 'a', 't', 'o', '-', 'j', 'a', 'v', 'a', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0', + /* "arijitdg.net", true */ 'a', 'r', 'i', 'j', 'i', 't', 'd', 'g', '.', 'n', 'e', 't', '\0', + /* "arikar.eu", true */ 'a', 'r', 'i', 'k', 'a', 'r', '.', 'e', 'u', '\0', + /* "arima.co.ke", true */ 'a', 'r', 'i', 'm', 'a', '.', 'c', 'o', '.', 'k', 'e', '\0', + /* "arinflatablefun.co.uk", true */ 'a', 'r', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aristilabs.com", true */ 'a', 'r', 'i', 's', 't', 'i', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "aristocrates.co", true */ 'a', 'r', 'i', 's', 't', 'o', 'c', 'r', 'a', 't', 'e', 's', '.', 'c', 'o', '\0', + /* "aristocratps.com", true */ 'a', 'r', 'i', 's', 't', 'o', 'c', 'r', 'a', 't', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "aritec-la.com", true */ 'a', 'r', 'i', 't', 'e', 'c', '-', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "arithxu.com", true */ 'a', 'r', 'i', 't', 'h', 'x', 'u', '.', 'c', 'o', 'm', '\0', + /* "arivo.com.br", true */ 'a', 'r', 'i', 'v', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "arizonaautomobileclub.com", true */ 'a', 'r', 'i', 'z', 'o', 'n', 'a', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', 'e', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "arjandejong.eu", true */ 'a', 'r', 'j', 'a', 'n', 'd', 'e', 'j', 'o', 'n', 'g', '.', 'e', 'u', '\0', + /* "arjanvaartjes.net", true */ 'a', 'r', 'j', 'a', 'n', 'v', 'a', 'a', 'r', 't', 'j', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "arjunasdaughter.pub", true */ 'a', 'r', 'j', 'u', 'n', 'a', 's', 'd', 'a', 'u', 'g', 'h', 't', 'e', 'r', '.', 'p', 'u', 'b', '\0', + /* "arjweb.co.uk", true */ 'a', 'r', 'j', 'w', 'e', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "arkacrao.org", true */ 'a', 'r', 'k', 'a', 'c', 'r', 'a', 'o', '.', 'o', 'r', 'g', '\0', + /* "arkaic.dyndns.org", true */ 'a', 'r', 'k', 'a', 'i', 'c', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "arkbyte.com", true */ 'a', 'r', 'k', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "arknodejs.com", true */ 'a', 'r', 'k', 'n', 'o', 'd', 'e', 'j', 's', '.', 'c', 'o', 'm', '\0', + /* "arlatools.com", true */ 'a', 'r', 'l', 'a', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "arlen.tv", true */ 'a', 'r', 'l', 'e', 'n', '.', 't', 'v', '\0', + /* "arlenarmageddon.com", true */ 'a', 'r', 'l', 'e', 'n', 'a', 'r', 'm', 'a', 'g', 'e', 'd', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "arlet.click", true */ 'a', 'r', 'l', 'e', 't', '.', 'c', 'l', 'i', 'c', 'k', '\0', + /* "armadaquadrat.com", true */ 'a', 'r', 'm', 'a', 'd', 'a', 'q', 'u', 'a', 'd', 'r', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "armandsdiscount.com", true */ 'a', 'r', 'm', 'a', 'n', 'd', 's', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "armarinhovirtual.com.br", true */ 'a', 'r', 'm', 'a', 'r', 'i', 'n', 'h', 'o', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "armazemdaminiatura.com.br", true */ 'a', 'r', 'm', 'a', 'z', 'e', 'm', 'd', 'a', 'm', 'i', 'n', 'i', 'a', 't', 'u', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "armeni-jewellery.gr", true */ 'a', 'r', 'm', 'e', 'n', 'i', '-', 'j', 'e', 'w', 'e', 'l', 'l', 'e', 'r', 'y', '.', 'g', 'r', '\0', + /* "armil.it", true */ 'a', 'r', 'm', 'i', 'l', '.', 'i', 't', '\0', + /* "arminc.tk", true */ 'a', 'r', 'm', 'i', 'n', 'c', '.', 't', 'k', '\0', + /* "arminpech.de", true */ 'a', 'r', 'm', 'i', 'n', 'p', 'e', 'c', 'h', '.', 'd', 'e', '\0', + /* "armleads.com", true */ 'a', 'r', 'm', 'l', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "armodec.com", true */ 'a', 'r', 'm', 'o', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "armstrongsengineering.com", true */ 'a', 'r', 'm', 's', 't', 'r', 'o', 'n', 'g', 's', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "army24.cz", true */ 'a', 'r', 'm', 'y', '2', '4', '.', 'c', 'z', '\0', + /* "armyofbane.com", true */ 'a', 'r', 'm', 'y', 'o', 'f', 'b', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "armyprodej.cz", true */ 'a', 'r', 'm', 'y', 'p', 'r', 'o', 'd', 'e', 'j', '.', 'c', 'z', '\0', + /* "arnaudb.net", true */ 'a', 'r', 'n', 'a', 'u', 'd', 'b', '.', 'n', 'e', 't', '\0', + /* "arnaudfeld.de", true */ 'a', 'r', 'n', 'a', 'u', 'd', 'f', 'e', 'l', 'd', '.', 'd', 'e', '\0', + /* "arnaudminable.net", true */ 'a', 'r', 'n', 'a', 'u', 'd', 'm', 'i', 'n', 'a', 'b', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "arnesolutions.com", true */ 'a', 'r', 'n', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "arniescastles.co.uk", true */ 'a', 'r', 'n', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "arnoldkontz-occasions.lu", true */ 'a', 'r', 'n', 'o', 'l', 'd', 'k', 'o', 'n', 't', 'z', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'l', 'u', '\0', + /* "arnor.org", true */ 'a', 'r', 'n', 'o', 'r', '.', 'o', 'r', 'g', '\0', + /* "arnoudraeven.nl", true */ 'a', 'r', 'n', 'o', 'u', 'd', 'r', 'a', 'e', 'v', 'e', 'n', '.', 'n', 'l', '\0', + /* "arnoudvandalen.nl", true */ 'a', 'r', 'n', 'o', 'u', 'd', 'v', 'a', 'n', 'd', 'a', 'l', 'e', 'n', '.', 'n', 'l', '\0', + /* "arokha.com", true */ 'a', 'r', 'o', 'k', 'h', 'a', '.', 'c', 'o', 'm', '\0', + /* "aroonchande.com", true */ 'a', 'r', 'o', 'o', 'n', 'c', 'h', 'a', 'n', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "around-the-blog.com", true */ 'a', 'r', 'o', 'u', 'n', 'd', '-', 't', 'h', 'e', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "arox.eu", true */ 'a', 'r', 'o', 'x', '.', 'e', 'u', '\0', + /* "arqueo-ecuatoriana.ec", true */ 'a', 'r', 'q', 'u', 'e', 'o', '-', 'e', 'c', 'u', 'a', 't', 'o', 'r', 'i', 'a', 'n', 'a', '.', 'e', 'c', '\0', + /* "arquitetura.pt", true */ 'a', 'r', 'q', 'u', 'i', 't', 'e', 't', 'u', 'r', 'a', '.', 'p', 't', '\0', + /* "arrakis.se", true */ 'a', 'r', 'r', 'a', 'k', 'i', 's', '.', 's', 'e', '\0', + /* "arrive.by", true */ 'a', 'r', 'r', 'i', 'v', 'e', '.', 'b', 'y', '\0', + /* "arrivedconsulting.com", true */ 'a', 'r', 'r', 'i', 'v', 'e', 'd', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "arrmaforum.com", true */ 'a', 'r', 'r', 'm', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "arrow-analytics.nl", true */ 'a', 'r', 'r', 'o', 'w', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'n', 'l', '\0', + /* "arrow-api.nl", true */ 'a', 'r', 'r', 'o', 'w', '-', 'a', 'p', 'i', '.', 'n', 'l', '\0', + /* "arrowgrove.com", false */ 'a', 'r', 'r', 'o', 'w', 'g', 'r', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "arrowwebprojects.nl", true */ 'a', 'r', 'r', 'o', 'w', 'w', 'e', 'b', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'n', 'l', '\0', + /* "arsenal.ru", true */ 'a', 'r', 's', 'e', 'n', 'a', 'l', '.', 'r', 'u', '\0', + /* "arsk1.com", true */ 'a', 'r', 's', 'k', '1', '.', 'c', 'o', 'm', '\0', + /* "art-et-culture.ch", true */ 'a', 'r', 't', '-', 'e', 't', '-', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'h', '\0', + /* "artansoft.com", true */ 'a', 'r', 't', 'a', 'n', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "artbytik.ru", true */ 'a', 'r', 't', 'b', 'y', 't', 'i', 'k', '.', 'r', 'u', '\0', + /* "artdeco-photo.com", true */ 'a', 'r', 't', 'd', 'e', 'c', 'o', '-', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "artea.ga", true */ 'a', 'r', 't', 'e', 'a', '.', 'g', 'a', '\0', + /* "arteaga.me", true */ 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'm', 'e', '\0', + /* "artemicroway.com.br", true */ 'a', 'r', 't', 'e', 'm', 'i', 'c', 'r', 'o', 'w', 'a', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "artemis.re", true */ 'a', 'r', 't', 'e', 'm', 'i', 's', '.', 'r', 'e', '\0', + /* "arterienundvenen.ch", true */ 'a', 'r', 't', 'e', 'r', 'i', 'e', 'n', 'u', 'n', 'd', 'v', 'e', 'n', 'e', 'n', '.', 'c', 'h', '\0', + /* "arteseideias.com.pt", true */ 'a', 'r', 't', 'e', 's', 'e', 'i', 'd', 'e', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'p', 't', '\0', + /* "arteshow.ch", true */ 'a', 'r', 't', 'e', 's', 'h', 'o', 'w', '.', 'c', 'h', '\0', + /* "arteszr.com", true */ 'a', 'r', 't', 'e', 's', 'z', 'r', '.', 'c', 'o', 'm', '\0', + /* "artetrama.com", false */ 'a', 'r', 't', 'e', 't', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "artforum.sk", true */ 'a', 'r', 't', 'f', 'o', 'r', 'u', 'm', '.', 's', 'k', '\0', + /* "arthermitage.org", true */ 'a', 'r', 't', 'h', 'e', 'r', 'm', 'i', 't', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "arthur.cn", true */ 'a', 'r', 't', 'h', 'u', 'r', '.', 'c', 'n', '\0', + /* "arthurlaw.ca", true */ 'a', 'r', 't', 'h', 'u', 'r', 'l', 'a', 'w', '.', 'c', 'a', '\0', + /* "arthurmelo.com", false */ 'a', 'r', 't', 'h', 'u', 'r', 'm', 'e', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "artik.cloud", true */ 'a', 'r', 't', 'i', 'k', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "artimpact.ch", true */ 'a', 'r', 't', 'i', 'm', 'p', 'a', 'c', 't', '.', 'c', 'h', '\0', + /* "artioml.net", true */ 'a', 'r', 't', 'i', 'o', 'm', 'l', '.', 'n', 'e', 't', '\0', + /* "artionet.ch", true */ 'a', 'r', 't', 'i', 'o', 'n', 'e', 't', '.', 'c', 'h', '\0', + /* "artisans-libres.com", true */ 'a', 'r', 't', 'i', 's', 'a', 'n', 's', '-', 'l', 'i', 'b', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "artisphere.ch", true */ 'a', 'r', 't', 'i', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'h', '\0', + /* "artlantis.nl", true */ 'a', 'r', 't', 'l', 'a', 'n', 't', 'i', 's', '.', 'n', 'l', '\0', + /* "artleading.ru", true */ 'a', 'r', 't', 'l', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'r', 'u', '\0', + /* "artlego.com", true */ 'a', 'r', 't', 'l', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "artlifeisgood.com", true */ 'a', 'r', 't', 'l', 'i', 'f', 'e', 'i', 's', 'g', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "artlogo.biz", true */ 'a', 'r', 't', 'l', 'o', 'g', 'o', '.', 'b', 'i', 'z', '\0', + /* "artlogo.cz", true */ 'a', 'r', 't', 'l', 'o', 'g', 'o', '.', 'c', 'z', '\0', + /* "artlogo.sk", true */ 'a', 'r', 't', 'l', 'o', 'g', 'o', '.', 's', 'k', '\0', + /* "artmaxi.eu", true */ 'a', 'r', 't', 'm', 'a', 'x', 'i', '.', 'e', 'u', '\0', + /* "artmoney.com", true */ 'a', 'r', 't', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "artofeyes.nl", true */ 'a', 'r', 't', 'o', 'f', 'e', 'y', 'e', 's', '.', 'n', 'l', '\0', + /* "artofwhere.com", true */ 'a', 'r', 't', 'o', 'f', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "artratio.net", true */ 'a', 'r', 't', 'r', 'a', 't', 'i', 'o', '.', 'n', 'e', 't', '\0', + /* "artroot.jp", true */ 'a', 'r', 't', 'r', 'o', 'o', 't', '.', 'j', 'p', '\0', + /* "artschmidtoptical.com", true */ 'a', 'r', 't', 's', 'c', 'h', 'm', 'i', 'd', 't', 'o', 'p', 't', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "artsinthevalley.net.au", true */ 'a', 'r', 't', 's', 'i', 'n', 't', 'h', 'e', 'v', 'a', 'l', 'l', 'e', 'y', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "artspac.es", true */ 'a', 'r', 't', 's', 'p', 'a', 'c', '.', 'e', 's', '\0', + /* "artstopinc.com", true */ 'a', 'r', 't', 's', 't', 'o', 'p', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "arturrossa.de", true */ 'a', 'r', 't', 'u', 'r', 'r', 'o', 's', 's', 'a', '.', 'd', 'e', '\0', + /* "arturszalak.com", true */ 'a', 'r', 't', 'u', 'r', 's', 'z', 'a', 'l', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "artweby.cz", true */ 'a', 'r', 't', 'w', 'e', 'b', 'y', '.', 'c', 'z', '\0', + /* "arty.name", true */ 'a', 'r', 't', 'y', '.', 'n', 'a', 'm', 'e', '\0', + /* "arubasunsetbeach.com", true */ 'a', 'r', 'u', 'b', 'a', 's', 'u', 'n', 's', 'e', 't', 'b', 'e', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "arveron.ch", true */ 'a', 'r', 'v', 'e', 'r', 'o', 'n', '.', 'c', 'h', '\0', + /* "arvid.io", true */ 'a', 'r', 'v', 'i', 'd', '.', 'i', 'o', '\0', + /* "arvindhariharan.com", true */ 'a', 'r', 'v', 'i', 'n', 'd', 'h', 'a', 'r', 'i', 'h', 'a', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "arvindhariharan.me", true */ 'a', 'r', 'v', 'i', 'n', 'd', 'h', 'a', 'r', 'i', 'h', 'a', 'r', 'a', 'n', '.', 'm', 'e', '\0', + /* "arvutiladu.ee", true */ 'a', 'r', 'v', 'u', 't', 'i', 'l', 'a', 'd', 'u', '.', 'e', 'e', '\0', + /* "arw.me", true */ 'a', 'r', 'w', '.', 'm', 'e', '\0', + /* "arxell.com", true */ 'a', 'r', 'x', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "aryan-nation.com", true */ 'a', 'r', 'y', 'a', 'n', '-', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "aryasenna.net", true */ 'a', 'r', 'y', 'a', 's', 'e', 'n', 'n', 'a', '.', 'n', 'e', 't', '\0', + /* "arzid.com", true */ 'a', 'r', 'z', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "as200753.com", true */ 'a', 's', '2', '0', '0', '7', '5', '3', '.', 'c', 'o', 'm', '\0', + /* "as200753.net", true */ 'a', 's', '2', '0', '0', '7', '5', '3', '.', 'n', 'e', 't', '\0', + /* "as44222.net", true */ 'a', 's', '4', '4', '2', '2', '2', '.', 'n', 'e', 't', '\0', + /* "asadatec.de", true */ 'a', 's', 'a', 'd', 'a', 't', 'e', 'c', '.', 'd', 'e', '\0', + /* "asadzulfahri.com", true */ 'a', 's', 'a', 'd', 'z', 'u', 'l', 'f', 'a', 'h', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "asafilm.co", true */ 'a', 's', 'a', 'f', 'i', 'l', 'm', '.', 'c', 'o', '\0', + /* "asafomba.com", true */ 'a', 's', 'a', 'f', 'o', 'm', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "asana.studio", true */ 'a', 's', 'a', 'n', 'a', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "asandu.eu", true */ 'a', 's', 'a', 'n', 'd', 'u', '.', 'e', 'u', '\0', + /* "asanger.biz", true */ 'a', 's', 'a', 'n', 'g', 'e', 'r', '.', 'b', 'i', 'z', '\0', + /* "asato-jewelry.com", true */ 'a', 's', 'a', 't', 'o', '-', 'j', 'e', 'w', 'e', 'l', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "asbito.de", true */ 'a', 's', 'b', 'i', 't', 'o', '.', 'd', 'e', '\0', + /* "ascension.run", true */ 'a', 's', 'c', 'e', 'n', 's', 'i', 'o', 'n', '.', 'r', 'u', 'n', '\0', + /* "ascgathering.com", true */ 'a', 's', 'c', 'g', 'a', 't', 'h', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "ascii.moe", true */ 'a', 's', 'c', 'i', 'i', '.', 'm', 'o', 'e', '\0', + /* "asciitable.tips", true */ 'a', 's', 'c', 'i', 'i', 't', 'a', 'b', 'l', 'e', '.', 't', 'i', 'p', 's', '\0', + /* "asd.gov.au", true */ 'a', 's', 'd', '.', 'g', 'o', 'v', '.', 'a', 'u', '\0', + /* "asdyx.de", true */ 'a', 's', 'd', 'y', 'x', '.', 'd', 'e', '\0', + /* "asec01.net", true */ 'a', 's', 'e', 'c', '0', '1', '.', 'n', 'e', 't', '\0', + /* "aseith.com", true */ 'a', 's', 'e', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "asepms.com", true */ 'a', 's', 'e', 'p', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "aserver.co", true */ 'a', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', '\0', + /* "asgapps.co.za", true */ 'a', 's', 'g', 'a', 'p', 'p', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "asge-handel.de", true */ 'a', 's', 'g', 'e', '-', 'h', 'a', 'n', 'd', 'e', 'l', '.', 'd', 'e', '\0', + /* "ashleakunowski.com", true */ 'a', 's', 'h', 'l', 'e', 'a', 'k', 'u', 'n', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "ashleyfoley.photography", true */ 'a', 's', 'h', 'l', 'e', 'y', 'f', 'o', 'l', 'e', 'y', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0', + /* "ashmportfolio.com", true */ 'a', 's', 'h', 'm', 'p', 'o', 'r', 't', 'f', 'o', 'l', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "ashutoshmishra.org", true */ 'a', 's', 'h', 'u', 't', 'o', 's', 'h', 'm', 'i', 's', 'h', 'r', 'a', '.', 'o', 'r', 'g', '\0', + /* "asia-gazette.com", true */ 'a', 's', 'i', 'a', '-', 'g', 'a', 'z', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "asia.dating", true */ 'a', 's', 'i', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "asialeonding.at", true */ 'a', 's', 'i', 'a', 'l', 'e', 'o', 'n', 'd', 'i', 'n', 'g', '.', 'a', 't', '\0', + /* "asianbet77.net", true */ 'a', 's', 'i', 'a', 'n', 'b', 'e', 't', '7', '7', '.', 'n', 'e', 't', '\0', + /* "asianshops.net", true */ 'a', 's', 'i', 'a', 'n', 's', 'h', 'o', 'p', 's', '.', 'n', 'e', 't', '\0', + /* "asiesvenezuela.com", true */ 'a', 's', 'i', 'e', 's', 'v', 'e', 'n', 'e', 'z', 'u', 'e', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "asinetasima.com", true */ 'a', 's', 'i', 'n', 'e', 't', 'a', 's', 'i', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "asisee.co.il", true */ 'a', 's', 'i', 's', 'e', 'e', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "asisee.photography", true */ 'a', 's', 'i', 's', 'e', 'e', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0', + /* "ask.fedoraproject.org", true */ 'a', 's', 'k', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "ask.stg.fedoraproject.org", true */ 'a', 's', 'k', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "askizzy.org.au", true */ 'a', 's', 'k', 'i', 'z', 'z', 'y', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "askkaren.gov", true */ 'a', 's', 'k', 'k', 'a', 'r', 'e', 'n', '.', 'g', 'o', 'v', '\0', + /* "askme24.de", true */ 'a', 's', 'k', 'm', 'e', '2', '4', '.', 'd', 'e', '\0', + /* "askv6.net", true */ 'a', 's', 'k', 'v', '6', '.', 'n', 'e', 't', '\0', + /* "askwhy.cz", true */ 'a', 's', 'k', 'w', 'h', 'y', '.', 'c', 'z', '\0', + /* "askwhy.eu", true */ 'a', 's', 'k', 'w', 'h', 'y', '.', 'e', 'u', '\0', + /* "asm-x.com", false */ 'a', 's', 'm', '-', 'x', '.', 'c', 'o', 'm', '\0', + /* "asmbsurvey.com", true */ 'a', 's', 'm', 'b', 's', 'u', 'r', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "asmdz.com", true */ 'a', 's', 'm', 'd', 'z', '.', 'c', 'o', 'm', '\0', + /* "asoul.tw", true */ 'a', 's', 'o', 'u', 'l', '.', 't', 'w', '\0', + /* "aspargesgaarden.no", true */ 'a', 's', 'p', 'a', 'r', 'g', 'e', 's', 'g', 'a', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'o', '\0', + /* "aspatrimoine.com", true */ 'a', 's', 'p', 'a', 't', 'r', 'i', 'm', 'o', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "asperti.com", true */ 'a', 's', 'p', 'e', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "asphyxia.su", true */ 'a', 's', 'p', 'h', 'y', 'x', 'i', 'a', '.', 's', 'u', '\0', + /* "aspiescentral.com", true */ 'a', 's', 'p', 'i', 'e', 's', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "aspires.co.jp", true */ 'a', 's', 'p', 'i', 'r', 'e', 's', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "aspisdata.com", true */ 'a', 's', 'p', 'i', 's', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "asr.cloud", true */ 'a', 's', 'r', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "asr.li", true */ 'a', 's', 'r', '.', 'l', 'i', '\0', + /* "asr.rocks", true */ 'a', 's', 'r', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "asr.solar", true */ 'a', 's', 'r', '.', 's', 'o', 'l', 'a', 'r', '\0', + /* "asra.gr", true */ 'a', 's', 'r', 'a', '.', 'g', 'r', '\0', + /* "asrob.eu", false */ 'a', 's', 'r', 'o', 'b', '.', 'e', 'u', '\0', + /* "asryflorist.com", true */ 'a', 's', 'r', 'y', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "assadrivesloirecher.com", true */ 'a', 's', 's', 'a', 'd', 'r', 'i', 'v', 'e', 's', 'l', 'o', 'i', 'r', 'e', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "asseenfromthesidecar.org", true */ 'a', 's', 's', 'e', 'e', 'n', 'f', 'r', 'o', 'm', 't', 'h', 'e', 's', 'i', 'd', 'e', 'c', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "assemble-together.org", true */ 'a', 's', 's', 'e', 'm', 'b', 'l', 'e', '-', 't', 'o', 'g', 'e', 't', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "assempsaibiza.com", true */ 'a', 's', 's', 'e', 'm', 'p', 's', 'a', 'i', 'b', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "assertion.de", true */ 'a', 's', 's', 'e', 'r', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "assessoriati.com.br", true */ 'a', 's', 's', 'e', 's', 's', 'o', 'r', 'i', 'a', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "assetict.com", true */ 'a', 's', 's', 'e', 't', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "assetsupervision.com", true */ 'a', 's', 's', 'e', 't', 's', 'u', 'p', 'e', 'r', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "assetvault.co.za", true */ 'a', 's', 's', 'e', 't', 'v', 'a', 'u', 'l', 't', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "assguidesporrentruy.ch", true */ 'a', 's', 's', 'g', 'u', 'i', 'd', 'e', 's', 'p', 'o', 'r', 'r', 'e', 'n', 't', 'r', 'u', 'y', '.', 'c', 'h', '\0', + /* "assistance-personnes-agees.ch", true */ 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '-', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'e', 's', '-', 'a', 'g', 'e', 'e', 's', '.', 'c', 'h', '\0', + /* "assistcart.com", true */ 'a', 's', 's', 'i', 's', 't', 'c', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "assistenzamicroonde.org", true */ 'a', 's', 's', 'i', 's', 't', 'e', 'n', 'z', 'a', 'm', 'i', 'c', 'r', 'o', 'o', 'n', 'd', 'e', '.', 'o', 'r', 'g', '\0', + /* "assodigitale.it", true */ 'a', 's', 's', 'o', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'i', 't', '\0', + /* "assumptionpj.org", true */ 'a', 's', 's', 'u', 'm', 'p', 't', 'i', 'o', 'n', 'p', 'j', '.', 'o', 'r', 'g', '\0', + /* "assurancesmons.be", true */ 'a', 's', 's', 'u', 'r', 'a', 'n', 'c', 'e', 's', 'm', 'o', 'n', 's', '.', 'b', 'e', '\0', + /* "astaninki.com", true */ 'a', 's', 't', 'a', 'n', 'i', 'n', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "astarbouncycastles.co.uk", true */ 'a', 's', 't', 'a', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "astarmathsandphysics.com", true */ 'a', 's', 't', 'a', 'r', 'm', 'a', 't', 'h', 's', 'a', 'n', 'd', 'p', 'h', 'y', 's', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "astec-informatica.com", true */ 'a', 's', 't', 'e', 'c', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "astengox.com", true */ 'a', 's', 't', 'e', 'n', 'g', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "astenotarili.online", true */ 'a', 's', 't', 'e', 'n', 'o', 't', 'a', 'r', 'i', 'l', 'i', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "astenretail.com", true */ 'a', 's', 't', 'e', 'n', 'r', 'e', 't', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "astraalivankila.net", true */ 'a', 's', 't', 'r', 'a', 'a', 'l', 'i', 'v', 'a', 'n', 'k', 'i', 'l', 'a', '.', 'n', 'e', 't', '\0', + /* "astrath.net", true */ 'a', 's', 't', 'r', 'a', 't', 'h', '.', 'n', 'e', 't', '\0', + /* "astronomie-fulda.de", true */ 'a', 's', 't', 'r', 'o', 'n', 'o', 'm', 'i', 'e', '-', 'f', 'u', 'l', 'd', 'a', '.', 'd', 'e', '\0', + /* "astroscopy.ch", true */ 'a', 's', 't', 'r', 'o', 's', 'c', 'o', 'p', 'y', '.', 'c', 'h', '\0', + /* "astrosnail.pt.eu.org", true */ 'a', 's', 't', 'r', 'o', 's', 'n', 'a', 'i', 'l', '.', 'p', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "astural.org", true */ 'a', 's', 't', 'u', 'r', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "astutikhonda.com", true */ 'a', 's', 't', 'u', 't', 'i', 'k', 'h', 'o', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "astutr.co", true */ 'a', 's', 't', 'u', 't', 'r', '.', 'c', 'o', '\0', + /* "asucrews.com", true */ 'a', 's', 'u', 'c', 'r', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "asuhe.cc", true */ 'a', 's', 'u', 'h', 'e', '.', 'c', 'c', '\0', + /* "asuhe.win", true */ 'a', 's', 'u', 'h', 'e', '.', 'w', 'i', 'n', '\0', + /* "asuka.io", true */ 'a', 's', 'u', 'k', 'a', '.', 'i', 'o', '\0', + /* "asun.co", true */ 'a', 's', 'u', 'n', '.', 'c', 'o', '\0', + /* "asurepay.cc", true */ 'a', 's', 'u', 'r', 'e', 'p', 'a', 'y', '.', 'c', 'c', '\0', + /* "asustreiber.de", true */ 'a', 's', 'u', 's', 't', 'r', 'e', 'i', 'b', 'e', 'r', '.', 'd', 'e', '\0', + /* "asvsa.ch", true */ 'a', 's', 'v', 's', 'a', '.', 'c', 'h', '\0', + /* "async.be", false */ 'a', 's', 'y', 'n', 'c', '.', 'b', 'e', '\0', + /* "at.search.yahoo.com", false */ 'a', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "atacadooptico.com.br", true */ 'a', 't', 'a', 'c', 'a', 'd', 'o', 'o', 'p', 't', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ataton.ch", true */ 'a', 't', 'a', 't', 'o', 'n', '.', 'c', 'h', '\0', + /* "atc.io", true */ 'a', 't', 'c', '.', 'i', 'o', '\0', + /* "atchleyjazz.com", true */ 'a', 't', 'c', 'h', 'l', 'e', 'y', 'j', 'a', 'z', 'z', '.', 'c', 'o', 'm', '\0', + /* "atchleyjazz.org", true */ 'a', 't', 'c', 'h', 'l', 'e', 'y', 'j', 'a', 'z', 'z', '.', 'o', 'r', 'g', '\0', + /* "atchleylab.org", true */ 'a', 't', 'c', 'h', 'l', 'e', 'y', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0', + /* "atcom.cl", true */ 'a', 't', 'c', 'o', 'm', '.', 'c', 'l', '\0', + /* "atds.ch", true */ 'a', 't', 'd', 's', '.', 'c', 'h', '\0', + /* "atease-salon.jp", true */ 'a', 't', 'e', 'a', 's', 'e', '-', 's', 'a', 'l', 'o', 'n', '.', 'j', 'p', '\0', + /* "ateli.com", true */ 'a', 't', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "atelier-coiffure.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', '-', 'c', 'o', 'i', 'f', 'f', 'u', 'r', 'e', '.', 'c', 'h', '\0', + /* "atelier-naruby.cz", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', '-', 'n', 'a', 'r', 'u', 'b', 'y', '.', 'c', 'z', '\0', + /* "atelier-viennois-cannes.fr", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', '-', 'v', 'i', 'e', 'n', 'n', 'o', 'i', 's', '-', 'c', 'a', 'n', 'n', 'e', 's', '.', 'f', 'r', '\0', + /* "atelieraphelion.com", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'a', 'p', 'h', 'e', 'l', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "atelierbw.com", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'b', 'w', '.', 'c', 'o', 'm', '\0', + /* "atelierdefrancais.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'a', 'i', 's', '.', 'c', 'h', '\0', + /* "atelierdesflammesnoires.fr", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'd', 'e', 's', 'f', 'l', 'a', 'm', 'm', 'e', 's', 'n', 'o', 'i', 'r', 'e', 's', '.', 'f', 'r', '\0', + /* "atelierhupsakee.nl", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'h', 'u', 'p', 's', 'a', 'k', 'e', 'e', '.', 'n', 'l', '\0', + /* "ateliernaruby.cz", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'n', 'a', 'r', 'u', 'b', 'y', '.', 'c', 'z', '\0', + /* "ateliernihongo.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'n', 'i', 'h', 'o', 'n', 'g', 'o', '.', 'c', 'h', '\0', + /* "ateliers-veronese-nantes.fr", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', '-', 'v', 'e', 'r', 'o', 'n', 'e', 's', 'e', '-', 'n', 'a', 'n', 't', 'e', 's', '.', 'f', 'r', '\0', + /* "ateliersantgervasi.com", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', 'a', 'n', 't', 'g', 'e', 'r', 'v', 'a', 's', 'i', '.', 'c', 'o', 'm', '\0', + /* "atelierssud.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', 's', 'u', 'd', '.', 'c', 'h', '\0', + /* "atelierssud.swiss", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', 's', 'u', 'd', '.', 's', 'w', 'i', 's', 's', '\0', + /* "atg.soy", true */ 'a', 't', 'g', '.', 's', 'o', 'y', '\0', + /* "atgoetschel.ch", true */ 'a', 't', 'g', 'o', 'e', 't', 's', 'c', 'h', 'e', 'l', '.', 'c', 'h', '\0', + /* "atgseed.co.uk", true */ 'a', 't', 'g', 's', 'e', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "atgseed.uk", true */ 'a', 't', 'g', 's', 'e', 'e', 'd', '.', 'u', 'k', '\0', + /* "ath0.org", true */ 'a', 't', 'h', '0', '.', 'o', 'r', 'g', '\0', + /* "athena-bartholdi.com", true */ 'a', 't', 'h', 'e', 'n', 'a', '-', 'b', 'a', 'r', 't', 'h', 'o', 'l', 'd', 'i', '.', 'c', 'o', 'm', '\0', + /* "athena-garage.co.uk", true */ 'a', 't', 'h', 'e', 'n', 'a', '-', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "atheoryofchange.com", true */ 'a', 't', 'h', 'e', 'o', 'r', 'y', 'o', 'f', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "athlin.de", true */ 'a', 't', 'h', 'l', 'i', 'n', '.', 'd', 'e', '\0', + /* "atishchenko.com", true */ 'a', 't', 'i', 's', 'h', 'c', 'h', 'e', 'n', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "atisoft.biz", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'b', 'i', 'z', '\0', + /* "atisoft.com.tr", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "atisoft.net", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "atisoft.net.tr", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '.', 't', 'r', '\0', + /* "atisoft.web.tr", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'w', 'e', 'b', '.', 't', 'r', '\0', + /* "atitude.com", true */ 'a', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "ativapsicologia.com.br", true */ 'a', 't', 'i', 'v', 'a', 'p', 's', 'i', 'c', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "atk.me", true */ 'a', 't', 'k', '.', 'm', 'e', '\0', + /* "atkdesign.pt", true */ 'a', 't', 'k', 'd', 'e', 's', 'i', 'g', 'n', '.', 'p', 't', '\0', + /* "atl-paas.net", true */ 'a', 't', 'l', '-', 'p', 'a', 'a', 's', '.', 'n', 'e', 't', '\0', + /* "atlantahairsurgeon.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'a', 'h', 'a', 'i', 'r', 's', 'u', 'r', 'g', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "atlantareroof.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'a', 'r', 'e', 'r', 'o', 'o', 'f', '.', 'c', 'o', 'm', '\0', + /* "atlantaspringroll.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'a', 's', 'p', 'r', 'i', 'n', 'g', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "atlantichomes.com.au", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 'c', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "atlantis-kh.noip.me", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 's', '-', 'k', 'h', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0', + /* "atlantischild.hu", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 's', 'c', 'h', 'i', 'l', 'd', '.', 'h', 'u', '\0', + /* "atlantiswaterproofing.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 's', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "atlas-5.site", true */ 'a', 't', 'l', 'a', 's', '-', '5', '.', 's', 'i', 't', 'e', '\0', + /* "atlas-staging.ml", true */ 'a', 't', 'l', 'a', 's', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'm', 'l', '\0', + /* "atlas.co", true */ 'a', 't', 'l', 'a', 's', '.', 'c', 'o', '\0', + /* "atlaschiropractic.org", true */ 'a', 't', 'l', 'a', 's', 'c', 'h', 'i', 'r', 'o', 'p', 'r', 'a', 'c', 't', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "atlascultural.com", true */ 'a', 't', 'l', 'a', 's', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "atlasone.us", true */ 'a', 't', 'l', 'a', 's', 'o', 'n', 'e', '.', 'u', 's', '\0', + /* "atlassian.io", true */ 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'i', 'o', '\0', + /* "atlassian.net", true */ 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "atletika.hu", true */ 'a', 't', 'l', 'e', 't', 'i', 'k', 'a', '.', 'h', 'u', '\0', + /* "atmocdn.com", true */ 'a', 't', 'm', 'o', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0', + /* "atnis.com", true */ 'a', 't', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "ato4sound.com", true */ 'a', 't', 'o', '4', 's', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "atolm.net", true */ 'a', 't', 'o', 'l', 'm', '.', 'n', 'e', 't', '\0', + /* "atom-china.org", true */ 'a', 't', 'o', 'm', '-', 'c', 'h', 'i', 'n', 'a', '.', 'o', 'r', 'g', '\0', + /* "atom.solutions", true */ 'a', 't', 'o', 'm', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0', + /* "atom86.net", true */ 'a', 't', 'o', 'm', '8', '6', '.', 'n', 'e', 't', '\0', + /* "atombase.org", true */ 'a', 't', 'o', 'm', 'b', 'a', 's', 'e', '.', 'o', 'r', 'g', '\0', + /* "atomic-bounce.com", true */ 'a', 't', 'o', 'm', 'i', 'c', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "atomicbounce.co.uk", true */ 'a', 't', 'o', 'm', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "atomism.com", true */ 'a', 't', 'o', 'm', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "atorcidabrasileira.com.br", true */ 'a', 't', 'o', 'r', 'c', 'i', 'd', 'a', 'b', 'r', 'a', 's', 'i', 'l', 'e', 'i', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "atplonline.co", true */ 'a', 't', 'p', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '\0', + /* "atracaosexshop.com.br", true */ 'a', 't', 'r', 'a', 'c', 'a', 'o', 's', 'e', 'x', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "atraining.ru", true */ 'a', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'r', 'u', '\0', + /* "atraverscugy.ch", true */ 'a', 't', 'r', 'a', 'v', 'e', 'r', 's', 'c', 'u', 'g', 'y', '.', 'c', 'h', '\0', + /* "atrevillot.com", true */ 'a', 't', 'r', 'e', 'v', 'i', 'l', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "atrinik.org", true */ 'a', 't', 'r', 'i', 'n', 'i', 'k', '.', 'o', 'r', 'g', '\0', + /* "atte.fi", true */ 'a', 't', 't', 'e', '.', 'f', 'i', '\0', + /* "attendantdesign.com", true */ 'a', 't', 't', 'e', 'n', 'd', 'a', 'n', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "attilagyorffy.com", true */ 'a', 't', 't', 'i', 'l', 'a', 'g', 'y', 'o', 'r', 'f', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "attilavandervelde.nl", true */ 'a', 't', 't', 'i', 'l', 'a', 'v', 'a', 'n', 'd', 'e', 'r', 'v', 'e', 'l', 'd', 'e', '.', 'n', 'l', '\0', + /* "attitudes-bureaux.fr", true */ 'a', 't', 't', 'i', 't', 'u', 'd', 'e', 's', '-', 'b', 'u', 'r', 'e', 'a', 'u', 'x', '.', 'f', 'r', '\0', + /* "attogtech.com", true */ 'a', 't', 't', 'o', 'g', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "attorney.org.il", true */ 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', '.', 'o', 'r', 'g', '.', 'i', 'l', '\0', + /* "attwood.org", true */ 'a', 't', 't', 'w', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0', + /* "atulhost.com", true */ 'a', 't', 'u', 'l', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "atviras.lt", false */ 'a', 't', 'v', 'i', 'r', 'a', 's', '.', 'l', 't', '\0', + /* "atwonline.org", true */ 'a', 't', 'w', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "atypicom.es", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'e', 's', '\0', + /* "atypicom.fr", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'f', 'r', '\0', + /* "atypicom.it", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'i', 't', '\0', + /* "atypicom.pt", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'p', 't', '\0', + /* "atzenchefin.de", true */ 'a', 't', 'z', 'e', 'n', 'c', 'h', 'e', 'f', 'i', 'n', '.', 'd', 'e', '\0', + /* "au-be.net", true */ 'a', 'u', '-', 'b', 'e', '.', 'n', 'e', 't', '\0', + /* "au2pb.org", true */ 'a', 'u', '2', 'p', 'b', '.', 'o', 'r', 'g', '\0', + /* "aubergegilly.ch", true */ 'a', 'u', 'b', 'e', 'r', 'g', 'e', 'g', 'i', 'l', 'l', 'y', '.', 'c', 'h', '\0', + /* "aubg.org", true */ 'a', 'u', 'b', 'g', '.', 'o', 'r', 'g', '\0', + /* "aubio.org", true */ 'a', 'u', 'b', 'i', 'o', '.', 'o', 'r', 'g', '\0', + /* "aubonmanger.fr", true */ 'a', 'u', 'b', 'o', 'n', 'm', 'a', 'n', 'g', 'e', 'r', '.', 'f', 'r', '\0', + /* "aucklandcastles.co.uk", true */ 'a', 'u', 'c', 'k', 'l', 'a', 'n', 'd', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aucubin.de", true */ 'a', 'u', 'c', 'u', 'b', 'i', 'n', '.', 'd', 'e', '\0', + /* "audialbuquerqueparts.com", true */ 'a', 'u', 'd', 'i', 'a', 'l', 'b', 'u', 'q', 'u', 'e', 'r', 'q', 'u', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "audiblox.co.za", true */ 'a', 'u', 'd', 'i', 'b', 'l', 'o', 'x', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "audiense.com", true */ 'a', 'u', 'd', 'i', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "audio-detector.com", true */ 'a', 'u', 'd', 'i', 'o', '-', 'd', 'e', 't', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "audiolibri.org", true */ 'a', 'u', 'd', 'i', 'o', 'l', 'i', 'b', 'r', 'i', '.', 'o', 'r', 'g', '\0', + /* "audiophile.ch", true */ 'a', 'u', 'd', 'i', 'o', 'p', 'h', 'i', 'l', 'e', '.', 'c', 'h', '\0', + /* "audiorental.net", true */ 'a', 'u', 'd', 'i', 'o', 'r', 'e', 'n', 't', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "audisto.com", true */ 'a', 'u', 'd', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "auditos.com", true */ 'a', 'u', 'd', 'i', 't', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "auditsquare.com", true */ 'a', 'u', 'd', 'i', 't', 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "auerbach-verlag.de", true */ 'a', 'u', 'e', 'r', 'b', 'a', 'c', 'h', '-', 'v', 'e', 'r', 'l', 'a', 'g', '.', 'd', 'e', '\0', + /* "auf-feindgebiet.de", true */ 'a', 'u', 'f', '-', 'f', 'e', 'i', 'n', 'd', 'g', 'e', 'b', 'i', 'e', 't', '.', 'd', 'e', '\0', + /* "aufprise.de", true */ 'a', 'u', 'f', 'p', 'r', 'i', 's', 'e', '.', 'd', 'e', '\0', + /* "augaware.org", true */ 'a', 'u', 'g', 'a', 'w', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "augen-seite.de", true */ 'a', 'u', 'g', 'e', 'n', '-', 's', 'e', 'i', 't', 'e', '.', 'd', 'e', '\0', + /* "augenblicke-blog.de", true */ 'a', 'u', 'g', 'e', 'n', 'b', 'l', 'i', 'c', 'k', 'e', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "augiero.it", true */ 'a', 'u', 'g', 'i', 'e', 'r', 'o', '.', 'i', 't', '\0', + /* "augmentable.de", true */ 'a', 'u', 'g', 'm', 'e', 'n', 't', 'a', 'b', 'l', 'e', '.', 'd', 'e', '\0', + /* "august.black", true */ 'a', 'u', 'g', 'u', 's', 't', '.', 'b', 'l', 'a', 'c', 'k', '\0', + /* "augustian-life.cz", true */ 'a', 'u', 'g', 'u', 's', 't', 'i', 'a', 'n', '-', 'l', 'i', 'f', 'e', '.', 'c', 'z', '\0', + /* "augustiner-kantorei-erfurt.de", true */ 'a', 'u', 'g', 'u', 's', 't', 'i', 'n', 'e', 'r', '-', 'k', 'a', 'n', 't', 'o', 'r', 'e', 'i', '-', 'e', 'r', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0', + /* "augustiner-kantorei.de", true */ 'a', 'u', 'g', 'u', 's', 't', 'i', 'n', 'e', 'r', '-', 'k', 'a', 'n', 't', 'o', 'r', 'e', 'i', '.', 'd', 'e', '\0', + /* "aukaraoke.su", true */ 'a', 'u', 'k', 'a', 'r', 'a', 'o', 'k', 'e', '.', 's', 'u', '\0', + /* "aulaschrank.gq", true */ 'a', 'u', 'l', 'a', 's', 'c', 'h', 'r', 'a', 'n', 'k', '.', 'g', 'q', '\0', + /* "aulo.in", false */ 'a', 'u', 'l', 'o', '.', 'i', 'n', '\0', + /* "aunali1.com", true */ 'a', 'u', 'n', 'a', 'l', 'i', '1', '.', 'c', 'o', 'm', '\0', + /* "auntie-eileens.com.au", true */ 'a', 'u', 'n', 't', 'i', 'e', '-', 'e', 'i', 'l', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "auplidespages.fr", true */ 'a', 'u', 'p', 'l', 'i', 'd', 'e', 's', 'p', 'a', 'g', 'e', 's', '.', 'f', 'r', '\0', + /* "aur.rocks", true */ 'a', 'u', 'r', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "aureus.pw", true */ 'a', 'u', 'r', 'e', 'u', 's', '.', 'p', 'w', '\0', + /* "auri.ga", true */ 'a', 'u', 'r', 'i', '.', 'g', 'a', '\0', + /* "auricblue.com", true */ 'a', 'u', 'r', 'i', 'c', 'b', 'l', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "auriko-games.de", true */ 'a', 'u', 'r', 'i', 'k', 'o', '-', 'g', 'a', 'm', 'e', 's', '.', 'd', 'e', '\0', + /* "aurora-multimedia.co.uk", true */ 'a', 'u', 'r', 'o', 'r', 'a', '-', 'm', 'u', 'l', 't', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "auroraassociationofrealtors.com", true */ 'a', 'u', 'r', 'o', 'r', 'a', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', 'o', 'f', 'r', 'e', 'a', 'l', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "aurorarecordings.com", true */ 'a', 'u', 'r', 'o', 'r', 'a', 'r', 'e', 'c', 'o', 'r', 'd', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "aurosa.cz", true */ 'a', 'u', 'r', 'o', 's', 'a', '.', 'c', 'z', '\0', + /* "aus-ryugaku.info", true */ 'a', 'u', 's', '-', 'r', 'y', 'u', 'g', 'a', 'k', 'u', '.', 'i', 'n', 'f', 'o', '\0', + /* "auskunftsbegehren.at", true */ 'a', 'u', 's', 'k', 'u', 'n', 'f', 't', 's', 'b', 'e', 'g', 'e', 'h', 'r', 'e', 'n', '.', 'a', 't', '\0', + /* "auslandsjahr-usa.de", false */ 'a', 'u', 's', 'l', 'a', 'n', 'd', 's', 'j', 'a', 'h', 'r', '-', 'u', 's', 'a', '.', 'd', 'e', '\0', + /* "ausschreibungen-suedtirol.it", true */ 'a', 'u', 's', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'u', 'n', 'g', 'e', 'n', '-', 's', 'u', 'e', 'd', 't', 'i', 'r', 'o', 'l', '.', 'i', 't', '\0', + /* "aussiehq.com.au", true */ 'a', 'u', 's', 's', 'i', 'e', 'h', 'q', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "aussieservicedown.com", true */ 'a', 'u', 's', 's', 'i', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "austincardiac.com", true */ 'a', 'u', 's', 't', 'i', 'n', 'c', 'a', 'r', 'd', 'i', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "austinheap.com", true */ 'a', 'u', 's', 't', 'i', 'n', 'h', 'e', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "austinmobilemechanics.net", true */ 'a', 'u', 's', 't', 'i', 'n', 'm', 'o', 'b', 'i', 'l', 'e', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', 's', '.', 'n', 'e', 't', '\0', + /* "austinstore.com.br", true */ 'a', 'u', 's', 't', 'i', 'n', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "australian.dating", true */ 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "australianfreebets.com.au", true */ 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', 'n', 'f', 'r', 'e', 'e', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "australien-tipps.info", true */ 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'e', 'n', '-', 't', 'i', 'p', 'p', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "austromorph.space", true */ 'a', 'u', 's', 't', 'r', 'o', 'm', 'o', 'r', 'p', 'h', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "auszeit-lanzarote.com", true */ 'a', 'u', 's', 'z', 'e', 'i', 't', '-', 'l', 'a', 'n', 'z', 'a', 'r', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "auszeit.bio", true */ 'a', 'u', 's', 'z', 'e', 'i', 't', '.', 'b', 'i', 'o', '\0', + /* "auth.adult", true */ 'a', 'u', 't', 'h', '.', 'a', 'd', 'u', 'l', 't', '\0', + /* "authinfo-bestellen.de", true */ 'a', 'u', 't', 'h', 'i', 'n', 'f', 'o', '-', 'b', 'e', 's', 't', 'e', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0', + /* "author24.biz", true */ 'a', 'u', 't', 'h', 'o', 'r', '2', '4', '.', 'b', 'i', 'z', '\0', + /* "authorsguild.in", true */ 'a', 'u', 't', 'h', 'o', 'r', 's', 'g', 'u', 'i', 'l', 'd', '.', 'i', 'n', '\0', + /* "autimatisering.nl", true */ 'a', 'u', 't', 'i', 'm', 'a', 't', 'i', 's', 'e', 'r', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "autism-osaka.org", true */ 'a', 'u', 't', 'i', 's', 'm', '-', 'o', 's', 'a', 'k', 'a', '.', 'o', 'r', 'g', '\0', + /* "auto-anleitung.de", true */ 'a', 'u', 't', 'o', '-', 'a', 'n', 'l', 'e', 'i', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "auto-plus.tn", true */ 'a', 'u', 't', 'o', '-', 'p', 'l', 'u', 's', '.', 't', 'n', '\0', + /* "autoauctionsohio.com", true */ 'a', 'u', 't', 'o', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'o', 'h', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "autoauctionsvirginia.com", true */ 'a', 'u', 't', 'o', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'v', 'i', 'r', 'g', 'i', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "autobedrijfschalkoort.nl", true */ 'a', 'u', 't', 'o', 'b', 'e', 'd', 'r', 'i', 'j', 'f', 's', 'c', 'h', 'a', 'l', 'k', 'o', 'o', 'r', 't', '.', 'n', 'l', '\0', + /* "autoclean-plus.ch", true */ 'a', 'u', 't', 'o', 'c', 'l', 'e', 'a', 'n', '-', 'p', 'l', 'u', 's', '.', 'c', 'h', '\0', + /* "autocmall.com", true */ 'a', 'u', 't', 'o', 'c', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "autocorner.com", true */ 'a', 'u', 't', 'o', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "autodalmacija.com", true */ 'a', 'u', 't', 'o', 'd', 'a', 'l', 'm', 'a', 'c', 'i', 'j', 'a', '.', 'c', 'o', 'm', '\0', + /* "autoecoledumontblanc.com", true */ 'a', 'u', 't', 'o', 'e', 'c', 'o', 'l', 'e', 'd', 'u', 'm', 'o', 'n', 't', 'b', 'l', 'a', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "autoentrepreneurinfo.com", true */ 'a', 'u', 't', 'o', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "autoinsurancehavasu.com", true */ 'a', 'u', 't', 'o', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'h', 'a', 'v', 'a', 's', 'u', '.', 'c', 'o', 'm', '\0', + /* "autoledky.sk", true */ 'a', 'u', 't', 'o', 'l', 'e', 'd', 'k', 'y', '.', 's', 'k', '\0', + /* "automacity.com", true */ 'a', 'u', 't', 'o', 'm', 'a', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "automatethis.com.au", true */ 'a', 'u', 't', 'o', 'm', 'a', 't', 'e', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "automatic.com", true */ 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "automationpro.me", true */ 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 'o', 'n', 'p', 'r', 'o', '.', 'm', 'e', '\0', + /* "automotivegroup-usedcars.be", true */ 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'e', 'g', 'r', 'o', 'u', 'p', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "automotivemechanic.org", true */ 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'e', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "autoosijek.com", true */ 'a', 'u', 't', 'o', 'o', 's', 'i', 'j', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "autoparts.im", true */ 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'i', 'm', '\0', + /* "autoparts.sh", true */ 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 's', 'h', '\0', + /* "autoparts.wf", true */ 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'w', 'f', '\0', + /* "autos-retro-plaisir.com", true */ 'a', 'u', 't', 'o', 's', '-', 'r', 'e', 't', 'r', 'o', '-', 'p', 'l', 'a', 'i', 's', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "autoscuola.roma.it", true */ 'a', 'u', 't', 'o', 's', 'c', 'u', 'o', 'l', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "autoshinka72.ru", true */ 'a', 'u', 't', 'o', 's', 'h', 'i', 'n', 'k', 'a', '7', '2', '.', 'r', 'u', '\0', + /* "autoskola.hr", true */ 'a', 'u', 't', 'o', 's', 'k', 'o', 'l', 'a', '.', 'h', 'r', '\0', + /* "autoskole.hr", true */ 'a', 'u', 't', 'o', 's', 'k', 'o', 'l', 'e', '.', 'h', 'r', '\0', + /* "autostodulky.cz", true */ 'a', 'u', 't', 'o', 's', 't', 'o', 'd', 'u', 'l', 'k', 'y', '.', 'c', 'z', '\0', + /* "autotechschool.com", true */ 'a', 'u', 't', 'o', 't', 'e', 'c', 'h', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "autoterminus-used.be", true */ 'a', 'u', 't', 'o', 't', 'e', 'r', 'm', 'i', 'n', 'u', 's', '-', 'u', 's', 'e', 'd', '.', 'b', 'e', '\0', + /* "autoverzekeringafsluiten.com", true */ 'a', 'u', 't', 'o', 'v', 'e', 'r', 'z', 'e', 'k', 'e', 'r', 'i', 'n', 'g', 'a', 'f', 's', 'l', 'u', 'i', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "autoxy.it", true */ 'a', 'u', 't', 'o', 'x', 'y', '.', 'i', 't', '\0', + /* "autozane.com", true */ 'a', 'u', 't', 'o', 'z', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "auvernet.org", true */ 'a', 'u', 'v', 'e', 'r', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "auvious.com", true */ 'a', 'u', 'v', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "auxquatrevents.ch", true */ 'a', 'u', 'x', 'q', 'u', 'a', 't', 'r', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0', + /* "av01.tv", true */ 'a', 'v', '0', '1', '.', 't', 'v', '\0', + /* "av163.cc", true */ 'a', 'v', '1', '6', '3', '.', 'c', 'c', '\0', + /* "ava-creative.de", false */ 'a', 'v', 'a', '-', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'd', 'e', '\0', + /* "ava-software.at", true */ 'a', 'v', 'a', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'a', 't', '\0', + /* "avaaz.org", true */ 'a', 'v', 'a', 'a', 'z', '.', 'o', 'r', 'g', '\0', + /* "avabouncehire.co.uk", true */ 'a', 'v', 'a', 'b', 'o', 'u', 'n', 'c', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "avacariu.me", true */ 'a', 'v', 'a', 'c', 'a', 'r', 'i', 'u', '.', 'm', 'e', '\0', + /* "availablecastles.com", true */ 'a', 'v', 'a', 'i', 'l', 'a', 'b', 'l', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "avalon-island.ru", true */ 'a', 'v', 'a', 'l', 'o', 'n', '-', 'i', 's', 'l', 'a', 'n', 'd', '.', 'r', 'u', '\0', + /* "avalon-studios.de", true */ 'a', 'v', 'a', 'l', 'o', 'n', '-', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'd', 'e', '\0', + /* "avanet.ch", true */ 'a', 'v', 'a', 'n', 'e', 't', '.', 'c', 'h', '\0', + /* "avanovum.de", true */ 'a', 'v', 'a', 'n', 'o', 'v', 'u', 'm', '.', 'd', 'e', '\0', + /* "avaq.fr", true */ 'a', 'v', 'a', 'q', '.', 'f', 'r', '\0', + /* "avarty.com", true */ 'a', 'v', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "avarty.net", true */ 'a', 'v', 'a', 'r', 't', 'y', '.', 'n', 'e', 't', '\0', + /* "avastantivirus.ro", true */ 'a', 'v', 'a', 's', 't', 'a', 'n', 't', 'i', 'v', 'i', 'r', 'u', 's', '.', 'r', 'o', '\0', + /* "avcd.cz", true */ 'a', 'v', 'c', 'd', '.', 'c', 'z', '\0', + /* "avdagic.net", true */ 'a', 'v', 'd', 'a', 'g', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "avdh.top", true */ 'a', 'v', 'd', 'h', '.', 't', 'o', 'p', '\0', + /* "ave.zone", true */ 'a', 'v', 'e', '.', 'z', 'o', 'n', 'e', '\0', + /* "aveapps.com", false */ 'a', 'v', 'e', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "avedesk.org", false */ 'a', 'v', 'e', 'd', 'e', 's', 'k', '.', 'o', 'r', 'g', '\0', + /* "aventurische-allianz.de", true */ 'a', 'v', 'e', 'n', 't', 'u', 'r', 'i', 's', 'c', 'h', 'e', '-', 'a', 'l', 'l', 'i', 'a', 'n', 'z', '.', 'd', 'e', '\0', + /* "avenueeyecare.com", true */ 'a', 'v', 'e', 'n', 'u', 'e', 'e', 'y', 'e', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "averageinspired.com", true */ 'a', 'v', 'e', 'r', 'a', 'g', 'e', 'i', 'n', 's', 'p', 'i', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "averam.net", true */ 'a', 'v', 'e', 'r', 'a', 'm', '.', 'n', 'e', 't', '\0', + /* "averen.co.uk", true */ 'a', 'v', 'e', 'r', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "avg.club", true */ 'a', 'v', 'g', '.', 'c', 'l', 'u', 'b', '\0', + /* "avi9526.pp.ua", true */ 'a', 'v', 'i', '9', '5', '2', '6', '.', 'p', 'p', '.', 'u', 'a', '\0', + /* "aviationstrategy.aero", true */ 'a', 'v', 'i', 'a', 't', 'i', 'o', 'n', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'a', 'e', 'r', 'o', '\0', + /* "avid.blue", true */ 'a', 'v', 'i', 'd', '.', 'b', 'l', 'u', 'e', '\0', + /* "aviv.nyc", true */ 'a', 'v', 'i', 'v', '.', 'n', 'y', 'c', '\0', + /* "avmemo.com", true */ 'a', 'v', 'm', 'e', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "avmo.pw", true */ 'a', 'v', 'm', 'o', '.', 'p', 'w', '\0', + /* "avmoo.com", true */ 'a', 'v', 'm', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "avnet.ws", true */ 'a', 'v', 'n', 'e', 't', '.', 'w', 's', '\0', + /* "avocode.com", true */ 'a', 'v', 'o', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "avotoma.com", true */ 'a', 'v', 'o', 't', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "avova.de", true */ 'a', 'v', 'o', 'v', 'a', '.', 'd', 'e', '\0', + /* "avpres.net", true */ 'a', 'v', 'p', 'r', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "avso.pw", true */ 'a', 'v', 's', 'o', '.', 'p', 'w', '\0', + /* "avsox.com", true */ 'a', 'v', 's', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "avspot.net", true */ 'a', 'v', 's', 'p', 'o', 't', '.', 'n', 'e', 't', '\0', + /* "avticket.ru", false */ 'a', 'v', 't', 'i', 'c', 'k', 'e', 't', '.', 'r', 'u', '\0', + /* "avtoforex.ru", true */ 'a', 'v', 't', 'o', 'f', 'o', 'r', 'e', 'x', '.', 'r', 'u', '\0', + /* "avtogara-isperih.com", true */ 'a', 'v', 't', 'o', 'g', 'a', 'r', 'a', '-', 'i', 's', 'p', 'e', 'r', 'i', 'h', '.', 'c', 'o', 'm', '\0', + /* "avtosept.by", true */ 'a', 'v', 't', 'o', 's', 'e', 'p', 't', '.', 'b', 'y', '\0', + /* "avtovokzaly.ru", true */ 'a', 'v', 't', 'o', 'v', 'o', 'k', 'z', 'a', 'l', 'y', '.', 'r', 'u', '\0', + /* "avvcorda.com", true */ 'a', 'v', 'v', 'c', 'o', 'r', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "avxo.pw", true */ 'a', 'v', 'x', 'o', '.', 'p', 'w', '\0', + /* "awaremi-tai.com", true */ 'a', 'w', 'a', 'r', 'e', 'm', 'i', '-', 't', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "awaro.net", false */ 'a', 'w', 'a', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "awbouncycastlehire.com", true */ 'a', 'w', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "awccanadianpharmacy.com", true */ 'a', 'w', 'c', 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "awei.pub", true */ 'a', 'w', 'e', 'i', '.', 'p', 'u', 'b', '\0', + /* "awen.me", true */ 'a', 'w', 'e', 'n', '.', 'm', 'e', '\0', + /* "awesomebouncycastles.co.uk", true */ 'a', 'w', 'e', 's', 'o', 'm', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "awin.la", true */ 'a', 'w', 'i', 'n', '.', 'l', 'a', '\0', + /* "awk.tw", true */ 'a', 'w', 'k', '.', 't', 'w', '\0', + /* "awksolutions.com", true */ 'a', 'w', 'k', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "awningsaboveus.com", true */ 'a', 'w', 'n', 'i', 'n', 'g', 's', 'a', 'b', 'o', 'v', 'e', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "awomaninherprime.com", true */ 'a', 'w', 'o', 'm', 'a', 'n', 'i', 'n', 'h', 'e', 'r', 'p', 'r', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "awsmdev.de", true */ 'a', 'w', 's', 'm', 'd', 'e', 'v', '.', 'd', 'e', '\0', + /* "awxg.com", true */ 'a', 'w', 'x', 'g', '.', 'c', 'o', 'm', '\0', + /* "ax25.org", true */ 'a', 'x', '2', '5', '.', 'o', 'r', 'g', '\0', + /* "axel-fischer.net", true */ 'a', 'x', 'e', 'l', '-', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "axelteichmann.net", true */ 'a', 'x', 'e', 'l', 't', 'e', 'i', 'c', 'h', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0', + /* "axem.co.jp", true */ 'a', 'x', 'e', 'm', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "axialsports.com", true */ 'a', 'x', 'i', 'a', 'l', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "axiomer.com", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "axiomer.es", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'e', 's', '\0', + /* "axiomer.eu", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'e', 'u', '\0', + /* "axiomer.me", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'm', 'e', '\0', + /* "axiomer.net", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "axiomer.org", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "axka.com", false */ 'a', 'x', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "axolotlfarm.org", true */ 'a', 'x', 'o', 'l', 'o', 't', 'l', 'f', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0', + /* "axrec.de", true */ 'a', 'x', 'r', 'e', 'c', '.', 'd', 'e', '\0', + /* "axtux.tk", true */ 'a', 'x', 't', 'u', 'x', '.', 't', 'k', '\0', + /* "axxial.tk", true */ 'a', 'x', 'x', 'i', 'a', 'l', '.', 't', 'k', '\0', + /* "ayatk.com", true */ 'a', 'y', 'a', 't', 'k', '.', 'c', 'o', 'm', '\0', + /* "aycomba.de", true */ 'a', 'y', 'c', 'o', 'm', 'b', 'a', '.', 'd', 'e', '\0', + /* "ayesh.me", true */ 'a', 'y', 'e', 's', 'h', '.', 'm', 'e', '\0', + /* "ayesh.win", true */ 'a', 'y', 'e', 's', 'h', '.', 'w', 'i', 'n', '\0', + /* "aykutcevik.com", true */ 'a', 'y', 'k', 'u', 't', 'c', 'e', 'v', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "aylak.com", true */ 'a', 'y', 'l', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "aylesburycastlehire.co.uk", true */ 'a', 'y', 'l', 'e', 's', 'b', 'u', 'r', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "aymerick.fr", true */ 'a', 'y', 'm', 'e', 'r', 'i', 'c', 'k', '.', 'f', 'r', '\0', + /* "aymericlagier.com", true */ 'a', 'y', 'm', 'e', 'r', 'i', 'c', 'l', 'a', 'g', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ayothemes.com", true */ 'a', 'y', 'o', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ayrohq.com", true */ 'a', 'y', 'r', 'o', 'h', 'q', '.', 'c', 'o', 'm', '\0', + /* "ayrshirebouncycastlehire.co.uk", true */ 'a', 'y', 'r', 's', 'h', 'i', 'r', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ayurveda-mantry.com", true */ 'a', 'y', 'u', 'r', 'v', 'e', 'd', 'a', '-', 'm', 'a', 'n', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "ayurveda101.com", false */ 'a', 'y', 'u', 'r', 'v', 'e', 'd', 'a', '1', '0', '1', '.', 'c', 'o', 'm', '\0', + /* "az-vinyl-boden.de", true */ 'a', 'z', '-', 'v', 'i', 'n', 'y', 'l', '-', 'b', 'o', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "az.search.yahoo.com", false */ 'a', 'z', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "azabani.com", true */ 'a', 'z', 'a', 'b', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "azia.info", true */ 'a', 'z', 'i', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "azimut.fr", true */ 'a', 'z', 'i', 'm', 'u', 't', '.', 'f', 'r', '\0', + /* "azino777.ru", true */ 'a', 'z', 'i', 'n', 'o', '7', '7', '7', '.', 'r', 'u', '\0', + /* "azlk-team.ru", true */ 'a', 'z', 'l', 'k', '-', 't', 'e', 'a', 'm', '.', 'r', 'u', '\0', + /* "azort.com", true */ 'a', 'z', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "azrazalea.net", true */ 'a', 'z', 'r', 'a', 'z', 'a', 'l', 'e', 'a', '.', 'n', 'e', 't', '\0', + /* "azso.pro", true */ 'a', 'z', 's', 'o', '.', 'p', 'r', 'o', '\0', + /* "aztrix.me", true */ 'a', 'z', 't', 'r', 'i', 'x', '.', 'm', 'e', '\0', + /* "azu-l.com", true */ 'a', 'z', 'u', '-', 'l', '.', 'c', 'o', 'm', '\0', + /* "azu-l.jp", true */ 'a', 'z', 'u', '-', 'l', '.', 'j', 'p', '\0', + /* "azun.pl", true */ 'a', 'z', 'u', 'n', '.', 'p', 'l', '\0', + /* "azuxul.fr", true */ 'a', 'z', 'u', 'x', 'u', 'l', '.', 'f', 'r', '\0', + /* "azzag.co.uk", true */ 'a', 'z', 'z', 'a', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "azzorti.com", true */ 'a', 'z', 'z', 'o', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "b-b-law.com", true */ 'b', '-', 'b', '-', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "b-boom.nl", true */ 'b', '-', 'b', 'o', 'o', 'm', '.', 'n', 'l', '\0', + /* "b-cyclesshop.ch", true */ 'b', '-', 'c', 'y', 'c', 'l', 'e', 's', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0', + /* "b-entropy.com", true */ 'b', '-', 'e', 'n', 't', 'r', 'o', 'p', 'y', '.', 'c', 'o', 'm', '\0', + /* "b-pi.duckdns.org", true */ 'b', '-', 'p', 'i', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "b-root-force.de", true */ 'b', '-', 'r', 'o', 'o', 't', '-', 'f', 'o', 'r', 'c', 'e', '.', 'd', 'e', '\0', + /* "b-services.net", true */ 'b', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "b-ticket.ch", true */ 'b', '-', 't', 'i', 'c', 'k', 'e', 't', '.', 'c', 'h', '\0', + /* "b1.work", true */ 'b', '1', '.', 'w', 'o', 'r', 'k', '\0', + /* "b1c1l1.com", true */ 'b', '1', 'c', '1', 'l', '1', '.', 'c', 'o', 'm', '\0', + /* "b2and.com", false */ 'b', '2', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "b2bmuzikbank.com", true */ 'b', '2', 'b', 'm', 'u', 'z', 'i', 'k', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "b422edu.com", true */ 'b', '4', '2', '2', 'e', 'd', 'u', '.', 'c', 'o', 'm', '\0', + /* "b4bouncycastles.co.uk", true */ 'b', '4', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "b4z.eu", true */ 'b', '4', 'z', '.', 'e', 'u', '\0', + /* "b64.club", true */ 'b', '6', '4', '.', 'c', 'l', 'u', 'b', '\0', + /* "b72.net", true */ 'b', '7', '2', '.', 'n', 'e', 't', '\0', + /* "b9110.com", true */ 'b', '9', '1', '1', '0', '.', 'c', 'o', 'm', '\0', + /* "baalsworld.de", true */ 'b', 'a', 'a', 'l', 's', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0', + /* "baas-becking.biology.utah.edu", true */ 'b', 'a', 'a', 's', '-', 'b', 'e', 'c', 'k', 'i', 'n', 'g', '.', 'b', 'i', 'o', 'l', 'o', 'g', 'y', '.', 'u', 't', 'a', 'h', '.', 'e', 'd', 'u', '\0', + /* "babacasino.net", true */ 'b', 'a', 'b', 'a', 'c', 'a', 's', 'i', 'n', 'o', '.', 'n', 'e', 't', '\0', + /* "babai.ru", true */ 'b', 'a', 'b', 'a', 'i', '.', 'r', 'u', '\0', + /* "babarkata.com", true */ 'b', 'a', 'b', 'a', 'r', 'k', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "babeleo.com", true */ 'b', 'a', 'b', 'e', 'l', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "babettelandmesser.de", true */ 'b', 'a', 'b', 'e', 't', 't', 'e', 'l', 'a', 'n', 'd', 'm', 'e', 's', 's', 'e', 'r', '.', 'd', 'e', '\0', + /* "baby-digne.com", true */ 'b', 'a', 'b', 'y', '-', 'd', 'i', 'g', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "babyboom.pl", true */ 'b', 'a', 'b', 'y', 'b', 'o', 'o', 'm', '.', 'p', 'l', '\0', + /* "babycamapp.com", true */ 'b', 'a', 'b', 'y', 'c', 'a', 'm', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "babyfotograf-schweiz.ch", true */ 'b', 'a', 'b', 'y', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 's', 'c', 'h', 'w', 'e', 'i', 'z', '.', 'c', 'h', '\0', + /* "babyliss-pro.com", true */ 'b', 'a', 'b', 'y', 'l', 'i', 's', 's', '-', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "babyliss-pro.net", true */ 'b', 'a', 'b', 'y', 'l', 'i', 's', 's', '-', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "babyphototime.com", true */ 'b', 'a', 'b', 'y', 'p', 'h', 'o', 't', 'o', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "babypibu.com", true */ 'b', 'a', 'b', 'y', 'p', 'i', 'b', 'u', '.', 'c', 'o', 'm', '\0', + /* "babystep.tv", true */ 'b', 'a', 'b', 'y', 's', 't', 'e', 'p', '.', 't', 'v', '\0', + /* "bacgrouppublishing.com", true */ 'b', 'a', 'c', 'g', 'r', 'o', 'u', 'p', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "bacimg.com", true */ 'b', 'a', 'c', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0', + /* "baciu.ch", true */ 'b', 'a', 'c', 'i', 'u', '.', 'c', 'h', '\0', + /* "backeby.eu", true */ 'b', 'a', 'c', 'k', 'e', 'b', 'y', '.', 'e', 'u', '\0', + /* "backenmachtgluecklich.de", true */ 'b', 'a', 'c', 'k', 'e', 'n', 'm', 'a', 'c', 'h', 't', 'g', 'l', 'u', 'e', 'c', 'k', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "backgroundz.net", true */ 'b', 'a', 'c', 'k', 'g', 'r', 'o', 'u', 'n', 'd', 'z', '.', 'n', 'e', 't', '\0', + /* "backlogapp.io", true */ 'b', 'a', 'c', 'k', 'l', 'o', 'g', 'a', 'p', 'p', '.', 'i', 'o', '\0', + /* "backmountaingas.com", true */ 'b', 'a', 'c', 'k', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'g', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "backpacken.org", true */ 'b', 'a', 'c', 'k', 'p', 'a', 'c', 'k', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "backpacker.dating", true */ 'b', 'a', 'c', 'k', 'p', 'a', 'c', 'k', 'e', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "backscattering.de", true */ 'b', 'a', 'c', 'k', 's', 'c', 'a', 't', 't', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "backschues.com", true */ 'b', 'a', 'c', 'k', 's', 'c', 'h', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "backschues.de", true */ 'b', 'a', 'c', 'k', 's', 'c', 'h', 'u', 'e', 's', '.', 'd', 'e', '\0', + /* "backschues.net", true */ 'b', 'a', 'c', 'k', 's', 'c', 'h', 'u', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "backsideverbier.ch", true */ 'b', 'a', 'c', 'k', 's', 'i', 'd', 'e', 'v', 'e', 'r', 'b', 'i', 'e', 'r', '.', 'c', 'h', '\0', + /* "backterris.com", true */ 'b', 'a', 'c', 'k', 't', 'e', 'r', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "bacon-monitoring.org", true */ 'b', 'a', 'c', 'o', 'n', '-', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "baconate.com", true */ 'b', 'a', 'c', 'o', 'n', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "baconismagic.ca", true */ 'b', 'a', 'c', 'o', 'n', 'i', 's', 'm', 'a', 'g', 'i', 'c', '.', 'c', 'a', '\0', + /* "bacontreeconsulting.com", true */ 'b', 'a', 'c', 'o', 'n', 't', 'r', 'e', 'e', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "bacula.jp", true */ 'b', 'a', 'c', 'u', 'l', 'a', '.', 'j', 'p', '\0', + /* "bad.horse", true */ 'b', 'a', 'd', '.', 'h', 'o', 'r', 's', 'e', '\0', + /* "badai.at", true */ 'b', 'a', 'd', 'a', 'i', '.', 'a', 't', '\0', + /* "badam.co", true */ 'b', 'a', 'd', 'a', 'm', '.', 'c', 'o', '\0', + /* "badbee.cc", true */ 'b', 'a', 'd', 'b', 'e', 'e', '.', 'c', 'c', '\0', + /* "badf00d.de", true */ 'b', 'a', 'd', 'f', '0', '0', 'd', '.', 'd', 'e', '\0', + /* "badges.fedoraproject.org", true */ 'b', 'a', 'd', 'g', 'e', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "badges.stg.fedoraproject.org", true */ 'b', 'a', 'd', 'g', 'e', 's', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "badhusky.com", true */ 'b', 'a', 'd', 'h', 'u', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "badoo.com", true */ 'b', 'a', 'd', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "badpackets.net", true */ 'b', 'a', 'd', 'p', 'a', 'c', 'k', 'e', 't', 's', '.', 'n', 'e', 't', '\0', + /* "badrequest.me", true */ 'b', 'a', 'd', 'r', 'e', 'q', 'u', 'e', 's', 't', '.', 'm', 'e', '\0', + /* "badseacoffee.com", true */ 'b', 'a', 'd', 's', 'e', 'a', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "baer.im", false */ 'b', 'a', 'e', 'r', '.', 'i', 'm', '\0', + /* "baer.one", false */ 'b', 'a', 'e', 'r', '.', 'o', 'n', 'e', '\0', + /* "baffinlee.com", true */ 'b', 'a', 'f', 'f', 'i', 'n', 'l', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "bag.bg", true */ 'b', 'a', 'g', '.', 'b', 'g', '\0', + /* "bagelsbakery.com", false */ 'b', 'a', 'g', 'e', 'l', 's', 'b', 'a', 'k', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "bageluncle.com", true */ 'b', 'a', 'g', 'e', 'l', 'u', 'n', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "baggy.me.uk", true */ 'b', 'a', 'g', 'g', 'y', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "bagheera.me.uk", true */ 'b', 'a', 'g', 'h', 'e', 'e', 'r', 'a', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "baglu.com", true */ 'b', 'a', 'g', 'l', 'u', '.', 'c', 'o', 'm', '\0', + /* "bagsofbounce.co.uk", true */ 'b', 'a', 'g', 's', 'o', 'f', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bagspecialist.nl", true */ 'b', 'a', 'g', 's', 'p', 'e', 'c', 'i', 'a', 'l', 'i', 's', 't', '.', 'n', 'l', '\0', + /* "bagstage.de", true */ 'b', 'a', 'g', 's', 't', 'a', 'g', 'e', '.', 'd', 'e', '\0', + /* "bah.im", false */ 'b', 'a', 'h', '.', 'i', 'm', '\0', + /* "bahnbonus-praemienwelt.de", true */ 'b', 'a', 'h', 'n', 'b', 'o', 'n', 'u', 's', '-', 'p', 'r', 'a', 'e', 'm', 'i', 'e', 'n', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0', + /* "baifubao.com", true */ 'b', 'a', 'i', 'f', 'u', 'b', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "baiker.info", true */ 'b', 'a', 'i', 'k', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "bailakomigo.com.br", true */ 'b', 'a', 'i', 'l', 'a', 'k', 'o', 'm', 'i', 'g', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "baildonbouncycastles.co.uk", true */ 'b', 'a', 'i', 'l', 'd', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "baildonhottubs.co.uk", true */ 'b', 'a', 'i', 'l', 'd', 'o', 'n', 'h', 'o', 't', 't', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "baileebee.com", true */ 'b', 'a', 'i', 'l', 'e', 'e', 'b', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "bairdzhang.com", true */ 'b', 'a', 'i', 'r', 'd', 'z', 'h', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "baitulongbaycruises.com", true */ 'b', 'a', 'i', 't', 'u', 'l', 'o', 'n', 'g', 'b', 'a', 'y', 'c', 'r', 'u', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "bajic.ch", true */ 'b', 'a', 'j', 'i', 'c', '.', 'c', 'h', '\0', + /* "baka.org.cn", true */ 'b', 'a', 'k', 'a', '.', 'o', 'r', 'g', '.', 'c', 'n', '\0', + /* "bakabt.info", true */ 'b', 'a', 'k', 'a', 'b', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "bakaproxy.moe", true */ 'b', 'a', 'k', 'a', 'p', 'r', 'o', 'x', 'y', '.', 'm', 'o', 'e', '\0', + /* "bakersafari.co", true */ 'b', 'a', 'k', 'e', 'r', 's', 'a', 'f', 'a', 'r', 'i', '.', 'c', 'o', '\0', + /* "bakibal.com", true */ 'b', 'a', 'k', 'i', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "bakim.li", true */ 'b', 'a', 'k', 'i', 'm', '.', 'l', 'i', '\0', + /* "bakkerinjebuurt.be", true */ 'b', 'a', 'k', 'k', 'e', 'r', 'i', 'n', 'j', 'e', 'b', 'u', 'u', 'r', 't', '.', 'b', 'e', '\0', + /* "bakongcondo.com", true */ 'b', 'a', 'k', 'o', 'n', 'g', 'c', 'o', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "balade-commune.ch", true */ 'b', 'a', 'l', 'a', 'd', 'e', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'e', '.', 'c', 'h', '\0', + /* "baladecommune.ch", true */ 'b', 'a', 'l', 'a', 'd', 'e', 'c', 'o', 'm', 'm', 'u', 'n', 'e', '.', 'c', 'h', '\0', + /* "balancascia.com.br", true */ 'b', 'a', 'l', 'a', 'n', 'c', 'a', 's', 'c', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "balancenaturalhealthclinic.ca", true */ 'b', 'a', 'l', 'a', 'n', 'c', 'e', 'n', 'a', 't', 'u', 'r', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'a', '\0', + /* "balboa.io", true */ 'b', 'a', 'l', 'b', 'o', 'a', '.', 'i', 'o', '\0', + /* "balcaonet.com.br", true */ 'b', 'a', 'l', 'c', 'a', 'o', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "balconnr.com", true */ 'b', 'a', 'l', 'c', 'o', 'n', 'n', 'r', '.', 'c', 'o', 'm', '\0', + /* "balconsverdun.com", true */ 'b', 'a', 'l', 'c', 'o', 'n', 's', 'v', 'e', 'r', 'd', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "baldur.cc", true */ 'b', 'a', 'l', 'd', 'u', 'r', '.', 'c', 'c', '\0', + /* "balicekzdravi.cz", true */ 'b', 'a', 'l', 'i', 'c', 'e', 'k', 'z', 'd', 'r', 'a', 'v', 'i', '.', 'c', 'z', '\0', + /* "balidesignshop.com.br", true */ 'b', 'a', 'l', 'i', 'd', 'e', 's', 'i', 'g', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "balikonos.cz", true */ 'b', 'a', 'l', 'i', 'k', 'o', 'n', 'o', 's', '.', 'c', 'z', '\0', + /* "balinese.dating", true */ 'b', 'a', 'l', 'i', 'n', 'e', 's', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "balist.es", true */ 'b', 'a', 'l', 'i', 's', 't', '.', 'e', 's', '\0', + /* "baliyano.com", true */ 'b', 'a', 'l', 'i', 'y', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "balkonien.org", true */ 'b', 'a', 'l', 'k', 'o', 'n', 'i', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "ball.holdings", true */ 'b', 'a', 'l', 'l', '.', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 's', '\0', + /* "ballarin.cc", true */ 'b', 'a', 'l', 'l', 'a', 'r', 'i', 'n', '.', 'c', 'c', '\0', + /* "ballbusting-cbt.com", true */ 'b', 'a', 'l', 'l', 'b', 'u', 's', 't', 'i', 'n', 'g', '-', 'c', 'b', 't', '.', 'c', 'o', 'm', '\0', + /* "ballejaune.com", true */ 'b', 'a', 'l', 'l', 'e', 'j', 'a', 'u', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "ballmerpeak.org", true */ 'b', 'a', 'l', 'l', 'm', 'e', 'r', 'p', 'e', 'a', 'k', '.', 'o', 'r', 'g', '\0', + /* "ballonsportclub-erlangen.de", true */ 'b', 'a', 'l', 'l', 'o', 'n', 's', 'p', 'o', 'r', 't', 'c', 'l', 'u', 'b', '-', 'e', 'r', 'l', 'a', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "ballotapi.com", true */ 'b', 'a', 'l', 'l', 'o', 't', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "ballothero.com", true */ 'b', 'a', 'l', 'l', 'o', 't', 'h', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "ballroom.info", true */ 'b', 'a', 'l', 'l', 'r', 'o', 'o', 'm', '.', 'i', 'n', 'f', 'o', '\0', + /* "bals.org", true */ 'b', 'a', 'l', 's', '.', 'o', 'r', 'g', '\0', + /* "balslev.io", true */ 'b', 'a', 'l', 's', 'l', 'e', 'v', '.', 'i', 'o', '\0', + /* "bambambaby.com.br", true */ 'b', 'a', 'm', 'b', 'a', 'm', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bananensap.nl", true */ 'b', 'a', 'n', 'a', 'n', 'e', 'n', 's', 'a', 'p', '.', 'n', 'l', '\0', + /* "banburybid.com", true */ 'b', 'a', 'n', 'b', 'u', 'r', 'y', 'b', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "bancacrs.it", true */ 'b', 'a', 'n', 'c', 'a', 'c', 'r', 's', '.', 'i', 't', '\0', + /* "bancoctt.pt", true */ 'b', 'a', 'n', 'c', 'o', 'c', 't', 't', '.', 'p', 't', '\0', + /* "bandar303.win", true */ 'b', 'a', 'n', 'd', 'a', 'r', '3', '0', '3', '.', 'w', 'i', 'n', '\0', + /* "bandeira1.com.br", true */ 'b', 'a', 'n', 'd', 'e', 'i', 'r', 'a', '1', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bandgap.io", true */ 'b', 'a', 'n', 'd', 'g', 'a', 'p', '.', 'i', 'o', '\0', + /* "bandiga.it", true */ 'b', 'a', 'n', 'd', 'i', 'g', 'a', '.', 'i', 't', '\0', + /* "bandito.re", true */ 'b', 'a', 'n', 'd', 'i', 't', 'o', '.', 'r', 'e', '\0', + /* "bangdream.ga", true */ 'b', 'a', 'n', 'g', 'd', 'r', 'e', 'a', 'm', '.', 'g', 'a', '\0', + /* "bangkok-dark-night.com", true */ 'b', 'a', 'n', 'g', 'k', 'o', 'k', '-', 'd', 'a', 'r', 'k', '-', 'n', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "bangkok.dating", true */ 'b', 'a', 'n', 'g', 'k', 'o', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "bangkokcity.de", true */ 'b', 'a', 'n', 'g', 'k', 'o', 'k', 'c', 'i', 't', 'y', '.', 'd', 'e', '\0', + /* "bank.simple.com", false */ 'b', 'a', 'n', 'k', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "bankbranchlocator.com", true */ 'b', 'a', 'n', 'k', 'b', 'r', 'a', 'n', 'c', 'h', 'l', 'o', 'c', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "bankcardoffer.com", true */ 'b', 'a', 'n', 'k', 'c', 'a', 'r', 'd', 'o', 'f', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "bankcircle.co.in", true */ 'b', 'a', 'n', 'k', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', '.', 'i', 'n', '\0', + /* "bankersonline.com", true */ 'b', 'a', 'n', 'k', 'e', 'r', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "bankfreeoffers.com", true */ 'b', 'a', 'n', 'k', 'f', 'r', 'e', 'e', 'o', 'f', 'f', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "bankin.com", true */ 'b', 'a', 'n', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "bankinter.pt", true */ 'b', 'a', 'n', 'k', 'i', 'n', 't', 'e', 'r', '.', 'p', 't', '\0', + /* "bankofdenton.com", true */ 'b', 'a', 'n', 'k', 'o', 'f', 'd', 'e', 'n', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "bankofrealty.review", true */ 'b', 'a', 'n', 'k', 'o', 'f', 'r', 'e', 'a', 'l', 't', 'y', '.', 'r', 'e', 'v', 'i', 'e', 'w', '\0', + /* "banksiaparkcottages.com.au", true */ 'b', 'a', 'n', 'k', 's', 'i', 'a', 'p', 'a', 'r', 'k', 'c', 'o', 't', 't', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "bankstownapartments.com.au", true */ 'b', 'a', 'n', 'k', 's', 't', 'o', 'w', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "banned-bitches.tk", true */ 'b', 'a', 'n', 'n', 'e', 'd', '-', 'b', 'i', 't', 'c', 'h', 'e', 's', '.', 't', 'k', '\0', + /* "bannermarquees.ie", true */ 'b', 'a', 'n', 'n', 'e', 'r', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'i', 'e', '\0', + /* "banoviny.sk", true */ 'b', 'a', 'n', 'o', 'v', 'i', 'n', 'y', '.', 's', 'k', '\0', + /* "banri.me", true */ 'b', 'a', 'n', 'r', 'i', '.', 'm', 'e', '\0', + /* "banxehoi.com", true */ 'b', 'a', 'n', 'x', 'e', 'h', 'o', 'i', '.', 'c', 'o', 'm', '\0', + /* "baofengtech.com", true */ 'b', 'a', 'o', 'f', 'e', 'n', 'g', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "baosuckhoedoisong.net", true */ 'b', 'a', 'o', 's', 'u', 'c', 'k', 'h', 'o', 'e', 'd', 'o', 'i', 's', 'o', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "baptistboard.com", true */ 'b', 'a', 'p', 't', 'i', 's', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "baptiste-destombes.fr", true */ 'b', 'a', 'p', 't', 'i', 's', 't', 'e', '-', 'd', 'e', 's', 't', 'o', 'm', 'b', 'e', 's', '.', 'f', 'r', '\0', + /* "baptiste-peugnez.fr", true */ 'b', 'a', 'p', 't', 'i', 's', 't', 'e', '-', 'p', 'e', 'u', 'g', 'n', 'e', 'z', '.', 'f', 'r', '\0', + /* "bar-harcourt.com", true */ 'b', 'a', 'r', '-', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "barans2239.com", true */ 'b', 'a', 'r', 'a', 'n', 's', '2', '2', '3', '9', '.', 'c', 'o', 'm', '\0', + /* "barbarafeldman.com", true */ 'b', 'a', 'r', 'b', 'a', 'r', 'a', 'f', 'e', 'l', 'd', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "barbarians.com", true */ 'b', 'a', 'r', 'b', 'a', 'r', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "barbaros.info", true */ 'b', 'a', 'r', 'b', 'a', 'r', 'o', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "barbate.fr", true */ 'b', 'a', 'r', 'b', 'a', 't', 'e', '.', 'f', 'r', '\0', + /* "barbershop-harmony.org", true */ 'b', 'a', 'r', 'b', 'e', 'r', 's', 'h', 'o', 'p', '-', 'h', 'a', 'r', 'm', 'o', 'n', 'y', '.', 'o', 'r', 'g', '\0', + /* "barbosha.ru", true */ 'b', 'a', 'r', 'b', 'o', 's', 'h', 'a', '.', 'r', 'u', '\0', + /* "barbu.family", true */ 'b', 'a', 'r', 'b', 'u', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0', + /* "barburas.com", true */ 'b', 'a', 'r', 'b', 'u', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "barclays.net", true */ 'b', 'a', 'r', 'c', 'l', 'a', 'y', 's', '.', 'n', 'e', 't', '\0', + /* "barcodeberlin.com", true */ 'b', 'a', 'r', 'c', 'o', 'd', 'e', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "barcoderealty.com", true */ 'b', 'a', 'r', 'c', 'o', 'd', 'e', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "bardiharborow.com", true */ 'b', 'a', 'r', 'd', 'i', 'h', 'a', 'r', 'b', 'o', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "bardiharborow.tk", true */ 'b', 'a', 'r', 'd', 'i', 'h', 'a', 'r', 'b', 'o', 'r', 'o', 'w', '.', 't', 'k', '\0', + /* "bargainmovingcompany.com", true */ 'b', 'a', 'r', 'g', 'a', 'i', 'n', 'm', 'o', 'v', 'i', 'n', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "bariller.fr", true */ 'b', 'a', 'r', 'i', 'l', 'l', 'e', 'r', '.', 'f', 'r', '\0', + /* "baripedia.org", true */ 'b', 'a', 'r', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "baris-sagdic.com", true */ 'b', 'a', 'r', 'i', 's', '-', 's', 'a', 'g', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "bariseau-mottrie.be", true */ 'b', 'a', 'r', 'i', 's', 'e', 'a', 'u', '-', 'm', 'o', 't', 't', 'r', 'i', 'e', '.', 'b', 'e', '\0', + /* "barisi.me", true */ 'b', 'a', 'r', 'i', 's', 'i', '.', 'm', 'e', '\0', + /* "bariskaragoz.nl", true */ 'b', 'a', 'r', 'i', 's', 'k', 'a', 'r', 'a', 'g', 'o', 'z', '.', 'n', 'l', '\0', + /* "barkerjr.xyz", true */ 'b', 'a', 'r', 'k', 'e', 'r', 'j', 'r', '.', 'x', 'y', 'z', '\0', + /* "barlotta.net", true */ 'b', 'a', 'r', 'l', 'o', 't', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "barnabycolby.io", true */ 'b', 'a', 'r', 'n', 'a', 'b', 'y', 'c', 'o', 'l', 'b', 'y', '.', 'i', 'o', '\0', + /* "barnrats.com", true */ 'b', 'a', 'r', 'n', 'r', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "baropkamp.be", true */ 'b', 'a', 'r', 'o', 'p', 'k', 'a', 'm', 'p', '.', 'b', 'e', '\0', + /* "barprive.com", true */ 'b', 'a', 'r', 'p', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "barqo.co", true */ 'b', 'a', 'r', 'q', 'o', '.', 'c', 'o', '\0', + /* "barracuda.com.tr", true */ 'b', 'a', 'r', 'r', 'a', 'c', 'u', 'd', 'a', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "barrera.io", true */ 'b', 'a', 'r', 'r', 'e', 'r', 'a', '.', 'i', 'o', '\0', + /* "barrett.ag", true */ 'b', 'a', 'r', 'r', 'e', 't', 't', '.', 'a', 'g', '\0', + /* "barriofut.com", true */ 'b', 'a', 'r', 'r', 'i', 'o', 'f', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "bars.kh.ua", true */ 'b', 'a', 'r', 's', '.', 'k', 'h', '.', 'u', 'a', '\0', + /* "barsashop.com.br", true */ 'b', 'a', 'r', 's', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "barsil.de", true */ 'b', 'a', 'r', 's', 'i', 'l', '.', 'd', 'e', '\0', + /* "barslecht.com", true */ 'b', 'a', 'r', 's', 'l', 'e', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "barslecht.nl", true */ 'b', 'a', 'r', 's', 'l', 'e', 'c', 'h', 't', '.', 'n', 'l', '\0', + /* "barss.io", true */ 'b', 'a', 'r', 's', 's', '.', 'i', 'o', '\0', + /* "barta.me", true */ 'b', 'a', 'r', 't', 'a', '.', 'm', 'e', '\0', + /* "bartel.ws", true */ 'b', 'a', 'r', 't', 'e', 'l', '.', 'w', 's', '\0', + /* "bartelt.name", true */ 'b', 'a', 'r', 't', 'e', 'l', 't', '.', 'n', 'a', 'm', 'e', '\0', + /* "bartula.de", true */ 'b', 'a', 'r', 't', 'u', 'l', 'a', '.', 'd', 'e', '\0', + /* "bartzutow.xyz", true */ 'b', 'a', 'r', 't', 'z', 'u', 't', 'o', 'w', '.', 'x', 'y', 'z', '\0', + /* "baruch.me", true */ 'b', 'a', 'r', 'u', 'c', 'h', '.', 'm', 'e', '\0', + /* "bas.co.jp", true */ 'b', 'a', 's', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "bascht.com", true */ 'b', 'a', 's', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "basculasconfiables.com", true */ 'b', 'a', 's', 'c', 'u', 'l', 'a', 's', 'c', 'o', 'n', 'f', 'i', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "base-autonome-durable.com", true */ 'b', 'a', 's', 'e', '-', 'a', 'u', 't', 'o', 'n', 'o', 'm', 'e', '-', 'd', 'u', 'r', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "baseballrampage.com", true */ 'b', 'a', 's', 'e', 'b', 'a', 'l', 'l', 'r', 'a', 'm', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "baseballsavings.com", true */ 'b', 'a', 's', 'e', 'b', 'a', 'l', 'l', 's', 'a', 'v', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "baseballwarehouse.com", true */ 'b', 'a', 's', 'e', 'b', 'a', 'l', 'l', 'w', 'a', 'r', 'e', 'h', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "basedonline.nl", true */ 'b', 'a', 's', 'e', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0', + /* "baselang.com", true */ 'b', 'a', 's', 'e', 'l', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "basementdoctor.com", true */ 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'd', 'o', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "basementdoctornorthwest.com", true */ 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'd', 'o', 'c', 't', 'o', 'r', 'n', 'o', 'r', 't', 'h', 'w', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "bashc.at", true */ 'b', 'a', 's', 'h', 'c', '.', 'a', 't', '\0', + /* "bashstreetband.co.uk", true */ 'b', 'a', 's', 'h', 's', 't', 'r', 'e', 'e', 't', 'b', 'a', 'n', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "basilicaknights.org", true */ 'b', 'a', 's', 'i', 'l', 'i', 'c', 'a', 'k', 'n', 'i', 'g', 'h', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "basilm.co", true */ 'b', 'a', 's', 'i', 'l', 'm', '.', 'c', 'o', '\0', + /* "basketball-brannenburg.de", true */ 'b', 'a', 's', 'k', 'e', 't', 'b', 'a', 'l', 'l', '-', 'b', 'r', 'a', 'n', 'n', 'e', 'n', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "basketsbymaurice.com", true */ 'b', 'a', 's', 'k', 'e', 't', 's', 'b', 'y', 'm', 'a', 'u', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "baskettemple.com", true */ 'b', 'a', 's', 'k', 'e', 't', 't', 'e', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "basnieuwenhuizen.nl", true */ 'b', 'a', 's', 'n', 'i', 'e', 'u', 'w', 'e', 'n', 'h', 'u', 'i', 'z', 'e', 'n', '.', 'n', 'l', '\0', + /* "basnoslovno.com.ua", true */ 'b', 'a', 's', 'n', 'o', 's', 'l', 'o', 'v', 'n', 'o', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "basnoslovno.ru", true */ 'b', 'a', 's', 'n', 'o', 's', 'l', 'o', 'v', 'n', 'o', '.', 'r', 'u', '\0', + /* "bass-pro.ru", true */ 'b', 'a', 's', 's', '-', 'p', 'r', 'o', '.', 'r', 'u', '\0', + /* "bassblog.net", true */ 'b', 'a', 's', 's', 'b', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0', + /* "bassment.ph", true */ 'b', 'a', 's', 's', 'm', 'e', 'n', 't', '.', 'p', 'h', '\0', + /* "bastelzauberwelt.de", true */ 'b', 'a', 's', 't', 'e', 'l', 'z', 'a', 'u', 'b', 'e', 'r', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0', + /* "bastianstalder.ch", true */ 'b', 'a', 's', 't', 'i', 'a', 'n', 's', 't', 'a', 'l', 'd', 'e', 'r', '.', 'c', 'h', '\0', + /* "bastiv.com", true */ 'b', 'a', 's', 't', 'i', 'v', '.', 'c', 'o', 'm', '\0', + /* "bastivmobile.com", true */ 'b', 'a', 's', 't', 'i', 'v', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "bastolino.de", true */ 'b', 'a', 's', 't', 'o', 'l', 'i', 'n', 'o', '.', 'd', 'e', '\0', + /* "basyspro.net", true */ 'b', 'a', 's', 'y', 's', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "bat909.com", true */ 'b', 'a', 't', '9', '0', '9', '.', 'c', 'o', 'm', '\0', + /* "batcave.tech", true */ 'b', 'a', 't', 'c', 'a', 'v', 'e', '.', 't', 'e', 'c', 'h', '\0', + /* "bati-alu.fr", true */ 'b', 'a', 't', 'i', '-', 'a', 'l', 'u', '.', 'f', 'r', '\0', + /* "batiburrillo.net", true */ 'b', 'a', 't', 'i', 'b', 'u', 'r', 'r', 'i', 'l', 'l', 'o', '.', 'n', 'e', 't', '\0', + /* "batipresta.ch", true */ 'b', 'a', 't', 'i', 'p', 'r', 'e', 's', 't', 'a', '.', 'c', 'h', '\0', + /* "batistareisfloresonline.com.br", true */ 'b', 'a', 't', 'i', 's', 't', 'a', 'r', 'e', 'i', 's', 'f', 'l', 'o', 'r', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "batlab.ch", true */ 'b', 'a', 't', 'l', 'a', 'b', '.', 'c', 'h', '\0', + /* "batolis.com", true */ 'b', 'a', 't', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "batonger.com", true */ 'b', 'a', 't', 'o', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "batook.org", true */ 'b', 'a', 't', 'o', 'o', 'k', '.', 'o', 'r', 'g', '\0', + /* "batschu.de", true */ 'b', 'a', 't', 's', 'c', 'h', 'u', '.', 'd', 'e', '\0', + /* "batten.eu.org", true */ 'b', 'a', 't', 't', 'e', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "batteryservice.ru", false */ 'b', 'a', 't', 't', 'e', 'r', 'y', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'r', 'u', '\0', + /* "batterystaple.pw", true */ 'b', 'a', 't', 't', 'e', 'r', 'y', 's', 't', 'a', 'p', 'l', 'e', '.', 'p', 'w', '\0', + /* "battle-game.com", true */ 'b', 'a', 't', 't', 'l', 'e', '-', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "battleboxx.com", true */ 'b', 'a', 't', 't', 'l', 'e', 'b', 'o', 'x', 'x', '.', 'c', 'o', 'm', '\0', + /* "battleofthegridiron.com", true */ 'b', 'a', 't', 't', 'l', 'e', 'o', 'f', 't', 'h', 'e', 'g', 'r', 'i', 'd', 'i', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "baugeldspezi.de", true */ 'b', 'a', 'u', 'g', 'e', 'l', 'd', 's', 'p', 'e', 'z', 'i', '.', 'd', 'e', '\0', + /* "baugemeinschaftbernstein.de", true */ 'b', 'a', 'u', 'g', 'e', 'm', 'e', 'i', 'n', 's', 'c', 'h', 'a', 'f', 't', 'b', 'e', 'r', 'n', 's', 't', 'e', 'i', 'n', '.', 'd', 'e', '\0', + /* "baumannfabrice.com", true */ 'b', 'a', 'u', 'm', 'a', 'n', 'n', 'f', 'a', 'b', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "bausep.de", true */ 'b', 'a', 'u', 's', 'e', 'p', '.', 'd', 'e', '\0', + /* "baustils.com", true */ 'b', 'a', 'u', 's', 't', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "bauthier-occasions.be", true */ 'b', 'a', 'u', 't', 'h', 'i', 'e', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0', + /* "bautied.de", true */ 'b', 'a', 'u', 't', 'i', 'e', 'd', '.', 'd', 'e', '\0', + /* "bauunternehmen-herr.de", true */ 'b', 'a', 'u', 'u', 'n', 't', 'e', 'r', 'n', 'e', 'h', 'm', 'e', 'n', '-', 'h', 'e', 'r', 'r', '.', 'd', 'e', '\0', + /* "bayareaenergyevents.com", true */ 'b', 'a', 'y', 'a', 'r', 'e', 'a', 'e', 'n', 'e', 'r', 'g', 'y', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "baychimo.com", true */ 'b', 'a', 'y', 'c', 'h', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "bayden.com", true */ 'b', 'a', 'y', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "bayer-stefan.com", true */ 'b', 'a', 'y', 'e', 'r', '-', 's', 't', 'e', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "bayer-stefan.de", true */ 'b', 'a', 'y', 'e', 'r', '-', 's', 't', 'e', 'f', 'a', 'n', '.', 'd', 'e', '\0', + /* "bayer-stefan.eu", true */ 'b', 'a', 'y', 'e', 'r', '-', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0', + /* "bayerhazard.de", true */ 'b', 'a', 'y', 'e', 'r', 'h', 'a', 'z', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "bayerstefan.com", true */ 'b', 'a', 'y', 'e', 'r', 's', 't', 'e', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "bayerstefan.de", true */ 'b', 'a', 'y', 'e', 'r', 's', 't', 'e', 'f', 'a', 'n', '.', 'd', 'e', '\0', + /* "bayerstefan.eu", true */ 'b', 'a', 'y', 'e', 'r', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0', + /* "bayherbalist.com", true */ 'b', 'a', 'y', 'h', 'e', 'r', 'b', 'a', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "bayinstruments.com", true */ 'b', 'a', 'y', 'i', 'n', 's', 't', 'r', 'u', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "baymard.com", true */ 'b', 'a', 'y', 'm', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "bayrisch-fuer-anfaenger.de", true */ 'b', 'a', 'y', 'r', 'i', 's', 'c', 'h', '-', 'f', 'u', 'e', 'r', '-', 'a', 'n', 'f', 'a', 'e', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "baywatch.io", true */ 'b', 'a', 'y', 'w', 'a', 't', 'c', 'h', '.', 'i', 'o', '\0', + /* "bazaarcompass.com", true */ 'b', 'a', 'z', 'a', 'a', 'r', 'c', 'o', 'm', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "bazdell.com", false */ 'b', 'a', 'z', 'd', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "bazos.at", true */ 'b', 'a', 'z', 'o', 's', '.', 'a', 't', '\0', + /* "bazos.cz", true */ 'b', 'a', 'z', 'o', 's', '.', 'c', 'z', '\0', + /* "bazos.sk", true */ 'b', 'a', 'z', 'o', 's', '.', 's', 'k', '\0', + /* "bazziergraphik.com", true */ 'b', 'a', 'z', 'z', 'i', 'e', 'r', 'g', 'r', 'a', 'p', 'h', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "bb37roma.it", true */ 'b', 'b', '3', '7', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "bbcastles.com", true */ 'b', 'b', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "bbgeschenke.ch", true */ 'b', 'b', 'g', 'e', 's', 'c', 'h', 'e', 'n', 'k', 'e', '.', 'c', 'h', '\0', + /* "bbimarketing.com", true */ 'b', 'b', 'i', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "bbkworldwide.jp", true */ 'b', 'b', 'k', 'w', 'o', 'r', 'l', 'd', 'w', 'i', 'd', 'e', '.', 'j', 'p', '\0', + /* "bblove.me", true */ 'b', 'b', 'l', 'o', 'v', 'e', '.', 'm', 'e', '\0', + /* "bblsa.ch", true */ 'b', 'b', 'l', 's', 'a', '.', 'c', 'h', '\0', + /* "bbw-wrestling.com", true */ 'b', 'b', 'w', '-', 'w', 'r', 'e', 's', 't', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "bbw.dating", true */ 'b', 'b', 'w', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "bbwcs.co.uk", true */ 'b', 'b', 'w', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bbwf.de", true */ 'b', 'b', 'w', 'f', '.', 'd', 'e', '\0', + /* "bbwfacesitting.us", true */ 'b', 'b', 'w', 'f', 'a', 'c', 'e', 's', 'i', 't', 't', 'i', 'n', 'g', '.', 'u', 's', '\0', + /* "bc-bd.org", true */ 'b', 'c', '-', 'b', 'd', '.', 'o', 'r', 'g', '\0', + /* "bc-diffusion.com", true */ 'b', 'c', '-', 'd', 'i', 'f', 'f', 'u', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "bcbulle.ch", true */ 'b', 'c', 'b', 'u', 'l', 'l', 'e', '.', 'c', 'h', '\0', + /* "bcdonadio.com", true */ 'b', 'c', 'd', 'o', 'n', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "bceventhire.co.uk", true */ 'b', 'c', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bch7al.ma", true */ 'b', 'c', 'h', '7', 'a', 'l', '.', 'm', 'a', '\0', + /* "bck.me", true */ 'b', 'c', 'k', '.', 'm', 'e', '\0', + /* "bclogandtimberbuilders.com", true */ 'b', 'c', 'l', 'o', 'g', 'a', 'n', 'd', 't', 'i', 'm', 'b', 'e', 'r', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "bclrk.us", true */ 'b', 'c', 'l', 'r', 'k', '.', 'u', 's', '\0', + /* "bcmainland.ca", true */ 'b', 'c', 'm', 'a', 'i', 'n', 'l', 'a', 'n', 'd', '.', 'c', 'a', '\0', + /* "bcmguide.com", true */ 'b', 'c', 'm', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "bcmhire.co.uk", true */ 'b', 'c', 'm', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bcmlu.org", true */ 'b', 'c', 'm', 'l', 'u', '.', 'o', 'r', 'g', '\0', + /* "bcnet.com.hk", true */ 'b', 'c', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0', + /* "bcpc-ccgpfcheminots.com", true */ 'b', 'c', 'p', 'c', '-', 'c', 'c', 'g', 'p', 'f', 'c', 'h', 'e', 'm', 'i', 'n', 'o', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "bcrook.com", false */ 'b', 'c', 'r', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "bcswampcabins.com", true */ 'b', 'c', 's', 'w', 'a', 'm', 'p', 'c', 'a', 'b', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "bda-boulevarddesairs.com", true */ 'b', 'd', 'a', '-', 'b', 'o', 'u', 'l', 'e', 'v', 'a', 'r', 'd', 'd', 'e', 's', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "bdd.fi", true */ 'b', 'd', 'd', '.', 'f', 'i', '\0', + /* "bdenzer.com", true */ 'b', 'd', 'e', 'n', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "bdenzer.xyz", true */ 'b', 'd', 'e', 'n', 'z', 'e', 'r', '.', 'x', 'y', 'z', '\0', + /* "bdikaros-network.net", true */ 'b', 'd', 'i', 'k', 'a', 'r', 'o', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "be-ka-tec.de", true */ 'b', 'e', '-', 'k', 'a', '-', 't', 'e', 'c', '.', 'd', 'e', '\0', + /* "be-webdesign.com", true */ 'b', 'e', '-', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "be.search.yahoo.com", false */ 'b', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "be2cloud.de", true */ 'b', 'e', '2', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "beacinsight.com", true */ 'b', 'e', 'a', 'c', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "beadare.com", true */ 'b', 'e', 'a', 'd', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "beagreenbean.co.uk", true */ 'b', 'e', 'a', 'g', 'r', 'e', 'e', 'n', 'b', 'e', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "beanjuice.me", true */ 'b', 'e', 'a', 'n', 'j', 'u', 'i', 'c', 'e', '.', 'm', 'e', '\0', + /* "beans-one.com", false */ 'b', 'e', 'a', 'n', 's', '-', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "beanworks.ca", true */ 'b', 'e', 'a', 'n', 'w', 'o', 'r', 'k', 's', '.', 'c', 'a', '\0', + /* "bearcosports.com.br", true */ 'b', 'e', 'a', 'r', 'c', 'o', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bearded.sexy", true */ 'b', 'e', 'a', 'r', 'd', 'e', 'd', '.', 's', 'e', 'x', 'y', '\0', + /* "bearingworks.com", true */ 'b', 'e', 'a', 'r', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "beastowner.li", true */ 'b', 'e', 'a', 's', 't', 'o', 'w', 'n', 'e', 'r', '.', 'l', 'i', '\0', + /* "beatnikbreaks.com", true */ 'b', 'e', 'a', 't', 'n', 'i', 'k', 'b', 'r', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "beatrizaebischer.ch", true */ 'b', 'e', 'a', 't', 'r', 'i', 'z', 'a', 'e', 'b', 'i', 's', 'c', 'h', 'e', 'r', '.', 'c', 'h', '\0', + /* "beaute-eternelle.ch", true */ 'b', 'e', 'a', 'u', 't', 'e', '-', 'e', 't', 'e', 'r', 'n', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0', + /* "beauty-italy.ru", true */ 'b', 'e', 'a', 'u', 't', 'y', '-', 'i', 't', 'a', 'l', 'y', '.', 'r', 'u', '\0', + /* "beauty24.de", true */ 'b', 'e', 'a', 'u', 't', 'y', '2', '4', '.', 'd', 'e', '\0', + /* "beautybear.dk", true */ 'b', 'e', 'a', 'u', 't', 'y', 'b', 'e', 'a', 'r', '.', 'd', 'k', '\0', + /* "beautyevent.fr", true */ 'b', 'e', 'a', 'u', 't', 'y', 'e', 'v', 'e', 'n', 't', '.', 'f', 'r', '\0', + /* "beautykat.ru", true */ 'b', 'e', 'a', 'u', 't', 'y', 'k', 'a', 't', '.', 'r', 'u', '\0', + /* "bebef.de", true */ 'b', 'e', 'b', 'e', 'f', '.', 'd', 'e', '\0', + /* "bebefofuxo.com.br", true */ 'b', 'e', 'b', 'e', 'f', 'o', 'f', 'u', 'x', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bebes.uno", true */ 'b', 'e', 'b', 'e', 's', '.', 'u', 'n', 'o', '\0', + /* "bebetrotteur.com", true */ 'b', 'e', 'b', 'e', 't', 'r', 'o', 't', 't', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "beccajoshwedding.com", true */ 'b', 'e', 'c', 'c', 'a', 'j', 'o', 's', 'h', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "beckenhamcastles.co.uk", true */ 'b', 'e', 'c', 'k', 'e', 'n', 'h', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "beckerantiques.com", false */ 'b', 'e', 'c', 'k', 'e', 'r', 'a', 'n', 't', 'i', 'q', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "becoast.fr", true */ 'b', 'e', 'c', 'o', 'a', 's', 't', '.', 'f', 'r', '\0', + /* "becs.ch", true */ 'b', 'e', 'c', 's', '.', 'c', 'h', '\0', + /* "becubed.co", true */ 'b', 'e', 'c', 'u', 'b', 'e', 'd', '.', 'c', 'o', '\0', + /* "bedamedia.com", true */ 'b', 'e', 'd', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "bedandbreakfast.dk", true */ 'b', 'e', 'd', 'a', 'n', 'd', 'b', 'r', 'e', 'a', 'k', 'f', 'a', 's', 't', '.', 'd', 'k', '\0', + /* "bedandbreakfasteuropa.com", true */ 'b', 'e', 'd', 'a', 'n', 'd', 'b', 'r', 'e', 'a', 'k', 'f', 'a', 's', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "bedfordnissanparts.com", true */ 'b', 'e', 'd', 'f', 'o', 'r', 'd', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "bedlingtonterrier.com.br", true */ 'b', 'e', 'd', 'l', 'i', 'n', 'g', 't', 'o', 'n', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bedouille.com", true */ 'b', 'e', 'd', 'o', 'u', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "bedrocklinux.org", true */ 'b', 'e', 'd', 'r', 'o', 'c', 'k', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0', + /* "bee-line.org.uk", true */ 'b', 'e', 'e', '-', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "bee.clothing", true */ 'b', 'e', 'e', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0', + /* "bee.supply", true */ 'b', 'e', 'e', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0', + /* "bee.tools", true */ 'b', 'e', 'e', '.', 't', 'o', 'o', 'l', 's', '\0', + /* "beehive.govt.nz", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0', + /* "beehive42.com", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'c', 'o', 'm', '\0', + /* "beehive42.eu", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'e', 'u', '\0', + /* "beehive42.net", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'n', 'e', 't', '\0', + /* "beehive42.nl", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'n', 'l', '\0', + /* "beehive42.org", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'o', 'r', 'g', '\0', + /* "beehosting.pro", true */ 'b', 'e', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'p', 'r', 'o', '\0', + /* "beekbier.nl", true */ 'b', 'e', 'e', 'k', 'b', 'i', 'e', 'r', '.', 'n', 'l', '\0', + /* "beekeeper.blog", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'b', 'l', 'o', 'g', '\0', + /* "beekeeper.clothing", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0', + /* "beekeeper.supplies", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '\0', + /* "beekeeper.supply", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0', + /* "beekeeper.tools", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 't', 'o', 'o', 'l', 's', '\0', + /* "beekeeping.clothing", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'i', 'n', 'g', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0', + /* "beekeeping.tools", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'i', 'n', 'g', '.', 't', 'o', 'o', 'l', 's', '\0', + /* "beeksnetwork.nl", true */ 'b', 'e', 'e', 'k', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'l', '\0', + /* "beelen.fr", true */ 'b', 'e', 'e', 'l', 'e', 'n', '.', 'f', 'r', '\0', + /* "beercandle.com", true */ 'b', 'e', 'e', 'r', 'c', 'a', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "beergazetteer.com", true */ 'b', 'e', 'e', 'r', 'g', 'a', 'z', 'e', 't', 't', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "beerians.com", true */ 'b', 'e', 'e', 'r', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "beermedlar.com", true */ 'b', 'e', 'e', 'r', 'm', 'e', 'd', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "beerradar.no", true */ 'b', 'e', 'e', 'r', 'r', 'a', 'd', 'a', 'r', '.', 'n', 'o', '\0', + /* "beerradar.party", true */ 'b', 'e', 'e', 'r', 'r', 'a', 'd', 'a', 'r', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "beersandco.ch", true */ 'b', 'e', 'e', 'r', 's', 'a', 'n', 'd', 'c', 'o', '.', 'c', 'h', '\0', + /* "beersconf.com", true */ 'b', 'e', 'e', 'r', 's', 'c', 'o', 'n', 'f', '.', 'c', 'o', 'm', '\0', + /* "beeswax-orgone.com", true */ 'b', 'e', 'e', 's', 'w', 'a', 'x', '-', 'o', 'r', 'g', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "beetgroup.id", true */ 'b', 'e', 'e', 't', 'g', 'r', 'o', 'u', 'p', '.', 'i', 'd', '\0', + /* "beethoveninlove.com", true */ 'b', 'e', 'e', 't', 'h', 'o', 'v', 'e', 'n', 'i', 'n', 'l', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "beetman.net", true */ 'b', 'e', 'e', 't', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "beeutifulparties.co.uk", true */ 'b', 'e', 'e', 'u', 't', 'i', 'f', 'u', 'l', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "beexfit.com", true */ 'b', 'e', 'e', 'x', 'f', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "beezkneezcastles.co.uk", true */ 'b', 'e', 'e', 'z', 'k', 'n', 'e', 'e', 'z', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "beeznest.com", true */ 'b', 'e', 'e', 'z', 'n', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "befoodsafe.gov", true */ 'b', 'e', 'f', 'o', 'o', 'd', 's', 'a', 'f', 'e', '.', 'g', 'o', 'v', '\0', + /* "beforesunrise.de", true */ 'b', 'e', 'f', 'o', 'r', 'e', 's', 'u', 'n', 'r', 'i', 's', 'e', '.', 'd', 'e', '\0', + /* "beframed.ch", true */ 'b', 'e', 'f', 'r', 'a', 'm', 'e', 'd', '.', 'c', 'h', '\0', + /* "befundonline.de", true */ 'b', 'e', 'f', 'u', 'n', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "begabungsfoerderung.info", true */ 'b', 'e', 'g', 'a', 'b', 'u', 'n', 'g', 's', 'f', 'o', 'e', 'r', 'd', 'e', 'r', 'u', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0', + /* "begbie.com", true */ 'b', 'e', 'g', 'b', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "beginner.nl", true */ 'b', 'e', 'g', 'i', 'n', 'n', 'e', 'r', '.', 'n', 'l', '\0', + /* "behamzdarma.cz", true */ 'b', 'e', 'h', 'a', 'm', 'z', 'd', 'a', 'r', 'm', 'a', '.', 'c', 'z', '\0', + /* "behoerden-online-dienste.de", true */ 'b', 'e', 'h', 'o', 'e', 'r', 'd', 'e', 'n', '-', 'o', 'n', 'l', 'i', 'n', 'e', '-', 'd', 'i', 'e', 'n', 's', 't', 'e', '.', 'd', 'e', '\0', + /* "beichtgenerator.de", false */ 'b', 'e', 'i', 'c', 'h', 't', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'd', 'e', '\0', + /* "beijing.dating", true */ 'b', 'e', 'i', 'j', 'i', 'n', 'g', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "beijinglug.club", true */ 'b', 'e', 'i', 'j', 'i', 'n', 'g', 'l', 'u', 'g', '.', 'c', 'l', 'u', 'b', '\0', + /* "beinad.com", true */ 'b', 'e', 'i', 'n', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "beinad.ru", true */ 'b', 'e', 'i', 'n', 'a', 'd', '.', 'r', 'u', '\0', + /* "beingmad.org", true */ 'b', 'e', 'i', 'n', 'g', 'm', 'a', 'd', '.', 'o', 'r', 'g', '\0', + /* "belacapa.com.br", true */ 'b', 'e', 'l', 'a', 'c', 'a', 'p', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "belanglos.de", true */ 'b', 'e', 'l', 'a', 'n', 'g', 'l', 'o', 's', '.', 'd', 'e', '\0', + /* "belani.eu", true */ 'b', 'e', 'l', 'a', 'n', 'i', '.', 'e', 'u', '\0', + /* "belarto.be", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'b', 'e', '\0', + /* "belarto.de", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'd', 'e', '\0', + /* "belarto.es", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'e', 's', '\0', + /* "belarto.fr", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'f', 'r', '\0', + /* "belarto.it", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'i', 't', '\0', + /* "belarto.nl", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'n', 'l', '\0', + /* "belarto.pl", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'p', 'l', '\0', + /* "belastingdienst-in-beeld.nl", true */ 'b', 'e', 'l', 'a', 's', 't', 'i', 'n', 'g', 'd', 'i', 'e', 'n', 's', 't', '-', 'i', 'n', '-', 'b', 'e', 'e', 'l', 'd', '.', 'n', 'l', '\0', + /* "belastingmiddeling.nl", true */ 'b', 'e', 'l', 'a', 's', 't', 'i', 'n', 'g', 'm', 'i', 'd', 'd', 'e', 'l', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "belcompany.nl", false */ 'b', 'e', 'l', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'n', 'l', '\0', + /* "belegit.org", true */ 'b', 'e', 'l', 'e', 'g', 'i', 't', '.', 'o', 'r', 'g', '\0', + /* "belfastbounce.co.uk", true */ 'b', 'e', 'l', 'f', 'a', 's', 't', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "belfastlocks.com", true */ 'b', 'e', 'l', 'f', 'a', 's', 't', 'l', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "belfasttechservices.co.uk", true */ 'b', 'e', 'l', 'f', 'a', 's', 't', 't', 'e', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "belge.rs", true */ 'b', 'e', 'l', 'g', 'e', '.', 'r', 's', '\0', + /* "belgers.com", true */ 'b', 'e', 'l', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "belhopro.be", true */ 'b', 'e', 'l', 'h', 'o', 'p', 'r', 'o', '.', 'b', 'e', '\0', + /* "belics.com", true */ 'b', 'e', 'l', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "belien-tweedehandswagens.be", true */ 'b', 'e', 'l', 'i', 'e', 'n', '-', 't', 'w', 'e', 'e', 'd', 'e', 'h', 'a', 'n', 'd', 's', 'w', 'a', 'g', 'e', 'n', 's', '.', 'b', 'e', '\0', + /* "believablebook.com", false */ 'b', 'e', 'l', 'i', 'e', 'v', 'a', 'b', 'l', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "bella.network", true */ 'b', 'e', 'l', 'l', 'a', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "belloy.ch", true */ 'b', 'e', 'l', 'l', 'o', 'y', '.', 'c', 'h', '\0', + /* "belloy.net", true */ 'b', 'e', 'l', 'l', 'o', 'y', '.', 'n', 'e', 't', '\0', + /* "belly-button-piercings.com", true */ 'b', 'e', 'l', 'l', 'y', '-', 'b', 'u', 't', 't', 'o', 'n', '-', 'p', 'i', 'e', 'r', 'c', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "belmontgoessolar.org", true */ 'b', 'e', 'l', 'm', 'o', 'n', 't', 'g', 'o', 'e', 's', 's', 'o', 'l', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "belt.black", true */ 'b', 'e', 'l', 't', '.', 'b', 'l', 'a', 'c', 'k', '\0', + /* "belua.com", true */ 'b', 'e', 'l', 'u', 'a', '.', 'c', 'o', 'm', '\0', + /* "belvoirbouncycastles.co.uk", true */ 'b', 'e', 'l', 'v', 'o', 'i', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bely-mishka.by", true */ 'b', 'e', 'l', 'y', '-', 'm', 'i', 's', 'h', 'k', 'a', '.', 'b', 'y', '\0', + /* "belyvly.com", true */ 'b', 'e', 'l', 'y', 'v', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "bemsoft.pl", true */ 'b', 'e', 'm', 's', 'o', 'f', 't', '.', 'p', 'l', '\0', + /* "bemvindoaolar.com.br", true */ 'b', 'e', 'm', 'v', 'i', 'n', 'd', 'o', 'a', 'o', 'l', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ben-energy.com", false */ 'b', 'e', 'n', '-', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "ben-stock.de", true */ 'b', 'e', 'n', '-', 's', 't', 'o', 'c', 'k', '.', 'd', 'e', '\0', + /* "ben.ninja", true */ 'b', 'e', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "ben2.co.il", true */ 'b', 'e', 'n', '2', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "benabrams.it", true */ 'b', 'e', 'n', 'a', 'b', 'r', 'a', 'm', 's', '.', 'i', 't', '\0', + /* "benary.org", true */ 'b', 'e', 'n', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "benbozsa.ca", true */ 'b', 'e', 'n', 'b', 'o', 'z', 's', 'a', '.', 'c', 'a', '\0', + /* "benburwell.com", true */ 'b', 'e', 'n', 'b', 'u', 'r', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "benchcast.com", true */ 'b', 'e', 'n', 'c', 'h', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "benchling.com", true */ 'b', 'e', 'n', 'c', 'h', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "benchmarkmonument.com", true */ 'b', 'e', 'n', 'c', 'h', 'm', 'a', 'r', 'k', 'm', 'o', 'n', 'u', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "bencorby.com", true */ 'b', 'e', 'n', 'c', 'o', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "bendemaree.com", true */ 'b', 'e', 'n', 'd', 'e', 'm', 'a', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "bendigoland.com.au", true */ 'b', 'e', 'n', 'd', 'i', 'g', 'o', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "bendingtheending.com", true */ 'b', 'e', 'n', 'd', 'i', 'n', 'g', 't', 'h', 'e', 'e', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "bendix.co", true */ 'b', 'e', 'n', 'd', 'i', 'x', '.', 'c', 'o', '\0', + /* "beneathvt.com", true */ 'b', 'e', 'n', 'e', 'a', 't', 'h', 'v', 't', '.', 'c', 'o', 'm', '\0', + /* "benediktdichgans.de", true */ 'b', 'e', 'n', 'e', 'd', 'i', 'k', 't', 'd', 'i', 'c', 'h', 'g', 'a', 'n', 's', '.', 'd', 'e', '\0', + /* "benepiscinas.com.br", true */ 'b', 'e', 'n', 'e', 'p', 'i', 's', 'c', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "beneri.se", true */ 'b', 'e', 'n', 'e', 'r', 'i', '.', 's', 'e', '\0', + /* "benevita.bio", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'b', 'i', 'o', '\0', + /* "benevita.life", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'l', 'i', 'f', 'e', '\0', + /* "benevita.live", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'l', 'i', 'v', 'e', '\0', + /* "benevita.organic", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'o', 'r', 'g', 'a', 'n', 'i', 'c', '\0', + /* "benfairclough.com", true */ 'b', 'e', 'n', 'f', 'a', 'i', 'r', 'c', 'l', 'o', 'u', 'g', 'h', '.', 'c', 'o', 'm', '\0', + /* "bengalurugifts.com", true */ 'b', 'e', 'n', 'g', 'a', 'l', 'u', 'r', 'u', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "benhaney.com", true */ 'b', 'e', 'n', 'h', 'a', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "benhartmann.de", true */ 'b', 'e', 'n', 'h', 'a', 'r', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "benhavenarchives.org", true */ 'b', 'e', 'n', 'h', 'a', 'v', 'e', 'n', 'a', 'r', 'c', 'h', 'i', 'v', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "benjamin.pe", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', '.', 'p', 'e', '\0', + /* "benjaminblack.net", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'b', 'l', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0', + /* "benjamindietrich.com", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'd', 'i', 'e', 't', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "benjamindietrich.de", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'd', 'i', 'e', 't', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "benjaminjurke.com", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'j', 'u', 'r', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "benjaminjurke.net", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'j', 'u', 'r', 'k', 'e', '.', 'n', 'e', 't', '\0', + /* "benjaminpiquet.fr", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'p', 'i', 'q', 'u', 'e', 't', '.', 'f', 'r', '\0', + /* "benjamins.com", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "benleemd.com", true */ 'b', 'e', 'n', 'l', 'e', 'e', 'm', 'd', '.', 'c', 'o', 'm', '\0', + /* "benmatthews.com.au", true */ 'b', 'e', 'n', 'm', 'a', 't', 't', 'h', 'e', 'w', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "benmillett.us", false */ 'b', 'e', 'n', 'm', 'i', 'l', 'l', 'e', 't', 't', '.', 'u', 's', '\0', + /* "bennettsbouncycastlehire.co.uk", true */ 'b', 'e', 'n', 'n', 'e', 't', 't', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bennettshire.co.uk", true */ 'b', 'e', 'n', 'n', 'e', 't', 't', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "benni1.eu", true */ 'b', 'e', 'n', 'n', 'i', '1', '.', 'e', 'u', '\0', + /* "bennierobinson.com", true */ 'b', 'e', 'n', 'n', 'i', 'e', 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "bennink.me", true */ 'b', 'e', 'n', 'n', 'i', 'n', 'k', '.', 'm', 'e', '\0', + /* "benno.frl", true */ 'b', 'e', 'n', 'n', 'o', '.', 'f', 'r', 'l', '\0', + /* "bennygommers.nl", true */ 'b', 'e', 'n', 'n', 'y', 'g', 'o', 'm', 'm', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "bennythink.com", true */ 'b', 'e', 'n', 'n', 'y', 't', 'h', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "bensbouncycastles.co.uk", true */ 'b', 'e', 'n', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "benschnarr.com", true */ 'b', 'e', 'n', 's', 'c', 'h', 'n', 'a', 'r', 'r', '.', 'c', 'o', 'm', '\0', + /* "benscobie.com", true */ 'b', 'e', 'n', 's', 'c', 'o', 'b', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "bensinflatables.co.uk", true */ 'b', 'e', 'n', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bentertain.de", true */ 'b', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', '.', 'd', 'e', '\0', + /* "bentley.blog", true */ 'b', 'e', 'n', 't', 'l', 'e', 'y', '.', 'b', 'l', 'o', 'g', '\0', + /* "bentley.link", true */ 'b', 'e', 'n', 't', 'l', 'e', 'y', '.', 'l', 'i', 'n', 'k', '\0', + /* "bentrask.com", true */ 'b', 'e', 'n', 't', 'r', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0', + /* "beoordelingen.be", true */ 'b', 'e', 'o', 'o', 'r', 'd', 'e', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'b', 'e', '\0', + /* "beranovi.com", true */ 'b', 'e', 'r', 'a', 'n', 'o', 'v', 'i', '.', 'c', 'o', 'm', '\0', + /* "berasavocate.com", true */ 'b', 'e', 'r', 'a', 's', 'a', 'v', 'o', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "beraten-entwickeln-steuern.de", true */ 'b', 'e', 'r', 'a', 't', 'e', 'n', '-', 'e', 'n', 't', 'w', 'i', 'c', 'k', 'e', 'l', 'n', '-', 's', 't', 'e', 'u', 'e', 'r', 'n', '.', 'd', 'e', '\0', + /* "berdaguermontes.eu", true */ 'b', 'e', 'r', 'd', 'a', 'g', 'u', 'e', 'r', 'm', 'o', 'n', 't', 'e', 's', '.', 'e', 'u', '\0', + /* "berdu.id", true */ 'b', 'e', 'r', 'd', 'u', '.', 'i', 'd', '\0', + /* "bergenhave.nl", true */ 'b', 'e', 'r', 'g', 'e', 'n', 'h', 'a', 'v', 'e', '.', 'n', 'l', '\0', + /* "bergevoet-fa.nl", true */ 'b', 'e', 'r', 'g', 'e', 'v', 'o', 'e', 't', '-', 'f', 'a', '.', 'n', 'l', '\0', + /* "bergfex.at", true */ 'b', 'e', 'r', 'g', 'f', 'e', 'x', '.', 'a', 't', '\0', + /* "bergstoneware.com", true */ 'b', 'e', 'r', 'g', 's', 't', 'o', 'n', 'e', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "berlin-flirt.de", true */ 'b', 'e', 'r', 'l', 'i', 'n', '-', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0', + /* "berlin-kohlefrei.de", true */ 'b', 'e', 'r', 'l', 'i', 'n', '-', 'k', 'o', 'h', 'l', 'e', 'f', 'r', 'e', 'i', '.', 'd', 'e', '\0', + /* "berlin.dating", true */ 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "bermeitinger.eu", true */ 'b', 'e', 'r', 'm', 'e', 'i', 't', 'i', 'n', 'g', 'e', 'r', '.', 'e', 'u', '\0', + /* "berna.fr", true */ 'b', 'e', 'r', 'n', 'a', '.', 'f', 'r', '\0', + /* "bernadetteanderes.ch", true */ 'b', 'e', 'r', 'n', 'a', 'd', 'e', 't', 't', 'e', 'a', 'n', 'd', 'e', 'r', 'e', 's', '.', 'c', 'h', '\0', + /* "bernardcontainers.be", true */ 'b', 'e', 'r', 'n', 'a', 'r', 'd', 'c', 'o', 'n', 't', 'a', 'i', 'n', 'e', 'r', 's', '.', 'b', 'e', '\0', + /* "bernardfischer.fr", true */ 'b', 'e', 'r', 'n', 'a', 'r', 'd', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'f', 'r', '\0', + /* "bernat.im", true */ 'b', 'e', 'r', 'n', 'a', 't', '.', 'i', 'm', '\0', + /* "bernd-leitner-fotodesign.com", true */ 'b', 'e', 'r', 'n', 'd', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '-', 'f', 'o', 't', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "bernd-leitner-fotodesign.de", true */ 'b', 'e', 'r', 'n', 'd', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '-', 'f', 'o', 't', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0', + /* "bernd-leitner.de", true */ 'b', 'e', 'r', 'n', 'd', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "bernhard-seidenspinner.de", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', '-', 's', 'e', 'i', 'd', 'e', 'n', 's', 'p', 'i', 'n', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "bernhardkau.de", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 'k', 'a', 'u', '.', 'd', 'e', '\0', + /* "bernhardluginbuehl.ch", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'c', 'h', '\0', + /* "bernhardluginbuehl.com", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'c', 'o', 'm', '\0', + /* "berr.yt", true */ 'b', 'e', 'r', 'r', '.', 'y', 't', '\0', + /* "berra.se", true */ 'b', 'e', 'r', 'r', 'a', '.', 's', 'e', '\0', + /* "berrus.com", true */ 'b', 'e', 'r', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "berry.cat", true */ 'b', 'e', 'r', 'r', 'y', '.', 'c', 'a', 't', '\0', + /* "berrypay.com", true */ 'b', 'e', 'r', 'r', 'y', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "berseb.se", true */ 'b', 'e', 'r', 's', 'e', 'b', '.', 's', 'e', '\0', + /* "bersierservices.ch", true */ 'b', 'e', 'r', 's', 'i', 'e', 'r', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'h', '\0', + /* "bersotavocats.fr", true */ 'b', 'e', 'r', 's', 'o', 't', 'a', 'v', 'o', 'c', 'a', 't', 's', '.', 'f', 'r', '\0', + /* "berst.cz", true */ 'b', 'e', 'r', 's', 't', '.', 'c', 'z', '\0', + /* "berthabailey.com", true */ 'b', 'e', 'r', 't', 'h', 'a', 'b', 'a', 'i', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "bertholdsson.com", true */ 'b', 'e', 'r', 't', 'h', 'o', 'l', 'd', 's', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "bertoliniodontoiatria.it", true */ 'b', 'e', 'r', 't', 'o', 'l', 'i', 'n', 'i', 'o', 'd', 'o', 'n', 't', 'o', 'i', 'a', 't', 'r', 'i', 'a', '.', 'i', 't', '\0', + /* "bertrand.bio", true */ 'b', 'e', 'r', 't', 'r', 'a', 'n', 'd', '.', 'b', 'i', 'o', '\0', + /* "bertrandkeller.info", true */ 'b', 'e', 'r', 't', 'r', 'a', 'n', 'd', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "bertsmithvwparts.com", true */ 'b', 'e', 'r', 't', 's', 'm', 'i', 't', 'h', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "beryl.net", true */ 'b', 'e', 'r', 'y', 'l', '.', 'n', 'e', 't', '\0', + /* "besb66.club", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'c', 'l', 'u', 'b', '\0', + /* "besb66.com", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'c', 'o', 'm', '\0', + /* "besb66.me", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'm', 'e', '\0', + /* "besb66.ninja", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "besb66.rocks", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "besb66.us", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'u', 's', '\0', + /* "beschriftung-metz.de", true */ 'b', 'e', 's', 'c', 'h', 'r', 'i', 'f', 't', 'u', 'n', 'g', '-', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "beserberg.tk", true */ 'b', 'e', 's', 'e', 'r', 'b', 'e', 'r', 'g', '.', 't', 'k', '\0', + /* "bespokestraps.com", true */ 'b', 'e', 's', 'p', 'o', 'k', 'e', 's', 't', 'r', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "best-of-bounce.co.uk", true */ 'b', 'e', 's', 't', '-', 'o', 'f', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "best-wallpaper.net", true */ 'b', 'e', 's', 't', '-', 'w', 'a', 'l', 'l', 'p', 'a', 'p', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "best-wedding-quotes.com", true */ 'b', 'e', 's', 't', '-', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '-', 'q', 'u', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "best10websitebuilders.com", true */ 'b', 'e', 's', 't', '1', '0', 'w', 'e', 'b', 's', 'i', 't', 'e', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "bestbestbitcoin.com", true */ 'b', 'e', 's', 't', 'b', 'e', 's', 't', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "bestbonuses.co.uk", true */ 'b', 'e', 's', 't', 'b', 'o', 'n', 'u', 's', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bestbrakes.com", true */ 'b', 'e', 's', 't', 'b', 'r', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "bestbridal.top", true */ 'b', 'e', 's', 't', 'b', 'r', 'i', 'd', 'a', 'l', '.', 't', 'o', 'p', '\0', + /* "bestbyte.com.br", true */ 'b', 'e', 's', 't', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bestessaycheap.com", true */ 'b', 'e', 's', 't', 'e', 's', 's', 'a', 'y', 'c', 'h', 'e', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "bestessayhelp.com", true */ 'b', 'e', 's', 't', 'e', 's', 's', 'a', 'y', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0', + /* "bestgiftever.ca", true */ 'b', 'e', 's', 't', 'g', 'i', 'f', 't', 'e', 'v', 'e', 'r', '.', 'c', 'a', '\0', + /* "bestgifts4you.com", true */ 'b', 'e', 's', 't', 'g', 'i', 'f', 't', 's', '4', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "bestlashesandbrows.com", true */ 'b', 'e', 's', 't', 'l', 'a', 's', 'h', 'e', 's', 'a', 'n', 'd', 'b', 'r', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "bestlashesandbrows.hu", true */ 'b', 'e', 's', 't', 'l', 'a', 's', 'h', 'e', 's', 'a', 'n', 'd', 'b', 'r', 'o', 'w', 's', '.', 'h', 'u', '\0', + /* "bestleftwild.com", true */ 'b', 'e', 's', 't', 'l', 'e', 'f', 't', 'w', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "bestmodels.su", true */ 'b', 'e', 's', 't', 'm', 'o', 'd', 'e', 'l', 's', '.', 's', 'u', '\0', + /* "bestmotherfucking.website", true */ 'b', 'e', 's', 't', 'm', 'o', 't', 'h', 'e', 'r', 'f', 'u', 'c', 'k', 'i', 'n', 'g', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0', + /* "bestoliveoils.com", true */ 'b', 'e', 's', 't', 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "bestpartyhire.com", true */ 'b', 'e', 's', 't', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "bestperfumebrands.com", true */ 'b', 'e', 's', 't', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 'b', 'r', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "bestschools.top", true */ 'b', 'e', 's', 't', 's', 'c', 'h', 'o', 'o', 'l', 's', '.', 't', 'o', 'p', '\0', + /* "bestseries.tv", true */ 'b', 'e', 's', 't', 's', 'e', 'r', 'i', 'e', 's', '.', 't', 'v', '\0', + /* "bestwarezone.com", true */ 'b', 'e', 's', 't', 'w', 'a', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "bestwebsite.gallery", true */ 'b', 'e', 's', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0', + /* "bet-99.com", true */ 'b', 'e', 't', '-', '9', '9', '.', 'c', 'o', 'm', '\0', + /* "betamint.org", true */ 'b', 'e', 't', 'a', 'm', 'i', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "betaworx.de", true */ 'b', 'e', 't', 'a', 'w', 'o', 'r', 'x', '.', 'd', 'e', '\0', + /* "betaworx.eu", true */ 'b', 'e', 't', 'a', 'w', 'o', 'r', 'x', '.', 'e', 'u', '\0', + /* "betecnet.de", true */ 'b', 'e', 't', 'e', 'c', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "betformular.com", true */ 'b', 'e', 't', 'f', 'o', 'r', 'm', 'u', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "betkoo.com", true */ 'b', 'e', 't', 'k', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "betonmoney.com", true */ 'b', 'e', 't', 'o', 'n', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "betpamm.com", true */ 'b', 'e', 't', 'p', 'a', 'm', 'm', '.', 'c', 'o', 'm', '\0', + /* "bets.gg", true */ 'b', 'e', 't', 's', '.', 'g', 'g', '\0', + /* "betseybuckheit.com", true */ 'b', 'e', 't', 's', 'e', 'y', 'b', 'u', 'c', 'k', 'h', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "betshoot.com", true */ 'b', 'e', 't', 's', 'h', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "betsonlinefree.com.au", true */ 'b', 'e', 't', 's', 'o', 'n', 'l', 'i', 'n', 'e', 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "betsyshilling.com", true */ 'b', 'e', 't', 's', 'y', 's', 'h', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "bett1.de", true */ 'b', 'e', 't', 't', '1', '.', 'd', 'e', '\0', + /* "better-bounce.co.uk", true */ 'b', 'e', 't', 't', 'e', 'r', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "better.fyi", true */ 'b', 'e', 't', 't', 'e', 'r', '.', 'f', 'y', 'i', '\0', + /* "betterbabyshop.com.au", true */ 'b', 'e', 't', 't', 'e', 'r', 'b', 'a', 'b', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "bettercrypto.org", true */ 'b', 'e', 't', 't', 'e', 'r', 'c', 'r', 'y', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0', + /* "betterhelp.com", true */ 'b', 'e', 't', 't', 'e', 'r', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0', + /* "betterna.me", true */ 'b', 'e', 't', 't', 'e', 'r', 'n', 'a', '.', 'm', 'e', '\0', + /* "betterscience.org", true */ 'b', 'e', 't', 't', 'e', 'r', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "bettertest.it", true */ 'b', 'e', 't', 't', 'e', 'r', 't', 'e', 's', 't', '.', 'i', 't', '\0', + /* "betterworldinternational.org", true */ 'b', 'e', 't', 't', 'e', 'r', 'w', 'o', 'r', 'l', 'd', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "bettflaschen.ch", true */ 'b', 'e', 't', 't', 'f', 'l', 'a', 's', 'c', 'h', 'e', 'n', '.', 'c', 'h', '\0', + /* "bettingbusiness.ru", true */ 'b', 'e', 't', 't', 'i', 'n', 'g', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'r', 'u', '\0', + /* "bettolinokitchen.com", true */ 'b', 'e', 't', 't', 'o', 'l', 'i', 'n', 'o', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "bettrlifeapp.com", true */ 'b', 'e', 't', 't', 'r', 'l', 'i', 'f', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "betulashop.ch", true */ 'b', 'e', 't', 'u', 'l', 'a', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0', + /* "betwalker.com", true */ 'b', 'e', 't', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "beulen.email", true */ 'b', 'e', 'u', 'l', 'e', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "beulen.link", true */ 'b', 'e', 'u', 'l', 'e', 'n', '.', 'l', 'i', 'n', 'k', '\0', + /* "beulen.pro", true */ 'b', 'e', 'u', 'l', 'e', 'n', '.', 'p', 'r', 'o', '\0', + /* "bevedo.cz", true */ 'b', 'e', 'v', 'e', 'd', 'o', '.', 'c', 'z', '\0', + /* "beveiligingscamerawestland.nl", true */ 'b', 'e', 'v', 'e', 'i', 'l', 'i', 'g', 'i', 'n', 'g', 's', 'c', 'a', 'm', 'e', 'r', 'a', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "beverlyinternational.com", false */ 'b', 'e', 'v', 'e', 'r', 'l', 'y', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "bevinco2020.com", true */ 'b', 'e', 'v', 'i', 'n', 'c', 'o', '2', '0', '2', '0', '.', 'c', 'o', 'm', '\0', + /* "bevinsco.org", true */ 'b', 'e', 'v', 'i', 'n', 's', 'c', 'o', '.', 'o', 'r', 'g', '\0', + /* "bevnut.com", true */ 'b', 'e', 'v', 'n', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "bewegungsfluss.com", true */ 'b', 'e', 'w', 'e', 'g', 'u', 'n', 'g', 's', 'f', 'l', 'u', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "bewerbungsfoto-deinfoto.ch", true */ 'b', 'e', 'w', 'e', 'r', 'b', 'u', 'n', 'g', 's', 'f', 'o', 't', 'o', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0', + /* "bewertet.de", true */ 'b', 'e', 'w', 'e', 'r', 't', 'e', 't', '.', 'd', 'e', '\0', + /* "bewonderen.com", true */ 'b', 'e', 'w', 'o', 'n', 'd', 'e', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "bexit-hosting.nl", true */ 'b', 'e', 'x', 'i', 't', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "bexit-security.eu", true */ 'b', 'e', 'x', 'i', 't', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'e', 'u', '\0', + /* "bexit-security.nl", true */ 'b', 'e', 'x', 'i', 't', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'l', '\0', + /* "bexit.nl", true */ 'b', 'e', 'x', 'i', 't', '.', 'n', 'l', '\0', + /* "bexithosting.nl", true */ 'b', 'e', 'x', 'i', 't', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "bexleycastles.co.uk", true */ 'b', 'e', 'x', 'l', 'e', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "beybiz.com", true */ 'b', 'e', 'y', 'b', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "beyond-infinity.org", true */ 'b', 'e', 'y', 'o', 'n', 'd', '-', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "beyond-rational.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', '-', 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "beyondalderaan.net", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'a', 'l', 'd', 'e', 'r', 'a', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "beyondbounce.co.uk", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "beyondpricing.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'p', 'r', 'i', 'c', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "beyondthecode.io", true */ 'b', 'e', 'y', 'o', 'n', 'd', 't', 'h', 'e', 'c', 'o', 'd', 'e', '.', 'i', 'o', '\0', + /* "beyondtodaymediagroup.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', 't', 'o', 'd', 'a', 'y', 'm', 'e', 'd', 'i', 'a', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "beyondtrust.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', 't', 'r', 'u', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "beyondweb.net", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0', + /* "beyonic.com", true */ 'b', 'e', 'y', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "beyours.be", true */ 'b', 'e', 'y', 'o', 'u', 'r', 's', '.', 'b', 'e', '\0', + /* "bez-energie.de", true */ 'b', 'e', 'z', '-', 'e', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'd', 'e', '\0', + /* "bezemkast.nl", true */ 'b', 'e', 'z', 'e', 'm', 'k', 'a', 's', 't', '.', 'n', 'l', '\0', + /* "bezoomnyville.com", true */ 'b', 'e', 'z', 'o', 'o', 'm', 'n', 'y', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "bezpecnostsiti.cf", true */ 'b', 'e', 'z', 'p', 'e', 'c', 'n', 'o', 's', 't', 's', 'i', 't', 'i', '.', 'c', 'f', '\0', + /* "bfam.tv", true */ 'b', 'f', 'a', 'm', '.', 't', 'v', '\0', + /* "bfi.wien", false */ 'b', 'f', 'i', '.', 'w', 'i', 'e', 'n', '\0', + /* "bft-media.com", true */ 'b', 'f', 't', '-', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "bftbradio.com", true */ 'b', 'f', 't', 'b', 'r', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "bfw-online.de", true */ 'b', 'f', 'w', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "bg-sexologia.com", true */ 'b', 'g', '-', 's', 'e', 'x', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "bgdaddy.com", true */ 'b', 'g', 'd', 'a', 'd', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "bgenlisted.com", true */ 'b', 'g', 'e', 'n', 'l', 'i', 's', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "bgeo.io", true */ 'b', 'g', 'e', 'o', '.', 'i', 'o', '\0', + /* "bgfashion.net", true */ 'b', 'g', 'f', 'a', 's', 'h', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "bghost.xyz", true */ 'b', 'g', 'h', 'o', 's', 't', '.', 'x', 'y', 'z', '\0', + /* "bgkoleda.bg", true */ 'b', 'g', 'k', 'o', 'l', 'e', 'd', 'a', '.', 'b', 'g', '\0', + /* "bglsingles.de", true */ 'b', 'g', 'l', 's', 'i', 'n', 'g', 'l', 'e', 's', '.', 'd', 'e', '\0', + /* "bgneuesheim.de", true */ 'b', 'g', 'n', 'e', 'u', 'e', 's', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0', + /* "bgp.space", true */ 'b', 'g', 'p', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "bgr34.cz", true */ 'b', 'g', 'r', '3', '4', '.', 'c', 'z', '\0', + /* "bgtgames.com", true */ 'b', 'g', 't', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "bharath-g.in", true */ 'b', 'h', 'a', 'r', 'a', 't', 'h', '-', 'g', '.', 'i', 'n', '\0', + /* "bhodisoft.com", true */ 'b', 'h', 'o', 'd', 'i', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "bhost.net", true */ 'b', 'h', 'o', 's', 't', '.', 'n', 'e', 't', '\0', + /* "bhtelecom.ba", true */ 'b', 'h', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'b', 'a', '\0', + /* "bhuntr.com", true */ 'b', 'h', 'u', 'n', 't', 'r', '.', 'c', 'o', 'm', '\0', + /* "bi.search.yahoo.com", false */ 'b', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "biaggeo.com", true */ 'b', 'i', 'a', 'g', 'g', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "bianinapiccanovias.com", true */ 'b', 'i', 'a', 'n', 'i', 'n', 'a', 'p', 'i', 'c', 'c', 'a', 'n', 'o', 'v', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "biaoqingfuhao.net", true */ 'b', 'i', 'a', 'o', 'q', 'i', 'n', 'g', 'f', 'u', 'h', 'a', 'o', '.', 'n', 'e', 't', '\0', + /* "biaoqingfuhao.org", true */ 'b', 'i', 'a', 'o', 'q', 'i', 'n', 'g', 'f', 'u', 'h', 'a', 'o', '.', 'o', 'r', 'g', '\0', + /* "biasmath.es", true */ 'b', 'i', 'a', 's', 'm', 'a', 't', 'h', '.', 'e', 's', '\0', + /* "biathloncup.ru", true */ 'b', 'i', 'a', 't', 'h', 'l', 'o', 'n', 'c', 'u', 'p', '.', 'r', 'u', '\0', + /* "bible.ru", true */ 'b', 'i', 'b', 'l', 'e', '.', 'r', 'u', '\0', + /* "bibleonline.ru", true */ 'b', 'i', 'b', 'l', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'u', '\0', + /* "bibliaon.com", true */ 'b', 'i', 'b', 'l', 'i', 'a', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "biblio.wiki", true */ 'b', 'i', 'b', 'l', 'i', 'o', '.', 'w', 'i', 'k', 'i', '\0', + /* "biblioblog.fr", true */ 'b', 'i', 'b', 'l', 'i', 'o', 'b', 'l', 'o', 'g', '.', 'f', 'r', '\0', + /* "bibliomarkt.ch", true */ 'b', 'i', 'b', 'l', 'i', 'o', 'm', 'a', 'r', 'k', 't', '.', 'c', 'h', '\0', + /* "biblionaut.net", true */ 'b', 'i', 'b', 'l', 'i', 'o', 'n', 'a', 'u', 't', '.', 'n', 'e', 't', '\0', + /* "bibliotekarien.se", true */ 'b', 'i', 'b', 'l', 'i', 'o', 't', 'e', 'k', 'a', 'r', 'i', 'e', 'n', '.', 's', 'e', '\0', + /* "biboumail.fr", true */ 'b', 'i', 'b', 'o', 'u', 'm', 'a', 'i', 'l', '.', 'f', 'r', '\0', + /* "bibuch.com", true */ 'b', 'i', 'b', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "bicha.net", true */ 'b', 'i', 'c', 'h', 'a', '.', 'n', 'e', 't', '\0', + /* "bichines.es", true */ 'b', 'i', 'c', 'h', 'i', 'n', 'e', 's', '.', 'e', 's', '\0', + /* "bichonfrise.com.br", true */ 'b', 'i', 'c', 'h', 'o', 'n', 'f', 'r', 'i', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bichonmaltes.com.br", true */ 'b', 'i', 'c', 'h', 'o', 'n', 'm', 'a', 'l', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bicranial.io", true */ 'b', 'i', 'c', 'r', 'a', 'n', 'i', 'a', 'l', '.', 'i', 'o', '\0', + /* "bicycle-events.com", true */ 'b', 'i', 'c', 'y', 'c', 'l', 'e', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "biddl.com", true */ 'b', 'i', 'd', 'd', 'l', '.', 'c', 'o', 'm', '\0', + /* "bidorbuy.co.ke", true */ 'b', 'i', 'd', 'o', 'r', 'b', 'u', 'y', '.', 'c', 'o', '.', 'k', 'e', '\0', + /* "biegner-technik.de", true */ 'b', 'i', 'e', 'g', 'n', 'e', 'r', '-', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0', + /* "bien-etre-sante.info", true */ 'b', 'i', 'e', 'n', '-', 'e', 't', 'r', 'e', '-', 's', 'a', 'n', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "bienici.com", true */ 'b', 'i', 'e', 'n', 'i', 'c', 'i', '.', 'c', 'o', 'm', '\0', + /* "bienoubien.org", true */ 'b', 'i', 'e', 'n', 'o', 'u', 'b', 'i', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "biensenvue.com", true */ 'b', 'i', 'e', 'n', 's', 'e', 'n', 'v', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "bier.jp", true */ 'b', 'i', 'e', 'r', '.', 'j', 'p', '\0', + /* "bierbaumer.net", true */ 'b', 'i', 'e', 'r', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "biergaizi.info", true */ 'b', 'i', 'e', 'r', 'g', 'a', 'i', 'z', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "bierochs.org", true */ 'b', 'i', 'e', 'r', 'o', 'c', 'h', 's', '.', 'o', 'r', 'g', '\0', + /* "bieser.ch", true */ 'b', 'i', 'e', 's', 'e', 'r', '.', 'c', 'h', '\0', + /* "biester.pro", true */ 'b', 'i', 'e', 's', 't', 'e', 'r', '.', 'p', 'r', 'o', '\0', + /* "big-andy.co.uk", true */ 'b', 'i', 'g', '-', 'a', 'n', 'd', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "big-bounce.co.uk", true */ 'b', 'i', 'g', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "big-fluglaerm-hamburg.de", true */ 'b', 'i', 'g', '-', 'f', 'l', 'u', 'g', 'l', 'a', 'e', 'r', 'm', '-', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "bigbluedoor.net", true */ 'b', 'i', 'g', 'b', 'l', 'u', 'e', 'd', 'o', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "bigbouncebouncycastles.co.uk", true */ 'b', 'i', 'g', 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bigbouncetheory.co.uk", true */ 'b', 'i', 'g', 'b', 'o', 'u', 'n', 'c', 'e', 't', 'h', 'e', 'o', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bigbounceuk.com", true */ 'b', 'i', 'g', 'b', 'o', 'u', 'n', 'c', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "bigclassaction.com", true */ 'b', 'i', 'g', 'c', 'l', 'a', 's', 's', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "bigcorporateevents.com", true */ 'b', 'i', 'g', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "bigdinosaur.org", true */ 'b', 'i', 'g', 'd', 'i', 'n', 'o', 's', 'a', 'u', 'r', '.', 'o', 'r', 'g', '\0', + /* "bigfunbouncycastles.com", true */ 'b', 'i', 'g', 'f', 'u', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "biggreenexchange.com", true */ 'b', 'i', 'g', 'g', 'r', 'e', 'e', 'n', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "bight.ca", true */ 'b', 'i', 'g', 'h', 't', '.', 'c', 'a', '\0', + /* "bigio.com.br", true */ 'b', 'i', 'g', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "biglagoonrentals.com", true */ 'b', 'i', 'g', 'l', 'a', 'g', 'o', 'o', 'n', 'r', 'e', 'n', 't', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "bigsisterchannel.com", true */ 'b', 'i', 'g', 's', 'i', 's', 't', 'e', 'r', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "bigskymontanalandforsale.com", true */ 'b', 'i', 'g', 's', 'k', 'y', 'm', 'o', 'n', 't', 'a', 'n', 'a', 'l', 'a', 'n', 'd', 'f', 'o', 'r', 's', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "biilo.com", true */ 'b', 'i', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "bijoux.com.br", true */ 'b', 'i', 'j', 'o', 'u', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bijouxbrasil.com.br", true */ 'b', 'i', 'j', 'o', 'u', 'x', 'b', 'r', 'a', 's', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bijuteriicualint.ro", true */ 'b', 'i', 'j', 'u', 't', 'e', 'r', 'i', 'i', 'c', 'u', 'a', 'l', 'i', 'n', 't', '.', 'r', 'o', '\0', + /* "bike-discount.de", true */ 'b', 'i', 'k', 'e', '-', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'd', 'e', '\0', + /* "bike-kurse.ch", true */ 'b', 'i', 'k', 'e', '-', 'k', 'u', 'r', 's', 'e', '.', 'c', 'h', '\0', + /* "bike-shack.com", true */ 'b', 'i', 'k', 'e', '-', 's', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "bikebay.it", true */ 'b', 'i', 'k', 'e', 'b', 'a', 'y', '.', 'i', 't', '\0', + /* "bikehistory.org", true */ 'b', 'i', 'k', 'e', 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "bikelifetvkidsquads.co.uk", true */ 'b', 'i', 'k', 'e', 'l', 'i', 'f', 'e', 't', 'v', 'k', 'i', 'd', 's', 'q', 'u', 'a', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "biker.dating", true */ 'b', 'i', 'k', 'e', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "bikerebel.com", true */ 'b', 'i', 'k', 'e', 'r', 'e', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "bikeshopitalia.com", true */ 'b', 'i', 'k', 'e', 's', 'h', 'o', 'p', 'i', 't', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "bikiniseli.com", true */ 'b', 'i', 'k', 'i', 'n', 'i', 's', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "bikkelbroeders.com", false */ 'b', 'i', 'k', 'k', 'e', 'l', 'b', 'r', 'o', 'e', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "bikkelbroeders.nl", false */ 'b', 'i', 'k', 'k', 'e', 'l', 'b', 'r', 'o', 'e', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "bilalic.com", true */ 'b', 'i', 'l', 'a', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "bilalkilic.de", true */ 'b', 'i', 'l', 'a', 'l', 'k', 'i', 'l', 'i', 'c', '.', 'd', 'e', '\0', + /* "bilbayt.com", true */ 'b', 'i', 'l', 'b', 'a', 'y', 't', '.', 'c', 'o', 'm', '\0', + /* "bilder-designs.de", true */ 'b', 'i', 'l', 'd', 'e', 'r', '-', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'd', 'e', '\0', + /* "bildermachr.de", true */ 'b', 'i', 'l', 'd', 'e', 'r', 'm', 'a', 'c', 'h', 'r', '.', 'd', 'e', '\0', + /* "bildschirmflackern.de", true */ 'b', 'i', 'l', 'd', 's', 'c', 'h', 'i', 'r', 'm', 'f', 'l', 'a', 'c', 'k', 'e', 'r', 'n', '.', 'd', 'e', '\0', + /* "biletru.net", true */ 'b', 'i', 'l', 'e', 't', 'r', 'u', '.', 'n', 'e', 't', '\0', + /* "bilgo.com", true */ 'b', 'i', 'l', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "bilimoe.com", true */ 'b', 'i', 'l', 'i', 'm', 'o', 'e', '.', 'c', 'o', 'm', '\0', + /* "bilke.org", true */ 'b', 'i', 'l', 'k', 'e', '.', 'o', 'r', 'g', '\0', + /* "billaud.eu.org", true */ 'b', 'i', 'l', 'l', 'a', 'u', 'd', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "billdestler.com", true */ 'b', 'i', 'l', 'l', 'd', 'e', 's', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "billgoldstein.name", true */ 'b', 'i', 'l', 'l', 'g', 'o', 'l', 'd', 's', 't', 'e', 'i', 'n', '.', 'n', 'a', 'm', 'e', '\0', + /* "billiger-mietwagen.de", true */ 'b', 'i', 'l', 'l', 'i', 'g', 'e', 'r', '-', 'm', 'i', 'e', 't', 'w', 'a', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "billigerfinder.de", true */ 'b', 'i', 'l', 'l', 'i', 'g', 'e', 'r', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "billigpoker.dk", true */ 'b', 'i', 'l', 'l', 'i', 'g', 'p', 'o', 'k', 'e', 'r', '.', 'd', 'k', '\0', + /* "billigssl.dk", true */ 'b', 'i', 'l', 'l', 'i', 'g', 's', 's', 'l', '.', 'd', 'k', '\0', + /* "billionairemailinglist.com", true */ 'b', 'i', 'l', 'l', 'i', 'o', 'n', 'a', 'i', 'r', 'e', 'm', 'a', 'i', 'l', 'i', 'n', 'g', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "billionkiaparts.com", true */ 'b', 'i', 'l', 'l', 'i', 'o', 'n', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "billogram.com", true */ 'b', 'i', 'l', 'l', 'o', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "billpro.com", false */ 'b', 'i', 'l', 'l', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "billpro.com.au", true */ 'b', 'i', 'l', 'l', 'p', 'r', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "billrhodesbakery.com", true */ 'b', 'i', 'l', 'l', 'r', 'h', 'o', 'd', 'e', 's', 'b', 'a', 'k', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "billrobinson.io", true */ 'b', 'i', 'l', 'l', 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', '.', 'i', 'o', '\0', + /* "billy.pictures", true */ 'b', 'i', 'l', 'l', 'y', '.', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '\0', + /* "billyoh.com", true */ 'b', 'i', 'l', 'l', 'y', 'o', 'h', '.', 'c', 'o', 'm', '\0', + /* "billysbouncycastlehire.co.uk", true */ 'b', 'i', 'l', 'l', 'y', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bilsho.com", true */ 'b', 'i', 'l', 's', 'h', 'o', '.', 'c', 'o', 'm', '\0', + /* "biltullen.com", true */ 'b', 'i', 'l', 't', 'u', 'l', 'l', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "bimmerlabs.com", true */ 'b', 'i', 'm', 'm', 'e', 'r', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "bin95.com", true */ 'b', 'i', 'n', '9', '5', '.', 'c', 'o', 'm', '\0', + /* "bina.az", true */ 'b', 'i', 'n', 'a', '.', 'a', 'z', '\0', + /* "binarization.com", true */ 'b', 'i', 'n', 'a', 'r', 'i', 'z', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "binaryabstraction.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'a', 'b', 's', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "binaryapparatus.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'a', 'p', 'p', 'a', 'r', 'a', 't', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "binaryappdev.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'a', 'p', 'p', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "binaryevolved.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'e', 'v', 'o', 'l', 'v', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "binarystud.io", true */ 'b', 'i', 'n', 'a', 'r', 'y', 's', 't', 'u', 'd', '.', 'i', 'o', '\0', + /* "binding-problem.com", true */ 'b', 'i', 'n', 'd', 'i', 'n', 'g', '-', 'p', 'r', 'o', 'b', 'l', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "binfind.com", true */ 'b', 'i', 'n', 'f', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "bing.com", true */ 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "bingcheung.org", true */ 'b', 'i', 'n', 'g', 'c', 'h', 'e', 'u', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "bingo-wear.com", true */ 'b', 'i', 'n', 'g', 'o', '-', 'w', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "bingobank.org", true */ 'b', 'i', 'n', 'g', 'o', 'b', 'a', 'n', 'k', '.', 'o', 'r', 'g', '\0', + /* "bingofriends.com", true */ 'b', 'i', 'n', 'g', 'o', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "bingostars.com", true */ 'b', 'i', 'n', 'g', 'o', 's', 't', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "binhex.net", true */ 'b', 'i', 'n', 'h', 'e', 'x', '.', 'n', 'e', 't', '\0', + /* "binkconsulting.be", true */ 'b', 'i', 'n', 'k', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'b', 'e', '\0', + /* "binti.com", true */ 'b', 'i', 'n', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "bio-disinfestazione.it", true */ 'b', 'i', 'o', '-', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'i', 't', '\0', + /* "biobuttons.ch", true */ 'b', 'i', 'o', 'b', 'u', 't', 't', 'o', 'n', 's', '.', 'c', 'h', '\0', + /* "biocrafting.net", true */ 'b', 'i', 'o', 'c', 'r', 'a', 'f', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "biodiagnostiki.clinic", true */ 'b', 'i', 'o', 'd', 'i', 'a', 'g', 'n', 'o', 's', 't', 'i', 'k', 'i', '.', 'c', 'l', 'i', 'n', 'i', 'c', '\0', + /* "biodieseldata.com", true */ 'b', 'i', 'o', 'd', 'i', 'e', 's', 'e', 'l', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "bioemsan.cz", true */ 'b', 'i', 'o', 'e', 'm', 's', 'a', 'n', '.', 'c', 'z', '\0', + /* "bioetco.ch", true */ 'b', 'i', 'o', 'e', 't', 'c', 'o', '.', 'c', 'h', '\0', + /* "biogecho.ch", true */ 'b', 'i', 'o', 'g', 'e', 'c', 'h', 'o', '.', 'c', 'h', '\0', + /* "biogecho.swiss", true */ 'b', 'i', 'o', 'g', 'e', 'c', 'h', 'o', '.', 's', 'w', 'i', 's', 's', '\0', + /* "biogeniq.ca", true */ 'b', 'i', 'o', 'g', 'e', 'n', 'i', 'q', '.', 'c', 'a', '\0', + /* "biohappiness.com", true */ 'b', 'i', 'o', 'h', 'a', 'p', 'p', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "bioharmony.ca", true */ 'b', 'i', 'o', 'h', 'a', 'r', 'm', 'o', 'n', 'y', '.', 'c', 'a', '\0', + /* "biointelligence-explosion.com", true */ 'b', 'i', 'o', 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '-', 'e', 'x', 'p', 'l', 'o', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "bioligo.ch", true */ 'b', 'i', 'o', 'l', 'i', 'g', 'o', '.', 'c', 'h', '\0', + /* "biolindo.com", false */ 'b', 'i', 'o', 'l', 'i', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "biologis.ch", true */ 'b', 'i', 'o', 'l', 'o', 'g', 'i', 's', '.', 'c', 'h', '\0', + /* "biomax-mep.com.br", true */ 'b', 'i', 'o', 'm', 'a', 'x', '-', 'm', 'e', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "biometrics.es", true */ 'b', 'i', 'o', 'm', 'e', 't', 'r', 'i', 'c', 's', '.', 'e', 's', '\0', + /* "biomodra.cz", true */ 'b', 'i', 'o', 'm', 'o', 'd', 'r', 'a', '.', 'c', 'z', '\0', + /* "biopreferred.gov", true */ 'b', 'i', 'o', 'p', 'r', 'e', 'f', 'e', 'r', 'r', 'e', 'd', '.', 'g', 'o', 'v', '\0', + /* "biopsychiatry.com", true */ 'b', 'i', 'o', 'p', 's', 'y', 'c', 'h', 'i', 'a', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "biosafe.ch", true */ 'b', 'i', 'o', 's', 'a', 'f', 'e', '.', 'c', 'h', '\0', + /* "biosbits.org", true */ 'b', 'i', 'o', 's', 'b', 'i', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "bioshine.com.sg", true */ 'b', 'i', 'o', 's', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 's', 'g', '\0', + /* "bioshome.de", true */ 'b', 'i', 'o', 's', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0', + /* "biosignalanalytics.com", true */ 'b', 'i', 'o', 's', 'i', 'g', 'n', 'a', 'l', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "biospeak.solutions", true */ 'b', 'i', 'o', 's', 'p', 'e', 'a', 'k', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0', + /* "biosphere.cc", true */ 'b', 'i', 'o', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'c', '\0', + /* "biotechware.com", true */ 'b', 'i', 'o', 't', 'e', 'c', 'h', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "biou.me", true */ 'b', 'i', 'o', 'u', '.', 'm', 'e', '\0', + /* "biovalue.eu", true */ 'b', 'i', 'o', 'v', 'a', 'l', 'u', 'e', '.', 'e', 'u', '\0', + /* "bipyo.com", true */ 'b', 'i', 'p', 'y', 'o', '.', 'c', 'o', 'm', '\0', + /* "birbaumer.li", true */ 'b', 'i', 'r', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'l', 'i', '\0', + /* "birchbarkfurniture.ch", true */ 'b', 'i', 'r', 'c', 'h', 'b', 'a', 'r', 'k', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'c', 'h', '\0', + /* "birchbarkfurniture.com", true */ 'b', 'i', 'r', 'c', 'h', 'b', 'a', 'r', 'k', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "birchbarkfurniture.fr", true */ 'b', 'i', 'r', 'c', 'h', 'b', 'a', 'r', 'k', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'f', 'r', '\0', + /* "birdbrowser.com", true */ 'b', 'i', 'r', 'd', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "birdfeeder.online", true */ 'b', 'i', 'r', 'd', 'f', 'e', 'e', 'd', 'e', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "birdiehosting.nl", true */ 'b', 'i', 'r', 'd', 'i', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "birdymanbestreviews.com", true */ 'b', 'i', 'r', 'd', 'y', 'm', 'a', 'n', 'b', 'e', 's', 't', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "birgit-rydlewski.de", true */ 'b', 'i', 'r', 'g', 'i', 't', '-', 'r', 'y', 'd', 'l', 'e', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0', + /* "birkengarten.ch", true */ 'b', 'i', 'r', 'k', 'e', 'n', 'g', 'a', 'r', 't', 'e', 'n', '.', 'c', 'h', '\0', + /* "birkhoff.me", true */ 'b', 'i', 'r', 'k', 'h', 'o', 'f', 'f', '.', 'm', 'e', '\0', + /* "birminghamcastlehire.co.uk", true */ 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "birthdaytip.com", true */ 'b', 'i', 'r', 't', 'h', 'd', 'a', 'y', 't', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "birthmatters.us", true */ 'b', 'i', 'r', 't', 'h', 'm', 'a', 't', 't', 'e', 'r', 's', '.', 'u', 's', '\0', + /* "birzan.org", true */ 'b', 'i', 'r', 'z', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "biscoint.io", true */ 'b', 'i', 's', 'c', 'o', 'i', 'n', 't', '.', 'i', 'o', '\0', + /* "bismarck-tb.de", true */ 'b', 'i', 's', 'm', 'a', 'r', 'c', 'k', '-', 't', 'b', '.', 'd', 'e', '\0', + /* "bison.co", true */ 'b', 'i', 's', 'o', 'n', '.', 'c', 'o', '\0', + /* "bissalama.org", true */ 'b', 'i', 's', 's', 'a', 'l', 'a', 'm', 'a', '.', 'o', 'r', 'g', '\0', + /* "bistrocean.com", true */ 'b', 'i', 's', 't', 'r', 'o', 'c', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "biswas.me", true */ 'b', 'i', 's', 'w', 'a', 's', '.', 'm', 'e', '\0', + /* "bit-cloud.de", true */ 'b', 'i', 't', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "bit-rapid.com", true */ 'b', 'i', 't', '-', 'r', 'a', 'p', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "bit-sentinel.com", true */ 'b', 'i', 't', '-', 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "bit.voyage", true */ 'b', 'i', 't', '.', 'v', 'o', 'y', 'a', 'g', 'e', '\0', + /* "bit8.com", true */ 'b', 'i', 't', '8', '.', 'c', 'o', 'm', '\0', + /* "bitace.com", true */ 'b', 'i', 't', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "bitbeans.de", true */ 'b', 'i', 't', 'b', 'e', 'a', 'n', 's', '.', 'd', 'e', '\0', + /* "bitbucket.com", true */ 'b', 'i', 't', 'b', 'u', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "bitbucket.io", true */ 'b', 'i', 't', 'b', 'u', 'c', 'k', 'e', 't', '.', 'i', 'o', '\0', + /* "bitbucket.org", true */ 'b', 'i', 't', 'b', 'u', 'c', 'k', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "bitburner.de", true */ 'b', 'i', 't', 'b', 'u', 'r', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "bitcoin-india.net", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '-', 'i', 'n', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "bitcoin-india.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '-', 'i', 'n', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "bitcoin.asia", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'a', 's', 'i', 'a', '\0', + /* "bitcoin.ch", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'h', '\0', + /* "bitcoin.co.nz", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "bitcoin.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "bitcoin.de", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'd', 'e', '\0', + /* "bitcoin.im", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'i', 'm', '\0', + /* "bitcoin.info", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "bitcoin.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "bitcoin.us", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'u', 's', '\0', + /* "bitcoinbitcoin.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "bitcoinclashic.ninja", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'c', 'l', 'a', 's', 'h', 'i', 'c', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "bitcoincore.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "bitcoinec.info", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'e', 'c', '.', 'i', 'n', 'f', 'o', '\0', + /* "bitcoinhk.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'h', 'k', '.', 'o', 'r', 'g', '\0', + /* "bitcoinindia.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "bitcoinkarlsruhe.de", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'k', 'a', 'r', 'l', 's', 'r', 'u', 'h', 'e', '.', 'd', 'e', '\0', + /* "bitcoinrealestate.com.au", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "bitcointhefts.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 't', 'h', 'e', 'f', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "bitcoinx.gr", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'x', '.', 'g', 'r', '\0', + /* "bitcoinx.ro", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'x', '.', 'r', 'o', '\0', + /* "bitedge.com", true */ 'b', 'i', 't', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "bitenose.com", true */ 'b', 'i', 't', 'e', 'n', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "bitex.la", true */ 'b', 'i', 't', 'e', 'x', '.', 'l', 'a', '\0', + /* "bitfasching.de", true */ 'b', 'i', 't', 'f', 'a', 's', 'c', 'h', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "bitfehler.net", true */ 'b', 'i', 't', 'f', 'e', 'h', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "bitfinder.nl", true */ 'b', 'i', 't', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'n', 'l', '\0', + /* "bitfuse.net", true */ 'b', 'i', 't', 'f', 'u', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "bitgo.com", true */ 'b', 'i', 't', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "bititrain.com", true */ 'b', 'i', 't', 'i', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "bitmain.com.ua", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "bitmainwarranty.com", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', 'w', 'a', 'r', 'r', 'a', 'n', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "bitmainwarranty.com.ua", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', 'w', 'a', 'r', 'r', 'a', 'n', 't', 'y', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "bitmainwarranty.ru", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', 'w', 'a', 'r', 'r', 'a', 'n', 't', 'y', '.', 'r', 'u', '\0', + /* "bitmessage.ch", true */ 'b', 'i', 't', 'm', 'e', 's', 's', 'a', 'g', 'e', '.', 'c', 'h', '\0', + /* "bitmex.com", true */ 'b', 'i', 't', 'm', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "bitminter.com", true */ 'b', 'i', 't', 'm', 'i', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "bitmoe.com", true */ 'b', 'i', 't', 'm', 'o', 'e', '.', 'c', 'o', 'm', '\0', + /* "bitmon.net", true */ 'b', 'i', 't', 'm', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "bitok.com", true */ 'b', 'i', 't', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "bitplay.space", true */ 'b', 'i', 't', 'p', 'l', 'a', 'y', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "bitpod.de", true */ 'b', 'i', 't', 'p', 'o', 'd', '.', 'd', 'e', '\0', + /* "bitpoll.de", true */ 'b', 'i', 't', 'p', 'o', 'l', 'l', '.', 'd', 'e', '\0', + /* "bitpoll.org", true */ 'b', 'i', 't', 'p', 'o', 'l', 'l', '.', 'o', 'r', 'g', '\0', + /* "bitpumpe.net", true */ 'b', 'i', 't', 'p', 'u', 'm', 'p', 'e', '.', 'n', 'e', 't', '\0', + /* "bitref.com", true */ 'b', 'i', 't', 'r', 'e', 'f', '.', 'c', 'o', 'm', '\0', + /* "bitroll.com", true */ 'b', 'i', 't', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "bitrush.nl", true */ 'b', 'i', 't', 'r', 'u', 's', 'h', '.', 'n', 'l', '\0', + /* "bitsafe.com.my", true */ 'b', 'i', 't', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '.', 'm', 'y', '\0', + /* "bitsburg.ru", true */ 'b', 'i', 't', 's', 'b', 'u', 'r', 'g', '.', 'r', 'u', '\0', + /* "bitsensor.io", true */ 'b', 'i', 't', 's', 'e', 'n', 's', 'o', 'r', '.', 'i', 'o', '\0', + /* "bitshaker.net", true */ 'b', 'i', 't', 's', 'h', 'a', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "bitskins.co", true */ 'b', 'i', 't', 's', 'k', 'i', 'n', 's', '.', 'c', 'o', '\0', + /* "bitskrieg.net", true */ 'b', 'i', 't', 's', 'k', 'r', 'i', 'e', 'g', '.', 'n', 'e', 't', '\0', + /* "bitstorm.nl", true */ 'b', 'i', 't', 's', 't', 'o', 'r', 'm', '.', 'n', 'l', '\0', + /* "bitstorm.org", true */ 'b', 'i', 't', 's', 't', 'o', 'r', 'm', '.', 'o', 'r', 'g', '\0', + /* "bitsum.com", true */ 'b', 'i', 't', 's', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "bitsync.nl", true */ 'b', 'i', 't', 's', 'y', 'n', 'c', '.', 'n', 'l', '\0', + /* "bittersweetcandybowl.com", true */ 'b', 'i', 't', 't', 'e', 'r', 's', 'w', 'e', 'e', 't', 'c', 'a', 'n', 'd', 'y', 'b', 'o', 'w', 'l', '.', 'c', 'o', 'm', '\0', + /* "bittervault.xyz", true */ 'b', 'i', 't', 't', 'e', 'r', 'v', 'a', 'u', 'l', 't', '.', 'x', 'y', 'z', '\0', + /* "bittmann.me", false */ 'b', 'i', 't', 't', 'm', 'a', 'n', 'n', '.', 'm', 'e', '\0', + /* "bittylicious.com", true */ 'b', 'i', 't', 't', 'y', 'l', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "bituptick.com", true */ 'b', 'i', 't', 'u', 'p', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "bitvegas.com", true */ 'b', 'i', 't', 'v', 'e', 'g', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "bitvest.io", true */ 'b', 'i', 't', 'v', 'e', 's', 't', '.', 'i', 'o', '\0', + /* "bitwolk.nl", true */ 'b', 'i', 't', 'w', 'o', 'l', 'k', '.', 'n', 'l', '\0', + /* "biurokarier.edu.pl", true */ 'b', 'i', 'u', 'r', 'o', 'k', 'a', 'r', 'i', 'e', 'r', '.', 'e', 'd', 'u', '.', 'p', 'l', '\0', + /* "bixservice.com", true */ 'b', 'i', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "biyori.moe", true */ 'b', 'i', 'y', 'o', 'r', 'i', '.', 'm', 'o', 'e', '\0', + /* "biyou-homme.com", true */ 'b', 'i', 'y', 'o', 'u', '-', 'h', 'o', 'm', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "biz4x.com", true */ 'b', 'i', 'z', '4', 'x', '.', 'c', 'o', 'm', '\0', + /* "bizeau.ch", true */ 'b', 'i', 'z', 'e', 'a', 'u', '.', 'c', 'h', '\0', + /* "bizedge.co.nz", true */ 'b', 'i', 'z', 'e', 'd', 'g', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "bizniskatalog.mk", true */ 'b', 'i', 'z', 'n', 'i', 's', 'k', 'a', 't', 'a', 'l', 'o', 'g', '.', 'm', 'k', '\0', + /* "biznpro.ru", true */ 'b', 'i', 'z', 'n', 'p', 'r', 'o', '.', 'r', 'u', '\0', + /* "bizstarter.cz", true */ 'b', 'i', 'z', 's', 't', 'a', 'r', 't', 'e', 'r', '.', 'c', 'z', '\0', + /* "biztera.com", true */ 'b', 'i', 'z', 't', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "biztok.eu", true */ 'b', 'i', 'z', 't', 'o', 'k', '.', 'e', 'u', '\0', + /* "bizzi.tv", true */ 'b', 'i', 'z', 'z', 'i', '.', 't', 'v', '\0', + /* "bjarnerest.de", true */ 'b', 'j', 'a', 'r', 'n', 'e', 'r', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "bjornhelmersson.se", true */ 'b', 'j', 'o', 'r', 'n', 'h', 'e', 'l', 'm', 'e', 'r', 's', 's', 'o', 'n', '.', 's', 'e', '\0', + /* "bjornjohansen.no", true */ 'b', 'j', 'o', 'r', 'n', 'j', 'o', 'h', 'a', 'n', 's', 'e', 'n', '.', 'n', 'o', '\0', + /* "bjsbouncycastles.com", true */ 'b', 'j', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "bkentertainments.co.uk", true */ 'b', 'k', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bkhpilates.co.uk", true */ 'b', 'k', 'h', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bkositspartytime.co.uk", true */ 'b', 'k', 'o', 's', 'i', 't', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bl4ckb0x.biz", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'b', 'i', 'z', '\0', + /* "bl4ckb0x.com", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'c', 'o', 'm', '\0', + /* "bl4ckb0x.de", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'd', 'e', '\0', + /* "bl4ckb0x.eu", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'e', 'u', '\0', + /* "bl4ckb0x.info", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "bl4ckb0x.net", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'n', 'e', 't', '\0', + /* "bl4ckb0x.org", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'o', 'r', 'g', '\0', + /* "blablacar.co.uk", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "blablacar.com", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "blablacar.com.tr", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "blablacar.com.ua", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "blablacar.de", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'd', 'e', '\0', + /* "blablacar.es", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'e', 's', '\0', + /* "blablacar.fr", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'f', 'r', '\0', + /* "blablacar.hr", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'h', 'r', '\0', + /* "blablacar.hu", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'h', 'u', '\0', + /* "blablacar.in", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'i', 'n', '\0', + /* "blablacar.it", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'i', 't', '\0', + /* "blablacar.mx", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'm', 'x', '\0', + /* "blablacar.nl", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'n', 'l', '\0', + /* "blablacar.pl", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'p', 'l', '\0', + /* "blablacar.pt", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'p', 't', '\0', + /* "blablacar.ro", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'r', 'o', '\0', + /* "blablacar.rs", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'r', 's', '\0', + /* "blablacar.ru", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'r', 'u', '\0', + /* "black-gay-porn.biz", true */ 'b', 'l', 'a', 'c', 'k', '-', 'g', 'a', 'y', '-', 'p', 'o', 'r', 'n', '.', 'b', 'i', 'z', '\0', + /* "black-khat.com", true */ 'b', 'l', 'a', 'c', 'k', '-', 'k', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "black-mail.nl", true */ 'b', 'l', 'a', 'c', 'k', '-', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0', + /* "black.dating", true */ 'b', 'l', 'a', 'c', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "black.host", true */ 'b', 'l', 'a', 'c', 'k', '.', 'h', 'o', 's', 't', '\0', + /* "blackandpony.de", true */ 'b', 'l', 'a', 'c', 'k', 'a', 'n', 'd', 'p', 'o', 'n', 'y', '.', 'd', 'e', '\0', + /* "blackapron.com.br", true */ 'b', 'l', 'a', 'c', 'k', 'a', 'p', 'r', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "blackbag.nl", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'a', 'g', '.', 'n', 'l', '\0', + /* "blackbase.de", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'a', 's', 'e', '.', 'd', 'e', '\0', + /* "blackberrycentral.com", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'e', 'r', 'r', 'y', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "blackberryforums.be", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'e', 'r', 'r', 'y', 'f', 'o', 'r', 'u', 'm', 's', '.', 'b', 'e', '\0', + /* "blackcat.ca", true */ 'b', 'l', 'a', 'c', 'k', 'c', 'a', 't', '.', 'c', 'a', '\0', + /* "blackcatinformatics.ca", true */ 'b', 'l', 'a', 'c', 'k', 'c', 'a', 't', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 's', '.', 'c', 'a', '\0', + /* "blackcatinformatics.com", true */ 'b', 'l', 'a', 'c', 'k', 'c', 'a', 't', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "blackdesertsp.com", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'e', 's', 'e', 'r', 't', 's', 'p', '.', 'c', 'o', 'm', '\0', + /* "blackdotbrewery.com", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'o', 't', 'b', 'r', 'e', 'w', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "blackdown.de", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'o', 'w', 'n', '.', 'd', 'e', '\0', + /* "blackdragoninc.org", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'r', 'a', 'g', 'o', 'n', 'i', 'n', 'c', '.', 'o', 'r', 'g', '\0', + /* "blackedbyte.com", true */ 'b', 'l', 'a', 'c', 'k', 'e', 'd', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "blackevent.be", true */ 'b', 'l', 'a', 'c', 'k', 'e', 'v', 'e', 'n', 't', '.', 'b', 'e', '\0', + /* "blackgamelp.de", true */ 'b', 'l', 'a', 'c', 'k', 'g', 'a', 'm', 'e', 'l', 'p', '.', 'd', 'e', '\0', + /* "blackhelicopters.net", true */ 'b', 'l', 'a', 'c', 'k', 'h', 'e', 'l', 'i', 'c', 'o', 'p', 't', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "blackhillsinfosec.com", true */ 'b', 'l', 'a', 'c', 'k', 'h', 'i', 'l', 'l', 's', 'i', 'n', 'f', 'o', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "blackkeg.ca", true */ 'b', 'l', 'a', 'c', 'k', 'k', 'e', 'g', '.', 'c', 'a', '\0', + /* "blackl.net", true */ 'b', 'l', 'a', 'c', 'k', 'l', '.', 'n', 'e', 't', '\0', + /* "blacklightparty.be", true */ 'b', 'l', 'a', 'c', 'k', 'l', 'i', 'g', 'h', 't', 'p', 'a', 'r', 't', 'y', '.', 'b', 'e', '\0', + /* "blackmirror.com.au", true */ 'b', 'l', 'a', 'c', 'k', 'm', 'i', 'r', 'r', 'o', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "blackmonday.gr", true */ 'b', 'l', 'a', 'c', 'k', 'm', 'o', 'n', 'd', 'a', 'y', '.', 'g', 'r', '\0', + /* "blacknetwork.eu", true */ 'b', 'l', 'a', 'c', 'k', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '\0', + /* "blacknova.io", true */ 'b', 'l', 'a', 'c', 'k', 'n', 'o', 'v', 'a', '.', 'i', 'o', '\0', + /* "blackonion.com", true */ 'b', 'l', 'a', 'c', 'k', 'o', 'n', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "blackpapermoon.de", true */ 'b', 'l', 'a', 'c', 'k', 'p', 'a', 'p', 'e', 'r', 'm', 'o', 'o', 'n', '.', 'd', 'e', '\0', + /* "blackphantom.de", true */ 'b', 'l', 'a', 'c', 'k', 'p', 'h', 'a', 'n', 't', 'o', 'm', '.', 'd', 'e', '\0', + /* "blackphoenix.de", true */ 'b', 'l', 'a', 'c', 'k', 'p', 'h', 'o', 'e', 'n', 'i', 'x', '.', 'd', 'e', '\0', + /* "blackscytheconsulting.com", true */ 'b', 'l', 'a', 'c', 'k', 's', 'c', 'y', 't', 'h', 'e', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "blackseals.net", true */ 'b', 'l', 'a', 'c', 'k', 's', 'e', 'a', 'l', 's', '.', 'n', 'e', 't', '\0', + /* "blackys-chamber.de", true */ 'b', 'l', 'a', 'c', 'k', 'y', 's', '-', 'c', 'h', 'a', 'm', 'b', 'e', 'r', '.', 'd', 'e', '\0', + /* "blaise.io", true */ 'b', 'l', 'a', 'i', 's', 'e', '.', 'i', 'o', '\0', + /* "blakecoin.org", true */ 'b', 'l', 'a', 'k', 'e', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "blameomar.com", true */ 'b', 'l', 'a', 'm', 'e', 'o', 'm', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "blancodent.com", true */ 'b', 'l', 'a', 'n', 'c', 'o', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "blankersfamily.com", true */ 'b', 'l', 'a', 'n', 'k', 'e', 'r', 's', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "blarg.co", true */ 'b', 'l', 'a', 'r', 'g', '.', 'c', 'o', '\0', + /* "blastentertainment.com.au", true */ 'b', 'l', 'a', 's', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "blastersklan.com", true */ 'b', 'l', 'a', 's', 't', 'e', 'r', 's', 'k', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "blastzoneentertainments.co.uk", true */ 'b', 'l', 'a', 's', 't', 'z', 'o', 'n', 'e', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "blaudev.es", true */ 'b', 'l', 'a', 'u', 'd', 'e', 'v', '.', 'e', 's', '\0', + /* "blauerhunger.de", true */ 'b', 'l', 'a', 'u', 'e', 'r', 'h', 'u', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "blayne.me", true */ 'b', 'l', 'a', 'y', 'n', 'e', '.', 'm', 'e', '\0', + /* "blayneallan.com", true */ 'b', 'l', 'a', 'y', 'n', 'e', 'a', 'l', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "bleaching-tipps.de", true */ 'b', 'l', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '-', 't', 'i', 'p', 'p', 's', '.', 'd', 'e', '\0', + /* "bleche-onlineshop.de", true */ 'b', 'l', 'e', 'c', 'h', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0', + /* "blechinger.io", true */ 'b', 'l', 'e', 'c', 'h', 'i', 'n', 'g', 'e', 'r', '.', 'i', 'o', '\0', + /* "blechpirat.name", true */ 'b', 'l', 'e', 'c', 'h', 'p', 'i', 'r', 'a', 't', '.', 'n', 'a', 'm', 'e', '\0', + /* "blechschmidt.saarland", true */ 'b', 'l', 'e', 'c', 'h', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 's', 'a', 'a', 'r', 'l', 'a', 'n', 'd', '\0', + /* "bleep.zone", true */ 'b', 'l', 'e', 'e', 'p', '.', 'z', 'o', 'n', 'e', '\0', + /* "blenderrecipereviews.com", true */ 'b', 'l', 'e', 'n', 'd', 'e', 'r', 'r', 'e', 'c', 'i', 'p', 'e', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "blendle.com", true */ 'b', 'l', 'e', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "blendle.nl", true */ 'b', 'l', 'e', 'n', 'd', 'l', 'e', '.', 'n', 'l', '\0', + /* "blendr.com", true */ 'b', 'l', 'e', 'n', 'd', 'r', '.', 'c', 'o', 'm', '\0', + /* "blenneros.net", true */ 'b', 'l', 'e', 'n', 'n', 'e', 'r', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "blessedearth.com.au", true */ 'b', 'l', 'e', 's', 's', 'e', 'd', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "blessedguy.com", true */ 'b', 'l', 'e', 's', 's', 'e', 'd', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0', + /* "blessedguy.net", true */ 'b', 'l', 'e', 's', 's', 'e', 'd', 'g', 'u', 'y', '.', 'n', 'e', 't', '\0', + /* "blewebprojects.com", true */ 'b', 'l', 'e', 'w', 'e', 'b', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "blichmann.eu", true */ 'b', 'l', 'i', 'c', 'h', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0', + /* "blidz.com", true */ 'b', 'l', 'i', 'd', 'z', '.', 'c', 'o', 'm', '\0', + /* "blieque.co.uk", true */ 'b', 'l', 'i', 'e', 'q', 'u', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "blikund.swedbank.se", true */ 'b', 'l', 'i', 'k', 'u', 'n', 'd', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0', + /* "blingsparkleshine.com", true */ 'b', 'l', 'i', 'n', 'g', 's', 'p', 'a', 'r', 'k', 'l', 'e', 's', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "blink-security.com", true */ 'b', 'l', 'i', 'n', 'k', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "blinking.link", true */ 'b', 'l', 'i', 'n', 'k', 'i', 'n', 'g', '.', 'l', 'i', 'n', 'k', '\0', + /* "blinkspeed.eu", true */ 'b', 'l', 'i', 'n', 'k', 's', 'p', 'e', 'e', 'd', '.', 'e', 'u', '\0', + /* "blio.tk", true */ 'b', 'l', 'i', 'o', '.', 't', 'k', '\0', + /* "blissjoe.com", true */ 'b', 'l', 'i', 's', 's', 'j', 'o', 'e', '.', 'c', 'o', 'm', '\0', + /* "blissplan.com", true */ 'b', 'l', 'i', 's', 's', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "blivawesome.dk", true */ 'b', 'l', 'i', 'v', 'a', 'w', 'e', 's', 'o', 'm', 'e', '.', 'd', 'k', '\0', + /* "blivvektor.dk", true */ 'b', 'l', 'i', 'v', 'v', 'e', 'k', 't', 'o', 'r', '.', 'd', 'k', '\0', + /* "blizhost.com", true */ 'b', 'l', 'i', 'z', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "blizhost.com.br", true */ 'b', 'l', 'i', 'z', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "blizz.news", true */ 'b', 'l', 'i', 'z', 'z', '.', 'n', 'e', 'w', 's', '\0', + /* "blkbx.eu", true */ 'b', 'l', 'k', 'b', 'x', '.', 'e', 'u', '\0', + /* "blm.gov", true */ 'b', 'l', 'm', '.', 'g', 'o', 'v', '\0', + /* "block-this.com", true */ 'b', 'l', 'o', 'c', 'k', '-', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "block65.com", true */ 'b', 'l', 'o', 'c', 'k', '6', '5', '.', 'c', 'o', 'm', '\0', + /* "blockchain.info", true */ 'b', 'l', 'o', 'c', 'k', 'c', 'h', 'a', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "blockchaindaigakko.jp", true */ 'b', 'l', 'o', 'c', 'k', 'c', 'h', 'a', 'i', 'n', 'd', 'a', 'i', 'g', 'a', 'k', 'k', 'o', '.', 'j', 'p', '\0', + /* "blockified.io", true */ 'b', 'l', 'o', 'c', 'k', 'i', 'f', 'i', 'e', 'd', '.', 'i', 'o', '\0', + /* "blockmetry.com", true */ 'b', 'l', 'o', 'c', 'k', 'm', 'e', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "blockstream.com", true */ 'b', 'l', 'o', 'c', 'k', 's', 't', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "blockxit.de", true */ 'b', 'l', 'o', 'c', 'k', 'x', 'i', 't', '.', 'd', 'e', '\0', + /* "bloemendal.me", true */ 'b', 'l', 'o', 'e', 'm', 'e', 'n', 'd', 'a', 'l', '.', 'm', 'e', '\0', + /* "blog-grupom2.es", true */ 'b', 'l', 'o', 'g', '-', 'g', 'r', 'u', 'p', 'o', 'm', '2', '.', 'e', 's', '\0', + /* "blog.gov.uk", true */ 'b', 'l', 'o', 'g', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0', + /* "blog.linode.com", false */ 'b', 'l', 'o', 'g', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "blog.lookout.com", false */ 'b', 'l', 'o', 'g', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "blogabout.ru", true */ 'b', 'l', 'o', 'g', 'a', 'b', 'o', 'u', 't', '.', 'r', 'u', '\0', + /* "blogaid.net", true */ 'b', 'l', 'o', 'g', 'a', 'i', 'd', '.', 'n', 'e', 't', '\0', + /* "blogarts.net", true */ 'b', 'l', 'o', 'g', 'a', 'r', 't', 's', '.', 'n', 'e', 't', '\0', + /* "blogbooker.com", true */ 'b', 'l', 'o', 'g', 'b', 'o', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "blogconcours.net", true */ 'b', 'l', 'o', 'g', 'c', 'o', 'n', 'c', 'o', 'u', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "blogcuaviet.com", true */ 'b', 'l', 'o', 'g', 'c', 'u', 'a', 'v', 'i', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "blogdieconomia.it", true */ 'b', 'l', 'o', 'g', 'd', 'i', 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'a', '.', 'i', 't', '\0', + /* "blogdimoda.com", true */ 'b', 'l', 'o', 'g', 'd', 'i', 'm', 'o', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "blogdimotori.it", true */ 'b', 'l', 'o', 'g', 'd', 'i', 'm', 'o', 't', 'o', 'r', 'i', '.', 'i', 't', '\0', + /* "blogexpert.ca", true */ 'b', 'l', 'o', 'g', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'a', '\0', + /* "blogging-life.com", true */ 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "bloggingwithchildren.com", true */ 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', 'w', 'i', 't', 'h', 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "bloggytalky.com", true */ 'b', 'l', 'o', 'g', 'g', 'y', 't', 'a', 'l', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "bloginbeeld.nl", true */ 'b', 'l', 'o', 'g', 'i', 'n', 'b', 'e', 'e', 'l', 'd', '.', 'n', 'l', '\0', + /* "blogom.at", true */ 'b', 'l', 'o', 'g', 'o', 'm', '.', 'a', 't', '\0', + /* "blogpentrusuflet.ro", true */ 'b', 'l', 'o', 'g', 'p', 'e', 'n', 't', 'r', 'u', 's', 'u', 'f', 'l', 'e', 't', '.', 'r', 'o', '\0', + /* "blogreen.org", true */ 'b', 'l', 'o', 'g', 'r', 'e', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "blogtroterzy.pl", true */ 'b', 'l', 'o', 'g', 't', 'r', 'o', 't', 'e', 'r', 'z', 'y', '.', 'p', 'l', '\0', + /* "bloodsports.org", true */ 'b', 'l', 'o', 'o', 'd', 's', 'p', 'o', 'r', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "bloodyexcellent.com", true */ 'b', 'l', 'o', 'o', 'd', 'y', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "bloom-avenue.com", true */ 'b', 'l', 'o', 'o', 'm', '-', 'a', 'v', 'e', 'n', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "bls-fiduciaire.be", true */ 'b', 'l', 's', '-', 'f', 'i', 'd', 'u', 'c', 'i', 'a', 'i', 'r', 'e', '.', 'b', 'e', '\0', + /* "bltc.co.uk", true */ 'b', 'l', 't', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bltc.com", true */ 'b', 'l', 't', 'c', '.', 'c', 'o', 'm', '\0', + /* "bltc.net", true */ 'b', 'l', 't', 'c', '.', 'n', 'e', 't', '\0', + /* "bltc.org", true */ 'b', 'l', 't', 'c', '.', 'o', 'r', 'g', '\0', + /* "bltc.org.uk", true */ 'b', 'l', 't', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "blubberladen.de", true */ 'b', 'l', 'u', 'b', 'b', 'e', 'r', 'l', 'a', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "blue-leaf81.net", true */ 'b', 'l', 'u', 'e', '-', 'l', 'e', 'a', 'f', '8', '1', '.', 'n', 'e', 't', '\0', + /* "blue42.net", true */ 'b', 'l', 'u', 'e', '4', '2', '.', 'n', 'e', 't', '\0', + /* "bluecards.eu", true */ 'b', 'l', 'u', 'e', 'c', 'a', 'r', 'd', 's', '.', 'e', 'u', '\0', + /* "bluechilli.com", true */ 'b', 'l', 'u', 'e', 'c', 'h', 'i', 'l', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "bluecon.ninja", true */ 'b', 'l', 'u', 'e', 'c', 'o', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "blued.moe", true */ 'b', 'l', 'u', 'e', 'd', '.', 'm', 'o', 'e', '\0', + /* "bluefinger.nl", true */ 'b', 'l', 'u', 'e', 'f', 'i', 'n', 'g', 'e', 'r', '.', 'n', 'l', '\0', + /* "blueflare.org", true */ 'b', 'l', 'u', 'e', 'f', 'l', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "bluefuzz.nl", true */ 'b', 'l', 'u', 'e', 'f', 'u', 'z', 'z', '.', 'n', 'l', '\0', + /* "blueimp.net", true */ 'b', 'l', 'u', 'e', 'i', 'm', 'p', '.', 'n', 'e', 't', '\0', + /* "blueliquiddesigns.com.au", true */ 'b', 'l', 'u', 'e', 'l', 'i', 'q', 'u', 'i', 'd', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "bluemeda.web.id", true */ 'b', 'l', 'u', 'e', 'm', 'e', 'd', 'a', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0', + /* "bluemoonroleplaying.com", true */ 'b', 'l', 'u', 'e', 'm', 'o', 'o', 'n', 'r', 'o', 'l', 'e', 'p', 'l', 'a', 'y', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "bluemosh.com", true */ 'b', 'l', 'u', 'e', 'm', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "bluenote9.com", true */ 'b', 'l', 'u', 'e', 'n', 'o', 't', 'e', '9', '.', 'c', 'o', 'm', '\0', + /* "blueperil.de", true */ 'b', 'l', 'u', 'e', 'p', 'e', 'r', 'i', 'l', '.', 'd', 'e', '\0', + /* "bluepoint.foundation", true */ 'b', 'l', 'u', 'e', 'p', 'o', 'i', 'n', 't', '.', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '\0', + /* "bluepoint.institute", true */ 'b', 'l', 'u', 'e', 'p', 'o', 'i', 'n', 't', '.', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '\0', + /* "bluepoint.one", true */ 'b', 'l', 'u', 'e', 'p', 'o', 'i', 'n', 't', '.', 'o', 'n', 'e', '\0', + /* "bluepostbox.de", true */ 'b', 'l', 'u', 'e', 'p', 'o', 's', 't', 'b', 'o', 'x', '.', 'd', 'e', '\0', + /* "blues-and-pictures.com", true */ 'b', 'l', 'u', 'e', 's', '-', 'a', 'n', 'd', '-', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "bluesecure.com.br", true */ 'b', 'l', 'u', 'e', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bluex.im", true */ 'b', 'l', 'u', 'e', 'x', '.', 'i', 'm', '\0', + /* "bluex.info", true */ 'b', 'l', 'u', 'e', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "bluex.net", true */ 'b', 'l', 'u', 'e', 'x', '.', 'n', 'e', 't', '\0', + /* "bluex.org", true */ 'b', 'l', 'u', 'e', 'x', '.', 'o', 'r', 'g', '\0', + /* "blueyed.eu", true */ 'b', 'l', 'u', 'e', 'y', 'e', 'd', '.', 'e', 'u', '\0', + /* "bluezonehealth.co.uk", true */ 'b', 'l', 'u', 'e', 'z', 'o', 'n', 'e', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "blumen-binder.ch", true */ 'b', 'l', 'u', 'm', 'e', 'n', '-', 'b', 'i', 'n', 'd', 'e', 'r', '.', 'c', 'h', '\0', + /* "blumenfeldart.com", true */ 'b', 'l', 'u', 'm', 'e', 'n', 'f', 'e', 'l', 'd', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "blumenwiese.xyz", true */ 'b', 'l', 'u', 'm', 'e', 'n', 'w', 'i', 'e', 's', 'e', '.', 'x', 'y', 'z', '\0', + /* "blumiges-fischbachtal.de", true */ 'b', 'l', 'u', 'm', 'i', 'g', 'e', 's', '-', 'f', 'i', 's', 'c', 'h', 'b', 'a', 'c', 'h', 't', 'a', 'l', '.', 'd', 'e', '\0', + /* "blurringexistence.net", true */ 'b', 'l', 'u', 'r', 'r', 'i', 'n', 'g', 'e', 'x', 'i', 's', 't', 'e', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "blusmurf.net", true */ 'b', 'l', 'u', 's', 'm', 'u', 'r', 'f', '.', 'n', 'e', 't', '\0', + /* "blutopia.xyz", true */ 'b', 'l', 'u', 't', 'o', 'p', 'i', 'a', '.', 'x', 'y', 'z', '\0', + /* "blvdmb.com", true */ 'b', 'l', 'v', 'd', 'm', 'b', '.', 'c', 'o', 'm', '\0', + /* "bm-immo.ch", true */ 'b', 'm', '-', 'i', 'm', 'm', 'o', '.', 'c', 'h', '\0', + /* "bmet.de", true */ 'b', 'm', 'e', 't', '.', 'd', 'e', '\0', + /* "bmoattachments.org", true */ 'b', 'm', 'o', 'a', 't', 't', 'a', 'c', 'h', 'm', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "bmone.net", true */ 'b', 'm', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "bmros.com.ar", true */ 'b', 'm', 'r', 'o', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "bmw-motorradclub-seefeld.de", true */ 'b', 'm', 'w', '-', 'm', 'o', 't', 'o', 'r', 'r', 'a', 'd', 'c', 'l', 'u', 'b', '-', 's', 'e', 'e', 'f', 'e', 'l', 'd', '.', 'd', 'e', '\0', + /* "bn1digital.co.uk", true */ 'b', 'n', '1', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bnb-buddy.nl", true */ 'b', 'n', 'b', '-', 'b', 'u', 'd', 'd', 'y', '.', 'n', 'l', '\0', + /* "bnbsinflatablehire.co.uk", true */ 'b', 'n', 'b', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bngs.pl", true */ 'b', 'n', 'g', 's', '.', 'p', 'l', '\0', + /* "bnin.org", true */ 'b', 'n', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "bnjscastles.co.uk", true */ 'b', 'n', 'j', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bnstree.com", true */ 'b', 'n', 's', 't', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "bnty.net", true */ 'b', 'n', 't', 'y', '.', 'n', 'e', 't', '\0', + /* "boardgamegeeks.de", true */ 'b', 'o', 'a', 'r', 'd', 'g', 'a', 'm', 'e', 'g', 'e', 'e', 'k', 's', '.', 'd', 'e', '\0', + /* "boatme.de", true */ 'b', 'o', 'a', 't', 'm', 'e', '.', 'd', 'e', '\0', + /* "bobancoamigo.com", true */ 'b', 'o', 'b', 'a', 'n', 'c', 'o', 'a', 'm', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "bobaobei.net", true */ 'b', 'o', 'b', 'a', 'o', 'b', 'e', 'i', '.', 'n', 'e', 't', '\0', + /* "bobaobei.org", true */ 'b', 'o', 'b', 'a', 'o', 'b', 'e', 'i', '.', 'o', 'r', 'g', '\0', + /* "bobazar.com", true */ 'b', 'o', 'b', 'a', 'z', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "bobcopeland.com", true */ 'b', 'o', 'b', 'c', 'o', 'p', 'e', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "bobep.ru", true */ 'b', 'o', 'b', 'e', 'p', '.', 'r', 'u', '\0', + /* "bobiji.com", true */ 'b', 'o', 'b', 'i', 'j', 'i', '.', 'c', 'o', 'm', '\0', + /* "bobisec.cz", true */ 'b', 'o', 'b', 'i', 's', 'e', 'c', '.', 'c', 'z', '\0', + /* "bobkoetsier.nl", true */ 'b', 'o', 'b', 'k', 'o', 'e', 't', 's', 'i', 'e', 'r', '.', 'n', 'l', '\0', + /* "bobnbouncedublin.ie", true */ 'b', 'o', 'b', 'n', 'b', 'o', 'u', 'n', 'c', 'e', 'd', 'u', 'b', 'l', 'i', 'n', '.', 'i', 'e', '\0', + /* "boboates.com", true */ 'b', 'o', 'b', 'o', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "bobobox.net", true */ 'b', 'o', 'b', 'o', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "boboolo.com", true */ 'b', 'o', 'b', 'o', 'o', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "bobstronomie.fr", true */ 'b', 'o', 'b', 's', 't', 'r', 'o', 'n', 'o', 'm', 'i', 'e', '.', 'f', 'r', '\0', + /* "bocamo.it", true */ 'b', 'o', 'c', 'a', 'm', 'o', '.', 'i', 't', '\0', + /* "bochs.info", true */ 'b', 'o', 'c', 'h', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "bockenauer.at", true */ 'b', 'o', 'c', 'k', 'e', 'n', 'a', 'u', 'e', 'r', '.', 'a', 't', '\0', + /* "bocreation.fr", true */ 'b', 'o', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0', + /* "bodhi.fedoraproject.org", true */ 'b', 'o', 'd', 'h', 'i', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "bodixite.com", true */ 'b', 'o', 'd', 'i', 'x', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "bodsch.com", true */ 'b', 'o', 'd', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "bodybuilding.events", true */ 'b', 'o', 'd', 'y', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'e', 'v', 'e', 'n', 't', 's', '\0', + /* "bodybuildingworld.com", true */ 'b', 'o', 'd', 'y', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "bodyconshop.com", true */ 'b', 'o', 'd', 'y', 'c', 'o', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "bodygearguide.com", true */ 'b', 'o', 'd', 'y', 'g', 'e', 'a', 'r', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "bodymusclejournal.com", true */ 'b', 'o', 'd', 'y', 'm', 'u', 's', 'c', 'l', 'e', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "bodyworkbymichael.com", true */ 'b', 'o', 'd', 'y', 'w', 'o', 'r', 'k', 'b', 'y', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "boeddhashop.nl", true */ 'b', 'o', 'e', 'd', 'd', 'h', 'a', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0', + /* "boekenlegger.nl", true */ 'b', 'o', 'e', 'k', 'e', 'n', 'l', 'e', 'g', 'g', 'e', 'r', '.', 'n', 'l', '\0', + /* "boel073.nl", true */ 'b', 'o', 'e', 'l', '0', '7', '3', '.', 'n', 'l', '\0', + /* "boernecancerfonden.dk", true */ 'b', 'o', 'e', 'r', 'n', 'e', 'c', 'a', 'n', 'c', 'e', 'r', 'f', 'o', 'n', 'd', 'e', 'n', '.', 'd', 'k', '\0', + /* "bogdanepureanu.ro", true */ 'b', 'o', 'g', 'd', 'a', 'n', 'e', 'p', 'u', 'r', 'e', 'a', 'n', 'u', '.', 'r', 'o', '\0', + /* "bogner.sh", true */ 'b', 'o', 'g', 'n', 'e', 'r', '.', 's', 'h', '\0', + /* "bogobeats.com", true */ 'b', 'o', 'g', 'o', 'b', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "bohan.co", true */ 'b', 'o', 'h', 'a', 'n', '.', 'c', 'o', '\0', + /* "bohyn.cz", true */ 'b', 'o', 'h', 'y', 'n', '.', 'c', 'z', '\0', + /* "boilesen.com", true */ 'b', 'o', 'i', 'l', 'e', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "boimmobilier.ch", true */ 'b', 'o', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0', + /* "boincstats.com", true */ 'b', 'o', 'i', 'n', 'c', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "boiseonlinemall.com", true */ 'b', 'o', 'i', 's', 'e', 'o', 'n', 'l', 'i', 'n', 'e', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "boisewaldorf.org", true */ 'b', 'o', 'i', 's', 'e', 'w', 'a', 'l', 'd', 'o', 'r', 'f', '.', 'o', 'r', 'g', '\0', + /* "bokeyy.com", true */ 'b', 'o', 'k', 'e', 'y', 'y', '.', 'c', 'o', 'm', '\0', + /* "boldmediagroup.com", true */ 'b', 'o', 'l', 'd', 'm', 'e', 'd', 'i', 'a', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "boldt-metallbau.de", true */ 'b', 'o', 'l', 'd', 't', '-', 'm', 'e', 't', 'a', 'l', 'l', 'b', 'a', 'u', '.', 'd', 'e', '\0', + /* "bolektro.de", true */ 'b', 'o', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0', + /* "bolivarfm.com.ve", true */ 'b', 'o', 'l', 'i', 'v', 'a', 'r', 'f', 'm', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0', + /* "bollywood.uno", true */ 'b', 'o', 'l', 'l', 'y', 'w', 'o', 'o', 'd', '.', 'u', 'n', 'o', '\0', + /* "bologna-disinfestazioni.it", true */ 'b', 'o', 'l', 'o', 'g', 'n', 'a', '-', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'i', 't', '\0', + /* "bolovegna.it", true */ 'b', 'o', 'l', 'o', 'v', 'e', 'g', 'n', 'a', '.', 'i', 't', '\0', + /* "bolt.cm", false */ 'b', 'o', 'l', 't', '.', 'c', 'm', '\0', + /* "bolte.org", true */ 'b', 'o', 'l', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "bomb.codes", true */ 'b', 'o', 'm', 'b', '.', 'c', 'o', 'd', 'e', 's', '\0', + /* "bombsquad.studio", true */ 'b', 'o', 'm', 'b', 's', 'q', 'u', 'a', 'd', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "bonaccorso.eu", true */ 'b', 'o', 'n', 'a', 'c', 'c', 'o', 'r', 's', 'o', '.', 'e', 'u', '\0', + /* "bonami.cz", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 'c', 'z', '\0', + /* "bonami.pl", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 'p', 'l', '\0', + /* "bonami.ro", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 'r', 'o', '\0', + /* "bonami.sk", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 's', 'k', '\0', + /* "bonamihome.ro", true */ 'b', 'o', 'n', 'a', 'm', 'i', 'h', 'o', 'm', 'e', '.', 'r', 'o', '\0', + /* "bonbonmania.com", true */ 'b', 'o', 'n', 'b', 'o', 'n', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "bondagefetishstore.com", true */ 'b', 'o', 'n', 'd', 'a', 'g', 'e', 'f', 'e', 't', 'i', 's', 'h', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "bondarenko.dn.ua", true */ 'b', 'o', 'n', 'd', 'a', 'r', 'e', 'n', 'k', 'o', '.', 'd', 'n', '.', 'u', 'a', '\0', + /* "bondoer.fr", true */ 'b', 'o', 'n', 'd', 'o', 'e', 'r', '.', 'f', 'r', '\0', + /* "bondpro.gov", true */ 'b', 'o', 'n', 'd', 'p', 'r', 'o', '.', 'g', 'o', 'v', '\0', + /* "bondskampeerder.nl", true */ 'b', 'o', 'n', 'd', 's', 'k', 'a', 'm', 'p', 'e', 'e', 'r', 'd', 'e', 'r', '.', 'n', 'l', '\0', + /* "bonesserver.com", true */ 'b', 'o', 'n', 'e', 's', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "bonfi.net", true */ 'b', 'o', 'n', 'f', 'i', '.', 'n', 'e', 't', '\0', + /* "bonifacius.be", true */ 'b', 'o', 'n', 'i', 'f', 'a', 'c', 'i', 'u', 's', '.', 'b', 'e', '\0', + /* "bonigo.de", true */ 'b', 'o', 'n', 'i', 'g', 'o', '.', 'd', 'e', '\0', + /* "bonita.com.br", true */ 'b', 'o', 'n', 'i', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bonnant-associes.ch", true */ 'b', 'o', 'n', 'n', 'a', 'n', 't', '-', 'a', 's', 's', 'o', 'c', 'i', 'e', 's', '.', 'c', 'h', '\0', + /* "bonnant-partners.ch", true */ 'b', 'o', 'n', 'n', 'a', 'n', 't', '-', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'h', '\0', + /* "bonnebouffe.fr", true */ 'b', 'o', 'n', 'n', 'e', 'b', 'o', 'u', 'f', 'f', 'e', '.', 'f', 'r', '\0', + /* "bonnieradvocaten.nl", true */ 'b', 'o', 'n', 'n', 'i', 'e', 'r', 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "bonnin.fr", true */ 'b', 'o', 'n', 'n', 'i', 'n', '.', 'f', 'r', '\0', + /* "bonnsustainabilityportal.de", true */ 'b', 'o', 'n', 'n', 's', 'u', 's', 't', 'a', 'i', 'n', 'a', 'b', 'i', 'l', 'i', 't', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0', + /* "bonnyprints.at", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'a', 't', '\0', + /* "bonnyprints.ch", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'c', 'h', '\0', + /* "bonnyprints.es", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'e', 's', '\0', + /* "bonnyprints.fr", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'f', 'r', '\0', + /* "bonprix.co.uk", true */ 'b', 'o', 'n', 'p', 'r', 'i', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bonqoeur.ca", true */ 'b', 'o', 'n', 'q', 'o', 'e', 'u', 'r', '.', 'c', 'a', '\0', + /* "bonus-flexi.com", true */ 'b', 'o', 'n', 'u', 's', '-', 'f', 'l', 'e', 'x', 'i', '.', 'c', 'o', 'm', '\0', + /* "boobox.xyz", true */ 'b', 'o', 'o', 'b', 'o', 'x', '.', 'x', 'y', 'z', '\0', + /* "boodaah.com", true */ 'b', 'o', 'o', 'd', 'a', 'a', 'h', '.', 'c', 'o', 'm', '\0', + /* "boodmo.com", true */ 'b', 'o', 'o', 'd', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "boogiebouncecastles.co.uk", true */ 'b', 'o', 'o', 'g', 'i', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "book-in-hotel.com", true */ 'b', 'o', 'o', 'k', '-', 'i', 'n', '-', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "bookingapp.be", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'a', 'p', 'p', '.', 'b', 'e', '\0', + /* "bookingapp.nl", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'a', 'p', 'p', '.', 'n', 'l', '\0', + /* "bookingdeluxesp.com", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'd', 'e', 'l', 'u', 'x', 'e', 's', 'p', '.', 'c', 'o', 'm', '\0', + /* "bookingready.com", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'r', 'e', 'a', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "bookluk.com", true */ 'b', 'o', 'o', 'k', 'l', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "bookmakersfreebets.com.au", true */ 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 's', 'f', 'r', 'e', 'e', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "bookmein.in", true */ 'b', 'o', 'o', 'k', 'm', 'e', 'i', 'n', '.', 'i', 'n', '\0', + /* "bookourdjs.com", true */ 'b', 'o', 'o', 'k', 'o', 'u', 'r', 'd', 'j', 's', '.', 'c', 'o', 'm', '\0', + /* "bookreport.ga", true */ 'b', 'o', 'o', 'k', 'r', 'e', 'p', 'o', 'r', 't', '.', 'g', 'a', '\0', + /* "booktracker-org.appspot.com", true */ 'b', 'o', 'o', 'k', 't', 'r', 'a', 'c', 'k', 'e', 'r', '-', 'o', 'r', 'g', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "bookwitty.social", true */ 'b', 'o', 'o', 'k', 'w', 'i', 't', 't', 'y', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0', + /* "bool.be", true */ 'b', 'o', 'o', 'l', '.', 'b', 'e', '\0', + /* "boomersurf.com", true */ 'b', 'o', 'o', 'm', 'e', 'r', 's', 'u', 'r', 'f', '.', 'c', 'o', 'm', '\0', + /* "boomsaki.com", true */ 'b', 'o', 'o', 'm', 's', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "boomsakis.com", true */ 'b', 'o', 'o', 'm', 's', 'a', 'k', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "boomshelf.com", true */ 'b', 'o', 'o', 'm', 's', 'h', 'e', 'l', 'f', '.', 'c', 'o', 'm', '\0', + /* "boomshelf.org", true */ 'b', 'o', 'o', 'm', 's', 'h', 'e', 'l', 'f', '.', 'o', 'r', 'g', '\0', + /* "boonbox.com", true */ 'b', 'o', 'o', 'n', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "booox.biz", true */ 'b', 'o', 'o', 'o', 'x', '.', 'b', 'i', 'z', '\0', + /* "booox.cc", true */ 'b', 'o', 'o', 'o', 'x', '.', 'c', 'c', '\0', + /* "booox.info", true */ 'b', 'o', 'o', 'o', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "booox.net", true */ 'b', 'o', 'o', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "booox.org", true */ 'b', 'o', 'o', 'o', 'x', '.', 'o', 'r', 'g', '\0', + /* "booox.pw", true */ 'b', 'o', 'o', 'o', 'x', '.', 'p', 'w', '\0', + /* "booq.org", true */ 'b', 'o', 'o', 'q', '.', 'o', 'r', 'g', '\0', + /* "booquiz.com", true */ 'b', 'o', 'o', 'q', 'u', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "boosinflatablegames.co.uk", true */ 'b', 'o', 'o', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "booter.es", true */ 'b', 'o', 'o', 't', 'e', 'r', '.', 'e', 's', '\0', + /* "booter.pw", true */ 'b', 'o', 'o', 't', 'e', 'r', '.', 'p', 'w', '\0', + /* "bootjp.me", false */ 'b', 'o', 'o', 't', 'j', 'p', '.', 'm', 'e', '\0', + /* "bopera.co.uk", true */ 'b', 'o', 'p', 'e', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bopp.org", true */ 'b', 'o', 'p', 'p', '.', 'o', 'r', 'g', '\0', + /* "borahan.net", true */ 'b', 'o', 'r', 'a', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "borg.cloud", true */ 'b', 'o', 'r', 'g', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "boringsmith.com", true */ 'b', 'o', 'r', 'i', 'n', 'g', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "borisavstankovic.rs", true */ 'b', 'o', 'r', 'i', 's', 'a', 'v', 's', 't', 'a', 'n', 'k', 'o', 'v', 'i', 'c', '.', 'r', 's', '\0', + /* "borisschapira.com", true */ 'b', 'o', 'r', 'i', 's', 's', 'c', 'h', 'a', 'p', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "born-to-learn.com", true */ 'b', 'o', 'r', 'n', '-', 't', 'o', '-', 'l', 'e', 'a', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "born2bounce.co.uk", true */ 'b', 'o', 'r', 'n', '2', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bornandgrazed.com", true */ 'b', 'o', 'r', 'n', 'a', 'n', 'd', 'g', 'r', 'a', 'z', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "bornfiber.dk", true */ 'b', 'o', 'r', 'n', 'f', 'i', 'b', 'e', 'r', '.', 'd', 'k', '\0', + /* "bornhack.dk", true */ 'b', 'o', 'r', 'n', 'h', 'a', 'c', 'k', '.', 'd', 'k', '\0', + /* "borowski.pw", true */ 'b', 'o', 'r', 'o', 'w', 's', 'k', 'i', '.', 'p', 'w', '\0', + /* "borrelpartybus.nl", true */ 'b', 'o', 'r', 'r', 'e', 'l', 'p', 'a', 'r', 't', 'y', 'b', 'u', 's', '.', 'n', 'l', '\0', + /* "borysek.net", true */ 'b', 'o', 'r', 'y', 's', 'e', 'k', '.', 'n', 'e', 't', '\0', + /* "borzoi.com.br", true */ 'b', 'o', 'r', 'z', 'o', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "boscoyacht.ch", true */ 'b', 'o', 's', 'c', 'o', 'y', 'a', 'c', 'h', 't', '.', 'c', 'h', '\0', + /* "boss.az", true */ 'b', 'o', 's', 's', '.', 'a', 'z', '\0', + /* "bostadsportal.se", true */ 'b', 'o', 's', 't', 'a', 'd', 's', 'p', 'o', 'r', 't', 'a', 'l', '.', 's', 'e', '\0', + /* "bosufitness.cz", true */ 'b', 'o', 's', 'u', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'c', 'z', '\0', + /* "bosun.io", true */ 'b', 'o', 's', 'u', 'n', '.', 'i', 'o', '\0', + /* "bosworthdental.co.uk", true */ 'b', 'o', 's', 'w', 'o', 'r', 't', 'h', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "botlab.ch", true */ 'b', 'o', 't', 'l', 'a', 'b', '.', 'c', 'h', '\0', + /* "botmanager.pl", true */ 'b', 'o', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'p', 'l', '\0', + /* "botserver.de", true */ 'b', 'o', 't', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "bottaerisposta.net", true */ 'b', 'o', 't', 't', 'a', 'e', 'r', 'i', 's', 'p', 'o', 's', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "bottineauneighborhood.org", true */ 'b', 'o', 't', 't', 'i', 'n', 'e', 'a', 'u', 'n', 'e', 'i', 'g', 'h', 'b', 'o', 'r', 'h', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0', + /* "bottke.berlin", true */ 'b', 'o', 't', 't', 'k', 'e', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0', + /* "bou.lt", true */ 'b', 'o', 'u', '.', 'l', 't', '\0', + /* "bouah.net", true */ 'b', 'o', 'u', 'a', 'h', '.', 'n', 'e', 't', '\0', + /* "bouchard-mathieux.com", true */ 'b', 'o', 'u', 'c', 'h', 'a', 'r', 'd', '-', 'm', 'a', 't', 'h', 'i', 'e', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "bouchonville-knifemaker.com", true */ 'b', 'o', 'u', 'c', 'h', 'o', 'n', 'v', 'i', 'l', 'l', 'e', '-', 'k', 'n', 'i', 'f', 'e', 'm', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "bouckaert-usedcars.be", true */ 'b', 'o', 'u', 'c', 'k', 'a', 'e', 'r', 't', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "boudah.pl", true */ 'b', 'o', 'u', 'd', 'a', 'h', '.', 'p', 'l', '\0', + /* "boueki.jp", true */ 'b', 'o', 'u', 'e', 'k', 'i', '.', 'j', 'p', '\0', + /* "boueki.org", true */ 'b', 'o', 'u', 'e', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "bougeret.fr", true */ 'b', 'o', 'u', 'g', 'e', 'r', 'e', 't', '.', 'f', 'r', '\0', + /* "bouk.co", true */ 'b', 'o', 'u', 'k', '.', 'c', 'o', '\0', + /* "boukoubengo.com", true */ 'b', 'o', 'u', 'k', 'o', 'u', 'b', 'e', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "boulzicourt.fr", true */ 'b', 'o', 'u', 'l', 'z', 'i', 'c', 'o', 'u', 'r', 't', '.', 'f', 'r', '\0', + /* "bounce-a-mania.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'a', '-', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounce-a-roo.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'a', '-', 'r', 'o', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounce-abouts.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'a', 'b', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "bounce-n-go.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'n', '-', 'g', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounce-on.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounce-r-us.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'r', '-', 'u', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounce-xtreme.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'x', 't', 'r', 'e', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounce4fun.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounce4fun.ie", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'f', 'u', 'n', '.', 'i', 'e', '\0', + /* "bounce4kidz.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'k', 'i', 'd', 'z', '.', 'c', 'o', 'm', '\0', + /* "bounce4less.ie", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'l', 'e', 's', 's', '.', 'i', 'e', '\0', + /* "bouncea-bout.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', '-', 'b', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "bounceaboutandplay.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'b', 'o', 'u', 't', 'a', 'n', 'd', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounceaboutnewark.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'b', 'o', 'u', 't', 'n', 'e', 'w', 'a', 'r', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounceaboutsussex.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'b', 'o', 'u', 't', 's', 'u', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncealotcastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'l', 'o', 't', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncealotnorthwest.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'l', 'o', 't', 'n', 'o', 'r', 't', 'h', 'w', 'e', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounceandwobble.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'n', 'd', 'w', 'o', 'b', 'b', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounceapp.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "bouncearoundevents.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'r', 'o', 'u', 'n', 'd', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncearoundsheffield.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'r', 'o', 'u', 'n', 'd', 's', 'h', 'e', 'f', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounceawaycastles.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'w', 'a', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "bouncebackcastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'a', 'c', 'k', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncebeyondcastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'e', 'y', 'o', 'n', 'd', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncebookings.com.au", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'o', 'o', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "bouncecrazy.ie", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'c', 'r', 'a', 'z', 'y', '.', 'i', 'e', '\0', + /* "bouncehighpeak.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'h', 'i', 'g', 'h', 'p', 'e', 'a', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncejumpboston.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'j', 'u', 'm', 'p', 'b', 'o', 's', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncekingdom.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'k', 'i', 'n', 'g', 'd', 'o', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncemania.org", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 'n', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "bouncemaniaevents.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 'n', 'i', 'a', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncemaniainflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 'n', 'i', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncemasters.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncemonkeys.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'o', 'n', 'k', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncenortheast.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncenpaint.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'n', 'p', 'a', 'i', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncenslidenortheast.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'n', 's', 'l', 'i', 'd', 'e', 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncepartycastles.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'p', 'a', 'r', 't', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "bounceroosevents.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'r', 'o', 'o', 's', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncers-bouncycastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '-', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncesouthwales.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 's', 'o', 'u', 't', 'h', 'w', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncesquad.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 's', 'q', 'u', 'a', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncetasticuk.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 't', 'a', 's', 't', 'i', 'c', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncetheparty.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 't', 'h', 'e', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bounceunlimited.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'u', 'n', 'l', 'i', 'm', 'i', 't', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncewithbovells.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'w', 'i', 't', 'h', 'b', 'o', 'v', 'e', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "bouncewrightcastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'w', 'r', 'i', 'g', 'h', 't', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncincastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncing4joy.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', '4', 'j', 'o', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncingbairnsinflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'a', 'i', 'r', 'n', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncingbeansinflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'e', 'a', 'n', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncingbobsinflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'o', 'b', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncingbuddiesleicester.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'u', 'd', 'd', 'i', 'e', 's', 'l', 'e', 'i', 'c', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncingbuzzybees.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'u', 'z', 'z', 'y', 'b', 'e', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncinghigher.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'h', 'i', 'g', 'h', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncingscotland.com", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 's', 'c', 'o', 't', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "bouncourseplanner.net", true */ 'b', 'o', 'u', 'n', 'c', 'o', 'u', 'r', 's', 'e', 'p', 'l', 'a', 'n', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "bouncy-castles-surrey.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '-', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncy-tots.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', '-', 't', 'o', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncybaileys.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'i', 'l', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncyball.eu", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'l', 'l', '.', 'e', 'u', '\0', + /* "bouncyballs.org", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'l', 'l', 's', '.', 'o', 'r', 'g', '\0', + /* "bouncyballscastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'l', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncybouncyboocastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'o', 'o', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastle.net.au", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "bouncycastleandparty.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'a', 'n', 'd', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehire-norwich.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '-', 'n', 'o', 'r', 'w', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "bouncycastlehire-sheffield.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '-', 's', 'h', 'e', 'f', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehireauckland.co.nz", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'a', 'u', 'c', 'k', 'l', 'a', 'n', 'd', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "bouncycastlehirebarnstaple.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'b', 'a', 'r', 'n', 's', 't', 'a', 'p', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehirebexley.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'b', 'e', 'x', 'l', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehirechelmsford.org.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'c', 'h', 'e', 'l', 'm', 's', 'f', 'o', 'r', 'd', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "bouncycastlehirehull.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'h', 'u', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehireinglasgow.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'i', 'n', 'g', 'l', 'a', 's', 'g', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehirelouth.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'l', 'o', 'u', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehiremalvern.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'm', 'a', 'l', 'v', 'e', 'r', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehiremedway.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'm', 'e', 'd', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "bouncycastlehireoldham.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'o', 'l', 'd', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehirestroud.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 's', 't', 'r', 'o', 'u', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehiresurrey.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehiretameside.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 't', 'a', 'm', 'e', 's', 'i', 'd', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlehirewinchester.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'w', 'i', 'n', 'c', 'h', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastleman.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'm', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlemangloucestershire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'm', 'a', 'n', 'g', 'l', 'o', 'u', 'c', 'e', 's', 't', 'e', 'r', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastleparade.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'p', 'a', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "bouncycastles.me", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'm', 'e', '\0', + /* "bouncycastlesgalway.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'g', 'a', 'l', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "bouncycastleshire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastleshireleeds.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'h', 'i', 'r', 'e', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlesin.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlesinderby.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 'n', 'd', 'e', 'r', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlesinleeds.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 'n', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlesisleofwight.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 's', 'l', 'e', 'o', 'f', 'w', 'i', 'g', 'h', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncycastlesmonaghan.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'm', 'o', 'n', 'a', 'g', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "bouncycastlesperth.net", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'p', 'e', 'r', 't', 'h', '.', 'n', 'e', 't', '\0', + /* "bouncycastlessheerness.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'h', 'e', 'e', 'r', 'n', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncydays.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncyfeet.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'f', 'e', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncygiggles.com.au", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'g', 'i', 'g', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "bouncyhigher.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'i', 'g', 'h', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncyhousecastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'o', 'u', 's', 'e', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncyhouses.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncykingdom.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'k', 'i', 'n', 'g', 'd', 'o', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncykings.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncykingsnortheast.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'k', 'i', 'n', 'g', 's', 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncymacs.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'm', 'a', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncymadness.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'm', 'a', 'd', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "bouncyrainbows.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'r', 'a', 'i', 'n', 'b', 'o', 'w', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncytime.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncytown.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 't', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bouncywouncy.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'w', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bound2bounce.co.uk", true */ 'b', 'o', 'u', 'n', 'd', '2', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bountyfactory.io", true */ 'b', 'o', 'u', 'n', 't', 'y', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'i', 'o', '\0', + /* "bourasse.fr", true */ 'b', 'o', 'u', 'r', 'a', 's', 's', 'e', '.', 'f', 'r', '\0', + /* "bourdon.fr.eu.org", true */ 'b', 'o', 'u', 'r', 'd', 'o', 'n', '.', 'f', 'r', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "bourhis.info", true */ 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "bournefun.co.uk", true */ 'b', 'o', 'u', 'r', 'n', 'e', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bourqu.in", true */ 'b', 'o', 'u', 'r', 'q', 'u', '.', 'i', 'n', '\0', + /* "bourse-aux-jouets.org", false */ 'b', 'o', 'u', 'r', 's', 'e', '-', 'a', 'u', 'x', '-', 'j', 'o', 'u', 'e', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "bourse-aux-vetements.org", false */ 'b', 'o', 'u', 'r', 's', 'e', '-', 'a', 'u', 'x', '-', 'v', 'e', 't', 'e', 'm', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "bourse-puericulture.org", false */ 'b', 'o', 'u', 'r', 's', 'e', '-', 'p', 'u', 'e', 'r', 'i', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "boutiquedecanetas.com.br", true */ 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', 'd', 'e', 'c', 'a', 'n', 'e', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "boutiquefutebol.com.br", true */ 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', 'f', 'u', 't', 'e', 'b', 'o', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "boutiqueguenaelleverdin.com", true */ 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', 'g', 'u', 'e', 'n', 'a', 'e', 'l', 'l', 'e', 'v', 'e', 'r', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "bouw.live", true */ 'b', 'o', 'u', 'w', '.', 'l', 'i', 'v', 'e', '\0', + /* "bouzouks.net", true */ 'b', 'o', 'u', 'z', 'o', 'u', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "bowedwallcrackrepair.com", true */ 'b', 'o', 'w', 'e', 'd', 'w', 'a', 'l', 'l', 'c', 'r', 'a', 'c', 'k', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "boweryandvine.com", true */ 'b', 'o', 'w', 'e', 'r', 'y', 'a', 'n', 'd', 'v', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "bowling.com", true */ 'b', 'o', 'w', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "bowlsheet.com", false */ 'b', 'o', 'w', 'l', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "bownty.be", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'b', 'e', '\0', + /* "bownty.co.uk", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bownty.de", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'd', 'e', '\0', + /* "bownty.dk", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'd', 'k', '\0', + /* "bownty.es", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'e', 's', '\0', + /* "bownty.fr", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'f', 'r', '\0', + /* "bownty.it", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'i', 't', '\0', + /* "bownty.nl", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'n', 'l', '\0', + /* "bownty.pt", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'p', 't', '\0', + /* "bowntycdn.net", true */ 'b', 'o', 'w', 'n', 't', 'y', 'c', 'd', 'n', '.', 'n', 'e', 't', '\0', + /* "boxdevigneron.fr", true */ 'b', 'o', 'x', 'd', 'e', 'v', 'i', 'g', 'n', 'e', 'r', 'o', 'n', '.', 'f', 'r', '\0', + /* "boxit.es", true */ 'b', 'o', 'x', 'i', 't', '.', 'e', 's', '\0', + /* "boxpirates.to", true */ 'b', 'o', 'x', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 't', 'o', '\0', + /* "boxvergelijker.nl", true */ 'b', 'o', 'x', 'v', 'e', 'r', 'g', 'e', 'l', 'i', 'j', 'k', 'e', 'r', '.', 'n', 'l', '\0', + /* "boxview.com", true */ 'b', 'o', 'x', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "boyhost.cn", true */ 'b', 'o', 'y', 'h', 'o', 's', 't', '.', 'c', 'n', '\0', + /* "boypoint.de", true */ 'b', 'o', 'y', 'p', 'o', 'i', 'n', 't', '.', 'd', 'e', '\0', + /* "boz.nl", true */ 'b', 'o', 'z', '.', 'n', 'l', '\0', + /* "bozemancarpetcleaningservices.com", true */ 'b', 'o', 'z', 'e', 'm', 'a', 'n', 'c', 'a', 'r', 'p', 'e', 't', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "bozosbouncycastles.co.uk", true */ 'b', 'o', 'z', 'o', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bpadvisors.eu", true */ 'b', 'p', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'e', 'u', '\0', + /* "bpaste.net", true */ 'b', 'p', 'a', 's', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "bpastudies.org", true */ 'b', 'p', 'a', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "bpo.ovh", true */ 'b', 'p', 'o', '.', 'o', 'v', 'h', '\0', + /* "bpol-forum.de", true */ 'b', 'p', 'o', 'l', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "bqp.io", true */ 'b', 'q', 'p', '.', 'i', 'o', '\0', + /* "bqr.ch", true */ 'b', 'q', 'r', '.', 'c', 'h', '\0', + /* "br.search.yahoo.com", false */ 'b', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "br3in.nl", false */ 'b', 'r', '3', 'i', 'n', '.', 'n', 'l', '\0', + /* "braams.nl", true */ 'b', 'r', 'a', 'a', 'm', 's', '.', 'n', 'l', '\0', + /* "bracho.xyz", true */ 'b', 'r', 'a', 'c', 'h', 'o', '.', 'x', 'y', 'z', '\0', + /* "bracoitaliano.com.br", true */ 'b', 'r', 'a', 'c', 'o', 'i', 't', 'a', 'l', 'i', 'a', 'n', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bradbrockmeyer.com", true */ 'b', 'r', 'a', 'd', 'b', 'r', 'o', 'c', 'k', 'm', 'e', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "bradfordhottubhire.co.uk", true */ 'b', 'r', 'a', 'd', 'f', 'o', 'r', 'd', 'h', 'o', 't', 't', 'u', 'b', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bradfordmascots.co.uk", true */ 'b', 'r', 'a', 'd', 'f', 'o', 'r', 'd', 'm', 'a', 's', 'c', 'o', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bradkovach.com", true */ 'b', 'r', 'a', 'd', 'k', 'o', 'v', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "bradler.net", true */ 'b', 'r', 'a', 'd', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "bradlinder.org", true */ 'b', 'r', 'a', 'd', 'l', 'i', 'n', 'd', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "bradypatterson.com", true */ 'b', 'r', 'a', 'd', 'y', 'p', 'a', 't', 't', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "braemer-it-consulting.de", true */ 'b', 'r', 'a', 'e', 'm', 'e', 'r', '-', 'i', 't', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "braeunlich-gmbh.com", true */ 'b', 'r', 'a', 'e', 'u', 'n', 'l', 'i', 'c', 'h', '-', 'g', 'm', 'b', 'h', '.', 'c', 'o', 'm', '\0', + /* "bragaweb.com.br", true */ 'b', 'r', 'a', 'g', 'a', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "brahmins.com", true */ 'b', 'r', 'a', 'h', 'm', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "brahmstaedt.de", true */ 'b', 'r', 'a', 'h', 'm', 's', 't', 'a', 'e', 'd', 't', '.', 'd', 'e', '\0', + /* "braiampeguero.xyz", true */ 'b', 'r', 'a', 'i', 'a', 'm', 'p', 'e', 'g', 'u', 'e', 'r', 'o', '.', 'x', 'y', 'z', '\0', + /* "brailsford.xyz", true */ 'b', 'r', 'a', 'i', 'l', 's', 'f', 'o', 'r', 'd', '.', 'x', 'y', 'z', '\0', + /* "brain-e.co", true */ 'b', 'r', 'a', 'i', 'n', '-', 'e', '.', 'c', 'o', '\0', + /* "brain-force.ch", true */ 'b', 'r', 'a', 'i', 'n', '-', 'f', 'o', 'r', 'c', 'e', '.', 'c', 'h', '\0', + /* "brainball.fr", true */ 'b', 'r', 'a', 'i', 'n', 'b', 'a', 'l', 'l', '.', 'f', 'r', '\0', + /* "brainfork.org", true */ 'b', 'r', 'a', 'i', 'n', 'f', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0', + /* "brainhub.nl", true */ 'b', 'r', 'a', 'i', 'n', 'h', 'u', 'b', '.', 'n', 'l', '\0', + /* "brainlag.org", true */ 'b', 'r', 'a', 'i', 'n', 'l', 'a', 'g', '.', 'o', 'r', 'g', '\0', + /* "brainserve.ch", true */ 'b', 'r', 'a', 'i', 'n', 's', 'e', 'r', 'v', 'e', '.', 'c', 'h', '\0', + /* "brainserve.com", true */ 'b', 'r', 'a', 'i', 'n', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "brainserve.swiss", true */ 'b', 'r', 'a', 'i', 'n', 's', 'e', 'r', 'v', 'e', '.', 's', 'w', 'i', 's', 's', '\0', + /* "brainster.co", true */ 'b', 'r', 'a', 'i', 'n', 's', 't', 'e', 'r', '.', 'c', 'o', '\0', + /* "brainvoyagermusic.com", true */ 'b', 'r', 'a', 'i', 'n', 'v', 'o', 'y', 'a', 'g', 'e', 'r', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "brainwork.space", true */ 'b', 'r', 'a', 'i', 'n', 'w', 'o', 'r', 'k', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "brakemanpro.com", true */ 'b', 'r', 'a', 'k', 'e', 'm', 'a', 'n', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "brakstad.org", true */ 'b', 'r', 'a', 'k', 's', 't', 'a', 'd', '.', 'o', 'r', 'g', '\0', + /* "bralnik.com", true */ 'b', 'r', 'a', 'l', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "bramhallsamusements.com", true */ 'b', 'r', 'a', 'm', 'h', 'a', 'l', 'l', 's', 'a', 'm', 'u', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "brammingfys.dk", true */ 'b', 'r', 'a', 'm', 'm', 'i', 'n', 'g', 'f', 'y', 's', '.', 'd', 'k', '\0', + /* "bramvanaken.be", true */ 'b', 'r', 'a', 'm', 'v', 'a', 'n', 'a', 'k', 'e', 'n', '.', 'b', 'e', '\0', + /* "bran.land", true */ 'b', 'r', 'a', 'n', '.', 'l', 'a', 'n', 'd', '\0', + /* "bran.soy", true */ 'b', 'r', 'a', 'n', '.', 's', 'o', 'y', '\0', + /* "branch-bookkeeper.com", true */ 'b', 'r', 'a', 'n', 'c', 'h', '-', 'b', 'o', 'o', 'k', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "brandbil.dk", true */ 'b', 'r', 'a', 'n', 'd', 'b', 'i', 'l', '.', 'd', 'k', '\0', + /* "brandbuilderwebsites.com", true */ 'b', 'r', 'a', 'n', 'd', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "brandcodeconsulting.com", true */ 'b', 'r', 'a', 'n', 'd', 'c', 'o', 'd', 'e', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "brandcodestyle.com", true */ 'b', 'r', 'a', 'n', 'd', 'c', 'o', 'd', 'e', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "brando753.xyz", true */ 'b', 'r', 'a', 'n', 'd', 'o', '7', '5', '3', '.', 'x', 'y', 'z', '\0', + /* "brandongomez.me", true */ 'b', 'r', 'a', 'n', 'd', 'o', 'n', 'g', 'o', 'm', 'e', 'z', '.', 'm', 'e', '\0', + /* "brandonhubbard.com", true */ 'b', 'r', 'a', 'n', 'd', 'o', 'n', 'h', 'u', 'b', 'b', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "brandonwalker.me", true */ 'b', 'r', 'a', 'n', 'd', 'o', 'n', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'm', 'e', '\0', + /* "brandstead.com", true */ 'b', 'r', 'a', 'n', 'd', 's', 't', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "brandtrapselfie.nl", true */ 'b', 'r', 'a', 'n', 'd', 't', 'r', 'a', 'p', 's', 'e', 'l', 'f', 'i', 'e', '.', 'n', 'l', '\0', + /* "brandweertrainingen.nl", true */ 'b', 'r', 'a', 'n', 'd', 'w', 'e', 'e', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "brandweeruitgeest.nl", true */ 'b', 'r', 'a', 'n', 'd', 'w', 'e', 'e', 'r', 'u', 'i', 't', 'g', 'e', 'e', 's', 't', '.', 'n', 'l', '\0', + /* "branw.xyz", true */ 'b', 'r', 'a', 'n', 'w', '.', 'x', 'y', 'z', '\0', + /* "brasal.ma", true */ 'b', 'r', 'a', 's', 'a', 'l', '.', 'm', 'a', '\0', + /* "brasalcosmetics.com", true */ 'b', 'r', 'a', 's', 'a', 'l', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "brashear.me", true */ 'b', 'r', 'a', 's', 'h', 'e', 'a', 'r', '.', 'm', 'e', '\0', + /* "brasilbombas.com.br", true */ 'b', 'r', 'a', 's', 'i', 'l', 'b', 'o', 'm', 'b', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "brasserie-mino.fr", true */ 'b', 'r', 'a', 's', 's', 'e', 'r', 'i', 'e', '-', 'm', 'i', 'n', 'o', '.', 'f', 'r', '\0', + /* "brasspipedreams.org", true */ 'b', 'r', 'a', 's', 's', 'p', 'i', 'p', 'e', 'd', 'r', 'e', 'a', 'm', 's', '.', 'o', 'r', 'g', '\0', + /* "bratislava-airport-taxi.com", true */ 'b', 'r', 'a', 't', 'i', 's', 'l', 'a', 'v', 'a', '-', 'a', 'i', 'r', 'p', 'o', 'r', 't', '-', 't', 'a', 'x', 'i', '.', 'c', 'o', 'm', '\0', + /* "bratteng.xyz", false */ 'b', 'r', 'a', 't', 't', 'e', 'n', 'g', '.', 'x', 'y', 'z', '\0', + /* "bratvanov.com", true */ 'b', 'r', 'a', 't', 'v', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "brau-ingenieur.de", true */ 'b', 'r', 'a', 'u', '-', 'i', 'n', 'g', 'e', 'n', 'i', 'e', 'u', 'r', '.', 'd', 'e', '\0', + /* "braudoktor.de", true */ 'b', 'r', 'a', 'u', 'd', 'o', 'k', 't', 'o', 'r', '.', 'd', 'e', '\0', + /* "brauingenieur.de", true */ 'b', 'r', 'a', 'u', 'i', 'n', 'g', 'e', 'n', 'i', 'e', 'u', 'r', '.', 'd', 'e', '\0', + /* "braunsteinpc.com", true */ 'b', 'r', 'a', 'u', 'n', 's', 't', 'e', 'i', 'n', 'p', 'c', '.', 'c', 'o', 'm', '\0', + /* "braunwarth.info", true */ 'b', 'r', 'a', 'u', 'n', 'w', 'a', 'r', 't', 'h', '.', 'i', 'n', 'f', 'o', '\0', + /* "brava.bg", true */ 'b', 'r', 'a', 'v', 'a', '.', 'b', 'g', '\0', + /* "brave-foods.ch", true */ 'b', 'r', 'a', 'v', 'e', '-', 'f', 'o', 'o', 'd', 's', '.', 'c', 'h', '\0', + /* "brave-foods.com", true */ 'b', 'r', 'a', 'v', 'e', '-', 'f', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "brave.com", true */ 'b', 'r', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "bravehearts.org.au", true */ 'b', 'r', 'a', 'v', 'e', 'h', 'e', 'a', 'r', 't', 's', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "braviskindenjeugd.nl", true */ 'b', 'r', 'a', 'v', 'i', 's', 'k', 'i', 'n', 'd', 'e', 'n', 'j', 'e', 'u', 'g', 'd', '.', 'n', 'l', '\0', + /* "bravisziekenhuis.nl", true */ 'b', 'r', 'a', 'v', 'i', 's', 'z', 'i', 'e', 'k', 'e', 'n', 'h', 'u', 'i', 's', '.', 'n', 'l', '\0', + /* "brazilian.dating", true */ 'b', 'r', 'a', 'z', 'i', 'l', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "brazillens.com", true */ 'b', 'r', 'a', 'z', 'i', 'l', 'l', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "brb.city", true */ 'b', 'r', 'b', '.', 'c', 'i', 't', 'y', '\0', + /* "brck.nl", true */ 'b', 'r', 'c', 'k', '.', 'n', 'l', '\0', + /* "brd.ro", true */ 'b', 'r', 'd', '.', 'r', 'o', '\0', + /* "breadandlife.org", true */ 'b', 'r', 'e', 'a', 'd', 'a', 'n', 'd', 'l', 'i', 'f', 'e', '.', 'o', 'r', 'g', '\0', + /* "breakingtech.it", true */ 'b', 'r', 'e', 'a', 'k', 'i', 'n', 'g', 't', 'e', 'c', 'h', '.', 'i', 't', '\0', + /* "breathedreamgo.com", true */ 'b', 'r', 'e', 'a', 't', 'h', 'e', 'd', 'r', 'e', 'a', 'm', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "brecht.ch", true */ 'b', 'r', 'e', 'c', 'h', 't', '.', 'c', 'h', '\0', + /* "breckle.com.ua", true */ 'b', 'r', 'e', 'c', 'k', 'l', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "brecknell.biz", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'b', 'i', 'z', '\0', + /* "brecknell.com", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "brecknell.info", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "brecknell.name", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'n', 'a', 'm', 'e', '\0', + /* "brecknell.net", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0', + /* "brecknell.org", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'o', 'r', 'g', '\0', + /* "breda.computer", true */ 'b', 'r', 'e', 'd', 'a', '.', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '\0', + /* "bredvid.no", true */ 'b', 'r', 'e', 'd', 'v', 'i', 'd', '.', 'n', 'o', '\0', + /* "breechdepot.com", false */ 'b', 'r', 'e', 'e', 'c', 'h', 'd', 'e', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "breeethretail.ru", false */ 'b', 'r', 'e', 'e', 'e', 't', 'h', 'r', 'e', 't', 'a', 'i', 'l', '.', 'r', 'u', '\0', + /* "breest.net", true */ 'b', 'r', 'e', 'e', 's', 't', '.', 'n', 'e', 't', '\0', + /* "breeswish.org", true */ 'b', 'r', 'e', 'e', 's', 'w', 'i', 's', 'h', '.', 'o', 'r', 'g', '\0', + /* "breeyn.com", true */ 'b', 'r', 'e', 'e', 'y', 'n', '.', 'c', 'o', 'm', '\0', + /* "brefy.com", true */ 'b', 'r', 'e', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "brege.org", true */ 'b', 'r', 'e', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "bregnedalsystems.dk", true */ 'b', 'r', 'e', 'g', 'n', 'e', 'd', 'a', 'l', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'd', 'k', '\0', + /* "breitbild-beamer.de", true */ 'b', 'r', 'e', 'i', 't', 'b', 'i', 'l', 'd', '-', 'b', 'e', 'a', 'm', 'e', 'r', '.', 'd', 'e', '\0', + /* "brejoc.com", true */ 'b', 'r', 'e', 'j', 'o', 'c', '.', 'c', 'o', 'm', '\0', + /* "bremensaki.com", true */ 'b', 'r', 'e', 'm', 'e', 'n', 's', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "brendanscherer.com", true */ 'b', 'r', 'e', 'n', 'd', 'a', 'n', 's', 'c', 'h', 'e', 'r', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "brentacampbell.com", true */ 'b', 'r', 'e', 'n', 't', 'a', 'c', 'a', 'm', 'p', 'b', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "brentnewbury.com", true */ 'b', 'r', 'e', 'n', 't', 'n', 'e', 'w', 'b', 'u', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "bressier.fr", true */ 'b', 'r', 'e', 's', 's', 'i', 'e', 'r', '.', 'f', 'r', '\0', + /* "bretcarmichael.com", true */ 'b', 'r', 'e', 't', 'c', 'a', 'r', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "brettabel.com", true */ 'b', 'r', 'e', 't', 't', 'a', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "brettcornwall.com", true */ 'b', 'r', 'e', 't', 't', 'c', 'o', 'r', 'n', 'w', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "brettelliff.com", true */ 'b', 'r', 'e', 't', 't', 'e', 'l', 'l', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "bretz-hufer.de", true */ 'b', 'r', 'e', 't', 'z', '-', 'h', 'u', 'f', 'e', 'r', '.', 'd', 'e', '\0', + /* "bretzner.fr", true */ 'b', 'r', 'e', 't', 'z', 'n', 'e', 'r', '.', 'f', 'r', '\0', + /* "brevboxar.se", true */ 'b', 'r', 'e', 'v', 'b', 'o', 'x', 'a', 'r', '.', 's', 'e', '\0', + /* "brewsouth.com", true */ 'b', 'r', 'e', 'w', 's', 'o', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "brewtrackr.com", true */ 'b', 'r', 'e', 'w', 't', 'r', 'a', 'c', 'k', 'r', '.', 'c', 'o', 'm', '\0', + /* "brfvh24.se", true */ 'b', 'r', 'f', 'v', 'h', '2', '4', '.', 's', 'e', '\0', + /* "brgins.com", true */ 'b', 'r', 'g', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "brianalaway.com", true */ 'b', 'r', 'i', 'a', 'n', 'a', 'l', 'a', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "brianalawayconsulting.com", true */ 'b', 'r', 'i', 'a', 'n', 'a', 'l', 'a', 'w', 'a', 'y', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "brianfoshee.com", true */ 'b', 'r', 'i', 'a', 'n', 'f', 'o', 's', 'h', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "brianlanders.us", true */ 'b', 'r', 'i', 'a', 'n', 'l', 'a', 'n', 'd', 'e', 'r', 's', '.', 'u', 's', '\0', + /* "brianmwaters.net", true */ 'b', 'r', 'i', 'a', 'n', 'm', 'w', 'a', 't', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "brianroadifer.com", true */ 'b', 'r', 'i', 'a', 'n', 'r', 'o', 'a', 'd', 'i', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "briansmith.org", true */ 'b', 'r', 'i', 'a', 'n', 's', 'm', 'i', 't', 'h', '.', 'o', 'r', 'g', '\0', + /* "briantkatch.com", true */ 'b', 'r', 'i', 'a', 'n', 't', 'k', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "brianwesaala.com", true */ 'b', 'r', 'i', 'a', 'n', 'w', 'e', 's', 'a', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "brickftp.com", true */ 'b', 'r', 'i', 'c', 'k', 'f', 't', 'p', '.', 'c', 'o', 'm', '\0', + /* "brickheroes.com", true */ 'b', 'r', 'i', 'c', 'k', 'h', 'e', 'r', 'o', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "brickvortex.com", true */ 'b', 'r', 'i', 'c', 'k', 'v', 'o', 'r', 't', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "brickwerks.io", true */ 'b', 'r', 'i', 'c', 'k', 'w', 'e', 'r', 'k', 's', '.', 'i', 'o', '\0', + /* "bricolajeux.ch", true */ 'b', 'r', 'i', 'c', 'o', 'l', 'a', 'j', 'e', 'u', 'x', '.', 'c', 'h', '\0', + /* "brid.gy", false */ 'b', 'r', 'i', 'd', '.', 'g', 'y', '\0', + /* "brideandgroomdirect.ie", true */ 'b', 'r', 'i', 'd', 'e', 'a', 'n', 'd', 'g', 'r', 'o', 'o', 'm', 'd', 'i', 'r', 'e', 'c', 't', '.', 'i', 'e', '\0', + /* "bridgeglobalmarketing.com", true */ 'b', 'r', 'i', 'd', 'g', 'e', 'g', 'l', 'o', 'b', 'a', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "bridgeout.com", true */ 'b', 'r', 'i', 'd', 'g', 'e', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "bridgevest.com", true */ 'b', 'r', 'i', 'd', 'g', 'e', 'v', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "bridgingdirectory.com", true */ 'b', 'r', 'i', 'd', 'g', 'i', 'n', 'g', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "brie.tech", true */ 'b', 'r', 'i', 'e', '.', 't', 'e', 'c', 'h', '\0', + /* "briefhansa.de", true */ 'b', 'r', 'i', 'e', 'f', 'h', 'a', 'n', 's', 'a', '.', 'd', 'e', '\0', + /* "brighouse-leisure.co.uk", true */ 'b', 'r', 'i', 'g', 'h', 'o', 'u', 's', 'e', '-', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "brightday.bz", true */ 'b', 'r', 'i', 'g', 'h', 't', 'd', 'a', 'y', '.', 'b', 'z', '\0', + /* "brightfuturemadebyme.com", true */ 'b', 'r', 'i', 'g', 'h', 't', 'f', 'u', 't', 'u', 'r', 'e', 'm', 'a', 'd', 'e', 'b', 'y', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "brightonbank.com", true */ 'b', 'r', 'i', 'g', 'h', 't', 'o', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "brightonbouncycastles.net", true */ 'b', 'r', 'i', 'g', 'h', 't', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "brigidaarie.com", true */ 'b', 'r', 'i', 'g', 'i', 'd', 'a', 'a', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "brilliantbouncyfun.co.uk", true */ 'b', 'r', 'i', 'l', 'l', 'i', 'a', 'n', 't', 'b', 'o', 'u', 'n', 'c', 'y', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "brilliantdecisionmaking.com", true */ 'b', 'r', 'i', 'l', 'l', 'i', 'a', 'n', 't', 'd', 'e', 'c', 'i', 's', 'i', 'o', 'n', 'm', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "brilliantproductions.co.nz", true */ 'b', 'r', 'i', 'l', 'l', 'i', 'a', 'n', 't', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "brinkhu.is", true */ 'b', 'r', 'i', 'n', 'k', 'h', 'u', '.', 'i', 's', '\0', + /* "brinkmann.one", true */ 'b', 'r', 'i', 'n', 'k', 'm', 'a', 'n', 'n', '.', 'o', 'n', 'e', '\0', + /* "brinquedoseducativos.art.br", true */ 'b', 'r', 'i', 'n', 'q', 'u', 'e', 'd', 'o', 's', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'v', 'o', 's', '.', 'a', 'r', 't', '.', 'b', 'r', '\0', + /* "brio-shop.ch", true */ 'b', 'r', 'i', 'o', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0', + /* "brisbanelogistics.com.au", true */ 'b', 'r', 'i', 's', 'b', 'a', 'n', 'e', 'l', 'o', 'g', 'i', 's', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "bristebein.com", true */ 'b', 'r', 'i', 's', 't', 'e', 'b', 'e', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "bristolandwestonsuperbounce.com", true */ 'b', 'r', 'i', 's', 't', 'o', 'l', 'a', 'n', 'd', 'w', 'e', 's', 't', 'o', 'n', 's', 'u', 'p', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "britelocate.com", true */ 'b', 'r', 'i', 't', 'e', 'l', 'o', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "britishbeef.com", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'b', 'e', 'e', 'f', '.', 'c', 'o', 'm', '\0', + /* "britishbookmakers.co.uk", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "britishgroupsg.com", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'g', 'r', 'o', 'u', 'p', 's', 'g', '.', 'c', 'o', 'm', '\0', + /* "britishmeat.com", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'm', 'e', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "britishsciencefestival.org", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "britishscienceweek.org", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'w', 'e', 'e', 'k', '.', 'o', 'r', 'g', '\0', + /* "britneyclause.com", true */ 'b', 'r', 'i', 't', 'n', 'e', 'y', 'c', 'l', 'a', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "britton-photography.com", true */ 'b', 'r', 'i', 't', 't', 'o', 'n', '-', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "brivadois.ovh", true */ 'b', 'r', 'i', 'v', 'a', 'd', 'o', 'i', 's', '.', 'o', 'v', 'h', '\0', + /* "brmascots.com", true */ 'b', 'r', 'm', 'a', 's', 'c', 'o', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "brmsalescommunity.com", true */ 'b', 'r', 'm', 's', 'a', 'l', 'e', 's', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "brn.by", true */ 'b', 'r', 'n', '.', 'b', 'y', '\0', + /* "bro.hk", true */ 'b', 'r', 'o', '.', 'h', 'k', '\0', + /* "broadsheet.com.au", true */ 'b', 'r', 'o', 'a', 'd', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "brockmeyer.net", true */ 'b', 'r', 'o', 'c', 'k', 'm', 'e', 'y', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "brockmeyer.org", true */ 'b', 'r', 'o', 'c', 'k', 'm', 'e', 'y', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "brodowski.cc", true */ 'b', 'r', 'o', 'd', 'o', 'w', 's', 'k', 'i', '.', 'c', 'c', '\0', + /* "broersma.com", true */ 'b', 'r', 'o', 'e', 'r', 's', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "broerweb.nl", true */ 'b', 'r', 'o', 'e', 'r', 'w', 'e', 'b', '.', 'n', 'l', '\0', + /* "broeselei.at", true */ 'b', 'r', 'o', 'e', 's', 'e', 'l', 'e', 'i', '.', 'a', 't', '\0', + /* "brokenhands.io", true */ 'b', 'r', 'o', 'k', 'e', 'n', 'h', 'a', 'n', 'd', 's', '.', 'i', 'o', '\0', + /* "brokenjoysticks.net", true */ 'b', 'r', 'o', 'k', 'e', 'n', 'j', 'o', 'y', 's', 't', 'i', 'c', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "brokervalues.com", true */ 'b', 'r', 'o', 'k', 'e', 'r', 'v', 'a', 'l', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "brompton-cocktail.com", true */ 'b', 'r', 'o', 'm', 'p', 't', 'o', 'n', '-', 'c', 'o', 'c', 'k', 't', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "bronetb2b.com.br", true */ 'b', 'r', 'o', 'n', 'e', 't', 'b', '2', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bronevichok.ru", true */ 'b', 'r', 'o', 'n', 'e', 'v', 'i', 'c', 'h', 'o', 'k', '.', 'r', 'u', '\0', + /* "bronwynlewis.com", false */ 'b', 'r', 'o', 'n', 'w', 'y', 'n', 'l', 'e', 'w', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "brooke-fan.com", true */ 'b', 'r', 'o', 'o', 'k', 'e', '-', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "brookehatton.com", true */ 'b', 'r', 'o', 'o', 'k', 'e', 'h', 'a', 't', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "brooklynrealestateblog.com", true */ 'b', 'r', 'o', 'o', 'k', 'l', 'y', 'n', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "brossman.it", true */ 'b', 'r', 'o', 's', 's', 'm', 'a', 'n', '.', 'i', 't', '\0', + /* "brossmanit.com", true */ 'b', 'r', 'o', 's', 's', 'm', 'a', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "brother-printsmart.nl", true */ 'b', 'r', 'o', 't', 'h', 'e', 'r', '-', 'p', 'r', 'i', 'n', 't', 's', 'm', 'a', 'r', 't', '.', 'n', 'l', '\0', + /* "brouillard.ch", true */ 'b', 'r', 'o', 'u', 'i', 'l', 'l', 'a', 'r', 'd', '.', 'c', 'h', '\0', + /* "brownfieldstsc.org", true */ 'b', 'r', 'o', 'w', 'n', 'f', 'i', 'e', 'l', 'd', 's', 't', 's', 'c', '.', 'o', 'r', 'g', '\0', + /* "brownlawoffice.us", true */ 'b', 'r', 'o', 'w', 'n', 'l', 'a', 'w', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'u', 's', '\0', + /* "browsedns.net", true */ 'b', 'r', 'o', 'w', 's', 'e', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "bru6.de", true */ 'b', 'r', 'u', '6', '.', 'd', 'e', '\0', + /* "brucemartin.net", true */ 'b', 'r', 'u', 'c', 'e', 'm', 'a', 'r', 't', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "brucemobile.de", true */ 'b', 'r', 'u', 'c', 'e', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'd', 'e', '\0', + /* "bruck.me", true */ 'b', 'r', 'u', 'c', 'k', '.', 'm', 'e', '\0', + /* "bruckner.li", true */ 'b', 'r', 'u', 'c', 'k', 'n', 'e', 'r', '.', 'l', 'i', '\0', + /* "bruna-cdn.nl", true */ 'b', 'r', 'u', 'n', 'a', '-', 'c', 'd', 'n', '.', 'n', 'l', '\0', + /* "brunn.email", true */ 'b', 'r', 'u', 'n', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "brunner.ninja", true */ 'b', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "brunoramos.com", true */ 'b', 'r', 'u', 'n', 'o', 'r', 'a', 'm', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "brunoramos.org", true */ 'b', 'r', 'u', 'n', 'o', 'r', 'a', 'm', 'o', 's', '.', 'o', 'r', 'g', '\0', + /* "brunosouza.org", true */ 'b', 'r', 'u', 'n', 'o', 's', 'o', 'u', 'z', 'a', '.', 'o', 'r', 'g', '\0', + /* "bruun.co", true */ 'b', 'r', 'u', 'u', 'n', '.', 'c', 'o', '\0', + /* "bryankaplan.com", true */ 'b', 'r', 'y', 'a', 'n', 'k', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "bryanquigley.com", true */ 'b', 'r', 'y', 'a', 'n', 'q', 'u', 'i', 'g', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "bryanshearer.accountant", true */ 'b', 'r', 'y', 'a', 'n', 's', 'h', 'e', 'a', 'r', 'e', 'r', '.', 'a', 'c', 'c', 'o', 'u', 'n', 't', 'a', 'n', 't', '\0', + /* "bs-network.net", true */ 'b', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "bs-security.com", true */ 'b', 's', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "bs.sb", true */ 'b', 's', '.', 's', 'b', '\0', + /* "bs.to", true */ 'b', 's', '.', 't', 'o', '\0', + /* "bsagan.fr", true */ 'b', 's', 'a', 'g', 'a', 'n', '.', 'f', 'r', '\0', + /* "bsc-rietz.at", true */ 'b', 's', 'c', '-', 'r', 'i', 'e', 't', 'z', '.', 'a', 't', '\0', + /* "bsc01.dyndns.org", true */ 'b', 's', 'c', '0', '1', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "bsdfreak.dk", true */ 'b', 's', 'd', 'f', 'r', 'e', 'a', 'k', '.', 'd', 'k', '\0', + /* "bsdracing.ca", true */ 'b', 's', 'd', 'r', 'a', 'c', 'i', 'n', 'g', '.', 'c', 'a', '\0', + /* "bsdug.org", true */ 'b', 's', 'd', 'u', 'g', '.', 'o', 'r', 'g', '\0', + /* "bsdunix.xyz", true */ 'b', 's', 'd', 'u', 'n', 'i', 'x', '.', 'x', 'y', 'z', '\0', + /* "bsg-aok-muenchen.de", true */ 'b', 's', 'g', '-', 'a', 'o', 'k', '-', 'm', 'u', 'e', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "bsidesf.com", true */ 'b', 's', 'i', 'd', 'e', 's', 'f', '.', 'c', 'o', 'm', '\0', + /* "bsidesf.org", true */ 'b', 's', 'i', 'd', 'e', 's', 'f', '.', 'o', 'r', 'g', '\0', + /* "bsidessf.com", true */ 'b', 's', 'i', 'd', 'e', 's', 's', 'f', '.', 'c', 'o', 'm', '\0', + /* "bsociabl.com", true */ 'b', 's', 'o', 'c', 'i', 'a', 'b', 'l', '.', 'c', 'o', 'm', '\0', + /* "bsohoekvanholland.nl", true */ 'b', 's', 'o', 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "bsquared.org", true */ 'b', 's', 'q', 'u', 'a', 'r', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "bstoked.net", true */ 'b', 's', 't', 'o', 'k', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "bsw-solution.de", true */ 'b', 's', 'w', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "bt123.xyz", true */ 'b', 't', '1', '2', '3', '.', 'x', 'y', 'z', '\0', + /* "bta.lv", false */ 'b', 't', 'a', '.', 'l', 'v', '\0', + /* "btc2secure.com", true */ 'b', 't', 'c', '2', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "btcarmory.com", true */ 'b', 't', 'c', 'a', 'r', 'm', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "btcgo.nl", true */ 'b', 't', 'c', 'g', 'o', '.', 'n', 'l', '\0', + /* "btcontract.com", true */ 'b', 't', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "btcpop.co", true */ 'b', 't', 'c', 'p', 'o', 'p', '.', 'c', 'o', '\0', + /* "btcycle.org", true */ 'b', 't', 'c', 'y', 'c', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "btio.pw", true */ 'b', 't', 'i', 'o', '.', 'p', 'w', '\0', + /* "btku.org", true */ 'b', 't', 'k', 'u', '.', 'o', 'r', 'g', '\0', + /* "btnissanparts.com", true */ 'b', 't', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "btorrent.xyz", true */ 'b', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'x', 'y', 'z', '\0', + /* "btrb.ml", true */ 'b', 't', 'r', 'b', '.', 'm', 'l', '\0', + /* "btserv.de", true */ 'b', 't', 's', 'e', 'r', 'v', '.', 'd', 'e', '\0', + /* "btsoft.eu", true */ 'b', 't', 's', 'o', 'f', 't', '.', 'e', 'u', '\0', + /* "btsow.com", true */ 'b', 't', 's', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "btth.pl", true */ 'b', 't', 't', 'h', '.', 'p', 'l', '\0', + /* "btth.tv", true */ 'b', 't', 't', 'h', '.', 't', 'v', '\0', + /* "btth.xyz", true */ 'b', 't', 't', 'h', '.', 'x', 'y', 'z', '\0', + /* "bubba.cc", true */ 'b', 'u', 'b', 'b', 'a', '.', 'c', 'c', '\0', + /* "bubblegumblog.com", true */ 'b', 'u', 'b', 'b', 'l', 'e', 'g', 'u', 'm', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "bubblespetspa.com", true */ 'b', 'u', 'b', 'b', 'l', 'e', 's', 'p', 'e', 't', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "bubblinghottubs.co.uk", true */ 'b', 'u', 'b', 'b', 'l', 'i', 'n', 'g', 'h', 'o', 't', 't', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bubblybouncers.co.uk", true */ 'b', 'u', 'b', 'b', 'l', 'y', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bubhub.io", true */ 'b', 'u', 'b', 'h', 'u', 'b', '.', 'i', 'o', '\0', + /* "buch-angucken.de", true */ 'b', 'u', 'c', 'h', '-', 'a', 'n', 'g', 'u', 'c', 'k', 'e', 'n', '.', 'd', 'e', '\0', + /* "buck.com", true */ 'b', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "buckmulligans.com", true */ 'b', 'u', 'c', 'k', 'm', 'u', 'l', 'l', 'i', 'g', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "buckypaper.com", true */ 'b', 'u', 'c', 'k', 'y', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "budaev-shop.ru", true */ 'b', 'u', 'd', 'a', 'e', 'v', '-', 's', 'h', 'o', 'p', '.', 'r', 'u', '\0', + /* "buddhistische-weisheiten.org", true */ 'b', 'u', 'd', 'd', 'h', 'i', 's', 't', 'i', 's', 'c', 'h', 'e', '-', 'w', 'e', 'i', 's', 'h', 'e', 'i', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "buddie5.com", true */ 'b', 'u', 'd', 'd', 'i', 'e', '5', '.', 'c', 'o', 'm', '\0', + /* "buddlycrafts.com", true */ 'b', 'u', 'd', 'd', 'l', 'y', 'c', 'r', 'a', 'f', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "buddyworks.net", true */ 'b', 'u', 'd', 'd', 'y', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "budeanu.com", true */ 'b', 'u', 'd', 'e', 'a', 'n', 'u', '.', 'c', 'o', 'm', '\0', + /* "buderus-family.be", true */ 'b', 'u', 'd', 'e', 'r', 'u', 's', '-', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'b', 'e', '\0', + /* "budger.nl", true */ 'b', 'u', 'd', 'g', 'e', 'r', '.', 'n', 'l', '\0', + /* "budgetalk.com", true */ 'b', 'u', 'd', 'g', 'e', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0', + /* "budgetcastlehire.co.uk", true */ 'b', 'u', 'd', 'g', 'e', 't', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "budgetenergievriendenvoordeel.nl", true */ 'b', 'u', 'd', 'g', 'e', 't', 'e', 'n', 'e', 'r', 'g', 'i', 'e', 'v', 'r', 'i', 'e', 'n', 'd', 'e', 'n', 'v', 'o', 'o', 'r', 'd', 'e', 'e', 'l', '.', 'n', 'l', '\0', + /* "budgetlob.gov", true */ 'b', 'u', 'd', 'g', 'e', 't', 'l', 'o', 'b', '.', 'g', 'o', 'v', '\0', + /* "budgetlovers.nl", true */ 'b', 'u', 'd', 'g', 'e', 't', 'l', 'o', 'v', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "budgiesballoons.com", true */ 'b', 'u', 'd', 'g', 'i', 'e', 's', 'b', 'a', 'l', 'l', 'o', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "budntod.com", true */ 'b', 'u', 'd', 'n', 't', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "budolfs.de", true */ 'b', 'u', 'd', 'o', 'l', 'f', 's', '.', 'd', 'e', '\0', + /* "buehnenbande.ch", false */ 'b', 'u', 'e', 'h', 'n', 'e', 'n', 'b', 'a', 'n', 'd', 'e', '.', 'c', 'h', '\0', + /* "bueltge.de", true */ 'b', 'u', 'e', 'l', 't', 'g', 'e', '.', 'd', 'e', '\0', + /* "buenotour.ru", true */ 'b', 'u', 'e', 'n', 'o', 't', 'o', 'u', 'r', '.', 'r', 'u', '\0', + /* "buergerdialog.net", true */ 'b', 'u', 'e', 'r', 'g', 'e', 'r', 'd', 'i', 'a', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0', + /* "buergerhaushalt.com", true */ 'b', 'u', 'e', 'r', 'g', 'e', 'r', 'h', 'a', 'u', 's', 'h', 'a', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "buettgens.net", true */ 'b', 'u', 'e', 't', 't', 'g', 'e', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "buffaloautomation.com", true */ 'b', 'u', 'f', 'f', 'a', 'l', 'o', 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "buffalodrinkinggame.beer", true */ 'b', 'u', 'f', 'f', 'a', 'l', 'o', 'd', 'r', 'i', 'n', 'k', 'i', 'n', 'g', 'g', 'a', 'm', 'e', '.', 'b', 'e', 'e', 'r', '\0', + /* "buffhack.com", false */ 'b', 'u', 'f', 'f', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "bug.blue", true */ 'b', 'u', 'g', '.', 'b', 'l', 'u', 'e', '\0', + /* "bugcrowd.com", true */ 'b', 'u', 'g', 'c', 'r', 'o', 'w', 'd', '.', 'c', 'o', 'm', '\0', + /* "bugs.chromium.org", true */ 'b', 'u', 'g', 's', '.', 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "bugtrack.co.uk", true */ 'b', 'u', 'g', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bugwie.com", true */ 'b', 'u', 'g', 'w', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "bugzil.la", true */ 'b', 'u', 'g', 'z', 'i', 'l', '.', 'l', 'a', '\0', + /* "bugzilla.mozilla.org", true */ 'b', 'u', 'g', 'z', 'i', 'l', 'l', 'a', '.', 'm', 'o', 'z', 'i', 'l', 'l', 'a', '.', 'o', 'r', 'g', '\0', + /* "buiko.com", true */ 'b', 'u', 'i', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "build.chromium.org", true */ 'b', 'u', 'i', 'l', 'd', '.', 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "buildbox.io", true */ 'b', 'u', 'i', 'l', 'd', 'b', 'o', 'x', '.', 'i', 'o', '\0', + /* "buildbytes.com", true */ 'b', 'u', 'i', 'l', 'd', 'b', 'y', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "building-cost-estimators.com", true */ 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '-', 'c', 'o', 's', 't', '-', 'e', 's', 't', 'i', 'm', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "buildingcostestimators.co.uk", true */ 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 'c', 'o', 's', 't', 'e', 's', 't', 'i', 'm', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "builditsolutions.net", true */ 'b', 'u', 'i', 'l', 'd', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "buildkite.com", true */ 'b', 'u', 'i', 'l', 'd', 'k', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "buildplease.com", true */ 'b', 'u', 'i', 'l', 'd', 'p', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "buildrightbuildingservicesltd.co.uk", true */ 'b', 'u', 'i', 'l', 'd', 'r', 'i', 'g', 'h', 't', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', 'l', 't', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "builtvisible.com", true */ 'b', 'u', 'i', 'l', 't', 'v', 'i', 's', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "builtwith.com", true */ 'b', 'u', 'i', 'l', 't', 'w', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "buka.jp", true */ 'b', 'u', 'k', 'a', '.', 'j', 'p', '\0', + /* "bukkenfan.jp", true */ 'b', 'u', 'k', 'k', 'e', 'n', 'f', 'a', 'n', '.', 'j', 'p', '\0', + /* "bul3seas.eu", true */ 'b', 'u', 'l', '3', 's', 'e', 'a', 's', '.', 'e', 'u', '\0', + /* "bulario.com", true */ 'b', 'u', 'l', 'a', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "bulbcompare.com", true */ 'b', 'u', 'l', 'b', 'c', 'o', 'm', 'p', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "bulbgenie.com", true */ 'b', 'u', 'l', 'b', 'g', 'e', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "buldogueingles.com.br", true */ 'b', 'u', 'l', 'd', 'o', 'g', 'u', 'e', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bulkcandystore.com", true */ 'b', 'u', 'l', 'k', 'c', 'a', 'n', 'd', 'y', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "bulkingtime.com", true */ 'b', 'u', 'l', 'k', 'i', 'n', 'g', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "bulktrade.de", true */ 'b', 'u', 'l', 'k', 't', 'r', 'a', 'd', 'e', '.', 'd', 'e', '\0', + /* "bulkwholesalesweets.co.uk", true */ 'b', 'u', 'l', 'k', 'w', 'h', 'o', 'l', 'e', 's', 'a', 'l', 'e', 's', 'w', 'e', 'e', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bulldog-hosting.de", true */ 'b', 'u', 'l', 'l', 'd', 'o', 'g', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "bulldoghire.co.uk", true */ 'b', 'u', 'l', 'l', 'd', 'o', 'g', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bulledair-savons.ch", true */ 'b', 'u', 'l', 'l', 'e', 'd', 'a', 'i', 'r', '-', 's', 'a', 'v', 'o', 'n', 's', '.', 'c', 'h', '\0', + /* "bullettags.com", true */ 'b', 'u', 'l', 'l', 'e', 't', 't', 'a', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "bullterrier.nu", true */ 'b', 'u', 'l', 'l', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'n', 'u', '\0', + /* "bulmastife.com.br", true */ 'b', 'u', 'l', 'm', 'a', 's', 't', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bulwarkhost.com", true */ 'b', 'u', 'l', 'w', 'a', 'r', 'k', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "bumshow.ru", true */ 'b', 'u', 'm', 's', 'h', 'o', 'w', '.', 'r', 'u', '\0', + /* "bunadarbankinn.is", true */ 'b', 'u', 'n', 'a', 'd', 'a', 'r', 'b', 'a', 'n', 'k', 'i', 'n', 'n', '.', 'i', 's', '\0', + /* "bunbun.be", false */ 'b', 'u', 'n', 'b', 'u', 'n', '.', 'b', 'e', '\0', + /* "bund-von-theramore.de", true */ 'b', 'u', 'n', 'd', '-', 'v', 'o', 'n', '-', 't', 'h', 'e', 'r', 'a', 'm', 'o', 'r', 'e', '.', 'd', 'e', '\0', + /* "bundaberg.com", true */ 'b', 'u', 'n', 'd', 'a', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "bundespolizei-forum.de", true */ 'b', 'u', 'n', 'd', 'e', 's', 'p', 'o', 'l', 'i', 'z', 'e', 'i', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "bunkyo-life.com", true */ 'b', 'u', 'n', 'k', 'y', 'o', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "bunny-rabbits.com", true */ 'b', 'u', 'n', 'n', 'y', '-', 'r', 'a', 'b', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "bunnyvishal.com", true */ 'b', 'u', 'n', 'n', 'y', 'v', 'i', 's', 'h', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "bunzy.ca", true */ 'b', 'u', 'n', 'z', 'y', '.', 'c', 'a', '\0', + /* "buonventosbt.eu", true */ 'b', 'u', 'o', 'n', 'v', 'e', 'n', 't', 'o', 's', 'b', 't', '.', 'e', 'u', '\0', + /* "bupropion.com", true */ 'b', 'u', 'p', 'r', 'o', 'p', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "burcevo.info", true */ 'b', 'u', 'r', 'c', 'e', 'v', 'o', '.', 'i', 'n', 'f', 'o', '\0', + /* "burckardtnet.de", true */ 'b', 'u', 'r', 'c', 'k', 'a', 'r', 'd', 't', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "burgers.io", true */ 'b', 'u', 'r', 'g', 'e', 'r', 's', '.', 'i', 'o', '\0', + /* "burghardt.pl", true */ 'b', 'u', 'r', 'g', 'h', 'a', 'r', 'd', 't', '.', 'p', 'l', '\0', + /* "buri.be", false */ 'b', 'u', 'r', 'i', '.', 'b', 'e', '\0', + /* "buricloud.fr", true */ 'b', 'u', 'r', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'f', 'r', '\0', + /* "burke.services", true */ 'b', 'u', 'r', 'k', 'e', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0', + /* "burlapsac.ca", true */ 'b', 'u', 'r', 'l', 'a', 'p', 's', 'a', 'c', '.', 'c', 'a', '\0', + /* "burnerfitness.com", true */ 'b', 'u', 'r', 'n', 'e', 'r', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "burnhamonseabouncycastles.co.uk", true */ 'b', 'u', 'r', 'n', 'h', 'a', 'm', 'o', 'n', 's', 'e', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "burningbird.net", true */ 'b', 'u', 'r', 'n', 'i', 'n', 'g', 'b', 'i', 'r', 'd', '.', 'n', 'e', 't', '\0', + /* "burningflipside.com", false */ 'b', 'u', 'r', 'n', 'i', 'n', 'g', 'f', 'l', 'i', 'p', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "burntfish.com", true */ 'b', 'u', 'r', 'n', 't', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "burnworks.com", true */ 'b', 'u', 'r', 'n', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "buronwater.com", true */ 'b', 'u', 'r', 'o', 'n', 'w', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "burr.is", true */ 'b', 'u', 'r', 'r', '.', 'i', 's', '\0', + /* "burroughsid.com", true */ 'b', 'u', 'r', 'r', 'o', 'u', 'g', 'h', 's', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "bursaries-southafrica.co.za", true */ 'b', 'u', 'r', 's', 'a', 'r', 'i', 'e', 's', '-', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "burtrum.family", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0', + /* "burtrum.me", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'm', 'e', '\0', + /* "burtrum.name", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'n', 'a', 'm', 'e', '\0', + /* "burtrum.org", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "burzmali.com", true */ 'b', 'u', 'r', 'z', 'm', 'a', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "buserror.cn", true */ 'b', 'u', 's', 'e', 'r', 'r', 'o', 'r', '.', 'c', 'n', '\0', + /* "bushbaby.com", true */ 'b', 'u', 's', 'h', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "bushcraftfriends.com", true */ 'b', 'u', 's', 'h', 'c', 'r', 'a', 'f', 't', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "busindre.com", true */ 'b', 'u', 's', 'i', 'n', 'd', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "business-garden.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "business.facebook.com", false */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "businessadviceperth.com.au", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'a', 'd', 'v', 'i', 'c', 'e', 'p', 'e', 'r', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "businessamongus.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'a', 'm', 'o', 'n', 'g', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "businesscentermarin.ch", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'c', 'e', 'n', 't', 'e', 'r', 'm', 'a', 'r', 'i', 'n', '.', 'c', 'h', '\0', + /* "businessesdirectory.eu", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'e', 's', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'e', 'u', '\0', + /* "businessetmarketing.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'e', 't', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "businessimmigration-eu.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '-', 'e', 'u', '.', 'c', 'o', 'm', '\0', + /* "businessimmigration-eu.ru", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '-', 'e', 'u', '.', 'r', 'u', '\0', + /* "bustadice.com", true */ 'b', 'u', 's', 't', 'a', 'd', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "bustimes.org", true */ 'b', 'u', 's', 't', 'i', 'm', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "bustup-tips.com", true */ 'b', 'u', 's', 't', 'u', 'p', '-', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "butarque.es", true */ 'b', 'u', 't', 'a', 'r', 'q', 'u', 'e', '.', 'e', 's', '\0', + /* "buthowdoyoubuygroceries.com", true */ 'b', 'u', 't', 'h', 'o', 'w', 'd', 'o', 'y', 'o', 'u', 'b', 'u', 'y', 'g', 'r', 'o', 'c', 'e', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "butikvip.ru", true */ 'b', 'u', 't', 'i', 'k', 'v', 'i', 'p', '.', 'r', 'u', '\0', + /* "butt.repair", true */ 'b', 'u', 't', 't', '.', 'r', 'e', 'p', 'a', 'i', 'r', '\0', + /* "buttercupstraining.co.uk", true */ 'b', 'u', 't', 't', 'e', 'r', 'c', 'u', 'p', 's', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "buttermilk.cf", true */ 'b', 'u', 't', 't', 'e', 'r', 'm', 'i', 'l', 'k', '.', 'c', 'f', '\0', + /* "buttonline.ch", true */ 'b', 'u', 't', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0', + /* "buturyu.net", true */ 'b', 'u', 't', 'u', 'r', 'y', 'u', '.', 'n', 'e', 't', '\0', + /* "buturyu.org", true */ 'b', 'u', 't', 'u', 'r', 'y', 'u', '.', 'o', 'r', 'g', '\0', + /* "buxum-communication.ch", true */ 'b', 'u', 'x', 'u', 'm', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "buy-thing.com", true */ 'b', 'u', 'y', '-', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "buyaccessible.gov", true */ 'b', 'u', 'y', 'a', 'c', 'c', 'e', 's', 's', 'i', 'b', 'l', 'e', '.', 'g', 'o', 'v', '\0', + /* "buydesired.com", true */ 'b', 'u', 'y', 'd', 'e', 's', 'i', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "buydissertations.com", true */ 'b', 'u', 'y', 'd', 'i', 's', 's', 'e', 'r', 't', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "buyerdocs.com", true */ 'b', 'u', 'y', 'e', 'r', 'd', 'o', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "buyessay.org", true */ 'b', 'u', 'y', 'e', 's', 's', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "buyessays.net", true */ 'b', 'u', 'y', 'e', 's', 's', 'a', 'y', 's', '.', 'n', 'e', 't', '\0', + /* "buyessayscheap.com", true */ 'b', 'u', 'y', 'e', 's', 's', 'a', 'y', 's', 'c', 'h', 'e', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "buyharpoon.com", true */ 'b', 'u', 'y', 'h', 'a', 'r', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "buyinginvestmentproperty.com", true */ 'b', 'u', 'y', 'i', 'n', 'g', 'i', 'n', 'v', 'e', 's', 't', 'm', 'e', 'n', 't', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "buymindhack.com", true */ 'b', 'u', 'y', 'm', 'i', 'n', 'd', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "buypapercheap.net", true */ 'b', 'u', 'y', 'p', 'a', 'p', 'e', 'r', 'c', 'h', 'e', 'a', 'p', '.', 'n', 'e', 't', '\0', + /* "buyseo.store", true */ 'b', 'u', 'y', 's', 'e', 'o', '.', 's', 't', 'o', 'r', 'e', '\0', + /* "buytheway.co.za", true */ 'b', 'u', 'y', 't', 'h', 'e', 'w', 'a', 'y', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "buzz.tools", true */ 'b', 'u', 'z', 'z', '.', 't', 'o', 'o', 'l', 's', '\0', + /* "buzzconf.io", true */ 'b', 'u', 'z', 'z', 'c', 'o', 'n', 'f', '.', 'i', 'o', '\0', + /* "buzzdeck.com", true */ 'b', 'u', 'z', 'z', 'd', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "buzzprint.it", true */ 'b', 'u', 'z', 'z', 'p', 'r', 'i', 'n', 't', '.', 'i', 't', '\0', + /* "bvalle.com", true */ 'b', 'v', 'a', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "bvionline.eu", true */ 'b', 'v', 'i', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0', + /* "bvl.aero", true */ 'b', 'v', 'l', '.', 'a', 'e', 'r', 'o', '\0', + /* "bvv-europe.eu", true */ 'b', 'v', 'v', '-', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'e', 'u', '\0', + /* "bw.codes", true */ 'b', 'w', '.', 'c', 'o', 'd', 'e', 's', '\0', + /* "bwcscorecard.org", true */ 'b', 'w', 'c', 's', 'c', 'o', 'r', 'e', 'c', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "bwh1.net", true */ 'b', 'w', 'h', '1', '.', 'n', 'e', 't', '\0', + /* "bwilkinson.co.uk", true */ 'b', 'w', 'i', 'l', 'k', 'i', 'n', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "bws16.de", true */ 'b', 'w', 's', '1', '6', '.', 'd', 'e', '\0', + /* "bwwb.nu", true */ 'b', 'w', 'w', 'b', '.', 'n', 'u', '\0', + /* "bx-n.de", true */ 'b', 'x', '-', 'n', '.', 'd', 'e', '\0', + /* "bxdev.me", true */ 'b', 'x', 'd', 'e', 'v', '.', 'm', 'e', '\0', + /* "bxp40.at", true */ 'b', 'x', 'p', '4', '0', '.', 'a', 't', '\0', + /* "by1896.com", true */ 'b', 'y', '1', '8', '9', '6', '.', 'c', 'o', 'm', '\0', + /* "by1899.com", true */ 'b', 'y', '1', '8', '9', '9', '.', 'c', 'o', 'm', '\0', + /* "by77.com", true */ 'b', 'y', '7', '7', '.', 'c', 'o', 'm', '\0', + /* "by777.com", true */ 'b', 'y', '7', '7', '7', '.', 'c', 'o', 'm', '\0', + /* "byatte.com", true */ 'b', 'y', 'a', 't', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "byeskille.no", true */ 'b', 'y', 'e', 's', 'k', 'i', 'l', 'l', 'e', '.', 'n', 'o', '\0', + /* "bygningsregistrering.dk", true */ 'b', 'y', 'g', 'n', 'i', 'n', 'g', 's', 'r', 'e', 'g', 'i', 's', 't', 'r', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'k', '\0', + /* "byiu.info", true */ 'b', 'y', 'i', 'u', '.', 'i', 'n', 'f', 'o', '\0', + /* "byken.cn", true */ 'b', 'y', 'k', 'e', 'n', '.', 'c', 'n', '\0', + /* "bymark.co", true */ 'b', 'y', 'm', 'a', 'r', 'k', '.', 'c', 'o', '\0', + /* "bymike.co", true */ 'b', 'y', 'm', 'i', 'k', 'e', '.', 'c', 'o', '\0', + /* "bynder.com", true */ 'b', 'y', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "bypass.sh", true */ 'b', 'y', 'p', 'a', 's', 's', '.', 's', 'h', '\0', + /* "byrko.cz", true */ 'b', 'y', 'r', 'k', 'o', '.', 'c', 'z', '\0', + /* "byrko.sk", true */ 'b', 'y', 'r', 'k', 'o', '.', 's', 'k', '\0', + /* "byronr.com", true */ 'b', 'y', 'r', 'o', 'n', 'r', '.', 'c', 'o', 'm', '\0', + /* "byronwade.com", true */ 'b', 'y', 'r', 'o', 'n', 'w', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "byrtz.de", true */ 'b', 'y', 'r', 't', 'z', '.', 'd', 'e', '\0', + /* "byte-time.com", true */ 'b', 'y', 't', 'e', '-', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "bytearts.net", true */ 'b', 'y', 't', 'e', 'a', 'r', 't', 's', '.', 'n', 'e', 't', '\0', + /* "bytebucket.org", true */ 'b', 'y', 't', 'e', 'b', 'u', 'c', 'k', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "bytecode.no", true */ 'b', 'y', 't', 'e', 'c', 'o', 'd', 'e', '.', 'n', 'o', '\0', + /* "bytejail.com", true */ 'b', 'y', 't', 'e', 'j', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "bytema.cz", true */ 'b', 'y', 't', 'e', 'm', 'a', '.', 'c', 'z', '\0', + /* "bytema.re", true */ 'b', 'y', 't', 'e', 'm', 'a', '.', 'r', 'e', '\0', + /* "byteowls.com", false */ 'b', 'y', 't', 'e', 'o', 'w', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "bytes.fyi", true */ 'b', 'y', 't', 'e', 's', '.', 'f', 'y', 'i', '\0', + /* "bytesatwork.de", true */ 'b', 'y', 't', 'e', 's', 'a', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0', + /* "byteshark.org", true */ 'b', 'y', 't', 'e', 's', 'h', 'a', 'r', 'k', '.', 'o', 'r', 'g', '\0', + /* "bytesizedalex.com", true */ 'b', 'y', 't', 'e', 's', 'i', 'z', 'e', 'd', 'a', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "bytesofcode.de", true */ 'b', 'y', 't', 'e', 's', 'o', 'f', 'c', 'o', 'd', 'e', '.', 'd', 'e', '\0', + /* "bytesunlimited.com", true */ 'b', 'y', 't', 'e', 's', 'u', 'n', 'l', 'i', 'm', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "bytesystems.com", true */ 'b', 'y', 't', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "byteturtle.eu", true */ 'b', 'y', 't', 'e', 't', 'u', 'r', 't', 'l', 'e', '.', 'e', 'u', '\0', + /* "bythisverse.com", true */ 'b', 'y', 't', 'h', 'i', 's', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "byvshie.com", true */ 'b', 'y', 'v', 's', 'h', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "bziaks.xyz", true */ 'b', 'z', 'i', 'a', 'k', 's', '.', 'x', 'y', 'z', '\0', + /* "bzsparks.com", true */ 'b', 'z', 's', 'p', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "bztech.com.br", true */ 'b', 'z', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "bzv-fr.eu", true */ 'b', 'z', 'v', '-', 'f', 'r', '.', 'e', 'u', '\0', + /* "c-aeroconsult.com", true */ 'c', '-', 'a', 'e', 'r', 'o', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "c-path.org", true */ 'c', '-', 'p', 'a', 't', 'h', '.', 'o', 'r', 'g', '\0', + /* "c-rom.fr", true */ 'c', '-', 'r', 'o', 'm', '.', 'f', 'r', '\0', + /* "c-rtx.com", true */ 'c', '-', 'r', 't', 'x', '.', 'c', 'o', 'm', '\0', + /* "c-shock.org", true */ 'c', '-', 's', 'h', 'o', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "c-webdesign.net", true */ 'c', '-', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'n', 'e', 't', '\0', + /* "c-world.co.uk", true */ 'c', '-', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "c.cc", true */ 'c', '.', 'c', 'c', '\0', + /* "c2design.it", true */ 'c', '2', 'd', 'e', 's', 'i', 'g', 'n', '.', 'i', 't', '\0', + /* "c2o-library.net", true */ 'c', '2', 'o', '-', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'n', 'e', 't', '\0', + /* "c2o2.xyz", true */ 'c', '2', 'o', '2', '.', 'x', 'y', 'z', '\0', + /* "c3ie.com", true */ 'c', '3', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "c3vo.de", true */ 'c', '3', 'v', 'o', '.', 'd', 'e', '\0', + /* "c3w.at", true */ 'c', '3', 'w', '.', 'a', 't', '\0', + /* "c4.hk", true */ 'c', '4', '.', 'h', 'k', '\0', + /* "c4539.com", true */ 'c', '4', '5', '3', '9', '.', 'c', 'o', 'm', '\0', + /* "c4k3.net", true */ 'c', '4', 'k', '3', '.', 'n', 'e', 't', '\0', + /* "c7dn.com", true */ 'c', '7', 'd', 'n', '.', 'c', 'o', 'm', '\0', + /* "ca-key.de", true */ 'c', 'a', '-', 'k', 'e', 'y', '.', 'd', 'e', '\0', + /* "ca-terminal-multiservices.fr", true */ 'c', 'a', '-', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', '-', 'm', 'u', 'l', 't', 'i', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'f', 'r', '\0', + /* "ca.gparent.org", true */ 'c', 'a', '.', 'g', 'p', 'a', 'r', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "ca.search.yahoo.com", false */ 'c', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "ca5.de", true */ 'c', 'a', '5', '.', 'd', 'e', '\0', + /* "caasd.org", true */ 'c', 'a', 'a', 's', 'd', '.', 'o', 'r', 'g', '\0', + /* "cabaladada.org", true */ 'c', 'a', 'b', 'a', 'l', 'a', 'd', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0', + /* "cabarave.com", true */ 'c', 'a', 'b', 'a', 'r', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "cabforum.org", true */ 'c', 'a', 'b', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "cablemod.com", true */ 'c', 'a', 'b', 'l', 'e', 'm', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "cablesandkits.com", true */ 'c', 'a', 'b', 'l', 'e', 's', 'a', 'n', 'd', 'k', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "cabotfinancial.co.uk", true */ 'c', 'a', 'b', 'o', 't', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cacao-chocolate.com", true */ 'c', 'a', 'c', 'a', 'o', '-', 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "cacao.supply", true */ 'c', 'a', 'c', 'a', 'o', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0', + /* "cacaolalina.com", true */ 'c', 'a', 'c', 'a', 'o', 'l', 'a', 'l', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "cacaumidade.com.br", true */ 'c', 'a', 'c', 'a', 'u', 'm', 'i', 'd', 'a', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "caceis.bank", true */ 'c', 'a', 'c', 'e', 'i', 's', '.', 'b', 'a', 'n', 'k', '\0', + /* "cachetagalong.com", true */ 'c', 'a', 'c', 'h', 'e', 't', 'a', 'g', 'a', 'l', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "cachethq.io", true */ 'c', 'a', 'c', 'h', 'e', 't', 'h', 'q', '.', 'i', 'o', '\0', + /* "cackette.com", true */ 'c', 'a', 'c', 'k', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "cadenadg.gr", true */ 'c', 'a', 'd', 'e', 'n', 'a', 'd', 'g', '.', 'g', 'r', '\0', + /* "cadetsge.ch", true */ 'c', 'a', 'd', 'e', 't', 's', 'g', 'e', '.', 'c', 'h', '\0', + /* "cadmail.nl", true */ 'c', 'a', 'd', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0', + /* "cadman.pw", true */ 'c', 'a', 'd', 'm', 'a', 'n', '.', 'p', 'w', '\0', + /* "cadooz.com", true */ 'c', 'a', 'd', 'o', 'o', 'z', '.', 'c', 'o', 'm', '\0', + /* "cadorama.fr", true */ 'c', 'a', 'd', 'o', 'r', 'a', 'm', 'a', '.', 'f', 'r', '\0', + /* "cadoth.net", true */ 'c', 'a', 'd', 'o', 't', 'h', '.', 'n', 'e', 't', '\0', + /* "cadsys.net", true */ 'c', 'a', 'd', 's', 'y', 's', '.', 'n', 'e', 't', '\0', + /* "cadusilva.com", true */ 'c', 'a', 'd', 'u', 's', 'i', 'l', 'v', 'a', '.', 'c', 'o', 'm', '\0', + /* "caerostris.com", true */ 'c', 'a', 'e', 'r', 'o', 's', 't', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "caesarkabalan.com", true */ 'c', 'a', 'e', 's', 'a', 'r', 'k', 'a', 'b', 'a', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "cafechesscourt.com", true */ 'c', 'a', 'f', 'e', 'c', 'h', 'e', 's', 's', 'c', 'o', 'u', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "cafefresco.pe", true */ 'c', 'a', 'f', 'e', 'f', 'r', 'e', 's', 'c', 'o', '.', 'p', 'e', '\0', + /* "cafelandia.net", true */ 'c', 'a', 'f', 'e', 'l', 'a', 'n', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "cafeobscura.nl", true */ 'c', 'a', 'f', 'e', 'o', 'b', 's', 'c', 'u', 'r', 'a', '.', 'n', 'l', '\0', + /* "caferagazzi.de", true */ 'c', 'a', 'f', 'e', 'r', 'a', 'g', 'a', 'z', 'z', 'i', '.', 'd', 'e', '\0', + /* "caffeinatedcode.com", true */ 'c', 'a', 'f', 'f', 'e', 'i', 'n', 'a', 't', 'e', 'd', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "cainhosting.com", false */ 'c', 'a', 'i', 'n', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "cairnterrier.com.br", true */ 'c', 'a', 'i', 'r', 'n', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cais.de", true */ 'c', 'a', 'i', 's', '.', 'd', 'e', '\0', + /* "caitcs.com", true */ 'c', 'a', 'i', 't', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "caizx.com", false */ 'c', 'a', 'i', 'z', 'x', '.', 'c', 'o', 'm', '\0', + /* "caja-pdf.es", true */ 'c', 'a', 'j', 'a', '-', 'p', 'd', 'f', '.', 'e', 's', '\0', + /* "cajunuk.co.uk", true */ 'c', 'a', 'j', 'u', 'n', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cake-time.co.uk", true */ 'c', 'a', 'k', 'e', '-', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cakestart.net", true */ 'c', 'a', 'k', 'e', 's', 't', 'a', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "caketoindia.com", true */ 'c', 'a', 'k', 'e', 't', 'o', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "cakingandbaking.com", true */ 'c', 'a', 'k', 'i', 'n', 'g', 'a', 'n', 'd', 'b', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "cal.goip.de", true */ 'c', 'a', 'l', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0', + /* "cal9000.com", true */ 'c', 'a', 'l', '9', '0', '0', '0', '.', 'c', 'o', 'm', '\0', + /* "calaad.net", true */ 'c', 'a', 'l', 'a', 'a', 'd', '.', 'n', 'e', 't', '\0', + /* "calabasaselectrical.com", true */ 'c', 'a', 'l', 'a', 'b', 'a', 's', 'a', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "calaborlawnews.com", true */ 'c', 'a', 'l', 'a', 'b', 'o', 'r', 'l', 'a', 'w', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "calafont.cat", true */ 'c', 'a', 'l', 'a', 'f', 'o', 'n', 't', '.', 'c', 'a', 't', '\0', + /* "calc.pw", true */ 'c', 'a', 'l', 'c', '.', 'p', 'w', '\0', + /* "calculator-imt.com", true */ 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '-', 'i', 'm', 't', '.', 'c', 'o', 'm', '\0', + /* "calculator.tf", true */ 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '.', 't', 'f', '\0', + /* "calcworkshop.com", true */ 'c', 'a', 'l', 'c', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "caldecotevillagehall.co.uk", true */ 'c', 'a', 'l', 'd', 'e', 'c', 'o', 't', 'e', 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'h', 'a', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "calebmorris.com", false */ 'c', 'a', 'l', 'e', 'b', 'm', 'o', 'r', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "calendarr.com", true */ 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 'r', '.', 'c', 'o', 'm', '\0', + /* "calendarsnow.com", true */ 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 's', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "caletka.cz", true */ 'c', 'a', 'l', 'e', 't', 'k', 'a', '.', 'c', 'z', '\0', + /* "calgoty.com", true */ 'c', 'a', 'l', 'g', 'o', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "calibreapp.com", true */ 'c', 'a', 'l', 'i', 'b', 'r', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "calibso.net", true */ 'c', 'a', 'l', 'i', 'b', 's', 'o', '.', 'n', 'e', 't', '\0', + /* "caliderumba.com", true */ 'c', 'a', 'l', 'i', 'd', 'e', 'r', 'u', 'm', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "calidoinvierno.com", true */ 'c', 'a', 'l', 'i', 'd', 'o', 'i', 'n', 'v', 'i', 'e', 'r', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "calixte-concept.fr", true */ 'c', 'a', 'l', 'i', 'x', 't', 'e', '-', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'f', 'r', '\0', + /* "call.me", true */ 'c', 'a', 'l', 'l', '.', 'm', 'e', '\0', + /* "callear.org", true */ 'c', 'a', 'l', 'l', 'e', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "calleveryday.com", true */ 'c', 'a', 'l', 'l', 'e', 'v', 'e', 'r', 'y', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "callhub.io", true */ 'c', 'a', 'l', 'l', 'h', 'u', 'b', '.', 'i', 'o', '\0', + /* "callision.com", true */ 'c', 'a', 'l', 'l', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "calltoar.ms", true */ 'c', 'a', 'l', 'l', 't', 'o', 'a', 'r', '.', 'm', 's', '\0', + /* "calmtech.com", true */ 'c', 'a', 'l', 'm', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "calories.org", true */ 'c', 'a', 'l', 'o', 'r', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "calotte-academy.com", true */ 'c', 'a', 'l', 'o', 't', 't', 'e', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0', + /* "calvin.my", true */ 'c', 'a', 'l', 'v', 'i', 'n', '.', 'm', 'y', '\0', + /* "calypso-tour.net", true */ 'c', 'a', 'l', 'y', 'p', 's', 'o', '-', 't', 'o', 'u', 'r', '.', 'n', 'e', 't', '\0', + /* "calyxengineers.com", true */ 'c', 'a', 'l', 'y', 'x', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "calyxinstitute.org", false */ 'c', 'a', 'l', 'y', 'x', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "camaradivisas.com", true */ 'c', 'a', 'm', 'a', 'r', 'a', 'd', 'i', 'v', 'i', 's', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "camaras.uno", true */ 'c', 'a', 'm', 'a', 'r', 'a', 's', '.', 'u', 'n', 'o', '\0', + /* "camarilloelectrical.com", true */ 'c', 'a', 'm', 'a', 'r', 'i', 'l', 'l', 'o', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "camaya.net", true */ 'c', 'a', 'm', 'a', 'y', 'a', '.', 'n', 'e', 't', '\0', + /* "cambier.org", true */ 'c', 'a', 'm', 'b', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "cambiowatch.ch", true */ 'c', 'a', 'm', 'b', 'i', 'o', 'w', 'a', 't', 'c', 'h', '.', 'c', 'h', '\0', + /* "cambodian.dating", true */ 'c', 'a', 'm', 'b', 'o', 'd', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "cambridgebouncers.co.uk", true */ 'c', 'a', 'm', 'b', 'r', 'i', 'd', 'g', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "camconn.cc", true */ 'c', 'a', 'm', 'c', 'o', 'n', 'n', '.', 'c', 'c', '\0', + /* "camel2243.com", true */ 'c', 'a', 'm', 'e', 'l', '2', '2', '4', '3', '.', 'c', 'o', 'm', '\0', + /* "cameraviva.com.br", true */ 'c', 'a', 'm', 'e', 'r', 'a', 'v', 'i', 'v', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "camerweb.es", true */ 'c', 'a', 'm', 'e', 'r', 'w', 'e', 'b', '.', 'e', 's', '\0', + /* "camilomodzz.net", true */ 'c', 'a', 'm', 'i', 'l', 'o', 'm', 'o', 'd', 'z', 'z', '.', 'n', 'e', 't', '\0', + /* "camp-pleinsoleil.ch", true */ 'c', 'a', 'm', 'p', '-', 'p', 'l', 'e', 'i', 'n', 's', 'o', 'l', 'e', 'i', 'l', '.', 'c', 'h', '\0', + /* "camp.co.uk", true */ 'c', 'a', 'm', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "campaign-ad.com", true */ 'c', 'a', 'm', 'p', 'a', 'i', 'g', 'n', '-', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "campaign.gov.uk", true */ 'c', 'a', 'm', 'p', 'a', 'i', 'g', 'n', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0', + /* "campbrainybunch.com", true */ 'c', 'a', 'm', 'p', 'b', 'r', 'a', 'i', 'n', 'y', 'b', 'u', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "campcambodia.org", true */ 'c', 'a', 'm', 'p', 'c', 'a', 'm', 'b', 'o', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "campcanada.org", true */ 'c', 'a', 'm', 'p', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0', + /* "campeonatoalemao.com.br", true */ 'c', 'a', 'm', 'p', 'e', 'o', 'n', 'a', 't', 'o', 'a', 'l', 'e', 'm', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "camperdays.de", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'd', 'a', 'y', 's', '.', 'd', 'e', '\0', + /* "camperlist.com", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "campermanaustralia.com", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'm', 'a', 'n', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "campertrailerfinance.com.au", true */ 'c', 'a', 'm', 'p', 'e', 'r', 't', 'r', 'a', 'i', 'l', 'e', 'r', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "camperverzekerd.nl", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'v', 'e', 'r', 'z', 'e', 'k', 'e', 'r', 'd', '.', 'n', 'l', '\0', + /* "campfiretails.org", true */ 'c', 'a', 'm', 'p', 'f', 'i', 'r', 'e', 't', 'a', 'i', 'l', 's', '.', 'o', 'r', 'g', '\0', + /* "campfourpaws.com", true */ 'c', 'a', 'm', 'p', 'f', 'o', 'u', 'r', 'p', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "campingdreams.com", true */ 'c', 'a', 'm', 'p', 'i', 'n', 'g', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "campistry.net", true */ 'c', 'a', 'm', 'p', 'i', 's', 't', 'r', 'y', '.', 'n', 'e', 't', '\0', + /* "campula.cz", true */ 'c', 'a', 'm', 'p', 'u', 'l', 'a', '.', 'c', 'z', '\0', + /* "campus-cybersecurity.team", true */ 'c', 'a', 'm', 'p', 'u', 's', '-', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 't', 'e', 'a', 'm', '\0', + /* "campus-finance.com", true */ 'c', 'a', 'm', 'p', 'u', 's', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "campuswire.com", true */ 'c', 'a', 'm', 'p', 'u', 's', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "campwabashi.org", true */ 'c', 'a', 'm', 'p', 'w', 'a', 'b', 'a', 's', 'h', 'i', '.', 'o', 'r', 'g', '\0', + /* "camsky.de", true */ 'c', 'a', 'm', 's', 'k', 'y', '.', 'd', 'e', '\0', + /* "canada-tourisme.ch", true */ 'c', 'a', 'n', 'a', 'd', 'a', '-', 't', 'o', 'u', 'r', 'i', 's', 'm', 'e', '.', 'c', 'h', '\0', + /* "canadalife.de", true */ 'c', 'a', 'n', 'a', 'd', 'a', 'l', 'i', 'f', 'e', '.', 'd', 'e', '\0', + /* "canadasmotorcycle.ca", true */ 'c', 'a', 'n', 'a', 'd', 'a', 's', 'm', 'o', 't', 'o', 'r', 'c', 'y', 'c', 'l', 'e', '.', 'c', 'a', '\0', + /* "canadian.dating", true */ 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "canadianchristianity.com", false */ 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "canadiantouristboard.com", true */ 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 't', 'o', 'u', 'r', 'i', 's', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "canalsidehouse.be", true */ 'c', 'a', 'n', 'a', 'l', 's', 'i', 'd', 'e', 'h', 'o', 'u', 's', 'e', '.', 'b', 'e', '\0', + /* "canalsidehouse.com", true */ 'c', 'a', 'n', 'a', 'l', 's', 'i', 'd', 'e', 'h', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "canarianlegalalliance.com", true */ 'c', 'a', 'n', 'a', 'r', 'i', 'a', 'n', 'l', 'e', 'g', 'a', 'l', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "canarymod.net", false */ 'c', 'a', 'n', 'a', 'r', 'y', 'm', 'o', 'd', '.', 'n', 'e', 't', '\0', + /* "cancerdata.nhs.uk", true */ 'c', 'a', 'n', 'c', 'e', 'r', 'd', 'a', 't', 'a', '.', 'n', 'h', 's', '.', 'u', 'k', '\0', + /* "candicecity.com", true */ 'c', 'a', 'n', 'd', 'i', 'c', 'e', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "candidasa.com", true */ 'c', 'a', 'n', 'd', 'i', 'd', 'a', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "candlcastles.co.uk", true */ 'c', 'a', 'n', 'd', 'l', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cando.eu", true */ 'c', 'a', 'n', 'd', 'o', '.', 'e', 'u', '\0', + /* "candy-it.de", true */ 'c', 'a', 'n', 'd', 'y', '-', 'i', 't', '.', 'd', 'e', '\0', + /* "candykidsentertainment.co.uk", true */ 'c', 'a', 'n', 'd', 'y', 'k', 'i', 'd', 's', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "candylion.rocks", true */ 'c', 'a', 'n', 'd', 'y', 'l', 'i', 'o', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "candyout.com", true */ 'c', 'a', 'n', 'd', 'y', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "canerkorkmaz.com", true */ 'c', 'a', 'n', 'e', 'r', 'k', 'o', 'r', 'k', 'm', 'a', 'z', '.', 'c', 'o', 'm', '\0', + /* "canhazip.com", true */ 'c', 'a', 'n', 'h', 'a', 'z', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "canifis.net", true */ 'c', 'a', 'n', 'i', 'f', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "canihavesome.coffee", true */ 'c', 'a', 'n', 'i', 'h', 'a', 'v', 'e', 's', 'o', 'm', 'e', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "canlidoviz.com", true */ 'c', 'a', 'n', 'l', 'i', 'd', 'o', 'v', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "canmipai.com", true */ 'c', 'a', 'n', 'm', 'i', 'p', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "cannabis-marijuana.com", true */ 'c', 'a', 'n', 'n', 'a', 'b', 'i', 's', '-', 'm', 'a', 'r', 'i', 'j', 'u', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "cannarobotics.com", true */ 'c', 'a', 'n', 'n', 'a', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "cannyfoxx.me", true */ 'c', 'a', 'n', 'n', 'y', 'f', 'o', 'x', 'x', '.', 'm', 'e', '\0', + /* "canoonic.se", true */ 'c', 'a', 'n', 'o', 'o', 'n', 'i', 'c', '.', 's', 'e', '\0', + /* "cantatio.ch", true */ 'c', 'a', 'n', 't', 'a', 't', 'i', 'o', '.', 'c', 'h', '\0', + /* "canterberry.cc", true */ 'c', 'a', 'n', 't', 'e', 'r', 'b', 'e', 'r', 'r', 'y', '.', 'c', 'c', '\0', + /* "canterburybouncycastlehire.co.uk", true */ 'c', 'a', 'n', 't', 'e', 'r', 'b', 'u', 'r', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cantrack.com", true */ 'c', 'a', 'n', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "canva-dev.com", true */ 'c', 'a', 'n', 'v', 'a', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "canva.com", true */ 'c', 'a', 'n', 'v', 'a', '.', 'c', 'o', 'm', '\0', + /* "canyoupwn.me", true */ 'c', 'a', 'n', 'y', 'o', 'u', 'p', 'w', 'n', '.', 'm', 'e', '\0', + /* "cao.gov", true */ 'c', 'a', 'o', '.', 'g', 'o', 'v', '\0', + /* "cao.la", true */ 'c', 'a', 'o', '.', 'l', 'a', '\0', + /* "caodecristachines.com.br", true */ 'c', 'a', 'o', 'd', 'e', 'c', 'r', 'i', 's', 't', 'a', 'c', 'h', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "caodesantohumberto.com.br", true */ 'c', 'a', 'o', 'd', 'e', 's', 'a', 'n', 't', 'o', 'h', 'u', 'm', 'b', 'e', 'r', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "caoyu.info", true */ 'c', 'a', 'o', 'y', 'u', '.', 'i', 'n', 'f', 'o', '\0', + /* "capacent.is", true */ 'c', 'a', 'p', 'a', 'c', 'e', 'n', 't', '.', 'i', 's', '\0', + /* "capachitos.cl", true */ 'c', 'a', 'p', 'a', 'c', 'h', 'i', 't', 'o', 's', '.', 'c', 'l', '\0', + /* "capacitacionyautoempleo.com", true */ 'c', 'a', 'p', 'a', 'c', 'i', 't', 'a', 'c', 'i', 'o', 'n', 'y', 'a', 'u', 't', 'o', 'e', 'm', 'p', 'l', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "capekeen.com", true */ 'c', 'a', 'p', 'e', 'k', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "capellidipremoli.com", true */ 'c', 'a', 'p', 'e', 'l', 'l', 'i', 'd', 'i', 'p', 'r', 'e', 'm', 'o', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "caphane.com", true */ 'c', 'a', 'p', 'h', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "capimlimaoflores.com.br", true */ 'c', 'a', 'p', 'i', 'm', 'l', 'i', 'm', 'a', 'o', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "capitainebaggy.ch", true */ 'c', 'a', 'p', 'i', 't', 'a', 'i', 'n', 'e', 'b', 'a', 'g', 'g', 'y', '.', 'c', 'h', '\0', + /* "capital-match.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', '-', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "capitalcap.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'c', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "capitalcollections.org.uk", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "capitalibre.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'i', 'b', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "capitalism.party", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'i', 's', 'm', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "capitalonecardservice.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'o', 'n', 'e', 'c', 'a', 'r', 'd', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "capitalp.jp", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'p', '.', 'j', 'p', '\0', + /* "capitalquadatv.org.nz", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'q', 'u', 'a', 'd', 'a', 't', 'v', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0', + /* "capitaltg.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 't', 'g', '.', 'c', 'o', 'm', '\0', + /* "capitolpathways.org", true */ 'c', 'a', 'p', 'i', 't', 'o', 'l', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'o', 'r', 'g', '\0', + /* "caplinbouncycastles.co.uk", true */ 'c', 'a', 'p', 'l', 'i', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "capper.de", true */ 'c', 'a', 'p', 'p', 'e', 'r', '.', 'd', 'e', '\0', + /* "capriccio.to", true */ 'c', 'a', 'p', 'r', 'i', 'c', 'c', 'i', 'o', '.', 't', 'o', '\0', + /* "caprichosdevicky.com", true */ 'c', 'a', 'p', 'r', 'i', 'c', 'h', 'o', 's', 'd', 'e', 'v', 'i', 'c', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "capstansecurity.co.uk", true */ 'c', 'a', 'p', 's', 't', 'a', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "capstansecurity.com", true */ 'c', 'a', 'p', 's', 't', 'a', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "captalize.com", true */ 'c', 'a', 'p', 't', 'a', 'l', 'i', 'z', 'e', '.', 'c', 'o', 'm', '\0', + /* "capturapp.com", false */ 'c', 'a', 'p', 't', 'u', 'r', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "capture-app.com", true */ 'c', 'a', 'p', 't', 'u', 'r', 'e', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "captured-symphonies.com", true */ 'c', 'a', 'p', 't', 'u', 'r', 'e', 'd', '-', 's', 'y', 'm', 'p', 'h', 'o', 'n', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "capuchinox.com", true */ 'c', 'a', 'p', 'u', 'c', 'h', 'i', 'n', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "caputo.com", true */ 'c', 'a', 'p', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "caputodesign.com", true */ 'c', 'a', 'p', 'u', 't', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "car-shop.top", true */ 'c', 'a', 'r', '-', 's', 'h', 'o', 'p', '.', 't', 'o', 'p', '\0', + /* "car.info", true */ 'c', 'a', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "car24.de", true */ 'c', 'a', 'r', '2', '4', '.', 'd', 'e', '\0', + /* "car24portal.de", true */ 'c', 'a', 'r', '2', '4', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0', + /* "carauctionnetwork.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "carauctionsalabama.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'a', 'l', 'a', 'b', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "carauctionscarolina.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'c', 'a', 'r', 'o', 'l', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "carauctionsgeorgia.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'g', 'e', 'o', 'r', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "carauctionsillinois.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'i', 'l', 'l', 'i', 'n', 'o', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "carbon-designz.com", true */ 'c', 'a', 'r', 'b', 'o', 'n', '-', 'd', 'e', 's', 'i', 'g', 'n', 'z', '.', 'c', 'o', 'm', '\0', + /* "carbon12.org", true */ 'c', 'a', 'r', 'b', 'o', 'n', '1', '2', '.', 'o', 'r', 'g', '\0', + /* "carbon12.software", true */ 'c', 'a', 'r', 'b', 'o', 'n', '1', '2', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0', + /* "carbonmade.com", false */ 'c', 'a', 'r', 'b', 'o', 'n', 'm', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "carbono.uy", true */ 'c', 'a', 'r', 'b', 'o', 'n', 'o', '.', 'u', 'y', '\0', + /* "carck.co.uk", true */ 'c', 'a', 'r', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "carck.uk", true */ 'c', 'a', 'r', 'c', 'k', '.', 'u', 'k', '\0', + /* "card-cashing.com", true */ 'c', 'a', 'r', 'd', '-', 'c', 'a', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "carddreams.be", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'b', 'e', '\0', + /* "carddreams.de", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'd', 'e', '\0', + /* "carddreams.es", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'e', 's', '\0', + /* "carddreams.nl", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'n', 'l', '\0', + /* "cardelmar.com", true */ 'c', 'a', 'r', 'd', 'e', 'l', 'm', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "cardelmar.de", true */ 'c', 'a', 'r', 'd', 'e', 'l', 'm', 'a', 'r', '.', 'd', 'e', '\0', + /* "cardelmar.es", true */ 'c', 'a', 'r', 'd', 'e', 'l', 'm', 'a', 'r', '.', 'e', 's', '\0', + /* "cardranking.jp", true */ 'c', 'a', 'r', 'd', 'r', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'j', 'p', '\0', + /* "cardrecovery.fr", true */ 'c', 'a', 'r', 'd', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'f', 'r', '\0', + /* "cardxl.be", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'b', 'e', '\0', + /* "cardxl.de", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'd', 'e', '\0', + /* "cardxl.fr", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'f', 'r', '\0', + /* "cardxl.nl", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'n', 'l', '\0', + /* "care4all.com", true */ 'c', 'a', 'r', 'e', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "careeapp.com", true */ 'c', 'a', 'r', 'e', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "careeroptionscoach.com", true */ 'c', 'a', 'r', 'e', 'e', 'r', 'o', 'p', 't', 'i', 'o', 'n', 's', 'c', 'o', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "carefour.nl", true */ 'c', 'a', 'r', 'e', 'f', 'o', 'u', 'r', '.', 'n', 'l', '\0', + /* "caremad.io", true */ 'c', 'a', 'r', 'e', 'm', 'a', 'd', '.', 'i', 'o', '\0', + /* "careplasticsurgery.com", true */ 'c', 'a', 'r', 'e', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "caretta.co.uk", true */ 'c', 'a', 'r', 'e', 't', 't', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "carey.bio", true */ 'c', 'a', 'r', 'e', 'y', '.', 'b', 'i', 'o', '\0', + /* "carey.li", true */ 'c', 'a', 'r', 'e', 'y', '.', 'l', 'i', '\0', + /* "careyshop.cn", true */ 'c', 'a', 'r', 'e', 'y', 's', 'h', 'o', 'p', '.', 'c', 'n', '\0', + /* "carezone.com", false */ 'c', 'a', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "cargobay.net", true */ 'c', 'a', 'r', 'g', 'o', 'b', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "caribbean.dating", true */ 'c', 'a', 'r', 'i', 'b', 'b', 'e', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "caribbeanarthritisfoundation.org", true */ 'c', 'a', 'r', 'i', 'b', 'b', 'e', 'a', 'n', 'a', 'r', 't', 'h', 'r', 'i', 't', 'i', 's', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "caribbeanexams.com", true */ 'c', 'a', 'r', 'i', 'b', 'b', 'e', 'a', 'n', 'e', 'x', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "carif-idf.net", true */ 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0', + /* "carif-idf.org", true */ 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'o', 'r', 'g', '\0', + /* "carigami.fr", true */ 'c', 'a', 'r', 'i', 'g', 'a', 'm', 'i', '.', 'f', 'r', '\0', + /* "carinsurance.es", true */ 'c', 'a', 'r', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'e', 's', '\0', + /* "cariocacooking.com", true */ 'c', 'a', 'r', 'i', 'o', 'c', 'a', 'c', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "carisenda.com", true */ 'c', 'a', 'r', 'i', 's', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "carlandfaith.com", true */ 'c', 'a', 'r', 'l', 'a', 'n', 'd', 'f', 'a', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "carlgo11.com", true */ 'c', 'a', 'r', 'l', 'g', 'o', '1', '1', '.', 'c', 'o', 'm', '\0', + /* "carlife-at.jp", true */ 'c', 'a', 'r', 'l', 'i', 'f', 'e', '-', 'a', 't', '.', 'j', 'p', '\0', + /* "carlili.fr", true */ 'c', 'a', 'r', 'l', 'i', 'l', 'i', '.', 'f', 'r', '\0', + /* "carlingfordapartments.com.au", true */ 'c', 'a', 'r', 'l', 'i', 'n', 'g', 'f', 'o', 'r', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "carlmjohnson.net", true */ 'c', 'a', 'r', 'l', 'm', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "carloshmm.com", true */ 'c', 'a', 'r', 'l', 'o', 's', 'h', 'm', 'm', '.', 'c', 'o', 'm', '\0', + /* "carlosjeurissen.com", true */ 'c', 'a', 'r', 'l', 'o', 's', 'j', 'e', 'u', 'r', 'i', 's', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "carlsbouncycastlesandhottubs.co.uk", true */ 'c', 'a', 'r', 'l', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'a', 'n', 'd', 'h', 'o', 't', 't', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "carnaticalifornia.com", true */ 'c', 'a', 'r', 'n', 'a', 't', 'i', 'c', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "carnet-du-voyageur.com", true */ 'c', 'a', 'r', 'n', 'e', 't', '-', 'd', 'u', '-', 'v', 'o', 'y', 'a', 'g', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "carnildo.com", true */ 'c', 'a', 'r', 'n', 'i', 'l', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "caroes.be", true */ 'c', 'a', 'r', 'o', 'e', 's', '.', 'b', 'e', '\0', + /* "carol-lambert.com", true */ 'c', 'a', 'r', 'o', 'l', '-', 'l', 'a', 'm', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "carolcappelletti.com", true */ 'c', 'a', 'r', 'o', 'l', 'c', 'a', 'p', 'p', 'e', 'l', 'l', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "carolcestas.com", true */ 'c', 'a', 'r', 'o', 'l', 'c', 'e', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "caroli.biz", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'b', 'i', 'z', '\0', + /* "caroli.com", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "caroli.info", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "caroli.name", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'n', 'a', 'm', 'e', '\0', + /* "caroli.net", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'n', 'e', 't', '\0', + /* "carolynjoyce.com.au", true */ 'c', 'a', 'r', 'o', 'l', 'y', 'n', 'j', 'o', 'y', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "carrando.com", true */ 'c', 'a', 'r', 'r', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "carrando.de", true */ 'c', 'a', 'r', 'r', 'a', 'n', 'd', 'o', '.', 'd', 'e', '\0', + /* "carre-lutz.com", true */ 'c', 'a', 'r', 'r', 'e', '-', 'l', 'u', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "carredejardin.com", true */ 'c', 'a', 'r', 'r', 'e', 'd', 'e', 'j', 'a', 'r', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "carriedin.com", true */ 'c', 'a', 'r', 'r', 'i', 'e', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "carrierplatform.com", true */ 'c', 'a', 'r', 'r', 'i', 'e', 'r', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "carringtonrealtygroup.com", true */ 'c', 'a', 'r', 'r', 'i', 'n', 'g', 't', 'o', 'n', 'r', 'e', 'a', 'l', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "carson-aviation-adventures.com", true */ 'c', 'a', 'r', 's', 'o', 'n', '-', 'a', 'v', 'i', 'a', 't', 'i', 'o', 'n', '-', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "carsten.pw", true */ 'c', 'a', 'r', 's', 't', 'e', 'n', '.', 'p', 'w', '\0', + /* "carteirasedistintivos.com.br", true */ 'c', 'a', 'r', 't', 'e', 'i', 'r', 'a', 's', 'e', 'd', 'i', 's', 't', 'i', 'n', 't', 'i', 'v', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cartelcircuit.com", true */ 'c', 'a', 'r', 't', 'e', 'l', 'c', 'i', 'r', 'c', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "carterorland.com", true */ 'c', 'a', 'r', 't', 'e', 'r', 'o', 'r', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "cartertonscouts.org.nz", true */ 'c', 'a', 'r', 't', 'e', 'r', 't', 'o', 'n', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0', + /* "cartesentreprises-unicef.fr", true */ 'c', 'a', 'r', 't', 'e', 's', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', 's', '-', 'u', 'n', 'i', 'c', 'e', 'f', '.', 'f', 'r', '\0', + /* "carthedral.com", true */ 'c', 'a', 'r', 't', 'h', 'e', 'd', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "carto.la", true */ 'c', 'a', 'r', 't', 'o', '.', 'l', 'a', '\0', + /* "cartooncastles.ie", true */ 'c', 'a', 'r', 't', 'o', 'o', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0', + /* "cartouche24.eu", true */ 'c', 'a', 'r', 't', 'o', 'u', 'c', 'h', 'e', '2', '4', '.', 'e', 'u', '\0', + /* "cartucce24.it", true */ 'c', 'a', 'r', 't', 'u', 'c', 'c', 'e', '2', '4', '.', 'i', 't', '\0', + /* "carusorealestate.com", true */ 'c', 'a', 'r', 'u', 's', 'o', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "casa-due-pur.com", true */ 'c', 'a', 's', 'a', '-', 'd', 'u', 'e', '-', 'p', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "casa-due-pur.de", true */ 'c', 'a', 's', 'a', '-', 'd', 'u', 'e', '-', 'p', 'u', 'r', '.', 'd', 'e', '\0', + /* "casa-due.com", true */ 'c', 'a', 's', 'a', '-', 'd', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "casa-mea-inteligenta.ro", true */ 'c', 'a', 's', 'a', '-', 'm', 'e', 'a', '-', 'i', 'n', 't', 'e', 'l', 'i', 'g', 'e', 'n', 't', 'a', '.', 'r', 'o', '\0', + /* "casa-su.casa", true */ 'c', 'a', 's', 'a', '-', 's', 'u', '.', 'c', 'a', 's', 'a', '\0', + /* "casadoarbitro.com.br", true */ 'c', 'a', 's', 'a', 'd', 'o', 'a', 'r', 'b', 'i', 't', 'r', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "casadowifi.com.br", true */ 'c', 'a', 's', 'a', 'd', 'o', 'w', 'i', 'f', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "casajardininsecticidas.com", true */ 'c', 'a', 's', 'a', 'j', 'a', 'r', 'd', 'i', 'n', 'i', 'n', 's', 'e', 'c', 't', 'i', 'c', 'i', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "casalindamex.com", true */ 'c', 'a', 's', 'a', 'l', 'i', 'n', 'd', 'a', 'm', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "casamariposaspi.com", true */ 'c', 'a', 's', 'a', 'm', 'a', 'r', 'i', 'p', 'o', 's', 'a', 's', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "casamorelli.com.br", true */ 'c', 'a', 's', 'a', 'm', 'o', 'r', 'e', 'l', 'l', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "casapalla.com.br", true */ 'c', 'a', 's', 'a', 'p', 'a', 'l', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "casasuara.com", true */ 'c', 'a', 's', 'a', 's', 'u', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "casasuleletrodomesticos.com.br", true */ 'c', 'a', 's', 'a', 's', 'u', 'l', 'e', 'l', 'e', 't', 'r', 'o', 'd', 'o', 'm', 'e', 's', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "casbia.info", true */ 'c', 'a', 's', 'b', 'i', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "casbuijs.nl", true */ 'c', 'a', 's', 'b', 'u', 'i', 'j', 's', '.', 'n', 'l', '\0', + /* "casburggraaf.com", true */ 'c', 'a', 's', 'b', 'u', 'r', 'g', 'g', 'r', 'a', 'a', 'f', '.', 'c', 'o', 'm', '\0', + /* "casecurity.org", true */ 'c', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "cash-4x4.com", true */ 'c', 'a', 's', 'h', '-', '4', 'x', '4', '.', 'c', 'o', 'm', '\0', + /* "cashati.com", true */ 'c', 'a', 's', 'h', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "cashew3d.com", true */ 'c', 'a', 's', 'h', 'e', 'w', '3', 'd', '.', 'c', 'o', 'm', '\0', + /* "cashfortulsahouses.com", true */ 'c', 'a', 's', 'h', 'f', 'o', 'r', 't', 'u', 'l', 's', 'a', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "cashless.fr", true */ 'c', 'a', 's', 'h', 'l', 'e', 's', 's', '.', 'f', 'r', '\0', + /* "cashlink.de", true */ 'c', 'a', 's', 'h', 'l', 'i', 'n', 'k', '.', 'd', 'e', '\0', + /* "cashlink.io", true */ 'c', 'a', 's', 'h', 'l', 'i', 'n', 'k', '.', 'i', 'o', '\0', + /* "cashlogic.ch", true */ 'c', 'a', 's', 'h', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'h', '\0', + /* "cashmaxtexas.com", true */ 'c', 'a', 's', 'h', 'm', 'a', 'x', 't', 'e', 'x', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "cashplk.com", true */ 'c', 'a', 's', 'h', 'p', 'l', 'k', '.', 'c', 'o', 'm', '\0', + /* "casinolegal.pt", true */ 'c', 'a', 's', 'i', 'n', 'o', 'l', 'e', 'g', 'a', 'l', '.', 'p', 't', '\0', + /* "casinolistings.com", true */ 'c', 'a', 's', 'i', 'n', 'o', 'l', 'i', 's', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "casjay.cloud", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "casjay.com", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "casjay.info", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "casjay.us", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'u', 's', '\0', + /* "casjaygames.com", true */ 'c', 'a', 's', 'j', 'a', 'y', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "casperpanel.com", true */ 'c', 'a', 's', 'p', 'e', 'r', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "caspicards.com", true */ 'c', 'a', 's', 'p', 'i', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "cassimo.com", true */ 'c', 'a', 's', 's', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "castible.de", true */ 'c', 'a', 's', 't', 'i', 'b', 'l', 'e', '.', 'd', 'e', '\0', + /* "castlecapers.com.au", true */ 'c', 'a', 's', 't', 'l', 'e', 'c', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "castlecms.io", true */ 'c', 'a', 's', 't', 'l', 'e', 'c', 'm', 's', '.', 'i', 'o', '\0', + /* "castlejackpot.com", true */ 'c', 'a', 's', 't', 'l', 'e', 'j', 'a', 'c', 'k', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "castleking.net", true */ 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "castlekingdomstockport.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', 'd', 'o', 'm', 's', 't', 'o', 'c', 'k', 'p', 'o', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "castlekingkent.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', 'k', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "castleparty.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "castles-in-the-sky.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 's', '-', 'i', 'n', '-', 't', 'h', 'e', '-', 's', 'k', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "castles4kidz.com", true */ 'c', 'a', 's', 't', 'l', 'e', 's', '4', 'k', 'i', 'd', 'z', '.', 'c', 'o', 'm', '\0', + /* "castles4rascalsiow.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 's', '4', 'r', 'a', 's', 'c', 'a', 'l', 's', 'i', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "castlesrus-kent.com", true */ 'c', 'a', 's', 't', 'l', 'e', 's', 'r', 'u', 's', '-', 'k', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "castleswa.com.au", true */ 'c', 'a', 's', 't', 'l', 'e', 's', 'w', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "cat-blum.com", true */ 'c', 'a', 't', '-', 'b', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "cat-box.de", true */ 'c', 'a', 't', '-', 'b', 'o', 'x', '.', 'd', 'e', '\0', + /* "cat.net", true */ 'c', 'a', 't', '.', 'n', 'e', 't', '\0', + /* "catalog.beer", true */ 'c', 'a', 't', 'a', 'l', 'o', 'g', '.', 'b', 'e', 'e', 'r', '\0', + /* "catalogoreina.com", true */ 'c', 'a', 't', 'a', 'l', 'o', 'g', 'o', 'r', 'e', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "catbold.space", true */ 'c', 'a', 't', 'b', 'o', 'l', 'd', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "catbull.com", true */ 'c', 'a', 't', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "catburton.co.uk", true */ 'c', 'a', 't', 'b', 'u', 'r', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "catchersgear.com", true */ 'c', 'a', 't', 'c', 'h', 'e', 'r', 's', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "catchfotografie.nl", true */ 'c', 'a', 't', 'c', 'h', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0', + /* "catchief.com", true */ 'c', 'a', 't', 'c', 'h', 'i', 'e', 'f', '.', 'c', 'o', 'm', '\0', + /* "catcontent.cloud", true */ 'c', 'a', 't', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "catdecor.ru", true */ 'c', 'a', 't', 'd', 'e', 'c', 'o', 'r', '.', 'r', 'u', '\0', + /* "catenacondos.com", true */ 'c', 'a', 't', 'e', 'n', 'a', 'c', 'o', 'n', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "catgirl.me", true */ 'c', 'a', 't', 'g', 'i', 'r', 'l', '.', 'm', 'e', '\0', + /* "catgirl.pics", true */ 'c', 'a', 't', 'g', 'i', 'r', 'l', '.', 'p', 'i', 'c', 's', '\0', + /* "catharinesomerville.com", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 'n', 'e', 's', 'o', 'm', 'e', 'r', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "catharisme.eu", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 's', 'm', 'e', '.', 'e', 'u', '\0', + /* "catharisme.net", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 's', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "catharisme.org", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 's', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "catherineidylle.com", true */ 'c', 'a', 't', 'h', 'e', 'r', 'i', 'n', 'e', 'i', 'd', 'y', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "catherinescastles.co.uk", true */ 'c', 'a', 't', 'h', 'e', 'r', 'i', 'n', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "catholics.dating", true */ 'c', 'a', 't', 'h', 'o', 'l', 'i', 'c', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "cathosa.nl", true */ 'c', 'a', 't', 'h', 'o', 's', 'a', '.', 'n', 'l', '\0', + /* "cativa.net", true */ 'c', 'a', 't', 'i', 'v', 'a', '.', 'n', 'e', 't', '\0', + /* "catmoose.ca", true */ 'c', 'a', 't', 'm', 'o', 'o', 's', 'e', '.', 'c', 'a', '\0', + /* "catnet.dk", false */ 'c', 'a', 't', 'n', 'e', 't', '.', 'd', 'k', '\0', + /* "catnmeow.com", true */ 'c', 'a', 't', 'n', 'm', 'e', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "cattivo.nl", false */ 'c', 'a', 't', 't', 'i', 'v', 'o', '.', 'n', 'l', '\0', + /* "catuniverse.org", true */ 'c', 'a', 't', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'e', '.', 'o', 'r', 'g', '\0', + /* "catveteran.com", true */ 'c', 'a', 't', 'v', 'e', 't', 'e', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "caulfieldeastapartments.com.au", true */ 'c', 'a', 'u', 'l', 'f', 'i', 'e', 'l', 'd', 'e', 'a', 's', 't', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "caulfieldracecourseapartments.com.au", true */ 'c', 'a', 'u', 'l', 'f', 'i', 'e', 'l', 'd', 'r', 'a', 'c', 'e', 'c', 'o', 'u', 'r', 's', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "caulong-ao.net", true */ 'c', 'a', 'u', 'l', 'o', 'n', 'g', '-', 'a', 'o', '.', 'n', 'e', 't', '\0', + /* "causae-fincas.es", true */ 'c', 'a', 'u', 's', 'a', 'e', '-', 'f', 'i', 'n', 'c', 'a', 's', '.', 'e', 's', '\0', + /* "causae.es", true */ 'c', 'a', 'u', 's', 'a', 'e', '.', 'e', 's', '\0', + /* "cav.ac", true */ 'c', 'a', 'v', '.', 'a', 'c', '\0', + /* "cavac.at", true */ 'c', 'a', 'v', 'a', 'c', '.', 'a', 't', '\0', + /* "cavalierkingcharlesspaniel.com.br", true */ 'c', 'a', 'v', 'a', 'l', 'i', 'e', 'r', 'k', 'i', 'n', 'g', 'c', 'h', 'a', 'r', 'l', 'e', 's', 's', 'p', 'a', 'n', 'i', 'e', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cave-reynard.ch", true */ 'c', 'a', 'v', 'e', '-', 'r', 'e', 'y', 'n', 'a', 'r', 'd', '.', 'c', 'h', '\0', + /* "cavevinsdefrance.fr", true */ 'c', 'a', 'v', 'e', 'v', 'i', 'n', 's', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'f', 'r', '\0', + /* "cavzodiaco.com.br", true */ 'c', 'a', 'v', 'z', 'o', 'd', 'i', 'a', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "caylercapital.com", true */ 'c', 'a', 'y', 'l', 'e', 'r', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "cazaviajes.es", true */ 'c', 'a', 'z', 'a', 'v', 'i', 'a', 'j', 'e', 's', '.', 'e', 's', '\0', + /* "cazes.info", true */ 'c', 'a', 'z', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "cbamo.org", true */ 'c', 'b', 'a', 'm', 'o', '.', 'o', 'r', 'g', '\0', + /* "cbbank.com", true */ 'c', 'b', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "cbc-hire.co.uk", true */ 'c', 'b', 'c', '-', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cbd.supply", true */ 'c', 'b', 'd', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0', + /* "cbdev.de", true */ 'c', 'b', 'd', 'e', 'v', '.', 'd', 'e', '\0', + /* "cbecrft.net", true */ 'c', 'b', 'e', 'c', 'r', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "cbintermountainrealty.com", true */ 'c', 'b', 'i', 'n', 't', 'e', 'r', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "cbr-xml-daily.ru", true */ 'c', 'b', 'r', '-', 'x', 'm', 'l', '-', 'd', 'a', 'i', 'l', 'y', '.', 'r', 'u', '\0', + /* "cbw.sh", true */ 'c', 'b', 'w', '.', 's', 'h', '\0', + /* "cc-brantomois.fr", true */ 'c', 'c', '-', 'b', 'r', 'a', 'n', 't', 'o', 'm', 'o', 'i', 's', '.', 'f', 'r', '\0', + /* "ccac.gov", true */ 'c', 'c', 'a', 'c', '.', 'g', 'o', 'v', '\0', + /* "ccayearbook.com", true */ 'c', 'c', 'a', 'y', 'e', 'a', 'r', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "ccgn.co", true */ 'c', 'c', 'g', 'n', '.', 'c', 'o', '\0', + /* "ccgx.de", true */ 'c', 'c', 'g', 'x', '.', 'd', 'e', '\0', + /* "ccja.ro", false */ 'c', 'c', 'j', 'a', '.', 'r', 'o', '\0', + /* "ccl-sti.ch", true */ 'c', 'c', 'l', '-', 's', 't', 'i', '.', 'c', 'h', '\0', + /* "cctvview.info", true */ 'c', 'c', 't', 'v', 'v', 'i', 'e', 'w', '.', 'i', 'n', 'f', 'o', '\0', + /* "ccu.io", true */ 'c', 'c', 'u', '.', 'i', 'o', '\0', + /* "ccu.plus", true */ 'c', 'c', 'u', '.', 'p', 'l', 'u', 's', '\0', + /* "ccv-deutschland.de", true */ 'c', 'c', 'v', '-', 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0', + /* "ccv.ch", true */ 'c', 'c', 'v', '.', 'c', 'h', '\0', + /* "ccv.eu", true */ 'c', 'c', 'v', '.', 'e', 'u', '\0', + /* "ccv.nl", true */ 'c', 'c', 'v', '.', 'n', 'l', '\0', + /* "cd-sport.com", true */ 'c', 'd', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "cd.search.yahoo.com", false */ 'c', 'd', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "cda-aigle.ch", true */ 'c', 'd', 'a', '-', 'a', 'i', 'g', 'l', 'e', '.', 'c', 'h', '\0', + /* "cda-nw.co.uk", true */ 'c', 'd', 'a', '-', 'n', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cdasiaonline.com", true */ 'c', 'd', 'a', 's', 'i', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "cdbf.ch", true */ 'c', 'd', 'b', 'f', '.', 'c', 'h', '\0', + /* "cdburnerxp.se", true */ 'c', 'd', 'b', 'u', 'r', 'n', 'e', 'r', 'x', 'p', '.', 's', 'e', '\0', + /* "cdda.ch", true */ 'c', 'd', 'd', 'a', '.', 'c', 'h', '\0', + /* "cdepot.eu", true */ 'c', 'd', 'e', 'p', 'o', 't', '.', 'e', 'u', '\0', + /* "cdkeykopen.com", true */ 'c', 'd', 'k', 'e', 'y', 'k', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "cdkeyworld.de", true */ 'c', 'd', 'k', 'e', 'y', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0', + /* "cdlcenter.com", true */ 'c', 'd', 'l', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "cdmhp.org.nz", true */ 'c', 'd', 'm', 'h', 'p', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0', + /* "cdmon.tech", true */ 'c', 'd', 'm', 'o', 'n', '.', 't', 'e', 'c', 'h', '\0', + /* "cdn6.de", true */ 'c', 'd', 'n', '6', '.', 'd', 'e', '\0', + /* "cdnjs.com", true */ 'c', 'd', 'n', 'j', 's', '.', 'c', 'o', 'm', '\0', + /* "cdns.cloud", true */ 'c', 'd', 'n', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "cdu-wilgersdorf.de", true */ 'c', 'd', 'u', '-', 'w', 'i', 'l', 'g', 'e', 'r', 's', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0', + /* "ce-pimkie.fr", true */ 'c', 'e', '-', 'p', 'i', 'm', 'k', 'i', 'e', '.', 'f', 'r', '\0', + /* "cebz.org", true */ 'c', 'e', 'b', 'z', '.', 'o', 'r', 'g', '\0', + /* "ceciliacolombara.com", true */ 'c', 'e', 'c', 'i', 'l', 'i', 'a', 'c', 'o', 'l', 'o', 'm', 'b', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "cecilwalker.com.au", true */ 'c', 'e', 'c', 'i', 'l', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "cecipu.gob.cl", true */ 'c', 'e', 'c', 'i', 'p', 'u', '.', 'g', 'o', 'b', '.', 'c', 'l', '\0', + /* "ced-services.nl", true */ 'c', 'e', 'd', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'l', '\0', + /* "cedriccassimo.ch", true */ 'c', 'e', 'd', 'r', 'i', 'c', 'c', 'a', 's', 's', 'i', 'm', 'o', '.', 'c', 'h', '\0', + /* "cedriccassimo.com", true */ 'c', 'e', 'd', 'r', 'i', 'c', 'c', 'a', 's', 's', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "ceebee.com", true */ 'c', 'e', 'e', 'b', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "cefak.org.br", true */ 'c', 'e', 'f', 'a', 'k', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0', + /* "ceilingpac.org", true */ 'c', 'e', 'i', 'l', 'i', 'n', 'g', 'p', 'a', 'c', '.', 'o', 'r', 'g', '\0', + /* "cejhon.cz", false */ 'c', 'e', 'j', 'h', 'o', 'n', '.', 'c', 'z', '\0', + /* "cekaja.com", true */ 'c', 'e', 'k', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0', + /* "celebrityscope.net", true */ 'c', 'e', 'l', 'e', 'b', 'r', 'i', 't', 'y', 's', 'c', 'o', 'p', 'e', '.', 'n', 'e', 't', '\0', + /* "celec.gob.ec", false */ 'c', 'e', 'l', 'e', 'c', '.', 'g', 'o', 'b', '.', 'e', 'c', '\0', + /* "celiendev.ch", true */ 'c', 'e', 'l', 'i', 'e', 'n', 'd', 'e', 'v', '.', 'c', 'h', '\0', + /* "celigo.com", true */ 'c', 'e', 'l', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "celltek-server.de", true */ 'c', 'e', 'l', 'l', 't', 'e', 'k', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "celti.ie.eu.org", true */ 'c', 'e', 'l', 't', 'i', '.', 'i', 'e', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "celti.name", true */ 'c', 'e', 'l', 't', 'i', '.', 'n', 'a', 'm', 'e', '\0', + /* "cementscience.com", true */ 'c', 'e', 'm', 'e', 'n', 't', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "ceml.ch", true */ 'c', 'e', 'm', 'l', '.', 'c', 'h', '\0', + /* "cenatorium.pl", true */ 'c', 'e', 'n', 'a', 't', 'o', 'r', 'i', 'u', 'm', '.', 'p', 'l', '\0', + /* "censurfridns.dk", true */ 'c', 'e', 'n', 's', 'u', 'r', 'f', 'r', 'i', 'd', 'n', 's', '.', 'd', 'k', '\0', + /* "censurfridns.nu", true */ 'c', 'e', 'n', 's', 'u', 'r', 'f', 'r', 'i', 'd', 'n', 's', '.', 'n', 'u', '\0', + /* "censys.io", true */ 'c', 'e', 'n', 's', 'y', 's', '.', 'i', 'o', '\0', + /* "centaur.de", true */ 'c', 'e', 'n', 't', 'a', 'u', 'r', '.', 'd', 'e', '\0', + /* "centennialradon.com", true */ 'c', 'e', 'n', 't', 'e', 'n', 'n', 'i', 'a', 'l', 'r', 'a', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "centerforpolicy.org", true */ 'c', 'e', 'n', 't', 'e', 'r', 'f', 'o', 'r', 'p', 'o', 'l', 'i', 'c', 'y', '.', 'o', 'r', 'g', '\0', + /* "centerpereezd.ru", false */ 'c', 'e', 'n', 't', 'e', 'r', 'p', 'e', 'r', 'e', 'e', 'z', 'd', '.', 'r', 'u', '\0', + /* "centerpoint.ovh", true */ 'c', 'e', 'n', 't', 'e', 'r', 'p', 'o', 'i', 'n', 't', '.', 'o', 'v', 'h', '\0', + /* "centillien.com", false */ 'c', 'e', 'n', 't', 'i', 'l', 'l', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "centio.bg", true */ 'c', 'e', 'n', 't', 'i', 'o', '.', 'b', 'g', '\0', + /* "centos.tips", true */ 'c', 'e', 'n', 't', 'o', 's', '.', 't', 'i', 'p', 's', '\0', + /* "central4.me", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', '4', '.', 'm', 'e', '\0', + /* "centralcountiesservices.org", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 'c', 'o', 'u', 'n', 't', 'i', 'e', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "centralfor.me", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 'f', 'o', 'r', '.', 'm', 'e', '\0', + /* "centralstatecu.org", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 's', 't', 'a', 't', 'e', 'c', 'u', '.', 'o', 'r', 'g', '\0', + /* "centralvoice.org", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 'v', 'o', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "centrationgame.com", true */ 'c', 'e', 'n', 't', 'r', 'a', 't', 'i', 'o', 'n', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "centredaccueil.fr", true */ 'c', 'e', 'n', 't', 'r', 'e', 'd', 'a', 'c', 'c', 'u', 'e', 'i', 'l', '.', 'f', 'r', '\0', + /* "centreoeil.ch", true */ 'c', 'e', 'n', 't', 'r', 'e', 'o', 'e', 'i', 'l', '.', 'c', 'h', '\0', + /* "centricweb.com", true */ 'c', 'e', 'n', 't', 'r', 'i', 'c', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "centrobill.com", true */ 'c', 'e', 'n', 't', 'r', 'o', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "centrojovencuenca.es", true */ 'c', 'e', 'n', 't', 'r', 'o', 'j', 'o', 'v', 'e', 'n', 'c', 'u', 'e', 'n', 'c', 'a', '.', 'e', 's', '\0', + /* "centrolavoro.org", true */ 'c', 'e', 'n', 't', 'r', 'o', 'l', 'a', 'v', 'o', 'r', 'o', '.', 'o', 'r', 'g', '\0', + /* "centrumhodinek.cz", true */ 'c', 'e', 'n', 't', 'r', 'u', 'm', 'h', 'o', 'd', 'i', 'n', 'e', 'k', '.', 'c', 'z', '\0', + /* "centruvechisv.ro", true */ 'c', 'e', 'n', 't', 'r', 'u', 'v', 'e', 'c', 'h', 'i', 's', 'v', '.', 'r', 'o', '\0', + /* "centurialeonina.com", true */ 'c', 'e', 'n', 't', 'u', 'r', 'i', 'a', 'l', 'e', 'o', 'n', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "centurionunderground.com", true */ 'c', 'e', 'n', 't', 'u', 'r', 'i', 'o', 'n', 'u', 'n', 'd', 'e', 'r', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "ceoimon.com", true */ 'c', 'e', 'o', 'i', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "ceopedia.org", true */ 'c', 'e', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "ceramiya.com", true */ 'c', 'e', 'r', 'a', 'm', 'i', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "cerastar.com", true */ 'c', 'e', 'r', 'a', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "cerber.us", true */ 'c', 'e', 'r', 'b', 'e', 'r', '.', 'u', 's', '\0', + /* "cerebelo.info", true */ 'c', 'e', 'r', 'e', 'b', 'e', 'l', 'o', '.', 'i', 'n', 'f', 'o', '\0', + /* "ceres-corp.org", true */ 'c', 'e', 'r', 'e', 's', '-', 'c', 'o', 'r', 'p', '.', 'o', 'r', 'g', '\0', + /* "ceres1.space", true */ 'c', 'e', 'r', 'e', 's', '1', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "cermak.photos", true */ 'c', 'e', 'r', 'm', 'a', 'k', '.', 'p', 'h', 'o', 't', 'o', 's', '\0', + /* "cerpa.com.br", true */ 'c', 'e', 'r', 'p', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cerpus-course.com", true */ 'c', 'e', 'r', 'p', 'u', 's', '-', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "cerstve-korenie.sk", true */ 'c', 'e', 'r', 's', 't', 'v', 'e', '-', 'k', 'o', 'r', 'e', 'n', 'i', 'e', '.', 's', 'k', '\0', + /* "cerstvekorenie.sk", true */ 'c', 'e', 'r', 's', 't', 'v', 'e', 'k', 'o', 'r', 'e', 'n', 'i', 'e', '.', 's', 'k', '\0', + /* "cert.or.id", true */ 'c', 'e', 'r', 't', '.', 'o', 'r', '.', 'i', 'd', '\0', + /* "certcenter.ch", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'h', '\0', + /* "certcenter.co.uk", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "certcenter.com", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "certcenter.de", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "certcenter.fr", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'f', 'r', '\0', + /* "certible.com", true */ 'c', 'e', 'r', 't', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "certificatedetails.com", true */ 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 'd', 'e', 't', 'a', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "certificatetools.com", true */ 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "certly.io", true */ 'c', 'e', 'r', 't', 'l', 'y', '.', 'i', 'o', '\0', + /* "certmonitor.com.au", true */ 'c', 'e', 'r', 't', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "certmonitor.net", true */ 'c', 'e', 'r', 't', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "certnazionale.it", true */ 'c', 'e', 'r', 't', 'n', 'a', 'z', 'i', 'o', 'n', 'a', 'l', 'e', '.', 'i', 't', '\0', + /* "certspotter.com", true */ 'c', 'e', 'r', 't', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "certspotter.org", true */ 'c', 'e', 'r', 't', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "ceruleanmainbeach.com.au", true */ 'c', 'e', 'r', 'u', 'l', 'e', 'a', 'n', 'm', 'a', 'i', 'n', 'b', 'e', 'a', 'c', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "cervejista.com", true */ 'c', 'e', 'r', 'v', 'e', 'j', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "cesdb.com", true */ 'c', 'e', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "cesipagano.com", true */ 'c', 'e', 's', 'i', 'p', 'a', 'g', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "ceso-saco.com", true */ 'c', 'e', 's', 'o', '-', 's', 'a', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "cesobaly.cz", true */ 'c', 'e', 's', 'o', 'b', 'a', 'l', 'y', '.', 'c', 'z', '\0', + /* "cestasedelicias.com.br", true */ 'c', 'e', 's', 't', 'a', 's', 'e', 'd', 'e', 'l', 'i', 'c', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cestlav.it", true */ 'c', 'e', 's', 't', 'l', 'a', 'v', '.', 'i', 't', '\0', + /* "cestunmetier.ch", true */ 'c', 'e', 's', 't', 'u', 'n', 'm', 'e', 't', 'i', 'e', 'r', '.', 'c', 'h', '\0', + /* "cetamol.com", true */ 'c', 'e', 't', 'a', 'm', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "ceu.edu", false */ 'c', 'e', 'u', '.', 'e', 'd', 'u', '\0', + /* "cevo.com.hr", true */ 'c', 'e', 'v', 'o', '.', 'c', 'o', 'm', '.', 'h', 'r', '\0', + /* "ceyizlikelisleri.com", true */ 'c', 'e', 'y', 'i', 'z', 'l', 'i', 'k', 'e', 'l', 'i', 's', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "cf-ide.de", true */ 'c', 'f', '-', 'i', 'd', 'e', '.', 'd', 'e', '\0', + /* "cfa.gov", true */ 'c', 'f', 'a', '.', 'g', 'o', 'v', '\0', + /* "cfan.space", true */ 'c', 'f', 'a', 'n', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "cfh.com", true */ 'c', 'f', 'h', '.', 'c', 'o', 'm', '\0', + /* "cfneia.org", true */ 'c', 'f', 'n', 'e', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "cfno.org", true */ 'c', 'f', 'n', 'o', '.', 'o', 'r', 'g', '\0', + /* "cfo.gov", true */ 'c', 'f', 'o', '.', 'g', 'o', 'v', '\0', + /* "cfsh.tk", true */ 'c', 'f', 's', 'h', '.', 't', 'k', '\0', + /* "cftcarouge.com", true */ 'c', 'f', 't', 'c', 'a', 'r', 'o', 'u', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "cfxdesign.com", true */ 'c', 'f', 'x', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "cg-systems.hu", true */ 'c', 'g', '-', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'h', 'u', '\0', + /* "cg.search.yahoo.com", false */ 'c', 'g', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "cgan.de", true */ 'c', 'g', 'a', 'n', '.', 'd', 'e', '\0', + /* "cgan.pw", true */ 'c', 'g', 'a', 'n', '.', 'p', 'w', '\0', + /* "cgbassurances.ch", true */ 'c', 'g', 'b', 'a', 's', 's', 'u', 'r', 'a', 'n', 'c', 'e', 's', '.', 'c', 'h', '\0', + /* "cgbilling.com", true */ 'c', 'g', 'b', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "cgcookiemarkets.com", true */ 'c', 'g', 'c', 'o', 'o', 'k', 'i', 'e', 'm', 'a', 'r', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "cgsmart.com", true */ 'c', 'g', 's', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "ch-laborit.fr", true */ 'c', 'h', '-', 'l', 'a', 'b', 'o', 'r', 'i', 't', '.', 'f', 'r', '\0', + /* "ch-sc.de", true */ 'c', 'h', '-', 's', 'c', '.', 'd', 'e', '\0', + /* "ch.search.yahoo.com", false */ 'c', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "chabaojia.com", true */ 'c', 'h', 'a', 'b', 'a', 'o', 'j', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "chabaudparfum.com", true */ 'c', 'h', 'a', 'b', 'a', 'u', 'd', 'p', 'a', 'r', 'f', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "chabert-provence.fr", true */ 'c', 'h', 'a', 'b', 'e', 'r', 't', '-', 'p', 'r', 'o', 'v', 'e', 'n', 'c', 'e', '.', 'f', 'r', '\0', + /* "chad.ch", true */ 'c', 'h', 'a', 'd', '.', 'c', 'h', '\0', + /* "chadstoneapartments.com.au", true */ 'c', 'h', 'a', 'd', 's', 't', 'o', 'n', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "chaifeng.com", true */ 'c', 'h', 'a', 'i', 'f', 'e', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "chainedunion.info", true */ 'c', 'h', 'a', 'i', 'n', 'e', 'd', 'u', 'n', 'i', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "chairinstitute.com", true */ 'c', 'h', 'a', 'i', 'r', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "chaisystems.net", true */ 'c', 'h', 'a', 'i', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'n', 'e', 't', '\0', + /* "chaldeen.pro", true */ 'c', 'h', 'a', 'l', 'd', 'e', 'e', 'n', '.', 'p', 'r', 'o', '\0', + /* "chaletdemontagne.org", true */ 'c', 'h', 'a', 'l', 'e', 't', 'd', 'e', 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "chaletmanager.com", true */ 'c', 'h', 'a', 'l', 'e', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "chaletpierrot.ch", true */ 'c', 'h', 'a', 'l', 'e', 't', 'p', 'i', 'e', 'r', 'r', 'o', 't', '.', 'c', 'h', '\0', + /* "chaleur.com", true */ 'c', 'h', 'a', 'l', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "chalker.io", true */ 'c', 'h', 'a', 'l', 'k', 'e', 'r', '.', 'i', 'o', '\0', + /* "chalkfestival.org", false */ 'c', 'h', 'a', 'l', 'k', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "challengeblog.org", true */ 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', 'b', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0', + /* "chamathellawala.com", true */ 'c', 'h', 'a', 'm', 'a', 't', 'h', 'e', 'l', 'l', 'a', 'w', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "chambion.ch", true */ 'c', 'h', 'a', 'm', 'b', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "chameleon-ents.co.uk", true */ 'c', 'h', 'a', 'm', 'e', 'l', 'e', 'o', 'n', '-', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "chameth.com", true */ 'c', 'h', 'a', 'm', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "chamilo.org", true */ 'c', 'h', 'a', 'm', 'i', 'l', 'o', '.', 'o', 'r', 'g', '\0', + /* "champdogs.co.uk", true */ 'c', 'h', 'a', 'm', 'p', 'd', 'o', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "champdogs.com", true */ 'c', 'h', 'a', 'm', 'p', 'd', 'o', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "champicreuse.fr", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'c', 'r', 'e', 'u', 's', 'e', '.', 'f', 'r', '\0', + /* "championcastles.ie", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0', + /* "champions.co", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 's', '.', 'c', 'o', '\0', + /* "championweb.com.au", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "champonthis.de", true */ 'c', 'h', 'a', 'm', 'p', 'o', 'n', 't', 'h', 'i', 's', '.', 'd', 'e', '\0', + /* "chancat.blog", false */ 'c', 'h', 'a', 'n', 'c', 'a', 't', '.', 'b', 'l', 'o', 'g', '\0', + /* "chandr1000.ga", true */ 'c', 'h', 'a', 'n', 'd', 'r', '1', '0', '0', '0', '.', 'g', 'a', '\0', + /* "changecopyright.ru", true */ 'c', 'h', 'a', 'n', 'g', 'e', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'r', 'u', '\0', + /* "changesfor.life", true */ 'c', 'h', 'a', 'n', 'g', 'e', 's', 'f', 'o', 'r', '.', 'l', 'i', 'f', 'e', '\0', + /* "changethislater.com", true */ 'c', 'h', 'a', 'n', 'g', 'e', 't', 'h', 'i', 's', 'l', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "chanissue.com", false */ 'c', 'h', 'a', 'n', 'i', 's', 's', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "channeladam.com", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'a', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "channelcards.com", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "channellife.co.nz", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "channellife.com.au", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "channyc.com", true */ 'c', 'h', 'a', 'n', 'n', 'y', 'c', '.', 'c', 'o', 'm', '\0', + /* "chanoyu-gakkai.jp", true */ 'c', 'h', 'a', 'n', 'o', 'y', 'u', '-', 'g', 'a', 'k', 'k', 'a', 'i', '.', 'j', 'p', '\0', + /* "chantalguggenbuhl.ch", true */ 'c', 'h', 'a', 'n', 't', 'a', 'l', 'g', 'u', 'g', 'g', 'e', 'n', 'b', 'u', 'h', 'l', '.', 'c', 'h', '\0', + /* "chanz.com", true */ 'c', 'h', 'a', 'n', 'z', '.', 'c', 'o', 'm', '\0', + /* "chaos-inc.de", true */ 'c', 'h', 'a', 'o', 's', '-', 'i', 'n', 'c', '.', 'd', 'e', '\0', + /* "chaos.run", true */ 'c', 'h', 'a', 'o', 's', '.', 'r', 'u', 'n', '\0', + /* "chaoscastles.co.uk", true */ 'c', 'h', 'a', 'o', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "chaoschemnitz.de", true */ 'c', 'h', 'a', 'o', 's', 'c', 'h', 'e', 'm', 'n', 'i', 't', 'z', '.', 'd', 'e', '\0', + /* "chaosdorf.de", true */ 'c', 'h', 'a', 'o', 's', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0', + /* "chaosfield.at", true */ 'c', 'h', 'a', 'o', 's', 'f', 'i', 'e', 'l', 'd', '.', 'a', 't', '\0', + /* "chaoslab.org", true */ 'c', 'h', 'a', 'o', 's', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0', + /* "chaospott.de", true */ 'c', 'h', 'a', 'o', 's', 'p', 'o', 't', 't', '.', 'd', 'e', '\0', + /* "chaotichive.com", true */ 'c', 'h', 'a', 'o', 't', 'i', 'c', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "chaoticlaw.com", true */ 'c', 'h', 'a', 'o', 't', 'i', 'c', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "chapelfordbouncers.co.uk", true */ 'c', 'h', 'a', 'p', 'e', 'l', 'f', 'o', 'r', 'd', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "chapiteauxduleman.fr", true */ 'c', 'h', 'a', 'p', 'i', 't', 'e', 'a', 'u', 'x', 'd', 'u', 'l', 'e', 'm', 'a', 'n', '.', 'f', 'r', '\0', + /* "chaplain.co", true */ 'c', 'h', 'a', 'p', 'l', 'a', 'i', 'n', '.', 'c', 'o', '\0', + /* "charakato.com", true */ 'c', 'h', 'a', 'r', 'a', 'k', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "charcoalvenice.com", true */ 'c', 'h', 'a', 'r', 'c', 'o', 'a', 'l', 'v', 'e', 'n', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "charge.co", true */ 'c', 'h', 'a', 'r', 'g', 'e', '.', 'c', 'o', '\0', + /* "charitylog.co.uk", true */ 'c', 'h', 'a', 'r', 'i', 't', 'y', 'l', 'o', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "charl.eu", true */ 'c', 'h', 'a', 'r', 'l', '.', 'e', 'u', '\0', + /* "charles-darwin.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', '-', 'd', 'a', 'r', 'w', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "charlesbwise.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 'b', 'w', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "charlesjay.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 'j', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "charlesrogers.co.uk", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "charlestonfacialplastic.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 't', 'o', 'n', 'f', 'a', 'c', 'i', 'a', 'l', 'p', 'l', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "charliedillon.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'd', 'i', 'l', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "charliehr.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'h', 'r', '.', 'c', 'o', 'm', '\0', + /* "charlierogers.co.uk", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "charlierogers.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "charlimarie.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'm', 'a', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "charlotte-touati.ch", true */ 'c', 'h', 'a', 'r', 'l', 'o', 't', 't', 'e', '-', 't', 'o', 'u', 'a', 't', 'i', '.', 'c', 'h', '\0', + /* "charlottesvillegolfcommunities.com", true */ 'c', 'h', 'a', 'r', 'l', 'o', 't', 't', 'e', 's', 'v', 'i', 'l', 'l', 'e', 'g', 'o', 'l', 'f', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "charmander.me", true */ 'c', 'h', 'a', 'r', 'm', 'a', 'n', 'd', 'e', 'r', '.', 'm', 'e', '\0', + /* "charmingsaul.com", true */ 'c', 'h', 'a', 'r', 'm', 'i', 'n', 'g', 's', 'a', 'u', 'l', '.', 'c', 'o', 'm', '\0', + /* "charmyadesara.com", true */ 'c', 'h', 'a', 'r', 'm', 'y', 'a', 'd', 'e', 's', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "charr.xyz", true */ 'c', 'h', 'a', 'r', 'r', '.', 'x', 'y', 'z', '\0', + /* "charta-digitale-vernetzung.de", true */ 'c', 'h', 'a', 'r', 't', 'a', '-', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '-', 'v', 'e', 'r', 'n', 'e', 't', 'z', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "charteroak.org", true */ 'c', 'h', 'a', 'r', 't', 'e', 'r', 'o', 'a', 'k', '.', 'o', 'r', 'g', '\0', + /* "chartpen.com", true */ 'c', 'h', 'a', 'r', 't', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "chartsy.de", true */ 'c', 'h', 'a', 'r', 't', 's', 'y', '.', 'd', 'e', '\0', + /* "charuru.moe", true */ 'c', 'h', 'a', 'r', 'u', 'r', 'u', '.', 'm', 'o', 'e', '\0', + /* "chasafilli.ch", true */ 'c', 'h', 'a', 's', 'a', 'f', 'i', 'l', 'l', 'i', '.', 'c', 'h', '\0', + /* "chaseandzoey.de", true */ 'c', 'h', 'a', 's', 'e', 'a', 'n', 'd', 'z', 'o', 'e', 'y', '.', 'd', 'e', '\0', + /* "chaseganey.com", true */ 'c', 'h', 'a', 's', 'e', 'g', 'a', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "chasing-coins.com", true */ 'c', 'h', 'a', 's', 'i', 'n', 'g', '-', 'c', 'o', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "chat-libera.org", true */ 'c', 'h', 'a', 't', '-', 'l', 'i', 'b', 'e', 'r', 'a', '.', 'o', 'r', 'g', '\0', + /* "chat-senza-registrazione.net", true */ 'c', 'h', 'a', 't', '-', 's', 'e', 'n', 'z', 'a', '-', 'r', 'e', 'g', 'i', 's', 't', 'r', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "chat.cz", true */ 'c', 'h', 'a', 't', '.', 'c', 'z', '\0', + /* "chat40.net", true */ 'c', 'h', 'a', 't', '4', '0', '.', 'n', 'e', 't', '\0', + /* "chatbelgie.eu", true */ 'c', 'h', 'a', 't', 'b', 'e', 'l', 'g', 'i', 'e', '.', 'e', 'u', '\0', + /* "chatbotclic.com", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 'c', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "chatbotclick.com", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 'c', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "chatbots.email", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 's', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "chatbots.systems", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 's', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0', + /* "chatear.social", true */ 'c', 'h', 'a', 't', 'e', 'a', 'r', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0', + /* "chateau-belvoir.com", true */ 'c', 'h', 'a', 't', 'e', 'a', 'u', '-', 'b', 'e', 'l', 'v', 'o', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "chateau-de-lisle.fr", true */ 'c', 'h', 'a', 't', 'e', 'a', 'u', '-', 'd', 'e', '-', 'l', 'i', 's', 'l', 'e', '.', 'f', 'r', '\0', + /* "chateaudestrainchamps.com", true */ 'c', 'h', 'a', 't', 'e', 'a', 'u', 'd', 'e', 's', 't', 'r', 'a', 'i', 'n', 'c', 'h', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "chatfacile.org", true */ 'c', 'h', 'a', 't', 'f', 'a', 'c', 'i', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "chatint.com", true */ 'c', 'h', 'a', 't', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "chatitaly.org", true */ 'c', 'h', 'a', 't', 'i', 't', 'a', 'l', 'y', '.', 'o', 'r', 'g', '\0', + /* "chatme.im", false */ 'c', 'h', 'a', 't', 'm', 'e', '.', 'i', 'm', '\0', + /* "chatnbook.com", true */ 'c', 'h', 'a', 't', 'n', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "chatnederland.eu", true */ 'c', 'h', 'a', 't', 'n', 'e', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'e', 'u', '\0', + /* "chatsworthelectrical.com", true */ 'c', 'h', 'a', 't', 's', 'w', 'o', 'r', 't', 'h', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "chatt-gratis.net", true */ 'c', 'h', 'a', 't', 't', '-', 'g', 'r', 'a', 't', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "chatt-gratis.org", true */ 'c', 'h', 'a', 't', 't', '-', 'g', 'r', 'a', 't', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "chattergalerie.eu", true */ 'c', 'h', 'a', 't', 't', 'e', 'r', 'g', 'a', 'l', 'e', 'r', 'i', 'e', '.', 'e', 'u', '\0', + /* "chattergallery.com", true */ 'c', 'h', 'a', 't', 't', 'e', 'r', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "chatu.io", true */ 'c', 'h', 'a', 't', 'u', '.', 'i', 'o', '\0', + /* "chatu.me", true */ 'c', 'h', 'a', 't', 'u', '.', 'm', 'e', '\0', + /* "chatucomputers.com", true */ 'c', 'h', 'a', 't', 'u', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "chatxp.com", true */ 'c', 'h', 'a', 't', 'x', 'p', '.', 'c', 'o', 'm', '\0', + /* "chatxsingle.net", true */ 'c', 'h', 'a', 't', 'x', 's', 'i', 'n', 'g', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "chatxtutti.com", true */ 'c', 'h', 'a', 't', 'x', 't', 'u', 't', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "chatzimanolis.gr", true */ 'c', 'h', 'a', 't', 'z', 'i', 'm', 'a', 'n', 'o', 'l', 'i', 's', '.', 'g', 'r', '\0', + /* "chaurocks.com", true */ 'c', 'h', 'a', 'u', 'r', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "chaverde.org", true */ 'c', 'h', 'a', 'v', 'e', 'r', 'd', 'e', '.', 'o', 'r', 'g', '\0', + /* "chaz6.com", true */ 'c', 'h', 'a', 'z', '6', '.', 'c', 'o', 'm', '\0', + /* "chazalet.fr", true */ 'c', 'h', 'a', 'z', 'a', 'l', 'e', 't', '.', 'f', 'r', '\0', + /* "chazay.net", false */ 'c', 'h', 'a', 'z', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "chazgie.se", true */ 'c', 'h', 'a', 'z', 'g', 'i', 'e', '.', 's', 'e', '\0', + /* "chbs.me", true */ 'c', 'h', 'b', 's', '.', 'm', 'e', '\0', + /* "chch.it", true */ 'c', 'h', 'c', 'h', '.', 'i', 't', '\0', + /* "chcsct.com", true */ 'c', 'h', 'c', 's', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "chdgaming.xyz", true */ 'c', 'h', 'd', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0', + /* "cheah.xyz", true */ 'c', 'h', 'e', 'a', 'h', '.', 'x', 'y', 'z', '\0', + /* "cheapalarmparts.com.au", true */ 'c', 'h', 'e', 'a', 'p', 'a', 'l', 'a', 'r', 'm', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "cheapessay.net", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 's', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "cheapestgamecards.at", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'a', 't', '\0', + /* "cheapestgamecards.be", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'b', 'e', '\0', + /* "cheapestgamecards.co.uk", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cheapestgamecards.com", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "cheapestgamecards.de", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'd', 'e', '\0', + /* "cheapestgamecards.fi", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'f', 'i', '\0', + /* "cheapestgamecards.fr", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'f', 'r', '\0', + /* "cheapestgamecards.nl", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'n', 'l', '\0', + /* "cheapestgamecards.no", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'n', 'o', '\0', + /* "cheapestgamecards.se", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 's', 'e', '\0', + /* "cheapgeekts.com", false */ 'c', 'h', 'e', 'a', 'p', 'g', 'e', 'e', 'k', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "cheapgoa.com", true */ 'c', 'h', 'e', 'a', 'p', 'g', 'o', 'a', '.', 'c', 'o', 'm', '\0', + /* "cheapiesystems.com", true */ 'c', 'h', 'e', 'a', 'p', 'i', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "cheapssl.com.tr", true */ 'c', 'h', 'e', 'a', 'p', 's', 's', 'l', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "cheapticket.in", true */ 'c', 'h', 'e', 'a', 'p', 't', 'i', 'c', 'k', 'e', 't', '.', 'i', 'n', '\0', + /* "cheapwritinghelp.com", true */ 'c', 'h', 'e', 'a', 'p', 'w', 'r', 'i', 't', 'i', 'n', 'g', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0', + /* "chebwebb.com", true */ 'c', 'h', 'e', 'b', 'w', 'e', 'b', 'b', '.', 'c', 'o', 'm', '\0', + /* "check.torproject.org", false */ 'c', 'h', 'e', 'c', 'k', '.', 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "checkecert.nl", true */ 'c', 'h', 'e', 'c', 'k', 'e', 'c', 'e', 'r', 't', '.', 'n', 'l', '\0', + /* "checkmateshoes.com", true */ 'c', 'h', 'e', 'c', 'k', 'm', 'a', 't', 'e', 's', 'h', 'o', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "checkmatewebsolutions.com", true */ 'c', 'h', 'e', 'c', 'k', 'm', 'a', 't', 'e', 'w', 'e', 'b', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "checkout.google.com", true */ 'c', 'h', 'e', 'c', 'k', 'o', 'u', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "checkpoint-tshirt.com", true */ 'c', 'h', 'e', 'c', 'k', 'p', 'o', 'i', 'n', 't', '-', 't', 's', 'h', 'i', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "checktype.com", true */ 'c', 'h', 'e', 'c', 'k', 't', 'y', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "checkui.com", true */ 'c', 'h', 'e', 'c', 'k', 'u', 'i', '.', 'c', 'o', 'm', '\0', + /* "checkyourmath.com", true */ 'c', 'h', 'e', 'c', 'k', 'y', 'o', 'u', 'r', 'm', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "checkyourmeds.com", true */ 'c', 'h', 'e', 'c', 'k', 'y', 'o', 'u', 'r', 'm', 'e', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "checkyourprivilege.org", true */ 'c', 'h', 'e', 'c', 'k', 'y', 'o', 'u', 'r', 'p', 'r', 'i', 'v', 'i', 'l', 'e', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "checos.co.uk", true */ 'c', 'h', 'e', 'c', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cheddarpayments.com", true */ 'c', 'h', 'e', 'd', 'd', 'a', 'r', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "cheekycharliessoftplay.co.uk", true */ 'c', 'h', 'e', 'e', 'k', 'y', 'c', 'h', 'a', 'r', 'l', 'i', 'e', 's', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cheekylittlerascals.co.uk", true */ 'c', 'h', 'e', 'e', 'k', 'y', 'l', 'i', 't', 't', 'l', 'e', 'r', 'a', 's', 'c', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cheekymonkeysinflatables.co.uk", true */ 'c', 'h', 'e', 'e', 'k', 'y', 'm', 'o', 'n', 'k', 'e', 'y', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cheeseemergency.co.uk", true */ 'c', 'h', 'e', 'e', 's', 'e', 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cheesypicsbooths.co.uk", true */ 'c', 'h', 'e', 'e', 's', 'y', 'p', 'i', 'c', 's', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cheetahwerx.com", true */ 'c', 'h', 'e', 'e', 't', 'a', 'h', 'w', 'e', 'r', 'x', '.', 'c', 'o', 'm', '\0', + /* "cheez.systems", true */ 'c', 'h', 'e', 'e', 'z', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0', + /* "chehalemgroup.com", true */ 'c', 'h', 'e', 'h', 'a', 'l', 'e', 'm', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "chellame.com", true */ 'c', 'h', 'e', 'l', 'l', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "chellame.fr", true */ 'c', 'h', 'e', 'l', 'l', 'a', 'm', 'e', '.', 'f', 'r', '\0', + /* "chelseafs.co.uk", true */ 'c', 'h', 'e', 'l', 's', 'e', 'a', 'f', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cheltenhambounce.co.uk", true */ 'c', 'h', 'e', 'l', 't', 'e', 'n', 'h', 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cheltenhambouncycastles.co.uk", true */ 'c', 'h', 'e', 'l', 't', 'e', 'n', 'h', 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cheltik.ru", true */ 'c', 'h', 'e', 'l', 't', 'i', 'k', '.', 'r', 'u', '\0', + /* "chemicalguys-ruhrpott.de", true */ 'c', 'h', 'e', 'm', 'i', 'c', 'a', 'l', 'g', 'u', 'y', 's', '-', 'r', 'u', 'h', 'r', 'p', 'o', 't', 't', '.', 'd', 'e', '\0', + /* "chenapartment.com", true */ 'c', 'h', 'e', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "chengl.com", true */ 'c', 'h', 'e', 'n', 'g', 'l', '.', 'c', 'o', 'm', '\0', + /* "chengtongled.com", true */ 'c', 'h', 'e', 'n', 'g', 't', 'o', 'n', 'g', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "chenky.com", true */ 'c', 'h', 'e', 'n', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "chennien.com", true */ 'c', 'h', 'e', 'n', 'n', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "chentianyi.cn", true */ 'c', 'h', 'e', 'n', 't', 'i', 'a', 'n', 'y', 'i', '.', 'c', 'n', '\0', + /* "chenzhekl.me", true */ 'c', 'h', 'e', 'n', 'z', 'h', 'e', 'k', 'l', '.', 'm', 'e', '\0', + /* "cherevoiture.com", true */ 'c', 'h', 'e', 'r', 'e', 'v', 'o', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "cherrett.digital", true */ 'c', 'h', 'e', 'r', 'r', 'e', 't', 't', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "cherrydropscandycarts.co.uk", true */ 'c', 'h', 'e', 'r', 'r', 'y', 'd', 'r', 'o', 'p', 's', 'c', 'a', 'n', 'd', 'y', 'c', 'a', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cherryonit.com", true */ 'c', 'h', 'e', 'r', 'r', 'y', 'o', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "cherrywoodtech.com", true */ 'c', 'h', 'e', 'r', 'r', 'y', 'w', 'o', 'o', 'd', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "chertseybouncycastles.co.uk", true */ 'c', 'h', 'e', 'r', 't', 's', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "chesspoint.ch", true */ 'c', 'h', 'e', 's', 's', 'p', 'o', 'i', 'n', 't', '.', 'c', 'h', '\0', + /* "chessreporter.nl", true */ 'c', 'h', 'e', 's', 's', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'n', 'l', '\0', + /* "chestnut.cf", true */ 'c', 'h', 'e', 's', 't', 'n', 'u', 't', '.', 'c', 'f', '\0', + /* "chevy37.com", true */ 'c', 'h', 'e', 'v', 'y', '3', '7', '.', 'c', 'o', 'm', '\0', + /* "chevymotor-occasions.be", true */ 'c', 'h', 'e', 'v', 'y', 'm', 'o', 't', 'o', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0', + /* "chewey.de", true */ 'c', 'h', 'e', 'w', 'e', 'y', '.', 'd', 'e', '\0', + /* "chewey.org", true */ 'c', 'h', 'e', 'w', 'e', 'y', '.', 'o', 'r', 'g', '\0', + /* "chez-janine.de", true */ 'c', 'h', 'e', 'z', '-', 'j', 'a', 'n', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "chez-oim.org", true */ 'c', 'h', 'e', 'z', '-', 'o', 'i', 'm', '.', 'o', 'r', 'g', '\0', + /* "chez.moe", true */ 'c', 'h', 'e', 'z', '.', 'm', 'o', 'e', '\0', + /* "chfr.search.yahoo.com", false */ 'c', 'h', 'f', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "chhory.com", true */ 'c', 'h', 'h', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "chhy.at", true */ 'c', 'h', 'h', 'y', '.', 'a', 't', '\0', + /* "chiaraiuola.com", false */ 'c', 'h', 'i', 'a', 'r', 'a', 'i', 'u', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "chiaramail.com", true */ 'c', 'h', 'i', 'a', 'r', 'a', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "chiaseeds24.com", true */ 'c', 'h', 'i', 'a', 's', 'e', 'e', 'd', 's', '2', '4', '.', 'c', 'o', 'm', '\0', + /* "chic-leather.com", true */ 'c', 'h', 'i', 'c', '-', 'l', 'e', 'a', 't', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "chicisimo.com", true */ 'c', 'h', 'i', 'c', 'i', 's', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "chicolawfirm.com", true */ 'c', 'h', 'i', 'c', 'o', 'l', 'a', 'w', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "chicorycom.net", true */ 'c', 'h', 'i', 'c', 'o', 'r', 'y', 'c', 'o', 'm', '.', 'n', 'e', 't', '\0', + /* "chiemgauflirt.de", true */ 'c', 'h', 'i', 'e', 'm', 'g', 'a', 'u', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0', + /* "chikan-beacon.net", true */ 'c', 'h', 'i', 'k', 'a', 'n', '-', 'b', 'e', 'a', 'c', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "chikory.com", true */ 'c', 'h', 'i', 'k', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "childcounseling.org", true */ 'c', 'h', 'i', 'l', 'd', 'c', 'o', 'u', 'n', 's', 'e', 'l', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "childcustodylegalaid.org", true */ 'c', 'h', 'i', 'l', 'd', 'c', 'u', 's', 't', 'o', 'd', 'y', 'l', 'e', 'g', 'a', 'l', 'a', 'i', 'd', '.', 'o', 'r', 'g', '\0', + /* "childno.de", true */ 'c', 'h', 'i', 'l', 'd', 'n', 'o', '.', 'd', 'e', '\0', + /* "childrenandmedia.org.au", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 'a', 'n', 'd', 'm', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "childrenfirstalways.org", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 'f', 'i', 'r', 's', 't', 'a', 'l', 'w', 'a', 'y', 's', '.', 'o', 'r', 'g', '\0', + /* "childreninadversity.gov", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 'i', 'n', 'a', 'd', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0', + /* "childrensentertainmentleicester.co.uk", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 's', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 'l', 'e', 'i', 'c', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "childrenspartiesrus.com", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "childvisitationassistance.org", true */ 'c', 'h', 'i', 'l', 'd', 'v', 'i', 's', 'i', 't', 'a', 't', 'i', 'o', 'n', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "chilihosting.eu", true */ 'c', 'h', 'i', 'l', 'i', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'e', 'u', '\0', + /* "chillebever.nl", true */ 'c', 'h', 'i', 'l', 'l', 'e', 'b', 'e', 'v', 'e', 'r', '.', 'n', 'l', '\0', + /* "chima.net", true */ 'c', 'h', 'i', 'm', 'a', '.', 'n', 'e', 't', '\0', + /* "chima.us", true */ 'c', 'h', 'i', 'm', 'a', '.', 'u', 's', '\0', + /* "chimeratool.com", true */ 'c', 'h', 'i', 'm', 'e', 'r', 'a', 't', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "chimpanzee.net", true */ 'c', 'h', 'i', 'm', 'p', 'a', 'n', 'z', 'e', 'e', '.', 'n', 'e', 't', '\0', + /* "chinacdn.org", true */ 'c', 'h', 'i', 'n', 'a', 'c', 'd', 'n', '.', 'o', 'r', 'g', '\0', + /* "chinahighlights.ru", true */ 'c', 'h', 'i', 'n', 'a', 'h', 'i', 'g', 'h', 'l', 'i', 'g', 'h', 't', 's', '.', 'r', 'u', '\0', + /* "chinaspaceflight.com", true */ 'c', 'h', 'i', 'n', 'a', 's', 'p', 'a', 'c', 'e', 'f', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "chinatrademarkoffice.com", true */ 'c', 'h', 'i', 'n', 'a', 't', 'r', 'a', 'd', 'e', 'm', 'a', 'r', 'k', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "chinawhale.com", true */ 'c', 'h', 'i', 'n', 'a', 'w', 'h', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "chint.ai", true */ 'c', 'h', 'i', 'n', 't', '.', 'a', 'i', '\0', + /* "chinwag.im", true */ 'c', 'h', 'i', 'n', 'w', 'a', 'g', '.', 'i', 'm', '\0', + /* "chipcore.com", true */ 'c', 'h', 'i', 'p', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "chippy.ch", false */ 'c', 'h', 'i', 'p', 'p', 'y', '.', 'c', 'h', '\0', + /* "chiralsoftware.com", true */ 'c', 'h', 'i', 'r', 'a', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "chireiden.net", true */ 'c', 'h', 'i', 'r', 'e', 'i', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "chiro-neuchatel.ch", true */ 'c', 'h', 'i', 'r', 'o', '-', 'n', 'e', 'u', 'c', 'h', 'a', 't', 'e', 'l', '.', 'c', 'h', '\0', + /* "chiropraticien-neuchatel.ch", true */ 'c', 'h', 'i', 'r', 'o', 'p', 'r', 'a', 't', 'i', 'c', 'i', 'e', 'n', '-', 'n', 'e', 'u', 'c', 'h', 'a', 't', 'e', 'l', '.', 'c', 'h', '\0', + /* "chiropratique-neuchatel.ch", true */ 'c', 'h', 'i', 'r', 'o', 'p', 'r', 'a', 't', 'i', 'q', 'u', 'e', '-', 'n', 'e', 'u', 'c', 'h', 'a', 't', 'e', 'l', '.', 'c', 'h', '\0', + /* "chirosphere.ch", true */ 'c', 'h', 'i', 'r', 'o', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'h', '\0', + /* "chirpstory.com", true */ 'c', 'h', 'i', 'r', 'p', 's', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "chiru.no", true */ 'c', 'h', 'i', 'r', 'u', '.', 'n', 'o', '\0', + /* "chisago-isantidfl.com", true */ 'c', 'h', 'i', 's', 'a', 'g', 'o', '-', 'i', 's', 'a', 'n', 't', 'i', 'd', 'f', 'l', '.', 'c', 'o', 'm', '\0', + /* "chit.search.yahoo.com", false */ 'c', 'h', 'i', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "chksite.com", true */ 'c', 'h', 'k', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "chloeallison.co.uk", true */ 'c', 'h', 'l', 'o', 'e', 'a', 'l', 'l', 'i', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "chloehorler.com", true */ 'c', 'h', 'l', 'o', 'e', 'h', 'o', 'r', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "chloescastles.co.uk", true */ 'c', 'h', 'l', 'o', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "chmsoft.com.ua", true */ 'c', 'h', 'm', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "chmsoft.ru", true */ 'c', 'h', 'm', 's', 'o', 'f', 't', '.', 'r', 'u', '\0', + /* "chmurakotori.ml", true */ 'c', 'h', 'm', 'u', 'r', 'a', 'k', 'o', 't', 'o', 'r', 'i', '.', 'm', 'l', '\0', + /* "choc-o-lush.co.uk", true */ 'c', 'h', 'o', 'c', '-', 'o', '-', 'l', 'u', 's', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "chocodecor.com.br", true */ 'c', 'h', 'o', 'c', 'o', 'd', 'e', 'c', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "chocolah.com.au", false */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "chocolat-suisse.ch", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', '-', 's', 'u', 'i', 's', 's', 'e', '.', 'c', 'h', '\0', + /* "chocolate13tilias.com.br", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', '1', '3', 't', 'i', 'l', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "chocolatesandhealth.com", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', 's', 'a', 'n', 'd', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "chocolatier-tristan.ch", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'i', 'e', 'r', '-', 't', 'r', 'i', 's', 't', 'a', 'n', '.', 'c', 'h', '\0', + /* "chocotough.nl", false */ 'c', 'h', 'o', 'c', 'o', 't', 'o', 'u', 'g', 'h', '.', 'n', 'l', '\0', + /* "chocoweb.net", true */ 'c', 'h', 'o', 'c', 'o', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0', + /* "chodocu.com", true */ 'c', 'h', 'o', 'd', 'o', 'c', 'u', '.', 'c', 'o', 'm', '\0', + /* "choe.fi", true */ 'c', 'h', 'o', 'e', '.', 'f', 'i', '\0', + /* "choisirmonerp.com", true */ 'c', 'h', 'o', 'i', 's', 'i', 'r', 'm', 'o', 'n', 'e', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "chokladfantasi.net", true */ 'c', 'h', 'o', 'k', 'l', 'a', 'd', 'f', 'a', 'n', 't', 'a', 's', 'i', '.', 'n', 'e', 't', '\0', + /* "chon.io", true */ 'c', 'h', 'o', 'n', '.', 'i', 'o', '\0', + /* "chonghe.org", true */ 'c', 'h', 'o', 'n', 'g', 'h', 'e', '.', 'o', 'r', 'g', '\0', + /* "chook.as", true */ 'c', 'h', 'o', 'o', 'k', '.', 'a', 's', '\0', + /* "choosemypc.net", true */ 'c', 'h', 'o', 'o', 's', 'e', 'm', 'y', 'p', 'c', '.', 'n', 'e', 't', '\0', + /* "chopperforums.com", true */ 'c', 'h', 'o', 'p', 'p', 'e', 'r', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "chorkley.co.uk", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "chorkley.com", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "chorkley.me", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'm', 'e', '\0', + /* "chorkley.uk", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'u', 'k', '\0', + /* "chorleiterverband.de", true */ 'c', 'h', 'o', 'r', 'l', 'e', 'i', 't', 'e', 'r', 'v', 'e', 'r', 'b', 'a', 'n', 'd', '.', 'd', 'e', '\0', + /* "chorpinkpoemps.de", true */ 'c', 'h', 'o', 'r', 'p', 'i', 'n', 'k', 'p', 'o', 'e', 'm', 'p', 's', '.', 'd', 'e', '\0', + /* "chosenplaintext.org", true */ 'c', 'h', 'o', 's', 'e', 'n', 'p', 'l', 'a', 'i', 'n', 't', 'e', 'x', 't', '.', 'o', 'r', 'g', '\0', + /* "chourishi-shigoto.com", true */ 'c', 'h', 'o', 'u', 'r', 'i', 's', 'h', 'i', '-', 's', 'h', 'i', 'g', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "chowii.com", true */ 'c', 'h', 'o', 'w', 'i', 'i', '.', 'c', 'o', 'm', '\0', + /* "chris-edwards.net", true */ 'c', 'h', 'r', 'i', 's', '-', 'e', 'd', 'w', 'a', 'r', 'd', 's', '.', 'n', 'e', 't', '\0', + /* "chrisb.me", true */ 'c', 'h', 'r', 'i', 's', 'b', '.', 'm', 'e', '\0', + /* "chrisb.xyz", true */ 'c', 'h', 'r', 'i', 's', 'b', '.', 'x', 'y', 'z', '\0', + /* "chrisburnell.com", true */ 'c', 'h', 'r', 'i', 's', 'b', 'u', 'r', 'n', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "chriscarey.com", true */ 'c', 'h', 'r', 'i', 's', 'c', 'a', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "chriscowley.me.uk", true */ 'c', 'h', 'r', 'i', 's', 'c', 'o', 'w', 'l', 'e', 'y', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "chrisdecairos.ca", true */ 'c', 'h', 'r', 'i', 's', 'd', 'e', 'c', 'a', 'i', 'r', 'o', 's', '.', 'c', 'a', '\0', + /* "chrisebert.net", true */ 'c', 'h', 'r', 'i', 's', 'e', 'b', 'e', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "chrisfinazzo.com", true */ 'c', 'h', 'r', 'i', 's', 'f', 'i', 'n', 'a', 'z', 'z', 'o', '.', 'c', 'o', 'm', '\0', + /* "chrisirwin.ca", true */ 'c', 'h', 'r', 'i', 's', 'i', 'r', 'w', 'i', 'n', '.', 'c', 'a', '\0', + /* "chrisjean.com", true */ 'c', 'h', 'r', 'i', 's', 'j', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "chrismathys.com", true */ 'c', 'h', 'r', 'i', 's', 'm', 'a', 't', 'h', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "chrismcclendon.com", true */ 'c', 'h', 'r', 'i', 's', 'm', 'c', 'c', 'l', 'e', 'n', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "chrismckee.co.uk", true */ 'c', 'h', 'r', 'i', 's', 'm', 'c', 'k', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "chrisnekarda.com", true */ 'c', 'h', 'r', 'i', 's', 'n', 'e', 'k', 'a', 'r', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "chrisnicholas.io", true */ 'c', 'h', 'r', 'i', 's', 'n', 'i', 'c', 'h', 'o', 'l', 'a', 's', '.', 'i', 'o', '\0', + /* "chrispstreet.com", true */ 'c', 'h', 'r', 'i', 's', 'p', 's', 't', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "chrisshort.net", false */ 'c', 'h', 'r', 'i', 's', 's', 'h', 'o', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "christadelphiananswers.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', 'n', 'a', 'n', 's', 'w', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "christadelphians.eu", true */ 'c', 'h', 'r', 'i', 's', 't', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', 'n', 's', '.', 'e', 'u', '\0', + /* "christchurchbouncycastles.co.uk", true */ 'c', 'h', 'r', 'i', 's', 't', 'c', 'h', 'u', 'r', 'c', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "christensenplace.us", true */ 'c', 'h', 'r', 'i', 's', 't', 'e', 'n', 's', 'e', 'n', 'p', 'l', 'a', 'c', 'e', '.', 'u', 's', '\0', + /* "christiaanconover.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'a', 'n', 'c', 'o', 'n', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "christian-gredig.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '-', 'g', 'r', 'e', 'd', 'i', 'g', '.', 'd', 'e', '\0', + /* "christian-host.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '-', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "christian-liebel.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '-', 'l', 'i', 'e', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "christianbargon.de", false */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'b', 'a', 'r', 'g', 'o', 'n', '.', 'd', 'e', '\0', + /* "christiancleva.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'c', 'l', 'e', 'v', 'a', '.', 'c', 'o', 'm', '\0', + /* "christianfaq.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'f', 'a', 'q', '.', 'o', 'r', 'g', '\0', + /* "christianforums.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "christiangehring.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'g', 'e', 'h', 'r', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "christianhospitaltank.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'h', 'o', 's', 'p', 'i', 't', 'a', 'l', 't', 'a', 'n', 'k', '.', 'o', 'r', 'g', '\0', + /* "christianliebel.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'l', 'i', 'e', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "christianpusch.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'p', 'u', 's', 'c', 'h', '.', 'd', 'e', '\0', + /* "christians.dating", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "christiansayswords.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'a', 'y', 's', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "christianscholz.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'c', 'h', 'o', 'l', 'z', '.', 'd', 'e', '\0', + /* "christianscholz.eu", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'c', 'h', 'o', 'l', 'z', '.', 'e', 'u', '\0', + /* "christiesantiques.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'e', 's', 'a', 'n', 't', 'i', 'q', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "christmascard.be", true */ 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', 'c', 'a', 'r', 'd', '.', 'b', 'e', '\0', + /* "christmaspartyhire.co.uk", true */ 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "christoph-conrads.name", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', '-', 'c', 'o', 'n', 'r', 'a', 'd', 's', '.', 'n', 'a', 'm', 'e', '\0', + /* "christophbartschat.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'b', 'a', 'r', 't', 's', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "christophebarbezat.ch", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'b', 'a', 'r', 'b', 'e', 'z', 'a', 't', '.', 'c', 'h', '\0', + /* "christopher-simon.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', '-', 's', 'i', 'm', 'o', 'n', '.', 'd', 'e', '\0', + /* "christopherburg.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 'b', 'u', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "christopherl.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "christopherpritchard.co.uk", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 'p', 'r', 'i', 't', 'c', 'h', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "christophertruncer.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 't', 'r', 'u', 'n', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "christophkreileder.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'k', 'r', 'e', 'i', 'l', 'e', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "christophsackl.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 's', 'a', 'c', 'k', 'l', '.', 'd', 'e', '\0', + /* "chrisupjohn.xyz", true */ 'c', 'h', 'r', 'i', 's', 'u', 'p', 'j', 'o', 'h', 'n', '.', 'x', 'y', 'z', '\0', + /* "chriswarrick.com", true */ 'c', 'h', 'r', 'i', 's', 'w', 'a', 'r', 'r', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "chriswbarry.com", true */ 'c', 'h', 'r', 'i', 's', 'w', 'b', 'a', 'r', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "chriswells.io", true */ 'c', 'h', 'r', 'i', 's', 'w', 'e', 'l', 'l', 's', '.', 'i', 'o', '\0', + /* "chromaxa.com", true */ 'c', 'h', 'r', 'o', 'm', 'a', 'x', 'a', '.', 'c', 'o', 'm', '\0', + /* "chrome-devtools-frontend.appspot.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', '-', 'd', 'e', 'v', 't', 'o', 'o', 'l', 's', '-', 'f', 'r', 'o', 'n', 't', 'e', 'n', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "chrome.com", false */ 'c', 'h', 'r', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "chrome.google.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "chromebookchart.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', 'b', 'o', 'o', 'k', 'c', 'h', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "chromebooksforwork.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', 'b', 'o', 'o', 'k', 's', 'f', 'o', 'r', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "chromiumbugs.appspot.com", true */ 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', 'b', 'u', 'g', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "chromiumcodereview.appspot.com", false */ 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "chronic101.xyz", true */ 'c', 'h', 'r', 'o', 'n', 'i', 'c', '1', '0', '1', '.', 'x', 'y', 'z', '\0', + /* "chroniclesofgeorge.com", true */ 'c', 'h', 'r', 'o', 'n', 'i', 'c', 'l', 'e', 's', 'o', 'f', 'g', 'e', 'o', 'r', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "chronogram.me", true */ 'c', 'h', 'r', 'o', 'n', 'o', 'g', 'r', 'a', 'm', '.', 'm', 'e', '\0', + /* "chronology.no", true */ 'c', 'h', 'r', 'o', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'n', 'o', '\0', + /* "chronoproject.com", true */ 'c', 'h', 'r', 'o', 'n', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "chronoshop.cz", true */ 'c', 'h', 'r', 'o', 'n', 'o', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0', + /* "chrpaul.de", true */ 'c', 'h', 'r', 'p', 'a', 'u', 'l', '.', 'd', 'e', '\0', + /* "chrstn.eu", true */ 'c', 'h', 'r', 's', 't', 'n', '.', 'e', 'u', '\0', + /* "chsh.moe", true */ 'c', 'h', 's', 'h', '.', 'm', 'o', 'e', '\0', + /* "chsterz.de", true */ 'c', 'h', 's', 't', 'e', 'r', 'z', '.', 'd', 'e', '\0', + /* "chua.family", true */ 'c', 'h', 'u', 'a', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0', + /* "chuchote-moi.fr", true */ 'c', 'h', 'u', 'c', 'h', 'o', 't', 'e', '-', 'm', 'o', 'i', '.', 'f', 'r', '\0', + /* "chuck.ovh", true */ 'c', 'h', 'u', 'c', 'k', '.', 'o', 'v', 'h', '\0', + /* "chun.pro", true */ 'c', 'h', 'u', 'n', '.', 'p', 'r', 'o', '\0', + /* "chunche.net", true */ 'c', 'h', 'u', 'n', 'c', 'h', 'e', '.', 'n', 'e', 't', '\0', + /* "chunk.science", true */ 'c', 'h', 'u', 'n', 'k', '.', 's', 'c', 'i', 'e', 'n', 'c', 'e', '\0', + /* "chupadelfrasco.com", true */ 'c', 'h', 'u', 'p', 'a', 'd', 'e', 'l', 'f', 'r', 'a', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "churchlinkpro.com", true */ 'c', 'h', 'u', 'r', 'c', 'h', 'l', 'i', 'n', 'k', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "churchthemes.com", true */ 'c', 'h', 'u', 'r', 'c', 'h', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "churchwebcanada.ca", true */ 'c', 'h', 'u', 'r', 'c', 'h', 'w', 'e', 'b', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'a', '\0', + /* "churchwebsupport.com", true */ 'c', 'h', 'u', 'r', 'c', 'h', 'w', 'e', 'b', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "chxdf.net", true */ 'c', 'h', 'x', 'd', 'f', '.', 'n', 'e', 't', '\0', + /* "chytraauta.cz", true */ 'c', 'h', 'y', 't', 'r', 'a', 'a', 'u', 't', 'a', '.', 'c', 'z', '\0', + /* "ci-fo.org", true */ 'c', 'i', '-', 'f', 'o', '.', 'o', 'r', 'g', '\0', + /* "ci5.me", true */ 'c', 'i', '5', '.', 'm', 'e', '\0', + /* "ciancode.com", true */ 'c', 'i', 'a', 'n', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "cianmawhinney.me", true */ 'c', 'i', 'a', 'n', 'm', 'a', 'w', 'h', 'i', 'n', 'n', 'e', 'y', '.', 'm', 'e', '\0', + /* "cianmawhinney.xyz", true */ 'c', 'i', 'a', 'n', 'm', 'a', 'w', 'h', 'i', 'n', 'n', 'e', 'y', '.', 'x', 'y', 'z', '\0', + /* "ciansc.com", true */ 'c', 'i', 'a', 'n', 's', 'c', '.', 'c', 'o', 'm', '\0', + /* "ciat.no", false */ 'c', 'i', 'a', 't', '.', 'n', 'o', '\0', + /* "cidadedopoker.com.br", true */ 'c', 'i', 'd', 'a', 'd', 'e', 'd', 'o', 'p', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cidbot.com", true */ 'c', 'i', 'd', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "ciderclub.com", true */ 'c', 'i', 'd', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "cie-theatre-montfaucon.ch", true */ 'c', 'i', 'e', '-', 't', 'h', 'e', 'a', 't', 'r', 'e', '-', 'm', 'o', 'n', 't', 'f', 'a', 'u', 'c', 'o', 'n', '.', 'c', 'h', '\0', + /* "cielbleu.org", true */ 'c', 'i', 'e', 'l', 'b', 'l', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "cielly.com", true */ 'c', 'i', 'e', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "cifop-numerique.fr", true */ 'c', 'i', 'f', 'o', 'p', '-', 'n', 'u', 'm', 'e', 'r', 'i', 'q', 'u', 'e', '.', 'f', 'r', '\0', + /* "cig-dem.com", true */ 'c', 'i', 'g', '-', 'd', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "cigar-cartel.com", true */ 'c', 'i', 'g', 'a', 'r', '-', 'c', 'a', 'r', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "cigarterminal.com", false */ 'c', 'i', 'g', 'a', 'r', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "cigoteket.se", true */ 'c', 'i', 'g', 'o', 't', 'e', 'k', 'e', 't', '.', 's', 'e', '\0', + /* "cima-idf.fr", true */ 'c', 'i', 'm', 'a', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0', + /* "cimballa.com", true */ 'c', 'i', 'm', 'b', 'a', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "cimfax.com", true */ 'c', 'i', 'm', 'f', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "cinafilm.com", true */ 'c', 'i', 'n', 'a', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0', + /* "cine-music.de", true */ 'c', 'i', 'n', 'e', '-', 'm', 'u', 's', 'i', 'c', '.', 'd', 'e', '\0', + /* "cine.to", true */ 'c', 'i', 'n', 'e', '.', 't', 'o', '\0', + /* "cinefilia.tk", true */ 'c', 'i', 'n', 'e', 'f', 'i', 'l', 'i', 'a', '.', 't', 'k', '\0', + /* "cinefilzonen.se", true */ 'c', 'i', 'n', 'e', 'f', 'i', 'l', 'z', 'o', 'n', 'e', 'n', '.', 's', 'e', '\0', + /* "cinema5.ru", false */ 'c', 'i', 'n', 'e', 'm', 'a', '5', '.', 'r', 'u', '\0', + /* "cinemaclub.co", true */ 'c', 'i', 'n', 'e', 'm', 'a', 'c', 'l', 'u', 'b', '.', 'c', 'o', '\0', + /* "cinemysticism.com", true */ 'c', 'i', 'n', 'e', 'm', 'y', 's', 't', 'i', 'c', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "ciner.is", true */ 'c', 'i', 'n', 'e', 'r', '.', 'i', 's', '\0', + /* "cinerama.com.br", true */ 'c', 'i', 'n', 'e', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cinnabon.com", true */ 'c', 'i', 'n', 'n', 'a', 'b', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "cinq-elements.com", true */ 'c', 'i', 'n', 'q', '-', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "cinq-elements.fr", true */ 'c', 'i', 'n', 'q', '-', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'f', 'r', '\0', + /* "cinq-elements.net", true */ 'c', 'i', 'n', 'q', '-', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0', + /* "cinsects.de", true */ 'c', 'i', 'n', 's', 'e', 'c', 't', 's', '.', 'd', 'e', '\0', + /* "cinteo.com", true */ 'c', 'i', 'n', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "cinto.cc", true */ 'c', 'i', 'n', 't', 'o', '.', 'c', 'c', '\0', + /* "cio.gov", true */ 'c', 'i', 'o', '.', 'g', 'o', 'v', '\0', + /* "cioscloud.com", true */ 'c', 'i', 'o', 's', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "cip.md", true */ 'c', 'i', 'p', '.', 'm', 'd', '\0', + /* "cipartyhire.co.uk", true */ 'c', 'i', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cipher.co.th", true */ 'c', 'i', 'p', 'h', 'e', 'r', '.', 'c', 'o', '.', 't', 'h', '\0', + /* "cipherboy.com", true */ 'c', 'i', 'p', 'h', 'e', 'r', 'b', 'o', 'y', '.', 'c', 'o', 'm', '\0', + /* "cipherli.st", true */ 'c', 'i', 'p', 'h', 'e', 'r', 'l', 'i', '.', 's', 't', '\0', + /* "ciphersuite.info", true */ 'c', 'i', 'p', 'h', 'e', 'r', 's', 'u', 'i', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "ciphrex.com", true */ 'c', 'i', 'p', 'h', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "cipri.com", true */ 'c', 'i', 'p', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "cir.is", true */ 'c', 'i', 'r', '.', 'i', 's', '\0', + /* "cira.email", true */ 'c', 'i', 'r', 'a', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "circara.com", true */ 'c', 'i', 'r', 'c', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "circlebox.rocks", true */ 'c', 'i', 'r', 'c', 'l', 'e', 'b', 'o', 'x', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "circu.ml", true */ 'c', 'i', 'r', 'c', 'u', '.', 'm', 'l', '\0', + /* "cirfi.com", true */ 'c', 'i', 'r', 'f', 'i', '.', 'c', 'o', 'm', '\0', + /* "ciri.com.co", true */ 'c', 'i', 'r', 'i', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0', + /* "cirope.com", true */ 'c', 'i', 'r', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "cirrohost.com", true */ 'c', 'i', 'r', 'r', 'o', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "cirrus0.de", true */ 'c', 'i', 'r', 'r', 'u', 's', '0', '.', 'd', 'e', '\0', + /* "cirugiasplasticas.com.mx", true */ 'c', 'i', 'r', 'u', 'g', 'i', 'a', 's', 'p', 'l', 'a', 's', 't', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "cirujanooral.com", true */ 'c', 'i', 'r', 'u', 'j', 'a', 'n', 'o', 'o', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "cirurgicagervasio.com.br", true */ 'c', 'i', 'r', 'u', 'r', 'g', 'i', 'c', 'a', 'g', 'e', 'r', 'v', 'a', 's', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cirurgicalucena.com.br", true */ 'c', 'i', 'r', 'u', 'r', 'g', 'i', 'c', 'a', 'l', 'u', 'c', 'e', 'n', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ciscodude.net", true */ 'c', 'i', 's', 'c', 'o', 'd', 'u', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "cisoaid.com", true */ 'c', 'i', 's', 'o', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "ciss.ltd", true */ 'c', 'i', 's', 's', '.', 'l', 't', 'd', '\0', + /* "cisy.me", true */ 'c', 'i', 's', 'y', '.', 'm', 'e', '\0', + /* "citationgurus.com", true */ 'c', 'i', 't', 'a', 't', 'i', 'o', 'n', 'g', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "citcuit.in", true */ 'c', 'i', 't', 'c', 'u', 'i', 't', '.', 'i', 'n', '\0', + /* "citizen-cam.de", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', '-', 'c', 'a', 'm', '.', 'd', 'e', '\0', + /* "citizensbankal.com", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'b', 'a', 'n', 'k', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "citizenscience.gov", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'g', 'o', 'v', '\0', + /* "citizensleague.org", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'l', 'e', 'a', 'g', 'u', 'e', '.', 'o', 'r', 'g', '\0', + /* "citizenspact.eu", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'p', 'a', 'c', 't', '.', 'e', 'u', '\0', + /* "citizing.org", true */ 'c', 'i', 't', 'i', 'z', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "citra-emu.org", true */ 'c', 'i', 't', 'r', 'a', '-', 'e', 'm', 'u', '.', 'o', 'r', 'g', '\0', + /* "citrusui.me", true */ 'c', 'i', 't', 'r', 'u', 's', 'u', 'i', '.', 'm', 'e', '\0', + /* "cittadesign.com", false */ 'c', 'i', 't', 't', 'a', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "citton.com.br", true */ 'c', 'i', 't', 't', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "citya.com", true */ 'c', 'i', 't', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "citybusexpress.com", true */ 'c', 'i', 't', 'y', 'b', 'u', 's', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "citylights.eu", true */ 'c', 'i', 't', 'y', 'l', 'i', 'g', 'h', 't', 's', '.', 'e', 'u', '\0', + /* "citymoobel.ee", true */ 'c', 'i', 't', 'y', 'm', 'o', 'o', 'b', 'e', 'l', '.', 'e', 'e', '\0', + /* "cityoftitans.com", true */ 'c', 'i', 't', 'y', 'o', 'f', 't', 'i', 't', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "cityoftitansmmo.com", true */ 'c', 'i', 't', 'y', 'o', 'f', 't', 'i', 't', 'a', 'n', 's', 'm', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "citysportapp.com", true */ 'c', 'i', 't', 'y', 's', 'p', 'o', 'r', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "cityworksonline.com", true */ 'c', 'i', 't', 'y', 'w', 'o', 'r', 'k', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "ciubotaru.tk", true */ 'c', 'i', 'u', 'b', 'o', 't', 'a', 'r', 'u', '.', 't', 'k', '\0', + /* "ciuciucadou.ro", true */ 'c', 'i', 'u', 'c', 'i', 'u', 'c', 'a', 'd', 'o', 'u', '.', 'r', 'o', '\0', + /* "ciurcasdan.eu", true */ 'c', 'i', 'u', 'r', 'c', 'a', 's', 'd', 'a', 'n', '.', 'e', 'u', '\0', + /* "civilg20.org", true */ 'c', 'i', 'v', 'i', 'l', 'g', '2', '0', '.', 'o', 'r', 'g', '\0', + /* "civillines.nl", true */ 'c', 'i', 'v', 'i', 'l', 'l', 'i', 'n', 'e', 's', '.', 'n', 'l', '\0', + /* "cj-espace-vert.fr", true */ 'c', 'j', '-', 'e', 's', 'p', 'a', 'c', 'e', '-', 'v', 'e', 'r', 't', '.', 'f', 'r', '\0', + /* "cj-jackson.com", true */ 'c', 'j', '-', 'j', 'a', 'c', 'k', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "cjdpenterprises.com", true */ 'c', 'j', 'd', 'p', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "cjdpenterprises.com.au", true */ 'c', 'j', 'd', 'p', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "cjessett.com", true */ 'c', 'j', 'e', 's', 's', 'e', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "cjey.me", true */ 'c', 'j', 'e', 'y', '.', 'm', 'e', '\0', + /* "ck.cx", true */ 'c', 'k', '.', 'c', 'x', '\0', + /* "ckcameron.net", true */ 'c', 'k', 'c', 'a', 'm', 'e', 'r', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "ckennelly.com", true */ 'c', 'k', 'e', 'n', 'n', 'e', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "ckleemann.de", true */ 'c', 'k', 'l', 'e', 'e', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "cklie.de", true */ 'c', 'k', 'l', 'i', 'e', '.', 'd', 'e', '\0', + /* "ckliemann.com", true */ 'c', 'k', 'l', 'i', 'e', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "ckliemann.net", true */ 'c', 'k', 'l', 'i', 'e', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0', + /* "ckostecki.de", true */ 'c', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0', + /* "cktennis.com", true */ 'c', 'k', 't', 'e', 'n', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "cl.search.yahoo.com", false */ 'c', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "claimconnect.com", true */ 'c', 'l', 'a', 'i', 'm', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "claimconnect.us", true */ 'c', 'l', 'a', 'i', 'm', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'u', 's', '\0', + /* "claimnote.com", true */ 'c', 'l', 'a', 'i', 'm', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "clairegold.com", true */ 'c', 'l', 'a', 'i', 'r', 'e', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "claireidrac.fr", true */ 'c', 'l', 'a', 'i', 'r', 'e', 'i', 'd', 'r', 'a', 'c', '.', 'f', 'r', '\0', + /* "clairescastles.co.uk", true */ 'c', 'l', 'a', 'i', 'r', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "clanebouncycastles.com", true */ 'c', 'l', 'a', 'n', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "clanrose.org.uk", true */ 'c', 'l', 'a', 'n', 'r', 'o', 's', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "clanthor.com", true */ 'c', 'l', 'a', 'n', 't', 'h', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "clanwarz.com", true */ 'c', 'l', 'a', 'n', 'w', 'a', 'r', 'z', '.', 'c', 'o', 'm', '\0', + /* "clapping-rhymes.com", true */ 'c', 'l', 'a', 'p', 'p', 'i', 'n', 'g', '-', 'r', 'h', 'y', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "claretandbanter.uk", true */ 'c', 'l', 'a', 'r', 'e', 't', 'a', 'n', 'd', 'b', 'a', 'n', 't', 'e', 'r', '.', 'u', 'k', '\0', + /* "clarkeaward.com", true */ 'c', 'l', 'a', 'r', 'k', 'e', 'a', 'w', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "clarksgaragedoorrepair.com", true */ 'c', 'l', 'a', 'r', 'k', 's', 'g', 'a', 'r', 'a', 'g', 'e', 'd', 'o', 'o', 'r', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "clarkwinkelmann.com", true */ 'c', 'l', 'a', 'r', 'k', 'w', 'i', 'n', 'k', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "clashersrepublic.com", true */ 'c', 'l', 'a', 's', 'h', 'e', 'r', 's', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "class.com.au", true */ 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "classdojo.com", true */ 'c', 'l', 'a', 's', 's', 'd', 'o', 'j', 'o', '.', 'c', 'o', 'm', '\0', + /* "classicalpilates.ca", true */ 'c', 'l', 'a', 's', 's', 'i', 'c', 'a', 'l', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'a', '\0', + /* "classics.io", true */ 'c', 'l', 'a', 's', 's', 'i', 'c', 's', '.', 'i', 'o', '\0', + /* "classpoint.cz", true */ 'c', 'l', 'a', 's', 's', 'p', 'o', 'i', 'n', 't', '.', 'c', 'z', '\0', + /* "classteaching.com.au", true */ 'c', 'l', 'a', 's', 's', 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "claster.it", true */ 'c', 'l', 'a', 's', 't', 'e', 'r', '.', 'i', 't', '\0', + /* "claudia-urio.com", true */ 'c', 'l', 'a', 'u', 'd', 'i', 'a', '-', 'u', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "claudio4.com", true */ 'c', 'l', 'a', 'u', 'd', 'i', 'o', '4', '.', 'c', 'o', 'm', '\0', + /* "clauseriksen.net", true */ 'c', 'l', 'a', 'u', 's', 'e', 'r', 'i', 'k', 's', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "clawe.de", true */ 'c', 'l', 'a', 'w', 'e', '.', 'd', 'e', '\0', + /* "clayandcottonkirkwood.com", true */ 'c', 'l', 'a', 'y', 'a', 'n', 'd', 'c', 'o', 't', 't', 'o', 'n', 'k', 'i', 'r', 'k', 'w', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "claytoncondon.com", true */ 'c', 'l', 'a', 'y', 't', 'o', 'n', 'c', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "claytonstowing.com.au", true */ 'c', 'l', 'a', 'y', 't', 'o', 'n', 's', 't', 'o', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "cldly.com", true */ 'c', 'l', 'd', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "cleanbeautymarket.com.au", true */ 'c', 'l', 'e', 'a', 'n', 'b', 'e', 'a', 'u', 't', 'y', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "cleanbrowsing.org", true */ 'c', 'l', 'e', 'a', 'n', 'b', 'r', 'o', 'w', 's', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "cleancode.club", true */ 'c', 'l', 'e', 'a', 'n', 'c', 'o', 'd', 'e', '.', 'c', 'l', 'u', 'b', '\0', + /* "cleanstar.org", true */ 'c', 'l', 'e', 'a', 'n', 's', 't', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "clear.ml", true */ 'c', 'l', 'e', 'a', 'r', '.', 'm', 'l', '\0', + /* "clearance365.co.uk", true */ 'c', 'l', 'e', 'a', 'r', 'a', 'n', 'c', 'e', '3', '6', '5', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "clearblueday.co.uk", true */ 'c', 'l', 'e', 'a', 'r', 'b', 'l', 'u', 'e', 'd', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "clearip.com", true */ 'c', 'l', 'e', 'a', 'r', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "clearkonjac.com", true */ 'c', 'l', 'e', 'a', 'r', 'k', 'o', 'n', 'j', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "clearsettle-admin.com", true */ 'c', 'l', 'e', 'a', 'r', 's', 'e', 't', 't', 'l', 'e', '-', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "clementfevrier.fr", true */ 'c', 'l', 'e', 'm', 'e', 'n', 't', 'f', 'e', 'v', 'r', 'i', 'e', 'r', '.', 'f', 'r', '\0', + /* "clemovementlaw.com", true */ 'c', 'l', 'e', 'm', 'o', 'v', 'e', 'm', 'e', 'n', 't', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "cles-asso.fr", true */ 'c', 'l', 'e', 's', '-', 'a', 's', 's', 'o', '.', 'f', 'r', '\0', + /* "cles.jp", true */ 'c', 'l', 'e', 's', '.', 'j', 'p', '\0', + /* "clevelandokla.com", true */ 'c', 'l', 'e', 'v', 'e', 'l', 'a', 'n', 'd', 'o', 'k', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "clevertarget.ru", true */ 'c', 'l', 'e', 'v', 'e', 'r', 't', 'a', 'r', 'g', 'e', 't', '.', 'r', 'u', '\0', + /* "cleververmarkten.com", true */ 'c', 'l', 'e', 'v', 'e', 'r', 'v', 'e', 'r', 'm', 'a', 'r', 'k', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "cleververmarkten.de", true */ 'c', 'l', 'e', 'v', 'e', 'r', 'v', 'e', 'r', 'm', 'a', 'r', 'k', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "clevisto.com", true */ 'c', 'l', 'e', 'v', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "cleysense.com", true */ 'c', 'l', 'e', 'y', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "clic-music.com", true */ 'c', 'l', 'i', 'c', '-', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "clicecompre.com.br", true */ 'c', 'l', 'i', 'c', 'e', 'c', 'o', 'm', 'p', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "clicheshishalounge.co.uk", true */ 'c', 'l', 'i', 'c', 'h', 'e', 's', 'h', 'i', 's', 'h', 'a', 'l', 'o', 'u', 'n', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "click-licht.de", true */ 'c', 'l', 'i', 'c', 'k', '-', 'l', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "clickclock.cc", true */ 'c', 'l', 'i', 'c', 'k', 'c', 'l', 'o', 'c', 'k', '.', 'c', 'c', '\0', + /* "clickenergy.com.au", true */ 'c', 'l', 'i', 'c', 'k', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "clickforclever.com", true */ 'c', 'l', 'i', 'c', 'k', 'f', 'o', 'r', 'c', 'l', 'e', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "clickomobile.com", true */ 'c', 'l', 'i', 'c', 'k', 'o', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "clickphish.com", true */ 'c', 'l', 'i', 'c', 'k', 'p', 'h', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "clicks.co.za", true */ 'c', 'l', 'i', 'c', 'k', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "clicktenisdemesa.com.br", true */ 'c', 'l', 'i', 'c', 'k', 't', 'e', 'n', 'i', 's', 'd', 'e', 'm', 'e', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "client.coach", true */ 'c', 'l', 'i', 'e', 'n', 't', '.', 'c', 'o', 'a', 'c', 'h', '\0', + /* "clientboss.com", true */ 'c', 'l', 'i', 'e', 'n', 't', 'b', 'o', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "clientsecure.me", true */ 'c', 'l', 'i', 'e', 'n', 't', 's', 'e', 'c', 'u', 'r', 'e', '.', 'm', 'e', '\0', + /* "clifflu.net", true */ 'c', 'l', 'i', 'f', 'f', 'l', 'u', '.', 'n', 'e', 't', '\0', + /* "climaencusco.com", true */ 'c', 'l', 'i', 'm', 'a', 'e', 'n', 'c', 'u', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "climaprecio.es", true */ 'c', 'l', 'i', 'm', 'a', 'p', 'r', 'e', 'c', 'i', 'o', '.', 'e', 's', '\0', + /* "climateinteractive.org", true */ 'c', 'l', 'i', 'm', 'a', 't', 'e', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "climatestew.com", true */ 'c', 'l', 'i', 'm', 'a', 't', 'e', 's', 't', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "clindoeilmontagne.com", true */ 'c', 'l', 'i', 'n', 'd', 'o', 'e', 'i', 'l', 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "clingout.com", true */ 'c', 'l', 'i', 'n', 'g', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "clinia.ca", true */ 'c', 'l', 'i', 'n', 'i', 'a', '.', 'c', 'a', '\0', + /* "clinicadam.com", true */ 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "clinicadelogopedia.net", true */ 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'd', 'e', 'l', 'o', 'g', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "clinicaltrials.gov", true */ 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'l', 't', 'r', 'i', 'a', 'l', 's', '.', 'g', 'o', 'v', '\0', + /* "cliniko.com", true */ 'c', 'l', 'i', 'n', 'i', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "cliniquevethuy.be", true */ 'c', 'l', 'i', 'n', 'i', 'q', 'u', 'e', 'v', 'e', 't', 'h', 'u', 'y', '.', 'b', 'e', '\0', + /* "clintonlibrary.gov", true */ 'c', 'l', 'i', 'n', 't', 'o', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0', + /* "clintonplasticsurgery.com", true */ 'c', 'l', 'i', 'n', 't', 'o', 'n', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "clip.mx", false */ 'c', 'l', 'i', 'p', '.', 'm', 'x', '\0', + /* "clipclip.com", true */ 'c', 'l', 'i', 'p', 'c', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "clmde.de", true */ 'c', 'l', 'm', 'd', 'e', '.', 'd', 'e', '\0', + /* "clnet.com.au", true */ 'c', 'l', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "clnnet.ch", true */ 'c', 'l', 'n', 'n', 'e', 't', '.', 'c', 'h', '\0', + /* "clochix.net", true */ 'c', 'l', 'o', 'c', 'h', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "clockcaster.com", true */ 'c', 'l', 'o', 'c', 'k', 'c', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "clockworksms.com", true */ 'c', 'l', 'o', 'c', 'k', 'w', 'o', 'r', 'k', 's', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "cloghercastles.co.uk", true */ 'c', 'l', 'o', 'g', 'h', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "clojurescript.ru", true */ 'c', 'l', 'o', 'j', 'u', 'r', 'e', 's', 'c', 'r', 'i', 'p', 't', '.', 'r', 'u', '\0', + /* "cloppenburg-autmobil.com", true */ 'c', 'l', 'o', 'p', 'p', 'e', 'n', 'b', 'u', 'r', 'g', '-', 'a', 'u', 't', 'm', 'o', 'b', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "cloppenburg-automobil.com", true */ 'c', 'l', 'o', 'p', 'p', 'e', 'n', 'b', 'u', 'r', 'g', '-', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "clorik.com", true */ 'c', 'l', 'o', 'r', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "close.com", false */ 'c', 'l', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "closeli.cn", true */ 'c', 'l', 'o', 's', 'e', 'l', 'i', '.', 'c', 'n', '\0', + /* "closeli.com", false */ 'c', 'l', 'o', 's', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "closelinksecurity.co.uk", true */ 'c', 'l', 'o', 's', 'e', 'l', 'i', 'n', 'k', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "closelinksecurity.com", true */ 'c', 'l', 'o', 's', 'e', 'l', 'i', 'n', 'k', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "closetemail.com", true */ 'c', 'l', 'o', 's', 'e', 't', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "closingholding.com", true */ 'c', 'l', 'o', 's', 'i', 'n', 'g', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "cloturea.fr", true */ 'c', 'l', 'o', 't', 'u', 'r', 'e', 'a', '.', 'f', 'r', '\0', + /* "cloud-surfer.net", true */ 'c', 'l', 'o', 'u', 'd', '-', 's', 'u', 'r', 'f', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "cloud.bugatti", true */ 'c', 'l', 'o', 'u', 'd', '.', 'b', 'u', 'g', 'a', 't', 't', 'i', '\0', + /* "cloud.fail", true */ 'c', 'l', 'o', 'u', 'd', '.', 'f', 'a', 'i', 'l', '\0', + /* "cloud.google.com", true */ 'c', 'l', 'o', 'u', 'd', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "cloud.gov", true */ 'c', 'l', 'o', 'u', 'd', '.', 'g', 'o', 'v', '\0', + /* "cloud2go.de", false */ 'c', 'l', 'o', 'u', 'd', '2', 'g', 'o', '.', 'd', 'e', '\0', + /* "cloud9bouncycastlehire.com", true */ 'c', 'l', 'o', 'u', 'd', '9', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "cloudapps.digital", true */ 'c', 'l', 'o', 'u', 'd', 'a', 'p', 'p', 's', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "cloudbased.info", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'a', 's', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "cloudberlin.goip.de", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0', + /* "cloudbolin.es", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'o', 'l', 'i', 'n', '.', 'e', 's', '\0', + /* "cloudbreaker.de", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'r', 'e', 'a', 'k', 'e', 'r', '.', 'd', 'e', '\0', + /* "cloudcaprice.net", true */ 'c', 'l', 'o', 'u', 'd', 'c', 'a', 'p', 'r', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "cloudcloudcloud.cloud", true */ 'c', 'l', 'o', 'u', 'd', 'c', 'l', 'o', 'u', 'd', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "cloudflare.com", true */ 'c', 'l', 'o', 'u', 'd', 'f', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "cloudflareonazure.com", true */ 'c', 'l', 'o', 'u', 'd', 'f', 'l', 'a', 'r', 'e', 'o', 'n', 'a', 'z', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "cloudia.org", true */ 'c', 'l', 'o', 'u', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "cloudily.com", true */ 'c', 'l', 'o', 'u', 'd', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "cloudkit.pro", true */ 'c', 'l', 'o', 'u', 'd', 'k', 'i', 't', '.', 'p', 'r', 'o', '\0', + /* "cloudlight.biz", true */ 'c', 'l', 'o', 'u', 'd', 'l', 'i', 'g', 'h', 't', '.', 'b', 'i', 'z', '\0', + /* "cloudmigrator365.com", true */ 'c', 'l', 'o', 'u', 'd', 'm', 'i', 'g', 'r', 'a', 't', 'o', 'r', '3', '6', '5', '.', 'c', 'o', 'm', '\0', + /* "cloudnote.cc", true */ 'c', 'l', 'o', 'u', 'd', 'n', 'o', 't', 'e', '.', 'c', 'c', '\0', + /* "cloudoptimizedsmb.com", true */ 'c', 'l', 'o', 'u', 'd', 'o', 'p', 't', 'i', 'm', 'i', 'z', 'e', 'd', 's', 'm', 'b', '.', 'c', 'o', 'm', '\0', + /* "cloudoptimus.com", true */ 'c', 'l', 'o', 'u', 'd', 'o', 'p', 't', 'i', 'm', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "cloudpagesforwork.com", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'a', 'g', 'e', 's', 'f', 'o', 'r', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "cloudpebble.net", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'e', 'b', 'b', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "cloudpengu.in", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'e', 'n', 'g', 'u', '.', 'i', 'n', '\0', + /* "cloudpipes.com", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'i', 'p', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "cloudsecurityalliance.org", true */ 'c', 'l', 'o', 'u', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "cloudservice.io", true */ 'c', 'l', 'o', 'u', 'd', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'i', 'o', '\0', + /* "cloudsocial.io", true */ 'c', 'l', 'o', 'u', 'd', 's', 'o', 'c', 'i', 'a', 'l', '.', 'i', 'o', '\0', + /* "cloudspace-analytics.com", true */ 'c', 'l', 'o', 'u', 'd', 's', 'p', 'a', 'c', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "cloudspeedy.net", true */ 'c', 'l', 'o', 'u', 'd', 's', 'p', 'e', 'e', 'd', 'y', '.', 'n', 'e', 't', '\0', + /* "cloudspire.net", true */ 'c', 'l', 'o', 'u', 'd', 's', 'p', 'i', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "cloudteam.de", true */ 'c', 'l', 'o', 'u', 'd', 't', 'e', 'a', 'm', '.', 'd', 'e', '\0', + /* "cloudtropia.de", true */ 'c', 'l', 'o', 'u', 'd', 't', 'r', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0', + /* "cloudtskr.com", true */ 'c', 'l', 'o', 'u', 'd', 't', 's', 'k', 'r', '.', 'c', 'o', 'm', '\0', + /* "cloudup.com", true */ 'c', 'l', 'o', 'u', 'd', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "cloudwarez.xyz", true */ 'c', 'l', 'o', 'u', 'd', 'w', 'a', 'r', 'e', 'z', '.', 'x', 'y', 'z', '\0', + /* "clouz.de", true */ 'c', 'l', 'o', 'u', 'z', '.', 'd', 'e', '\0', + /* "cloveros.ga", true */ 'c', 'l', 'o', 'v', 'e', 'r', 'o', 's', '.', 'g', 'a', '\0', + /* "clownindeklas.nl", true */ 'c', 'l', 'o', 'w', 'n', 'i', 'n', 'd', 'e', 'k', 'l', 'a', 's', '.', 'n', 'l', '\0', + /* "cloxy.com", true */ 'c', 'l', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0', + /* "clr3.com", true */ 'c', 'l', 'r', '3', '.', 'c', 'o', 'm', '\0', + /* "clsimage.com", true */ 'c', 'l', 's', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "clsimplex.com", true */ 'c', 'l', 's', 'i', 'm', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "clu-in.org", true */ 'c', 'l', 'u', '-', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "club-is.ru", true */ 'c', 'l', 'u', 'b', '-', 'i', 's', '.', 'r', 'u', '\0', + /* "club-reduc.com", true */ 'c', 'l', 'u', 'b', '-', 'r', 'e', 'd', 'u', 'c', '.', 'c', 'o', 'm', '\0', + /* "club103.ch", true */ 'c', 'l', 'u', 'b', '1', '0', '3', '.', 'c', 'h', '\0', + /* "clubdeslecteurs.net", true */ 'c', 'l', 'u', 'b', 'd', 'e', 's', 'l', 'e', 'c', 't', 'e', 'u', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "clubedalutashop.com", true */ 'c', 'l', 'u', 'b', 'e', 'd', 'a', 'l', 'u', 't', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "clubempleos.com", true */ 'c', 'l', 'u', 'b', 'e', 'm', 'p', 'l', 'e', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "clubeohara.com", true */ 'c', 'l', 'u', 'b', 'e', 'o', 'h', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "clubfamily.de", true */ 'c', 'l', 'u', 'b', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'd', 'e', '\0', + /* "clubmate.rocks", true */ 'c', 'l', 'u', 'b', 'm', 'a', 't', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "clubmini.jp", true */ 'c', 'l', 'u', 'b', 'm', 'i', 'n', 'i', '.', 'j', 'p', '\0', + /* "clubon.space", true */ 'c', 'l', 'u', 'b', 'o', 'n', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "clubscannan.ie", true */ 'c', 'l', 'u', 'b', 's', 'c', 'a', 'n', 'n', 'a', 'n', '.', 'i', 'e', '\0', + /* "clueful.ca", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', '.', 'c', 'a', '\0', + /* "cluefulca.com", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "cluefulca.net", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', 'c', 'a', '.', 'n', 'e', 't', '\0', + /* "cluefulca.org", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', 'c', 'a', '.', 'o', 'r', 'g', '\0', + /* "cluj.apartments", true */ 'c', 'l', 'u', 'j', '.', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '\0', + /* "clusteranalyse.net", true */ 'c', 'l', 'u', 's', 't', 'e', 'r', 'a', 'n', 'a', 'l', 'y', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "clusterfuck.nz", true */ 'c', 'l', 'u', 's', 't', 'e', 'r', 'f', 'u', 'c', 'k', '.', 'n', 'z', '\0', + /* "clustermaze.net", true */ 'c', 'l', 'u', 's', 't', 'e', 'r', 'm', 'a', 'z', 'e', '.', 'n', 'e', 't', '\0', + /* "clvs7.com", true */ 'c', 'l', 'v', 's', '7', '.', 'c', 'o', 'm', '\0', + /* "cmacacias.ch", true */ 'c', 'm', 'a', 'c', 'a', 'c', 'i', 'a', 's', '.', 'c', 'h', '\0', + /* "cmahy.be", true */ 'c', 'm', 'a', 'h', 'y', '.', 'b', 'e', '\0', + /* "cmangos.net", true */ 'c', 'm', 'a', 'n', 'g', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "cmcressy.ch", true */ 'c', 'm', 'c', 'r', 'e', 's', 's', 'y', '.', 'c', 'h', '\0', + /* "cmdline.org", true */ 'c', 'm', 'd', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "cmfaccounting.com", true */ 'c', 'm', 'f', 'a', 'c', 'c', 'o', 'u', 'n', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "cmitao.com", true */ 'c', 'm', 'i', 't', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "cmlachapelle.ch", true */ 'c', 'm', 'l', 'a', 'c', 'h', 'a', 'p', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0', + /* "cmlancy.ch", true */ 'c', 'm', 'l', 'a', 'n', 'c', 'y', '.', 'c', 'h', '\0', + /* "cmlignon.ch", true */ 'c', 'm', 'l', 'i', 'g', 'n', 'o', 'n', '.', 'c', 'h', '\0', + /* "cmn-group.com", true */ 'c', 'm', 'n', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "cmn-groupe.com", true */ 'c', 'm', 'n', '-', 'g', 'r', 'o', 'u', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "cmngroup.com", true */ 'c', 'm', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "cmngroupe.com", true */ 'c', 'm', 'n', 'g', 'r', 'o', 'u', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "cmplainpalais.ch", true */ 'c', 'm', 'p', 'l', 'a', 'i', 'n', 'p', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0', + /* "cmpr.es", true */ 'c', 'm', 'p', 'r', '.', 'e', 's', '\0', + /* "cmskeyholding.co.uk", true */ 'c', 'm', 's', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cmskeyholding.com", true */ 'c', 'm', 's', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "cmskh.co.uk", true */ 'c', 'm', 's', 'k', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cmusical.es", true */ 'c', 'm', 'u', 's', 'i', 'c', 'a', 'l', '.', 'e', 's', '\0', + /* "cmweller.com", true */ 'c', 'm', 'w', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "cmylife.nl", true */ 'c', 'm', 'y', 'l', 'i', 'f', 'e', '.', 'n', 'l', '\0', + /* "cn.search.yahoo.com", false */ 'c', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "cnam-idf.fr", true */ 'c', 'n', 'a', 'm', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0', + /* "cnam.net", true */ 'c', 'n', 'a', 'm', '.', 'n', 'e', 't', '\0', + /* "cnbs.ch", true */ 'c', 'n', 'b', 's', '.', 'c', 'h', '\0', + /* "cnc-lehrgang.de", true */ 'c', 'n', 'c', '-', 'l', 'e', 'h', 'r', 'g', 'a', 'n', 'g', '.', 'd', 'e', '\0', + /* "cncbazar365.com", true */ 'c', 'n', 'c', 'b', 'a', 'z', 'a', 'r', '3', '6', '5', '.', 'c', 'o', 'm', '\0', + /* "cncfraises.fr", true */ 'c', 'n', 'c', 'f', 'r', 'a', 'i', 's', 'e', 's', '.', 'f', 'r', '\0', + /* "cncrans.ch", true */ 'c', 'n', 'c', 'r', 'a', 'n', 's', '.', 'c', 'h', '\0', + /* "cnetw.xyz", true */ 'c', 'n', 'e', 't', 'w', '.', 'x', 'y', 'z', '\0', + /* "cni-certing.it", true */ 'c', 'n', 'i', '-', 'c', 'e', 'r', 't', 'i', 'n', 'g', '.', 'i', 't', '\0', + /* "cnrd.me", true */ 'c', 'n', 'r', 'd', '.', 'm', 'e', '\0', + /* "co-factor.ro", true */ 'c', 'o', '-', 'f', 'a', 'c', 't', 'o', 'r', '.', 'r', 'o', '\0', + /* "co.search.yahoo.com", false */ 'c', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "co50.com", true */ 'c', 'o', '5', '0', '.', 'c', 'o', 'm', '\0', + /* "coachezmoi.ch", true */ 'c', 'o', 'a', 'c', 'h', 'e', 'z', 'm', 'o', 'i', '.', 'c', 'h', '\0', + /* "coaching-impulse.ch", true */ 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '-', 'i', 'm', 'p', 'u', 'l', 's', 'e', '.', 'c', 'h', '\0', + /* "coachingconsultancy.com", true */ 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "coalitionministries.org", true */ 'c', 'o', 'a', 'l', 'i', 't', 'i', 'o', 'n', 'm', 'i', 'n', 'i', 's', 't', 'r', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "coalpointcottage.com", true */ 'c', 'o', 'a', 'l', 'p', 'o', 'i', 'n', 't', 'c', 'o', 't', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "coam.co", true */ 'c', 'o', 'a', 'm', '.', 'c', 'o', '\0', + /* "coastline.net.au", true */ 'c', 'o', 'a', 's', 't', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "coatl-industries.com", true */ 'c', 'o', 'a', 't', 'l', '-', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "cobalt.io", true */ 'c', 'o', 'b', 'a', 'l', 't', '.', 'i', 'o', '\0', + /* "cobaltgp.com", true */ 'c', 'o', 'b', 'a', 'l', 't', 'g', 'p', '.', 'c', 'o', 'm', '\0', + /* "cobracastles.co.uk", true */ 'c', 'o', 'b', 'r', 'a', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cocaine-import.agency", true */ 'c', 'o', 'c', 'a', 'i', 'n', 'e', '-', 'i', 'm', 'p', 'o', 'r', 't', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0', + /* "cocaine.ninja", true */ 'c', 'o', 'c', 'a', 'i', 'n', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "cocalc.com", true */ 'c', 'o', 'c', 'a', 'l', 'c', '.', 'c', 'o', 'm', '\0', + /* "coccinellaskitchen.com", true */ 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'a', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "coccinellaskitchen.de", true */ 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'a', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "coccinellaskitchen.it", true */ 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'a', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'i', 't', '\0', + /* "cocinoyo.com", true */ 'c', 'o', 'c', 'i', 'n', 'o', 'y', 'o', '.', 'c', 'o', 'm', '\0', + /* "cock.li", true */ 'c', 'o', 'c', 'k', '.', 'l', 'i', '\0', + /* "cocker.cc", false */ 'c', 'o', 'c', 'k', 'e', 'r', '.', 'c', 'c', '\0', + /* "cockerspanielamericano.com.br", true */ 'c', 'o', 'c', 'k', 'e', 'r', 's', 'p', 'a', 'n', 'i', 'e', 'l', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cockerspanielingles.com.br", true */ 'c', 'o', 'c', 'k', 'e', 'r', 's', 'p', 'a', 'n', 'i', 'e', 'l', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "coco-cool.fr", true */ 'c', 'o', 'c', 'o', '-', 'c', 'o', 'o', 'l', '.', 'f', 'r', '\0', + /* "coco-line.ch", true */ 'c', 'o', 'c', 'o', '-', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0', + /* "cocoaheads.at", false */ 'c', 'o', 'c', 'o', 'a', 'h', 'e', 'a', 'd', 's', '.', 'a', 't', '\0', + /* "cocoamexico.com", true */ 'c', 'o', 'c', 'o', 'a', 'm', 'e', 'x', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "cocodemy.com", true */ 'c', 'o', 'c', 'o', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0', + /* "coconutoil24.com", true */ 'c', 'o', 'c', 'o', 'n', 'u', 't', 'o', 'i', 'l', '2', '4', '.', 'c', 'o', 'm', '\0', + /* "cocoscastles.co.uk", true */ 'c', 'o', 'c', 'o', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cocquyt-usedcars.be", true */ 'c', 'o', 'c', 'q', 'u', 'y', 't', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "coda.moe", true */ 'c', 'o', 'd', 'a', '.', 'm', 'o', 'e', '\0', + /* "coda.today", true */ 'c', 'o', 'd', 'a', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "coda.world", true */ 'c', 'o', 'd', 'a', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "code-golf.io", true */ 'c', 'o', 'd', 'e', '-', 'g', 'o', 'l', 'f', '.', 'i', 'o', '\0', + /* "code-poets.co.uk", true */ 'c', 'o', 'd', 'e', '-', 'p', 'o', 'e', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "code-well.com", true */ 'c', 'o', 'd', 'e', '-', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "code.facebook.com", false */ 'c', 'o', 'd', 'e', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "code.fm", true */ 'c', 'o', 'd', 'e', '.', 'f', 'm', '\0', + /* "code.google.com", true */ 'c', 'o', 'd', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "code.taxi", true */ 'c', 'o', 'd', 'e', '.', 't', 'a', 'x', 'i', '\0', + /* "code67.com", true */ 'c', 'o', 'd', 'e', '6', '7', '.', 'c', 'o', 'm', '\0', + /* "codebrahma.com", false */ 'c', 'o', 'd', 'e', 'b', 'r', 'a', 'h', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "codedump.net", true */ 'c', 'o', 'd', 'e', 'd', 'u', 'm', 'p', '.', 'n', 'e', 't', '\0', + /* "codeeclipse.com", true */ 'c', 'o', 'd', 'e', 'e', 'c', 'l', 'i', 'p', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "codeferm.com", true */ 'c', 'o', 'd', 'e', 'f', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "codefordus.de", true */ 'c', 'o', 'd', 'e', 'f', 'o', 'r', 'd', 'u', 's', '.', 'd', 'e', '\0', + /* "codefordus.nrw", true */ 'c', 'o', 'd', 'e', 'f', 'o', 'r', 'd', 'u', 's', '.', 'n', 'r', 'w', '\0', + /* "codefoundry.it", false */ 'c', 'o', 'd', 'e', 'f', 'o', 'u', 'n', 'd', 'r', 'y', '.', 'i', 't', '\0', + /* "codeine.co.uk", true */ 'c', 'o', 'd', 'e', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "codeit.guru", true */ 'c', 'o', 'd', 'e', 'i', 't', '.', 'g', 'u', 'r', 'u', '\0', + /* "codeit.us", true */ 'c', 'o', 'd', 'e', 'i', 't', '.', 'u', 's', '\0', + /* "codenode.io", true */ 'c', 'o', 'd', 'e', 'n', 'o', 'd', 'e', '.', 'i', 'o', '\0', + /* "codeplay.org", true */ 'c', 'o', 'd', 'e', 'p', 'l', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "codepoints.net", true */ 'c', 'o', 'd', 'e', 'p', 'o', 'i', 'n', 't', 's', '.', 'n', 'e', 't', '\0', + /* "codepref.com", true */ 'c', 'o', 'd', 'e', 'p', 'r', 'e', 'f', '.', 'c', 'o', 'm', '\0', + /* "codepult.com", true */ 'c', 'o', 'd', 'e', 'p', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "codera.co.uk", true */ 'c', 'o', 'd', 'e', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "codercy.com", true */ 'c', 'o', 'd', 'e', 'r', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "codereview.appspot.com", false */ 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "codereview.chromium.org", false */ 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "coderhangout.com", true */ 'c', 'o', 'd', 'e', 'r', 'h', 'a', 'n', 'g', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "coderme.com", true */ 'c', 'o', 'd', 'e', 'r', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "codesplain.in", true */ 'c', 'o', 'd', 'e', 's', 'p', 'l', 'a', 'i', 'n', '.', 'i', 'n', '\0', + /* "codesport.io", true */ 'c', 'o', 'd', 'e', 's', 'p', 'o', 'r', 't', '.', 'i', 'o', '\0', + /* "codespromo.be", true */ 'c', 'o', 'd', 'e', 's', 'p', 'r', 'o', 'm', 'o', '.', 'b', 'e', '\0', + /* "codestudies.net", true */ 'c', 'o', 'd', 'e', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "codesyncro.com", true */ 'c', 'o', 'd', 'e', 's', 'y', 'n', 'c', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "codetripping.net", true */ 'c', 'o', 'd', 'e', 't', 'r', 'i', 'p', 'p', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "codeux.com", true */ 'c', 'o', 'd', 'e', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "codeux.info", true */ 'c', 'o', 'd', 'e', 'u', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "codeux.net", true */ 'c', 'o', 'd', 'e', 'u', 'x', '.', 'n', 'e', 't', '\0', + /* "codeventure.de", true */ 'c', 'o', 'd', 'e', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'd', 'e', '\0', + /* "codeversetech.com", true */ 'c', 'o', 'd', 'e', 'v', 'e', 'r', 's', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "codewild.de", true */ 'c', 'o', 'd', 'e', 'w', 'i', 'l', 'd', '.', 'd', 'e', '\0', + /* "codeyellow.nl", true */ 'c', 'o', 'd', 'e', 'y', 'e', 'l', 'l', 'o', 'w', '.', 'n', 'l', '\0', + /* "codific.eu", true */ 'c', 'o', 'd', 'i', 'f', 'i', 'c', '.', 'e', 'u', '\0', + /* "coding.lv", true */ 'c', 'o', 'd', 'i', 'n', 'g', '.', 'l', 'v', '\0', + /* "coding.net", true */ 'c', 'o', 'd', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "codingforspeed.com", true */ 'c', 'o', 'd', 'i', 'n', 'g', 'f', 'o', 'r', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "codingfromhell.net", true */ 'c', 'o', 'd', 'i', 'n', 'g', 'f', 'r', 'o', 'm', 'h', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0', + /* "codingrobots.com", true */ 'c', 'o', 'd', 'i', 'n', 'g', 'r', 'o', 'b', 'o', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "codxg.org", true */ 'c', 'o', 'd', 'x', 'g', '.', 'o', 'r', 'g', '\0', + /* "codyevanscomputer.com", true */ 'c', 'o', 'd', 'y', 'e', 'v', 'a', 'n', 's', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "codymoniz.com", true */ 'c', 'o', 'd', 'y', 'm', 'o', 'n', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "coffee-mamenoki.jp", true */ 'c', 'o', 'f', 'f', 'e', 'e', '-', 'm', 'a', 'm', 'e', 'n', 'o', 'k', 'i', '.', 'j', 'p', '\0', + /* "coffeedino.com", true */ 'c', 'o', 'f', 'f', 'e', 'e', 'd', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "coffeetocode.me", true */ 'c', 'o', 'f', 'f', 'e', 'e', 't', 'o', 'c', 'o', 'd', 'e', '.', 'm', 'e', '\0', + /* "cogala.eu", true */ 'c', 'o', 'g', 'a', 'l', 'a', '.', 'e', 'u', '\0', + /* "cogent.cc", true */ 'c', 'o', 'g', 'e', 'n', 't', '.', 'c', 'c', '\0', + /* "cogilog.com", true */ 'c', 'o', 'g', 'i', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "cogitoltd.com", true */ 'c', 'o', 'g', 'i', 't', 'o', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0', + /* "cognitivecomputingconsortium.com", true */ 'c', 'o', 'g', 'n', 'i', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', 'c', 'o', 'n', 's', 'o', 'r', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "coi-verify.com", true */ 'c', 'o', 'i', '-', 'v', 'e', 'r', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "coiffeurschnittstelle.ch", true */ 'c', 'o', 'i', 'f', 'f', 'e', 'u', 'r', 's', 'c', 'h', 'n', 'i', 't', 't', 's', 't', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0', + /* "coigach-assynt.org", true */ 'c', 'o', 'i', 'g', 'a', 'c', 'h', '-', 'a', 's', 's', 'y', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "coimmvest.com", true */ 'c', 'o', 'i', 'm', 'm', 'v', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "coinapult.com", true */ 'c', 'o', 'i', 'n', 'a', 'p', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "coinbase.com", true */ 'c', 'o', 'i', 'n', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "coincealed.com", true */ 'c', 'o', 'i', 'n', 'c', 'e', 'a', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "coincoele.com.br", true */ 'c', 'o', 'i', 'n', 'c', 'o', 'e', 'l', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "coincoin.eu.org", true */ 'c', 'o', 'i', 'n', 'c', 'o', 'i', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "coincolors.co", true */ 'c', 'o', 'i', 'n', 'c', 'o', 'l', 'o', 'r', 's', '.', 'c', 'o', '\0', + /* "coindatabase.net", true */ 'c', 'o', 'i', 'n', 'd', 'a', 't', 'a', 'b', 'a', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "coinessa.com", true */ 'c', 'o', 'i', 'n', 'e', 's', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "coinflux.com", true */ 'c', 'o', 'i', 'n', 'f', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "coingate.com", true */ 'c', 'o', 'i', 'n', 'g', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "coinjar-sandbox.com", true */ 'c', 'o', 'i', 'n', 'j', 'a', 'r', '-', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "coinlist.co", false */ 'c', 'o', 'i', 'n', 'l', 'i', 's', 't', '.', 'c', 'o', '\0', + /* "coinloan.io", true */ 'c', 'o', 'i', 'n', 'l', 'o', 'a', 'n', '.', 'i', 'o', '\0', + /* "coinmewallet.com", true */ 'c', 'o', 'i', 'n', 'm', 'e', 'w', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "coinpit.io", true */ 'c', 'o', 'i', 'n', 'p', 'i', 't', '.', 'i', 'o', '\0', + /* "coisasdaterra.com", true */ 'c', 'o', 'i', 's', 'a', 's', 'd', 'a', 't', 'e', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "coisasdemulher.org", true */ 'c', 'o', 'i', 's', 'a', 's', 'd', 'e', 'm', 'u', 'l', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "cojo.eu", true */ 'c', 'o', 'j', 'o', '.', 'e', 'u', '\0', + /* "col.la", true */ 'c', 'o', 'l', '.', 'l', 'a', '\0', + /* "colaborativa.tv", true */ 'c', 'o', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'i', 'v', 'a', '.', 't', 'v', '\0', + /* "colapsys.net", true */ 'c', 'o', 'l', 'a', 'p', 's', 'y', 's', '.', 'n', 'e', 't', '\0', + /* "colarelli.ch", true */ 'c', 'o', 'l', 'a', 'r', 'e', 'l', 'l', 'i', '.', 'c', 'h', '\0', + /* "coldawn.com", true */ 'c', 'o', 'l', 'd', 'a', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "coldfff.com", false */ 'c', 'o', 'l', 'd', 'f', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "coldhak.ca", true */ 'c', 'o', 'l', 'd', 'h', 'a', 'k', '.', 'c', 'a', '\0', + /* "coldwatericecream.com", true */ 'c', 'o', 'l', 'd', 'w', 'a', 't', 'e', 'r', 'i', 'c', 'e', 'c', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "colegiocierp.com.br", true */ 'c', 'o', 'l', 'e', 'g', 'i', 'o', 'c', 'i', 'e', 'r', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "colemak.com", true */ 'c', 'o', 'l', 'e', 'm', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "colengo.com", true */ 'c', 'o', 'l', 'e', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "colibris.xyz", true */ 'c', 'o', 'l', 'i', 'b', 'r', 'i', 's', '.', 'x', 'y', 'z', '\0', + /* "colincampbell.me", true */ 'c', 'o', 'l', 'i', 'n', 'c', 'a', 'm', 'p', 'b', 'e', 'l', 'l', '.', 'm', 'e', '\0', + /* "colinchartier.com", true */ 'c', 'o', 'l', 'i', 'n', 'c', 'h', 'a', 'r', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "colinstark.ca", true */ 'c', 'o', 'l', 'i', 'n', 's', 't', 'a', 'r', 'k', '.', 'c', 'a', '\0', + /* "colisfrais.com", false */ 'c', 'o', 'l', 'i', 's', 'f', 'r', 'a', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "collablynk.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'l', 'y', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "collabora-office.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "collabora.ca", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'a', '\0', + /* "collabora.co.kr", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', '.', 'k', 'r', '\0', + /* "collabora.co.uk", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "collabora.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "collabora.kr", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'k', 'r', '\0', + /* "collabora.ninja", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "collabora.social", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0', + /* "collabora.uk", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'u', 'k', '\0', + /* "collaboracloudsuite.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 'c', 'l', 'o', 'u', 'd', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "collaboraoffice.co.uk", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "collaboraoffice.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "collabornation.net", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'n', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "collaction.hk", true */ 'c', 'o', 'l', 'l', 'a', 'c', 't', 'i', 'o', 'n', '.', 'h', 'k', '\0', + /* "collada.org", true */ 'c', 'o', 'l', 'l', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0', + /* "collbox.co", true */ 'c', 'o', 'l', 'l', 'b', 'o', 'x', '.', 'c', 'o', '\0', + /* "collectdocs.com", true */ 'c', 'o', 'l', 'l', 'e', 'c', 't', 'd', 'o', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "collectfood.com", true */ 'c', 'o', 'l', 'l', 'e', 'c', 't', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "collectiblebeans.com", true */ 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'b', 'l', 'e', 'b', 'e', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "collegepaperworld.com", true */ 'c', 'o', 'l', 'l', 'e', 'g', 'e', 'p', 'a', 'p', 'e', 'r', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "collinel-hossari.com", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'e', 'l', '-', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "collinelhossari.com", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'e', 'l', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "collinghammethodist.org.uk", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'g', 'h', 'a', 'm', 'm', 'e', 't', 'h', 'o', 'd', 'i', 's', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "collinmbarrett.com", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'm', 'b', 'a', 'r', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "colo-tech.com", true */ 'c', 'o', 'l', 'o', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "colombian.dating", true */ 'c', 'o', 'l', 'o', 'm', 'b', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "coloppe.com", true */ 'c', 'o', 'l', 'o', 'p', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "coloradolottery.com", true */ 'c', 'o', 'l', 'o', 'r', 'a', 'd', 'o', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "coloraid.net", true */ 'c', 'o', 'l', 'o', 'r', 'a', 'i', 'd', '.', 'n', 'e', 't', '\0', + /* "colorblindprogramming.com", true */ 'c', 'o', 'l', 'o', 'r', 'b', 'l', 'i', 'n', 'd', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "colorbrush.ru", true */ 'c', 'o', 'l', 'o', 'r', 'b', 'r', 'u', 's', 'h', '.', 'r', 'u', '\0', + /* "colorcentertoner.com.br", true */ 'c', 'o', 'l', 'o', 'r', 'c', 'e', 'n', 't', 'e', 'r', 't', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "colorcodedlyrics.com", true */ 'c', 'o', 'l', 'o', 'r', 'c', 'o', 'd', 'e', 'd', 'l', 'y', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "colorectalcompounding.com", true */ 'c', 'o', 'l', 'o', 'r', 'e', 'c', 't', 'a', 'l', 'c', 'o', 'm', 'p', 'o', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "coloringnotebook.com", true */ 'c', 'o', 'l', 'o', 'r', 'i', 'n', 'g', 'n', 'o', 't', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "coloristcafe.com", true */ 'c', 'o', 'l', 'o', 'r', 'i', 's', 't', 'c', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "colorlifesupport.com", true */ 'c', 'o', 'l', 'o', 'r', 'l', 'i', 'f', 'e', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "colorsbycarin.com", true */ 'c', 'o', 'l', 'o', 'r', 's', 'b', 'y', 'c', 'a', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "colossal-events.co.uk", true */ 'c', 'o', 'l', 'o', 's', 's', 'a', 'l', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "colourfulcastles.co.uk", true */ 'c', 'o', 'l', 'o', 'u', 'r', 'f', 'u', 'l', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "colson-occasions.be", true */ 'c', 'o', 'l', 's', 'o', 'n', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0', + /* "columbuswines.com", true */ 'c', 'o', 'l', 'u', 'm', 'b', 'u', 's', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "colyakootees.com", true */ 'c', 'o', 'l', 'y', 'a', 'k', 'o', 'o', 't', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "com-in.de", true */ 'c', 'o', 'm', '-', 'i', 'n', '.', 'd', 'e', '\0', + /* "com.cc", true */ 'c', 'o', 'm', '.', 'c', 'c', '\0', + /* "comarkinstruments.net", true */ 'c', 'o', 'm', 'a', 'r', 'k', 'i', 'n', 's', 't', 'r', 'u', 'm', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0', + /* "combron.nl", true */ 'c', 'o', 'm', 'b', 'r', 'o', 'n', '.', 'n', 'l', '\0', + /* "comchezmeme.com", true */ 'c', 'o', 'm', 'c', 'h', 'e', 'z', 'm', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "comcol.nl", true */ 'c', 'o', 'm', 'c', 'o', 'l', '.', 'n', 'l', '\0', + /* "comdotgame.com", true */ 'c', 'o', 'm', 'd', 'o', 't', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "comdurav.com", true */ 'c', 'o', 'm', 'd', 'u', 'r', 'a', 'v', '.', 'c', 'o', 'm', '\0', + /* "comefollowme2016.com", true */ 'c', 'o', 'm', 'e', 'f', 'o', 'l', 'l', 'o', 'w', 'm', 'e', '2', '0', '1', '6', '.', 'c', 'o', 'm', '\0', + /* "comercialtrading.eu", true */ 'c', 'o', 'm', 'e', 'r', 'c', 'i', 'a', 'l', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'e', 'u', '\0', + /* "comerford.net", true */ 'c', 'o', 'm', 'e', 'r', 'f', 'o', 'r', 'd', '.', 'n', 'e', 't', '\0', + /* "comestoarra.com", true */ 'c', 'o', 'm', 'e', 's', 't', 'o', 'a', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "cometbot.cf", true */ 'c', 'o', 'm', 'e', 't', 'b', 'o', 't', '.', 'c', 'f', '\0', + /* "cometcache.com", true */ 'c', 'o', 'm', 'e', 't', 'c', 'a', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "cometonovascotia.ca", true */ 'c', 'o', 'm', 'e', 't', 'o', 'n', 'o', 'v', 'a', 's', 'c', 'o', 't', 'i', 'a', '.', 'c', 'a', '\0', + /* "comff.net", true */ 'c', 'o', 'm', 'f', 'f', '.', 'n', 'e', 't', '\0', + /* "comfintouch.com", true */ 'c', 'o', 'm', 'f', 'i', 'n', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "comflores.com.br", true */ 'c', 'o', 'm', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "comfypc.com", true */ 'c', 'o', 'm', 'f', 'y', 'p', 'c', '.', 'c', 'o', 'm', '\0', + /* "comhack.com", true */ 'c', 'o', 'm', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "comicrelief.com", true */ 'c', 'o', 'm', 'i', 'c', 'r', 'e', 'l', 'i', 'e', 'f', '.', 'c', 'o', 'm', '\0', + /* "comicspornos.com", true */ 'c', 'o', 'm', 'i', 'c', 's', 'p', 'o', 'r', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "comicwiki.dk", true */ 'c', 'o', 'm', 'i', 'c', 'w', 'i', 'k', 'i', '.', 'd', 'k', '\0', + /* "comiq.io", true */ 'c', 'o', 'm', 'i', 'q', '.', 'i', 'o', '\0', + /* "comiteaintriathlon.fr", true */ 'c', 'o', 'm', 'i', 't', 'e', 'a', 'i', 'n', 't', 'r', 'i', 'a', 't', 'h', 'l', 'o', 'n', '.', 'f', 'r', '\0', + /* "comm.cx", true */ 'c', 'o', 'm', 'm', '.', 'c', 'x', '\0', + /* "commania.co.kr", true */ 'c', 'o', 'm', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', '.', 'k', 'r', '\0', + /* "commechezvous.ch", true */ 'c', 'o', 'm', 'm', 'e', 'c', 'h', 'e', 'z', 'v', 'o', 'u', 's', '.', 'c', 'h', '\0', + /* "commencepayments.com", true */ 'c', 'o', 'm', 'm', 'e', 'n', 'c', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "commitsandrebases.com", true */ 'c', 'o', 'm', 'm', 'i', 't', 's', 'a', 'n', 'd', 'r', 'e', 'b', 'a', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "common.io", true */ 'c', 'o', 'm', 'm', 'o', 'n', '.', 'i', 'o', '\0', + /* "commoncode.com.au", true */ 'c', 'o', 'm', 'm', 'o', 'n', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "commoncode.io", true */ 'c', 'o', 'm', 'm', 'o', 'n', 'c', 'o', 'd', 'e', '.', 'i', 'o', '\0', + /* "commoncore4kids.com", true */ 'c', 'o', 'm', 'm', 'o', 'n', 'c', 'o', 'r', 'e', '4', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "community-cupboard.org", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '-', 'c', 'u', 'p', 'b', 'o', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "communityblog.fedoraproject.org", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'b', 'l', 'o', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "communitycodeofconduct.com", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'c', 'o', 'd', 'e', 'o', 'f', 'c', 'o', 'n', 'd', 'u', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "communityflow.info", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'f', 'l', 'o', 'w', '.', 'i', 'n', 'f', 'o', '\0', + /* "communote.net", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'o', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "comodesinflamarlashemorroides.org", true */ 'c', 'o', 'm', 'o', 'd', 'e', 's', 'i', 'n', 'f', 'l', 'a', 'm', 'a', 'r', 'l', 'a', 's', 'h', 'e', 'm', 'o', 'r', 'r', 'o', 'i', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "comodo.nl", true */ 'c', 'o', 'm', 'o', 'd', 'o', '.', 'n', 'l', '\0', + /* "comodormirmasrapido.com", true */ 'c', 'o', 'm', 'o', 'd', 'o', 'r', 'm', 'i', 'r', 'm', 'a', 's', 'r', 'a', 'p', 'i', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "comogene.com", true */ 'c', 'o', 'm', 'o', 'g', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "comohacerelamoraunhombrenet.com", true */ 'c', 'o', 'm', 'o', 'h', 'a', 'c', 'e', 'r', 'e', 'l', 'a', 'm', 'o', 'r', 'a', 'u', 'n', 'h', 'o', 'm', 'b', 'r', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "comopuededejardefumar.net", true */ 'c', 'o', 'm', 'o', 'p', 'u', 'e', 'd', 'e', 'd', 'e', 'j', 'a', 'r', 'd', 'e', 'f', 'u', 'm', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "comoquitarlasestriasrapidamente.com", true */ 'c', 'o', 'm', 'o', 'q', 'u', 'i', 't', 'a', 'r', 'l', 'a', 's', 'e', 's', 't', 'r', 'i', 'a', 's', 'r', 'a', 'p', 'i', 'd', 'a', 'm', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "comorecuperaratumujerpdf.com", true */ 'c', 'o', 'm', 'o', 'r', 'e', 'c', 'u', 'p', 'e', 'r', 'a', 'r', 'a', 't', 'u', 'm', 'u', 'j', 'e', 'r', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0', + /* "comp2go.com.au", true */ 'c', 'o', 'm', 'p', '2', 'g', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "compagnia-buffo.de", true */ 'c', 'o', 'm', 'p', 'a', 'g', 'n', 'i', 'a', '-', 'b', 'u', 'f', 'f', 'o', '.', 'd', 'e', '\0', + /* "compagniemartin.com", true */ 'c', 'o', 'm', 'p', 'a', 'g', 'n', 'i', 'e', 'm', 'a', 'r', 't', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "comparatif-moto.fr", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'a', 't', 'i', 'f', '-', 'm', 'o', 't', 'o', '.', 'f', 'r', '\0', + /* "compareandrecycle.com", false */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'a', 'n', 'd', 'r', 'e', 'c', 'y', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "compareinsurance.com.au", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "comparesoft.com", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "comparexcloudcenter.com", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'x', 'c', 'l', 'o', 'u', 'd', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "compartir.party", true */ 'c', 'o', 'm', 'p', 'a', 'r', 't', 'i', 'r', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "compassdirectportal.com", true */ 'c', 'o', 'm', 'p', 'a', 's', 's', 'd', 'i', 'r', 'e', 'c', 't', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "compeuphoria.com", true */ 'c', 'o', 'm', 'p', 'e', 'u', 'p', 'h', 'o', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "comphare.nl", true */ 'c', 'o', 'm', 'p', 'h', 'a', 'r', 'e', '.', 'n', 'l', '\0', + /* "compibus.fr", true */ 'c', 'o', 'm', 'p', 'i', 'b', 'u', 's', '.', 'f', 'r', '\0', + /* "compilenix.org", true */ 'c', 'o', 'm', 'p', 'i', 'l', 'e', 'n', 'i', 'x', '.', 'o', 'r', 'g', '\0', + /* "completefloorcoverings.com", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 'f', 'l', 'o', 'o', 'r', 'c', 'o', 'v', 'e', 'r', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "completesecurityessex.co.uk", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'e', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "completesecurityessex.com", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'e', 's', 's', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "completionist.me", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'm', 'e', '\0', + /* "complex-organization.com", true */ 'c', 'o', 'm', 'p', 'l', 'e', 'x', '-', 'o', 'r', 'g', 'a', 'n', 'i', 'z', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "complexart.ro", true */ 'c', 'o', 'm', 'p', 'l', 'e', 'x', 'a', 'r', 't', '.', 'r', 'o', '\0', + /* "complexsystems.fail", true */ 'c', 'o', 'm', 'p', 'l', 'e', 'x', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'f', 'a', 'i', 'l', '\0', + /* "compliance-management.ch", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'c', 'h', '\0', + /* "compliance-systeme.de", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '-', 's', 'y', 's', 't', 'e', 'm', 'e', '.', 'd', 'e', '\0', + /* "compliancedictionary.com", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', 'd', 'i', 'c', 't', 'i', 'o', 'n', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "compliancerisksoftware.co.uk", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', 'r', 'i', 's', 'k', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "compostatebien.com.ar", true */ 'c', 'o', 'm', 'p', 'o', 's', 't', 'a', 't', 'e', 'b', 'i', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "compraneta.com", false */ 'c', 'o', 'm', 'p', 'r', 'a', 'n', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "compreautomacao.com.br", true */ 'c', 'o', 'm', 'p', 'r', 'e', 'a', 'u', 't', 'o', 'm', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "compredietlight.com.br", true */ 'c', 'o', 'm', 'p', 'r', 'e', 'd', 'i', 'e', 't', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "comprefitasadere.com.br", true */ 'c', 'o', 'm', 'p', 'r', 'e', 'f', 'i', 't', 'a', 's', 'a', 'd', 'e', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "compubench.com", true */ 'c', 'o', 'm', 'p', 'u', 'b', 'e', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "compucastell.ch", true */ 'c', 'o', 'm', 'p', 'u', 'c', 'a', 's', 't', 'e', 'l', 'l', '.', 'c', 'h', '\0', + /* "compucorner.mx", true */ 'c', 'o', 'm', 'p', 'u', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'm', 'x', '\0', + /* "compuplast.cz", true */ 'c', 'o', 'm', 'p', 'u', 'p', 'l', 'a', 's', 't', '.', 'c', 'z', '\0', + /* "computehealth.com", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "computer-acquisti.com", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '-', 'a', 'c', 'q', 'u', 'i', 's', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "computeracademy.co.za", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "computerassistance.co.uk", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "computerbase.de", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'b', 'a', 's', 'e', '.', 'd', 'e', '\0', + /* "computeremergency.com.au", false */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "computerhilfe-feucht.de", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'h', 'i', 'l', 'f', 'e', '-', 'f', 'e', 'u', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "computernetwerkwestland.nl", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'n', 'e', 't', 'w', 'e', 'r', 'k', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "computerslotopschool.nl", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', 'l', 'o', 't', 'o', 'p', 's', 'c', 'h', 'o', 'o', 'l', '.', 'n', 'l', '\0', + /* "computersystems.guru", false */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'g', 'u', 'r', 'u', '\0', + /* "comssa.org.au", true */ 'c', 'o', 'm', 's', 's', 'a', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "comunidadmontepinar.es", true */ 'c', 'o', 'm', 'u', 'n', 'i', 'd', 'a', 'd', 'm', 'o', 'n', 't', 'e', 'p', 'i', 'n', 'a', 'r', '.', 'e', 's', '\0', + /* "comw.cc", true */ 'c', 'o', 'm', 'w', '.', 'c', 'c', '\0', + /* "conalcorp.com", true */ 'c', 'o', 'n', 'a', 'l', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "conaudisa.com", false */ 'c', 'o', 'n', 'a', 'u', 'd', 'i', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "concept-web.ch", true */ 'c', 'o', 'n', 'c', 'e', 'p', 't', '-', 'w', 'e', 'b', '.', 'c', 'h', '\0', + /* "conceptatelier.de", true */ 'c', 'o', 'n', 'c', 'e', 'p', 't', 'a', 't', 'e', 'l', 'i', 'e', 'r', '.', 'd', 'e', '\0', + /* "concertengine.com", true */ 'c', 'o', 'n', 'c', 'e', 'r', 't', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "concerto.amsterdam", true */ 'c', 'o', 'n', 'c', 'e', 'r', 't', 'o', '.', 'a', 'm', 's', 't', 'e', 'r', 'd', 'a', 'm', '\0', + /* "conciliumnotaire.ca", true */ 'c', 'o', 'n', 'c', 'i', 'l', 'i', 'u', 'm', 'n', 'o', 't', 'a', 'i', 'r', 'e', '.', 'c', 'a', '\0', + /* "conclave.global", true */ 'c', 'o', 'n', 'c', 'l', 'a', 'v', 'e', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0', + /* "concretehermit.com", true */ 'c', 'o', 'n', 'c', 'r', 'e', 't', 'e', 'h', 'e', 'r', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "concursopublico.com.br", true */ 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 'p', 'u', 'b', 'l', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "concursos.com.br", true */ 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "concursosabertos.com.br", true */ 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', 'a', 'b', 'e', 'r', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "condecom.com.br", true */ 'c', 'o', 'n', 'd', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "condepenalba.com", false */ 'c', 'o', 'n', 'd', 'e', 'p', 'e', 'n', 'a', 'l', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "condesaelectronics.com", true */ 'c', 'o', 'n', 'd', 'e', 's', 'a', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "condosforcash.com", true */ 'c', 'o', 'n', 'd', 'o', 's', 'f', 'o', 'r', 'c', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "condroz-motors.be", true */ 'c', 'o', 'n', 'd', 'r', 'o', 'z', '-', 'm', 'o', 't', 'o', 'r', 's', '.', 'b', 'e', '\0', + /* "conectalmeria.com", true */ 'c', 'o', 'n', 'e', 'c', 't', 'a', 'l', 'm', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "conejovalleyelectrical.com", true */ 'c', 'o', 'n', 'e', 'j', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "confiancefoundation.org", true */ 'c', 'o', 'n', 'f', 'i', 'a', 'n', 'c', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "confidential.network", true */ 'c', 'o', 'n', 'f', 'i', 'd', 'e', 'n', 't', 'i', 'a', 'l', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "config.schokokeks.org", false */ 'c', 'o', 'n', 'f', 'i', 'g', '.', 's', 'c', 'h', 'o', 'k', 'o', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "confiwall.de", true */ 'c', 'o', 'n', 'f', 'i', 'w', 'a', 'l', 'l', '.', 'd', 'e', '\0', + /* "conformax.com.br", true */ 'c', 'o', 'n', 'f', 'o', 'r', 'm', 'a', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "conformist.jp", true */ 'c', 'o', 'n', 'f', 'o', 'r', 'm', 'i', 's', 't', '.', 'j', 'p', '\0', + /* "confuddledpenguin.com", true */ 'c', 'o', 'n', 'f', 'u', 'd', 'd', 'l', 'e', 'd', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "cong5.net", true */ 'c', 'o', 'n', 'g', '5', '.', 'n', 'e', 't', '\0', + /* "congineer.com", true */ 'c', 'o', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "congobunkering.com", true */ 'c', 'o', 'n', 'g', 'o', 'b', 'u', 'n', 'k', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "conkret.ch", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'c', 'h', '\0', + /* "conkret.co.uk", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "conkret.de", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'd', 'e', '\0', + /* "conkret.eu", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'e', 'u', '\0', + /* "conkret.in", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'i', 'n', '\0', + /* "conkret.mobi", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'm', 'o', 'b', 'i', '\0', + /* "conmedapps.com", true */ 'c', 'o', 'n', 'm', 'e', 'd', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "connect-ed.network", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '-', 'e', 'd', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "connect-me.com", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '-', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "connect.dating", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "connect.facebook.net", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'n', 'e', 't', '\0', + /* "connectedcare.md", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'e', 'd', 'c', 'a', 'r', 'e', '.', 'm', 'd', '\0', + /* "connectmath.com", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'm', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "connectmy.car", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'm', 'y', '.', 'c', 'a', 'r', '\0', + /* "connectum.eu", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'u', 'm', '.', 'e', 'u', '\0', + /* "connext.de", true */ 'c', 'o', 'n', 'n', 'e', 'x', 't', '.', 'd', 'e', '\0', + /* "connorsmith.co", true */ 'c', 'o', 'n', 'n', 'o', 'r', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', '\0', + /* "connyduck.at", true */ 'c', 'o', 'n', 'n', 'y', 'd', 'u', 'c', 'k', '.', 'a', 't', '\0', + /* "conpins.nl", true */ 'c', 'o', 'n', 'p', 'i', 'n', 's', '.', 'n', 'l', '\0', + /* "conrad-kostecki.de", true */ 'c', 'o', 'n', 'r', 'a', 'd', '-', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0', + /* "conradkostecki.de", true */ 'c', 'o', 'n', 'r', 'a', 'd', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0', + /* "consciousbrand.co", true */ 'c', 'o', 'n', 's', 'c', 'i', 'o', 'u', 's', 'b', 'r', 'a', 'n', 'd', '.', 'c', 'o', '\0', + /* "consejosdehogar.com", true */ 'c', 'o', 'n', 's', 'e', 'j', 'o', 's', 'd', 'e', 'h', 'o', 'g', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "consejosdenutricion.com", true */ 'c', 'o', 'n', 's', 'e', 'j', 'o', 's', 'd', 'e', 'n', 'u', 't', 'r', 'i', 'c', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "conservados.com.br", true */ 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "conservatoriesincornwall.com", true */ 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'o', 'r', 'i', 'e', 's', 'i', 'n', 'c', 'o', 'r', 'n', 'w', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "consideredgifts.com", true */ 'c', 'o', 'n', 's', 'i', 'd', 'e', 'r', 'e', 'd', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "consilium-vitae.ch", true */ 'c', 'o', 'n', 's', 'i', 'l', 'i', 'u', 'm', '-', 'v', 'i', 't', 'a', 'e', '.', 'c', 'h', '\0', + /* "consiliumvitae.ch", true */ 'c', 'o', 'n', 's', 'i', 'l', 'i', 'u', 'm', 'v', 'i', 't', 'a', 'e', '.', 'c', 'h', '\0', + /* "consill.com", true */ 'c', 'o', 'n', 's', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "console.ninja", true */ 'c', 'o', 'n', 's', 'o', 'l', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "console.rest", true */ 'c', 'o', 'n', 's', 'o', 'l', 'e', '.', 'r', 'e', 's', 't', '\0', + /* "consommateuraverti.com", true */ 'c', 'o', 'n', 's', 'o', 'm', 'm', 'a', 't', 'e', 'u', 'r', 'a', 'v', 'e', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "consonare.de", true */ 'c', 'o', 'n', 's', 'o', 'n', 'a', 'r', 'e', '.', 'd', 'e', '\0', + /* "constancechen.me", true */ 'c', 'o', 'n', 's', 't', 'a', 'n', 'c', 'e', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0', + /* "constant-rough.de", true */ 'c', 'o', 'n', 's', 't', 'a', 'n', 't', '-', 'r', 'o', 'u', 'g', 'h', '.', 'd', 'e', '\0', + /* "constructionjobs.com", true */ 'c', 'o', 'n', 's', 't', 'r', 'u', 'c', 't', 'i', 'o', 'n', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "constructive.men", true */ 'c', 'o', 'n', 's', 't', 'r', 'u', 'c', 't', 'i', 'v', 'e', '.', 'm', 'e', 'n', '\0', + /* "consul.io", true */ 'c', 'o', 'n', 's', 'u', 'l', '.', 'i', 'o', '\0', + /* "consultorcr.net", true */ 'c', 'o', 'n', 's', 'u', 'l', 't', 'o', 'r', 'c', 'r', '.', 'n', 'e', 't', '\0', + /* "consultpetkov.com", true */ 'c', 'o', 'n', 's', 'u', 'l', 't', 'p', 'e', 't', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "consumer.gov", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'g', 'o', 'v', '\0', + /* "consumeractionlawgroup.com", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', 'a', 'c', 't', 'i', 'o', 'n', 'l', 'a', 'w', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "consumerfiles.com", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "consumersentinel.gov", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', '.', 'g', 'o', 'v', '\0', + /* "consumidor.gov", true */ 'c', 'o', 'n', 's', 'u', 'm', 'i', 'd', 'o', 'r', '.', 'g', 'o', 'v', '\0', + /* "consuwijzer.nl", true */ 'c', 'o', 'n', 's', 'u', 'w', 'i', 'j', 'z', 'e', 'r', '.', 'n', 'l', '\0', + /* "content-api-dev.azurewebsites.net", false */ 'c', 'o', 'n', 't', 'e', 'n', 't', '-', 'a', 'p', 'i', '-', 'd', 'e', 'v', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "contentcoms.co.uk", true */ 'c', 'o', 'n', 't', 'e', 'n', 't', 'c', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "contentpass.net", true */ 'c', 'o', 'n', 't', 'e', 'n', 't', 'p', 'a', 's', 's', '.', 'n', 'e', 't', '\0', + /* "contessa32experience.com", true */ 'c', 'o', 'n', 't', 'e', 's', 's', 'a', '3', '2', 'e', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "contextplatform.com", true */ 'c', 'o', 'n', 't', 'e', 'x', 't', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "continuation.io", true */ 'c', 'o', 'n', 't', 'i', 'n', 'u', 'a', 't', 'i', 'o', 'n', '.', 'i', 'o', '\0', + /* "contrabass.net", true */ 'c', 'o', 'n', 't', 'r', 'a', 'b', 'a', 's', 's', '.', 'n', 'e', 't', '\0', + /* "contractormountain.com", true */ 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 'o', 'r', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "contraspin.co.nz", true */ 'c', 'o', 'n', 't', 'r', 'a', 's', 'p', 'i', 'n', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "contratatupoliza.com", true */ 'c', 'o', 'n', 't', 'r', 'a', 't', 'a', 't', 'u', 'p', 'o', 'l', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "contributor.google.com", false */ 'c', 'o', 'n', 't', 'r', 'i', 'b', 'u', 't', 'o', 'r', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "controlarlaansiedad.com", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'a', 'r', 'l', 'a', 'a', 'n', 's', 'i', 'e', 'd', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "controlautocom.com.br", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'a', 'u', 't', 'o', 'c', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "controlbooth.com", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'b', 'o', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "controle.net", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "controltickets.com.br", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "contxt-agentur.de", true */ 'c', 'o', 'n', 't', 'x', 't', '-', 'a', 'g', 'e', 'n', 't', 'u', 'r', '.', 'd', 'e', '\0', + /* "conv2pdf.com", true */ 'c', 'o', 'n', 'v', '2', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0', + /* "convergemagazine.com", true */ 'c', 'o', 'n', 'v', 'e', 'r', 'g', 'e', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "convergence.fi", true */ 'c', 'o', 'n', 'v', 'e', 'r', 'g', 'e', 'n', 'c', 'e', '.', 'f', 'i', '\0', + /* "convergnce.com", true */ 'c', 'o', 'n', 'v', 'e', 'r', 'g', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "conversiones.com", true */ 'c', 'o', 'n', 'v', 'e', 'r', 's', 'i', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "convert.im", true */ 'c', 'o', 'n', 'v', 'e', 'r', 't', '.', 'i', 'm', '\0', + /* "converter.ml", true */ 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'm', 'l', '\0', + /* "convexset.org", true */ 'c', 'o', 'n', 'v', 'e', 'x', 's', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "convocatoriafundacionpepsicomexico.org", false */ 'c', 'o', 'n', 'v', 'o', 'c', 'a', 't', 'o', 'r', 'i', 'a', 'f', 'u', 'n', 'd', 'a', 'c', 'i', 'o', 'n', 'p', 'e', 'p', 's', 'i', 'c', 'o', 'm', 'e', 'x', 'i', 'c', 'o', '.', 'o', 'r', 'g', '\0', + /* "cooker.fr", true */ 'c', 'o', 'o', 'k', 'e', 'r', '.', 'f', 'r', '\0', + /* "cookescastles.co.uk", true */ 'c', 'o', 'o', 'k', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cookicons.co", true */ 'c', 'o', 'o', 'k', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', '\0', + /* "cookie4.com", true */ 'c', 'o', 'o', 'k', 'i', 'e', '4', '.', 'c', 'o', 'm', '\0', + /* "cookieandkate.com", true */ 'c', 'o', 'o', 'k', 'i', 'e', 'a', 'n', 'd', 'k', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "cookiecrook.com", true */ 'c', 'o', 'o', 'k', 'i', 'e', 'c', 'r', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "cookiesoft.de", true */ 'c', 'o', 'o', 'k', 'i', 'e', 's', 'o', 'f', 't', '.', 'd', 'e', '\0', + /* "cookiestudies.cf", true */ 'c', 'o', 'o', 'k', 'i', 'e', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'c', 'f', '\0', + /* "cookingbazart.com", true */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'b', 'a', 'z', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "cookingcrusade.com", true */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'c', 'r', 'u', 's', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "cookinglife.nl", false */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'l', 'i', 'f', 'e', '.', 'n', 'l', '\0', + /* "cookingreporter.com", true */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "cookmedical.com", false */ 'c', 'o', 'o', 'k', 'm', 'e', 'd', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "cooko.at", true */ 'c', 'o', 'o', 'k', 'o', '.', 'a', 't', '\0', + /* "cool-parties.co.uk", true */ 'c', 'o', 'o', 'l', '-', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cool-wallpapers.jp", true */ 'c', 'o', 'o', 'l', '-', 'w', 'a', 'l', 'l', 'p', 'a', 'p', 'e', 'r', 's', '.', 'j', 'p', '\0', + /* "cool110.tk", true */ 'c', 'o', 'o', 'l', '1', '1', '0', '.', 't', 'k', '\0', + /* "cool110.xyz", true */ 'c', 'o', 'o', 'l', '1', '1', '0', '.', 'x', 'y', 'z', '\0', + /* "coolattractions.co.uk", true */ 'c', 'o', 'o', 'l', 'a', 't', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cooldan.com", true */ 'c', 'o', 'o', 'l', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "coole-fete.de", true */ 'c', 'o', 'o', 'l', 'e', '-', 'f', 'e', 't', 'e', '.', 'd', 'e', '\0', + /* "coolerssr.space", true */ 'c', 'o', 'o', 'l', 'e', 'r', 's', 's', 'r', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "coolgifs.de", true */ 'c', 'o', 'o', 'l', 'g', 'i', 'f', 's', '.', 'd', 'e', '\0', + /* "coolkidsbouncycastles.co.uk", true */ 'c', 'o', 'o', 'l', 'k', 'i', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "coolviewthermostat.com", true */ 'c', 'o', 'o', 'l', 'v', 'i', 'e', 'w', 't', 'h', 'e', 'r', 'm', 'o', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "coonelnel.net", true */ 'c', 'o', 'o', 'n', 'e', 'l', 'n', 'e', 'l', '.', 'n', 'e', 't', '\0', + /* "coopens.com", true */ 'c', 'o', 'o', 'p', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "coore.jp", true */ 'c', 'o', 'o', 'r', 'e', '.', 'j', 'p', '\0', + /* "coorpacademy.com", true */ 'c', 'o', 'o', 'r', 'p', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0', + /* "copperhead.co", true */ 'c', 'o', 'p', 'p', 'e', 'r', 'h', 'e', 'a', 'd', '.', 'c', 'o', '\0', + /* "copperheados.com", true */ 'c', 'o', 'p', 'p', 'e', 'r', 'h', 'e', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "coptic-treasures.com", true */ 'c', 'o', 'p', 't', 'i', 'c', '-', 't', 'r', 'e', 'a', 's', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "coptkm.cz", true */ 'c', 'o', 'p', 't', 'k', 'm', '.', 'c', 'z', '\0', + /* "copycrafter.net", true */ 'c', 'o', 'p', 'y', 'c', 'r', 'a', 'f', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "copypoison.com", true */ 'c', 'o', 'p', 'y', 'p', 'o', 'i', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "copyright-watch.org", true */ 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '-', 'w', 'a', 't', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "copytrack.com", true */ 'c', 'o', 'p', 'y', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "corbinhesse.com", true */ 'c', 'o', 'r', 'b', 'i', 'n', 'h', 'e', 's', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "cordeydesign.ch", true */ 'c', 'o', 'r', 'd', 'e', 'y', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'h', '\0', + /* "cordis.io", true */ 'c', 'o', 'r', 'd', 'i', 's', '.', 'i', 'o', '\0', + /* "cordlessdog.com", true */ 'c', 'o', 'r', 'd', 'l', 'e', 's', 's', 'd', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "core-concepts.de", true */ 'c', 'o', 'r', 'e', '-', 'c', 'o', 'n', 'c', 'e', 'p', 't', 's', '.', 'd', 'e', '\0', + /* "core-networks.de", true */ 'c', 'o', 'r', 'e', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0', + /* "core.org.pt", false */ 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '.', 'p', 't', '\0', + /* "coreapm.com", true */ 'c', 'o', 'r', 'e', 'a', 'p', 'm', '.', 'c', 'o', 'm', '\0', + /* "coreapm.org", true */ 'c', 'o', 'r', 'e', 'a', 'p', 'm', '.', 'o', 'r', 'g', '\0', + /* "corecodec.com", true */ 'c', 'o', 'r', 'e', 'c', 'o', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "coredump.gr", true */ 'c', 'o', 'r', 'e', 'd', 'u', 'm', 'p', '.', 'g', 'r', '\0', + /* "coreinfrastructure.org", true */ 'c', 'o', 'r', 'e', 'i', 'n', 'f', 'r', 'a', 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "coreless-stretchfilm.com", true */ 'c', 'o', 'r', 'e', 'l', 'e', 's', 's', '-', 's', 't', 'r', 'e', 't', 'c', 'h', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0', + /* "corepartners.com.ua", true */ 'c', 'o', 'r', 'e', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "coresolutions.ca", true */ 'c', 'o', 'r', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'a', '\0', + /* "coresos.com", true */ 'c', 'o', 'r', 'e', 's', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "coreum.ca", true */ 'c', 'o', 'r', 'e', 'u', 'm', '.', 'c', 'a', '\0', + /* "coreyjmahler.com", true */ 'c', 'o', 'r', 'e', 'y', 'j', 'm', 'a', 'h', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "corgi.party", true */ 'c', 'o', 'r', 'g', 'i', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "coribi.com", true */ 'c', 'o', 'r', 'i', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "corisu.co", true */ 'c', 'o', 'r', 'i', 's', 'u', '.', 'c', 'o', '\0', + /* "corksoncolumbus.com", true */ 'c', 'o', 'r', 'k', 's', 'o', 'n', 'c', 'o', 'l', 'u', 'm', 'b', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "corlija.com", true */ 'c', 'o', 'r', 'l', 'i', 'j', 'a', '.', 'c', 'o', 'm', '\0', + /* "corlinde.nl", true */ 'c', 'o', 'r', 'l', 'i', 'n', 'd', 'e', '.', 'n', 'l', '\0', + /* "corlitocaffe.de", true */ 'c', 'o', 'r', 'l', 'i', 't', 'o', 'c', 'a', 'f', 'f', 'e', '.', 'd', 'e', '\0', + /* "cornercircle.co.uk", true */ 'c', 'o', 'r', 'n', 'e', 'r', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "corniche.com", true */ 'c', 'o', 'r', 'n', 'i', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "corningcu.org", true */ 'c', 'o', 'r', 'n', 'i', 'n', 'g', 'c', 'u', '.', 'o', 'r', 'g', '\0', + /* "cornodo.com", true */ 'c', 'o', 'r', 'n', 'o', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "corona-academy.com", true */ 'c', 'o', 'r', 'o', 'n', 'a', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0', + /* "corpfin.net", true */ 'c', 'o', 'r', 'p', 'f', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "corpio.nl", true */ 'c', 'o', 'r', 'p', 'i', 'o', '.', 'n', 'l', '\0', + /* "corpkitnw.com", true */ 'c', 'o', 'r', 'p', 'k', 'i', 't', 'n', 'w', '.', 'c', 'o', 'm', '\0', + /* "corporatecomputingsolutions.com", true */ 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "corporateinfluencers.com", true */ 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'i', 'n', 'f', 'l', 'u', 'e', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "corpulant.coffee", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'a', 'n', 't', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "corpulantcoffee.com", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'a', 'n', 't', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "corpulent.coffee", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'e', 'n', 't', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "corpulentcoffee.com", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'e', 'n', 't', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "correiodovale.com.br", true */ 'c', 'o', 'r', 'r', 'e', 'i', 'o', 'd', 'o', 'v', 'a', 'l', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "corrupted.io", true */ 'c', 'o', 'r', 'r', 'u', 'p', 't', 'e', 'd', '.', 'i', 'o', '\0', + /* "corsa-b.uk", true */ 'c', 'o', 'r', 's', 'a', '-', 'b', '.', 'u', 'k', '\0', + /* "cortexitrecruitment.com", true */ 'c', 'o', 'r', 't', 'e', 'x', 'i', 't', 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "cortis-consulting.ch", true */ 'c', 'o', 'r', 't', 'i', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "cortisolsupplement.com", true */ 'c', 'o', 'r', 't', 'i', 's', 'o', 'l', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "corvus.eu.org", true */ 'c', 'o', 'r', 'v', 'u', 's', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "coryadum.com", true */ 'c', 'o', 'r', 'y', 'a', 'd', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "corytyburski.com", true */ 'c', 'o', 'r', 'y', 't', 'y', 'b', 'u', 'r', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "corzntin.fr", true */ 'c', 'o', 'r', 'z', 'n', 't', 'i', 'n', '.', 'f', 'r', '\0', + /* "cosirex.com", true */ 'c', 'o', 's', 'i', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "coslinker.com", true */ 'c', 'o', 's', 'l', 'i', 'n', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "cosmeticappraisal.com", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'a', 'p', 'p', 'r', 'a', 'i', 's', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "cosmeticasimple.com", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'a', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "cosmeticos-naturales.com", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '-', 'n', 'a', 't', 'u', 'r', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "cosmeticosnet.com.br", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cosmiatria.pe", true */ 'c', 'o', 's', 'm', 'i', 'a', 't', 'r', 'i', 'a', '.', 'p', 'e', '\0', + /* "cosmodacollection.com", true */ 'c', 'o', 's', 'm', 'o', 'd', 'a', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "cosmofunnel.com", true */ 'c', 'o', 's', 'm', 'o', 'f', 'u', 'n', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "cosmoluziluminacion.com", true */ 'c', 'o', 's', 'm', 'o', 'l', 'u', 'z', 'i', 'l', 'u', 'm', 'i', 'n', 'a', 'c', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "cosmundi.de", true */ 'c', 'o', 's', 'm', 'u', 'n', 'd', 'i', '.', 'd', 'e', '\0', + /* "cosni.co", true */ 'c', 'o', 's', 'n', 'i', '.', 'c', 'o', '\0', + /* "cospol.ch", true */ 'c', 'o', 's', 'p', 'o', 'l', '.', 'c', 'h', '\0', + /* "costa-rica-reisen.ch", true */ 'c', 'o', 's', 't', 'a', '-', 'r', 'i', 'c', 'a', '-', 'r', 'e', 'i', 's', 'e', 'n', '.', 'c', 'h', '\0', + /* "costa-rica-reisen.de", true */ 'c', 'o', 's', 't', 'a', '-', 'r', 'i', 'c', 'a', '-', 'r', 'e', 'i', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "costablancavoorjou.com", true */ 'c', 'o', 's', 't', 'a', 'b', 'l', 'a', 'n', 'c', 'a', 'v', 'o', 'o', 'r', 'j', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "costinstefan.eu", true */ 'c', 'o', 's', 't', 'i', 'n', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0', + /* "costreportdata.com", false */ 'c', 'o', 's', 't', 'r', 'e', 'p', 'o', 'r', 't', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "costulessdirect.com", true */ 'c', 'o', 's', 't', 'u', 'l', 'e', 's', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "coteries.com", true */ 'c', 'o', 't', 'e', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "cotonea.de", true */ 'c', 'o', 't', 'o', 'n', 'e', 'a', '.', 'd', 'e', '\0', + /* "cotonmusic.ch", true */ 'c', 'o', 't', 'o', 'n', 'm', 'u', 's', 'i', 'c', '.', 'c', 'h', '\0', + /* "cotta.dk", true */ 'c', 'o', 't', 't', 'a', '.', 'd', 'k', '\0', + /* "cotwe-ge.ch", true */ 'c', 'o', 't', 'w', 'e', '-', 'g', 'e', '.', 'c', 'h', '\0', + /* "cougar.dating", true */ 'c', 'o', 'u', 'g', 'a', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "counselling.network", true */ 'c', 'o', 'u', 'n', 's', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "counstellor.com", true */ 'c', 'o', 'u', 'n', 's', 't', 'e', 'l', 'l', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "counter-team.ch", true */ 'c', 'o', 'u', 'n', 't', 'e', 'r', '-', 't', 'e', 'a', 'm', '.', 'c', 'h', '\0', + /* "counterglobal.com", true */ 'c', 'o', 'u', 'n', 't', 'e', 'r', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "countermail.com", true */ 'c', 'o', 'u', 'n', 't', 'e', 'r', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "countingto.one", true */ 'c', 'o', 'u', 'n', 't', 'i', 'n', 'g', 't', 'o', '.', 'o', 'n', 'e', '\0', + /* "countryattire.com", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'a', 't', 't', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "countrybrewer.com.au", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'b', 'r', 'e', 'w', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "countryhouseresort.com", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'h', 'o', 'u', 's', 'e', 'r', 'e', 's', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "countryoutlaws.ca", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'o', 'u', 't', 'l', 'a', 'w', 's', '.', 'c', 'a', '\0', + /* "countybankdel.com", true */ 'c', 'o', 'u', 'n', 't', 'y', 'b', 'a', 'n', 'k', 'd', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "countyjailinmatesearch.com", true */ 'c', 'o', 'u', 'n', 't', 'y', 'j', 'a', 'i', 'l', 'i', 'n', 'm', 'a', 't', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "coup-dun-soir.ch", true */ 'c', 'o', 'u', 'p', '-', 'd', 'u', 'n', '-', 's', 'o', 'i', 'r', '.', 'c', 'h', '\0', + /* "coupe-bordure.com", true */ 'c', 'o', 'u', 'p', 'e', '-', 'b', 'o', 'r', 'd', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "couponcodesme.com", true */ 'c', 'o', 'u', 'p', 'o', 'n', 'c', 'o', 'd', 'e', 's', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "cour4g3.me", true */ 'c', 'o', 'u', 'r', '4', 'g', '3', '.', 'm', 'e', '\0', + /* "couragefound.org", true */ 'c', 'o', 'u', 'r', 'a', 'g', 'e', 'f', 'o', 'u', 'n', 'd', '.', 'o', 'r', 'g', '\0', + /* "courageousparentsnetwork.org", true */ 'c', 'o', 'u', 'r', 'a', 'g', 'e', 'o', 'u', 's', 'p', 'a', 'r', 'e', 'n', 't', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0', + /* "course.pp.ua", true */ 'c', 'o', 'u', 'r', 's', 'e', '.', 'p', 'p', '.', 'u', 'a', '\0', + /* "coursera.org", true */ 'c', 'o', 'u', 'r', 's', 'e', 'r', 'a', '.', 'o', 'r', 'g', '\0', + /* "courses.nl", true */ 'c', 'o', 'u', 'r', 's', 'e', 's', '.', 'n', 'l', '\0', + /* "courseworkbank.info", true */ 'c', 'o', 'u', 'r', 's', 'e', 'w', 'o', 'r', 'k', 'b', 'a', 'n', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "courtlistener.com", true */ 'c', 'o', 'u', 'r', 't', 'l', 'i', 's', 't', 'e', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "cousincouples.com", true */ 'c', 'o', 'u', 's', 'i', 'n', 'c', 'o', 'u', 'p', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "covbounce.co.uk", true */ 'c', 'o', 'v', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cove.sh", true */ 'c', 'o', 'v', 'e', '.', 's', 'h', '\0', + /* "covenantoftheriver.org", true */ 'c', 'o', 'v', 'e', 'n', 'a', 'n', 't', 'o', 'f', 't', 'h', 'e', 'r', 'i', 'v', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "covermytrip.com.au", true */ 'c', 'o', 'v', 'e', 'r', 'm', 'y', 't', 'r', 'i', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "covershousing.nl", true */ 'c', 'o', 'v', 'e', 'r', 's', 'h', 'o', 'u', 's', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "covery.ai", true */ 'c', 'o', 'v', 'e', 'r', 'y', '.', 'a', 'i', '\0', + /* "covoiturage.fr", false */ 'c', 'o', 'v', 'o', 'i', 't', 'u', 'r', 'a', 'g', 'e', '.', 'f', 'r', '\0', + /* "covve.com", true */ 'c', 'o', 'v', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "covybrat.cz", true */ 'c', 'o', 'v', 'y', 'b', 'r', 'a', 't', '.', 'c', 'z', '\0', + /* "cowbird.org", true */ 'c', 'o', 'w', 'b', 'i', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "cowboyim.com", true */ 'c', 'o', 'w', 'b', 'o', 'y', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "coweo.cz", true */ 'c', 'o', 'w', 'e', 'o', '.', 'c', 'z', '\0', + /* "coworkingmanifesto.com", true */ 'c', 'o', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'm', 'a', 'n', 'i', 'f', 'e', 's', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "cozmaadrian.ro", true */ 'c', 'o', 'z', 'm', 'a', 'a', 'd', 'r', 'i', 'a', 'n', '.', 'r', 'o', '\0', + /* "cozy.io", true */ 'c', 'o', 'z', 'y', '.', 'i', 'o', '\0', + /* "cozycloud.cc", true */ 'c', 'o', 'z', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'c', '\0', + /* "cozyeggdesigns.com", true */ 'c', 'o', 'z', 'y', 'e', 'g', 'g', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "cpbanq.com", true */ 'c', 'p', 'b', 'a', 'n', 'q', '.', 'c', 'o', 'm', '\0', + /* "cpbapremiocaduceo.com.ar", true */ 'c', 'p', 'b', 'a', 'p', 'r', 'e', 'm', 'i', 'o', 'c', 'a', 'd', 'u', 'c', 'e', 'o', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "cpcheats.co", true */ 'c', 'p', 'c', 'h', 'e', 'a', 't', 's', '.', 'c', 'o', '\0', + /* "cphpvb.net", true */ 'c', 'p', 'h', 'p', 'v', 'b', '.', 'n', 'e', 't', '\0', + /* "cplusplus.se", true */ 'c', 'p', 'l', 'u', 's', 'p', 'l', 'u', 's', '.', 's', 'e', '\0', + /* "cppan.org", true */ 'c', 'p', 'p', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "cppressinc.com", true */ 'c', 'p', 'p', 'r', 'e', 's', 's', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "cpqcol.gov.co", true */ 'c', 'p', 'q', 'c', 'o', 'l', '.', 'g', 'o', 'v', '.', 'c', 'o', '\0', + /* "cprnearme.com", true */ 'c', 'p', 'r', 'n', 'e', 'a', 'r', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "cptoon.com", true */ 'c', 'p', 't', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "cpvmatch.eu", true */ 'c', 'p', 'v', 'm', 'a', 't', 'c', 'h', '.', 'e', 'u', '\0', + /* "cpy.pt", true */ 'c', 'p', 'y', '.', 'p', 't', '\0', + /* "cqchome.com", true */ 'c', 'q', 'c', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "cqn.ch", true */ 'c', 'q', 'n', '.', 'c', 'h', '\0', + /* "cr.search.yahoo.com", false */ 'c', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "crackcat.de", true */ 'c', 'r', 'a', 'c', 'k', 'c', 'a', 't', '.', 'd', 'e', '\0', + /* "cracker.in.th", true */ 'c', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'n', '.', 't', 'h', '\0', + /* "crackle.io", true */ 'c', 'r', 'a', 'c', 'k', 'l', 'e', '.', 'i', 'o', '\0', + /* "crackorsquad.in", true */ 'c', 'r', 'a', 'c', 'k', 'o', 'r', 's', 'q', 'u', 'a', 'd', '.', 'i', 'n', '\0', + /* "crackstation.net", true */ 'c', 'r', 'a', 'c', 'k', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "cradlepointecm.com", true */ 'c', 'r', 'a', 'd', 'l', 'e', 'p', 'o', 'i', 'n', 't', 'e', 'c', 'm', '.', 'c', 'o', 'm', '\0', + /* "craftandbuild.de", true */ 'c', 'r', 'a', 'f', 't', 'a', 'n', 'd', 'b', 'u', 'i', 'l', 'd', '.', 'd', 'e', '\0', + /* "craftcms.com", false */ 'c', 'r', 'a', 'f', 't', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "craftcommerce.com", true */ 'c', 'r', 'a', 'f', 't', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "craftination.net", true */ 'c', 'r', 'a', 'f', 't', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "craftinginredlipstick.com", true */ 'c', 'r', 'a', 'f', 't', 'i', 'n', 'g', 'i', 'n', 'r', 'e', 'd', 'l', 'i', 'p', 's', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "craftmine.cz", true */ 'c', 'r', 'a', 'f', 't', 'm', 'i', 'n', 'e', '.', 'c', 'z', '\0', + /* "craftwmcp.xyz", true */ 'c', 'r', 'a', 'f', 't', 'w', 'm', 'c', 'p', '.', 'x', 'y', 'z', '\0', + /* "craftyguy.net", true */ 'c', 'r', 'a', 'f', 't', 'y', 'g', 'u', 'y', '.', 'n', 'e', 't', '\0', + /* "craftyphotons.net", true */ 'c', 'r', 'a', 'f', 't', 'y', 'p', 'h', 'o', 't', 'o', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "crag.com.tw", true */ 'c', 'r', 'a', 'g', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "craigbates.co.uk", true */ 'c', 'r', 'a', 'i', 'g', 'b', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "craigfrancis.co.uk", true */ 'c', 'r', 'a', 'i', 'g', 'f', 'r', 'a', 'n', 'c', 'i', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "craigrouse.com", true */ 'c', 'r', 'a', 'i', 'g', 'r', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "craigwfox.com", true */ 'c', 'r', 'a', 'i', 'g', 'w', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "cralarm.de", true */ 'c', 'r', 'a', 'l', 'a', 'r', 'm', '.', 'd', 'e', '\0', + /* "crandall.io", true */ 'c', 'r', 'a', 'n', 'd', 'a', 'l', 'l', '.', 'i', 'o', '\0', + /* "cranesafe.com", true */ 'c', 'r', 'a', 'n', 'e', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "cranforddental.com", true */ 'c', 'r', 'a', 'n', 'f', 'o', 'r', 'd', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "crapouill.es", true */ 'c', 'r', 'a', 'p', 'o', 'u', 'i', 'l', 'l', '.', 'e', 's', '\0', + /* "crashsec.com", true */ 'c', 'r', 'a', 's', 'h', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "crawcial.de", true */ 'c', 'r', 'a', 'w', 'c', 'i', 'a', 'l', '.', 'd', 'e', '\0', + /* "crawfordcountytcc.org", true */ 'c', 'r', 'a', 'w', 'f', 'o', 'r', 'd', 'c', 'o', 'u', 'n', 't', 'y', 't', 'c', 'c', '.', 'o', 'r', 'g', '\0', + /* "crawl.report", true */ 'c', 'r', 'a', 'w', 'l', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0', + /* "crawleybouncycastles.co.uk", true */ 'c', 'r', 'a', 'w', 'l', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "crazycastles.ie", true */ 'c', 'r', 'a', 'z', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0', + /* "crazydomains.ae", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'a', 'e', '\0', + /* "crazydomains.co.nz", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "crazydomains.co.uk", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "crazydomains.com.au", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "crazydomains.in", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'i', 'n', '\0', + /* "crazymeeshu.com", true */ 'c', 'r', 'a', 'z', 'y', 'm', 'e', 'e', 's', 'h', 'u', '.', 'c', 'o', 'm', '\0', + /* "crazypaul.com", true */ 'c', 'r', 'a', 'z', 'y', 'p', 'a', 'u', 'l', '.', 'c', 'o', 'm', '\0', + /* "crbug.com", true */ 'c', 'r', 'b', 'u', 'g', '.', 'c', 'o', 'm', '\0', + /* "crdmendoza.net", true */ 'c', 'r', 'd', 'm', 'e', 'n', 'd', 'o', 'z', 'a', '.', 'n', 'e', 't', '\0', + /* "crea-etc.net", true */ 'c', 'r', 'e', 'a', '-', 'e', 't', 'c', '.', 'n', 'e', 't', '\0', + /* "crea-shops.ch", true */ 'c', 'r', 'e', 'a', '-', 's', 'h', 'o', 'p', 's', '.', 'c', 'h', '\0', + /* "crea.bg", true */ 'c', 'r', 'e', 'a', '.', 'b', 'g', '\0', + /* "crea.me", true */ 'c', 'r', 'e', 'a', '.', 'm', 'e', '\0', + /* "creadstudy.com", true */ 'c', 'r', 'e', 'a', 'd', 's', 't', 'u', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "creamcastles.co.uk", true */ 'c', 'r', 'e', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "create-ls.jp", true */ 'c', 'r', 'e', 'a', 't', 'e', '-', 'l', 's', '.', 'j', 'p', '\0', + /* "create-together.nl", true */ 'c', 'r', 'e', 'a', 't', 'e', '-', 't', 'o', 'g', 'e', 't', 'h', 'e', 'r', '.', 'n', 'l', '\0', + /* "createursdefilms.com", true */ 'c', 'r', 'e', 'a', 't', 'e', 'u', 'r', 's', 'd', 'e', 'f', 'i', 'l', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "creation-contemporaine.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '-', 'c', 'o', 'n', 't', 'e', 'm', 'p', 'o', 'r', 'a', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "creations-edita.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 's', '-', 'e', 'd', 'i', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "creative-coder.de", false */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '-', 'c', 'o', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "creativebites.de", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'b', 'i', 't', 'e', 's', '.', 'd', 'e', '\0', + /* "creativecaptiv.es", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'a', 'p', 't', 'i', 'v', '.', 'e', 's', '\0', + /* "creativecommons.cl", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'c', 'l', '\0', + /* "creativecommons.gr", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'g', 'r', '\0', + /* "creativecommons.org", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "creativedigital.co.nz", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "creativefreedom.ca", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'f', 'r', 'e', 'e', 'd', 'o', 'm', '.', 'c', 'a', '\0', + /* "creativeink.de", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'i', 'n', 'k', '.', 'd', 'e', '\0', + /* "creativekkids.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'k', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "creativelaw.eu", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'l', 'a', 'w', '.', 'e', 'u', '\0', + /* "creativeliquid.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'l', 'i', 'q', 'u', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "creativesprite.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 's', 'p', 'r', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "creativesurvey.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 's', 'u', 'r', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "creativeweb.biz", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'w', 'e', 'b', '.', 'b', 'i', 'z', '\0', + /* "creativewolf.net", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'w', 'o', 'l', 'f', '.', 'n', 'e', 't', '\0', + /* "creativlabor.ch", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'l', 'a', 'b', 'o', 'r', '.', 'c', 'h', '\0', + /* "creators-design.com", true */ 'c', 'r', 'e', 'a', 't', 'o', 'r', 's', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "creators.co", true */ 'c', 'r', 'e', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', '\0', + /* "creators.direct", true */ 'c', 'r', 'e', 'a', 't', 'o', 'r', 's', '.', 'd', 'i', 'r', 'e', 'c', 't', '\0', + /* "credential.eu", true */ 'c', 'r', 'e', 'd', 'e', 'n', 't', 'i', 'a', 'l', '.', 'e', 'u', '\0', + /* "credex.bg", true */ 'c', 'r', 'e', 'd', 'e', 'x', '.', 'b', 'g', '\0', + /* "crediteo.pl", true */ 'c', 'r', 'e', 'd', 'i', 't', 'e', 'o', '.', 'p', 'l', '\0', + /* "creditkarma.com", true */ 'c', 'r', 'e', 'd', 'i', 't', 'k', 'a', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "creditos-rapidos.com", true */ 'c', 'r', 'e', 'd', 'i', 't', 'o', 's', '-', 'r', 'a', 'p', 'i', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "creditproautos.com", false */ 'c', 'r', 'e', 'd', 'i', 't', 'p', 'r', 'o', 'a', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "creeks-coworking.com", true */ 'c', 'r', 'e', 'e', 'k', 's', '-', 'c', 'o', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "creep.im", true */ 'c', 'r', 'e', 'e', 'p', '.', 'i', 'm', '\0', + /* "creepycraft.nl", true */ 'c', 'r', 'e', 'e', 'p', 'y', 'c', 'r', 'a', 'f', 't', '.', 'n', 'l', '\0', + /* "creepypastas.com", true */ 'c', 'r', 'e', 'e', 'p', 'y', 'p', 'a', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "creepypastas.net", true */ 'c', 'r', 'e', 'e', 'p', 'y', 'p', 'a', 's', 't', 'a', 's', '.', 'n', 'e', 't', '\0', + /* "creerunsitepro.com", true */ 'c', 'r', 'e', 'e', 'r', 'u', 'n', 's', 'i', 't', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "crefelder.com", true */ 'c', 'r', 'e', 'f', 'e', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "crem.in", true */ 'c', 'r', 'e', 'm', '.', 'i', 'n', '\0', + /* "crena.ch", true */ 'c', 'r', 'e', 'n', 'a', '.', 'c', 'h', '\0', + /* "crepa.ch", true */ 'c', 'r', 'e', 'p', 'a', '.', 'c', 'h', '\0', + /* "crepererum.net", true */ 'c', 'r', 'e', 'p', 'e', 'r', 'e', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "crescent.gr.jp", true */ 'c', 'r', 'e', 's', 'c', 'e', 'n', 't', '.', 'g', 'r', '.', 'j', 'p', '\0', + /* "crestasantos.com", true */ 'c', 'r', 'e', 's', 't', 'a', 's', 'a', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "cretdupuy.com", true */ 'c', 'r', 'e', 't', 'd', 'u', 'p', 'u', 'y', '.', 'c', 'o', 'm', '\0', + /* "creusalp.ch", true */ 'c', 'r', 'e', 'u', 's', 'a', 'l', 'p', '.', 'c', 'h', '\0', + /* "crewplanner.eu", true */ 'c', 'r', 'e', 'w', 'p', 'l', 'a', 'n', 'n', 'e', 'r', '.', 'e', 'u', '\0', + /* "crge.eu", true */ 'c', 'r', 'g', 'e', '.', 'e', 'u', '\0', + /* "crgm.net", true */ 'c', 'r', 'g', 'm', '.', 'n', 'e', 't', '\0', + /* "criadorespet.com.br", true */ 'c', 'r', 'i', 'a', 'd', 'o', 'r', 'e', 's', 'p', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "criena.com", true */ 'c', 'r', 'i', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "criena.net", true */ 'c', 'r', 'i', 'e', 'n', 'a', '.', 'n', 'e', 't', '\0', + /* "criminal-attorney.ru", true */ 'c', 'r', 'i', 'm', 'i', 'n', 'a', 'l', '-', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', '.', 'r', 'u', '\0', + /* "criminal.enterprises", true */ 'c', 'r', 'i', 'm', 'i', 'n', 'a', 'l', '.', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '\0', + /* "crimson.no", true */ 'c', 'r', 'i', 'm', 's', 'o', 'n', '.', 'n', 'o', '\0', + /* "crip-usk.ba", true */ 'c', 'r', 'i', 'p', '-', 'u', 's', 'k', '.', 'b', 'a', '\0', + /* "crisisactual.com", true */ 'c', 'r', 'i', 's', 'i', 's', 'a', 'c', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "crisp.chat", true */ 'c', 'r', 'i', 's', 'p', '.', 'c', 'h', 'a', 't', '\0', + /* "crisp.im", true */ 'c', 'r', 'i', 's', 'p', '.', 'i', 'm', '\0', + /* "cristarta.com", true */ 'c', 'r', 'i', 's', 't', 'a', 'r', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "cristau.org", true */ 'c', 'r', 'i', 's', 't', 'a', 'u', '.', 'o', 'r', 'g', '\0', + /* "critcola.com", true */ 'c', 'r', 'i', 't', 'c', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "critical.today", false */ 'c', 'r', 'i', 't', 'i', 'c', 'a', 'l', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "criticalsurveys.co.uk", true */ 'c', 'r', 'i', 't', 'i', 'c', 'a', 'l', 's', 'u', 'r', 'v', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "crizin.io", true */ 'c', 'r', 'i', 'z', 'i', 'n', '.', 'i', 'o', '\0', + /* "crl-autos.com", true */ 'c', 'r', 'l', '-', 'a', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "crm.onlime.ch", false */ 'c', 'r', 'm', '.', 'o', 'n', 'l', 'i', 'm', 'e', '.', 'c', 'h', '\0', + /* "croixblanche-haguenau.fr", true */ 'c', 'r', 'o', 'i', 'x', 'b', 'l', 'a', 'n', 'c', 'h', 'e', '-', 'h', 'a', 'g', 'u', 'e', 'n', 'a', 'u', '.', 'f', 'r', '\0', + /* "cronix.cc", true */ 'c', 'r', 'o', 'n', 'i', 'x', '.', 'c', 'c', '\0', + /* "cronometer.com", true */ 'c', 'r', 'o', 'n', 'o', 'm', 'e', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "crop-alert.com", true */ 'c', 'r', 'o', 'p', '-', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "croquette.net", true */ 'c', 'r', 'o', 'q', 'u', 'e', 't', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "crosbug.com", true */ 'c', 'r', 'o', 's', 'b', 'u', 'g', '.', 'c', 'o', 'm', '\0', + /* "cross-led-sign.com", true */ 'c', 'r', 'o', 's', 's', '-', 'l', 'e', 'd', '-', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "cross-link.ch", true */ 'c', 'r', 'o', 's', 's', '-', 'l', 'i', 'n', 'k', '.', 'c', 'h', '\0', + /* "cross-view.com", true */ 'c', 'r', 'o', 's', 's', '-', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "cross-x.com", true */ 'c', 'r', 'o', 's', 's', '-', 'x', '.', 'c', 'o', 'm', '\0', + /* "crossborderreturns.com", true */ 'c', 'r', 'o', 's', 's', 'b', 'o', 'r', 'd', 'e', 'r', 'r', 'e', 't', 'u', 'r', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "crosscom.ch", true */ 'c', 'r', 'o', 's', 's', 'c', 'o', 'm', '.', 'c', 'h', '\0', + /* "crossfitblackwater.com", true */ 'c', 'r', 'o', 's', 's', 'f', 'i', 't', 'b', 'l', 'a', 'c', 'k', 'w', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "crossfunctional.com", true */ 'c', 'r', 'o', 's', 's', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "crossorig.in", true */ 'c', 'r', 'o', 's', 's', 'o', 'r', 'i', 'g', '.', 'i', 'n', '\0', + /* "crosspeakoms.com", true */ 'c', 'r', 'o', 's', 's', 'p', 'e', 'a', 'k', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "crosssellguide.com", true */ 'c', 'r', 'o', 's', 's', 's', 'e', 'l', 'l', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "crow.tw", true */ 'c', 'r', 'o', 'w', '.', 't', 'w', '\0', + /* "crowdbox.net", true */ 'c', 'r', 'o', 'w', 'd', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "crowdliminal.com", true */ 'c', 'r', 'o', 'w', 'd', 'l', 'i', 'm', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "crowdsupply.com", true */ 'c', 'r', 'o', 'w', 'd', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "crownbouncycastlehire.co.uk", true */ 'c', 'r', 'o', 'w', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "crowncastles.co.uk", true */ 'c', 'r', 'o', 'w', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "crownmarqueehire.co.uk", true */ 'c', 'r', 'o', 'w', 'n', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "croydonapartments.com.au", true */ 'c', 'r', 'o', 'y', 'd', 'o', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "croydonbouncycastles.co.uk", true */ 'c', 'r', 'o', 'y', 'd', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "crrev.com", true */ 'c', 'r', 'r', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "crstat.ru", true */ 'c', 'r', 's', 't', 'a', 't', '.', 'r', 'u', '\0', + /* "crt.sh", true */ 'c', 'r', 't', '.', 's', 'h', '\0', + /* "crt2014-2024review.gov", true */ 'c', 'r', 't', '2', '0', '1', '4', '-', '2', '0', '2', '4', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'g', 'o', 'v', '\0', + /* "crumbcontrol.com", true */ 'c', 'r', 'u', 'm', 'b', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "crunchy.rocks", true */ 'c', 'r', 'u', 'n', 'c', 'h', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "crushroom.com", true */ 'c', 'r', 'u', 's', 'h', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "crustytoothpaste.net", true */ 'c', 'r', 'u', 's', 't', 'y', 't', 'o', 'o', 't', 'h', 'p', 'a', 's', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "crute.me", true */ 'c', 'r', 'u', 't', 'e', '.', 'm', 'e', '\0', + /* "cruzeiropedia.org", true */ 'c', 'r', 'u', 'z', 'e', 'i', 'r', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "crvv.me", true */ 'c', 'r', 'v', 'v', '.', 'm', 'e', '\0', + /* "cry.nu", false */ 'c', 'r', 'y', '.', 'n', 'u', '\0', + /* "cryoit.com", true */ 'c', 'r', 'y', 'o', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "cryothanasia.com", true */ 'c', 'r', 'y', 'o', 't', 'h', 'a', 'n', 'a', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "cryp.no", true */ 'c', 'r', 'y', 'p', '.', 'n', 'o', '\0', + /* "crypalert.com", true */ 'c', 'r', 'y', 'p', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "crypt.is-by.us", true */ 'c', 'r', 'y', 'p', 't', '.', 'i', 's', '-', 'b', 'y', '.', 'u', 's', '\0', + /* "cryptearth.de", true */ 'c', 'r', 'y', 'p', 't', 'e', 'a', 'r', 't', 'h', '.', 'd', 'e', '\0', + /* "crypted.chat", true */ 'c', 'r', 'y', 'p', 't', 'e', 'd', '.', 'c', 'h', 'a', 't', '\0', + /* "crypto-armory.com", true */ 'c', 'r', 'y', 'p', 't', 'o', '-', 'a', 'r', 'm', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "crypto.cat", false */ 'c', 'r', 'y', 'p', 't', 'o', '.', 'c', 'a', 't', '\0', + /* "crypto.graphics", true */ 'c', 'r', 'y', 'p', 't', 'o', '.', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '\0', + /* "crypto.is", false */ 'c', 'r', 'y', 'p', 't', 'o', '.', 'i', 's', '\0', + /* "cryptobells.com", false */ 'c', 'r', 'y', 'p', 't', 'o', 'b', 'e', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "cryptobin.co", true */ 'c', 'r', 'y', 'p', 't', 'o', 'b', 'i', 'n', '.', 'c', 'o', '\0', + /* "cryptocon.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "cryptofan.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'f', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "cryptography.ch", true */ 'c', 'r', 'y', 'p', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'h', '\0', + /* "cryptography.io", true */ 'c', 'r', 'y', 'p', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'i', 'o', '\0', + /* "cryptoisnotacrime.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'i', 's', 'n', 'o', 't', 'a', 'c', 'r', 'i', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "cryptojourney.com", true */ 'c', 'r', 'y', 'p', 't', 'o', 'j', 'o', 'u', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "cryptology.ch", true */ 'c', 'r', 'y', 'p', 't', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'h', '\0', + /* "cryptolosophy.io", true */ 'c', 'r', 'y', 'p', 't', 'o', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'i', 'o', '\0', + /* "cryptolosophy.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'o', 'r', 'g', '\0', + /* "cryptonom.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'n', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "cryptonym.com", true */ 'c', 'r', 'y', 'p', 't', 'o', 'n', 'y', 'm', '.', 'c', 'o', 'm', '\0', + /* "cryptoparty.at", true */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'a', 'r', 't', 'y', '.', 'a', 't', '\0', + /* "cryptoparty.dk", true */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'a', 'r', 't', 'y', '.', 'd', 'k', '\0', + /* "cryptopartyutah.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'a', 'r', 't', 'y', 'u', 't', 'a', 'h', '.', 'o', 'r', 'g', '\0', + /* "cryptophobia.nl", false */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'h', 'o', 'b', 'i', 'a', '.', 'n', 'l', '\0', + /* "cryptorival.com", true */ 'c', 'r', 'y', 'p', 't', 'o', 'r', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "cryptoseb.pw", true */ 'c', 'r', 'y', 'p', 't', 'o', 's', 'e', 'b', '.', 'p', 'w', '\0', + /* "cryptoshot.pw", true */ 'c', 'r', 'y', 'p', 't', 'o', 's', 'h', 'o', 't', '.', 'p', 'w', '\0', + /* "cryptract.co", true */ 'c', 'r', 'y', 'p', 't', 'r', 'a', 'c', 't', '.', 'c', 'o', '\0', + /* "crystalchandelierservices.com", true */ 'c', 'r', 'y', 's', 't', 'a', 'l', 'c', 'h', 'a', 'n', 'd', 'e', 'l', 'i', 'e', 'r', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "crystone.me", true */ 'c', 'r', 'y', 's', 't', 'o', 'n', 'e', '.', 'm', 'e', '\0', + /* "cs-colorscreed-betongulve.dk", true */ 'c', 's', '-', 'c', 'o', 'l', 'o', 'r', 's', 'c', 'r', 'e', 'e', 'd', '-', 'b', 'e', 't', 'o', 'n', 'g', 'u', 'l', 'v', 'e', '.', 'd', 'k', '\0', + /* "cs2016.ch", true */ 'c', 's', '2', '0', '1', '6', '.', 'c', 'h', '\0', + /* "csabg.org", true */ 'c', 's', 'a', 'b', 'g', '.', 'o', 'r', 'g', '\0', + /* "csacongress.org", true */ 'c', 's', 'a', 'c', 'o', 'n', 'g', 'r', 'e', 's', 's', '.', 'o', 'r', 'g', '\0', + /* "csbs.fr", true */ 'c', 's', 'b', 's', '.', 'f', 'r', '\0', + /* "cscau.com", true */ 'c', 's', 'c', 'a', 'u', '.', 'c', 'o', 'm', '\0', + /* "csengle.de", true */ 'c', 's', 'e', 'n', 'g', 'l', 'e', '.', 'd', 'e', '\0', + /* "csfd.cz", true */ 'c', 's', 'f', 'd', '.', 'c', 'z', '\0', + /* "csfloors.co.uk", true */ 'c', 's', 'f', 'l', 'o', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "csfm.com", true */ 'c', 's', 'f', 'm', '.', 'c', 'o', 'm', '\0', + /* "csgo.help", true */ 'c', 's', 'g', 'o', '.', 'h', 'e', 'l', 'p', '\0', + /* "csgo.su", true */ 'c', 's', 'g', 'o', '.', 's', 'u', '\0', + /* "csgogamers.com", false */ 'c', 's', 'g', 'o', 'g', 'a', 'm', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "csgohandouts.com", true */ 'c', 's', 'g', 'o', 'h', 'a', 'n', 'd', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "csgotwister.com", true */ 'c', 's', 'g', 'o', 't', 'w', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "csharpmarc.net", true */ 'c', 's', 'h', 'a', 'r', 'p', 'm', 'a', 'r', 'c', '.', 'n', 'e', 't', '\0', + /* "cshopify.com", true */ 'c', 's', 'h', 'o', 'p', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "csilies.de", true */ 'c', 's', 'i', 'l', 'i', 'e', 's', '.', 'd', 'e', '\0', + /* "csinterstargeneve.ch", true */ 'c', 's', 'i', 'n', 't', 'e', 'r', 's', 't', 'a', 'r', 'g', 'e', 'n', 'e', 'v', 'e', '.', 'c', 'h', '\0', + /* "cskentertainment.co.uk", true */ 'c', 's', 'k', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "csmainframe.com", true */ 'c', 's', 'm', 'a', 'i', 'n', 'f', 'r', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "csokolade.hu", true */ 'c', 's', 'o', 'k', 'o', 'l', 'a', 'd', 'e', '.', 'h', 'u', '\0', + /* "csp.ch", true */ 'c', 's', 'p', '.', 'c', 'h', '\0', + /* "cspvalidator.org", true */ 'c', 's', 'p', 'v', 'a', 'l', 'i', 'd', 'a', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0', + /* "csru.net", true */ 'c', 's', 'r', 'u', '.', 'n', 'e', 't', '\0', + /* "css.net", true */ 'c', 's', 's', '.', 'n', 'e', 't', '\0', + /* "cssai.eu", true */ 'c', 's', 's', 'a', 'i', '.', 'e', 'u', '\0', + /* "cssaunion.com", true */ 'c', 's', 's', 'a', 'u', 'n', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "cstb.ch", true */ 'c', 's', 't', 'b', '.', 'c', 'h', '\0', + /* "cstp-marketing.com", true */ 'c', 's', 't', 'p', '-', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "ct.search.yahoo.com", false */ 'c', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "cthomas.work", true */ 'c', 't', 'h', 'o', 'm', 'a', 's', '.', 'w', 'o', 'r', 'k', '\0', + /* "ctliu.com", true */ 'c', 't', 'l', 'i', 'u', '.', 'c', 'o', 'm', '\0', + /* "ctnguyen.de", true */ 'c', 't', 'n', 'g', 'u', 'y', 'e', 'n', '.', 'd', 'e', '\0', + /* "ctnguyen.net", true */ 'c', 't', 'n', 'g', 'u', 'y', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "ctns.de", true */ 'c', 't', 'n', 's', '.', 'd', 'e', '\0', + /* "ctoforhire.com.au", true */ 'c', 't', 'o', 'f', 'o', 'r', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "ctomp.io", true */ 'c', 't', 'o', 'm', 'p', '.', 'i', 'o', '\0', + /* "ctpe.net", true */ 'c', 't', 'p', 'e', '.', 'n', 'e', 't', '\0', + /* "ctrld.me", true */ 'c', 't', 'r', 'l', 'd', '.', 'm', 'e', '\0', + /* "ctyi.me", true */ 'c', 't', 'y', 'i', '.', 'm', 'e', '\0', + /* "cub-bouncingcastles.co.uk", true */ 'c', 'u', 'b', '-', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cube-cloud.com", true */ 'c', 'u', 'b', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "cube.de", true */ 'c', 'u', 'b', 'e', '.', 'd', 'e', '\0', + /* "cubecraft.net", true */ 'c', 'u', 'b', 'e', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "cubecraftstore.com", true */ 'c', 'u', 'b', 'e', 'c', 'r', 'a', 'f', 't', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "cubecraftstore.net", true */ 'c', 'u', 'b', 'e', 'c', 'r', 'a', 'f', 't', 's', 't', 'o', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "cubekrowd.net", true */ 'c', 'u', 'b', 'e', 'k', 'r', 'o', 'w', 'd', '.', 'n', 'e', 't', '\0', + /* "cubela.tech", true */ 'c', 'u', 'b', 'e', 'l', 'a', '.', 't', 'e', 'c', 'h', '\0', + /* "cubia.de", true */ 'c', 'u', 'b', 'i', 'a', '.', 'd', 'e', '\0', + /* "cubia3.com", true */ 'c', 'u', 'b', 'i', 'a', '3', '.', 'c', 'o', 'm', '\0', + /* "cubia4.com", true */ 'c', 'u', 'b', 'i', 'a', '4', '.', 'c', 'o', 'm', '\0', + /* "cubile.xyz", true */ 'c', 'u', 'b', 'i', 'l', 'e', '.', 'x', 'y', 'z', '\0', + /* "cublick.com", true */ 'c', 'u', 'b', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "cubos.io", false */ 'c', 'u', 'b', 'o', 's', '.', 'i', 'o', '\0', + /* "cubostecnologia.com", false */ 'c', 'u', 'b', 'o', 's', 't', 'e', 'c', 'n', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "cubostecnologia.com.br", false */ 'c', 'u', 'b', 'o', 's', 't', 'e', 'c', 'n', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cubua.com", true */ 'c', 'u', 'b', 'u', 'a', '.', 'c', 'o', 'm', '\0', + /* "cuckoopalace.cn", true */ 'c', 'u', 'c', 'k', 'o', 'o', 'p', 'a', 'l', 'a', 'c', 'e', '.', 'c', 'n', '\0', + /* "cuddlecomfort.com", true */ 'c', 'u', 'd', 'd', 'l', 'e', 'c', 'o', 'm', 'f', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "cuddlingyaks.com", true */ 'c', 'u', 'd', 'd', 'l', 'i', 'n', 'g', 'y', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "cuecasonline.com.br", true */ 'c', 'u', 'e', 'c', 'a', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cuentasmutualamr.org.ar", true */ 'c', 'u', 'e', 'n', 't', 'a', 's', 'm', 'u', 't', 'u', 'a', 'l', 'a', 'm', 'r', '.', 'o', 'r', 'g', '.', 'a', 'r', '\0', + /* "cuetoems.com", true */ 'c', 'u', 'e', 't', 'o', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "cuibonobo.com", true */ 'c', 'u', 'i', 'b', 'o', 'n', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "cuisinezest.com", true */ 'c', 'u', 'i', 's', 'i', 'n', 'e', 'z', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "cultiv.nl", true */ 'c', 'u', 'l', 't', 'i', 'v', '.', 'n', 'l', '\0', + /* "cultivo.bio", true */ 'c', 'u', 'l', 't', 'i', 'v', 'o', '.', 'b', 'i', 'o', '\0', + /* "cultofd50.org", true */ 'c', 'u', 'l', 't', 'o', 'f', 'd', '5', '0', '.', 'o', 'r', 'g', '\0', + /* "cultofperf.org.uk", true */ 'c', 'u', 'l', 't', 'o', 'f', 'p', 'e', 'r', 'f', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "culture-school.top", true */ 'c', 'u', 'l', 't', 'u', 'r', 'e', '-', 's', 'c', 'h', 'o', 'o', 'l', '.', 't', 'o', 'p', '\0', + /* "culturedcode.com", true */ 'c', 'u', 'l', 't', 'u', 'r', 'e', 'd', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "cultureroll.com", true */ 'c', 'u', 'l', 't', 'u', 'r', 'e', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "cumparama.com", true */ 'c', 'u', 'm', 'p', 'a', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "cuni-cuni-club.com", true */ 'c', 'u', 'n', 'i', '-', 'c', 'u', 'n', 'i', '-', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "cuni-rec.com", true */ 'c', 'u', 'n', 'i', '-', 'r', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "cuoc.org.uk", true */ 'c', 'u', 'o', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "cuongthach.com", true */ 'c', 'u', 'o', 'n', 'g', 't', 'h', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "cup.al", true */ 'c', 'u', 'p', '.', 'a', 'l', '\0', + /* "cupcake.io", true */ 'c', 'u', 'p', 'c', 'a', 'k', 'e', '.', 'i', 'o', '\0', + /* "cupcake.is", true */ 'c', 'u', 'p', 'c', 'a', 'k', 'e', '.', 'i', 's', '\0', + /* "cupi.co", true */ 'c', 'u', 'p', 'i', '.', 'c', 'o', '\0', + /* "cupom.net", true */ 'c', 'u', 'p', 'o', 'm', '.', 'n', 'e', 't', '\0', + /* "cuppycakes.fi", true */ 'c', 'u', 'p', 'p', 'y', 'c', 'a', 'k', 'e', 's', '.', 'f', 'i', '\0', + /* "curacao-firma.com", true */ 'c', 'u', 'r', 'a', 'c', 'a', 'o', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "curamail.co.uk", true */ 'c', 'u', 'r', 'a', 'm', 'a', 'i', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "curieux.digital", true */ 'c', 'u', 'r', 'i', 'e', 'u', 'x', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "curio-shiki.com", true */ 'c', 'u', 'r', 'i', 'o', '-', 's', 'h', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "curiosity-driven.org", true */ 'c', 'u', 'r', 'i', 'o', 's', 'i', 't', 'y', '-', 'd', 'r', 'i', 'v', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "curiouscat.me", true */ 'c', 'u', 'r', 'i', 'o', 'u', 's', 'c', 'a', 't', '.', 'm', 'e', '\0', + /* "curlybracket.co.uk", true */ 'c', 'u', 'r', 'l', 'y', 'b', 'r', 'a', 'c', 'k', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "currency-strength.com", true */ 'c', 'u', 'r', 'r', 'e', 'n', 'c', 'y', '-', 's', 't', 'r', 'e', 'n', 'g', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "current.com", true */ 'c', 'u', 'r', 'r', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "currentlystreaming.com", true */ 'c', 'u', 'r', 'r', 'e', 'n', 't', 'l', 'y', 's', 't', 'r', 'e', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "currynissanmaparts.com", true */ 'c', 'u', 'r', 'r', 'y', 'n', 'i', 's', 's', 'a', 'n', 'm', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "cursos.com", true */ 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "cursuri-de-actorie.ro", true */ 'c', 'u', 'r', 's', 'u', 'r', 'i', '-', 'd', 'e', '-', 'a', 'c', 't', 'o', 'r', 'i', 'e', '.', 'r', 'o', '\0', + /* "curtacircuitos.com.br", false */ 'c', 'u', 'r', 't', 'a', 'c', 'i', 'r', 'c', 'u', 'i', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "curtis-smith.me.uk", true */ 'c', 'u', 'r', 't', 'i', 's', '-', 's', 'm', 'i', 't', 'h', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "curtis-smith.uk", true */ 'c', 'u', 'r', 't', 'i', 's', '-', 's', 'm', 'i', 't', 'h', '.', 'u', 'k', '\0', + /* "curtissmith.me.uk", true */ 'c', 'u', 'r', 't', 'i', 's', 's', 'm', 'i', 't', 'h', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "curtissmith.uk", true */ 'c', 'u', 'r', 't', 'i', 's', 's', 'm', 'i', 't', 'h', '.', 'u', 'k', '\0', + /* "curveprotect.com", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "curveprotect.cz", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'c', 'z', '\0', + /* "curveprotect.net", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'n', 'e', 't', '\0', + /* "curveprotect.org", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "curvesandwords.com", true */ 'c', 'u', 'r', 'v', 'e', 's', 'a', 'n', 'd', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "curvissa.co.uk", true */ 'c', 'u', 'r', 'v', 'i', 's', 's', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "custodyxchange.com", true */ 'c', 'u', 's', 't', 'o', 'd', 'y', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "customd.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'd', '.', 'c', 'o', 'm', '\0', + /* "customerbox.ir", true */ 'c', 'u', 's', 't', 'o', 'm', 'e', 'r', 'b', 'o', 'x', '.', 'i', 'r', '\0', + /* "customfitmarketing.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'f', 'i', 't', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "customgear.com.au", true */ 'c', 'u', 's', 't', 'o', 'm', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "customizeyourshower.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'i', 'z', 'e', 'y', 'o', 'u', 'r', 's', 'h', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "customizeyoursink.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'i', 'z', 'e', 'y', 'o', 'u', 'r', 's', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "customromlist.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'r', 'o', 'm', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "customshort.link", true */ 'c', 'u', 's', 't', 'o', 'm', 's', 'h', 'o', 'r', 't', '.', 'l', 'i', 'n', 'k', '\0', + /* "customwritings.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "customwritingservice.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "cutelariafiveladeouro.com.br", true */ 'c', 'u', 't', 'e', 'l', 'a', 'r', 'i', 'a', 'f', 'i', 'v', 'e', 'l', 'a', 'd', 'e', 'o', 'u', 'r', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "cutephil.com", true */ 'c', 'u', 't', 'e', 'p', 'h', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "cutimbo.ovh", true */ 'c', 'u', 't', 'i', 'm', 'b', 'o', '.', 'o', 'v', 'h', '\0', + /* "cutner.co", true */ 'c', 'u', 't', 'n', 'e', 'r', '.', 'c', 'o', '\0', + /* "cuvva.co", true */ 'c', 'u', 'v', 'v', 'a', '.', 'c', 'o', '\0', + /* "cuvva.co.uk", true */ 'c', 'u', 'v', 'v', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cuvva.com", true */ 'c', 'u', 'v', 'v', 'a', '.', 'c', 'o', 'm', '\0', + /* "cuvva.eu", true */ 'c', 'u', 'v', 'v', 'a', '.', 'e', 'u', '\0', + /* "cuvva.io", true */ 'c', 'u', 'v', 'v', 'a', '.', 'i', 'o', '\0', + /* "cuvva.it", true */ 'c', 'u', 'v', 'v', 'a', '.', 'i', 't', '\0', + /* "cuvva.me", true */ 'c', 'u', 'v', 'v', 'a', '.', 'm', 'e', '\0', + /* "cuvva.net", true */ 'c', 'u', 'v', 'v', 'a', '.', 'n', 'e', 't', '\0', + /* "cuvva.org", true */ 'c', 'u', 'v', 'v', 'a', '.', 'o', 'r', 'g', '\0', + /* "cuvva.uk", true */ 'c', 'u', 'v', 'v', 'a', '.', 'u', 'k', '\0', + /* "cuvva.us", true */ 'c', 'u', 'v', 'v', 'a', '.', 'u', 's', '\0', + /* "cuxpool.club", true */ 'c', 'u', 'x', 'p', 'o', 'o', 'l', '.', 'c', 'l', 'u', 'b', '\0', + /* "cve-le-carrousel.ch", true */ 'c', 'v', 'e', '-', 'l', 'e', '-', 'c', 'a', 'r', 'r', 'o', 'u', 's', 'e', 'l', '.', 'c', 'h', '\0', + /* "cviip.ca", true */ 'c', 'v', 'i', 'i', 'p', '.', 'c', 'a', '\0', + /* "cviip.com", true */ 'c', 'v', 'i', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "cvjd.me", true */ 'c', 'v', 'j', 'd', '.', 'm', 'e', '\0', + /* "cvl.ch", true */ 'c', 'v', 'l', '.', 'c', 'h', '\0', + /* "cvlibrary.co.uk", true */ 'c', 'v', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "cvmu.jp", true */ 'c', 'v', 'm', 'u', '.', 'j', 'p', '\0', + /* "cvninja.pl", true */ 'c', 'v', 'n', 'i', 'n', 'j', 'a', '.', 'p', 'l', '\0', + /* "cvr.dk", true */ 'c', 'v', 'r', '.', 'd', 'k', '\0', + /* "cvsoftub.com", true */ 'c', 'v', 's', 'o', 'f', 't', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "cvursache.com", true */ 'c', 'v', 'u', 'r', 's', 'a', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "cvv.cn", true */ 'c', 'v', 'v', '.', 'c', 'n', '\0', + /* "cw.center", true */ 'c', 'w', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0', + /* "cwagner.me", true */ 'c', 'w', 'a', 'g', 'n', 'e', 'r', '.', 'm', 'e', '\0', + /* "cwmart.in", true */ 'c', 'w', 'm', 'a', 'r', 't', '.', 'i', 'n', '\0', + /* "cwningen.cymru", false */ 'c', 'w', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'c', 'y', 'm', 'r', 'u', '\0', + /* "cwrcoding.com", true */ 'c', 'w', 'r', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "cy.technology", true */ 'c', 'y', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0', + /* "cybbh.space", true */ 'c', 'y', 'b', 'b', 'h', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "cyber-konzept.de", true */ 'c', 'y', 'b', 'e', 'r', '-', 'k', 'o', 'n', 'z', 'e', 'p', 't', '.', 'd', 'e', '\0', + /* "cyber-perikarp.eu", true */ 'c', 'y', 'b', 'e', 'r', '-', 'p', 'e', 'r', 'i', 'k', 'a', 'r', 'p', '.', 'e', 'u', '\0', + /* "cyber.cafe", true */ 'c', 'y', 'b', 'e', 'r', '.', 'c', 'a', 'f', 'e', '\0', + /* "cybercloud.cc", true */ 'c', 'y', 'b', 'e', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'c', '\0', + /* "cyberdos.de", true */ 'c', 'y', 'b', 'e', 'r', 'd', 'o', 's', '.', 'd', 'e', '\0', + /* "cyberduck.io", true */ 'c', 'y', 'b', 'e', 'r', 'd', 'u', 'c', 'k', '.', 'i', 'o', '\0', + /* "cybergrx.com", true */ 'c', 'y', 'b', 'e', 'r', 'g', 'r', 'x', '.', 'c', 'o', 'm', '\0', + /* "cyberguerrilla.info", true */ 'c', 'y', 'b', 'e', 'r', 'g', 'u', 'e', 'r', 'r', 'i', 'l', 'l', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "cyberguerrilla.org", true */ 'c', 'y', 'b', 'e', 'r', 'g', 'u', 'e', 'r', 'r', 'i', 'l', 'l', 'a', '.', 'o', 'r', 'g', '\0', + /* "cyberianhusky.com", true */ 'c', 'y', 'b', 'e', 'r', 'i', 'a', 'n', 'h', 'u', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "cyberkov.com", true */ 'c', 'y', 'b', 'e', 'r', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "cyberlightapp.com", true */ 'c', 'y', 'b', 'e', 'r', 'l', 'i', 'g', 'h', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "cyberoptic.de", true */ 'c', 'y', 'b', 'e', 'r', 'o', 'p', 't', 'i', 'c', '.', 'd', 'e', '\0', + /* "cyberphaze.com", true */ 'c', 'y', 'b', 'e', 'r', 'p', 'h', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0', + /* "cyberprey.com", true */ 'c', 'y', 'b', 'e', 'r', 'p', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "cybersecurity.nz", true */ 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'z', '\0', + /* "cybersecuritychallenge.be", true */ 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'b', 'e', '\0', + /* "cybersins.com", true */ 'c', 'y', 'b', 'e', 'r', 's', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "cybersmartdefence.com", true */ 'c', 'y', 'b', 'e', 'r', 's', 'm', 'a', 'r', 't', 'd', 'e', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "cyberspace.community", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0', + /* "cyberspace.today", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'a', 'c', 'e', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "cyberspect.com", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "cyberspect.io", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'e', 'c', 't', '.', 'i', 'o', '\0', + /* "cybertorsk.org", true */ 'c', 'y', 'b', 'e', 'r', 't', 'o', 'r', 's', 'k', '.', 'o', 'r', 'g', '\0', + /* "cybertu.be", true */ 'c', 'y', 'b', 'e', 'r', 't', 'u', '.', 'b', 'e', '\0', + /* "cyberwars.dk", true */ 'c', 'y', 'b', 'e', 'r', 'w', 'a', 'r', 's', '.', 'd', 'k', '\0', + /* "cyberwire.nl", true */ 'c', 'y', 'b', 'e', 'r', 'w', 'i', 'r', 'e', '.', 'n', 'l', '\0', + /* "cyberxpert.nl", true */ 'c', 'y', 'b', 'e', 'r', 'x', 'p', 'e', 'r', 't', '.', 'n', 'l', '\0', + /* "cybozu.cn", true */ 'c', 'y', 'b', 'o', 'z', 'u', '.', 'c', 'n', '\0', + /* "cybozu.com", true */ 'c', 'y', 'b', 'o', 'z', 'u', '.', 'c', 'o', 'm', '\0', + /* "cybozulive-dev.com", true */ 'c', 'y', 'b', 'o', 'z', 'u', 'l', 'i', 'v', 'e', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "cybozulive.com", true */ 'c', 'y', 'b', 'o', 'z', 'u', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "cyclebeads.com", true */ 'c', 'y', 'c', 'l', 'e', 'b', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "cyclehackluxembourgcity.lu", true */ 'c', 'y', 'c', 'l', 'e', 'h', 'a', 'c', 'k', 'l', 'u', 'x', 'e', 'm', 'b', 'o', 'u', 'r', 'g', 'c', 'i', 't', 'y', '.', 'l', 'u', '\0', + /* "cyclisjumper.gallery", true */ 'c', 'y', 'c', 'l', 'i', 's', 'j', 'u', 'm', 'p', 'e', 'r', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0', + /* "cyclop-editorial.fr", true */ 'c', 'y', 'c', 'l', 'o', 'p', '-', 'e', 'd', 'i', 't', 'o', 'r', 'i', 'a', 'l', '.', 'f', 'r', '\0', + /* "cydetec.com", true */ 'c', 'y', 'd', 'e', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "cyfly.org", true */ 'c', 'y', 'f', 'l', 'y', '.', 'o', 'r', 'g', '\0', + /* "cygnatus.com", true */ 'c', 'y', 'g', 'n', 'a', 't', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "cygnius.net", true */ 'c', 'y', 'g', 'n', 'i', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "cyhour.com", true */ 'c', 'y', 'h', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "cylindricity.com", true */ 'c', 'y', 'l', 'i', 'n', 'd', 'r', 'i', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "cyon.ch", true */ 'c', 'y', 'o', 'n', '.', 'c', 'h', '\0', + /* "cype.dedyn.io", true */ 'c', 'y', 'p', 'e', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0', + /* "cyph.audio", true */ 'c', 'y', 'p', 'h', '.', 'a', 'u', 'd', 'i', 'o', '\0', + /* "cyph.com", true */ 'c', 'y', 'p', 'h', '.', 'c', 'o', 'm', '\0', + /* "cyph.healthcare", true */ 'c', 'y', 'p', 'h', '.', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'a', 'r', 'e', '\0', + /* "cyph.im", true */ 'c', 'y', 'p', 'h', '.', 'i', 'm', '\0', + /* "cyph.io", true */ 'c', 'y', 'p', 'h', '.', 'i', 'o', '\0', + /* "cyph.me", true */ 'c', 'y', 'p', 'h', '.', 'm', 'e', '\0', + /* "cyph.video", true */ 'c', 'y', 'p', 'h', '.', 'v', 'i', 'd', 'e', 'o', '\0', + /* "cyph.ws", true */ 'c', 'y', 'p', 'h', '.', 'w', 's', '\0', + /* "cypherpunk.at", true */ 'c', 'y', 'p', 'h', 'e', 'r', 'p', 'u', 'n', 'k', '.', 'a', 't', '\0', + /* "cypherpunk.com", true */ 'c', 'y', 'p', 'h', 'e', 'r', 'p', 'u', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "cypressinheritancesaga.com", true */ 'c', 'y', 'p', 'r', 'e', 's', 's', 'i', 'n', 'h', 'e', 'r', 'i', 't', 'a', 'n', 'c', 'e', 's', 'a', 'g', 'a', '.', 'c', 'o', 'm', '\0', + /* "cypresslegacy.com", true */ 'c', 'y', 'p', 'r', 'e', 's', 's', 'l', 'e', 'g', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "cyprus-company-service.com", true */ 'c', 'y', 'p', 'r', 'u', 's', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "cysec.biz", true */ 'c', 'y', 's', 'e', 'c', '.', 'b', 'i', 'z', '\0', + /* "cysmo.de", true */ 'c', 'y', 's', 'm', 'o', '.', 'd', 'e', '\0', + /* "cytech.com.tr", true */ 'c', 'y', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "cytegic-update-packages.com", true */ 'c', 'y', 't', 'e', 'g', 'i', 'c', '-', 'u', 'p', 'd', 'a', 't', 'e', '-', 'p', 'a', 'c', 'k', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "cyumus.com", true */ 'c', 'y', 'u', 'm', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "czakey.net", true */ 'c', 'z', 'a', 'k', 'e', 'y', '.', 'n', 'e', 't', '\0', + /* "czaw.org", true */ 'c', 'z', 'a', 'w', '.', 'o', 'r', 'g', '\0', + /* "czbix.com", true */ 'c', 'z', 'b', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "czc.cz", true */ 'c', 'z', 'c', '.', 'c', 'z', '\0', + /* "czechamlp.com", true */ 'c', 'z', 'e', 'c', 'h', 'a', 'm', 'l', 'p', '.', 'c', 'o', 'm', '\0', + /* "czechvirus.cz", true */ 'c', 'z', 'e', 'c', 'h', 'v', 'i', 'r', 'u', 's', '.', 'c', 'z', '\0', + /* "czerno.com", true */ 'c', 'z', 'e', 'r', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "czirnich.org", true */ 'c', 'z', 'i', 'r', 'n', 'i', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "czk.mk", true */ 'c', 'z', 'k', '.', 'm', 'k', '\0', + /* "d-20.fr", true */ 'd', '-', '2', '0', '.', 'f', 'r', '\0', + /* "d-academia.com", true */ 'd', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "d-designerin.de", true */ 'd', '-', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', 'i', 'n', '.', 'd', 'e', '\0', + /* "d-loop.de", true */ 'd', '-', 'l', 'o', 'o', 'p', '.', 'd', 'e', '\0', + /* "d-parts24.de", true */ 'd', '-', 'p', 'a', 'r', 't', 's', '2', '4', '.', 'd', 'e', '\0', + /* "d-quantum.com", true */ 'd', '-', 'q', 'u', 'a', 'n', 't', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "d-toys.com.ua", true */ 'd', '-', 't', 'o', 'y', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "d-training.de", true */ 'd', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "d.nf", true */ 'd', '.', 'n', 'f', '\0', + /* "d.nr", true */ 'd', '.', 'n', 'r', '\0', + /* "d00d.de", true */ 'd', '0', '0', 'd', '.', 'd', 'e', '\0', + /* "d0g.cc", true */ 'd', '0', 'g', '.', 'c', 'c', '\0', + /* "d0xq.net", true */ 'd', '0', 'x', 'q', '.', 'n', 'e', 't', '\0', + /* "d2s.uk", true */ 'd', '2', 's', '.', 'u', 'k', '\0', + /* "d3njjcbhbojbot.cloudfront.net", true */ 'd', '3', 'n', 'j', 'j', 'c', 'b', 'h', 'b', 'o', 'j', 'b', 'o', 't', '.', 'c', 'l', 'o', 'u', 'd', 'f', 'r', 'o', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "d3x.pw", true */ 'd', '3', 'x', '.', 'p', 'w', '\0', + /* "d3xt3r01.tk", true */ 'd', '3', 'x', 't', '3', 'r', '0', '1', '.', 't', 'k', '\0', + /* "d42.no", true */ 'd', '4', '2', '.', 'n', 'o', '\0', + /* "d4wson.com", true */ 'd', '4', 'w', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "d4x.de", true */ 'd', '4', 'x', '.', 'd', 'e', '\0', + /* "d66.nl", true */ 'd', '6', '6', '.', 'n', 'l', '\0', + /* "d8.io", true */ 'd', '8', '.', 'i', 'o', '\0', + /* "da-ist-kunst.de", true */ 'd', 'a', '-', 'i', 's', 't', '-', 'k', 'u', 'n', 's', 't', '.', 'd', 'e', '\0', + /* "da8.cc", true */ 'd', 'a', '8', '.', 'c', 'c', '\0', + /* "daallexx.eu", true */ 'd', 'a', 'a', 'l', 'l', 'e', 'x', 'x', '.', 'e', 'u', '\0', + /* "dachb0den.net", true */ 'd', 'a', 'c', 'h', 'b', '0', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "dachdecker-ranzenberger.de", true */ 'd', 'a', 'c', 'h', 'd', 'e', 'c', 'k', 'e', 'r', '-', 'r', 'a', 'n', 'z', 'e', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "dachdeckermeister-egon-weiss.de", true */ 'd', 'a', 'c', 'h', 'd', 'e', 'c', 'k', 'e', 'r', 'm', 'e', 'i', 's', 't', 'e', 'r', '-', 'e', 'g', 'o', 'n', '-', 'w', 'e', 'i', 's', 's', '.', 'd', 'e', '\0', + /* "daciaforum.nl", true */ 'd', 'a', 'c', 'i', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'l', '\0', + /* "daciamodellen.nl", true */ 'd', 'a', 'c', 'i', 'a', 'm', 'o', 'd', 'e', 'l', 'l', 'e', 'n', '.', 'n', 'l', '\0', + /* "dado.fr", true */ 'd', 'a', 'd', 'o', '.', 'f', 'r', '\0', + /* "dado.me", true */ 'd', 'a', 'd', 'o', '.', 'm', 'e', '\0', + /* "dado.virtual.museum", true */ 'd', 'a', 'd', 'o', '.', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'm', 'u', 's', 'e', 'u', 'm', '\0', + /* "dadons-laserdiscs.com", true */ 'd', 'a', 'd', 'o', 'n', 's', '-', 'l', 'a', 's', 'e', 'r', 'd', 'i', 's', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "dadosch.de", true */ 'd', 'a', 'd', 'o', 's', 'c', 'h', '.', 'd', 'e', '\0', + /* "dadrian.io", true */ 'd', 'a', 'd', 'r', 'i', 'a', 'n', '.', 'i', 'o', '\0', + /* "daduke.org", true */ 'd', 'a', 'd', 'u', 'k', 'e', '.', 'o', 'r', 'g', '\0', + /* "daemen.org", true */ 'd', 'a', 'e', 'm', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "daemon.xin", true */ 'd', 'a', 'e', 'm', 'o', 'n', '.', 'x', 'i', 'n', '\0', + /* "daemwool.ch", true */ 'd', 'a', 'e', 'm', 'w', 'o', 'o', 'l', '.', 'c', 'h', '\0', + /* "daevel.fr", true */ 'd', 'a', 'e', 'v', 'e', 'l', '.', 'f', 'r', '\0', + /* "dag-hebergement.fr", true */ 'd', 'a', 'g', '-', 'h', 'e', 'b', 'e', 'r', 'g', 'e', 'm', 'e', 'n', 't', '.', 'f', 'r', '\0', + /* "dag-konsult.com", true */ 'd', 'a', 'g', '-', 'k', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "dahlberg.cologne", true */ 'd', 'a', 'h', 'l', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'l', 'o', 'g', 'n', 'e', '\0', + /* "dai.top", true */ 'd', 'a', 'i', '.', 't', 'o', 'p', '\0', + /* "dailyblogged.com", true */ 'd', 'a', 'i', 'l', 'y', 'b', 'l', 'o', 'g', 'g', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "dailybunda.com", true */ 'd', 'a', 'i', 'l', 'y', 'b', 'u', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "dailyenglishchallenge.com", true */ 'd', 'a', 'i', 'l', 'y', 'e', 'n', 'g', 'l', 'i', 's', 'h', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "dailyhealthguard.com", true */ 'd', 'a', 'i', 'l', 'y', 'h', 'e', 'a', 'l', 't', 'h', 'g', 'u', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "dailykos.com", true */ 'd', 'a', 'i', 'l', 'y', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "dailytopix.com", true */ 'd', 'a', 'i', 'l', 'y', 't', 'o', 'p', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "daintymeal.com", true */ 'd', 'a', 'i', 'n', 't', 'y', 'm', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "dairyshrine.org", true */ 'd', 'a', 'i', 'r', 'y', 's', 'h', 'r', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "daisidaniels.co.uk", true */ 'd', 'a', 'i', 's', 'i', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "daisy-peanut.com", true */ 'd', 'a', 'i', 's', 'y', '-', 'p', 'e', 'a', 'n', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "daisypeanut.com", true */ 'd', 'a', 'i', 's', 'y', 'p', 'e', 'a', 'n', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "daiwai.de", false */ 'd', 'a', 'i', 'w', 'a', 'i', '.', 'd', 'e', '\0', + /* "daiweihu.com", true */ 'd', 'a', 'i', 'w', 'e', 'i', 'h', 'u', '.', 'c', 'o', 'm', '\0', + /* "daiyuu.jp", true */ 'd', 'a', 'i', 'y', 'u', 'u', '.', 'j', 'p', '\0', + /* "daknob.net", true */ 'd', 'a', 'k', 'n', 'o', 'b', '.', 'n', 'e', 't', '\0', + /* "dakotasilencer.com", true */ 'd', 'a', 'k', 'o', 't', 'a', 's', 'i', 'l', 'e', 'n', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "daktarisys.com", true */ 'd', 'a', 'k', 't', 'a', 'r', 'i', 's', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "daladubbeln.se", true */ 'd', 'a', 'l', 'a', 'd', 'u', 'b', 'b', 'e', 'l', 'n', '.', 's', 'e', '\0', + /* "dalaran.city", true */ 'd', 'a', 'l', 'a', 'r', 'a', 'n', '.', 'c', 'i', 't', 'y', '\0', + /* "dalb.in", true */ 'd', 'a', 'l', 'b', '.', 'i', 'n', '\0', + /* "dale-electric.com", true */ 'd', 'a', 'l', 'e', '-', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "dalek.co.nz", true */ 'd', 'a', 'l', 'e', 'k', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "dalfiume.it", false */ 'd', 'a', 'l', 'f', 'i', 'u', 'm', 'e', '.', 'i', 't', '\0', + /* "dalfsennet.nl", true */ 'd', 'a', 'l', 'f', 's', 'e', 'n', 'n', 'e', 't', '.', 'n', 'l', '\0', + /* "dalingk.com", true */ 'd', 'a', 'l', 'i', 'n', 'g', 'k', '.', 'c', 'o', 'm', '\0', + /* "dallaslu.com", true */ 'd', 'a', 'l', 'l', 'a', 's', 'l', 'u', '.', 'c', 'o', 'm', '\0', + /* "dallinbryce.com", true */ 'd', 'a', 'l', 'l', 'i', 'n', 'b', 'r', 'y', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "dallmeier.net", true */ 'd', 'a', 'l', 'l', 'm', 'e', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "dalmatiersheusden.be", true */ 'd', 'a', 'l', 'm', 'a', 't', 'i', 'e', 'r', 's', 'h', 'e', 'u', 's', 'd', 'e', 'n', '.', 'b', 'e', '\0', + /* "damaged.org", true */ 'd', 'a', 'm', 'a', 'g', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "damasexpress.com", true */ 'd', 'a', 'm', 'a', 's', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "damedrogy.cz", true */ 'd', 'a', 'm', 'e', 'd', 'r', 'o', 'g', 'y', '.', 'c', 'z', '\0', + /* "damicris.ro", true */ 'd', 'a', 'm', 'i', 'c', 'r', 'i', 's', '.', 'r', 'o', '\0', + /* "damienoreilly.org", true */ 'd', 'a', 'm', 'i', 'e', 'n', 'o', 'r', 'e', 'i', 'l', 'l', 'y', '.', 'o', 'r', 'g', '\0', + /* "damip.net", true */ 'd', 'a', 'm', 'i', 'p', '.', 'n', 'e', 't', '\0', + /* "dammekens.be", true */ 'd', 'a', 'm', 'm', 'e', 'k', 'e', 'n', 's', '.', 'b', 'e', '\0', + /* "damngoodpepper.com", true */ 'd', 'a', 'm', 'n', 'g', 'o', 'o', 'd', 'p', 'e', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "dan-informacijske-varnosti.si", true */ 'd', 'a', 'n', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 'c', 'i', 'j', 's', 'k', 'e', '-', 'v', 'a', 'r', 'n', 'o', 's', 't', 'i', '.', 's', 'i', '\0', + /* "dan.me.uk", true */ 'd', 'a', 'n', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "dan.org.nz", true */ 'd', 'a', 'n', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0', + /* "danaketh.com", true */ 'd', 'a', 'n', 'a', 'k', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "danamica.dk", true */ 'd', 'a', 'n', 'a', 'm', 'i', 'c', 'a', '.', 'd', 'k', '\0', + /* "danandrum.com", true */ 'd', 'a', 'n', 'a', 'n', 'd', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "danarozmarin.com", true */ 'd', 'a', 'n', 'a', 'r', 'o', 'z', 'm', 'a', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "danchen.org", true */ 'd', 'a', 'n', 'c', 'h', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "dancingcubs.co.uk", true */ 'd', 'a', 'n', 'c', 'i', 'n', 'g', 'c', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dandenongroadapartments.com.au", true */ 'd', 'a', 'n', 'd', 'e', 'n', 'o', 'n', 'g', 'r', 'o', 'a', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "dandymrsb.com", true */ 'd', 'a', 'n', 'd', 'y', 'm', 'r', 's', 'b', '.', 'c', 'o', 'm', '\0', + /* "daneandthepain.com", true */ 'd', 'a', 'n', 'e', 'a', 'n', 'd', 't', 'h', 'e', 'p', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "dango.in", true */ 'd', 'a', 'n', 'g', 'o', '.', 'i', 'n', '\0', + /* "daniel-baumann.ch", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'b', 'a', 'u', 'm', 'a', 'n', 'n', '.', 'c', 'h', '\0', + /* "daniel-du.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'd', 'u', '.', 'c', 'o', 'm', '\0', + /* "daniel-kulbe.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'k', 'u', 'l', 'b', 'e', '.', 'd', 'e', '\0', + /* "daniel-ruf.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'r', 'u', 'f', '.', 'd', 'e', '\0', + /* "daniel-seifert.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 's', 'e', 'i', 'f', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "danielalvarez.net", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'a', 'l', 'v', 'a', 'r', 'e', 'z', '.', 'n', 'e', 't', '\0', + /* "danielas.boutique", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'a', 's', '.', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '\0', + /* "danielehniss.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'e', 'h', 'n', 'i', 's', 's', '.', 'd', 'e', '\0', + /* "danielepestilli.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'e', 'p', 'e', 's', 't', 'i', 'l', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "danielhochleitner.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'h', 'o', 'c', 'h', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "danieljamesscott.org", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'j', 'a', 'm', 'e', 's', 's', 'c', 'o', 't', 't', '.', 'o', 'r', 'g', '\0', + /* "danieljireh.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'j', 'i', 'r', 'e', 'h', '.', 'c', 'o', 'm', '\0', + /* "danielkoster.nl", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'k', 'o', 's', 't', 'e', 'r', '.', 'n', 'l', '\0', + /* "danielkratz.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'k', 'r', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "danielmarquard.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'a', 'r', 'q', 'u', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "danielmoch.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "danielmostertman.com", false */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'o', 's', 't', 'e', 'r', 't', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "danielmostertman.nl", false */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'o', 's', 't', 'e', 'r', 't', 'm', 'a', 'n', '.', 'n', 'l', '\0', + /* "danielrozenberg.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'r', 'o', 'z', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "danielsblog.org", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 'b', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0', + /* "danielschreurs.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 'c', 'h', 'r', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "danielstach.cz", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 't', 'a', 'c', 'h', '.', 'c', 'z', '\0', + /* "danielsteiner.net", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 't', 'e', 'i', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "danieltollot.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', 't', 'o', 'l', 'l', 'o', 't', '.', 'd', 'e', '\0', + /* "danielverlaan.nl", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'v', 'e', 'r', 'l', 'a', 'a', 'n', '.', 'n', 'l', '\0', + /* "danielvoogsgerd.nl", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'v', 'o', 'o', 'g', 's', 'g', 'e', 'r', 'd', '.', 'n', 'l', '\0', + /* "danielzuzevich.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'z', 'u', 'z', 'e', 'v', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "danilapisarev.com", true */ 'd', 'a', 'n', 'i', 'l', 'a', 'p', 'i', 's', 'a', 'r', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "danjesensky.com", true */ 'd', 'a', 'n', 'j', 'e', 's', 'e', 'n', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "dank.ninja", true */ 'd', 'a', 'n', 'k', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "dankim.de", false */ 'd', 'a', 'n', 'k', 'i', 'm', '.', 'd', 'e', '\0', + /* "dankredues.com", true */ 'd', 'a', 'n', 'k', 'r', 'e', 'd', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "danla.nl", true */ 'd', 'a', 'n', 'l', 'a', '.', 'n', 'l', '\0', + /* "danmaby.com", true */ 'd', 'a', 'n', 'm', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "danmarksbedstefredagsbar.dk", true */ 'd', 'a', 'n', 'm', 'a', 'r', 'k', 's', 'b', 'e', 'd', 's', 't', 'e', 'f', 'r', 'e', 'd', 'a', 'g', 's', 'b', 'a', 'r', '.', 'd', 'k', '\0', + /* "danminkevitch.com", true */ 'd', 'a', 'n', 'm', 'i', 'n', 'k', 'e', 'v', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "danna-salary.com", true */ 'd', 'a', 'n', 'n', 'a', '-', 's', 'a', 'l', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "danny.fm", true */ 'd', 'a', 'n', 'n', 'y', '.', 'f', 'm', '\0', + /* "dannyrohde.de", true */ 'd', 'a', 'n', 'n', 'y', 'r', 'o', 'h', 'd', 'e', '.', 'd', 'e', '\0', + /* "dannystevens.co.uk", true */ 'd', 'a', 'n', 'n', 'y', 's', 't', 'e', 'v', 'e', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "danonsecurity.com", true */ 'd', 'a', 'n', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "danotage.tv", true */ 'd', 'a', 'n', 'o', 't', 'a', 'g', 'e', '.', 't', 'v', '\0', + /* "danova.de", true */ 'd', 'a', 'n', 'o', 'v', 'a', '.', 'd', 'e', '\0', + /* "danoz.net", true */ 'd', 'a', 'n', 'o', 'z', '.', 'n', 'e', 't', '\0', + /* "danscomp.com", true */ 'd', 'a', 'n', 's', 'c', 'o', 'm', 'p', '.', 'c', 'o', 'm', '\0', + /* "danselibre.net", true */ 'd', 'a', 'n', 's', 'e', 'l', 'i', 'b', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "danseressen.nl", true */ 'd', 'a', 'n', 's', 'e', 'r', 'e', 's', 's', 'e', 'n', '.', 'n', 'l', '\0', + /* "dansk-skole.de", true */ 'd', 'a', 'n', 's', 'k', '-', 's', 'k', 'o', 'l', 'e', '.', 'd', 'e', '\0', + /* "danskoferie.dk", true */ 'd', 'a', 'n', 's', 'k', 'o', 'f', 'e', 'r', 'i', 'e', '.', 'd', 'k', '\0', + /* "danskringsporta.be", true */ 'd', 'a', 'n', 's', 'k', 'r', 'i', 'n', 'g', 's', 'p', 'o', 'r', 't', 'a', '.', 'b', 'e', '\0', + /* "dantransports.fr", true */ 'd', 'a', 'n', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 's', '.', 'f', 'r', '\0', + /* "danw.io", true */ 'd', 'a', 'n', 'w', '.', 'i', 'o', '\0', + /* "danwin1210.me", true */ 'd', 'a', 'n', 'w', 'i', 'n', '1', '2', '1', '0', '.', 'm', 'e', '\0', + /* "danyabanya.com", true */ 'd', 'a', 'n', 'y', 'a', 'b', 'a', 'n', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "dao.spb.su", true */ 'd', 'a', 'o', '.', 's', 'p', 'b', '.', 's', 'u', '\0', + /* "daoro.net", true */ 'd', 'a', 'o', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "daphne.informatik.uni-freiburg.de", true */ 'd', 'a', 'p', 'h', 'n', 'e', '.', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '.', 'u', 'n', 'i', '-', 'f', 'r', 'e', 'i', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "dapim.co.il", true */ 'd', 'a', 'p', 'i', 'm', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "daplie.com", true */ 'd', 'a', 'p', 'l', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "daracokorilo.com", true */ 'd', 'a', 'r', 'a', 'c', 'o', 'k', 'o', 'r', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "daravk.ch", true */ 'd', 'a', 'r', 'a', 'v', 'k', '.', 'c', 'h', '\0', + /* "darbi.org", true */ 'd', 'a', 'r', 'b', 'i', '.', 'o', 'r', 'g', '\0', + /* "darbtech.net", true */ 'd', 'a', 'r', 'b', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "darc-mak.de", true */ 'd', 'a', 'r', 'c', '-', 'm', 'a', 'k', '.', 'd', 'e', '\0', + /* "darchoods.net", false */ 'd', 'a', 'r', 'c', 'h', 'o', 'o', 'd', 's', '.', 'n', 'e', 't', '\0', + /* "darcymarshall.com", true */ 'd', 'a', 'r', 'c', 'y', 'm', 'a', 'r', 's', 'h', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "daren.com.br", true */ 'd', 'a', 'r', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dareyou.be", true */ 'd', 'a', 'r', 'e', 'y', 'o', 'u', '.', 'b', 'e', '\0', + /* "darinkotter.com", true */ 'd', 'a', 'r', 'i', 'n', 'k', 'o', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "darioackermann.ch", true */ 'd', 'a', 'r', 'i', 'o', 'a', 'c', 'k', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'c', 'h', '\0', + /* "darioturchetti.me", true */ 'd', 'a', 'r', 'i', 'o', 't', 'u', 'r', 'c', 'h', 'e', 't', 't', 'i', '.', 'm', 'e', '\0', + /* "darisni.me", true */ 'd', 'a', 'r', 'i', 's', 'n', 'i', '.', 'm', 'e', '\0', + /* "dark-infection.de", true */ 'd', 'a', 'r', 'k', '-', 'i', 'n', 'f', 'e', 'c', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "dark-vision.cz", true */ 'd', 'a', 'r', 'k', '-', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'z', '\0', + /* "darkcores.net", true */ 'd', 'a', 'r', 'k', 'c', 'o', 'r', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "darkdestiny.ch", true */ 'd', 'a', 'r', 'k', 'd', 'e', 's', 't', 'i', 'n', 'y', '.', 'c', 'h', '\0', + /* "darkengine.io", true */ 'd', 'a', 'r', 'k', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'i', 'o', '\0', + /* "darkengine.net", true */ 'd', 'a', 'r', 'k', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "darkeststar.org", true */ 'd', 'a', 'r', 'k', 'e', 's', 't', 's', 't', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "darkfire.ch", true */ 'd', 'a', 'r', 'k', 'f', 'i', 'r', 'e', '.', 'c', 'h', '\0', + /* "darkishgreen.com", true */ 'd', 'a', 'r', 'k', 'i', 's', 'h', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "darknode.in", true */ 'd', 'a', 'r', 'k', 'n', 'o', 'd', 'e', '.', 'i', 'n', '\0', + /* "darkserver.fedoraproject.org", true */ 'd', 'a', 'r', 'k', 's', 'e', 'r', 'v', 'e', 'r', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "darkserver.stg.fedoraproject.org", true */ 'd', 'a', 'r', 'k', 's', 'e', 'r', 'v', 'e', 'r', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "darkshop.nl", true */ 'd', 'a', 'r', 'k', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0', + /* "darkside.re", true */ 'd', 'a', 'r', 'k', 's', 'i', 'd', 'e', '.', 'r', 'e', '\0', + /* "darkspacelab.com", true */ 'd', 'a', 'r', 'k', 's', 'p', 'a', 'c', 'e', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "darktime.ru", true */ 'd', 'a', 'r', 'k', 't', 'i', 'm', 'e', '.', 'r', 'u', '\0', + /* "darkwater.info", true */ 'd', 'a', 'r', 'k', 'w', 'a', 't', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "darkx.me", true */ 'd', 'a', 'r', 'k', 'x', '.', 'm', 'e', '\0', + /* "darlastudio66.com", true */ 'd', 'a', 'r', 'l', 'a', 's', 't', 'u', 'd', 'i', 'o', '6', '6', '.', 'c', 'o', 'm', '\0', + /* "darom.jp", true */ 'd', 'a', 'r', 'o', 'm', '.', 'j', 'p', '\0', + /* "darookee.net", true */ 'd', 'a', 'r', 'o', 'o', 'k', 'e', 'e', '.', 'n', 'e', 't', '\0', + /* "daropia.org", true */ 'd', 'a', 'r', 'o', 'p', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "darrenm.net", true */ 'd', 'a', 'r', 'r', 'e', 'n', 'm', '.', 'n', 'e', 't', '\0', + /* "darrienworth.com", true */ 'd', 'a', 'r', 'r', 'i', 'e', 'n', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "darshnam.com", true */ 'd', 'a', 'r', 's', 'h', 'n', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "dart-tanke.com", true */ 'd', 'a', 'r', 't', '-', 't', 'a', 'n', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "dart-tanke.de", true */ 'd', 'a', 'r', 't', '-', 't', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0', + /* "darth-sonic.de", true */ 'd', 'a', 'r', 't', 'h', '-', 's', 'o', 'n', 'i', 'c', '.', 'd', 'e', '\0', + /* "dartsdon.jp", true */ 'd', 'a', 'r', 't', 's', 'd', 'o', 'n', '.', 'j', 'p', '\0', + /* "darwinkel.net", false */ 'd', 'a', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'e', 't', '\0', + /* "daryl.moe", true */ 'd', 'a', 'r', 'y', 'l', '.', 'm', 'o', 'e', '\0', + /* "darylcumbo.net", true */ 'd', 'a', 'r', 'y', 'l', 'c', 'u', 'm', 'b', 'o', '.', 'n', 'e', 't', '\0', + /* "das-mediale-haus.de", true */ 'd', 'a', 's', '-', 'm', 'e', 'd', 'i', 'a', 'l', 'e', '-', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0', + /* "das-sommercamp.de", true */ 'd', 'a', 's', '-', 's', 'o', 'm', 'm', 'e', 'r', 'c', 'a', 'm', 'p', '.', 'd', 'e', '\0', + /* "das-tyrol.at", true */ 'd', 'a', 's', '-', 't', 'y', 'r', 'o', 'l', '.', 'a', 't', '\0', + /* "dasgeestig.nl", true */ 'd', 'a', 's', 'g', 'e', 'e', 's', 't', 'i', 'g', '.', 'n', 'l', '\0', + /* "dashboard.run", true */ 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'r', 'u', 'n', '\0', + /* "dashboard.yt", true */ 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'y', 't', '\0', + /* "dashlane.com", true */ 'd', 'a', 's', 'h', 'l', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "dashnearby.com", true */ 'd', 'a', 's', 'h', 'n', 'e', 'a', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "dasinternetluegt.at", true */ 'd', 'a', 's', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'l', 'u', 'e', 'g', 't', '.', 'a', 't', '\0', + /* "data-detox.de", true */ 'd', 'a', 't', 'a', '-', 'd', 'e', 't', 'o', 'x', '.', 'd', 'e', '\0', + /* "data.gov", true */ 'd', 'a', 't', 'a', '.', 'g', 'o', 'v', '\0', + /* "data.govt.nz", true */ 'd', 'a', 't', 'a', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0', + /* "data.world", true */ 'd', 'a', 't', 'a', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "databeam.de", true */ 'd', 'a', 't', 'a', 'b', 'e', 'a', 'm', '.', 'd', 'e', '\0', + /* "databionix.com", true */ 'd', 'a', 't', 'a', 'b', 'i', 'o', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "databutlr.com", true */ 'd', 'a', 't', 'a', 'b', 'u', 't', 'l', 'r', '.', 'c', 'o', 'm', '\0', + /* "databutlr.net", true */ 'd', 'a', 't', 'a', 'b', 'u', 't', 'l', 'r', '.', 'n', 'e', 't', '\0', + /* "datacalle.com", true */ 'd', 'a', 't', 'a', 'c', 'a', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "datacandy.com", true */ 'd', 'a', 't', 'a', 'c', 'a', 'n', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "datacenternews.asia", true */ 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'e', 'r', 'n', 'e', 'w', 's', '.', 'a', 's', 'i', 'a', '\0', + /* "datacenternews.co.nz", true */ 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'e', 'r', 'n', 'e', 'w', 's', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "datacentrenews.eu", true */ 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'r', 'e', 'n', 'e', 'w', 's', '.', 'e', 'u', '\0', + /* "datacubed.com", true */ 'd', 'a', 't', 'a', 'c', 'u', 'b', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "datadit.hu", true */ 'd', 'a', 't', 'a', 'd', 'i', 't', '.', 'h', 'u', '\0', + /* "datadyne.technology", true */ 'd', 'a', 't', 'a', 'd', 'y', 'n', 'e', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0', + /* "dataformers.at", true */ 'd', 'a', 't', 'a', 'f', 'o', 'r', 'm', 'e', 'r', 's', '.', 'a', 't', '\0', + /* "datahove.no", false */ 'd', 'a', 't', 'a', 'h', 'o', 'v', 'e', '.', 'n', 'o', '\0', + /* "dataisme.com", true */ 'd', 'a', 't', 'a', 'i', 's', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "datajapan.co.jp", true */ 'd', 'a', 't', 'a', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "datakick.org", true */ 'd', 'a', 't', 'a', 'k', 'i', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "datalysis.ch", true */ 'd', 'a', 't', 'a', 'l', 'y', 's', 'i', 's', '.', 'c', 'h', '\0', + /* "datamatic.ru", true */ 'd', 'a', 't', 'a', 'm', 'a', 't', 'i', 'c', '.', 'r', 'u', '\0', + /* "dataprotectionadvisors.com", true */ 'd', 'a', 't', 'a', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "datapun.ch", true */ 'd', 'a', 't', 'a', 'p', 'u', 'n', '.', 'c', 'h', '\0', + /* "datascience.ch", true */ 'd', 'a', 't', 'a', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'h', '\0', + /* "datascomemorativas.com.br", true */ 'd', 'a', 't', 'a', 's', 'c', 'o', 'm', 'e', 'm', 'o', 'r', 'a', 't', 'i', 'v', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "datasharesystem.com", true */ 'd', 'a', 't', 'a', 's', 'h', 'a', 'r', 'e', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "dataskydd.net", true */ 'd', 'a', 't', 'a', 's', 'k', 'y', 'd', 'd', '.', 'n', 'e', 't', '\0', + /* "dataspace.pl", true */ 'd', 'a', 't', 'a', 's', 'p', 'a', 'c', 'e', '.', 'p', 'l', '\0', + /* "datastream.re", false */ 'd', 'a', 't', 'a', 's', 't', 'r', 'e', 'a', 'm', '.', 'r', 'e', '\0', + /* "dataswamp.org", true */ 'd', 'a', 't', 'a', 's', 'w', 'a', 'm', 'p', '.', 'o', 'r', 'g', '\0', + /* "datatekniikka.fi", false */ 'd', 'a', 't', 'a', 't', 'e', 'k', 'n', 'i', 'i', 'k', 'k', 'a', '.', 'f', 'i', '\0', + /* "datateknologsektionen.se", true */ 'd', 'a', 't', 'a', 't', 'e', 'k', 'n', 'o', 'l', 'o', 'g', 's', 'e', 'k', 't', 'i', 'o', 'n', 'e', 'n', '.', 's', 'e', '\0', + /* "datatree.nl", true */ 'd', 'a', 't', 'a', 't', 'r', 'e', 'e', '.', 'n', 'l', '\0', + /* "datatruckers.com", true */ 'd', 'a', 't', 'a', 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "datatruckers.net", true */ 'd', 'a', 't', 'a', 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "datememe.com", true */ 'd', 'a', 't', 'e', 'm', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "datengrab.xyz", true */ 'd', 'a', 't', 'e', 'n', 'g', 'r', 'a', 'b', '.', 'x', 'y', 'z', '\0', + /* "datenlast.de", true */ 'd', 'a', 't', 'e', 'n', 'l', 'a', 's', 't', '.', 'd', 'e', '\0', + /* "dateno1.com", true */ 'd', 'a', 't', 'e', 'n', 'o', '1', '.', 'c', 'o', 'm', '\0', + /* "datenreiter.org", true */ 'd', 'a', 't', 'e', 'n', 'r', 'e', 'i', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "datenschutz-individuell.de", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', '-', 'i', 'n', 'd', 'i', 'v', 'i', 'd', 'u', 'e', 'l', 'l', '.', 'd', 'e', '\0', + /* "datenschutzgrundverordnung.de", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', 'g', 'r', 'u', 'n', 'd', 'v', 'e', 'r', 'o', 'r', 'd', 'n', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "datenschutzhelden.org", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', 'h', 'e', 'l', 'd', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "datenschutztag.org", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', 't', 'a', 'g', '.', 'o', 'r', 'g', '\0', + /* "datenwerkstatt.net", true */ 'd', 'a', 't', 'e', 'n', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'n', 'e', 't', '\0', + /* "datewon.net", false */ 'd', 'a', 't', 'e', 'w', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "datine.com.br", true */ 'd', 'a', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "datingticino.ch", true */ 'd', 'a', 't', 'i', 'n', 'g', 't', 'i', 'c', 'i', 'n', 'o', '.', 'c', 'h', '\0', + /* "datovyaudit.cz", true */ 'd', 'a', 't', 'o', 'v', 'y', 'a', 'u', 'd', 'i', 't', '.', 'c', 'z', '\0', + /* "datsound.ru", true */ 'd', 'a', 't', 's', 'o', 'u', 'n', 'd', '.', 'r', 'u', '\0', + /* "datsumou-q.com", true */ 'd', 'a', 't', 's', 'u', 'm', 'o', 'u', '-', 'q', '.', 'c', 'o', 'm', '\0', + /* "datumou-osusume.com", true */ 'd', 'a', 't', 'u', 'm', 'o', 'u', '-', 'o', 's', 'u', 's', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "datumou-recipe.com", true */ 'd', 'a', 't', 'u', 'm', 'o', 'u', '-', 'r', 'e', 'c', 'i', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "daubehosting.de", true */ 'd', 'a', 'u', 'b', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "dave-pearce.com", true */ 'd', 'a', 'v', 'e', '-', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "daveaglick.com", true */ 'd', 'a', 'v', 'e', 'a', 'g', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "davecardwell.com", true */ 'd', 'a', 'v', 'e', 'c', 'a', 'r', 'd', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "davelynes.com", true */ 'd', 'a', 'v', 'e', 'l', 'y', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "daveoc64.co.uk", true */ 'd', 'a', 'v', 'e', 'o', 'c', '6', '4', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "davepage.me.uk", true */ 'd', 'a', 'v', 'e', 'p', 'a', 'g', 'e', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "davepearce.com", true */ 'd', 'a', 'v', 'e', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "davescomputertips.com", true */ 'd', 'a', 'v', 'e', 's', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "davesinclair.com.au", true */ 'd', 'a', 'v', 'e', 's', 'i', 'n', 'c', 'l', 'a', 'i', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "davetempleton.com", true */ 'd', 'a', 'v', 'e', 't', 'e', 'm', 'p', 'l', 'e', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "davevelopment.net", true */ 'd', 'a', 'v', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "davewardle.com", true */ 'd', 'a', 'v', 'e', 'w', 'a', 'r', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "david-corry.com", true */ 'd', 'a', 'v', 'i', 'd', '-', 'c', 'o', 'r', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "david-pearce.com", true */ 'd', 'a', 'v', 'i', 'd', '-', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "david-schiffmann.de", true */ 'd', 'a', 'v', 'i', 'd', '-', 's', 'c', 'h', 'i', 'f', 'f', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "david.kitchen", true */ 'd', 'a', 'v', 'i', 'd', '.', 'k', 'i', 't', 'c', 'h', 'e', 'n', '\0', + /* "davidadrian.org", true */ 'd', 'a', 'v', 'i', 'd', 'a', 'd', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "davidandersson.se", true */ 'd', 'a', 'v', 'i', 'd', 'a', 'n', 'd', 'e', 'r', 's', 's', 'o', 'n', '.', 's', 'e', '\0', + /* "davidcrx.net", true */ 'd', 'a', 'v', 'i', 'd', 'c', 'r', 'x', '.', 'n', 'e', 't', '\0', + /* "daviddever.net", true */ 'd', 'a', 'v', 'i', 'd', 'd', 'e', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "davidfrancoeur.com", true */ 'd', 'a', 'v', 'i', 'd', 'f', 'r', 'a', 'n', 'c', 'o', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "davidgouveia.net", true */ 'd', 'a', 'v', 'i', 'd', 'g', 'o', 'u', 'v', 'e', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "davidgow.net", true */ 'd', 'a', 'v', 'i', 'd', 'g', 'o', 'w', '.', 'n', 'e', 't', '\0', + /* "davidking.xyz", true */ 'd', 'a', 'v', 'i', 'd', 'k', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0', + /* "davidlillo.com", true */ 'd', 'a', 'v', 'i', 'd', 'l', 'i', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "davidlyness.com", true */ 'd', 'a', 'v', 'i', 'd', 'l', 'y', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "davidmcevoy.org.uk", true */ 'd', 'a', 'v', 'i', 'd', 'm', 'c', 'e', 'v', 'o', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "davidmessenger.co.uk", true */ 'd', 'a', 'v', 'i', 'd', 'm', 'e', 's', 's', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "davidnadaski.com", true */ 'd', 'a', 'v', 'i', 'd', 'n', 'a', 'd', 'a', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "davidpearce.com", true */ 'd', 'a', 'v', 'i', 'd', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "davidpearce.org", true */ 'd', 'a', 'v', 'i', 'd', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "davidschadlich.com", true */ 'd', 'a', 'v', 'i', 'd', 's', 'c', 'h', 'a', 'd', 'l', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "davidschlachter.com", true */ 'd', 'a', 'v', 'i', 'd', 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "davie3.com", true */ 'd', 'a', 'v', 'i', 'e', '3', '.', 'c', 'o', 'm', '\0', + /* "davimun.org", true */ 'd', 'a', 'v', 'i', 'm', 'u', 'n', '.', 'o', 'r', 'g', '\0', + /* "davisroi.com", true */ 'd', 'a', 'v', 'i', 's', 'r', 'o', 'i', '.', 'c', 'o', 'm', '\0', + /* "davo-usedcars.be", true */ 'd', 'a', 'v', 'o', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "davy-server.com", true */ 'd', 'a', 'v', 'y', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "daw.nz", true */ 'd', 'a', 'w', '.', 'n', 'z', '\0', + /* "dawnbringer.eu", true */ 'd', 'a', 'w', 'n', 'b', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'e', 'u', '\0', + /* "dawnbringer.net", true */ 'd', 'a', 'w', 'n', 'b', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "dawson-floridavilla.co.uk", true */ 'd', 'a', 'w', 's', 'o', 'n', '-', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'v', 'i', 'l', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "day-peak.com", true */ 'd', 'a', 'y', '-', 'p', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "daylightpirates.org", true */ 'd', 'a', 'y', 'l', 'i', 'g', 'h', 't', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "dayman.net", true */ 'd', 'a', 'y', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "daysoftheyear.com", true */ 'd', 'a', 'y', 's', 'o', 'f', 't', 'h', 'e', 'y', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "db-sanity.com", true */ 'd', 'b', '-', 's', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "db-works.nl", true */ 'd', 'b', '-', 'w', 'o', 'r', 'k', 's', '.', 'n', 'l', '\0', + /* "dbapress.org", true */ 'd', 'b', 'a', 'p', 'r', 'e', 's', 's', '.', 'o', 'r', 'g', '\0', + /* "dbaron.org", true */ 'd', 'b', 'a', 'r', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "dbas.cz", true */ 'd', 'b', 'a', 's', '.', 'c', 'z', '\0', + /* "dbdc.us", true */ 'd', 'b', 'd', 'c', '.', 'u', 's', '\0', + /* "dbentertainment.co.uk", true */ 'd', 'b', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dbgamestudio.com", true */ 'd', 'b', 'g', 'a', 'm', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "dblcastles.co.uk", true */ 'd', 'b', 'l', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dbldub.net", true */ 'd', 'b', 'l', 'd', 'u', 'b', '.', 'n', 'e', 't', '\0', + /* "dblx.io", true */ 'd', 'b', 'l', 'x', '.', 'i', 'o', '\0', + /* "dbmteam.com", true */ 'd', 'b', 'm', 't', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "dborcard.com", true */ 'd', 'b', 'o', 'r', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "dbpkg.com", true */ 'd', 'b', 'p', 'k', 'g', '.', 'c', 'o', 'm', '\0', + /* "dbpmedia.se", true */ 'd', 'b', 'p', 'm', 'e', 'd', 'i', 'a', '.', 's', 'e', '\0', + /* "dbq.com", true */ 'd', 'b', 'q', '.', 'c', 'o', 'm', '\0', + /* "dbrgn.ch", true */ 'd', 'b', 'r', 'g', 'n', '.', 'c', 'h', '\0', + /* "dbtsai.com", true */ 'd', 'b', 't', 's', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "dbyz.co.uk", true */ 'd', 'b', 'y', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dc-occasies.be", true */ 'd', 'c', '-', 'o', 'c', 'c', 'a', 's', 'i', 'e', 's', '.', 'b', 'e', '\0', + /* "dc562.org", true */ 'd', 'c', '5', '6', '2', '.', 'o', 'r', 'g', '\0', + /* "dc585.info", true */ 'd', 'c', '5', '8', '5', '.', 'i', 'n', 'f', 'o', '\0', + /* "dcards.in.th", true */ 'd', 'c', 'a', 'r', 'd', 's', '.', 'i', 'n', '.', 't', 'h', '\0', + /* "dcautomacao.com.br", true */ 'd', 'c', 'a', 'u', 't', 'o', 'm', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dcbouncycastles.co.uk", true */ 'd', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dcc.cat", true */ 'd', 'c', 'c', '.', 'c', 'a', 't', '\0', + /* "dcepler.net", true */ 'd', 'c', 'e', 'p', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "dchatelain.ch", true */ 'd', 'c', 'h', 'a', 't', 'e', 'l', 'a', 'i', 'n', '.', 'c', 'h', '\0', + /* "dchest.org", true */ 'd', 'c', 'h', 'e', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "dckd.nl", true */ 'd', 'c', 'k', 'd', '.', 'n', 'l', '\0', + /* "dclaisse.fr", true */ 'd', 'c', 'l', 'a', 'i', 's', 's', 'e', '.', 'f', 'r', '\0', + /* "dcmt.co", true */ 'd', 'c', 'm', 't', '.', 'c', 'o', '\0', + /* "dcrdev.com", true */ 'd', 'c', 'r', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "dd.art.pl", true */ 'd', 'd', '.', 'a', 'r', 't', '.', 'p', 'l', '\0', + /* "ddel.de", true */ 'd', 'd', 'e', 'l', '.', 'd', 'e', '\0', + /* "dden.ca", false */ 'd', 'd', 'e', 'n', '.', 'c', 'a', '\0', + /* "ddfreedish.site", false */ 'd', 'd', 'f', 'r', 'e', 'e', 'd', 'i', 's', 'h', '.', 's', 'i', 't', 'e', '\0', + /* "ddhosted.com", true */ 'd', 'd', 'h', 'o', 's', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "ddmeportal.com", true */ 'd', 'd', 'm', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "ddns-anbieter.de", true */ 'd', 'd', 'n', 's', '-', 'a', 'n', 'b', 'i', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "ddocu.me", true */ 'd', 'd', 'o', 'c', 'u', '.', 'm', 'e', '\0', + /* "ddos-mitigation.co.uk", true */ 'd', 'd', 'o', 's', '-', 'm', 'i', 't', 'i', 'g', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ddos-mitigation.info", true */ 'd', 'd', 'o', 's', '-', 'm', 'i', 't', 'i', 'g', 'a', 't', 'i', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "ddracepro.net", true */ 'd', 'd', 'r', 'a', 'c', 'e', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "dds.mil", true */ 'd', 'd', 's', '.', 'm', 'i', 'l', '\0', + /* "de-mail.info", true */ 'd', 'e', '-', 'm', 'a', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "de-medici.nl", true */ 'd', 'e', '-', 'm', 'e', 'd', 'i', 'c', 'i', '.', 'n', 'l', '\0', + /* "de-rwa.de", true */ 'd', 'e', '-', 'r', 'w', 'a', '.', 'd', 'e', '\0', + /* "de-spil.be", true */ 'd', 'e', '-', 's', 'p', 'i', 'l', '.', 'b', 'e', '\0', + /* "de.search.yahoo.com", false */ 'd', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "deadbeef.ninja", true */ 'd', 'e', 'a', 'd', 'b', 'e', 'e', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "deadc0de.re", true */ 'd', 'e', 'a', 'd', 'c', '0', 'd', 'e', '.', 'r', 'e', '\0', + /* "deadmann.com", true */ 'd', 'e', 'a', 'd', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "deaf.dating", true */ 'd', 'e', 'a', 'f', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "deaf.eu.org", true */ 'd', 'e', 'a', 'f', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "deai-life.biz", true */ 'd', 'e', 'a', 'i', '-', 'l', 'i', 'f', 'e', '.', 'b', 'i', 'z', '\0', + /* "deaktualisierung.org", false */ 'd', 'e', 'a', 'k', 't', 'u', 'a', 'l', 'i', 's', 'i', 'e', 'r', 'u', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "dealapp.nl", true */ 'd', 'e', 'a', 'l', 'a', 'p', 'p', '.', 'n', 'l', '\0', + /* "dealbanana.at", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'a', 't', '\0', + /* "dealbanana.be", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'b', 'e', '\0', + /* "dealbanana.ch", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'h', '\0', + /* "dealbanana.co.uk", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dealbanana.com", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "dealbanana.de", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'd', 'e', '\0', + /* "dealbanana.fi", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'f', 'i', '\0', + /* "dealbanana.fr", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'f', 'r', '\0', + /* "dealbanana.it", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'i', 't', '\0', + /* "dealbanana.se", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 's', 'e', '\0', + /* "dealcruiser.nl", true */ 'd', 'e', 'a', 'l', 'c', 'r', 'u', 'i', 's', 'e', 'r', '.', 'n', 'l', '\0', + /* "dealinflatables.co.uk", true */ 'd', 'e', 'a', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dealpass.no", true */ 'd', 'e', 'a', 'l', 'p', 'a', 's', 's', '.', 'n', 'o', '\0', + /* "deamuseum.org", true */ 'd', 'e', 'a', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "deanbank.com", true */ 'd', 'e', 'a', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "deanjerkovich.com", true */ 'd', 'e', 'a', 'n', 'j', 'e', 'r', 'k', 'o', 'v', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "deanmorgan.org", true */ 'd', 'e', 'a', 'n', 'm', 'o', 'r', 'g', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "deano-s.co.uk", true */ 'd', 'e', 'a', 'n', 'o', '-', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "deanosplace.net", true */ 'd', 'e', 'a', 'n', 'o', 's', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "deanpearce.net", true */ 'd', 'e', 'a', 'n', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "dearfcc.com", true */ 'd', 'e', 'a', 'r', 'f', 'c', 'c', '.', 'c', 'o', 'm', '\0', + /* "dearfcc.net", true */ 'd', 'e', 'a', 'r', 'f', 'c', 'c', '.', 'n', 'e', 't', '\0', + /* "dearfcc.org", true */ 'd', 'e', 'a', 'r', 'f', 'c', 'c', '.', 'o', 'r', 'g', '\0', + /* "dearnevalleybouncycastles.co.uk", true */ 'd', 'e', 'a', 'r', 'n', 'e', 'v', 'a', 'l', 'l', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "deathy.ro", true */ 'd', 'e', 'a', 't', 'h', 'y', '.', 'r', 'o', '\0', + /* "debie-usedcars.be", true */ 'd', 'e', 'b', 'i', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "debigare.com", true */ 'd', 'e', 'b', 'i', 'g', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "debitoutil.com", true */ 'd', 'e', 'b', 'i', 't', 'o', 'u', 't', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "debitpaie.com", true */ 'd', 'e', 'b', 'i', 't', 'p', 'a', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "deborahmarinelli.eu", true */ 'd', 'e', 'b', 'o', 'r', 'a', 'h', 'm', 'a', 'r', 'i', 'n', 'e', 'l', 'l', 'i', '.', 'e', 'u', '\0', + /* "debron-ot.nl", true */ 'd', 'e', 'b', 'r', 'o', 'n', '-', 'o', 't', '.', 'n', 'l', '\0', + /* "debrusoft.ch", true */ 'd', 'e', 'b', 'r', 'u', 's', 'o', 'f', 't', '.', 'c', 'h', '\0', + /* "debt.com", true */ 'd', 'e', 'b', 't', '.', 'c', 'o', 'm', '\0', + /* "debtrecycling.com.au", true */ 'd', 'e', 'b', 't', 'r', 'e', 'c', 'y', 'c', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "debuemon.com", true */ 'd', 'e', 'b', 'u', 'e', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "debuis.nl", true */ 'd', 'e', 'b', 'u', 'i', 's', '.', 'n', 'l', '\0', + /* "decalquai.ch", true */ 'd', 'e', 'c', 'a', 'l', 'q', 'u', 'a', 'i', '.', 'c', 'h', '\0', + /* "decentralizedweb.net", true */ 'd', 'e', 'c', 'e', 'n', 't', 'r', 'a', 'l', 'i', 'z', 'e', 'd', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0', + /* "dechat.nl", true */ 'd', 'e', 'c', 'h', 'a', 't', '.', 'n', 'l', '\0', + /* "decidetreatment.org", true */ 'd', 'e', 'c', 'i', 'd', 'e', 't', 'r', 'e', 'a', 't', 'm', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "decock-usedcars.be", true */ 'd', 'e', 'c', 'o', 'c', 'k', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "decodeanddestroy.com", true */ 'd', 'e', 'c', 'o', 'd', 'e', 'a', 'n', 'd', 'd', 'e', 's', 't', 'r', 'o', 'y', '.', 'c', 'o', 'm', '\0', + /* "decoder.link", true */ 'd', 'e', 'c', 'o', 'd', 'e', 'r', '.', 'l', 'i', 'n', 'k', '\0', + /* "decomplify.com", true */ 'd', 'e', 'c', 'o', 'm', 'p', 'l', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "decor-d.com", true */ 'd', 'e', 'c', 'o', 'r', '-', 'd', '.', 'c', 'o', 'm', '\0', + /* "decoraid.com", true */ 'd', 'e', 'c', 'o', 'r', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "decoratrix.com", true */ 'd', 'e', 'c', 'o', 'r', 'a', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "decorauvent.ca", true */ 'd', 'e', 'c', 'o', 'r', 'a', 'u', 'v', 'e', 'n', 't', '.', 'c', 'a', '\0', + /* "decorestilo.com.br", true */ 'd', 'e', 'c', 'o', 'r', 'e', 's', 't', 'i', 'l', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "decorincasa.com.br", true */ 'd', 'e', 'c', 'o', 'r', 'i', 'n', 'c', 'a', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "decormiernissanparts.com", true */ 'd', 'e', 'c', 'o', 'r', 'm', 'i', 'e', 'r', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "decosoftware.com", true */ 'd', 'e', 'c', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "decrousaz-ceramique.ch", true */ 'd', 'e', 'c', 'r', 'o', 'u', 's', 'a', 'z', '-', 'c', 'e', 'r', 'a', 'm', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0', + /* "decstasy.de", true */ 'd', 'e', 'c', 's', 't', 'a', 's', 'y', '.', 'd', 'e', '\0', + /* "dede.ml", true */ 'd', 'e', 'd', 'e', '.', 'm', 'l', '\0', + /* "dedelta.net", true */ 'd', 'e', 'd', 'e', 'l', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "dedimax.de", true */ 'd', 'e', 'd', 'i', 'm', 'a', 'x', '.', 'd', 'e', '\0', + /* "dedmorozrzn.ru", true */ 'd', 'e', 'd', 'm', 'o', 'r', 'o', 'z', 'r', 'z', 'n', '.', 'r', 'u', '\0', + /* "deduijventil.nl", true */ 'd', 'e', 'd', 'u', 'i', 'j', 'v', 'e', 'n', 't', 'i', 'l', '.', 'n', 'l', '\0', + /* "dee.pe", true */ 'd', 'e', 'e', '.', 'p', 'e', '\0', + /* "dee.su", true */ 'd', 'e', 'e', '.', 's', 'u', '\0', + /* "deegeeinflatables.co.uk", true */ 'd', 'e', 'e', 'g', 'e', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "deep.club", true */ 'd', 'e', 'e', 'p', '.', 'c', 'l', 'u', 'b', '\0', + /* "deeparamaraj.com", true */ 'd', 'e', 'e', 'p', 'a', 'r', 'a', 'm', 'a', 'r', 'a', 'j', '.', 'c', 'o', 'm', '\0', + /* "deepbluecrafting.co.uk", true */ 'd', 'e', 'e', 'p', 'b', 'l', 'u', 'e', 'c', 'r', 'a', 'f', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "deephill.com", true */ 'd', 'e', 'e', 'p', 'h', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "deepserve.info", true */ 'd', 'e', 'e', 'p', 's', 'e', 'r', 'v', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "deepsouthsounds.com", true */ 'd', 'e', 'e', 'p', 's', 'o', 'u', 't', 'h', 's', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "deepvalley.tech", true */ 'd', 'e', 'e', 'p', 'v', 'a', 'l', 'l', 'e', 'y', '.', 't', 'e', 'c', 'h', '\0', + /* "deepzz.com", true */ 'd', 'e', 'e', 'p', 'z', 'z', '.', 'c', 'o', 'm', '\0', + /* "deer.team", true */ 'd', 'e', 'e', 'r', '.', 't', 'e', 'a', 'm', '\0', + /* "deezeno.com", true */ 'd', 'e', 'e', 'z', 'e', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "def-pos.ru", true */ 'd', 'e', 'f', '-', 'p', 'o', 's', '.', 'r', 'u', '\0', + /* "defcon.org", true */ 'd', 'e', 'f', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "defendas.com", true */ 'd', 'e', 'f', 'e', 'n', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "defender-pro.com", true */ 'd', 'e', 'f', 'e', 'n', 'd', 'e', 'r', '-', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "defendinnovation.org", true */ 'd', 'e', 'f', 'e', 'n', 'd', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "defero.io", true */ 'd', 'e', 'f', 'e', 'r', 'o', '.', 'i', 'o', '\0', + /* "defi-metier.com", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "defi-metier.fr", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', '.', 'f', 'r', '\0', + /* "defi-metier.org", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "defi-metiers.com", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "defi-metiers.fr", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'f', 'r', '\0', + /* "defi-metiers.org", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "defimetier.fr", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', '.', 'f', 'r', '\0', + /* "defimetier.org", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "defimetiers.com", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "defimetiers.fr", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'f', 'r', '\0', + /* "deflect.ca", true */ 'd', 'e', 'f', 'l', 'e', 'c', 't', '.', 'c', 'a', '\0', + /* "defman.me", true */ 'd', 'e', 'f', 'm', 'a', 'n', '.', 'm', 'e', '\0', + /* "defme.eu", true */ 'd', 'e', 'f', 'm', 'e', '.', 'e', 'u', '\0', + /* "defont.nl", true */ 'd', 'e', 'f', 'o', 'n', 't', '.', 'n', 'l', '\0', + /* "defrax.com", true */ 'd', 'e', 'f', 'r', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "defrax.de", true */ 'd', 'e', 'f', 'r', 'a', 'x', '.', 'd', 'e', '\0', + /* "deftek.com", true */ 'd', 'e', 'f', 't', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "deftnerd.com", true */ 'd', 'e', 'f', 't', 'n', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "defuse.ca", true */ 'd', 'e', 'f', 'u', 's', 'e', '.', 'c', 'a', '\0', + /* "defxing.net", true */ 'd', 'e', 'f', 'x', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "degata.com", true */ 'd', 'e', 'g', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "degeberg.com", true */ 'd', 'e', 'g', 'e', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "degeberg.dk", true */ 'd', 'e', 'g', 'e', 'b', 'e', 'r', 'g', '.', 'd', 'k', '\0', + /* "degen-elektrotechnik.de", true */ 'd', 'e', 'g', 'e', 'n', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0', + /* "degoulet.net", true */ 'd', 'e', 'g', 'o', 'u', 'l', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "degraafschapdierenartsen.nl", true */ 'd', 'e', 'g', 'r', 'a', 'a', 'f', 's', 'c', 'h', 'a', 'p', 'd', 'i', 'e', 'r', 'e', 'n', 'a', 'r', 't', 's', 'e', 'n', '.', 'n', 'l', '\0', + /* "degracetechnologie.com", true */ 'd', 'e', 'g', 'r', 'a', 'c', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "dehopre.com", true */ 'd', 'e', 'h', 'o', 'p', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "dehydrated.de", true */ 'd', 'e', 'h', 'y', 'd', 'r', 'a', 't', 'e', 'd', '.', 'd', 'e', '\0', + /* "deidee.nl", true */ 'd', 'e', 'i', 'd', 'e', 'e', '.', 'n', 'l', '\0', + /* "deinballon.de", true */ 'd', 'e', 'i', 'n', 'b', 'a', 'l', 'l', 'o', 'n', '.', 'd', 'e', '\0', + /* "deinewebsite.de", true */ 'd', 'e', 'i', 'n', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'd', 'e', '\0', + /* "deinfoto.ch", true */ 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0', + /* "deitti.net", true */ 'd', 'e', 'i', 't', 't', 'i', '.', 'n', 'e', 't', '\0', + /* "dejan.media", true */ 'd', 'e', 'j', 'a', 'n', '.', 'm', 'e', 'd', 'i', 'a', '\0', + /* "dejandayoff.com", true */ 'd', 'e', 'j', 'a', 'n', 'd', 'a', 'y', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "dejure.org", true */ 'd', 'e', 'j', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "dejw.cz", true */ 'd', 'e', 'j', 'w', '.', 'c', 'z', '\0', + /* "dekasiba.com", true */ 'd', 'e', 'k', 'a', 's', 'i', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "delahrzolder.nl", true */ 'd', 'e', 'l', 'a', 'h', 'r', 'z', 'o', 'l', 'd', 'e', 'r', '.', 'n', 'l', '\0', + /* "delbecqvo.be", true */ 'd', 'e', 'l', 'b', 'e', 'c', 'q', 'v', 'o', '.', 'b', 'e', '\0', + /* "delbrouck.ch", true */ 'd', 'e', 'l', 'b', 'r', 'o', 'u', 'c', 'k', '.', 'c', 'h', '\0', + /* "deleidscheflesch.nl", true */ 'd', 'e', 'l', 'e', 'i', 'd', 's', 'c', 'h', 'e', 'f', 'l', 'e', 's', 'c', 'h', '.', 'n', 'l', '\0', + /* "delfic.org", true */ 'd', 'e', 'l', 'f', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "delhionlinegifts.com", true */ 'd', 'e', 'l', 'h', 'i', 'o', 'n', 'l', 'i', 'n', 'e', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "deliandiver.org", true */ 'd', 'e', 'l', 'i', 'a', 'n', 'd', 'i', 'v', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "deliberatedigital.com", true */ 'd', 'e', 'l', 'i', 'b', 'e', 'r', 'a', 't', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "deliciisanatoase.ro", true */ 'd', 'e', 'l', 'i', 'c', 'i', 'i', 's', 'a', 'n', 'a', 't', 'o', 'a', 's', 'e', '.', 'r', 'o', '\0', + /* "deliciousmedia.co.uk", true */ 'd', 'e', 'l', 'i', 'c', 'i', 'o', 'u', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "delicioustable.com", true */ 'd', 'e', 'l', 'i', 'c', 'i', 'o', 'u', 's', 't', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "delitto.top", true */ 'd', 'e', 'l', 'i', 't', 't', 'o', '.', 't', 'o', 'p', '\0', + /* "deliver.moe", true */ 'd', 'e', 'l', 'i', 'v', 'e', 'r', '.', 'm', 'o', 'e', '\0', + /* "delivery.co.at", true */ 'd', 'e', 'l', 'i', 'v', 'e', 'r', 'y', '.', 'c', 'o', '.', 'a', 't', '\0', + /* "dellipaoli.com", true */ 'd', 'e', 'l', 'l', 'i', 'p', 'a', 'o', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "delogo.nl", true */ 'd', 'e', 'l', 'o', 'g', 'o', '.', 'n', 'l', '\0', + /* "delphine.dance", true */ 'd', 'e', 'l', 'p', 'h', 'i', 'n', 'e', '.', 'd', 'a', 'n', 'c', 'e', '\0', + /* "delta-data.ch", true */ 'd', 'e', 'l', 't', 'a', '-', 'd', 'a', 't', 'a', '.', 'c', 'h', '\0', + /* "delta-smart.ch", true */ 'd', 'e', 'l', 't', 'a', '-', 's', 'm', 'a', 'r', 't', '.', 'c', 'h', '\0', + /* "delta.ru", true */ 'd', 'e', 'l', 't', 'a', '.', 'r', 'u', '\0', + /* "delta23.de", true */ 'd', 'e', 'l', 't', 'a', '2', '3', '.', 'd', 'e', '\0', + /* "deltaacademy.org", true */ 'd', 'e', 'l', 't', 'a', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'o', 'r', 'g', '\0', + /* "deltadata.ch", true */ 'd', 'e', 'l', 't', 'a', 'd', 'a', 't', 'a', '.', 'c', 'h', '\0', + /* "deltasmart.ch", true */ 'd', 'e', 'l', 't', 'a', 's', 'm', 'a', 'r', 't', '.', 'c', 'h', '\0', + /* "deltava.org", true */ 'd', 'e', 'l', 't', 'a', 'v', 'a', '.', 'o', 'r', 'g', '\0', + /* "demandware.com", true */ 'd', 'e', 'm', 'a', 'n', 'd', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "demarche-expresse.com", true */ 'd', 'e', 'm', 'a', 'r', 'c', 'h', 'e', '-', 'e', 'x', 'p', 'r', 'e', 's', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "demarle.ch", true */ 'd', 'e', 'm', 'a', 'r', 'l', 'e', '.', 'c', 'h', '\0', + /* "dementiapraecox.de", true */ 'd', 'e', 'm', 'e', 'n', 't', 'i', 'a', 'p', 'r', 'a', 'e', 'c', 'o', 'x', '.', 'd', 'e', '\0', + /* "demeyere-usedcars.be", true */ 'd', 'e', 'm', 'e', 'y', 'e', 'r', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "demfloro.ru", true */ 'd', 'e', 'm', 'f', 'l', 'o', 'r', 'o', '.', 'r', 'u', '\0', + /* "demijn.nl", true */ 'd', 'e', 'm', 'i', 'j', 'n', '.', 'n', 'l', '\0', + /* "demilletech.net", true */ 'd', 'e', 'm', 'i', 'l', 'l', 'e', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "demo.sb", true */ 'd', 'e', 'm', 'o', '.', 's', 'b', '\0', + /* "demo.swedbank.se", true */ 'd', 'e', 'm', 'o', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0', + /* "demo9.ovh", true */ 'd', 'e', 'm', 'o', '9', '.', 'o', 'v', 'h', '\0', + /* "democracy.io", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', '.', 'i', 'o', '\0', + /* "democracychronicles.com", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', 'c', 'h', 'r', 'o', 'n', 'i', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "democracyineurope.eu", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', 'i', 'n', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'e', 'u', '\0', + /* "democraticdifference.com", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'c', 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "democraziaineuropa.eu", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'z', 'i', 'a', 'i', 'n', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'e', 'u', '\0', + /* "demoniak.ch", true */ 'd', 'e', 'm', 'o', 'n', 'i', 'a', 'k', '.', 'c', 'h', '\0', + /* "demonwav.com", true */ 'd', 'e', 'm', 'o', 'n', 'w', 'a', 'v', '.', 'c', 'o', 'm', '\0', + /* "demonwolfdev.com", true */ 'd', 'e', 'm', 'o', 'n', 'w', 'o', 'l', 'f', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "demotivatorbi.ru", true */ 'd', 'e', 'm', 'o', 't', 'i', 'v', 'a', 't', 'o', 'r', 'b', 'i', '.', 'r', 'u', '\0', + /* "demuzere.be", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'b', 'e', '\0', + /* "demuzere.com", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "demuzere.eu", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'e', 'u', '\0', + /* "demuzere.net", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "demuzere.org", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "denabot.pw", true */ 'd', 'e', 'n', 'a', 'b', 'o', 't', '.', 'p', 'w', '\0', + /* "denaehula.com", true */ 'd', 'e', 'n', 'a', 'e', 'h', 'u', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "denardbrewing.com", true */ 'd', 'e', 'n', 'a', 'r', 'd', 'b', 'r', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "dengchangdong.com", true */ 'd', 'e', 'n', 'g', 'c', 'h', 'a', 'n', 'g', 'd', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "dengode.eu", true */ 'd', 'e', 'n', 'g', 'o', 'd', 'e', '.', 'e', 'u', '\0', + /* "denimio.com", true */ 'd', 'e', 'n', 'i', 'm', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "denimtoday.com", true */ 'd', 'e', 'n', 'i', 'm', 't', 'o', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "denis-martinez.photos", true */ 'd', 'e', 'n', 'i', 's', '-', 'm', 'a', 'r', 't', 'i', 'n', 'e', 'z', '.', 'p', 'h', 'o', 't', 'o', 's', '\0', + /* "denisewakeman.com", true */ 'd', 'e', 'n', 'i', 's', 'e', 'w', 'a', 'k', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "denistruffaut.fr", true */ 'd', 'e', 'n', 'i', 's', 't', 'r', 'u', 'f', 'f', 'a', 'u', 't', '.', 'f', 'r', '\0', + /* "deniszczuk.pl", true */ 'd', 'e', 'n', 'i', 's', 'z', 'c', 'z', 'u', 'k', '.', 'p', 'l', '\0', + /* "dennisang.com", true */ 'd', 'e', 'n', 'n', 'i', 's', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "dennisdoes.net", false */ 'd', 'e', 'n', 'n', 'i', 's', 'd', 'o', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "denniskoot.nl", true */ 'd', 'e', 'n', 'n', 'i', 's', 'k', 'o', 'o', 't', '.', 'n', 'l', '\0', + /* "dennispotter.eu", true */ 'd', 'e', 'n', 'n', 'i', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'e', 'u', '\0', + /* "dennisvandenbos.nl", true */ 'd', 'e', 'n', 'n', 'i', 's', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0', + /* "dennogumi.org", true */ 'd', 'e', 'n', 'n', 'o', 'g', 'u', 'm', 'i', '.', 'o', 'r', 'g', '\0', + /* "denous.nl", true */ 'd', 'e', 'n', 'o', 'u', 's', '.', 'n', 'l', '\0', + /* "dent.uy", true */ 'd', 'e', 'n', 't', '.', 'u', 'y', '\0', + /* "dental-misaki.com", true */ 'd', 'e', 'n', 't', 'a', 'l', '-', 'm', 'i', 's', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "dentallaborgeraeteservice.de", true */ 'd', 'e', 'n', 't', 'a', 'l', 'l', 'a', 'b', 'o', 'r', 'g', 'e', 'r', 'a', 'e', 't', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'd', 'e', '\0', + /* "dentfix.ro", true */ 'd', 'e', 'n', 't', 'f', 'i', 'x', '.', 'r', 'o', '\0', + /* "dentistglasgow.com", true */ 'd', 'e', 'n', 't', 'i', 's', 't', 'g', 'l', 'a', 's', 'g', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "dentrassi.de", true */ 'd', 'e', 'n', 't', 'r', 'a', 's', 's', 'i', '.', 'd', 'e', '\0', + /* "dentystabirmingham.co.uk", true */ 'd', 'e', 'n', 't', 'y', 's', 't', 'a', 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "denverphilharmonic.org", true */ 'd', 'e', 'n', 'v', 'e', 'r', 'p', 'h', 'i', 'l', 'h', 'a', 'r', 'm', 'o', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "deontology.com", true */ 'd', 'e', 'o', 'n', 't', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "depaddestoeltjes.be", true */ 'd', 'e', 'p', 'a', 'd', 'd', 'e', 's', 't', 'o', 'e', 'l', 't', 'j', 'e', 's', '.', 'b', 'e', '\0', + /* "depechemode-live.com", true */ 'd', 'e', 'p', 'e', 'c', 'h', 'e', 'm', 'o', 'd', 'e', '-', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "depedshs.com", true */ 'd', 'e', 'p', 'e', 'd', 's', 'h', 's', '.', 'c', 'o', 'm', '\0', + /* "depicus.com", true */ 'd', 'e', 'p', 'i', 'c', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "depone.net", true */ 'd', 'e', 'p', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "depotsquarekerrville.com", true */ 'd', 'e', 'p', 'o', 't', 's', 'q', 'u', 'a', 'r', 'e', 'k', 'e', 'r', 'r', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "depotter-usedcars.be", true */ 'd', 'e', 'p', 'o', 't', 't', 'e', 'r', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "deprecate.de", true */ 'd', 'e', 'p', 'r', 'e', 'c', 'a', 't', 'e', '.', 'd', 'e', '\0', + /* "deprobe.pro", true */ 'd', 'e', 'p', 'r', 'o', 'b', 'e', '.', 'p', 'r', 'o', '\0', + /* "depth-co.jp", true */ 'd', 'e', 'p', 't', 'h', '-', 'c', 'o', '.', 'j', 'p', '\0', + /* "depthe.gr", true */ 'd', 'e', 'p', 't', 'h', 'e', '.', 'g', 'r', '\0', + /* "der-bank-blog.de", true */ 'd', 'e', 'r', '-', 'b', 'a', 'n', 'k', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "der-gardinenmann.de", true */ 'd', 'e', 'r', '-', 'g', 'a', 'r', 'd', 'i', 'n', 'e', 'n', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "der-rudi.eu", true */ 'd', 'e', 'r', '-', 'r', 'u', 'd', 'i', '.', 'e', 'u', '\0', + /* "der-stein-fluesterer.de", true */ 'd', 'e', 'r', '-', 's', 't', 'e', 'i', 'n', '-', 'f', 'l', 'u', 'e', 's', 't', 'e', 'r', 'e', 'r', '.', 'd', 'e', '\0', + /* "derattizzazione.name", true */ 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'n', 'a', 'm', 'e', '\0', + /* "derattizzazioni.biz", true */ 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'b', 'i', 'z', '\0', + /* "derattizzazioni.org", true */ 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'o', 'r', 'g', '\0', + /* "derbybouncycastles.com", true */ 'd', 'e', 'r', 'b', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "derbyshire-language-scheme.co.uk", true */ 'd', 'e', 'r', 'b', 'y', 's', 'h', 'i', 'r', 'e', '-', 'l', 'a', 'n', 'g', 'u', 'a', 'g', 'e', '-', 's', 'c', 'h', 'e', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "derdewereldrommelmarkt.nl", true */ 'd', 'e', 'r', 'd', 'e', 'w', 'e', 'r', 'e', 'l', 'd', 'r', 'o', 'm', 'm', 'e', 'l', 'm', 'a', 'r', 'k', 't', '.', 'n', 'l', '\0', + /* "derechosdigitales.org", true */ 'd', 'e', 'r', 'e', 'c', 'h', 'o', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "dereferenced.net", true */ 'd', 'e', 'r', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "derehamcastles.co.uk", true */ 'd', 'e', 'r', 'e', 'h', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "derekkent.com", true */ 'd', 'e', 'r', 'e', 'k', 'k', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "derekseaman.com", true */ 'd', 'e', 'r', 'e', 'k', 's', 'e', 'a', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "derekseaman.studio", true */ 'd', 'e', 'r', 'e', 'k', 's', 'e', 'a', 'm', 'a', 'n', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "dergeilstestammderwelt.de", true */ 'd', 'e', 'r', 'g', 'e', 'i', 'l', 's', 't', 'e', 's', 't', 'a', 'm', 'm', 'd', 'e', 'r', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0', + /* "derhil.de", true */ 'd', 'e', 'r', 'h', 'i', 'l', '.', 'd', 'e', '\0', + /* "derive.cc", true */ 'd', 'e', 'r', 'i', 'v', 'e', '.', 'c', 'c', '\0', + /* "dermapuur.nl", true */ 'd', 'e', 'r', 'm', 'a', 'p', 'u', 'u', 'r', '.', 'n', 'l', '\0', + /* "dermatologie-morges.ch", true */ 'd', 'e', 'r', 'm', 'a', 't', 'o', 'l', 'o', 'g', 'i', 'e', '-', 'm', 'o', 'r', 'g', 'e', 's', '.', 'c', 'h', '\0', + /* "dermediq.nl", true */ 'd', 'e', 'r', 'm', 'e', 'd', 'i', 'q', '.', 'n', 'l', '\0', + /* "dermot.org.uk", true */ 'd', 'e', 'r', 'm', 'o', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "deroo.org", true */ 'd', 'e', 'r', 'o', 'o', '.', 'o', 'r', 'g', '\0', + /* "derp.army", true */ 'd', 'e', 'r', 'p', '.', 'a', 'r', 'm', 'y', '\0', + /* "derre.fr", true */ 'd', 'e', 'r', 'r', 'e', '.', 'f', 'r', '\0', + /* "derreichesack.com", true */ 'd', 'e', 'r', 'r', 'e', 'i', 'c', 'h', 'e', 's', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "dersix.com", true */ 'd', 'e', 'r', 's', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "dersoundhunter.de", true */ 'd', 'e', 'r', 's', 'o', 'u', 'n', 'd', 'h', 'u', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "derstulle.de", true */ 'd', 'e', 'r', 's', 't', 'u', 'l', 'l', 'e', '.', 'd', 'e', '\0', + /* "des-hommes-et-des-clous.com", true */ 'd', 'e', 's', '-', 'h', 'o', 'm', 'm', 'e', 's', '-', 'e', 't', '-', 'd', 'e', 's', '-', 'c', 'l', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "desagaz.com", true */ 'd', 'e', 's', 'a', 'g', 'a', 'z', '.', 'c', 'o', 'm', '\0', + /* "desarrollowp.com", true */ 'd', 'e', 's', 'a', 'r', 'r', 'o', 'l', 'l', 'o', 'w', 'p', '.', 'c', 'o', 'm', '\0', + /* "descartes-finance.com", true */ 'd', 'e', 's', 'c', 'a', 'r', 't', 'e', 's', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "desec.io", true */ 'd', 'e', 's', 'e', 'c', '.', 'i', 'o', '\0', + /* "desertsounds.org", true */ 'd', 'e', 's', 'e', 'r', 't', 's', 'o', 'u', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0', + /* "desgenst.ch", true */ 'd', 'e', 's', 'g', 'e', 'n', 's', 't', '.', 'c', 'h', '\0', + /* "design-fu.com", true */ 'd', 'e', 's', 'i', 'g', 'n', '-', 'f', 'u', '.', 'c', 'o', 'm', '\0', + /* "design-tooning.de", true */ 'd', 'e', 's', 'i', 'g', 'n', '-', 't', 'o', 'o', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "designanyware.com.br", true */ 'd', 'e', 's', 'i', 'g', 'n', 'a', 'n', 'y', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "designdevs.eu", true */ 'd', 'e', 's', 'i', 'g', 'n', 'd', 'e', 'v', 's', '.', 'e', 'u', '\0', + /* "designed-cybersecurity.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 'e', 'd', '-', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "designedcybersecurity.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 'e', 'd', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "designer-drug.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '-', 'd', 'r', 'u', 'g', '.', 'c', 'o', 'm', '\0', + /* "designgraphic.fr", true */ 'd', 'e', 's', 'i', 'g', 'n', 'g', 'r', 'a', 'p', 'h', 'i', 'c', '.', 'f', 'r', '\0', + /* "designhotel-kronjuwel.de", true */ 'd', 'e', 's', 'i', 'g', 'n', 'h', 'o', 't', 'e', 'l', '-', 'k', 'r', 'o', 'n', 'j', 'u', 'w', 'e', 'l', '.', 'd', 'e', '\0', + /* "designsbyjanith.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 's', 'b', 'y', 'j', 'a', 'n', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "designsbykerrialee.co.uk", true */ 'd', 'e', 's', 'i', 'g', 'n', 's', 'b', 'y', 'k', 'e', 'r', 'r', 'i', 'a', 'l', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "designskin.ch", true */ 'd', 'e', 's', 'i', 'g', 'n', 's', 'k', 'i', 'n', '.', 'c', 'h', '\0', + /* "designville.cz", true */ 'd', 'e', 's', 'i', 'g', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'z', '\0', + /* "designville.sk", true */ 'd', 'e', 's', 'i', 'g', 'n', 'v', 'i', 'l', 'l', 'e', '.', 's', 'k', '\0', + /* "desila.jp", true */ 'd', 'e', 's', 'i', 'l', 'a', '.', 'j', 'p', '\0', + /* "desktopfx.net", false */ 'd', 'e', 's', 'k', 't', 'o', 'p', 'f', 'x', '.', 'n', 'e', 't', '\0', + /* "deskture.com", true */ 'd', 'e', 's', 'k', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "desmaakvanplanten.be", true */ 'd', 'e', 's', 'm', 'a', 'a', 'k', 'v', 'a', 'n', 'p', 'l', 'a', 'n', 't', 'e', 'n', '.', 'b', 'e', '\0', + /* "desmo.gg", true */ 'd', 'e', 's', 'm', 'o', '.', 'g', 'g', '\0', + /* "despertadoronline.com.es", true */ 'd', 'e', 's', 'p', 'e', 'r', 't', 'a', 'd', 'o', 'r', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'e', 's', '\0', + /* "desplats.com.ar", true */ 'd', 'e', 's', 'p', 'l', 'a', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "despotika.de", true */ 'd', 'e', 's', 'p', 'o', 't', 'i', 'k', 'a', '.', 'd', 'e', '\0', + /* "dessinemoilademocratie.ch", true */ 'd', 'e', 's', 's', 'i', 'n', 'e', 'm', 'o', 'i', 'l', 'a', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'e', '.', 'c', 'h', '\0', + /* "desterman.ru", true */ 'd', 'e', 's', 't', 'e', 'r', 'm', 'a', 'n', '.', 'r', 'u', '\0', + /* "destileria.net.br", true */ 'd', 'e', 's', 't', 'i', 'l', 'e', 'r', 'i', 'a', '.', 'n', 'e', 't', '.', 'b', 'r', '\0', + /* "destinationsofnewyorkstate.com", true */ 'd', 'e', 's', 't', 'i', 'n', 'a', 't', 'i', 'o', 'n', 's', 'o', 'f', 'n', 'e', 'w', 'y', 'o', 'r', 'k', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "destinattorneyjohngreene.com", true */ 'd', 'e', 's', 't', 'i', 'n', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', 'j', 'o', 'h', 'n', 'g', 'r', 'e', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "desu.ne.jp", true */ 'd', 'e', 's', 'u', '.', 'n', 'e', '.', 'j', 'p', '\0', + /* "det-te.ch", true */ 'd', 'e', 't', '-', 't', 'e', '.', 'c', 'h', '\0', + /* "detalhecomercio.com.br", true */ 'd', 'e', 't', 'a', 'l', 'h', 'e', 'c', 'o', 'm', 'e', 'r', 'c', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "detalyedesigngroup.com", true */ 'd', 'e', 't', 'a', 'l', 'y', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "detechnologiecooperatie.nl", true */ 'd', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 'c', 'o', 'o', 'p', 'e', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0', + /* "detectify.com", false */ 'd', 'e', 't', 'e', 'c', 't', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "detekenmuze.nl", true */ 'd', 'e', 't', 'e', 'k', 'e', 'n', 'm', 'u', 'z', 'e', '.', 'n', 'l', '\0', + /* "dethemium.com", true */ 'd', 'e', 't', 'h', 'e', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "dethikiemtra.com", true */ 'd', 'e', 't', 'h', 'i', 'k', 'i', 'e', 'm', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "detoxetmoi.com", true */ 'd', 'e', 't', 'o', 'x', 'e', 't', 'm', 'o', 'i', '.', 'c', 'o', 'm', '\0', + /* "detoxsinutritie.ro", true */ 'd', 'e', 't', 'o', 'x', 's', 'i', 'n', 'u', 't', 'r', 'i', 't', 'i', 'e', '.', 'r', 'o', '\0', + /* "detroit-english.de", true */ 'd', 'e', 't', 'r', 'o', 'i', 't', '-', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'd', 'e', '\0', + /* "detroitstylepizza.com", true */ 'd', 'e', 't', 'r', 'o', 'i', 't', 's', 't', 'y', 'l', 'e', 'p', 'i', 'z', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "detroitzoo.org", true */ 'd', 'e', 't', 'r', 'o', 'i', 't', 'z', 'o', 'o', '.', 'o', 'r', 'g', '\0', + /* "detskysad.com", true */ 'd', 'e', 't', 's', 'k', 'y', 's', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "detuinmuze.nl", true */ 'd', 'e', 't', 'u', 'i', 'n', 'm', 'u', 'z', 'e', '.', 'n', 'l', '\0', + /* "detype.nl", true */ 'd', 'e', 't', 'y', 'p', 'e', '.', 'n', 'l', '\0', + /* "deude.de", true */ 'd', 'e', 'u', 'd', 'e', '.', 'd', 'e', '\0', + /* "deurenfabriek.nl", true */ 'd', 'e', 'u', 'r', 'e', 'n', 'f', 'a', 'b', 'r', 'i', 'e', 'k', '.', 'n', 'l', '\0', + /* "deusu.de", true */ 'd', 'e', 'u', 's', 'u', '.', 'd', 'e', '\0', + /* "deusu.org", true */ 'd', 'e', 'u', 's', 'u', '.', 'o', 'r', 'g', '\0', + /* "deutsch-vietnamesisch-dolmetscher.com", true */ 'd', 'e', 'u', 't', 's', 'c', 'h', '-', 'v', 'i', 'e', 't', 'n', 'a', 'm', 'e', 's', 'i', 's', 'c', 'h', '-', 'd', 'o', 'l', 'm', 'e', 't', 's', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "deutschland-dsl.de", true */ 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '-', 'd', 's', 'l', '.', 'd', 'e', '\0', + /* "deux.solutions", true */ 'd', 'e', 'u', 'x', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0', + /* "deuxsol.co", true */ 'd', 'e', 'u', 'x', 's', 'o', 'l', '.', 'c', 'o', '\0', + /* "deuxsol.com", true */ 'd', 'e', 'u', 'x', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "deuxsolutions.com", true */ 'd', 'e', 'u', 'x', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "dev-brandywineglobal.com", true */ 'd', 'e', 'v', '-', 'b', 'r', 'a', 'n', 'd', 'y', 'w', 'i', 'n', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "dev-pulse-mtn.pantheonsite.io", true */ 'd', 'e', 'v', '-', 'p', 'u', 'l', 's', 'e', '-', 'm', 't', 'n', '.', 'p', 'a', 'n', 't', 'h', 'e', 'o', 'n', 's', 'i', 't', 'e', '.', 'i', 'o', '\0', + /* "dev-talk.net", true */ 'd', 'e', 'v', '-', 't', 'a', 'l', 'k', '.', 'n', 'e', 't', '\0', + /* "devafterdark.com", true */ 'd', 'e', 'v', 'a', 'f', 't', 'e', 'r', 'd', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "devalps.eu", true */ 'd', 'e', 'v', 'a', 'l', 'p', 's', '.', 'e', 'u', '\0', + /* "devb.nl", true */ 'd', 'e', 'v', 'b', '.', 'n', 'l', '\0', + /* "devcast.io", true */ 'd', 'e', 'v', 'c', 'a', 's', 't', '.', 'i', 'o', '\0', + /* "devct.cz", false */ 'd', 'e', 'v', 'c', 't', '.', 'c', 'z', '\0', + /* "devcu.com", true */ 'd', 'e', 'v', 'c', 'u', '.', 'c', 'o', 'm', '\0', + /* "devdesco.com", true */ 'd', 'e', 'v', 'd', 'e', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "devdom.io", true */ 'd', 'e', 'v', 'd', 'o', 'm', '.', 'i', 'o', '\0', + /* "devdoodle.net", true */ 'd', 'e', 'v', 'd', 'o', 'o', 'd', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "devel.cz", true */ 'd', 'e', 'v', 'e', 'l', '.', 'c', 'z', '\0', + /* "develop.cool", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', '.', 'c', 'o', 'o', 'l', '\0', + /* "developer.android.com", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', '.', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "developer.mydigipass.com", false */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', '.', 'm', 'y', 'd', 'i', 'g', 'i', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "developerfair.com", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 'f', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "developermail.io", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 'm', 'a', 'i', 'l', '.', 'i', 'o', '\0', + /* "developers.facebook.com", false */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 's', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "developfx.com", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'f', 'x', '.', 'c', 'o', 'm', '\0', + /* "developmentaid.org", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 'a', 'i', 'd', '.', 'o', 'r', 'g', '\0', + /* "developmentsites.melbourne", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 's', 'i', 't', 'e', 's', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0', + /* "develux.com", true */ 'd', 'e', 'v', 'e', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "develux.net", true */ 'd', 'e', 'v', 'e', 'l', 'u', 'x', '.', 'n', 'e', 't', '\0', + /* "devenney.io", true */ 'd', 'e', 'v', 'e', 'n', 'n', 'e', 'y', '.', 'i', 'o', '\0', + /* "devh.de", true */ 'd', 'e', 'v', 'h', '.', 'd', 'e', '\0', + /* "devh.net", true */ 'd', 'e', 'v', 'h', '.', 'n', 'e', 't', '\0', + /* "deviant.email", true */ 'd', 'e', 'v', 'i', 'a', 'n', 't', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "devillers-occasions.be", true */ 'd', 'e', 'v', 'i', 'l', 'l', 'e', 'r', 's', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0', + /* "devilshakerz.com", true */ 'd', 'e', 'v', 'i', 'l', 's', 'h', 'a', 'k', 'e', 'r', 'z', '.', 'c', 'o', 'm', '\0', + /* "deviltracks.net", true */ 'd', 'e', 'v', 'i', 'l', 't', 'r', 'a', 'c', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "devinfo.net", false */ 'd', 'e', 'v', 'i', 'n', 'f', 'o', '.', 'n', 'e', 't', '\0', + /* "devisnow.fr", true */ 'd', 'e', 'v', 'i', 's', 'n', 'o', 'w', '.', 'f', 'r', '\0', + /* "devjack.de", true */ 'd', 'e', 'v', 'j', 'a', 'c', 'k', '.', 'd', 'e', '\0', + /* "devkit.cc", true */ 'd', 'e', 'v', 'k', 'i', 't', '.', 'c', 'c', '\0', + /* "devklog.net", true */ 'd', 'e', 'v', 'k', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0', + /* "devlamvzw.org", true */ 'd', 'e', 'v', 'l', 'a', 'm', 'v', 'z', 'w', '.', 'o', 'r', 'g', '\0', + /* "devlatron.net", true */ 'd', 'e', 'v', 'l', 'a', 't', 'r', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "devlogr.com", true */ 'd', 'e', 'v', 'l', 'o', 'g', 'r', '.', 'c', 'o', 'm', '\0', + /* "devlux.ch", true */ 'd', 'e', 'v', 'l', 'u', 'x', '.', 'c', 'h', '\0', + /* "devolution.ws", true */ 'd', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'w', 's', '\0', + /* "devonsawatzky.ca", true */ 'd', 'e', 'v', 'o', 'n', 's', 'a', 'w', 'a', 't', 'z', 'k', 'y', '.', 'c', 'a', '\0', + /* "devops-survey.com", true */ 'd', 'e', 'v', 'o', 'p', 's', '-', 's', 'u', 'r', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "devpgsv.com", true */ 'd', 'e', 'v', 'p', 'g', 's', 'v', '.', 'c', 'o', 'm', '\0', + /* "devpsy.info", true */ 'd', 'e', 'v', 'p', 's', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "devstaff.gr", true */ 'd', 'e', 'v', 's', 't', 'a', 'f', 'f', '.', 'g', 'r', '\0', + /* "devyn.ca", true */ 'd', 'e', 'v', 'y', 'n', '.', 'c', 'a', '\0', + /* "devzero.io", true */ 'd', 'e', 'v', 'z', 'e', 'r', 'o', '.', 'i', 'o', '\0', + /* "dewalch.net", true */ 'd', 'e', 'w', 'a', 'l', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "dewapress.com", true */ 'd', 'e', 'w', 'a', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "dexalo.de", true */ 'd', 'e', 'x', 'a', 'l', 'o', '.', 'd', 'e', '\0', + /* "dezeregio.nl", true */ 'd', 'e', 'z', 'e', 'r', 'e', 'g', 'i', 'o', '.', 'n', 'l', '\0', + /* "dezet-ev.de", true */ 'd', 'e', 'z', 'e', 't', '-', 'e', 'v', '.', 'd', 'e', '\0', + /* "dezintranet.com", true */ 'd', 'e', 'z', 'i', 'n', 't', 'r', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "dezmembrariromania.ro", true */ 'd', 'e', 'z', 'm', 'e', 'm', 'b', 'r', 'a', 'r', 'i', 'r', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'r', 'o', '\0', + /* "dezshop24.de", true */ 'd', 'e', 'z', 's', 'h', 'o', 'p', '2', '4', '.', 'd', 'e', '\0', + /* "df1paw.de", true */ 'd', 'f', '1', 'p', 'a', 'w', '.', 'd', 'e', '\0', + /* "dfctaiwan.org", true */ 'd', 'f', 'c', 't', 'a', 'i', 'w', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "dfekt.no", true */ 'd', 'f', 'e', 'k', 't', '.', 'n', 'o', '\0', + /* "dfektlan.no", true */ 'd', 'f', 'e', 'k', 't', 'l', 'a', 'n', '.', 'n', 'o', '\0', + /* "dfixit.com", true */ 'd', 'f', 'i', 'x', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "dfl.mn", true */ 'd', 'f', 'l', '.', 'm', 'n', '\0', + /* "dflcares.com", true */ 'd', 'f', 'l', 'c', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "dfmn.berlin", true */ 'd', 'f', 'm', 'n', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0', + /* "dfranke.com", true */ 'd', 'f', 'r', 'a', 'n', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "dgbouncycastlehire.com", true */ 'd', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "dgby.org", true */ 'd', 'g', 'b', 'y', '.', 'o', 'r', 'g', '\0', + /* "dgeex.eu", true */ 'd', 'g', 'e', 'e', 'x', '.', 'e', 'u', '\0', + /* "dgitup.com", true */ 'd', 'g', 'i', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "dgportals.co.uk", true */ 'd', 'g', 'p', 'o', 'r', 't', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dgpot.com", true */ 'd', 'g', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "dgt-portal.de", true */ 'd', 'g', 't', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0', + /* "dgx.io", true */ 'd', 'g', 'x', '.', 'i', 'o', '\0', + /* "dhautefeuille.eu", true */ 'd', 'h', 'a', 'u', 't', 'e', 'f', 'e', 'u', 'i', 'l', 'l', 'e', '.', 'e', 'u', '\0', + /* "dhauwer.nl", true */ 'd', 'h', 'a', 'u', 'w', 'e', 'r', '.', 'n', 'l', '\0', + /* "dhconcept.ch", true */ 'd', 'h', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'h', '\0', + /* "dheart.net", true */ 'd', 'h', 'e', 'a', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "dhedegaard.dk", true */ 'd', 'h', 'e', 'd', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'k', '\0', + /* "dhhs.gov", true */ 'd', 'h', 'h', 's', '.', 'g', 'o', 'v', '\0', + /* "dhinflatables.co.uk", true */ 'd', 'h', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dhlcotizadorexpo-qa.azurewebsites.net", true */ 'd', 'h', 'l', 'c', 'o', 't', 'i', 'z', 'a', 'd', 'o', 'r', 'e', 'x', 'p', 'o', '-', 'q', 'a', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "dhlinux.org", true */ 'd', 'h', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0', + /* "dhome.at", true */ 'd', 'h', 'o', 'm', 'e', '.', 'a', 't', '\0', + /* "dhxxls.com", true */ 'd', 'h', 'x', 'x', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "di2pra.com", true */ 'd', 'i', '2', 'p', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "di2pra.fr", true */ 'd', 'i', '2', 'p', 'r', 'a', '.', 'f', 'r', '\0', + /* "diabolic.chat", true */ 'd', 'i', 'a', 'b', 'o', 'l', 'i', 'c', '.', 'c', 'h', 'a', 't', '\0', + /* "diadorafitness.es", true */ 'd', 'i', 'a', 'd', 'o', 'r', 'a', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'e', 's', '\0', + /* "diadorafitness.it", true */ 'd', 'i', 'a', 'd', 'o', 'r', 'a', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'i', 't', '\0', + /* "diagnocentro.cl", true */ 'd', 'i', 'a', 'g', 'n', 'o', 'c', 'e', 'n', 't', 'r', 'o', '.', 'c', 'l', '\0', + /* "diagnostix.org", true */ 'd', 'i', 'a', 'g', 'n', 'o', 's', 't', 'i', 'x', '.', 'o', 'r', 'g', '\0', + /* "dialoegue.com", true */ 'd', 'i', 'a', 'l', 'o', 'e', 'g', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "diamante.ro", true */ 'd', 'i', 'a', 'm', 'a', 'n', 't', 'e', '.', 'r', 'o', '\0', + /* "diamondpkg.org", true */ 'd', 'i', 'a', 'm', 'o', 'n', 'd', 'p', 'k', 'g', '.', 'o', 'r', 'g', '\0', + /* "diamondyze.nl", true */ 'd', 'i', 'a', 'm', 'o', 'n', 'd', 'y', 'z', 'e', '.', 'n', 'l', '\0', + /* "diamorphine.com", true */ 'd', 'i', 'a', 'm', 'o', 'r', 'p', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "diamsmedia.ch", true */ 'd', 'i', 'a', 'm', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'h', '\0', + /* "dianefriedli.ch", true */ 'd', 'i', 'a', 'n', 'e', 'f', 'r', 'i', 'e', 'd', 'l', 'i', '.', 'c', 'h', '\0', + /* "dianurse.com", true */ 'd', 'i', 'a', 'n', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "diare-na-miru.cz", true */ 'd', 'i', 'a', 'r', 'e', '-', 'n', 'a', '-', 'm', 'i', 'r', 'u', '.', 'c', 'z', '\0', + /* "diario-egipto.com", true */ 'd', 'i', 'a', 'r', 'i', 'o', '-', 'e', 'g', 'i', 'p', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "diasdasemana.com", true */ 'd', 'i', 'a', 's', 'd', 'a', 's', 'e', 'm', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "diasp.org", true */ 'd', 'i', 'a', 's', 'p', '.', 'o', 'r', 'g', '\0', + /* "diasporadialogues.com", true */ 'd', 'i', 'a', 's', 'p', 'o', 'r', 'a', 'd', 'i', 'a', 'l', 'o', 'g', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "diavo.de", true */ 'd', 'i', 'a', 'v', 'o', '.', 'd', 'e', '\0', + /* "dibiphp.com", true */ 'd', 'i', 'b', 'i', 'p', 'h', 'p', '.', 'c', 'o', 'm', '\0', + /* "diccionarioabierto.com", true */ 'd', 'i', 'c', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'a', 'b', 'i', 'e', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "diccionariodedudas.com", true */ 'd', 'i', 'c', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'd', 'u', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "dice.tokyo", true */ 'd', 'i', 'c', 'e', '.', 't', 'o', 'k', 'y', 'o', '\0', + /* "dichgans-besserer.de", true */ 'd', 'i', 'c', 'h', 'g', 'a', 'n', 's', '-', 'b', 'e', 's', 's', 'e', 'r', 'e', 'r', '.', 'd', 'e', '\0', + /* "dichvudangkygiayphep.com", true */ 'd', 'i', 'c', 'h', 'v', 'u', 'd', 'a', 'n', 'g', 'k', 'y', 'g', 'i', 'a', 'y', 'p', 'h', 'e', 'p', '.', 'c', 'o', 'm', '\0', + /* "dicionario.org", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', '.', 'o', 'r', 'g', '\0', + /* "dicionariodegirias.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'g', 'i', 'r', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dicionariodelatim.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'l', 'a', 't', 'i', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dicionariodenomesproprios.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'n', 'o', 'm', 'e', 's', 'p', 'r', 'o', 'p', 'r', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dicionariodesimbolos.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 's', 'i', 'm', 'b', 'o', 'l', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dicionarioetimologico.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'e', 't', 'i', 'm', 'o', 'l', 'o', 'g', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dickieslife.com", true */ 'd', 'i', 'c', 'k', 'i', 'e', 's', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "dickpics.ru", true */ 'd', 'i', 'c', 'k', 'p', 'i', 'c', 's', '.', 'r', 'u', '\0', + /* "dicoding.com", true */ 'd', 'i', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "didacte.com", true */ 'd', 'i', 'd', 'a', 'c', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "didche.net", true */ 'd', 'i', 'd', 'c', 'h', 'e', '.', 'n', 'e', 't', '\0', + /* "diddens.de", true */ 'd', 'i', 'd', 'd', 'e', 'n', 's', '.', 'd', 'e', '\0', + /* "didikhari.web.id", true */ 'd', 'i', 'd', 'i', 'k', 'h', 'a', 'r', 'i', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0', + /* "die-besten-weisheiten.de", true */ 'd', 'i', 'e', '-', 'b', 'e', 's', 't', 'e', 'n', '-', 'w', 'e', 'i', 's', 'h', 'e', 'i', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "die-blahuts.de", true */ 'd', 'i', 'e', '-', 'b', 'l', 'a', 'h', 'u', 't', 's', '.', 'd', 'e', '\0', + /* "die-borts.ch", true */ 'd', 'i', 'e', '-', 'b', 'o', 'r', 't', 's', '.', 'c', 'h', '\0', + /* "die-gruenen-teufel.de", true */ 'd', 'i', 'e', '-', 'g', 'r', 'u', 'e', 'n', 'e', 'n', '-', 't', 'e', 'u', 'f', 'e', 'l', '.', 'd', 'e', '\0', + /* "die-partei-reutlingen.de", true */ 'd', 'i', 'e', '-', 'p', 'a', 'r', 't', 'e', 'i', '-', 'r', 'e', 'u', 't', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "die-sinlosen.de", true */ 'd', 'i', 'e', '-', 's', 'i', 'n', 'l', 'o', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "die-speisekammer-reutlingen.de", true */ 'd', 'i', 'e', '-', 's', 'p', 'e', 'i', 's', 'e', 'k', 'a', 'm', 'm', 'e', 'r', '-', 'r', 'e', 'u', 't', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "diedrich.co", false */ 'd', 'i', 'e', 'd', 'r', 'i', 'c', 'h', '.', 'c', 'o', '\0', + /* "diedrich.me", true */ 'd', 'i', 'e', 'd', 'r', 'i', 'c', 'h', '.', 'm', 'e', '\0', + /* "dieecpd.org", true */ 'd', 'i', 'e', 'e', 'c', 'p', 'd', '.', 'o', 'r', 'g', '\0', + /* "diegelernten.de", true */ 'd', 'i', 'e', 'g', 'e', 'l', 'e', 'r', 'n', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "diegerbers.de", true */ 'd', 'i', 'e', 'g', 'e', 'r', 'b', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "diegogelin.com", true */ 'd', 'i', 'e', 'g', 'o', 'g', 'e', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "diegorbaquero.com", true */ 'd', 'i', 'e', 'g', 'o', 'r', 'b', 'a', 'q', 'u', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "diehl.io", true */ 'd', 'i', 'e', 'h', 'l', '.', 'i', 'o', '\0', + /* "diemattels.at", true */ 'd', 'i', 'e', 'm', 'a', 't', 't', 'e', 'l', 's', '.', 'a', 't', '\0', + /* "dienchaninstitute.com", true */ 'd', 'i', 'e', 'n', 'c', 'h', 'a', 'n', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "dienstplan.cc", true */ 'd', 'i', 'e', 'n', 's', 't', 'p', 'l', 'a', 'n', '.', 'c', 'c', '\0', + /* "dienstplan.one", true */ 'd', 'i', 'e', 'n', 's', 't', 'p', 'l', 'a', 'n', '.', 'o', 'n', 'e', '\0', + /* "dierabenmutti.de", true */ 'd', 'i', 'e', 'r', 'a', 'b', 'e', 'n', 'm', 'u', 't', 't', 'i', '.', 'd', 'e', '\0', + /* "dierenartsdeconinck.be", true */ 'd', 'i', 'e', 'r', 'e', 'n', 'a', 'r', 't', 's', 'd', 'e', 'c', 'o', 'n', 'i', 'n', 'c', 'k', '.', 'b', 'e', '\0', + /* "dieselanimals.lt", true */ 'd', 'i', 'e', 's', 'e', 'l', 'a', 'n', 'i', 'm', 'a', 'l', 's', '.', 'l', 't', '\0', + /* "dieselgalleri.com", true */ 'd', 'i', 'e', 's', 'e', 'l', 'g', 'a', 'l', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "dietagespresse.com", true */ 'd', 'i', 'e', 't', 'a', 'g', 'e', 's', 'p', 'r', 'e', 's', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "dietbrand.eu", true */ 'd', 'i', 'e', 't', 'b', 'r', 'a', 'n', 'd', '.', 'e', 'u', '\0', + /* "dieti.net", true */ 'd', 'i', 'e', 't', 'i', '.', 'n', 'e', 't', '\0', + /* "dietlin.com", true */ 'd', 'i', 'e', 't', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "dietrich.cx", true */ 'd', 'i', 'e', 't', 'r', 'i', 'c', 'h', '.', 'c', 'x', '\0', + /* "dieumfrage.com", true */ 'd', 'i', 'e', 'u', 'm', 'f', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "diff2html.xyz", true */ 'd', 'i', 'f', 'f', '2', 'h', 't', 'm', 'l', '.', 'x', 'y', 'z', '\0', + /* "different.cz", false */ 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 't', '.', 'c', 'z', '\0', + /* "differenta.ro", false */ 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 't', 'a', '.', 'r', 'o', '\0', + /* "diffnow.com", true */ 'd', 'i', 'f', 'f', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "difoosion.com", true */ 'd', 'i', 'f', 'o', 'o', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "digcit.org", true */ 'd', 'i', 'g', 'c', 'i', 't', '.', 'o', 'r', 'g', '\0', + /* "digdata.de", true */ 'd', 'i', 'g', 'd', 'a', 't', 'a', '.', 'd', 'e', '\0', + /* "dighans.com", true */ 'd', 'i', 'g', 'h', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "digiarc.net", true */ 'd', 'i', 'g', 'i', 'a', 'r', 'c', '.', 'n', 'e', 't', '\0', + /* "digibild.ch", true */ 'd', 'i', 'g', 'i', 'b', 'i', 'l', 'd', '.', 'c', 'h', '\0', + /* "digibull.email", true */ 'd', 'i', 'g', 'i', 'b', 'u', 'l', 'l', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "digibull.link", true */ 'd', 'i', 'g', 'i', 'b', 'u', 'l', 'l', '.', 'l', 'i', 'n', 'k', '\0', + /* "digicert-support.com", true */ 'd', 'i', 'g', 'i', 'c', 'e', 'r', 't', '-', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "digicert.nl", true */ 'd', 'i', 'g', 'i', 'c', 'e', 'r', 't', '.', 'n', 'l', '\0', + /* "digidroom.be", true */ 'd', 'i', 'g', 'i', 'd', 'r', 'o', 'o', 'm', '.', 'b', 'e', '\0', + /* "digikol.net", true */ 'd', 'i', 'g', 'i', 'k', 'o', 'l', '.', 'n', 'e', 't', '\0', + /* "digilicious.com", true */ 'd', 'i', 'g', 'i', 'l', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "digimagical.com", true */ 'd', 'i', 'g', 'i', 'm', 'a', 'g', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "digimedia.cd", false */ 'd', 'i', 'g', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'd', '\0', + /* "digired.ro", true */ 'd', 'i', 'g', 'i', 'r', 'e', 'd', '.', 'r', 'o', '\0', + /* "digital-coach.it", false */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '-', 'c', 'o', 'a', 'c', 'h', '.', 'i', 't', '\0', + /* "digital-compounds.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '-', 'c', 'o', 'm', 'p', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "digital-eastside.de", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '-', 'e', 'a', 's', 't', 's', 'i', 'd', 'e', '.', 'd', 'e', '\0', + /* "digital.gov", false */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'g', 'o', 'v', '\0', + /* "digital1st.co.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '1', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "digital2web.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '2', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "digitalarchitecture.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "digitalbitbox.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'b', 'i', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "digitalbox.jp", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'b', 'o', 'x', '.', 'j', 'p', '\0', + /* "digitalcash.cf", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'a', 's', 'h', '.', 'c', 'f', '\0', + /* "digitalcloud.ovh", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'v', 'h', '\0', + /* "digitalcraftmarketing.co.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'r', 'a', 'f', 't', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "digitalcreationclass.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "digitalcuko.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'u', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "digitaldashboard.gov", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0', + /* "digitaldatacenter.net", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "digitaldeli.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "digitaldeli.org", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 'o', 'r', 'g', '\0', + /* "digitaldeli.tv", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 't', 'v', '\0', + /* "digitaldeli.us", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 'u', 's', '\0', + /* "digitaldeliarchive.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "digitaldem.it", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'm', '.', 'i', 't', '\0', + /* "digitalehandtekeningen.nl", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'h', 'a', 'n', 'd', 't', 'e', 'k', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "digitaleoverheid.nl", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'o', 'v', 'e', 'r', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0', + /* "digitalewelten.de", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'w', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "digitalgov.gov", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'g', 'o', 'v', '.', 'g', 'o', 'v', '\0', + /* "digitalimpostor.co.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'i', 'm', 'p', 'o', 's', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "digitalmarketingindallas.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'i', 'n', 'd', 'a', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "digitalrights.center", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0', + /* "digitalrights.fund", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'f', 'u', 'n', 'd', '\0', + /* "digitalrxcloud.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'r', 'x', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "digitalsurge.io", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 's', 'u', 'r', 'g', 'e', '.', 'i', 'o', '\0', + /* "digitaltechnologies.ltd.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'l', 't', 'd', '.', 'u', 'k', '\0', + /* "digitalunite.de", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'u', 'n', 'i', 't', 'e', '.', 'd', 'e', '\0', + /* "digitalwasteland.net", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'w', 'a', 's', 't', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'e', 't', '\0', + /* "digitkon.com", true */ 'd', 'i', 'g', 'i', 't', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "digiworks.se", true */ 'd', 'i', 'g', 'i', 'w', 'o', 'r', 'k', 's', '.', 's', 'e', '\0', + /* "digminecraft.com", true */ 'd', 'i', 'g', 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "digwp.com", true */ 'd', 'i', 'g', 'w', 'p', '.', 'c', 'o', 'm', '\0', + /* "dihesan.com", true */ 'd', 'i', 'h', 'e', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "dijkmanmuziek.nl", false */ 'd', 'i', 'j', 'k', 'm', 'a', 'n', 'm', 'u', 'z', 'i', 'e', 'k', '.', 'n', 'l', '\0', + /* "dijkmanvandoorn.nl", true */ 'd', 'i', 'j', 'k', 'm', 'a', 'n', 'v', 'a', 'n', 'd', 'o', 'o', 'r', 'n', '.', 'n', 'l', '\0', + /* "diju.ch", true */ 'd', 'i', 'j', 'u', '.', 'c', 'h', '\0', + /* "dilichen.fr", true */ 'd', 'i', 'l', 'i', 'c', 'h', 'e', 'n', '.', 'f', 'r', '\0', + /* "diligo.ch", true */ 'd', 'i', 'l', 'i', 'g', 'o', '.', 'c', 'h', '\0', + /* "dillewijnzwapak.nl", true */ 'd', 'i', 'l', 'l', 'e', 'w', 'i', 'j', 'n', 'z', 'w', 'a', 'p', 'a', 'k', '.', 'n', 'l', '\0', + /* "dillonkorman.com", true */ 'd', 'i', 'l', 'l', 'o', 'n', 'k', 'o', 'r', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "dillynbarber.com", true */ 'd', 'i', 'l', 'l', 'y', 'n', 'b', 'a', 'r', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "diluv.com", true */ 'd', 'i', 'l', 'u', 'v', '.', 'c', 'o', 'm', '\0', + /* "dimanss47.net", true */ 'd', 'i', 'm', 'a', 'n', 's', 's', '4', '7', '.', 'n', 'e', 't', '\0', + /* "dimdom.com.br", true */ 'd', 'i', 'm', 'd', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dime-staging.com", true */ 'd', 'i', 'm', 'e', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "dime.io", true */ 'd', 'i', 'm', 'e', '.', 'i', 'o', '\0', + /* "dimeponline.com.br", true */ 'd', 'i', 'm', 'e', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dimes.com.tr", true */ 'd', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "dimez.ru", true */ 'd', 'i', 'm', 'e', 'z', '.', 'r', 'u', '\0', + /* "din-hkd.jp", true */ 'd', 'i', 'n', '-', 'h', 'k', 'd', '.', 'j', 'p', '\0', + /* "dineachook.com.au", true */ 'd', 'i', 'n', 'e', 'a', 'c', 'h', 'o', 'o', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "dinepont.fr", true */ 'd', 'i', 'n', 'e', 'p', 'o', 'n', 't', '.', 'f', 'r', '\0', + /* "dingcc.com", true */ 'd', 'i', 'n', 'g', 'c', 'c', '.', 'c', 'o', 'm', '\0', + /* "dinge.xyz", true */ 'd', 'i', 'n', 'g', 'e', '.', 'x', 'y', 'z', '\0', + /* "dingss.com", true */ 'd', 'i', 'n', 'g', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "dinmtb.dk", true */ 'd', 'i', 'n', 'm', 't', 'b', '.', 'd', 'k', '\0', + /* "dino.li", true */ 'd', 'i', 'n', 'o', '.', 'l', 'i', '\0', + /* "dinotopia.org.uk", true */ 'd', 'i', 'n', 'o', 't', 'o', 'p', 'i', 'a', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "dinotv.at", true */ 'd', 'i', 'n', 'o', 't', 'v', '.', 'a', 't', '\0', + /* "dintillat.fr", true */ 'd', 'i', 'n', 't', 'i', 'l', 'l', 'a', 't', '.', 'f', 'r', '\0', + /* "dintrafic.net", true */ 'd', 'i', 'n', 't', 'r', 'a', 'f', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "dinube.com", true */ 'd', 'i', 'n', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "diodeled.com", true */ 'd', 'i', 'o', 'd', 'e', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "diodo.me", true */ 'd', 'i', 'o', 'd', 'o', '.', 'm', 'e', '\0', + /* "dionysus.se", true */ 'd', 'i', 'o', 'n', 'y', 's', 'u', 's', '.', 's', 'e', '\0', + /* "dipl.io", false */ 'd', 'i', 'p', 'l', '.', 'i', 'o', '\0', + /* "dipling.de", true */ 'd', 'i', 'p', 'l', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "dipulse.it", true */ 'd', 'i', 'p', 'u', 'l', 's', 'e', '.', 'i', 't', '\0', + /* "dir2epub.com", true */ 'd', 'i', 'r', '2', 'e', 'p', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "dir2epub.org", true */ 'd', 'i', 'r', '2', 'e', 'p', 'u', 'b', '.', 'o', 'r', 'g', '\0', + /* "direct2uk.com", true */ 'd', 'i', 'r', 'e', 'c', 't', '2', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "directebanking.com", true */ 'd', 'i', 'r', 'e', 'c', 't', 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "directinsure.in", true */ 'd', 'i', 'r', 'e', 'c', 't', 'i', 'n', 's', 'u', 'r', 'e', '.', 'i', 'n', '\0', + /* "directlinkfunding.co.uk", true */ 'd', 'i', 'r', 'e', 'c', 't', 'l', 'i', 'n', 'k', 'f', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "directme.ga", true */ 'd', 'i', 'r', 'e', 'c', 't', 'm', 'e', '.', 'g', 'a', '\0', + /* "directnews.be", true */ 'd', 'i', 'r', 'e', 'c', 't', 'n', 'e', 'w', 's', '.', 'b', 'e', '\0', + /* "directorioz.com", true */ 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'i', 'o', 'z', '.', 'c', 'o', 'm', '\0', + /* "directreal.sk", true */ 'd', 'i', 'r', 'e', 'c', 't', 'r', 'e', 'a', 'l', '.', 's', 'k', '\0', + /* "directtwo.solutions", true */ 'd', 'i', 'r', 'e', 'c', 't', 't', 'w', 'o', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0', + /* "directtwosolutions.org", true */ 'd', 'i', 'r', 'e', 'c', 't', 't', 'w', 'o', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "direwolfsoftware.ca", true */ 'd', 'i', 'r', 'e', 'w', 'o', 'l', 'f', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'a', '\0', + /* "dirips.com", true */ 'd', 'i', 'r', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "dirk-scheele.de", true */ 'd', 'i', 'r', 'k', '-', 's', 'c', 'h', 'e', 'e', 'l', 'e', '.', 'd', 'e', '\0', + /* "dirko.net", true */ 'd', 'i', 'r', 'k', 'o', '.', 'n', 'e', 't', '\0', + /* "dirkwolf.de", true */ 'd', 'i', 'r', 'k', 'w', 'o', 'l', 'f', '.', 'd', 'e', '\0', + /* "dirtcraft.ca", true */ 'd', 'i', 'r', 't', 'c', 'r', 'a', 'f', 't', '.', 'c', 'a', '\0', + /* "dirtygeek.ovh", true */ 'd', 'i', 'r', 't', 'y', 'g', 'e', 'e', 'k', '.', 'o', 'v', 'h', '\0', + /* "disabled.dating", true */ 'd', 'i', 's', 'a', 'b', 'l', 'e', 'd', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "disanteimpianti.com", true */ 'd', 'i', 's', 'a', 'n', 't', 'e', 'i', 'm', 'p', 'i', 'a', 'n', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "disavow.tools", true */ 'd', 'i', 's', 'a', 'v', 'o', 'w', '.', 't', 'o', 'o', 'l', 's', '\0', + /* "disc.uz", true */ 'd', 'i', 's', 'c', '.', 'u', 'z', '\0', + /* "discarica.roma.it", true */ 'd', 'i', 's', 'c', 'a', 'r', 'i', 'c', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "discha.net", true */ 'd', 'i', 's', 'c', 'h', 'a', '.', 'n', 'e', 't', '\0', + /* "disciples.io", true */ 'd', 'i', 's', 'c', 'i', 'p', 'l', 'e', 's', '.', 'i', 'o', '\0', + /* "discipul.nl", true */ 'd', 'i', 's', 'c', 'i', 'p', 'u', 'l', '.', 'n', 'l', '\0', + /* "discofitta.com", true */ 'd', 'i', 's', 'c', 'o', 'f', 'i', 't', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "disconformity.net", true */ 'd', 'i', 's', 'c', 'o', 'n', 'f', 'o', 'r', 'm', 'i', 't', 'y', '.', 'n', 'e', 't', '\0', + /* "discord-chan.net", true */ 'd', 'i', 's', 'c', 'o', 'r', 'd', '-', 'c', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "discordapp.com", true */ 'd', 'i', 's', 'c', 'o', 'r', 'd', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "discordghost.space", true */ 'd', 'i', 's', 'c', 'o', 'r', 'd', 'g', 'h', 'o', 's', 't', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "discotek.club", false */ 'd', 'i', 's', 'c', 'o', 't', 'e', 'k', '.', 'c', 'l', 'u', 'b', '\0', + /* "discount24.de", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '2', '4', '.', 'd', 'e', '\0', + /* "discountmania.eu", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', 'm', 'a', 'n', 'i', 'a', '.', 'e', 'u', '\0', + /* "discountmetaux.fr", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', 'm', 'e', 't', 'a', 'u', 'x', '.', 'f', 'r', '\0', + /* "discountplush.com", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', 'p', 'l', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "discover-mercure.com", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', '-', 'm', 'e', 'r', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "discoverhealthage.com", false */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'h', 'e', 'a', 'l', 't', 'h', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "discoveringdocker.com", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'i', 'n', 'g', 'd', 'o', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "discoverrsv.com", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'r', 's', 'v', '.', 'c', 'o', 'm', '\0', + /* "discoverwellness.center", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0', + /* "discoveryrom.org", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'y', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "discreet-condooms.nl", true */ 'd', 'i', 's', 'c', 'r', 'e', 'e', 't', '-', 'c', 'o', 'n', 'd', 'o', 'o', 'm', 's', '.', 'n', 'l', '\0', + /* "disinclined.org", true */ 'd', 'i', 's', 'i', 'n', 'c', 'l', 'i', 'n', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "disinfesta.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', '.', 'i', 't', '\0', + /* "disinfestando.info", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'n', 'd', 'o', '.', 'i', 'n', 'f', 'o', '\0', + /* "disinfestatori.com", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 't', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "disinfestazione.brescia.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'b', 'r', 'e', 's', 'c', 'i', 'a', '.', 'i', 't', '\0', + /* "disinfestazione.venezia.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'v', 'e', 'n', 'e', 'z', 'i', 'a', '.', 'i', 't', '\0', + /* "disinfestazione24.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '2', '4', '.', 'i', 't', '\0', + /* "disinfestazioni-umbria.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '-', 'u', 'm', 'b', 'r', 'i', 'a', '.', 'i', 't', '\0', + /* "disinfestazioni.info", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "disinfestazioni.net", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'n', 'e', 't', '\0', + /* "disinfestazioni.verona.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'v', 'e', 'r', 'o', 'n', 'a', '.', 'i', 't', '\0', + /* "disinisharing.com", true */ 'd', 'i', 's', 'i', 'n', 'i', 's', 'h', 'a', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "diskbit.com", true */ 'd', 'i', 's', 'k', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "diskbit.nl", true */ 'd', 'i', 's', 'k', 'b', 'i', 't', '.', 'n', 'l', '\0', + /* "dismail.de", true */ 'd', 'i', 's', 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0', + /* "disposable.link", true */ 'd', 'i', 's', 'p', 'o', 's', 'a', 'b', 'l', 'e', '.', 'l', 'i', 'n', 'k', '\0', + /* "disroot.org", true */ 'd', 'i', 's', 'r', 'o', 'o', 't', '.', 'o', 'r', 'g', '\0', + /* "disrupters.ch", true */ 'd', 'i', 's', 'r', 'u', 'p', 't', 'e', 'r', 's', '.', 'c', 'h', '\0', + /* "dissectcyber.com", true */ 'd', 'i', 's', 's', 'e', 'c', 't', 'c', 'y', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "dissertationhelp.com", true */ 'd', 'i', 's', 's', 'e', 'r', 't', 'a', 't', 'i', 'o', 'n', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0', + /* "dissidence.ovh", true */ 'd', 'i', 's', 's', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'o', 'v', 'h', '\0', + /* "dist.torproject.org", false */ 'd', 'i', 's', 't', '.', 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "distinguishedprisoner.com", true */ 'd', 'i', 's', 't', 'i', 'n', 'g', 'u', 'i', 's', 'h', 'e', 'd', 'p', 'r', 'i', 's', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "distinguishedwindows.co.uk", true */ 'd', 'i', 's', 't', 'i', 'n', 'g', 'u', 'i', 's', 'h', 'e', 'd', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "distribuidoracristal.com.br", true */ 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 'i', 'd', 'o', 'r', 'a', 'c', 'r', 'i', 's', 't', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "distribuidorveterinario.es", true */ 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 'i', 'd', 'o', 'r', 'v', 'e', 't', 'e', 'r', 'i', 'n', 'a', 'r', 'i', 'o', '.', 'e', 's', '\0', + /* "distrilogservices.com", true */ 'd', 'i', 's', 't', 'r', 'i', 'l', 'o', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "distro.re", true */ 'd', 'i', 's', 't', 'r', 'o', '.', 'r', 'e', '\0', + /* "ditelbat.com", true */ 'd', 'i', 't', 'e', 'l', 'b', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "diti.me", true */ 'd', 'i', 't', 'i', '.', 'm', 'e', '\0', + /* "ditisabc.nl", true */ 'd', 'i', 't', 'i', 's', 'a', 'b', 'c', '.', 'n', 'l', '\0', + /* "diva.nl", true */ 'd', 'i', 'v', 'a', '.', 'n', 'l', '\0', + /* "divcoder.com", true */ 'd', 'i', 'v', 'c', 'o', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "divedowntown.com", true */ 'd', 'i', 'v', 'e', 'd', 'o', 'w', 'n', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "divegearexpress.com", true */ 'd', 'i', 'v', 'e', 'g', 'e', 'a', 'r', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "divegearexpress.com.cn", true */ 'd', 'i', 'v', 'e', 'g', 'e', 'a', 'r', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0', + /* "diveidc.com", true */ 'd', 'i', 'v', 'e', 'i', 'd', 'c', '.', 'c', 'o', 'm', '\0', + /* "divenwa.com", true */ 'd', 'i', 'v', 'e', 'n', 'w', 'a', '.', 'c', 'o', 'm', '\0', + /* "diveplan.org", true */ 'd', 'i', 'v', 'e', 'p', 'l', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "divergenz.org", true */ 'd', 'i', 'v', 'e', 'r', 'g', 'e', 'n', 'z', '.', 'o', 'r', 'g', '\0', + /* "diversity-spielzeug.de", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '-', 's', 'p', 'i', 'e', 'l', 'z', 'e', 'u', 'g', '.', 'd', 'e', '\0', + /* "diversityflags.com", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', 'f', 'l', 'a', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "diversityflags.com.au", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', 'f', 'l', 'a', 'g', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "diversityflags.nz", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', 'f', 'l', 'a', 'g', 's', '.', 'n', 'z', '\0', + /* "divertiagua.com.br", true */ 'd', 'i', 'v', 'e', 'r', 't', 'i', 'a', 'g', 'u', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "divinegames.studio", true */ 'd', 'i', 'v', 'i', 'n', 'e', 'g', 'a', 'm', 'e', 's', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "divingwithnic.com", true */ 'd', 'i', 'v', 'i', 'n', 'g', 'w', 'i', 't', 'h', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "diwei.vip", true */ 'd', 'i', 'w', 'e', 'i', '.', 'v', 'i', 'p', '\0', + /* "diybook.at", true */ 'd', 'i', 'y', 'b', 'o', 'o', 'k', '.', 'a', 't', '\0', + /* "diycc.org", true */ 'd', 'i', 'y', 'c', 'c', '.', 'o', 'r', 'g', '\0', + /* "diymediahome.org", true */ 'd', 'i', 'y', 'm', 'e', 'd', 'i', 'a', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "diyosun.com", true */ 'd', 'i', 'y', 'o', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "diz.in.ua", true */ 'd', 'i', 'z', '.', 'i', 'n', '.', 'u', 'a', '\0', + /* "dizzythewizard.co.uk", true */ 'd', 'i', 'z', 'z', 'y', 't', 'h', 'e', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dj-x.info", true */ 'd', 'j', '-', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "dj3dub.com", true */ 'd', 'j', '3', 'd', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "djangobirthday.com", true */ 'd', 'j', 'a', 'n', 'g', 'o', 'b', 'i', 'r', 't', 'h', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "djangogolf.com", true */ 'd', 'j', 'a', 'n', 'g', 'o', 'g', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0', + /* "djangoproject.com", true */ 'd', 'j', 'a', 'n', 'g', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "djangosnippets.org", true */ 'd', 'j', 'a', 'n', 'g', 'o', 's', 'n', 'i', 'p', 'p', 'e', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "djbbouncycastles.co.uk", true */ 'd', 'j', 'b', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "djc.me", true */ 'd', 'j', 'c', '.', 'm', 'e', '\0', + /* "djdavid98.hu", true */ 'd', 'j', 'd', 'a', 'v', 'i', 'd', '9', '8', '.', 'h', 'u', '\0', + /* "djipanov.com", true */ 'd', 'j', 'i', 'p', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "djlive.pl", true */ 'd', 'j', 'l', 'i', 'v', 'e', '.', 'p', 'l', '\0', + /* "djlnetworks.co.uk", true */ 'd', 'j', 'l', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "djsbouncycastlehire.com", true */ 'd', 'j', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "djt-vom-chausseehaus.de", true */ 'd', 'j', 't', '-', 'v', 'o', 'm', '-', 'c', 'h', 'a', 'u', 's', 's', 'e', 'e', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0', + /* "djul.net", true */ 'd', 'j', 'u', 'l', '.', 'n', 'e', 't', '\0', + /* "djwaynepryke.com", true */ 'd', 'j', 'w', 'a', 'y', 'n', 'e', 'p', 'r', 'y', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "dk.search.yahoo.com", false */ 'd', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "dkcomputers.com.au", true */ 'd', 'k', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "dkds.us", true */ 'd', 'k', 'd', 's', '.', 'u', 's', '\0', + /* "dkn.go.id", false */ 'd', 'k', 'n', '.', 'g', 'o', '.', 'i', 'd', '\0', + /* "dl.google.com", true */ 'd', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "dlabouncycastlehire.co.uk", true */ 'd', 'l', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dlaspania.pl", true */ 'd', 'l', 'a', 's', 'p', 'a', 'n', 'i', 'a', '.', 'p', 'l', '\0', + /* "dlbouncers.co.uk", true */ 'd', 'l', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dlde.ru", true */ 'd', 'l', 'd', 'e', '.', 'r', 'u', '\0', + /* "dldl.fr", true */ 'd', 'l', 'd', 'l', '.', 'f', 'r', '\0', + /* "dlfsymposium.nl", true */ 'd', 'l', 'f', 's', 'y', 'm', 'p', 'o', 's', 'i', 'u', 'm', '.', 'n', 'l', '\0', + /* "dlg.im", true */ 'd', 'l', 'g', '.', 'i', 'm', '\0', + /* "dll4free.com", true */ 'd', 'l', 'l', '4', 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "dlld.com", true */ 'd', 'l', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "dlrsp.org", true */ 'd', 'l', 'r', 's', 'p', '.', 'o', 'r', 'g', '\0', + /* "dlscomputers.com.au", true */ 'd', 'l', 's', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "dlunch.net", true */ 'd', 'l', 'u', 'n', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "dlzz.net", true */ 'd', 'l', 'z', 'z', '.', 'n', 'e', 't', '\0', + /* "dm.lookout.com", false */ 'd', 'm', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "dm4productions.com", true */ 'd', 'm', '4', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "dm7ds.de", true */ 'd', 'm', '7', 'd', 's', '.', 'd', 'e', '\0', + /* "dmarc.dk", true */ 'd', 'm', 'a', 'r', 'c', '.', 'd', 'k', '\0', + /* "dmarketer.com", true */ 'd', 'm', 'a', 'r', 'k', 'e', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "dmcastles.com", true */ 'd', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "dmdre.com", true */ 'd', 'm', 'd', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "dmeevalumate.com", true */ 'd', 'm', 'e', 'e', 'v', 'a', 'l', 'u', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "dmenergy.ru", true */ 'd', 'm', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'r', 'u', '\0', + /* "dmfd.net", true */ 'd', 'm', 'f', 'd', '.', 'n', 'e', 't', '\0', + /* "dmi.es", true */ 'd', 'm', 'i', '.', 'e', 's', '\0', + /* "dmlogic.com", true */ 'd', 'm', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "dmxledlights.com", true */ 'd', 'm', 'x', 'l', 'e', 'd', 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "dn3s.me", true */ 'd', 'n', '3', 's', '.', 'm', 'e', '\0', + /* "dn42.eu", false */ 'd', 'n', '4', '2', '.', 'e', 'u', '\0', + /* "dn42.us", true */ 'd', 'n', '4', '2', '.', 'u', 's', '\0', + /* "dna.li", true */ 'd', 'n', 'a', '.', 'l', 'i', '\0', + /* "dnc.org.nz", true */ 'd', 'n', 'c', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0', + /* "dndtools.net", true */ 'd', 'n', 'd', 't', 'o', 'o', 'l', 's', '.', 'n', 'e', 't', '\0', + /* "dne.lu", true */ 'd', 'n', 'e', '.', 'l', 'u', '\0', + /* "dnfc.rocks", true */ 'd', 'n', 'f', 'c', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "dnmaze.com", true */ 'd', 'n', 'm', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0', + /* "dnmlab.it", true */ 'd', 'n', 'm', 'l', 'a', 'b', '.', 'i', 't', '\0', + /* "dnplegal.com", true */ 'd', 'n', 'p', 'l', 'e', 'g', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "dns-control.eu", true */ 'd', 'n', 's', '-', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'e', 'u', '\0', + /* "dns-manager.info", true */ 'd', 'n', 's', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "dns.google.com", true */ 'd', 'n', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "dns8.online", true */ 'd', 'n', 's', '8', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "dnsbird.org", true */ 'd', 'n', 's', 'b', 'i', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "dnscurve.io", true */ 'd', 'n', 's', 'c', 'u', 'r', 'v', 'e', '.', 'i', 'o', '\0', + /* "dnshallinta.fi", true */ 'd', 'n', 's', 'h', 'a', 'l', 'l', 'i', 'n', 't', 'a', '.', 'f', 'i', '\0', + /* "dnslog.com", true */ 'd', 'n', 's', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "dnsman.se", true */ 'd', 'n', 's', 'm', 'a', 'n', '.', 's', 'e', '\0', + /* "dnstwister.report", true */ 'd', 'n', 's', 't', 'w', 'i', 's', 't', 'e', 'r', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0', + /* "do-it.cz", true */ 'd', 'o', '-', 'i', 't', '.', 'c', 'z', '\0', + /* "do-prod.com", true */ 'd', 'o', '-', 'p', 'r', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "do.gd", true */ 'd', 'o', '.', 'g', 'd', '\0', + /* "do.search.yahoo.com", false */ 'd', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "do13.net", true */ 'd', 'o', '1', '3', '.', 'n', 'e', 't', '\0', + /* "do67.de", true */ 'd', 'o', '6', '7', '.', 'd', 'e', '\0', + /* "do67.net", true */ 'd', 'o', '6', '7', '.', 'n', 'e', 't', '\0', + /* "dobrev.family", true */ 'd', 'o', 'b', 'r', 'e', 'v', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0', + /* "dobsnet.net", true */ 'd', 'o', 'b', 's', 'n', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "doc.python.org", true */ 'd', 'o', 'c', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "doc.to", true */ 'd', 'o', 'c', '.', 't', 'o', '\0', + /* "doc8643.com", true */ 'd', 'o', 'c', '8', '6', '4', '3', '.', 'c', 'o', 'm', '\0', + /* "docabo.ch", true */ 'd', 'o', 'c', 'a', 'b', 'o', '.', 'c', 'h', '\0', + /* "docbox.ch", true */ 'd', 'o', 'c', 'b', 'o', 'x', '.', 'c', 'h', '\0', + /* "docemeldoces.com", true */ 'd', 'o', 'c', 'e', 'm', 'e', 'l', 'd', 'o', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "dochitaceahlau.ro", true */ 'd', 'o', 'c', 'h', 'i', 't', 'a', 'c', 'e', 'a', 'h', 'l', 'a', 'u', '.', 'r', 'o', '\0', + /* "dockerm.com", true */ 'd', 'o', 'c', 'k', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "doclassworks.com", true */ 'd', 'o', 'c', 'l', 'a', 's', 's', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "docline.gov", true */ 'd', 'o', 'c', 'l', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0', + /* "docloh.de", true */ 'd', 'o', 'c', 'l', 'o', 'h', '.', 'd', 'e', '\0', + /* "docloudu.info", true */ 'd', 'o', 'c', 'l', 'o', 'u', 'd', 'u', '.', 'i', 'n', 'f', 'o', '\0', + /* "docplexus.in", true */ 'd', 'o', 'c', 'p', 'l', 'e', 'x', 'u', 's', '.', 'i', 'n', '\0', + /* "docs.google.com", false */ 'd', 'o', 'c', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "docs.python.org", true */ 'd', 'o', 'c', 's', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "docs.re", true */ 'd', 'o', 'c', 's', '.', 'r', 'e', '\0', + /* "docs.tw", true */ 'd', 'o', 'c', 's', '.', 't', 'w', '\0', + /* "docsoc.org.uk", true */ 'd', 'o', 'c', 's', 'o', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "doctafit.com", true */ 'd', 'o', 'c', 't', 'a', 'f', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "doctor-locks.co.uk", true */ 'd', 'o', 'c', 't', 'o', 'r', '-', 'l', 'o', 'c', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "doctor.dating", true */ 'd', 'o', 'c', 't', 'o', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "doctorfox.co.uk", true */ 'd', 'o', 'c', 't', 'o', 'r', 'f', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "doctorsonmaps.com", true */ 'd', 'o', 'c', 't', 'o', 'r', 's', 'o', 'n', 'm', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "doctorwho.cz", true */ 'd', 'o', 'c', 't', 'o', 'r', 'w', 'h', 'o', '.', 'c', 'z', '\0', + /* "docubox.info", true */ 'd', 'o', 'c', 'u', 'b', 'o', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "docucopies.com", true */ 'd', 'o', 'c', 'u', 'c', 'o', 'p', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "documaniatv.com", true */ 'd', 'o', 'c', 'u', 'm', 'a', 'n', 'i', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "documentations-sociales.com", true */ 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'a', 't', 'i', 'o', 'n', 's', '-', 's', 'o', 'c', 'i', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "docupet.com", true */ 'd', 'o', 'c', 'u', 'p', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "doenjoylife.com", true */ 'd', 'o', 'e', 'n', 'j', 'o', 'y', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "does.one", true */ 'd', 'o', 'e', 's', '.', 'o', 'n', 'e', '\0', + /* "doesmycodehavebugs.today", true */ 'd', 'o', 'e', 's', 'm', 'y', 'c', 'o', 'd', 'e', 'h', 'a', 'v', 'e', 'b', 'u', 'g', 's', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "doesnotscale.com", false */ 'd', 'o', 'e', 's', 'n', 'o', 't', 's', 'c', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "dofuspvp.com", true */ 'd', 'o', 'f', 'u', 's', 'p', 'v', 'p', '.', 'c', 'o', 'm', '\0', + /* "dog-blum.com", true */ 'd', 'o', 'g', '-', 'b', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "dogan.ch", false */ 'd', 'o', 'g', 'a', 'n', '.', 'c', 'h', '\0', + /* "dogear.ch", true */ 'd', 'o', 'g', 'e', 'a', 'r', '.', 'c', 'h', '\0', + /* "dogft.com", true */ 'd', 'o', 'g', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "doggroomingcourse.com", true */ 'd', 'o', 'g', 'g', 'r', 'o', 'o', 'm', 'i', 'n', 'g', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "dogmap.jp", true */ 'd', 'o', 'g', 'm', 'a', 'p', '.', 'j', 'p', '\0', + /* "dogoo.com", true */ 'd', 'o', 'g', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "dogprograms.net", true */ 'd', 'o', 'g', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 's', '.', 'n', 'e', 't', '\0', + /* "dogworld.com.br", true */ 'd', 'o', 'g', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dohanews.co", true */ 'd', 'o', 'h', 'a', 'n', 'e', 'w', 's', '.', 'c', 'o', '\0', + /* "dokan-e.com", true */ 'd', 'o', 'k', 'a', 'n', '-', 'e', '.', 'c', 'o', 'm', '\0', + /* "dokelio-idf.fr", true */ 'd', 'o', 'k', 'e', 'l', 'i', 'o', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0', + /* "doku-gilde.de", true */ 'd', 'o', 'k', 'u', '-', 'g', 'i', 'l', 'd', 'e', '.', 'd', 'e', '\0', + /* "dokuboard.com", true */ 'd', 'o', 'k', 'u', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "dokuraum.de", true */ 'd', 'o', 'k', 'u', 'r', 'a', 'u', 'm', '.', 'd', 'e', '\0', + /* "dolarcanadense.com.br", true */ 'd', 'o', 'l', 'a', 'r', 'c', 'a', 'n', 'a', 'd', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dolcevitatech.education", true */ 'd', 'o', 'l', 'c', 'e', 'v', 'i', 't', 'a', 't', 'e', 'c', 'h', '.', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '\0', + /* "dolci-delizie.de", true */ 'd', 'o', 'l', 'c', 'i', '-', 'd', 'e', 'l', 'i', 'z', 'i', 'e', '.', 'd', 'e', '\0', + /* "doli.se", true */ 'd', 'o', 'l', 'i', '.', 's', 'e', '\0', + /* "dolice.net", true */ 'd', 'o', 'l', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "dollemore.com", true */ 'd', 'o', 'l', 'l', 'e', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "dolorism.com", true */ 'd', 'o', 'l', 'o', 'r', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "dolphin-hosting.com", true */ 'd', 'o', 'l', 'p', 'h', 'i', 'n', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "dolphin-it.de", true */ 'd', 'o', 'l', 'p', 'h', 'i', 'n', '-', 'i', 't', '.', 'd', 'e', '\0', + /* "dom-medicina.ru", true */ 'd', 'o', 'm', '-', 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'a', '.', 'r', 'u', '\0', + /* "doma.in", true */ 'd', 'o', 'm', 'a', '.', 'i', 'n', '\0', + /* "domadillo.com", true */ 'd', 'o', 'm', 'a', 'd', 'i', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "domain-ermittlung.de", true */ 'd', 'o', 'm', 'a', 'i', 'n', '-', 'e', 'r', 'm', 'i', 't', 't', 'l', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "domain001.info", true */ 'd', 'o', 'm', 'a', 'i', 'n', '0', '0', '1', '.', 'i', 'n', 'f', 'o', '\0', + /* "domainedemiolan.ch", true */ 'd', 'o', 'm', 'a', 'i', 'n', 'e', 'd', 'e', 'm', 'i', 'o', 'l', 'a', 'n', '.', 'c', 'h', '\0', + /* "domainexpress.de", false */ 'd', 'o', 'm', 'a', 'i', 'n', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'd', 'e', '\0', + /* "domainkauf.de", true */ 'd', 'o', 'm', 'a', 'i', 'n', 'k', 'a', 'u', 'f', '.', 'd', 'e', '\0', + /* "domains.google.com", true */ 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "domainsilk.com", true */ 'd', 'o', 'm', 'a', 'i', 'n', 's', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0', + /* "domainstaff.com", true */ 'd', 'o', 'm', 'a', 'i', 'n', 's', 't', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "domaxpoker.com", true */ 'd', 'o', 'm', 'a', 'x', 'p', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "domenic.me", true */ 'd', 'o', 'm', 'e', 'n', 'i', 'c', '.', 'm', 'e', '\0', + /* "domesticcleaners.co.uk", true */ 'd', 'o', 'm', 'e', 's', 't', 'i', 'c', 'c', 'l', 'e', 'a', 'n', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "domhaase.me", true */ 'd', 'o', 'm', 'h', 'a', 'a', 's', 'e', '.', 'm', 'e', '\0', + /* "domian.cz", true */ 'd', 'o', 'm', 'i', 'a', 'n', '.', 'c', 'z', '\0', + /* "dominationgame.co.uk", true */ 'd', 'o', 'm', 'i', 'n', 'a', 't', 'i', 'o', 'n', 'g', 'a', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dominicself.co.uk", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'c', 's', 'e', 'l', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dominik-schlueter.de", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'k', '-', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "dominikkulaga.pl", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'k', 'k', 'u', 'l', 'a', 'g', 'a', '.', 'p', 'l', '\0', + /* "dominioanimal.com.br", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'o', 'a', 'n', 'i', 'm', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dominoknihy.cz", true */ 'd', 'o', 'm', 'i', 'n', 'o', 'k', 'n', 'i', 'h', 'y', '.', 'c', 'z', '\0', + /* "dominomatrix.com", true */ 'd', 'o', 'm', 'i', 'n', 'o', 'm', 'a', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "dommascate.com.br", true */ 'd', 'o', 'm', 'm', 'a', 's', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "domodeco.fr", true */ 'd', 'o', 'm', 'o', 'd', 'e', 'c', 'o', '.', 'f', 'r', '\0', + /* "domodedovo.travel", true */ 'd', 'o', 'm', 'o', 'd', 'e', 'd', 'o', 'v', 'o', '.', 't', 'r', 'a', 'v', 'e', 'l', '\0', + /* "domprojects.com", true */ 'd', 'o', 'm', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "domscripting.com", true */ 'd', 'o', 'm', 's', 'c', 'r', 'i', 'p', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "domyassignments.com", true */ 'd', 'o', 'm', 'y', 'a', 's', 's', 'i', 'g', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "domycasestudy.com", true */ 'd', 'o', 'm', 'y', 'c', 'a', 's', 'e', 's', 't', 'u', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "domycoursework.com", true */ 'd', 'o', 'm', 'y', 'c', 'o', 'u', 'r', 's', 'e', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "domycreativewritings.com", true */ 'd', 'o', 'm', 'y', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "domydissertations.com", true */ 'd', 'o', 'm', 'y', 'd', 'i', 's', 's', 'e', 'r', 't', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "domyessay.net", true */ 'd', 'o', 'm', 'y', 'e', 's', 's', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "domyessays.com", true */ 'd', 'o', 'm', 'y', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "domyhomeworks.net", true */ 'd', 'o', 'm', 'y', 'h', 'o', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "domynetwork.com", true */ 'd', 'o', 'm', 'y', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "domypapers.com", true */ 'd', 'o', 'm', 'y', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "domyresearchpaper.com", true */ 'd', 'o', 'm', 'y', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "domyreview.net", true */ 'd', 'o', 'm', 'y', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'n', 'e', 't', '\0', + /* "domyspeech.com", true */ 'd', 'o', 'm', 'y', 's', 'p', 'e', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "domytermpaper.com", true */ 'd', 'o', 'm', 'y', 't', 'e', 'r', 'm', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "domythesis.net", true */ 'd', 'o', 'm', 'y', 't', 'h', 'e', 's', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "domyzitrka.cz", true */ 'd', 'o', 'm', 'y', 'z', 'i', 't', 'r', 'k', 'a', '.', 'c', 'z', '\0', + /* "donabeneko.jp", true */ 'd', 'o', 'n', 'a', 'b', 'e', 'n', 'e', 'k', 'o', '.', 'j', 'p', '\0', + /* "donateaday.net", true */ 'd', 'o', 'n', 'a', 't', 'e', 'a', 'd', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "donateway.com", true */ 'd', 'o', 'n', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "donfelino.tk", false */ 'd', 'o', 'n', 'f', 'e', 'l', 'i', 'n', 'o', '.', 't', 'k', '\0', + /* "dongkexue.com", true */ 'd', 'o', 'n', 'g', 'k', 'e', 'x', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "donhoward.org", true */ 'd', 'o', 'n', 'h', 'o', 'w', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "donkeytrekkingkefalonia.com", true */ 'd', 'o', 'n', 'k', 'e', 'y', 't', 'r', 'e', 'k', 'k', 'i', 'n', 'g', 'k', 'e', 'f', 'a', 'l', 'o', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "donmaldeamores.com", true */ 'd', 'o', 'n', 'm', 'a', 'l', 'd', 'e', 'a', 'm', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "donnachie.net", true */ 'd', 'o', 'n', 'n', 'a', 'c', 'h', 'i', 'e', '.', 'n', 'e', 't', '\0', + /* "donner-reuschel.de", true */ 'd', 'o', 'n', 'n', 'e', 'r', '-', 'r', 'e', 'u', 's', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0', + /* "donnons.org", false */ 'd', 'o', 'n', 'n', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "donnoval.ru", true */ 'd', 'o', 'n', 'n', 'o', 'v', 'a', 'l', '.', 'r', 'u', '\0', + /* "donotcall.gov", true */ 'd', 'o', 'n', 'o', 't', 'c', 'a', 'l', 'l', '.', 'g', 'o', 'v', '\0', + /* "donotlink.it", true */ 'd', 'o', 'n', 'o', 't', 'l', 'i', 'n', 'k', '.', 'i', 't', '\0', + /* "donotspellitgav.in", true */ 'd', 'o', 'n', 'o', 't', 's', 'p', 'e', 'l', 'l', 'i', 't', 'g', 'a', 'v', '.', 'i', 'n', '\0', + /* "donpaginasweb.com", true */ 'd', 'o', 'n', 'p', 'a', 'g', 'i', 'n', 'a', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "donsbach-edv.de", true */ 'd', 'o', 'n', 's', 'b', 'a', 'c', 'h', '-', 'e', 'd', 'v', '.', 'd', 'e', '\0', + /* "dont.re", true */ 'd', 'o', 'n', 't', '.', 'r', 'e', '\0', + /* "dont.watch", true */ 'd', 'o', 'n', 't', '.', 'w', 'a', 't', 'c', 'h', '\0', + /* "dontbubble.me", true */ 'd', 'o', 'n', 't', 'b', 'u', 'b', 'b', 'l', 'e', '.', 'm', 'e', '\0', + /* "dontcageus.org", true */ 'd', 'o', 'n', 't', 'c', 'a', 'g', 'e', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "donthedragonwilson.com", true */ 'd', 'o', 'n', 't', 'h', 'e', 'd', 'r', 'a', 'g', 'o', 'n', 'w', 'i', 'l', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "dontpayfull.com", true */ 'd', 'o', 'n', 't', 'p', 'a', 'y', 'f', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "donttrust.me", true */ 'd', 'o', 'n', 't', 't', 'r', 'u', 's', 't', '.', 'm', 'e', '\0', + /* "donutcompany.co.jp", true */ 'd', 'o', 'n', 'u', 't', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "donzool.es", true */ 'd', 'o', 'n', 'z', 'o', 'o', 'l', '.', 'e', 's', '\0', + /* "dooby.fr", true */ 'd', 'o', 'o', 'b', 'y', '.', 'f', 'r', '\0', + /* "doodlefinder.de", true */ 'd', 'o', 'o', 'd', 'l', 'e', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "dooleylabs.com", true */ 'd', 'o', 'o', 'l', 'e', 'y', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "dooleytackaberry.com", true */ 'd', 'o', 'o', 'l', 'e', 'y', 't', 'a', 'c', 'k', 'a', 'b', 'e', 'r', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "doomoo.com", true */ 'd', 'o', 'o', 'm', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "doomsworld.com", true */ 'd', 'o', 'o', 'm', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "door.cards", true */ 'd', 'o', 'o', 'r', '.', 'c', 'a', 'r', 'd', 's', '\0', + /* "doordecor.bg", true */ 'd', 'o', 'o', 'r', 'd', 'e', 'c', 'o', 'r', '.', 'b', 'g', '\0', + /* "doorflow.com", true */ 'd', 'o', 'o', 'r', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "dopesoft.de", true */ 'd', 'o', 'p', 'e', 's', 'o', 'f', 't', '.', 'd', 'e', '\0', + /* "dopfer-fenstertechnik.de", true */ 'd', 'o', 'p', 'f', 'e', 'r', '-', 'f', 'e', 'n', 's', 't', 'e', 'r', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0', + /* "doppenpost.nl", true */ 'd', 'o', 'p', 'p', 'e', 'n', 'p', 'o', 's', 't', '.', 'n', 'l', '\0', + /* "dopply.com", true */ 'd', 'o', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "dopravni-modely.cz", true */ 'd', 'o', 'p', 'r', 'a', 'v', 'n', 'i', '-', 'm', 'o', 'd', 'e', 'l', 'y', '.', 'c', 'z', '\0', + /* "dopsi.ch", true */ 'd', 'o', 'p', 's', 'i', '.', 'c', 'h', '\0', + /* "dora.moe", true */ 'd', 'o', 'r', 'a', '.', 'm', 'o', 'e', '\0', + /* "dorfbaeck.at", true */ 'd', 'o', 'r', 'f', 'b', 'a', 'e', 'c', 'k', '.', 'a', 't', '\0', + /* "dorfbrunnen.eu", true */ 'd', 'o', 'r', 'f', 'b', 'r', 'u', 'n', 'n', 'e', 'n', '.', 'e', 'u', '\0', + /* "doriangirod.ch", true */ 'd', 'o', 'r', 'i', 'a', 'n', 'g', 'i', 'r', 'o', 'd', '.', 'c', 'h', '\0', + /* "dorianharmans.nl", true */ 'd', 'o', 'r', 'i', 'a', 'n', 'h', 'a', 'r', 'm', 'a', 'n', 's', '.', 'n', 'l', '\0', + /* "dorianmuthig.com", true */ 'd', 'o', 'r', 'i', 'a', 'n', 'm', 'u', 't', 'h', 'i', 'g', '.', 'c', 'o', 'm', '\0', + /* "dormebebe.com.br", true */ 'd', 'o', 'r', 'm', 'e', 'b', 'e', 'b', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dormiu.com", true */ 'd', 'o', 'r', 'm', 'i', 'u', '.', 'c', 'o', 'm', '\0', + /* "dormiu.com.br", true */ 'd', 'o', 'r', 'm', 'i', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dorquelle.com", true */ 'd', 'o', 'r', 'q', 'u', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "dorsetentertainments.co.uk", true */ 'd', 'o', 'r', 's', 'e', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dorth.nl", true */ 'd', 'o', 'r', 't', 'h', '.', 'n', 'l', '\0', + /* "dosenkiwi.at", true */ 'd', 'o', 's', 'e', 'n', 'k', 'i', 'w', 'i', '.', 'a', 't', '\0', + /* "dosipe.com", true */ 'd', 'o', 's', 'i', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "doska.by", true */ 'd', 'o', 's', 'k', 'a', '.', 'b', 'y', '\0', + /* "doska.kz", true */ 'd', 'o', 's', 'k', 'a', '.', 'k', 'z', '\0', + /* "doska.ru", true */ 'd', 'o', 's', 'k', 'a', '.', 'r', 'u', '\0', + /* "dosomeworks.biz", true */ 'd', 'o', 's', 'o', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'b', 'i', 'z', '\0', + /* "dossplumbing.co.za", true */ 'd', 'o', 's', 's', 'p', 'l', 'u', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "dosvientoselectrical.com", true */ 'd', 'o', 's', 'v', 'i', 'e', 'n', 't', 'o', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "dosyauzantisi.com", true */ 'd', 'o', 's', 'y', 'a', 'u', 'z', 'a', 'n', 't', 'i', 's', 'i', '.', 'c', 'o', 'm', '\0', + /* "dot.ro", true */ 'd', 'o', 't', '.', 'r', 'o', '\0', + /* "dotacni-parazit.cz", true */ 'd', 'o', 't', 'a', 'c', 'n', 'i', '-', 'p', 'a', 'r', 'a', 'z', 'i', 't', '.', 'c', 'z', '\0', + /* "dotb.dn.ua", false */ 'd', 'o', 't', 'b', '.', 'd', 'n', '.', 'u', 'a', '\0', + /* "dotbigbang.com", true */ 'd', 'o', 't', 'b', 'i', 'g', 'b', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "dotbox.org", true */ 'd', 'o', 't', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0', + /* "dotbrick.co.th", true */ 'd', 'o', 't', 'b', 'r', 'i', 'c', 'k', '.', 'c', 'o', '.', 't', 'h', '\0', + /* "dotconnor.com", true */ 'd', 'o', 't', 'c', 'o', 'n', 'n', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "dotgov.gov", true */ 'd', 'o', 't', 'g', 'o', 'v', '.', 'g', 'o', 'v', '\0', + /* "dothebangthingsalon.com", true */ 'd', 'o', 't', 'h', 'e', 'b', 'a', 'n', 'g', 't', 'h', 'i', 'n', 'g', 's', 'a', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "dotjs.party", true */ 'd', 'o', 't', 'j', 's', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "dotkniseandroida.cz", true */ 'd', 'o', 't', 'k', 'n', 'i', 's', 'e', 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'a', '.', 'c', 'z', '\0', + /* "dotkod.com", true */ 'd', 'o', 't', 'k', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "dotkod.pl", true */ 'd', 'o', 't', 'k', 'o', 'd', '.', 'p', 'l', '\0', + /* "dotneko.net", true */ 'd', 'o', 't', 'n', 'e', 'k', 'o', '.', 'n', 'e', 't', '\0', + /* "dotnetsandbox.ca", true */ 'd', 'o', 't', 'n', 'e', 't', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'c', 'a', '\0', + /* "dotphoto.com", true */ 'd', 'o', 't', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "dotplex.com", true */ 'd', 'o', 't', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "dotplex.de", true */ 'd', 'o', 't', 'p', 'l', 'e', 'x', '.', 'd', 'e', '\0', + /* "dotrox.net", true */ 'd', 'o', 't', 'r', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "dotsiam.com", true */ 'd', 'o', 't', 's', 'i', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "douai.me", true */ 'd', 'o', 'u', 'a', 'i', '.', 'm', 'e', '\0', + /* "doubleavineyards.com", true */ 'd', 'o', 'u', 'b', 'l', 'e', 'a', 'v', 'i', 'n', 'e', 'y', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "doublefun.net", true */ 'd', 'o', 'u', 'b', 'l', 'e', 'f', 'u', 'n', '.', 'n', 'e', 't', '\0', + /* "doubleup.com.au", true */ 'd', 'o', 'u', 'b', 'l', 'e', 'u', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "doucheba.gs", false */ 'd', 'o', 'u', 'c', 'h', 'e', 'b', 'a', '.', 'g', 's', '\0', + /* "dougferris.id.au", true */ 'd', 'o', 'u', 'g', 'f', 'e', 'r', 'r', 'i', 's', '.', 'i', 'd', '.', 'a', 'u', '\0', + /* "doujinshi.info", true */ 'd', 'o', 'u', 'j', 'i', 'n', 's', 'h', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "dounats.com", true */ 'd', 'o', 'u', 'n', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "douzer.de", true */ 'd', 'o', 'u', 'z', 'e', 'r', '.', 'd', 'e', '\0', + /* "dovenzorgmalawi.nl", true */ 'd', 'o', 'v', 'e', 'n', 'z', 'o', 'r', 'g', 'm', 'a', 'l', 'a', 'w', 'i', '.', 'n', 'l', '\0', + /* "dovro.de", true */ 'd', 'o', 'v', 'r', 'o', '.', 'd', 'e', '\0', + /* "dowc.org", true */ 'd', 'o', 'w', 'c', '.', 'o', 'r', 'g', '\0', + /* "downloadaja.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0', + /* "downloadgamemods.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'g', 'a', 'm', 'e', 'm', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "downloadgram.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "downloadsoftwaregratisan.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'g', 'r', 'a', 't', 'i', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "downtimerobot.com", true */ 'd', 'o', 'w', 'n', 't', 'i', 'm', 'e', 'r', 'o', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "downtimerobot.nl", true */ 'd', 'o', 'w', 'n', 't', 'i', 'm', 'e', 'r', 'o', 'b', 'o', 't', '.', 'n', 'l', '\0', + /* "downtownvernon.com", true */ 'd', 'o', 'w', 'n', 't', 'o', 'w', 'n', 'v', 'e', 'r', 'n', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "doyoucheck.com", false */ 'd', 'o', 'y', 'o', 'u', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "doyouedc.com", true */ 'd', 'o', 'y', 'o', 'u', 'e', 'd', 'c', '.', 'c', 'o', 'm', '\0', + /* "doyoutax.com", true */ 'd', 'o', 'y', 'o', 'u', 't', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "doypacky.cz", true */ 'd', 'o', 'y', 'p', 'a', 'c', 'k', 'y', '.', 'c', 'z', '\0', + /* "dpd.com.pl", true */ 'd', 'p', 'd', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0', + /* "dperson.net", true */ 'd', 'p', 'e', 'r', 's', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "dpfsolutionsfl.com", true */ 'd', 'p', 'f', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', 'f', 'l', '.', 'c', 'o', 'm', '\0', + /* "dpg.no", true */ 'd', 'p', 'g', '.', 'n', 'o', '\0', + /* "dpisecuretests.com", true */ 'd', 'p', 'i', 's', 'e', 'c', 'u', 'r', 'e', 't', 'e', 's', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "dprb.biz", true */ 'd', 'p', 'r', 'b', '.', 'b', 'i', 'z', '\0', + /* "dprd-wonogirikab.go.id", false */ 'd', 'p', 'r', 'd', '-', 'w', 'o', 'n', 'o', 'g', 'i', 'r', 'i', 'k', 'a', 'b', '.', 'g', 'o', '.', 'i', 'd', '\0', + /* "dpwsweeps.co.uk", true */ 'd', 'p', 'w', 's', 'w', 'e', 'e', 'p', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dr-schuessler.de", true */ 'd', 'r', '-', 's', 'c', 'h', 'u', 'e', 's', 's', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "dr-www.de", true */ 'd', 'r', '-', 'w', 'w', 'w', '.', 'd', 'e', '\0', + /* "drabadir.com", true */ 'd', 'r', 'a', 'b', 'a', 'd', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "drabben.be", true */ 'd', 'r', 'a', 'b', 'b', 'e', 'n', '.', 'b', 'e', '\0', + /* "drabbin.com", true */ 'd', 'r', 'a', 'b', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "drabim.org", true */ 'd', 'r', 'a', 'b', 'i', 'm', '.', 'o', 'r', 'g', '\0', + /* "dracisvet.cz", true */ 'd', 'r', 'a', 'c', 'i', 's', 'v', 'e', 't', '.', 'c', 'z', '\0', + /* "dracon.es", true */ 'd', 'r', 'a', 'c', 'o', 'n', '.', 'e', 's', '\0', + /* "dracox.com", true */ 'd', 'r', 'a', 'c', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "draftguru.com.au", true */ 'd', 'r', 'a', 'f', 't', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "drafton.com", true */ 'd', 'r', 'a', 'f', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "drageeparadise.fr", true */ 'd', 'r', 'a', 'g', 'e', 'e', 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '.', 'f', 'r', '\0', + /* "dragfiles.com", true */ 'd', 'r', 'a', 'g', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "dragon-aspect.com", true */ 'd', 'r', 'a', 'g', 'o', 'n', '-', 'a', 's', 'p', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "dragon-chem.eu", true */ 'd', 'r', 'a', 'g', 'o', 'n', '-', 'c', 'h', 'e', 'm', '.', 'e', 'u', '\0', + /* "dragon-hearts.co.uk", true */ 'd', 'r', 'a', 'g', 'o', 'n', '-', 'h', 'e', 'a', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dragoncave.me", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'c', 'a', 'v', 'e', '.', 'm', 'e', '\0', + /* "dragoncityhack.tips", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'c', 'i', 't', 'y', 'h', 'a', 'c', 'k', '.', 't', 'i', 'p', 's', '\0', + /* "dragonfly.co.uk", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'f', 'l', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dragonheartsrpg.com", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'h', 'e', 'a', 'r', 't', 's', 'r', 'p', 'g', '.', 'c', 'o', 'm', '\0', + /* "dragonkin.net", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'k', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "dragonprogrammer.com", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "dragonschool.org", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'c', 'h', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0', + /* "dragonsunited.at", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'a', 't', '\0', + /* "dragonsunited.ch", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'h', '\0', + /* "dragonsunited.de", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'd', 'e', '\0', + /* "dragonsunited.eu", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'e', 'u', '\0', + /* "dragonsunited.info", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "dragonsunited.net", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "dragonsunited.org", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "dragonwork.me", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'w', 'o', 'r', 'k', '.', 'm', 'e', '\0', + /* "drahcro.uk", true */ 'd', 'r', 'a', 'h', 'c', 'r', 'o', '.', 'u', 'k', '\0', + /* "drakeluce.com", true */ 'd', 'r', 'a', 'k', 'e', 'l', 'u', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "drakenprospero.com", false */ 'd', 'r', 'a', 'k', 'e', 'n', 'p', 'r', 'o', 's', 'p', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "drakfot.se", true */ 'd', 'r', 'a', 'k', 'f', 'o', 't', '.', 's', 'e', '\0', + /* "dramaticpeople.com", true */ 'd', 'r', 'a', 'm', 'a', 't', 'i', 'c', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "dranderle.com", true */ 'd', 'r', 'a', 'n', 'd', 'e', 'r', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "dranek.com", true */ 'd', 'r', 'a', 'n', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "draugr.de", true */ 'd', 'r', 'a', 'u', 'g', 'r', '.', 'd', 'e', '\0', + /* "draw.uy", true */ 'd', 'r', 'a', 'w', '.', 'u', 'y', '\0', + /* "drawesome.uy", true */ 'd', 'r', 'a', 'w', 'e', 's', 'o', 'm', 'e', '.', 'u', 'y', '\0', + /* "drawingcode.net", true */ 'd', 'r', 'a', 'w', 'i', 'n', 'g', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "drbethanybarnes.com", true */ 'd', 'r', 'b', 'e', 't', 'h', 'a', 'n', 'y', 'b', 'a', 'r', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "drchristinehatfield.ca", true */ 'd', 'r', 'c', 'h', 'r', 'i', 's', 't', 'i', 'n', 'e', 'h', 'a', 't', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'a', '\0', + /* "drchristophepanthier.com", true */ 'd', 'r', 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'p', 'a', 'n', 't', 'h', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "drdavidgilpin.com", true */ 'd', 'r', 'd', 'a', 'v', 'i', 'd', 'g', 'i', 'l', 'p', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "drdim.ru", true */ 'd', 'r', 'd', 'i', 'm', '.', 'r', 'u', '\0', + /* "drdipilla.com", true */ 'd', 'r', 'd', 'i', 'p', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "dreamaholic.club", true */ 'd', 'r', 'e', 'a', 'm', 'a', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'l', 'u', 'b', '\0', + /* "dreamcreator108.com", true */ 'd', 'r', 'e', 'a', 'm', 'c', 'r', 'e', 'a', 't', 'o', 'r', '1', '0', '8', '.', 'c', 'o', 'm', '\0', + /* "dreamhack.com", true */ 'd', 'r', 'e', 'a', 'm', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "dreamhostremixer.com", true */ 'd', 'r', 'e', 'a', 'm', 'h', 'o', 's', 't', 'r', 'e', 'm', 'i', 'x', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "dreamithost.com.au", true */ 'd', 'r', 'e', 'a', 'm', 'i', 't', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "dreamlandmagic.com", true */ 'd', 'r', 'e', 'a', 'm', 'l', 'a', 'n', 'd', 'm', 'a', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "dreamlinehost.com", false */ 'd', 'r', 'e', 'a', 'm', 'l', 'i', 'n', 'e', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "dreamlux.cz", true */ 'd', 'r', 'e', 'a', 'm', 'l', 'u', 'x', '.', 'c', 'z', '\0', + /* "dreamlux.sk", true */ 'd', 'r', 'e', 'a', 'm', 'l', 'u', 'x', '.', 's', 'k', '\0', + /* "dreamonkey.com", true */ 'd', 'r', 'e', 'a', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "dreamtechie.com", true */ 'd', 'r', 'e', 'a', 'm', 't', 'e', 'c', 'h', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "drei01.de", true */ 'd', 'r', 'e', 'i', '0', '1', '.', 'd', 'e', '\0', + /* "dreid.org", true */ 'd', 'r', 'e', 'i', 'd', '.', 'o', 'r', 'g', '\0', + /* "dreiweiden.de", true */ 'd', 'r', 'e', 'i', 'w', 'e', 'i', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "dreizwosechs.de", true */ 'd', 'r', 'e', 'i', 'z', 'w', 'o', 's', 'e', 'c', 'h', 's', '.', 'd', 'e', '\0', + /* "dress-cons.com", true */ 'd', 'r', 'e', 's', 's', '-', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "drevo-door.cz", true */ 'd', 'r', 'e', 'v', 'o', '-', 'd', 'o', 'o', 'r', '.', 'c', 'z', '\0', + /* "drew.beer", true */ 'd', 'r', 'e', 'w', '.', 'b', 'e', 'e', 'r', '\0', + /* "drew.red", true */ 'd', 'r', 'e', 'w', '.', 'r', 'e', 'd', '\0', + /* "dreweryinc.com", true */ 'd', 'r', 'e', 'w', 'e', 'r', 'y', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "drewsilcock.co.uk", true */ 'd', 'r', 'e', 'w', 's', 'i', 'l', 'c', 'o', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dreyfussplasticsurgery.com", true */ 'd', 'r', 'e', 'y', 'f', 'u', 's', 's', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "drezzy.it", true */ 'd', 'r', 'e', 'z', 'z', 'y', '.', 'i', 't', '\0', + /* "drfrey.ch", true */ 'd', 'r', 'f', 'r', 'e', 'y', '.', 'c', 'h', '\0', + /* "drgn.no", true */ 'd', 'r', 'g', 'n', '.', 'n', 'o', '\0', + /* "drheibel.com", true */ 'd', 'r', 'h', 'e', 'i', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "driftdude.nl", true */ 'd', 'r', 'i', 'f', 't', 'd', 'u', 'd', 'e', '.', 'n', 'l', '\0', + /* "drighes.com", true */ 'd', 'r', 'i', 'g', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "drillion.net", true */ 'd', 'r', 'i', 'l', 'l', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "drillnation.com.au", true */ 'd', 'r', 'i', 'l', 'l', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "drinkplanet.eu", true */ 'd', 'r', 'i', 'n', 'k', 'p', 'l', 'a', 'n', 'e', 't', '.', 'e', 'u', '\0', + /* "drino.org", false */ 'd', 'r', 'i', 'n', 'o', '.', 'o', 'r', 'g', '\0', + /* "drive.google.com", false */ 'd', 'r', 'i', 'v', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "drive.xyz", true */ 'd', 'r', 'i', 'v', 'e', '.', 'x', 'y', 'z', '\0', + /* "driven2shine.eu", true */ 'd', 'r', 'i', 'v', 'e', 'n', '2', 's', 'h', 'i', 'n', 'e', '.', 'e', 'u', '\0', + /* "drivenes.net", true */ 'd', 'r', 'i', 'v', 'e', 'n', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "driver.ru", true */ 'd', 'r', 'i', 'v', 'e', 'r', '.', 'r', 'u', '\0', + /* "driver61.com", true */ 'd', 'r', 'i', 'v', 'e', 'r', '6', '1', '.', 'c', 'o', 'm', '\0', + /* "driverless.id", true */ 'd', 'r', 'i', 'v', 'e', 'r', 'l', 'e', 's', 's', '.', 'i', 'd', '\0', + /* "driverprofiler.co.uk", true */ 'd', 'r', 'i', 'v', 'e', 'r', 'p', 'r', 'o', 'f', 'i', 'l', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "driverscollection.com", true */ 'd', 'r', 'i', 'v', 'e', 'r', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "drivewithstatetransit.com.au", true */ 'd', 'r', 'i', 'v', 'e', 'w', 'i', 't', 'h', 's', 't', 'a', 't', 'e', 't', 'r', 'a', 'n', 's', 'i', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "drivingtestpro.com", true */ 'd', 'r', 'i', 'v', 'i', 'n', 'g', 't', 'e', 's', 't', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "drixn.com", true */ 'd', 'r', 'i', 'x', 'n', '.', 'c', 'o', 'm', '\0', + /* "drjacquesmalan.com", true */ 'd', 'r', 'j', 'a', 'c', 'q', 'u', 'e', 's', 'm', 'a', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "drjenafernandez.com", true */ 'd', 'r', 'j', 'e', 'n', 'a', 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'e', 'z', '.', 'c', 'o', 'm', '\0', + /* "drjoe.ca", true */ 'd', 'r', 'j', 'o', 'e', '.', 'c', 'a', '\0', + /* "drjuanitacollier.com", true */ 'd', 'r', 'j', 'u', 'a', 'n', 'i', 't', 'a', 'c', 'o', 'l', 'l', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "drkhsh.at", true */ 'd', 'r', 'k', 'h', 's', 'h', '.', 'a', 't', '\0', + /* "drkmtrx.xyz", true */ 'd', 'r', 'k', 'm', 't', 'r', 'x', '.', 'x', 'y', 'z', '\0', + /* "drlangsdon.com", true */ 'd', 'r', 'l', 'a', 'n', 'g', 's', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "drlazarina.net", true */ 'd', 'r', 'l', 'a', 'z', 'a', 'r', 'i', 'n', 'a', '.', 'n', 'e', 't', '\0', + /* "drms.us", true */ 'd', 'r', 'm', 's', '.', 'u', 's', '\0', + /* "drobniuch.pl", false */ 'd', 'r', 'o', 'b', 'n', 'i', 'u', 'c', 'h', '.', 'p', 'l', '\0', + /* "drogueriaelbarco.com", true */ 'd', 'r', 'o', 'g', 'u', 'e', 'r', 'i', 'a', 'e', 'l', 'b', 'a', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "droidapp.nl", true */ 'd', 'r', 'o', 'i', 'd', 'a', 'p', 'p', '.', 'n', 'l', '\0', + /* "droidgyan.com", true */ 'd', 'r', 'o', 'i', 'd', 'g', 'y', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "droidhere.com", true */ 'd', 'r', 'o', 'i', 'd', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "droidim.com", true */ 'd', 'r', 'o', 'i', 'd', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "droidwave.com", true */ 'd', 'r', 'o', 'i', 'd', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "droidwiki.de", true */ 'd', 'r', 'o', 'i', 'd', 'w', 'i', 'k', 'i', '.', 'd', 'e', '\0', + /* "droithxn.com", true */ 'd', 'r', 'o', 'i', 't', 'h', 'x', 'n', '.', 'c', 'o', 'm', '\0', + /* "drone-it.net", true */ 'd', 'r', 'o', 'n', 'e', '-', 'i', 't', '.', 'n', 'e', 't', '\0', + /* "dronebotworkshop.com", true */ 'd', 'r', 'o', 'n', 'e', 'b', 'o', 't', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "dronepit.dk", true */ 'd', 'r', 'o', 'n', 'e', 'p', 'i', 't', '.', 'd', 'k', '\0', + /* "droni.cz", true */ 'd', 'r', 'o', 'n', 'i', '.', 'c', 'z', '\0', + /* "dronografia.es", true */ 'd', 'r', 'o', 'n', 'o', 'g', 'r', 'a', 'f', 'i', 'a', '.', 'e', 's', '\0', + /* "dropbox.com", true */ 'd', 'r', 'o', 'p', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "dropboxer.net", true */ 'd', 'r', 'o', 'p', 'b', 'o', 'x', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "dropshare.cloud", true */ 'd', 'r', 'o', 'p', 's', 'h', 'a', 'r', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "droso.dk", true */ 'd', 'r', 'o', 's', 'o', '.', 'd', 'k', '\0', + /* "drown.photography", true */ 'd', 'r', 'o', 'w', 'n', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0', + /* "drpetervoigt.de", true */ 'd', 'r', 'p', 'e', 't', 'e', 'r', 'v', 'o', 'i', 'g', 't', '.', 'd', 'e', '\0', + /* "drpico.com.au", true */ 'd', 'r', 'p', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "drrr.chat", true */ 'd', 'r', 'r', 'r', '.', 'c', 'h', 'a', 't', '\0', + /* "drrr.wiki", true */ 'd', 'r', 'r', 'r', '.', 'w', 'i', 'k', 'i', '\0', + /* "drschruefer.de", true */ 'd', 'r', 's', 'c', 'h', 'r', 'u', 'e', 'f', 'e', 'r', '.', 'd', 'e', '\0', + /* "drsturgeonfreitas.com", true */ 'd', 'r', 's', 't', 'u', 'r', 'g', 'e', 'o', 'n', 'f', 'r', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "drturner.com.au", true */ 'd', 'r', 't', 'u', 'r', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "drubn.de", false */ 'd', 'r', 'u', 'b', 'n', '.', 'd', 'e', '\0', + /* "drugagodba.si", true */ 'd', 'r', 'u', 'g', 'a', 'g', 'o', 'd', 'b', 'a', '.', 's', 'i', '\0', + /* "drumbe.at", true */ 'd', 'r', 'u', 'm', 'b', 'e', '.', 'a', 't', '\0', + /* "drummondframing.com", true */ 'd', 'r', 'u', 'm', 'm', 'o', 'n', 'd', 'f', 'r', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "drupal-expert.it", true */ 'd', 'r', 'u', 'p', 'a', 'l', '-', 'e', 'x', 'p', 'e', 'r', 't', '.', 'i', 't', '\0', + /* "drupal.org", true */ 'd', 'r', 'u', 'p', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "drupalspb.org", true */ 'd', 'r', 'u', 'p', 'a', 'l', 's', 'p', 'b', '.', 'o', 'r', 'g', '\0', + /* "drweissbrot.net", true */ 'd', 'r', 'w', 'e', 'i', 's', 's', 'b', 'r', 'o', 't', '.', 'n', 'e', 't', '\0', + /* "drybasement.com", true */ 'd', 'r', 'y', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "drybasementkansas.com", true */ 'd', 'r', 'y', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'k', 'a', 'n', 's', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "drybjed.net", true */ 'd', 'r', 'y', 'b', 'j', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "drycleancoalition.org", true */ 'd', 'r', 'y', 'c', 'l', 'e', 'a', 'n', 'c', 'o', 'a', 'l', 'i', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "drycreekphoto.com", true */ 'd', 'r', 'y', 'c', 'r', 'e', 'e', 'k', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "ds67.de", true */ 'd', 's', '6', '7', '.', 'd', 'e', '\0', + /* "dsancomics.com", true */ 'd', 's', 'a', 'n', 'c', 'o', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "dsayce.com", true */ 'd', 's', 'a', 'y', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "dsbrowser.com", true */ 'd', 's', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "dsebastien.net", true */ 'd', 's', 'e', 'b', 'a', 's', 't', 'i', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "dsektionen.se", true */ 'd', 's', 'e', 'k', 't', 'i', 'o', 'n', 'e', 'n', '.', 's', 'e', '\0', + /* "dsm5.com", true */ 'd', 's', 'm', '5', '.', 'c', 'o', 'm', '\0', + /* "dsol.hu", true */ 'd', 's', 'o', 'l', '.', 'h', 'u', '\0', + /* "dssale.com", true */ 'd', 's', 's', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "dstamou.de", true */ 'd', 's', 't', 'a', 'm', 'o', 'u', '.', 'd', 'e', '\0', + /* "dt27.org", true */ 'd', 't', '2', '7', '.', 'o', 'r', 'g', '\0', + /* "dtbouncycastles.co.uk", true */ 'd', 't', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dtdsh.com", true */ 'd', 't', 'd', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "dtechstore.com.br", true */ 'd', 't', 'e', 'c', 'h', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "dtg-fonds.com", true */ 'd', 't', 'g', '-', 'f', 'o', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "dtg-fonds.de", true */ 'd', 't', 'g', '-', 'f', 'o', 'n', 'd', 's', '.', 'd', 'e', '\0', + /* "dtg-fonds.net", true */ 'd', 't', 'g', '-', 'f', 'o', 'n', 'd', 's', '.', 'n', 'e', 't', '\0', + /* "dtk-vom-chausseehaus.de", true */ 'd', 't', 'k', '-', 'v', 'o', 'm', '-', 'c', 'h', 'a', 'u', 's', 's', 'e', 'e', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0', + /* "dtnx.eu", true */ 'd', 't', 'n', 'x', '.', 'e', 'u', '\0', + /* "dtnx.net", true */ 'd', 't', 'n', 'x', '.', 'n', 'e', 't', '\0', + /* "dtnx.org", true */ 'd', 't', 'n', 'x', '.', 'o', 'r', 'g', '\0', + /* "dtp-mstdn.jp", true */ 'd', 't', 'p', '-', 'm', 's', 't', 'd', 'n', '.', 'j', 'p', '\0', + /* "dtuaarsfest.dk", true */ 'd', 't', 'u', 'a', 'a', 'r', 's', 'f', 'e', 's', 't', '.', 'd', 'k', '\0', + /* "dtx.sk", true */ 'd', 't', 'x', '.', 's', 'k', '\0', + /* "dualascent.com", true */ 'd', 'u', 'a', 'l', 'a', 's', 'c', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "dualias.xyz", false */ 'd', 'u', 'a', 'l', 'i', 'a', 's', '.', 'x', 'y', 'z', '\0', + /* "duan.li", true */ 'd', 'u', 'a', 'n', '.', 'l', 'i', '\0', + /* "dubaieveningsafari.com", true */ 'd', 'u', 'b', 'a', 'i', 'e', 'v', 'e', 'n', 'i', 'n', 'g', 's', 'a', 'f', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "dublin-traceroute.net", true */ 'd', 'u', 'b', 'l', 'i', 'n', '-', 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "dubrovnik-dental.clinic", true */ 'd', 'u', 'b', 'r', 'o', 'v', 'n', 'i', 'k', '-', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'l', 'i', 'n', 'i', 'c', '\0', + /* "ducalendars.com", true */ 'd', 'u', 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "duckasylum.com", true */ 'd', 'u', 'c', 'k', 'a', 's', 'y', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "duckbase.com", true */ 'd', 'u', 'c', 'k', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "duckduckstart.com", true */ 'd', 'u', 'c', 'k', 'd', 'u', 'c', 'k', 's', 't', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "duckinc.net", true */ 'd', 'u', 'c', 'k', 'i', 'n', 'c', '.', 'n', 'e', 't', '\0', + /* "duckyubuntu.tk", true */ 'd', 'u', 'c', 'k', 'y', 'u', 'b', 'u', 'n', 't', 'u', '.', 't', 'k', '\0', + /* "duernberg.at", true */ 'd', 'u', 'e', 'r', 'n', 'b', 'e', 'r', 'g', '.', 'a', 't', '\0', + /* "duesee.org", true */ 'd', 'u', 'e', 's', 'e', 'e', '.', 'o', 'r', 'g', '\0', + /* "dufrei.com", true */ 'd', 'u', 'f', 'r', 'e', 'i', '.', 'c', 'o', 'm', '\0', + /* "dugnet.com", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "dugnet.io", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'i', 'o', '\0', + /* "dugnet.net", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "dugnet.org", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "dugnet.tech", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 't', 'e', 'c', 'h', '\0', + /* "dugunedavet.com", true */ 'd', 'u', 'g', 'u', 'n', 'e', 'd', 'a', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "duh.se", true */ 'd', 'u', 'h', '.', 's', 'e', '\0', + /* "duijf.info", true */ 'd', 'u', 'i', 'j', 'f', '.', 'i', 'n', 'f', 'o', '\0', + /* "duijfathome.nl", true */ 'd', 'u', 'i', 'j', 'f', 'a', 't', 'h', 'o', 'm', 'e', '.', 'n', 'l', '\0', + /* "duitang.com", true */ 'd', 'u', 'i', 't', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "dujsq.com", true */ 'd', 'u', 'j', 's', 'q', '.', 'c', 'o', 'm', '\0', + /* "dujsq.top", true */ 'd', 'u', 'j', 's', 'q', '.', 't', 'o', 'p', '\0', + /* "dukan-recepty.ru", true */ 'd', 'u', 'k', 'a', 'n', '-', 'r', 'e', 'c', 'e', 'p', 't', 'y', '.', 'r', 'u', '\0', + /* "dukefox.com", true */ 'd', 'u', 'k', 'e', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "dukegat.de", true */ 'd', 'u', 'k', 'e', 'g', 'a', 't', '.', 'd', 'e', '\0', + /* "dukesatqueens.com", true */ 'd', 'u', 'k', 'e', 's', 'a', 't', 'q', 'u', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "dukun.de", true */ 'd', 'u', 'k', 'u', 'n', '.', 'd', 'e', '\0', + /* "dulei.si", true */ 'd', 'u', 'l', 'e', 'i', '.', 's', 'i', '\0', + /* "dullapp.com", true */ 'd', 'u', 'l', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "dumax.xyz", true */ 'd', 'u', 'm', 'a', 'x', '.', 'x', 'y', 'z', '\0', + /* "dumbeartech.com", true */ 'd', 'u', 'm', 'b', 'e', 'a', 'r', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "dumbomove.com.au", true */ 'd', 'u', 'm', 'b', 'o', 'm', 'o', 'v', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "dumino.bg", true */ 'd', 'u', 'm', 'i', 'n', 'o', '.', 'b', 'g', '\0', + /* "dumpsters.com", true */ 'd', 'u', 'm', 'p', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "dunableguitars.com", false */ 'd', 'u', 'n', 'a', 'b', 'l', 'e', 'g', 'u', 'i', 't', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "dunashoes.com", true */ 'd', 'u', 'n', 'a', 's', 'h', 'o', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "duncancmt.com", true */ 'd', 'u', 'n', 'c', 'a', 'n', 'c', 'm', 't', '.', 'c', 'o', 'm', '\0', + /* "duncanfamilytrust.org", true */ 'd', 'u', 'n', 'c', 'a', 'n', 'f', 'a', 'm', 'i', 'l', 'y', 't', 'r', 'u', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "duncanwinfrey.com", true */ 'd', 'u', 'n', 'c', 'a', 'n', 'w', 'i', 'n', 'f', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "dundalkdonnie.com", true */ 'd', 'u', 'n', 'd', 'a', 'l', 'k', 'd', 'o', 'n', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "dungeon-bbs.de", true */ 'd', 'u', 'n', 'g', 'e', 'o', 'n', '-', 'b', 'b', 's', '.', 'd', 'e', '\0', + /* "dunmanelectric.com", true */ 'd', 'u', 'n', 'm', 'a', 'n', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "duo.com", true */ 'd', 'u', 'o', '.', 'c', 'o', 'm', '\0', + /* "duoluodeyu.com", true */ 'd', 'u', 'o', 'l', 'u', 'o', 'd', 'e', 'y', 'u', '.', 'c', 'o', 'm', '\0', + /* "dupisces.com.tw", true */ 'd', 'u', 'p', 'i', 's', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "dupree.co", true */ 'd', 'u', 'p', 'r', 'e', 'e', '.', 'c', 'o', '\0', + /* "durdle.com", true */ 'd', 'u', 'r', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "dureuil.info", true */ 'd', 'u', 'r', 'e', 'u', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "durexwinkel.nl", true */ 'd', 'u', 'r', 'e', 'x', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0', + /* "duria.de", true */ 'd', 'u', 'r', 'i', 'a', '.', 'd', 'e', '\0', + /* "duriaux-dentiste.ch", true */ 'd', 'u', 'r', 'i', 'a', 'u', 'x', '-', 'd', 'e', 'n', 't', 'i', 's', 't', 'e', '.', 'c', 'h', '\0', + /* "durys.be", true */ 'd', 'u', 'r', 'y', 's', '.', 'b', 'e', '\0', + /* "dusmomente.com", true */ 'd', 'u', 's', 'm', 'o', 'm', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "dustri.org", true */ 'd', 'u', 's', 't', 'r', 'i', '.', 'o', 'r', 'g', '\0', + /* "dustycloth.com", true */ 'd', 'u', 's', 't', 'y', 'c', 'l', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "dustygroove.com", true */ 'd', 'u', 's', 't', 'y', 'g', 'r', 'o', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "dustyspokesbnb.ca", true */ 'd', 'u', 's', 't', 'y', 's', 'p', 'o', 'k', 'e', 's', 'b', 'n', 'b', '.', 'c', 'a', '\0', + /* "dutch.desi", true */ 'd', 'u', 't', 'c', 'h', '.', 'd', 'e', 's', 'i', '\0', + /* "dutch1.nl", true */ 'd', 'u', 't', 'c', 'h', '1', '.', 'n', 'l', '\0', + /* "dutchrank.nl", true */ 'd', 'u', 't', 'c', 'h', 'r', 'a', 'n', 'k', '.', 'n', 'l', '\0', + /* "dutchweballiance.nl", true */ 'd', 'u', 't', 'c', 'h', 'w', 'e', 'b', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'n', 'l', '\0', + /* "dutyfreeonboard.com", true */ 'd', 'u', 't', 'y', 'f', 'r', 'e', 'e', 'o', 'n', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "duyao.de", false */ 'd', 'u', 'y', 'a', 'o', '.', 'd', 'e', '\0', + /* "dv189.com", true */ 'd', 'v', '1', '8', '9', '.', 'c', 'o', 'm', '\0', + /* "dvbris.co.uk", true */ 'd', 'v', 'b', 'r', 'i', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dvbris.com", true */ 'd', 'v', 'b', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "dvdland.com.au", true */ 'd', 'v', 'd', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "dvhosting.be", true */ 'd', 'v', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'b', 'e', '\0', + /* "dvnatura.ch", true */ 'd', 'v', 'n', 'a', 't', 'u', 'r', 'a', '.', 'c', 'h', '\0', + /* "dvorupotocnych.sk", true */ 'd', 'v', 'o', 'r', 'u', 'p', 'o', 't', 'o', 'c', 'n', 'y', 'c', 'h', '.', 's', 'k', '\0', + /* "dvotx.org", true */ 'd', 'v', 'o', 't', 'x', '.', 'o', 'r', 'g', '\0', + /* "dvwc.org", true */ 'd', 'v', 'w', 'c', '.', 'o', 'r', 'g', '\0', + /* "dvx.cloud", true */ 'd', 'v', 'x', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "dwgf.xyz", true */ 'd', 'w', 'g', 'f', '.', 'x', 'y', 'z', '\0', + /* "dworzak.ch", true */ 'd', 'w', 'o', 'r', 'z', 'a', 'k', '.', 'c', 'h', '\0', + /* "dwscdv3.com", true */ 'd', 'w', 's', 'c', 'd', 'v', '3', '.', 'c', 'o', 'm', '\0', + /* "dwtm.ch", true */ 'd', 'w', 't', 'm', '.', 'c', 'h', '\0', + /* "dwworld.co.uk", true */ 'd', 'w', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dxa.io", false */ 'd', 'x', 'a', '.', 'i', 'o', '\0', + /* "dxgl.info", true */ 'd', 'x', 'g', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "dxm.no-ip.biz", true */ 'd', 'x', 'm', '.', 'n', 'o', '-', 'i', 'p', '.', 'b', 'i', 'z', '\0', + /* "dyeager.org", true */ 'd', 'y', 'e', 'a', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "dyktig.as", true */ 'd', 'y', 'k', 't', 'i', 'g', '.', 'a', 's', '\0', + /* "dyktig.no", true */ 'd', 'y', 'k', 't', 'i', 'g', '.', 'n', 'o', '\0', + /* "dylanboudro.com", true */ 'd', 'y', 'l', 'a', 'n', 'b', 'o', 'u', 'd', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "dylankatz.com", true */ 'd', 'y', 'l', 'a', 'n', 'k', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "dylanknoll.ca", true */ 'd', 'y', 'l', 'a', 'n', 'k', 'n', 'o', 'l', 'l', '.', 'c', 'a', '\0', + /* "dyn-nserve.net", true */ 'd', 'y', 'n', '-', 'n', 's', 'e', 'r', 'v', 'e', '.', 'n', 'e', 't', '\0', + /* "dyn.im", true */ 'd', 'y', 'n', '.', 'i', 'm', '\0', + /* "dynaloop.net", true */ 'd', 'y', 'n', 'a', 'l', 'o', 'o', 'p', '.', 'n', 'e', 't', '\0', + /* "dynamic-networks.be", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'b', 'e', '\0', + /* "dynamicnet.net", false */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 'n', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "dynamics-365.no", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '-', '3', '6', '5', '.', 'n', 'o', '\0', + /* "dynamics365.no", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '3', '6', '5', '.', 'n', 'o', '\0', + /* "dynamicsnetwork.net", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "dynamictostatic.com", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 't', 'o', 's', 't', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "dynamicyou.co.uk", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 'y', 'o', 'u', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "dynastic.co", true */ 'd', 'y', 'n', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', '\0', + /* "dynn.be", true */ 'd', 'y', 'n', 'n', '.', 'b', 'e', '\0', + /* "dynorphin.com", true */ 'd', 'y', 'n', 'o', 'r', 'p', 'h', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "dynorphins.com", true */ 'd', 'y', 'n', 'o', 'r', 'p', 'h', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "dynts.pro", false */ 'd', 'y', 'n', 't', 's', '.', 'p', 'r', 'o', '\0', + /* "dynx.pl", true */ 'd', 'y', 'n', 'x', '.', 'p', 'l', '\0', + /* "dyrenesverden.no", true */ 'd', 'y', 'r', 'e', 'n', 'e', 's', 'v', 'e', 'r', 'd', 'e', 'n', '.', 'n', 'o', '\0', + /* "dyrkar.com", true */ 'd', 'y', 'r', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "dysthymia.com", true */ 'd', 'y', 's', 't', 'h', 'y', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "dyyn.de", true */ 'd', 'y', 'y', 'n', '.', 'd', 'e', '\0', + /* "dyz.pw", true */ 'd', 'y', 'z', '.', 'p', 'w', '\0', + /* "dzeina.ch", true */ 'd', 'z', 'e', 'i', 'n', 'a', '.', 'c', 'h', '\0', + /* "dzet.de", true */ 'd', 'z', 'e', 't', '.', 'd', 'e', '\0', + /* "dziekonski.com", true */ 'd', 'z', 'i', 'e', 'k', 'o', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "dziurdzia.pl", true */ 'd', 'z', 'i', 'u', 'r', 'd', 'z', 'i', 'a', '.', 'p', 'l', '\0', + /* "dzndk.com", true */ 'd', 'z', 'n', 'd', 'k', '.', 'c', 'o', 'm', '\0', + /* "dzndk.net", true */ 'd', 'z', 'n', 'd', 'k', '.', 'n', 'e', 't', '\0', + /* "dzndk.org", true */ 'd', 'z', 'n', 'd', 'k', '.', 'o', 'r', 'g', '\0', + /* "dzomo.org", true */ 'd', 'z', 'o', 'm', 'o', '.', 'o', 'r', 'g', '\0', + /* "dzsula.hu", true */ 'd', 'z', 's', 'u', 'l', 'a', '.', 'h', 'u', '\0', + /* "dzyabchenko.com", true */ 'd', 'z', 'y', 'a', 'b', 'c', 'h', 'e', 'n', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "e-apack.com.br", true */ 'e', '-', 'a', 'p', 'a', 'c', 'k', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "e-briancon.com", true */ 'e', '-', 'b', 'r', 'i', 'a', 'n', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "e-cottage.com.br", true */ 'e', '-', 'c', 'o', 't', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "e-hon.link", true */ 'e', '-', 'h', 'o', 'n', '.', 'l', 'i', 'n', 'k', '\0', + /* "e-id.ee", true */ 'e', '-', 'i', 'd', '.', 'e', 'e', '\0', + /* "e-kontakti.fi", true */ 'e', '-', 'k', 'o', 'n', 't', 'a', 'k', 't', 'i', '.', 'f', 'i', '\0', + /* "e-lambre.com", true */ 'e', '-', 'l', 'a', 'm', 'b', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "e-learningbs.com", true */ 'e', '-', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "e-lifetechnology.com", true */ 'e', '-', 'l', 'i', 'f', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "e-migration.ch", true */ 'e', '-', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "e-standardstore.org", true */ 'e', '-', 's', 't', 'a', 'n', 'd', 'a', 'r', 'd', 's', 't', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "e-surveillant.nl", true */ 'e', '-', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 't', '.', 'n', 'l', '\0', + /* "e-teacher.pl", true */ 'e', '-', 't', 'e', 'a', 'c', 'h', 'e', 'r', '.', 'p', 'l', '\0', + /* "e-tech-solution.com", true */ 'e', '-', 't', 'e', 'c', 'h', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "e-tmf.org", true */ 'e', '-', 't', 'm', 'f', '.', 'o', 'r', 'g', '\0', + /* "e-tresor.at", true */ 'e', '-', 't', 'r', 'e', 's', 'o', 'r', '.', 'a', 't', '\0', + /* "e-tune-mt.net", true */ 'e', '-', 't', 'u', 'n', 'e', '-', 'm', 't', '.', 'n', 'e', 't', '\0', + /* "e-typ.eu", true */ 'e', '-', 't', 'y', 'p', '.', 'e', 'u', '\0', + /* "e-vau.de", true */ 'e', '-', 'v', 'a', 'u', '.', 'd', 'e', '\0', + /* "e-worksmedia.com", true */ 'e', '-', 'w', 'o', 'r', 'k', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "e.mail.ru", true */ 'e', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0', + /* "e024.org", true */ 'e', '0', '2', '4', '.', 'o', 'r', 'g', '\0', + /* "e11even.nl", false */ 'e', '1', '1', 'e', 'v', 'e', 'n', '.', 'n', 'l', '\0', + /* "e191.com", true */ 'e', '1', '9', '1', '.', 'c', 'o', 'm', '\0', + /* "e2feed.com", true */ 'e', '2', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "e30.ee", true */ 'e', '3', '0', '.', 'e', 'e', '\0', + /* "e3kids.com", true */ 'e', '3', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "e3q.de", true */ 'e', '3', 'q', '.', 'd', 'e', '\0', + /* "e505.net", true */ 'e', '5', '0', '5', '.', 'n', 'e', 't', '\0', + /* "e5tv.hu", true */ 'e', '5', 't', 'v', '.', 'h', 'u', '\0', + /* "e64.com", true */ 'e', '6', '4', '.', 'c', 'o', 'm', '\0', + /* "e7d.io", true */ 'e', '7', 'd', '.', 'i', 'o', '\0', + /* "e9a.at", true */ 'e', '9', 'a', '.', 'a', 't', '\0', + /* "ea2drocks.com", true */ 'e', 'a', '2', 'd', 'r', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "ead-italia.it", true */ 'e', 'a', 'd', '-', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0', + /* "eagle-yard.de", true */ 'e', 'a', 'g', 'l', 'e', '-', 'y', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "eagleindustriesltd.com", true */ 'e', 'a', 'g', 'l', 'e', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0', + /* "eagleridgecampground.com", true */ 'e', 'a', 'g', 'l', 'e', 'r', 'i', 'd', 'g', 'e', 'c', 'a', 'm', 'p', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "eaglesecurity.com", true */ 'e', 'a', 'g', 'l', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "eagletechz.com.br", true */ 'e', 'a', 'g', 'l', 'e', 't', 'e', 'c', 'h', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "eagleyecs.com", true */ 'e', 'a', 'g', 'l', 'e', 'y', 'e', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "eaimty.com", true */ 'e', 'a', 'i', 'm', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "ealev.de", true */ 'e', 'a', 'l', 'e', 'v', '.', 'd', 'e', '\0', + /* "eames-clayton.us", true */ 'e', 'a', 'm', 'e', 's', '-', 'c', 'l', 'a', 'y', 't', 'o', 'n', '.', 'u', 's', '\0', + /* "eapestudioweb.com", true */ 'e', 'a', 'p', 'e', 's', 't', 'u', 'd', 'i', 'o', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "earl.org.uk", true */ 'e', 'a', 'r', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "earlyyearshub.com", true */ 'e', 'a', 'r', 'l', 'y', 'y', 'e', 'a', 'r', 's', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "earmarks.gov", true */ 'e', 'a', 'r', 'm', 'a', 'r', 'k', 's', '.', 'g', 'o', 'v', '\0', + /* "earn.com", true */ 'e', 'a', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "earth-people.org", true */ 'e', 'a', 'r', 't', 'h', '-', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "earticleblog.com", true */ 'e', 'a', 'r', 't', 'i', 'c', 'l', 'e', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "earvinkayonga.com", true */ 'e', 'a', 'r', 'v', 'i', 'n', 'k', 'a', 'y', 'o', 'n', 'g', 'a', '.', 'c', 'o', 'm', '\0', + /* "easelforart.com", true */ 'e', 'a', 's', 'e', 'l', 'f', 'o', 'r', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "eashwar.com", true */ 'e', 'a', 's', 'h', 'w', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "eason-yang.com", true */ 'e', 'a', 's', 'o', 'n', '-', 'y', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "east-line.su", true */ 'e', 'a', 's', 't', '-', 'l', 'i', 'n', 'e', '.', 's', 'u', '\0', + /* "eastarm.net", true */ 'e', 'a', 's', 't', 'a', 'r', 'm', '.', 'n', 'e', 't', '\0', + /* "eastcoastbubbleandbounce.co.uk", true */ 'e', 'a', 's', 't', 'c', 'o', 'a', 's', 't', 'b', 'u', 'b', 'b', 'l', 'e', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eastcoastinflatables.co.uk", true */ 'e', 'a', 's', 't', 'c', 'o', 'a', 's', 't', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eastlothianbouncycastles.co.uk", true */ 'e', 'a', 's', 't', 'l', 'o', 't', 'h', 'i', 'a', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eastmanbusinessinstitute.com", true */ 'e', 'a', 's', 't', 'm', 'a', 'n', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "eastmontgroup.com", true */ 'e', 'a', 's', 't', 'm', 'o', 'n', 't', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "easy-factures.fr", true */ 'e', 'a', 's', 'y', '-', 'f', 'a', 'c', 't', 'u', 'r', 'e', 's', '.', 'f', 'r', '\0', + /* "easy-rpg.org", false */ 'e', 'a', 's', 'y', '-', 'r', 'p', 'g', '.', 'o', 'r', 'g', '\0', + /* "easyadsnbanners.tk", false */ 'e', 'a', 's', 'y', 'a', 'd', 's', 'n', 'b', 'a', 'n', 'n', 'e', 'r', 's', '.', 't', 'k', '\0', + /* "easycoding.org", true */ 'e', 'a', 's', 'y', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "easyconstat.com", true */ 'e', 'a', 's', 'y', 'c', 'o', 'n', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "easycosmetic.ch", true */ 'e', 'a', 's', 'y', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', '.', 'c', 'h', '\0', + /* "easycup.com", true */ 'e', 'a', 's', 'y', 'c', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "easyfiles.ch", true */ 'e', 'a', 's', 'y', 'f', 'i', 'l', 'e', 's', '.', 'c', 'h', '\0', + /* "easyhaul.com", true */ 'e', 'a', 's', 'y', 'h', 'a', 'u', 'l', '.', 'c', 'o', 'm', '\0', + /* "easyllc.com", false */ 'e', 'a', 's', 'y', 'l', 'l', 'c', '.', 'c', 'o', 'm', '\0', + /* "easyocm.hu", true */ 'e', 'a', 's', 'y', 'o', 'c', 'm', '.', 'h', 'u', '\0', + /* "easyproperty.com", true */ 'e', 'a', 's', 'y', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "easypv.ch", true */ 'e', 'a', 's', 'y', 'p', 'v', '.', 'c', 'h', '\0', + /* "easysimplecrm.com", false */ 'e', 'a', 's', 'y', 's', 'i', 'm', 'p', 'l', 'e', 'c', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "easystore.co", true */ 'e', 'a', 's', 'y', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', '\0', + /* "eat-sleep-code.com", true */ 'e', 'a', 't', '-', 's', 'l', 'e', 'e', 'p', '-', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "eat-the-world.ch", true */ 'e', 'a', 't', '-', 't', 'h', 'e', '-', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'h', '\0', + /* "eatery.co.il", true */ 'e', 'a', 't', 'e', 'r', 'y', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "eatlowcarb.de", false */ 'e', 'a', 't', 'l', 'o', 'w', 'c', 'a', 'r', 'b', '.', 'd', 'e', '\0', + /* "eaton-works.com", true */ 'e', 'a', 't', 'o', 'n', '-', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "eatsleeprepeat.net", true */ 'e', 'a', 't', 's', 'l', 'e', 'e', 'p', 'r', 'e', 'p', 'e', 'a', 't', '.', 'n', 'e', 't', '\0', + /* "eatson.com", true */ 'e', 'a', 't', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "eattherich.us", true */ 'e', 'a', 't', 't', 'h', 'e', 'r', 'i', 'c', 'h', '.', 'u', 's', '\0', + /* "eatz.com", true */ 'e', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "eauxdespleiades.ch", true */ 'e', 'a', 'u', 'x', 'd', 'e', 's', 'p', 'l', 'e', 'i', 'a', 'd', 'e', 's', '.', 'c', 'h', '\0', + /* "eb-net.de", true */ 'e', 'b', '-', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "eb7.jp", true */ 'e', 'b', '7', '.', 'j', 'p', '\0', + /* "ebanking.indovinabank.com.vn", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'i', 'n', 'd', 'o', 'v', 'i', 'n', 'a', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '.', 'v', 'n', '\0', + /* "ebankingabersicher.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'a', 'b', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', '.', 'c', 'h', '\0', + /* "ebankingbutsecure.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'b', 'u', 't', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'h', '\0', + /* "ebankingentoutesecurite.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'e', 'n', 't', 'o', 'u', 't', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'e', '.', 'c', 'h', '\0', + /* "ebankingmasicuro.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'm', 'a', 's', 'i', 'c', 'u', 'r', 'o', '.', 'c', 'h', '\0', + /* "ebas.ch", true */ 'e', 'b', 'a', 's', '.', 'c', 'h', '\0', + /* "ebataw.com", true */ 'e', 'b', 'a', 't', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "ebayinc.com", true */ 'e', 'b', 'a', 'y', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "ebaymotorssucks.com", true */ 'e', 'b', 'a', 'y', 'm', 'o', 't', 'o', 'r', 's', 's', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "ebermannstadt.de", false */ 'e', 'b', 'e', 'r', 'm', 'a', 'n', 'n', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0', + /* "eboek.info", true */ 'e', 'b', 'o', 'e', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "ebooki.eu.org", true */ 'e', 'b', 'o', 'o', 'k', 'i', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "ebop.ch", true */ 'e', 'b', 'o', 'p', '.', 'c', 'h', '\0', + /* "eboyer.com", true */ 'e', 'b', 'o', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ebrnd.de", true */ 'e', 'b', 'r', 'n', 'd', '.', 'd', 'e', '\0', + /* "ebrowz.com", true */ 'e', 'b', 'r', 'o', 'w', 'z', '.', 'c', 'o', 'm', '\0', + /* "ec-baran.de", true */ 'e', 'c', '-', 'b', 'a', 'r', 'a', 'n', '.', 'd', 'e', '\0', + /* "ecchidreams.com", true */ 'e', 'c', 'c', 'h', 'i', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "ecco-verde.com", false */ 'e', 'c', 'c', 'o', '-', 'v', 'e', 'r', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "eccoviasolutions.com", true */ 'e', 'c', 'c', 'o', 'v', 'i', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "eccux.com", true */ 'e', 'c', 'c', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "ecelembrou.ovh", true */ 'e', 'c', 'e', 'l', 'e', 'm', 'b', 'r', 'o', 'u', '.', 'o', 'v', 'h', '\0', + /* "ecfnorte.com.br", true */ 'e', 'c', 'f', 'n', 'o', 'r', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "echatta.net", true */ 'e', 'c', 'h', 'a', 't', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "echatta.org", true */ 'e', 'c', 'h', 'a', 't', 't', 'a', '.', 'o', 'r', 'g', '\0', + /* "echo-security.co", true */ 'e', 'c', 'h', 'o', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '\0', + /* "echoactive.com", true */ 'e', 'c', 'h', 'o', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "echoanalytics.com", true */ 'e', 'c', 'h', 'o', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "echodio.com", true */ 'e', 'c', 'h', 'o', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "echofoxtrot.co", true */ 'e', 'c', 'h', 'o', 'f', 'o', 'x', 't', 'r', 'o', 't', '.', 'c', 'o', '\0', + /* "echomanchester.net", true */ 'e', 'c', 'h', 'o', 'm', 'a', 'n', 'c', 'h', 'e', 's', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "echopaper.com", true */ 'e', 'c', 'h', 'o', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "echosim.io", true */ 'e', 'c', 'h', 'o', 's', 'i', 'm', '.', 'i', 'o', '\0', + /* "echosixmonkey.com", true */ 'e', 'c', 'h', 'o', 's', 'i', 'x', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "echosystem.fr", true */ 'e', 'c', 'h', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'f', 'r', '\0', + /* "echoworld.ch", true */ 'e', 'c', 'h', 'o', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'h', '\0', + /* "ecirtam.net", true */ 'e', 'c', 'i', 'r', 't', 'a', 'm', '.', 'n', 'e', 't', '\0', + /* "eckel.co", true */ 'e', 'c', 'k', 'e', 'l', '.', 'c', 'o', '\0', + /* "eclipse.ws", true */ 'e', 'c', 'l', 'i', 'p', 's', 'e', '.', 'w', 's', '\0', + /* "ecnetworker.com", true */ 'e', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "eco-derattizzazione.it", true */ 'e', 'c', 'o', '-', 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'i', 't', '\0', + /* "eco-work.it", true */ 'e', 'c', 'o', '-', 'w', 'o', 'r', 'k', '.', 'i', 't', '\0', + /* "ecoccinelles.ch", true */ 'e', 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0', + /* "ecoccinelles.com", true */ 'e', 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ecococon.fr", true */ 'e', 'c', 'o', 'c', 'o', 'c', 'o', 'n', '.', 'f', 'r', '\0', + /* "ecodigital.social", true */ 'e', 'c', 'o', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0', + /* "ecogen.com.au", true */ 'e', 'c', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "ecogen.net.au", true */ 'e', 'c', 'o', 'g', 'e', 'n', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "ecoheatcool.co.uk", true */ 'e', 'c', 'o', 'h', 'e', 'a', 't', 'c', 'o', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ecohostingservices.uk", true */ 'e', 'c', 'o', 'h', 'o', 's', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'u', 'k', '\0', + /* "ecolala.my", true */ 'e', 'c', 'o', 'l', 'a', 'l', 'a', '.', 'm', 'y', '\0', + /* "ecole-attalens.ch", true */ 'e', 'c', 'o', 'l', 'e', '-', 'a', 't', 't', 'a', 'l', 'e', 'n', 's', '.', 'c', 'h', '\0', + /* "ecole-iaf.fr", true */ 'e', 'c', 'o', 'l', 'e', '-', 'i', 'a', 'f', '.', 'f', 'r', '\0', + /* "ecoledusabbat.org", true */ 'e', 'c', 'o', 'l', 'e', 'd', 'u', 's', 'a', 'b', 'b', 'a', 't', '.', 'o', 'r', 'g', '\0', + /* "ecolemathurincordier.com", true */ 'e', 'c', 'o', 'l', 'e', 'm', 'a', 't', 'h', 'u', 'r', 'i', 'n', 'c', 'o', 'r', 'd', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ecolesrec.ch", true */ 'e', 'c', 'o', 'l', 'e', 's', 'r', 'e', 'c', '.', 'c', 'h', '\0', + /* "ecolife-vrn.ru", true */ 'e', 'c', 'o', 'l', 'i', 'f', 'e', '-', 'v', 'r', 'n', '.', 'r', 'u', '\0', + /* "ecompen.co.za", true */ 'e', 'c', 'o', 'm', 'p', 'e', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "econativa.pt", true */ 'e', 'c', 'o', 'n', 'a', 't', 'i', 'v', 'a', '.', 'p', 't', '\0', + /* "economias.pt", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'a', 's', '.', 'p', 't', '\0', + /* "economicinclusion.gov", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'c', 'i', 'n', 'c', 'l', 'u', 's', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0', + /* "economiefidu.ch", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'e', 'f', 'i', 'd', 'u', '.', 'c', 'h', '\0', + /* "economies.ch", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'e', 's', '.', 'c', 'h', '\0', + /* "economy.st", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'y', '.', 's', 't', '\0', + /* "econsumer.gov", true */ 'e', 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'g', 'o', 'v', '\0', + /* "ecorp.cc", true */ 'e', 'c', 'o', 'r', 'p', '.', 'c', 'c', '\0', + /* "ecos-ev.de", true */ 'e', 'c', 'o', 's', '-', 'e', 'v', '.', 'd', 'e', '\0', + /* "ecoshare.info", true */ 'e', 'c', 'o', 's', 'h', 'a', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "ecoskif.ru", true */ 'e', 'c', 'o', 's', 'k', 'i', 'f', '.', 'r', 'u', '\0', + /* "ecosoftconsult.com", true */ 'e', 'c', 'o', 's', 'o', 'f', 't', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "ecosound.ch", true */ 'e', 'c', 'o', 's', 'o', 'u', 'n', 'd', '.', 'c', 'h', '\0', + /* "ecosystem.atlassian.net", true */ 'e', 'c', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "ecoterramedia.com", true */ 'e', 'c', 'o', 't', 'e', 'r', 'r', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "ecotruck-pooling.com", true */ 'e', 'c', 'o', 't', 'r', 'u', 'c', 'k', '-', 'p', 'o', 'o', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "ecovision.com.br", true */ 'e', 'c', 'o', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ecrandouble.ch", true */ 'e', 'c', 'r', 'a', 'n', 'd', 'o', 'u', 'b', 'l', 'e', '.', 'c', 'h', '\0', + /* "ecupcafe.com", false */ 'e', 'c', 'u', 'p', 'c', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "ed.gs", true */ 'e', 'd', '.', 'g', 's', '\0', + /* "edakoe.ru", true */ 'e', 'd', 'a', 'k', 'o', 'e', '.', 'r', 'u', '\0', + /* "edd-miles.com", true */ 'e', 'd', 'd', '-', 'm', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "eddesign.ch", true */ 'e', 'd', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'h', '\0', + /* "eddmil.es", true */ 'e', 'd', 'd', 'm', 'i', 'l', '.', 'e', 's', '\0', + /* "edeca.net", true */ 'e', 'd', 'e', 'c', 'a', '.', 'n', 'e', 't', '\0', + /* "edenmal.net", true */ 'e', 'd', 'e', 'n', 'm', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "edenvalerubbleremovals.co.za", true */ 'e', 'd', 'e', 'n', 'v', 'a', 'l', 'e', 'r', 'u', 'b', 'b', 'l', 'e', 'r', 'e', 'm', 'o', 'v', 'a', 'l', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "edesseglabor.hu", true */ 'e', 'd', 'e', 's', 's', 'e', 'g', 'l', 'a', 'b', 'o', 'r', '.', 'h', 'u', '\0', + /* "edge-cloud.net", true */ 'e', 'd', 'g', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0', + /* "edgeservices.co.uk", true */ 'e', 'd', 'g', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "edgetalk.net", true */ 'e', 'd', 'g', 'e', 't', 'a', 'l', 'k', '.', 'n', 'e', 't', '\0', + /* "edhesive.com", true */ 'e', 'd', 'h', 'e', 's', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "edholm.pub", true */ 'e', 'd', 'h', 'o', 'l', 'm', '.', 'p', 'u', 'b', '\0', + /* "edibarcode.com", true */ 'e', 'd', 'i', 'b', 'a', 'r', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "edicct.com", true */ 'e', 'd', 'i', 'c', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "edisonchee.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'c', 'h', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "edisonlee55.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'l', 'e', 'e', '5', '5', '.', 'c', 'o', 'm', '\0', + /* "edisonluiz.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'l', 'u', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "edisonnissanparts.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "edit.yahoo.com", false */ 'e', 'd', 'i', 't', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "edition-bambou.com", true */ 'e', 'd', 'i', 't', 'i', 'o', 'n', '-', 'b', 'a', 'm', 'b', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "edition-sonblom.de", true */ 'e', 'd', 'i', 't', 'i', 'o', 'n', '-', 's', 'o', 'n', 'b', 'l', 'o', 'm', '.', 'd', 'e', '\0', + /* "editoraacademiacrista.com.br", true */ 'e', 'd', 'i', 't', 'o', 'r', 'a', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'a', 'c', 'r', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "edlinus.cn", true */ 'e', 'd', 'l', 'i', 'n', 'u', 's', '.', 'c', 'n', '\0', + /* "edmundcelis.com", true */ 'e', 'd', 'm', 'u', 'n', 'd', 'c', 'e', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "edoss.co.za", true */ 'e', 'd', 'o', 's', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "edp-collaborative.com", true */ 'e', 'd', 'p', '-', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "edsm.net", true */ 'e', 'd', 's', 'm', '.', 'n', 'e', 't', '\0', + /* "edstep.com", true */ 'e', 'd', 's', 't', 'e', 'p', '.', 'c', 'o', 'm', '\0', + /* "edtech-hub.com", true */ 'e', 'd', 't', 'e', 'c', 'h', '-', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "edtechwebb.com", true */ 'e', 'd', 't', 'e', 'c', 'h', 'w', 'e', 'b', 'b', '.', 'c', 'o', 'm', '\0', + /* "edu6.cloud", true */ 'e', 'd', 'u', '6', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "eduard-dopler.de", true */ 'e', 'd', 'u', 'a', 'r', 'd', '-', 'd', 'o', 'p', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "edubras.com.br", true */ 'e', 'd', 'u', 'b', 'r', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "educaid.be", true */ 'e', 'd', 'u', 'c', 'a', 'i', 'd', '.', 'b', 'e', '\0', + /* "educationevolving.org", true */ 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'e', 'v', 'o', 'l', 'v', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "educationunlimited.com", true */ 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'u', 'n', 'l', 'i', 'm', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "educator-one.com", true */ 'e', 'd', 'u', 'c', 'a', 't', 'o', 'r', '-', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "educators.co.nz", true */ 'e', 'd', 'u', 'c', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "educatoys.com.br", true */ 'e', 'd', 'u', 'c', 'a', 't', 'o', 'y', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "educatweb.de", true */ 'e', 'd', 'u', 'c', 'a', 't', 'w', 'e', 'b', '.', 'd', 'e', '\0', + /* "eductf.org", true */ 'e', 'd', 'u', 'c', 't', 'f', '.', 'o', 'r', 'g', '\0', + /* "edudrugs.com", true */ 'e', 'd', 'u', 'd', 'r', 'u', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "eduid.se", true */ 'e', 'd', 'u', 'i', 'd', '.', 's', 'e', '\0', + /* "edumundo.nl", true */ 'e', 'd', 'u', 'm', 'u', 'n', 'd', 'o', '.', 'n', 'l', '\0', + /* "eduroam.no", true */ 'e', 'd', 'u', 'r', 'o', 'a', 'm', '.', 'n', 'o', '\0', + /* "edusanjal.com", true */ 'e', 'd', 'u', 's', 'a', 'n', 'j', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "edv-bv.de", true */ 'e', 'd', 'v', '-', 'b', 'v', '.', 'd', 'e', '\0', + /* "edv-kohls.de", true */ 'e', 'd', 'v', '-', 'k', 'o', 'h', 'l', 's', '.', 'd', 'e', '\0', + /* "edv-lehrgang.de", true */ 'e', 'd', 'v', '-', 'l', 'e', 'h', 'r', 'g', 'a', 'n', 'g', '.', 'd', 'e', '\0', + /* "edvmesstec.de", true */ 'e', 'd', 'v', 'm', 'e', 's', 's', 't', 'e', 'c', '.', 'd', 'e', '\0', + /* "edwar.do", true */ 'e', 'd', 'w', 'a', 'r', '.', 'd', 'o', '\0', + /* "edwards.me.uk", true */ 'e', 'd', 'w', 'a', 'r', 'd', 's', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "edwardsnowden.com", true */ 'e', 'd', 'w', 'a', 'r', 'd', 's', 'n', 'o', 'w', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "edwardspeyer.com", true */ 'e', 'd', 'w', 'a', 'r', 'd', 's', 'p', 'e', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "edxg.de", false */ 'e', 'd', 'x', 'g', '.', 'd', 'e', '\0', + /* "edyou.eu", true */ 'e', 'd', 'y', 'o', 'u', '.', 'e', 'u', '\0', + /* "edzilla.info", true */ 'e', 'd', 'z', 'i', 'l', 'l', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "ee-terminals.com", true */ 'e', 'e', '-', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "eeetrust.org", true */ 'e', 'e', 'e', 't', 'r', 'u', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "eellak.gr", true */ 'e', 'e', 'l', 'l', 'a', 'k', '.', 'g', 'r', '\0', + /* "eelsden.net", true */ 'e', 'e', 'l', 's', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "eelzak.nl", true */ 'e', 'e', 'l', 'z', 'a', 'k', '.', 'n', 'l', '\0', + /* "eeqj.com", true */ 'e', 'e', 'q', 'j', '.', 'c', 'o', 'm', '\0', + /* "eer.io", true */ 'e', 'e', 'r', '.', 'i', 'o', '\0', + /* "eerlijktransport.nl", true */ 'e', 'e', 'r', 'l', 'i', 'j', 'k', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'n', 'l', '\0', + /* "eerstejaarsweekend.nl", true */ 'e', 'e', 'r', 's', 't', 'e', 'j', 'a', 'a', 'r', 's', 'w', 'e', 'e', 'k', 'e', 'n', 'd', '.', 'n', 'l', '\0', + /* "eery.de", true */ 'e', 'e', 'r', 'y', '.', 'd', 'e', '\0', + /* "eewna.org", true */ 'e', 'e', 'w', 'n', 'a', '.', 'o', 'r', 'g', '\0', + /* "eez.ee", true */ 'e', 'e', 'z', '.', 'e', 'e', '\0', + /* "ef-georgia.org", true */ 'e', 'f', '-', 'g', 'e', 'o', 'r', 'g', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "ef.gy", true */ 'e', 'f', '.', 'g', 'y', '\0', + /* "efa-football.com", true */ 'e', 'f', 'a', '-', 'f', 'o', 'o', 't', 'b', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "efaas.nl", true */ 'e', 'f', 'a', 'a', 's', '.', 'n', 'l', '\0', + /* "efag.com", true */ 'e', 'f', 'a', 'g', '.', 'c', 'o', 'm', '\0', + /* "efeen.nl", true */ 'e', 'f', 'e', 'e', 'n', '.', 'n', 'l', '\0', + /* "eff-bee-eye.de", true */ 'e', 'f', 'f', '-', 'b', 'e', 'e', '-', 'e', 'y', 'e', '.', 'd', 'e', '\0', + /* "eff.org", true */ 'e', 'f', 'f', '.', 'o', 'r', 'g', '\0', + /* "effdocs.com", true */ 'e', 'f', 'f', 'd', 'o', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "effe.ch", true */ 'e', 'f', 'f', 'e', '.', 'c', 'h', '\0', + /* "effective-altruist.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', '-', 'a', 'l', 't', 'r', 'u', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "effectivecoffee.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "effectiveosgi.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', 'o', 's', 'g', 'i', '.', 'c', 'o', 'm', '\0', + /* "effectivepapers.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "effero.net", true */ 'e', 'f', 'f', 'e', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "effex.ru", true */ 'e', 'f', 'f', 'e', 'x', '.', 'r', 'u', '\0', + /* "effishiency.com", true */ 'e', 'f', 'f', 'i', 's', 'h', 'i', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "effizienta.ch", true */ 'e', 'f', 'f', 'i', 'z', 'i', 'e', 'n', 't', 'a', '.', 'c', 'h', '\0', + /* "efflam.net", true */ 'e', 'f', 'f', 'l', 'a', 'm', '.', 'n', 'e', 't', '\0', + /* "eft.boutique", true */ 'e', 'f', 't', '.', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '\0', + /* "egablo.black", true */ 'e', 'g', 'a', 'b', 'l', 'o', '.', 'b', 'l', 'a', 'c', 'k', '\0', + /* "egami.ch", true */ 'e', 'g', 'a', 'm', 'i', '.', 'c', 'h', '\0', + /* "eganassociates.com.au", true */ 'e', 'g', 'a', 'n', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "egarden.it", true */ 'e', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'i', 't', '\0', + /* "egb.at", false */ 'e', 'g', 'b', '.', 'a', 't', '\0', + /* "egbert.net", true */ 'e', 'g', 'b', 'e', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "egeozcan.com", true */ 'e', 'g', 'e', 'o', 'z', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "egfl.org.uk", true */ 'e', 'g', 'f', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "egg-ortho.ch", true */ 'e', 'g', 'g', '-', 'o', 'r', 't', 'h', 'o', '.', 'c', 'h', '\0', + /* "eggblast.com", true */ 'e', 'g', 'g', 'b', 'l', 'a', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "eggert.org", true */ 'e', 'g', 'g', 'e', 'r', 't', '.', 'o', 'r', 'g', '\0', + /* "eggplant.today", true */ 'e', 'g', 'g', 'p', 'l', 'a', 'n', 't', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "egiftcards.be", true */ 'e', 'g', 'i', 'f', 't', 'c', 'a', 'r', 'd', 's', '.', 'b', 'e', '\0', + /* "eglek.com", true */ 'e', 'g', 'l', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "ego4u.com", true */ 'e', 'g', 'o', '4', 'u', '.', 'c', 'o', 'm', '\0', + /* "ego4u.de", true */ 'e', 'g', 'o', '4', 'u', '.', 'd', 'e', '\0', + /* "egoroof.ru", true */ 'e', 'g', 'o', 'r', 'o', 'o', 'f', '.', 'r', 'u', '\0', + /* "egov4.ch", true */ 'e', 'g', 'o', 'v', '4', '.', 'c', 'h', '\0', + /* "egretail.no", false */ 'e', 'g', 'r', 'e', 't', 'a', 'i', 'l', '.', 'n', 'o', '\0', + /* "egumenita.ro", true */ 'e', 'g', 'u', 'm', 'e', 'n', 'i', 't', 'a', '.', 'r', 'o', '\0', + /* "egupova.ru", true */ 'e', 'g', 'u', 'p', 'o', 'v', 'a', '.', 'r', 'u', '\0', + /* "egw-ceramica.de", true */ 'e', 'g', 'w', '-', 'c', 'e', 'r', 'a', 'm', 'i', 'c', 'a', '.', 'd', 'e', '\0', + /* "egweb.tv", true */ 'e', 'g', 'w', 'e', 'b', '.', 't', 'v', '\0', + /* "ehaccp.it", true */ 'e', 'h', 'a', 'c', 'c', 'p', '.', 'i', 't', '\0', + /* "ehandel.com", true */ 'e', 'h', 'a', 'n', 'd', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "ehazi.hu", true */ 'e', 'h', 'a', 'z', 'i', '.', 'h', 'u', '\0', + /* "ehertz.uk", true */ 'e', 'h', 'e', 'r', 't', 'z', '.', 'u', 'k', '\0', + /* "ehipaa.com", true */ 'e', 'h', 'i', 'p', 'a', 'a', '.', 'c', 'o', 'm', '\0', + /* "ehlacademy.org", true */ 'e', 'h', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'o', 'r', 'g', '\0', + /* "ehomusicgear.com", true */ 'e', 'h', 'o', 'm', 'u', 's', 'i', 'c', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "ehrlichesbier.de", true */ 'e', 'h', 'r', 'l', 'i', 'c', 'h', 'e', 's', 'b', 'i', 'e', 'r', '.', 'd', 'e', '\0', + /* "eichel.eu", true */ 'e', 'i', 'c', 'h', 'e', 'l', '.', 'e', 'u', '\0', + /* "eichornenterprises.com", true */ 'e', 'i', 'c', 'h', 'o', 'r', 'n', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "eickemeyer.nl", true */ 'e', 'i', 'c', 'k', 'e', 'm', 'e', 'y', 'e', 'r', '.', 'n', 'l', '\0', + /* "eickhof.co", true */ 'e', 'i', 'c', 'k', 'h', 'o', 'f', '.', 'c', 'o', '\0', + /* "eickhof.us", true */ 'e', 'i', 'c', 'k', 'h', 'o', 'f', '.', 'u', 's', '\0', + /* "eickhofcolumbaria.com", true */ 'e', 'i', 'c', 'k', 'h', 'o', 'f', 'c', 'o', 'l', 'u', 'm', 'b', 'a', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "eidolons.org", true */ 'e', 'i', 'd', 'o', 'l', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "eiga-movie.com", true */ 'e', 'i', 'g', 'a', '-', 'm', 'o', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "eigenbubi.de", true */ 'e', 'i', 'g', 'e', 'n', 'b', 'u', 'b', 'i', '.', 'd', 'e', '\0', + /* "eighty-aid.com", true */ 'e', 'i', 'g', 'h', 't', 'y', '-', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "eightyfour.ca", true */ 'e', 'i', 'g', 'h', 't', 'y', 'f', 'o', 'u', 'r', '.', 'c', 'a', '\0', + /* "eigpropertyauctions.co.uk", true */ 'e', 'i', 'g', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eilhan.com", true */ 'e', 'i', 'l', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "eimacs.com", true */ 'e', 'i', 'm', 'a', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "eimanavicius.lt", true */ 'e', 'i', 'm', 'a', 'n', 'a', 'v', 'i', 'c', 'i', 'u', 's', '.', 'l', 't', '\0', + /* "einar.io", true */ 'e', 'i', 'n', 'a', 'r', '.', 'i', 'o', '\0', + /* "einaros.is", true */ 'e', 'i', 'n', 'a', 'r', 'o', 's', '.', 'i', 's', '\0', + /* "einfachbahn.de", true */ 'e', 'i', 'n', 'f', 'a', 'c', 'h', 'b', 'a', 'h', 'n', '.', 'd', 'e', '\0', + /* "einfachmaldiefressehalten.de", true */ 'e', 'i', 'n', 'f', 'a', 'c', 'h', 'm', 'a', 'l', 'd', 'i', 'e', 'f', 'r', 'e', 's', 's', 'e', 'h', 'a', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "einheft.info", true */ 'e', 'i', 'n', 'h', 'e', 'f', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "einheizpreis.de", true */ 'e', 'i', 'n', 'h', 'e', 'i', 'z', 'p', 'r', 'e', 'i', 's', '.', 'd', 'e', '\0', + /* "einmonolog.de", true */ 'e', 'i', 'n', 'm', 'o', 'n', 'o', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "einsatzstellenverwaltung.de", true */ 'e', 'i', 'n', 's', 'a', 't', 'z', 's', 't', 'e', 'l', 'l', 'e', 'n', 'v', 'e', 'r', 'w', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "einsteinathome.org", true */ 'e', 'i', 'n', 's', 't', 'e', 'i', 'n', 'a', 't', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "eintageinzug.de", true */ 'e', 'i', 'n', 't', 'a', 'g', 'e', 'i', 'n', 'z', 'u', 'g', '.', 'd', 'e', '\0', + /* "eintragsservice24.de", true */ 'e', 'i', 'n', 't', 'r', 'a', 'g', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', '2', '4', '.', 'd', 'e', '\0', + /* "eipione.com", true */ 'e', 'i', 'p', 'i', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "eirastudios.co.uk", false */ 'e', 'i', 'r', 'a', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eisaev.ru", true */ 'e', 'i', 's', 'a', 'e', 'v', '.', 'r', 'u', '\0', + /* "eit-web.de", false */ 'e', 'i', 't', '-', 'w', 'e', 'b', '.', 'd', 'e', '\0', + /* "eitler.cx", true */ 'e', 'i', 't', 'l', 'e', 'r', '.', 'c', 'x', '\0', + /* "eiyoushi-shigoto.com", true */ 'e', 'i', 'y', 'o', 'u', 's', 'h', 'i', '-', 's', 'h', 'i', 'g', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "ejdv-anmeldung.de", true */ 'e', 'j', 'd', 'v', '-', 'a', 'n', 'm', 'e', 'l', 'd', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "ejeff.org", true */ 'e', 'j', 'e', 'f', 'f', '.', 'o', 'r', 'g', '\0', + /* "ejgconsultancy.co.uk", true */ 'e', 'j', 'g', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ejuicelab.co.uk", true */ 'e', 'j', 'u', 'i', 'c', 'e', 'l', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ejusu.com", true */ 'e', 'j', 'u', 's', 'u', '.', 'c', 'o', 'm', '\0', + /* "ekaigotenshoku.com", true */ 'e', 'k', 'a', 'i', 'g', 'o', 't', 'e', 'n', 's', 'h', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "ekd.de", true */ 'e', 'k', 'd', '.', 'd', 'e', '\0', + /* "ekedc.com", true */ 'e', 'k', 'e', 'd', 'c', '.', 'c', 'o', 'm', '\0', + /* "ekedp.com", true */ 'e', 'k', 'e', 'd', 'p', '.', 'c', 'o', 'm', '\0', + /* "eklepka.com", true */ 'e', 'k', 'l', 'e', 'p', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "ekodevices.com", true */ 'e', 'k', 'o', 'd', 'e', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ekokontakt.cz", true */ 'e', 'k', 'o', 'k', 'o', 'n', 't', 'a', 'k', 't', '.', 'c', 'z', '\0', + /* "ekonbenefits.com", true */ 'e', 'k', 'o', 'n', 'b', 'e', 'n', 'e', 'f', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "ekong366.com", true */ 'e', 'k', 'o', 'n', 'g', '3', '6', '6', '.', 'c', 'o', 'm', '\0', + /* "ekostecki.de", true */ 'e', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0', + /* "ekpyroticfrood.net", true */ 'e', 'k', 'p', 'y', 'r', 'o', 't', 'i', 'c', 'f', 'r', 'o', 'o', 'd', '.', 'n', 'e', 't', '\0', + /* "eksisozluk.com", true */ 'e', 'k', 's', 'i', 's', 'o', 'z', 'l', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "ekuatorial.com", true */ 'e', 'k', 'u', 'a', 't', 'o', 'r', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "ekzarta.ru", true */ 'e', 'k', 'z', 'a', 'r', 't', 'a', '.', 'r', 'u', '\0', + /* "el-cell.com", true */ 'e', 'l', '-', 'c', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "el-hossari.com", true */ 'e', 'l', '-', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "eladgames.com", true */ 'e', 'l', 'a', 'd', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "elagplus.com", true */ 'e', 'l', 'a', 'g', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "elaon.de", true */ 'e', 'l', 'a', 'o', 'n', '.', 'd', 'e', '\0', + /* "elars.de", true */ 'e', 'l', 'a', 'r', 's', '.', 'd', 'e', '\0', + /* "elarvee.xyz", true */ 'e', 'l', 'a', 'r', 'v', 'e', 'e', '.', 'x', 'y', 'z', '\0', + /* "elaxy-online.de", true */ 'e', 'l', 'a', 'x', 'y', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "elderoost.com", true */ 'e', 'l', 'd', 'e', 'r', 'o', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "eldertons.co.uk", true */ 'e', 'l', 'd', 'e', 'r', 't', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eldinhadzic.com", true */ 'e', 'l', 'd', 'i', 'n', 'h', 'a', 'd', 'z', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "eldisagjapi.com", true */ 'e', 'l', 'd', 'i', 's', 'a', 'g', 'j', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "eldrid.ge", true */ 'e', 'l', 'd', 'r', 'i', 'd', '.', 'g', 'e', '\0', + /* "eldritchfiction.net", true */ 'e', 'l', 'd', 'r', 'i', 't', 'c', 'h', 'f', 'i', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "elearningpilot.com", true */ 'e', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'p', 'i', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "electionsdatabase.com", true */ 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', 'd', 'a', 't', 'a', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "electr0sheep.com", true */ 'e', 'l', 'e', 'c', 't', 'r', '0', 's', 'h', 'e', 'e', 'p', '.', 'c', 'o', 'm', '\0', + /* "electragirl.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'a', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "electricalagoura.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', 'a', 'g', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "electricalcontrolpanels.co.uk", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'p', 'a', 'n', 'e', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "electricalfencingedenvale.co.za", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', 'f', 'e', 'n', 'c', 'i', 'n', 'g', 'e', 'd', 'e', 'n', 'v', 'a', 'l', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "electricgatemotorgermiston.co.za", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'g', 'a', 't', 'e', 'm', 'o', 't', 'o', 'r', 'g', 'e', 'r', 'm', 'i', 's', 't', 'o', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "electronic-ignition-system.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', '-', 'i', 'g', 'n', 'i', 't', 'i', 'o', 'n', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "electronicafacil.net", true */ 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'a', 'f', 'a', 'c', 'i', 'l', '.', 'n', 'e', 't', '\0', + /* "electronicfasteners.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'f', 'a', 's', 't', 'e', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "eled.io", true */ 'e', 'l', 'e', 'd', '.', 'i', 'o', '\0', + /* "elefantevoador.com", true */ 'e', 'l', 'e', 'f', 'a', 'n', 't', 'e', 'v', 'o', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "eleicoes2014.com.br", true */ 'e', 'l', 'e', 'i', 'c', 'o', 'e', 's', '2', '0', '1', '4', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "elektro-adam.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'a', 'd', 'a', 'm', '.', 'd', 'e', '\0', + /* "elektro-collee.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'c', 'o', 'l', 'l', 'e', 'e', '.', 'd', 'e', '\0', + /* "elektro-diehm.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'd', 'i', 'e', 'h', 'm', '.', 'd', 'e', '\0', + /* "elektro-hammes.net", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'h', 'a', 'm', 'm', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "elektro-hofmann-gmbh.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'h', 'o', 'f', 'm', 'a', 'n', 'n', '-', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0', + /* "elektro-hornetz.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'h', 'o', 'r', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "elektro-kahlen.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'k', 'a', 'h', 'l', 'e', 'n', '.', 'd', 'e', '\0', + /* "elektro-koehl.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'k', 'o', 'e', 'h', 'l', '.', 'd', 'e', '\0', + /* "elektro-liebeskind.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'l', 'i', 'e', 'b', 'e', 's', 'k', 'i', 'n', 'd', '.', 'd', 'e', '\0', + /* "elektro-metz.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "elektro-pfeiffer.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'p', 'f', 'e', 'i', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0', + /* "elektro-rossbach.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'r', 'o', 's', 's', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0', + /* "elektro-roth.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'r', 'o', 't', 'h', '.', 'd', 'e', '\0', + /* "elektro-stock.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 's', 't', 'o', 'c', 'k', '.', 'd', 'e', '\0', + /* "elektro-woerdehoff.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'w', 'o', 'e', 'r', 'd', 'e', 'h', 'o', 'f', 'f', '.', 'd', 'e', '\0', + /* "elektrobusch.com", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'b', 'u', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "elektrofinke.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'f', 'i', 'n', 'k', 'e', '.', 'd', 'e', '\0', + /* "elektrokarges.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'k', 'a', 'r', 'g', 'e', 's', '.', 'd', 'e', '\0', + /* "elektrometz.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "elektropost.org", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'p', 'o', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "elemental.software", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0', + /* "elementalict.com", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "elementalrobotics.com", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "elementalsoftware.net", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "elementalsoftware.org", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "elementarywave.com", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'r', 'y', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "elements.guide", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'g', 'u', 'i', 'd', 'e', '\0', + /* "elena-baykova.ru", true */ 'e', 'l', 'e', 'n', 'a', '-', 'b', 'a', 'y', 'k', 'o', 'v', 'a', '.', 'r', 'u', '\0', + /* "elephants.net", true */ 'e', 'l', 'e', 'p', 'h', 'a', 'n', 't', 's', '.', 'n', 'e', 't', '\0', + /* "elephpant.cz", true */ 'e', 'l', 'e', 'p', 'h', 'p', 'a', 'n', 't', '.', 'c', 'z', '\0', + /* "elepover.com", true */ 'e', 'l', 'e', 'p', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "eletesstilus.hu", true */ 'e', 'l', 'e', 't', 'e', 's', 's', 't', 'i', 'l', 'u', 's', '.', 'h', 'u', '\0', + /* "eleusis-zur-verschwiegenheit.de", true */ 'e', 'l', 'e', 'u', 's', 'i', 's', '-', 'z', 'u', 'r', '-', 'v', 'e', 'r', 's', 'c', 'h', 'w', 'i', 'e', 'g', 'e', 'n', 'h', 'e', 'i', 't', '.', 'd', 'e', '\0', + /* "elevateandprosper.com", true */ 'e', 'l', 'e', 'v', 'a', 't', 'e', 'a', 'n', 'd', 'p', 'r', 'o', 's', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "elexel.ru", true */ 'e', 'l', 'e', 'x', 'e', 'l', '.', 'r', 'u', '\0', + /* "elexprimidor.com", true */ 'e', 'l', 'e', 'x', 'p', 'r', 'i', 'm', 'i', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "elgosblanc.com", false */ 'e', 'l', 'g', 'o', 's', 'b', 'l', 'a', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "elguadia.faith", true */ 'e', 'l', 'g', 'u', 'a', 'd', 'i', 'a', '.', 'f', 'a', 'i', 't', 'h', '\0', + /* "elhall.pro", true */ 'e', 'l', 'h', 'a', 'l', 'l', '.', 'p', 'r', 'o', '\0', + /* "elhall.ru", true */ 'e', 'l', 'h', 'a', 'l', 'l', '.', 'r', 'u', '\0', + /* "elhamadimi.com", true */ 'e', 'l', 'h', 'a', 'm', 'a', 'd', 'i', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "elhossari.com", true */ 'e', 'l', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "elias-nicolas.com", true */ 'e', 'l', 'i', 'a', 's', '-', 'n', 'i', 'c', 'o', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "elifesciences.org", true */ 'e', 'l', 'i', 'f', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "eligible.com", true */ 'e', 'l', 'i', 'g', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "eligibleapi.com", true */ 'e', 'l', 'i', 'g', 'i', 'b', 'l', 'e', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "eligrey.com", true */ 'e', 'l', 'i', 'g', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "elijahgrey.com", true */ 'e', 'l', 'i', 'j', 'a', 'h', 'g', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "elinevanhaaften.nl", true */ 'e', 'l', 'i', 'n', 'e', 'v', 'a', 'n', 'h', 'a', 'a', 'f', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "elinvention.ovh", true */ 'e', 'l', 'i', 'n', 'v', 'e', 'n', 't', 'i', 'o', 'n', '.', 'o', 'v', 'h', '\0', + /* "eliott.be", false */ 'e', 'l', 'i', 'o', 't', 't', '.', 'b', 'e', '\0', + /* "elisa.ee", false */ 'e', 'l', 'i', 's', 'a', '.', 'e', 'e', '\0', + /* "elisabeth-kostecki.de", true */ 'e', 'l', 'i', 's', 'a', 'b', 'e', 't', 'h', '-', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0', + /* "elisabeth-strunz.de", true */ 'e', 'l', 'i', 's', 'a', 'b', 'e', 't', 'h', '-', 's', 't', 'r', 'u', 'n', 'z', '.', 'd', 'e', '\0', + /* "elisabethkostecki.de", true */ 'e', 'l', 'i', 's', 'a', 'b', 'e', 't', 'h', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0', + /* "elistor6100.xyz", true */ 'e', 'l', 'i', 's', 't', 'o', 'r', '6', '1', '0', '0', '.', 'x', 'y', 'z', '\0', + /* "elite-box.com", true */ 'e', 'l', 'i', 't', 'e', '-', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "elite-box.org", true */ 'e', 'l', 'i', 't', 'e', '-', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0', + /* "elite12.de", true */ 'e', 'l', 'i', 't', 'e', '1', '2', '.', 'd', 'e', '\0', + /* "elitebouncingfun.com", true */ 'e', 'l', 'i', 't', 'e', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "elitegameservers.net", true */ 'e', 'l', 'i', 't', 'e', 'g', 'a', 'm', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "elitehosting.de", true */ 'e', 'l', 'i', 't', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "elitesensual.com.br", true */ 'e', 'l', 'i', 't', 'e', 's', 'e', 'n', 's', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "elixir.bzh", true */ 'e', 'l', 'i', 'x', 'i', 'r', '.', 'b', 'z', 'h', '\0', + /* "eliyah.co.il", true */ 'e', 'l', 'i', 'y', 'a', 'h', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "elizabethbuitrago.com", true */ 'e', 'l', 'i', 'z', 'a', 'b', 'e', 't', 'h', 'b', 'u', 'i', 't', 'r', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "elizabethgreenfield.com", true */ 'e', 'l', 'i', 'z', 'a', 'b', 'e', 't', 'h', 'g', 'r', 'e', 'e', 'n', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "eljef.me", true */ 'e', 'l', 'j', 'e', 'f', '.', 'm', 'e', '\0', + /* "ella-kwikmed.com", false */ 'e', 'l', 'l', 'a', '-', 'k', 'w', 'i', 'k', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "ellak.gr", true */ 'e', 'l', 'l', 'a', 'k', '.', 'g', 'r', '\0', + /* "ellegaard.dk", true */ 'e', 'l', 'l', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'k', '\0', + /* "ellemental.me", true */ 'e', 'l', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', '.', 'm', 'e', '\0', + /* "ellevit.ch", true */ 'e', 'l', 'l', 'e', 'v', 'i', 't', '.', 'c', 'h', '\0', + /* "elliesbouncers.co.uk", true */ 'e', 'l', 'l', 'i', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "elliff.net", true */ 'e', 'l', 'l', 'i', 'f', 'f', '.', 'n', 'e', 't', '\0', + /* "elliot.cat", true */ 'e', 'l', 'l', 'i', 'o', 't', '.', 'c', 'a', 't', '\0', + /* "elliotgluck.com", true */ 'e', 'l', 'l', 'i', 'o', 't', 'g', 'l', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "elliquiy.com", true */ 'e', 'l', 'l', 'i', 'q', 'u', 'i', 'y', '.', 'c', 'o', 'm', '\0', + /* "elliriehl.at", true */ 'e', 'l', 'l', 'i', 'r', 'i', 'e', 'h', 'l', '.', 'a', 't', '\0', + /* "ellisamusements.co.uk", true */ 'e', 'l', 'l', 'i', 's', 'a', 'm', 'u', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ellisleisure.co.uk", true */ 'e', 'l', 'l', 'i', 's', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ellsinger.me", true */ 'e', 'l', 'l', 's', 'i', 'n', 'g', 'e', 'r', '.', 'm', 'e', '\0', + /* "elmermx.ch", true */ 'e', 'l', 'm', 'e', 'r', 'm', 'x', '.', 'c', 'h', '\0', + /* "elna-service.com.ua", true */ 'e', 'l', 'n', 'a', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "elnan.do", true */ 'e', 'l', 'n', 'a', 'n', '.', 'd', 'o', '\0', + /* "elodieclerc.ch", true */ 'e', 'l', 'o', 'd', 'i', 'e', 'c', 'l', 'e', 'r', 'c', '.', 'c', 'h', '\0', + /* "eloge.se", true */ 'e', 'l', 'o', 'g', 'e', '.', 's', 'e', '\0', + /* "elosrah.com", true */ 'e', 'l', 'o', 's', 'r', 'a', 'h', '.', 'c', 'o', 'm', '\0', + /* "elosuite.com", true */ 'e', 'l', 'o', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "elpado.de", true */ 'e', 'l', 'p', 'a', 'd', 'o', '.', 'd', 'e', '\0', + /* "elpo.net", true */ 'e', 'l', 'p', 'o', '.', 'n', 'e', 't', '\0', + /* "elpoderdelespiritu.org", true */ 'e', 'l', 'p', 'o', 'd', 'e', 'r', 'd', 'e', 'l', 'e', 's', 'p', 'i', 'r', 'i', 't', 'u', '.', 'o', 'r', 'g', '\0', + /* "elsensohn.ch", true */ 'e', 'l', 's', 'e', 'n', 's', 'o', 'h', 'n', '.', 'c', 'h', '\0', + /* "elsvanderlugt.nl", true */ 'e', 'l', 's', 'v', 'a', 'n', 'd', 'e', 'r', 'l', 'u', 'g', 't', '.', 'n', 'l', '\0', + /* "eltagroup.co.uk", true */ 'e', 'l', 't', 'a', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eltair.com", true */ 'e', 'l', 't', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "eltern-verein.ch", true */ 'e', 'l', 't', 'e', 'r', 'n', '-', 'v', 'e', 'r', 'e', 'i', 'n', '.', 'c', 'h', '\0', + /* "elternbeiratswahl.online", true */ 'e', 'l', 't', 'e', 'r', 'n', 'b', 'e', 'i', 'r', 'a', 't', 's', 'w', 'a', 'h', 'l', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "elternforum-birmensdorf.ch", true */ 'e', 'l', 't', 'e', 'r', 'n', 'f', 'o', 'r', 'u', 'm', '-', 'b', 'i', 'r', 'm', 'e', 'n', 's', 'd', 'o', 'r', 'f', '.', 'c', 'h', '\0', + /* "elternverein-utzenstorf.ch", true */ 'e', 'l', 't', 'e', 'r', 'n', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'u', 't', 'z', 'e', 'n', 's', 't', 'o', 'r', 'f', '.', 'c', 'h', '\0', + /* "elucron.com", true */ 'e', 'l', 'u', 'c', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "eluhome.de", true */ 'e', 'l', 'u', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0', + /* "elvidence.com.au", true */ 'e', 'l', 'v', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "elvisripley.com", true */ 'e', 'l', 'v', 'i', 's', 'r', 'i', 'p', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "elwave.org", true */ 'e', 'l', 'w', 'a', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "elxsi.de", true */ 'e', 'l', 'x', 's', 'i', '.', 'd', 'e', '\0', + /* "elyasweb.com", true */ 'e', 'l', 'y', 'a', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "elyisus.info", true */ 'e', 'l', 'y', 'i', 's', 'u', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "elytronsecurity.com", true */ 'e', 'l', 'y', 't', 'r', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "em-biotek.cz", true */ 'e', 'm', '-', 'b', 'i', 'o', 't', 'e', 'k', '.', 'c', 'z', '\0', + /* "emailconfiguration.com", true */ 'e', 'm', 'a', 'i', 'l', 'c', 'o', 'n', 'f', 'i', 'g', 'u', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "emailfuermich.de", true */ 'e', 'm', 'a', 'i', 'l', 'f', 'u', 'e', 'r', 'm', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "emailhunter.co", true */ 'e', 'm', 'a', 'i', 'l', 'h', 'u', 'n', 't', 'e', 'r', '.', 'c', 'o', '\0', + /* "emailprivacytester.com", true */ 'e', 'm', 'a', 'i', 'l', 'p', 'r', 'i', 'v', 'a', 'c', 'y', 't', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "emailtools.io", true */ 'e', 'm', 'a', 'i', 'l', 't', 'o', 'o', 'l', 's', '.', 'i', 'o', '\0', + /* "emaily.eu", true */ 'e', 'm', 'a', 'i', 'l', 'y', '.', 'e', 'u', '\0', + /* "emanuelduss.ch", true */ 'e', 'm', 'a', 'n', 'u', 'e', 'l', 'd', 'u', 's', 's', '.', 'c', 'h', '\0', + /* "emanuelemazzotta.com", true */ 'e', 'm', 'a', 'n', 'u', 'e', 'l', 'e', 'm', 'a', 'z', 'z', 'o', 't', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "emavok.eu", true */ 'e', 'm', 'a', 'v', 'o', 'k', '.', 'e', 'u', '\0', + /* "embassycargo.eu", true */ 'e', 'm', 'b', 'a', 's', 's', 'y', 'c', 'a', 'r', 'g', 'o', '.', 'e', 'u', '\0', + /* "embox.net", true */ 'e', 'm', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "embraceni.org", true */ 'e', 'm', 'b', 'r', 'a', 'c', 'e', 'n', 'i', '.', 'o', 'r', 'g', '\0', + /* "embroideryexpress.co.uk", true */ 'e', 'm', 'b', 'r', 'o', 'i', 'd', 'e', 'r', 'y', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "emcspotlight.com", true */ 'e', 'm', 'c', 's', 'p', 'o', 't', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "emeliefalk.se", true */ 'e', 'm', 'e', 'l', 'i', 'e', 'f', 'a', 'l', 'k', '.', 's', 'e', '\0', + /* "emeraldcoastrideshare.com", true */ 'e', 'm', 'e', 'r', 'a', 'l', 'd', 'c', 'o', 'a', 's', 't', 'r', 'i', 'd', 'e', 's', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "emeraldonion.org", true */ 'e', 'm', 'e', 'r', 'a', 'l', 'd', 'o', 'n', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "emergencyessay.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', 'e', 's', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "emergencymedicinefoundations.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "emergentvisiontec.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 't', 'v', 'i', 's', 'i', 'o', 'n', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "emergenzalavoro.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'z', 'a', 'l', 'a', 'v', 'o', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "emero.de", true */ 'e', 'm', 'e', 'r', 'o', '.', 'd', 'e', '\0', + /* "emex.ro", true */ 'e', 'm', 'e', 'x', '.', 'r', 'o', '\0', + /* "emi-air-comprime.com", true */ 'e', 'm', 'i', '-', 'a', 'i', 'r', '-', 'c', 'o', 'm', 'p', 'r', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "emi.im", true */ 'e', 'm', 'i', '.', 'i', 'm', '\0', + /* "emielraaijmakers.nl", true */ 'e', 'm', 'i', 'e', 'l', 'r', 'a', 'a', 'i', 'j', 'm', 'a', 'k', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "emil.click", true */ 'e', 'm', 'i', 'l', '.', 'c', 'l', 'i', 'c', 'k', '\0', + /* "emilong.com", true */ 'e', 'm', 'i', 'l', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "emilstahl.dk", true */ 'e', 'm', 'i', 'l', 's', 't', 'a', 'h', 'l', '.', 'd', 'k', '\0', + /* "emilvarga.com", true */ 'e', 'm', 'i', 'l', 'v', 'a', 'r', 'g', 'a', '.', 'c', 'o', 'm', '\0', + /* "emilyshepherd.me", true */ 'e', 'm', 'i', 'l', 'y', 's', 'h', 'e', 'p', 'h', 'e', 'r', 'd', '.', 'm', 'e', '\0', + /* "eminhuseynov.com", true */ 'e', 'm', 'i', 'n', 'h', 'u', 's', 'e', 'y', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "emirabiz.com", false */ 'e', 'm', 'i', 'r', 'a', 'b', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "emirichardson.com", true */ 'e', 'm', 'i', 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "emivauthey.com", true */ 'e', 'm', 'i', 'v', 'a', 'u', 't', 'h', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "emkanrecords.com", true */ 'e', 'm', 'k', 'a', 'n', 'r', 'e', 'c', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "emma-o.com", true */ 'e', 'm', 'm', 'a', '-', 'o', '.', 'c', 'o', 'm', '\0', + /* "emmagraystore.com", true */ 'e', 'm', 'm', 'a', 'g', 'r', 'a', 'y', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "emmaliddell.com", true */ 'e', 'm', 'm', 'a', 'l', 'i', 'd', 'd', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "emmanuelle-et-julien.ch", true */ 'e', 'm', 'm', 'a', 'n', 'u', 'e', 'l', 'l', 'e', '-', 'e', 't', '-', 'j', 'u', 'l', 'i', 'e', 'n', '.', 'c', 'h', '\0', + /* "emmdy.com", true */ 'e', 'm', 'm', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "emmehair.com", true */ 'e', 'm', 'm', 'e', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "emoji.bzh", true */ 'e', 'm', 'o', 'j', 'i', '.', 'b', 'z', 'h', '\0', + /* "emojiengine.com", true */ 'e', 'm', 'o', 'j', 'i', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "emolafarm.com", true */ 'e', 'm', 'o', 'l', 'a', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "emond-usedcars.net", true */ 'e', 'm', 'o', 'n', 'd', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "emoticonesjaponeses.com", true */ 'e', 'm', 'o', 't', 'i', 'c', 'o', 'n', 'e', 's', 'j', 'a', 'p', 'o', 'n', 'e', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "emotuit.com", true */ 'e', 'm', 'o', 't', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "empathogen.com", true */ 'e', 'm', 'p', 'a', 't', 'h', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "empathogens.com", true */ 'e', 'm', 'p', 'a', 't', 'h', 'o', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "empathy.ca", true */ 'e', 'm', 'p', 'a', 't', 'h', 'y', '.', 'c', 'a', '\0', + /* "emperor-penguin.com", true */ 'e', 'm', 'p', 'e', 'r', 'o', 'r', '-', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "emperor-penguins.com", true */ 'e', 'm', 'p', 'e', 'r', 'o', 'r', '-', 'p', 'e', 'n', 'g', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "emperor.blog", true */ 'e', 'm', 'p', 'e', 'r', 'o', 'r', '.', 'b', 'l', 'o', 'g', '\0', + /* "empese.com", true */ 'e', 'm', 'p', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "empire24.co", true */ 'e', 'm', 'p', 'i', 'r', 'e', '2', '4', '.', 'c', 'o', '\0', + /* "empireauto-2000.com", true */ 'e', 'm', 'p', 'i', 'r', 'e', 'a', 'u', 't', 'o', '-', '2', '0', '0', '0', '.', 'c', 'o', 'm', '\0', + /* "employer.guru", true */ 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'r', '.', 'g', 'u', 'r', 'u', '\0', + /* "employer411.com", true */ 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'r', '4', '1', '1', '.', 'c', 'o', 'm', '\0', + /* "emporiodascalcinhas.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'd', 'a', 's', 'c', 'a', 'l', 'c', 'i', 'n', 'h', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "emporiodosperfumes.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'd', 'o', 's', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "emporiopatanegra.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'p', 'a', 't', 'a', 'n', 'e', 'g', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "emporiovinareal.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'v', 'i', 'n', 'a', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "emporioviverbem.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'v', 'i', 'v', 'e', 'r', 'b', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "empower.net", true */ 'e', 'm', 'p', 'o', 'w', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "empowerdb.com", true */ 'e', 'm', 'p', 'o', 'w', 'e', 'r', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "emprego.pt", true */ 'e', 'm', 'p', 'r', 'e', 'g', 'o', '.', 'p', 't', '\0', + /* "emresaglam.com", true */ 'e', 'm', 'r', 'e', 's', 'a', 'g', 'l', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "emultiagent.pl", true */ 'e', 'm', 'u', 'l', 't', 'i', 'a', 'g', 'e', 'n', 't', '.', 'p', 'l', '\0', + /* "emupedia.net", true */ 'e', 'm', 'u', 'p', 'e', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "emw3.com", true */ 'e', 'm', 'w', '3', '.', 'c', 'o', 'm', '\0', + /* "emyr.net", true */ 'e', 'm', 'y', 'r', '.', 'n', 'e', 't', '\0', + /* "en-booster.jp", true */ 'e', 'n', '-', 'b', 'o', 'o', 's', 't', 'e', 'r', '.', 'j', 'p', '\0', + /* "en-crypt.me", true */ 'e', 'n', '-', 'c', 'r', 'y', 'p', 't', '.', 'm', 'e', '\0', + /* "en-maktoob.search.yahoo.com", false */ 'e', 'n', '-', 'm', 'a', 'k', 't', 'o', 'o', 'b', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "en4rab.co.uk", true */ 'e', 'n', '4', 'r', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "enaim.de", true */ 'e', 'n', 'a', 'i', 'm', '.', 'd', 'e', '\0', + /* "enamae.net", true */ 'e', 'n', 'a', 'm', 'a', 'e', '.', 'n', 'e', 't', '\0', + /* "encadrer-mon-enfant.com", true */ 'e', 'n', 'c', 'a', 'd', 'r', 'e', 'r', '-', 'm', 'o', 'n', '-', 'e', 'n', 'f', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "encfs.win", true */ 'e', 'n', 'c', 'f', 's', '.', 'w', 'i', 'n', '\0', + /* "encircleapp.com", true */ 'e', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "encnet.de", true */ 'e', 'n', 'c', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "encode.host", true */ 'e', 'n', 'c', 'o', 'd', 'e', '.', 'h', 'o', 's', 't', '\0', + /* "encoderx.uk", true */ 'e', 'n', 'c', 'o', 'd', 'e', 'r', 'x', '.', 'u', 'k', '\0', + /* "encouragemarketing.com", true */ 'e', 'n', 'c', 'o', 'u', 'r', 'a', 'g', 'e', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "encredible.de", false */ 'e', 'n', 'c', 'r', 'e', 'd', 'i', 'b', 'l', 'e', '.', 'd', 'e', '\0', + /* "encredible.org", false */ 'e', 'n', 'c', 'r', 'e', 'd', 'i', 'b', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "encretplomb.ch", true */ 'e', 'n', 'c', 'r', 'e', 't', 'p', 'l', 'o', 'm', 'b', '.', 'c', 'h', '\0', + /* "encryptallthethings.net", true */ 'e', 'n', 'c', 'r', 'y', 'p', 't', 'a', 'l', 'l', 't', 'h', 'e', 't', 'h', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0', + /* "encrypted.google.com", true */ 'e', 'n', 'c', 'r', 'y', 'p', 't', 'e', 'd', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "encryptedaudience.com", true */ 'e', 'n', 'c', 'r', 'y', 'p', 't', 'e', 'd', 'a', 'u', 'd', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "encuentraprecios.es", true */ 'e', 'n', 'c', 'u', 'e', 'n', 't', 'r', 'a', 'p', 'r', 'e', 'c', 'i', 'o', 's', '.', 'e', 's', '\0', + /* "endangeredwatch.com", true */ 'e', 'n', 'd', 'a', 'n', 'g', 'e', 'r', 'e', 'd', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "endeal.nl", true */ 'e', 'n', 'd', 'e', 'a', 'l', '.', 'n', 'l', '\0', + /* "ender.co.at", true */ 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', '.', 'a', 't', '\0', + /* "endingthedocumentgame.gov", true */ 'e', 'n', 'd', 'i', 'n', 'g', 't', 'h', 'e', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'g', 'a', 'm', 'e', '.', 'g', 'o', 'v', '\0', + /* "endlessdiy.ca", true */ 'e', 'n', 'd', 'l', 'e', 's', 's', 'd', 'i', 'y', '.', 'c', 'a', '\0', + /* "endlessvideo.com", true */ 'e', 'n', 'd', 'l', 'e', 's', 's', 'v', 'i', 'd', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "endofnet.org", true */ 'e', 'n', 'd', 'o', 'f', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "endoftennancycleaning.co.uk", true */ 'e', 'n', 'd', 'o', 'f', 't', 'e', 'n', 'n', 'a', 'n', 'c', 'y', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "endohaus.us", true */ 'e', 'n', 'd', 'o', 'h', 'a', 'u', 's', '.', 'u', 's', '\0', + /* "enduranceday.be", true */ 'e', 'n', 'd', 'u', 'r', 'a', 'n', 'c', 'e', 'd', 'a', 'y', '.', 'b', 'e', '\0', + /* "endzeit-architekten.com", false */ 'e', 'n', 'd', 'z', 'e', 'i', 't', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'k', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "enemiesoflight.de", true */ 'e', 'n', 'e', 'm', 'i', 'e', 's', 'o', 'f', 'l', 'i', 'g', 'h', 't', '.', 'd', 'e', '\0', + /* "energie-sante.ch", true */ 'e', 'n', 'e', 'r', 'g', 'i', 'e', '-', 's', 'a', 'n', 't', 'e', '.', 'c', 'h', '\0', + /* "energiekeurplus.nl", true */ 'e', 'n', 'e', 'r', 'g', 'i', 'e', 'k', 'e', 'u', 'r', 'p', 'l', 'u', 's', '.', 'n', 'l', '\0', + /* "energisammenslutningen.dk", true */ 'e', 'n', 'e', 'r', 'g', 'i', 's', 'a', 'm', 'm', 'e', 'n', 's', 'l', 'u', 't', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'k', '\0', + /* "energy-drink-magazin.de", true */ 'e', 'n', 'e', 'r', 'g', 'y', '-', 'd', 'r', 'i', 'n', 'k', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0', + /* "energy-in-balance.eu", true */ 'e', 'n', 'e', 'r', 'g', 'y', '-', 'i', 'n', '-', 'b', 'a', 'l', 'a', 'n', 'c', 'e', '.', 'e', 'u', '\0', + /* "energy-infra.nl", true */ 'e', 'n', 'e', 'r', 'g', 'y', '-', 'i', 'n', 'f', 'r', 'a', '.', 'n', 'l', '\0', + /* "energy.eu", true */ 'e', 'n', 'e', 'r', 'g', 'y', '.', 'e', 'u', '\0', + /* "energyatlas.com", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'a', 't', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "energyaupair.se", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'a', 'u', 'p', 'a', 'i', 'r', '.', 's', 'e', '\0', + /* "energydrinkblog.de", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'd', 'r', 'i', 'n', 'k', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "energyelephant.com", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'e', 'l', 'e', 'p', 'h', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "energyled.com.br", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'l', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "enersaveapp.org", true */ 'e', 'n', 'e', 'r', 's', 'a', 'v', 'e', 'a', 'p', 'p', '.', 'o', 'r', 'g', '\0', + /* "enersec.co.uk", true */ 'e', 'n', 'e', 'r', 's', 'e', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "enet-navigator.de", true */ 'e', 'n', 'e', 't', '-', 'n', 'a', 'v', 'i', 'g', 'a', 't', 'o', 'r', '.', 'd', 'e', '\0', + /* "enfantsdelarue.ch", true */ 'e', 'n', 'f', 'a', 'n', 't', 's', 'd', 'e', 'l', 'a', 'r', 'u', 'e', '.', 'c', 'h', '\0', + /* "enfield-kitchens.co.uk", true */ 'e', 'n', 'f', 'i', 'e', 'l', 'd', '-', 'k', 'i', 't', 'c', 'h', 'e', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "enflow.nl", true */ 'e', 'n', 'f', 'l', 'o', 'w', '.', 'n', 'l', '\0', + /* "enfoqueseguro.com", true */ 'e', 'n', 'f', 'o', 'q', 'u', 'e', 's', 'e', 'g', 'u', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "enfu.se", true */ 'e', 'n', 'f', 'u', '.', 's', 'e', '\0', + /* "engarde.net", true */ 'e', 'n', 'g', 'a', 'r', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "engaugetools.com", true */ 'e', 'n', 'g', 'a', 'u', 'g', 'e', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "engelundlicht.ch", true */ 'e', 'n', 'g', 'e', 'l', 'u', 'n', 'd', 'l', 'i', 'c', 'h', 't', '.', 'c', 'h', '\0', + /* "engg.ca", true */ 'e', 'n', 'g', 'g', '.', 'c', 'a', '\0', + /* "engineowning.com", true */ 'e', 'n', 'g', 'i', 'n', 'e', 'o', 'w', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "enginepit.com", true */ 'e', 'n', 'g', 'i', 'n', 'e', 'p', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "enginx.net", true */ 'e', 'n', 'g', 'i', 'n', 'x', '.', 'n', 'e', 't', '\0', + /* "englerts.de", true */ 'e', 'n', 'g', 'l', 'e', 'r', 't', 's', '.', 'd', 'e', '\0', + /* "englishbulgaria.net", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'b', 'u', 'l', 'g', 'a', 'r', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "englishcast.com.br", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "englishclub.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "englishdirectory.de", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'd', 'e', '\0', + /* "englishforums.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "englishlol.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'l', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "englishstudio.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "engvid.com", true */ 'e', 'n', 'g', 'v', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "enigma.swiss", true */ 'e', 'n', 'i', 'g', 'm', 'a', '.', 's', 'w', 'i', 's', 's', '\0', + /* "enijew.com", true */ 'e', 'n', 'i', 'j', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "enixgaming.com", true */ 'e', 'n', 'i', 'x', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "enjoyphoneblog.it", true */ 'e', 'n', 'j', 'o', 'y', 'p', 'h', 'o', 'n', 'e', 'b', 'l', 'o', 'g', '.', 'i', 't', '\0', + /* "enjoystudio.ro", true */ 'e', 'n', 'j', 'o', 'y', 's', 't', 'u', 'd', 'i', 'o', '.', 'r', 'o', '\0', + /* "enlatte.com", true */ 'e', 'n', 'l', 'a', 't', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "enlazaresbueno.cl", true */ 'e', 'n', 'l', 'a', 'z', 'a', 'r', 'e', 's', 'b', 'u', 'e', 'n', 'o', '.', 'c', 'l', '\0', + /* "enlighten10x.ga", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', '1', '0', 'x', '.', 'g', 'a', '\0', + /* "enlightened.si", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', 'e', 'd', '.', 's', 'i', '\0', + /* "enlightenedhr.com", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', 'e', 'd', 'h', 'r', '.', 'c', 'o', 'm', '\0', + /* "enlightenment.org", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', 'm', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "enloestatebank.com", true */ 'e', 'n', 'l', 'o', 'e', 's', 't', 'a', 't', 'e', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "ennea-mediation.fr", true */ 'e', 'n', 'n', 'e', 'a', '-', 'm', 'e', 'd', 'i', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0', + /* "enness.co.uk", true */ 'e', 'n', 'n', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ennori.jp", true */ 'e', 'n', 'n', 'o', 'r', 'i', '.', 'j', 'p', '\0', + /* "enoou.com", true */ 'e', 'n', 'o', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "enorekcah.com", true */ 'e', 'n', 'o', 'r', 'e', 'k', 'c', 'a', 'h', '.', 'c', 'o', 'm', '\0', + /* "enot32.ru", true */ 'e', 'n', 'o', 't', '3', '2', '.', 'r', 'u', '\0', + /* "enotecastore.it", true */ 'e', 'n', 'o', 't', 'e', 'c', 'a', 's', 't', 'o', 'r', 'e', '.', 'i', 't', '\0', + /* "enquos.com", true */ 'e', 'n', 'q', 'u', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "enriquepiraces.com", true */ 'e', 'n', 'r', 'i', 'q', 'u', 'e', 'p', 'i', 'r', 'a', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "enrollapp.com", true */ 'e', 'n', 'r', 'o', 'l', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "ensage.io", true */ 'e', 'n', 's', 'a', 'g', 'e', '.', 'i', 'o', '\0', + /* "enscosupply.com", true */ 'e', 'n', 's', 'c', 'o', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "ensemble-rubato.de", true */ 'e', 'n', 's', 'e', 'm', 'b', 'l', 'e', '-', 'r', 'u', 'b', 'a', 't', 'o', '.', 'd', 'e', '\0', + /* "enskat.de", true */ 'e', 'n', 's', 'k', 'a', 't', '.', 'd', 'e', '\0', + /* "enskatson-sippe.de", true */ 'e', 'n', 's', 'k', 'a', 't', 's', 'o', 'n', '-', 's', 'i', 'p', 'p', 'e', '.', 'd', 'e', '\0', + /* "ensley.tech", true */ 'e', 'n', 's', 'l', 'e', 'y', '.', 't', 'e', 'c', 'h', '\0', + /* "ensons.de", true */ 'e', 'n', 's', 'o', 'n', 's', '.', 'd', 'e', '\0', + /* "ensured.com", true */ 'e', 'n', 's', 'u', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "ensured.nl", true */ 'e', 'n', 's', 'u', 'r', 'e', 'd', '.', 'n', 'l', '\0', + /* "entabe.jp", true */ 'e', 'n', 't', 'a', 'b', 'e', '.', 'j', 'p', '\0', + /* "entactogen.com", true */ 'e', 'n', 't', 'a', 'c', 't', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "entactogens.com", true */ 'e', 'n', 't', 'a', 'c', 't', 'o', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "entaurus.com", true */ 'e', 'n', 't', 'a', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "enteente.com", true */ 'e', 'n', 't', 'e', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "enterprisechannel.asia", true */ 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'a', 's', 'i', 'a', '\0', + /* "enterprisey.enterprises", true */ 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 'y', '.', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '\0', + /* "enterprivacy.com", true */ 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "entheogens.com", true */ 'e', 'n', 't', 'h', 'e', 'o', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "entrainr.com", true */ 'e', 'n', 't', 'r', 'a', 'i', 'n', 'r', '.', 'c', 'o', 'm', '\0', + /* "entrecieletpierres.com", true */ 'e', 'n', 't', 'r', 'e', 'c', 'i', 'e', 'l', 'e', 't', 'p', 'i', 'e', 'r', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "entreprise-toiture-clement.fr", true */ 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '-', 't', 'o', 'i', 't', 'u', 'r', 'e', '-', 'c', 'l', 'e', 'm', 'e', 'n', 't', '.', 'f', 'r', '\0', + /* "entropia.de", false */ 'e', 'n', 't', 'r', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0', + /* "entryboss.cc", true */ 'e', 'n', 't', 'r', 'y', 'b', 'o', 's', 's', '.', 'c', 'c', '\0', + /* "entrypoint.sh", true */ 'e', 'n', 't', 'r', 'y', 'p', 'o', 'i', 'n', 't', '.', 's', 'h', '\0', + /* "enuchi.jp", true */ 'e', 'n', 'u', 'c', 'h', 'i', '.', 'j', 'p', '\0', + /* "envant.co.uk", true */ 'e', 'n', 'v', 'a', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "envelope.co.nz", true */ 'e', 'n', 'v', 'e', 'l', 'o', 'p', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "enveloppenopmaat.nl", true */ 'e', 'n', 'v', 'e', 'l', 'o', 'p', 'p', 'e', 'n', 'o', 'p', 'm', 'a', 'a', 't', '.', 'n', 'l', '\0', + /* "envescent.com", true */ 'e', 'n', 'v', 'e', 's', 'c', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "enviam.de", true */ 'e', 'n', 'v', 'i', 'a', 'm', '.', 'd', 'e', '\0', + /* "enviaya.com.mx", true */ 'e', 'n', 'v', 'i', 'a', 'y', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "environment.ai", true */ 'e', 'n', 'v', 'i', 'r', 'o', 'n', 'm', 'e', 'n', 't', '.', 'a', 'i', '\0', + /* "environmentkirklees.org", true */ 'e', 'n', 'v', 'i', 'r', 'o', 'n', 'm', 'e', 'n', 't', 'k', 'i', 'r', 'k', 'l', 'e', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "enviroprobasements.com", true */ 'e', 'n', 'v', 'i', 'r', 'o', 'p', 'r', 'o', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "envoyglobal.com", true */ 'e', 'n', 'v', 'o', 'y', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "eocservices.co.uk", true */ 'e', 'o', 'c', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eoitek.com", true */ 'e', 'o', 'i', 't', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "eolme.ml", true */ 'e', 'o', 'l', 'm', 'e', '.', 'm', 'l', '\0', + /* "eonet.cc", true */ 'e', 'o', 'n', 'e', 't', '.', 'c', 'c', '\0', + /* "eonhive.com", true */ 'e', 'o', 'n', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "eoonglobalresources.jp", true */ 'e', 'o', 'o', 'n', 'g', 'l', 'o', 'b', 'a', 'l', 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', '.', 'j', 'p', '\0', + /* "eopugetsound.org", false */ 'e', 'o', 'p', 'u', 'g', 'e', 't', 's', 'o', 'u', 'n', 'd', '.', 'o', 'r', 'g', '\0', + /* "epassafe.com", true */ 'e', 'p', 'a', 's', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "epave.paris", true */ 'e', 'p', 'a', 'v', 'e', '.', 'p', 'a', 'r', 'i', 's', '\0', + /* "epay.bg", true */ 'e', 'p', 'a', 'y', '.', 'b', 'g', '\0', + /* "epaygateway.net", true */ 'e', 'p', 'a', 'y', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "epi.one", true */ 'e', 'p', 'i', '.', 'o', 'n', 'e', '\0', + /* "epic-vistas.com", true */ 'e', 'p', 'i', 'c', '-', 'v', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "epic-vistas.de", true */ 'e', 'p', 'i', 'c', '-', 'v', 'i', 's', 't', 'a', 's', '.', 'd', 'e', '\0', + /* "epicbouncycastlehirenorwich.co.uk", true */ 'e', 'p', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'n', 'o', 'r', 'w', 'i', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "epicbouncycastles.co.uk", true */ 'e', 'p', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "epicenter.work", true */ 'e', 'p', 'i', 'c', 'e', 'n', 't', 'e', 'r', '.', 'w', 'o', 'r', 'k', '\0', + /* "epicenter.works", true */ 'e', 'p', 'i', 'c', 'e', 'n', 't', 'e', 'r', '.', 'w', 'o', 'r', 'k', 's', '\0', + /* "epicentre.works", true */ 'e', 'p', 'i', 'c', 'e', 'n', 't', 'r', 'e', '.', 'w', 'o', 'r', 'k', 's', '\0', + /* "epichouse.net", true */ 'e', 'p', 'i', 'c', 'h', 'o', 'u', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "epicinflatables.co.uk", true */ 'e', 'p', 'i', 'c', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "epickitty.co.uk", true */ 'e', 'p', 'i', 'c', 'k', 'i', 't', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "epicpages.com", true */ 'e', 'p', 'i', 'c', 'p', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "epicsecure.de", true */ 'e', 'p', 'i', 'c', 's', 'e', 'c', 'u', 'r', 'e', '.', 'd', 'e', '\0', + /* "epicsoft.de", true */ 'e', 'p', 'i', 'c', 's', 'o', 'f', 't', '.', 'd', 'e', '\0', + /* "epicvistas.com", true */ 'e', 'p', 'i', 'c', 'v', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "epicvistas.de", true */ 'e', 'p', 'i', 'c', 'v', 'i', 's', 't', 'a', 's', '.', 'd', 'e', '\0', + /* "epicwalnutcreek.com", true */ 'e', 'p', 'i', 'c', 'w', 'a', 'l', 'n', 'u', 't', 'c', 'r', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "epilis.gr", true */ 'e', 'p', 'i', 'l', 'i', 's', '.', 'g', 'r', '\0', + /* "epiphyte.network", true */ 'e', 'p', 'i', 'p', 'h', 'y', 't', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "epistas.com", true */ 'e', 'p', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "epistas.de", true */ 'e', 'p', 'i', 's', 't', 'a', 's', '.', 'd', 'e', '\0', + /* "epitesz.co", true */ 'e', 'p', 'i', 't', 'e', 's', 'z', '.', 'c', 'o', '\0', + /* "epiteugma.com", true */ 'e', 'p', 'i', 't', 'e', 'u', 'g', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "epizentrum.work", true */ 'e', 'p', 'i', 'z', 'e', 'n', 't', 'r', 'u', 'm', '.', 'w', 'o', 'r', 'k', '\0', + /* "epizentrum.works", true */ 'e', 'p', 'i', 'z', 'e', 'n', 't', 'r', 'u', 'm', '.', 'w', 'o', 'r', 'k', 's', '\0', + /* "epmcentroitalia.it", true */ 'e', 'p', 'm', 'c', 'e', 'n', 't', 'r', 'o', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0', + /* "epoch.com", true */ 'e', 'p', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "epolitiker.com", true */ 'e', 'p', 'o', 'l', 'i', 't', 'i', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "epos-distributor.co.uk", true */ 'e', 'p', 'o', 's', '-', 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposbirmingham.co.uk", true */ 'e', 'p', 'o', 's', 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposbrighton.co.uk", true */ 'e', 'p', 'o', 's', 'b', 'r', 'i', 'g', 'h', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposbristol.co.uk", true */ 'e', 'p', 'o', 's', 'b', 'r', 'i', 's', 't', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposcardiff.co.uk", true */ 'e', 'p', 'o', 's', 'c', 'a', 'r', 'd', 'i', 'f', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposcloud.net", true */ 'e', 'p', 'o', 's', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0', + /* "eposkent.co.uk", true */ 'e', 'p', 'o', 's', 'k', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposleeds.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposleicester.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'e', 'i', 'c', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposliverpool.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'i', 'v', 'e', 'r', 'p', 'o', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposlondon.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposmidlands.co.uk", true */ 'e', 'p', 'o', 's', 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposnewport.co.uk", true */ 'e', 'p', 'o', 's', 'n', 'e', 'w', 'p', 'o', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposnottingham.co.uk", true */ 'e', 'p', 'o', 's', 'n', 'o', 't', 't', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposreading.co.uk", true */ 'e', 'p', 'o', 's', 'r', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposreview.co.uk", true */ 'e', 'p', 'o', 's', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "epossheffield.co.uk", true */ 'e', 'p', 'o', 's', 's', 'h', 'e', 'f', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "epossurrey.co.uk", true */ 'e', 'p', 'o', 's', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "epossussex.co.uk", true */ 'e', 'p', 'o', 's', 's', 'u', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposswansea.co.uk", true */ 'e', 'p', 'o', 's', 's', 'w', 'a', 'n', 's', 'e', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "epossystems.co.uk", true */ 'e', 'p', 'o', 's', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "epostplus.li", true */ 'e', 'p', 'o', 's', 't', 'p', 'l', 'u', 's', '.', 'l', 'i', '\0', + /* "eposwales.co.uk", true */ 'e', 'p', 'o', 's', 'w', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eposyork.co.uk", true */ 'e', 'p', 'o', 's', 'y', 'o', 'r', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "eppelblei.lu", true */ 'e', 'p', 'p', 'e', 'l', 'b', 'l', 'e', 'i', '.', 'l', 'u', '\0', + /* "eppelpress.lu", true */ 'e', 'p', 'p', 'e', 'l', 'p', 'r', 'e', 's', 's', '.', 'l', 'u', '\0', + /* "eprofitacademy.com", true */ 'e', 'p', 'r', 'o', 'f', 'i', 't', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0', + /* "epsilon.dk", true */ 'e', 'p', 's', 'i', 'l', 'o', 'n', '.', 'd', 'k', '\0', + /* "epsorting.cz", true */ 'e', 'p', 's', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'z', '\0', + /* "epublibre.org", true */ 'e', 'p', 'u', 'b', 'l', 'i', 'b', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "epulsar.ru", true */ 'e', 'p', 'u', 'l', 's', 'a', 'r', '.', 'r', 'u', '\0', + /* "eq-serve.com", true */ 'e', 'q', '-', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "eqorg.com", true */ 'e', 'q', 'o', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "equalcloud.com", true */ 'e', 'q', 'u', 'a', 'l', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "equalparts.eu", true */ 'e', 'q', 'u', 'a', 'l', 'p', 'a', 'r', 't', 's', '.', 'e', 'u', '\0', + /* "equidam.com", true */ 'e', 'q', 'u', 'i', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "equinecoaching.ca", true */ 'e', 'q', 'u', 'i', 'n', 'e', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'a', '\0', + /* "equinox.io", true */ 'e', 'q', 'u', 'i', 'n', 'o', 'x', '.', 'i', 'o', '\0', + /* "equipandoloja.net.br", true */ 'e', 'q', 'u', 'i', 'p', 'a', 'n', 'd', 'o', 'l', 'o', 'j', 'a', '.', 'n', 'e', 't', '.', 'b', 'r', '\0', + /* "equipedefrance.tv", true */ 'e', 'q', 'u', 'i', 'p', 'e', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'e', '.', 't', 'v', '\0', + /* "equipeferramentas.com.br", true */ 'e', 'q', 'u', 'i', 'p', 'e', 'f', 'e', 'r', 'r', 'a', 'm', 'e', 'n', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "equippers.de", true */ 'e', 'q', 'u', 'i', 'p', 'p', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "equipsupply.com", true */ 'e', 'q', 'u', 'i', 'p', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "er.tl", true */ 'e', 'r', '.', 't', 'l', '\0', + /* "erad.fr", true */ 'e', 'r', 'a', 'd', '.', 'f', 'r', '\0', + /* "erasmusplusrooms.com", true */ 'e', 'r', 'a', 's', 'm', 'u', 's', 'p', 'l', 'u', 's', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "erath.fr", true */ 'e', 'r', 'a', 't', 'h', '.', 'f', 'r', '\0', + /* "erclab.kr", true */ 'e', 'r', 'c', 'l', 'a', 'b', '.', 'k', 'r', '\0', + /* "erdethamburgeronsdag.no", true */ 'e', 'r', 'd', 'e', 't', 'h', 'a', 'm', 'b', 'u', 'r', 'g', 'e', 'r', 'o', 'n', 's', 'd', 'a', 'g', '.', 'n', 'o', '\0', + /* "ereader.uno", true */ 'e', 'r', 'e', 'a', 'd', 'e', 'r', '.', 'u', 'n', 'o', '\0', + /* "erectiepillenwinkel.nl", true */ 'e', 'r', 'e', 'c', 't', 'i', 'e', 'p', 'i', 'l', 'l', 'e', 'n', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0', + /* "erepublik-deutschland.de", true */ 'e', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'k', '-', 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0', + /* "erethon.com", true */ 'e', 'r', 'e', 't', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "erf-neuilly.com", true */ 'e', 'r', 'f', '-', 'n', 'e', 'u', 'i', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "ergo-open.de", true */ 'e', 'r', 'g', 'o', '-', 'o', 'p', 'e', 'n', '.', 'd', 'e', '\0', + /* "ergobyte.eu", true */ 'e', 'r', 'g', 'o', 'b', 'y', 't', 'e', '.', 'e', 'u', '\0', + /* "ergobyte.gr", true */ 'e', 'r', 'g', 'o', 'b', 'y', 't', 'e', '.', 'g', 'r', '\0', + /* "ergovita.com.br", true */ 'e', 'r', 'g', 'o', 'v', 'i', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ergovitanet.com.br", true */ 'e', 'r', 'g', 'o', 'v', 'i', 't', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "eriador.io", true */ 'e', 'r', 'i', 'a', 'd', 'o', 'r', '.', 'i', 'o', '\0', + /* "ericabrahamsen.net", true */ 'e', 'r', 'i', 'c', 'a', 'b', 'r', 'a', 'h', 'a', 'm', 's', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "ericairwin.com", true */ 'e', 'r', 'i', 'c', 'a', 'i', 'r', 'w', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "ericdiao.com", true */ 'e', 'r', 'i', 'c', 'd', 'i', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "erichorstmanshof.nl", true */ 'e', 'r', 'i', 'c', 'h', 'o', 'r', 's', 't', 'm', 'a', 'n', 's', 'h', 'o', 'f', '.', 'n', 'l', '\0', + /* "ericisaweso.me", true */ 'e', 'r', 'i', 'c', 'i', 's', 'a', 'w', 'e', 's', 'o', '.', 'm', 'e', '\0', + /* "ericjohnltd.com", true */ 'e', 'r', 'i', 'c', 'j', 'o', 'h', 'n', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0', + /* "erick.blog", true */ 'e', 'r', 'i', 'c', 'k', '.', 'b', 'l', 'o', 'g', '\0', + /* "ericleuthardt.com", true */ 'e', 'r', 'i', 'c', 'l', 'e', 'u', 't', 'h', 'a', 'r', 'd', 't', '.', 'c', 'o', 'm', '\0', + /* "erico.jp", true */ 'e', 'r', 'i', 'c', 'o', '.', 'j', 'p', '\0', + /* "ericoc.com", true */ 'e', 'r', 'i', 'c', 'o', 'c', '.', 'c', 'o', 'm', '\0', + /* "ericwie.se", true */ 'e', 'r', 'i', 'c', 'w', 'i', 'e', '.', 's', 'e', '\0', + /* "erigrid.eu", true */ 'e', 'r', 'i', 'g', 'r', 'i', 'd', '.', 'e', 'u', '\0', + /* "eriix.org", true */ 'e', 'r', 'i', 'i', 'x', '.', 'o', 'r', 'g', '\0', + /* "erikheemskerk.nl", true */ 'e', 'r', 'i', 'k', 'h', 'e', 'e', 'm', 's', 'k', 'e', 'r', 'k', '.', 'n', 'l', '\0', + /* "erikhubers.nl", true */ 'e', 'r', 'i', 'k', 'h', 'u', 'b', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "erikseth.de", true */ 'e', 'r', 'i', 'k', 's', 'e', 't', 'h', '.', 'd', 'e', '\0', + /* "erinaceinae.com", true */ 'e', 'r', 'i', 'n', 'a', 'c', 'e', 'i', 'n', 'a', 'e', '.', 'c', 'o', 'm', '\0', + /* "eriner.me", true */ 'e', 'r', 'i', 'n', 'e', 'r', '.', 'm', 'e', '\0', + /* "erinn.io", true */ 'e', 'r', 'i', 'n', 'n', '.', 'i', 'o', '\0', + /* "erisrenee.com", true */ 'e', 'r', 'i', 's', 'r', 'e', 'n', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "erkaelderbarenaaben.dk", true */ 'e', 'r', 'k', 'a', 'e', 'l', 'd', 'e', 'r', 'b', 'a', 'r', 'e', 'n', 'a', 'a', 'b', 'e', 'n', '.', 'd', 'k', '\0', + /* "ernest.ly", true */ 'e', 'r', 'n', 'e', 's', 't', '.', 'l', 'y', '\0', + /* "eron.info", true */ 'e', 'r', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "erotic4me.ch", true */ 'e', 'r', 'o', 't', 'i', 'c', '4', 'm', 'e', '.', 'c', 'h', '\0', + /* "erotpo.cz", true */ 'e', 'r', 'o', 't', 'p', 'o', '.', 'c', 'z', '\0', + /* "erp-band.ru", true */ 'e', 'r', 'p', '-', 'b', 'a', 'n', 'd', '.', 'r', 'u', '\0', + /* "erp.band", true */ 'e', 'r', 'p', '.', 'b', 'a', 'n', 'd', '\0', + /* "erpband.ru", true */ 'e', 'r', 'p', 'b', 'a', 'n', 'd', '.', 'r', 'u', '\0', + /* "erpcargo.com", false */ 'e', 'r', 'p', 'c', 'a', 'r', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "errietta.me", true */ 'e', 'r', 'r', 'i', 'e', 't', 't', 'a', '.', 'm', 'e', '\0', + /* "errlytics.com", true */ 'e', 'r', 'r', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "error418.nl", true */ 'e', 'r', 'r', 'o', 'r', '4', '1', '8', '.', 'n', 'l', '\0', + /* "ers35.com", true */ 'e', 'r', 's', '3', '5', '.', 'c', 'o', 'm', '\0', + /* "ersa-shop.com", true */ 'e', 'r', 's', 'a', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "ershiwo.com", true */ 'e', 'r', 's', 'h', 'i', 'w', 'o', '.', 'c', 'o', 'm', '\0', + /* "erstehilfeprodukte.at", true */ 'e', 'r', 's', 't', 'e', 'h', 'i', 'l', 'f', 'e', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', '.', 'a', 't', '\0', + /* "eru.im", true */ 'e', 'r', 'u', '.', 'i', 'm', '\0', + /* "erudicia.com", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "erudicia.de", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'd', 'e', '\0', + /* "erudicia.es", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'e', 's', '\0', + /* "erudicia.fr", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'f', 'r', '\0', + /* "erudicia.it", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'i', 't', '\0', + /* "erudicia.nl", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'n', 'l', '\0', + /* "erudicia.se", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 's', 'e', '\0', + /* "erudicia.uk", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'u', 'k', '\0', + /* "erudikum.cz", true */ 'e', 'r', 'u', 'd', 'i', 'k', 'u', 'm', '.', 'c', 'z', '\0', + /* "erverydown.ml", true */ 'e', 'r', 'v', 'e', 'r', 'y', 'd', 'o', 'w', 'n', '.', 'm', 'l', '\0', + /* "erwanlepape.com", true */ 'e', 'r', 'w', 'a', 'n', 'l', 'e', 'p', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "erwin.saarland", true */ 'e', 'r', 'w', 'i', 'n', '.', 's', 'a', 'a', 'r', 'l', 'a', 'n', 'd', '\0', + /* "erwinschmaeh.ch", true */ 'e', 'r', 'w', 'i', 'n', 's', 'c', 'h', 'm', 'a', 'e', 'h', '.', 'c', 'h', '\0', + /* "erythroxylum-coca.com", true */ 'e', 'r', 'y', 't', 'h', 'r', 'o', 'x', 'y', 'l', 'u', 'm', '-', 'c', 'o', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "es-geenen.de", true */ 'e', 's', '-', 'g', 'e', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0', + /* "es.search.yahoo.com", false */ 'e', 's', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "esaborit.ddns.net", true */ 'e', 's', 'a', 'b', 'o', 'r', 'i', 't', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "esafar.cz", true */ 'e', 's', 'a', 'f', 'a', 'r', '.', 'c', 'z', '\0', + /* "esagente.com", true */ 'e', 's', 'a', 'g', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "esailinggear.com", true */ 'e', 's', 'a', 'i', 'l', 'i', 'n', 'g', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "esalesdata.com", true */ 'e', 's', 'a', 'l', 'e', 's', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "esample.info", true */ 'e', 's', 'a', 'm', 'p', 'l', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "esb111.net", true */ 'e', 's', 'b', '1', '1', '1', '.', 'n', 'e', 't', '\0', + /* "esb112.com", true */ 'e', 's', 'b', '1', '1', '2', '.', 'c', 'o', 'm', '\0', + /* "esb112.net", true */ 'e', 's', 'b', '1', '1', '2', '.', 'n', 'e', 't', '\0', + /* "esball.tv", true */ 'e', 's', 'b', 'a', 'l', 'l', '.', 't', 'v', '\0', + /* "esball888.net", true */ 'e', 's', 'b', 'a', 'l', 'l', '8', '8', '8', '.', 'n', 'e', 't', '\0', + /* "esc.chat", true */ 'e', 's', 'c', '.', 'c', 'h', 'a', 't', '\0', + /* "escael.org", true */ 'e', 's', 'c', 'a', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "escapees.com", true */ 'e', 's', 'c', 'a', 'p', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "escapeplaza.de", true */ 'e', 's', 'c', 'a', 'p', 'e', 'p', 'l', 'a', 'z', 'a', '.', 'd', 'e', '\0', + /* "escapetalk.nl", true */ 'e', 's', 'c', 'a', 'p', 'e', 't', 'a', 'l', 'k', '.', 'n', 'l', '\0', + /* "escargotbistro.com", true */ 'e', 's', 'c', 'a', 'r', 'g', 'o', 't', 'b', 'i', 's', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "escavador.com", true */ 'e', 's', 'c', 'a', 'v', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "esclear.de", true */ 'e', 's', 'c', 'l', 'e', 'a', 'r', '.', 'd', 'e', '\0', + /* "escontact.ch", true */ 'e', 's', 'c', 'o', 'n', 't', 'a', 'c', 't', '.', 'c', 'h', '\0', + /* "escortdisplay.com", true */ 'e', 's', 'c', 'o', 'r', 't', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "escortmantra.com", true */ 'e', 's', 'c', 'o', 'r', 't', 'm', 'a', 'n', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "escortshotsexy.com", true */ 'e', 's', 'c', 'o', 'r', 't', 's', 'h', 'o', 't', 's', 'e', 'x', 'y', '.', 'c', 'o', 'm', '\0', + /* "escritoriodearte.com", true */ 'e', 's', 'c', 'r', 'i', 't', 'o', 'r', 'i', 'o', 'd', 'e', 'a', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "escueladewordpress.com", true */ 'e', 's', 'c', 'u', 'e', 'l', 'a', 'd', 'e', 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "escxtra.com", true */ 'e', 's', 'c', 'x', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "escyr.top", true */ 'e', 's', 'c', 'y', 'r', '.', 't', 'o', 'p', '\0', + /* "esdenera.com", true */ 'e', 's', 'd', 'e', 'n', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "esdiscuss.org", true */ 'e', 's', 'd', 'i', 's', 'c', 'u', 's', 's', '.', 'o', 'r', 'g', '\0', + /* "eseth.de", true */ 'e', 's', 'e', 't', 'h', '.', 'd', 'e', '\0', + /* "esg-abi2001.de", true */ 'e', 's', 'g', '-', 'a', 'b', 'i', '2', '0', '0', '1', '.', 'd', 'e', '\0', + /* "esh.ink", true */ 'e', 's', 'h', '.', 'i', 'n', 'k', '\0', + /* "eshepperd.com", true */ 'e', 's', 'h', 'e', 'p', 'p', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "eshop-prices.com", true */ 'e', 's', 'h', 'o', 'p', '-', 'p', 'r', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "eshtapay.com", true */ 'e', 's', 'h', 't', 'a', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "esibun.net", true */ 'e', 's', 'i', 'b', 'u', 'n', '.', 'n', 'e', 't', '\0', + /* "esigmbh.de", true */ 'e', 's', 'i', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0', + /* "esipublications.com", true */ 'e', 's', 'i', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "esite.ch", true */ 'e', 's', 'i', 't', 'e', '.', 'c', 'h', '\0', + /* "eskdale.net", true */ 'e', 's', 'k', 'd', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "eskriett.com", true */ 'e', 's', 'k', 'r', 'i', 'e', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "esoa.net", true */ 'e', 's', 'o', 'a', '.', 'n', 'e', 't', '\0', + /* "esoko.eu", true */ 'e', 's', 'o', 'k', 'o', '.', 'e', 'u', '\0', + /* "esolcourses.com", true */ 'e', 's', 'o', 'l', 'c', 'o', 'u', 'r', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "esono.de", true */ 'e', 's', 'o', 'n', 'o', '.', 'd', 'e', '\0', + /* "esoterik.link", true */ 'e', 's', 'o', 't', 'e', 'r', 'i', 'k', '.', 'l', 'i', 'n', 'k', '\0', + /* "esoterikerforum.de", true */ 'e', 's', 'o', 't', 'e', 'r', 'i', 'k', 'e', 'r', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "esp-berlin.de", true */ 'e', 's', 'p', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0', + /* "esp.community", true */ 'e', 's', 'p', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0', + /* "espace-caen.fr", true */ 'e', 's', 'p', 'a', 'c', 'e', '-', 'c', 'a', 'e', 'n', '.', 'f', 'r', '\0', + /* "espace.network", true */ 'e', 's', 'p', 'a', 'c', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "espacetemps.ch", true */ 'e', 's', 'p', 'a', 'c', 'e', 't', 'e', 'm', 'p', 's', '.', 'c', 'h', '\0', + /* "espacetheosophie.fr", true */ 'e', 's', 'p', 'a', 'c', 'e', 't', 'h', 'e', 'o', 's', 'o', 'p', 'h', 'i', 'e', '.', 'f', 'r', '\0', + /* "espacio-cultural.com", true */ 'e', 's', 'p', 'a', 'c', 'i', 'o', '-', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "espanol.search.yahoo.com", false */ 'e', 's', 'p', 'a', 'n', 'o', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "espanova.com", true */ 'e', 's', 'p', 'a', 'n', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0', + /* "espci.fr", true */ 'e', 's', 'p', 'c', 'i', '.', 'f', 'r', '\0', + /* "especificosba.com.ar", true */ 'e', 's', 'p', 'e', 'c', 'i', 'f', 'i', 'c', 'o', 's', 'b', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "espenandersen.no", true */ 'e', 's', 'p', 'e', 'n', 'a', 'n', 'd', 'e', 'r', 's', 'e', 'n', '.', 'n', 'o', '\0', + /* "espgg.org", true */ 'e', 's', 'p', 'g', 'g', '.', 'o', 'r', 'g', '\0', + /* "esphigmenou.gr", true */ 'e', 's', 'p', 'h', 'i', 'g', 'm', 'e', 'n', 'o', 'u', '.', 'g', 'r', '\0', + /* "espigol.org", true */ 'e', 's', 'p', 'i', 'g', 'o', 'l', '.', 'o', 'r', 'g', '\0', + /* "esports-network.de", true */ 'e', 's', 'p', 'o', 'r', 't', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0', + /* "espressivo.com.br", true */ 'e', 's', 'p', 'r', 'e', 's', 's', 'i', 'v', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "esprit-cloture.fr", true */ 'e', 's', 'p', 'r', 'i', 't', '-', 'c', 'l', 'o', 't', 'u', 'r', 'e', '.', 'f', 'r', '\0', + /* "espritrait.com", true */ 'e', 's', 'p', 'r', 'i', 't', 'r', 'a', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "esquirou-trieves.fr", true */ 'e', 's', 'q', 'u', 'i', 'r', 'o', 'u', '-', 't', 'r', 'i', 'e', 'v', 'e', 's', '.', 'f', 'r', '\0', + /* "esquisse.fr", true */ 'e', 's', 'q', 'u', 'i', 's', 's', 'e', '.', 'f', 'r', '\0', + /* "ess-cert.ru", true */ 'e', 's', 's', '-', 'c', 'e', 'r', 't', '.', 'r', 'u', '\0', + /* "essayforsale.net", true */ 'e', 's', 's', 'a', 'y', 'f', 'o', 'r', 's', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "essayhave.com", true */ 'e', 's', 's', 'a', 'y', 'h', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "essaylib.com", true */ 'e', 's', 's', 'a', 'y', 'l', 'i', 'b', '.', 'c', 'o', 'm', '\0', + /* "essaypro.net", true */ 'e', 's', 's', 'a', 'y', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "essaywriting.biz", true */ 'e', 's', 's', 'a', 'y', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'b', 'i', 'z', '\0', + /* "essenceofvitalitydetox.com", true */ 'e', 's', 's', 'e', 'n', 'c', 'e', 'o', 'f', 'v', 'i', 't', 'a', 'l', 'i', 't', 'y', 'd', 'e', 't', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "essencesdeprana.org", true */ 'e', 's', 's', 'e', 'n', 'c', 'e', 's', 'd', 'e', 'p', 'r', 'a', 'n', 'a', '.', 'o', 'r', 'g', '\0', + /* "essential12.com", true */ 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', '1', '2', '.', 'c', 'o', 'm', '\0', + /* "essentialoilsimports.com", true */ 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', 'o', 'i', 'l', 's', 'i', 'm', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "essentiel-physique.com", true */ 'e', 's', 's', 'e', 'n', 't', 'i', 'e', 'l', '-', 'p', 'h', 'y', 's', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "esseriumani.com", true */ 'e', 's', 's', 'e', 'r', 'i', 'u', 'm', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "essexcosmeticdentists.co.uk", false */ 'e', 's', 's', 'e', 'x', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'd', 'e', 'n', 't', 'i', 's', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "essite.net", true */ 'e', 's', 's', 'i', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "esslm.sk", true */ 'e', 's', 's', 'l', 'm', '.', 's', 'k', '\0', + /* "essoduke.org", true */ 'e', 's', 's', 'o', 'd', 'u', 'k', 'e', '.', 'o', 'r', 'g', '\0', + /* "essplusmed.org", true */ 'e', 's', 's', 'p', 'l', 'u', 's', 'm', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "essteebee.ch", true */ 'e', 's', 's', 't', 'e', 'e', 'b', 'e', 'e', '.', 'c', 'h', '\0', + /* "estafallando.es", true */ 'e', 's', 't', 'a', 'f', 'a', 'l', 'l', 'a', 'n', 'd', 'o', '.', 'e', 's', '\0', + /* "estafallando.mx", true */ 'e', 's', 't', 'a', 'f', 'a', 'l', 'l', 'a', 'n', 'd', 'o', '.', 'm', 'x', '\0', + /* "estaleiro.org", true */ 'e', 's', 't', 'a', 'l', 'e', 'i', 'r', 'o', '.', 'o', 'r', 'g', '\0', + /* "estan.cn", true */ 'e', 's', 't', 'a', 'n', '.', 'c', 'n', '\0', + /* "estateczech-eu.ru", true */ 'e', 's', 't', 'a', 't', 'e', 'c', 'z', 'e', 'c', 'h', '-', 'e', 'u', '.', 'r', 'u', '\0', + /* "estcequejailaflemme.fr", true */ 'e', 's', 't', 'c', 'e', 'q', 'u', 'e', 'j', 'a', 'i', 'l', 'a', 'f', 'l', 'e', 'm', 'm', 'e', '.', 'f', 'r', '\0', + /* "estcequonmetenprodaujourdhui.info", true */ 'e', 's', 't', 'c', 'e', 'q', 'u', 'o', 'n', 'm', 'e', 't', 'e', 'n', 'p', 'r', 'o', 'd', 'a', 'u', 'j', 'o', 'u', 'r', 'd', 'h', 'u', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "esteam.se", true */ 'e', 's', 't', 'e', 'a', 'm', '.', 's', 'e', '\0', + /* "estespr.com", true */ 'e', 's', 't', 'e', 's', 'p', 'r', '.', 'c', 'o', 'm', '\0', + /* "esteticanorte.com.br", true */ 'e', 's', 't', 'e', 't', 'i', 'c', 'a', 'n', 'o', 'r', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "estilopack-loja.com.br", true */ 'e', 's', 't', 'i', 'l', 'o', 'p', 'a', 'c', 'k', '-', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "estoic.net", true */ 'e', 's', 't', 'o', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "estoniantrade.ee", true */ 'e', 's', 't', 'o', 'n', 'i', 'a', 'n', 't', 'r', 'a', 'd', 'e', '.', 'e', 'e', '\0', + /* "estonoentraenelexamen.com", true */ 'e', 's', 't', 'o', 'n', 'o', 'e', 'n', 't', 'r', 'a', 'e', 'n', 'e', 'l', 'e', 'x', 'a', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "estoqueinformatica.com.br", true */ 'e', 's', 't', 'o', 'q', 'u', 'e', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "estrietoit.com", false */ 'e', 's', 't', 'r', 'i', 'e', 't', 'o', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "eswap.cz", true */ 'e', 's', 'w', 'a', 'p', '.', 'c', 'z', '\0', + /* "etaes.eu", true */ 'e', 't', 'a', 'e', 's', '.', 'e', 'u', '\0', + /* "etalent.net", true */ 'e', 't', 'a', 'l', 'e', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "etaoinwu.win", true */ 'e', 't', 'a', 'o', 'i', 'n', 'w', 'u', '.', 'w', 'i', 'n', '\0', + /* "etath.com", true */ 'e', 't', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "etaxi.tn", true */ 'e', 't', 'a', 'x', 'i', '.', 't', 'n', '\0', + /* "etccooperative.org", true */ 'e', 't', 'c', 'c', 'o', 'o', 'p', 'e', 'r', 'a', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "eteapparel.com", true */ 'e', 't', 'e', 'a', 'p', 'p', 'a', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "eteesheet.com", true */ 'e', 't', 'e', 'e', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "etelej.com", false */ 'e', 't', 'e', 'l', 'e', 'j', '.', 'c', 'o', 'm', '\0', + /* "etenendrinken.nu", true */ 'e', 't', 'e', 'n', 'e', 'n', 'd', 'r', 'i', 'n', 'k', 'e', 'n', '.', 'n', 'u', '\0', + /* "eternalabyss.int.eu.org", true */ 'e', 't', 'e', 'r', 'n', 'a', 'l', 'a', 'b', 'y', 's', 's', '.', 'i', 'n', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "eternalsymbols.com", true */ 'e', 't', 'e', 'r', 'n', 'a', 'l', 's', 'y', 'm', 'b', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "eternit.roma.it", true */ 'e', 't', 'e', 'r', 'n', 'i', 't', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "eth-faucet.net", true */ 'e', 't', 'h', '-', 'f', 'a', 'u', 'c', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "eth0.nl", true */ 'e', 't', 'h', '0', '.', 'n', 'l', '\0', + /* "etha.nz", true */ 'e', 't', 'h', 'a', '.', 'n', 'z', '\0', + /* "ethack.org", true */ 'e', 't', 'h', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "ethaligan.fr", true */ 'e', 't', 'h', 'a', 'l', 'i', 'g', 'a', 'n', '.', 'f', 'r', '\0', + /* "ethan.pm", true */ 'e', 't', 'h', 'a', 'n', '.', 'p', 'm', '\0', + /* "ethanfaust.com", true */ 'e', 't', 'h', 'a', 'n', 'f', 'a', 'u', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "ethanlew.is", true */ 'e', 't', 'h', 'a', 'n', 'l', 'e', 'w', '.', 'i', 's', '\0', + /* "ethercalc.com", true */ 'e', 't', 'h', 'e', 'r', 'c', 'a', 'l', 'c', '.', 'c', 'o', 'm', '\0', + /* "ethercalc.org", true */ 'e', 't', 'h', 'e', 'r', 'c', 'a', 'l', 'c', '.', 'o', 'r', 'g', '\0', + /* "etherpad.nl", true */ 'e', 't', 'h', 'e', 'r', 'p', 'a', 'd', '.', 'n', 'l', '\0', + /* "ethicaldata.co.uk", true */ 'e', 't', 'h', 'i', 'c', 'a', 'l', 'd', 'a', 't', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ethicaltek.com", true */ 'e', 't', 'h', 'i', 'c', 'a', 'l', 't', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "ethicsburg.gov", true */ 'e', 't', 'h', 'i', 'c', 's', 'b', 'u', 'r', 'g', '.', 'g', 'o', 'v', '\0', + /* "ethika.com", true */ 'e', 't', 'h', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "ethiopian.dating", true */ 'e', 't', 'h', 'i', 'o', 'p', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "ethitter.com", true */ 'e', 't', 'h', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ethosinfo.com", true */ 'e', 't', 'h', 'o', 's', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "etidni.help", true */ 'e', 't', 'i', 'd', 'n', 'i', '.', 'h', 'e', 'l', 'p', '\0', + /* "etienne.cc", true */ 'e', 't', 'i', 'e', 'n', 'n', 'e', '.', 'c', 'c', '\0', + /* "etincelle.ml", true */ 'e', 't', 'i', 'n', 'c', 'e', 'l', 'l', 'e', '.', 'm', 'l', '\0', + /* "etiquetaunica.com.br", true */ 'e', 't', 'i', 'q', 'u', 'e', 't', 'a', 'u', 'n', 'i', 'c', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "etkaddict.com", true */ 'e', 't', 'k', 'a', 'd', 'd', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "etoile-usedcars.com", true */ 'e', 't', 'o', 'i', 'l', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "etre-soi.ch", true */ 'e', 't', 'r', 'e', '-', 's', 'o', 'i', '.', 'c', 'h', '\0', + /* "etre-vivant.fr", true */ 'e', 't', 'r', 'e', '-', 'v', 'i', 'v', 'a', 'n', 't', '.', 'f', 'r', '\0', + /* "etudesbibliques.fr", true */ 'e', 't', 'u', 'd', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'q', 'u', 'e', 's', '.', 'f', 'r', '\0', + /* "etudesbibliques.net", true */ 'e', 't', 'u', 'd', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'q', 'u', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "etudesbibliques.org", true */ 'e', 't', 'u', 'd', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'q', 'u', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "etv.cx", true */ 'e', 't', 'v', '.', 'c', 'x', '\0', + /* "etyd.org", true */ 'e', 't', 'y', 'd', '.', 'o', 'r', 'g', '\0', + /* "etys.no", true */ 'e', 't', 'y', 's', '.', 'n', 'o', '\0', + /* "etzi.myds.me", true */ 'e', 't', 'z', 'i', '.', 'm', 'y', 'd', 's', '.', 'm', 'e', '\0', + /* "euchre.us", true */ 'e', 'u', 'c', 'h', 'r', 'e', '.', 'u', 's', '\0', + /* "eugenekay.com", true */ 'e', 'u', 'g', 'e', 'n', 'e', 'k', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "eugenetech.org", true */ 'e', 'u', 'g', 'e', 'n', 'e', 't', 'e', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "eujuicers.bg", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'b', 'g', '\0', + /* "eujuicers.com", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "eujuicers.com.hr", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'h', 'r', '\0', + /* "eujuicers.com.tr", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "eujuicers.com.ua", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "eujuicers.cz", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'z', '\0', + /* "eujuicers.de", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "eujuicers.es", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'e', 's', '\0', + /* "eujuicers.fr", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'f', 'r', '\0', + /* "eujuicers.hu", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'h', 'u', '\0', + /* "eujuicers.it", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'i', 't', '\0', + /* "eujuicers.pl", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'p', 'l', '\0', + /* "eujuicers.pt", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'p', 't', '\0', + /* "eujuicers.ro", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'r', 'o', '\0', + /* "eujuicers.rs", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'r', 's', '\0', + /* "eujuicers.ru", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'r', 'u', '\0', + /* "eujuicers.si", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 's', 'i', '\0', + /* "eujuicers.sk", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 's', 'k', '\0', + /* "eulenleben.de", true */ 'e', 'u', 'l', 'e', 'n', 'l', 'e', 'b', 'e', 'n', '.', 'd', 'e', '\0', + /* "eung.ga", true */ 'e', 'u', 'n', 'g', '.', 'g', 'a', '\0', + /* "eupay.de", true */ 'e', 'u', 'p', 'a', 'y', '.', 'd', 'e', '\0', + /* "euph.eu", true */ 'e', 'u', 'p', 'h', '.', 'e', 'u', '\0', + /* "eupresidency2018.com", true */ 'e', 'u', 'p', 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'y', '2', '0', '1', '8', '.', 'c', 'o', 'm', '\0', + /* "eureka.archi", true */ 'e', 'u', 'r', 'e', 'k', 'a', '.', 'a', 'r', 'c', 'h', 'i', '\0', + /* "eurekaarchi.com", true */ 'e', 'u', 'r', 'e', 'k', 'a', 'a', 'r', 'c', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "eurekaarchitecture.com", true */ 'e', 'u', 'r', 'e', 'k', 'a', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "euroalter.com", true */ 'e', 'u', 'r', 'o', 'a', 'l', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "eurocomcompany.cz", true */ 'e', 'u', 'r', 'o', 'c', 'o', 'm', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'z', '\0', + /* "europapier.at", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'a', 't', '\0', + /* "europapier.ba", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'b', 'a', '\0', + /* "europapier.bg", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'b', 'g', '\0', + /* "europapier.com", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "europapier.cz", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'c', 'z', '\0', + /* "europapier.hr", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'h', 'r', '\0', + /* "europapier.hu", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'h', 'u', '\0', + /* "europapier.net", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "europapier.rs", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'r', 's', '\0', + /* "europapier.si", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 's', 'i', '\0', + /* "europapier.sk", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 's', 'k', '\0', + /* "europapier.ua", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'u', 'a', '\0', + /* "europastudien.de", true */ 'e', 'u', 'r', 'o', 'p', 'a', 's', 't', 'u', 'd', 'i', 'e', 'n', '.', 'd', 'e', '\0', + /* "european-agency.org", true */ 'e', 'u', 'r', 'o', 'p', 'e', 'a', 'n', '-', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'o', 'r', 'g', '\0', + /* "europeantransportmanagement.com", true */ 'e', 'u', 'r', 'o', 'p', 'e', 'a', 'n', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "europeanwineresource.com", true */ 'e', 'u', 'r', 'o', 'p', 'e', 'a', 'n', 'w', 'i', 'n', 'e', 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "europop.com", true */ 'e', 'u', 'r', 'o', 'p', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "eurora.de", true */ 'e', 'u', 'r', 'o', 'r', 'a', '.', 'd', 'e', '\0', + /* "euroscot.de", true */ 'e', 'u', 'r', 'o', 's', 'c', 'o', 't', '.', 'd', 'e', '\0', + /* "euroshop.or.at", true */ 'e', 'u', 'r', 'o', 's', 'h', 'o', 'p', '.', 'o', 'r', '.', 'a', 't', '\0', + /* "eurotime.ua", true */ 'e', 'u', 'r', 'o', 't', 'i', 'm', 'e', '.', 'u', 'a', '\0', + /* "eurotramp.com", true */ 'e', 'u', 'r', 'o', 't', 'r', 'a', 'm', 'p', '.', 'c', 'o', 'm', '\0', + /* "eurovision.ie", true */ 'e', 'u', 'r', 'o', 'v', 'i', 's', 'i', 'o', 'n', '.', 'i', 'e', '\0', + /* "eutram.com", true */ 'e', 'u', 't', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "eva.cz", true */ 'e', 'v', 'a', '.', 'c', 'z', '\0', + /* "evaartinger.de", true */ 'e', 'v', 'a', 'a', 'r', 't', 'i', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "evades.io", true */ 'e', 'v', 'a', 'd', 'e', 's', '.', 'i', 'o', '\0', + /* "evailoil.ee", true */ 'e', 'v', 'a', 'i', 'l', 'o', 'i', 'l', '.', 'e', 'e', '\0', + /* "evalesc.com", true */ 'e', 'v', 'a', 'l', 'e', 's', 'c', '.', 'c', 'o', 'm', '\0', + /* "evanfiddes.com", true */ 'e', 'v', 'a', 'n', 'f', 'i', 'd', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "evangelosm.com", true */ 'e', 'v', 'a', 'n', 'g', 'e', 'l', 'o', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "evantage.org", true */ 'e', 'v', 'a', 'n', 't', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "evantageglobal.com", true */ 'e', 'v', 'a', 'n', 't', 'a', 'g', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "evapp.org", true */ 'e', 'v', 'a', 'p', 'p', '.', 'o', 'r', 'g', '\0', + /* "evasion-energie.com", true */ 'e', 'v', 'a', 's', 'i', 'o', 'n', '-', 'e', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "evasioncreole.com", true */ 'e', 'v', 'a', 's', 'i', 'o', 'n', 'c', 'r', 'e', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "evasovova.cz", true */ 'e', 'v', 'a', 's', 'o', 'v', 'o', 'v', 'a', '.', 'c', 'z', '\0', + /* "eve0s.com", true */ 'e', 'v', 'e', '0', 's', '.', 'c', 'o', 'm', '\0', + /* "evegalaxy.net", true */ 'e', 'v', 'e', 'g', 'a', 'l', 'a', 'x', 'y', '.', 'n', 'e', 't', '\0', + /* "evelienzorgt.nl", true */ 'e', 'v', 'e', 'l', 'i', 'e', 'n', 'z', 'o', 'r', 'g', 't', '.', 'n', 'l', '\0', + /* "evelyndayman.com", true */ 'e', 'v', 'e', 'l', 'y', 'n', 'd', 'a', 'y', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "event4fun.no", true */ 'e', 'v', 'e', 'n', 't', '4', 'f', 'u', 'n', '.', 'n', 'o', '\0', + /* "eventaro.com", true */ 'e', 'v', 'e', 'n', 't', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "eventive.org", true */ 'e', 'v', 'e', 'n', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "eventmake.es", true */ 'e', 'v', 'e', 'n', 't', 'm', 'a', 'k', 'e', '.', 'e', 's', '\0', + /* "eventosenmendoza.com.ar", true */ 'e', 'v', 'e', 'n', 't', 'o', 's', 'e', 'n', 'm', 'e', 'n', 'd', 'o', 'z', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "events-hire.co.uk", true */ 'e', 'v', 'e', 'n', 't', 's', '-', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ever.sale", true */ 'e', 'v', 'e', 'r', '.', 's', 'a', 'l', 'e', '\0', + /* "everain.me", true */ 'e', 'v', 'e', 'r', 'a', 'i', 'n', '.', 'm', 'e', '\0', + /* "everfine.com.tw", true */ 'e', 'v', 'e', 'r', 'f', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "evergladesrestoration.gov", true */ 'e', 'v', 'e', 'r', 'g', 'l', 'a', 'd', 'e', 's', 'r', 'e', 's', 't', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0', + /* "everhome.de", true */ 'e', 'v', 'e', 'r', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0', + /* "everling.lu", true */ 'e', 'v', 'e', 'r', 'l', 'i', 'n', 'g', '.', 'l', 'u', '\0', + /* "everlong.org", true */ 'e', 'v', 'e', 'r', 'l', 'o', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "evertonarentwe.com", true */ 'e', 'v', 'e', 'r', 't', 'o', 'n', 'a', 'r', 'e', 'n', 't', 'w', 'e', '.', 'c', 'o', 'm', '\0', + /* "everwaking.com", false */ 'e', 'v', 'e', 'r', 'w', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "everyarti.st", true */ 'e', 'v', 'e', 'r', 'y', 'a', 'r', 't', 'i', '.', 's', 't', '\0', + /* "everybodyhertz.co.uk", true */ 'e', 'v', 'e', 'r', 'y', 'b', 'o', 'd', 'y', 'h', 'e', 'r', 't', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "everyday.eu.org", true */ 'e', 'v', 'e', 'r', 'y', 'd', 'a', 'y', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "everydaywot.com", true */ 'e', 'v', 'e', 'r', 'y', 'd', 'a', 'y', 'w', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "everyex.com", true */ 'e', 'v', 'e', 'r', 'y', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "everygayporn.com", true */ 'e', 'v', 'e', 'r', 'y', 'g', 'a', 'y', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "everymove.org", true */ 'e', 'v', 'e', 'r', 'y', 'm', 'o', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "everytruckjob.com", true */ 'e', 'v', 'e', 'r', 'y', 't', 'r', 'u', 'c', 'k', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0', + /* "everywhere.cloud", true */ 'e', 'v', 'e', 'r', 'y', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "eveshamglass.co.uk", true */ 'e', 'v', 'e', 's', 'h', 'a', 'm', 'g', 'l', 'a', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "evexia.xyz", true */ 'e', 'v', 'e', 'x', 'i', 'a', '.', 'x', 'y', 'z', '\0', + /* "evidence-based.review", true */ 'e', 'v', 'i', 'd', 'e', 'n', 'c', 'e', '-', 'b', 'a', 's', 'e', 'd', '.', 'r', 'e', 'v', 'i', 'e', 'w', '\0', + /* "evidencebased.net", true */ 'e', 'v', 'i', 'd', 'e', 'n', 'c', 'e', 'b', 'a', 's', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "evidenceusa.com.br", true */ 'e', 'v', 'i', 'd', 'e', 'n', 'c', 'e', 'u', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "evilarmy.com", true */ 'e', 'v', 'i', 'l', 'a', 'r', 'm', 'y', '.', 'c', 'o', 'm', '\0', + /* "evilized.de", true */ 'e', 'v', 'i', 'l', 'i', 'z', 'e', 'd', '.', 'd', 'e', '\0', + /* "evilvolcanolairs.com", true */ 'e', 'v', 'i', 'l', 'v', 'o', 'l', 'c', 'a', 'n', 'o', 'l', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "evio.com", true */ 'e', 'v', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "evion.nl", true */ 'e', 'v', 'i', 'o', 'n', '.', 'n', 'l', '\0', + /* "evlear.com", true */ 'e', 'v', 'l', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "evodation.com", true */ 'e', 'v', 'o', 'd', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "evodation.org", true */ 'e', 'v', 'o', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "evok.com.co", false */ 'e', 'v', 'o', 'k', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0', + /* "evolutionexpeditions.com", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'e', 'x', 'p', 'e', 'd', 'i', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "evolutioninflatables.co.uk", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "evolutionlending.co.uk", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'l', 'e', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "evolutionpets.com", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'p', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "evonews.com", true */ 'e', 'v', 'o', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "evony.eu", true */ 'e', 'v', 'o', 'n', 'y', '.', 'e', 'u', '\0', + /* "evosyn.com", true */ 'e', 'v', 'o', 's', 'y', 'n', '.', 'c', 'o', 'm', '\0', + /* "evotec.pl", true */ 'e', 'v', 'o', 't', 'e', 'c', '.', 'p', 'l', '\0', + /* "evotec.xyz", true */ 'e', 'v', 'o', 't', 'e', 'c', '.', 'x', 'y', 'z', '\0', + /* "evrial.com", true */ 'e', 'v', 'r', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "evrica.me", true */ 'e', 'v', 'r', 'i', 'c', 'a', '.', 'm', 'e', '\0', + /* "evstatus.com", true */ 'e', 'v', 's', 't', 'a', 't', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "evtripping.com", true */ 'e', 'v', 't', 'r', 'i', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "ewanm89.co.uk", true */ 'e', 'w', 'a', 'n', 'm', '8', '9', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ewanm89.com", true */ 'e', 'w', 'a', 'n', 'm', '8', '9', '.', 'c', 'o', 'm', '\0', + /* "ewanm89.uk", true */ 'e', 'w', 'a', 'n', 'm', '8', '9', '.', 'u', 'k', '\0', + /* "ewe2.ninja", true */ 'e', 'w', 'e', '2', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "ewie.name", true */ 'e', 'w', 'i', 'e', '.', 'n', 'a', 'm', 'e', '\0', + /* "ewizmo.com", true */ 'e', 'w', 'i', 'z', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "eworksmedia.com", true */ 'e', 'w', 'o', 'r', 'k', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "ewout.io", true */ 'e', 'w', 'o', 'u', 't', '.', 'i', 'o', '\0', + /* "ewsfeed.com", true */ 'e', 'w', 's', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "ewuchuan.com", true */ 'e', 'w', 'u', 'c', 'h', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "ewus.de", true */ 'e', 'w', 'u', 's', '.', 'd', 'e', '\0', + /* "ewycena.pl", true */ 'e', 'w', 'y', 'c', 'e', 'n', 'a', '.', 'p', 'l', '\0', + /* "exactlyinfinite.com", true */ 'e', 'x', 'a', 'c', 't', 'l', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "exactphilosophy.net", true */ 'e', 'x', 'a', 'c', 't', 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'n', 'e', 't', '\0', + /* "example.sc", true */ 'e', 'x', 'a', 'm', 'p', 'l', 'e', '.', 's', 'c', '\0', + /* "example.wf", true */ 'e', 'x', 'a', 'm', 'p', 'l', 'e', '.', 'w', 'f', '\0', + /* "exampleessays.com", true */ 'e', 'x', 'a', 'm', 'p', 'l', 'e', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "exaplac.com", true */ 'e', 'x', 'a', 'p', 'l', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "exceed.global", true */ 'e', 'x', 'c', 'e', 'e', 'd', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0', + /* "exceltobarcode.com", true */ 'e', 'x', 'c', 'e', 'l', 't', 'o', 'b', 'a', 'r', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "excentos.com", true */ 'e', 'x', 'c', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "exceptionalservers.com", true */ 'e', 'x', 'c', 'e', 'p', 't', 'i', 'o', 'n', 'a', 'l', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "excessamerica.com", true */ 'e', 'x', 'c', 'e', 's', 's', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "exchangecoordinator.com", true */ 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', 'c', 'o', 'o', 'r', 'd', 'i', 'n', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "exchangeworks.co", true */ 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', '\0', + /* "exclusivebouncycastles.co.uk", true */ 'e', 'x', 'c', 'l', 'u', 's', 'i', 'v', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "exdamo.de", true */ 'e', 'x', 'd', 'a', 'm', 'o', '.', 'd', 'e', '\0', + /* "exe-boss.tech", true */ 'e', 'x', 'e', '-', 'b', 'o', 's', 's', '.', 't', 'e', 'c', 'h', '\0', + /* "exebouncycastles.co.uk", true */ 'e', 'x', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "exehack.net", true */ 'e', 'x', 'e', 'h', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0', + /* "exeintel.com", true */ 'e', 'x', 'e', 'i', 'n', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "exekutori.com", true */ 'e', 'x', 'e', 'k', 'u', 't', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "exembit.com", true */ 'e', 'x', 'e', 'm', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "exemples-de-stands.com", true */ 'e', 'x', 'e', 'm', 'p', 'l', 'e', 's', '-', 'd', 'e', '-', 's', 't', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "exeria.de", true */ 'e', 'x', 'e', 'r', 'i', 'a', '.', 'd', 'e', '\0', + /* "exgaywatch.com", true */ 'e', 'x', 'g', 'a', 'y', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "exgen.io", true */ 'e', 'x', 'g', 'e', 'n', '.', 'i', 'o', '\0', + /* "exhalespa.com", true */ 'e', 'x', 'h', 'a', 'l', 'e', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "exhibityour.com", true */ 'e', 'x', 'h', 'i', 'b', 'i', 't', 'y', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "exiahost.com", true */ 'e', 'x', 'i', 'a', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "exit9wineandliquor.com", true */ 'e', 'x', 'i', 't', '9', 'w', 'i', 'n', 'e', 'a', 'n', 'd', 'l', 'i', 'q', 'u', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "exmoe.com", true */ 'e', 'x', 'm', 'o', 'e', '.', 'c', 'o', 'm', '\0', + /* "exon.io", true */ 'e', 'x', 'o', 'n', '.', 'i', 'o', '\0', + /* "exoscale.ch", true */ 'e', 'x', 'o', 's', 'c', 'a', 'l', 'e', '.', 'c', 'h', '\0', + /* "exoticads.com", true */ 'e', 'x', 'o', 't', 'i', 'c', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "exousiakaidunamis.pw", true */ 'e', 'x', 'o', 'u', 's', 'i', 'a', 'k', 'a', 'i', 'd', 'u', 'n', 'a', 'm', 'i', 's', '.', 'p', 'w', '\0', + /* "exp.de", true */ 'e', 'x', 'p', '.', 'd', 'e', '\0', + /* "expancio.com", true */ 'e', 'x', 'p', 'a', 'n', 'c', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "expandeco.com", true */ 'e', 'x', 'p', 'a', 'n', 'd', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "expatads.com", true */ 'e', 'x', 'p', 'a', 't', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "expatmortgage.uk", true */ 'e', 'x', 'p', 'a', 't', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', '.', 'u', 'k', '\0', + /* "expatriate.pl", true */ 'e', 'x', 'p', 'a', 't', 'r', 'i', 'a', 't', 'e', '.', 'p', 'l', '\0', + /* "expecting.com.br", true */ 'e', 'x', 'p', 'e', 'c', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "experienceoz.com.au", true */ 'e', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', 'o', 'z', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "expert-korovin.ru", true */ 'e', 'x', 'p', 'e', 'r', 't', '-', 'k', 'o', 'r', 'o', 'v', 'i', 'n', '.', 'r', 'u', '\0', + /* "expert.cz", true */ 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'z', '\0', + /* "experteasy.com.au", true */ 'e', 'x', 'p', 'e', 'r', 't', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "experticon.com", true */ 'e', 'x', 'p', 'e', 'r', 't', 'i', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "experts-en-gestion.fr", true */ 'e', 'x', 'p', 'e', 'r', 't', 's', '-', 'e', 'n', '-', 'g', 'e', 's', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0', + /* "expertsverts.com", true */ 'e', 'x', 'p', 'e', 'r', 't', 's', 'v', 'e', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "explodie.org", true */ 'e', 'x', 'p', 'l', 'o', 'd', 'i', 'e', '.', 'o', 'r', 'g', '\0', + /* "explodingcamera.com", true */ 'e', 'x', 'p', 'l', 'o', 'd', 'i', 'n', 'g', 'c', 'a', 'm', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "exploflex.com.br", true */ 'e', 'x', 'p', 'l', 'o', 'f', 'l', 'e', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "exploit.cz", false */ 'e', 'x', 'p', 'l', 'o', 'i', 't', '.', 'c', 'z', '\0', + /* "exploit.party", true */ 'e', 'x', 'p', 'l', 'o', 'i', 't', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "exploit.ph", true */ 'e', 'x', 'p', 'l', 'o', 'i', 't', '.', 'p', 'h', '\0', + /* "exploited.cz", true */ 'e', 'x', 'p', 'l', 'o', 'i', 't', 'e', 'd', '.', 'c', 'z', '\0', + /* "exploodo.rocks", true */ 'e', 'x', 'p', 'l', 'o', 'o', 'd', 'o', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "exploravacations.in", true */ 'e', 'x', 'p', 'l', 'o', 'r', 'a', 'v', 'a', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'i', 'n', '\0', + /* "expo-america.ru", true */ 'e', 'x', 'p', 'o', '-', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'r', 'u', '\0', + /* "expo-asia.ru", true */ 'e', 'x', 'p', 'o', '-', 'a', 's', 'i', 'a', '.', 'r', 'u', '\0', + /* "expo-europe.ru", true */ 'e', 'x', 'p', 'o', '-', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'r', 'u', '\0', + /* "expokohler.com", true */ 'e', 'x', 'p', 'o', 'k', 'o', 'h', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "exponentialnews.net", true */ 'e', 'x', 'p', 'o', 'n', 'e', 'n', 't', 'i', 'a', 'l', 'n', 'e', 'w', 's', '.', 'n', 'e', 't', '\0', + /* "exporta.cz", true */ 'e', 'x', 'p', 'o', 'r', 't', 'a', '.', 'c', 'z', '\0', + /* "expoundite.net", true */ 'e', 'x', 'p', 'o', 'u', 'n', 'd', 'i', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "expowerhps.com", true */ 'e', 'x', 'p', 'o', 'w', 'e', 'r', 'h', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "express-shina.ru", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', '-', 's', 'h', 'i', 'n', 'a', '.', 'r', 'u', '\0', + /* "express-vpn.com", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', '-', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0', + /* "expressemotion.net", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "expresshosting.org", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "expressmarket.ru", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'm', 'a', 'r', 'k', 'e', 't', '.', 'r', 'u', '\0', + /* "expresstinte.de", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 't', 'i', 'n', 't', 'e', '.', 'd', 'e', '\0', + /* "expressvpn.com", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0', + /* "expresswins.co.uk", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'w', 'i', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "expxkcd.com", true */ 'e', 'x', 'p', 'x', 'k', 'c', 'd', '.', 'c', 'o', 'm', '\0', + /* "exs.lv", true */ 'e', 'x', 's', '.', 'l', 'v', '\0', + /* "exside.com", true */ 'e', 'x', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "extasic.com", true */ 'e', 'x', 't', 'a', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "extendwings.com", true */ 'e', 'x', 't', 'e', 'n', 'd', 'w', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "extensiblewebmanifesto.org", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'b', 'l', 'e', 'w', 'e', 'b', 'm', 'a', 'n', 'i', 'f', 'e', 's', 't', 'o', '.', 'o', 'r', 'g', '\0', + /* "extensiblewebreportcard.org", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'b', 'l', 'e', 'w', 'e', 'b', 'r', 'e', 'p', 'o', 'r', 't', 'c', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "extensiblewebsummit.org", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'b', 'l', 'e', 'w', 'e', 'b', 's', 'u', 'm', 'm', 'i', 't', '.', 'o', 'r', 'g', '\0', + /* "extensiontree.com", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 't', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "extradesktops.com", false */ 'e', 'x', 't', 'r', 'a', 'd', 'e', 's', 'k', 't', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "extramoney.cash", true */ 'e', 'x', 't', 'r', 'a', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'a', 's', 'h', '\0', + /* "extranetpuc.com.br", true */ 'e', 'x', 't', 'r', 'a', 'n', 'e', 't', 'p', 'u', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "extrapagetab.com", true */ 'e', 'x', 't', 'r', 'a', 'p', 'a', 'g', 'e', 't', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "extratorrent.cool", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'c', 'o', 'o', 'l', '\0', + /* "extratorrent.fyi", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'f', 'y', 'i', '\0', + /* "extratorrent.red", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'r', 'e', 'd', '\0', + /* "extratorrent.world", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "extreme-gaming.de", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "extreme-gaming.us", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'u', 's', '\0', + /* "extreme-players.com", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'p', 'l', 'a', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "extreme-players.de", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'p', 'l', 'a', 'y', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "extrememanual.net", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', 'm', 'a', 'n', 'u', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "exvs.org", true */ 'e', 'x', 'v', 's', '.', 'o', 'r', 'g', '\0', + /* "exyplis.com", true */ 'e', 'x', 'y', 'p', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "eydesignguidelines.com", true */ 'e', 'y', 'd', 'e', 's', 'i', 'g', 'n', 'g', 'u', 'i', 'd', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "eyecandy.gr", true */ 'e', 'y', 'e', 'c', 'a', 'n', 'd', 'y', '.', 'g', 'r', '\0', + /* "eyeglasses.com", false */ 'e', 'y', 'e', 'g', 'l', 'a', 's', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "eyelashconcept.com", true */ 'e', 'y', 'e', 'l', 'a', 's', 'h', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '\0', + /* "eyeonid.com", true */ 'e', 'y', 'e', 'o', 'n', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "eyep.me", true */ 'e', 'y', 'e', 'p', '.', 'm', 'e', '\0', + /* "eyes-berg.ch", true */ 'e', 'y', 'e', 's', '-', 'b', 'e', 'r', 'g', '.', 'c', 'h', '\0', + /* "eyes-berg.com", true */ 'e', 'y', 'e', 's', '-', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "eynio.com", true */ 'e', 'y', 'n', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "eyps.net", true */ 'e', 'y', 'p', 's', '.', 'n', 'e', 't', '\0', + /* "ez3d.eu", true */ 'e', 'z', '3', 'd', '.', 'e', 'u', '\0', + /* "ezakazivanje.rs", true */ 'e', 'z', 'a', 'k', 'a', 'z', 'i', 'v', 'a', 'n', 'j', 'e', '.', 'r', 's', '\0', + /* "ezdog.press", true */ 'e', 'z', 'd', 'o', 'g', '.', 'p', 'r', 'e', 's', 's', '\0', + /* "ezequiel-garzon.net", true */ 'e', 'z', 'e', 'q', 'u', 'i', 'e', 'l', '-', 'g', 'a', 'r', 'z', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "ezgif.com", true */ 'e', 'z', 'g', 'i', 'f', '.', 'c', 'o', 'm', '\0', + /* "ezhik-din.ru", true */ 'e', 'z', 'h', 'i', 'k', '-', 'd', 'i', 'n', '.', 'r', 'u', '\0', + /* "eznfe.com", true */ 'e', 'z', 'n', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "ezorgportaal.nl", true */ 'e', 'z', 'o', 'r', 'g', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 'n', 'l', '\0', + /* "ezwritingservice.com", true */ 'e', 'z', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "f-be.com", true */ 'f', '-', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "f-droid.org", true */ 'f', '-', 'd', 'r', 'o', 'i', 'd', '.', 'o', 'r', 'g', '\0', + /* "f-hd.net", true */ 'f', '-', 'h', 'd', '.', 'n', 'e', 't', '\0', + /* "f-thie.de", true */ 'f', '-', 't', 'h', 'i', 'e', '.', 'd', 'e', '\0', + /* "f00.fr", true */ 'f', '0', '0', '.', 'f', 'r', '\0', + /* "f1bigpicture.com", true */ 'f', '1', 'b', 'i', 'g', 'p', 'i', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "f1classement.com", true */ 'f', '1', 'c', 'l', 'a', 's', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "f1fever.co.uk", true */ 'f', '1', 'f', 'e', 'v', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "f1fever.net", true */ 'f', '1', 'f', 'e', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "f1minute.com", true */ 'f', '1', 'm', 'i', 'n', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "f42.net", true */ 'f', '4', '2', '.', 'n', 'e', 't', '\0', + /* "f43.me", true */ 'f', '4', '3', '.', 'm', 'e', '\0', + /* "f5movies.top", true */ 'f', '5', 'm', 'o', 'v', 'i', 'e', 's', '.', 't', 'o', 'p', '\0', + /* "f5nu.com", true */ 'f', '5', 'n', 'u', '.', 'c', 'o', 'm', '\0', + /* "f5w.de", true */ 'f', '5', 'w', '.', 'd', 'e', '\0', + /* "f9digital.com", true */ 'f', '9', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "fa-works.com", true */ 'f', 'a', '-', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "faber.org.ru", true */ 'f', 'a', 'b', 'e', 'r', '.', 'o', 'r', 'g', '.', 'r', 'u', '\0', + /* "faberusa.com", true */ 'f', 'a', 'b', 'e', 'r', 'u', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "fabian-fingerle.de", true */ 'f', 'a', 'b', 'i', 'a', 'n', '-', 'f', 'i', 'n', 'g', 'e', 'r', 'l', 'e', '.', 'd', 'e', '\0', + /* "fabian-koeppen.de", true */ 'f', 'a', 'b', 'i', 'a', 'n', '-', 'k', 'o', 'e', 'p', 'p', 'e', 'n', '.', 'd', 'e', '\0', + /* "fabianackle.ch", true */ 'f', 'a', 'b', 'i', 'a', 'n', 'a', 'c', 'k', 'l', 'e', '.', 'c', 'h', '\0', + /* "fabianasantiago.com", true */ 'f', 'a', 'b', 'i', 'a', 'n', 'a', 's', 'a', 'n', 't', 'i', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "fabianfranke.de", true */ 'f', 'a', 'b', 'i', 'a', 'n', 'f', 'r', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0', + /* "fabienbaker.com", true */ 'f', 'a', 'b', 'i', 'e', 'n', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "fabienne-roux.org", true */ 'f', 'a', 'b', 'i', 'e', 'n', 'n', 'e', '-', 'r', 'o', 'u', 'x', '.', 'o', 'r', 'g', '\0', + /* "fabiobier.com", true */ 'f', 'a', 'b', 'i', 'o', 'b', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "fableforge.nl", true */ 'f', 'a', 'b', 'l', 'e', 'f', 'o', 'r', 'g', 'e', '.', 'n', 'l', '\0', + /* "fabriceleroux.com", true */ 'f', 'a', 'b', 'r', 'i', 'c', 'e', 'l', 'e', 'r', 'o', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "fabriziorocca.it", true */ 'f', 'a', 'b', 'r', 'i', 'z', 'i', 'o', 'r', 'o', 'c', 'c', 'a', '.', 'i', 't', '\0', + /* "fabrysociety.org", true */ 'f', 'a', 'b', 'r', 'y', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "fabse.net", true */ 'f', 'a', 'b', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "fabulouslyyouthfulskin.com", true */ 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 'l', 'y', 'y', 'o', 'u', 't', 'h', 'f', 'u', 'l', 's', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "fabulouslyyouthfulskineyeserum.com", true */ 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 'l', 'y', 'y', 'o', 'u', 't', 'h', 'f', 'u', 'l', 's', 'k', 'i', 'n', 'e', 'y', 'e', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "facanabota.com", true */ 'f', 'a', 'c', 'a', 'n', 'a', 'b', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "facanabota.com.br", true */ 'f', 'a', 'c', 'a', 'n', 'a', 'b', 'o', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "facciadastile.it", true */ 'f', 'a', 'c', 'c', 'i', 'a', 'd', 'a', 's', 't', 'i', 'l', 'e', '.', 'i', 't', '\0', + /* "facealacrise.fr", true */ 'f', 'a', 'c', 'e', 'a', 'l', 'a', 'c', 'r', 'i', 's', 'e', '.', 'f', 'r', '\0', + /* "facebattle.com", true */ 'f', 'a', 'c', 'e', 'b', 'a', 't', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "facebook-atom.appspot.com", true */ 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '-', 'a', 't', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "facebook.com", false */ 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "facebooktsukaikata.net", true */ 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', 't', 's', 'u', 'k', 'a', 'i', 'k', 'a', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "facebylouise.co.uk", true */ 'f', 'a', 'c', 'e', 'b', 'y', 'l', 'o', 'u', 'i', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "facepalmsecurity.com", true */ 'f', 'a', 'c', 'e', 'p', 'a', 'l', 'm', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "facepunch.org", true */ 'f', 'a', 'c', 'e', 'p', 'u', 'n', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "facerepo.com", true */ 'f', 'a', 'c', 'e', 'r', 'e', 'p', 'o', '.', 'c', 'o', 'm', '\0', + /* "facesnf.com", true */ 'f', 'a', 'c', 'e', 's', 'n', 'f', '.', 'c', 'o', 'm', '\0', + /* "fach-journalist.de", true */ 'f', 'a', 'c', 'h', '-', 'j', 'o', 'u', 'r', 'n', 'a', 'l', 'i', 's', 't', '.', 'd', 'e', '\0', + /* "fachschaft-informatik.de", true */ 'f', 'a', 'c', 'h', 's', 'c', 'h', 'a', 'f', 't', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '.', 'd', 'e', '\0', + /* "fachschaftslisten.at", true */ 'f', 'a', 'c', 'h', 's', 'c', 'h', 'a', 'f', 't', 's', 'l', 'i', 's', 't', 'e', 'n', '.', 'a', 't', '\0', + /* "fachschaftslisten.org", true */ 'f', 'a', 'c', 'h', 's', 'c', 'h', 'a', 'f', 't', 's', 'l', 'i', 's', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "facialexercising.com", true */ 'f', 'a', 'c', 'i', 'a', 'l', 'e', 'x', 'e', 'r', 'c', 'i', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "faciledireto.com.br", true */ 'f', 'a', 'c', 'i', 'l', 'e', 'd', 'i', 'r', 'e', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "facilitiessurvey.org", true */ 'f', 'a', 'c', 'i', 'l', 'i', 't', 'i', 'e', 's', 's', 'u', 'r', 'v', 'e', 'y', '.', 'o', 'r', 'g', '\0', + /* "factbytefactbox.com", true */ 'f', 'a', 'c', 't', 'b', 'y', 't', 'e', 'f', 'a', 'c', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "factor.cc", false */ 'f', 'a', 'c', 't', 'o', 'r', '.', 'c', 'c', '\0', + /* "factorypartsdirect.com", true */ 'f', 'a', 'c', 't', 'o', 'r', 'y', 'p', 'a', 'r', 't', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "factuursturen.be", true */ 'f', 'a', 'c', 't', 'u', 'u', 'r', 's', 't', 'u', 'r', 'e', 'n', '.', 'b', 'e', '\0', + /* "factuursturen.nl", true */ 'f', 'a', 'c', 't', 'u', 'u', 'r', 's', 't', 'u', 'r', 'e', 'n', '.', 'n', 'l', '\0', + /* "factys.do", true */ 'f', 'a', 'c', 't', 'y', 's', '.', 'd', 'o', '\0', + /* "factys.es", true */ 'f', 'a', 'c', 't', 'y', 's', '.', 'e', 's', '\0', + /* "fadednet.com", false */ 'f', 'a', 'd', 'e', 'd', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "faderweb.de", true */ 'f', 'a', 'd', 'e', 'r', 'w', 'e', 'b', '.', 'd', 'e', '\0', + /* "fads-center.online", true */ 'f', 'a', 'd', 's', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "faehler.de", true */ 'f', 'a', 'e', 'h', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "faeriecakes.be", true */ 'f', 'a', 'e', 'r', 'i', 'e', 'c', 'a', 'k', 'e', 's', '.', 'b', 'e', '\0', + /* "fag.wtf", true */ 'f', 'a', 'g', '.', 'w', 't', 'f', '\0', + /* "fahrenwal.de", true */ 'f', 'a', 'h', 'r', 'e', 'n', 'w', 'a', 'l', '.', 'd', 'e', '\0', + /* "fahrenwalde.de", true */ 'f', 'a', 'h', 'r', 'e', 'n', 'w', 'a', 'l', 'd', 'e', '.', 'd', 'e', '\0', + /* "fail.coach", true */ 'f', 'a', 'i', 'l', '.', 'c', 'o', 'a', 'c', 'h', '\0', + /* "failover.de", true */ 'f', 'a', 'i', 'l', 'o', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "failover.eu", true */ 'f', 'a', 'i', 'l', 'o', 'v', 'e', 'r', '.', 'e', 'u', '\0', + /* "fairbill.com", true */ 'f', 'a', 'i', 'r', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "fairedeseconomies.info", true */ 'f', 'a', 'i', 'r', 'e', 'd', 'e', 's', 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "fairgolfteams.com", true */ 'f', 'a', 'i', 'r', 'g', 'o', 'l', 'f', 't', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "fairplay.im", true */ 'f', 'a', 'i', 'r', 'p', 'l', 'a', 'y', '.', 'i', 'm', '\0', + /* "fairviewmotel-simcoe.com", true */ 'f', 'a', 'i', 'r', 'v', 'i', 'e', 'w', 'm', 'o', 't', 'e', 'l', '-', 's', 'i', 'm', 'c', 'o', 'e', '.', 'c', 'o', 'm', '\0', + /* "faithgrowth.com", true */ 'f', 'a', 'i', 't', 'h', 'g', 'r', 'o', 'w', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "faithindemocracy.eu", true */ 'f', 'a', 'i', 't', 'h', 'i', 'n', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', '.', 'e', 'u', '\0', + /* "faithmissionaries.com", true */ 'f', 'a', 'i', 't', 'h', 'm', 'i', 's', 's', 'i', 'o', 'n', 'a', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "faixaazul.com", true */ 'f', 'a', 'i', 'x', 'a', 'a', 'z', 'u', 'l', '.', 'c', 'o', 'm', '\0', + /* "faizan.net", true */ 'f', 'a', 'i', 'z', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "fakeapple.nl", true */ 'f', 'a', 'k', 'e', 'a', 'p', 'p', 'l', 'e', '.', 'n', 'l', '\0', + /* "fakerli.com", true */ 'f', 'a', 'k', 'e', 'r', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "fakti.bg", true */ 'f', 'a', 'k', 't', 'i', '.', 'b', 'g', '\0', + /* "fakturi.com", true */ 'f', 'a', 'k', 't', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "fakturoid.cz", true */ 'f', 'a', 'k', 't', 'u', 'r', 'o', 'i', 'd', '.', 'c', 'z', '\0', + /* "falaowang.com", true */ 'f', 'a', 'l', 'a', 'o', 'w', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "falbros.com", true */ 'f', 'a', 'l', 'b', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "falcibiosystems.org", true */ 'f', 'a', 'l', 'c', 'i', 'b', 'i', 'o', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'o', 'r', 'g', '\0', + /* "falconvintners.com", true */ 'f', 'a', 'l', 'c', 'o', 'n', 'v', 'i', 'n', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "falcoz.co", true */ 'f', 'a', 'l', 'c', 'o', 'z', '.', 'c', 'o', '\0', + /* "faldoria.de", true */ 'f', 'a', 'l', 'd', 'o', 'r', 'i', 'a', '.', 'd', 'e', '\0', + /* "fallenangeldrinks.co.uk", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fallenangeldrinks.com", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "fallenangelspirits.co.uk", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fallenangelspirits.com", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "fallenspirits.co.uk", true */ 'f', 'a', 'l', 'l', 'e', 'n', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "falsum.net", true */ 'f', 'a', 'l', 's', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "fam-kreibich.de", true */ 'f', 'a', 'm', '-', 'k', 'r', 'e', 'i', 'b', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "fam-stemmer.de", false */ 'f', 'a', 'm', '-', 's', 't', 'e', 'm', 'm', 'e', 'r', '.', 'd', 'e', '\0', + /* "famcloud.de", true */ 'f', 'a', 'm', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "famdouma.nl", true */ 'f', 'a', 'm', 'd', 'o', 'u', 'm', 'a', '.', 'n', 'l', '\0', + /* "fameng.nl", true */ 'f', 'a', 'm', 'e', 'n', 'g', '.', 'n', 'l', '\0', + /* "familiaperez.net", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'a', 'p', 'e', 'r', 'e', 'z', '.', 'n', 'e', 't', '\0', + /* "familie-kupschke.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'k', 'u', 'p', 's', 'c', 'h', 'k', 'e', '.', 'd', 'e', '\0', + /* "familie-leu.ch", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'l', 'e', 'u', '.', 'c', 'h', '\0', + /* "familie-monka.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'm', 'o', 'n', 'k', 'a', '.', 'd', 'e', '\0', + /* "familie-remke.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'r', 'e', 'm', 'k', 'e', '.', 'd', 'e', '\0', + /* "familiegrottendieck.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', 'g', 'r', 'o', 't', 't', 'e', 'n', 'd', 'i', 'e', 'c', 'k', '.', 'd', 'e', '\0', + /* "familieholme.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', 'h', 'o', 'l', 'm', 'e', '.', 'd', 'e', '\0', + /* "familjenfrodlund.se", true */ 'f', 'a', 'm', 'i', 'l', 'j', 'e', 'n', 'f', 'r', 'o', 'd', 'l', 'u', 'n', 'd', '.', 's', 'e', '\0', + /* "familjenm.se", true */ 'f', 'a', 'm', 'i', 'l', 'j', 'e', 'n', 'm', '.', 's', 'e', '\0', + /* "familletouret.fr", true */ 'f', 'a', 'm', 'i', 'l', 'l', 'e', 't', 'o', 'u', 'r', 'e', 't', '.', 'f', 'r', '\0', + /* "familylawhotline.org", true */ 'f', 'a', 'm', 'i', 'l', 'y', 'l', 'a', 'w', 'h', 'o', 't', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "familyparties.co.uk", true */ 'f', 'a', 'm', 'i', 'l', 'y', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "familyreal.ru", true */ 'f', 'a', 'm', 'i', 'l', 'y', 'r', 'e', 'a', 'l', '.', 'r', 'u', '\0', + /* "familytreehq.com", true */ 'f', 'a', 'm', 'i', 'l', 'y', 't', 'r', 'e', 'e', 'h', 'q', '.', 'c', 'o', 'm', '\0', + /* "famososnaweb.com", true */ 'f', 'a', 'm', 'o', 's', 'o', 's', 'n', 'a', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "famousbirthdays.com", true */ 'f', 'a', 'm', 'o', 'u', 's', 'b', 'i', 'r', 't', 'h', 'd', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "famoushostels.com", true */ 'f', 'a', 'm', 'o', 'u', 's', 'h', 'o', 's', 't', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "famvangelder.nl", true */ 'f', 'a', 'm', 'v', 'a', 'n', 'g', 'e', 'l', 'd', 'e', 'r', '.', 'n', 'l', '\0', + /* "famvsomeren.nl", true */ 'f', 'a', 'm', 'v', 's', 'o', 'm', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0', + /* "fanboi.ch", true */ 'f', 'a', 'n', 'b', 'o', 'i', '.', 'c', 'h', '\0', + /* "fander.it", true */ 'f', 'a', 'n', 'd', 'e', 'r', '.', 'i', 't', '\0', + /* "fandler.cz", true */ 'f', 'a', 'n', 'd', 'l', 'e', 'r', '.', 'c', 'z', '\0', + /* "fandomservices.com", true */ 'f', 'a', 'n', 'd', 'o', 'm', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "fanfareunion.ch", true */ 'f', 'a', 'n', 'f', 'a', 'r', 'e', 'u', 'n', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "fangs.ink", true */ 'f', 'a', 'n', 'g', 's', '.', 'i', 'n', 'k', '\0', + /* "fanjoe.be", true */ 'f', 'a', 'n', 'j', 'o', 'e', '.', 'b', 'e', '\0', + /* "fantasiapainter.com", true */ 'f', 'a', 'n', 't', 'a', 's', 'i', 'a', 'p', 'a', 'i', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "fantasticcleaners.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 't', 'i', 'c', 'c', 'l', 'e', 'a', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "fantastichandymanmelbourne.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 't', 'i', 'c', 'h', 'a', 'n', 'd', 'y', 'm', 'a', 'n', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "fantasticpestcontrolmelbourne.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 't', 'i', 'c', 'p', 'e', 's', 't', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "fantasycastles.co.uk", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fantasyescortsbirmingham.co.uk", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 'e', 's', 'c', 'o', 'r', 't', 's', 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fantasypartyhire.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "fantasyspectrum.com", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 's', 'p', 'e', 'c', 't', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "fantopia.club", true */ 'f', 'a', 'n', 't', 'o', 'p', 'i', 'a', '.', 'c', 'l', 'u', 'b', '\0', + /* "fanvoice.com", true */ 'f', 'a', 'n', 'v', 'o', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "fanyue123.tk", true */ 'f', 'a', 'n', 'y', 'u', 'e', '1', '2', '3', '.', 't', 'k', '\0', + /* "fanz.pro", true */ 'f', 'a', 'n', 'z', '.', 'p', 'r', 'o', '\0', + /* "fanzlive.com", true */ 'f', 'a', 'n', 'z', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "fap.no", true */ 'f', 'a', 'p', '.', 'n', 'o', '\0', + /* "faq.ie", true */ 'f', 'a', 'q', '.', 'i', 'e', '\0', + /* "faq.lookout.com", false */ 'f', 'a', 'q', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "fara.gov", true */ 'f', 'a', 'r', 'a', '.', 'g', 'o', 'v', '\0', + /* "faraslot8.com", true */ 'f', 'a', 'r', 'a', 's', 'l', 'o', 't', '8', '.', 'c', 'o', 'm', '\0', + /* "faraslot8.net", true */ 'f', 'a', 'r', 'a', 's', 'l', 'o', 't', '8', '.', 'n', 'e', 't', '\0', + /* "farcecrew.de", true */ 'f', 'a', 'r', 'c', 'e', 'c', 'r', 'e', 'w', '.', 'd', 'e', '\0', + /* "farfallapets.com.br", true */ 'f', 'a', 'r', 'f', 'a', 'l', 'l', 'a', 'p', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "farfetchos.com", true */ 'f', 'a', 'r', 'f', 'e', 't', 'c', 'h', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "fargtorget.se", true */ 'f', 'a', 'r', 'g', 't', 'o', 'r', 'g', 'e', 't', '.', 's', 'e', '\0', + /* "farhadexchange.com", true */ 'f', 'a', 'r', 'h', 'a', 'd', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "farhood.org", true */ 'f', 'a', 'r', 'h', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0', + /* "farid.is", true */ 'f', 'a', 'r', 'i', 'd', '.', 'i', 's', '\0', + /* "farkas.bz", true */ 'f', 'a', 'r', 'k', 'a', 's', '.', 'b', 'z', '\0', + /* "farmacia.pt", true */ 'f', 'a', 'r', 'm', 'a', 'c', 'i', 'a', '.', 'p', 't', '\0', + /* "farmacialaboratorio.it", true */ 'f', 'a', 'r', 'm', 'a', 'c', 'i', 'a', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'o', 'r', 'i', 'o', '.', 'i', 't', '\0', + /* "farmer.dating", true */ 'f', 'a', 'r', 'm', 'e', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "farmkazuto.com", true */ 'f', 'a', 'r', 'm', 'k', 'a', 'z', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "faroes.net", true */ 'f', 'a', 'r', 'o', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "faroes.org", true */ 'f', 'a', 'r', 'o', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "farrel-f.id", true */ 'f', 'a', 'r', 'r', 'e', 'l', '-', 'f', '.', 'i', 'd', '\0', + /* "farsil.eu", true */ 'f', 'a', 'r', 's', 'i', 'l', '.', 'e', 'u', '\0', + /* "fascia.fit", true */ 'f', 'a', 's', 'c', 'i', 'a', '.', 'f', 'i', 't', '\0', + /* "fasdoutreach.ca", true */ 'f', 'a', 's', 'd', 'o', 'u', 't', 'r', 'e', 'a', 'c', 'h', '.', 'c', 'a', '\0', + /* "fashion24.de", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', '2', '4', '.', 'd', 'e', '\0', + /* "fashion4ever.pl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', '4', 'e', 'v', 'e', 'r', '.', 'p', 'l', '\0', + /* "fashiondock.de", false */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'd', 'o', 'c', 'k', '.', 'd', 'e', '\0', + /* "fashionunited.be", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'b', 'e', '\0', + /* "fashionunited.cl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'l', '\0', + /* "fashionunited.com", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "fashionunited.com.ar", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "fashionunited.de", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'd', 'e', '\0', + /* "fashionunited.fi", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'f', 'i', '\0', + /* "fashionunited.hk", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'h', 'k', '\0', + /* "fashionunited.hu", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'h', 'u', '\0', + /* "fashionunited.ie", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'i', 'e', '\0', + /* "fashionunited.lu", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'l', 'u', '\0', + /* "fashionunited.mx", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'm', 'x', '\0', + /* "fashionunited.nl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'l', '\0', + /* "fashionunited.no", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'o', '\0', + /* "fashionunited.nz", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'z', '\0', + /* "fashionunited.pl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'p', 'l', '\0', + /* "fashionunited.se", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 's', 'e', '\0', + /* "fashionweekweb.com", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'w', 'e', 'e', 'k', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "faspirits.co.uk", true */ 'f', 'a', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "faspirits.com", true */ 'f', 'a', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "fassadenverkleidung24.de", true */ 'f', 'a', 's', 's', 'a', 'd', 'e', 'n', 'v', 'e', 'r', 'k', 'l', 'e', 'i', 'd', 'u', 'n', 'g', '2', '4', '.', 'd', 'e', '\0', + /* "fassi-sport.it", true */ 'f', 'a', 's', 's', 'i', '-', 's', 'p', 'o', 'r', 't', '.', 'i', 't', '\0', + /* "fastbackmbm.be", true */ 'f', 'a', 's', 't', 'b', 'a', 'c', 'k', 'm', 'b', 'm', '.', 'b', 'e', '\0', + /* "fastcommerce.org", true */ 'f', 'a', 's', 't', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "fastconfirm.com", true */ 'f', 'a', 's', 't', 'c', 'o', 'n', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "fastforwardthemes.com", true */ 'f', 'a', 's', 't', 'f', 'o', 'r', 'w', 'a', 'r', 'd', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "fastmail.com", false */ 'f', 'a', 's', 't', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "fastonline.ro", true */ 'f', 'a', 's', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'o', '\0', + /* "fastpresence.com", true */ 'f', 'a', 's', 't', 'p', 'r', 'e', 's', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "fastrevision.com", true */ 'f', 'a', 's', 't', 'r', 'e', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "fastwebsites.com.br", true */ 'f', 'a', 's', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "faszienrollen-info.de", false */ 'f', 'a', 's', 'z', 'i', 'e', 'n', 'r', 'o', 'l', 'l', 'e', 'n', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0', + /* "fatedata.com", true */ 'f', 'a', 't', 'e', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "fathers4equalrights.org", true */ 'f', 'a', 't', 'h', 'e', 'r', 's', '4', 'e', 'q', 'u', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "fatidique.com", true */ 'f', 'a', 't', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "fatimamoldes.com.br", true */ 'f', 'a', 't', 'i', 'm', 'a', 'm', 'o', 'l', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "fatowltees.com", true */ 'f', 'a', 't', 'o', 'w', 'l', 't', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "fatox.de", true */ 'f', 'a', 't', 'o', 'x', '.', 'd', 'e', '\0', + /* "faucetbox.com", false */ 'f', 'a', 'u', 'c', 'e', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "faulty.equipment", true */ 'f', 'a', 'u', 'l', 't', 'y', '.', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', '\0', + /* "fauvettes.be", true */ 'f', 'a', 'u', 'v', 'e', 't', 't', 'e', 's', '.', 'b', 'e', '\0', + /* "favorit.club", true */ 'f', 'a', 'v', 'o', 'r', 'i', 't', '.', 'c', 'l', 'u', 'b', '\0', + /* "fawkex.me", true */ 'f', 'a', 'w', 'k', 'e', 'x', '.', 'm', 'e', '\0', + /* "fawong.com", true */ 'f', 'a', 'w', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "faxite.com", true */ 'f', 'a', 'x', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "fb.me", true */ 'f', 'b', '.', 'm', 'e', '\0', + /* "fbcdn.net", true */ 'f', 'b', 'c', 'd', 'n', '.', 'n', 'e', 't', '\0', + /* "fbcfairburn.com", true */ 'f', 'b', 'c', 'f', 'a', 'i', 'r', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "fbcopy.com", true */ 'f', 'b', 'c', 'o', 'p', 'y', '.', 'c', 'o', 'm', '\0', + /* "fbi.pw", true */ 'f', 'b', 'i', '.', 'p', 'w', '\0', + /* "fbijobs.gov", true */ 'f', 'b', 'i', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0', + /* "fbsbx.com", true */ 'f', 'b', 's', 'b', 'x', '.', 'c', 'o', 'm', '\0', + /* "fburl.com", true */ 'f', 'b', 'u', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "fc.media", true */ 'f', 'c', '.', 'm', 'e', 'd', 'i', 'a', '\0', + /* "fca-tools.com", true */ 'f', 'c', 'a', '-', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "fcapartsdb.com", true */ 'f', 'c', 'a', 'p', 'a', 'r', 't', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "fcburk.de", true */ 'f', 'c', 'b', 'u', 'r', 'k', '.', 'd', 'e', '\0', + /* "fcforum.net", true */ 'f', 'c', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "fcitasc.com", true */ 'f', 'c', 'i', 't', 'a', 's', 'c', '.', 'c', 'o', 'm', '\0', + /* "fckd.net", true */ 'f', 'c', 'k', 'd', '.', 'n', 'e', 't', '\0', + /* "fcprovadia.com", true */ 'f', 'c', 'p', 'r', 'o', 'v', 'a', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "fdevs.ch", true */ 'f', 'd', 'e', 'v', 's', '.', 'c', 'h', '\0', + /* "fdlibre.eu", true */ 'f', 'd', 'l', 'i', 'b', 'r', 'e', '.', 'e', 'u', '\0', + /* "fdsys.gov", false */ 'f', 'd', 's', 'y', 's', '.', 'g', 'o', 'v', '\0', + /* "feac.us", true */ 'f', 'e', 'a', 'c', '.', 'u', 's', '\0', + /* "feaden.me", true */ 'f', 'e', 'a', 'd', 'e', 'n', '.', 'm', 'e', '\0', + /* "fearghus.org", true */ 'f', 'e', 'a', 'r', 'g', 'h', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "fearsomegaming.com", true */ 'f', 'e', 'a', 'r', 's', 'o', 'm', 'e', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "feastr-dev.de", true */ 'f', 'e', 'a', 's', 't', 'r', '-', 'd', 'e', 'v', '.', 'd', 'e', '\0', + /* "feastr.de", true */ 'f', 'e', 'a', 's', 't', 'r', '.', 'd', 'e', '\0', + /* "feastr.io", true */ 'f', 'e', 'a', 's', 't', 'r', '.', 'i', 'o', '\0', + /* "featherweightlabs.com", true */ 'f', 'e', 'a', 't', 'h', 'e', 'r', 'w', 'e', 'i', 'g', 'h', 't', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "featuredmen.com", true */ 'f', 'e', 'a', 't', 'u', 'r', 'e', 'd', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "fecik.sk", true */ 'f', 'e', 'c', 'i', 'k', '.', 's', 'k', '\0', + /* "federalinvestments.gov", true */ 'f', 'e', 'd', 'e', 'r', 'a', 'l', 'i', 'n', 'v', 'e', 's', 't', 'm', 'e', 'n', 't', 's', '.', 'g', 'o', 'v', '\0', + /* "federaljobs.gov", true */ 'f', 'e', 'd', 'e', 'r', 'a', 'l', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0', + /* "federalreserve.gov", true */ 'f', 'e', 'd', 'e', 'r', 'a', 'l', 'r', 'e', 's', 'e', 'r', 'v', 'e', '.', 'g', 'o', 'v', '\0', + /* "federicomigliavacca.it", true */ 'f', 'e', 'd', 'e', 'r', 'i', 'c', 'o', 'm', 'i', 'g', 'l', 'i', 'a', 'v', 'a', 'c', 'c', 'a', '.', 'i', 't', '\0', + /* "fedinvest.gov", true */ 'f', 'e', 'd', 'i', 'n', 'v', 'e', 's', 't', '.', 'g', 'o', 'v', '\0', + /* "fedjobs.gov", true */ 'f', 'e', 'd', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0', + /* "fedorahosted.org", true */ 'f', 'e', 'd', 'o', 'r', 'a', 'h', 'o', 's', 't', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "fedoramagazine.org", true */ 'f', 'e', 'd', 'o', 'r', 'a', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "fedorapeople.org", true */ 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "fedramp.gov", true */ 'f', 'e', 'd', 'r', 'a', 'm', 'p', '.', 'g', 'o', 'v', '\0', + /* "fedrtc.org", true */ 'f', 'e', 'd', 'r', 't', 'c', '.', 'o', 'r', 'g', '\0', + /* "fedux.com.ar", true */ 'f', 'e', 'd', 'u', 'x', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "feedbin.com", false */ 'f', 'e', 'e', 'd', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "feedhq.org", true */ 'f', 'e', 'e', 'd', 'h', 'q', '.', 'o', 'r', 'g', '\0', + /* "feedkovacs.hu", true */ 'f', 'e', 'e', 'd', 'k', 'o', 'v', 'a', 'c', 's', '.', 'h', 'u', '\0', + /* "feedough.com", true */ 'f', 'e', 'e', 'd', 'o', 'u', 'g', 'h', '.', 'c', 'o', 'm', '\0', + /* "feel.aero", true */ 'f', 'e', 'e', 'l', '.', 'a', 'e', 'r', 'o', '\0', + /* "feelgood-workouts.de", true */ 'f', 'e', 'e', 'l', 'g', 'o', 'o', 'd', '-', 'w', 'o', 'r', 'k', 'o', 'u', 't', 's', '.', 'd', 'e', '\0', + /* "feeltennis.net", true */ 'f', 'e', 'e', 'l', 't', 'e', 'n', 'n', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "feen.us", true */ 'f', 'e', 'e', 'n', '.', 'u', 's', '\0', + /* "fefelovalex.ru", true */ 'f', 'e', 'f', 'e', 'l', 'o', 'v', 'a', 'l', 'e', 'x', '.', 'r', 'u', '\0', + /* "fehngarten.de", true */ 'f', 'e', 'h', 'n', 'g', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "fehnladen.de", true */ 'f', 'e', 'h', 'n', 'l', 'a', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "feigling.net", true */ 'f', 'e', 'i', 'g', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "feilen.de", true */ 'f', 'e', 'i', 'l', 'e', 'n', '.', 'd', 'e', '\0', + /* "feisbed.com", true */ 'f', 'e', 'i', 's', 'b', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "feisim.com", true */ 'f', 'e', 'i', 's', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "feisim.org", true */ 'f', 'e', 'i', 's', 'i', 'm', '.', 'o', 'r', 'g', '\0', + /* "feistyduck.com", true */ 'f', 'e', 'i', 's', 't', 'y', 'd', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "feitobrasilcosmeticos.com.br", true */ 'f', 'e', 'i', 't', 'o', 'b', 'r', 'a', 's', 'i', 'l', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "fejes.house", true */ 'f', 'e', 'j', 'e', 's', '.', 'h', 'o', 'u', 's', 'e', '\0', + /* "feld.design", true */ 'f', 'e', 'l', 'd', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0', + /* "feld.saarland", true */ 'f', 'e', 'l', 'd', '.', 's', 'a', 'a', 'r', 'l', 'a', 'n', 'd', '\0', + /* "feldhousen.com", true */ 'f', 'e', 'l', 'd', 'h', 'o', 'u', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "felgitscher.xyz", true */ 'f', 'e', 'l', 'g', 'i', 't', 's', 'c', 'h', 'e', 'r', '.', 'x', 'y', 'z', '\0', + /* "felicifia.org", true */ 'f', 'e', 'l', 'i', 'c', 'i', 'f', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "felistirnavia.sk", true */ 'f', 'e', 'l', 'i', 's', 't', 'i', 'r', 'n', 'a', 'v', 'i', 'a', '.', 's', 'k', '\0', + /* "felixbarta.de", true */ 'f', 'e', 'l', 'i', 'x', 'b', 'a', 'r', 't', 'a', '.', 'd', 'e', '\0', + /* "felixcrux.com", true */ 'f', 'e', 'l', 'i', 'x', 'c', 'r', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "felixhefner.de", true */ 'f', 'e', 'l', 'i', 'x', 'h', 'e', 'f', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "felixkauer.de", true */ 'f', 'e', 'l', 'i', 'x', 'k', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0', + /* "felixqu.com", true */ 'f', 'e', 'l', 'i', 'x', 'q', 'u', '.', 'c', 'o', 'm', '\0', + /* "felixsanz.com", true */ 'f', 'e', 'l', 'i', 'x', 's', 'a', 'n', 'z', '.', 'c', 'o', 'm', '\0', + /* "felixseele.de", true */ 'f', 'e', 'l', 'i', 'x', 's', 'e', 'e', 'l', 'e', '.', 'd', 'e', '\0', + /* "felsing.net", true */ 'f', 'e', 'l', 's', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "femanca.com", true */ 'f', 'e', 'm', 'a', 'n', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "femdombbw.com", true */ 'f', 'e', 'm', 'd', 'o', 'm', 'b', 'b', 'w', '.', 'c', 'o', 'm', '\0', + /* "feminina.pt", true */ 'f', 'e', 'm', 'i', 'n', 'i', 'n', 'a', '.', 'p', 't', '\0', + /* "femradio.es", true */ 'f', 'e', 'm', 'r', 'a', 'd', 'i', 'o', '.', 'e', 's', '\0', + /* "femtomind.com", true */ 'f', 'e', 'm', 't', 'o', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "fence-stlouis.com", true */ 'f', 'e', 'n', 'c', 'e', '-', 's', 't', 'l', 'o', 'u', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "feng.si", true */ 'f', 'e', 'n', 'g', '.', 's', 'i', '\0', + /* "fengyi.tel", true */ 'f', 'e', 'n', 'g', 'y', 'i', '.', 't', 'e', 'l', '\0', + /* "fenster-bank.at", true */ 'f', 'e', 'n', 's', 't', 'e', 'r', '-', 'b', 'a', 'n', 'k', '.', 'a', 't', '\0', + /* "fenster-bank.de", true */ 'f', 'e', 'n', 's', 't', 'e', 'r', '-', 'b', 'a', 'n', 'k', '.', 'd', 'e', '\0', + /* "ferdies.co.za", true */ 'f', 'e', 'r', 'd', 'i', 'e', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "fergusoncastle.com", true */ 'f', 'e', 'r', 'g', 'u', 's', 'o', 'n', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "ferien-netzwerk.de", true */ 'f', 'e', 'r', 'i', 'e', 'n', '-', 'n', 'e', 't', 'z', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0', + /* "ferienchalet-wallis.ch", true */ 'f', 'e', 'r', 'i', 'e', 'n', 'c', 'h', 'a', 'l', 'e', 't', '-', 'w', 'a', 'l', 'l', 'i', 's', '.', 'c', 'h', '\0', + /* "ferienhaus-polchow-ruegen.de", false */ 'f', 'e', 'r', 'i', 'e', 'n', 'h', 'a', 'u', 's', '-', 'p', 'o', 'l', 'c', 'h', 'o', 'w', '-', 'r', 'u', 'e', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "ferienwohnungen-lastminute.de", true */ 'f', 'e', 'r', 'i', 'e', 'n', 'w', 'o', 'h', 'n', 'u', 'n', 'g', 'e', 'n', '-', 'l', 'a', 's', 't', 'm', 'i', 'n', 'u', 't', 'e', '.', 'd', 'e', '\0', + /* "fermabel.com.br", true */ 'f', 'e', 'r', 'm', 'a', 'b', 'e', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "fernandes.org", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "fernandob.com", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'b', '.', 'c', 'o', 'm', '\0', + /* "fernandobarata.pt", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'b', 'a', 'r', 'a', 't', 'a', '.', 'p', 't', '\0', + /* "fernandobarillas.com", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'b', 'a', 'r', 'i', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "fernandomiguel.net", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'm', 'i', 'g', 'u', 'e', 'l', '.', 'n', 'e', 't', '\0', + /* "ferret.zone", true */ 'f', 'e', 'r', 'r', 'e', 't', '.', 'z', 'o', 'n', 'e', '\0', + /* "ferreteriaxerez.com", true */ 'f', 'e', 'r', 'r', 'e', 't', 'e', 'r', 'i', 'a', 'x', 'e', 'r', 'e', 'z', '.', 'c', 'o', 'm', '\0', + /* "ferrolatino.ch", true */ 'f', 'e', 'r', 'r', 'o', 'l', 'a', 't', 'i', 'n', 'o', '.', 'c', 'h', '\0', + /* "ferticare.pt", true */ 'f', 'e', 'r', 't', 'i', 'c', 'a', 'r', 'e', '.', 'p', 't', '\0', + /* "fertila.de", true */ 'f', 'e', 'r', 't', 'i', 'l', 'a', '.', 'd', 'e', '\0', + /* "festaprylar.se", true */ 'f', 'e', 's', 't', 'a', 'p', 'r', 'y', 'l', 'a', 'r', '.', 's', 'e', '\0', + /* "festival-tipps.com", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '-', 't', 'i', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "festival.house", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'h', 'o', 'u', 's', 'e', '\0', + /* "festivaljapon.com", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', 'j', 'a', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "festivalxdentro.com", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', 'x', 'd', 'e', 'n', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "fetlife.com", true */ 'f', 'e', 't', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "fettlaus.de", true */ 'f', 'e', 't', 't', 'l', 'a', 'u', 's', '.', 'd', 'e', '\0', + /* "feudalisten.de", true */ 'f', 'e', 'u', 'd', 'a', 'l', 'i', 's', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "feuerwehr-dachaufsetzer.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '-', 'd', 'a', 'c', 'h', 'a', 'u', 'f', 's', 'e', 't', 'z', 'e', 'r', '.', 'd', 'e', '\0', + /* "feuerwehr-illmensee.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '-', 'i', 'l', 'l', 'm', 'e', 'n', 's', 'e', 'e', '.', 'd', 'e', '\0', + /* "feuerwehr-oberkotzau.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '-', 'o', 'b', 'e', 'r', 'k', 'o', 't', 'z', 'a', 'u', '.', 'd', 'e', '\0', + /* "feuerwerksmanufaktur.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'r', 'k', 's', 'm', 'a', 'n', 'u', 'f', 'a', 'k', 't', 'u', 'r', '.', 'd', 'e', '\0', + /* "feuetgloire.com", true */ 'f', 'e', 'u', 'e', 't', 'g', 'l', 'o', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "fewo-thueringer-wald.de", true */ 'f', 'e', 'w', 'o', '-', 't', 'h', 'u', 'e', 'r', 'i', 'n', 'g', 'e', 'r', '-', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0', + /* "fexco.com", true */ 'f', 'e', 'x', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "feyermedia.de", true */ 'f', 'e', 'y', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0', + /* "ff-bad-hoehenstadt.de", true */ 'f', 'f', '-', 'b', 'a', 'd', '-', 'h', 'o', 'e', 'h', 'e', 'n', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0', + /* "ff-bg.xyz", true */ 'f', 'f', '-', 'b', 'g', '.', 'x', 'y', 'z', '\0', + /* "ff-obersunzing-niedersunzing.de", true */ 'f', 'f', '-', 'o', 'b', 'e', 'r', 's', 'u', 'n', 'z', 'i', 'n', 'g', '-', 'n', 'i', 'e', 'd', 'e', 'r', 's', 'u', 'n', 'z', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "ff14-mstdn.xyz", true */ 'f', 'f', '1', '4', '-', 'm', 's', 't', 'd', 'n', '.', 'x', 'y', 'z', '\0', + /* "ffbans.org", true */ 'f', 'f', 'b', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "ffis.me", true */ 'f', 'f', 'i', 's', '.', 'm', 'e', '\0', + /* "ffkoenigsberg.de", true */ 'f', 'f', 'k', 'o', 'e', 'n', 'i', 'g', 's', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0', + /* "ffl123.com", true */ 'f', 'f', 'l', '1', '2', '3', '.', 'c', 'o', 'm', '\0', + /* "ffmradio.de", true */ 'f', 'f', 'm', 'r', 'a', 'd', 'i', 'o', '.', 'd', 'e', '\0', + /* "ffprofile.com", true */ 'f', 'f', 'p', 'r', 'o', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "ffta.eu", true */ 'f', 'f', 't', 'a', '.', 'e', 'u', '\0', + /* "fgequipamentos.com.br", true */ 'f', 'g', 'e', 'q', 'u', 'i', 'p', 'a', 'm', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "fhcdn.xyz", true */ 'f', 'h', 'c', 'd', 'n', '.', 'x', 'y', 'z', '\0', + /* "fhconseil.fr", true */ 'f', 'h', 'c', 'o', 'n', 's', 'e', 'i', 'l', '.', 'f', 'r', '\0', + /* "fhdhelp.de", false */ 'f', 'h', 'd', 'h', 'e', 'l', 'p', '.', 'd', 'e', '\0', + /* "fhdhilft.de", false */ 'f', 'h', 'd', 'h', 'i', 'l', 'f', 't', '.', 'd', 'e', '\0', + /* "fhfaoig.gov", true */ 'f', 'h', 'f', 'a', 'o', 'i', 'g', '.', 'g', 'o', 'v', '\0', + /* "fhg90.com", true */ 'f', 'h', 'g', '9', '0', '.', 'c', 'o', 'm', '\0', + /* "fhsseniormens.club", true */ 'f', 'h', 's', 's', 'e', 'n', 'i', 'o', 'r', 'm', 'e', 'n', 's', '.', 'c', 'l', 'u', 'b', '\0', + /* "fi-sanki.co.jp", true */ 'f', 'i', '-', 's', 'a', 'n', 'k', 'i', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "fi.google.com", true */ 'f', 'i', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "fi.search.yahoo.com", false */ 'f', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "fialat.cz", true */ 'f', 'i', 'a', 'l', 'a', 't', '.', 'c', 'z', '\0', + /* "fiam.me", true */ 'f', 'i', 'a', 'm', '.', 'm', 'e', '\0', + /* "fiareapp.red", false */ 'f', 'i', 'a', 'r', 'e', 'a', 'p', 'p', '.', 'r', 'e', 'd', '\0', + /* "fibrasynormasdecolombia.com", true */ 'f', 'i', 'b', 'r', 'a', 's', 'y', 'n', 'o', 'r', 'm', 'a', 's', 'd', 'e', 'c', 'o', 'l', 'o', 'm', 'b', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "fickweiler.nl", true */ 'f', 'i', 'c', 'k', 'w', 'e', 'i', 'l', 'e', 'r', '.', 'n', 'l', '\0', + /* "ficlab.com", true */ 'f', 'i', 'c', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "ficus.io", true */ 'f', 'i', 'c', 'u', 's', '.', 'i', 'o', '\0', + /* "fid-elite.ch", true */ 'f', 'i', 'd', '-', 'e', 'l', 'i', 't', 'e', '.', 'c', 'h', '\0', + /* "fid.to", true */ 'f', 'i', 'd', '.', 't', 'o', '\0', + /* "fidanza.eu", true */ 'f', 'i', 'd', 'a', 'n', 'z', 'a', '.', 'e', 'u', '\0', + /* "fidel.uk", true */ 'f', 'i', 'd', 'e', 'l', '.', 'u', 'k', '\0', + /* "fidelapp.com", true */ 'f', 'i', 'd', 'e', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "fidelis-it.ch", true */ 'f', 'i', 'd', 'e', 'l', 'i', 's', '-', 'i', 't', '.', 'c', 'h', '\0', + /* "fidelis-it.net", true */ 'f', 'i', 'd', 'e', 'l', 'i', 's', '-', 'i', 't', '.', 'n', 'e', 't', '\0', + /* "fidhouriet.ch", true */ 'f', 'i', 'd', 'h', 'o', 'u', 'r', 'i', 'e', 't', '.', 'c', 'h', '\0', + /* "fiduciaire-ratio.ch", true */ 'f', 'i', 'd', 'u', 'c', 'i', 'a', 'i', 'r', 'e', '-', 'r', 'a', 't', 'i', 'o', '.', 'c', 'h', '\0', + /* "fieldclockapp.com", true */ 'f', 'i', 'e', 'l', 'd', 'c', 'l', 'o', 'c', 'k', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "fieldtalk.co.uk", false */ 'f', 'i', 'e', 'l', 'd', 't', 'a', 'l', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fieldwork-paysage.com", true */ 'f', 'i', 'e', 'l', 'd', 'w', 'o', 'r', 'k', '-', 'p', 'a', 'y', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "fierlafijn.net", true */ 'f', 'i', 'e', 'r', 'l', 'a', 'f', 'i', 'j', 'n', '.', 'n', 'e', 't', '\0', + /* "fifichachnil.paris", true */ 'f', 'i', 'f', 'i', 'c', 'h', 'a', 'c', 'h', 'n', 'i', 'l', '.', 'p', 'a', 'r', 'i', 's', '\0', + /* "fiftynorth.eu", true */ 'f', 'i', 'f', 't', 'y', 'n', 'o', 'r', 't', 'h', '.', 'e', 'u', '\0', + /* "fiftyonetielt.be", true */ 'f', 'i', 'f', 't', 'y', 'o', 'n', 'e', 't', 'i', 'e', 'l', 't', '.', 'b', 'e', '\0', + /* "figan.cz", true */ 'f', 'i', 'g', 'a', 'n', '.', 'c', 'z', '\0', + /* "fight215.com", true */ 'f', 'i', 'g', 'h', 't', '2', '1', '5', '.', 'c', 'o', 'm', '\0', + /* "fight215.org", true */ 'f', 'i', 'g', 'h', 't', '2', '1', '5', '.', 'o', 'r', 'g', '\0', + /* "figinstitute.org", true */ 'f', 'i', 'g', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "figshare.com", true */ 'f', 'i', 'g', 's', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "figura.cz", true */ 'f', 'i', 'g', 'u', 'r', 'a', '.', 'c', 'z', '\0', + /* "figura.im", true */ 'f', 'i', 'g', 'u', 'r', 'a', '.', 'i', 'm', '\0', + /* "figurasdelinguagem.com.br", true */ 'f', 'i', 'g', 'u', 'r', 'a', 's', 'd', 'e', 'l', 'i', 'n', 'g', 'u', 'a', 'g', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "fiilr.com", true */ 'f', 'i', 'i', 'l', 'r', '.', 'c', 'o', 'm', '\0', + /* "fiix.io", true */ 'f', 'i', 'i', 'x', '.', 'i', 'o', '\0', + /* "fiken.no", true */ 'f', 'i', 'k', 'e', 'n', '.', 'n', 'o', '\0', + /* "file-cloud.eu", true */ 'f', 'i', 'l', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'e', 'u', '\0', + /* "file-pdf.it", true */ 'f', 'i', 'l', 'e', '-', 'p', 'd', 'f', '.', 'i', 't', '\0', + /* "filebox.space", true */ 'f', 'i', 'l', 'e', 'b', 'o', 'x', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "filecopa.com", true */ 'f', 'i', 'l', 'e', 'c', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "filedir.com", false */ 'f', 'i', 'l', 'e', 'd', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "filesense.com", true */ 'f', 'i', 'l', 'e', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "filestar.io", true */ 'f', 'i', 'l', 'e', 's', 't', 'a', 'r', '.', 'i', 'o', '\0', + /* "filewall.de", true */ 'f', 'i', 'l', 'e', 'w', 'a', 'l', 'l', '.', 'd', 'e', '\0', + /* "filhin.es", true */ 'f', 'i', 'l', 'h', 'i', 'n', '.', 'e', 's', '\0', + /* "filhodohomem.com", true */ 'f', 'i', 'l', 'h', 'o', 'd', 'o', 'h', 'o', 'm', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "filhomes.ph", true */ 'f', 'i', 'l', 'h', 'o', 'm', 'e', 's', '.', 'p', 'h', '\0', + /* "fili.org", true */ 'f', 'i', 'l', 'i', '.', 'o', 'r', 'g', '\0', + /* "filingsmadeeasy.com", true */ 'f', 'i', 'l', 'i', 'n', 'g', 's', 'm', 'a', 'd', 'e', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '\0', + /* "filip-prochazka.com", true */ 'f', 'i', 'l', 'i', 'p', '-', 'p', 'r', 'o', 'c', 'h', 'a', 'z', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "filippo.io", true */ 'f', 'i', 'l', 'i', 'p', 'p', 'o', '.', 'i', 'o', '\0', + /* "filipsebesta.com", true */ 'f', 'i', 'l', 'i', 'p', 's', 'e', 'b', 'e', 's', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "filleritemsindia.com", true */ 'f', 'i', 'l', 'l', 'e', 'r', 'i', 't', 'e', 'm', 's', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "fillitupchallenge.eu", true */ 'f', 'i', 'l', 'l', 'i', 't', 'u', 'p', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'e', 'u', '\0', + /* "fillmysuitca.se", true */ 'f', 'i', 'l', 'l', 'm', 'y', 's', 'u', 'i', 't', 'c', 'a', '.', 's', 'e', '\0', + /* "fillo.sk", true */ 'f', 'i', 'l', 'l', 'o', '.', 's', 'k', '\0', + /* "film-tutorial.com", true */ 'f', 'i', 'l', 'm', '-', 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "film.photography", true */ 'f', 'i', 'l', 'm', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0', + /* "film.photos", true */ 'f', 'i', 'l', 'm', '.', 'p', 'h', 'o', 't', 'o', 's', '\0', + /* "filmatiporno.xxx", true */ 'f', 'i', 'l', 'm', 'a', 't', 'i', 'p', 'o', 'r', 'n', 'o', '.', 'x', 'x', 'x', '\0', + /* "filme-online.eu.com", true */ 'f', 'i', 'l', 'm', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '.', 'c', 'o', 'm', '\0', + /* "filme-onlines.com", true */ 'f', 'i', 'l', 'm', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "filmreviewonline.com", true */ 'f', 'i', 'l', 'm', 'r', 'e', 'v', 'i', 'e', 'w', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "filmserver.de", true */ 'f', 'i', 'l', 'm', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "filoo.de", true */ 'f', 'i', 'l', 'o', 'o', '.', 'd', 'e', '\0', + /* "filterflasche-kaufen.de", true */ 'f', 'i', 'l', 't', 'e', 'r', 'f', 'l', 'a', 's', 'c', 'h', 'e', '-', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0', + /* "filterlists.com", true */ 'f', 'i', 'l', 't', 'e', 'r', 'l', 'i', 's', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "finalx.nl", false */ 'f', 'i', 'n', 'a', 'l', 'x', '.', 'n', 'l', '\0', + /* "financejobs.ch", true */ 'f', 'i', 'n', 'a', 'n', 'c', 'e', 'j', 'o', 'b', 's', '.', 'c', 'h', '\0', + /* "financier.io", true */ 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'e', 'r', '.', 'i', 'o', '\0', + /* "financniexperti.sk", true */ 'f', 'i', 'n', 'a', 'n', 'c', 'n', 'i', 'e', 'x', 'p', 'e', 'r', 't', 'i', '.', 's', 'k', '\0', + /* "finch.am", true */ 'f', 'i', 'n', 'c', 'h', '.', 'a', 'm', '\0', + /* "find-job-in.com", true */ 'f', 'i', 'n', 'd', '-', 'j', 'o', 'b', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "find-mba.com", true */ 'f', 'i', 'n', 'd', '-', 'm', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "findhoustonseniorcare.com", true */ 'f', 'i', 'n', 'd', 'h', 'o', 'u', 's', 't', 'o', 'n', 's', 'e', 'n', 'i', 'o', 'r', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "findingkorea.com", true */ 'f', 'i', 'n', 'd', 'i', 'n', 'g', 'k', 'o', 'r', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "finditez.com", true */ 'f', 'i', 'n', 'd', 'i', 't', 'e', 'z', '.', 'c', 'o', 'm', '\0', + /* "findthatnude.com", true */ 'f', 'i', 'n', 'd', 't', 'h', 'a', 't', 'n', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "findthere.net", true */ 'f', 'i', 'n', 'd', 't', 'h', 'e', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "findyour.diet", true */ 'f', 'i', 'n', 'd', 'y', 'o', 'u', 'r', '.', 'd', 'i', 'e', 't', '\0', + /* "findyourvoice.ca", true */ 'f', 'i', 'n', 'd', 'y', 'o', 'u', 'r', 'v', 'o', 'i', 'c', 'e', '.', 'c', 'a', '\0', + /* "fine-services.paris", true */ 'f', 'i', 'n', 'e', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'p', 'a', 'r', 'i', 's', '\0', + /* "finelovedolls.com", true */ 'f', 'i', 'n', 'e', 'l', 'o', 'v', 'e', 'd', 'o', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "finenet.com.tw", true */ 'f', 'i', 'n', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "finer04.pw", true */ 'f', 'i', 'n', 'e', 'r', '0', '4', '.', 'p', 'w', '\0', + /* "finewineonline.com", true */ 'f', 'i', 'n', 'e', 'w', 'i', 'n', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "finfev.de", true */ 'f', 'i', 'n', 'f', 'e', 'v', '.', 'd', 'e', '\0', + /* "finflix.net", true */ 'f', 'i', 'n', 'f', 'l', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "finform.ch", true */ 'f', 'i', 'n', 'f', 'o', 'r', 'm', '.', 'c', 'h', '\0', + /* "fini-de-jouer.ch", true */ 'f', 'i', 'n', 'i', '-', 'd', 'e', '-', 'j', 'o', 'u', 'e', 'r', '.', 'c', 'h', '\0', + /* "finisron.in", true */ 'f', 'i', 'n', 'i', 's', 'r', 'o', 'n', '.', 'i', 'n', '\0', + /* "finkelstein.fr", true */ 'f', 'i', 'n', 'k', 'e', 'l', 's', 't', 'e', 'i', 'n', '.', 'f', 'r', '\0', + /* "finkenberger.org", false */ 'f', 'i', 'n', 'k', 'e', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "finn.io", true */ 'f', 'i', 'n', 'n', '.', 'i', 'o', '\0', + /* "finnclass.cz", true */ 'f', 'i', 'n', 'n', 'c', 'l', 'a', 's', 's', '.', 'c', 'z', '\0', + /* "finneas.net", true */ 'f', 'i', 'n', 'n', 'e', 'a', 's', '.', 'n', 'e', 't', '\0', + /* "finsprings.org", true */ 'f', 'i', 'n', 's', 'p', 'r', 'i', 'n', 'g', 's', '.', 'o', 'r', 'g', '\0', + /* "fintandunleavy.com", true */ 'f', 'i', 'n', 't', 'a', 'n', 'd', 'u', 'n', 'l', 'e', 'a', 'v', 'y', '.', 'c', 'o', 'm', '\0', + /* "finvantage.com", true */ 'f', 'i', 'n', 'v', 'a', 'n', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "fionamcbride.com", true */ 'f', 'i', 'o', 'n', 'a', 'm', 'c', 'b', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "fiork.com", true */ 'f', 'i', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "fioulmarket.fr", true */ 'f', 'i', 'o', 'u', 'l', 'm', 'a', 'r', 'k', 'e', 't', '.', 'f', 'r', '\0', + /* "fire-wolf.com", true */ 'f', 'i', 'r', 'e', '-', 'w', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0', + /* "fireandelectrical.co.uk", true */ 'f', 'i', 'r', 'e', 'a', 'n', 'd', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "firebaseio.com", true */ 'f', 'i', 'r', 'e', 'b', 'a', 's', 'e', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "firebirdrangecookers.com", true */ 'f', 'i', 'r', 'e', 'b', 'i', 'r', 'd', 'r', 'a', 'n', 'g', 'e', 'c', 'o', 'o', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "firebounty.com", true */ 'f', 'i', 'r', 'e', 'b', 'o', 'u', 'n', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "fireboxfood.com", true */ 'f', 'i', 'r', 'e', 'b', 'o', 'x', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "firebugmusic.com", true */ 'f', 'i', 'r', 'e', 'b', 'u', 'g', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "firecore.com", true */ 'f', 'i', 'r', 'e', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "firecry.org", true */ 'f', 'i', 'r', 'e', 'c', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "firefart.at", true */ 'f', 'i', 'r', 'e', 'f', 'a', 'r', 't', '.', 'a', 't', '\0', + /* "firefighters.dating", true */ 'f', 'i', 'r', 'e', 'f', 'i', 'g', 'h', 't', 'e', 'r', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "firegoby.jp", true */ 'f', 'i', 'r', 'e', 'g', 'o', 'b', 'y', '.', 'j', 'p', '\0', + /* "firehost.com", true */ 'f', 'i', 'r', 'e', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "fireportal.cz", true */ 'f', 'i', 'r', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'z', '\0', + /* "firesofheaven.org", true */ 'f', 'i', 'r', 'e', 's', 'o', 'f', 'h', 'e', 'a', 'v', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "firetotheprisons.org", true */ 'f', 'i', 'r', 'e', 't', 'o', 't', 'h', 'e', 'p', 'r', 'i', 's', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "firevap.org", true */ 'f', 'i', 'r', 'e', 'v', 'a', 'p', '.', 'o', 'r', 'g', '\0', + /* "firewallconsultants.com", true */ 'f', 'i', 'r', 'e', 'w', 'a', 'l', 'l', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "fireworksshowvr.com", true */ 'f', 'i', 'r', 'e', 'w', 'o', 'r', 'k', 's', 's', 'h', 'o', 'w', 'v', 'r', '.', 'c', 'o', 'm', '\0', + /* "firma-cerny.cz", true */ 'f', 'i', 'r', 'm', 'a', '-', 'c', 'e', 'r', 'n', 'y', '.', 'c', 'z', '\0', + /* "firma-offshore.com", true */ 'f', 'i', 'r', 'm', 'a', '-', 'o', 'f', 'f', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "firmale.com", true */ 'f', 'i', 'r', 'm', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "firmapi.com", true */ 'f', 'i', 'r', 'm', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "first-house.no", true */ 'f', 'i', 'r', 's', 't', '-', 'h', 'o', 'u', 's', 'e', '.', 'n', 'o', '\0', + /* "first-time-offender.com", true */ 'f', 'i', 'r', 's', 't', '-', 't', 'i', 'm', 'e', '-', 'o', 'f', 'f', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "first.org", true */ 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "first4it.com", true */ 'f', 'i', 'r', 's', 't', '4', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "firstchoicebouncycastlehire.co.uk", true */ 'f', 'i', 'r', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "firstchoicecandy.com", true */ 'f', 'i', 'r', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'c', 'a', 'n', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "firstchoicepool.com", true */ 'f', 'i', 'r', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "firstclasscastles.com", true */ 'f', 'i', 'r', 's', 't', 'c', 'l', 'a', 's', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "firstclassleisure.co.uk", true */ 'f', 'i', 'r', 's', 't', 'c', 'l', 'a', 's', 's', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "firstderm.com", true */ 'f', 'i', 'r', 's', 't', 'd', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "firstfinca.de", true */ 'f', 'i', 'r', 's', 't', 'f', 'i', 'n', 'c', 'a', '.', 'd', 'e', '\0', + /* "firstmall.de", true */ 'f', 'i', 'r', 's', 't', 'm', 'a', 'l', 'l', '.', 'd', 'e', '\0', + /* "firstq.xyz", true */ 'f', 'i', 'r', 's', 't', 'q', '.', 'x', 'y', 'z', '\0', + /* "fischer-its.com", false */ 'f', 'i', 's', 'c', 'h', 'e', 'r', '-', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "fischer-kundendienst.de", true */ 'f', 'i', 's', 'c', 'h', 'e', 'r', '-', 'k', 'u', 'n', 'd', 'e', 'n', 'd', 'i', 'e', 'n', 's', 't', '.', 'd', 'e', '\0', + /* "fischers.cc", true */ 'f', 'i', 's', 'c', 'h', 'e', 'r', 's', '.', 'c', 'c', '\0', + /* "fiscoeconti.it", true */ 'f', 'i', 's', 'c', 'o', 'e', 'c', 'o', 'n', 't', 'i', '.', 'i', 't', '\0', + /* "fish-hook.ru", true */ 'f', 'i', 's', 'h', '-', 'h', 'o', 'o', 'k', '.', 'r', 'u', '\0', + /* "fish2.me", true */ 'f', 'i', 's', 'h', '2', '.', 'm', 'e', '\0', + /* "fishbattle.io", true */ 'f', 'i', 's', 'h', 'b', 'a', 't', 't', 'l', 'e', '.', 'i', 'o', '\0', + /* "fishbattle.net", true */ 'f', 'i', 's', 'h', 'b', 'a', 't', 't', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "fishermailbox.net", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'i', 'l', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "fishermansbend.apartments", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'n', 's', 'b', 'e', 'n', 'd', '.', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '\0', + /* "fishermansbendcorporation.com.au", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'n', 's', 'b', 'e', 'n', 'd', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "fishermansbendtownhouses.com.au", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'n', 's', 'b', 'e', 'n', 'd', 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "fishserver.net", true */ 'f', 'i', 's', 'h', 's', 'e', 'r', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "fishtacos.blog", true */ 'f', 'i', 's', 'h', 't', 'a', 'c', 'o', 's', '.', 'b', 'l', 'o', 'g', '\0', + /* "fistu.la", true */ 'f', 'i', 's', 't', 'u', '.', 'l', 'a', '\0', + /* "fit-4u.ch", true */ 'f', 'i', 't', '-', '4', 'u', '.', 'c', 'h', '\0', + /* "fit365.jp", true */ 'f', 'i', 't', '3', '6', '5', '.', 'j', 'p', '\0', + /* "fitchannel.com", true */ 'f', 'i', 't', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "fitkram.cz", true */ 'f', 'i', 't', 'k', 'r', 'a', 'm', '.', 'c', 'z', '\0', + /* "fitness-challenge.co.uk", true */ 'f', 'i', 't', 'n', 'e', 's', 's', '-', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fitness.gov", true */ 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'g', 'o', 'v', '\0', + /* "fitseven.ru", true */ 'f', 'i', 't', 's', 'e', 'v', 'e', 'n', '.', 'r', 'u', '\0', + /* "fittelo.cz", true */ 'f', 'i', 't', 't', 'e', 'l', 'o', '.', 'c', 'z', '\0', + /* "fitzsim.org", true */ 'f', 'i', 't', 'z', 's', 'i', 'm', '.', 'o', 'r', 'g', '\0', + /* "fiuxy.bz", true */ 'f', 'i', 'u', 'x', 'y', '.', 'b', 'z', '\0', + /* "fiuxy.co", true */ 'f', 'i', 'u', 'x', 'y', '.', 'c', 'o', '\0', + /* "fiws.net", true */ 'f', 'i', 'w', 's', '.', 'n', 'e', 't', '\0', + /* "fixate.ru", true */ 'f', 'i', 'x', 'a', 't', 'e', '.', 'r', 'u', '\0', + /* "fixatom.com", true */ 'f', 'i', 'x', 'a', 't', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "fixeaide.com", true */ 'f', 'i', 'x', 'e', 'a', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "fixeaider.com", true */ 'f', 'i', 'x', 'e', 'a', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "fixel.express", true */ 'f', 'i', 'x', 'e', 'l', '.', 'e', 'x', 'p', 'r', 'e', 's', 's', '\0', + /* "fixforce.nl", true */ 'f', 'i', 'x', 'f', 'o', 'r', 'c', 'e', '.', 'n', 'l', '\0', + /* "fixhotsauce.com", true */ 'f', 'i', 'x', 'h', 'o', 't', 's', 'a', 'u', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "fixmyalarmpanel.co.uk", true */ 'f', 'i', 'x', 'm', 'y', 'a', 'l', 'a', 'r', 'm', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fixmycomputerdude.com", true */ 'f', 'i', 'x', 'm', 'y', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'd', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "fixvoltage.ru", true */ 'f', 'i', 'x', 'v', 'o', 'l', 't', 'a', 'g', 'e', '.', 'r', 'u', '\0', + /* "fizz.buzz", false */ 'f', 'i', 'z', 'z', '.', 'b', 'u', 'z', 'z', '\0', + /* "fj.search.yahoo.com", false */ 'f', 'j', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "fj.simple.com", false */ 'f', 'j', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "fjharcu.com", true */ 'f', 'j', 'h', 'a', 'r', 'c', 'u', '.', 'c', 'o', 'm', '\0', + /* "fjugstad.com", true */ 'f', 'j', 'u', 'g', 's', 't', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "fkcdn.de", true */ 'f', 'k', 'c', 'd', 'n', '.', 'd', 'e', '\0', + /* "fkfev.de", true */ 'f', 'k', 'f', 'e', 'v', '.', 'd', 'e', '\0', + /* "fktpm.ru", true */ 'f', 'k', 't', 'p', 'm', '.', 'r', 'u', '\0', + /* "flaemig42.de", true */ 'f', 'l', 'a', 'e', 'm', 'i', 'g', '4', '2', '.', 'd', 'e', '\0', + /* "flagburningworld.com", true */ 'f', 'l', 'a', 'g', 'b', 'u', 'r', 'n', 'i', 'n', 'g', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "flagfic.com", true */ 'f', 'l', 'a', 'g', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "flagshop.jp", true */ 'f', 'l', 'a', 'g', 's', 'h', 'o', 'p', '.', 'j', 'p', '\0', + /* "flagspot.net", false */ 'f', 'l', 'a', 'g', 's', 'p', 'o', 't', '.', 'n', 'e', 't', '\0', + /* "flair.co", true */ 'f', 'l', 'a', 'i', 'r', '.', 'c', 'o', '\0', + /* "flam.io", true */ 'f', 'l', 'a', 'm', '.', 'i', 'o', '\0', + /* "flamer-scene.com", false */ 'f', 'l', 'a', 'm', 'e', 'r', '-', 's', 'c', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "flamingcow.tv", true */ 'f', 'l', 'a', 'm', 'i', 'n', 'g', 'c', 'o', 'w', '.', 't', 'v', '\0', + /* "flamingkeys.com", true */ 'f', 'l', 'a', 'm', 'i', 'n', 'g', 'k', 'e', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "flamme-von-anor.de", true */ 'f', 'l', 'a', 'm', 'm', 'e', '-', 'v', 'o', 'n', '-', 'a', 'n', 'o', 'r', '.', 'd', 'e', '\0', + /* "flana.com", true */ 'f', 'l', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "flanga.io", true */ 'f', 'l', 'a', 'n', 'g', 'a', '.', 'i', 'o', '\0', + /* "flapoverspeed.com", true */ 'f', 'l', 'a', 'p', 'o', 'v', 'e', 'r', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "flaretechnologies.io", true */ 'f', 'l', 'a', 'r', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'i', 'o', '\0', + /* "flashback.org", true */ 'f', 'l', 'a', 's', 'h', 'b', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "flashgot.net", true */ 'f', 'l', 'a', 's', 'h', 'g', 'o', 't', '.', 'n', 'e', 't', '\0', + /* "flat.io", true */ 'f', 'l', 'a', 't', '.', 'i', 'o', '\0', + /* "flatmatehub.com.au", true */ 'f', 'l', 'a', 't', 'm', 'a', 't', 'e', 'h', 'u', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "flatpackmates.co.uk", true */ 'f', 'l', 'a', 't', 'p', 'a', 'c', 'k', 'm', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "flauschig.net", true */ 'f', 'l', 'a', 'u', 's', 'c', 'h', 'i', 'g', '.', 'n', 'e', 't', '\0', + /* "flavr.be", true */ 'f', 'l', 'a', 'v', 'r', '.', 'b', 'e', '\0', + /* "flawlesscowboy.xyz", true */ 'f', 'l', 'a', 'w', 'l', 'e', 's', 's', 'c', 'o', 'w', 'b', 'o', 'y', '.', 'x', 'y', 'z', '\0', + /* "fleamarketgoods.com", true */ 'f', 'l', 'e', 'a', 'm', 'a', 'r', 'k', 'e', 't', 'g', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "fleep.io", true */ 'f', 'l', 'e', 'e', 'p', '.', 'i', 'o', '\0', + /* "fleetssl.com", true */ 'f', 'l', 'e', 'e', 't', 's', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "flehm.de", true */ 'f', 'l', 'e', 'h', 'm', '.', 'd', 'e', '\0', + /* "fleisch.club", true */ 'f', 'l', 'e', 'i', 's', 'c', 'h', '.', 'c', 'l', 'u', 'b', '\0', + /* "flemingtonaudiparts.com", true */ 'f', 'l', 'e', 'm', 'i', 'n', 'g', 't', 'o', 'n', 'a', 'u', 'd', 'i', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "fletchto99.com", true */ 'f', 'l', 'e', 't', 'c', 'h', 't', 'o', '9', '9', '.', 'c', 'o', 'm', '\0', + /* "flets-ms.com", true */ 'f', 'l', 'e', 't', 's', '-', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "fleurette.me", true */ 'f', 'l', 'e', 'u', 'r', 'e', 't', 't', 'e', '.', 'm', 'e', '\0', + /* "fleursdesoleil.fr", true */ 'f', 'l', 'e', 'u', 'r', 's', 'd', 'e', 's', 'o', 'l', 'e', 'i', 'l', '.', 'f', 'r', '\0', + /* "flexapplications.se", true */ 'f', 'l', 'e', 'x', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 's', 'e', '\0', + /* "flexdrukker.nl", true */ 'f', 'l', 'e', 'x', 'd', 'r', 'u', 'k', 'k', 'e', 'r', '.', 'n', 'l', '\0', + /* "fleximus.org", false */ 'f', 'l', 'e', 'x', 'i', 'm', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "flexinvesting.fi", true */ 'f', 'l', 'e', 'x', 'i', 'n', 'v', 'e', 's', 't', 'i', 'n', 'g', '.', 'f', 'i', '\0', + /* "flexport.com", true */ 'f', 'l', 'e', 'x', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "flexstart.me", true */ 'f', 'l', 'e', 'x', 's', 't', 'a', 'r', 't', '.', 'm', 'e', '\0', + /* "flextrack.dk", true */ 'f', 'l', 'e', 'x', 't', 'r', 'a', 'c', 'k', '.', 'd', 'k', '\0', + /* "fliacuello.com.ar", true */ 'f', 'l', 'i', 'a', 'c', 'u', 'e', 'l', 'l', 'o', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "flightdeckfriend.com", true */ 'f', 'l', 'i', 'g', 'h', 't', 'd', 'e', 'c', 'k', 'f', 'r', 'i', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "flightmedx.com", true */ 'f', 'l', 'i', 'g', 'h', 't', 'm', 'e', 'd', 'x', '.', 'c', 'o', 'm', '\0', + /* "flightschoolbooking.com", true */ 'f', 'l', 'i', 'g', 'h', 't', 's', 'c', 'h', 'o', 'o', 'l', 'b', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "flightschoolcandidates.gov", true */ 'f', 'l', 'i', 'g', 'h', 't', 's', 'c', 'h', 'o', 'o', 'l', 'c', 'a', 'n', 'd', 'i', 'd', 'a', 't', 'e', 's', '.', 'g', 'o', 'v', '\0', + /* "flightzero.cf", true */ 'f', 'l', 'i', 'g', 'h', 't', 'z', 'e', 'r', 'o', '.', 'c', 'f', '\0', + /* "fliino.com", true */ 'f', 'l', 'i', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "flikmsg.co", true */ 'f', 'l', 'i', 'k', 'm', 's', 'g', '.', 'c', 'o', '\0', + /* "flinch.io", true */ 'f', 'l', 'i', 'n', 'c', 'h', '.', 'i', 'o', '\0', + /* "fling.dating", true */ 'f', 'l', 'i', 'n', 'g', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "flipagram.com", false */ 'f', 'l', 'i', 'p', 'a', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "flipneus.net", true */ 'f', 'l', 'i', 'p', 'n', 'e', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "fliptable.org", true */ 'f', 'l', 'i', 'p', 't', 'a', 'b', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "flirt-norden.de", true */ 'f', 'l', 'i', 'r', 't', '-', 'n', 'o', 'r', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "flirtfaces.de", true */ 'f', 'l', 'i', 'r', 't', 'f', 'a', 'c', 'e', 's', '.', 'd', 'e', '\0', + /* "floaternet.com", true */ 'f', 'l', 'o', 'a', 't', 'e', 'r', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "flocktofedora.org", true */ 'f', 'l', 'o', 'c', 'k', 't', 'o', 'f', 'e', 'd', 'o', 'r', 'a', '.', 'o', 'r', 'g', '\0', + /* "floffi.media", true */ 'f', 'l', 'o', 'f', 'f', 'i', '.', 'm', 'e', 'd', 'i', 'a', '\0', + /* "flokinet.is", true */ 'f', 'l', 'o', 'k', 'i', 'n', 'e', 't', '.', 'i', 's', '\0', + /* "floobits.com", true */ 'f', 'l', 'o', 'o', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "flood.io", true */ 'f', 'l', 'o', 'o', 'd', '.', 'i', 'o', '\0', + /* "flooringnightmares.com", true */ 'f', 'l', 'o', 'o', 'r', 'i', 'n', 'g', 'n', 'i', 'g', 'h', 't', 'm', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "floort.net", false */ 'f', 'l', 'o', 'o', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "flopix.net", false */ 'f', 'l', 'o', 'p', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "flopy.club", true */ 'f', 'l', 'o', 'p', 'y', '.', 'c', 'l', 'u', 'b', '\0', + /* "florence.uk.net", true */ 'f', 'l', 'o', 'r', 'e', 'n', 'c', 'e', '.', 'u', 'k', '.', 'n', 'e', 't', '\0', + /* "florent-tatard.fr", true */ 'f', 'l', 'o', 'r', 'e', 'n', 't', '-', 't', 'a', 't', 'a', 'r', 'd', '.', 'f', 'r', '\0', + /* "florentynadawn.co.uk", true */ 'f', 'l', 'o', 'r', 'e', 'n', 't', 'y', 'n', 'a', 'd', 'a', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "florian-bachelet.fr", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', '-', 'b', 'a', 'c', 'h', 'e', 'l', 'e', 't', '.', 'f', 'r', '\0', + /* "florian-schlachter.de", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', '-', 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "florian-thie.de", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', '-', 't', 'h', 'i', 'e', '.', 'd', 'e', '\0', + /* "floriankarmen.com", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 'k', 'a', 'r', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "floriankeller.de", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "florianmitrea.uk", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 'm', 'i', 't', 'r', 'e', 'a', '.', 'u', 'k', '\0', + /* "florianschmitt.ca", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 's', 'c', 'h', 'm', 'i', 't', 't', '.', 'c', 'a', '\0', + /* "floriantanner.ch", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 't', 'a', 'n', 'n', 'e', 'r', '.', 'c', 'h', '\0', + /* "florida-prep.org", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', '-', 'p', 'r', 'e', 'p', '.', 'o', 'r', 'g', '\0', + /* "floridaderi.ru", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'd', 'e', 'r', 'i', '.', 'r', 'u', '\0', + /* "floridafieros.org", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'f', 'i', 'e', 'r', 'o', 's', '.', 'o', 'r', 'g', '\0', + /* "floridahomesinvest.com", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'h', 'o', 'm', 'e', 's', 'i', 'n', 'v', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "florinapp.com", true */ 'f', 'l', 'o', 'r', 'i', 'n', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "florinlungu.it", true */ 'f', 'l', 'o', 'r', 'i', 'n', 'l', 'u', 'n', 'g', 'u', '.', 'i', 't', '\0', + /* "florismoo.nl", true */ 'f', 'l', 'o', 'r', 'i', 's', 'm', 'o', 'o', '.', 'n', 'l', '\0', + /* "florismouwen.com", false */ 'f', 'l', 'o', 'r', 'i', 's', 'm', 'o', 'u', 'w', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "florispoort.nl", true */ 'f', 'l', 'o', 'r', 'i', 's', 'p', 'o', 'o', 'r', 't', '.', 'n', 'l', '\0', + /* "florisvdk.net", true */ 'f', 'l', 'o', 'r', 'i', 's', 'v', 'd', 'k', '.', 'n', 'e', 't', '\0', + /* "floriswesterman.nl", true */ 'f', 'l', 'o', 'r', 'i', 's', 'w', 'e', 's', 't', 'e', 'r', 'm', 'a', 'n', '.', 'n', 'l', '\0', + /* "flosch.at", false */ 'f', 'l', 'o', 's', 'c', 'h', '.', 'a', 't', '\0', + /* "floseed.fr", true */ 'f', 'l', 'o', 's', 'e', 'e', 'd', '.', 'f', 'r', '\0', + /* "floskelwolke.de", true */ 'f', 'l', 'o', 's', 'k', 'e', 'l', 'w', 'o', 'l', 'k', 'e', '.', 'd', 'e', '\0', + /* "floth.at", true */ 'f', 'l', 'o', 't', 'h', '.', 'a', 't', '\0', + /* "flowcom.de", true */ 'f', 'l', 'o', 'w', 'c', 'o', 'm', '.', 'd', 'e', '\0', + /* "flowerandplant.org", true */ 'f', 'l', 'o', 'w', 'e', 'r', 'a', 'n', 'd', 'p', 'l', 'a', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "flowersbylegacy.com", true */ 'f', 'l', 'o', 'w', 'e', 'r', 's', 'b', 'y', 'l', 'e', 'g', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "flowreader.com", true */ 'f', 'l', 'o', 'w', 'r', 'e', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "flox.io", true */ 'f', 'l', 'o', 'x', '.', 'i', 'o', '\0', + /* "floydm.com", true */ 'f', 'l', 'o', 'y', 'd', 'm', '.', 'c', 'o', 'm', '\0', + /* "flra.gov", true */ 'f', 'l', 'r', 'a', '.', 'g', 'o', 'v', '\0', + /* "flucky.xyz", true */ 'f', 'l', 'u', 'c', 'k', 'y', '.', 'x', 'y', 'z', '\0', + /* "flucto.com", true */ 'f', 'l', 'u', 'c', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "flue-ducting.co.uk", true */ 'f', 'l', 'u', 'e', '-', 'd', 'u', 'c', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fluffycloud.de", true */ 'f', 'l', 'u', 'f', 'f', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "fluidmeterusa.com", true */ 'f', 'l', 'u', 'i', 'd', 'm', 'e', 't', 'e', 'r', 'u', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "flumble.nl", true */ 'f', 'l', 'u', 'm', 'b', 'l', 'e', '.', 'n', 'l', '\0', + /* "flunschi.goip.de", true */ 'f', 'l', 'u', 'n', 's', 'c', 'h', 'i', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0', + /* "fluoxetine.net", true */ 'f', 'l', 'u', 'o', 'x', 'e', 't', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "fluteandpianoteaching.co.uk", true */ 'f', 'l', 'u', 't', 'e', 'a', 'n', 'd', 'p', 'i', 'a', 'n', 'o', 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "flux.by", true */ 'f', 'l', 'u', 'x', '.', 'b', 'y', '\0', + /* "fluxent.de", false */ 'f', 'l', 'u', 'x', 'e', 'n', 't', '.', 'd', 'e', '\0', + /* "fluxfingers.net", true */ 'f', 'l', 'u', 'x', 'f', 'i', 'n', 'g', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "fluxforge.com", true */ 'f', 'l', 'u', 'x', 'f', 'o', 'r', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "fluxoid.com", true */ 'f', 'l', 'u', 'x', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "flw365365.com", true */ 'f', 'l', 'w', '3', '6', '5', '3', '6', '5', '.', 'c', 'o', 'm', '\0', + /* "flyawayantennas.com", true */ 'f', 'l', 'y', 'a', 'w', 'a', 'y', 'a', 'n', 't', 'e', 'n', 'n', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "flyboyfpv.com", true */ 'f', 'l', 'y', 'b', 'o', 'y', 'f', 'p', 'v', '.', 'c', 'o', 'm', '\0', + /* "flybunnyfly.dk", true */ 'f', 'l', 'y', 'b', 'u', 'n', 'n', 'y', 'f', 'l', 'y', '.', 'd', 'k', '\0', + /* "flygon.pink", true */ 'f', 'l', 'y', 'g', 'o', 'n', '.', 'p', 'i', 'n', 'k', '\0', + /* "flyinglocksmiths.com", false */ 'f', 'l', 'y', 'i', 'n', 'g', 'l', 'o', 'c', 'k', 's', 'm', 'i', 't', 'h', 's', '.', 'c', 'o', 'm', '\0', + /* "flyingpackets.net", true */ 'f', 'l', 'y', 'i', 'n', 'g', 'p', 'a', 'c', 'k', 'e', 't', 's', '.', 'n', 'e', 't', '\0', + /* "flyingrub.me", true */ 'f', 'l', 'y', 'i', 'n', 'g', 'r', 'u', 'b', '.', 'm', 'e', '\0', + /* "flymns.fr", true */ 'f', 'l', 'y', 'm', 'n', 's', '.', 'f', 'r', '\0', + /* "flynn.io", true */ 'f', 'l', 'y', 'n', 'n', '.', 'i', 'o', '\0', + /* "flyp.me", true */ 'f', 'l', 'y', 'p', '.', 'm', 'e', '\0', + /* "flyserver.co.il", true */ 'f', 'l', 'y', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "flyspace.ga", true */ 'f', 'l', 'y', 's', 'p', 'a', 'c', 'e', '.', 'g', 'a', '\0', + /* "flyspace.ml", true */ 'f', 'l', 'y', 's', 'p', 'a', 'c', 'e', '.', 'm', 'l', '\0', + /* "flyss.net", true */ 'f', 'l', 'y', 's', 's', '.', 'n', 'e', 't', '\0', + /* "flyssh.net", true */ 'f', 'l', 'y', 's', 's', 'h', '.', 'n', 'e', 't', '\0', + /* "flyt.online", true */ 'f', 'l', 'y', 't', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "flytoadventures.com", true */ 'f', 'l', 'y', 't', 'o', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "fm-cdn.de", true */ 'f', 'm', '-', 'c', 'd', 'n', '.', 'd', 'e', '\0', + /* "fm.ie", true */ 'f', 'm', '.', 'i', 'e', '\0', + /* "fmapplication.com", true */ 'f', 'm', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "fmarchal.fr", true */ 'f', 'm', 'a', 'r', 'c', 'h', 'a', 'l', '.', 'f', 'r', '\0', + /* "fmdance.cl", true */ 'f', 'm', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'l', '\0', + /* "fmi.gov", true */ 'f', 'm', 'i', '.', 'g', 'o', 'v', '\0', + /* "fminsight.net", true */ 'f', 'm', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0', + /* "fmodoux.biz", true */ 'f', 'm', 'o', 'd', 'o', 'u', 'x', '.', 'b', 'i', 'z', '\0', + /* "fmovies.fyi", true */ 'f', 'm', 'o', 'v', 'i', 'e', 's', '.', 'f', 'y', 'i', '\0', + /* "fmovies.life", true */ 'f', 'm', 'o', 'v', 'i', 'e', 's', '.', 'l', 'i', 'f', 'e', '\0', + /* "fnb-griffinonline.com", true */ 'f', 'n', 'b', '-', 'g', 'r', 'i', 'f', 'f', 'i', 'n', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "fndout.com", true */ 'f', 'n', 'd', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "fniephaus.com", false */ 'f', 'n', 'i', 'e', 'p', 'h', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "fnof.ch", true */ 'f', 'n', 'o', 'f', '.', 'c', 'h', '\0', + /* "fnordserver.eu", true */ 'f', 'n', 'o', 'r', 'd', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0', + /* "fnzc.co.nz", true */ 'f', 'n', 'z', 'c', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "foairbus.fr", true */ 'f', 'o', 'a', 'i', 'r', 'b', 'u', 's', '.', 'f', 'r', '\0', + /* "foairbussas.fr", true */ 'f', 'o', 'a', 'i', 'r', 'b', 'u', 's', 's', 'a', 's', '.', 'f', 'r', '\0', + /* "focanamoda.com.br", true */ 'f', 'o', 'c', 'a', 'n', 'a', 'm', 'o', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "focusmark.jp", false */ 'f', 'o', 'c', 'u', 's', 'm', 'a', 'r', 'k', '.', 'j', 'p', '\0', + /* "focusministries1.org", true */ 'f', 'o', 'c', 'u', 's', 'm', 'i', 'n', 'i', 's', 't', 'r', 'i', 'e', 's', '1', '.', 'o', 'r', 'g', '\0', + /* "foej-aktiv.de", true */ 'f', 'o', 'e', 'j', '-', 'a', 'k', 't', 'i', 'v', '.', 'd', 'e', '\0', + /* "foej.net", true */ 'f', 'o', 'e', 'j', '.', 'n', 'e', 't', '\0', + /* "foerster-kunststoff.de", true */ 'f', 'o', 'e', 'r', 's', 't', 'e', 'r', '-', 'k', 'u', 'n', 's', 't', 's', 't', 'o', 'f', 'f', '.', 'd', 'e', '\0', + /* "fognini-depablo.eu", true */ 'f', 'o', 'g', 'n', 'i', 'n', 'i', '-', 'd', 'e', 'p', 'a', 'b', 'l', 'o', '.', 'e', 'u', '\0', + /* "foia.gov", true */ 'f', 'o', 'i', 'a', '.', 'g', 'o', 'v', '\0', + /* "fojing.com", true */ 'f', 'o', 'j', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "fokan.be", true */ 'f', 'o', 'k', 'a', 'n', '.', 'b', 'e', '\0', + /* "fokkusu.fi", true */ 'f', 'o', 'k', 'k', 'u', 's', 'u', '.', 'f', 'i', '\0', + /* "fol.tf", true */ 'f', 'o', 'l', '.', 't', 'f', '\0', + /* "foliekonsulenten.dk", true */ 'f', 'o', 'l', 'i', 'e', 'k', 'o', 'n', 's', 'u', 'l', 'e', 'n', 't', 'e', 'n', '.', 'd', 'k', '\0', + /* "foljeton.dk", true */ 'f', 'o', 'l', 'j', 'e', 't', 'o', 'n', '.', 'd', 'k', '\0', + /* "folkadelic.de", true */ 'f', 'o', 'l', 'k', 'a', 'd', 'e', 'l', 'i', 'c', '.', 'd', 'e', '\0', + /* "folkfests.org", true */ 'f', 'o', 'l', 'k', 'f', 'e', 's', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "follandviolins.com", true */ 'f', 'o', 'l', 'l', 'a', 'n', 'd', 'v', 'i', 'o', 'l', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "followerrocket.com", true */ 'f', 'o', 'l', 'l', 'o', 'w', 'e', 'r', 'r', 'o', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "followersya.com", true */ 'f', 'o', 'l', 'l', 'o', 'w', 'e', 'r', 's', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "followthatpage.com", true */ 'f', 'o', 'l', 'l', 'o', 'w', 't', 'h', 'a', 't', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "folv.es", true */ 'f', 'o', 'l', 'v', '.', 'e', 's', '\0', + /* "fondanastasia.ru", true */ 'f', 'o', 'n', 'd', 'a', 'n', 'a', 's', 't', 'a', 's', 'i', 'a', '.', 'r', 'u', '\0', + /* "fondationwiggli.ch", true */ 'f', 'o', 'n', 'd', 'a', 't', 'i', 'o', 'n', 'w', 'i', 'g', 'g', 'l', 'i', '.', 'c', 'h', '\0', + /* "fondy.eu", true */ 'f', 'o', 'n', 'd', 'y', '.', 'e', 'u', '\0', + /* "fondy.ru", true */ 'f', 'o', 'n', 'd', 'y', '.', 'r', 'u', '\0', + /* "fondy.ua", true */ 'f', 'o', 'n', 'd', 'y', '.', 'u', 'a', '\0', + /* "foneo.com", true */ 'f', 'o', 'n', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "fonga.ch", true */ 'f', 'o', 'n', 'g', 'a', '.', 'c', 'h', '\0', + /* "fonolo.com", true */ 'f', 'o', 'n', 'o', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "fonseguin.ca", true */ 'f', 'o', 'n', 's', 'e', 'g', 'u', 'i', 'n', '.', 'c', 'a', '\0', + /* "font-converter.net", true */ 'f', 'o', 'n', 't', '-', 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "fontawesome.com", true */ 'f', 'o', 'n', 't', 'a', 'w', 'e', 's', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "fonte-trading.com", true */ 'f', 'o', 'n', 't', 'e', '-', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "fontein.de", true */ 'f', 'o', 'n', 't', 'e', 'i', 'n', '.', 'd', 'e', '\0', + /* "fontlibrary.org", true */ 'f', 'o', 'n', 't', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "foo.fo", true */ 'f', 'o', 'o', '.', 'f', 'o', '\0', + /* "foo.hamburg", true */ 'f', 'o', 'o', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0', + /* "foodacademy.capetown", true */ 'f', 'o', 'o', 'd', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'a', 'p', 'e', 't', 'o', 'w', 'n', '\0', + /* "foodattitude.ch", true */ 'f', 'o', 'o', 'd', 'a', 't', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'h', '\0', + /* "foodblogger.club", true */ 'f', 'o', 'o', 'd', 'b', 'l', 'o', 'g', 'g', 'e', 'r', '.', 'c', 'l', 'u', 'b', '\0', + /* "foodev.de", true */ 'f', 'o', 'o', 'd', 'e', 'v', '.', 'd', 'e', '\0', + /* "foodsafety.gov", true */ 'f', 'o', 'o', 'd', 's', 'a', 'f', 'e', 't', 'y', '.', 'g', 'o', 'v', '\0', + /* "foodsafetyjobs.gov", true */ 'f', 'o', 'o', 'd', 's', 'a', 'f', 'e', 't', 'y', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0', + /* "foodserve.in", true */ 'f', 'o', 'o', 'd', 's', 'e', 'r', 'v', 'e', '.', 'i', 'n', '\0', + /* "foodsouvenirs.it", true */ 'f', 'o', 'o', 'd', 's', 'o', 'u', 'v', 'e', 'n', 'i', 'r', 's', '.', 'i', 't', '\0', + /* "foodwise.marketing", true */ 'f', 'o', 'o', 'd', 'w', 'i', 's', 'e', '.', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '\0', + /* "foolip.org", true */ 'f', 'o', 'o', 'l', 'i', 'p', '.', 'o', 'r', 'g', '\0', + /* "foolwealth.com", true */ 'f', 'o', 'o', 'l', 'w', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "foorack.com", true */ 'f', 'o', 'o', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "fooster.io", true */ 'f', 'o', 'o', 's', 't', 'e', 'r', '.', 'i', 'o', '\0', + /* "foot.fr", true */ 'f', 'o', 'o', 't', '.', 'f', 'r', '\0', + /* "footballforum.de", true */ 'f', 'o', 'o', 't', 'b', 'a', 'l', 'l', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "for.care", true */ 'f', 'o', 'r', '.', 'c', 'a', 'r', 'e', '\0', + /* "foray-jero.me", true */ 'f', 'o', 'r', 'a', 'y', '-', 'j', 'e', 'r', 'o', '.', 'm', 'e', '\0', + /* "forbiddenhistory.info", true */ 'f', 'o', 'r', 'b', 'i', 'd', 'd', 'e', 'n', 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "forbusiness.ca", true */ 'f', 'o', 'r', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'a', '\0', + /* "forces.army", true */ 'f', 'o', 'r', 'c', 'e', 's', '.', 'a', 'r', 'm', 'y', '\0', + /* "forcewave.com", true */ 'f', 'o', 'r', 'c', 'e', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "ford-shop.by", true */ 'f', 'o', 'r', 'd', '-', 's', 'h', 'o', 'p', '.', 'b', 'y', '\0', + /* "foreachcode.com", true */ 'f', 'o', 'r', 'e', 'a', 'c', 'h', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "foreclosureattorneyhouston.com", true */ 'f', 'o', 'r', 'e', 'c', 'l', 'o', 's', 'u', 'r', 'e', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', 'h', 'o', 'u', 's', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "foregroundweb.com", true */ 'f', 'o', 'r', 'e', 'g', 'r', 'o', 'u', 'n', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "forellenpark.com", true */ 'f', 'o', 'r', 'e', 'l', 'l', 'e', 'n', 'p', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "forento.be", true */ 'f', 'o', 'r', 'e', 'n', 't', 'o', '.', 'b', 'e', '\0', + /* "forestraven.net", true */ 'f', 'o', 'r', 'e', 's', 't', 'r', 'a', 'v', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "foreverssl.com", true */ 'f', 'o', 'r', 'e', 'v', 'e', 'r', 's', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "foreversummertime.com", true */ 'f', 'o', 'r', 'e', 'v', 'e', 'r', 's', 'u', 'm', 'm', 'e', 'r', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "forex.ee", true */ 'f', 'o', 'r', 'e', 'x', '.', 'e', 'e', '\0', + /* "forexchef.de", true */ 'f', 'o', 'r', 'e', 'x', 'c', 'h', 'e', 'f', '.', 'd', 'e', '\0', + /* "forexee.com", true */ 'f', 'o', 'r', 'e', 'x', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "forextimes.ru", false */ 'f', 'o', 'r', 'e', 'x', 't', 'i', 'm', 'e', 's', '.', 'r', 'u', '\0', + /* "forge-goerger.eu", true */ 'f', 'o', 'r', 'g', 'e', '-', 'g', 'o', 'e', 'r', 'g', 'e', 'r', '.', 'e', 'u', '\0', + /* "forglemmigej.net", true */ 'f', 'o', 'r', 'g', 'l', 'e', 'm', 'm', 'i', 'g', 'e', 'j', '.', 'n', 'e', 't', '\0', + /* "forgotten-legends.org", true */ 'f', 'o', 'r', 'g', 'o', 't', 't', 'e', 'n', '-', 'l', 'e', 'g', 'e', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0', + /* "formadmin.com", true */ 'f', 'o', 'r', 'm', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "formaliteo.com", true */ 'f', 'o', 'r', 'm', 'a', 'l', 'i', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "forman.store", true */ 'f', 'o', 'r', 'm', 'a', 'n', '.', 's', 't', 'o', 'r', 'e', '\0', + /* "formapi.io", true */ 'f', 'o', 'r', 'm', 'a', 'p', 'i', '.', 'i', 'o', '\0', + /* "format-paysage.ch", true */ 'f', 'o', 'r', 'm', 'a', 't', '-', 'p', 'a', 'y', 's', 'a', 'g', 'e', '.', 'c', 'h', '\0', + /* "formation-assureur.com", true */ 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '-', 'a', 's', 's', 'u', 'r', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "formation-mac.ch", true */ 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '-', 'm', 'a', 'c', '.', 'c', 'h', '\0', + /* "formationseeker.com", true */ 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 's', 'e', 'e', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "formbetter.com", true */ 'f', 'o', 'r', 'm', 'b', 'e', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "formini.dz", true */ 'f', 'o', 'r', 'm', 'i', 'n', 'i', '.', 'd', 'z', '\0', + /* "formkiq.com", true */ 'f', 'o', 'r', 'm', 'k', 'i', 'q', '.', 'c', 'o', 'm', '\0', + /* "formula-ot.ru", true */ 'f', 'o', 'r', 'm', 'u', 'l', 'a', '-', 'o', 't', '.', 'r', 'u', '\0', + /* "fornoreason.net.au", true */ 'f', 'o', 'r', 'n', 'o', 'r', 'e', 'a', 's', 'o', 'n', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "foro.io", false */ 'f', 'o', 'r', 'o', '.', 'i', 'o', '\0', + /* "forodeespanol.com", true */ 'f', 'o', 'r', 'o', 'd', 'e', 'e', 's', 'p', 'a', 'n', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "forologikidilosi.com.gr", true */ 'f', 'o', 'r', 'o', 'l', 'o', 'g', 'i', 'k', 'i', 'd', 'i', 'l', 'o', 's', 'i', '.', 'c', 'o', 'm', '.', 'g', 'r', '\0', + /* "forourselves.com", true */ 'f', 'o', 'r', 'o', 'u', 'r', 's', 'e', 'l', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "forrestheller.com", true */ 'f', 'o', 'r', 'r', 'e', 's', 't', 'h', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "forro.info", true */ 'f', 'o', 'r', 'r', 'o', '.', 'i', 'n', 'f', 'o', '\0', + /* "forsakringsarkivet.se", true */ 'f', 'o', 'r', 's', 'a', 'k', 'r', 'i', 'n', 'g', 's', 'a', 'r', 'k', 'i', 'v', 'e', 't', '.', 's', 'e', '\0', + /* "forsec.nl", true */ 'f', 'o', 'r', 's', 'e', 'c', '.', 'n', 'l', '\0', + /* "forstbetrieb-hennecke.de", true */ 'f', 'o', 'r', 's', 't', 'b', 'e', 't', 'r', 'i', 'e', 'b', '-', 'h', 'e', 'n', 'n', 'e', 'c', 'k', 'e', '.', 'd', 'e', '\0', + /* "forstprodukte.de", true */ 'f', 'o', 'r', 's', 't', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', '.', 'd', 'e', '\0', + /* "forteggz.nl", true */ 'f', 'o', 'r', 't', 'e', 'g', 'g', 'z', '.', 'n', 'l', '\0', + /* "fortesanshop.it", true */ 'f', 'o', 'r', 't', 'e', 's', 'a', 'n', 's', 'h', 'o', 'p', '.', 'i', 't', '\0', + /* "fortnine.ca", true */ 'f', 'o', 'r', 't', 'n', 'i', 'n', 'e', '.', 'c', 'a', '\0', + /* "fortran.io", true */ 'f', 'o', 'r', 't', 'r', 'a', 'n', '.', 'i', 'o', '\0', + /* "fortress.no", true */ 'f', 'o', 'r', 't', 'r', 'e', 's', 's', '.', 'n', 'o', '\0', + /* "fortress.sk", true */ 'f', 'o', 'r', 't', 'r', 'e', 's', 's', '.', 's', 'k', '\0', + /* "fortricks.in", true */ 'f', 'o', 'r', 't', 'r', 'i', 'c', 'k', 's', '.', 'i', 'n', '\0', + /* "fortuna-s.com", true */ 'f', 'o', 'r', 't', 'u', 'n', 'a', '-', 's', '.', 'c', 'o', 'm', '\0', + /* "fortworth.ch", true */ 'f', 'o', 'r', 't', 'w', 'o', 'r', 't', 'h', '.', 'c', 'h', '\0', + /* "forty-two.nl", true */ 'f', 'o', 'r', 't', 'y', '-', 't', 'w', 'o', '.', 'n', 'l', '\0', + /* "forty8creates.com", true */ 'f', 'o', 'r', 't', 'y', '8', 'c', 'r', 'e', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "fortytwo.cloud", true */ 'f', 'o', 'r', 't', 'y', 't', 'w', 'o', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "forum-bonn.de", true */ 'f', 'o', 'r', 'u', 'm', '-', 'b', 'o', 'n', 'n', '.', 'd', 'e', '\0', + /* "forum-kinozal-tv.appspot.com", true */ 'f', 'o', 'r', 'u', 'm', '-', 'k', 'i', 'n', 'o', 'z', 'a', 'l', '-', 't', 'v', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "forum-kinozal.appspot.com", true */ 'f', 'o', 'r', 'u', 'm', '-', 'k', 'i', 'n', 'o', 'z', 'a', 'l', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "forum.linode.com", false */ 'f', 'o', 'r', 'u', 'm', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "forum3.ru", true */ 'f', 'o', 'r', 'u', 'm', '3', '.', 'r', 'u', '\0', + /* "forumvoordemocratie.nl", true */ 'f', 'o', 'r', 'u', 'm', 'v', 'o', 'o', 'r', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0', + /* "forvisualdesign.com", true */ 'f', 'o', 'r', 'v', 'i', 's', 'u', 'a', 'l', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "forward-fly-fishing.ch", true */ 'f', 'o', 'r', 'w', 'a', 'r', 'd', '-', 'f', 'l', 'y', '-', 'f', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "foryouandyourcustomers.com", true */ 'f', 'o', 'r', 'y', 'o', 'u', 'a', 'n', 'd', 'y', 'o', 'u', 'r', 'c', 'u', 's', 't', 'o', 'm', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "foryoucosmeticos.com.br", true */ 'f', 'o', 'r', 'y', 'o', 'u', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "foryourhealthybody.com", true */ 'f', 'o', 'r', 'y', 'o', 'u', 'r', 'h', 'e', 'a', 'l', 't', 'h', 'y', 'b', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "foscamcanada.com", true */ 'f', 'o', 's', 'c', 'a', 'm', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "fosdem.org", true */ 'f', 'o', 's', 'd', 'e', 'm', '.', 'o', 'r', 'g', '\0', + /* "fossgruppen.se", true */ 'f', 'o', 's', 's', 'g', 'r', 'u', 'p', 'p', 'e', 'n', '.', 's', 'e', '\0', + /* "fossilfreeyale.org", true */ 'f', 'o', 's', 's', 'i', 'l', 'f', 'r', 'e', 'e', 'y', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "fotella.com", true */ 'f', 'o', 't', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "fotikpro.ru", true */ 'f', 'o', 't', 'i', 'k', 'p', 'r', 'o', '.', 'r', 'u', '\0', + /* "foto-janvanaefst.nl", true */ 'f', 'o', 't', 'o', '-', 'j', 'a', 'n', 'v', 'a', 'n', 'a', 'e', 'f', 's', 't', '.', 'n', 'l', '\0', + /* "foto-leitner.com", true */ 'f', 'o', 't', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "foto-leitner.de", true */ 'f', 'o', 't', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "foto-robitsch.at", true */ 'f', 'o', 't', 'o', '-', 'r', 'o', 'b', 'i', 't', 's', 'c', 'h', '.', 'a', 't', '\0', + /* "foto-roma.ru", true */ 'f', 'o', 't', 'o', '-', 'r', 'o', 'm', 'a', '.', 'r', 'u', '\0', + /* "foto.by", true */ 'f', 'o', 't', 'o', '.', 'b', 'y', '\0', + /* "fotoallerlei.com", true */ 'f', 'o', 't', 'o', 'a', 'l', 'l', 'e', 'r', 'l', 'e', 'i', '.', 'c', 'o', 'm', '\0', + /* "fotografiadellalucerossa.com", true */ 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'a', 'd', 'e', 'l', 'l', 'a', 'l', 'u', 'c', 'e', 'r', 'o', 's', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "fotohome.dk", true */ 'f', 'o', 't', 'o', 'h', 'o', 'm', 'e', '.', 'd', 'k', '\0', + /* "fotoleitner.com", true */ 'f', 'o', 't', 'o', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "fotoleitner.de", true */ 'f', 'o', 't', 'o', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "fotostravestisbr.com", true */ 'f', 'o', 't', 'o', 's', 't', 'r', 'a', 'v', 'e', 's', 't', 'i', 's', 'b', 'r', '.', 'c', 'o', 'm', '\0', + /* "fotostudio-leitner.com", true */ 'f', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "fotostudio-leitner.de", true */ 'f', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "fotostudio-schweiz.ch", true */ 'f', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '-', 's', 'c', 'h', 'w', 'e', 'i', 'z', '.', 'c', 'h', '\0', + /* "fotowettbewerb.co", true */ 'f', 'o', 't', 'o', 'w', 'e', 't', 't', 'b', 'e', 'w', 'e', 'r', 'b', '.', 'c', 'o', '\0', + /* "fotowolfy.com", true */ 'f', 'o', 't', 'o', 'w', 'o', 'l', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "fougner.co", true */ 'f', 'o', 'u', 'g', 'n', 'e', 'r', '.', 'c', 'o', '\0', + /* "found.website", true */ 'f', 'o', 'u', 'n', 'd', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0', + /* "foundsounds.me", true */ 'f', 'o', 'u', 'n', 'd', 's', 'o', 'u', 'n', 'd', 's', '.', 'm', 'e', '\0', + /* "fourdesignstudio.com", true */ 'f', 'o', 'u', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "fowlervwparts.com", true */ 'f', 'o', 'w', 'l', 'e', 'r', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "foxbnc.co.uk", true */ 'f', 'o', 'x', 'b', 'n', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "foxdev.co", true */ 'f', 'o', 'x', 'd', 'e', 'v', '.', 'c', 'o', '\0', + /* "foxes.no", true */ 'f', 'o', 'x', 'e', 's', '.', 'n', 'o', '\0', + /* "foxhound.com.br", true */ 'f', 'o', 'x', 'h', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "foxing.club", true */ 'f', 'o', 'x', 'i', 'n', 'g', '.', 'c', 'l', 'u', 'b', '\0', + /* "foxmay.co.uk", true */ 'f', 'o', 'x', 'm', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "foxontheinter.net", true */ 'f', 'o', 'x', 'o', 'n', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "foxphotography.ch", true */ 'f', 'o', 'x', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'h', '\0', + /* "foxquill.com", true */ 'f', 'o', 'x', 'q', 'u', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "foxterrier.com.br", true */ 'f', 'o', 'x', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "fpc.gov", true */ 'f', 'p', 'c', '.', 'g', 'o', 'v', '\0', + /* "fpersona.com", true */ 'f', 'p', 'e', 'r', 's', 'o', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "fpki.sh", true */ 'f', 'p', 'k', 'i', '.', 's', 'h', '\0', + /* "fptravelling.com", true */ 'f', 'p', 't', 'r', 'a', 'v', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "fpy.cz", true */ 'f', 'p', 'y', '.', 'c', 'z', '\0', + /* "fr.search.yahoo.com", false */ 'f', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "fr0zenbits.io", true */ 'f', 'r', '0', 'z', 'e', 'n', 'b', 'i', 't', 's', '.', 'i', 'o', '\0', + /* "fr33tux.org", true */ 'f', 'r', '3', '3', 't', 'u', 'x', '.', 'o', 'r', 'g', '\0', + /* "frack.nl", true */ 'f', 'r', 'a', 'c', 'k', '.', 'n', 'l', '\0', + /* "fraesentest.de", true */ 'f', 'r', 'a', 'e', 's', 'e', 'n', 't', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "fragmentspuren.de", true */ 'f', 'r', 'a', 'g', 'm', 'e', 'n', 't', 's', 'p', 'u', 'r', 'e', 'n', '.', 'd', 'e', '\0', + /* "fragstore.net", true */ 'f', 'r', 'a', 'g', 's', 't', 'o', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "fraho.eu", true */ 'f', 'r', 'a', 'h', 'o', '.', 'e', 'u', '\0', + /* "framapiaf.org", true */ 'f', 'r', 'a', 'm', 'a', 'p', 'i', 'a', 'f', '.', 'o', 'r', 'g', '\0', + /* "framedpaws.com", true */ 'f', 'r', 'a', 'm', 'e', 'd', 'p', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "fran.cr", true */ 'f', 'r', 'a', 'n', '.', 'c', 'r', '\0', + /* "francesca-and-lucas.com", true */ 'f', 'r', 'a', 'n', 'c', 'e', 's', 'c', 'a', '-', 'a', 'n', 'd', '-', 'l', 'u', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "francescopalazzo.com", true */ 'f', 'r', 'a', 'n', 'c', 'e', 's', 'c', 'o', 'p', 'a', 'l', 'a', 'z', 'z', 'o', '.', 'c', 'o', 'm', '\0', + /* "franchini.email", true */ 'f', 'r', 'a', 'n', 'c', 'h', 'i', 'n', 'i', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "franchini.engineer", true */ 'f', 'r', 'a', 'n', 'c', 'h', 'i', 'n', 'i', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '\0', + /* "francisli.net", true */ 'f', 'r', 'a', 'n', 'c', 'i', 's', 'l', 'i', '.', 'n', 'e', 't', '\0', + /* "franckgirard.net", true */ 'f', 'r', 'a', 'n', 'c', 'k', 'g', 'i', 'r', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0', + /* "francois-occasions.be", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'i', 's', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0', + /* "francoiscarrier.com", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'i', 's', 'c', 'a', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "francoislepage.com", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'i', 's', 'l', 'e', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "francoz.me", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'z', '.', 'm', 'e', '\0', + /* "frandor.co.uk", true */ 'f', 'r', 'a', 'n', 'd', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "frank.fyi", true */ 'f', 'r', 'a', 'n', 'k', '.', 'f', 'y', 'i', '\0', + /* "franke-chemie.de", true */ 'f', 'r', 'a', 'n', 'k', 'e', '-', 'c', 'h', 'e', 'm', 'i', 'e', '.', 'd', 'e', '\0', + /* "franken-lehrmittel.de", true */ 'f', 'r', 'a', 'n', 'k', 'e', 'n', '-', 'l', 'e', 'h', 'r', 'm', 'i', 't', 't', 'e', 'l', '.', 'd', 'e', '\0', + /* "frankenlehrmittel.de", true */ 'f', 'r', 'a', 'n', 'k', 'e', 'n', 'l', 'e', 'h', 'r', 'm', 'i', 't', 't', 'e', 'l', '.', 'd', 'e', '\0', + /* "frankhaala.com", true */ 'f', 'r', 'a', 'n', 'k', 'h', 'a', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "frankl.in", true */ 'f', 'r', 'a', 'n', 'k', 'l', '.', 'i', 'n', '\0', + /* "franklinhua.com", true */ 'f', 'r', 'a', 'n', 'k', 'l', 'i', 'n', 'h', 'u', 'a', '.', 'c', 'o', 'm', '\0', + /* "frankmorrow.com", true */ 'f', 'r', 'a', 'n', 'k', 'm', 'o', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "franksiler.com", true */ 'f', 'r', 'a', 'n', 'k', 's', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "frankwei.xyz", true */ 'f', 'r', 'a', 'n', 'k', 'w', 'e', 'i', '.', 'x', 'y', 'z', '\0', + /* "frankyan.com", true */ 'f', 'r', 'a', 'n', 'k', 'y', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "frantic1048.com", true */ 'f', 'r', 'a', 'n', 't', 'i', 'c', '1', '0', '4', '8', '.', 'c', 'o', 'm', '\0', + /* "frantorregrosa.me", true */ 'f', 'r', 'a', 'n', 't', 'o', 'r', 'r', 'e', 'g', 'r', 'o', 's', 'a', '.', 'm', 'e', '\0', + /* "frappant.cc", false */ 'f', 'r', 'a', 'p', 'p', 'a', 'n', 't', '.', 'c', 'c', '\0', + /* "fraselab.ru", true */ 'f', 'r', 'a', 's', 'e', 'l', 'a', 'b', '.', 'r', 'u', '\0', + /* "frasesaniversarios.com.br", true */ 'f', 'r', 'a', 's', 'e', 's', 'a', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "frasesdodia.com", true */ 'f', 'r', 'a', 's', 'e', 's', 'd', 'o', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "frasesparaface.com.br", true */ 'f', 'r', 'a', 's', 'e', 's', 'p', 'a', 'r', 'a', 'f', 'a', 'c', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "frasesytarjetas.com", true */ 'f', 'r', 'a', 's', 'e', 's', 'y', 't', 'a', 'r', 'j', 'e', 't', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "frasys.cloud", true */ 'f', 'r', 'a', 's', 'y', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "frasys.net", true */ 'f', 'r', 'a', 's', 'y', 's', '.', 'n', 'e', 't', '\0', + /* "frattaroli.org", true */ 'f', 'r', 'a', 't', 't', 'a', 'r', 'o', 'l', 'i', '.', 'o', 'r', 'g', '\0', + /* "frau-inge.de", true */ 'f', 'r', 'a', 'u', '-', 'i', 'n', 'g', 'e', '.', 'd', 'e', '\0', + /* "frau-sucht-bauer.de", true */ 'f', 'r', 'a', 'u', '-', 's', 'u', 'c', 'h', 't', '-', 'b', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0', + /* "fraudmarc.com", true */ 'f', 'r', 'a', 'u', 'd', 'm', 'a', 'r', 'c', '.', 'c', 'o', 'm', '\0', + /* "frauenarzt-zinke.de", true */ 'f', 'r', 'a', 'u', 'e', 'n', 'a', 'r', 'z', 't', '-', 'z', 'i', 'n', 'k', 'e', '.', 'd', 'e', '\0', + /* "frauenlob.rocks", true */ 'f', 'r', 'a', 'u', 'e', 'n', 'l', 'o', 'b', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "fraurichter.net", true */ 'f', 'r', 'a', 'u', 'r', 'i', 'c', 'h', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "fraye.net", true */ 'f', 'r', 'a', 'y', 'e', '.', 'n', 'e', 't', '\0', + /* "frbracch.it", true */ 'f', 'r', 'b', 'r', 'a', 'c', 'c', 'h', '.', 'i', 't', '\0', + /* "frdl.ch", true */ 'f', 'r', 'd', 'l', '.', 'c', 'h', '\0', + /* "freaksites.dk", true */ 'f', 'r', 'e', 'a', 'k', 's', 'i', 't', 'e', 's', '.', 'd', 'k', '\0', + /* "frebi.org", true */ 'f', 'r', 'e', 'b', 'i', '.', 'o', 'r', 'g', '\0', + /* "freddysfuncastles.co.uk", true */ 'f', 'r', 'e', 'd', 'd', 'y', 's', 'f', 'u', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "freddythechick.uk", true */ 'f', 'r', 'e', 'd', 'd', 'y', 't', 'h', 'e', 'c', 'h', 'i', 'c', 'k', '.', 'u', 'k', '\0', + /* "frederik-braun.com", true */ 'f', 'r', 'e', 'd', 'e', 'r', 'i', 'k', '-', 'b', 'r', 'a', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "frederikschoell.de", false */ 'f', 'r', 'e', 'd', 'e', 'r', 'i', 'k', 's', 'c', 'h', 'o', 'e', 'l', 'l', '.', 'd', 'e', '\0', + /* "fredloya.com", true */ 'f', 'r', 'e', 'd', 'l', 'o', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "fredriksslekt.se", true */ 'f', 'r', 'e', 'd', 'r', 'i', 'k', 's', 's', 'l', 'e', 'k', 't', '.', 's', 'e', '\0', + /* "fredvoyage.fr", true */ 'f', 'r', 'e', 'd', 'v', 'o', 'y', 'a', 'g', 'e', '.', 'f', 'r', '\0', + /* "free-your-pc.com", true */ 'f', 'r', 'e', 'e', '-', 'y', 'o', 'u', 'r', '-', 'p', 'c', '.', 'c', 'o', 'm', '\0', + /* "free.com.tw", true */ 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "free8.xyz", true */ 'f', 'r', 'e', 'e', '8', '.', 'x', 'y', 'z', '\0', + /* "freeasinlliure.org", true */ 'f', 'r', 'e', 'e', 'a', 's', 'i', 'n', 'l', 'l', 'i', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "freeassangenow.org", true */ 'f', 'r', 'e', 'e', 'a', 's', 's', 'a', 'n', 'g', 'e', 'n', 'o', 'w', '.', 'o', 'r', 'g', '\0', + /* "freeasyshop.com", true */ 'f', 'r', 'e', 'e', 'a', 's', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "freebarrettbrown.org", true */ 'f', 'r', 'e', 'e', 'b', 'a', 'r', 'r', 'e', 't', 't', 'b', 'r', 'o', 'w', 'n', '.', 'o', 'r', 'g', '\0', + /* "freeben666.fr", true */ 'f', 'r', 'e', 'e', 'b', 'e', 'n', '6', '6', '6', '.', 'f', 'r', '\0', + /* "freebetoffers.co.uk", true */ 'f', 'r', 'e', 'e', 'b', 'e', 't', 'o', 'f', 'f', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "freeblog.me", true */ 'f', 'r', 'e', 'e', 'b', 'l', 'o', 'g', '.', 'm', 'e', '\0', + /* "freebookmakerbets.com.au", true */ 'f', 'r', 'e', 'e', 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "freebookmakersbetsandbonuses.com.au", true */ 'f', 'r', 'e', 'e', 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 's', 'b', 'e', 't', 's', 'a', 'n', 'd', 'b', 'o', 'n', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "freebus.org", true */ 'f', 'r', 'e', 'e', 'b', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "freecam2cam.site", true */ 'f', 'r', 'e', 'e', 'c', 'a', 'm', '2', 'c', 'a', 'm', '.', 's', 'i', 't', 'e', '\0', + /* "freecloud.at", true */ 'f', 'r', 'e', 'e', 'c', 'l', 'o', 'u', 'd', '.', 'a', 't', '\0', + /* "freedev.cz", true */ 'f', 'r', 'e', 'e', 'd', 'e', 'v', '.', 'c', 'z', '\0', + /* "freedom.press", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', '.', 'p', 'r', 'e', 's', 's', '\0', + /* "freedomflotilla.org", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'f', 'l', 'o', 't', 'i', 'l', 'l', 'a', '.', 'o', 'r', 'g', '\0', + /* "freedomfrontier.tk", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'f', 'r', 'o', 'n', 't', 'i', 'e', 'r', '.', 't', 'k', '\0', + /* "freedomkiaparts.com", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "freedomonline.bg", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'b', 'g', '\0', + /* "freedomrealtyoftexas.com", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'r', 'e', 'a', 'l', 't', 'y', 'o', 'f', 't', 'e', 'x', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "freedomvote.nl", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'v', 'o', 't', 'e', '.', 'n', 'l', '\0', + /* "freeexampapers.com", true */ 'f', 'r', 'e', 'e', 'e', 'x', 'a', 'm', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "freeflightstoitaly.ngo", true */ 'f', 'r', 'e', 'e', 'f', 'l', 'i', 'g', 'h', 't', 's', 't', 'o', 'i', 't', 'a', 'l', 'y', '.', 'n', 'g', 'o', '\0', + /* "freeform4u.de", true */ 'f', 'r', 'e', 'e', 'f', 'o', 'r', 'm', '4', 'u', '.', 'd', 'e', '\0', + /* "freegame-mugen.jp", true */ 'f', 'r', 'e', 'e', 'g', 'a', 'm', 'e', '-', 'm', 'u', 'g', 'e', 'n', '.', 'j', 'p', '\0', + /* "freegutters.com", true */ 'f', 'r', 'e', 'e', 'g', 'u', 't', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "freeinoutboard.com", true */ 'f', 'r', 'e', 'e', 'i', 'n', 'o', 'u', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "freejasongoudlock.org", true */ 'f', 'r', 'e', 'e', 'j', 'a', 's', 'o', 'n', 'g', 'o', 'u', 'd', 'l', 'o', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "freejeremy.net", true */ 'f', 'r', 'e', 'e', 'j', 'e', 'r', 'e', 'm', 'y', '.', 'n', 'e', 't', '\0', + /* "freela.ch", true */ 'f', 'r', 'e', 'e', 'l', 'a', '.', 'c', 'h', '\0', + /* "freelance.boutique", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '\0', + /* "freelance.guide", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'g', 'u', 'i', 'd', 'e', '\0', + /* "freelance.nl", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'n', 'l', '\0', + /* "freelancehunt.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 'h', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "freelanceshipping.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 's', 'h', 'i', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "freelandinnovation.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'd', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "freelauri.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "freelifer.jp", true */ 'f', 'r', 'e', 'e', 'l', 'i', 'f', 'e', 'r', '.', 'j', 'p', '\0', + /* "freemanning.de", true */ 'f', 'r', 'e', 'e', 'm', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "freemans.com", true */ 'f', 'r', 'e', 'e', 'm', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "freemedforms.com", true */ 'f', 'r', 'e', 'e', 'm', 'e', 'd', 'f', 'o', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "freemyipod.org", true */ 'f', 'r', 'e', 'e', 'm', 'y', 'i', 'p', 'o', 'd', '.', 'o', 'r', 'g', '\0', + /* "freend.me", false */ 'f', 'r', 'e', 'e', 'n', 'd', '.', 'm', 'e', '\0', + /* "freenetproject.org", true */ 'f', 'r', 'e', 'e', 'n', 'e', 't', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "freeonplate.com", true */ 'f', 'r', 'e', 'e', 'o', 'n', 'p', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "freergform.org", true */ 'f', 'r', 'e', 'e', 'r', 'g', 'f', 'o', 'r', 'm', '.', 'o', 'r', 'g', '\0', + /* "freeshell.de", true */ 'f', 'r', 'e', 'e', 's', 'h', 'e', 'l', 'l', '.', 'd', 'e', '\0', + /* "freesitemapgenerator.com", true */ 'f', 'r', 'e', 'e', 's', 'i', 't', 'e', 'm', 'a', 'p', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "freeslots.guru", true */ 'f', 'r', 'e', 'e', 's', 'l', 'o', 't', 's', '.', 'g', 'u', 'r', 'u', '\0', + /* "freesms-online.de", true */ 'f', 'r', 'e', 'e', 's', 'm', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "freesnowden.is", true */ 'f', 'r', 'e', 'e', 's', 'n', 'o', 'w', 'd', 'e', 'n', '.', 'i', 's', '\0', + /* "freesolitaire.win", true */ 'f', 'r', 'e', 'e', 's', 'o', 'l', 'i', 't', 'a', 'i', 'r', 'e', '.', 'w', 'i', 'n', '\0', + /* "freesounding.com", true */ 'f', 'r', 'e', 'e', 's', 'o', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "freesounding.ru", true */ 'f', 'r', 'e', 'e', 's', 'o', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'r', 'u', '\0', + /* "freesourcestl.org", true */ 'f', 'r', 'e', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', 't', 'l', '.', 'o', 'r', 'g', '\0', + /* "freespace.info", true */ 'f', 'r', 'e', 'e', 's', 'p', 'a', 'c', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "freethetv.ie", true */ 'f', 'r', 'e', 'e', 't', 'h', 'e', 't', 'v', '.', 'i', 'e', '\0', + /* "freetsa.org", true */ 'f', 'r', 'e', 'e', 't', 's', 'a', '.', 'o', 'r', 'g', '\0', + /* "freevps.us", true */ 'f', 'r', 'e', 'e', 'v', 'p', 's', '.', 'u', 's', '\0', + /* "freeweibo.com", true */ 'f', 'r', 'e', 'e', 'w', 'e', 'i', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "freeyourmusic.com", true */ 'f', 'r', 'e', 'e', 'y', 'o', 'u', 'r', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "freezion.com", true */ 'f', 'r', 'e', 'e', 'z', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "freifahrt.de", true */ 'f', 'r', 'e', 'i', 'f', 'a', 'h', 'r', 't', '.', 'd', 'e', '\0', + /* "freifamily.ch", true */ 'f', 'r', 'e', 'i', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'h', '\0', + /* "freifunk-burgaltendorf.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'b', 'u', 'r', 'g', 'a', 'l', 't', 'e', 'n', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0', + /* "freifunk-essen.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'e', 's', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "freifunk-in-solingen.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'i', 'n', '-', 's', 'o', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "freifunk-lindlar.net", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'l', 'i', 'n', 'd', 'l', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "freifunk-luenen.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'l', 'u', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0', + /* "freifunk-nrw.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'n', 'r', 'w', '.', 'd', 'e', '\0', + /* "freifunk-remscheid.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'r', 'e', 'm', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0', + /* "freimeldungen.de", true */ 'f', 'r', 'e', 'i', 'm', 'e', 'l', 'd', 'u', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "freims.cc", true */ 'f', 'r', 'e', 'i', 'm', 's', '.', 'c', 'c', '\0', + /* "freiwurst.net", true */ 'f', 'r', 'e', 'i', 'w', 'u', 'r', 's', 't', '.', 'n', 'e', 't', '\0', + /* "freizeitplaza.de", true */ 'f', 'r', 'e', 'i', 'z', 'e', 'i', 't', 'p', 'l', 'a', 'z', 'a', '.', 'd', 'e', '\0', + /* "frenchcreekcog.org", true */ 'f', 'r', 'e', 'n', 'c', 'h', 'c', 'r', 'e', 'e', 'k', 'c', 'o', 'g', '.', 'o', 'r', 'g', '\0', + /* "frenzel.dk", true */ 'f', 'r', 'e', 'n', 'z', 'e', 'l', '.', 'd', 'k', '\0', + /* "frequencebanane.ch", true */ 'f', 'r', 'e', 'q', 'u', 'e', 'n', 'c', 'e', 'b', 'a', 'n', 'a', 'n', 'e', '.', 'c', 'h', '\0', + /* "fresh-hotel.org", true */ 'f', 'r', 'e', 's', 'h', '-', 'h', 'o', 't', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "fresh-networks.net", true */ 'f', 'r', 'e', 's', 'h', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "fresh.co.il", true */ 'f', 'r', 'e', 's', 'h', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "freshdesigns.de", true */ 'f', 'r', 'e', 's', 'h', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'd', 'e', '\0', + /* "freshdns.nl", true */ 'f', 'r', 'e', 's', 'h', 'd', 'n', 's', '.', 'n', 'l', '\0', + /* "freshempire.gov", true */ 'f', 'r', 'e', 's', 'h', 'e', 'm', 'p', 'i', 'r', 'e', '.', 'g', 'o', 'v', '\0', + /* "freshmaza.com", true */ 'f', 'r', 'e', 's', 'h', 'm', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "freshmaza.net", true */ 'f', 'r', 'e', 's', 'h', 'm', 'a', 'z', 'a', '.', 'n', 'e', 't', '\0', + /* "fretscha.com", true */ 'f', 'r', 'e', 't', 's', 'c', 'h', 'a', '.', 'c', 'o', 'm', '\0', + /* "frettboard.com", true */ 'f', 'r', 'e', 't', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "fretworksec.com", true */ 'f', 'r', 'e', 't', 'w', 'o', 'r', 'k', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "fribourgviking.net", true */ 'f', 'r', 'i', 'b', 'o', 'u', 'r', 'g', 'v', 'i', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "frickelboxx.de", true */ 'f', 'r', 'i', 'c', 'k', 'e', 'l', 'b', 'o', 'x', 'x', '.', 'd', 'e', '\0', + /* "frickelmeister.de", true */ 'f', 'r', 'i', 'c', 'k', 'e', 'l', 'm', 'e', 'i', 's', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "fridayfoucoud.ma", true */ 'f', 'r', 'i', 'd', 'a', 'y', 'f', 'o', 'u', 'c', 'o', 'u', 'd', '.', 'm', 'a', '\0', + /* "friederes.lu", true */ 'f', 'r', 'i', 'e', 'd', 'e', 'r', 'e', 's', '.', 'l', 'u', '\0', + /* "friedrich-foto-art.de", true */ 'f', 'r', 'i', 'e', 'd', 'r', 'i', 'c', 'h', '-', 'f', 'o', 't', 'o', '-', 'a', 'r', 't', '.', 'd', 'e', '\0', + /* "friedsamphotography.com", true */ 'f', 'r', 'i', 'e', 'd', 's', 'a', 'm', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "friendlysiberia.com", true */ 'f', 'r', 'i', 'e', 'n', 'd', 'l', 'y', 's', 'i', 'b', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "friends-of-naz.com", true */ 'f', 'r', 'i', 'e', 'n', 'd', 's', '-', 'o', 'f', '-', 'n', 'a', 'z', '.', 'c', 'o', 'm', '\0', + /* "friends24.cz", true */ 'f', 'r', 'i', 'e', 'n', 'd', 's', '2', '4', '.', 'c', 'z', '\0', + /* "friendship-quotes.co.uk", true */ 'f', 'r', 'i', 'e', 'n', 'd', 's', 'h', 'i', 'p', '-', 'q', 'u', 'o', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "friet.org", true */ 'f', 'r', 'i', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "friezy.ru", true */ 'f', 'r', 'i', 'e', 'z', 'y', '.', 'r', 'u', '\0', + /* "frigi.ch", true */ 'f', 'r', 'i', 'g', 'i', '.', 'c', 'h', '\0', + /* "frigolit.net", true */ 'f', 'r', 'i', 'g', 'o', 'l', 'i', 't', '.', 'n', 'e', 't', '\0', + /* "friller.com.au", true */ 'f', 'r', 'i', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "frillip.com", true */ 'f', 'r', 'i', 'l', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "frinkiac.com", true */ 'f', 'r', 'i', 'n', 'k', 'i', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "frino.de", true */ 'f', 'r', 'i', 'n', 'o', '.', 'd', 'e', '\0', + /* "frippz.se", true */ 'f', 'r', 'i', 'p', 'p', 'z', '.', 's', 'e', '\0', + /* "fritteli.ch", true */ 'f', 'r', 'i', 't', 't', 'e', 'l', 'i', '.', 'c', 'h', '\0', + /* "fritzrepair.com", true */ 'f', 'r', 'i', 't', 'z', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "frizo.com", true */ 'f', 'r', 'i', 'z', 'o', '.', 'c', 'o', 'm', '\0', + /* "frly.de", true */ 'f', 'r', 'l', 'y', '.', 'd', 'e', '\0', + /* "frob.nl", true */ 'f', 'r', 'o', 'b', '.', 'n', 'l', '\0', + /* "froehlich.it", true */ 'f', 'r', 'o', 'e', 'h', 'l', 'i', 'c', 'h', '.', 'i', 't', '\0', + /* "frogatto.com", true */ 'f', 'r', 'o', 'g', 'a', 't', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "frogeye.fr", true */ 'f', 'r', 'o', 'g', 'e', 'y', 'e', '.', 'f', 'r', '\0', + /* "froggitt.com", true */ 'f', 'r', 'o', 'g', 'g', 'i', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "frogsonamission.de", true */ 'f', 'r', 'o', 'g', 's', 'o', 'n', 'a', 'm', 'i', 's', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "froh.co.jp", true */ 'f', 'r', 'o', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "frokenblomma.se", true */ 'f', 'r', 'o', 'k', 'e', 'n', 'b', 'l', 'o', 'm', 'm', 'a', '.', 's', 'e', '\0', + /* "frolova.org", true */ 'f', 'r', 'o', 'l', 'o', 'v', 'a', '.', 'o', 'r', 'g', '\0', + /* "fromix.de", true */ 'f', 'r', 'o', 'm', 'i', 'x', '.', 'd', 'e', '\0', + /* "fromscratch.rocks", true */ 'f', 'r', 'o', 'm', 's', 'c', 'r', 'a', 't', 'c', 'h', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "fronteers.nl", false */ 'f', 'r', 'o', 'n', 't', 'e', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "frontline.cloud", true */ 'f', 'r', 'o', 'n', 't', 'l', 'i', 'n', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "frontline6.com", true */ 'f', 'r', 'o', 'n', 't', 'l', 'i', 'n', 'e', '6', '.', 'c', 'o', 'm', '\0', + /* "fropky.com", true */ 'f', 'r', 'o', 'p', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "frostbytes.net", true */ 'f', 'r', 'o', 's', 't', 'b', 'y', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "frostwarning.com", true */ 'f', 'r', 'o', 's', 't', 'w', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "frothy.coffee", true */ 'f', 'r', 'o', 't', 'h', 'y', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "froufe.com", true */ 'f', 'r', 'o', 'u', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "frozen-geek.net", true */ 'f', 'r', 'o', 'z', 'e', 'n', '-', 'g', 'e', 'e', 'k', '.', 'n', 'e', 't', '\0', + /* "frozen-solid.net", true */ 'f', 'r', 'o', 'z', 'e', 'n', '-', 's', 'o', 'l', 'i', 'd', '.', 'n', 'e', 't', '\0', + /* "frtn.com", true */ 'f', 'r', 't', 'n', '.', 'c', 'o', 'm', '\0', + /* "frtr.gov", true */ 'f', 'r', 't', 'r', '.', 'g', 'o', 'v', '\0', + /* "frtrains.com", true */ 'f', 'r', 't', 'r', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "fruchthof24.de", true */ 'f', 'r', 'u', 'c', 'h', 't', 'h', 'o', 'f', '2', '4', '.', 'd', 'e', '\0', + /* "fruchtikus.net", true */ 'f', 'r', 'u', 'c', 'h', 't', 'i', 'k', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "frugalfamilyhome.com", true */ 'f', 'r', 'u', 'g', 'a', 'l', 'f', 'a', 'm', 'i', 'l', 'y', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "frugalmechanic.com", true */ 'f', 'r', 'u', 'g', 'a', 'l', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "frugro.be", false */ 'f', 'r', 'u', 'g', 'r', 'o', '.', 'b', 'e', '\0', + /* "fruition.co.jp", true */ 'f', 'r', 'u', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "frusky.de", true */ 'f', 'r', 'u', 's', 'k', 'y', '.', 'd', 'e', '\0', + /* "frydrychit.cz", true */ 'f', 'r', 'y', 'd', 'r', 'y', 'c', 'h', 'i', 't', '.', 'c', 'z', '\0', + /* "fs-fitness.eu", true */ 'f', 's', '-', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'e', 'u', '\0', + /* "fs-maistadt.de", true */ 'f', 's', '-', 'm', 'a', 'i', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0', + /* "fsbnh.bank", true */ 'f', 's', 'b', 'n', 'h', '.', 'b', 'a', 'n', 'k', '\0', + /* "fsbpaintrock.com", true */ 'f', 's', 'b', 'p', 'a', 'i', 'n', 't', 'r', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "fsbturton.com", true */ 'f', 's', 'b', 't', 'u', 'r', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "fsck.cz", true */ 'f', 's', 'c', 'k', '.', 'c', 'z', '\0', + /* "fsck.jp", true */ 'f', 's', 'c', 'k', '.', 'j', 'p', '\0', + /* "fsckd.com", true */ 'f', 's', 'c', 'k', 'd', '.', 'c', 'o', 'm', '\0', + /* "fscott.de", true */ 'f', 's', 'c', 'o', 't', 't', '.', 'd', 'e', '\0', + /* "fsf.moe", true */ 'f', 's', 'f', '.', 'm', 'o', 'e', '\0', + /* "fsk.fo", true */ 'f', 's', 'k', '.', 'f', 'o', '\0', + /* "fsky.info", true */ 'f', 's', 'k', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "fsm2016.org", true */ 'f', 's', 'm', '2', '0', '1', '6', '.', 'o', 'r', 'g', '\0', + /* "fsps.ch", true */ 'f', 's', 'p', 's', '.', 'c', 'h', '\0', + /* "fstatic.io", true */ 'f', 's', 't', 'a', 't', 'i', 'c', '.', 'i', 'o', '\0', + /* "fsvt.ch", true */ 'f', 's', 'v', 't', '.', 'c', 'h', '\0', + /* "ftang.de", true */ 'f', 't', 'a', 'n', 'g', '.', 'd', 'e', '\0', + /* "ftc.gov", false */ 'f', 't', 'c', '.', 'g', 'o', 'v', '\0', + /* "ftccomplaintassistant.gov", true */ 'f', 't', 'c', 'c', 'o', 'm', 'p', 'l', 'a', 'i', 'n', 't', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 't', '.', 'g', 'o', 'v', '\0', + /* "ftcefile.gov", true */ 'f', 't', 'c', 'e', 'f', 'i', 'l', 'e', '.', 'g', 'o', 'v', '\0', + /* "ftgho.com", true */ 'f', 't', 'g', 'h', 'o', '.', 'c', 'o', 'm', '\0', + /* "ftng.se", true */ 'f', 't', 'n', 'g', '.', 's', 'e', '\0', + /* "ftrsecure.com", true */ 'f', 't', 'r', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "fuchsy.com", true */ 'f', 'u', 'c', 'h', 's', 'y', '.', 'c', 'o', 'm', '\0', + /* "fuckav.ru", true */ 'f', 'u', 'c', 'k', 'a', 'v', '.', 'r', 'u', '\0', + /* "fuckcie.com", true */ 'f', 'u', 'c', 'k', 'c', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "fucklife.ch", true */ 'f', 'u', 'c', 'k', 'l', 'i', 'f', 'e', '.', 'c', 'h', '\0', + /* "fuckyoupaypal.me", true */ 'f', 'u', 'c', 'k', 'y', 'o', 'u', 'p', 'a', 'y', 'p', 'a', 'l', '.', 'm', 'e', '\0', + /* "fudanshi.org", true */ 'f', 'u', 'd', 'a', 'n', 's', 'h', 'i', '.', 'o', 'r', 'g', '\0', + /* "fuechschen.org", true */ 'f', 'u', 'e', 'c', 'h', 's', 'c', 'h', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "fuelingyourdreams.com", true */ 'f', 'u', 'e', 'l', 'i', 'n', 'g', 'y', 'o', 'u', 'r', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "fugamo.de", true */ 'f', 'u', 'g', 'a', 'm', 'o', '.', 'd', 'e', '\0', + /* "fuglede.dk", true */ 'f', 'u', 'g', 'l', 'e', 'd', 'e', '.', 'd', 'k', '\0', + /* "fuite.ch", true */ 'f', 'u', 'i', 't', 'e', '.', 'c', 'h', '\0', + /* "fuites.ch", true */ 'f', 'u', 'i', 't', 'e', 's', '.', 'c', 'h', '\0', + /* "fujianshipbuilding.com", true */ 'f', 'u', 'j', 'i', 'a', 'n', 's', 'h', 'i', 'p', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "fujiwaraqol.com", true */ 'f', 'u', 'j', 'i', 'w', 'a', 'r', 'a', 'q', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "fukakukeiba.com", true */ 'f', 'u', 'k', 'a', 'k', 'u', 'k', 'e', 'i', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "fukuoka-cityliner.jp", true */ 'f', 'u', 'k', 'u', 'o', 'k', 'a', '-', 'c', 'i', 't', 'y', 'l', 'i', 'n', 'e', 'r', '.', 'j', 'p', '\0', + /* "fukushimacoffee.com", true */ 'f', 'u', 'k', 'u', 's', 'h', 'i', 'm', 'a', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "fulgenzis.com", true */ 'f', 'u', 'l', 'g', 'e', 'n', 'z', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "fuliwang.info", true */ 'f', 'u', 'l', 'i', 'w', 'a', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0', + /* "fuliwang.us", true */ 'f', 'u', 'l', 'i', 'w', 'a', 'n', 'g', '.', 'u', 's', '\0', + /* "fullautomotivo.com.br", true */ 'f', 'u', 'l', 'l', 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "fullbundle.com", true */ 'f', 'u', 'l', 'l', 'b', 'u', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "fullhub.ru", true */ 'f', 'u', 'l', 'l', 'h', 'u', 'b', '.', 'r', 'u', '\0', + /* "fullmatch.net", true */ 'f', 'u', 'l', 'l', 'm', 'a', 't', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "fullstacknotes.com", true */ 'f', 'u', 'l', 'l', 's', 't', 'a', 'c', 'k', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "fumblers.ca", true */ 'f', 'u', 'm', 'b', 'l', 'e', 'r', 's', '.', 'c', 'a', '\0', + /* "fumerolles.ch", true */ 'f', 'u', 'm', 'e', 'r', 'o', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0', + /* "fun-bounce.co.uk", true */ 'f', 'u', 'n', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fun-tasia.co.uk", true */ 'f', 'u', 'n', '-', 't', 'a', 's', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fun4kidzbouncycastles.co.uk", true */ 'f', 'u', 'n', '4', 'k', 'i', 'd', 'z', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fun4ubouncycastles.co.uk", true */ 'f', 'u', 'n', '4', 'u', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "funandbounce.com", true */ 'f', 'u', 'n', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "funarena.com.ua", true */ 'f', 'u', 'n', 'a', 'r', 'e', 'n', 'a', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "funatic.nl", true */ 'f', 'u', 'n', 'a', 't', 'i', 'c', '.', 'n', 'l', '\0', + /* "funbouncelincs.co.uk", true */ 'f', 'u', 'n', 'b', 'o', 'u', 'n', 'c', 'e', 'l', 'i', 'n', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "funchestra.at", false */ 'f', 'u', 'n', 'c', 'h', 'e', 's', 't', 'r', 'a', '.', 'a', 't', '\0', + /* "functional.cc", true */ 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'c', '\0', + /* "functions-online.com", true */ 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "fundacionfranciscofiasco.org", true */ 'f', 'u', 'n', 'd', 'a', 'c', 'i', 'o', 'n', 'f', 'r', 'a', 'n', 'c', 'i', 's', 'c', 'o', 'f', 'i', 'a', 's', 'c', 'o', '.', 'o', 'r', 'g', '\0', + /* "fundayltd.com", true */ 'f', 'u', 'n', 'd', 'a', 'y', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0', + /* "fundays.nl", true */ 'f', 'u', 'n', 'd', 'a', 'y', 's', '.', 'n', 'l', '\0', + /* "fundchan.com", true */ 'f', 'u', 'n', 'd', 'c', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "fundeego.com", true */ 'f', 'u', 'n', 'd', 'e', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "funderburg.me", true */ 'f', 'u', 'n', 'd', 'e', 'r', 'b', 'u', 'r', 'g', '.', 'm', 'e', '\0', + /* "fundingempire.com", true */ 'f', 'u', 'n', 'd', 'i', 'n', 'g', 'e', 'm', 'p', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "fundort.ch", true */ 'f', 'u', 'n', 'd', 'o', 'r', 't', '.', 'c', 'h', '\0', + /* "funfactorleeds.co.uk", true */ 'f', 'u', 'n', 'f', 'a', 'c', 't', 'o', 'r', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "funfoodco.co.uk", true */ 'f', 'u', 'n', 'f', 'o', 'o', 'd', 'c', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "funfunmstdn.tokyo", true */ 'f', 'u', 'n', 'f', 'u', 'n', 'm', 's', 't', 'd', 'n', '.', 't', 'o', 'k', 'y', 'o', '\0', + /* "funhouse-inflatables.co.uk", true */ 'f', 'u', 'n', 'h', 'o', 'u', 's', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "funi4u.com", true */ 'f', 'u', 'n', 'i', '4', 'u', '.', 'c', 'o', 'm', '\0', + /* "funideas.org", true */ 'f', 'u', 'n', 'i', 'd', 'e', 'a', 's', '.', 'o', 'r', 'g', '\0', + /* "funinbeds.org.uk", true */ 'f', 'u', 'n', 'i', 'n', 'b', 'e', 'd', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "funken-networks.de", true */ 'f', 'u', 'n', 'k', 'e', 'n', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0', + /* "funktionel.co", true */ 'f', 'u', 'n', 'k', 't', 'i', 'o', 'n', 'e', 'l', '.', 'c', 'o', '\0', + /* "funnelweb.xyz", true */ 'f', 'u', 'n', 'n', 'e', 'l', 'w', 'e', 'b', '.', 'x', 'y', 'z', '\0', + /* "funniestclip.com", true */ 'f', 'u', 'n', 'n', 'i', 'e', 's', 't', 'c', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "funny-joke-pictures.com", true */ 'f', 'u', 'n', 'n', 'y', '-', 'j', 'o', 'k', 'e', '-', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "funnybikini.com", true */ 'f', 'u', 'n', 'n', 'y', 'b', 'i', 'k', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "funoverip.net", true */ 'f', 'u', 'n', 'o', 'v', 'e', 'r', 'i', 'p', '.', 'n', 'e', 't', '\0', + /* "funtastic.ie", true */ 'f', 'u', 'n', 't', 'a', 's', 't', 'i', 'c', '.', 'i', 'e', '\0', + /* "funtasticinflatablesdurham.co.uk", true */ 'f', 'u', 'n', 't', 'a', 's', 't', 'i', 'c', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', 'd', 'u', 'r', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "funtime-inflatables.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "funtime.kiev.ua", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', '.', 'k', 'i', 'e', 'v', '.', 'u', 'a', '\0', + /* "funtimebourne.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "funtimeentertainment.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "funtimesbouncycastles.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "furgo.love", true */ 'f', 'u', 'r', 'g', 'o', '.', 'l', 'o', 'v', 'e', '\0', + /* "furigana.info", true */ 'f', 'u', 'r', 'i', 'g', 'a', 'n', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "furkancaliskan.com", true */ 'f', 'u', 'r', 'k', 'a', 'n', 'c', 'a', 'l', 'i', 's', 'k', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "furkot.com", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "furkot.de", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'd', 'e', '\0', + /* "furkot.es", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'e', 's', '\0', + /* "furkot.fr", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'f', 'r', '\0', + /* "furkot.it", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'i', 't', '\0', + /* "furkot.pl", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'p', 'l', '\0', + /* "furlan.co", true */ 'f', 'u', 'r', 'l', 'a', 'n', '.', 'c', 'o', '\0', + /* "furnfurs.com", true */ 'f', 'u', 'r', 'n', 'f', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "furnitureconcept.co.uk", true */ 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "furry.agency", true */ 'f', 'u', 'r', 'r', 'y', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0', + /* "furry.dk", true */ 'f', 'u', 'r', 'r', 'y', '.', 'd', 'k', '\0', + /* "furtivelook.com", true */ 'f', 'u', 'r', 't', 'i', 'v', 'e', 'l', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "fusa-miyamoto.jp", true */ 'f', 'u', 's', 'a', '-', 'm', 'i', 'y', 'a', 'm', 'o', 't', 'o', '.', 'j', 'p', '\0', + /* "fuseos.net", true */ 'f', 'u', 's', 'e', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "fushee.com", true */ 'f', 'u', 's', 'h', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "fuskator.com", true */ 'f', 'u', 's', 'k', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "fussball-xxl.de", true */ 'f', 'u', 's', 's', 'b', 'a', 'l', 'l', '-', 'x', 'x', 'l', '.', 'd', 'e', '\0', + /* "fussell.io", true */ 'f', 'u', 's', 's', 'e', 'l', 'l', '.', 'i', 'o', '\0', + /* "futbolvivo.tv", true */ 'f', 'u', 't', 'b', 'o', 'l', 'v', 'i', 'v', 'o', '.', 't', 'v', '\0', + /* "futrou.com", true */ 'f', 'u', 't', 'r', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "futurefire.de", true */ 'f', 'u', 't', 'u', 'r', 'e', 'f', 'i', 'r', 'e', '.', 'd', 'e', '\0', + /* "futurenda.com", true */ 'f', 'u', 't', 'u', 'r', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "futureoceans.org", true */ 'f', 'u', 't', 'u', 'r', 'e', 'o', 'c', 'e', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "futuresonline.com", true */ 'f', 'u', 't', 'u', 'r', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "futurezone.at", true */ 'f', 'u', 't', 'u', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'a', 't', '\0', + /* "futuristarchitecture.com", true */ 'f', 'u', 't', 'u', 'r', 'i', 's', 't', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "futurope.com", true */ 'f', 'u', 't', 'u', 'r', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "fuwafuwa.moe", true */ 'f', 'u', 'w', 'a', 'f', 'u', 'w', 'a', '.', 'm', 'o', 'e', '\0', + /* "fuxwerk.de", true */ 'f', 'u', 'x', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0', + /* "fuyu.moe", true */ 'f', 'u', 'y', 'u', '.', 'm', 'o', 'e', '\0', + /* "fuzoku.jp", true */ 'f', 'u', 'z', 'o', 'k', 'u', '.', 'j', 'p', '\0', + /* "fuzzing-project.org", true */ 'f', 'u', 'z', 'z', 'i', 'n', 'g', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "fveevaete.com", true */ 'f', 'v', 'e', 'e', 'v', 'a', 'e', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "fwdx.net", true */ 'f', 'w', 'd', 'x', '.', 'n', 'e', 't', '\0', + /* "fwei.tk", true */ 'f', 'w', 'e', 'i', '.', 't', 'k', '\0', + /* "fwest.ovh", true */ 'f', 'w', 'e', 's', 't', '.', 'o', 'v', 'h', '\0', + /* "fwest98.ovh", true */ 'f', 'w', 'e', 's', 't', '9', '8', '.', 'o', 'v', 'h', '\0', + /* "fwww7.com", true */ 'f', 'w', 'w', 'w', '7', '.', 'c', 'o', 'm', '\0', + /* "fx24.uk", true */ 'f', 'x', '2', '4', '.', 'u', 'k', '\0', + /* "fx5.de", true */ 'f', 'x', '5', '.', 'd', 'e', '\0', + /* "fxgame.online", true */ 'f', 'x', 'g', 'a', 'm', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "fxislamic.com", true */ 'f', 'x', 'i', 's', 'l', 'a', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "fxopen.co.uk", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "fxopen.com", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "fxopen.com.au", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "fxopen.com.br", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "fxopen.com.mx", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "fxopen.my", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'm', 'y', '\0', + /* "fxopen.ru", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'r', 'u', '\0', + /* "fxp.co.il", false */ 'f', 'x', 'p', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "fxpig-ib.com", true */ 'f', 'x', 'p', 'i', 'g', '-', 'i', 'b', '.', 'c', 'o', 'm', '\0', + /* "fxtalk.cn", true */ 'f', 'x', 't', 'a', 'l', 'k', '.', 'c', 'n', '\0', + /* "fxthai.com", true */ 'f', 'x', 't', 'h', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "fxtrade-lab.com", true */ 'f', 'x', 't', 'r', 'a', 'd', 'e', '-', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "fyn.nl", true */ 'f', 'y', 'n', '.', 'n', 'l', '\0', + /* "fysesbjerg.dk", true */ 'f', 'y', 's', 'e', 's', 'b', 'j', 'e', 'r', 'g', '.', 'd', 'k', '\0', + /* "fysiotherapieholtenbroek.nl", true */ 'f', 'y', 's', 'i', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'i', 'e', 'h', 'o', 'l', 't', 'e', 'n', 'b', 'r', 'o', 'e', 'k', '.', 'n', 'l', '\0', + /* "fysiotherapierossum.nl", true */ 'f', 'y', 's', 'i', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'i', 'e', 'r', 'o', 's', 's', 'u', 'm', '.', 'n', 'l', '\0', + /* "fysiovdberg.nl", true */ 'f', 'y', 's', 'i', 'o', 'v', 'd', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0', + /* "fysuite.com", true */ 'f', 'y', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "fzbrweb.cz", true */ 'f', 'z', 'b', 'r', 'w', 'e', 'b', '.', 'c', 'z', '\0', + /* "fzx750.ru", true */ 'f', 'z', 'x', '7', '5', '0', '.', 'r', 'u', '\0', + /* "g-m-w.eu", true */ 'g', '-', 'm', '-', 'w', '.', 'e', 'u', '\0', + /* "g-o.pl", true */ 'g', '-', 'o', '.', 'p', 'l', '\0', + /* "g-rom.net", true */ 'g', '-', 'r', 'o', 'm', '.', 'n', 'e', 't', '\0', + /* "g01.in.ua", true */ 'g', '0', '1', '.', 'i', 'n', '.', 'u', 'a', '\0', + /* "g1.ie", true */ 'g', '1', '.', 'i', 'e', '\0', + /* "g10e.ch", true */ 'g', '1', '0', 'e', '.', 'c', 'h', '\0', + /* "g2-inc.com", false */ 'g', '2', '-', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "g2links.com", true */ 'g', '2', 'l', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "g2pla.net", true */ 'g', '2', 'p', 'l', 'a', '.', 'n', 'e', 't', '\0', + /* "g2soft.net", true */ 'g', '2', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "g3dev.ch", true */ 'g', '3', 'd', 'e', 'v', '.', 'c', 'h', '\0', + /* "g3rv4.com", true */ 'g', '3', 'r', 'v', '4', '.', 'c', 'o', 'm', '\0', + /* "g4w.co", true */ 'g', '4', 'w', '.', 'c', 'o', '\0', + /* "gaanbaksho.com.au", true */ 'g', 'a', 'a', 'n', 'b', 'a', 'k', 's', 'h', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "gabemack.com", true */ 'g', 'a', 'b', 'e', 'm', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "gabethebabetv.com", true */ 'g', 'a', 'b', 'e', 't', 'h', 'e', 'b', 'a', 'b', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "gabrielsimonet.ch", true */ 'g', 'a', 'b', 'r', 'i', 'e', 'l', 's', 'i', 'm', 'o', 'n', 'e', 't', '.', 'c', 'h', '\0', + /* "gachter.name", true */ 'g', 'a', 'c', 'h', 't', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0', + /* "gadabit.pl", true */ 'g', 'a', 'd', 'a', 'b', 'i', 't', '.', 'p', 'l', '\0', + /* "gadgethacks.com", true */ 'g', 'a', 'd', 'g', 'e', 't', 'h', 'a', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "gaestehaus-monika.com", true */ 'g', 'a', 'e', 's', 't', 'e', 'h', 'a', 'u', 's', '-', 'm', 'o', 'n', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "gaflooring.com", true */ 'g', 'a', 'f', 'l', 'o', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "gafunds.com", true */ 'g', 'a', 'f', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "gagne-enterprises.com", true */ 'g', 'a', 'g', 'n', 'e', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "gagne.tk", true */ 'g', 'a', 'g', 'n', 'e', '.', 't', 'k', '\0', + /* "gagnerplusdargent.info", true */ 'g', 'a', 'g', 'n', 'e', 'r', 'p', 'l', 'u', 's', 'd', 'a', 'r', 'g', 'e', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "gagniard.org", true */ 'g', 'a', 'g', 'n', 'i', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "gagor.pl", true */ 'g', 'a', 'g', 'o', 'r', '.', 'p', 'l', '\0', + /* "gagygnole.ch", true */ 'g', 'a', 'g', 'y', 'g', 'n', 'o', 'l', 'e', '.', 'c', 'h', '\0', + /* "gaichanh.com", true */ 'g', 'a', 'i', 'c', 'h', 'a', 'n', 'h', '.', 'c', 'o', 'm', '\0', + /* "gaichon.com", true */ 'g', 'a', 'i', 'c', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "gaines-sodiamex.fr", true */ 'g', 'a', 'i', 'n', 'e', 's', '-', 's', 'o', 'd', 'i', 'a', 'm', 'e', 'x', '.', 'f', 'r', '\0', + /* "gaio-automobiles.fr", true */ 'g', 'a', 'i', 'o', '-', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', 'e', 's', '.', 'f', 'r', '\0', + /* "gaireg.de", true */ 'g', 'a', 'i', 'r', 'e', 'g', '.', 'd', 'e', '\0', + /* "gajas18.com", true */ 'g', 'a', 'j', 'a', 's', '1', '8', '.', 'c', 'o', 'm', '\0', + /* "gakkainavi-epsilon.jp", true */ 'g', 'a', 'k', 'k', 'a', 'i', 'n', 'a', 'v', 'i', '-', 'e', 'p', 's', 'i', 'l', 'o', 'n', '.', 'j', 'p', '\0', + /* "gakkainavi.net", true */ 'g', 'a', 'k', 'k', 'a', 'i', 'n', 'a', 'v', 'i', '.', 'n', 'e', 't', '\0', + /* "gakkainavi4.jp", true */ 'g', 'a', 'k', 'k', 'a', 'i', 'n', 'a', 'v', 'i', '4', '.', 'j', 'p', '\0', + /* "gaku-architect.com", true */ 'g', 'a', 'k', 'u', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "galactic-crew.org", true */ 'g', 'a', 'l', 'a', 'c', 't', 'i', 'c', '-', 'c', 'r', 'e', 'w', '.', 'o', 'r', 'g', '\0', + /* "galak.ch", true */ 'g', 'a', 'l', 'a', 'k', '.', 'c', 'h', '\0', + /* "galerieautodirect.com", true */ 'g', 'a', 'l', 'e', 'r', 'i', 'e', 'a', 'u', 't', 'o', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "galeries.photo", true */ 'g', 'a', 'l', 'e', 'r', 'i', 'e', 's', '.', 'p', 'h', 'o', 't', 'o', '\0', + /* "galgoafegao.com.br", true */ 'g', 'a', 'l', 'g', 'o', 'a', 'f', 'e', 'g', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "galgoingles.com.br", true */ 'g', 'a', 'l', 'g', 'o', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "galgopersa.com.br", true */ 'g', 'a', 'l', 'g', 'o', 'p', 'e', 'r', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "galileanhome.org", true */ 'g', 'a', 'l', 'i', 'l', 'e', 'a', 'n', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "galileomtz.com", true */ 'g', 'a', 'l', 'i', 'l', 'e', 'o', 'm', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "galinas-blog.de", true */ 'g', 'a', 'l', 'i', 'n', 'a', 's', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "galinos.gr", true */ 'g', 'a', 'l', 'i', 'n', 'o', 's', '.', 'g', 'r', '\0', + /* "gallerify.eu", true */ 'g', 'a', 'l', 'l', 'e', 'r', 'i', 'f', 'y', '.', 'e', 'u', '\0', + /* "gallicrooster.com", true */ 'g', 'a', 'l', 'l', 'i', 'c', 'r', 'o', 'o', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "gallun-shop.com", true */ 'g', 'a', 'l', 'l', 'u', 'n', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "galpaoap.com.br", true */ 'g', 'a', 'l', 'p', 'a', 'o', 'a', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "gamajo.com", true */ 'g', 'a', 'm', 'a', 'j', 'o', '.', 'c', 'o', 'm', '\0', + /* "gamberorosso.menu", true */ 'g', 'a', 'm', 'b', 'e', 'r', 'o', 'r', 'o', 's', 's', 'o', '.', 'm', 'e', 'n', 'u', '\0', + /* "gambetti.fr", true */ 'g', 'a', 'm', 'b', 'e', 't', 't', 'i', '.', 'f', 'r', '\0', + /* "gambit.pro", true */ 'g', 'a', 'm', 'b', 'i', 't', '.', 'p', 'r', 'o', '\0', + /* "gambitboard.com", true */ 'g', 'a', 'm', 'b', 'i', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "gambitnash.co.uk", true */ 'g', 'a', 'm', 'b', 'i', 't', 'n', 'a', 's', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gambitnash.com", true */ 'g', 'a', 'm', 'b', 'i', 't', 'n', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "gambitprint.com", true */ 'g', 'a', 'm', 'b', 'i', 't', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "gamblersgaming.eu", true */ 'g', 'a', 'm', 'b', 'l', 'e', 'r', 's', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'e', 'u', '\0', + /* "game-files.net", false */ 'g', 'a', 'm', 'e', '-', 'f', 'i', 'l', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "game7.de", true */ 'g', 'a', 'm', 'e', '7', '.', 'd', 'e', '\0', + /* "gamebits.net", true */ 'g', 'a', 'm', 'e', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0', + /* "gamebrott.com", true */ 'g', 'a', 'm', 'e', 'b', 'r', 'o', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "gamecard-shop.nl", true */ 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', '-', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0', + /* "gameclue.jp", true */ 'g', 'a', 'm', 'e', 'c', 'l', 'u', 'e', '.', 'j', 'p', '\0', + /* "gamecollector.be", true */ 'g', 'a', 'm', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'o', 'r', '.', 'b', 'e', '\0', + /* "gameconservation.org.uk", true */ 'g', 'a', 'm', 'e', 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "gamedevelopers.pl", true */ 'g', 'a', 'm', 'e', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 's', '.', 'p', 'l', '\0', + /* "gamegix.com", true */ 'g', 'a', 'm', 'e', 'g', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "gameguardian.net", true */ 'g', 'a', 'm', 'e', 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "gameisbest.jp", true */ 'g', 'a', 'm', 'e', 'i', 's', 'b', 'e', 's', 't', '.', 'j', 'p', '\0', + /* "gamekeepers.cz", true */ 'g', 'a', 'm', 'e', 'k', 'e', 'e', 'p', 'e', 'r', 's', '.', 'c', 'z', '\0', + /* "gamekeysuche.de", true */ 'g', 'a', 'm', 'e', 'k', 'e', 'y', 's', 'u', 'c', 'h', 'e', '.', 'd', 'e', '\0', + /* "gamenerd.net", true */ 'g', 'a', 'm', 'e', 'n', 'e', 'r', 'd', '.', 'n', 'e', 't', '\0', + /* "gameofbay.org", true */ 'g', 'a', 'm', 'e', 'o', 'f', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "gameofpwnz.com", true */ 'g', 'a', 'm', 'e', 'o', 'f', 'p', 'w', 'n', 'z', '.', 'c', 'o', 'm', '\0', + /* "gamepad.com.br", true */ 'g', 'a', 'm', 'e', 'p', 'a', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "gameparagon.info", true */ 'g', 'a', 'm', 'e', 'p', 'a', 'r', 'a', 'g', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "gamercredo.com", true */ 'g', 'a', 'm', 'e', 'r', 'c', 'r', 'e', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "gamercredo.net", true */ 'g', 'a', 'm', 'e', 'r', 'c', 'r', 'e', 'd', 'o', '.', 'n', 'e', 't', '\0', + /* "gamerezo.com", true */ 'g', 'a', 'm', 'e', 'r', 'e', 'z', 'o', '.', 'c', 'o', 'm', '\0', + /* "games4theworld.org", true */ 'g', 'a', 'm', 'e', 's', '4', 't', 'h', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'o', 'r', 'g', '\0', + /* "gameserver-sponsor.me", true */ 'g', 'a', 'm', 'e', 's', 'e', 'r', 'v', 'e', 'r', '-', 's', 'p', 'o', 'n', 's', 'o', 'r', '.', 'm', 'e', '\0', + /* "gameshowchallenge.ie", true */ 'g', 'a', 'm', 'e', 's', 'h', 'o', 'w', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'i', 'e', '\0', + /* "gamesplanet.com", true */ 'g', 'a', 'm', 'e', 's', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "gamestats.gg", true */ 'g', 'a', 'm', 'e', 's', 't', 'a', 't', 's', '.', 'g', 'g', '\0', + /* "gamhealth.net", true */ 'g', 'a', 'm', 'h', 'e', 'a', 'l', 't', 'h', '.', 'n', 'e', 't', '\0', + /* "gamingexodus.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'e', 'x', 'o', 'd', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "gamingrealms.net", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'r', 'e', 'a', 'l', 'm', 's', '.', 'n', 'e', 't', '\0', + /* "gamingreinvented.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'r', 'e', 'i', 'n', 'v', 'e', 'n', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "gamingwithcromulent.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'w', 'i', 't', 'h', 'c', 'r', 'o', 'm', 'u', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "gamingzoneservers.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'z', 'o', 'n', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "gamishou.fr", true */ 'g', 'a', 'm', 'i', 's', 'h', 'o', 'u', '.', 'f', 'r', '\0', + /* "gamoloco.com", true */ 'g', 'a', 'm', 'o', 'l', 'o', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "ganado.org", true */ 'g', 'a', 'n', 'a', 'd', 'o', '.', 'o', 'r', 'g', '\0', + /* "gancedo.com.es", true */ 'g', 'a', 'n', 'c', 'e', 'd', 'o', '.', 'c', 'o', 'm', '.', 'e', 's', '\0', + /* "gandalfservice.com", true */ 'g', 'a', 'n', 'd', 'a', 'l', 'f', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "gandalfthefeline.com", true */ 'g', 'a', 'n', 'd', 'a', 'l', 'f', 't', 'h', 'e', 'f', 'e', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "gandgliquors.com", true */ 'g', 'a', 'n', 'd', 'g', 'l', 'i', 'q', 'u', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "ganhonet.com.br", true */ 'g', 'a', 'n', 'h', 'o', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ganztagplus.de", true */ 'g', 'a', 'n', 'z', 't', 'a', 'g', 'p', 'l', 'u', 's', '.', 'd', 'e', '\0', + /* "gapdirect.com", true */ 'g', 'a', 'p', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "gapfa.org", true */ 'g', 'a', 'p', 'f', 'a', '.', 'o', 'r', 'g', '\0', + /* "gaptek.id", false */ 'g', 'a', 'p', 't', 'e', 'k', '.', 'i', 'd', '\0', + /* "gar-nich.net", false */ 'g', 'a', 'r', '-', 'n', 'i', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "garage-door.pro", true */ 'g', 'a', 'r', 'a', 'g', 'e', '-', 'd', 'o', 'o', 'r', '.', 'p', 'r', 'o', '\0', + /* "garage-leone.com", true */ 'g', 'a', 'r', 'a', 'g', 'e', '-', 'l', 'e', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "garage-meynard.com", true */ 'g', 'a', 'r', 'a', 'g', 'e', '-', 'm', 'e', 'y', 'n', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "garageenginuity.com", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'e', 'n', 'g', 'i', 'n', 'u', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "garagegoossens.be", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'g', 'o', 'o', 's', 's', 'e', 'n', 's', '.', 'b', 'e', '\0', + /* "garagemhermetica.org", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'm', 'h', 'e', 'r', 'm', 'e', 't', 'i', 'c', 'a', '.', 'o', 'r', 'g', '\0', + /* "garagevanhulle-used.be", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'v', 'a', 'n', 'h', 'u', 'l', 'l', 'e', '-', 'u', 's', 'e', 'd', '.', 'b', 'e', '\0', + /* "garanteasy.com", true */ 'g', 'a', 'r', 'a', 'n', 't', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '\0', + /* "garantieabschluss.de", false */ 'g', 'a', 'r', 'a', 'n', 't', 'i', 'e', 'a', 'b', 's', 'c', 'h', 'l', 'u', 's', 's', '.', 'd', 'e', '\0', + /* "garbage-juice.com", true */ 'g', 'a', 'r', 'b', 'a', 'g', 'e', '-', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "garciniacambogiareviewed.co", true */ 'g', 'a', 'r', 'c', 'i', 'n', 'i', 'a', 'c', 'a', 'm', 'b', 'o', 'g', 'i', 'a', 'r', 'e', 'v', 'i', 'e', 'w', 'e', 'd', '.', 'c', 'o', '\0', + /* "garda-see.mobi", true */ 'g', 'a', 'r', 'd', 'a', '-', 's', 'e', 'e', '.', 'm', 'o', 'b', 'i', '\0', + /* "garden-life.org", true */ 'g', 'a', 'r', 'd', 'e', 'n', '-', 'l', 'i', 'f', 'e', '.', 'o', 'r', 'g', '\0', + /* "gardencarezone.com", true */ 'g', 'a', 'r', 'd', 'e', 'n', 'c', 'a', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "gardengameshireuk.com", true */ 'g', 'a', 'r', 'd', 'e', 'n', 'g', 'a', 'm', 'e', 's', 'h', 'i', 'r', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "garderobche.eu", true */ 'g', 'a', 'r', 'd', 'e', 'r', 'o', 'b', 'c', 'h', 'e', '.', 'e', 'u', '\0', + /* "gardikagigih.com", true */ 'g', 'a', 'r', 'd', 'i', 'k', 'a', 'g', 'i', 'g', 'i', 'h', '.', 'c', 'o', 'm', '\0', + /* "garedtech.com", false */ 'g', 'a', 'r', 'e', 'd', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "garethrhugh.es", true */ 'g', 'a', 'r', 'e', 't', 'h', 'r', 'h', 'u', 'g', 'h', '.', 'e', 's', '\0', + /* "garfieldairlines.net", true */ 'g', 'a', 'r', 'f', 'i', 'e', 'l', 'd', 'a', 'i', 'r', 'l', 'i', 'n', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "gargazon.net", true */ 'g', 'a', 'r', 'g', 'a', 'z', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "garron.net", true */ 'g', 'a', 'r', 'r', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "gartenplanung-brendes.de", true */ 'g', 'a', 'r', 't', 'e', 'n', 'p', 'l', 'a', 'n', 'u', 'n', 'g', '-', 'b', 'r', 'e', 'n', 'd', 'e', 's', '.', 'd', 'e', '\0', + /* "garycarmell.com", true */ 'g', 'a', 'r', 'y', 'c', 'a', 'r', 'm', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "garycwaite.com", true */ 'g', 'a', 'r', 'y', 'c', 'w', 'a', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "garyjones.co.uk", true */ 'g', 'a', 'r', 'y', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "garystallman.com", true */ 'g', 'a', 'r', 'y', 's', 't', 'a', 'l', 'l', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "garywhittington.com", true */ 'g', 'a', 'r', 'y', 'w', 'h', 'i', 't', 't', 'i', 'n', 'g', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "gastauftritt.net", true */ 'g', 'a', 's', 't', 'a', 'u', 'f', 't', 'r', 'i', 't', 't', '.', 'n', 'e', 't', '\0', + /* "gastoudererenda.nl", true */ 'g', 'a', 's', 't', 'o', 'u', 'd', 'e', 'r', 'e', 'r', 'e', 'n', 'd', 'a', '.', 'n', 'l', '\0', + /* "gate2home.com", true */ 'g', 'a', 't', 'e', '2', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "gateaucreation.fr", true */ 'g', 'a', 't', 'e', 'a', 'u', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0', + /* "gatemoves.com", true */ 'g', 'a', 't', 'e', 'm', 'o', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "gatewaybridal.com", true */ 'g', 'a', 't', 'e', 'w', 'a', 'y', 'b', 'r', 'i', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "gatewaybronco.com", true */ 'g', 'a', 't', 'e', 'w', 'a', 'y', 'b', 'r', 'o', 'n', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "gateworld.fr", true */ 'g', 'a', 't', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'f', 'r', '\0', + /* "gatilagata.com.br", true */ 'g', 'a', 't', 'i', 'l', 'a', 'g', 'a', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "gatomix.net", true */ 'g', 'a', 't', 'o', 'm', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "gauche.com", true */ 'g', 'a', 'u', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "gaussianwaves.com", true */ 'g', 'a', 'u', 's', 's', 'i', 'a', 'n', 'w', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "gauthier.dk", true */ 'g', 'a', 'u', 't', 'h', 'i', 'e', 'r', '.', 'd', 'k', '\0', + /* "gautvedt.no", true */ 'g', 'a', 'u', 't', 'v', 'e', 'd', 't', '.', 'n', 'o', '\0', + /* "gavick.com", false */ 'g', 'a', 'v', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "gavins.stream", true */ 'g', 'a', 'v', 'i', 'n', 's', '.', 's', 't', 'r', 'e', 'a', 'm', '\0', + /* "gay-sissies.com", true */ 'g', 'a', 'y', '-', 's', 'i', 's', 's', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "gaycc.cc", true */ 'g', 'a', 'y', 'c', 'c', '.', 'c', 'c', '\0', + /* "gayforgenji.com", true */ 'g', 'a', 'y', 'f', 'o', 'r', 'g', 'e', 'n', 'j', 'i', '.', 'c', 'o', 'm', '\0', + /* "gaysfisting.com", true */ 'g', 'a', 'y', 's', 'f', 'i', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "gaytorrent.ru", true */ 'g', 'a', 'y', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'r', 'u', '\0', + /* "gayxsite.com", true */ 'g', 'a', 'y', 'x', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "gazee.net", true */ 'g', 'a', 'z', 'e', 'e', '.', 'n', 'e', 't', '\0', + /* "gazellegames.net", false */ 'g', 'a', 'z', 'e', 'l', 'l', 'e', 'g', 'a', 'm', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "gazette.govt.nz", true */ 'g', 'a', 'z', 'e', 't', 't', 'e', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0', + /* "gazflynn.com", true */ 'g', 'a', 'z', 'f', 'l', 'y', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "gbc-radio.nl", true */ 'g', 'b', 'c', '-', 'r', 'a', 'd', 'i', 'o', '.', 'n', 'l', '\0', + /* "gbcsummercamps.com", true */ 'g', 'b', 'c', 's', 'u', 'm', 'm', 'e', 'r', 'c', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "gbit.xyz", true */ 'g', 'b', 'i', 't', '.', 'x', 'y', 'z', '\0', + /* "gbl.selfip.net", true */ 'g', 'b', 'l', '.', 's', 'e', 'l', 'f', 'i', 'p', '.', 'n', 'e', 't', '\0', + /* "gboys.net", true */ 'g', 'b', 'o', 'y', 's', '.', 'n', 'e', 't', '\0', + /* "gc-mc.de", true */ 'g', 'c', '-', 'm', 'c', '.', 'd', 'e', '\0', + /* "gc.gy", true */ 'g', 'c', '.', 'g', 'y', '\0', + /* "gcbit.dk", true */ 'g', 'c', 'b', 'i', 't', '.', 'd', 'k', '\0', + /* "gchp.ie", true */ 'g', 'c', 'h', 'p', '.', 'i', 'e', '\0', + /* "gchq.wtf", true */ 'g', 'c', 'h', 'q', '.', 'w', 't', 'f', '\0', + /* "gcs-ventures.com", true */ 'g', 'c', 's', '-', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "gcsepod.com", true */ 'g', 'c', 's', 'e', 'p', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "gdax.com", true */ 'g', 'd', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "gdb-tutorial.net", true */ 'g', 'd', 'b', '-', 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "gdgrzeszow.pl", true */ 'g', 'd', 'g', 'r', 'z', 'e', 's', 'z', 'o', 'w', '.', 'p', 'l', '\0', + /* "gdiary.net", true */ 'g', 'd', 'i', 'a', 'r', 'y', '.', 'n', 'e', 't', '\0', + /* "gdoce.es", false */ 'g', 'd', 'o', 'c', 'e', '.', 'e', 's', '\0', + /* "gdutnic.com", true */ 'g', 'd', 'u', 't', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "gdv.me", true */ 'g', 'd', 'v', '.', 'm', 'e', '\0', + /* "gdz-spishy.com", true */ 'g', 'd', 'z', '-', 's', 'p', 'i', 's', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "gdz.tv", true */ 'g', 'd', 'z', '.', 't', 'v', '\0', + /* "ge3k.net", false */ 'g', 'e', '3', 'k', '.', 'n', 'e', 't', '\0', + /* "gear-acquisition-syndrome.community", true */ 'g', 'e', 'a', 'r', '-', 'a', 'c', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', 'n', '-', 's', 'y', 'n', 'd', 'r', 'o', 'm', 'e', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0', + /* "gearev.net", true */ 'g', 'e', 'a', 'r', 'e', 'v', '.', 'n', 'e', 't', '\0', + /* "gearfinder.nl", true */ 'g', 'e', 'a', 'r', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'n', 'l', '\0', + /* "gearset.com", true */ 'g', 'e', 'a', 'r', 's', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "geaskb.nl", true */ 'g', 'e', 'a', 's', 'k', 'b', '.', 'n', 'l', '\0', + /* "geass.xyz", true */ 'g', 'e', 'a', 's', 's', '.', 'x', 'y', 'z', '\0', + /* "geblitzt.de", true */ 'g', 'e', 'b', 'l', 'i', 't', 'z', 't', '.', 'd', 'e', '\0', + /* "geboortestoeltje.com", true */ 'g', 'e', 'b', 'o', 'o', 'r', 't', 'e', 's', 't', 'o', 'e', 'l', 't', 'j', 'e', '.', 'c', 'o', 'm', '\0', + /* "geborgen-wachsen.de", true */ 'g', 'e', 'b', 'o', 'r', 'g', 'e', 'n', '-', 'w', 'a', 'c', 'h', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "gebruikershandleiding.com", true */ 'g', 'e', 'b', 'r', 'u', 'i', 'k', 'e', 'r', 's', 'h', 'a', 'n', 'd', 'l', 'e', 'i', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "gecem.org", true */ 'g', 'e', 'c', 'e', 'm', '.', 'o', 'r', 'g', '\0', + /* "gechr.io", true */ 'g', 'e', 'c', 'h', 'r', '.', 'i', 'o', '\0', + /* "gedankenworks.com", true */ 'g', 'e', 'd', 'a', 'n', 'k', 'e', 'n', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "geder.at", true */ 'g', 'e', 'd', 'e', 'r', '.', 'a', 't', '\0', + /* "gedlingcastlehire.co.uk", true */ 'g', 'e', 'd', 'l', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gee.is", true */ 'g', 'e', 'e', '.', 'i', 's', '\0', + /* "geek-hub.de", true */ 'g', 'e', 'e', 'k', '-', 'h', 'u', 'b', '.', 'd', 'e', '\0', + /* "geek.ch", true */ 'g', 'e', 'e', 'k', '.', 'c', 'h', '\0', + /* "geekabit.nl", true */ 'g', 'e', 'e', 'k', 'a', 'b', 'i', 't', '.', 'n', 'l', '\0', + /* "geekandi.com", true */ 'g', 'e', 'e', 'k', 'a', 'n', 'd', 'i', '.', 'c', 'o', 'm', '\0', + /* "geekariom.com", true */ 'g', 'e', 'e', 'k', 'a', 'r', 'i', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "geekbundle.org", false */ 'g', 'e', 'e', 'k', 'b', 'u', 'n', 'd', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "geekchimp.com", true */ 'g', 'e', 'e', 'k', 'c', 'h', 'i', 'm', 'p', '.', 'c', 'o', 'm', '\0', + /* "geekclubbooks.com", true */ 'g', 'e', 'e', 'k', 'c', 'l', 'u', 'b', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "geeklair.net", true */ 'g', 'e', 'e', 'k', 'l', 'a', 'i', 'r', '.', 'n', 'e', 't', '\0', + /* "geeklan.co.uk", true */ 'g', 'e', 'e', 'k', 'l', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "geekles.net", true */ 'g', 'e', 'e', 'k', 'l', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "geeknik.com", true */ 'g', 'e', 'e', 'k', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "geekpad.com", true */ 'g', 'e', 'e', 'k', 'p', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "geeks.one", true */ 'g', 'e', 'e', 'k', 's', '.', 'o', 'n', 'e', '\0', + /* "geekshirts.cz", true */ 'g', 'e', 'e', 'k', 's', 'h', 'i', 'r', 't', 's', '.', 'c', 'z', '\0', + /* "geektopia.es", true */ 'g', 'e', 'e', 'k', 't', 'o', 'p', 'i', 'a', '.', 'e', 's', '\0', + /* "geekwhack.org", true */ 'g', 'e', 'e', 'k', 'w', 'h', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "geekwithabudget.com", true */ 'g', 'e', 'e', 'k', 'w', 'i', 't', 'h', 'a', 'b', 'u', 'd', 'g', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "geekwu.org", true */ 'g', 'e', 'e', 'k', 'w', 'u', '.', 'o', 'r', 'g', '\0', + /* "geekz.sk", true */ 'g', 'e', 'e', 'k', 'z', '.', 's', 'k', '\0', + /* "geekzone.co.nz", true */ 'g', 'e', 'e', 'k', 'z', 'o', 'n', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "geekzone.fr", true */ 'g', 'e', 'e', 'k', 'z', 'o', 'n', 'e', '.', 'f', 'r', '\0', + /* "geeq.ch", true */ 'g', 'e', 'e', 'q', '.', 'c', 'h', '\0', + /* "geerdsen.net", true */ 'g', 'e', 'e', 'r', 'd', 's', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "geertdegraaf.nl", true */ 'g', 'e', 'e', 'r', 't', 'd', 'e', 'g', 'r', 'a', 'a', 'f', '.', 'n', 'l', '\0', + /* "geertswei.nl", true */ 'g', 'e', 'e', 'r', 't', 's', 'w', 'e', 'i', '.', 'n', 'l', '\0', + /* "gegeco.ch", true */ 'g', 'e', 'g', 'e', 'c', 'o', '.', 'c', 'h', '\0', + /* "geh.li", true */ 'g', 'e', 'h', '.', 'l', 'i', '\0', + /* "gehaowu.com", true */ 'g', 'e', 'h', 'a', 'o', 'w', 'u', '.', 'c', 'o', 'm', '\0', + /* "gehopft.de", true */ 'g', 'e', 'h', 'o', 'p', 'f', 't', '.', 'd', 'e', '\0', + /* "gehreslaw.com", true */ 'g', 'e', 'h', 'r', 'e', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "gehrke.in", true */ 'g', 'e', 'h', 'r', 'k', 'e', '.', 'i', 'n', '\0', + /* "gehsicht.de", true */ 'g', 'e', 'h', 's', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "geiser-family.ch", true */ 'g', 'e', 'i', 's', 'e', 'r', '-', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'h', '\0', + /* "geiser.io", true */ 'g', 'e', 'i', 's', 'e', 'r', '.', 'i', 'o', '\0', + /* "gelb-computer.de", true */ 'g', 'e', 'l', 'b', '-', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "geld-im-blick.de", true */ 'g', 'e', 'l', 'd', '-', 'i', 'm', '-', 'b', 'l', 'i', 'c', 'k', '.', 'd', 'e', '\0', + /* "geld24.nl", true */ 'g', 'e', 'l', 'd', '2', '4', '.', 'n', 'l', '\0', + /* "geldimblick.de", true */ 'g', 'e', 'l', 'd', 'i', 'm', 'b', 'l', 'i', 'c', 'k', '.', 'd', 'e', '\0', + /* "geldteveel.eu", true */ 'g', 'e', 'l', 'd', 't', 'e', 'v', 'e', 'e', 'l', '.', 'e', 'u', '\0', + /* "geleenbeekdal.nl", true */ 'g', 'e', 'l', 'e', 'e', 'n', 'b', 'e', 'e', 'k', 'd', 'a', 'l', '.', 'n', 'l', '\0', + /* "geleia-real.com", true */ 'g', 'e', 'l', 'e', 'i', 'a', '-', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "gelis.ch", true */ 'g', 'e', 'l', 'i', 's', '.', 'c', 'h', '\0', + /* "gelodosul.com.br", true */ 'g', 'e', 'l', 'o', 'd', 'o', 's', 'u', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "gelog-software.de", false */ 'g', 'e', 'l', 'o', 'g', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'd', 'e', '\0', + /* "geloofindemocratie.nl", true */ 'g', 'e', 'l', 'o', 'o', 'f', 'i', 'n', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0', + /* "geluidsstudio.com", true */ 'g', 'e', 'l', 'u', 'i', 'd', 's', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "gem-indonesia.net", false */ 'g', 'e', 'm', '-', 'i', 'n', 'd', 'o', 'n', 'e', 's', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "gem-info.fr", true */ 'g', 'e', 'm', '-', 'i', 'n', 'f', 'o', '.', 'f', 'r', '\0', + /* "gemeentemolenwaard.nl", true */ 'g', 'e', 'm', 'e', 'e', 'n', 't', 'e', 'm', 'o', 'l', 'e', 'n', 'w', 'a', 'a', 'r', 'd', '.', 'n', 'l', '\0', + /* "gemeinfreie-lieder.de", true */ 'g', 'e', 'm', 'e', 'i', 'n', 'f', 'r', 'e', 'i', 'e', '-', 'l', 'i', 'e', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "gemini.com", true */ 'g', 'e', 'm', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "gemquery.com", true */ 'g', 'e', 'm', 'q', 'u', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "gencmedya.com", true */ 'g', 'e', 'n', 'c', 'm', 'e', 'd', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "gendrin.com", true */ 'g', 'e', 'n', 'd', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "gendundrupa.ch", true */ 'g', 'e', 'n', 'd', 'u', 'n', 'd', 'r', 'u', 'p', 'a', '.', 'c', 'h', '\0', + /* "gene-drive.com", true */ 'g', 'e', 'n', 'e', '-', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "gene-drives.com", true */ 'g', 'e', 'n', 'e', '-', 'd', 'r', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "genealorand.com", true */ 'g', 'e', 'n', 'e', 'a', 'l', 'o', 'r', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "geneau.net", true */ 'g', 'e', 'n', 'e', 'a', 'u', '.', 'n', 'e', 't', '\0', + /* "genehightower.com", true */ 'g', 'e', 'n', 'e', 'h', 'i', 'g', 'h', 't', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "genehome.com.au", true */ 'g', 'e', 'n', 'e', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "genemesservwparts.com", true */ 'g', 'e', 'n', 'e', 'm', 'e', 's', 's', 'e', 'r', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "general-anaesthesia.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', '-', 'a', 'n', 'a', 'e', 's', 't', 'h', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "general-anaesthetics.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', '-', 'a', 'n', 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "general-anesthesia.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', '-', 'a', 'n', 'e', 's', 't', 'h', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "generali-worldwide.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', 'i', '-', 'w', 'o', 'r', 'l', 'd', 'w', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "generalpants.com.au", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', 'p', 'a', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "generationgoat.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 't', 'i', 'o', 'n', 'g', 'o', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "generic.cx", true */ 'g', 'e', 'n', 'e', 'r', 'i', 'c', '.', 'c', 'x', '\0', + /* "genesiseureka.com", true */ 'g', 'e', 'n', 'e', 's', 'i', 's', 'e', 'u', 'r', 'e', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "genesismachina.ca", true */ 'g', 'e', 'n', 'e', 's', 'i', 's', 'm', 'a', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'a', '\0', + /* "genesistrading.com", true */ 'g', 'e', 'n', 'e', 's', 'i', 's', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "genetargetsolutions.com.au", true */ 'g', 'e', 'n', 'e', 't', 'a', 'r', 'g', 'e', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "genetidyne.com", true */ 'g', 'e', 'n', 'e', 't', 'i', 'd', 'y', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "geneve-naturisme.ch", true */ 'g', 'e', 'n', 'e', 'v', 'e', '-', 'n', 'a', 't', 'u', 'r', 'i', 's', 'm', 'e', '.', 'c', 'h', '\0', + /* "genevoise-entretien.ch", true */ 'g', 'e', 'n', 'e', 'v', 'o', 'i', 's', 'e', '-', 'e', 'n', 't', 'r', 'e', 't', 'i', 'e', 'n', '.', 'c', 'h', '\0', + /* "genfaerd.dk", true */ 'g', 'e', 'n', 'f', 'a', 'e', 'r', 'd', '.', 'd', 'k', '\0', + /* "genia-life.de", true */ 'g', 'e', 'n', 'i', 'a', '-', 'l', 'i', 'f', 'e', '.', 'd', 'e', '\0', + /* "genie-seiner-generation.de", true */ 'g', 'e', 'n', 'i', 'e', '-', 's', 'e', 'i', 'n', 'e', 'r', '-', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "geniusteacher.in", true */ 'g', 'e', 'n', 'i', 'u', 's', 't', 'e', 'a', 'c', 'h', 'e', 'r', '.', 'i', 'n', '\0', + /* "geniuszone.biz", true */ 'g', 'e', 'n', 'i', 'u', 's', 'z', 'o', 'n', 'e', '.', 'b', 'i', 'z', '\0', + /* "genneve.com", true */ 'g', 'e', 'n', 'n', 'e', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "genomequestlive.com", true */ 'g', 'e', 'n', 'o', 'm', 'e', 'q', 'u', 'e', 's', 't', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "genoog.com", true */ 'g', 'e', 'n', 'o', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "genosse-einhorn.de", true */ 'g', 'e', 'n', 'o', 's', 's', 'e', '-', 'e', 'i', 'n', 'h', 'o', 'r', 'n', '.', 'd', 'e', '\0', + /* "gensend.com", true */ 'g', 'e', 'n', 's', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "gensenwedding.jp", true */ 'g', 'e', 'n', 's', 'e', 'n', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'j', 'p', '\0', + /* "genshiken-itb.org", true */ 'g', 'e', 'n', 's', 'h', 'i', 'k', 'e', 'n', '-', 'i', 't', 'b', '.', 'o', 'r', 'g', '\0', + /* "genslerapps.com", true */ 'g', 'e', 'n', 's', 'l', 'e', 'r', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "genslerwisp.com", true */ 'g', 'e', 'n', 's', 'l', 'e', 'r', 'w', 'i', 's', 'p', '.', 'c', 'o', 'm', '\0', + /* "gensonline.eu", true */ 'g', 'e', 'n', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0', + /* "gentianes.ch", true */ 'g', 'e', 'n', 't', 'i', 'a', 'n', 'e', 's', '.', 'c', 'h', '\0', + /* "gentoo-blog.de", true */ 'g', 'e', 'n', 't', 'o', 'o', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "genusshotel-riegersburg.at", true */ 'g', 'e', 'n', 'u', 's', 's', 'h', 'o', 't', 'e', 'l', '-', 'r', 'i', 'e', 'g', 'e', 'r', 's', 'b', 'u', 'r', 'g', '.', 'a', 't', '\0', + /* "genuxtsg.com", true */ 'g', 'e', 'n', 'u', 'x', 't', 's', 'g', '.', 'c', 'o', 'm', '\0', + /* "genxbeats.com", true */ 'g', 'e', 'n', 'x', 'b', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "genxnotes.com", true */ 'g', 'e', 'n', 'x', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "geocommunicator.gov", true */ 'g', 'e', 'o', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'o', 'r', '.', 'g', 'o', 'v', '\0', + /* "geoffanderinmyers.com", true */ 'g', 'e', 'o', 'f', 'f', 'a', 'n', 'd', 'e', 'r', 'i', 'n', 'm', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "geoffmyers.com", false */ 'g', 'e', 'o', 'f', 'f', 'm', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "geofox.org", true */ 'g', 'e', 'o', 'f', 'o', 'x', '.', 'o', 'r', 'g', '\0', + /* "geoip.fedoraproject.org", true */ 'g', 'e', 'o', 'i', 'p', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "geoip.stg.fedoraproject.org", true */ 'g', 'e', 'o', 'i', 'p', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "geolad.com", false */ 'g', 'e', 'o', 'l', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "geometra.roma.it", true */ 'g', 'e', 'o', 'm', 'e', 't', 'r', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "geoport.al", true */ 'g', 'e', 'o', 'p', 'o', 'r', 't', '.', 'a', 'l', '\0', + /* "george-orwell.com", true */ 'g', 'e', 'o', 'r', 'g', 'e', '-', 'o', 'r', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "georgehalachev.com", true */ 'g', 'e', 'o', 'r', 'g', 'e', 'h', 'a', 'l', 'a', 'c', 'h', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "georgemaschke.com", true */ 'g', 'e', 'o', 'r', 'g', 'e', 'm', 'a', 's', 'c', 'h', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "georgemaschke.net", true */ 'g', 'e', 'o', 'r', 'g', 'e', 'm', 'a', 's', 'c', 'h', 'k', 'e', '.', 'n', 'e', 't', '\0', + /* "georgiaglassrepair.com", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'a', 'g', 'l', 'a', 's', 's', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "georgiastuartyoga.co.uk", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'a', 's', 't', 'u', 'a', 'r', 't', 'y', 'o', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "georgioskontaxis.com", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'o', 's', 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "georgioskontaxis.net", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'o', 's', 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "georgioskontaxis.org", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'o', 's', 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "georgmayer.eu", true */ 'g', 'e', 'o', 'r', 'g', 'm', 'a', 'y', 'e', 'r', '.', 'e', 'u', '\0', + /* "geoscan.aero", true */ 'g', 'e', 'o', 's', 'c', 'a', 'n', '.', 'a', 'e', 'r', 'o', '\0', + /* "geoscope.ch", true */ 'g', 'e', 'o', 's', 'c', 'o', 'p', 'e', '.', 'c', 'h', '\0', + /* "geosphereservices.com", true */ 'g', 'e', 'o', 's', 'p', 'h', 'e', 'r', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "geotab.com", true */ 'g', 'e', 'o', 't', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "geraintwhite.co.uk", true */ 'g', 'e', 'r', 'a', 'i', 'n', 't', 'w', 'h', 'i', 't', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gerald-zojer.com", true */ 'g', 'e', 'r', 'a', 'l', 'd', '-', 'z', 'o', 'j', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "geraldsonrealty.com", true */ 'g', 'e', 'r', 'a', 'l', 'd', 's', 'o', 'n', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "gerardobsd.com", true */ 'g', 'e', 'r', 'a', 'r', 'd', 'o', 'b', 's', 'd', '.', 'c', 'o', 'm', '\0', + /* "gerardozamudio.mx", true */ 'g', 'e', 'r', 'a', 'r', 'd', 'o', 'z', 'a', 'm', 'u', 'd', 'i', 'o', '.', 'm', 'x', '\0', + /* "germandarknes.net", true */ 'g', 'e', 'r', 'm', 'a', 'n', 'd', 'a', 'r', 'k', 'n', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "germansoldiers.net", true */ 'g', 'e', 'r', 'm', 'a', 'n', 's', 'o', 'l', 'd', 'i', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "germanssky.de", true */ 'g', 'e', 'r', 'm', 'a', 'n', 's', 's', 'k', 'y', '.', 'd', 'e', '\0', + /* "germanticz.de", true */ 'g', 'e', 'r', 'm', 'a', 'n', 't', 'i', 'c', 'z', '.', 'd', 'e', '\0', + /* "gernert-server.de", true */ 'g', 'e', 'r', 'n', 'e', 'r', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "gero.io", true */ 'g', 'e', 'r', 'o', '.', 'i', 'o', '\0', + /* "gerritcodereview.com", true */ 'g', 'e', 'r', 'r', 'i', 't', 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "gers-authentique.com", true */ 'g', 'e', 'r', 's', '-', 'a', 'u', 't', 'h', 'e', 'n', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "gerum.dynv6.net", true */ 'g', 'e', 'r', 'u', 'm', '.', 'd', 'y', 'n', 'v', '6', '.', 'n', 'e', 't', '\0', + /* "gerwinvanderkamp.nl", true */ 'g', 'e', 'r', 'w', 'i', 'n', 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'a', 'm', 'p', '.', 'n', 'l', '\0', + /* "ges-bo.de", true */ 'g', 'e', 's', '-', 'b', 'o', '.', 'd', 'e', '\0', + /* "geschmacksache.online", true */ 'g', 'e', 's', 'c', 'h', 'm', 'a', 'c', 'k', 's', 'a', 'c', 'h', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "geschmackspiloten.de", true */ 'g', 'e', 's', 'c', 'h', 'm', 'a', 'c', 'k', 's', 'p', 'i', 'l', 'o', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "geschwinder.net", true */ 'g', 'e', 's', 'c', 'h', 'w', 'i', 'n', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "gestormensajeria.com", true */ 'g', 'e', 's', 't', 'o', 'r', 'm', 'e', 'n', 's', 'a', 'j', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "get-asterisk.ru", true */ 'g', 'e', 't', '-', 'a', 's', 't', 'e', 'r', 'i', 's', 'k', '.', 'r', 'u', '\0', + /* "get-erp.ru", true */ 'g', 'e', 't', '-', 'e', 'r', 'p', '.', 'r', 'u', '\0', + /* "get-it-live.com", true */ 'g', 'e', 't', '-', 'i', 't', '-', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "get-it-live.de", true */ 'g', 'e', 't', '-', 'i', 't', '-', 'l', 'i', 'v', 'e', '.', 'd', 'e', '\0', + /* "get-link.info", true */ 'g', 'e', 't', '-', 'l', 'i', 'n', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "get-on.bid", true */ 'g', 'e', 't', '-', 'o', 'n', '.', 'b', 'i', 'd', '\0', + /* "get-refer.com", true */ 'g', 'e', 't', '-', 'r', 'e', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "get4x.com", true */ 'g', 'e', 't', '4', 'x', '.', 'c', 'o', 'm', '\0', + /* "getbox.me", true */ 'g', 'e', 't', 'b', 'o', 'x', '.', 'm', 'e', '\0', + /* "getbutterfly.com", true */ 'g', 'e', 't', 'b', 'u', 't', 't', 'e', 'r', 'f', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "getcloak.com", false */ 'g', 'e', 't', 'c', 'l', 'o', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "getcolq.com", true */ 'g', 'e', 't', 'c', 'o', 'l', 'q', '.', 'c', 'o', 'm', '\0', + /* "getdash.io", true */ 'g', 'e', 't', 'd', 'a', 's', 'h', '.', 'i', 'o', '\0', + /* "getdigitized.net", true */ 'g', 'e', 't', 'd', 'i', 'g', 'i', 't', 'i', 'z', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "geteckeld.nl", true */ 'g', 'e', 't', 'e', 'c', 'k', 'e', 'l', 'd', '.', 'n', 'l', '\0', + /* "geterp.ru", true */ 'g', 'e', 't', 'e', 'r', 'p', '.', 'r', 'u', '\0', + /* "getfedora.org", true */ 'g', 'e', 't', 'f', 'e', 'd', 'o', 'r', 'a', '.', 'o', 'r', 'g', '\0', + /* "getfirstalert.com", true */ 'g', 'e', 't', 'f', 'i', 'r', 's', 't', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "getfittedstore.com", true */ 'g', 'e', 't', 'f', 'i', 't', 't', 'e', 'd', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "getflorence.co.uk", true */ 'g', 'e', 't', 'f', 'l', 'o', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "getfuturama.com", true */ 'g', 'e', 't', 'f', 'u', 't', 'u', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "gethow.org", true */ 'g', 'e', 't', 'h', 'o', 'w', '.', 'o', 'r', 'g', '\0', + /* "gethttpsforfree.com", true */ 'g', 'e', 't', 'h', 't', 't', 'p', 's', 'f', 'o', 'r', 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "geti2p.com", true */ 'g', 'e', 't', 'i', '2', 'p', '.', 'c', 'o', 'm', '\0', + /* "getidmcc.com", true */ 'g', 'e', 't', 'i', 'd', 'm', 'c', 'c', '.', 'c', 'o', 'm', '\0', + /* "getitlive.de", true */ 'g', 'e', 't', 'i', 't', 'l', 'i', 'v', 'e', '.', 'd', 'e', '\0', + /* "getitpeople.com", true */ 'g', 'e', 't', 'i', 't', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "getmango.com", true */ 'g', 'e', 't', 'm', 'a', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "getmdl.io", true */ 'g', 'e', 't', 'm', 'd', 'l', '.', 'i', 'o', '\0', + /* "getmerch.eu", true */ 'g', 'e', 't', 'm', 'e', 'r', 'c', 'h', '.', 'e', 'u', '\0', + /* "getnib.com", true */ 'g', 'e', 't', 'n', 'i', 'b', '.', 'c', 'o', 'm', '\0', + /* "getnikola.com", true */ 'g', 'e', 't', 'n', 'i', 'k', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "geto.ml", true */ 'g', 'e', 't', 'o', '.', 'm', 'l', '\0', + /* "getoutofdebt.org", true */ 'g', 'e', 't', 'o', 'u', 't', 'o', 'f', 'd', 'e', 'b', 't', '.', 'o', 'r', 'g', '\0', + /* "getpost.online", true */ 'g', 'e', 't', 'p', 'o', 's', 't', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "getpuck.com", true */ 'g', 'e', 't', 'p', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "getrambling.com", true */ 'g', 'e', 't', 'r', 'a', 'm', 'b', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "getresilience.org", true */ 'g', 'e', 't', 'r', 'e', 's', 'i', 'l', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "getsecure.nl", true */ 'g', 'e', 't', 's', 'e', 'c', 'u', 'r', 'e', '.', 'n', 'l', '\0', + /* "getsensibill.com", true */ 'g', 'e', 't', 's', 'e', 'n', 's', 'i', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "getsetbounce.co.uk", true */ 'g', 'e', 't', 's', 'e', 't', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "getsetupfile.com", true */ 'g', 'e', 't', 's', 'e', 't', 'u', 'p', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "getshifter.io", true */ 'g', 'e', 't', 's', 'h', 'i', 'f', 't', 'e', 'r', '.', 'i', 'o', '\0', + /* "getsilknow.com", true */ 'g', 'e', 't', 's', 'i', 'l', 'k', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "getspire.com", true */ 'g', 'e', 't', 's', 'p', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "getsport.mobi", true */ 'g', 'e', 't', 's', 'p', 'o', 'r', 't', '.', 'm', 'o', 'b', 'i', '\0', + /* "getsubs.net", true */ 'g', 'e', 't', 's', 'u', 'b', 's', '.', 'n', 'e', 't', '\0', + /* "getswadeshi.com", true */ 'g', 'e', 't', 's', 'w', 'a', 'd', 'e', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "getticker.com", true */ 'g', 'e', 't', 't', 'i', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "getts.ro", true */ 'g', 'e', 't', 't', 's', '.', 'r', 'o', '\0', + /* "getupandbounce.co.uk", true */ 'g', 'e', 't', 'u', 'p', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "getvdownloader.com", true */ 'g', 'e', 't', 'v', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "getwisdom.io", true */ 'g', 'e', 't', 'w', 'i', 's', 'd', 'o', 'm', '.', 'i', 'o', '\0', + /* "getwpd.com", false */ 'g', 'e', 't', 'w', 'p', 'd', '.', 'c', 'o', 'm', '\0', + /* "getyeflask.com", true */ 'g', 'e', 't', 'y', 'e', 'f', 'l', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0', + /* "getyou.onl", true */ 'g', 'e', 't', 'y', 'o', 'u', '.', 'o', 'n', 'l', '\0', + /* "getyourlifestraight.com", true */ 'g', 'e', 't', 'y', 'o', 'u', 'r', 'l', 'i', 'f', 'e', 's', 't', 'r', 'a', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "getyourphix.tk", true */ 'g', 'e', 't', 'y', 'o', 'u', 'r', 'p', 'h', 'i', 'x', '.', 't', 'k', '\0', + /* "geyduschek.be", true */ 'g', 'e', 'y', 'd', 'u', 's', 'c', 'h', 'e', 'k', '.', 'b', 'e', '\0', + /* "gfast.ru", true */ 'g', 'f', 'a', 's', 't', '.', 'r', 'u', '\0', + /* "gfcleisure.co.uk", true */ 'g', 'f', 'c', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gfk-kunststoff-luebben.de", true */ 'g', 'f', 'k', '-', 'k', 'u', 'n', 's', 't', 's', 't', 'o', 'f', 'f', '-', 'l', 'u', 'e', 'b', 'b', 'e', 'n', '.', 'd', 'e', '\0', + /* "gflame.de", true */ 'g', 'f', 'l', 'a', 'm', 'e', '.', 'd', 'e', '\0', + /* "gflclan.ru", true */ 'g', 'f', 'l', 'c', 'l', 'a', 'n', '.', 'r', 'u', '\0', + /* "gforce.ninja", true */ 'g', 'f', 'o', 'r', 'c', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "gfoss.eu", true */ 'g', 'f', 'o', 's', 's', '.', 'e', 'u', '\0', + /* "gfournier.ca", true */ 'g', 'f', 'o', 'u', 'r', 'n', 'i', 'e', 'r', '.', 'c', 'a', '\0', + /* "gfxbench.com", true */ 'g', 'f', 'x', 'b', 'e', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "ggdcpt.com", true */ 'g', 'g', 'd', 'c', 'p', 't', '.', 'c', 'o', 'm', '\0', + /* "gginin.today", true */ 'g', 'g', 'i', 'n', 'i', 'n', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "ggl-luzern.ch", true */ 'g', 'g', 'l', '-', 'l', 'u', 'z', 'e', 'r', 'n', '.', 'c', 'h', '\0', + /* "ggma.co.uk", true */ 'g', 'g', 'm', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ggmmontascale.it", true */ 'g', 'g', 'm', 'm', 'o', 'n', 't', 'a', 's', 'c', 'a', 'l', 'e', '.', 'i', 't', '\0', + /* "ggp2.com", true */ 'g', 'g', 'p', '2', '.', 'c', 'o', 'm', '\0', + /* "ggs-marschallstrasse.de", true */ 'g', 'g', 's', '-', 'm', 'a', 'r', 's', 'c', 'h', 'a', 'l', 'l', 's', 't', 'r', 'a', 's', 's', 'e', '.', 'd', 'e', '\0', + /* "ggs.jp", true */ 'g', 'g', 's', '.', 'j', 'p', '\0', + /* "ggservers.com", true */ 'g', 'g', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "ggx.us", true */ 'g', 'g', 'x', '.', 'u', 's', '\0', + /* "gh16.com.ar", true */ 'g', 'h', '1', '6', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "gha.st", true */ 'g', 'h', 'a', '.', 's', 't', '\0', + /* "ghaglund.se", true */ 'g', 'h', 'a', 'g', 'l', 'u', 'n', 'd', '.', 's', 'e', '\0', + /* "ghcif.de", true */ 'g', 'h', 'c', 'i', 'f', '.', 'd', 'e', '\0', + /* "ghislainphu.fr", true */ 'g', 'h', 'i', 's', 'l', 'a', 'i', 'n', 'p', 'h', 'u', '.', 'f', 'r', '\0', + /* "ghostblog.info", true */ 'g', 'h', 'o', 's', 't', 'b', 'l', 'o', 'g', '.', 'i', 'n', 'f', 'o', '\0', + /* "ghostcir.com", true */ 'g', 'h', 'o', 's', 't', 'c', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "ghrelinblocker.info", true */ 'g', 'h', 'r', 'e', 'l', 'i', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "ghrelinblocker.org", true */ 'g', 'h', 'r', 'e', 'l', 'i', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "giacomodrago.com", true */ 'g', 'i', 'a', 'c', 'o', 'm', 'o', 'd', 'r', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "giacomodrago.it", true */ 'g', 'i', 'a', 'c', 'o', 'm', 'o', 'd', 'r', 'a', 'g', 'o', '.', 'i', 't', '\0', + /* "giacomopelagatti.it", true */ 'g', 'i', 'a', 'c', 'o', 'm', 'o', 'p', 'e', 'l', 'a', 'g', 'a', 't', 't', 'i', '.', 'i', 't', '\0', + /* "gianproperties.com", true */ 'g', 'i', 'a', 'n', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "giant-panda.com", true */ 'g', 'i', 'a', 'n', 't', '-', 'p', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "giant-powerfit.co.uk", true */ 'g', 'i', 'a', 'n', 't', '-', 'p', 'o', 'w', 'e', 'r', 'f', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "giant-tortoise.com", true */ 'g', 'i', 'a', 'n', 't', '-', 't', 'o', 'r', 't', 'o', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "gianttree.de", true */ 'g', 'i', 'a', 'n', 't', 't', 'r', 'e', 'e', '.', 'd', 'e', '\0', + /* "giardinaggio.milano.it", true */ 'g', 'i', 'a', 'r', 'd', 'i', 'n', 'a', 'g', 'g', 'i', 'o', '.', 'm', 'i', 'l', 'a', 'n', 'o', '.', 'i', 't', '\0', + /* "giardinaggio.napoli.it", true */ 'g', 'i', 'a', 'r', 'd', 'i', 'n', 'a', 'g', 'g', 'i', 'o', '.', 'n', 'a', 'p', 'o', 'l', 'i', '.', 'i', 't', '\0', + /* "gibraltar.at", true */ 'g', 'i', 'b', 'r', 'a', 'l', 't', 'a', 'r', '.', 'a', 't', '\0', + /* "gichigamigames.com", true */ 'g', 'i', 'c', 'h', 'i', 'g', 'a', 'm', 'i', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "giddyaunt.net", true */ 'g', 'i', 'd', 'd', 'y', 'a', 'u', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "giduv.com", true */ 'g', 'i', 'd', 'u', 'v', '.', 'c', 'o', 'm', '\0', + /* "gierds.de", true */ 'g', 'i', 'e', 'r', 'd', 's', '.', 'd', 'e', '\0', + /* "giftedconsortium.com", true */ 'g', 'i', 'f', 't', 'e', 'd', 'c', 'o', 'n', 's', 'o', 'r', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "giftking.nl", false */ 'g', 'i', 'f', 't', 'k', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "giftmaniabrilhos.com.br", true */ 'g', 'i', 'f', 't', 'm', 'a', 'n', 'i', 'a', 'b', 'r', 'i', 'l', 'h', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "gifts365.co.uk", true */ 'g', 'i', 'f', 't', 's', '3', '6', '5', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "giftsn.com.sg", false */ 'g', 'i', 'f', 't', 's', 'n', '.', 'c', 'o', 'm', '.', 's', 'g', '\0', + /* "gig.ru", false */ 'g', 'i', 'g', '.', 'r', 'u', '\0', + /* "giga.nl", true */ 'g', 'i', 'g', 'a', '.', 'n', 'l', '\0', + /* "gigantism.com", true */ 'g', 'i', 'g', 'a', 'n', 't', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "gigawa.lt", true */ 'g', 'i', 'g', 'a', 'w', 'a', '.', 'l', 't', '\0', + /* "gigawattz.com", true */ 'g', 'i', 'g', 'a', 'w', 'a', 't', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "giggletotz.co.uk", true */ 'g', 'i', 'g', 'g', 'l', 'e', 't', 'o', 't', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gigiscloud.servebeer.com", true */ 'g', 'i', 'g', 'i', 's', 'c', 'l', 'o', 'u', 'd', '.', 's', 'e', 'r', 'v', 'e', 'b', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "giglink.club", true */ 'g', 'i', 'g', 'l', 'i', 'n', 'k', '.', 'c', 'l', 'u', 'b', '\0', + /* "gigolodavid.be", true */ 'g', 'i', 'g', 'o', 'l', 'o', 'd', 'a', 'v', 'i', 'd', '.', 'b', 'e', '\0', + /* "gigtroll.eu", true */ 'g', 'i', 'g', 't', 'r', 'o', 'l', 'l', '.', 'e', 'u', '\0', + /* "gijsbertus.com", true */ 'g', 'i', 'j', 's', 'b', 'e', 'r', 't', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "gikovatelojavirtual.com.br", true */ 'g', 'i', 'k', 'o', 'v', 'a', 't', 'e', 'l', 'o', 'j', 'a', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "gilangcp.com", true */ 'g', 'i', 'l', 'a', 'n', 'g', 'c', 'p', '.', 'c', 'o', 'm', '\0', + /* "gileadpac.com", true */ 'g', 'i', 'l', 'e', 'a', 'd', 'p', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "giliamor.com", true */ 'g', 'i', 'l', 'i', 'a', 'm', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "gillesdesnoyers.com", true */ 'g', 'i', 'l', 'l', 'e', 's', 'd', 'e', 's', 'n', 'o', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "gillesmorelle.com", true */ 'g', 'i', 'l', 'l', 'e', 's', 'm', 'o', 'r', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "gillmanandsoame.co.uk", true */ 'g', 'i', 'l', 'l', 'm', 'a', 'n', 'a', 'n', 'd', 's', 'o', 'a', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gillyscastles.co.uk", true */ 'g', 'i', 'l', 'l', 'y', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gilmoreid.com.au", true */ 'g', 'i', 'l', 'm', 'o', 'r', 'e', 'i', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "gilnet.be", true */ 'g', 'i', 'l', 'n', 'e', 't', '.', 'b', 'e', '\0', + /* "ginie.de", true */ 'g', 'i', 'n', 'i', 'e', '.', 'd', 'e', '\0', + /* "ginionusedcars.be", true */ 'g', 'i', 'n', 'i', 'o', 'n', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "ginja.co.th", true */ 'g', 'i', 'n', 'j', 'a', '.', 'c', 'o', '.', 't', 'h', '\0', + /* "ginkel.com", true */ 'g', 'i', 'n', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "ginnegappen.nl", true */ 'g', 'i', 'n', 'n', 'e', 'g', 'a', 'p', 'p', 'e', 'n', '.', 'n', 'l', '\0', + /* "ginniemae.gov", true */ 'g', 'i', 'n', 'n', 'i', 'e', 'm', 'a', 'e', '.', 'g', 'o', 'v', '\0', + /* "ginzadelunch.jp", true */ 'g', 'i', 'n', 'z', 'a', 'd', 'e', 'l', 'u', 'n', 'c', 'h', '.', 'j', 'p', '\0', + /* "giochi-online.ws", true */ 'g', 'i', 'o', 'c', 'h', 'i', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'w', 's', '\0', + /* "giochiecodici.it", true */ 'g', 'i', 'o', 'c', 'h', 'i', 'e', 'c', 'o', 'd', 'i', 'c', 'i', '.', 'i', 't', '\0', + /* "giochistem.it", true */ 'g', 'i', 'o', 'c', 'h', 'i', 's', 't', 'e', 'm', '.', 'i', 't', '\0', + /* "gioielleriamolena.com", true */ 'g', 'i', 'o', 'i', 'e', 'l', 'l', 'e', 'r', 'i', 'a', 'm', 'o', 'l', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "gip-carif-idf.net", true */ 'g', 'i', 'p', '-', 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0', + /* "gip-carif-idf.org", true */ 'g', 'i', 'p', '-', 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'o', 'r', 'g', '\0', + /* "giraffeinflatables.co.uk", true */ 'g', 'i', 'r', 'a', 'f', 'f', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "giraffes.org", true */ 'g', 'i', 'r', 'a', 'f', 'f', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "giri.co", true */ 'g', 'i', 'r', 'i', '.', 'c', 'o', '\0', + /* "girlan.net", true */ 'g', 'i', 'r', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "girlsforum.com", true */ 'g', 'i', 'r', 'l', 's', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "girlsgenerationgoods.com", true */ 'g', 'i', 'r', 'l', 's', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'i', 'o', 'n', 'g', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "girlsgonesporty.com", true */ 'g', 'i', 'r', 'l', 's', 'g', 'o', 'n', 'e', 's', 'p', 'o', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "girlsnet.work", true */ 'g', 'i', 'r', 'l', 's', 'n', 'e', 't', '.', 'w', 'o', 'r', 'k', '\0', + /* "girsa.org", true */ 'g', 'i', 'r', 's', 'a', '.', 'o', 'r', 'g', '\0', + /* "girvas.ru", true */ 'g', 'i', 'r', 'v', 'a', 's', '.', 'r', 'u', '\0', + /* "gisgov.be", true */ 'g', 'i', 's', 'g', 'o', 'v', '.', 'b', 'e', '\0', + /* "gistr.io", true */ 'g', 'i', 's', 't', 'r', '.', 'i', 'o', '\0', + /* "git.market", true */ 'g', 'i', 't', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0', + /* "gitep.org.uk", true */ 'g', 'i', 't', 'e', 'p', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "gitesdeshautescourennes.com", true */ 'g', 'i', 't', 'e', 's', 'd', 'e', 's', 'h', 'a', 'u', 't', 'e', 's', 'c', 'o', 'u', 'r', 'e', 'n', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "github.com", true */ 'g', 'i', 't', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "github.party", false */ 'g', 'i', 't', 'h', 'u', 'b', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "gitla.in", true */ 'g', 'i', 't', 'l', 'a', '.', 'i', 'n', '\0', + /* "gitstuff.tk", true */ 'g', 'i', 't', 's', 't', 'u', 'f', 'f', '.', 't', 'k', '\0', + /* "gittigidiyor.com", true */ 'g', 'i', 't', 't', 'i', 'g', 'i', 'd', 'i', 'y', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "gittr.ch", true */ 'g', 'i', 't', 't', 'r', '.', 'c', 'h', '\0', + /* "giunchi.net", true */ 'g', 'i', 'u', 'n', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0', + /* "giuseppemacario.men", true */ 'g', 'i', 'u', 's', 'e', 'p', 'p', 'e', 'm', 'a', 'c', 'a', 'r', 'i', 'o', '.', 'm', 'e', 'n', '\0', + /* "givastar.com", true */ 'g', 'i', 'v', 'a', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "giveattheoffice.org", false */ 'g', 'i', 'v', 'e', 'a', 't', 't', 'h', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "giveme.online", true */ 'g', 'i', 'v', 'e', 'm', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "given2.com", true */ 'g', 'i', 'v', 'e', 'n', '2', '.', 'c', 'o', 'm', '\0', + /* "giverang.biz", true */ 'g', 'i', 'v', 'e', 'r', 'a', 'n', 'g', '.', 'b', 'i', 'z', '\0', + /* "giverang.com", true */ 'g', 'i', 'v', 'e', 'r', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "givesunlight.com", true */ 'g', 'i', 'v', 'e', 's', 'u', 'n', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "givingnexus.org", false */ 'g', 'i', 'v', 'i', 'n', 'g', 'n', 'e', 'x', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "gix.net.pl", true */ 'g', 'i', 'x', '.', 'n', 'e', 't', '.', 'p', 'l', '\0', + /* "gixtools.co.uk", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gixtools.com", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "gixtools.net", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'n', 'e', 't', '\0', + /* "gixtools.uk", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'u', 'k', '\0', + /* "gizmo.ovh", true */ 'g', 'i', 'z', 'm', 'o', '.', 'o', 'v', 'h', '\0', + /* "gj-bochum.de", true */ 'g', 'j', '-', 'b', 'o', 'c', 'h', 'u', 'm', '.', 'd', 'e', '\0', + /* "gjcampbell.co.uk", true */ 'g', 'j', 'c', 'a', 'm', 'p', 'b', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gjengset.com", true */ 'g', 'j', 'e', 'n', 'g', 's', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "gjspunk.de", false */ 'g', 'j', 's', 'p', 'u', 'n', 'k', '.', 'd', 'e', '\0', + /* "gjung.com", false */ 'g', 'j', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "gkralik.eu", true */ 'g', 'k', 'r', 'a', 'l', 'i', 'k', '.', 'e', 'u', '\0', + /* "gl.search.yahoo.com", false */ 'g', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "gladwellentertainments.co.uk", true */ 'g', 'l', 'a', 'd', 'w', 'e', 'l', 'l', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "glahcks.com", true */ 'g', 'l', 'a', 'h', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "glamguru.co.il", true */ 'g', 'l', 'a', 'm', 'g', 'u', 'r', 'u', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "glamguru.world", true */ 'g', 'l', 'a', 'm', 'g', 'u', 'r', 'u', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "glamour4you.de", true */ 'g', 'l', 'a', 'm', 'o', 'u', 'r', '4', 'y', 'o', 'u', '.', 'd', 'e', '\0', + /* "glasen-hardt.de", true */ 'g', 'l', 'a', 's', 'e', 'n', '-', 'h', 'a', 'r', 'd', 't', '.', 'd', 'e', '\0', + /* "glasfaser-im-hanseviertel.de", true */ 'g', 'l', 'a', 's', 'f', 'a', 's', 'e', 'r', '-', 'i', 'm', '-', 'h', 'a', 'n', 's', 'e', 'v', 'i', 'e', 'r', 't', 'e', 'l', '.', 'd', 'e', '\0', + /* "glasgestaltung.biz", true */ 'g', 'l', 'a', 's', 'g', 'e', 's', 't', 'a', 'l', 't', 'u', 'n', 'g', '.', 'b', 'i', 'z', '\0', + /* "glass.google.com", true */ 'g', 'l', 'a', 's', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "glasschmuck-millefiori.de", true */ 'g', 'l', 'a', 's', 's', 'c', 'h', 'm', 'u', 'c', 'k', '-', 'm', 'i', 'l', 'l', 'e', 'f', 'i', 'o', 'r', 'i', '.', 'd', 'e', '\0', + /* "glavsudexpertiza.ru", true */ 'g', 'l', 'a', 'v', 's', 'u', 'd', 'e', 'x', 'p', 'e', 'r', 't', 'i', 'z', 'a', '.', 'r', 'u', '\0', + /* "glazedmag.fr", true */ 'g', 'l', 'a', 'z', 'e', 'd', 'm', 'a', 'g', '.', 'f', 'r', '\0', + /* "glcastlekings.co.uk", true */ 'g', 'l', 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gleanview.com", true */ 'g', 'l', 'e', 'a', 'n', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "glencarbide.com", true */ 'g', 'l', 'e', 'n', 'c', 'a', 'r', 'b', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "glendarraghbouncycastles.co.uk", true */ 'g', 'l', 'e', 'n', 'd', 'a', 'r', 'r', 'a', 'g', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "glenhuntlyapartments.com.au", true */ 'g', 'l', 'e', 'n', 'h', 'u', 'n', 't', 'l', 'y', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "glidingshop.cz", true */ 'g', 'l', 'i', 'd', 'i', 'n', 'g', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0', + /* "glidingshop.de", true */ 'g', 'l', 'i', 'd', 'i', 'n', 'g', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0', + /* "glidingshop.eu", true */ 'g', 'l', 'i', 'd', 'i', 'n', 'g', 's', 'h', 'o', 'p', '.', 'e', 'u', '\0', + /* "glitchsys.com", true */ 'g', 'l', 'i', 't', 'c', 'h', 's', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "glloq.org", true */ 'g', 'l', 'l', 'o', 'q', '.', 'o', 'r', 'g', '\0', + /* "glob-coin.com", true */ 'g', 'l', 'o', 'b', '-', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "global-lights.ma", true */ 'g', 'l', 'o', 'b', 'a', 'l', '-', 'l', 'i', 'g', 'h', 't', 's', '.', 'm', 'a', '\0', + /* "global-office.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "global-village.koeln", true */ 'g', 'l', 'o', 'b', 'a', 'l', '-', 'v', 'i', 'l', 'l', 'a', 'g', 'e', '.', 'k', 'o', 'e', 'l', 'n', '\0', + /* "global.hr", true */ 'g', 'l', 'o', 'b', 'a', 'l', '.', 'h', 'r', '\0', + /* "globalchokepoints.org", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'c', 'h', 'o', 'k', 'e', 'p', 'o', 'i', 'n', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "globalelite.black", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'e', 'l', 'i', 't', 'e', '.', 'b', 'l', 'a', 'c', 'k', '\0', + /* "globalgivingtime.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'g', 'i', 'v', 'i', 'n', 'g', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "globalhealth.gov", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'o', 'v', '\0', + /* "globalhorses.de", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'h', 'o', 'r', 's', 'e', 's', '.', 'd', 'e', '\0', + /* "globalinstitutefortraining.org.au", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', 'f', 'o', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "globalisierung-fakten.de", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'i', 's', 'i', 'e', 'r', 'u', 'n', 'g', '-', 'f', 'a', 'k', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "globalnewsdaily.cf", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'n', 'e', 'w', 's', 'd', 'a', 'i', 'l', 'y', '.', 'c', 'f', '\0', + /* "globalnomadvintage.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'n', 'o', 'm', 'a', 'd', 'v', 'i', 'n', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "globalonetechnology.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'o', 'n', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "globalperspectivescanada.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'p', 'e', 'r', 's', 'p', 'e', 'c', 't', 'i', 'v', 'e', 's', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "globalprojetores.com.br", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'p', 'r', 'o', 'j', 'e', 't', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "globalresearchcouncil.org", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'c', 'o', 'u', 'n', 'c', 'i', 'l', '.', 'o', 'r', 'g', '\0', + /* "globalresistancecorporation.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'r', 'e', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "globaltennis.ca", true */ 'g', 'l', 'o', 'b', 'a', 'l', 't', 'e', 'n', 'n', 'i', 's', '.', 'c', 'a', '\0', + /* "globalventil.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'v', 'e', 'n', 't', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "globalvisions-events.ch", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'v', 'i', 's', 'i', 'o', 'n', 's', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0', + /* "globalvisions-events.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'v', 'i', 's', 'i', 'o', 'n', 's', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "globeinform.com", true */ 'g', 'l', 'o', 'b', 'e', 'i', 'n', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "globuli-info.de", true */ 'g', 'l', 'o', 'b', 'u', 'l', 'i', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0', + /* "glofox.com", true */ 'g', 'l', 'o', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "gloneta.com", false */ 'g', 'l', 'o', 'n', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "gloomyspark.com", true */ 'g', 'l', 'o', 'o', 'm', 'y', 's', 'p', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "gloomyvancouver.com", true */ 'g', 'l', 'o', 'o', 'm', 'y', 'v', 'a', 'n', 'c', 'o', 'u', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "glossopnorthendafc.co.uk", true */ 'g', 'l', 'o', 's', 's', 'o', 'p', 'n', 'o', 'r', 't', 'h', 'e', 'n', 'd', 'a', 'f', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "glueck-im-norden.de", true */ 'g', 'l', 'u', 'e', 'c', 'k', '-', 'i', 'm', '-', 'n', 'o', 'r', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "gluecksgriff-taschen.de", true */ 'g', 'l', 'u', 'e', 'c', 'k', 's', 'g', 'r', 'i', 'f', 'f', '-', 't', 'a', 's', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "glueckskindter.de", true */ 'g', 'l', 'u', 'e', 'c', 'k', 's', 'k', 'i', 'n', 'd', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "glyph.ws", true */ 'g', 'l', 'y', 'p', 'h', '.', 'w', 's', '\0', + /* "glyxins.com", true */ 'g', 'l', 'y', 'x', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "gm.search.yahoo.com", false */ 'g', 'm', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "gmail.com", false */ 'g', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "gmbh-kiekin.de", true */ 'g', 'm', 'b', 'h', '-', 'k', 'i', 'e', 'k', 'i', 'n', '.', 'd', 'e', '\0', + /* "gmc.uy", true */ 'g', 'm', 'c', '.', 'u', 'y', '\0', + /* "gmcd.co", true */ 'g', 'm', 'c', 'd', '.', 'c', 'o', '\0', + /* "gmdu.net", true */ 'g', 'm', 'd', 'u', '.', 'n', 'e', 't', '\0', + /* "gmind.ovh", true */ 'g', 'm', 'i', 'n', 'd', '.', 'o', 'v', 'h', '\0', + /* "gmod.de", true */ 'g', 'm', 'o', 'd', '.', 'd', 'e', '\0', + /* "gmpark.dk", true */ 'g', 'm', 'p', 'a', 'r', 'k', '.', 'd', 'k', '\0', + /* "gmpartsdb.com", true */ 'g', 'm', 'p', 'a', 'r', 't', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "gmta.nl", true */ 'g', 'm', 't', 'a', '.', 'n', 'l', '\0', + /* "gmw-hannover.de", true */ 'g', 'm', 'w', '-', 'h', 'a', 'n', 'n', 'o', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "gmw-ingenieurbuero.de", true */ 'g', 'm', 'w', '-', 'i', 'n', 'g', 'e', 'n', 'i', 'e', 'u', 'r', 'b', 'u', 'e', 'r', 'o', '.', 'd', 'e', '\0', + /* "gmx.at", true */ 'g', 'm', 'x', '.', 'a', 't', '\0', + /* "gmx.ch", true */ 'g', 'm', 'x', '.', 'c', 'h', '\0', + /* "gmx.co.uk", true */ 'g', 'm', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gmx.com", true */ 'g', 'm', 'x', '.', 'c', 'o', 'm', '\0', + /* "gmx.de", true */ 'g', 'm', 'x', '.', 'd', 'e', '\0', + /* "gmx.es", true */ 'g', 'm', 'x', '.', 'e', 's', '\0', + /* "gmx.fr", true */ 'g', 'm', 'x', '.', 'f', 'r', '\0', + /* "gmx.net", true */ 'g', 'm', 'x', '.', 'n', 'e', 't', '\0', + /* "gn00.com", true */ 'g', 'n', '0', '0', '.', 'c', 'o', 'm', '\0', + /* "gnax.jp", true */ 'g', 'n', 'a', 'x', '.', 'j', 'p', '\0', + /* "gnetion.com", true */ 'g', 'n', 'e', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "gnetwork.eu", true */ 'g', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '\0', + /* "gnhub.org", true */ 'g', 'n', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0', + /* "gnilebein.de", true */ 'g', 'n', 'i', 'l', 'e', 'b', 'e', 'i', 'n', '.', 'd', 'e', '\0', + /* "gnucashtoqif.us", true */ 'g', 'n', 'u', 'c', 'a', 's', 'h', 't', 'o', 'q', 'i', 'f', '.', 'u', 's', '\0', + /* "gnunet.org", true */ 'g', 'n', 'u', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "gnwp.eu", true */ 'g', 'n', 'w', 'p', '.', 'e', 'u', '\0', + /* "gnylf.com", true */ 'g', 'n', 'y', 'l', 'f', '.', 'c', 'o', 'm', '\0', + /* "go-embedded.de", true */ 'g', 'o', '-', 'e', 'm', 'b', 'e', 'd', 'd', 'e', 'd', '.', 'd', 'e', '\0', + /* "go-zh.org", true */ 'g', 'o', '-', 'z', 'h', '.', 'o', 'r', 'g', '\0', + /* "go.xero.com", false */ 'g', 'o', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "goalbookapp.com", true */ 'g', 'o', 'a', 'l', 'b', 'o', 'o', 'k', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "goalongtravels.com", true */ 'g', 'o', 'a', 'l', 'o', 'n', 'g', 't', 'r', 'a', 'v', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "goanalyse.co.uk", true */ 'g', 'o', 'a', 'n', 'a', 'l', 'y', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "goapunks.net", true */ 'g', 'o', 'a', 'p', 'u', 'n', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "goatcloud.com", true */ 'g', 'o', 'a', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "gobarrelroll.com", true */ 'g', 'o', 'b', 'a', 'r', 'r', 'e', 'l', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "goblinsatwork.com", true */ 'g', 'o', 'b', 'l', 'i', 'n', 's', 'a', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "gobouncy.co.uk", true */ 'g', 'o', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gobouncy.com", true */ 'g', 'o', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "gocardless.com", true */ 'g', 'o', 'c', 'a', 'r', 'd', 'l', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "gochu.se", true */ 'g', 'o', 'c', 'h', 'u', '.', 's', 'e', '\0', + /* "gocleanerslondon.co.uk", true */ 'g', 'o', 'c', 'l', 'e', 'a', 'n', 'e', 'r', 's', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "godesigner.ru", true */ 'g', 'o', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '.', 'r', 'u', '\0', + /* "godrive.ga", true */ 'g', 'o', 'd', 'r', 'i', 'v', 'e', '.', 'g', 'a', '\0', + /* "godsofhell.com", true */ 'g', 'o', 'd', 's', 'o', 'f', 'h', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "godsofhell.de", true */ 'g', 'o', 'd', 's', 'o', 'f', 'h', 'e', 'l', 'l', '.', 'd', 'e', '\0', + /* "goededoelkerstkaarten.nl", true */ 'g', 'o', 'e', 'd', 'e', 'd', 'o', 'e', 'l', 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "goedverzekerd.net", true */ 'g', 'o', 'e', 'd', 'v', 'e', 'r', 'z', 'e', 'k', 'e', 'r', 'd', '.', 'n', 'e', 't', '\0', + /* "goemail.me", true */ 'g', 'o', 'e', 'm', 'a', 'i', 'l', '.', 'm', 'e', '\0', + /* "goerres2014.de", true */ 'g', 'o', 'e', 'r', 'r', 'e', 's', '2', '0', '1', '4', '.', 'd', 'e', '\0', + /* "goetemp.de", true */ 'g', 'o', 'e', 't', 'e', 'm', 'p', '.', 'd', 'e', '\0', + /* "goffrie.com", true */ 'g', 'o', 'f', 'f', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "gofigure.fr", false */ 'g', 'o', 'f', 'i', 'g', 'u', 'r', 'e', '.', 'f', 'r', '\0', + /* "gofoiayourself.org", true */ 'g', 'o', 'f', 'o', 'i', 'a', 'y', 'o', 'u', 'r', 's', 'e', 'l', 'f', '.', 'o', 'r', 'g', '\0', + /* "gogle-analytics.com", true */ 'g', 'o', 'g', 'l', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "gogleapis.com", true */ 'g', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "gogoodyear.eu", true */ 'g', 'o', 'g', 'o', 'o', 'd', 'y', 'e', 'a', 'r', '.', 'e', 'u', '\0', + /* "gogrow.com", true */ 'g', 'o', 'g', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "gogsat.com", true */ 'g', 'o', 'g', 's', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "goguel.org", true */ 'g', 'o', 'g', 'u', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "gohon.org", true */ 'g', 'o', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "gohongi-katakori.com", true */ 'g', 'o', 'h', 'o', 'n', 'g', 'i', '-', 'k', 'a', 't', 'a', 'k', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "goingreen.com.au", true */ 'g', 'o', 'i', 'n', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "gokhankesici.com", true */ 'g', 'o', 'k', 'h', 'a', 'n', 'k', 'e', 's', 'i', 'c', 'i', '.', 'c', 'o', 'm', '\0', + /* "gokmenguresci.com", true */ 'g', 'o', 'k', 'm', 'e', 'n', 'g', 'u', 'r', 'e', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0', + /* "gold24.ru", true */ 'g', 'o', 'l', 'd', '2', '4', '.', 'r', 'u', '\0', + /* "goldcoasthypnotherapyhypnosis.com.au", true */ 'g', 'o', 'l', 'd', 'c', 'o', 'a', 's', 't', 'h', 'y', 'p', 'n', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'y', 'h', 'y', 'p', 'n', 'o', 's', 'i', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "goldcoaststumpbusters.com", true */ 'g', 'o', 'l', 'd', 'c', 'o', 'a', 's', 't', 's', 't', 'u', 'm', 'p', 'b', 'u', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "goldenbadger.de", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'b', 'a', 'd', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "goldendawnapersonalaffair.com", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'd', 'a', 'w', 'n', 'a', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', 'a', 'f', 'f', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "goldenhillsoftware.com", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'h', 'i', 'l', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "goldenhost.ca", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'h', 'o', 's', 't', '.', 'c', 'a', '\0', + /* "goldenplate.com.sg", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'p', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 's', 'g', '\0', + /* "goldfelt.com", true */ 'g', 'o', 'l', 'd', 'f', 'e', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "goldmark.com.au", true */ 'g', 'o', 'l', 'd', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "goldpreisfinder.at", true */ 'g', 'o', 'l', 'd', 'p', 'r', 'e', 'i', 's', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'a', 't', '\0', + /* "goldsecurity.com", true */ 'g', 'o', 'l', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "goldsky.com.au", true */ 'g', 'o', 'l', 'd', 's', 'k', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "golf18network.com", true */ 'g', 'o', 'l', 'f', '1', '8', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "golfburn.com", true */ 'g', 'o', 'l', 'f', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "golfhausmallorca.com", true */ 'g', 'o', 'l', 'f', 'h', 'a', 'u', 's', 'm', 'a', 'l', 'l', 'o', 'r', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "golfscape.com", true */ 'g', 'o', 'l', 'f', 's', 'c', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "golik.net.pl", true */ 'g', 'o', 'l', 'i', 'k', '.', 'n', 'e', 't', '.', 'p', 'l', '\0', + /* "golser.info", true */ 'g', 'o', 'l', 's', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "gomiblog.com", true */ 'g', 'o', 'm', 'i', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "gommista.roma.it", true */ 'g', 'o', 'm', 'm', 'i', 's', 't', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "gondawa.com", true */ 'g', 'o', 'n', 'd', 'a', 'w', 'a', '.', 'c', 'o', 'm', '\0', + /* "gongjianwei.com", true */ 'g', 'o', 'n', 'g', 'j', 'i', 'a', 'n', 'w', 'e', 'i', '.', 'c', 'o', 'm', '\0', + /* "gonkar.com", true */ 'g', 'o', 'n', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "gonx.dk", true */ 'g', 'o', 'n', 'x', '.', 'd', 'k', '\0', + /* "goo.gl", true */ 'g', 'o', 'o', '.', 'g', 'l', '\0', + /* "good-tips.pro", true */ 'g', 'o', 'o', 'd', '-', 't', 'i', 'p', 's', '.', 'p', 'r', 'o', '\0', + /* "gooday.life", true */ 'g', 'o', 'o', 'd', 'a', 'y', '.', 'l', 'i', 'f', 'e', '\0', + /* "gooddomainna.me", true */ 'g', 'o', 'o', 'd', 'd', 'o', 'm', 'a', 'i', 'n', 'n', 'a', '.', 'm', 'e', '\0', + /* "goodenough.nz", false */ 'g', 'o', 'o', 'd', 'e', 'n', 'o', 'u', 'g', 'h', '.', 'n', 'z', '\0', + /* "goodfeels.net", true */ 'g', 'o', 'o', 'd', 'f', 'e', 'e', 'l', 's', '.', 'n', 'e', 't', '\0', + /* "goodmengroup.de", true */ 'g', 'o', 'o', 'd', 'm', 'e', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'e', '\0', + /* "goods-memo.net", true */ 'g', 'o', 'o', 'd', 's', '-', 'm', 'e', 'm', 'o', '.', 'n', 'e', 't', '\0', + /* "goodsex4all.com.br", true */ 'g', 'o', 'o', 'd', 's', 'e', 'x', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "goodvibesblog.com", true */ 'g', 'o', 'o', 'd', 'v', 'i', 'b', 'e', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "goodyearsotn.co.uk", true */ 'g', 'o', 'o', 'd', 'y', 'e', 'a', 'r', 's', 'o', 't', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "google", true */ 'g', 'o', 'o', 'g', 'l', 'e', '\0', + /* "google-analytics.com", true */ 'g', 'o', 'o', 'g', 'l', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "googleandroid.cz", true */ 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'z', '\0', + /* "googlemail.com", false */ 'g', 'o', 'o', 'g', 'l', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "googleplex.com", true */ 'g', 'o', 'o', 'g', 'l', 'e', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "googlesource.com", true */ 'g', 'o', 'o', 'g', 'l', 'e', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "goombi.fr", true */ 'g', 'o', 'o', 'm', 'b', 'i', '.', 'f', 'r', '\0', + /* "goonersworld.co.uk", true */ 'g', 'o', 'o', 'n', 'e', 'r', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gootax.pro", true */ 'g', 'o', 'o', 't', 'a', 'x', '.', 'p', 'r', 'o', '\0', + /* "gopher.tk", true */ 'g', 'o', 'p', 'h', 'e', 'r', '.', 't', 'k', '\0', + /* "goproallaccess.com", true */ 'g', 'o', 'p', 'r', 'o', 'a', 'l', 'l', 'a', 'c', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "gorakukai.jp", true */ 'g', 'o', 'r', 'a', 'k', 'u', 'k', 'a', 'i', '.', 'j', 'p', '\0', + /* "gordonobrecht.com", true */ 'g', 'o', 'r', 'd', 'o', 'n', 'o', 'b', 'r', 'e', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "gordonscouts.com.au", true */ 'g', 'o', 'r', 'd', 'o', 'n', 's', 'c', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "gorf.chat", true */ 'g', 'o', 'r', 'f', '.', 'c', 'h', 'a', 't', '\0', + /* "gorf.club", true */ 'g', 'o', 'r', 'f', '.', 'c', 'l', 'u', 'b', '\0', + /* "gorky.media", true */ 'g', 'o', 'r', 'k', 'y', '.', 'm', 'e', 'd', 'i', 'a', '\0', + /* "gorn.ch", true */ 'g', 'o', 'r', 'n', '.', 'c', 'h', '\0', + /* "gorod74.ru", false */ 'g', 'o', 'r', 'o', 'd', '7', '4', '.', 'r', 'u', '\0', + /* "gorschenin.com", true */ 'g', 'o', 'r', 's', 'c', 'h', 'e', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "gosccs.com", true */ 'g', 'o', 's', 'c', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "gosciencegirls.com", true */ 'g', 'o', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "goshawkdb.io", true */ 'g', 'o', 's', 'h', 'a', 'w', 'k', 'd', 'b', '.', 'i', 'o', '\0', + /* "goshin-group.co.jp", true */ 'g', 'o', 's', 'h', 'i', 'n', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "gospelfollower.com", true */ 'g', 'o', 's', 'p', 'e', 'l', 'f', 'o', 'l', 'l', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "gospelofmark.ch", true */ 'g', 'o', 's', 'p', 'e', 'l', 'o', 'f', 'm', 'a', 'r', 'k', '.', 'c', 'h', '\0', + /* "gospelvestcination.de", true */ 'g', 'o', 's', 'p', 'e', 'l', 'v', 'e', 's', 't', 'c', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "gostudy.net", true */ 'g', 'o', 's', 't', 'u', 'd', 'y', '.', 'n', 'e', 't', '\0', + /* "gosuland.org", true */ 'g', 'o', 's', 'u', 'l', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0', + /* "gotech.com.eg", false */ 'g', 'o', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 'e', 'g', '\0', + /* "gothamlimo.com", true */ 'g', 'o', 't', 'h', 'a', 'm', 'l', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "gothic.dating", true */ 'g', 'o', 't', 'h', 'i', 'c', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "gotirupati.com", false */ 'g', 'o', 't', 'i', 'r', 'u', 'p', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "goto.google.com", true */ 'g', 'o', 't', 'o', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "goto.world", true */ 'g', 'o', 't', 'o', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "gotomi.info", true */ 'g', 'o', 't', 'o', 'm', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "gotoxy.at", true */ 'g', 'o', 't', 'o', 'x', 'y', '.', 'a', 't', '\0', + /* "goubi.me", true */ 'g', 'o', 'u', 'b', 'i', '.', 'm', 'e', '\0', + /* "goudenharynck.be", true */ 'g', 'o', 'u', 'd', 'e', 'n', 'h', 'a', 'r', 'y', 'n', 'c', 'k', '.', 'b', 'e', '\0', + /* "gouforit.com", true */ 'g', 'o', 'u', 'f', 'o', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "goukon.ru", true */ 'g', 'o', 'u', 'k', 'o', 'n', '.', 'r', 'u', '\0', + /* "gouldcooksey.com", true */ 'g', 'o', 'u', 'l', 'd', 'c', 'o', 'o', 'k', 's', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "goup.co", true */ 'g', 'o', 'u', 'p', '.', 'c', 'o', '\0', + /* "goup.com.tr", true */ 'g', 'o', 'u', 'p', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "gouptime.ml", true */ 'g', 'o', 'u', 'p', 't', 'i', 'm', 'e', '.', 'm', 'l', '\0', + /* "gourmetfestival.de", true */ 'g', 'o', 'u', 'r', 'm', 'e', 't', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0', + /* "gouthro-goteborg.se", true */ 'g', 'o', 'u', 't', 'h', 'r', 'o', '-', 'g', 'o', 't', 'e', 'b', 'o', 'r', 'g', '.', 's', 'e', '\0', + /* "gov.tc", true */ 'g', 'o', 'v', '.', 't', 'c', '\0', + /* "governmentjobs.gov", true */ 'g', 'o', 'v', 'e', 'r', 'n', 'm', 'e', 'n', 't', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0', + /* "governorhub.com", true */ 'g', 'o', 'v', 'e', 'r', 'n', 'o', 'r', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "govtjobs.blog", true */ 'g', 'o', 'v', 't', 'j', 'o', 'b', 's', '.', 'b', 'l', 'o', 'g', '\0', + /* "govtrack.us", true */ 'g', 'o', 'v', 't', 'r', 'a', 'c', 'k', '.', 'u', 's', '\0', + /* "gowe.wang", false */ 'g', 'o', 'w', 'e', '.', 'w', 'a', 'n', 'g', '\0', + /* "gowildrodeo.co.uk", true */ 'g', 'o', 'w', 'i', 'l', 'd', 'r', 'o', 'd', 'e', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gpalabs.com", true */ 'g', 'p', 'a', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "gpcsolutions.fr", true */ 'g', 'p', 'c', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0', + /* "gpdimaranathasiantar.org", true */ 'g', 'p', 'd', 'i', 'm', 'a', 'r', 'a', 'n', 'a', 't', 'h', 'a', 's', 'i', 'a', 'n', 't', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "gpfclan.de", true */ 'g', 'p', 'f', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0', + /* "gpio.gq", true */ 'g', 'p', 'i', 'o', '.', 'g', 'q', '\0', + /* "gplintegratedit.com", true */ 'g', 'p', 'l', 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "gprs.uk.com", true */ 'g', 'p', 'r', 's', '.', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "gps.com.br", true */ 'g', 'p', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "gpsarena.ro", true */ 'g', 'p', 's', 'a', 'r', 'e', 'n', 'a', '.', 'r', 'o', '\0', + /* "gpsfix.cz", true */ 'g', 'p', 's', 'f', 'i', 'x', '.', 'c', 'z', '\0', + /* "gpsolarpanels.com", true */ 'g', 'p', 's', 'o', 'l', 'a', 'r', 'p', 'a', 'n', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "gpsvideocanada.com", true */ 'g', 'p', 's', 'v', 'i', 'd', 'e', 'o', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "gpws.ovh", true */ 'g', 'p', 'w', 's', '.', 'o', 'v', 'h', '\0', + /* "gr.search.yahoo.com", false */ 'g', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "gra2.com", true */ 'g', 'r', 'a', '2', '.', 'c', 'o', 'm', '\0', + /* "graasp.net", false */ 'g', 'r', 'a', 'a', 's', 'p', '.', 'n', 'e', 't', '\0', + /* "grabi.ga", true */ 'g', 'r', 'a', 'b', 'i', '.', 'g', 'a', '\0', + /* "grace-wan.com", true */ 'g', 'r', 'a', 'c', 'e', '-', 'w', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "gracedays.org", true */ 'g', 'r', 'a', 'c', 'e', 'd', 'a', 'y', 's', '.', 'o', 'r', 'g', '\0', + /* "graceful-project.eu", true */ 'g', 'r', 'a', 'c', 'e', 'f', 'u', 'l', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'e', 'u', '\0', + /* "gracethrufaith.com", true */ 'g', 'r', 'a', 'c', 'e', 't', 'h', 'r', 'u', 'f', 'a', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "gracetini.com", true */ 'g', 'r', 'a', 'c', 'e', 't', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "graciousmay.com", true */ 'g', 'r', 'a', 'c', 'i', 'o', 'u', 's', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "grademymac.com", true */ 'g', 'r', 'a', 'd', 'e', 'm', 'y', 'm', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "grademypc.com", true */ 'g', 'r', 'a', 'd', 'e', 'm', 'y', 'p', 'c', '.', 'c', 'o', 'm', '\0', + /* "gradienthosting.co.uk", true */ 'g', 'r', 'a', 'd', 'i', 'e', 'n', 't', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gradients.com", true */ 'g', 'r', 'a', 'd', 'i', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "gradualgram.com", true */ 'g', 'r', 'a', 'd', 'u', 'a', 'l', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "graeber.com", true */ 'g', 'r', 'a', 'e', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "graetnew.com", true */ 'g', 'r', 'a', 'e', 't', 'n', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "graf.re", true */ 'g', 'r', 'a', 'f', '.', 'r', 'e', '\0', + /* "grafcaps.com", true */ 'g', 'r', 'a', 'f', 'c', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "graffen.dk", true */ 'g', 'r', 'a', 'f', 'f', 'e', 'n', '.', 'd', 'k', '\0', + /* "grafmurr.de", true */ 'g', 'r', 'a', 'f', 'm', 'u', 'r', 'r', '.', 'd', 'e', '\0', + /* "grahamofthewheels.com", true */ 'g', 'r', 'a', 'h', 'a', 'm', 'o', 'f', 't', 'h', 'e', 'w', 'h', 'e', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "grailians.com", true */ 'g', 'r', 'a', 'i', 'l', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "graingert.co.uk", true */ 'g', 'r', 'a', 'i', 'n', 'g', 'e', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "graliv.net", false */ 'g', 'r', 'a', 'l', 'i', 'v', '.', 'n', 'e', 't', '\0', + /* "gramati.com.br", true */ 'g', 'r', 'a', 'm', 'a', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "grammysgrid.com", true */ 'g', 'r', 'a', 'm', 'm', 'y', 's', 'g', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "granary-demo.appspot.com", false */ 'g', 'r', 'a', 'n', 'a', 'r', 'y', '-', 'd', 'e', 'm', 'o', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "grandcapital.cn", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'n', '\0', + /* "grandcapital.id", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'i', 'd', '\0', + /* "grandcapital.ru", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'r', 'u', '\0', + /* "grandcastles.co.uk", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "grandchamproofing.com", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'h', 'a', 'm', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "grandchene.ch", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'h', 'e', 'n', 'e', '.', 'c', 'h', '\0', + /* "grande.coffee", true */ 'g', 'r', 'a', 'n', 'd', 'e', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "grandefratellonews.com", true */ 'g', 'r', 'a', 'n', 'd', 'e', 'f', 'r', 'a', 't', 'e', 'l', 'l', 'o', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "grandeto.com", true */ 'g', 'r', 'a', 'n', 'd', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "grandjunctionbrewing.com", true */ 'g', 'r', 'a', 'n', 'd', 'j', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'b', 'r', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "grandmasfridge.org", true */ 'g', 'r', 'a', 'n', 'd', 'm', 'a', 's', 'f', 'r', 'i', 'd', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "grandpadusercontent.com", true */ 'g', 'r', 'a', 'n', 'd', 'p', 'a', 'd', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "grandwailea.com", true */ 'g', 'r', 'a', 'n', 'd', 'w', 'a', 'i', 'l', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "grannys-stats.com", true */ 'g', 'r', 'a', 'n', 'n', 'y', 's', '-', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "grannyshouse.de", true */ 'g', 'r', 'a', 'n', 'n', 'y', 's', 'h', 'o', 'u', 's', 'e', '.', 'd', 'e', '\0', + /* "grantcooper.com", true */ 'g', 'r', 'a', 'n', 't', 'c', 'o', 'o', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "grantdb.ca", true */ 'g', 'r', 'a', 'n', 't', 'd', 'b', '.', 'c', 'a', '\0', + /* "grantmorrison.net", true */ 'g', 'r', 'a', 'n', 't', 'm', 'o', 'r', 'r', 'i', 's', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "granular.ag", true */ 'g', 'r', 'a', 'n', 'u', 'l', 'a', 'r', '.', 'a', 'g', '\0', + /* "graonatural.com.br", true */ 'g', 'r', 'a', 'o', 'n', 'a', 't', 'u', 'r', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "grapee.jp", true */ 'g', 'r', 'a', 'p', 'e', 'e', '.', 'j', 'p', '\0', + /* "grapeintentions.com", true */ 'g', 'r', 'a', 'p', 'e', 'i', 'n', 't', 'e', 'n', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "graphcommons.com", true */ 'g', 'r', 'a', 'p', 'h', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "graphene.software", true */ 'g', 'r', 'a', 'p', 'h', 'e', 'n', 'e', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0', + /* "grapholio.net", true */ 'g', 'r', 'a', 'p', 'h', 'o', 'l', 'i', 'o', '.', 'n', 'e', 't', '\0', + /* "grasmark.com", true */ 'g', 'r', 'a', 's', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "grassenberg.de", true */ 'g', 'r', 'a', 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0', + /* "grasshoppervape.com", true */ 'g', 'r', 'a', 's', 's', 'h', 'o', 'p', 'p', 'e', 'r', 'v', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "gratis-lovecheck.de", true */ 'g', 'r', 'a', 't', 'i', 's', '-', 'l', 'o', 'v', 'e', 'c', 'h', 'e', 'c', 'k', '.', 'd', 'e', '\0', + /* "gratitudeabundancepassion.com", true */ 'g', 'r', 'a', 't', 'i', 't', 'u', 'd', 'e', 'a', 'b', 'u', 'n', 'd', 'a', 'n', 'c', 'e', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "grattan.co.uk", true */ 'g', 'r', 'a', 't', 't', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "graumeier.de", true */ 'g', 'r', 'a', 'u', 'm', 'e', 'i', 'e', 'r', '.', 'd', 'e', '\0', + /* "gravitascreative.net", true */ 'g', 'r', 'a', 'v', 'i', 't', 'a', 's', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'n', 'e', 't', '\0', + /* "gravitechthai.com", true */ 'g', 'r', 'a', 'v', 'i', 't', 'e', 'c', 'h', 't', 'h', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "gravity-dev.de", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', '-', 'd', 'e', 'v', '.', 'd', 'e', '\0', + /* "gravity-inc.net", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', '-', 'i', 'n', 'c', '.', 'n', 'e', 't', '\0', + /* "gravityformspdfextended.com", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', 'f', 'o', 'r', 'm', 's', 'p', 'd', 'f', 'e', 'x', 't', 'e', 'n', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "gravitypdf.com", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0', + /* "grawe-blog.at", true */ 'g', 'r', 'a', 'w', 'e', '-', 'b', 'l', 'o', 'g', '.', 'a', 't', '\0', + /* "grayclub.co.il", true */ 'g', 'r', 'a', 'y', 'c', 'l', 'u', 'b', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "grayhatter.com", true */ 'g', 'r', 'a', 'y', 'h', 'a', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "graymalk.in", true */ 'g', 'r', 'a', 'y', 'm', 'a', 'l', 'k', '.', 'i', 'n', '\0', + /* "grayowlworks.com", true */ 'g', 'r', 'a', 'y', 'o', 'w', 'l', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "grayscale.co", true */ 'g', 'r', 'a', 'y', 's', 'c', 'a', 'l', 'e', '.', 'c', 'o', '\0', + /* "grayson.sh", true */ 'g', 'r', 'a', 'y', 's', 'o', 'n', '.', 's', 'h', '\0', + /* "graysonsmith.co.uk", true */ 'g', 'r', 'a', 'y', 's', 'o', 'n', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "grc.com", false */ 'g', 'r', 'c', '.', 'c', 'o', 'm', '\0', + /* "greatfire.org", true */ 'g', 'r', 'e', 'a', 't', 'f', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "greatislandarts.ca", true */ 'g', 'r', 'e', 'a', 't', 'i', 's', 'l', 'a', 'n', 'd', 'a', 'r', 't', 's', '.', 'c', 'a', '\0', + /* "greatlakeside.de", true */ 'g', 'r', 'e', 'a', 't', 'l', 'a', 'k', 'e', 's', 'i', 'd', 'e', '.', 'd', 'e', '\0', + /* "greboid.co.uk", true */ 'g', 'r', 'e', 'b', 'o', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "greboid.com", true */ 'g', 'r', 'e', 'b', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "greditsoft.com", true */ 'g', 'r', 'e', 'd', 'i', 't', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "greedbutt.com", true */ 'g', 'r', 'e', 'e', 'd', 'b', 'u', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "greek.dating", true */ 'g', 'r', 'e', 'e', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "green-attitude.be", true */ 'g', 'r', 'e', 'e', 'n', '-', 'a', 't', 't', 'i', 't', 'u', 'd', 'e', '.', 'b', 'e', '\0', + /* "green-care.nl", true */ 'g', 'r', 'e', 'e', 'n', '-', 'c', 'a', 'r', 'e', '.', 'n', 'l', '\0', + /* "green-light.cf", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'c', 'f', '\0', + /* "green-light.co.nz", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "green-light.ga", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'g', 'a', '\0', + /* "green-light.gq", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'g', 'q', '\0', + /* "green-light.ml", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'm', 'l', '\0', + /* "greenaddress.it", true */ 'g', 'r', 'e', 'e', 'n', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'i', 't', '\0', + /* "greencircleplantnursery.com.au", true */ 'g', 'r', 'e', 'e', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 'p', 'l', 'a', 'n', 't', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "greencircleplantnursery.net.au", true */ 'g', 'r', 'e', 'e', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 'p', 'l', 'a', 'n', 't', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "greenglam.biz", true */ 'g', 'r', 'e', 'e', 'n', 'g', 'l', 'a', 'm', '.', 'b', 'i', 'z', '\0', + /* "greengoblindev.com", true */ 'g', 'r', 'e', 'e', 'n', 'g', 'o', 'b', 'l', 'i', 'n', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "greenliquidsystem.com", true */ 'g', 'r', 'e', 'e', 'n', 'l', 'i', 'q', 'u', 'i', 'd', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "greenpartyofnewmilford.org", true */ 'g', 'r', 'e', 'e', 'n', 'p', 'a', 'r', 't', 'y', 'o', 'f', 'n', 'e', 'w', 'm', 'i', 'l', 'f', 'o', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "greenpeace-magazin.de", true */ 'g', 'r', 'e', 'e', 'n', 'p', 'e', 'a', 'c', 'e', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0', + /* "greenpeace.berlin", true */ 'g', 'r', 'e', 'e', 'n', 'p', 'e', 'a', 'c', 'e', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0', + /* "greenroach.ru", true */ 'g', 'r', 'e', 'e', 'n', 'r', 'o', 'a', 'c', 'h', '.', 'r', 'u', '\0', + /* "greensdictofslang.com", true */ 'g', 'r', 'e', 'e', 'n', 's', 'd', 'i', 'c', 't', 'o', 'f', 's', 'l', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "greensquare.tk", true */ 'g', 'r', 'e', 'e', 'n', 's', 'q', 'u', 'a', 'r', 'e', '.', 't', 'k', '\0', + /* "greenteamtwente.nl", true */ 'g', 'r', 'e', 'e', 'n', 't', 'e', 'a', 'm', 't', 'w', 'e', 'n', 't', 'e', '.', 'n', 'l', '\0', + /* "greenville.ag", true */ 'g', 'r', 'e', 'e', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'a', 'g', '\0', + /* "greenwithdecor.com", true */ 'g', 'r', 'e', 'e', 'n', 'w', 'i', 't', 'h', 'd', 'e', 'c', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "greg.red", true */ 'g', 'r', 'e', 'g', '.', 'r', 'e', 'd', '\0', + /* "greger.me", true */ 'g', 'r', 'e', 'g', 'e', 'r', '.', 'm', 'e', '\0', + /* "gregmilton.com", true */ 'g', 'r', 'e', 'g', 'm', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "gregoirow.be", true */ 'g', 'r', 'e', 'g', 'o', 'i', 'r', 'o', 'w', '.', 'b', 'e', '\0', + /* "gregorians.org", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'i', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "gregorkofler.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'k', 'o', 'f', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "gregorykelleher.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'y', 'k', 'e', 'l', 'l', 'e', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "gregoryrealestategroup.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'y', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "gregorywiest.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'y', 'w', 'i', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "grenadiercorps-kaarst.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'c', 'o', 'r', 'p', 's', '-', 'k', 'a', 'a', 'r', 's', 't', '.', 'd', 'e', '\0', + /* "grenadiere-kaarst.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'e', '-', 'k', 'a', 'a', 'r', 's', 't', '.', 'd', 'e', '\0', + /* "grenadierkorps-kaarst.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'k', 'o', 'r', 'p', 's', '-', 'k', 'a', 'a', 'r', 's', 't', '.', 'd', 'e', '\0', + /* "grenadierkorps.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'k', 'o', 'r', 'p', 's', '.', 'd', 'e', '\0', + /* "grendel.no", true */ 'g', 'r', 'e', 'n', 'd', 'e', 'l', '.', 'n', 'o', '\0', + /* "grepmaste.rs", true */ 'g', 'r', 'e', 'p', 'm', 'a', 's', 't', 'e', '.', 'r', 's', '\0', + /* "grepular.com", true */ 'g', 'r', 'e', 'p', 'u', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "gresak.io", true */ 'g', 'r', 'e', 's', 'a', 'k', '.', 'i', 'o', '\0', + /* "grettogeek.com", true */ 'g', 'r', 'e', 't', 't', 'o', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "greve.xyz", true */ 'g', 'r', 'e', 'v', 'e', '.', 'x', 'y', 'z', '\0', + /* "grey.house", true */ 'g', 'r', 'e', 'y', '.', 'h', 'o', 'u', 's', 'e', '\0', + /* "greybit.net", true */ 'g', 'r', 'e', 'y', 'b', 'i', 't', '.', 'n', 'e', 't', '\0', + /* "greyhash.se", true */ 'g', 'r', 'e', 'y', 'h', 'a', 's', 'h', '.', 's', 'e', '\0', + /* "greysky.me", true */ 'g', 'r', 'e', 'y', 's', 'k', 'y', '.', 'm', 'e', '\0', + /* "greyskymedia.com", true */ 'g', 'r', 'e', 'y', 's', 'k', 'y', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "greysolutions.it", true */ 'g', 'r', 'e', 'y', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'i', 't', '\0', + /* "greywizard.com", true */ 'g', 'r', 'e', 'y', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "grh.am", true */ 'g', 'r', 'h', '.', 'a', 'm', '\0', + /* "grian-bam.at", true */ 'g', 'r', 'i', 'a', 'n', '-', 'b', 'a', 'm', '.', 'a', 't', '\0', + /* "gridle.io", true */ 'g', 'r', 'i', 'd', 'l', 'e', '.', 'i', 'o', '\0', + /* "grieg-gaarden.no", true */ 'g', 'r', 'i', 'e', 'g', '-', 'g', 'a', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'o', '\0', + /* "grieg.com", true */ 'g', 'r', 'i', 'e', 'g', '.', 'c', 'o', 'm', '\0', + /* "grieg.net", true */ 'g', 'r', 'i', 'e', 'g', '.', 'n', 'e', 't', '\0', + /* "grieg.no", true */ 'g', 'r', 'i', 'e', 'g', '.', 'n', 'o', '\0', + /* "grieg.org", true */ 'g', 'r', 'i', 'e', 'g', '.', 'o', 'r', 'g', '\0', + /* "griegfoundation.no", true */ 'g', 'r', 'i', 'e', 'g', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'n', 'o', '\0', + /* "grieglogistics.no", true */ 'g', 'r', 'i', 'e', 'g', 'l', 'o', 'g', 'i', 's', 't', 'i', 'c', 's', '.', 'n', 'o', '\0', + /* "griegshipbrokers.com", true */ 'g', 'r', 'i', 'e', 'g', 's', 'h', 'i', 'p', 'b', 'r', 'o', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "griegshipbrokers.no", true */ 'g', 'r', 'i', 'e', 'g', 's', 'h', 'i', 'p', 'b', 'r', 'o', 'k', 'e', 'r', 's', '.', 'n', 'o', '\0', + /* "griesser2.de", true */ 'g', 'r', 'i', 'e', 's', 's', 'e', 'r', '2', '.', 'd', 'e', '\0', + /* "grillteller42.de", true */ 'g', 'r', 'i', 'l', 'l', 't', 'e', 'l', 'l', 'e', 'r', '4', '2', '.', 'd', 'e', '\0', + /* "grimcalc.com", true */ 'g', 'r', 'i', 'm', 'c', 'a', 'l', 'c', '.', 'c', 'o', 'm', '\0', + /* "grimm-gastrobedarf.de", true */ 'g', 'r', 'i', 'm', 'm', '-', 'g', 'a', 's', 't', 'r', 'o', 'b', 'e', 'd', 'a', 'r', 'f', '.', 'd', 'e', '\0', + /* "grimneko.de", true */ 'g', 'r', 'i', 'm', 'n', 'e', 'k', 'o', '.', 'd', 'e', '\0', + /* "grinnellplans.com", true */ 'g', 'r', 'i', 'n', 'n', 'e', 'l', 'l', 'p', 'l', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "gripnijmegen.rip", true */ 'g', 'r', 'i', 'p', 'n', 'i', 'j', 'm', 'e', 'g', 'e', 'n', '.', 'r', 'i', 'p', '\0', + /* "gritte.ch", true */ 'g', 'r', 'i', 't', 't', 'e', '.', 'c', 'h', '\0', + /* "grizzlys.com", true */ 'g', 'r', 'i', 'z', 'z', 'l', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "grmp.fr", true */ 'g', 'r', 'm', 'p', '.', 'f', 'r', '\0', + /* "groben-itsolutions.de", true */ 'g', 'r', 'o', 'b', 'e', 'n', '-', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0', + /* "grocock.me.uk", true */ 'g', 'r', 'o', 'c', 'o', 'c', 'k', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "groenaquasolutions.nl", true */ 'g', 'r', 'o', 'e', 'n', 'a', 'q', 'u', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'n', 'l', '\0', + /* "groentefruitzeep.com", true */ 'g', 'r', 'o', 'e', 'n', 't', 'e', 'f', 'r', 'u', 'i', 't', 'z', 'e', 'e', 'p', '.', 'c', 'o', 'm', '\0', + /* "groentefruitzeep.nl", true */ 'g', 'r', 'o', 'e', 'n', 't', 'e', 'f', 'r', 'u', 'i', 't', 'z', 'e', 'e', 'p', '.', 'n', 'l', '\0', + /* "groepjam-usedcars.be", true */ 'g', 'r', 'o', 'e', 'p', 'j', 'a', 'm', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "grog.pw", true */ 'g', 'r', 'o', 'g', '.', 'p', 'w', '\0', + /* "grokker.com", true */ 'g', 'r', 'o', 'k', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "groklearning.com", true */ 'g', 'r', 'o', 'k', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "grolimur.ch", true */ 'g', 'r', 'o', 'l', 'i', 'm', 'u', 'r', '.', 'c', 'h', '\0', + /* "gronau-it-cloud-computing.de", true */ 'g', 'r', 'o', 'n', 'a', 'u', '-', 'i', 't', '-', 'c', 'l', 'o', 'u', 'd', '-', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "grondius.com", true */ 'g', 'r', 'o', 'n', 'd', 'i', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "grootinadvies.nl", true */ 'g', 'r', 'o', 'o', 't', 'i', 'n', 'a', 'd', 'v', 'i', 'e', 's', '.', 'n', 'l', '\0', + /* "groovydisk.com", true */ 'g', 'r', 'o', 'o', 'v', 'y', 'd', 'i', 's', 'k', '.', 'c', 'o', 'm', '\0', + /* "groovygoldfish.org", true */ 'g', 'r', 'o', 'o', 'v', 'y', 'g', 'o', 'l', 'd', 'f', 'i', 's', 'h', '.', 'o', 'r', 'g', '\0', + /* "gropp.org", true */ 'g', 'r', 'o', 'p', 'p', '.', 'o', 'r', 'g', '\0', + /* "grossberger-ge.org", true */ 'g', 'r', 'o', 's', 's', 'b', 'e', 'r', 'g', 'e', 'r', '-', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "groszek.pl", true */ 'g', 'r', 'o', 's', 'z', 'e', 'k', '.', 'p', 'l', '\0', + /* "groth.im", true */ 'g', 'r', 'o', 't', 'h', '.', 'i', 'm', '\0', + /* "groth.xyz", true */ 'g', 'r', 'o', 't', 'h', '.', 'x', 'y', 'z', '\0', + /* "grothoff.org", true */ 'g', 'r', 'o', 't', 'h', 'o', 'f', 'f', '.', 'o', 'r', 'g', '\0', + /* "grouchysysadmin.com", true */ 'g', 'r', 'o', 'u', 'c', 'h', 'y', 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "group4layers.net", true */ 'g', 'r', 'o', 'u', 'p', '4', 'l', 'a', 'y', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "groupe-neurologique-nord.lu", true */ 'g', 'r', 'o', 'u', 'p', 'e', '-', 'n', 'e', 'u', 'r', 'o', 'l', 'o', 'g', 'i', 'q', 'u', 'e', '-', 'n', 'o', 'r', 'd', '.', 'l', 'u', '\0', + /* "groupebaillargeon.com", true */ 'g', 'r', 'o', 'u', 'p', 'e', 'b', 'a', 'i', 'l', 'l', 'a', 'r', 'g', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "groupghistelinck-cars.be", true */ 'g', 'r', 'o', 'u', 'p', 'g', 'h', 'i', 's', 't', 'e', 'l', 'i', 'n', 'c', 'k', '-', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "grouphomes.com.au", false */ 'g', 'r', 'o', 'u', 'p', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "groupme.com", true */ 'g', 'r', 'o', 'u', 'p', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "groups.google.com", true */ 'g', 'r', 'o', 'u', 'p', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "growingmetrics.com", true */ 'g', 'r', 'o', 'w', 'i', 'n', 'g', 'm', 'e', 't', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "growy.ch", true */ 'g', 'r', 'o', 'w', 'y', '.', 'c', 'h', '\0', + /* "grsecurity.net", true */ 'g', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'e', 't', '\0', + /* "gruebebraeu.ch", true */ 'g', 'r', 'u', 'e', 'b', 'e', 'b', 'r', 'a', 'e', 'u', '.', 'c', 'h', '\0', + /* "gruelang.org", true */ 'g', 'r', 'u', 'e', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "gruenderlehrstuhl.de", true */ 'g', 'r', 'u', 'e', 'n', 'd', 'e', 'r', 'l', 'e', 'h', 'r', 's', 't', 'u', 'h', 'l', '.', 'd', 'e', '\0', + /* "gruene-im-rvr.de", true */ 'g', 'r', 'u', 'e', 'n', 'e', '-', 'i', 'm', '-', 'r', 'v', 'r', '.', 'd', 'e', '\0', + /* "gruene-wattenscheid.de", true */ 'g', 'r', 'u', 'e', 'n', 'e', '-', 'w', 'a', 't', 't', 'e', 'n', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0', + /* "gruenes-wp.de", true */ 'g', 'r', 'u', 'e', 'n', 'e', 's', '-', 'w', 'p', '.', 'd', 'e', '\0', + /* "gruenprint.de", true */ 'g', 'r', 'u', 'e', 'n', 'p', 'r', 'i', 'n', 't', '.', 'd', 'e', '\0', + /* "grumpy.fr", true */ 'g', 'r', 'u', 'm', 'p', 'y', '.', 'f', 'r', '\0', + /* "grunwasser.fr", true */ 'g', 'r', 'u', 'n', 'w', 'a', 's', 's', 'e', 'r', '.', 'f', 'r', '\0', + /* "grupomakben.com", true */ 'g', 'r', 'u', 'p', 'o', 'm', 'a', 'k', 'b', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "grupoparco.com", true */ 'g', 'r', 'u', 'p', 'o', 'p', 'a', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "grusenmeyer.be", true */ 'g', 'r', 'u', 's', 'e', 'n', 'm', 'e', 'y', 'e', 'r', '.', 'b', 'e', '\0', + /* "grusig-geil.ch", true */ 'g', 'r', 'u', 's', 'i', 'g', '-', 'g', 'e', 'i', 'l', '.', 'c', 'h', '\0', + /* "gruwa.net", true */ 'g', 'r', 'u', 'w', 'a', '.', 'n', 'e', 't', '\0', + /* "grytics.com", true */ 'g', 'r', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "gs-net.at", true */ 'g', 's', '-', 'n', 'e', 't', '.', 'a', 't', '\0', + /* "gs93.de", true */ 'g', 's', '9', '3', '.', 'd', 'e', '\0', + /* "gscloud.xyz", true */ 'g', 's', 'c', 'l', 'o', 'u', 'd', '.', 'x', 'y', 'z', '\0', + /* "gsgs.se", true */ 'g', 's', 'g', 's', '.', 's', 'e', '\0', + /* "gsi-network.com", true */ 'g', 's', 'i', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "gsimagebank.co.uk", true */ 'g', 's', 'i', 'm', 'a', 'g', 'e', 'b', 'a', 'n', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gslink.me", true */ 'g', 's', 'l', 'i', 'n', 'k', '.', 'm', 'e', '\0', + /* "gsmkungen.com", true */ 'g', 's', 'm', 'k', 'u', 'n', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "gsmsecurity.net", true */ 'g', 's', 'm', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'e', 't', '\0', + /* "gsoc.se", true */ 'g', 's', 'o', 'c', '.', 's', 'e', '\0', + /* "gsrc.io", true */ 'g', 's', 'r', 'c', '.', 'i', 'o', '\0', + /* "gst.name", true */ 'g', 's', 't', '.', 'n', 'a', 'm', 'e', '\0', + /* "gst.priv.at", true */ 'g', 's', 't', '.', 'p', 'r', 'i', 'v', '.', 'a', 't', '\0', + /* "gt-mp.net", true */ 'g', 't', '-', 'm', 'p', '.', 'n', 'e', 't', '\0', + /* "gt-network.de", true */ 'g', 't', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0', + /* "gta-arabs.com", true */ 'g', 't', 'a', '-', 'a', 'r', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "gta5voice.net", true */ 'g', 't', 'a', '5', 'v', 'o', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "gtaforum.nl", true */ 'g', 't', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'l', '\0', + /* "gtalife.net", true */ 'g', 't', 'a', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0', + /* "gtchipsi.org", true */ 'g', 't', 'c', 'h', 'i', 'p', 's', 'i', '.', 'o', 'r', 'g', '\0', + /* "gtcprojects.com", true */ 'g', 't', 'c', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "gtdgo.com", true */ 'g', 't', 'd', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "gtmasterclub.it", false */ 'g', 't', 'm', 'a', 's', 't', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'i', 't', '\0', + /* "gtmetrix.com", true */ 'g', 't', 'm', 'e', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "gtopala.com", true */ 'g', 't', 'o', 'p', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "gtour.info", true */ 'g', 't', 'o', 'u', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "gtravers-basketmaker.co.uk", true */ 'g', 't', 'r', 'a', 'v', 'e', 'r', 's', '-', 'b', 'a', 's', 'k', 'e', 't', 'm', 'a', 'k', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gtts.space", true */ 'g', 't', 't', 's', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "guardian360.nl", true */ 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '3', '6', '0', '.', 'n', 'l', '\0', + /* "guardianproject.info", true */ 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "guardiansoftheearth.org", true */ 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', 's', 'o', 'f', 't', 'h', 'e', 'e', 'a', 'r', 't', 'h', '.', 'o', 'r', 'g', '\0', + /* "gudini.net", true */ 'g', 'u', 'd', 'i', 'n', 'i', '.', 'n', 'e', 't', '\0', + /* "guelo.ch", true */ 'g', 'u', 'e', 'l', 'o', '.', 'c', 'h', '\0', + /* "guelphhydropool.com", true */ 'g', 'u', 'e', 'l', 'p', 'h', 'h', 'y', 'd', 'r', 'o', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "guenthereder.at", true */ 'g', 'u', 'e', 'n', 't', 'h', 'e', 'r', 'e', 'd', 'e', 'r', '.', 'a', 't', '\0', + /* "guerrilla.technology", true */ 'g', 'u', 'e', 'r', 'r', 'i', 'l', 'l', 'a', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0', + /* "guesthouse-namaste.com", true */ 'g', 'u', 'e', 's', 't', 'h', 'o', 'u', 's', 'e', '-', 'n', 'a', 'm', 'a', 's', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "guevener.de", true */ 'g', 'u', 'e', 'v', 'e', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "gueze-ardeche.fr", true */ 'g', 'u', 'e', 'z', 'e', '-', 'a', 'r', 'd', 'e', 'c', 'h', 'e', '.', 'f', 'r', '\0', + /* "gueze-sas.fr", true */ 'g', 'u', 'e', 'z', 'e', '-', 's', 'a', 's', '.', 'f', 'r', '\0', + /* "gufen.ga", true */ 'g', 'u', 'f', 'e', 'n', '.', 'g', 'a', '\0', + /* "guffr.it", true */ 'g', 'u', 'f', 'f', 'r', '.', 'i', 't', '\0', + /* "guge.ch", true */ 'g', 'u', 'g', 'e', '.', 'c', 'h', '\0', + /* "gugert.net", true */ 'g', 'u', 'g', 'e', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "guhei.net", true */ 'g', 'u', 'h', 'e', 'i', '.', 'n', 'e', 't', '\0', + /* "guhenry3.tk", true */ 'g', 'u', 'h', 'e', 'n', 'r', 'y', '3', '.', 't', 'k', '\0', + /* "guichet-entreprises.fr", true */ 'g', 'u', 'i', 'c', 'h', 'e', 't', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', 's', '.', 'f', 'r', '\0', + /* "guichet-qualifications.fr", true */ 'g', 'u', 'i', 'c', 'h', 'e', 't', '-', 'q', 'u', 'a', 'l', 'i', 'f', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0', + /* "guid2steamid.com", true */ 'g', 'u', 'i', 'd', '2', 's', 't', 'e', 'a', 'm', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "guid2steamid.pw", true */ 'g', 'u', 'i', 'd', '2', 's', 't', 'e', 'a', 'm', 'i', 'd', '.', 'p', 'w', '\0', + /* "guide-peche-cantal.com", true */ 'g', 'u', 'i', 'd', 'e', '-', 'p', 'e', 'c', 'h', 'e', '-', 'c', 'a', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "guidechecking.com", true */ 'g', 'u', 'i', 'd', 'e', 'c', 'h', 'e', 'c', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "guidedselling.net", true */ 'g', 'u', 'i', 'd', 'e', 'd', 's', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "guideo.ch", true */ 'g', 'u', 'i', 'd', 'e', 'o', '.', 'c', 'h', '\0', + /* "guides-peche64.com", true */ 'g', 'u', 'i', 'd', 'e', 's', '-', 'p', 'e', 'c', 'h', 'e', '6', '4', '.', 'c', 'o', 'm', '\0', + /* "guidetoiceland.is", false */ 'g', 'u', 'i', 'd', 'e', 't', 'o', 'i', 'c', 'e', 'l', 'a', 'n', 'd', '.', 'i', 's', '\0', + /* "guildgearscore.cf", false */ 'g', 'u', 'i', 'l', 'd', 'g', 'e', 'a', 'r', 's', 'c', 'o', 'r', 'e', '.', 'c', 'f', '\0', + /* "guildofmusicsupervisors.co.uk", true */ 'g', 'u', 'i', 'l', 'd', 'o', 'f', 'm', 'u', 's', 'i', 'c', 's', 'u', 'p', 'e', 'r', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "guillaume-briand.fr", true */ 'g', 'u', 'i', 'l', 'l', 'a', 'u', 'm', 'e', '-', 'b', 'r', 'i', 'a', 'n', 'd', '.', 'f', 'r', '\0', + /* "guillaumecote.me", true */ 'g', 'u', 'i', 'l', 'l', 'a', 'u', 'm', 'e', 'c', 'o', 't', 'e', '.', 'm', 'e', '\0', + /* "guillaumeperrin.io", true */ 'g', 'u', 'i', 'l', 'l', 'a', 'u', 'm', 'e', 'p', 'e', 'r', 'r', 'i', 'n', '.', 'i', 'o', '\0', + /* "guillemaud.me", false */ 'g', 'u', 'i', 'l', 'l', 'e', 'm', 'a', 'u', 'd', '.', 'm', 'e', '\0', + /* "guiltypleasuresroleplaying.com", true */ 'g', 'u', 'i', 'l', 't', 'y', 'p', 'l', 'e', 'a', 's', 'u', 'r', 'e', 's', 'r', 'o', 'l', 'e', 'p', 'l', 'a', 'y', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "guim.co.uk", true */ 'g', 'u', 'i', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "guineapigmustach.es", true */ 'g', 'u', 'i', 'n', 'e', 'a', 'p', 'i', 'g', 'm', 'u', 's', 't', 'a', 'c', 'h', '.', 'e', 's', '\0', + /* "gulchuk.com", true */ 'g', 'u', 'l', 'c', 'h', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "gulenbase.no", true */ 'g', 'u', 'l', 'e', 'n', 'b', 'a', 's', 'e', '.', 'n', 'o', '\0', + /* "gulfstream.ru", true */ 'g', 'u', 'l', 'f', 's', 't', 'r', 'e', 'a', 'm', '.', 'r', 'u', '\0', + /* "gulleyperformancecenter.com", true */ 'g', 'u', 'l', 'l', 'e', 'y', 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'a', 'n', 'c', 'e', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "gulshankumar.net", true */ 'g', 'u', 'l', 's', 'h', 'a', 'n', 'k', 'u', 'm', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "gume4you.com", true */ 'g', 'u', 'm', 'e', '4', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "gumi.ca", true */ 'g', 'u', 'm', 'i', '.', 'c', 'a', '\0', + /* "gummibande.noip.me", true */ 'g', 'u', 'm', 'm', 'i', 'b', 'a', 'n', 'd', 'e', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0', + /* "gunhunter.com", true */ 'g', 'u', 'n', 'h', 'u', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "guniram.com", true */ 'g', 'u', 'n', 'i', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "gunwatch.co.uk", true */ 'g', 'u', 'n', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "guochang.xyz", true */ 'g', 'u', 'o', 'c', 'h', 'a', 'n', 'g', '.', 'x', 'y', 'z', '\0', + /* "guoke.com", true */ 'g', 'u', 'o', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "guozeyu.com", true */ 'g', 'u', 'o', 'z', 'e', 'y', 'u', '.', 'c', 'o', 'm', '\0', + /* "guphi.net", false */ 'g', 'u', 'p', 'h', 'i', '.', 'n', 'e', 't', '\0', + /* "gurkan.in", true */ 'g', 'u', 'r', 'k', 'a', 'n', '.', 'i', 'n', '\0', + /* "gurmel.ru", true */ 'g', 'u', 'r', 'm', 'e', 'l', '.', 'r', 'u', '\0', + /* "gurochan.ch", true */ 'g', 'u', 'r', 'o', 'c', 'h', 'a', 'n', '.', 'c', 'h', '\0', + /* "guru-naradi.cz", true */ 'g', 'u', 'r', 'u', '-', 'n', 'a', 'r', 'a', 'd', 'i', '.', 'c', 'z', '\0', + /* "gurueffect.com", true */ 'g', 'u', 'r', 'u', 'e', 'f', 'f', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "gus.host", true */ 'g', 'u', 's', '.', 'h', 'o', 's', 't', '\0', + /* "gustaff.de", true */ 'g', 'u', 's', 't', 'a', 'f', 'f', '.', 'd', 'e', '\0', + /* "gustiaux.com", true */ 'g', 'u', 's', 't', 'i', 'a', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "guthabenkarten-billiger.de", true */ 'g', 'u', 't', 'h', 'a', 'b', 'e', 'n', 'k', 'a', 'r', 't', 'e', 'n', '-', 'b', 'i', 'l', 'l', 'i', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "guts.me", true */ 'g', 'u', 't', 's', '.', 'm', 'e', '\0', + /* "gutscheingeiz.de", true */ 'g', 'u', 't', 's', 'c', 'h', 'e', 'i', 'n', 'g', 'e', 'i', 'z', '.', 'd', 'e', '\0', + /* "gutuia.blue", true */ 'g', 'u', 't', 'u', 'i', 'a', '.', 'b', 'l', 'u', 'e', '\0', + /* "guus-thijssen.nl", true */ 'g', 'u', 'u', 's', '-', 't', 'h', 'i', 'j', 's', 's', 'e', 'n', '.', 'n', 'l', '\0', + /* "guusvandewal.nl", true */ 'g', 'u', 'u', 's', 'v', 'a', 'n', 'd', 'e', 'w', 'a', 'l', '.', 'n', 'l', '\0', + /* "guvernalternativa.ro", true */ 'g', 'u', 'v', 'e', 'r', 'n', 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'a', '.', 'r', 'o', '\0', + /* "guyot-tech.com", true */ 'g', 'u', 'y', 'o', 't', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "gv-neumann.de", true */ 'g', 'v', '-', 'n', 'e', 'u', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "gvatas.in", true */ 'g', 'v', 'a', 't', 'a', 's', '.', 'i', 'n', '\0', + /* "gveh.de", true */ 'g', 'v', 'e', 'h', '.', 'd', 'e', '\0', + /* "gvi-timing.ch", true */ 'g', 'v', 'i', '-', 't', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "gviedu.com", true */ 'g', 'v', 'i', 'e', 'd', 'u', '.', 'c', 'o', 'm', '\0', + /* "gvitiming.ch", true */ 'g', 'v', 'i', 't', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "gvobgyn.ca", true */ 'g', 'v', 'o', 'b', 'g', 'y', 'n', '.', 'c', 'a', '\0', + /* "gvt2.com", true */ 'g', 'v', 't', '2', '.', 'c', 'o', 'm', '\0', + /* "gvt3.com", true */ 'g', 'v', 't', '3', '.', 'c', 'o', 'm', '\0', + /* "gw2treasures.com", true */ 'g', 'w', '2', 't', 'r', 'e', 'a', 's', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "gwa-verwaltung.de", true */ 'g', 'w', 'a', '-', 'v', 'e', 'r', 'w', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "gwerder.net", true */ 'g', 'w', 'e', 'r', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "gwhois.org", true */ 'g', 'w', 'h', 'o', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "gwrtech.com", true */ 'g', 'w', 'r', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "gwsec.co.uk", true */ 'g', 'w', 's', 'e', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "gxgx.org", true */ 'g', 'x', 'g', 'x', '.', 'o', 'r', 'g', '\0', + /* "gyas.nl", true */ 'g', 'y', 'a', 's', '.', 'n', 'l', '\0', + /* "gymagine.ch", true */ 'g', 'y', 'm', 'a', 'g', 'i', 'n', 'e', '.', 'c', 'h', '\0', + /* "gymhero.me", true */ 'g', 'y', 'm', 'h', 'e', 'r', 'o', '.', 'm', 'e', '\0', + /* "gymkirchenfeld.ch", true */ 'g', 'y', 'm', 'k', 'i', 'r', 'c', 'h', 'e', 'n', 'f', 'e', 'l', 'd', '.', 'c', 'h', '\0', + /* "gymnaserenens.ch", true */ 'g', 'y', 'm', 'n', 'a', 's', 'e', 'r', 'e', 'n', 'e', 'n', 's', '.', 'c', 'h', '\0', + /* "gymnasium-farmsen.de", true */ 'g', 'y', 'm', 'n', 'a', 's', 'i', 'u', 'm', '-', 'f', 'a', 'r', 'm', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "gympap.de", true */ 'g', 'y', 'm', 'p', 'a', 'p', '.', 'd', 'e', '\0', + /* "gynaecology.co", true */ 'g', 'y', 'n', 'a', 'e', 'c', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', '\0', + /* "gyoza.beer", false */ 'g', 'y', 'o', 'z', 'a', '.', 'b', 'e', 'e', 'r', '\0', + /* "gypsycatdreams.com", true */ 'g', 'y', 'p', 's', 'y', 'c', 'a', 't', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "gypsyreel.com", true */ 'g', 'y', 'p', 's', 'y', 'r', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "gyre.ch", true */ 'g', 'y', 'r', 'e', '.', 'c', 'h', '\0', + /* "gyrenens.ch", true */ 'g', 'y', 'r', 'e', 'n', 'e', 'n', 's', '.', 'c', 'h', '\0', + /* "gyu-raku.jp", true */ 'g', 'y', 'u', '-', 'r', 'a', 'k', 'u', '.', 'j', 'p', '\0', + /* "gz-architekten.de", true */ 'g', 'z', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'k', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "gz-benz.com", true */ 'g', 'z', '-', 'b', 'e', 'n', 'z', '.', 'c', 'o', 'm', '\0', + /* "gz-bmw.com", true */ 'g', 'z', '-', 'b', 'm', 'w', '.', 'c', 'o', 'm', '\0', + /* "gza.jp", true */ 'g', 'z', 'a', '.', 'j', 'p', '\0', + /* "gzitech.com", true */ 'g', 'z', 'i', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "gzitech.net", true */ 'g', 'z', 'i', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "gzom.ru", true */ 'g', 'z', 'o', 'm', '.', 'r', 'u', '\0', + /* "gzpblog.com", true */ 'g', 'z', 'p', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "h-jo.net", true */ 'h', '-', 'j', 'o', '.', 'n', 'e', 't', '\0', + /* "h-suppo.com", true */ 'h', '-', 's', 'u', 'p', 'p', 'o', '.', 'c', 'o', 'm', '\0', + /* "h001.ru", true */ 'h', '0', '0', '1', '.', 'r', 'u', '\0', + /* "h09.eu", true */ 'h', '0', '9', '.', 'e', 'u', '\0', + /* "h11.io", true */ 'h', '1', '1', '.', 'i', 'o', '\0', + /* "h11.moe", true */ 'h', '1', '1', '.', 'm', 'o', 'e', '\0', + /* "h24.org", true */ 'h', '2', '4', '.', 'o', 'r', 'g', '\0', + /* "h2s-design.de", true */ 'h', '2', 's', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0', + /* "h2u.tv", true */ 'h', '2', 'u', '.', 't', 'v', '\0', + /* "h3x.jp", true */ 'h', '3', 'x', '.', 'j', 'p', '\0', + /* "h3z.jp", true */ 'h', '3', 'z', '.', 'j', 'p', '\0', + /* "h404bi.com", false */ 'h', '4', '0', '4', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "ha3.eu", true */ 'h', 'a', '3', '.', 'e', 'u', '\0', + /* "ha6.ru", true */ 'h', 'a', '6', '.', 'r', 'u', '\0', + /* "haarlemsesaxofoonschool.nl", true */ 'h', 'a', 'a', 'r', 'l', 'e', 'm', 's', 'e', 's', 'a', 'x', 'o', 'f', 'o', 'o', 'n', 's', 'c', 'h', 'o', 'o', 'l', '.', 'n', 'l', '\0', + /* "haavard.me", true */ 'h', 'a', 'a', 'v', 'a', 'r', 'd', '.', 'm', 'e', '\0', + /* "haazen.xyz", true */ 'h', 'a', 'a', 'z', 'e', 'n', '.', 'x', 'y', 'z', '\0', + /* "habarisoft.com", true */ 'h', 'a', 'b', 'a', 'r', 'i', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "habbos.es", true */ 'h', 'a', 'b', 'b', 'o', 's', '.', 'e', 's', '\0', + /* "habtium.com", true */ 'h', 'a', 'b', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "habtium.es", true */ 'h', 'a', 'b', 't', 'i', 'u', 'm', '.', 'e', 's', '\0', + /* "haccp.roma.it", true */ 'h', 'a', 'c', 'c', 'p', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "hacettepeteknokent.com.tr", true */ 'h', 'a', 'c', 'e', 't', 't', 'e', 'p', 'e', 't', 'e', 'k', 'n', 'o', 'k', 'e', 'n', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "hachre.de", true */ 'h', 'a', 'c', 'h', 'r', 'e', '.', 'd', 'e', '\0', + /* "hack.club", true */ 'h', 'a', 'c', 'k', '.', 'c', 'l', 'u', 'b', '\0', + /* "hackademix.net", true */ 'h', 'a', 'c', 'k', 'a', 'd', 'e', 'm', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "hackanders.com", true */ 'h', 'a', 'c', 'k', 'a', 'n', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "hackbarth.guru", true */ 'h', 'a', 'c', 'k', 'b', 'a', 'r', 't', 'h', '.', 'g', 'u', 'r', 'u', '\0', + /* "hackbeil.name", true */ 'h', 'a', 'c', 'k', 'b', 'e', 'i', 'l', '.', 'n', 'a', 'm', 'e', '\0', + /* "hackbubble.me", true */ 'h', 'a', 'c', 'k', 'b', 'u', 'b', 'b', 'l', 'e', '.', 'm', 'e', '\0', + /* "hackcraft.net", true */ 'h', 'a', 'c', 'k', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "hackenkunjeleren.nl", true */ 'h', 'a', 'c', 'k', 'e', 'n', 'k', 'u', 'n', 'j', 'e', 'l', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0', + /* "hackenturet.dk", true */ 'h', 'a', 'c', 'k', 'e', 'n', 't', 'u', 'r', 'e', 't', '.', 'd', 'k', '\0', + /* "hacker.club", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'l', 'u', 'b', '\0', + /* "hacker.deals", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'd', 'e', 'a', 'l', 's', '\0', + /* "hacker.im", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'm', '\0', + /* "hacker.one", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'o', 'n', 'e', '\0', + /* "hacker.parts", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'p', 'a', 'r', 't', 's', '\0', + /* "hacker1.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', '1', '.', 'c', 'o', 'm', '\0', + /* "hacker101.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', '1', '0', '1', '.', 'c', 'o', 'm', '\0', + /* "hackerchai.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'c', 'h', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "hackerco.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "hackergateway.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "hackernet.se", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'n', 'e', 't', '.', 's', 'e', '\0', + /* "hackerone-ext-content.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '-', 'e', 'x', 't', '-', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "hackerone-user-content.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '-', 'u', 's', 'e', 'r', '-', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "hackerone.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "hackerone.net", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "hackerpoints.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'p', 'o', 'i', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "hackerstxt.org", true */ 'h', 'a', 'c', 'k', 'e', 'r', 's', 't', 'x', 't', '.', 'o', 'r', 'g', '\0', + /* "hackgins.com", true */ 'h', 'a', 'c', 'k', 'g', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "hackingand.coffee", true */ 'h', 'a', 'c', 'k', 'i', 'n', 'g', 'a', 'n', 'd', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "hackingdh.com", true */ 'h', 'a', 'c', 'k', 'i', 'n', 'g', 'd', 'h', '.', 'c', 'o', 'm', '\0', + /* "hackingsafe.com", true */ 'h', 'a', 'c', 'k', 'i', 'n', 'g', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "hackmd.io", true */ 'h', 'a', 'c', 'k', 'm', 'd', '.', 'i', 'o', '\0', + /* "hackmeplz.com", true */ 'h', 'a', 'c', 'k', 'm', 'e', 'p', 'l', 'z', '.', 'c', 'o', 'm', '\0', + /* "hacksoc.co.uk", true */ 'h', 'a', 'c', 'k', 's', 'o', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hackthissite.org", true */ 'h', 'a', 'c', 'k', 't', 'h', 'i', 's', 's', 'i', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "hacktivis.me", true */ 'h', 'a', 'c', 'k', 't', 'i', 'v', 'i', 's', '.', 'm', 'e', '\0', + /* "hackyourfaceoff.com", true */ 'h', 'a', 'c', 'k', 'y', 'o', 'u', 'r', 'f', 'a', 'c', 'e', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "hadaly.fr", true */ 'h', 'a', 'd', 'a', 'l', 'y', '.', 'f', 'r', '\0', + /* "hadleighswimmingclub.co.uk", true */ 'h', 'a', 'd', 'l', 'e', 'i', 'g', 'h', 's', 'w', 'i', 'm', 'm', 'i', 'n', 'g', 'c', 'l', 'u', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hadouk.in", true */ 'h', 'a', 'd', 'o', 'u', 'k', '.', 'i', 'n', '\0', + /* "hadrons.org", true */ 'h', 'a', 'd', 'r', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "haefligermedia.ch", true */ 'h', 'a', 'e', 'f', 'l', 'i', 'g', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'h', '\0', + /* "haehnlein.at", true */ 'h', 'a', 'e', 'h', 'n', 'l', 'e', 'i', 'n', '.', 'a', 't', '\0', + /* "haens.li", true */ 'h', 'a', 'e', 'n', 's', '.', 'l', 'i', '\0', + /* "haerwu.biz", true */ 'h', 'a', 'e', 'r', 'w', 'u', '.', 'b', 'i', 'z', '\0', + /* "hafniatimes.com", true */ 'h', 'a', 'f', 'n', 'i', 'a', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "haggeluring.su", true */ 'h', 'a', 'g', 'g', 'e', 'l', 'u', 'r', 'i', 'n', 'g', '.', 's', 'u', '\0', + /* "hagueaustralia.com.au", true */ 'h', 'a', 'g', 'u', 'e', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "haha-raku.com", true */ 'h', 'a', 'h', 'a', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "haiboxu.com", true */ 'h', 'a', 'i', 'b', 'o', 'x', 'u', '.', 'c', 'o', 'm', '\0', + /* "hail2u.net", true */ 'h', 'a', 'i', 'l', '2', 'u', '.', 'n', 'e', 't', '\0', + /* "hailer.com", true */ 'h', 'a', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "haircrazy.com", true */ 'h', 'a', 'i', 'r', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0', + /* "hairraisingphotobooths.co.uk", true */ 'h', 'a', 'i', 'r', 'r', 'a', 'i', 's', 'i', 'n', 'g', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hairtonic-lab.com", true */ 'h', 'a', 'i', 'r', 't', 'o', 'n', 'i', 'c', '-', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "hajnzic.at", true */ 'h', 'a', 'j', 'n', 'z', 'i', 'c', '.', 'a', 't', '\0', + /* "hak5.org", true */ 'h', 'a', 'k', '5', '.', 'o', 'r', 'g', '\0', + /* "hakase.kr", true */ 'h', 'a', 'k', 'a', 's', 'e', '.', 'k', 'r', '\0', + /* "hakatabijin-mind.com", true */ 'h', 'a', 'k', 'a', 't', 'a', 'b', 'i', 'j', 'i', 'n', '-', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "hake.me", true */ 'h', 'a', 'k', 'e', '.', 'm', 'e', '\0', + /* "haktec.de", true */ 'h', 'a', 'k', 't', 'e', 'c', '.', 'd', 'e', '\0', + /* "hakurei.moe", true */ 'h', 'a', 'k', 'u', 'r', 'e', 'i', '.', 'm', 'o', 'e', '\0', + /* "halacs.hu", true */ 'h', 'a', 'l', 'a', 'c', 's', '.', 'h', 'u', '\0', + /* "half-logic.eu.org", true */ 'h', 'a', 'l', 'f', '-', 'l', 'o', 'g', 'i', 'c', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "halfco.de", true */ 'h', 'a', 'l', 'f', 'c', 'o', '.', 'd', 'e', '\0', + /* "halfwaythere.eu", true */ 'h', 'a', 'l', 'f', 'w', 'a', 'y', 't', 'h', 'e', 'r', 'e', '.', 'e', 'u', '\0', + /* "halitopuroprodutos.com.br", true */ 'h', 'a', 'l', 'i', 't', 'o', 'p', 'u', 'r', 'o', 'p', 'r', 'o', 'd', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "halkirkbouncycastles.co.uk", true */ 'h', 'a', 'l', 'k', 'i', 'r', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hallelujahsoftware.com", true */ 'h', 'a', 'l', 'l', 'e', 'l', 'u', 'j', 'a', 'h', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "hallhuber.com", true */ 'h', 'a', 'l', 'l', 'h', 'u', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "halligladen.de", true */ 'h', 'a', 'l', 'l', 'i', 'g', 'l', 'a', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "hallmarkestates.ca", true */ 'h', 'a', 'l', 'l', 'm', 'a', 'r', 'k', 'e', 's', 't', 'a', 't', 'e', 's', '.', 'c', 'a', '\0', + /* "hallucinogen.com", true */ 'h', 'a', 'l', 'l', 'u', 'c', 'i', 'n', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "hallucinogens.org", true */ 'h', 'a', 'l', 'l', 'u', 'c', 'i', 'n', 'o', 'g', 'e', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "halo.fr", true */ 'h', 'a', 'l', 'o', '.', 'f', 'r', '\0', + /* "halongbaybackpackertour.com", true */ 'h', 'a', 'l', 'o', 'n', 'g', 'b', 'a', 'y', 'b', 'a', 'c', 'k', 'p', 'a', 'c', 'k', 'e', 'r', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "haloobaloo.com", true */ 'h', 'a', 'l', 'o', 'o', 'b', 'a', 'l', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "halta.info", true */ 'h', 'a', 'l', 't', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "hamacho-kyudo.com", true */ 'h', 'a', 'm', 'a', 'c', 'h', 'o', '-', 'k', 'y', 'u', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "hamali.bg", true */ 'h', 'a', 'm', 'a', 'l', 'i', '.', 'b', 'g', '\0', + /* "hamish.ca", true */ 'h', 'a', 'm', 'i', 's', 'h', '.', 'c', 'a', '\0', + /* "hamking.tk", true */ 'h', 'a', 'm', 'k', 'i', 'n', 'g', '.', 't', 'k', '\0', + /* "hammamsayad.com", true */ 'h', 'a', 'm', 'm', 'a', 'm', 's', 'a', 'y', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "hammer-corp.com", true */ 'h', 'a', 'm', 'm', 'e', 'r', '-', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "hammer-schnaps.com", true */ 'h', 'a', 'm', 'm', 'e', 'r', '-', 's', 'c', 'h', 'n', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "hammer-sms.com", true */ 'h', 'a', 'm', 'm', 'e', 'r', '-', 's', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "hampl.tv", true */ 'h', 'a', 'm', 'p', 'l', '.', 't', 'v', '\0', + /* "hampshiretechservices.co.uk", true */ 'h', 'a', 'm', 'p', 's', 'h', 'i', 'r', 'e', 't', 'e', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hamsters-uk.org", true */ 'h', 'a', 'm', 's', 't', 'e', 'r', 's', '-', 'u', 'k', '.', 'o', 'r', 'g', '\0', + /* "hana.ondemand.com", true */ 'h', 'a', 'n', 'a', '.', 'o', 'n', 'd', 'e', 'm', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "hanakaraku.com", true */ 'h', 'a', 'n', 'a', 'k', 'a', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "hanashi.eu", true */ 'h', 'a', 'n', 'a', 's', 'h', 'i', '.', 'e', 'u', '\0', + /* "hancatemc.com", true */ 'h', 'a', 'n', 'c', 'a', 't', 'e', 'm', 'c', '.', 'c', 'o', 'm', '\0', + /* "handbrake.fr", true */ 'h', 'a', 'n', 'd', 'b', 'r', 'a', 'k', 'e', '.', 'f', 'r', '\0', + /* "handcraft.eu.org", true */ 'h', 'a', 'n', 'd', 'c', 'r', 'a', 'f', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "handgelenkbandage-test.de", true */ 'h', 'a', 'n', 'd', 'g', 'e', 'l', 'e', 'n', 'k', 'b', 'a', 'n', 'd', 'a', 'g', 'e', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "handinhandfoundation.org.uk", true */ 'h', 'a', 'n', 'd', 'i', 'n', 'h', 'a', 'n', 'd', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "handlecoin.com", true */ 'h', 'a', 'n', 'd', 'l', 'e', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "handmade-workshop.de", true */ 'h', 'a', 'n', 'd', 'm', 'a', 'd', 'e', '-', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0', + /* "handmadegobelin.com", true */ 'h', 'a', 'n', 'd', 'm', 'a', 'd', 'e', 'g', 'o', 'b', 'e', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "handmadetutorials.ro", true */ 'h', 'a', 'n', 'd', 'm', 'a', 'd', 'e', 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', 's', '.', 'r', 'o', '\0', + /* "handycommerce.co", true */ 'h', 'a', 'n', 'd', 'y', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'c', 'o', '\0', + /* "handyglas.com", true */ 'h', 'a', 'n', 'd', 'y', 'g', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "handymanlondonplease.co.uk", true */ 'h', 'a', 'n', 'd', 'y', 'm', 'a', 'n', 'l', 'o', 'n', 'd', 'o', 'n', 'p', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "handynummer.online", true */ 'h', 'a', 'n', 'd', 'y', 'n', 'u', 'm', 'm', 'e', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "handysex.live", true */ 'h', 'a', 'n', 'd', 'y', 's', 'e', 'x', '.', 'l', 'i', 'v', 'e', '\0', + /* "handyticket.de", true */ 'h', 'a', 'n', 'd', 'y', 't', 'i', 'c', 'k', 'e', 't', '.', 'd', 'e', '\0', + /* "hanfox.co.uk", false */ 'h', 'a', 'n', 'f', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hangar.hosting", true */ 'h', 'a', 'n', 'g', 'a', 'r', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0', + /* "hangcapnach.com", true */ 'h', 'a', 'n', 'g', 'c', 'a', 'p', 'n', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "hangouts.google.com", true */ 'h', 'a', 'n', 'g', 'o', 'u', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "hangtenseo.com", true */ 'h', 'a', 'n', 'g', 't', 'e', 'n', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "hanksservice.com", true */ 'h', 'a', 'n', 'k', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "hannah.link", true */ 'h', 'a', 'n', 'n', 'a', 'h', '.', 'l', 'i', 'n', 'k', '\0', + /* "hannes-speelgoedencadeautjes.nl", true */ 'h', 'a', 'n', 'n', 'e', 's', '-', 's', 'p', 'e', 'e', 'l', 'g', 'o', 'e', 'd', 'e', 'n', 'c', 'a', 'd', 'e', 'a', 'u', 't', 'j', 'e', 's', '.', 'n', 'l', '\0', + /* "hanover.edu", false */ 'h', 'a', 'n', 'o', 'v', 'e', 'r', '.', 'e', 'd', 'u', '\0', + /* "hansen.hn", true */ 'h', 'a', 'n', 's', 'e', 'n', '.', 'h', 'n', '\0', + /* "hansmund.com", true */ 'h', 'a', 'n', 's', 'm', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "hansolrella.com", true */ 'h', 'a', 'n', 's', 'o', 'l', 'r', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "hansvaneijsden.com", true */ 'h', 'a', 'n', 's', 'v', 'a', 'n', 'e', 'i', 'j', 's', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "hansvaneijsden.nl", true */ 'h', 'a', 'n', 's', 'v', 'a', 'n', 'e', 'i', 'j', 's', 'd', 'e', 'n', '.', 'n', 'l', '\0', + /* "hantse.com", true */ 'h', 'a', 'n', 't', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "hanu.la", true */ 'h', 'a', 'n', 'u', '.', 'l', 'a', '\0', + /* "hanxv.pw", true */ 'h', 'a', 'n', 'x', 'v', '.', 'p', 'w', '\0', + /* "hanys.xyz", true */ 'h', 'a', 'n', 'y', 's', '.', 'x', 'y', 'z', '\0', + /* "hanzubon.jp", true */ 'h', 'a', 'n', 'z', 'u', 'b', 'o', 'n', '.', 'j', 'p', '\0', + /* "hao-zhang.com", true */ 'h', 'a', 'o', '-', 'z', 'h', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "haogoodair.ca", true */ 'h', 'a', 'o', 'g', 'o', 'o', 'd', 'a', 'i', 'r', '.', 'c', 'a', '\0', + /* "haozhang.org", true */ 'h', 'a', 'o', 'z', 'h', 'a', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "haozi.me", true */ 'h', 'a', 'o', 'z', 'i', '.', 'm', 'e', '\0', + /* "hapissl.com", true */ 'h', 'a', 'p', 'i', 's', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "hapivm.com", true */ 'h', 'a', 'p', 'i', 'v', 'm', '.', 'c', 'o', 'm', '\0', + /* "happyagain.de", true */ 'h', 'a', 'p', 'p', 'y', 'a', 'g', 'a', 'i', 'n', '.', 'd', 'e', '\0', + /* "happyagain.se", true */ 'h', 'a', 'p', 'p', 'y', 'a', 'g', 'a', 'i', 'n', '.', 's', 'e', '\0', + /* "happyandrelaxeddogs.eu", false */ 'h', 'a', 'p', 'p', 'y', 'a', 'n', 'd', 'r', 'e', 'l', 'a', 'x', 'e', 'd', 'd', 'o', 'g', 's', '.', 'e', 'u', '\0', + /* "happybounce.co.uk", true */ 'h', 'a', 'p', 'p', 'y', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "happycarb.de", true */ 'h', 'a', 'p', 'p', 'y', 'c', 'a', 'r', 'b', '.', 'd', 'e', '\0', + /* "happycoder.net", false */ 'h', 'a', 'p', 'p', 'y', 'c', 'o', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "happydoq.ch", true */ 'h', 'a', 'p', 'p', 'y', 'd', 'o', 'q', '.', 'c', 'h', '\0', + /* "happygadget.me", true */ 'h', 'a', 'p', 'p', 'y', 'g', 'a', 'd', 'g', 'e', 't', '.', 'm', 'e', '\0', + /* "happykidscastles.co.uk", true */ 'h', 'a', 'p', 'p', 'y', 'k', 'i', 'd', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "happylifestyle.com", true */ 'h', 'a', 'p', 'p', 'y', 'l', 'i', 'f', 'e', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "happyschnapper.com", true */ 'h', 'a', 'p', 'p', 'y', 's', 'c', 'h', 'n', 'a', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "happyteamlabs.com", true */ 'h', 'a', 'p', 'p', 'y', 't', 'e', 'a', 'm', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "happytiger.eu", true */ 'h', 'a', 'p', 'p', 'y', 't', 'i', 'g', 'e', 'r', '.', 'e', 'u', '\0', + /* "happyukgo.com", true */ 'h', 'a', 'p', 'p', 'y', 'u', 'k', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "hapsfordmill.co.uk", true */ 'h', 'a', 'p', 's', 'f', 'o', 'r', 'd', 'm', 'i', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hapvm.com", true */ 'h', 'a', 'p', 'v', 'm', '.', 'c', 'o', 'm', '\0', + /* "haqaza.com.br", true */ 'h', 'a', 'q', 'a', 'z', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "haraj.com.sa", true */ 'h', 'a', 'r', 'a', 'j', '.', 'c', 'o', 'm', '.', 's', 'a', '\0', + /* "harald-d.dyndns.org", true */ 'h', 'a', 'r', 'a', 'l', 'd', '-', 'd', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "harald-pfeiffer.de", true */ 'h', 'a', 'r', 'a', 'l', 'd', '-', 'p', 'f', 'e', 'i', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0', + /* "harapecorita.com", true */ 'h', 'a', 'r', 'a', 'p', 'e', 'c', 'o', 'r', 'i', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "harbor-light.net", true */ 'h', 'a', 'r', 'b', 'o', 'r', '-', 'l', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0', + /* "hardeman.nu", true */ 'h', 'a', 'r', 'd', 'e', 'm', 'a', 'n', '.', 'n', 'u', '\0', + /* "hardenize.com", true */ 'h', 'a', 'r', 'd', 'e', 'n', 'i', 'z', 'e', '.', 'c', 'o', 'm', '\0', + /* "hardergayporn.com", true */ 'h', 'a', 'r', 'd', 'e', 'r', 'g', 'a', 'y', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "hardertimes.com", true */ 'h', 'a', 'r', 'd', 'e', 'r', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "hardesec.com", true */ 'h', 'a', 'r', 'd', 'e', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "hardfalcon.net", true */ 'h', 'a', 'r', 'd', 'f', 'a', 'l', 'c', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "hardforum.com", true */ 'h', 'a', 'r', 'd', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "hardh.at", true */ 'h', 'a', 'r', 'd', 'h', '.', 'a', 't', '\0', + /* "hardrain980.com", true */ 'h', 'a', 'r', 'd', 'r', 'a', 'i', 'n', '9', '8', '0', '.', 'c', 'o', 'm', '\0', + /* "hardtfrieden.de", true */ 'h', 'a', 'r', 'd', 't', 'f', 'r', 'i', 'e', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "hardtime.ru", true */ 'h', 'a', 'r', 'd', 't', 'i', 'm', 'e', '.', 'r', 'u', '\0', + /* "hardyboyplant.com", true */ 'h', 'a', 'r', 'd', 'y', 'b', 'o', 'y', 'p', 'l', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "haribilalic.com", true */ 'h', 'a', 'r', 'i', 'b', 'i', 'l', 'a', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "harilova.fr", true */ 'h', 'a', 'r', 'i', 'l', 'o', 'v', 'a', '.', 'f', 'r', '\0', + /* "hariome.com", true */ 'h', 'a', 'r', 'i', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "haritsa.co.id", true */ 'h', 'a', 'r', 'i', 't', 's', 'a', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "harjitbhogal.com", true */ 'h', 'a', 'r', 'j', 'i', 't', 'b', 'h', 'o', 'g', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "harmfarm.nl", true */ 'h', 'a', 'r', 'm', 'f', 'a', 'r', 'm', '.', 'n', 'l', '\0', + /* "harmoney.co.nz", true */ 'h', 'a', 'r', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "harmoney.com", true */ 'h', 'a', 'r', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "harmoney.com.au", true */ 'h', 'a', 'r', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "haroldsharpe.com", true */ 'h', 'a', 'r', 'o', 'l', 'd', 's', 'h', 'a', 'r', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "harringtonca.com", true */ 'h', 'a', 'r', 'r', 'i', 'n', 'g', 't', 'o', 'n', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "harrisonsand.com", false */ 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 's', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "harrisonsdirect.co.uk", true */ 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "harrisonswebsites.com", true */ 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 's', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "harryharrison.co", true */ 'h', 'a', 'r', 'r', 'y', 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', '.', 'c', 'o', '\0', + /* "harrymclaren.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 'm', 'c', 'l', 'a', 'r', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "harryphoto.fr", true */ 'h', 'a', 'r', 'r', 'y', 'p', 'h', 'o', 't', 'o', '.', 'f', 'r', '\0', + /* "harrypottereditor.com", true */ 'h', 'a', 'r', 'r', 'y', 'p', 'o', 't', 't', 'e', 'r', 'e', 'd', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "harrysgardengamehire.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 's', 'g', 'a', 'r', 'd', 'e', 'n', 'g', 'a', 'm', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "harrysmallbones.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 's', 'm', 'a', 'l', 'l', 'b', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "harrysqnc.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 's', 'q', 'n', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "harschnitz.nl", true */ 'h', 'a', 'r', 's', 'c', 'h', 'n', 'i', 't', 'z', '.', 'n', 'l', '\0', + /* "hartie95.de", true */ 'h', 'a', 'r', 't', 'i', 'e', '9', '5', '.', 'd', 'e', '\0', + /* "hartlep.email", true */ 'h', 'a', 'r', 't', 'l', 'e', 'p', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "harukakikuchi.com", true */ 'h', 'a', 'r', 'u', 'k', 'a', 'k', 'i', 'k', 'u', 'c', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "haruue.moe", true */ 'h', 'a', 'r', 'u', 'u', 'e', '.', 'm', 'o', 'e', '\0', + /* "harvestapp.com", true */ 'h', 'a', 'r', 'v', 'e', 's', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "harvester.fr", true */ 'h', 'a', 'r', 'v', 'e', 's', 't', 'e', 'r', '.', 'f', 'r', '\0', + /* "harveyauzorst.com", true */ 'h', 'a', 'r', 'v', 'e', 'y', 'a', 'u', 'z', 'o', 'r', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "harveymilton.com", true */ 'h', 'a', 'r', 'v', 'e', 'y', 'm', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "haschrebellen.de", true */ 'h', 'a', 's', 'c', 'h', 'r', 'e', 'b', 'e', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0', + /* "hasdf.de", true */ 'h', 'a', 's', 'd', 'f', '.', 'd', 'e', '\0', + /* "haselsteiner.me", true */ 'h', 'a', 's', 'e', 'l', 's', 't', 'e', 'i', 'n', 'e', 'r', '.', 'm', 'e', '\0', + /* "hash-archive.org", true */ 'h', 'a', 's', 'h', '-', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "hash.works", true */ 'h', 'a', 's', 'h', '.', 'w', 'o', 'r', 'k', 's', '\0', + /* "hashcat.net", true */ 'h', 'a', 's', 'h', 'c', 'a', 't', '.', 'n', 'e', 't', '\0', + /* "hashes.org", true */ 'h', 'a', 's', 'h', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "hashi.dk", true */ 'h', 'a', 's', 'h', 'i', '.', 'd', 'k', '\0', + /* "hashiconf.com", true */ 'h', 'a', 's', 'h', 'i', 'c', 'o', 'n', 'f', '.', 'c', 'o', 'm', '\0', + /* "hashiconf.eu", true */ 'h', 'a', 's', 'h', 'i', 'c', 'o', 'n', 'f', '.', 'e', 'u', '\0', + /* "hashicorp.com", true */ 'h', 'a', 's', 'h', 'i', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "hashimah.ca", true */ 'h', 'a', 's', 'h', 'i', 'm', 'a', 'h', '.', 'c', 'a', '\0', + /* "hashinteractive.com", true */ 'h', 'a', 's', 'h', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "hashish.net", true */ 'h', 'a', 's', 'h', 'i', 's', 'h', '.', 'n', 'e', 't', '\0', + /* "hashiura.jp", true */ 'h', 'a', 's', 'h', 'i', 'u', 'r', 'a', '.', 'j', 'p', '\0', + /* "hashru.nl", true */ 'h', 'a', 's', 'h', 'r', 'u', '.', 'n', 'l', '\0', + /* "hashworks.net", true */ 'h', 'a', 's', 'h', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "haskovec.com", true */ 'h', 'a', 's', 'k', 'o', 'v', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "hasselbach-dellwig.de", true */ 'h', 'a', 's', 's', 'e', 'l', 'b', 'a', 'c', 'h', '-', 'd', 'e', 'l', 'l', 'w', 'i', 'g', '.', 'd', 'e', '\0', + /* "hatarisecurity.co.ke", true */ 'h', 'a', 't', 'a', 'r', 'i', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'k', 'e', '\0', + /* "hatcherlawgroupnm.com", true */ 'h', 'a', 't', 'c', 'h', 'e', 'r', 'l', 'a', 'w', 'g', 'r', 'o', 'u', 'p', 'n', 'm', '.', 'c', 'o', 'm', '\0', + /* "hatethe.uk", true */ 'h', 'a', 't', 'e', 't', 'h', 'e', '.', 'u', 'k', '\0', + /* "hatisenang.com", false */ 'h', 'a', 't', 'i', 's', 'e', 'n', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "hatul.info", true */ 'h', 'a', 't', 'u', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "haucke.xyz", true */ 'h', 'a', 'u', 'c', 'k', 'e', '.', 'x', 'y', 'z', '\0', + /* "hauntedfishtank.com", false */ 'h', 'a', 'u', 'n', 't', 'e', 'd', 'f', 'i', 's', 'h', 't', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "hauntedhouserecords.co.uk", true */ 'h', 'a', 'u', 'n', 't', 'e', 'd', 'h', 'o', 'u', 's', 'e', 'r', 'e', 'c', 'o', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "haus-garten-test.de", true */ 'h', 'a', 'u', 's', '-', 'g', 'a', 'r', 't', 'e', 'n', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "haus-henne.de", true */ 'h', 'a', 'u', 's', '-', 'h', 'e', 'n', 'n', 'e', '.', 'd', 'e', '\0', + /* "haushenne.de", true */ 'h', 'a', 'u', 's', 'h', 'e', 'n', 'n', 'e', '.', 'd', 'e', '\0', + /* "hausundhof.com", true */ 'h', 'a', 'u', 's', 'u', 'n', 'd', 'h', 'o', 'f', '.', 'c', 'o', 'm', '\0', + /* "hausverbrauch.de", true */ 'h', 'a', 'u', 's', 'v', 'e', 'r', 'b', 'r', 'a', 'u', 'c', 'h', '.', 'd', 'e', '\0', + /* "hautarztzentrum.ch", true */ 'h', 'a', 'u', 't', 'a', 'r', 'z', 't', 'z', 'e', 'n', 't', 'r', 'u', 'm', '.', 'c', 'h', '\0', + /* "hauteslatitudes.com", true */ 'h', 'a', 'u', 't', 'e', 's', 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "havasuhomepage.com", true */ 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'm', 'e', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "havasuinsurance.com", true */ 'h', 'a', 'v', 'a', 's', 'u', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "havasutacohacienda.com", true */ 'h', 'a', 'v', 'a', 's', 'u', 't', 'a', 'c', 'o', 'h', 'a', 'c', 'i', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "haveabounce.co.uk", true */ 'h', 'a', 'v', 'e', 'a', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "haveforeningen-enghaven.dk", true */ 'h', 'a', 'v', 'e', 'f', 'o', 'r', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '-', 'e', 'n', 'g', 'h', 'a', 'v', 'e', 'n', '.', 'd', 'k', '\0', + /* "havefunbiking.com", true */ 'h', 'a', 'v', 'e', 'f', 'u', 'n', 'b', 'i', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "haveibeenpwned.com", true */ 'h', 'a', 'v', 'e', 'i', 'b', 'e', 'e', 'n', 'p', 'w', 'n', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "havellab.de", true */ 'h', 'a', 'v', 'e', 'l', 'l', 'a', 'b', '.', 'd', 'e', '\0', + /* "havelland-obstler.de", true */ 'h', 'a', 'v', 'e', 'l', 'l', 'a', 'n', 'd', '-', 'o', 'b', 's', 't', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "haven-moon.com", true */ 'h', 'a', 'v', 'e', 'n', '-', 'm', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "haven-staging.cloud", true */ 'h', 'a', 'v', 'e', 'n', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "haven.cloud", true */ 'h', 'a', 'v', 'e', 'n', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "hawaya.com", true */ 'h', 'a', 'w', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "hawk-la.com", true */ 'h', 'a', 'w', 'k', '-', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "hawkeyeinsight.com", true */ 'h', 'a', 'w', 'k', 'e', 'y', 'e', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "hawkinsonkiaparts.com", true */ 'h', 'a', 'w', 'k', 'i', 'n', 's', 'o', 'n', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "hawkofgeorgia.com", true */ 'h', 'a', 'w', 'k', 'o', 'f', 'g', 'e', 'o', 'r', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "hawksguild.com", true */ 'h', 'a', 'w', 'k', 's', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "haxdroid.com", true */ 'h', 'a', 'x', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "haxo.nl", false */ 'h', 'a', 'x', 'o', '.', 'n', 'l', '\0', + /* "hayai.space", true */ 'h', 'a', 'y', 'a', 'i', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "hayashi-rin.net", true */ 'h', 'a', 'y', 'a', 's', 'h', 'i', '-', 'r', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "hayden.one", true */ 'h', 'a', 'y', 'd', 'e', 'n', '.', 'o', 'n', 'e', '\0', + /* "haydenjames.io", true */ 'h', 'a', 'y', 'd', 'e', 'n', 'j', 'a', 'm', 'e', 's', '.', 'i', 'o', '\0', + /* "hayfordoleary.com", true */ 'h', 'a', 'y', 'f', 'o', 'r', 'd', 'o', 'l', 'e', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "haynes-davis.com", true */ 'h', 'a', 'y', 'n', 'e', 's', '-', 'd', 'a', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "haz.cat", true */ 'h', 'a', 'z', '.', 'c', 'a', 't', '\0', + /* "haze.productions", true */ 'h', 'a', 'z', 'e', '.', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '\0', + /* "hazeover.com", true */ 'h', 'a', 'z', 'e', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "hb8522.com", true */ 'h', 'b', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "hbdesign.work", true */ 'h', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'w', 'o', 'r', 'k', '\0', + /* "hbkonsult.com", true */ 'h', 'b', 'k', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "hboeck.de", true */ 'h', 'b', 'o', 'e', 'c', 'k', '.', 'd', 'e', '\0', + /* "hbpowell.com", true */ 'h', 'b', 'p', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "hcbj.io", true */ 'h', 'c', 'b', 'j', '.', 'i', 'o', '\0', + /* "hcfhomelottery.ca", true */ 'h', 'c', 'f', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'a', '\0', + /* "hcoe.fi", true */ 'h', 'c', 'o', 'e', '.', 'f', 'i', '\0', + /* "hd-gaming.com", true */ 'h', 'd', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "hd-offensive.at", false */ 'h', 'd', '-', 'o', 'f', 'f', 'e', 'n', 's', 'i', 'v', 'e', '.', 'a', 't', '\0', + /* "hd-only.org", true */ 'h', 'd', '-', 'o', 'n', 'l', 'y', '.', 'o', 'r', 'g', '\0', + /* "hd-outillage.com", true */ 'h', 'd', '-', 'o', 'u', 't', 'i', 'l', 'l', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "hd1tj.org", true */ 'h', 'd', '1', 't', 'j', '.', 'o', 'r', 'g', '\0', + /* "hda.me", true */ 'h', 'd', 'a', '.', 'm', 'e', '\0', + /* "hdc.cz", true */ 'h', 'd', 'c', '.', 'c', 'z', '\0', + /* "hdcenter.cc", true */ 'h', 'd', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'c', '\0', + /* "hdeaves.uk", true */ 'h', 'd', 'e', 'a', 'v', 'e', 's', '.', 'u', 'k', '\0', + /* "hdf.world", true */ 'h', 'd', 'f', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "hdfgroup.org", true */ 'h', 'd', 'f', 'g', 'r', 'o', 'u', 'p', '.', 'o', 'r', 'g', '\0', + /* "hdguru.com", true */ 'h', 'd', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0', + /* "hdhoang.space", true */ 'h', 'd', 'h', 'o', 'a', 'n', 'g', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "hdrsource.com", true */ 'h', 'd', 'r', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "hdrtranscon.com", true */ 'h', 'd', 'r', 't', 'r', 'a', 'n', 's', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "hds-lan.de", true */ 'h', 'd', 's', '-', 'l', 'a', 'n', '.', 'd', 'e', '\0', + /* "hdy.nz", true */ 'h', 'd', 'y', '.', 'n', 'z', '\0', + /* "head.org", true */ 'h', 'e', 'a', 'd', '.', 'o', 'r', 'g', '\0', + /* "head.ru", true */ 'h', 'e', 'a', 'd', '.', 'r', 'u', '\0', + /* "headjapan.com", true */ 'h', 'e', 'a', 'd', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "headlinepublishing.be", true */ 'h', 'e', 'a', 'd', 'l', 'i', 'n', 'e', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'i', 'n', 'g', '.', 'b', 'e', '\0', + /* "headshotharp.de", true */ 'h', 'e', 'a', 'd', 's', 'h', 'o', 't', 'h', 'a', 'r', 'p', '.', 'd', 'e', '\0', + /* "health-match.com.au", true */ 'h', 'e', 'a', 'l', 't', 'h', '-', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "health-plan-news.com", true */ 'h', 'e', 'a', 'l', 't', 'h', '-', 'p', 'l', 'a', 'n', '-', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "health.graphics", true */ 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '\0', + /* "healthcare.gov", false */ 'h', 'e', 'a', 'l', 't', 'h', 'c', 'a', 'r', 'e', '.', 'g', 'o', 'v', '\0', + /* "healtheals.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "healtheffectsofasbestos.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'e', 'f', 'f', 'e', 'c', 't', 's', 'o', 'f', 'a', 's', 'b', 'e', 's', 't', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "healthery.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "healthfoam.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'f', 'o', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "healthiercompany.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'i', 'e', 'r', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "healthlabs.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "healthmatchapp.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'm', 'a', 't', 'c', 'h', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "healththoroughfare.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 't', 'h', 'o', 'r', 'o', 'u', 'g', 'h', 'f', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "healthy-map.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'y', '-', 'm', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "healthyfitfood.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'y', 'f', 'i', 't', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "heap.zone", true */ 'h', 'e', 'a', 'p', '.', 'z', 'o', 'n', 'e', '\0', + /* "hearmeraw.uk", true */ 'h', 'e', 'a', 'r', 'm', 'e', 'r', 'a', 'w', '.', 'u', 'k', '\0', + /* "heart.taxi", true */ 'h', 'e', 'a', 'r', 't', '.', 't', 'a', 'x', 'i', '\0', + /* "heartbeat24.de", true */ 'h', 'e', 'a', 'r', 't', 'b', 'e', 'a', 't', '2', '4', '.', 'd', 'e', '\0', + /* "heartgames.pl", true */ 'h', 'e', 'a', 'r', 't', 'g', 'a', 'm', 'e', 's', '.', 'p', 'l', '\0', + /* "heartmdinstitute.com", true */ 'h', 'e', 'a', 'r', 't', 'm', 'd', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "heartsucker.com", true */ 'h', 'e', 'a', 'r', 't', 's', 'u', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "hearttruth.gov", true */ 'h', 'e', 'a', 'r', 't', 't', 'r', 'u', 't', 'h', '.', 'g', 'o', 'v', '\0', + /* "heartview.com.br", true */ 'h', 'e', 'a', 'r', 't', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "heartwoodart.com", true */ 'h', 'e', 'a', 'r', 't', 'w', 'o', 'o', 'd', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "hearty.blog", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'b', 'l', 'o', 'g', '\0', + /* "hearty.cf", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'c', 'f', '\0', + /* "hearty.ga", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'g', 'a', '\0', + /* "hearty.me", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'm', 'e', '\0', + /* "hearty.taipei", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 't', 'a', 'i', 'p', 'e', 'i', '\0', + /* "hearty.tech", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 't', 'e', 'c', 'h', '\0', + /* "hearty.us", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'u', 's', '\0', + /* "heartyapp.com", true */ 'h', 'e', 'a', 'r', 't', 'y', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "heartycraft.com", true */ 'h', 'e', 'a', 'r', 't', 'y', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "heavenlyseals.com", true */ 'h', 'e', 'a', 'v', 'e', 'n', 'l', 'y', 's', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "heavensattic.co.uk", true */ 'h', 'e', 'a', 'v', 'e', 'n', 's', 'a', 't', 't', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "heavensinferno.net", true */ 'h', 'e', 'a', 'v', 'e', 'n', 's', 'i', 'n', 'f', 'e', 'r', 'n', 'o', '.', 'n', 'e', 't', '\0', + /* "heavyequipments.org", true */ 'h', 'e', 'a', 'v', 'y', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "hebergeurssd.com", true */ 'h', 'e', 'b', 'e', 'r', 'g', 'e', 'u', 'r', 's', 's', 'd', '.', 'c', 'o', 'm', '\0', + /* "hebikhiv.nl", true */ 'h', 'e', 'b', 'i', 'k', 'h', 'i', 'v', '.', 'n', 'l', '\0', + /* "hebriff.com", true */ 'h', 'e', 'b', 'r', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "hec-espace-entreprise.ch", true */ 'h', 'e', 'c', '-', 'e', 's', 'p', 'a', 'c', 'e', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '.', 'c', 'h', '\0', + /* "hec.global", true */ 'h', 'e', 'c', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0', + /* "hechamano.es", true */ 'h', 'e', 'c', 'h', 'a', 'm', 'a', 'n', 'o', '.', 'e', 's', '\0', + /* "heckelektro.de", true */ 'h', 'e', 'c', 'k', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0', + /* "heckerundknopp.de", true */ 'h', 'e', 'c', 'k', 'e', 'r', 'u', 'n', 'd', 'k', 'n', 'o', 'p', 'p', '.', 'd', 'e', '\0', + /* "heckticmedia.com", true */ 'h', 'e', 'c', 'k', 't', 'i', 'c', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "hectorj.net", true */ 'h', 'e', 'c', 't', 'o', 'r', 'j', '.', 'n', 'e', 't', '\0', + /* "hedgeschool.ie", true */ 'h', 'e', 'd', 'g', 'e', 's', 'c', 'h', 'o', 'o', 'l', '.', 'i', 'e', '\0', + /* "hedonism.org", true */ 'h', 'e', 'd', 'o', 'n', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0', + /* "hedonistic-imperative.com", true */ 'h', 'e', 'd', 'o', 'n', 'i', 's', 't', 'i', 'c', '-', 'i', 'm', 'p', 'e', 'r', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "hedonistic.org", true */ 'h', 'e', 'd', 'o', 'n', 'i', 's', 't', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "hedonium.com", true */ 'h', 'e', 'd', 'o', 'n', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "hedweb.co.uk", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hedweb.com", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "hedweb.net", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0', + /* "hedweb.org", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0', + /* "heeler.blue", true */ 'h', 'e', 'e', 'l', 'e', 'r', '.', 'b', 'l', 'u', 'e', '\0', + /* "heeler.red", true */ 'h', 'e', 'e', 'l', 'e', 'r', '.', 'r', 'e', 'd', '\0', + /* "heello.es", true */ 'h', 'e', 'e', 'l', 'l', 'o', '.', 'e', 's', '\0', + /* "hefengautoparts.com", true */ 'h', 'e', 'f', 'e', 'n', 'g', 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "heftkaufen.de", true */ 'h', 'e', 'f', 't', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0', + /* "hegen.com.pl", true */ 'h', 'e', 'g', 'e', 'n', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0', + /* "hegen.cz", true */ 'h', 'e', 'g', 'e', 'n', '.', 'c', 'z', '\0', + /* "hegen.sk", true */ 'h', 'e', 'g', 'e', 'n', '.', 's', 'k', '\0', + /* "hegenshop.de", true */ 'h', 'e', 'g', 'e', 'n', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0', + /* "heh.ee", true */ 'h', 'e', 'h', '.', 'e', 'e', '\0', + /* "heha.co", false */ 'h', 'e', 'h', 'a', '.', 'c', 'o', '\0', + /* "heiaheia.com", true */ 'h', 'e', 'i', 'a', 'h', 'e', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "heid.ws", true */ 'h', 'e', 'i', 'd', '.', 'w', 's', '\0', + /* "heidisheroes.org", true */ 'h', 'e', 'i', 'd', 'i', 's', 'h', 'e', 'r', 'o', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "heikorichter.name", true */ 'h', 'e', 'i', 'k', 'o', 'r', 'i', 'c', 'h', 't', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0', + /* "heiland.io", true */ 'h', 'e', 'i', 'l', 'a', 'n', 'd', '.', 'i', 'o', '\0', + /* "heiliger-gral.info", true */ 'h', 'e', 'i', 'l', 'i', 'g', 'e', 'r', '-', 'g', 'r', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "heilpraxis-bgl.de", true */ 'h', 'e', 'i', 'l', 'p', 'r', 'a', 'x', 'i', 's', '-', 'b', 'g', 'l', '.', 'd', 'e', '\0', + /* "heimatverein-eitensheim.de", true */ 'h', 'e', 'i', 'm', 'a', 't', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'e', 'i', 't', 'e', 'n', 's', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0', + /* "heimonen.eu", true */ 'h', 'e', 'i', 'm', 'o', 'n', 'e', 'n', '.', 'e', 'u', '\0', + /* "heimprofis.de", true */ 'h', 'e', 'i', 'm', 'p', 'r', 'o', 'f', 'i', 's', '.', 'd', 'e', '\0', + /* "heinpost.nl", false */ 'h', 'e', 'i', 'n', 'p', 'o', 's', 't', '.', 'n', 'l', '\0', + /* "heinzelmann.co", true */ 'h', 'e', 'i', 'n', 'z', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'c', 'o', '\0', + /* "heissluft-fritteuse.com", true */ 'h', 'e', 'i', 's', 's', 'l', 'u', 'f', 't', '-', 'f', 'r', 'i', 't', 't', 'e', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "heitland-it.de", true */ 'h', 'e', 'i', 't', 'l', 'a', 'n', 'd', '-', 'i', 't', '.', 'd', 'e', '\0', + /* "hekeki.com", true */ 'h', 'e', 'k', 'e', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "helber-it-services.de", true */ 'h', 'e', 'l', 'b', 'e', 'r', '-', 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'd', 'e', '\0', + /* "helden-spielen.de", true */ 'h', 'e', 'l', 'd', 'e', 'n', '-', 's', 'p', 'i', 'e', 'l', 'e', 'n', '.', 'd', 'e', '\0', + /* "heldenhalde.de", true */ 'h', 'e', 'l', 'd', 'e', 'n', 'h', 'a', 'l', 'd', 'e', '.', 'd', 'e', '\0', + /* "heldundsexgott.de", true */ 'h', 'e', 'l', 'd', 'u', 'n', 'd', 's', 'e', 'x', 'g', 'o', 't', 't', '.', 'd', 'e', '\0', + /* "hele.cz", true */ 'h', 'e', 'l', 'e', '.', 'c', 'z', '\0', + /* "helenaknowledge.com", true */ 'h', 'e', 'l', 'e', 'n', 'a', 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "helenelefauconnier.com", true */ 'h', 'e', 'l', 'e', 'n', 'e', 'l', 'e', 'f', 'a', 'u', 'c', 'o', 'n', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "helenkellersimulator.org", true */ 'h', 'e', 'l', 'e', 'n', 'k', 'e', 'l', 'l', 'e', 'r', 's', 'i', 'm', 'u', 'l', 'a', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0', + /* "helichat.de", true */ 'h', 'e', 'l', 'i', 'c', 'h', 'a', 't', '.', 'd', 'e', '\0', + /* "helikon.ro", true */ 'h', 'e', 'l', 'i', 'k', 'o', 'n', '.', 'r', 'o', '\0', + /* "helioanodyne.eu", true */ 'h', 'e', 'l', 'i', 'o', 'a', 'n', 'o', 'd', 'y', 'n', 'e', '.', 'e', 'u', '\0', + /* "helios4.com", true */ 'h', 'e', 'l', 'i', 'o', 's', '4', '.', 'c', 'o', 'm', '\0', + /* "heliosnet.com", true */ 'h', 'e', 'l', 'i', 'o', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "heliosvoting.org", true */ 'h', 'e', 'l', 'i', 'o', 's', 'v', 'o', 't', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "helix.am", true */ 'h', 'e', 'l', 'i', 'x', '.', 'a', 'm', '\0', + /* "helixflight.com", true */ 'h', 'e', 'l', 'i', 'x', 'f', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "hell.sh", true */ 'h', 'e', 'l', 'l', '.', 's', 'h', '\0', + /* "hellenicaward.com", true */ 'h', 'e', 'l', 'l', 'e', 'n', 'i', 'c', 'a', 'w', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "hellersgas.com", true */ 'h', 'e', 'l', 'l', 'e', 'r', 's', 'g', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "helles-koepfchen.de", true */ 'h', 'e', 'l', 'l', 'e', 's', '-', 'k', 'o', 'e', 'p', 'f', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "hello-nestor.com", true */ 'h', 'e', 'l', 'l', 'o', '-', 'n', 'e', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "helloacm.com", true */ 'h', 'e', 'l', 'l', 'o', 'a', 'c', 'm', '.', 'c', 'o', 'm', '\0', + /* "helloanselm.com", true */ 'h', 'e', 'l', 'l', 'o', 'a', 'n', 's', 'e', 'l', 'm', '.', 'c', 'o', 'm', '\0', + /* "hellomouse.cf", true */ 'h', 'e', 'l', 'l', 'o', 'm', 'o', 'u', 's', 'e', '.', 'c', 'f', '\0', + /* "hellotandem.com", true */ 'h', 'e', 'l', 'l', 'o', 't', 'a', 'n', 'd', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "hellothought.net", true */ 'h', 'e', 'l', 'l', 'o', 't', 'h', 'o', 'u', 'g', 'h', 't', '.', 'n', 'e', 't', '\0', + /* "help.simpletax.ca", true */ 'h', 'e', 'l', 'p', '.', 's', 'i', 'm', 'p', 'l', 'e', 't', 'a', 'x', '.', 'c', 'a', '\0', + /* "helpconnect.com.au", true */ 'h', 'e', 'l', 'p', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "helpdebit.com", true */ 'h', 'e', 'l', 'p', 'd', 'e', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "helpfacile.com", true */ 'h', 'e', 'l', 'p', 'f', 'a', 'c', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "helpfixe.com", true */ 'h', 'e', 'l', 'p', 'f', 'i', 'x', 'e', '.', 'c', 'o', 'm', '\0', + /* "helpflux.com", true */ 'h', 'e', 'l', 'p', 'f', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "helpgerer.com", true */ 'h', 'e', 'l', 'p', 'g', 'e', 'r', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "helpgoabroad.com", true */ 'h', 'e', 'l', 'p', 'g', 'o', 'a', 'b', 'r', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "helpmij.cf", true */ 'h', 'e', 'l', 'p', 'm', 'i', 'j', '.', 'c', 'f', '\0', + /* "helppresta.com", true */ 'h', 'e', 'l', 'p', 'p', 'r', 'e', 's', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "helpstarloja.com.br", true */ 'h', 'e', 'l', 'p', 's', 't', 'a', 'r', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "helsinki.dating", true */ 'h', 'e', 'l', 's', 'i', 'n', 'k', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "helup.com", true */ 'h', 'e', 'l', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "helvella.de", true */ 'h', 'e', 'l', 'v', 'e', 'l', 'l', 'a', '.', 'd', 'e', '\0', + /* "hematoonkologia.pl", true */ 'h', 'e', 'm', 'a', 't', 'o', 'o', 'n', 'k', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'p', 'l', '\0', + /* "hemdal.se", true */ 'h', 'e', 'm', 'd', 'a', 'l', '.', 's', 'e', '\0', + /* "hemnet.se", true */ 'h', 'e', 'm', 'n', 'e', 't', '.', 's', 'e', '\0', + /* "hen.ne.ke", true */ 'h', 'e', 'n', '.', 'n', 'e', '.', 'k', 'e', '\0', + /* "hendric.us", true */ 'h', 'e', 'n', 'd', 'r', 'i', 'c', '.', 'u', 's', '\0', + /* "hendrinortier.nl", true */ 'h', 'e', 'n', 'd', 'r', 'i', 'n', 'o', 'r', 't', 'i', 'e', 'r', '.', 'n', 'l', '\0', + /* "hendyisaac.com", true */ 'h', 'e', 'n', 'd', 'y', 'i', 's', 'a', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "hengelsportdeal.com", true */ 'h', 'e', 'n', 'g', 'e', 'l', 's', 'p', 'o', 'r', 't', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "hengstumone.com", true */ 'h', 'e', 'n', 'g', 's', 't', 'u', 'm', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "henhenlu.com", true */ 'h', 'e', 'n', 'h', 'e', 'n', 'l', 'u', '.', 'c', 'o', 'm', '\0', + /* "henkbrink.com", true */ 'h', 'e', 'n', 'k', 'b', 'r', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "henker.net", true */ 'h', 'e', 'n', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "henkverlinde.com", false */ 'h', 'e', 'n', 'k', 'v', 'e', 'r', 'l', 'i', 'n', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "henleybouncycastles.co.uk", true */ 'h', 'e', 'n', 'l', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hennadesigns.org", true */ 'h', 'e', 'n', 'n', 'a', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "hennecke-forstbetrieb.de", true */ 'h', 'e', 'n', 'n', 'e', 'c', 'k', 'e', '-', 'f', 'o', 'r', 's', 't', 'b', 'e', 't', 'r', 'i', 'e', 'b', '.', 'd', 'e', '\0', + /* "henneke.me", true */ 'h', 'e', 'n', 'n', 'e', 'k', 'e', '.', 'm', 'e', '\0', + /* "hennymerkel.com", true */ 'h', 'e', 'n', 'n', 'y', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "henok.eu", true */ 'h', 'e', 'n', 'o', 'k', '.', 'e', 'u', '\0', + /* "henriksen.is", true */ 'h', 'e', 'n', 'r', 'i', 'k', 's', 'e', 'n', '.', 'i', 's', '\0', + /* "henrikwelk.de", true */ 'h', 'e', 'n', 'r', 'i', 'k', 'w', 'e', 'l', 'k', '.', 'd', 'e', '\0', + /* "henrock.net", true */ 'h', 'e', 'n', 'r', 'o', 'c', 'k', '.', 'n', 'e', 't', '\0', + /* "henry.gg", true */ 'h', 'e', 'n', 'r', 'y', '.', 'g', 'g', '\0', + /* "henryphan.com", false */ 'h', 'e', 'n', 'r', 'y', 'p', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "hentschke-bau.de", true */ 'h', 'e', 'n', 't', 's', 'c', 'h', 'k', 'e', '-', 'b', 'a', 'u', '.', 'd', 'e', '\0', + /* "hentschke-betonfertigteilwerk.de", true */ 'h', 'e', 'n', 't', 's', 'c', 'h', 'k', 'e', '-', 'b', 'e', 't', 'o', 'n', 'f', 'e', 'r', 't', 'i', 'g', 't', 'e', 'i', 'l', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0', + /* "hentschke-invest.de", true */ 'h', 'e', 'n', 't', 's', 'c', 'h', 'k', 'e', '-', 'i', 'n', 'v', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "heppler.net", true */ 'h', 'e', 'p', 'p', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "heptafrogs.de", true */ 'h', 'e', 'p', 't', 'a', 'f', 'r', 'o', 'g', 's', '.', 'd', 'e', '\0', + /* "hepteract.us", true */ 'h', 'e', 'p', 't', 'e', 'r', 'a', 'c', 't', '.', 'u', 's', '\0', + /* "heptner24.de", true */ 'h', 'e', 'p', 't', 'n', 'e', 'r', '2', '4', '.', 'd', 'e', '\0', + /* "her25.com", true */ 'h', 'e', 'r', '2', '5', '.', 'c', 'o', 'm', '\0', + /* "herbal-id.com", true */ 'h', 'e', 'r', 'b', 'a', 'l', '-', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "herberichfamily.com", true */ 'h', 'e', 'r', 'b', 'e', 'r', 'i', 'c', 'h', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "herbert.io", true */ 'h', 'e', 'r', 'b', 'e', 'r', 't', '.', 'i', 'o', '\0', + /* "herbweb.net", true */ 'h', 'e', 'r', 'b', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0', + /* "herbweb.org", true */ 'h', 'e', 'r', 'b', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0', + /* "herculex.fi", true */ 'h', 'e', 'r', 'c', 'u', 'l', 'e', 'x', '.', 'f', 'i', '\0', + /* "herds.eu", true */ 'h', 'e', 'r', 'd', 's', '.', 'e', 'u', '\0', + /* "herdserv.de", true */ 'h', 'e', 'r', 'd', 's', 'e', 'r', 'v', '.', 'd', 'e', '\0', + /* "herebedragons.io", true */ 'h', 'e', 'r', 'e', 'b', 'e', 'd', 'r', 'a', 'g', 'o', 'n', 's', '.', 'i', 'o', '\0', + /* "herecsrymy.cz", true */ 'h', 'e', 'r', 'e', 'c', 's', 'r', 'y', 'm', 'y', '.', 'c', 'z', '\0', + /* "heritagebaptistchurch.com.ph", true */ 'h', 'e', 'r', 'i', 't', 'a', 'g', 'e', 'b', 'a', 'p', 't', 'i', 's', 't', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0', + /* "hermanbrouwer.nl", true */ 'h', 'e', 'r', 'm', 'a', 'n', 'b', 'r', 'o', 'u', 'w', 'e', 'r', '.', 'n', 'l', '\0', + /* "hermes-net.de", true */ 'h', 'e', 'r', 'm', 'e', 's', '-', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "hermes-servizi.it", true */ 'h', 'e', 'r', 'm', 'e', 's', '-', 's', 'e', 'r', 'v', 'i', 'z', 'i', '.', 'i', 't', '\0', + /* "herndl.org", true */ 'h', 'e', 'r', 'n', 'd', 'l', '.', 'o', 'r', 'g', '\0', + /* "herni-kupony.cz", true */ 'h', 'e', 'r', 'n', 'i', '-', 'k', 'u', 'p', 'o', 'n', 'y', '.', 'c', 'z', '\0', + /* "herocentral.de", true */ 'h', 'e', 'r', 'o', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'd', 'e', '\0', + /* "herohirehq.co.uk", true */ 'h', 'e', 'r', 'o', 'h', 'i', 'r', 'e', 'h', 'q', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "heroicpixel.com", true */ 'h', 'e', 'r', 'o', 'i', 'c', 'p', 'i', 'x', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "heroku.com", true */ 'h', 'e', 'r', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "herr-webdesign.de", true */ 'h', 'e', 'r', 'r', '-', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0', + /* "herrderzeit.de", true */ 'h', 'e', 'r', 'r', 'd', 'e', 'r', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0', + /* "herringsresidence.be", true */ 'h', 'e', 'r', 'r', 'i', 'n', 'g', 's', 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'b', 'e', '\0', + /* "herrsmith.com", true */ 'h', 'e', 'r', 'r', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "hertsbouncycastles.com", true */ 'h', 'e', 'r', 't', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "hertz.bj", true */ 'h', 'e', 'r', 't', 'z', '.', 'b', 'j', '\0', + /* "herzig.cc", true */ 'h', 'e', 'r', 'z', 'i', 'g', '.', 'c', 'c', '\0', + /* "hesaplama.net", true */ 'h', 'e', 's', 'a', 'p', 'l', 'a', 'm', 'a', '.', 'n', 'e', 't', '\0', + /* "hessen-liebe.de", true */ 'h', 'e', 's', 's', 'e', 'n', '-', 'l', 'i', 'e', 'b', 'e', '.', 'd', 'e', '\0', + /* "hetene.nl", true */ 'h', 'e', 't', 'e', 'n', 'e', '.', 'n', 'l', '\0', + /* "hethely.ch", true */ 'h', 'e', 't', 'h', 'e', 'l', 'y', '.', 'c', 'h', '\0', + /* "heute-kaufen.de", true */ 'h', 'e', 'u', 't', 'e', '-', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0', + /* "heverhagen.rocks", true */ 'h', 'e', 'v', 'e', 'r', 'h', 'a', 'g', 'e', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "hevertonfreitas.com.br", true */ 'h', 'e', 'v', 'e', 'r', 't', 'o', 'n', 'f', 'r', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "hex.bz", true */ 'h', 'e', 'x', '.', 'b', 'z', '\0', + /* "hexacon.io", true */ 'h', 'e', 'x', 'a', 'c', 'o', 'n', '.', 'i', 'o', '\0', + /* "hexagon-e.com", true */ 'h', 'e', 'x', 'a', 'g', 'o', 'n', '-', 'e', '.', 'c', 'o', 'm', '\0', + /* "hexapt.com", true */ 'h', 'e', 'x', 'a', 'p', 't', '.', 'c', 'o', 'm', '\0', + /* "hexe.net", true */ 'h', 'e', 'x', 'e', '.', 'n', 'e', 't', '\0', + /* "hexed.it", true */ 'h', 'e', 'x', 'e', 'd', '.', 'i', 't', '\0', + /* "hexicurity.com", true */ 'h', 'e', 'x', 'i', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "hexid.me", true */ 'h', 'e', 'x', 'i', 'd', '.', 'm', 'e', '\0', + /* "hexieshe.com", true */ 'h', 'e', 'x', 'i', 'e', 's', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "hexo.io", true */ 'h', 'e', 'x', 'o', '.', 'i', 'o', '\0', + /* "hexony.com", true */ 'h', 'e', 'x', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "hexr.org", true */ 'h', 'e', 'x', 'r', '.', 'o', 'r', 'g', '\0', + /* "hexxagon.com", true */ 'h', 'e', 'x', 'x', 'a', 'g', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "heycms.com", false */ 'h', 'e', 'y', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "hfbg.nl", true */ 'h', 'f', 'b', 'g', '.', 'n', 'l', '\0', + /* "hg.python.org", true */ 'h', 'g', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "hg0088.vip", true */ 'h', 'g', '0', '0', '8', '8', '.', 'v', 'i', 'p', '\0', + /* "hg718.com", true */ 'h', 'g', '7', '1', '8', '.', 'c', 'o', 'm', '\0', + /* "hg71801.com", true */ 'h', 'g', '7', '1', '8', '0', '1', '.', 'c', 'o', 'm', '\0', + /* "hg71802.com", true */ 'h', 'g', '7', '1', '8', '0', '2', '.', 'c', 'o', 'm', '\0', + /* "hg71803.com", true */ 'h', 'g', '7', '1', '8', '0', '3', '.', 'c', 'o', 'm', '\0', + /* "hg71805.com", true */ 'h', 'g', '7', '1', '8', '0', '5', '.', 'c', 'o', 'm', '\0', + /* "hg71806.com", true */ 'h', 'g', '7', '1', '8', '0', '6', '.', 'c', 'o', 'm', '\0', + /* "hg71807.com", true */ 'h', 'g', '7', '1', '8', '0', '7', '.', 'c', 'o', 'm', '\0', + /* "hg71809.com", true */ 'h', 'g', '7', '1', '8', '0', '9', '.', 'c', 'o', 'm', '\0', + /* "hg71811.com", true */ 'h', 'g', '7', '1', '8', '1', '1', '.', 'c', 'o', 'm', '\0', + /* "hg71812.com", true */ 'h', 'g', '7', '1', '8', '1', '2', '.', 'c', 'o', 'm', '\0', + /* "hg71813.com", true */ 'h', 'g', '7', '1', '8', '1', '3', '.', 'c', 'o', 'm', '\0', + /* "hg71815.com", true */ 'h', 'g', '7', '1', '8', '1', '5', '.', 'c', 'o', 'm', '\0', + /* "hg71819.com", true */ 'h', 'g', '7', '1', '8', '1', '9', '.', 'c', 'o', 'm', '\0', + /* "hg71822.com", true */ 'h', 'g', '7', '1', '8', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "hg71833.com", true */ 'h', 'g', '7', '1', '8', '3', '3', '.', 'c', 'o', 'm', '\0', + /* "hg71835.com", true */ 'h', 'g', '7', '1', '8', '3', '5', '.', 'c', 'o', 'm', '\0', + /* "hg71836.com", true */ 'h', 'g', '7', '1', '8', '3', '6', '.', 'c', 'o', 'm', '\0', + /* "hg71837.com", true */ 'h', 'g', '7', '1', '8', '3', '7', '.', 'c', 'o', 'm', '\0', + /* "hg71839.com", true */ 'h', 'g', '7', '1', '8', '3', '9', '.', 'c', 'o', 'm', '\0', + /* "hg71850.com", true */ 'h', 'g', '7', '1', '8', '5', '0', '.', 'c', 'o', 'm', '\0', + /* "hg71851.com", true */ 'h', 'g', '7', '1', '8', '5', '1', '.', 'c', 'o', 'm', '\0', + /* "hg71852.com", true */ 'h', 'g', '7', '1', '8', '5', '2', '.', 'c', 'o', 'm', '\0', + /* "hg71856.com", true */ 'h', 'g', '7', '1', '8', '5', '6', '.', 'c', 'o', 'm', '\0', + /* "hg71857.com", true */ 'h', 'g', '7', '1', '8', '5', '7', '.', 'c', 'o', 'm', '\0', + /* "hg71858.com", true */ 'h', 'g', '7', '1', '8', '5', '8', '.', 'c', 'o', 'm', '\0', + /* "hg71860.com", true */ 'h', 'g', '7', '1', '8', '6', '0', '.', 'c', 'o', 'm', '\0', + /* "hg71861.com", true */ 'h', 'g', '7', '1', '8', '6', '1', '.', 'c', 'o', 'm', '\0', + /* "hg71863.com", true */ 'h', 'g', '7', '1', '8', '6', '3', '.', 'c', 'o', 'm', '\0', + /* "hga8586.com", true */ 'h', 'g', 'a', '8', '5', '8', '6', '.', 'c', 'o', 'm', '\0', + /* "hga8587.com", true */ 'h', 'g', 'a', '8', '5', '8', '7', '.', 'c', 'o', 'm', '\0', + /* "hga8685.com", true */ 'h', 'g', 'a', '8', '6', '8', '5', '.', 'c', 'o', 'm', '\0', + /* "hga8687.com", true */ 'h', 'g', 'a', '8', '6', '8', '7', '.', 'c', 'o', 'm', '\0', + /* "hga8689.com", true */ 'h', 'g', 'a', '8', '6', '8', '9', '.', 'c', 'o', 'm', '\0', + /* "hga8757.com", true */ 'h', 'g', 'a', '8', '7', '5', '7', '.', 'c', 'o', 'm', '\0', + /* "hga8758.com", true */ 'h', 'g', 'a', '8', '7', '5', '8', '.', 'c', 'o', 'm', '\0', + /* "hgbet.com", true */ 'h', 'g', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "hgfa.fi", true */ 'h', 'g', 'f', 'a', '.', 'f', 'i', '\0', + /* "hgw168.com", true */ 'h', 'g', 'w', '1', '6', '8', '.', 'c', 'o', 'm', '\0', + /* "hh-medic.com", true */ 'h', 'h', '-', 'm', 'e', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "hhgdo.de", true */ 'h', 'h', 'g', 'd', 'o', '.', 'd', 'e', '\0', + /* "hhhdb.com", true */ 'h', 'h', 'h', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "hhidr.org", true */ 'h', 'h', 'i', 'd', 'r', '.', 'o', 'r', 'g', '\0', + /* "hhmmmm.de", true */ 'h', 'h', 'm', 'm', 'm', 'm', '.', 'd', 'e', '\0', + /* "hhs.gov", true */ 'h', 'h', 's', '.', 'g', 'o', 'v', '\0', + /* "hialatv.com", true */ 'h', 'i', 'a', 'l', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "hiccupsandjuice.co.uk", true */ 'h', 'i', 'c', 'c', 'u', 'p', 's', 'a', 'n', 'd', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hickorywinecellar.com", true */ 'h', 'i', 'c', 'k', 'o', 'r', 'y', 'w', 'i', 'n', 'e', 'c', 'e', 'l', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "hicl.org", true */ 'h', 'i', 'c', 'l', '.', 'o', 'r', 'g', '\0', + /* "hicoria.com", true */ 'h', 'i', 'c', 'o', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "hidbo.de", true */ 'h', 'i', 'd', 'b', 'o', '.', 'd', 'e', '\0', + /* "hiddenhillselectrical.com", true */ 'h', 'i', 'd', 'd', 'e', 'n', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "hiddenmalta.net", true */ 'h', 'i', 'd', 'd', 'e', 'n', 'm', 'a', 'l', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "hiddenprocess.com", true */ 'h', 'i', 'd', 'd', 'e', 'n', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "hideallip.com", true */ 'h', 'i', 'd', 'e', 'a', 'l', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "hidedd.com", true */ 'h', 'i', 'd', 'e', 'd', 'd', '.', 'c', 'o', 'm', '\0', + /* "hideouswebsite.com", true */ 'h', 'i', 'd', 'e', 'o', 'u', 's', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "hidroshop.com.br", true */ 'h', 'i', 'd', 'r', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "hieu.com.au", true */ 'h', 'i', 'e', 'u', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "higgstools.org", true */ 'h', 'i', 'g', 'g', 's', 't', 'o', 'o', 'l', 's', '.', 'o', 'r', 'g', '\0', + /* "highland-webcams.com", true */ 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', '-', 'w', 'e', 'b', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "highlandparkcog.org", true */ 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', 'p', 'a', 'r', 'k', 'c', 'o', 'g', '.', 'o', 'r', 'g', '\0', + /* "highlatitudestravel.com", true */ 'h', 'i', 'g', 'h', 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', 's', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "highlegshop.com", true */ 'h', 'i', 'g', 'h', 'l', 'e', 'g', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "highlevelwoodlands.com", true */ 'h', 'i', 'g', 'h', 'l', 'e', 'v', 'e', 'l', 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "highlnk.com", true */ 'h', 'i', 'g', 'h', 'l', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "highspeed-arnsberg.de", true */ 'h', 'i', 'g', 'h', 's', 'p', 'e', 'e', 'd', '-', 'a', 'r', 'n', 's', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0', + /* "hightechbasementsystems.com", true */ 'h', 'i', 'g', 'h', 't', 'e', 'c', 'h', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "hightimes.com", true */ 'h', 'i', 'g', 'h', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "highwaytohoell.de", true */ 'h', 'i', 'g', 'h', 'w', 'a', 'y', 't', 'o', 'h', 'o', 'e', 'l', 'l', '.', 'd', 'e', '\0', + /* "higilopocht.li", true */ 'h', 'i', 'g', 'i', 'l', 'o', 'p', 'o', 'c', 'h', 't', '.', 'l', 'i', '\0', + /* "higp.de", true */ 'h', 'i', 'g', 'p', '.', 'd', 'e', '\0', + /* "hijoan.com", true */ 'h', 'i', 'j', 'o', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "hik-cloud.com", true */ 'h', 'i', 'k', '-', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "hikagestudios.com", true */ 'h', 'i', 'k', 'a', 'g', 'e', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "hike.pics", true */ 'h', 'i', 'k', 'e', '.', 'p', 'i', 'c', 's', '\0', + /* "hikinggearlab.com", true */ 'h', 'i', 'k', 'i', 'n', 'g', 'g', 'e', 'a', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "hikingguy.com", true */ 'h', 'i', 'k', 'i', 'n', 'g', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0', + /* "hilahdih.cz", true */ 'h', 'i', 'l', 'a', 'h', 'd', 'i', 'h', '.', 'c', 'z', '\0', + /* "hilaolu.com", true */ 'h', 'i', 'l', 'a', 'o', 'l', 'u', '.', 'c', 'o', 'm', '\0', + /* "hilaolu.studio", true */ 'h', 'i', 'l', 'a', 'o', 'l', 'u', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "hilchenba.ch", true */ 'h', 'i', 'l', 'c', 'h', 'e', 'n', 'b', 'a', '.', 'c', 'h', '\0', + /* "hilfreiche-server.tips", true */ 'h', 'i', 'l', 'f', 'r', 'e', 'i', 'c', 'h', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 't', 'i', 'p', 's', '\0', + /* "hilhorst-uitvaartverzorging.nl", true */ 'h', 'i', 'l', 'h', 'o', 'r', 's', 't', '-', 'u', 'i', 't', 'v', 'a', 'a', 'r', 't', 'v', 'e', 'r', 'z', 'o', 'r', 'g', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "hillebrand.io", true */ 'h', 'i', 'l', 'l', 'e', 'b', 'r', 'a', 'n', 'd', '.', 'i', 'o', '\0', + /* "hillsboroccpa.org", true */ 'h', 'i', 'l', 'l', 's', 'b', 'o', 'r', 'o', 'c', 'c', 'p', 'a', '.', 'o', 'r', 'g', '\0', + /* "hilnu.com", true */ 'h', 'i', 'l', 'n', 'u', '.', 'c', 'o', 'm', '\0', + /* "hilti.ee", false */ 'h', 'i', 'l', 't', 'i', '.', 'e', 'e', '\0', + /* "hilti.kz", false */ 'h', 'i', 'l', 't', 'i', '.', 'k', 'z', '\0', + /* "hilti.lv", false */ 'h', 'i', 'l', 't', 'i', '.', 'l', 'v', '\0', + /* "hiltonarubabeachservices.com", true */ 'h', 'i', 'l', 't', 'o', 'n', 'a', 'r', 'u', 'b', 'a', 'b', 'e', 'a', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "hiltonhyland.com", true */ 'h', 'i', 'l', 't', 'o', 'n', 'h', 'y', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "himens.com", false */ 'h', 'i', 'm', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "hindmanfuneralhomes.com", true */ 'h', 'i', 'n', 'd', 'm', 'a', 'n', 'f', 'u', 'n', 'e', 'r', 'a', 'l', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "hingle.me", true */ 'h', 'i', 'n', 'g', 'l', 'e', '.', 'm', 'e', '\0', + /* "hinrich.de", true */ 'h', 'i', 'n', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "hintergrundbewegung.de", true */ 'h', 'i', 'n', 't', 'e', 'r', 'g', 'r', 'u', 'n', 'd', 'b', 'e', 'w', 'e', 'g', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "hinterhofbu.de", true */ 'h', 'i', 'n', 't', 'e', 'r', 'h', 'o', 'f', 'b', 'u', '.', 'd', 'e', '\0', + /* "hinterposemuckel.de", true */ 'h', 'i', 'n', 't', 'e', 'r', 'p', 'o', 's', 'e', 'm', 'u', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0', + /* "hintss.pw", true */ 'h', 'i', 'n', 't', 's', 's', '.', 'p', 'w', '\0', + /* "hiphop.ren", true */ 'h', 'i', 'p', 'h', 'o', 'p', '.', 'r', 'e', 'n', '\0', + /* "hipi.jp", true */ 'h', 'i', 'p', 'i', '.', 'j', 'p', '\0', + /* "hippies.com.br", true */ 'h', 'i', 'p', 'p', 'i', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "hippo.ge", true */ 'h', 'i', 'p', 'p', 'o', '.', 'g', 'e', '\0', + /* "hippomovers.com", true */ 'h', 'i', 'p', 'p', 'o', 'm', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "hippopotamuses.org", true */ 'h', 'i', 'p', 'p', 'o', 'p', 'o', 't', 'a', 'm', 'u', 's', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "hips.com", true */ 'h', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "hipstercat.fr", true */ 'h', 'i', 'p', 's', 't', 'e', 'r', 'c', 'a', 't', '.', 'f', 'r', '\0', + /* "hiqfleet.co.uk", true */ 'h', 'i', 'q', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hiqfranchise.co.uk", true */ 'h', 'i', 'q', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hiqonline.co.uk", true */ 'h', 'i', 'q', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hirake55.com", true */ 'h', 'i', 'r', 'a', 'k', 'e', '5', '5', '.', 'c', 'o', 'm', '\0', + /* "hiraku.me", false */ 'h', 'i', 'r', 'a', 'k', 'u', '.', 'm', 'e', '\0', + /* "hiratake.xyz", true */ 'h', 'i', 'r', 'a', 't', 'a', 'k', 'e', '.', 'x', 'y', 'z', '\0', + /* "hire-a-coder.de", true */ 'h', 'i', 'r', 'e', '-', 'a', '-', 'c', 'o', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "hireabouncycastle.net", true */ 'h', 'i', 'r', 'e', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "hiresteve.ca", true */ 'h', 'i', 'r', 'e', 's', 't', 'e', 'v', 'e', '.', 'c', 'a', '\0', + /* "hiresuccessstaffing.com", true */ 'h', 'i', 'r', 'e', 's', 'u', 'c', 'c', 'e', 's', 's', 's', 't', 'a', 'f', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "hiretech.com", true */ 'h', 'i', 'r', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "hirezzportal.com", true */ 'h', 'i', 'r', 'e', 'z', 'z', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "hirotaka.org", true */ 'h', 'i', 'r', 'o', 't', 'a', 'k', 'a', '.', 'o', 'r', 'g', '\0', + /* "hirzaconsult.ro", true */ 'h', 'i', 'r', 'z', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'r', 'o', '\0', + /* "hisbrucker.net", true */ 'h', 'i', 's', 'b', 'r', 'u', 'c', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "hisnet.de", true */ 'h', 'i', 's', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "hispanic.dating", true */ 'h', 'i', 's', 'p', 'a', 'n', 'i', 'c', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "histoire-cite.ch", true */ 'h', 'i', 's', 't', 'o', 'i', 'r', 'e', '-', 'c', 'i', 't', 'e', '.', 'c', 'h', '\0', + /* "histoire-theatre.com", true */ 'h', 'i', 's', 't', 'o', 'i', 'r', 'e', '-', 't', 'h', 'e', 'a', 't', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "historia-arte.com", true */ 'h', 'i', 's', 't', 'o', 'r', 'i', 'a', '-', 'a', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "history.google.com", true */ 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "history.pe", true */ 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'p', 'e', '\0', + /* "hiteco.com", true */ 'h', 'i', 't', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "hitmanstat.us", true */ 'h', 'i', 't', 'm', 'a', 'n', 's', 't', 'a', 't', '.', 'u', 's', '\0', + /* "hitoapi.cc", true */ 'h', 'i', 't', 'o', 'a', 'p', 'i', '.', 'c', 'c', '\0', + /* "hitocom.net.br", true */ 'h', 'i', 't', 'o', 'c', 'o', 'm', '.', 'n', 'e', 't', '.', 'b', 'r', '\0', + /* "hitter-lauzon.com", true */ 'h', 'i', 't', 't', 'e', 'r', '-', 'l', 'a', 'u', 'z', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "hitter.family", true */ 'h', 'i', 't', 't', 'e', 'r', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0', + /* "hitterfamily.com", true */ 'h', 'i', 't', 't', 'e', 'r', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "hiv-symptome.de", true */ 'h', 'i', 'v', '-', 's', 'y', 'm', 'p', 't', 'o', 'm', 'e', '.', 'd', 'e', '\0', + /* "hivatal-info.hu", true */ 'h', 'i', 'v', 'a', 't', 'a', 'l', '-', 'i', 'n', 'f', 'o', '.', 'h', 'u', '\0', + /* "hivatalinfo.hu", true */ 'h', 'i', 'v', 'a', 't', 'a', 'l', 'i', 'n', 'f', 'o', '.', 'h', 'u', '\0', + /* "hiverlune.net", true */ 'h', 'i', 'v', 'e', 'r', 'l', 'u', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "hiwiki.tk", true */ 'h', 'i', 'w', 'i', 'k', 'i', '.', 't', 'k', '\0', + /* "hiyacar.co.uk", true */ 'h', 'i', 'y', 'a', 'c', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hiyuki2578.net", true */ 'h', 'i', 'y', 'u', 'k', 'i', '2', '5', '7', '8', '.', 'n', 'e', 't', '\0', + /* "hizzacked.xxx", true */ 'h', 'i', 'z', 'z', 'a', 'c', 'k', 'e', 'd', '.', 'x', 'x', 'x', '\0', + /* "hj.rs", true */ 'h', 'j', '.', 'r', 's', '\0', + /* "hjartasmarta.se", true */ 'h', 'j', 'a', 'r', 't', 'a', 's', 'm', 'a', 'r', 't', 'a', '.', 's', 'e', '\0', + /* "hjes.com.ve", true */ 'h', 'j', 'e', 's', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0', + /* "hjf-immobilien.de", true */ 'h', 'j', 'f', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '.', 'd', 'e', '\0', + /* "hjortland.org", true */ 'h', 'j', 'o', 'r', 't', 'l', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0', + /* "hjw-kunstwerk.de", true */ 'h', 'j', 'w', '-', 'k', 'u', 'n', 's', 't', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0', + /* "hk.search.yahoo.com", false */ 'h', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "hkdobrev.com", true */ 'h', 'k', 'd', 'o', 'b', 'r', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "hknet.at", true */ 'h', 'k', 'n', 'e', 't', '.', 'a', 't', '\0', + /* "hkustmbajp.com", true */ 'h', 'k', 'u', 's', 't', 'm', 'b', 'a', 'j', 'p', '.', 'c', 'o', 'm', '\0', + /* "hl7999.com", true */ 'h', 'l', '7', '9', '9', '9', '.', 'c', 'o', 'm', '\0', + /* "hlacosedora.com", true */ 'h', 'l', 'a', 'c', 'o', 's', 'e', 'd', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "hlavacek.us", true */ 'h', 'l', 'a', 'v', 'a', 'c', 'e', 'k', '.', 'u', 's', '\0', + /* "hledejlevne.cz", true */ 'h', 'l', 'e', 'd', 'e', 'j', 'l', 'e', 'v', 'n', 'e', '.', 'c', 'z', '\0', + /* "hledejpravnika.cz", true */ 'h', 'l', 'e', 'd', 'e', 'j', 'p', 'r', 'a', 'v', 'n', 'i', 'k', 'a', '.', 'c', 'z', '\0', + /* "hlfh.space", true */ 'h', 'l', 'f', 'h', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "hloe0xff.ru", true */ 'h', 'l', 'o', 'e', '0', 'x', 'f', 'f', '.', 'r', 'u', '\0', + /* "hlsmandarincentre.com", true */ 'h', 'l', 's', 'm', 'a', 'n', 'd', 'a', 'r', 'i', 'n', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "hlucas.de", true */ 'h', 'l', 'u', 'c', 'a', 's', '.', 'd', 'e', '\0', + /* "hm1ch.com", true */ 'h', 'm', '1', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "hm773.net", true */ 'h', 'm', '7', '7', '3', '.', 'n', 'e', 't', '\0', + /* "hmhotelec.com", false */ 'h', 'm', 'h', 'o', 't', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "hmoegirl.com", true */ 'h', 'm', 'o', 'e', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "hms-waldmann.de", true */ 'h', 'm', 's', '-', 'w', 'a', 'l', 'd', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "hn.search.yahoo.com", false */ 'h', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "hoahau.org", true */ 'h', 'o', 'a', 'h', 'a', 'u', '.', 'o', 'r', 'g', '\0', + /* "hobby-drechselei.de", true */ 'h', 'o', 'b', 'b', 'y', '-', 'd', 'r', 'e', 'c', 'h', 's', 'e', 'l', 'e', 'i', '.', 'd', 'e', '\0', + /* "hobby-gamerz-community.de", true */ 'h', 'o', 'b', 'b', 'y', '-', 'g', 'a', 'm', 'e', 'r', 'z', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'd', 'e', '\0', + /* "hobbyspeed.com", true */ 'h', 'o', 'b', 'b', 'y', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "hochhaus.us", true */ 'h', 'o', 'c', 'h', 'h', 'a', 'u', 's', '.', 'u', 's', '\0', + /* "hochoukikikiraku.com", true */ 'h', 'o', 'c', 'h', 'o', 'u', 'k', 'i', 'k', 'i', 'k', 'i', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "hochzeit-dana-laurens.de", true */ 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', '-', 'd', 'a', 'n', 'a', '-', 'l', 'a', 'u', 'r', 'e', 'n', 's', '.', 'd', 'e', '\0', + /* "hochzeitsfotograf-deinfoto.ch", true */ 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', 's', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0', + /* "hochzeitshelferlein.de", true */ 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', 's', 'h', 'e', 'l', 'f', 'e', 'r', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0', + /* "hockeyapp.ch", true */ 'h', 'o', 'c', 'k', 'e', 'y', 'a', 'p', 'p', '.', 'c', 'h', '\0', + /* "hockeymotion.ch", true */ 'h', 'o', 'c', 'k', 'e', 'y', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "hodgephotography.com", true */ 'h', 'o', 'd', 'g', 'e', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "hoe.re", true */ 'h', 'o', 'e', '.', 'r', 'e', '\0', + /* "hoeft-autolackierung.de", true */ 'h', 'o', 'e', 'f', 't', '-', 'a', 'u', 't', 'o', 'l', 'a', 'c', 'k', 'i', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "hoekvanholland.eu", true */ 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'e', 'u', '\0', + /* "hoelty.network", true */ 'h', 'o', 'e', 'l', 't', 'y', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "hoesnelwasik.nl", true */ 'h', 'o', 'e', 's', 'n', 'e', 'l', 'w', 'a', 's', 'i', 'k', '.', 'n', 'l', '\0', + /* "hoewler.ch", true */ 'h', 'o', 'e', 'w', 'l', 'e', 'r', '.', 'c', 'h', '\0', + /* "hoezzi.nl", true */ 'h', 'o', 'e', 'z', 'z', 'i', '.', 'n', 'l', '\0', + /* "hoffens.se", true */ 'h', 'o', 'f', 'f', 'e', 'n', 's', '.', 's', 'e', '\0', + /* "hoflerlawfirm.com", true */ 'h', 'o', 'f', 'l', 'e', 'r', 'l', 'a', 'w', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "hogl.dk", true */ 'h', 'o', 'g', 'l', '.', 'd', 'k', '\0', + /* "hogrebe.de", true */ 'h', 'o', 'g', 'r', 'e', 'b', 'e', '.', 'd', 'e', '\0', + /* "hohnet.com", true */ 'h', 'o', 'h', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "hoikuen-now.top", true */ 'h', 'o', 'i', 'k', 'u', 'e', 'n', '-', 'n', 'o', 'w', '.', 't', 'o', 'p', '\0', + /* "hoiquanadida.com", true */ 'h', 'o', 'i', 'q', 'u', 'a', 'n', 'a', 'd', 'i', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "hoken-wakaru.jp", true */ 'h', 'o', 'k', 'e', 'n', '-', 'w', 'a', 'k', 'a', 'r', 'u', '.', 'j', 'p', '\0', + /* "hokieprivacy.org", true */ 'h', 'o', 'k', 'i', 'e', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'o', 'r', 'g', '\0', + /* "hokify.at", true */ 'h', 'o', 'k', 'i', 'f', 'y', '.', 'a', 't', '\0', + /* "hokify.ch", true */ 'h', 'o', 'k', 'i', 'f', 'y', '.', 'c', 'h', '\0', + /* "hokify.de", true */ 'h', 'o', 'k', 'i', 'f', 'y', '.', 'd', 'e', '\0', + /* "hokioisecurity.com", true */ 'h', 'o', 'k', 'i', 'o', 'i', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "holad.de", true */ 'h', 'o', 'l', 'a', 'd', '.', 'd', 'e', '\0', + /* "holboxwhalesharktours.com", true */ 'h', 'o', 'l', 'b', 'o', 'x', 'w', 'h', 'a', 'l', 'e', 's', 'h', 'a', 'r', 'k', 't', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "holebedeljek.hu", true */ 'h', 'o', 'l', 'e', 'b', 'e', 'd', 'e', 'l', 'j', 'e', 'k', '.', 'h', 'u', '\0', + /* "holidaysportugal.eu", true */ 'h', 'o', 'l', 'i', 'd', 'a', 'y', 's', 'p', 'o', 'r', 't', 'u', 'g', 'a', 'l', '.', 'e', 'u', '\0', + /* "holisticacupuncture.com.au", true */ 'h', 'o', 'l', 'i', 's', 't', 'i', 'c', 'a', 'c', 'u', 'p', 'u', 'n', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "holistichealer.in", true */ 'h', 'o', 'l', 'i', 's', 't', 'i', 'c', 'h', 'e', 'a', 'l', 'e', 'r', '.', 'i', 'n', '\0', + /* "holisticon.de", true */ 'h', 'o', 'l', 'i', 's', 't', 'i', 'c', 'o', 'n', '.', 'd', 'e', '\0', + /* "hollandguns.com", true */ 'h', 'o', 'l', 'l', 'a', 'n', 'd', 'g', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "hollermann.eu", true */ 'h', 'o', 'l', 'l', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0', + /* "hollo.me", true */ 'h', 'o', 'l', 'l', 'o', '.', 'm', 'e', '\0', + /* "hollowrap.com", true */ 'h', 'o', 'l', 'l', 'o', 'w', 'r', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "hollyforrest.ca", true */ 'h', 'o', 'l', 'l', 'y', 'f', 'o', 'r', 'r', 'e', 's', 't', '.', 'c', 'a', '\0', + /* "hollyforrestphotography.ca", true */ 'h', 'o', 'l', 'l', 'y', 'f', 'o', 'r', 'r', 'e', 's', 't', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'a', '\0', + /* "holmesian.org", true */ 'h', 'o', 'l', 'm', 'e', 's', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "holo.ovh", true */ 'h', 'o', 'l', 'o', '.', 'o', 'v', 'h', '\0', + /* "holodeck.us", true */ 'h', 'o', 'l', 'o', 'd', 'e', 'c', 'k', '.', 'u', 's', '\0', + /* "holofono.com", true */ 'h', 'o', 'l', 'o', 'f', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "holowaty.me", true */ 'h', 'o', 'l', 'o', 'w', 'a', 't', 'y', '.', 'm', 'e', '\0', + /* "holoxplor.space", true */ 'h', 'o', 'l', 'o', 'x', 'p', 'l', 'o', 'r', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "holvonix.com", true */ 'h', 'o', 'l', 'v', 'o', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "holy-hi.com", true */ 'h', 'o', 'l', 'y', '-', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "holydragoon.jp", true */ 'h', 'o', 'l', 'y', 'd', 'r', 'a', 'g', 'o', 'o', 'n', '.', 'j', 'p', '\0', + /* "holygrail.games", true */ 'h', 'o', 'l', 'y', 'g', 'r', 'a', 'i', 'l', '.', 'g', 'a', 'm', 'e', 's', '\0', + /* "holyhiphopdatabase.com", true */ 'h', 'o', 'l', 'y', 'h', 'i', 'p', 'h', 'o', 'p', 'd', 'a', 't', 'a', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "holymolycasinos.com", true */ 'h', 'o', 'l', 'y', 'm', 'o', 'l', 'y', 'c', 'a', 's', 'i', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "holytransaction.com", true */ 'h', 'o', 'l', 'y', 't', 'r', 'a', 'n', 's', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "holywhite.com", true */ 'h', 'o', 'l', 'y', 'w', 'h', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "holz.nu", true */ 'h', 'o', 'l', 'z', '.', 'n', 'u', '\0', + /* "holzheizer-forum.de", true */ 'h', 'o', 'l', 'z', 'h', 'e', 'i', 'z', 'e', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "holzheizerforum.de", true */ 'h', 'o', 'l', 'z', 'h', 'e', 'i', 'z', 'e', 'r', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "holzspielzeug-shop.ch", true */ 'h', 'o', 'l', 'z', 's', 'p', 'i', 'e', 'l', 'z', 'e', 'u', 'g', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0', + /* "holzvergaser-forum.de", true */ 'h', 'o', 'l', 'z', 'v', 'e', 'r', 'g', 'a', 's', 'e', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "homatism.com", true */ 'h', 'o', 'm', 'a', 't', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "home-cloud.online", true */ 'h', 'o', 'm', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "home-coaching.be", true */ 'h', 'o', 'm', 'e', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'b', 'e', '\0', + /* "home-v.ind.in", true */ 'h', 'o', 'm', 'e', '-', 'v', '.', 'i', 'n', 'd', '.', 'i', 'n', '\0', + /* "home-work-jobs.com", true */ 'h', 'o', 'm', 'e', '-', 'w', 'o', 'r', 'k', '-', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "homeautomated.com", true */ 'h', 'o', 'm', 'e', 'a', 'u', 't', 'o', 'm', 'a', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "homebasedsalons.com.au", true */ 'h', 'o', 'm', 'e', 'b', 'a', 's', 'e', 'd', 's', 'a', 'l', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "homebodyalberta.com", true */ 'h', 'o', 'm', 'e', 'b', 'o', 'd', 'y', 'a', 'l', 'b', 'e', 'r', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "homecareassociatespa.com", true */ 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "homecarpetcleaning.co.uk", true */ 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'p', 'e', 't', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "homecoming.city", true */ 'h', 'o', 'm', 'e', 'c', 'o', 'm', 'i', 'n', 'g', '.', 'c', 'i', 't', 'y', '\0', + /* "homefacialpro.com", true */ 'h', 'o', 'm', 'e', 'f', 'a', 'c', 'i', 'a', 'l', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "homegardeningforum.com", true */ 'h', 'o', 'm', 'e', 'g', 'a', 'r', 'd', 'e', 'n', 'i', 'n', 'g', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "homegardenresort.nl", true */ 'h', 'o', 'm', 'e', 'g', 'a', 'r', 'd', 'e', 'n', 'r', 'e', 's', 'o', 'r', 't', '.', 'n', 'l', '\0', + /* "homehuntertoronto.com", true */ 'h', 'o', 'm', 'e', 'h', 'u', 'n', 't', 'e', 'r', 't', 'o', 'r', 'o', 'n', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "homehunting.pt", true */ 'h', 'o', 'm', 'e', 'h', 'u', 'n', 't', 'i', 'n', 'g', '.', 'p', 't', '\0', + /* "homeodynamics.com", true */ 'h', 'o', 'm', 'e', 'o', 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "homeofjones.net", true */ 'h', 'o', 'm', 'e', 'o', 'f', 'j', 'o', 'n', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "homeogenium.com", true */ 'h', 'o', 'm', 'e', 'o', 'g', 'e', 'n', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "homeownersinsurancenevada.com", true */ 'h', 'o', 'm', 'e', 'o', 'w', 'n', 'e', 'r', 's', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'n', 'e', 'v', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "homeownersinsurancenv.com", true */ 'h', 'o', 'm', 'e', 'o', 'w', 'n', 'e', 'r', 's', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'n', 'v', '.', 'c', 'o', 'm', '\0', + /* "homeprivate.de", true */ 'h', 'o', 'm', 'e', 'p', 'r', 'i', 'v', 'a', 't', 'e', '.', 'd', 'e', '\0', + /* "homeremodelingcontractorsca.com", true */ 'h', 'o', 'm', 'e', 'r', 'e', 'm', 'o', 'd', 'e', 'l', 'i', 'n', 'g', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 'o', 'r', 's', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "homesandal.com", true */ 'h', 'o', 'm', 'e', 's', 'a', 'n', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "homeseller.com", true */ 'h', 'o', 'm', 'e', 's', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "homesfordinner.ca", true */ 'h', 'o', 'm', 'e', 's', 'f', 'o', 'r', 'd', 'i', 'n', 'n', 'e', 'r', '.', 'c', 'a', '\0', + /* "homesteadfarm.org", true */ 'h', 'o', 'm', 'e', 's', 't', 'e', 'a', 'd', 'f', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0', + /* "homewatt.co.uk", true */ 'h', 'o', 'm', 'e', 'w', 'a', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "homeyou.com", true */ 'h', 'o', 'm', 'e', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "homezhi.com.tw", true */ 'h', 'o', 'm', 'e', 'z', 'h', 'i', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "hommeatoutfaire.be", true */ 'h', 'o', 'm', 'm', 'e', 'a', 't', 'o', 'u', 't', 'f', 'a', 'i', 'r', 'e', '.', 'b', 'e', '\0', + /* "homophoni.com", true */ 'h', 'o', 'm', 'o', 'p', 'h', 'o', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "hompus.nl", false */ 'h', 'o', 'm', 'p', 'u', 's', '.', 'n', 'l', '\0', + /* "honda-centrum.cz", true */ 'h', 'o', 'n', 'd', 'a', '-', 'c', 'e', 'n', 't', 'r', 'u', 'm', '.', 'c', 'z', '\0', + /* "hondart.cz", true */ 'h', 'o', 'n', 'd', 'a', 'r', 't', '.', 'c', 'z', '\0', + /* "hondenoppasfraneker.nl", true */ 'h', 'o', 'n', 'd', 'e', 'n', 'o', 'p', 'p', 'a', 's', 'f', 'r', 'a', 'n', 'e', 'k', 'e', 'r', '.', 'n', 'l', '\0', + /* "honeybadger.io", false */ 'h', 'o', 'n', 'e', 'y', 'b', 'a', 'd', 'g', 'e', 'r', '.', 'i', 'o', '\0', + /* "honeybeard.co.uk", true */ 'h', 'o', 'n', 'e', 'y', 'b', 'e', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "honeycome.net", true */ 'h', 'o', 'n', 'e', 'y', 'c', 'o', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "honeyhaw.com", true */ 'h', 'o', 'n', 'e', 'y', 'h', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "honeypot.net", true */ 'h', 'o', 'n', 'e', 'y', 'p', 'o', 't', '.', 'n', 'e', 't', '\0', + /* "hong.io", true */ 'h', 'o', 'n', 'g', '.', 'i', 'o', '\0', + /* "honkhonk.net", true */ 'h', 'o', 'n', 'k', 'h', 'o', 'n', 'k', '.', 'n', 'e', 't', '\0', + /* "honkion.net", true */ 'h', 'o', 'n', 'k', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "honovere.de", true */ 'h', 'o', 'n', 'o', 'v', 'e', 'r', 'e', '.', 'd', 'e', '\0', + /* "hontoir.eu", true */ 'h', 'o', 'n', 't', 'o', 'i', 'r', '.', 'e', 'u', '\0', + /* "hoodtrader.com", true */ 'h', 'o', 'o', 'd', 't', 'r', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "hoofddorp-centraal.nl", true */ 'h', 'o', 'o', 'f', 'd', 'd', 'o', 'r', 'p', '-', 'c', 'e', 'n', 't', 'r', 'a', 'a', 'l', '.', 'n', 'l', '\0', + /* "hookbin.com", true */ 'h', 'o', 'o', 'k', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "hooowl.com", true */ 'h', 'o', 'o', 'o', 'w', 'l', '.', 'c', 'o', 'm', '\0', + /* "hoopertechnicalsolutions.com", true */ 'h', 'o', 'o', 'p', 'e', 'r', 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "hooray.beer", true */ 'h', 'o', 'o', 'r', 'a', 'y', '.', 'b', 'e', 'e', 'r', '\0', + /* "hootworld.net", true */ 'h', 'o', 'o', 't', 'w', 'o', 'r', 'l', 'd', '.', 'n', 'e', 't', '\0', + /* "hoowhen.cn", true */ 'h', 'o', 'o', 'w', 'h', 'e', 'n', '.', 'c', 'n', '\0', + /* "hopconseils.ch", true */ 'h', 'o', 'p', 'c', 'o', 'n', 's', 'e', 'i', 'l', 's', '.', 'c', 'h', '\0', + /* "hopconseils.com", true */ 'h', 'o', 'p', 'c', 'o', 'n', 's', 'e', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "hopewellproperties.co.uk", true */ 'h', 'o', 'p', 'e', 'w', 'e', 'l', 'l', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hopglass.eu", true */ 'h', 'o', 'p', 'g', 'l', 'a', 's', 's', '.', 'e', 'u', '\0', + /* "hopglass.net", true */ 'h', 'o', 'p', 'g', 'l', 'a', 's', 's', '.', 'n', 'e', 't', '\0', + /* "hoplongtech.com", true */ 'h', 'o', 'p', 'l', 'o', 'n', 'g', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "hopps.me", true */ 'h', 'o', 'p', 'p', 's', '.', 'm', 'e', '\0', + /* "hoppyx.com", true */ 'h', 'o', 'p', 'p', 'y', 'x', '.', 'c', 'o', 'm', '\0', + /* "horace.li", true */ 'h', 'o', 'r', 'a', 'c', 'e', '.', 'l', 'i', '\0', + /* "horaceli.com", true */ 'h', 'o', 'r', 'a', 'c', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "horackova.info", true */ 'h', 'o', 'r', 'a', 'c', 'k', 'o', 'v', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "hord.ca", true */ 'h', 'o', 'r', 'd', '.', 'c', 'a', '\0', + /* "horeizai.net", true */ 'h', 'o', 'r', 'e', 'i', 'z', 'a', 'i', '.', 'n', 'e', 't', '\0', + /* "horisonttimedia.fi", true */ 'h', 'o', 'r', 'i', 's', 'o', 'n', 't', 't', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'f', 'i', '\0', + /* "horizonhomes-samui.com", true */ 'h', 'o', 'r', 'i', 'z', 'o', 'n', 'h', 'o', 'm', 'e', 's', '-', 's', 'a', 'm', 'u', 'i', '.', 'c', 'o', 'm', '\0', + /* "horkel.cf", true */ 'h', 'o', 'r', 'k', 'e', 'l', '.', 'c', 'f', '\0', + /* "hornyforhanzo.com", true */ 'h', 'o', 'r', 'n', 'y', 'f', 'o', 'r', 'h', 'a', 'n', 'z', 'o', '.', 'c', 'o', 'm', '\0', + /* "horodance.dk", true */ 'h', 'o', 'r', 'o', 'd', 'a', 'n', 'c', 'e', '.', 'd', 'k', '\0', + /* "horrell.ca", true */ 'h', 'o', 'r', 'r', 'e', 'l', 'l', '.', 'c', 'a', '\0', + /* "horrendous-servers.com", true */ 'h', 'o', 'r', 'r', 'e', 'n', 'd', 'o', 'u', 's', '-', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "horror-forum.de", true */ 'h', 'o', 'r', 'r', 'o', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "horsehunter.co.uk", true */ 'h', 'o', 'r', 's', 'e', 'h', 'u', 'n', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "horstmanshof.eu", true */ 'h', 'o', 'r', 's', 't', 'm', 'a', 'n', 's', 'h', 'o', 'f', '.', 'e', 'u', '\0', + /* "hory.me", true */ 'h', 'o', 'r', 'y', '.', 'm', 'e', '\0', + /* "horza.org", true */ 'h', 'o', 'r', 'z', 'a', '.', 'o', 'r', 'g', '\0', + /* "hoshimaq.com.br", true */ 'h', 'o', 's', 'h', 'i', 'm', 'a', 'q', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "hoshimaquinas.com.br", true */ 'h', 'o', 's', 'h', 'i', 'm', 'a', 'q', 'u', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "hoshinplan.com", true */ 'h', 'o', 's', 'h', 'i', 'n', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "hoshisato.com", true */ 'h', 'o', 's', 'h', 'i', 's', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "hosiet.me", true */ 'h', 'o', 's', 'i', 'e', 't', '.', 'm', 'e', '\0', + /* "hosmussynergie.nl", false */ 'h', 'o', 's', 'm', 'u', 's', 's', 'y', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'n', 'l', '\0', + /* "hospitalhomelottery.org", true */ 'h', 'o', 's', 'p', 'i', 't', 'a', 'l', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "hostadvice.com", true */ 'h', 'o', 's', 't', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "hostam.link", true */ 'h', 'o', 's', 't', 'a', 'm', '.', 'l', 'i', 'n', 'k', '\0', + /* "hostarea51.com", true */ 'h', 'o', 's', 't', 'a', 'r', 'e', 'a', '5', '1', '.', 'c', 'o', 'm', '\0', + /* "hostedbgp.net", true */ 'h', 'o', 's', 't', 'e', 'd', 'b', 'g', 'p', '.', 'n', 'e', 't', '\0', + /* "hostedcomments.com", true */ 'h', 'o', 's', 't', 'e', 'd', 'c', 'o', 'm', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "hostedtalkgadget.google.com", true */ 'h', 'o', 's', 't', 'e', 'd', 't', 'a', 'l', 'k', 'g', 'a', 'd', 'g', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "hostfission.com", true */ 'h', 'o', 's', 't', 'f', 'i', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "hostgigz.com", true */ 'h', 'o', 's', 't', 'g', 'i', 'g', 'z', '.', 'c', 'o', 'm', '\0', + /* "hostingactive.it", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'a', 'c', 't', 'i', 'v', 'e', '.', 'i', 't', '\0', + /* "hostingfirst.nl", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'f', 'i', 'r', 's', 't', '.', 'n', 'l', '\0', + /* "hostinghelp.guru", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'h', 'e', 'l', 'p', '.', 'g', 'u', 'r', 'u', '\0', + /* "hostinginnederland.nl", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'i', 'n', 'n', 'e', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "hostinglogin.net", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'l', 'o', 'g', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "hostingpunt.be", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'p', 'u', 'n', 't', '.', 'b', 'e', '\0', + /* "hostingsolutions.cz", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'z', '\0', + /* "hostix.de", true */ 'h', 'o', 's', 't', 'i', 'x', '.', 'd', 'e', '\0', + /* "hostma.ma", true */ 'h', 'o', 's', 't', 'm', 'a', '.', 'm', 'a', '\0', + /* "hostme.co.il", false */ 'h', 'o', 's', 't', 'm', 'e', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "hostmijnpagina.nl", true */ 'h', 'o', 's', 't', 'm', 'i', 'j', 'n', 'p', 'a', 'g', 'i', 'n', 'a', '.', 'n', 'l', '\0', + /* "hostmodern.com.au", true */ 'h', 'o', 's', 't', 'm', 'o', 'd', 'e', 'r', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "hosts.cf", true */ 'h', 'o', 's', 't', 's', '.', 'c', 'f', '\0', + /* "hostserv.org", true */ 'h', 'o', 's', 't', 's', 'e', 'r', 'v', '.', 'o', 'r', 'g', '\0', + /* "hosyaku.gr.jp", true */ 'h', 'o', 's', 'y', 'a', 'k', 'u', '.', 'g', 'r', '.', 'j', 'p', '\0', + /* "hot-spa.ch", true */ 'h', 'o', 't', '-', 's', 'p', 'a', '.', 'c', 'h', '\0', + /* "hotcandlestick.com", true */ 'h', 'o', 't', 'c', 'a', 'n', 'd', 'l', 'e', 's', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "hotchillibox.co.za", true */ 'h', 'o', 't', 'c', 'h', 'i', 'l', 'l', 'i', 'b', 'o', 'x', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "hotchillibox.com", true */ 'h', 'o', 't', 'c', 'h', 'i', 'l', 'l', 'i', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "hotel-huberhof.at", true */ 'h', 'o', 't', 'e', 'l', '-', 'h', 'u', 'b', 'e', 'r', 'h', 'o', 'f', '.', 'a', 't', '\0', + /* "hotel-kronjuwel.de", true */ 'h', 'o', 't', 'e', 'l', '-', 'k', 'r', 'o', 'n', 'j', 'u', 'w', 'e', 'l', '.', 'd', 'e', '\0', + /* "hotel-le-vaisseau.ch", true */ 'h', 'o', 't', 'e', 'l', '-', 'l', 'e', '-', 'v', 'a', 'i', 's', 's', 'e', 'a', 'u', '.', 'c', 'h', '\0', + /* "hotel-pension-sonnalp.eu", true */ 'h', 'o', 't', 'e', 'l', '-', 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 's', 'o', 'n', 'n', 'a', 'l', 'p', '.', 'e', 'u', '\0', + /* "hotel-rosner.at", true */ 'h', 'o', 't', 'e', 'l', '-', 'r', 'o', 's', 'n', 'e', 'r', '.', 'a', 't', '\0', + /* "hotelflow.com.br", true */ 'h', 'o', 't', 'e', 'l', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "hotelident.de", true */ 'h', 'o', 't', 'e', 'l', 'i', 'd', 'e', 'n', 't', '.', 'd', 'e', '\0', + /* "hotelmap.com", true */ 'h', 'o', 't', 'e', 'l', 'm', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "hotelsinformer.com", true */ 'h', 'o', 't', 'e', 'l', 's', 'i', 'n', 'f', 'o', 'r', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "hotelvalena.com", true */ 'h', 'o', 't', 'e', 'l', 'v', 'a', 'l', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "hothbricks.com", true */ 'h', 'o', 't', 'h', 'b', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "hotnewhiphop.com", true */ 'h', 'o', 't', 'n', 'e', 'w', 'h', 'i', 'p', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "hoto.us", true */ 'h', 'o', 't', 'o', '.', 'u', 's', '\0', + /* "hoton.in", true */ 'h', 'o', 't', 'o', 'n', '.', 'i', 'n', '\0', + /* "hotornot.com", true */ 'h', 'o', 't', 'o', 'r', 'n', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "hotplate.co.nz", true */ 'h', 'o', 't', 'p', 'l', 'a', 't', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "hotplug.gr", true */ 'h', 'o', 't', 'p', 'l', 'u', 'g', '.', 'g', 'r', '\0', + /* "hotpoint-training.com", true */ 'h', 'o', 't', 'p', 'o', 'i', 'n', 't', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "hottaro.com", true */ 'h', 'o', 't', 't', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "hottestwebcamgirls.org", true */ 'h', 'o', 't', 't', 'e', 's', 't', 'w', 'e', 'b', 'c', 'a', 'm', 'g', 'i', 'r', 'l', 's', '.', 'o', 'r', 'g', '\0', + /* "hottheme.net", true */ 'h', 'o', 't', 't', 'h', 'e', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "hotting.nl", true */ 'h', 'o', 't', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "hottubhirenewcastle.co.uk", true */ 'h', 'o', 't', 't', 'u', 'b', 'h', 'i', 'r', 'e', 'n', 'e', 'w', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hottubspasnewcastle.co.uk", true */ 'h', 'o', 't', 't', 'u', 'b', 's', 'p', 'a', 's', 'n', 'e', 'w', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "houdremont-la-courneuve.info", true */ 'h', 'o', 'u', 'd', 'r', 'e', 'm', 'o', 'n', 't', '-', 'l', 'a', '-', 'c', 'o', 'u', 'r', 'n', 'e', 'u', 'v', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "houraiteahouse.net", true */ 'h', 'o', 'u', 'r', 'a', 'i', 't', 'e', 'a', 'h', 'o', 'u', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "house-of-japan.co.jp", true */ 'h', 'o', 'u', 's', 'e', '-', 'o', 'f', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "house-sparrow.com", true */ 'h', 'o', 'u', 's', 'e', '-', 's', 'p', 'a', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "houseboydesigns.com", true */ 'h', 'o', 'u', 's', 'e', 'b', 'o', 'y', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "houseinvestor.com", true */ 'h', 'o', 'u', 's', 'e', 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "houser.lu", true */ 'h', 'o', 'u', 's', 'e', 'r', '.', 'l', 'u', '\0', + /* "housetalk.ru", true */ 'h', 'o', 'u', 's', 'e', 't', 'a', 'l', 'k', '.', 'r', 'u', '\0', + /* "houstonapartmentinsiders.com", true */ 'h', 'o', 'u', 's', 't', 'o', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 'i', 'n', 's', 'i', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "houstoncreditlaw.com", true */ 'h', 'o', 'u', 's', 't', 'o', 'n', 'c', 'r', 'e', 'd', 'i', 't', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "houtinee.com", true */ 'h', 'o', 'u', 't', 'i', 'n', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "how2fsbo.com", true */ 'h', 'o', 'w', '2', 'f', 's', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "how2play.pl", true */ 'h', 'o', 'w', '2', 'p', 'l', 'a', 'y', '.', 'p', 'l', '\0', + /* "howa-n.net", true */ 'h', 'o', 'w', 'a', '-', 'n', '.', 'n', 'e', 't', '\0', + /* "howardwatts.co.uk", true */ 'h', 'o', 'w', 'a', 'r', 'd', 'w', 'a', 't', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "howbehealthy.com", true */ 'h', 'o', 'w', 'b', 'e', 'h', 'e', 'a', 'l', 't', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "howbigismybuilding.com", true */ 'h', 'o', 'w', 'b', 'i', 'g', 'i', 's', 'm', 'y', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "howlongtobeatsteam.com", true */ 'h', 'o', 'w', 'l', 'o', 'n', 'g', 't', 'o', 'b', 'e', 'a', 't', 's', 't', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "howmanymilesfrom.com", true */ 'h', 'o', 'w', 'm', 'a', 'n', 'y', 'm', 'i', 'l', 'e', 's', 'f', 'r', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "howsecureismypassword.net", true */ 'h', 'o', 'w', 's', 'e', 'c', 'u', 'r', 'e', 'i', 's', 'm', 'y', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'n', 'e', 't', '\0', + /* "howsmyssl.com", true */ 'h', 'o', 'w', 's', 'm', 'y', 's', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "howsmytls.com", true */ 'h', 'o', 'w', 's', 'm', 'y', 't', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "howsyourhealth.org", true */ 'h', 'o', 'w', 's', 'y', 'o', 'u', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'o', 'r', 'g', '\0', + /* "howtofreelance.com", true */ 'h', 'o', 'w', 't', 'o', 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "howtogeek.com", true */ 'h', 'o', 'w', 't', 'o', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "howtogeekpro.com", true */ 'h', 'o', 'w', 't', 'o', 'g', 'e', 'e', 'k', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "howtogosolar.org", true */ 'h', 'o', 'w', 't', 'o', 'g', 'o', 's', 'o', 'l', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "howtolaser.com", true */ 'h', 'o', 'w', 't', 'o', 'l', 'a', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "hozana.si", false */ 'h', 'o', 'z', 'a', 'n', 'a', '.', 's', 'i', '\0', + /* "hp42.de", true */ 'h', 'p', '4', '2', '.', 'd', 'e', '\0', + /* "hpac-portal.com", true */ 'h', 'p', 'a', 'c', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "hpbn.co", true */ 'h', 'p', 'b', 'n', '.', 'c', 'o', '\0', + /* "hpctecnologias.com", true */ 'h', 'p', 'c', 't', 'e', 'c', 'n', 'o', 'l', 'o', 'g', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "hpeditor.tk", true */ 'h', 'p', 'e', 'd', 'i', 't', 'o', 'r', '.', 't', 'k', '\0', + /* "hpisavageforum.com", true */ 'h', 'p', 'i', 's', 'a', 'v', 'a', 'g', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "hpkp-faq.de", true */ 'h', 'p', 'k', 'p', '-', 'f', 'a', 'q', '.', 'd', 'e', '\0', + /* "hpnow.com.br", true */ 'h', 'p', 'n', 'o', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "hqq.tv", true */ 'h', 'q', 'q', '.', 't', 'v', '\0', + /* "hqwebhosting.tk", false */ 'h', 'q', 'w', 'e', 'b', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 't', 'k', '\0', + /* "hr98.xyz", true */ 'h', 'r', '9', '8', '.', 'x', 'y', 'z', '\0', + /* "hrabogados.com", true */ 'h', 'r', 'a', 'b', 'o', 'g', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "hraesvelg.net", true */ 'h', 'r', 'a', 'e', 's', 'v', 'e', 'l', 'g', '.', 'n', 'e', 't', '\0', + /* "hranicka.cz", true */ 'h', 'r', 'a', 'n', 'i', 'c', 'k', 'a', '.', 'c', 'z', '\0', + /* "hrbatypes.cz", true */ 'h', 'r', 'b', 'a', 't', 'y', 'p', 'e', 's', '.', 'c', 'z', '\0', + /* "hrdns.de", false */ 'h', 'r', 'd', 'n', 's', '.', 'd', 'e', '\0', + /* "href.one", true */ 'h', 'r', 'e', 'f', '.', 'o', 'n', 'e', '\0', + /* "hreflang.info", true */ 'h', 'r', 'e', 'f', 'l', 'a', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0', + /* "hrfhomelottery.com", true */ 'h', 'r', 'f', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "hrjfeedstock.com", true */ 'h', 'r', 'j', 'f', 'e', 'e', 'd', 's', 't', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "hrjfeedstock.org", true */ 'h', 'r', 'j', 'f', 'e', 'e', 'd', 's', 't', 'o', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "hrndz.io", true */ 'h', 'r', 'n', 'd', 'z', '.', 'i', 'o', '\0', + /* "hrobert.hu", true */ 'h', 'r', 'o', 'b', 'e', 'r', 't', '.', 'h', 'u', '\0', + /* "hroling.nl", true */ 'h', 'r', 'o', 'l', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "hroschyk.cz", true */ 'h', 'r', 'o', 's', 'c', 'h', 'y', 'k', '.', 'c', 'z', '\0', + /* "hrtraining.com.au", true */ 'h', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "hs-arbeitsschutz.de", true */ 'h', 's', '-', 'a', 'r', 'b', 'e', 'i', 't', 's', 's', 'c', 'h', 'u', 't', 'z', '.', 'd', 'e', '\0', + /* "hs-group.net", true */ 'h', 's', '-', 'g', 'r', 'o', 'u', 'p', '.', 'n', 'e', 't', '\0', + /* "hscorp.de", true */ 'h', 's', 'c', 'o', 'r', 'p', '.', 'd', 'e', '\0', + /* "hsivonen.com", true */ 'h', 's', 'i', 'v', 'o', 'n', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "hsivonen.fi", true */ 'h', 's', 'i', 'v', 'o', 'n', 'e', 'n', '.', 'f', 'i', '\0', + /* "hsivonen.iki.fi", true */ 'h', 's', 'i', 'v', 'o', 'n', 'e', 'n', '.', 'i', 'k', 'i', '.', 'f', 'i', '\0', + /* "hsmr.cc", true */ 'h', 's', 'm', 'r', '.', 'c', 'c', '\0', + /* "hsr.gov", false */ 'h', 's', 'r', '.', 'g', 'o', 'v', '\0', + /* "hsts-preload-test.xyz", true */ 'h', 's', 't', 's', '-', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '-', 't', 'e', 's', 't', '.', 'x', 'y', 'z', '\0', + /* "hsts.eu", true */ 'h', 's', 't', 's', '.', 'e', 'u', '\0', + /* "hstsfail.appspot.com", true */ 'h', 's', 't', 's', 'f', 'a', 'i', 'l', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "hstspreload.appspot.com", true */ 'h', 's', 't', 's', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "hstspreload.com", true */ 'h', 's', 't', 's', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "hstspreload.org", true */ 'h', 's', 't', 's', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '.', 'o', 'r', 'g', '\0', + /* "hszemi.de", true */ 'h', 's', 'z', 'e', 'm', 'i', '.', 'd', 'e', '\0', + /* "htaccessbook.com", true */ 'h', 't', 'a', 'c', 'c', 'e', 's', 's', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "htaps.com", true */ 'h', 't', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "hte.ovh", true */ 'h', 't', 'e', '.', 'o', 'v', 'h', '\0', + /* "htlball.at", true */ 'h', 't', 'l', 'b', 'a', 'l', 'l', '.', 'a', 't', '\0', + /* "html5.org", true */ 'h', 't', 'm', 'l', '5', '.', 'o', 'r', 'g', '\0', + /* "html5media.info", true */ 'h', 't', 'm', 'l', '5', 'm', 'e', 'd', 'i', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "htmlacademy.ru", true */ 'h', 't', 'm', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'r', 'u', '\0', + /* "htmlvalidator.com", true */ 'h', 't', 'm', 'l', 'v', 'a', 'l', 'i', 'd', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "htmlyse.com", true */ 'h', 't', 'm', 'l', 'y', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "htmue.net", true */ 'h', 't', 'm', 'u', 'e', '.', 'n', 'e', 't', '\0', + /* "htmue.org", true */ 'h', 't', 'm', 'u', 'e', '.', 'o', 'r', 'g', '\0', + /* "htsure.ma", true */ 'h', 't', 's', 'u', 'r', 'e', '.', 'm', 'a', '\0', + /* "http2.eu", true */ 'h', 't', 't', 'p', '2', '.', 'e', 'u', '\0', + /* "http2.pro", true */ 'h', 't', 't', 'p', '2', '.', 'p', 'r', 'o', '\0', + /* "https.jetzt", true */ 'h', 't', 't', 'p', 's', '.', 'j', 'e', 't', 'z', 't', '\0', + /* "https4all.org", true */ 'h', 't', 't', 'p', 's', '4', 'a', 'l', 'l', '.', 'o', 'r', 'g', '\0', + /* "httpsecured.net", true */ 'h', 't', 't', 'p', 's', 'e', 'c', 'u', 'r', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "httpsecurityreport.com", true */ 'h', 't', 't', 'p', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'r', 'e', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "httpsnow.com", true */ 'h', 't', 't', 'p', 's', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "httpsnow.org", true */ 'h', 't', 't', 'p', 's', 'n', 'o', 'w', '.', 'o', 'r', 'g', '\0', + /* "httpswatch.ca", true */ 'h', 't', 't', 'p', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'a', '\0', + /* "httpswatch.com", true */ 'h', 't', 't', 'p', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "httptest.net", true */ 'h', 't', 't', 'p', 't', 'e', 's', 't', '.', 'n', 'e', 't', '\0', + /* "hu.search.yahoo.com", false */ 'h', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "hua-in.com", true */ 'h', 'u', 'a', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "huagati.com", true */ 'h', 'u', 'a', 'g', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "huahinpropertylisting.com", true */ 'h', 'u', 'a', 'h', 'i', 'n', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'l', 'i', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "huang.nu", true */ 'h', 'u', 'a', 'n', 'g', '.', 'n', 'u', '\0', + /* "huangguancq.com", true */ 'h', 'u', 'a', 'n', 'g', 'g', 'u', 'a', 'n', 'c', 'q', '.', 'c', 'o', 'm', '\0', + /* "huangjingjing.com", true */ 'h', 'u', 'a', 'n', 'g', 'j', 'i', 'n', 'g', 'j', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "huangzenghao.cn", true */ 'h', 'u', 'a', 'n', 'g', 'z', 'e', 'n', 'g', 'h', 'a', 'o', '.', 'c', 'n', '\0', + /* "huangzenghao.com", true */ 'h', 'u', 'a', 'n', 'g', 'z', 'e', 'n', 'g', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "huaxueba.com", true */ 'h', 'u', 'a', 'x', 'u', 'e', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "hub385.com", true */ 'h', 'u', 'b', '3', '8', '5', '.', 'c', 'o', 'm', '\0', + /* "huberulrich.de", true */ 'h', 'u', 'b', 'e', 'r', 'u', 'l', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "hubok.net", true */ 'h', 'u', 'b', 'o', 'k', '.', 'n', 'e', 't', '\0', + /* "huchet.me", true */ 'h', 'u', 'c', 'h', 'e', 't', '.', 'm', 'e', '\0', + /* "hudhaifahgoga.co.za", true */ 'h', 'u', 'd', 'h', 'a', 'i', 'f', 'a', 'h', 'g', 'o', 'g', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "hudingyuan.cn", true */ 'h', 'u', 'd', 'i', 'n', 'g', 'y', 'u', 'a', 'n', '.', 'c', 'n', '\0', + /* "hudrydum.cz", true */ 'h', 'u', 'd', 'r', 'y', 'd', 'u', 'm', '.', 'c', 'z', '\0', + /* "huduser.gov", true */ 'h', 'u', 'd', 'u', 's', 'e', 'r', '.', 'g', 'o', 'v', '\0', + /* "huendeleskopfhuette.de", true */ 'h', 'u', 'e', 'n', 'd', 'e', 'l', 'e', 's', 'k', 'o', 'p', 'f', 'h', 'u', 'e', 't', 't', 'e', '.', 'd', 'e', '\0', + /* "huersch.com", true */ 'h', 'u', 'e', 'r', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "huffduffer.com", true */ 'h', 'u', 'f', 'f', 'd', 'u', 'f', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "hughtodd.ink", true */ 'h', 'u', 'g', 'h', 't', 'o', 'd', 'd', '.', 'i', 'n', 'k', '\0', + /* "hugi.is", true */ 'h', 'u', 'g', 'i', '.', 'i', 's', '\0', + /* "huglen.info", true */ 'h', 'u', 'g', 'l', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "hugofs.com", true */ 'h', 'u', 'g', 'o', 'f', 's', '.', 'c', 'o', 'm', '\0', + /* "hugolynx.fr", true */ 'h', 'u', 'g', 'o', 'l', 'y', 'n', 'x', '.', 'f', 'r', '\0', + /* "huguesblanchard.paris", true */ 'h', 'u', 'g', 'u', 'e', 's', 'b', 'l', 'a', 'n', 'c', 'h', 'a', 'r', 'd', '.', 'p', 'a', 'r', 'i', 's', '\0', + /* "huguesditciles.com", true */ 'h', 'u', 'g', 'u', 'e', 's', 'd', 'i', 't', 'c', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "huihui.moe", true */ 'h', 'u', 'i', 'h', 'u', 'i', '.', 'm', 'o', 'e', '\0', + /* "huirongis.me", true */ 'h', 'u', 'i', 'r', 'o', 'n', 'g', 'i', 's', '.', 'm', 'e', '\0', + /* "huislaw.com", true */ 'h', 'u', 'i', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "huissier-vosges.com", true */ 'h', 'u', 'i', 's', 's', 'i', 'e', 'r', '-', 'v', 'o', 's', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "huitaodang.com", true */ 'h', 'u', 'i', 't', 'a', 'o', 'd', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "hukaloh.com", true */ 'h', 'u', 'k', 'a', 'l', 'o', 'h', '.', 'c', 'o', 'm', '\0', + /* "hukutuu.com", true */ 'h', 'u', 'k', 'u', 't', 'u', 'u', '.', 'c', 'o', 'm', '\0', + /* "hulet.tech", true */ 'h', 'u', 'l', 'e', 't', '.', 't', 'e', 'c', 'h', '\0', + /* "hulldevs.net", true */ 'h', 'u', 'l', 'l', 'd', 'e', 'v', 's', '.', 'n', 'e', 't', '\0', + /* "hulpbijmarketing.nl", true */ 'h', 'u', 'l', 'p', 'b', 'i', 'j', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "hulsoft.co.uk", true */ 'h', 'u', 'l', 's', 'o', 'f', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "human-clone.com", true */ 'h', 'u', 'm', 'a', 'n', '-', 'c', 'l', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "humanenrich.com", true */ 'h', 'u', 'm', 'a', 'n', 'e', 'n', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "humanesources.com", true */ 'h', 'u', 'm', 'a', 'n', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "humanexperiments.com", true */ 'h', 'u', 'm', 'a', 'n', 'e', 'x', 'p', 'e', 'r', 'i', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "humanity.com", true */ 'h', 'u', 'm', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "humans.io", true */ 'h', 'u', 'm', 'a', 'n', 's', '.', 'i', 'o', '\0', + /* "humanzee.com", true */ 'h', 'u', 'm', 'a', 'n', 'z', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "humblebee.at", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'a', 't', '\0', + /* "humblebee.be", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'b', 'e', '\0', + /* "humblebee.co.in", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'c', 'o', '.', 'i', 'n', '\0', + /* "humblebee.com.ph", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0', + /* "humblebee.cz", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'c', 'z', '\0', + /* "humblebee.dk", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'd', 'k', '\0', + /* "humblebee.es", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'e', 's', '\0', + /* "humblebee.eu", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'e', 'u', '\0', + /* "humblebee.foundation", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '\0', + /* "humblebee.fr", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'f', 'r', '\0', + /* "humblebee.gr", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'g', 'r', '\0', + /* "humblebee.ie", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'i', 'e', '\0', + /* "humblebee.it", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'i', 't', '\0', + /* "humblebee.me.uk", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "humblebee.nz", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'n', 'z', '\0', + /* "humblebee.pl", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'p', 'l', '\0', + /* "humblebee.us", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'u', 's', '\0', + /* "humblebeeshop.ca", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', 's', 'h', 'o', 'p', '.', 'c', 'a', '\0', + /* "humblebeeshop.com.au", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "hummy.tv", true */ 'h', 'u', 'm', 'm', 'y', '.', 't', 'v', '\0', + /* "humpen.se", true */ 'h', 'u', 'm', 'p', 'e', 'n', '.', 's', 'e', '\0', + /* "hund.io", true */ 'h', 'u', 'n', 'd', '.', 'i', 'o', '\0', + /* "hundeformel.de", true */ 'h', 'u', 'n', 'd', 'e', 'f', 'o', 'r', 'm', 'e', 'l', '.', 'd', 'e', '\0', + /* "hundter.com", true */ 'h', 'u', 'n', 'd', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "hunter.io", true */ 'h', 'u', 'n', 't', 'e', 'r', '.', 'i', 'o', '\0', + /* "huntingdonbouncers.co.uk", true */ 'h', 'u', 'n', 't', 'i', 'n', 'g', 'd', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "huntingdonlifesciences.com", true */ 'h', 'u', 'n', 't', 'i', 'n', 'g', 'd', 'o', 'n', 'l', 'i', 'f', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "huongquynh.com", true */ 'h', 'u', 'o', 'n', 'g', 'q', 'u', 'y', 'n', 'h', '.', 'c', 'o', 'm', '\0', + /* "hup.hu", true */ 'h', 'u', 'p', '.', 'h', 'u', '\0', + /* "hupp.se", true */ 'h', 'u', 'p', 'p', '.', 's', 'e', '\0', + /* "hurd.is", true */ 'h', 'u', 'r', 'd', '.', 'i', 's', '\0', + /* "huren.nl", true */ 'h', 'u', 'r', 'e', 'n', '.', 'n', 'l', '\0', + /* "huroji.com", true */ 'h', 'u', 'r', 'o', 'j', 'i', '.', 'c', 'o', 'm', '\0', + /* "hurricanelabs.com", false */ 'h', 'u', 'r', 'r', 'i', 'c', 'a', 'n', 'e', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "husakbau.at", true */ 'h', 'u', 's', 'a', 'k', 'b', 'a', 'u', '.', 'a', 't', '\0', + /* "hushfile.it", true */ 'h', 'u', 's', 'h', 'f', 'i', 'l', 'e', '.', 'i', 't', '\0', + /* "husic.net", true */ 'h', 'u', 's', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "husky.xyz", true */ 'h', 'u', 's', 'k', 'y', '.', 'x', 'y', 'z', '\0', + /* "huskyduvercors.com", true */ 'h', 'u', 's', 'k', 'y', 'd', 'u', 'v', 'e', 'r', 'c', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "huskyinc.us", true */ 'h', 'u', 's', 'k', 'y', 'i', 'n', 'c', '.', 'u', 's', '\0', + /* "hussam.eu.org", true */ 'h', 'u', 's', 's', 'a', 'm', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "hustlehope.com", true */ 'h', 'u', 's', 't', 'l', 'e', 'h', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "hustunique.com", true */ 'h', 'u', 's', 't', 'u', 'n', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "huto.ml", true */ 'h', 'u', 't', 'o', '.', 'm', 'l', '\0', + /* "huutonauru.net", true */ 'h', 'u', 'u', 't', 'o', 'n', 'a', 'u', 'r', 'u', '.', 'n', 'e', 't', '\0', + /* "huwcbjones.co.uk", true */ 'h', 'u', 'w', 'c', 'b', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "huwcbjones.uk", true */ 'h', 'u', 'w', 'c', 'b', 'j', 'o', 'n', 'e', 's', '.', 'u', 'k', '\0', + /* "huxley.net", true */ 'h', 'u', 'x', 'l', 'e', 'y', '.', 'n', 'e', 't', '\0', + /* "hvdbox.de", true */ 'h', 'v', 'd', 'b', 'o', 'x', '.', 'd', 'e', '\0', + /* "hverdagogkink.no", true */ 'h', 'v', 'e', 'r', 'd', 'a', 'g', 'o', 'g', 'k', 'i', 'n', 'k', '.', 'n', 'o', '\0', + /* "hvh.no", true */ 'h', 'v', 'h', '.', 'n', 'o', '\0', + /* "hvtuananh.com", true */ 'h', 'v', 't', 'u', 'a', 'n', 'a', 'n', 'h', '.', 'c', 'o', 'm', '\0', + /* "hwaddress.com", true */ 'h', 'w', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "hwag-pb.de", true */ 'h', 'w', 'a', 'g', '-', 'p', 'b', '.', 'd', 'e', '\0', + /* "hwcine.com", true */ 'h', 'w', 'c', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "hwinfo.com", true */ 'h', 'w', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "hwpkasse.de", true */ 'h', 'w', 'p', 'k', 'a', 's', 's', 'e', '.', 'd', 'e', '\0', + /* "hx53.de", true */ 'h', 'x', '5', '3', '.', 'd', 'e', '\0', + /* "hxying.com", true */ 'h', 'x', 'y', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "hybridiyhdistys.fi", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'i', 'y', 'h', 'd', 'i', 's', 't', 'y', 's', '.', 'f', 'i', '\0', + /* "hybridklubben.fi", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'k', 'l', 'u', 'b', 'b', 'e', 'n', '.', 'f', 'i', '\0', + /* "hybridworx.com", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'c', 'o', 'm', '\0', + /* "hybridworx.de", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'd', 'e', '\0', + /* "hybridworx.eu", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'e', 'u', '\0', + /* "hybridworx.net", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'n', 'e', 't', '\0', + /* "hybridworx.org", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'o', 'r', 'g', '\0', + /* "hycken.com", true */ 'h', 'y', 'c', 'k', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "hyckenberg.com", true */ 'h', 'y', 'c', 'k', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "hyderabadonlinegifts.com", true */ 'h', 'y', 'd', 'e', 'r', 'a', 'b', 'a', 'd', 'o', 'n', 'l', 'i', 'n', 'e', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "hydra.zone", true */ 'h', 'y', 'd', 'r', 'a', '.', 'z', 'o', 'n', 'e', '\0', + /* "hydrasolutions.de", true */ 'h', 'y', 'd', 'r', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0', + /* "hydroagro.pl", true */ 'h', 'y', 'd', 'r', 'o', 'a', 'g', 'r', 'o', '.', 'p', 'l', '\0', + /* "hydrocloud.net", true */ 'h', 'y', 'd', 'r', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0', + /* "hydronyx.me", true */ 'h', 'y', 'd', 'r', 'o', 'n', 'y', 'x', '.', 'm', 'e', '\0', + /* "hydroturbine.info", true */ 'h', 'y', 'd', 'r', 'o', 't', 'u', 'r', 'b', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "hydrozone.fr", true */ 'h', 'y', 'd', 'r', 'o', 'z', 'o', 'n', 'e', '.', 'f', 'r', '\0', + /* "hyeok.org", true */ 'h', 'y', 'e', 'o', 'k', '.', 'o', 'r', 'g', '\0', + /* "hygo.com", true */ 'h', 'y', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "hyk.me", true */ 'h', 'y', 'k', '.', 'm', 'e', '\0', + /* "hylians.com", true */ 'h', 'y', 'l', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "hymerscollege.co.uk", true */ 'h', 'y', 'm', 'e', 'r', 's', 'c', 'o', 'l', 'l', 'e', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "hynek.me", true */ 'h', 'y', 'n', 'e', 'k', '.', 'm', 'e', '\0', + /* "hype.ru", true */ 'h', 'y', 'p', 'e', '.', 'r', 'u', '\0', + /* "hypemgmt.com", true */ 'h', 'y', 'p', 'e', 'm', 'g', 'm', 't', '.', 'c', 'o', 'm', '\0', + /* "hyper-matrix.org", true */ 'h', 'y', 'p', 'e', 'r', '-', 'm', 'a', 't', 'r', 'i', 'x', '.', 'o', 'r', 'g', '\0', + /* "hyper-text.org", true */ 'h', 'y', 'p', 'e', 'r', '-', 't', 'e', 'x', 't', '.', 'o', 'r', 'g', '\0', + /* "hyperalgesia.com", true */ 'h', 'y', 'p', 'e', 'r', 'a', 'l', 'g', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "hyperbolic-mayonnaise-interceptor.ovh", true */ 'h', 'y', 'p', 'e', 'r', 'b', 'o', 'l', 'i', 'c', '-', 'm', 'a', 'y', 'o', 'n', 'n', 'a', 'i', 's', 'e', '-', 'i', 'n', 't', 'e', 'r', 'c', 'e', 'p', 't', 'o', 'r', '.', 'o', 'v', 'h', '\0', + /* "hyperion.io", true */ 'h', 'y', 'p', 'e', 'r', 'i', 'o', 'n', '.', 'i', 'o', '\0', + /* "hyperreal.biz", true */ 'h', 'y', 'p', 'e', 'r', 'r', 'e', 'a', 'l', '.', 'b', 'i', 'z', '\0', + /* "hyperreal.info", true */ 'h', 'y', 'p', 'e', 'r', 'r', 'e', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "hypersomnia.com", true */ 'h', 'y', 'p', 'e', 'r', 's', 'o', 'm', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "hyperthymia.com", true */ 'h', 'y', 'p', 'e', 'r', 't', 'h', 'y', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "hyphen.co.za", true */ 'h', 'y', 'p', 'h', 'e', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "hyphenpda.co.za", true */ 'h', 'y', 'p', 'h', 'e', 'n', 'p', 'd', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "hypotecnicentrum.cz", true */ 'h', 'y', 'p', 'o', 't', 'e', 'c', 'n', 'i', 'c', 'e', 'n', 't', 'r', 'u', 'm', '.', 'c', 'z', '\0', + /* "hypothecairelening.net", true */ 'h', 'y', 'p', 'o', 't', 'h', 'e', 'c', 'a', 'i', 'r', 'e', 'l', 'e', 'n', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "hypotheekbond.nl", true */ 'h', 'y', 'p', 'o', 't', 'h', 'e', 'e', 'k', 'b', 'o', 'n', 'd', '.', 'n', 'l', '\0', + /* "hypothes.is", true */ 'h', 'y', 'p', 'o', 't', 'h', 'e', 's', '.', 'i', 's', '\0', + /* "hypothyroidmom.com", true */ 'h', 'y', 'p', 'o', 't', 'h', 'y', 'r', 'o', 'i', 'd', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "hyvinvointineuvoja.fi", true */ 'h', 'y', 'v', 'i', 'n', 'v', 'o', 'i', 'n', 't', 'i', 'n', 'e', 'u', 'v', 'o', 'j', 'a', '.', 'f', 'i', '\0', + /* "i--b.com", true */ 'i', '-', '-', 'b', '.', 'c', 'o', 'm', '\0', + /* "i-geld.de", true */ 'i', '-', 'g', 'e', 'l', 'd', '.', 'd', 'e', '\0', + /* "i-hakul.net", true */ 'i', '-', 'h', 'a', 'k', 'u', 'l', '.', 'n', 'e', 't', '\0', + /* "i-meto.com", true */ 'i', '-', 'm', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "i-proswiss.com", true */ 'i', '-', 'p', 'r', 'o', 's', 'w', 'i', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "i-red.info", true */ 'i', '-', 'r', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "i-stats.net", true */ 'i', '-', 's', 't', 'a', 't', 's', '.', 'n', 'e', 't', '\0', + /* "i-stuff.site", true */ 'i', '-', 's', 't', 'u', 'f', 'f', '.', 's', 'i', 't', 'e', '\0', + /* "i-verbi.it", true */ 'i', '-', 'v', 'e', 'r', 'b', 'i', '.', 'i', 't', '\0', + /* "i1314.gdn", true */ 'i', '1', '3', '1', '4', '.', 'g', 'd', 'n', '\0', + /* "i1place.com", true */ 'i', '1', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "i28s.com", true */ 'i', '2', '8', 's', '.', 'c', 'o', 'm', '\0', + /* "i496.eu", true */ 'i', '4', '9', '6', '.', 'e', 'u', '\0', + /* "i4m1k0su.com", true */ 'i', '4', 'm', '1', 'k', '0', 's', 'u', '.', 'c', 'o', 'm', '\0', + /* "i5y.co.uk", true */ 'i', '5', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "i879.com", true */ 'i', '8', '7', '9', '.', 'c', 'o', 'm', '\0', + /* "i95.me", false */ 'i', '9', '5', '.', 'm', 'e', '\0', + /* "iaco.li", true */ 'i', 'a', 'c', 'o', '.', 'l', 'i', '\0', + /* "iactu.info", true */ 'i', 'a', 'c', 't', 'u', '.', 'i', 'n', 'f', 'o', '\0', + /* "iaeste.no", true */ 'i', 'a', 'e', 's', 't', 'e', '.', 'n', 'o', '\0', + /* "iaeste.or.jp", true */ 'i', 'a', 'e', 's', 't', 'e', '.', 'o', 'r', '.', 'j', 'p', '\0', + /* "iainsimms.me", true */ 'i', 'a', 'i', 'n', 's', 'i', 'm', 'm', 's', '.', 'm', 'e', '\0', + /* "ialis.me", true */ 'i', 'a', 'l', 'i', 's', '.', 'm', 'e', '\0', + /* "iamcarrico.com", true */ 'i', 'a', 'm', 'c', 'a', 'r', 'r', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "iamsoareyou.se", true */ 'i', 'a', 'm', 's', 'o', 'a', 'r', 'e', 'y', 'o', 'u', '.', 's', 'e', '\0', + /* "iamtheib.me", true */ 'i', 'a', 'm', 't', 'h', 'e', 'i', 'b', '.', 'm', 'e', '\0', + /* "iamusingtheinter.net", true */ 'i', 'a', 'm', 'u', 's', 'i', 'n', 'g', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "iamwoodbeard.com", true */ 'i', 'a', 'm', 'w', 'o', 'o', 'd', 'b', 'e', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "ian.sh", true */ 'i', 'a', 'n', '.', 's', 'h', '\0', + /* "iandouglasscott.com", true */ 'i', 'a', 'n', 'd', 'o', 'u', 'g', 'l', 'a', 's', 's', 'c', 'o', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "ianix.com", true */ 'i', 'a', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "iavian.com", true */ 'i', 'a', 'v', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "ib-wedler.de", false */ 'i', 'b', '-', 'w', 'e', 'd', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "iba.community", true */ 'i', 'b', 'a', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0', + /* "ibacktraced.it", true */ 'i', 'b', 'a', 'c', 'k', 't', 'r', 'a', 'c', 'e', 'd', '.', 'i', 't', '\0', + /* "ibcmed.org", true */ 'i', 'b', 'c', 'm', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "iberiaversicherungen.com", true */ 'i', 'b', 'e', 'r', 'i', 'a', 'v', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', 'u', 'n', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "ibexcore.com", true */ 'i', 'b', 'e', 'x', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "ibin.co", true */ 'i', 'b', 'i', 'n', '.', 'c', 'o', '\0', + /* "ibiz.mk", true */ 'i', 'b', 'i', 'z', '.', 'm', 'k', '\0', + /* "ibizatopcharter.com", true */ 'i', 'b', 'i', 'z', 'a', 't', 'o', 'p', 'c', 'h', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ibnw.de", true */ 'i', 'b', 'n', 'w', '.', 'd', 'e', '\0', + /* "ibox.ovh", true */ 'i', 'b', 'o', 'x', '.', 'o', 'v', 'h', '\0', + /* "ibps.blog", true */ 'i', 'b', 'p', 's', '.', 'b', 'l', 'o', 'g', '\0', + /* "ibpsrecruitment.co.in", true */ 'i', 'b', 'p', 's', 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'i', 'n', '\0', + /* "ibrainmedicine.org", true */ 'i', 'b', 'r', 'a', 'i', 'n', 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "ibrom.eu", true */ 'i', 'b', 'r', 'o', 'm', '.', 'e', 'u', '\0', + /* "ibron.co", false */ 'i', 'b', 'r', 'o', 'n', '.', 'c', 'o', '\0', + /* "ibsafrica.co.za", true */ 'i', 'b', 's', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "ibsglobal.co.za", true */ 'i', 'b', 's', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "ibwc.gov", true */ 'i', 'b', 'w', 'c', '.', 'g', 'o', 'v', '\0', + /* "ic-lighting.com.au", true */ 'i', 'c', '-', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "ic3.gov", true */ 'i', 'c', '3', '.', 'g', 'o', 'v', '\0', + /* "icafecash.com", true */ 'i', 'c', 'a', 'f', 'e', 'c', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "icanhasht.ml", true */ 'i', 'c', 'a', 'n', 'h', 'a', 's', 'h', 't', '.', 'm', 'l', '\0', + /* "icarlos.net", true */ 'i', 'c', 'a', 'r', 'l', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "icasnetwork.com", true */ 'i', 'c', 'a', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "icbemp.gov", true */ 'i', 'c', 'b', 'e', 'm', 'p', '.', 'g', 'o', 'v', '\0', + /* "iccpublisher.com", true */ 'i', 'c', 'c', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "icebat.dyndns.org", true */ 'i', 'c', 'e', 'b', 'a', 't', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "iceberg.academy", true */ 'i', 'c', 'e', 'b', 'e', 'r', 'g', '.', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '\0', + /* "icebound.win", true */ 'i', 'c', 'e', 'b', 'o', 'u', 'n', 'd', '.', 'w', 'i', 'n', '\0', + /* "icecars.net", true */ 'i', 'c', 'e', 'c', 'a', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "ich-tanke.de", true */ 'i', 'c', 'h', '-', 't', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0', + /* "ichasco.com", true */ 'i', 'c', 'h', 'a', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "ichbinkeinreh.de", true */ 'i', 'c', 'h', 'b', 'i', 'n', 'k', 'e', 'i', 'n', 'r', 'e', 'h', '.', 'd', 'e', '\0', + /* "ichmachdas.net", true */ 'i', 'c', 'h', 'm', 'a', 'c', 'h', 'd', 'a', 's', '.', 'n', 'e', 't', '\0', + /* "ichronos.net", true */ 'i', 'c', 'h', 'r', 'o', 'n', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "iclinic.ua", true */ 'i', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'u', 'a', '\0', + /* "icmhd.ch", true */ 'i', 'c', 'm', 'h', 'd', '.', 'c', 'h', '\0', + /* "icmp2018.org", true */ 'i', 'c', 'm', 'p', '2', '0', '1', '8', '.', 'o', 'r', 'g', '\0', + /* "icodeconnect.com", true */ 'i', 'c', 'o', 'd', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "icondoom.nl", true */ 'i', 'c', 'o', 'n', 'd', 'o', 'o', 'm', '.', 'n', 'l', '\0', + /* "iconomi.net", true */ 'i', 'c', 'o', 'n', 'o', 'm', 'i', '.', 'n', 'e', 't', '\0', + /* "icpc.pp.ua", true */ 'i', 'c', 'p', 'c', '.', 'p', 'p', '.', 'u', 'a', '\0', + /* "icpc2016.in.th", true */ 'i', 'c', 'p', 'c', '2', '0', '1', '6', '.', 'i', 'n', '.', 't', 'h', '\0', + /* "icq-project.net", true */ 'i', 'c', 'q', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'n', 'e', 't', '\0', + /* "icsadviseurs.nl", true */ 'i', 'c', 's', 'a', 'd', 'v', 'i', 's', 'e', 'u', 'r', 's', '.', 'n', 'l', '\0', + /* "icsfinomornasco.gov.it", true */ 'i', 'c', 's', 'f', 'i', 'n', 'o', 'm', 'o', 'r', 'n', 'a', 's', 'c', 'o', '.', 'g', 'o', 'v', '.', 'i', 't', '\0', + /* "icsfinomornasco.it", true */ 'i', 'c', 's', 'f', 'i', 'n', 'o', 'm', 'o', 'r', 'n', 'a', 's', 'c', 'o', '.', 'i', 't', '\0', + /* "ict-concept.nl", false */ 'i', 'c', 't', '-', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'n', 'l', '\0', + /* "ict-crew.nl", true */ 'i', 'c', 't', '-', 'c', 'r', 'e', 'w', '.', 'n', 'l', '\0', + /* "ict-radar.com", true */ 'i', 'c', 't', '-', 'r', 'a', 'd', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "ict-radar.nl", true */ 'i', 'c', 't', '-', 'r', 'a', 'd', 'a', 'r', '.', 'n', 'l', '\0', + /* "ictcareer.ch", true */ 'i', 'c', 't', 'c', 'a', 'r', 'e', 'e', 'r', '.', 'c', 'h', '\0', + /* "ictinforensics.org", true */ 'i', 'c', 't', 'i', 'n', 'f', 'o', 'r', 'e', 'n', 's', 'i', 'c', 's', '.', 'o', 'r', 'g', '\0', + /* "ictl.eu", true */ 'i', 'c', 't', 'l', '.', 'e', 'u', '\0', + /* "ictradar.com", true */ 'i', 'c', 't', 'r', 'a', 'd', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "icyapril.com", true */ 'i', 'c', 'y', 'a', 'p', 'r', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "icymint.me", true */ 'i', 'c', 'y', 'm', 'i', 'n', 't', '.', 'm', 'e', '\0', + /* "icys2017.com", true */ 'i', 'c', 'y', 's', '2', '0', '1', '7', '.', 'c', 'o', 'm', '\0', + /* "iczc.cz", true */ 'i', 'c', 'z', 'c', '.', 'c', 'z', '\0', + /* "id-blog.ch", true */ 'i', 'd', '-', 'b', 'l', 'o', 'g', '.', 'c', 'h', '\0', + /* "id.atlassian.com", true */ 'i', 'd', '.', 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "id.mayfirst.org", false */ 'i', 'd', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "id.search.yahoo.com", false */ 'i', 'd', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "id0-rsa.pub", true */ 'i', 'd', '0', '-', 'r', 's', 'a', '.', 'p', 'u', 'b', '\0', + /* "id7.fr", true */ 'i', 'd', '7', '.', 'f', 'r', '\0', + /* "idaeus.eu", true */ 'i', 'd', 'a', 'e', 'u', 's', '.', 'e', 'u', '\0', + /* "idahoansforliberty.net", true */ 'i', 'd', 'a', 'h', 'o', 'a', 'n', 's', 'f', 'o', 'r', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'n', 'e', 't', '\0', + /* "idaspis.com", true */ 'i', 'd', 'a', 's', 'p', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "idatha.de", true */ 'i', 'd', 'a', 't', 'h', 'a', '.', 'd', 'e', '\0', + /* "idc-business.be", true */ 'i', 'd', 'c', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'b', 'e', '\0', + /* "idconsult.nl", true */ 'i', 'd', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'n', 'l', '\0', + /* "iddconnect.com", true */ 'i', 'd', 'd', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "iddconnect.org", true */ 'i', 'd', 'd', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "idealinflatablehire.co.uk", true */ 'i', 'd', 'e', 'a', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "idealtruss.com", true */ 'i', 'd', 'e', 'a', 'l', 't', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "idealtruss.com.tw", true */ 'i', 'd', 'e', 'a', 'l', 't', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "idealwhite.space", true */ 'i', 'd', 'e', 'a', 'l', 'w', 'h', 'i', 't', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "ideashop.com", true */ 'i', 'd', 'e', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "ideaweb.de", true */ 'i', 'd', 'e', 'a', 'w', 'e', 'b', '.', 'd', 'e', '\0', + /* "ideaweblab.com", false */ 'i', 'd', 'e', 'a', 'w', 'e', 'b', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "idensys.nl", true */ 'i', 'd', 'e', 'n', 's', 'y', 's', '.', 'n', 'l', '\0', + /* "identifyme.net", true */ 'i', 'd', 'e', 'n', 't', 'i', 'f', 'y', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "identity-hash.online", true */ 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', '-', 'h', 'a', 's', 'h', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "identitytheft.gov", true */ 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', 't', 'h', 'e', 'f', 't', '.', 'g', 'o', 'v', '\0', + /* "idexxpublicationportal.com", true */ 'i', 'd', 'e', 'x', 'x', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "idgard.de", true */ 'i', 'd', 'g', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "idgateway.co.uk", true */ 'i', 'd', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "idhosts.co.id", true */ 'i', 'd', 'h', 'o', 's', 't', 's', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "idid.tk", true */ 'i', 'd', 'i', 'd', '.', 't', 'k', '\0', + /* "idiopolis.org", true */ 'i', 'd', 'i', 'o', 'p', 'o', 'l', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "idiotentruppe.de", true */ 'i', 'd', 'i', 'o', 't', 'e', 'n', 't', 'r', 'u', 'p', 'p', 'e', '.', 'd', 'e', '\0', + /* "idmanagement.gov", true */ 'i', 'd', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'g', 'o', 'v', '\0', + /* "idmobile.co.uk", true */ 'i', 'd', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "idndx.com", true */ 'i', 'd', 'n', 'd', 'x', '.', 'c', 'o', 'm', '\0', + /* "idoc24.com", true */ 'i', 'd', 'o', 'c', '2', '4', '.', 'c', 'o', 'm', '\0', + /* "idolf.dk", true */ 'i', 'd', 'o', 'l', 'f', '.', 'd', 'k', '\0', + /* "idolish7.fun", true */ 'i', 'd', 'o', 'l', 'i', 's', 'h', '7', '.', 'f', 'u', 'n', '\0', + /* "idolshop.dk", true */ 'i', 'd', 'o', 'l', 's', 'h', 'o', 'p', '.', 'd', 'k', '\0', + /* "idontplaydarts.com", true */ 'i', 'd', 'o', 'n', 't', 'p', 'l', 'a', 'y', 'd', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "idranktoomuch.coffee", true */ 'i', 'd', 'r', 'a', 'n', 'k', 't', 'o', 'o', 'm', 'u', 'c', 'h', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "idraulico.roma.it", true */ 'i', 'd', 'r', 'a', 'u', 'l', 'i', 'c', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "idrinktoomuch.coffee", true */ 'i', 'd', 'r', 'i', 'n', 'k', 't', 'o', 'o', 'm', 'u', 'c', 'h', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "idrycleaningi.com", true */ 'i', 'd', 'r', 'y', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', 'i', '.', 'c', 'o', 'm', '\0', + /* "idsafe.co.za", true */ 'i', 'd', 's', 'a', 'f', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "idsoccer.com", true */ 'i', 'd', 's', 'o', 'c', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "idtheft.gov", true */ 'i', 'd', 't', 'h', 'e', 'f', 't', '.', 'g', 'o', 'v', '\0', + /* "idubaj.cz", true */ 'i', 'd', 'u', 'b', 'a', 'j', '.', 'c', 'z', '\0', + /* "idunno.org", true */ 'i', 'd', 'u', 'n', 'n', 'o', '.', 'o', 'r', 'g', '\0', + /* "idvl.de", true */ 'i', 'd', 'v', 'l', '.', 'd', 'e', '\0', + /* "ie.search.yahoo.com", false */ 'i', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "iea-annex61.org", true */ 'i', 'e', 'a', '-', 'a', 'n', 'n', 'e', 'x', '6', '1', '.', 'o', 'r', 'g', '\0', + /* "iec.pe", true */ 'i', 'e', 'c', '.', 'p', 'e', '\0', + /* "ieeesb.nl", true */ 'i', 'e', 'e', 'e', 's', 'b', '.', 'n', 'l', '\0', + /* "ieeesbe.nl", true */ 'i', 'e', 'e', 'e', 's', 'b', 'e', '.', 'n', 'l', '\0', + /* "ieeespmb.org", true */ 'i', 'e', 'e', 'e', 's', 'p', 'm', 'b', '.', 'o', 'r', 'g', '\0', + /* "ieji.de", false */ 'i', 'e', 'j', 'i', '.', 'd', 'e', '\0', + /* "iemas.azurewebsites.net", true */ 'i', 'e', 'm', 'a', 's', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "ienakanote.com", false */ 'i', 'e', 'n', 'a', 'k', 'a', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "ieval.ro", true */ 'i', 'e', 'v', 'a', 'l', '.', 'r', 'o', '\0', + /* "iewar.com", true */ 'i', 'e', 'w', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "iexpert9.com", true */ 'i', 'e', 'x', 'p', 'e', 'r', 't', '9', '.', 'c', 'o', 'm', '\0', + /* "ifamily.top", false */ 'i', 'f', 'a', 'm', 'i', 'l', 'y', '.', 't', 'o', 'p', '\0', + /* "ifan.ch", true */ 'i', 'f', 'a', 'n', '.', 'c', 'h', '\0', + /* "ifasec.de", false */ 'i', 'f', 'a', 's', 'e', 'c', '.', 'd', 'e', '\0', + /* "ifcfg.me", true */ 'i', 'f', 'c', 'f', 'g', '.', 'm', 'e', '\0', + /* "ifconfig.co", true */ 'i', 'f', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'c', 'o', '\0', + /* "ifelse.io", true */ 'i', 'f', 'e', 'l', 's', 'e', '.', 'i', 'o', '\0', + /* "ifengge.cn", true */ 'i', 'f', 'e', 'n', 'g', 'g', 'e', '.', 'c', 'n', '\0', + /* "ifightsurveillance.com", true */ 'i', 'f', 'i', 'g', 'h', 't', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "ifightsurveillance.net", true */ 'i', 'f', 'i', 'g', 'h', 't', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "ifightsurveillance.org", true */ 'i', 'f', 'i', 'g', 'h', 't', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "ifixe.ch", true */ 'i', 'f', 'i', 'x', 'e', '.', 'c', 'h', '\0', + /* "iflare.de", true */ 'i', 'f', 'l', 'a', 'r', 'e', '.', 'd', 'e', '\0', + /* "iformbuilder.com", false */ 'i', 'f', 'o', 'r', 'm', 'b', 'u', 'i', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ifort.fr", true */ 'i', 'f', 'o', 'r', 't', '.', 'f', 'r', '\0', + /* "ifosep.fr", true */ 'i', 'f', 'o', 's', 'e', 'p', '.', 'f', 'r', '\0', + /* "ifsac.org", true */ 'i', 'f', 's', 'a', 'c', '.', 'o', 'r', 'g', '\0', + /* "ifsclist.com", true */ 'i', 'f', 's', 'c', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "ifsr.de", true */ 'i', 'f', 's', 'r', '.', 'd', 'e', '\0', + /* "iftrue.de", true */ 'i', 'f', 't', 'r', 'u', 'e', '.', 'd', 'e', '\0', + /* "ifxor.com", true */ 'i', 'f', 'x', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "ifyou.live", true */ 'i', 'f', 'y', 'o', 'u', '.', 'l', 'i', 'v', 'e', '\0', + /* "iga-semi.jp", true */ 'i', 'g', 'a', '-', 's', 'e', 'm', 'i', '.', 'j', 'p', '\0', + /* "igamingforums.com", true */ 'i', 'g', 'a', 'm', 'i', 'n', 'g', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "igd.chat", true */ 'i', 'g', 'd', '.', 'c', 'h', 'a', 't', '\0', + /* "igglabs.com", true */ 'i', 'g', 'g', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "iggprivate.com", true */ 'i', 'g', 'g', 'p', 'r', 'i', 'v', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "iggsoft.com", true */ 'i', 'g', 'g', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "iggsoftware.com", true */ 'i', 'g', 'g', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "igiftcards.de", true */ 'i', 'g', 'i', 'f', 't', 'c', 'a', 'r', 'd', 's', '.', 'd', 'e', '\0', + /* "igimusic.com", true */ 'i', 'g', 'i', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "igk.nz", true */ 'i', 'g', 'k', '.', 'n', 'z', '\0', + /* "igm-be.ch", true */ 'i', 'g', 'm', '-', 'b', 'e', '.', 'c', 'h', '\0', + /* "igmus.org", true */ 'i', 'g', 'm', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "ignace72.eu", true */ 'i', 'g', 'n', 'a', 'c', 'e', '7', '2', '.', 'e', 'u', '\0', + /* "ignat.by", true */ 'i', 'g', 'n', 'a', 't', '.', 'b', 'y', '\0', + /* "ignatovich.by", true */ 'i', 'g', 'n', 'a', 't', 'o', 'v', 'i', 'c', 'h', '.', 'b', 'y', '\0', + /* "ignatovich.me", true */ 'i', 'g', 'n', 'a', 't', 'o', 'v', 'i', 'c', 'h', '.', 'm', 'e', '\0', + /* "ignet.gov", true */ 'i', 'g', 'n', 'e', 't', '.', 'g', 'o', 'v', '\0', + /* "ignitedmindz.in", true */ 'i', 'g', 'n', 'i', 't', 'e', 'd', 'm', 'i', 'n', 'd', 'z', '.', 'i', 'n', '\0', + /* "igorw.org", true */ 'i', 'g', 'o', 'r', 'w', '.', 'o', 'r', 'g', '\0', + /* "igotoffer.com", false */ 'i', 'g', 'o', 't', 'o', 'f', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "igrivi.com", true */ 'i', 'g', 'r', 'i', 'v', 'i', '.', 'c', 'o', 'm', '\0', + /* "igsmgmt.com", true */ 'i', 'g', 's', 'm', 'g', 'm', 't', '.', 'c', 'o', 'm', '\0', + /* "iguana.com.ec", false */ 'i', 'g', 'u', 'a', 'n', 'a', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0', + /* "ih8sn0w.com", true */ 'i', 'h', '8', 's', 'n', '0', 'w', '.', 'c', 'o', 'm', '\0', + /* "ihacklabs.com", true */ 'i', 'h', 'a', 'c', 'k', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "ihatethissh.it", true */ 'i', 'h', 'a', 't', 'e', 't', 'h', 'i', 's', 's', 'h', '.', 'i', 't', '\0', + /* "ihc.im", true */ 'i', 'h', 'c', '.', 'i', 'm', '\0', + /* "ihkk.net", true */ 'i', 'h', 'k', 'k', '.', 'n', 'e', 't', '\0', + /* "ihollaback.org", true */ 'i', 'h', 'o', 'l', 'l', 'a', 'b', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "ihopeit.works", true */ 'i', 'h', 'o', 'p', 'e', 'i', 't', '.', 'w', 'o', 'r', 'k', 's', '\0', + /* "ihostup.net", true */ 'i', 'h', 'o', 's', 't', 'u', 'p', '.', 'n', 'e', 't', '\0', + /* "ihrhost.com", true */ 'i', 'h', 'r', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "iideaz.org", true */ 'i', 'i', 'd', 'e', 'a', 'z', '.', 'o', 'r', 'g', '\0', + /* "iilin.com", false */ 'i', 'i', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "iiong.com", false */ 'i', 'i', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "iirii.com", true */ 'i', 'i', 'r', 'i', 'i', '.', 'c', 'o', 'm', '\0', + /* "iix.se", true */ 'i', 'i', 'x', '.', 's', 'e', '\0', + /* "ijohan.nl", true */ 'i', 'j', 'o', 'h', 'a', 'n', '.', 'n', 'l', '\0', + /* "ijsclubtilburg.nl", true */ 'i', 'j', 's', 'c', 'l', 'u', 'b', 't', 'i', 'l', 'b', 'u', 'r', 'g', '.', 'n', 'l', '\0', + /* "ijunohana.jp", true */ 'i', 'j', 'u', 'n', 'o', 'h', 'a', 'n', 'a', '.', 'j', 'p', '\0', + /* "ik-life.com", true */ 'i', 'k', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "ikachalife.com", true */ 'i', 'k', 'a', 'c', 'h', 'a', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "ikarate.ru", true */ 'i', 'k', 'a', 'r', 'a', 't', 'e', '.', 'r', 'u', '\0', + /* "ike.io", true */ 'i', 'k', 'e', '.', 'i', 'o', '\0', + /* "ikeacareers.co.uk", true */ 'i', 'k', 'e', 'a', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ikeyless.com", true */ 'i', 'k', 'e', 'y', 'l', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "ikiler.com", true */ 'i', 'k', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ikinokori-marketing.com", true */ 'i', 'k', 'i', 'n', 'o', 'k', 'o', 'r', 'i', '-', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "ikk.me", true */ 'i', 'k', 'k', '.', 'm', 'e', '\0', + /* "ikkatsu-satei.jp", true */ 'i', 'k', 'k', 'a', 't', 's', 'u', '-', 's', 'a', 't', 'e', 'i', '.', 'j', 'p', '\0', + /* "ikkoku.de", true */ 'i', 'k', 'k', 'o', 'k', 'u', '.', 'd', 'e', '\0', + /* "iklive.org", false */ 'i', 'k', 'l', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "ikulist.me", true */ 'i', 'k', 'u', 'l', 'i', 's', 't', '.', 'm', 'e', '\0', + /* "ikvts.de", true */ 'i', 'k', 'v', 't', 's', '.', 'd', 'e', '\0', + /* "ikwilthepiratebay.org", true */ 'i', 'k', 'w', 'i', 'l', 't', 'h', 'e', 'p', 'i', 'r', 'a', 't', 'e', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "ila.fi", true */ 'i', 'l', 'a', '.', 'f', 'i', '\0', + /* "ilamparas.at", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'a', 't', '\0', + /* "ilamparas.co.uk", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ilamparas.com", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "ilamparas.com.co", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0', + /* "ilamparas.com.ve", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0', + /* "ilamparas.mx", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'm', 'x', '\0', + /* "ilard.fr", true */ 'i', 'l', 'a', 'r', 'd', '.', 'f', 'r', '\0', + /* "ilazycat.com", true */ 'i', 'l', 'a', 'z', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "ildomani.it", true */ 'i', 'l', 'd', 'o', 'm', 'a', 'n', 'i', '.', 'i', 't', '\0', + /* "ile-kalorii.pl", true */ 'i', 'l', 'e', '-', 'k', 'a', 'l', 'o', 'r', 'i', 'i', '.', 'p', 'l', '\0', + /* "ile-sapporo.jp", true */ 'i', 'l', 'e', '-', 's', 'a', 'p', 'p', 'o', 'r', 'o', '.', 'j', 'p', '\0', + /* "ilektronika-farmakeia-online.gr", true */ 'i', 'l', 'e', 'k', 't', 'r', 'o', 'n', 'i', 'k', 'a', '-', 'f', 'a', 'r', 'm', 'a', 'k', 'e', 'i', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'r', '\0', + /* "ilhan.name", true */ 'i', 'l', 'h', 'a', 'n', '.', 'n', 'a', 'm', 'e', '\0', + /* "iligang.cn", true */ 'i', 'l', 'i', 'g', 'a', 'n', 'g', '.', 'c', 'n', '\0', + /* "illambias.ch", true */ 'i', 'l', 'l', 'a', 'm', 'b', 'i', 'a', 's', '.', 'c', 'h', '\0', + /* "illich.cz", true */ 'i', 'l', 'l', 'i', 'c', 'h', '.', 'c', 'z', '\0', + /* "illicitart.ca", true */ 'i', 'l', 'l', 'i', 'c', 'i', 't', 'a', 'r', 't', '.', 'c', 'a', '\0', + /* "illjinx.info", true */ 'i', 'l', 'l', 'j', 'i', 'n', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "illorenese.fr", true */ 'i', 'l', 'l', 'o', 'r', 'e', 'n', 'e', 's', 'e', '.', 'f', 'r', '\0', + /* "illsley.org", true */ 'i', 'l', 'l', 's', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0', + /* "illuminationis.com", true */ 'i', 'l', 'l', 'u', 'm', 'i', 'n', 'a', 't', 'i', 'o', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "illusionephemere.com", true */ 'i', 'l', 'l', 'u', 's', 'i', 'o', 'n', 'e', 'p', 'h', 'e', 'm', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "illuxat.com", true */ 'i', 'l', 'l', 'u', 'x', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "ilmataat.ee", true */ 'i', 'l', 'm', 'a', 't', 'a', 'a', 't', '.', 'e', 'e', '\0', + /* "ilmiobusinessonline.it", true */ 'i', 'l', 'm', 'i', 'o', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'i', 't', '\0', + /* "ilmuk.org", true */ 'i', 'l', 'm', 'u', 'k', '.', 'o', 'r', 'g', '\0', + /* "ilrg.com", true */ 'i', 'l', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "iltec-prom.ru", true */ 'i', 'l', 't', 'e', 'c', '-', 'p', 'r', 'o', 'm', '.', 'r', 'u', '\0', + /* "iltec.ru", true */ 'i', 'l', 't', 'e', 'c', '.', 'r', 'u', '\0', + /* "iltisim.ch", true */ 'i', 'l', 't', 'i', 's', 'i', 'm', '.', 'c', 'h', '\0', + /* "ilweb.es", true */ 'i', 'l', 'w', 'e', 'b', '.', 'e', 's', '\0', + /* "ilya.pp.ua", true */ 'i', 'l', 'y', 'a', '.', 'p', 'p', '.', 'u', 'a', '\0', + /* "im-c-shop.com", true */ 'i', 'm', '-', 'c', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "im-design.com.ua", true */ 'i', 'm', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "im2net.com", true */ 'i', 'm', '2', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "im66.net", false */ 'i', 'm', '6', '6', '.', 'n', 'e', 't', '\0', + /* "ima-tourcoing.fr", true */ 'i', 'm', 'a', '-', 't', 'o', 'u', 'r', 'c', 'o', 'i', 'n', 'g', '.', 'f', 'r', '\0', + /* "imacs.org", true */ 'i', 'm', 'a', 'c', 's', '.', 'o', 'r', 'g', '\0', + /* "imadalin.ro", true */ 'i', 'm', 'a', 'd', 'a', 'l', 'i', 'n', '.', 'r', 'o', '\0', + /* "image-drive.de", true */ 'i', 'm', 'a', 'g', 'e', '-', 'd', 'r', 'i', 'v', 'e', '.', 'd', 'e', '\0', + /* "image.tf", true */ 'i', 'm', 'a', 'g', 'e', '.', 't', 'f', '\0', + /* "imagebin.ca", true */ 'i', 'm', 'a', 'g', 'e', 'b', 'i', 'n', '.', 'c', 'a', '\0', + /* "imagefu.com", true */ 'i', 'm', 'a', 'g', 'e', 'f', 'u', '.', 'c', 'o', 'm', '\0', + /* "imageination.co", true */ 'i', 'm', 'a', 'g', 'e', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '\0', + /* "imagerive.ch", true */ 'i', 'm', 'a', 'g', 'e', 'r', 'i', 'v', 'e', '.', 'c', 'h', '\0', + /* "imagescostumes.com", true */ 'i', 'm', 'a', 'g', 'e', 's', 'c', 'o', 's', 't', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "imaginair.es", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'a', 'i', 'r', '.', 'e', 's', '\0', + /* "imaginary.ca", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'a', 'r', 'y', '.', 'c', 'a', '\0', + /* "imaginarymakings.me", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'a', 'r', 'y', 'm', 'a', 'k', 'i', 'n', 'g', 's', '.', 'm', 'e', '\0', + /* "imagine-programming.com", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'e', '-', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "imaginetricks.com", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'e', 't', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "imagr.io", true */ 'i', 'm', 'a', 'g', 'r', '.', 'i', 'o', '\0', + /* "imanageproducts.uk", true */ 'i', 'm', 'a', 'n', 'a', 'g', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', '.', 'u', 'k', '\0', + /* "imanesdeviaje.com", true */ 'i', 'm', 'a', 'n', 'e', 's', 'd', 'e', 'v', 'i', 'a', 'j', 'e', '.', 'c', 'o', 'm', '\0', + /* "imanhearts.com", true */ 'i', 'm', 'a', 'n', 'h', 'e', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "imanolbarba.net", true */ 'i', 'm', 'a', 'n', 'o', 'l', 'b', 'a', 'r', 'b', 'a', '.', 'n', 'e', 't', '\0', + /* "imanudin.net", true */ 'i', 'm', 'a', 'n', 'u', 'd', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "imarkethost.co.uk", true */ 'i', 'm', 'a', 'r', 'k', 'e', 't', 'h', 'o', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "imawhale.com", true */ 'i', 'm', 'a', 'w', 'h', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "imbianchino.roma.it", true */ 'i', 'm', 'b', 'i', 'a', 'n', 'c', 'h', 'i', 'n', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "imbrian.org", true */ 'i', 'm', 'b', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "imbushuo.net", true */ 'i', 'm', 'b', 'u', 's', 'h', 'u', 'o', '.', 'n', 'e', 't', '\0', + /* "imcsx.co", true */ 'i', 'm', 'c', 's', 'x', '.', 'c', 'o', '\0', + /* "imedi.co.uk", true */ 'i', 'm', 'e', 'd', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "imedi.it", true */ 'i', 'm', 'e', 'd', 'i', '.', 'i', 't', '\0', + /* "imedikament.de", true */ 'i', 'm', 'e', 'd', 'i', 'k', 'a', 'm', 'e', 'n', 't', '.', 'd', 'e', '\0', + /* "imeds.pl", true */ 'i', 'm', 'e', 'd', 's', '.', 'p', 'l', '\0', + /* "imefuniversitario.org", true */ 'i', 'm', 'e', 'f', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'a', 'r', 'i', 'o', '.', 'o', 'r', 'g', '\0', + /* "imex-dtp.com", true */ 'i', 'm', 'e', 'x', '-', 'd', 't', 'p', '.', 'c', 'o', 'm', '\0', + /* "imforza.com", true */ 'i', 'm', 'f', 'o', 'r', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "imga.ch", true */ 'i', 'm', 'g', 'a', '.', 'c', 'h', '\0', + /* "imgaa.com", true */ 'i', 'm', 'g', 'a', 'a', '.', 'c', 'o', 'm', '\0', + /* "imgg.es", true */ 'i', 'm', 'g', 'g', '.', 'e', 's', '\0', + /* "imgul.net", true */ 'i', 'm', 'g', 'u', 'l', '.', 'n', 'e', 't', '\0', + /* "imguoguo.com", true */ 'i', 'm', 'g', 'u', 'o', 'g', 'u', 'o', '.', 'c', 'o', 'm', '\0', + /* "imguploaden.nl", true */ 'i', 'm', 'g', 'u', 'p', 'l', 'o', 'a', 'd', 'e', 'n', '.', 'n', 'l', '\0', + /* "imi-rhapsody.eu", true */ 'i', 'm', 'i', '-', 'r', 'h', 'a', 'p', 's', 'o', 'd', 'y', '.', 'e', 'u', '\0', + /* "imirhil.fr", true */ 'i', 'm', 'i', 'r', 'h', 'i', 'l', '.', 'f', 'r', '\0', + /* "imitza.com", true */ 'i', 'm', 'i', 't', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "imjad.cn", true */ 'i', 'm', 'j', 'a', 'd', '.', 'c', 'n', '\0', + /* "imjustcreative.com", true */ 'i', 'm', 'j', 'u', 's', 't', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "imkerei-freilinger.de", true */ 'i', 'm', 'k', 'e', 'r', 'e', 'i', '-', 'f', 'r', 'e', 'i', 'l', 'i', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "imkerverein-moenchswald.de", true */ 'i', 'm', 'k', 'e', 'r', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'm', 'o', 'e', 'n', 'c', 'h', 's', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0', + /* "imlinan.com", true */ 'i', 'm', 'l', 'i', 'n', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "imlonghao.com", true */ 'i', 'm', 'l', 'o', 'n', 'g', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "immanuel60.hu", true */ 'i', 'm', 'm', 'a', 'n', 'u', 'e', 'l', '6', '0', '.', 'h', 'u', '\0', + /* "immersivewebportal.com", true */ 'i', 'm', 'm', 'e', 'r', 's', 'i', 'v', 'e', 'w', 'e', 'b', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "immigrationdirect.com.au", true */ 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "immo-passion.net", true */ 'i', 'm', 'm', 'o', '-', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "immo-vk.de", true */ 'i', 'm', 'm', 'o', '-', 'v', 'k', '.', 'd', 'e', '\0', + /* "immobilien-badlippspringe.de", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '-', 'b', 'a', 'd', 'l', 'i', 'p', 'p', 's', 'p', 'r', 'i', 'n', 'g', 'e', '.', 'd', 'e', '\0', + /* "immobilien-wallat.de", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '-', 'w', 'a', 'l', 'l', 'a', 't', '.', 'd', 'e', '\0', + /* "immobilier-nice.fr", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '-', 'n', 'i', 'c', 'e', '.', 'f', 'r', '\0', + /* "immobilier92.net", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '9', '2', '.', 'n', 'e', 't', '\0', + /* "immobiza.com", false */ 'i', 'm', 'm', 'o', 'b', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "immortal.run", true */ 'i', 'm', 'm', 'o', 'r', 't', 'a', 'l', '.', 'r', 'u', 'n', '\0', + /* "imokuri123.com", true */ 'i', 'm', 'o', 'k', 'u', 'r', 'i', '1', '2', '3', '.', 'c', 'o', 'm', '\0', + /* "imoner.com", true */ 'i', 'm', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "imoner.ga", true */ 'i', 'm', 'o', 'n', 'e', 'r', '.', 'g', 'a', '\0', + /* "imouyang.com", true */ 'i', 'm', 'o', 'u', 'y', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "impact.health.nz", true */ 'i', 'm', 'p', 'a', 'c', 't', '.', 'h', 'e', 'a', 'l', 't', 'h', '.', 'n', 'z', '\0', + /* "impacter.eu", true */ 'i', 'm', 'p', 'a', 'c', 't', 'e', 'r', '.', 'e', 'u', '\0', + /* "impactfestival.be", true */ 'i', 'm', 'p', 'a', 'c', 't', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'b', 'e', '\0', + /* "impactpub.ch", true */ 'i', 'm', 'p', 'a', 'c', 't', 'p', 'u', 'b', '.', 'c', 'h', '\0', + /* "impakho.com", true */ 'i', 'm', 'p', 'a', 'k', 'h', 'o', '.', 'c', 'o', 'm', '\0', + /* "impas.se", true */ 'i', 'm', 'p', 'a', 's', '.', 's', 'e', '\0', + /* "imperdin.com", true */ 'i', 'm', 'p', 'e', 'r', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "imperial-legrand.com", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'a', 'l', '-', 'l', 'e', 'g', 'r', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "imperialmiami.com", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'a', 'l', 'm', 'i', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "imperialonlinestore.com", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'a', 'l', 'o', 'n', 'l', 'i', 'n', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "imperiumnova.info", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'u', 'm', 'n', 'o', 'v', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "impex.com.bd", true */ 'i', 'm', 'p', 'e', 'x', '.', 'c', 'o', 'm', '.', 'b', 'd', '\0', + /* "impiantistica.org", true */ 'i', 'm', 'p', 'i', 'a', 'n', 't', 'i', 's', 't', 'i', 'c', 'a', '.', 'o', 'r', 'g', '\0', + /* "impotsimple.ca", true */ 'i', 'm', 'p', 'o', 't', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'a', '\0', + /* "imppac.de", true */ 'i', 'm', 'p', 'p', 'a', 'c', '.', 'd', 'e', '\0', + /* "imprendo.co", true */ 'i', 'm', 'p', 'r', 'e', 'n', 'd', 'o', '.', 'c', 'o', '\0', + /* "imprendo.pro", true */ 'i', 'm', 'p', 'r', 'e', 'n', 'd', 'o', '.', 'p', 'r', 'o', '\0', + /* "impresa-pulizie.it", true */ 'i', 'm', 'p', 'r', 'e', 's', 'a', '-', 'p', 'u', 'l', 'i', 'z', 'i', 'e', '.', 'i', 't', '\0', + /* "improklinikken.dk", true */ 'i', 'm', 'p', 'r', 'o', 'k', 'l', 'i', 'n', 'i', 'k', 'k', 'e', 'n', '.', 'd', 'k', '\0', + /* "improvingwp.com", true */ 'i', 'm', 'p', 'r', 'o', 'v', 'i', 'n', 'g', 'w', 'p', '.', 'c', 'o', 'm', '\0', + /* "impulse-clan.de", true */ 'i', 'm', 'p', 'u', 'l', 's', 'e', '-', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0', + /* "impulsionsa.com", true */ 'i', 'm', 'p', 'u', 'l', 's', 'i', 'o', 'n', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "impyus.com", true */ 'i', 'm', 'p', 'y', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "imququ.com", true */ 'i', 'm', 'q', 'u', 'q', 'u', '.', 'c', 'o', 'm', '\0', + /* "imreh.net", true */ 'i', 'm', 'r', 'e', 'h', '.', 'n', 'e', 't', '\0', + /* "imrejonk.nl", false */ 'i', 'm', 'r', 'e', 'j', 'o', 'n', 'k', '.', 'n', 'l', '\0', + /* "imrunner.com", true */ 'i', 'm', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "imrunner.ru", true */ 'i', 'm', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'r', 'u', '\0', + /* "ims-sargans.ch", true */ 'i', 'm', 's', '-', 's', 'a', 'r', 'g', 'a', 'n', 's', '.', 'c', 'h', '\0', + /* "in-depthoutdoors.com", true */ 'i', 'n', '-', 'd', 'e', 'p', 't', 'h', 'o', 'u', 't', 'd', 'o', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "in-flames.com", true */ 'i', 'n', '-', 'f', 'l', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "in.search.yahoo.com", false */ 'i', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "in.xero.com", false */ 'i', 'n', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "in10tion.com", false */ 'i', 'n', '1', '0', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "inabox.ro", true */ 'i', 'n', 'a', 'b', 'o', 'x', '.', 'r', 'o', '\0', + /* "inait.ai", true */ 'i', 'n', 'a', 'i', 't', '.', 'a', 'i', '\0', + /* "inandeyes.com", true */ 'i', 'n', 'a', 'n', 'd', 'e', 'y', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "inanyevent.london", true */ 'i', 'n', 'a', 'n', 'y', 'e', 'v', 'e', 'n', 't', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0', + /* "inares.org", true */ 'i', 'n', 'a', 'r', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "inbitcoin.it", true */ 'i', 'n', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'i', 't', '\0', + /* "inbounder.io", true */ 'i', 'n', 'b', 'o', 'u', 'n', 'd', 'e', 'r', '.', 'i', 'o', '\0', + /* "inbox-group.com", true */ 'i', 'n', 'b', 'o', 'x', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "inbox.google.com", true */ 'i', 'n', 'b', 'o', 'x', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "inboxen.org", true */ 'i', 'n', 'b', 'o', 'x', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "inceptionradionetwork.com", true */ 'i', 'n', 'c', 'e', 'p', 't', 'i', 'o', 'n', 'r', 'a', 'd', 'i', 'o', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "inchcape-fleet-autobid.co.uk", true */ 'i', 'n', 'c', 'h', 'c', 'a', 'p', 'e', '-', 'f', 'l', 'e', 'e', 't', '-', 'a', 'u', 't', 'o', 'b', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "includesubdomains.preloaded.test", true */ 'i', 'n', 'c', 'l', 'u', 'd', 'e', 's', 'u', 'b', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '.', 't', 'e', 's', 't', '\0', + /* "includesubdomains2.preloaded.test", true */ 'i', 'n', 'c', 'l', 'u', 'd', 'e', 's', 'u', 'b', 'd', 'o', 'm', 'a', 'i', 'n', 's', '2', '.', 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '.', 't', 'e', 's', 't', '\0', + /* "incommon.io", true */ 'i', 'n', 'c', 'o', 'm', 'm', 'o', 'n', '.', 'i', 'o', '\0', + /* "inconcerts.de", true */ 'i', 'n', 'c', 'o', 'n', 'c', 'e', 'r', 't', 's', '.', 'd', 'e', '\0', + /* "incontrixsingle.net", true */ 'i', 'n', 'c', 'o', 'n', 't', 'r', 'i', 'x', 's', 'i', 'n', 'g', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "incowrimo.org", true */ 'i', 'n', 'c', 'o', 'w', 'r', 'i', 'm', 'o', '.', 'o', 'r', 'g', '\0', + /* "incparadise.net", true */ 'i', 'n', 'c', 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "incubos.org", true */ 'i', 'n', 'c', 'u', 'b', 'o', 's', '.', 'o', 'r', 'g', '\0', + /* "ind.ie", true */ 'i', 'n', 'd', '.', 'i', 'e', '\0', + /* "indarceky.sk", false */ 'i', 'n', 'd', 'a', 'r', 'c', 'e', 'k', 'y', '.', 's', 'k', '\0', + /* "indecipherable.info", true */ 'i', 'n', 'd', 'e', 'c', 'i', 'p', 'h', 'e', 'r', 'a', 'b', 'l', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "independencerecovery.com", true */ 'i', 'n', 'd', 'e', 'p', 'e', 'n', 'd', 'e', 'n', 'c', 'e', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "independent-operators.com", true */ 'i', 'n', 'd', 'e', 'p', 'e', 'n', 'd', 'e', 'n', 't', '-', 'o', 'p', 'e', 'r', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "inderagamono.net", true */ 'i', 'n', 'd', 'e', 'r', 'a', 'g', 'a', 'm', 'o', 'n', 'o', '.', 'n', 'e', 't', '\0', + /* "indesit-training.com", true */ 'i', 'n', 'd', 'e', 's', 'i', 't', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "index-games.com", true */ 'i', 'n', 'd', 'e', 'x', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "index-mp3.com", true */ 'i', 'n', 'd', 'e', 'x', '-', 'm', 'p', '3', '.', 'c', 'o', 'm', '\0', + /* "indiaflowermall.com", true */ 'i', 'n', 'd', 'i', 'a', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "indian-elephant.com", true */ 'i', 'n', 'd', 'i', 'a', 'n', '-', 'e', 'l', 'e', 'p', 'h', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "indianaantlersupply.com", true */ 'i', 'n', 'd', 'i', 'a', 'n', 'a', 'a', 'n', 't', 'l', 'e', 'r', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "indiawise.co.uk", true */ 'i', 'n', 'd', 'i', 'a', 'w', 'i', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "indieethos.com", true */ 'i', 'n', 'd', 'i', 'e', 'e', 't', 'h', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "indiegame.space", true */ 'i', 'n', 'd', 'i', 'e', 'g', 'a', 'm', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "indievelopment.nl", true */ 'i', 'n', 'd', 'i', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'n', 'l', '\0', + /* "indigoinflatables.com", true */ 'i', 'n', 'd', 'i', 'g', 'o', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "indigosakura.com", true */ 'i', 'n', 'd', 'i', 'g', 'o', 's', 'a', 'k', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "indilens.com", true */ 'i', 'n', 'd', 'i', 'l', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "inditip.com", true */ 'i', 'n', 'd', 'i', 't', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "indogerman.de", false */ 'i', 'n', 'd', 'o', 'g', 'e', 'r', 'm', 'a', 'n', '.', 'd', 'e', '\0', + /* "indogermanstartup.com", true */ 'i', 'n', 'd', 'o', 'g', 'e', 'r', 'm', 'a', 'n', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "indogermantrade.de", true */ 'i', 'n', 'd', 'o', 'g', 'e', 'r', 'm', 'a', 'n', 't', 'r', 'a', 'd', 'e', '.', 'd', 'e', '\0', + /* "indoorplantsexpert.com", true */ 'i', 'n', 'd', 'o', 'o', 'r', 'p', 'l', 'a', 'n', 't', 's', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "indostar303.com", true */ 'i', 'n', 'd', 'o', 's', 't', 'a', 'r', '3', '0', '3', '.', 'c', 'o', 'm', '\0', + /* "indovinabank.com.vn", true */ 'i', 'n', 'd', 'o', 'v', 'i', 'n', 'a', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '.', 'v', 'n', '\0', + /* "indusap.com", true */ 'i', 'n', 'd', 'u', 's', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "indusfastremit-ca.com", true */ 'i', 'n', 'd', 'u', 's', 'f', 'a', 's', 't', 'r', 'e', 'm', 'i', 't', '-', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "indusfastremit-us.com", true */ 'i', 'n', 'd', 'u', 's', 'f', 'a', 's', 't', 'r', 'e', 'm', 'i', 't', '-', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "indusfastremit.com", true */ 'i', 'n', 'd', 'u', 's', 'f', 'a', 's', 't', 'r', 'e', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "indust.me", true */ 'i', 'n', 'd', 'u', 's', 't', '.', 'm', 'e', '\0', + /* "industrialstarter.com", true */ 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'a', 'l', 's', 't', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "indybay.org", true */ 'i', 'n', 'd', 'y', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "ineardisplay.com", true */ 'i', 'n', 'e', 'a', 'r', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "inebula.it", true */ 'i', 'n', 'e', 'b', 'u', 'l', 'a', '.', 'i', 't', '\0', + /* "ineed.coffee", true */ 'i', 'n', 'e', 'e', 'd', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "inertianetworks.com", true */ 'i', 'n', 'e', 'r', 't', 'i', 'a', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "inesta.nl", true */ 'i', 'n', 'e', 's', 't', 'a', '.', 'n', 'l', '\0', + /* "inet.se", true */ 'i', 'n', 'e', 't', '.', 's', 'e', '\0', + /* "inetpub.cn", true */ 'i', 'n', 'e', 't', 'p', 'u', 'b', '.', 'c', 'n', '\0', + /* "inetserver.eu", true */ 'i', 'n', 'e', 't', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0', + /* "inexlog.fr", true */ 'i', 'n', 'e', 'x', 'l', 'o', 'g', '.', 'f', 'r', '\0', + /* "inficom.org", true */ 'i', 'n', 'f', 'i', 'c', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "infinether.net", true */ 'i', 'n', 'f', 'i', 'n', 'e', 't', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "infinitegroup.info", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'i', 'n', 'f', 'o', '\0', + /* "infinitiofallentownparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'a', 'l', 'l', 'e', 'n', 't', 'o', 'w', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "infinitiofaugustaparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'a', 'u', 'g', 'u', 's', 't', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "infinitioflynnwoodparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'l', 'y', 'n', 'n', 'w', 'o', 'o', 'd', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "infinitiofmarinparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'm', 'a', 'r', 'i', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "infinity.to", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', '.', 't', 'o', '\0', + /* "infinitybas.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', 'b', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "infinityengine.org", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "infinityepos.co.uk", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', 'e', 'p', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "infirmieredevie.ch", true */ 'i', 'n', 'f', 'i', 'r', 'm', 'i', 'e', 'r', 'e', 'd', 'e', 'v', 'i', 'e', '.', 'c', 'h', '\0', + /* "inflatablehire-scotland.co.uk", true */ 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '-', 's', 'c', 'o', 't', 'l', 'a', 'n', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "inflatablesny.com", true */ 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "inflatamania.com", true */ 'i', 'n', 'f', 'l', 'a', 't', 'a', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "inflexsys.com", true */ 'i', 'n', 'f', 'l', 'e', 'x', 's', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "influencerchampions.com", true */ 'i', 'n', 'f', 'l', 'u', 'e', 'n', 'c', 'e', 'r', 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "influo.com", true */ 'i', 'n', 'f', 'l', 'u', 'o', '.', 'c', 'o', 'm', '\0', + /* "influxus.com", false */ 'i', 'n', 'f', 'l', 'u', 'x', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "infmed.com", true */ 'i', 'n', 'f', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "info-bay.com", true */ 'i', 'n', 'f', 'o', '-', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "info-beamer.com", true */ 'i', 'n', 'f', 'o', '-', 'b', 'e', 'a', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "info-d-74.com", true */ 'i', 'n', 'f', 'o', '-', 'd', '-', '7', '4', '.', 'c', 'o', 'm', '\0', + /* "info-screen.me", true */ 'i', 'n', 'f', 'o', '-', 's', 'c', 'r', 'e', 'e', 'n', '.', 'm', 'e', '\0', + /* "info-screw.com", true */ 'i', 'n', 'f', 'o', '-', 's', 'c', 'r', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "infocity-tech.fr", true */ 'i', 'n', 'f', 'o', 'c', 'i', 't', 'y', '-', 't', 'e', 'c', 'h', '.', 'f', 'r', '\0', + /* "infocommsociety.com", true */ 'i', 'n', 'f', 'o', 'c', 'o', 'm', 'm', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "infomegastore.com", true */ 'i', 'n', 'f', 'o', 'm', 'e', 'g', 'a', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "infomisto.com", true */ 'i', 'n', 'f', 'o', 'm', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "infopagina.es", true */ 'i', 'n', 'f', 'o', 'p', 'a', 'g', 'i', 'n', 'a', '.', 'e', 's', '\0', + /* "infopier.sg", true */ 'i', 'n', 'f', 'o', 'p', 'i', 'e', 'r', '.', 's', 'g', '\0', + /* "infopulsa.com", true */ 'i', 'n', 'f', 'o', 'p', 'u', 'l', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "inforisposte.com", true */ 'i', 'n', 'f', 'o', 'r', 'i', 's', 'p', 'o', 's', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "informatiebeveiliging.nl", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'e', 'b', 'e', 'v', 'e', 'i', 'l', 'i', 'g', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "informatik-handwerk.de", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '-', 'h', 'a', 'n', 'd', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0', + /* "informationrx.org", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 'r', 'x', '.', 'o', 'r', 'g', '\0', + /* "informnapalm.org", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'n', 'a', 'p', 'a', 'l', 'm', '.', 'o', 'r', 'g', '\0', + /* "infosec.ch", true */ 'i', 'n', 'f', 'o', 's', 'e', 'c', '.', 'c', 'h', '\0', + /* "infosec.exchange", true */ 'i', 'n', 'f', 'o', 's', 'e', 'c', '.', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '\0', + /* "infosenior.ch", true */ 'i', 'n', 'f', 'o', 's', 'e', 'n', 'i', 'o', 'r', '.', 'c', 'h', '\0', + /* "infotainworld.com", true */ 'i', 'n', 'f', 'o', 't', 'a', 'i', 'n', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "infotolium.com", true */ 'i', 'n', 'f', 'o', 't', 'o', 'l', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "infotune.nl", true */ 'i', 'n', 'f', 'o', 't', 'u', 'n', 'e', '.', 'n', 'l', '\0', + /* "infovae-idf.com", true */ 'i', 'n', 'f', 'o', 'v', 'a', 'e', '-', 'i', 'd', 'f', '.', 'c', 'o', 'm', '\0', + /* "infovision-france.com", true */ 'i', 'n', 'f', 'o', 'v', 'i', 's', 'i', 'o', 'n', '-', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "infoweb.ee", true */ 'i', 'n', 'f', 'o', 'w', 'e', 'b', '.', 'e', 'e', '\0', + /* "infra-con.dk", false */ 'i', 'n', 'f', 'r', 'a', '-', 'c', 'o', 'n', '.', 'd', 'k', '\0', + /* "infrapirtis.lt", true */ 'i', 'n', 'f', 'r', 'a', 'p', 'i', 'r', 't', 'i', 's', '.', 'l', 't', '\0', + /* "ingalabs.hu", true */ 'i', 'n', 'g', 'a', 'l', 'a', 'b', 's', '.', 'h', 'u', '\0', + /* "ingalls.run", true */ 'i', 'n', 'g', 'a', 'l', 'l', 's', '.', 'r', 'u', 'n', '\0', + /* "ingber.com", true */ 'i', 'n', 'g', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "inge-r.nl", true */ 'i', 'n', 'g', 'e', '-', 'r', '.', 'n', 'l', '\0', + /* "ingeeibach.de", true */ 'i', 'n', 'g', 'e', 'e', 'i', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0', + /* "ingenium.si", true */ 'i', 'n', 'g', 'e', 'n', 'i', 'u', 'm', '.', 's', 'i', '\0', + /* "ingenius.ws", true */ 'i', 'n', 'g', 'e', 'n', 'i', 'u', 's', '.', 'w', 's', '\0', + /* "ingerhy.com", true */ 'i', 'n', 'g', 'e', 'r', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "ingjobs.ch", true */ 'i', 'n', 'g', 'j', 'o', 'b', 's', '.', 'c', 'h', '\0', + /* "inglesnarede.com.br", true */ 'i', 'n', 'g', 'l', 'e', 's', 'n', 'a', 'r', 'e', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ingo-schlueter.de", true */ 'i', 'n', 'g', 'o', '-', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "ingoschlueter.de", true */ 'i', 'n', 'g', 'o', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "ingresscode.cn", true */ 'i', 'n', 'g', 'r', 'e', 's', 's', 'c', 'o', 'd', 'e', '.', 'c', 'n', '\0', + /* "inhaltsangabe.de", true */ 'i', 'n', 'h', 'a', 'l', 't', 's', 'a', 'n', 'g', 'a', 'b', 'e', '.', 'd', 'e', '\0', + /* "inheritestate.com", true */ 'i', 'n', 'h', 'e', 'r', 'i', 't', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "inhive.group", true */ 'i', 'n', 'h', 'i', 'v', 'e', '.', 'g', 'r', 'o', 'u', 'p', '\0', + /* "inhouseents.co.uk", true */ 'i', 'n', 'h', 'o', 'u', 's', 'e', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "iniiter.com", true */ 'i', 'n', 'i', 'i', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "inima.org", true */ 'i', 'n', 'i', 'm', 'a', '.', 'o', 'r', 'g', '\0', + /* "inios.fr", false */ 'i', 'n', 'i', 'o', 's', '.', 'f', 'r', '\0', + /* "inishbofin.ie", true */ 'i', 'n', 'i', 's', 'h', 'b', 'o', 'f', 'i', 'n', '.', 'i', 'e', '\0', + /* "initq.net", true */ 'i', 'n', 'i', 't', 'q', '.', 'n', 'e', 't', '\0', + /* "initramfs.io", true */ 'i', 'n', 'i', 't', 'r', 'a', 'm', 'f', 's', '.', 'i', 'o', '\0', + /* "initrd.net", true */ 'i', 'n', 'i', 't', 'r', 'd', '.', 'n', 'e', 't', '\0', + /* "inixal.com", true */ 'i', 'n', 'i', 'x', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "injust.eu.org", true */ 'i', 'n', 'j', 'u', 's', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "ink.horse", true */ 'i', 'n', 'k', '.', 'h', 'o', 'r', 's', 'e', '\0', + /* "inkable.com.au", true */ 'i', 'n', 'k', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "inkbunny.net", false */ 'i', 'n', 'k', 'b', 'u', 'n', 'n', 'y', '.', 'n', 'e', 't', '\0', + /* "inkhor.se", true */ 'i', 'n', 'k', 'h', 'o', 'r', '.', 's', 'e', '\0', + /* "inkontriamoci.com", true */ 'i', 'n', 'k', 'o', 'n', 't', 'r', 'i', 'a', 'm', 'o', 'c', 'i', '.', 'c', 'o', 'm', '\0', + /* "inksay.com", true */ 'i', 'n', 'k', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "inkthemes.com", true */ 'i', 'n', 'k', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "inline-sport.cz", true */ 'i', 'n', 'l', 'i', 'n', 'e', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'z', '\0', + /* "inlink.ee", true */ 'i', 'n', 'l', 'i', 'n', 'k', '.', 'e', 'e', '\0', + /* "inmaps.xyz", true */ 'i', 'n', 'm', 'a', 'p', 's', '.', 'x', 'y', 'z', '\0', + /* "inmateintake.com", true */ 'i', 'n', 'm', 'a', 't', 'e', 'i', 'n', 't', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "inme.ga", true */ 'i', 'n', 'm', 'e', '.', 'g', 'a', '\0', + /* "inmobillium.fr", true */ 'i', 'n', 'm', 'o', 'b', 'i', 'l', 'l', 'i', 'u', 'm', '.', 'f', 'r', '\0', + /* "inmusrv.de", true */ 'i', 'n', 'm', 'u', 's', 'r', 'v', '.', 'd', 'e', '\0', + /* "innerfence.com", true */ 'i', 'n', 'n', 'e', 'r', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "innerform.com", true */ 'i', 'n', 'n', 'e', 'r', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "innermostparts.org", true */ 'i', 'n', 'n', 'e', 'r', 'm', 'o', 's', 't', 'p', 'a', 'r', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "innit.be", true */ 'i', 'n', 'n', 'i', 't', '.', 'b', 'e', '\0', + /* "innoloop.com", true */ 'i', 'n', 'n', 'o', 'l', 'o', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "innophate-security.com", true */ 'i', 'n', 'n', 'o', 'p', 'h', 'a', 't', 'e', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "innoteil.com", true */ 'i', 'n', 'n', 'o', 't', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "innovamag.ca", true */ 'i', 'n', 'n', 'o', 'v', 'a', 'm', 'a', 'g', '.', 'c', 'a', '\0', + /* "innovaptor.at", true */ 'i', 'n', 'n', 'o', 'v', 'a', 'p', 't', 'o', 'r', '.', 'a', 't', '\0', + /* "innovaptor.com", true */ 'i', 'n', 'n', 'o', 'v', 'a', 'p', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "innovation-workshop.ro", true */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '-', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'r', 'o', '\0', + /* "innovation.gov", false */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0', + /* "innovativebuildingsolutions.co.za", true */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'v', 'e', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "innovativeideaz.org", true */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'v', 'e', 'i', 'd', 'e', 'a', 'z', '.', 'o', 'r', 'g', '\0', + /* "innoventure.de", true */ 'i', 'n', 'n', 'o', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'd', 'e', '\0', + /* "innsalzachsingles.de", true */ 'i', 'n', 'n', 's', 'a', 'l', 'z', 'a', 'c', 'h', 's', 'i', 'n', 'g', 'l', 'e', 's', '.', 'd', 'e', '\0', + /* "innwan.com", true */ 'i', 'n', 'n', 'w', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "inoa8.com", true */ 'i', 'n', 'o', 'a', '8', '.', 'c', 'o', 'm', '\0', + /* "inobun.jp", true */ 'i', 'n', 'o', 'b', 'u', 'n', '.', 'j', 'p', '\0', + /* "inorder.website", true */ 'i', 'n', 'o', 'r', 'd', 'e', 'r', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0', + /* "inovat.ma", true */ 'i', 'n', 'o', 'v', 'a', 't', '.', 'm', 'a', '\0', + /* "inovatec.com", true */ 'i', 'n', 'o', 'v', 'a', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "inoxio.de", true */ 'i', 'n', 'o', 'x', 'i', 'o', '.', 'd', 'e', '\0', + /* "inpas.co.uk", true */ 'i', 'n', 'p', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ins1gn1a.com", true */ 'i', 'n', 's', '1', 'g', 'n', '1', 'a', '.', 'c', 'o', 'm', '\0', + /* "insane.zone", true */ 'i', 'n', 's', 'a', 'n', 'e', '.', 'z', 'o', 'n', 'e', '\0', + /* "insblauehinein.nl", true */ 'i', 'n', 's', 'b', 'l', 'a', 'u', 'e', 'h', 'i', 'n', 'e', 'i', 'n', '.', 'n', 'l', '\0', + /* "inschrijfformulier.com", true */ 'i', 'n', 's', 'c', 'h', 'r', 'i', 'j', 'f', 'f', 'o', 'r', 'm', 'u', 'l', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "insertcoins.net", true */ 'i', 'n', 's', 'e', 'r', 't', 'c', 'o', 'i', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "insgesamt.net", true */ 'i', 'n', 's', 'g', 'e', 's', 'a', 'm', 't', '.', 'n', 'e', 't', '\0', + /* "inshapenutrition.com.br", true */ 'i', 'n', 's', 'h', 'a', 'p', 'e', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "insho.fashion", false */ 'i', 'n', 's', 'h', 'o', '.', 'f', 'a', 's', 'h', 'i', 'o', 'n', '\0', + /* "insideaudit.com", true */ 'i', 'n', 's', 'i', 'd', 'e', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "insidethefirewall.tk", true */ 'i', 'n', 's', 'i', 'd', 'e', 't', 'h', 'e', 'f', 'i', 'r', 'e', 'w', 'a', 'l', 'l', '.', 't', 'k', '\0', + /* "insightera.co.th", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'e', 'r', 'a', '.', 'c', 'o', '.', 't', 'h', '\0', + /* "insighti.com", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "insighti.eu", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 'e', 'u', '\0', + /* "insighti.org", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 'o', 'r', 'g', '\0', + /* "insighti.sk", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 's', 'k', '\0', + /* "insinuator.net", true */ 'i', 'n', 's', 'i', 'n', 'u', 'a', 't', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "insolent.ch", true */ 'i', 'n', 's', 'o', 'l', 'e', 'n', 't', '.', 'c', 'h', '\0', + /* "insping.com", true */ 'i', 'n', 's', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "inspirationalquotesuk.co.uk", true */ 'i', 'n', 's', 'p', 'i', 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'q', 'u', 'o', 't', 'e', 's', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "inspired-lua.org", true */ 'i', 'n', 's', 'p', 'i', 'r', 'e', 'd', '-', 'l', 'u', 'a', '.', 'o', 'r', 'g', '\0', + /* "insside.net", true */ 'i', 'n', 's', 's', 'i', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "inst.mobi", true */ 'i', 'n', 's', 't', '.', 'm', 'o', 'b', 'i', '\0', + /* "instafind.nl", true */ 'i', 'n', 's', 't', 'a', 'f', 'i', 'n', 'd', '.', 'n', 'l', '\0', + /* "instagram-atom.appspot.com", true */ 'i', 'n', 's', 't', 'a', 'g', 'r', 'a', 'm', '-', 'a', 't', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "instagrammernews.com", true */ 'i', 'n', 's', 't', 'a', 'g', 'r', 'a', 'm', 'm', 'e', 'r', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "instagramtweet.com", true */ 'i', 'n', 's', 't', 'a', 'g', 'r', 'a', 'm', 't', 'w', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "installgentoo.net", true */ 'i', 'n', 's', 't', 'a', 'l', 'l', 'g', 'e', 'n', 't', 'o', 'o', '.', 'n', 'e', 't', '\0', + /* "instant-hack.io", true */ 'i', 'n', 's', 't', 'a', 'n', 't', '-', 'h', 'a', 'c', 'k', '.', 'i', 'o', '\0', + /* "instant.io", true */ 'i', 'n', 's', 't', 'a', 'n', 't', '.', 'i', 'o', '\0', + /* "instantkhabar.com", true */ 'i', 'n', 's', 't', 'a', 'n', 't', 'k', 'h', 'a', 'b', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "instantsubs.de", true */ 'i', 'n', 's', 't', 'a', 'n', 't', 's', 'u', 'b', 's', '.', 'd', 'e', '\0', + /* "instava.cz", true */ 'i', 'n', 's', 't', 'a', 'v', 'a', '.', 'c', 'z', '\0', + /* "instawi.com", true */ 'i', 'n', 's', 't', 'a', 'w', 'i', '.', 'c', 'o', 'm', '\0', + /* "instela.com", true */ 'i', 'n', 's', 't', 'e', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "instelikes.com.br", true */ 'i', 'n', 's', 't', 'e', 'l', 'i', 'k', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "instics.com", true */ 'i', 'n', 's', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "instinctive.io", true */ 'i', 'n', 's', 't', 'i', 'n', 'c', 't', 'i', 'v', 'e', '.', 'i', 'o', '\0', + /* "instinctiveads.com", true */ 'i', 'n', 's', 't', 'i', 'n', 'c', 't', 'i', 'v', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "institut-confucius-montpellier.org", true */ 'i', 'n', 's', 't', 'i', 't', 'u', 't', '-', 'c', 'o', 'n', 'f', 'u', 'c', 'i', 'u', 's', '-', 'm', 'o', 'n', 't', 'p', 'e', 'l', 'l', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "institutmaupertuis.hopto.org", true */ 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'm', 'a', 'u', 'p', 'e', 'r', 't', 'u', 'i', 's', '.', 'h', 'o', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0', + /* "institutulcultural.ro", true */ 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'u', 'l', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'r', 'o', '\0', + /* "instrumart.ru", false */ 'i', 'n', 's', 't', 'r', 'u', 'm', 'a', 'r', 't', '.', 'r', 'u', '\0', + /* "insult.es", true */ 'i', 'n', 's', 'u', 'l', 't', '.', 'e', 's', '\0', + /* "int-ext-design.fr", true */ 'i', 'n', 't', '-', 'e', 'x', 't', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'f', 'r', '\0', + /* "int-ma.in", true */ 'i', 'n', 't', '-', 'm', 'a', '.', 'i', 'n', '\0', + /* "intafe.co.jp", true */ 'i', 'n', 't', 'a', 'f', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "intarweb.ca", true */ 'i', 'n', 't', 'a', 'r', 'w', 'e', 'b', '.', 'c', 'a', '\0', + /* "integraelchen.de", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'e', 'l', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "integralblue.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'l', 'b', 'l', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "integralkk.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'l', 'k', 'k', '.', 'c', 'o', 'm', '\0', + /* "integratedmedicalonline.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'e', 'd', 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "integrationinc.com", false */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'i', 'o', 'n', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "integraxor.com.tw", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'x', 'o', 'r', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "integrity.gov", true */ 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0', + /* "integrityingovernmentidaho.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', 'i', 'n', 'g', 'o', 'v', 'e', 'r', 'n', 'm', 'e', 'n', 't', 'i', 'd', 'a', 'h', 'o', '.', 'c', 'o', 'm', '\0', + /* "integrityoklahoma.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "integrogroup.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "integromat.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'o', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "intelbet.es", true */ 'i', 'n', 't', 'e', 'l', 'b', 'e', 't', '.', 'e', 's', '\0', + /* "intelbet.ro", true */ 'i', 'n', 't', 'e', 'l', 'b', 'e', 't', '.', 'r', 'o', '\0', + /* "intellar.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "intellectdynamics.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'e', 'c', 't', 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "intelligence-explosion.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '-', 'e', 'x', 'p', 'l', 'o', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "intellinetixvibration.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'i', 'n', 'e', 't', 'i', 'x', 'v', 'i', 'b', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "intencje.pl", true */ 'i', 'n', 't', 'e', 'n', 'c', 'j', 'e', '.', 'p', 'l', '\0', + /* "intensifyrsvp.com.au", true */ 'i', 'n', 't', 'e', 'n', 's', 'i', 'f', 'y', 'r', 's', 'v', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "inter-corporate.com", true */ 'i', 'n', 't', 'e', 'r', '-', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "inter-culinarium.com", true */ 'i', 'n', 't', 'e', 'r', '-', 'c', 'u', 'l', 'i', 'n', 'a', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "interaffairs.com", true */ 'i', 'n', 't', 'e', 'r', 'a', 'f', 'f', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "interasistmen.se", true */ 'i', 'n', 't', 'e', 'r', 'a', 's', 'i', 's', 't', 'm', 'e', 'n', '.', 's', 'e', '\0', + /* "interchangedesign.com", true */ 'i', 'n', 't', 'e', 'r', 'c', 'h', 'a', 'n', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "interchanges.io", true */ 'i', 'n', 't', 'e', 'r', 'c', 'h', 'a', 'n', 'g', 'e', 's', '.', 'i', 'o', '\0', + /* "intercom.com", true */ 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "intercom.io", true */ 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'i', 'o', '\0', + /* "interessiert-uns.net", true */ 'i', 'n', 't', 'e', 'r', 'e', 's', 's', 'i', 'e', 'r', 't', '-', 'u', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "interfesse.net", true */ 'i', 'n', 't', 'e', 'r', 'f', 'e', 's', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "interfloraservices.co.uk", true */ 'i', 'n', 't', 'e', 'r', 'f', 'l', 'o', 'r', 'a', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "interflores.com.br", true */ 'i', 'n', 't', 'e', 'r', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "interfug.de", true */ 'i', 'n', 't', 'e', 'r', 'f', 'u', 'g', '.', 'd', 'e', '\0', + /* "interimages.fr", true */ 'i', 'n', 't', 'e', 'r', 'i', 'm', 'a', 'g', 'e', 's', '.', 'f', 'r', '\0', + /* "interiorcheapo.com", true */ 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 'c', 'h', 'e', 'a', 'p', 'o', '.', 'c', 'o', 'm', '\0', + /* "interiordesignsconcept.com", true */ 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '\0', + /* "interisaudit.com", true */ 'i', 'n', 't', 'e', 'r', 'i', 's', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "interlingvo.biz", true */ 'i', 'n', 't', 'e', 'r', 'l', 'i', 'n', 'g', 'v', 'o', '.', 'b', 'i', 'z', '\0', + /* "intermax.nl", true */ 'i', 'n', 't', 'e', 'r', 'm', 'a', 'x', '.', 'n', 'l', '\0', + /* "intermedinet.nl", true */ 'i', 'n', 't', 'e', 'r', 'm', 'e', 'd', 'i', 'n', 'e', 't', '.', 'n', 'l', '\0', + /* "internaluse.net", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 'l', 'u', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "international-arbitration-attorney.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '-', 'a', 'r', 'b', 'i', 't', 'r', 'a', 't', 'i', 'o', 'n', '-', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "internationalfashionjobs.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'f', 'a', 's', 'h', 'i', 'o', 'n', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "internaut.co.za", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 'u', 't', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "internect.co.za", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 'c', 't', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "internetaanbieders.eu", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'a', 'a', 'n', 'b', 'i', 'e', 'd', 'e', 'r', 's', '.', 'e', 'u', '\0', + /* "internetbank.swedbank.se", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0', + /* "internetbugbounty.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'b', 'u', 'g', 'b', 'o', 'u', 'n', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "internetbugbounty.org", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'b', 'u', 'g', 'b', 'o', 'u', 'n', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "internetcom.jp", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'c', 'o', 'm', '.', 'j', 'p', '\0', + /* "internethealthreport.org", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'h', 'e', 'a', 'l', 't', 'h', 'r', 'e', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '\0', + /* "internethering.de", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'h', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "internetinhetbuitengebied.nl", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'i', 'n', 'h', 'e', 't', 'b', 'u', 'i', 't', 'e', 'n', 'g', 'e', 'b', 'i', 'e', 'd', '.', 'n', 'l', '\0', + /* "internetmarkets.net", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'm', 'a', 'r', 'k', 'e', 't', 's', '.', 'n', 'e', 't', '\0', + /* "internetofdon.gs", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'f', 'd', 'o', 'n', '.', 'g', 's', '\0', + /* "internetoffensive.fail", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'f', 'f', 'e', 'n', 's', 'i', 'v', 'e', '.', 'f', 'a', 'i', 'l', '\0', + /* "internetovehazardnihry.cz", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'v', 'e', 'h', 'a', 'z', 'a', 'r', 'd', 'n', 'i', 'h', 'r', 'y', '.', 'c', 'z', '\0', + /* "internetstaff.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 's', 't', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "internetzentrale.net", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'z', 'e', 'n', 't', 'r', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "interociter-enterprises.com", true */ 'i', 'n', 't', 'e', 'r', 'o', 'c', 'i', 't', 'e', 'r', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "interracial.dating", true */ 'i', 'n', 't', 'e', 'r', 'r', 'a', 'c', 'i', 'a', 'l', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "interseller.io", true */ 'i', 'n', 't', 'e', 'r', 's', 'e', 'l', 'l', 'e', 'r', '.', 'i', 'o', '\0', + /* "intertime.services", true */ 'i', 'n', 't', 'e', 'r', 't', 'i', 'm', 'e', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0', + /* "interview-suite.com", true */ 'i', 'n', 't', 'e', 'r', 'v', 'i', 'e', 'w', '-', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "interways.de", true */ 'i', 'n', 't', 'e', 'r', 'w', 'a', 'y', 's', '.', 'd', 'e', '\0', + /* "intheater.de", true */ 'i', 'n', 't', 'h', 'e', 'a', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "inthepicture.com", true */ 'i', 'n', 't', 'h', 'e', 'p', 'i', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "inthouse.cloud", true */ 'i', 'n', 't', 'h', 'o', 'u', 's', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "intimastoreatacado.com.br", true */ 'i', 'n', 't', 'i', 'm', 'a', 's', 't', 'o', 'r', 'e', 'a', 't', 'a', 'c', 'a', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "intl-webs.com", true */ 'i', 'n', 't', 'l', '-', 'w', 'e', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "intmissioncenter.org", true */ 'i', 'n', 't', 'm', 'i', 's', 's', 'i', 'o', 'n', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "into.technology", true */ 'i', 'n', 't', 'o', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0', + /* "inton.biz", true */ 'i', 'n', 't', 'o', 'n', '.', 'b', 'i', 'z', '\0', + /* "intoparking.com", false */ 'i', 'n', 't', 'o', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "intracom.com", true */ 'i', 'n', 't', 'r', 'a', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "intradayseasonals.com", true */ 'i', 'n', 't', 'r', 'a', 'd', 'a', 'y', 's', 'e', 'a', 's', 'o', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "intramanager.co.uk", true */ 'i', 'n', 't', 'r', 'a', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "intramanager.dk", true */ 'i', 'n', 't', 'r', 'a', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'd', 'k', '\0', + /* "intranetsec-regionra.fr", true */ 'i', 'n', 't', 'r', 'a', 'n', 'e', 't', 's', 'e', 'c', '-', 'r', 'e', 'g', 'i', 'o', 'n', 'r', 'a', '.', 'f', 'r', '\0', + /* "intraobes.com", true */ 'i', 'n', 't', 'r', 'a', 'o', 'b', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "intrasoft.com.au", true */ 'i', 'n', 't', 'r', 'a', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "intraxia.com", true */ 'i', 'n', 't', 'r', 'a', 'x', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "introvertedtravel.space", true */ 'i', 'n', 't', 'r', 'o', 'v', 'e', 'r', 't', 'e', 'd', 't', 'r', 'a', 'v', 'e', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "intune.life", true */ 'i', 'n', 't', 'u', 'n', 'e', '.', 'l', 'i', 'f', 'e', '\0', + /* "intux.be", false */ 'i', 'n', 't', 'u', 'x', '.', 'b', 'e', '\0', + /* "intvonline.com", true */ 'i', 'n', 't', 'v', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "intxt.net", true */ 'i', 'n', 't', 'x', 't', '.', 'n', 'e', 't', '\0', + /* "inusasha.de", true */ 'i', 'n', 'u', 's', 'a', 's', 'h', 'a', '.', 'd', 'e', '\0', + /* "inuyasha-petition.tk", true */ 'i', 'n', 'u', 'y', 'a', 's', 'h', 'a', '-', 'p', 'e', 't', 'i', 't', 'i', 'o', 'n', '.', 't', 'k', '\0', + /* "invasion.com", true */ 'i', 'n', 'v', 'a', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "invenio.software", true */ 'i', 'n', 'v', 'e', 'n', 'i', 'o', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0', + /* "inventaire.ch", true */ 'i', 'n', 'v', 'e', 'n', 't', 'a', 'i', 'r', 'e', '.', 'c', 'h', '\0', + /* "inventionsteps.com.au", true */ 'i', 'n', 'v', 'e', 'n', 't', 'i', 'o', 'n', 's', 't', 'e', 'p', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "inventix.nl", true */ 'i', 'n', 'v', 'e', 'n', 't', 'i', 'x', '.', 'n', 'l', '\0', + /* "inventoryimages.co.uk", true */ 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "inventoryimages.com", true */ 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "inventtheworld.com.au", true */ 'i', 'n', 'v', 'e', 'n', 't', 't', 'h', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "investarholding.nl", true */ 'i', 'n', 'v', 'e', 's', 't', 'a', 'r', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "investcountry.com", true */ 'i', 'n', 'v', 'e', 's', 't', 'c', 'o', 'u', 'n', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "investigazionimoretti.it", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'g', 'a', 'z', 'i', 'o', 'n', 'i', 'm', 'o', 'r', 'e', 't', 't', 'i', '.', 'i', 't', '\0', + /* "investingdiary.cn", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'n', 'g', 'd', 'i', 'a', 'r', 'y', '.', 'c', 'n', '\0', + /* "investingtrader.net", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'n', 'g', 't', 'r', 'a', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "investir.ch", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'r', '.', 'c', 'h', '\0', + /* "investorforms.com", true */ 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', 'f', 'o', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "investpay.ru", true */ 'i', 'n', 'v', 'e', 's', 't', 'p', 'a', 'y', '.', 'r', 'u', '\0', + /* "invinsec.com", true */ 'i', 'n', 'v', 'i', 'n', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "invioinc.com", true */ 'i', 'n', 'v', 'i', 'o', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "invis.net", true */ 'i', 'n', 'v', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "invisible-college.com", true */ 'i', 'n', 'v', 'i', 's', 'i', 'b', 'l', 'e', '-', 'c', 'o', 'l', 'l', 'e', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "invisibles.ch", true */ 'i', 'n', 'v', 'i', 's', 'i', 'b', 'l', 'e', 's', '.', 'c', 'h', '\0', + /* "invisionita.com", true */ 'i', 'n', 'v', 'i', 's', 'i', 'o', 'n', 'i', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "invisiverse.com", true */ 'i', 'n', 'v', 'i', 's', 'i', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "invitescene.com", true */ 'i', 'n', 'v', 'i', 't', 'e', 's', 'c', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "invoiced.com", true */ 'i', 'n', 'v', 'o', 'i', 'c', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "invoicefinance.com", true */ 'i', 'n', 'v', 'o', 'i', 'c', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "invoicefinance.nl", true */ 'i', 'n', 'v', 'o', 'i', 'c', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'n', 'l', '\0', + /* "inwestcorp.se", true */ 'i', 'n', 'w', 'e', 's', 't', 'c', 'o', 'r', 'p', '.', 's', 'e', '\0', + /* "inzdr.com", true */ 'i', 'n', 'z', 'd', 'r', '.', 'c', 'o', 'm', '\0', + /* "iobint.com", true */ 'i', 'o', 'b', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "iocheck.com", false */ 'i', 'o', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "iodice.org", true */ 'i', 'o', 'd', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "iodu.re", true */ 'i', 'o', 'd', 'u', '.', 'r', 'e', '\0', + /* "ioiart.eu", true */ 'i', 'o', 'i', 'a', 'r', 't', '.', 'e', 'u', '\0', + /* "iojo.net", true */ 'i', 'o', 'j', 'o', '.', 'n', 'e', 't', '\0', + /* "iompost.com", true */ 'i', 'o', 'm', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "iomstamps.com", true */ 'i', 'o', 'm', 's', 't', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "ionc.ca", true */ 'i', 'o', 'n', 'c', '.', 'c', 'a', '\0', + /* "ionlabs.kr", true */ 'i', 'o', 'n', 'l', 'a', 'b', 's', '.', 'k', 'r', '\0', + /* "ionx.co.uk", true */ 'i', 'o', 'n', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ioover.net", true */ 'i', 'o', 'o', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "ioslo.net", true */ 'i', 'o', 's', 'l', 'o', '.', 'n', 'e', 't', '\0', + /* "iosnoops.com", true */ 'i', 'o', 's', 'n', 'o', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "iossifovlab.com", true */ 'i', 'o', 's', 's', 'i', 'f', 'o', 'v', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "iostream.by", true */ 'i', 'o', 's', 't', 'r', 'e', 'a', 'm', '.', 'b', 'y', '\0', + /* "iotsms.io", true */ 'i', 'o', 't', 's', 'm', 's', '.', 'i', 'o', '\0', + /* "ip-blacklist.net", true */ 'i', 'p', '-', 'b', 'l', 'a', 'c', 'k', 'l', 'i', 's', 't', '.', 'n', 'e', 't', '\0', + /* "ip-hahn.de", true */ 'i', 'p', '-', 'h', 'a', 'h', 'n', '.', 'd', 'e', '\0', + /* "ip-life.net", true */ 'i', 'p', '-', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0', + /* "ip.sb", true */ 'i', 'p', '.', 's', 'b', '\0', + /* "ip2country.info", true */ 'i', 'p', '2', 'c', 'o', 'u', 'n', 't', 'r', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "ip3office.com", true */ 'i', 'p', '3', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "ip6.li", true */ 'i', 'p', '6', '.', 'l', 'i', '\0', + /* "ipal.im", true */ 'i', 'p', 'a', 'l', '.', 'i', 'm', '\0', + /* "ipal.name", true */ 'i', 'p', 'a', 'l', '.', 'n', 'a', 'm', 'e', '\0', + /* "ipal.pl", true */ 'i', 'p', 'a', 'l', '.', 'p', 'l', '\0', + /* "ipal.tel", true */ 'i', 'p', 'a', 'l', '.', 't', 'e', 'l', '\0', + /* "ipawind.com", true */ 'i', 'p', 'a', 'w', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "ipcareers.net", true */ 'i', 'p', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "ipcfg.me", true */ 'i', 'p', 'c', 'f', 'g', '.', 'm', 'e', '\0', + /* "ipconsulting.se", true */ 'i', 'p', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 's', 'e', '\0', + /* "ipfirebox.de", true */ 'i', 'p', 'f', 'i', 'r', 'e', 'b', 'o', 'x', '.', 'd', 'e', '\0', + /* "ipfp.pl", true */ 'i', 'p', 'f', 'p', '.', 'p', 'l', '\0', + /* "ipfs.ink", true */ 'i', 'p', 'f', 's', '.', 'i', 'n', 'k', '\0', + /* "ipfs.io", true */ 'i', 'p', 'f', 's', '.', 'i', 'o', '\0', + /* "iphoneunlock.nu", true */ 'i', 'p', 'h', 'o', 'n', 'e', 'u', 'n', 'l', 'o', 'c', 'k', '.', 'n', 'u', '\0', + /* "iphonote.com", true */ 'i', 'p', 'h', 'o', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "ipintel.io", true */ 'i', 'p', 'i', 'n', 't', 'e', 'l', '.', 'i', 'o', '\0', + /* "iplabs.de", true */ 'i', 'p', 'l', 'a', 'b', 's', '.', 'd', 'e', '\0', + /* "iplantom.com", true */ 'i', 'p', 'l', 'a', 'n', 't', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "ipleak.net", true */ 'i', 'p', 'l', 'e', 'a', 'k', '.', 'n', 'e', 't', '\0', + /* "ipledgeonline.org", false */ 'i', 'p', 'l', 'e', 'd', 'g', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "iplog.info", true */ 'i', 'p', 'l', 'o', 'g', '.', 'i', 'n', 'f', 'o', '\0', + /* "ipmonitoring.hu", true */ 'i', 'p', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'h', 'u', '\0', + /* "ipmotion.ca", true */ 'i', 'p', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'a', '\0', + /* "ipo-times.com", true */ 'i', 'p', 'o', '-', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ipokabu.net", true */ 'i', 'p', 'o', 'k', 'a', 'b', 'u', '.', 'n', 'e', 't', '\0', + /* "ipomue.com", false */ 'i', 'p', 'o', 'm', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "ipop.gr", true */ 'i', 'p', 'o', 'p', '.', 'g', 'r', '\0', + /* "iprim.ru", true */ 'i', 'p', 'r', 'i', 'm', '.', 'r', 'u', '\0', + /* "ipsec.pl", true */ 'i', 'p', 's', 'e', 'c', '.', 'p', 'l', '\0', + /* "ipsilon-project.org", true */ 'i', 'p', 's', 'i', 'l', 'o', 'n', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "ipstream.it", true */ 'i', 'p', 's', 't', 'r', 'e', 'a', 'm', '.', 'i', 't', '\0', + /* "ipswitch.com.tw", true */ 'i', 'p', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "ipty.de", true */ 'i', 'p', 't', 'y', '.', 'd', 'e', '\0', + /* "ipura.ch", true */ 'i', 'p', 'u', 'r', 'a', '.', 'c', 'h', '\0', + /* "ipv4.cf", true */ 'i', 'p', 'v', '4', '.', 'c', 'f', '\0', + /* "ipv4.gr", true */ 'i', 'p', 'v', '4', '.', 'g', 'r', '\0', + /* "ipv6-adresse.dk", true */ 'i', 'p', 'v', '6', '-', 'a', 'd', 'r', 'e', 's', 's', 'e', '.', 'd', 'k', '\0', + /* "ipv6-handbuch.de", true */ 'i', 'p', 'v', '6', '-', 'h', 'a', 'n', 'd', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0', + /* "ipv6.gr", true */ 'i', 'p', 'v', '6', '.', 'g', 'r', '\0', + /* "ipv6vpn.net", true */ 'i', 'p', 'v', '6', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0', + /* "iqboxy.com", true */ 'i', 'q', 'b', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0', + /* "iqsmn.org", true */ 'i', 'q', 's', 'm', 'n', '.', 'o', 'r', 'g', '\0', + /* "ir1s.com", true */ 'i', 'r', '1', 's', '.', 'c', 'o', 'm', '\0', + /* "iranianholiday.com", true */ 'i', 'r', 'a', 'n', 'i', 'a', 'n', 'h', 'o', 'l', 'i', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "irayo.net", true */ 'i', 'r', 'a', 'y', 'o', '.', 'n', 'e', 't', '\0', + /* "irc-results.com", true */ 'i', 'r', 'c', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "ircmett.de", true */ 'i', 'r', 'c', 'm', 'e', 't', 't', '.', 'd', 'e', '\0', + /* "iready.ro", true */ 'i', 'r', 'e', 'a', 'd', 'y', '.', 'r', 'o', '\0', + /* "ireef.tv", true */ 'i', 'r', 'e', 'e', 'f', '.', 't', 'v', '\0', + /* "irenekauer.com", true */ 'i', 'r', 'e', 'n', 'e', 'k', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "irf2.pl", true */ 'i', 'r', 'f', '2', '.', 'p', 'l', '\0', + /* "irfan.id", true */ 'i', 'r', 'f', 'a', 'n', '.', 'i', 'd', '\0', + /* "irgit.pl", true */ 'i', 'r', 'g', 'i', 't', '.', 'p', 'l', '\0', + /* "iridiumbrowser.de", true */ 'i', 'r', 'i', 'd', 'i', 'u', 'm', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'd', 'e', '\0', + /* "iridiumflare.de", true */ 'i', 'r', 'i', 'd', 'i', 'u', 'm', 'f', 'l', 'a', 'r', 'e', '.', 'd', 'e', '\0', + /* "iriomote.com", true */ 'i', 'r', 'i', 'o', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "iris-design.info", true */ 'i', 'r', 'i', 's', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "iris-insa.com", true */ 'i', 'r', 'i', 's', '-', 'i', 'n', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "irische-segenswuensche.info", true */ 'i', 'r', 'i', 's', 'c', 'h', 'e', '-', 's', 'e', 'g', 'e', 'n', 's', 'w', 'u', 'e', 'n', 's', 'c', 'h', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "irisdina.de", true */ 'i', 'r', 'i', 's', 'd', 'i', 'n', 'a', '.', 'd', 'e', '\0', + /* "irish.dating", true */ 'i', 'r', 'i', 's', 'h', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "irishmusic.nu", true */ 'i', 'r', 'i', 's', 'h', 'm', 'u', 's', 'i', 'c', '.', 'n', 'u', '\0', + /* "irisjieun.com", true */ 'i', 'r', 'i', 's', 'j', 'i', 'e', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "irland-firma.com", true */ 'i', 'r', 'l', 'a', 'n', 'd', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "irmag.ru", true */ 'i', 'r', 'm', 'a', 'g', '.', 'r', 'u', '\0', + /* "irmgard-woelfle.de", true */ 'i', 'r', 'm', 'g', 'a', 'r', 'd', '-', 'w', 'o', 'e', 'l', 'f', 'l', 'e', '.', 'd', 'e', '\0', + /* "irmgardkoch.com", true */ 'i', 'r', 'm', 'g', 'a', 'r', 'd', 'k', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "irodorinet.com", true */ 'i', 'r', 'o', 'd', 'o', 'r', 'i', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "iroise.ch", true */ 'i', 'r', 'o', 'i', 's', 'e', '.', 'c', 'h', '\0', + /* "iron-guard.net", true */ 'i', 'r', 'o', 'n', '-', 'g', 'u', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0', + /* "ironcarnival.com", true */ 'i', 'r', 'o', 'n', 'c', 'a', 'r', 'n', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "irondaleirregulars.com", true */ 'i', 'r', 'o', 'n', 'd', 'a', 'l', 'e', 'i', 'r', 'r', 'e', 'g', 'u', 'l', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "ironfistdesign.com", true */ 'i', 'r', 'o', 'n', 'f', 'i', 's', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "irritant.net", true */ 'i', 'r', 'r', 'i', 't', 'a', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "irstaxforumsonline.com", true */ 'i', 'r', 's', 't', 'a', 'x', 'f', 'o', 'r', 'u', 'm', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "iruarts.ch", true */ 'i', 'r', 'u', 'a', 'r', 't', 's', '.', 'c', 'h', '\0', + /* "iruca.co", true */ 'i', 'r', 'u', 'c', 'a', '.', 'c', 'o', '\0', + /* "is-sw.net", true */ 'i', 's', '-', 's', 'w', '.', 'n', 'e', 't', '\0', + /* "isaackabel.cf", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'c', 'f', '\0', + /* "isaackabel.ga", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'g', 'a', '\0', + /* "isaackabel.gq", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'g', 'q', '\0', + /* "isaackabel.ml", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'm', 'l', '\0', + /* "isaackabel.tk", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 't', 'k', '\0', + /* "isaackhor.com", true */ 'i', 's', 'a', 'a', 'c', 'k', 'h', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "isaacman.tech", true */ 'i', 's', 'a', 'a', 'c', 'm', 'a', 'n', '.', 't', 'e', 'c', 'h', '\0', + /* "isaacpartnership.co.uk", true */ 'i', 's', 'a', 'a', 'c', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "isaacpartnership.com", true */ 'i', 's', 'a', 'a', 'c', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "isaacphysics.org", true */ 'i', 's', 'a', 'a', 'c', 'p', 'h', 'y', 's', 'i', 'c', 's', '.', 'o', 'r', 'g', '\0', + /* "isabelle-delpech.com", true */ 'i', 's', 'a', 'b', 'e', 'l', 'l', 'e', '-', 'd', 'e', 'l', 'p', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "isara.com", true */ 'i', 's', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "isbc-telecom.ru", true */ 'i', 's', 'b', 'c', '-', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'r', 'u', '\0', + /* "isbengrumpy.com", true */ 'i', 's', 'b', 'e', 'n', 'g', 'r', 'u', 'm', 'p', 'y', '.', 'c', 'o', 'm', '\0', + /* "iscert.org", true */ 'i', 's', 'c', 'e', 'r', 't', '.', 'o', 'r', 'g', '\0', + /* "isdn.jp", true */ 'i', 's', 'd', 'n', '.', 'j', 'p', '\0', + /* "isdown.cz", true */ 'i', 's', 'd', 'o', 'w', 'n', '.', 'c', 'z', '\0', + /* "isecrets.se", true */ 'i', 's', 'e', 'c', 'r', 'e', 't', 's', '.', 's', 'e', '\0', + /* "iserv.fr", true */ 'i', 's', 'e', 'r', 'v', '.', 'f', 'r', '\0', + /* "iservicio.mx", true */ 'i', 's', 'e', 'r', 'v', 'i', 'c', 'i', 'o', '.', 'm', 'x', '\0', + /* "isfriday.com", true */ 'i', 's', 'f', 'r', 'i', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "isgp-studies.com", true */ 'i', 's', 'g', 'p', '-', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ishamf.com", true */ 'i', 's', 'h', 'a', 'm', 'f', '.', 'c', 'o', 'm', '\0', + /* "ishiharaken.com", true */ 'i', 's', 'h', 'i', 'h', 'a', 'r', 'a', 'k', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "ishome.org", true */ 'i', 's', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "isidom.fr", true */ 'i', 's', 'i', 'd', 'o', 'm', '.', 'f', 'r', '\0', + /* "isil.fi", true */ 'i', 's', 'i', 'l', '.', 'f', 'i', '\0', + /* "isimonbrown.co.uk", true */ 'i', 's', 'i', 'm', 'o', 'n', 'b', 'r', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "isincheck.com", true */ 'i', 's', 'i', 'n', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "isisfighters.info", true */ 'i', 's', 'i', 's', 'f', 'i', 'g', 'h', 't', 'e', 'r', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "isistomie.com", true */ 'i', 's', 'i', 's', 't', 'o', 'm', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "isitchristmas.com", true */ 'i', 's', 'i', 't', 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "isitcoffeetime.com", true */ 'i', 's', 'i', 't', 'c', 'o', 'f', 'f', 'e', 'e', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "isitdoneyet.gov", true */ 'i', 's', 'i', 't', 'd', 'o', 'n', 'e', 'y', 'e', 't', '.', 'g', 'o', 'v', '\0', + /* "isitnuclearwaryet.com", true */ 'i', 's', 'i', 't', 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'w', 'a', 'r', 'y', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "isitup.org", true */ 'i', 's', 'i', 't', 'u', 'p', '.', 'o', 'r', 'g', '\0', + /* "iskaron.de", true */ 'i', 's', 'k', 'a', 'r', 'o', 'n', '.', 'd', 'e', '\0', + /* "iskogen.nu", true */ 'i', 's', 'k', 'o', 'g', 'e', 'n', '.', 'n', 'u', '\0', + /* "islam.si", true */ 'i', 's', 'l', 'a', 'm', '.', 's', 'i', '\0', + /* "islandhosting.com", true */ 'i', 's', 'l', 'a', 'n', 'd', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "islandinthenet.com", true */ 'i', 's', 'l', 'a', 'n', 'd', 'i', 'n', 't', 'h', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "islandpumpandtank.com", true */ 'i', 's', 'l', 'a', 'n', 'd', 'p', 'u', 'm', 'p', 'a', 'n', 'd', 't', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "islazia.fr", true */ 'i', 's', 'l', 'a', 'z', 'i', 'a', '.', 'f', 'r', '\0', + /* "isletech.net", true */ 'i', 's', 'l', 'e', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "isliada.org", true */ 'i', 's', 'l', 'i', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0', + /* "ismat.com", true */ 'i', 's', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "isn.cz", true */ 'i', 's', 'n', '.', 'c', 'z', '\0', + /* "isntall.us", true */ 'i', 's', 'n', 't', 'a', 'l', 'l', '.', 'u', 's', '\0', + /* "isocom.eu", true */ 'i', 's', 'o', 'c', 'o', 'm', '.', 'e', 'u', '\0', + /* "isognattori.com", true */ 'i', 's', 'o', 'g', 'n', 'a', 't', 't', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "isolta.com", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "isolta.de", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'd', 'e', '\0', + /* "isolta.ee", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'e', 'e', '\0', + /* "isolta.lv", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'l', 'v', '\0', + /* "isolta.se", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 's', 'e', '\0', + /* "isondo.com", true */ 'i', 's', 'o', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "isonet.fr", true */ 'i', 's', 'o', 'n', 'e', 't', '.', 'f', 'r', '\0', + /* "isopres.de", true */ 'i', 's', 'o', 'p', 'r', 'e', 's', '.', 'd', 'e', '\0', + /* "isoroc-nidzica.pl", true */ 'i', 's', 'o', 'r', 'o', 'c', '-', 'n', 'i', 'd', 'z', 'i', 'c', 'a', '.', 'p', 'l', '\0', + /* "isotope.gov", true */ 'i', 's', 'o', 't', 'o', 'p', 'e', '.', 'g', 'o', 'v', '\0', + /* "isotopes.gov", true */ 'i', 's', 'o', 't', 'o', 'p', 'e', 's', '.', 'g', 'o', 'v', '\0', + /* "isowosi.com", true */ 'i', 's', 'o', 'w', 'o', 's', 'i', '.', 'c', 'o', 'm', '\0', + /* "ispo.com.tw", true */ 'i', 's', 'p', 'o', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "ispringcloud.ru", true */ 'i', 's', 'p', 'r', 'i', 'n', 'g', 'c', 'l', 'o', 'u', 'd', '.', 'r', 'u', '\0', + /* "ispsoft.pro", true */ 'i', 's', 'p', 's', 'o', 'f', 't', '.', 'p', 'r', 'o', '\0', + /* "ispweb.es", true */ 'i', 's', 'p', 'w', 'e', 'b', '.', 'e', 's', '\0', + /* "isqrl.de", true */ 'i', 's', 'q', 'r', 'l', '.', 'd', 'e', '\0', + /* "israelbizreg.com", true */ 'i', 's', 'r', 'a', 'e', 'l', 'b', 'i', 'z', 'r', 'e', 'g', '.', 'c', 'o', 'm', '\0', + /* "israkurort.com", true */ 'i', 's', 'r', 'a', 'k', 'u', 'r', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "isreedyintheuk.com", true */ 'i', 's', 'r', 'e', 'e', 'd', 'y', 'i', 'n', 't', 'h', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "issasfrissa.se", true */ 'i', 's', 's', 'a', 's', 'f', 'r', 'i', 's', 's', 'a', '.', 's', 'e', '\0', + /* "isscouncil.com", true */ 'i', 's', 's', 'c', 'o', 'u', 'n', 'c', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "issforum.org", true */ 'i', 's', 's', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "issio.net", true */ 'i', 's', 's', 'i', 'o', '.', 'n', 'e', 't', '\0', + /* "isslshop.com", true */ 'i', 's', 's', 'l', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "issue.watch", true */ 'i', 's', 's', 'u', 'e', '.', 'w', 'a', 't', 'c', 'h', '\0', + /* "issuesofconcern.in", true */ 'i', 's', 's', 'u', 'e', 's', 'o', 'f', 'c', 'o', 'n', 'c', 'e', 'r', 'n', '.', 'i', 'n', '\0', + /* "ist-intim.de", true */ 'i', 's', 't', '-', 'i', 'n', 't', 'i', 'm', '.', 'd', 'e', '\0', + /* "istdieweltschonuntergegangen.de", true */ 'i', 's', 't', 'd', 'i', 'e', 'w', 'e', 'l', 't', 's', 'c', 'h', 'o', 'n', 'u', 'n', 't', 'e', 'r', 'g', 'e', 'g', 'a', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "isteinbaby.de", true */ 'i', 's', 't', 'e', 'i', 'n', 'b', 'a', 'b', 'y', '.', 'd', 'e', '\0', + /* "istgame.com", true */ 'i', 's', 't', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "istheapplestoredown.com", true */ 'i', 's', 't', 'h', 'e', 'a', 'p', 'p', 'l', 'e', 's', 't', 'o', 'r', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "istheapplestoredown.de", true */ 'i', 's', 't', 'h', 'e', 'a', 'p', 'p', 'l', 'e', 's', 't', 'o', 'r', 'e', 'd', 'o', 'w', 'n', '.', 'd', 'e', '\0', + /* "isthefieldcontrolsystemdown.com", true */ 'i', 's', 't', 'h', 'e', 'f', 'i', 'e', 'l', 'd', 'c', 'o', 'n', 't', 'r', 'o', 'l', 's', 'y', 's', 't', 'e', 'm', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "istheinternetdown.com", true */ 'i', 's', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "istherrienstillcoach.com", true */ 'i', 's', 't', 'h', 'e', 'r', 'r', 'i', 'e', 'n', 's', 't', 'i', 'l', 'l', 'c', 'o', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "istheservicedown.co.uk", true */ 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "istheservicedown.com", true */ 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "istheservicedowncanada.com", true */ 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "isthnew.com", true */ 'i', 's', 't', 'h', 'n', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "istore.lt", true */ 'i', 's', 't', 'o', 'r', 'e', '.', 'l', 't', '\0', + /* "istorrent.is", true */ 'i', 's', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'i', 's', '\0', + /* "istschonsolangeinrente.de", true */ 'i', 's', 't', 's', 'c', 'h', 'o', 'n', 's', 'o', 'l', 'a', 'n', 'g', 'e', 'i', 'n', 'r', 'e', 'n', 't', 'e', '.', 'd', 'e', '\0', + /* "istsi.org", true */ 'i', 's', 't', 's', 'i', '.', 'o', 'r', 'g', '\0', + /* "isuzupartscenter.com", true */ 'i', 's', 'u', 'z', 'u', 'p', 'a', 'r', 't', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "isv.online", true */ 'i', 's', 'v', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "isvbscriptdead.com", true */ 'i', 's', 'v', 'b', 's', 'c', 'r', 'i', 'p', 't', 'd', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "isyu.xyz", true */ 'i', 's', 'y', 'u', '.', 'x', 'y', 'z', '\0', + /* "it-adminio.ru", true */ 'i', 't', '-', 'a', 'd', 'm', 'i', 'n', 'i', 'o', '.', 'r', 'u', '\0', + /* "it-fernau.com", true */ 'i', 't', '-', 'f', 'e', 'r', 'n', 'a', 'u', '.', 'c', 'o', 'm', '\0', + /* "it-jobbank.dk", true */ 'i', 't', '-', 'j', 'o', 'b', 'b', 'a', 'n', 'k', '.', 'd', 'k', '\0', + /* "it-kron.de", true */ 'i', 't', '-', 'k', 'r', 'o', 'n', '.', 'd', 'e', '\0', + /* "it-labor.info", true */ 'i', 't', '-', 'l', 'a', 'b', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "it-rotter.de", true */ 'i', 't', '-', 'r', 'o', 't', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "it-schamans.de", true */ 'i', 't', '-', 's', 'c', 'h', 'a', 'm', 'a', 'n', 's', '.', 'd', 'e', '\0', + /* "it-service24.at", true */ 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '2', '4', '.', 'a', 't', '\0', + /* "it-service24.ch", true */ 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '2', '4', '.', 'c', 'h', '\0', + /* "it-shamans.de", true */ 'i', 't', '-', 's', 'h', 'a', 'm', 'a', 'n', 's', '.', 'd', 'e', '\0', + /* "it-shamans.eu", true */ 'i', 't', '-', 's', 'h', 'a', 'm', 'a', 'n', 's', '.', 'e', 'u', '\0', + /* "it-sysoft.com", true */ 'i', 't', '-', 's', 'y', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "it-world.eu", true */ 'i', 't', '-', 'w', 'o', 'r', 'l', 'd', '.', 'e', 'u', '\0', + /* "it.search.yahoo.com", false */ 'i', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "itactiq.com", true */ 'i', 't', 'a', 'c', 't', 'i', 'q', '.', 'c', 'o', 'm', '\0', + /* "itactiq.info", true */ 'i', 't', 'a', 'c', 't', 'i', 'q', '.', 'i', 'n', 'f', 'o', '\0', + /* "ital-gamma.be", true */ 'i', 't', 'a', 'l', '-', 'g', 'a', 'm', 'm', 'a', '.', 'b', 'e', '\0', + /* "italia-store.com", true */ 'i', 't', 'a', 'l', 'i', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "italiachegioca.com", true */ 'i', 't', 'a', 'l', 'i', 'a', 'c', 'h', 'e', 'g', 'i', 'o', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "italian.dating", true */ 'i', 't', 'a', 'l', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "italianshoemanufacturers.com", true */ 'i', 't', 'a', 'l', 'i', 'a', 'n', 's', 'h', 'o', 'e', 'm', 'a', 'n', 'u', 'f', 'a', 'c', 't', 'u', 'r', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "italyinspires.com", true */ 'i', 't', 'a', 'l', 'y', 'i', 'n', 's', 'p', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "itamservices.nl", true */ 'i', 't', 'a', 'm', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'l', '\0', + /* "itb-online.co.uk", true */ 'i', 't', 'b', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "itbrief.co.nz", true */ 'i', 't', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "itbrief.com.au", true */ 'i', 't', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "itchimes.com", true */ 'i', 't', 'c', 'h', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "itchy.nl", true */ 'i', 't', 'c', 'h', 'y', '.', 'n', 'l', '\0', + /* "itcko.sk", true */ 'i', 't', 'c', 'k', 'o', '.', 's', 'k', '\0', + /* "itdashboard.gov", true */ 'i', 't', 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0', + /* "itds-consulting.com", true */ 'i', 't', 'd', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "itds-consulting.cz", true */ 'i', 't', 'd', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'z', '\0', + /* "itds-consulting.eu", true */ 'i', 't', 'd', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'e', 'u', '\0', + /* "itecor.net", true */ 'i', 't', 'e', 'c', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "iteecafe.hu", true */ 'i', 't', 'e', 'e', 'c', 'a', 'f', 'e', '.', 'h', 'u', '\0', + /* "iteha.de", true */ 'i', 't', 'e', 'h', 'a', '.', 'd', 'e', '\0', + /* "iteke.ml", true */ 'i', 't', 'e', 'k', 'e', '.', 'm', 'l', '\0', + /* "iteke.tk", true */ 'i', 't', 'e', 'k', 'e', '.', 't', 'k', '\0', + /* "iteli.eu", true */ 'i', 't', 'e', 'l', 'i', '.', 'e', 'u', '\0', + /* "iterader.com", true */ 'i', 't', 'e', 'r', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "iterror.co", true */ 'i', 't', 'e', 'r', 'r', 'o', 'r', '.', 'c', 'o', '\0', + /* "itfensi.net", true */ 'i', 't', 'f', 'e', 'n', 's', 'i', '.', 'n', 'e', 't', '\0', + /* "itfh.eu", true */ 'i', 't', 'f', 'h', '.', 'e', 'u', '\0', + /* "itfix.cz", true */ 'i', 't', 'f', 'i', 'x', '.', 'c', 'z', '\0', + /* "itforge.nl", true */ 'i', 't', 'f', 'o', 'r', 'g', 'e', '.', 'n', 'l', '\0', + /* "ithenrik.com", true */ 'i', 't', 'h', 'e', 'n', 'r', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "itilo.de", true */ 'i', 't', 'i', 'l', 'o', '.', 'd', 'e', '\0', + /* "itiomassagem.com.br", true */ 'i', 't', 'i', 'o', 'm', 'a', 's', 's', 'a', 'g', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "itis.gov", true */ 'i', 't', 'i', 's', '.', 'g', 'o', 'v', '\0', + /* "itis4u.ch", true */ 'i', 't', 'i', 's', '4', 'u', '.', 'c', 'h', '\0', + /* "itludens.com", true */ 'i', 't', 'l', 'u', 'd', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "itmanie.cz", true */ 'i', 't', 'm', 'a', 'n', 'i', 'e', '.', 'c', 'z', '\0', + /* "itneeds.tech", true */ 'i', 't', 'n', 'e', 'e', 'd', 's', '.', 't', 'e', 'c', 'h', '\0', + /* "itnews-bg.com", true */ 'i', 't', 'n', 'e', 'w', 's', '-', 'b', 'g', '.', 'c', 'o', 'm', '\0', + /* "itnota.com", true */ 'i', 't', 'n', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "itochan.jp", true */ 'i', 't', 'o', 'c', 'h', 'a', 'n', '.', 'j', 'p', '\0', + /* "itooky.com", true */ 'i', 't', 'o', 'o', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "itpro.ua", true */ 'i', 't', 'p', 'r', 'o', '.', 'u', 'a', '\0', + /* "itraveille.fr", true */ 'i', 't', 'r', 'a', 'v', 'e', 'i', 'l', 'l', 'e', '.', 'f', 'r', '\0', + /* "itring.pl", false */ 'i', 't', 'r', 'i', 'n', 'g', '.', 'p', 'l', '\0', + /* "itruss.com.tw", true */ 'i', 't', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "its-future.com", true */ 'i', 't', 's', '-', 'f', 'u', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "its-gutachten.de", true */ 'i', 't', 's', '-', 'g', 'u', 't', 'a', 'c', 'h', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "its-v.de", true */ 'i', 't', 's', '-', 'v', '.', 'd', 'e', '\0', + /* "its4living.com", true */ 'i', 't', 's', '4', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "itsabouncything.com", true */ 'i', 't', 's', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "itsanicedoor.co.uk", true */ 'i', 't', 's', 'a', 'n', 'i', 'c', 'e', 'd', 'o', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "itsasaja.com", true */ 'i', 't', 's', 'a', 's', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0', + /* "itsdcdn.com", true */ 'i', 't', 's', 'd', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0', + /* "itsecblog.de", true */ 'i', 't', 's', 'e', 'c', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "itsecguy.com", false */ 'i', 't', 's', 'e', 'c', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0', + /* "itsevident.com", true */ 'i', 't', 's', 'e', 'v', 'i', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "itsgoingdown.org", true */ 'i', 't', 's', 'g', 'o', 'i', 'n', 'g', 'd', 'o', 'w', 'n', '.', 'o', 'r', 'g', '\0', + /* "itshka.rv.ua", true */ 'i', 't', 's', 'h', 'k', 'a', '.', 'r', 'v', '.', 'u', 'a', '\0', + /* "itskayla.com", true */ 'i', 't', 's', 'k', 'a', 'y', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "itsmejohn.org", true */ 'i', 't', 's', 'm', 'e', 'j', 'o', 'h', 'n', '.', 'o', 'r', 'g', '\0', + /* "itsmyparty.ie", true */ 'i', 't', 's', 'm', 'y', 'p', 'a', 'r', 't', 'y', '.', 'i', 'e', '\0', + /* "itsnotquitethehilton.com", true */ 'i', 't', 's', 'n', 'o', 't', 'q', 'u', 'i', 't', 'e', 't', 'h', 'e', 'h', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "itsok.de", true */ 'i', 't', 's', 'o', 'k', '.', 'd', 'e', '\0', + /* "itspartytimeonline.co.uk", true */ 'i', 't', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "itspartytimesweetinflations.com", true */ 'i', 't', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', 's', 'w', 'e', 'e', 't', 'i', 'n', 'f', 'l', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "itspersonaltraining.nl", true */ 'i', 't', 's', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "itsryan.com", true */ 'i', 't', 's', 'r', 'y', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "itsstefan.eu", true */ 'i', 't', 's', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0', + /* "itstatic.tech", true */ 'i', 't', 's', 't', 'a', 't', 'i', 'c', '.', 't', 'e', 'c', 'h', '\0', + /* "itsupport-luzern.ch", true */ 'i', 't', 's', 'u', 'p', 'p', 'o', 'r', 't', '-', 'l', 'u', 'z', 'e', 'r', 'n', '.', 'c', 'h', '\0', + /* "itswincer.com", true */ 'i', 't', 's', 'w', 'i', 'n', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ittop-gabon.com", true */ 'i', 't', 't', 'o', 'p', '-', 'g', 'a', 'b', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "itzap.com.au", true */ 'i', 't', 'z', 'a', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "ivanbenito.com", true */ 'i', 'v', 'a', 'n', 'b', 'e', 'n', 'i', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "ivancacic.com", false */ 'i', 'v', 'a', 'n', 'c', 'a', 'c', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "ivanmeade.com", true */ 'i', 'v', 'a', 'n', 'm', 'e', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "ivaoru.org", true */ 'i', 'v', 'a', 'o', 'r', 'u', '.', 'o', 'r', 'g', '\0', + /* "ivfausland.de", true */ 'i', 'v', 'f', 'a', 'u', 's', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0', + /* "ivfmeds.com", true */ 'i', 'v', 'f', 'm', 'e', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "ivi-fertilite.fr", true */ 'i', 'v', 'i', '-', 'f', 'e', 'r', 't', 'i', 'l', 'i', 't', 'e', '.', 'f', 'r', '\0', + /* "ivi-fruchtbarkeit.de", true */ 'i', 'v', 'i', '-', 'f', 'r', 'u', 'c', 'h', 't', 'b', 'a', 'r', 'k', 'e', 'i', 't', '.', 'd', 'e', '\0', + /* "ivi.com.ar", true */ 'i', 'v', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "ivi.com.pa", true */ 'i', 'v', 'i', '.', 'c', 'o', 'm', '.', 'p', 'a', '\0', + /* "ivi.mx", true */ 'i', 'v', 'i', '.', 'm', 'x', '\0', + /* "ivi.net.br", true */ 'i', 'v', 'i', '.', 'n', 'e', 't', '.', 'b', 'r', '\0', + /* "ivi.pt", true */ 'i', 'v', 'i', '.', 'p', 't', '\0', + /* "ivinet.cl", true */ 'i', 'v', 'i', 'n', 'e', 't', '.', 'c', 'l', '\0', + /* "ivitalia.it", true */ 'i', 'v', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0', + /* "ivo.co.za", true */ 'i', 'v', 'o', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "ivor.io", true */ 'i', 'v', 'o', 'r', '.', 'i', 'o', '\0', + /* "ivor.is", true */ 'i', 'v', 'o', 'r', '.', 'i', 's', '\0', + /* "ivorvanhese.com", true */ 'i', 'v', 'o', 'r', 'v', 'a', 'n', 'h', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "ivorvanhese.nl", true */ 'i', 'v', 'o', 'r', 'v', 'a', 'n', 'h', 'e', 's', 'e', '.', 'n', 'l', '\0', + /* "ivpn.net", true */ 'i', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0', + /* "ivvl.ru", true */ 'i', 'v', 'v', 'l', '.', 'r', 'u', '\0', + /* "ivxv.ee", true */ 'i', 'v', 'x', 'v', '.', 'e', 'e', '\0', + /* "ivyshop.com.br", true */ 'i', 'v', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ivystech.com", true */ 'i', 'v', 'y', 's', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "iwader.co.uk", true */ 'i', 'w', 'a', 'd', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "iwalton.com", true */ 'i', 'w', 'a', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "iwell.de", true */ 'i', 'w', 'e', 'l', 'l', '.', 'd', 'e', '\0', + /* "iwex.swiss", true */ 'i', 'w', 'e', 'x', '.', 's', 'w', 'i', 's', 's', '\0', + /* "iwizerunek.pl", true */ 'i', 'w', 'i', 'z', 'e', 'r', 'u', 'n', 'e', 'k', '.', 'p', 'l', '\0', + /* "iwos.io", true */ 'i', 'w', 'o', 's', '.', 'i', 'o', '\0', + /* "iww.me", true */ 'i', 'w', 'w', '.', 'm', 'e', '\0', + /* "iww.mx", true */ 'i', 'w', 'w', '.', 'm', 'x', '\0', + /* "ixds.org", true */ 'i', 'x', 'd', 's', '.', 'o', 'r', 'g', '\0', + /* "ixio.cz", true */ 'i', 'x', 'i', 'o', '.', 'c', 'z', '\0', + /* "ixnext.de", true */ 'i', 'x', 'n', 'e', 'x', 't', '.', 'd', 'e', '\0', + /* "ixquick-proxy.com", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '-', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0', + /* "ixquick.co.uk", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ixquick.com", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "ixquick.de", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'd', 'e', '\0', + /* "ixquick.eu", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'e', 'u', '\0', + /* "ixquick.fr", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'f', 'r', '\0', + /* "ixquick.info", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "ixquick.nl", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'n', 'l', '\0', + /* "iyinolaashafa.com", true */ 'i', 'y', 'i', 'n', 'o', 'l', 'a', 'a', 's', 'h', 'a', 'f', 'a', '.', 'c', 'o', 'm', '\0', + /* "iz8mbw.net", true */ 'i', 'z', '8', 'm', 'b', 'w', '.', 'n', 'e', 't', '\0', + /* "izevg.ru", true */ 'i', 'z', 'e', 'v', 'g', '.', 'r', 'u', '\0', + /* "izodiacsigns.com", true */ 'i', 'z', 'o', 'd', 'i', 'a', 'c', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "izuba.info", true */ 'i', 'z', 'u', 'b', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "izumi.tv", true */ 'i', 'z', 'u', 'm', 'i', '.', 't', 'v', '\0', + /* "j-eck.nl", true */ 'j', '-', 'e', 'c', 'k', '.', 'n', 'l', '\0', + /* "j-elliott.co.uk", true */ 'j', '-', 'e', 'l', 'l', 'i', 'o', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "j-navi.com", true */ 'j', '-', 'n', 'a', 'v', 'i', '.', 'c', 'o', 'm', '\0', + /* "j0m.de", true */ 'j', '0', 'm', '.', 'd', 'e', '\0', + /* "j0s.at", true */ 'j', '0', 's', '.', 'a', 't', '\0', + /* "j0s.eu", true */ 'j', '0', 's', '.', 'e', 'u', '\0', + /* "j15t98j.co.uk", true */ 'j', '1', '5', 't', '9', '8', 'j', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "j2ee.cz", true */ 'j', '2', 'e', 'e', '.', 'c', 'z', '\0', + /* "j3e.de", true */ 'j', '3', 'e', '.', 'd', 'e', '\0', + /* "j8y.de", true */ 'j', '8', 'y', '.', 'd', 'e', '\0', + /* "ja-dyck.de", true */ 'j', 'a', '-', 'd', 'y', 'c', 'k', '.', 'd', 'e', '\0', + /* "ja.md", true */ 'j', 'a', '.', 'm', 'd', '\0', + /* "jaakkohannikainen.fi", true */ 'j', 'a', 'a', 'k', 'k', 'o', 'h', 'a', 'n', 'n', 'i', 'k', 'a', 'i', 'n', 'e', 'n', '.', 'f', 'i', '\0', + /* "jaalits.com", true */ 'j', 'a', 'a', 'l', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "jaaxypro.com", true */ 'j', 'a', 'a', 'x', 'y', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "jaba.hosting", true */ 'j', 'a', 'b', 'a', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0', + /* "jababu.cz", true */ 'j', 'a', 'b', 'a', 'b', 'u', '.', 'c', 'z', '\0', + /* "jabbari.io", true */ 'j', 'a', 'b', 'b', 'a', 'r', 'i', '.', 'i', 'o', '\0', + /* "jabbas.eu", true */ 'j', 'a', 'b', 'b', 'a', 's', '.', 'e', 'u', '\0', + /* "jabber.at", true */ 'j', 'a', 'b', 'b', 'e', 'r', '.', 'a', 't', '\0', + /* "jabberfr.org", true */ 'j', 'a', 'b', 'b', 'e', 'r', 'f', 'r', '.', 'o', 'r', 'g', '\0', + /* "jabberzac.org", true */ 'j', 'a', 'b', 'b', 'e', 'r', 'z', 'a', 'c', '.', 'o', 'r', 'g', '\0', + /* "jaberg-rutschi.ch", true */ 'j', 'a', 'b', 'e', 'r', 'g', '-', 'r', 'u', 't', 's', 'c', 'h', 'i', '.', 'c', 'h', '\0', + /* "jabergrutschi.ch", true */ 'j', 'a', 'b', 'e', 'r', 'g', 'r', 'u', 't', 's', 'c', 'h', 'i', '.', 'c', 'h', '\0', + /* "jability.ovh", true */ 'j', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'o', 'v', 'h', '\0', + /* "jabjab.de", true */ 'j', 'a', 'b', 'j', 'a', 'b', '.', 'd', 'e', '\0', + /* "jaccblog.com", true */ 'j', 'a', 'c', 'c', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "jacekowski.org", true */ 'j', 'a', 'c', 'e', 'k', 'o', 'w', 's', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "jackdawphoto.co.uk", true */ 'j', 'a', 'c', 'k', 'd', 'a', 'w', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jackdelik.de", true */ 'j', 'a', 'c', 'k', 'd', 'e', 'l', 'i', 'k', '.', 'd', 'e', '\0', + /* "jackf.me", true */ 'j', 'a', 'c', 'k', 'f', '.', 'm', 'e', '\0', + /* "jackingramnissanparts.com", true */ 'j', 'a', 'c', 'k', 'i', 'n', 'g', 'r', 'a', 'm', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "jackpothappy.com", true */ 'j', 'a', 'c', 'k', 'p', 'o', 't', 'h', 'a', 'p', 'p', 'y', '.', 'c', 'o', 'm', '\0', + /* "jackrusselterrier.com.br", true */ 'j', 'a', 'c', 'k', 'r', 'u', 's', 's', 'e', 'l', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "jackyliao123.tk", true */ 'j', 'a', 'c', 'k', 'y', 'l', 'i', 'a', 'o', '1', '2', '3', '.', 't', 'k', '\0', + /* "jackyyf.com", false */ 'j', 'a', 'c', 'k', 'y', 'y', 'f', '.', 'c', 'o', 'm', '\0', + /* "jaco.by", true */ 'j', 'a', 'c', 'o', '.', 'b', 'y', '\0', + /* "jacobhaug.com", true */ 'j', 'a', 'c', 'o', 'b', 'h', 'a', 'u', 'g', '.', 'c', 'o', 'm', '\0', + /* "jacobi-server.de", true */ 'j', 'a', 'c', 'o', 'b', 'i', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "jacobian.org", true */ 'j', 'a', 'c', 'o', 'b', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "jacobphono.com", true */ 'j', 'a', 'c', 'o', 'b', 'p', 'h', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "jacuzziprozone.com", true */ 'j', 'a', 'c', 'u', 'z', 'z', 'i', 'p', 'r', 'o', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "jadopado.com", true */ 'j', 'a', 'd', 'o', 'p', 'a', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "jaegerlacke.de", true */ 'j', 'a', 'e', 'g', 'e', 'r', 'l', 'a', 'c', 'k', 'e', '.', 'd', 'e', '\0', + /* "jagbouncycastles.co.uk", true */ 'j', 'a', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jagerman.com", true */ 'j', 'a', 'g', 'e', 'r', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "jaguarlandrover-asse.be", true */ 'j', 'a', 'g', 'u', 'a', 'r', 'l', 'a', 'n', 'd', 'r', 'o', 'v', 'e', 'r', '-', 'a', 's', 's', 'e', '.', 'b', 'e', '\0', + /* "jaguarlandrover-occasions.be", true */ 'j', 'a', 'g', 'u', 'a', 'r', 'l', 'a', 'n', 'd', 'r', 'o', 'v', 'e', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0', + /* "jaguarwong.xyz", true */ 'j', 'a', 'g', 'u', 'a', 'r', 'w', 'o', 'n', 'g', '.', 'x', 'y', 'z', '\0', + /* "jahanaisamu.com", true */ 'j', 'a', 'h', 'a', 'n', 'a', 'i', 's', 'a', 'm', 'u', '.', 'c', 'o', 'm', '\0', + /* "jahner.xyz", true */ 'j', 'a', 'h', 'n', 'e', 'r', '.', 'x', 'y', 'z', '\0', + /* "jahofmann.de", true */ 'j', 'a', 'h', 'o', 'f', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "jailbreakingisnotacrime.org", true */ 'j', 'a', 'i', 'l', 'b', 'r', 'e', 'a', 'k', 'i', 'n', 'g', 'i', 's', 'n', 'o', 't', 'a', 'c', 'r', 'i', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "jaispirit.com", false */ 'j', 'a', 'i', 's', 'p', 'i', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "jaitnetworking.com", false */ 'j', 'a', 'i', 't', 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "jakarta.dating", true */ 'j', 'a', 'k', 'a', 'r', 't', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "jake.eu.org", true */ 'j', 'a', 'k', 'e', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "jake.ml", true */ 'j', 'a', 'k', 'e', '.', 'm', 'l', '\0', + /* "jake.nom.za", true */ 'j', 'a', 'k', 'e', '.', 'n', 'o', 'm', '.', 'z', 'a', '\0', + /* "jakecurtis.de", true */ 'j', 'a', 'k', 'e', 'c', 'u', 'r', 't', 'i', 's', '.', 'd', 'e', '\0', + /* "jakeguild.com", true */ 'j', 'a', 'k', 'e', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "jakenbake.com", true */ 'j', 'a', 'k', 'e', 'n', 'b', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "jakereynolds.co", true */ 'j', 'a', 'k', 'e', 'r', 'e', 'y', 'n', 'o', 'l', 'd', 's', '.', 'c', 'o', '\0', + /* "jaketremper.com", true */ 'j', 'a', 'k', 'e', 't', 'r', 'e', 'm', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "jakewalker.xyz", true */ 'j', 'a', 'k', 'e', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'x', 'y', 'z', '\0', + /* "jakobejitblokaci.cz", true */ 'j', 'a', 'k', 'o', 'b', 'e', 'j', 'i', 't', 'b', 'l', 'o', 'k', 'a', 'c', 'i', '.', 'c', 'z', '\0', + /* "jakobkrigovsky.com", true */ 'j', 'a', 'k', 'o', 'b', 'k', 'r', 'i', 'g', 'o', 'v', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "jakobssystems.net", true */ 'j', 'a', 'k', 'o', 'b', 's', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'n', 'e', 't', '\0', + /* "jakpremyslet.cz", true */ 'j', 'a', 'k', 'p', 'r', 'e', 'm', 'y', 's', 'l', 'e', 't', '.', 'c', 'z', '\0', + /* "jaksch.biz", true */ 'j', 'a', 'k', 's', 'c', 'h', '.', 'b', 'i', 'z', '\0', + /* "jaksi.io", true */ 'j', 'a', 'k', 's', 'i', '.', 'i', 'o', '\0', + /* "jakub-boucek.cz", true */ 'j', 'a', 'k', 'u', 'b', '-', 'b', 'o', 'u', 'c', 'e', 'k', '.', 'c', 'z', '\0', + /* "jakubboucek.cz", true */ 'j', 'a', 'k', 'u', 'b', 'b', 'o', 'u', 'c', 'e', 'k', '.', 'c', 'z', '\0', + /* "jakubtopic.cz", true */ 'j', 'a', 'k', 'u', 'b', 't', 'o', 'p', 'i', 'c', '.', 'c', 'z', '\0', + /* "jakubvrba.cz", true */ 'j', 'a', 'k', 'u', 'b', 'v', 'r', 'b', 'a', '.', 'c', 'z', '\0', + /* "jamaat.hk", true */ 'j', 'a', 'm', 'a', 'a', 't', '.', 'h', 'k', '\0', + /* "jamberrynails.co.uk", true */ 'j', 'a', 'm', 'b', 'e', 'r', 'r', 'y', 'n', 'a', 'i', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "james-bell.co.uk", true */ 'j', 'a', 'm', 'e', 's', '-', 'b', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "james-loewen.com", true */ 'j', 'a', 'm', 'e', 's', '-', 'l', 'o', 'e', 'w', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "jamesachambers.com", true */ 'j', 'a', 'm', 'e', 's', 'a', 'c', 'h', 'a', 'm', 'b', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "jamesaimonetti.com", true */ 'j', 'a', 'm', 'e', 's', 'a', 'i', 'm', 'o', 'n', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "jamesbillingham.com", true */ 'j', 'a', 'm', 'e', 's', 'b', 'i', 'l', 'l', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "jamesbradach.com", false */ 'j', 'a', 'm', 'e', 's', 'b', 'r', 'a', 'd', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "jamesdorf.com", true */ 'j', 'a', 'm', 'e', 's', 'd', 'o', 'r', 'f', '.', 'c', 'o', 'm', '\0', + /* "jamesevans.is", true */ 'j', 'a', 'm', 'e', 's', 'e', 'v', 'a', 'n', 's', '.', 'i', 's', '\0', + /* "jamesgreenfield.com", true */ 'j', 'a', 'm', 'e', 's', 'g', 'r', 'e', 'e', 'n', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "jameshemmings.co.uk", true */ 'j', 'a', 'm', 'e', 's', 'h', 'e', 'm', 'm', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jameshost.net", true */ 'j', 'a', 'm', 'e', 's', 'h', 'o', 's', 't', '.', 'n', 'e', 't', '\0', + /* "jameshunt.us", false */ 'j', 'a', 'm', 'e', 's', 'h', 'u', 'n', 't', '.', 'u', 's', '\0', + /* "jamesj.me", true */ 'j', 'a', 'm', 'e', 's', 'j', '.', 'm', 'e', '\0', + /* "jamesmarsh.net", true */ 'j', 'a', 'm', 'e', 's', 'm', 'a', 'r', 's', 'h', '.', 'n', 'e', 't', '\0', + /* "jamesmcdonald.com", false */ 'j', 'a', 'm', 'e', 's', 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "jamesmilazzo.com", true */ 'j', 'a', 'm', 'e', 's', 'm', 'i', 'l', 'a', 'z', 'z', 'o', '.', 'c', 'o', 'm', '\0', + /* "jamesmorrison.me", true */ 'j', 'a', 'm', 'e', 's', 'm', 'o', 'r', 'r', 'i', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "jamesrains.com", true */ 'j', 'a', 'm', 'e', 's', 'r', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "jamesrussellward.co.uk", true */ 'j', 'a', 'm', 'e', 's', 'r', 'u', 's', 's', 'e', 'l', 'l', 'w', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jamessmith.me.uk", true */ 'j', 'a', 'm', 'e', 's', 's', 'm', 'i', 't', 'h', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "jameswarp.com", true */ 'j', 'a', 'm', 'e', 's', 'w', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "jamhost.org", true */ 'j', 'a', 'm', 'h', 'o', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "jamielinux.com", true */ 'j', 'a', 'm', 'i', 'e', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "jamiemagee.co.uk", true */ 'j', 'a', 'm', 'i', 'e', 'm', 'a', 'g', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jamiemagee.dk", true */ 'j', 'a', 'm', 'i', 'e', 'm', 'a', 'g', 'e', 'e', '.', 'd', 'k', '\0', + /* "jamiepeters.nl", true */ 'j', 'a', 'm', 'i', 'e', 'p', 'e', 't', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "jamieweb.net", true */ 'j', 'a', 'm', 'i', 'e', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0', + /* "jammucake.com", true */ 'j', 'a', 'm', 'm', 'u', 'c', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "jammysplodgers.co.uk", true */ 'j', 'a', 'm', 'm', 'y', 's', 'p', 'l', 'o', 'd', 'g', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jamon.ca", true */ 'j', 'a', 'm', 'o', 'n', '.', 'c', 'a', '\0', + /* "jamonsilva.com", true */ 'j', 'a', 'm', 'o', 'n', 's', 'i', 'l', 'v', 'a', '.', 'c', 'o', 'm', '\0', + /* "jamstatic.fr", false */ 'j', 'a', 'm', 's', 't', 'a', 't', 'i', 'c', '.', 'f', 'r', '\0', + /* "jamyeprice.com", true */ 'j', 'a', 'm', 'y', 'e', 'p', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "jan-bucher.ch", true */ 'j', 'a', 'n', '-', 'b', 'u', 'c', 'h', 'e', 'r', '.', 'c', 'h', '\0', + /* "jan-rieger.de", true */ 'j', 'a', 'n', '-', 'r', 'i', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "jan-von.de", true */ 'j', 'a', 'n', '-', 'v', 'o', 'n', '.', 'd', 'e', '\0', + /* "janada.cz", true */ 'j', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'z', '\0', + /* "janaundgeorgsagenja.eu", true */ 'j', 'a', 'n', 'a', 'u', 'n', 'd', 'g', 'e', 'o', 'r', 'g', 's', 'a', 'g', 'e', 'n', 'j', 'a', '.', 'e', 'u', '\0', + /* "janduchene.ch", true */ 'j', 'a', 'n', 'd', 'u', 'c', 'h', 'e', 'n', 'e', '.', 'c', 'h', '\0', + /* "janehamelgardendesign.co.uk", true */ 'j', 'a', 'n', 'e', 'h', 'a', 'm', 'e', 'l', 'g', 'a', 'r', 'd', 'e', 'n', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jangocloud.tk", true */ 'j', 'a', 'n', 'g', 'o', 'c', 'l', 'o', 'u', 'd', '.', 't', 'k', '\0', + /* "janheidler.dynv6.net", true */ 'j', 'a', 'n', 'h', 'e', 'i', 'd', 'l', 'e', 'r', '.', 'd', 'y', 'n', 'v', '6', '.', 'n', 'e', 't', '\0', + /* "jani.media", true */ 'j', 'a', 'n', 'i', '.', 'm', 'e', 'd', 'i', 'a', '\0', + /* "janiat.com", true */ 'j', 'a', 'n', 'i', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "janik.xyz", false */ 'j', 'a', 'n', 'i', 'k', '.', 'x', 'y', 'z', '\0', + /* "janjoris.nl", true */ 'j', 'a', 'n', 'j', 'o', 'r', 'i', 's', '.', 'n', 'l', '\0', + /* "jankoepsel.com", true */ 'j', 'a', 'n', 'k', 'o', 'e', 'p', 's', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "janmachynka.cz", true */ 'j', 'a', 'n', 'm', 'a', 'c', 'h', 'y', 'n', 'k', 'a', '.', 'c', 'z', '\0', + /* "jann.is", true */ 'j', 'a', 'n', 'n', '.', 'i', 's', '\0', + /* "jannisfink.de", true */ 'j', 'a', 'n', 'n', 'i', 's', 'f', 'i', 'n', 'k', '.', 'd', 'e', '\0', + /* "janoberst.com", false */ 'j', 'a', 'n', 'o', 'b', 'e', 'r', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "janokacer.sk", true */ 'j', 'a', 'n', 'o', 'k', 'a', 'c', 'e', 'r', '.', 's', 'k', '\0', + /* "janosh.com", true */ 'j', 'a', 'n', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "janschaumann.de", true */ 'j', 'a', 'n', 's', 'c', 'h', 'a', 'u', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "janssenwigman.nl", true */ 'j', 'a', 'n', 's', 's', 'e', 'n', 'w', 'i', 'g', 'm', 'a', 'n', '.', 'n', 'l', '\0', + /* "janverlaan.nl", true */ 'j', 'a', 'n', 'v', 'e', 'r', 'l', 'a', 'a', 'n', '.', 'n', 'l', '\0', + /* "jaot.info", true */ 'j', 'a', 'o', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "jap-nope.de", true */ 'j', 'a', 'p', '-', 'n', 'o', 'p', 'e', '.', 'd', 'e', '\0', + /* "japan4you.org", true */ 'j', 'a', 'p', 'a', 'n', '4', 'y', 'o', 'u', '.', 'o', 'r', 'g', '\0', + /* "japaneseemoticons.org", true */ 'j', 'a', 'p', 'a', 'n', 'e', 's', 'e', 'e', 'm', 'o', 't', 'i', 'c', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "japanesenames.biz", true */ 'j', 'a', 'p', 'a', 'n', 'e', 's', 'e', 'n', 'a', 'm', 'e', 's', '.', 'b', 'i', 'z', '\0', + /* "japaniac.de", false */ 'j', 'a', 'p', 'a', 'n', 'i', 'a', 'c', '.', 'd', 'e', '\0', + /* "japanphilosophy.com", true */ 'j', 'a', 'p', 'a', 'n', 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "japanwatches.xyz", true */ 'j', 'a', 'p', 'a', 'n', 'w', 'a', 't', 'c', 'h', 'e', 's', '.', 'x', 'y', 'z', '\0', + /* "jardin-exotique-rennes.fr", true */ 'j', 'a', 'r', 'd', 'i', 'n', '-', 'e', 'x', 'o', 't', 'i', 'q', 'u', 'e', '-', 'r', 'e', 'n', 'n', 'e', 's', '.', 'f', 'r', '\0', + /* "jardinderline.ch", true */ 'j', 'a', 'r', 'd', 'i', 'n', 'd', 'e', 'r', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0', + /* "jardiniersduminotaure.fr", true */ 'j', 'a', 'r', 'd', 'i', 'n', 'i', 'e', 'r', 's', 'd', 'u', 'm', 'i', 'n', 'o', 't', 'a', 'u', 'r', 'e', '.', 'f', 'r', '\0', + /* "jaredeberle.org", false */ 'j', 'a', 'r', 'e', 'd', 'e', 'b', 'e', 'r', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "jaredfernandez.com", true */ 'j', 'a', 'r', 'e', 'd', 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'e', 'z', '.', 'c', 'o', 'm', '\0', + /* "jarl.ninja", true */ 'j', 'a', 'r', 'l', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "jarniashop.se", true */ 'j', 'a', 'r', 'n', 'i', 'a', 's', 'h', 'o', 'p', '.', 's', 'e', '\0', + /* "jaroku.com", true */ 'j', 'a', 'r', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "jarondl.net", true */ 'j', 'a', 'r', 'o', 'n', 'd', 'l', '.', 'n', 'e', 't', '\0', + /* "jarrettgraham.com", true */ 'j', 'a', 'r', 'r', 'e', 't', 't', 'g', 'r', 'a', 'h', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "jarroba.com", true */ 'j', 'a', 'r', 'r', 'o', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "jas-team.net", true */ 'j', 'a', 's', '-', 't', 'e', 'a', 'm', '.', 'n', 'e', 't', '\0', + /* "jasl.works", true */ 'j', 'a', 's', 'l', '.', 'w', 'o', 'r', 'k', 's', '\0', + /* "jasmijnwagenaar.nl", true */ 'j', 'a', 's', 'm', 'i', 'j', 'n', 'w', 'a', 'g', 'e', 'n', 'a', 'a', 'r', '.', 'n', 'l', '\0', + /* "jasonamorrow.com", true */ 'j', 'a', 's', 'o', 'n', 'a', 'm', 'o', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "jasongerber.ch", true */ 'j', 'a', 's', 'o', 'n', 'g', 'e', 'r', 'b', 'e', 'r', '.', 'c', 'h', '\0', + /* "jasonian-photo.com", true */ 'j', 'a', 's', 'o', 'n', 'i', 'a', 'n', '-', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "jasonmili.online", true */ 'j', 'a', 's', 'o', 'n', 'm', 'i', 'l', 'i', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "jasonradin.com", true */ 'j', 'a', 's', 'o', 'n', 'r', 'a', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "jasonsansone.com", true */ 'j', 'a', 's', 'o', 'n', 's', 'a', 'n', 's', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "jasonwindholz.com", true */ 'j', 'a', 's', 'o', 'n', 'w', 'i', 'n', 'd', 'h', 'o', 'l', 'z', '.', 'c', 'o', 'm', '\0', + /* "jasperhammink.com", true */ 'j', 'a', 's', 'p', 'e', 'r', 'h', 'a', 'm', 'm', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "jasperhuttenmedia.com", true */ 'j', 'a', 's', 'p', 'e', 'r', 'h', 'u', 't', 't', 'e', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "javalestari.com", true */ 'j', 'a', 'v', 'a', 'l', 'e', 's', 't', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "javamilk.com", true */ 'j', 'a', 'v', 'a', 'm', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0', + /* "javfree.me", true */ 'j', 'a', 'v', 'f', 'r', 'e', 'e', '.', 'm', 'e', '\0', + /* "jawn.ca", true */ 'j', 'a', 'w', 'n', '.', 'c', 'a', '\0', + /* "jawnelodzkie.org.pl", true */ 'j', 'a', 'w', 'n', 'e', 'l', 'o', 'd', 'z', 'k', 'i', 'e', '.', 'o', 'r', 'g', '.', 'p', 'l', '\0', + /* "jaxageto.de", true */ 'j', 'a', 'x', 'a', 'g', 'e', 't', 'o', '.', 'd', 'e', '\0', + /* "jaycouture.com", true */ 'j', 'a', 'y', 'c', 'o', 'u', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "jayf.de", true */ 'j', 'a', 'y', 'f', '.', 'd', 'e', '\0', + /* "jayfreestone.com", true */ 'j', 'a', 'y', 'f', 'r', 'e', 'e', 's', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "jayharris.ca", true */ 'j', 'a', 'y', 'h', 'a', 'r', 'r', 'i', 's', '.', 'c', 'a', '\0', + /* "jaymecd.rocks", true */ 'j', 'a', 'y', 'm', 'e', 'c', 'd', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "jaytx.com", true */ 'j', 'a', 'y', 't', 'x', '.', 'c', 'o', 'm', '\0', + /* "jayxon.com", true */ 'j', 'a', 'y', 'x', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "jayxu.com", true */ 'j', 'a', 'y', 'x', 'u', '.', 'c', 'o', 'm', '\0', + /* "jazz-alliance.com", true */ 'j', 'a', 'z', 'z', '-', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "jazz-alliance.org", true */ 'j', 'a', 'z', 'z', '-', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "jazzanet.com", true */ 'j', 'a', 'z', 'z', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "jazzinutrecht.info", true */ 'j', 'a', 'z', 'z', 'i', 'n', 'u', 't', 'r', 'e', 'c', 'h', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "jazzncheese.com", true */ 'j', 'a', 'z', 'z', 'n', 'c', 'h', 'e', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "jazzy.id.au", true */ 'j', 'a', 'z', 'z', 'y', '.', 'i', 'd', '.', 'a', 'u', '\0', + /* "jazzy.pro", true */ 'j', 'a', 'z', 'z', 'y', '.', 'p', 'r', 'o', '\0', + /* "jazzysumi.com", true */ 'j', 'a', 'z', 'z', 'y', 's', 'u', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "jbbd.fr", true */ 'j', 'b', 'b', 'd', '.', 'f', 'r', '\0', + /* "jbradaric.me", true */ 'j', 'b', 'r', 'a', 'd', 'a', 'r', 'i', 'c', '.', 'm', 'e', '\0', + /* "jbs-jardins.ch", true */ 'j', 'b', 's', '-', 'j', 'a', 'r', 'd', 'i', 'n', 's', '.', 'c', 'h', '\0', + /* "jbsinternational.com", true */ 'j', 'b', 's', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "jbt-stl.com", true */ 'j', 'b', 't', '-', 's', 't', 'l', '.', 'c', 'o', 'm', '\0', + /* "jcaicedo.com", true */ 'j', 'c', 'a', 'i', 'c', 'e', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "jcaicedo.tk", true */ 'j', 'c', 'a', 'i', 'c', 'e', 'd', 'o', '.', 't', 'k', '\0', + /* "jcwodan.nl", true */ 'j', 'c', 'w', 'o', 'd', 'a', 'n', '.', 'n', 'l', '\0', + /* "jcyz.cf", true */ 'j', 'c', 'y', 'z', '.', 'c', 'f', '\0', + /* "jd-group.co.uk", true */ 'j', 'd', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jd1.de", true */ 'j', 'd', '1', '.', 'd', 'e', '\0', + /* "jdassets.com", true */ 'j', 'd', 'a', 's', 's', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "jdc.io", true */ 'j', 'd', 'c', '.', 'i', 'o', '\0', + /* "jdcdirectsales.com", true */ 'j', 'd', 'c', 'd', 'i', 'r', 'e', 'c', 't', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "jdcdirectsales.com.ph", true */ 'j', 'd', 'c', 'd', 'i', 'r', 'e', 'c', 't', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0', + /* "jdcgroup.com.ph", true */ 'j', 'd', 'c', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0', + /* "jdh8.org", true */ 'j', 'd', 'h', '8', '.', 'o', 'r', 'g', '\0', + /* "jdheysupplies.co.uk", true */ 'j', 'd', 'h', 'e', 'y', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jdjohnsonmedia.com", true */ 'j', 'd', 'j', 'o', 'h', 'n', 's', 'o', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "jdncr.com", true */ 'j', 'd', 'n', 'c', 'r', '.', 'c', 'o', 'm', '\0', + /* "jdoi.pw", true */ 'j', 'd', 'o', 'i', '.', 'p', 'w', '\0', + /* "jdoiron.me", true */ 'j', 'd', 'o', 'i', 'r', 'o', 'n', '.', 'm', 'e', '\0', + /* "jdpleisure.co.uk", true */ 'j', 'd', 'p', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jdscastlehire.co.uk", true */ 'j', 'd', 's', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jdsf.tk", true */ 'j', 'd', 's', 'f', '.', 't', 'k', '\0', + /* "jdtic.com", true */ 'j', 'd', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "jdubya.info", true */ 'j', 'd', 'u', 'b', 'y', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "je-vends.fr", true */ 'j', 'e', '-', 'v', 'e', 'n', 'd', 's', '.', 'f', 'r', '\0', + /* "je2050.de", true */ 'j', 'e', '2', '0', '5', '0', '.', 'd', 'e', '\0', + /* "jean-remy.ch", true */ 'j', 'e', 'a', 'n', '-', 'r', 'e', 'm', 'y', '.', 'c', 'h', '\0', + /* "jeancardeno.com", true */ 'j', 'e', 'a', 'n', 'c', 'a', 'r', 'd', 'e', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "jeandanielfaessler.ch", true */ 'j', 'e', 'a', 'n', 'd', 'a', 'n', 'i', 'e', 'l', 'f', 'a', 'e', 's', 's', 'l', 'e', 'r', '.', 'c', 'h', '\0', + /* "jeankygourmet.com", true */ 'j', 'e', 'a', 'n', 'k', 'y', 'g', 'o', 'u', 'r', 'm', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "jeanmarieayer.ch", true */ 'j', 'e', 'a', 'n', 'm', 'a', 'r', 'i', 'e', 'a', 'y', 'e', 'r', '.', 'c', 'h', '\0', + /* "jeannecalment.com", true */ 'j', 'e', 'a', 'n', 'n', 'e', 'c', 'a', 'l', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "jeannelucienne.fr", true */ 'j', 'e', 'a', 'n', 'n', 'e', 'l', 'u', 'c', 'i', 'e', 'n', 'n', 'e', '.', 'f', 'r', '\0', + /* "jeanneret-combustibles.ch", true */ 'j', 'e', 'a', 'n', 'n', 'e', 'r', 'e', 't', '-', 'c', 'o', 'm', 'b', 'u', 's', 't', 'i', 'b', 'l', 'e', 's', '.', 'c', 'h', '\0', + /* "jec-dekrone.be", true */ 'j', 'e', 'c', '-', 'd', 'e', 'k', 'r', 'o', 'n', 'e', '.', 'b', 'e', '\0', + /* "jedepannetonordi.fr", true */ 'j', 'e', 'd', 'e', 'p', 'a', 'n', 'n', 'e', 't', 'o', 'n', 'o', 'r', 'd', 'i', '.', 'f', 'r', '\0', + /* "jedidiah.eu", true */ 'j', 'e', 'd', 'i', 'd', 'i', 'a', 'h', '.', 'e', 'u', '\0', + /* "jedipedia.net", true */ 'j', 'e', 'd', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "jediweb.com.au", true */ 'j', 'e', 'd', 'i', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "jedwarddurrett.com", true */ 'j', 'e', 'd', 'w', 'a', 'r', 'd', 'd', 'u', 'r', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "jeec.ist", true */ 'j', 'e', 'e', 'c', '.', 'i', 's', 't', '\0', + /* "jeepmafia.com", true */ 'j', 'e', 'e', 'p', 'm', 'a', 'f', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "jeff.forsale", true */ 'j', 'e', 'f', 'f', '.', 'f', 'o', 'r', 's', 'a', 'l', 'e', '\0', + /* "jeff.is", true */ 'j', 'e', 'f', 'f', '.', 'i', 's', '\0', + /* "jeffanderson.me", true */ 'j', 'e', 'f', 'f', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "jeffcasavant.com", false */ 'j', 'e', 'f', 'f', 'c', 'a', 's', 'a', 'v', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "jeffersonregan.co.uk", true */ 'j', 'e', 'f', 'f', 'e', 'r', 's', 'o', 'n', 'r', 'e', 'g', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jeffersonregan.com", true */ 'j', 'e', 'f', 'f', 'e', 'r', 's', 'o', 'n', 'r', 'e', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "jeffersonregan.net", true */ 'j', 'e', 'f', 'f', 'e', 'r', 's', 'o', 'n', 'r', 'e', 'g', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "jeffhuxley.com", true */ 'j', 'e', 'f', 'f', 'h', 'u', 'x', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "jeffmcneill.com", true */ 'j', 'e', 'f', 'f', 'm', 'c', 'n', 'e', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "jeffri.me", true */ 'j', 'e', 'f', 'f', 'r', 'i', '.', 'm', 'e', '\0', + /* "jeffsanders.com", true */ 'j', 'e', 'f', 'f', 's', 'a', 'n', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "jefftickle.com", true */ 'j', 'e', 'f', 'f', 't', 'i', 'c', 'k', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "jefrydco.id", true */ 'j', 'e', 'f', 'r', 'y', 'd', 'c', 'o', '.', 'i', 'd', '\0', + /* "jekhar.com", true */ 'j', 'e', 'k', 'h', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "jekkt.com", true */ 'j', 'e', 'k', 'k', 't', '.', 'c', 'o', 'm', '\0', + /* "jelena-adeli.com", true */ 'j', 'e', 'l', 'e', 'n', 'a', '-', 'a', 'd', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "jelewa.de", true */ 'j', 'e', 'l', 'e', 'w', 'a', '.', 'd', 'e', '\0', + /* "jell.ie", true */ 'j', 'e', 'l', 'l', '.', 'i', 'e', '\0', + /* "jelleglebbeek.com", true */ 'j', 'e', 'l', 'l', 'e', 'g', 'l', 'e', 'b', 'b', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "jelly.cz", true */ 'j', 'e', 'l', 'l', 'y', '.', 'c', 'z', '\0', + /* "jellybeanbooks.com.au", true */ 'j', 'e', 'l', 'l', 'y', 'b', 'e', 'a', 'n', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "jelmer.co.uk", true */ 'j', 'e', 'l', 'm', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jelmer.uk", true */ 'j', 'e', 'l', 'm', 'e', 'r', '.', 'u', 'k', '\0', + /* "jemangeducheval.com", true */ 'j', 'e', 'm', 'a', 'n', 'g', 'e', 'd', 'u', 'c', 'h', 'e', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "jembatankarir.com", true */ 'j', 'e', 'm', 'b', 'a', 't', 'a', 'n', 'k', 'a', 'r', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "jemoticons.com", true */ 'j', 'e', 'm', 'o', 't', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "jena.space", true */ 'j', 'e', 'n', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "jennedebleser.com", false */ 'j', 'e', 'n', 'n', 'e', 'd', 'e', 'b', 'l', 'e', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "jennifersauer.nl", true */ 'j', 'e', 'n', 'n', 'i', 'f', 'e', 'r', 's', 'a', 'u', 'e', 'r', '.', 'n', 'l', '\0', + /* "jennybeaned.com", true */ 'j', 'e', 'n', 'n', 'y', 'b', 'e', 'a', 'n', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "jennythebaker.com", true */ 'j', 'e', 'n', 'n', 'y', 't', 'h', 'e', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "jenolson.net", true */ 'j', 'e', 'n', 'o', 'l', 's', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "jenprace.cz", true */ 'j', 'e', 'n', 'p', 'r', 'a', 'c', 'e', '.', 'c', 'z', '\0', + /* "jensrex.dk", true */ 'j', 'e', 'n', 's', 'r', 'e', 'x', '.', 'd', 'k', '\0', + /* "jepertinger-itconsulting.de", true */ 'j', 'e', 'p', 'e', 'r', 't', 'i', 'n', 'g', 'e', 'r', '-', 'i', 't', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "jeproteste.info", true */ 'j', 'e', 'p', 'r', 'o', 't', 'e', 's', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "jeremiahbenes.com", true */ 'j', 'e', 'r', 'e', 'm', 'i', 'a', 'h', 'b', 'e', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "jeremy-chen.org", true */ 'j', 'e', 'r', 'e', 'm', 'y', '-', 'c', 'h', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "jeremy.hu", true */ 'j', 'e', 'r', 'e', 'm', 'y', '.', 'h', 'u', '\0', + /* "jeremybentham.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'b', 'e', 'n', 't', 'h', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "jeremycantu.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'c', 'a', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0', + /* "jeremycrews.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'c', 'r', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "jeremyness.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "jermann.biz", true */ 'j', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'b', 'i', 'z', '\0', + /* "jerodslay.com", false */ 'j', 'e', 'r', 'o', 'd', 's', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "jeroendeneef.com", true */ 'j', 'e', 'r', 'o', 'e', 'n', 'd', 'e', 'n', 'e', 'e', 'f', '.', 'c', 'o', 'm', '\0', + /* "jeroenensanne.wedding", true */ 'j', 'e', 'r', 'o', 'e', 'n', 'e', 'n', 's', 'a', 'n', 'n', 'e', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0', + /* "jeroenvanderwal.nl", true */ 'j', 'e', 'r', 'o', 'e', 'n', 'v', 'a', 'n', 'd', 'e', 'r', 'w', 'a', 'l', '.', 'n', 'l', '\0', + /* "jerrypau.ca", true */ 'j', 'e', 'r', 'r', 'y', 'p', 'a', 'u', '.', 'c', 'a', '\0', + /* "jerryyu.ca", true */ 'j', 'e', 'r', 'r', 'y', 'y', 'u', '.', 'c', 'a', '\0', + /* "jerseybikehire.co.uk", true */ 'j', 'e', 'r', 's', 'e', 'y', 'b', 'i', 'k', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jerseyjumpingbeans.co.uk", true */ 'j', 'e', 'r', 's', 'e', 'y', 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'b', 'e', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jerseylvi2013.org", true */ 'j', 'e', 'r', 's', 'e', 'y', 'l', 'v', 'i', '2', '0', '1', '3', '.', 'o', 'r', 'g', '\0', + /* "jesse3.com", true */ 'j', 'e', 's', 's', 'e', '3', '.', 'c', 'o', 'm', '\0', + /* "jesseerbach.com", true */ 'j', 'e', 's', 's', 'e', 'e', 'r', 'b', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "jessekaufman.com", true */ 'j', 'e', 's', 's', 'e', 'k', 'a', 'u', 'f', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "jessesjumpingcastles.co.uk", true */ 'j', 'e', 's', 's', 'e', 's', 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jessevictors.com", true */ 'j', 'e', 's', 's', 'e', 'v', 'i', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "jessgranger.com", true */ 'j', 'e', 's', 's', 'g', 'r', 'a', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "jesters-court.net", true */ 'j', 'e', 's', 't', 'e', 'r', 's', '-', 'c', 'o', 'u', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "jesuisadmin.fr", true */ 'j', 'e', 's', 'u', 'i', 's', 'a', 'd', 'm', 'i', 'n', '.', 'f', 'r', '\0', + /* "jesuslucas.com", true */ 'j', 'e', 's', 'u', 's', 'l', 'u', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "jet-stream.fr", true */ 'j', 'e', 't', '-', 's', 't', 'r', 'e', 'a', 'm', '.', 'f', 'r', '\0', + /* "jetbbs.com", true */ 'j', 'e', 't', 'b', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "jetkittens.co.uk", true */ 'j', 'e', 't', 'k', 'i', 't', 't', 'e', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jetmirshatri.com", true */ 'j', 'e', 't', 'm', 'i', 'r', 's', 'h', 'a', 't', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "jetsetboyz.net", true */ 'j', 'e', 't', 's', 'e', 't', 'b', 'o', 'y', 'z', '.', 'n', 'e', 't', '\0', + /* "jetsieswerda.nl", true */ 'j', 'e', 't', 's', 'i', 'e', 's', 'w', 'e', 'r', 'd', 'a', '.', 'n', 'l', '\0', + /* "jetwhiz.com", true */ 'j', 'e', 't', 'w', 'h', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "jetzt-elektromobil.de", true */ 'j', 'e', 't', 'z', 't', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 'm', 'o', 'b', 'i', 'l', '.', 'd', 'e', '\0', + /* "jeugdkans.nl", true */ 'j', 'e', 'u', 'g', 'd', 'k', 'a', 'n', 's', '.', 'n', 'l', '\0', + /* "jeuxetcodes.fr", true */ 'j', 'e', 'u', 'x', 'e', 't', 'c', 'o', 'd', 'e', 's', '.', 'f', 'r', '\0', + /* "jeva.nl", true */ 'j', 'e', 'v', 'a', '.', 'n', 'l', '\0', + /* "jevisite.ca", true */ 'j', 'e', 'v', 'i', 's', 'i', 't', 'e', '.', 'c', 'a', '\0', + /* "jeweet.net", true */ 'j', 'e', 'w', 'e', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "jewishboyscouts.com", true */ 'j', 'e', 'w', 'i', 's', 'h', 'b', 'o', 'y', 's', 'c', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "jez.nl", true */ 'j', 'e', 'z', '.', 'n', 'l', '\0', + /* "jf-projects.de", false */ 'j', 'f', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'd', 'e', '\0', + /* "jfmhero.me", true */ 'j', 'f', 'm', 'h', 'e', 'r', 'o', '.', 'm', 'e', '\0', + /* "jfr.im", true */ 'j', 'f', 'r', '.', 'i', 'm', '\0', + /* "jfreitag.de", true */ 'j', 'f', 'r', 'e', 'i', 't', 'a', 'g', '.', 'd', 'e', '\0', + /* "jgid.de", true */ 'j', 'g', 'i', 'd', '.', 'd', 'e', '\0', + /* "jgke.fi", true */ 'j', 'g', 'k', 'e', '.', 'f', 'i', '\0', + /* "jgwb.de", true */ 'j', 'g', 'w', 'b', '.', 'd', 'e', '\0', + /* "jgwb.eu", true */ 'j', 'g', 'w', 'b', '.', 'e', 'u', '\0', + /* "jhalderm.com", true */ 'j', 'h', 'a', 'l', 'd', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "jhaveri.net", true */ 'j', 'h', 'a', 'v', 'e', 'r', 'i', '.', 'n', 'e', 't', '\0', + /* "jhcommunitysports.co.uk", true */ 'j', 'h', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jhe.li", true */ 'j', 'h', 'e', '.', 'l', 'i', '\0', + /* "jhermsmeier.de", true */ 'j', 'h', 'e', 'r', 'm', 's', 'm', 'e', 'i', 'e', 'r', '.', 'd', 'e', '\0', + /* "jhollandtranslations.com", true */ 'j', 'h', 'o', 'l', 'l', 'a', 'n', 'd', 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "jhuang.me", true */ 'j', 'h', 'u', 'a', 'n', 'g', '.', 'm', 'e', '\0', + /* "jhwestover.com", true */ 'j', 'h', 'w', 'e', 's', 't', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "jianjia.io", false */ 'j', 'i', 'a', 'n', 'j', 'i', 'a', '.', 'i', 'o', '\0', + /* "jianyuan.pro", true */ 'j', 'i', 'a', 'n', 'y', 'u', 'a', 'n', '.', 'p', 'r', 'o', '\0', + /* "jichi.io", true */ 'j', 'i', 'c', 'h', 'i', '.', 'i', 'o', '\0', + /* "jie.dance", true */ 'j', 'i', 'e', '.', 'd', 'a', 'n', 'c', 'e', '\0', + /* "jigsawdevelopments.com", true */ 'j', 'i', 'g', 's', 'a', 'w', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "jimbraaten.com", true */ 'j', 'i', 'm', 'b', 'r', 'a', 'a', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "jimbutlerkiaparts.com", true */ 'j', 'i', 'm', 'b', 'u', 't', 'l', 'e', 'r', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "jimdorf.com", true */ 'j', 'i', 'm', 'd', 'o', 'r', 'f', '.', 'c', 'o', 'm', '\0', + /* "jimmycai.com", true */ 'j', 'i', 'm', 'm', 'y', 'c', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "jimmycn.com", true */ 'j', 'i', 'm', 'm', 'y', 'c', 'n', '.', 'c', 'o', 'm', '\0', + /* "jimmynelson.com", true */ 'j', 'i', 'm', 'm', 'y', 'n', 'e', 'l', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "jimmyroura.ch", true */ 'j', 'i', 'm', 'm', 'y', 'r', 'o', 'u', 'r', 'a', '.', 'c', 'h', '\0', + /* "jimshaver.net", true */ 'j', 'i', 'm', 's', 'h', 'a', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "jimslop.nl", true */ 'j', 'i', 'm', 's', 'l', 'o', 'p', '.', 'n', 'l', '\0', + /* "jinancy.fr", true */ 'j', 'i', 'n', 'a', 'n', 'c', 'y', '.', 'f', 'r', '\0', + /* "jinanshen.com", true */ 'j', 'i', 'n', 'a', 'n', 's', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "jinbo123.com", false */ 'j', 'i', 'n', 'b', 'o', '1', '2', '3', '.', 'c', 'o', 'm', '\0', + /* "jinbowiki.org", true */ 'j', 'i', 'n', 'b', 'o', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "jing.su", true */ 'j', 'i', 'n', 'g', '.', 's', 'u', '\0', + /* "jingjo.com.au", true */ 'j', 'i', 'n', 'g', 'j', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "jinja.ai", true */ 'j', 'i', 'n', 'j', 'a', '.', 'a', 'i', '\0', + /* "jinkuru.net", true */ 'j', 'i', 'n', 'k', 'u', 'r', 'u', '.', 'n', 'e', 't', '\0', + /* "jinliming.ml", true */ 'j', 'i', 'n', 'l', 'i', 'm', 'i', 'n', 'g', '.', 'm', 'l', '\0', + /* "jino-jossy.appspot.com", true */ 'j', 'i', 'n', 'o', '-', 'j', 'o', 's', 's', 'y', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "jinshuju.net", true */ 'j', 'i', 'n', 's', 'h', 'u', 'j', 'u', '.', 'n', 'e', 't', '\0', + /* "jiogo.com", true */ 'j', 'i', 'o', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "jira.com", true */ 'j', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "jirav.com", true */ 'j', 'i', 'r', 'a', 'v', '.', 'c', 'o', 'm', '\0', + /* "jiripudil.cz", true */ 'j', 'i', 'r', 'i', 'p', 'u', 'd', 'i', 'l', '.', 'c', 'z', '\0', + /* "jiveiaktivno.bg", true */ 'j', 'i', 'v', 'e', 'i', 'a', 'k', 't', 'i', 'v', 'n', 'o', '.', 'b', 'g', '\0', + /* "jixun.moe", true */ 'j', 'i', 'x', 'u', 'n', '.', 'm', 'o', 'e', '\0', + /* "jiyusu.com", true */ 'j', 'i', 'y', 'u', 's', 'u', '.', 'c', 'o', 'm', '\0', + /* "jiyuu-ni.com", true */ 'j', 'i', 'y', 'u', 'u', '-', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "jiyuu-ni.net", true */ 'j', 'i', 'y', 'u', 'u', '-', 'n', 'i', '.', 'n', 'e', 't', '\0', + /* "jjj.blog", true */ 'j', 'j', 'j', '.', 'b', 'l', 'o', 'g', '\0', + /* "jjspartyhire.co.uk", true */ 'j', 'j', 's', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jjspartytime.co.uk", true */ 'j', 'j', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jjvanoorschot.nl", true */ 'j', 'j', 'v', 'a', 'n', 'o', 'o', 'r', 's', 'c', 'h', 'o', 't', '.', 'n', 'l', '\0', + /* "jk-entertainment.biz", true */ 'j', 'k', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'b', 'i', 'z', '\0', + /* "jkchocolate.com", true */ 'j', 'k', 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "jkest.cc", true */ 'j', 'k', 'e', 's', 't', '.', 'c', 'c', '\0', + /* "jkinteriorspa.com", true */ 'j', 'k', 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "jkirsche.com", true */ 'j', 'k', 'i', 'r', 's', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "jkng.eu", true */ 'j', 'k', 'n', 'g', '.', 'e', 'u', '\0', + /* "jkrippen.com", true */ 'j', 'k', 'r', 'i', 'p', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "jlhmedia.com", true */ 'j', 'l', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "jlkhosting.com", true */ 'j', 'l', 'k', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "jlponsetto.com", true */ 'j', 'l', 'p', 'o', 'n', 's', 'e', 't', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "jlr-luxembourg.com", true */ 'j', 'l', 'r', '-', 'l', 'u', 'x', 'e', 'm', 'b', 'o', 'u', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "jltctech.com", true */ 'j', 'l', 't', 'c', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "jm-bea.net", true */ 'j', 'm', '-', 'b', 'e', 'a', '.', 'n', 'e', 't', '\0', + /* "jmalarcon.es", true */ 'j', 'm', 'a', 'l', 'a', 'r', 'c', 'o', 'n', '.', 'e', 's', '\0', + /* "jmarciniak.it", true */ 'j', 'm', 'a', 'r', 'c', 'i', 'n', 'i', 'a', 'k', '.', 'i', 't', '\0', + /* "jmb.lc", true */ 'j', 'm', 'b', '.', 'l', 'c', '\0', + /* "jmcashngold.com.au", true */ 'j', 'm', 'c', 'a', 's', 'h', 'n', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "jmcleaning.services", true */ 'j', 'm', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0', + /* "jmedved.com", true */ 'j', 'm', 'e', 'd', 'v', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "jmentertainment.co.uk", true */ 'j', 'm', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jmk.hu", true */ 'j', 'm', 'k', '.', 'h', 'u', '\0', + /* "jmotion.co.uk", true */ 'j', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jmpb.hu", true */ 'j', 'm', 'p', 'b', '.', 'h', 'u', '\0', + /* "jmpmotorsport.co.uk", true */ 'j', 'm', 'p', 'm', 'o', 't', 'o', 'r', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jmsolodesigns.com", true */ 'j', 'm', 's', 'o', 'l', 'o', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "jmssg.jp", true */ 'j', 'm', 's', 's', 'g', '.', 'j', 'p', '\0', + /* "jmvbmx.ch", true */ 'j', 'm', 'v', 'b', 'm', 'x', '.', 'c', 'h', '\0', + /* "jmvdigital.com", true */ 'j', 'm', 'v', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "jncde.de", true */ 'j', 'n', 'c', 'd', 'e', '.', 'd', 'e', '\0', + /* "jncie.de", true */ 'j', 'n', 'c', 'i', 'e', '.', 'd', 'e', '\0', + /* "jncie.eu", true */ 'j', 'n', 'c', 'i', 'e', '.', 'e', 'u', '\0', + /* "jncip.de", true */ 'j', 'n', 'c', 'i', 'p', '.', 'd', 'e', '\0', + /* "jnjdj.com", true */ 'j', 'n', 'j', 'd', 'j', '.', 'c', 'o', 'm', '\0', + /* "jnm-art.com", true */ 'j', 'n', 'm', '-', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "joa-ebert.com", true */ 'j', 'o', 'a', '-', 'e', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "joaosampaio.com.br", true */ 'j', 'o', 'a', 'o', 's', 'a', 'm', 'p', 'a', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "joaquimgoliveira.pt", true */ 'j', 'o', 'a', 'q', 'u', 'i', 'm', 'g', 'o', 'l', 'i', 'v', 'e', 'i', 'r', 'a', '.', 'p', 't', '\0', + /* "job-offer.de", true */ 'j', 'o', 'b', '-', 'o', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0', + /* "jobbkk.com", true */ 'j', 'o', 'b', 'b', 'k', 'k', '.', 'c', 'o', 'm', '\0', + /* "jobbsafari.no", true */ 'j', 'o', 'b', 'b', 's', 'a', 'f', 'a', 'r', 'i', '.', 'n', 'o', '\0', + /* "jobbsafari.se", true */ 'j', 'o', 'b', 'b', 's', 'a', 'f', 'a', 'r', 'i', '.', 's', 'e', '\0', + /* "jobindex.dk", true */ 'j', 'o', 'b', 'i', 'n', 'd', 'e', 'x', '.', 'd', 'k', '\0', + /* "joblife.co.za", true */ 'j', 'o', 'b', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "jobmob.co.il", true */ 'j', 'o', 'b', 'm', 'o', 'b', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "jobs-in-tech.com", true */ 'j', 'o', 'b', 's', '-', 'i', 'n', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "jobs.at", true */ 'j', 'o', 'b', 's', '.', 'a', 't', '\0', + /* "jobs.ch", true */ 'j', 'o', 'b', 's', '.', 'c', 'h', '\0', + /* "jobs4sales.ch", true */ 'j', 'o', 'b', 's', '4', 's', 'a', 'l', 'e', 's', '.', 'c', 'h', '\0', + /* "jobseekeritalia.it", true */ 'j', 'o', 'b', 's', 'e', 'e', 'k', 'e', 'r', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0', + /* "jobsuchmaschine.ch", true */ 'j', 'o', 'b', 's', 'u', 'c', 'h', 'm', 'a', 's', 'c', 'h', 'i', 'n', 'e', '.', 'c', 'h', '\0', + /* "jobtestprep.de", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'd', 'e', '\0', + /* "jobtestprep.dk", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'd', 'k', '\0', + /* "jobtestprep.fr", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'f', 'r', '\0', + /* "jobtestprep.it", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'i', 't', '\0', + /* "jobtestprep.nl", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'n', 'l', '\0', + /* "jobtestprep.se", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 's', 'e', '\0', + /* "jobwinner.ch", true */ 'j', 'o', 'b', 'w', 'i', 'n', 'n', 'e', 'r', '.', 'c', 'h', '\0', + /* "jobzninja.com", true */ 'j', 'o', 'b', 'z', 'n', 'i', 'n', 'j', 'a', '.', 'c', 'o', 'm', '\0', + /* "jodel.ninja", true */ 'j', 'o', 'd', 'e', 'l', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "jodlajodla.si", true */ 'j', 'o', 'd', 'l', 'a', 'j', 'o', 'd', 'l', 'a', '.', 's', 'i', '\0', + /* "joduska.me", true */ 'j', 'o', 'd', 'u', 's', 'k', 'a', '.', 'm', 'e', '\0', + /* "jodyboucher.com", true */ 'j', 'o', 'd', 'y', 'b', 'o', 'u', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "joe-pagan.com", true */ 'j', 'o', 'e', '-', 'p', 'a', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "joe262.com", true */ 'j', 'o', 'e', '2', '6', '2', '.', 'c', 'o', 'm', '\0', + /* "joearodriguez.com", true */ 'j', 'o', 'e', 'a', 'r', 'o', 'd', 'r', 'i', 'g', 'u', 'e', 'z', '.', 'c', 'o', 'm', '\0', + /* "joedavison.me", true */ 'j', 'o', 'e', 'd', 'a', 'v', 'i', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "joedinardo.com", true */ 'j', 'o', 'e', 'd', 'i', 'n', 'a', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "joedoyle.us", true */ 'j', 'o', 'e', 'd', 'o', 'y', 'l', 'e', '.', 'u', 's', '\0', + /* "joedroll.com", true */ 'j', 'o', 'e', 'd', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "joehenry.co.uk", true */ 'j', 'o', 'e', 'h', 'e', 'n', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "joelcoustrain.com", true */ 'j', 'o', 'e', 'l', 'c', 'o', 'u', 's', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "joeldrapper.com", true */ 'j', 'o', 'e', 'l', 'd', 'r', 'a', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "joelfries.com", true */ 'j', 'o', 'e', 'l', 'f', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "joelj.org", true */ 'j', 'o', 'e', 'l', 'j', '.', 'o', 'r', 'g', '\0', + /* "joelle.me", true */ 'j', 'o', 'e', 'l', 'l', 'e', '.', 'm', 'e', '\0', + /* "joelleandpeter.co.uk", true */ 'j', 'o', 'e', 'l', 'l', 'e', 'a', 'n', 'd', 'p', 'e', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "joellimberg.com", true */ 'j', 'o', 'e', 'l', 'l', 'i', 'm', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "joellombardo.com", true */ 'j', 'o', 'e', 'l', 'l', 'o', 'm', 'b', 'a', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "joelmarkhamphotography.com.au", true */ 'j', 'o', 'e', 'l', 'm', 'a', 'r', 'k', 'h', 'a', 'm', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "joelmunch.com", true */ 'j', 'o', 'e', 'l', 'm', 'u', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "joepitt.co.uk", false */ 'j', 'o', 'e', 'p', 'i', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "joerg-wellpott.de", true */ 'j', 'o', 'e', 'r', 'g', '-', 'w', 'e', 'l', 'l', 'p', 'o', 't', 't', '.', 'd', 'e', '\0', + /* "joerss.at", true */ 'j', 'o', 'e', 'r', 's', 's', '.', 'a', 't', '\0', + /* "joespaintingpgh.com", true */ 'j', 'o', 'e', 's', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 'p', 'g', 'h', '.', 'c', 'o', 'm', '\0', + /* "joestead.codes", true */ 'j', 'o', 'e', 's', 't', 'e', 'a', 'd', '.', 'c', 'o', 'd', 'e', 's', '\0', + /* "joetyson.me", true */ 'j', 'o', 'e', 't', 'y', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "joeysmith.com", true */ 'j', 'o', 'e', 'y', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "jogi-server.de", true */ 'j', 'o', 'g', 'i', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "jogorama.com.br", false */ 'j', 'o', 'g', 'o', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "johanbissemattsson.se", false */ 'j', 'o', 'h', 'a', 'n', 'b', 'i', 's', 's', 'e', 'm', 'a', 't', 't', 's', 's', 'o', 'n', '.', 's', 'e', '\0', + /* "johand.io", true */ 'j', 'o', 'h', 'a', 'n', 'd', '.', 'i', 'o', '\0', + /* "johanli.com", true */ 'j', 'o', 'h', 'a', 'n', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "johannaojanen.com", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'a', 'o', 'j', 'a', 'n', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "johannes-bauer.com", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '-', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "johannes-zinke.de", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '-', 'z', 'i', 'n', 'k', 'e', '.', 'd', 'e', '\0', + /* "johannes.io", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '.', 'i', 'o', '\0', + /* "johannes.wtf", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '.', 'w', 't', 'f', '\0', + /* "johannespichler.com", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', 'p', 'i', 'c', 'h', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "johnbeil.com", true */ 'j', 'o', 'h', 'n', 'b', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "johnblackbourn.com", true */ 'j', 'o', 'h', 'n', 'b', 'l', 'a', 'c', 'k', 'b', 'o', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "johndball.com", true */ 'j', 'o', 'h', 'n', 'd', 'b', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "johnfulgenzi.com", true */ 'j', 'o', 'h', 'n', 'f', 'u', 'l', 'g', 'e', 'n', 'z', 'i', '.', 'c', 'o', 'm', '\0', + /* "johngallias.com", true */ 'j', 'o', 'h', 'n', 'g', 'a', 'l', 'l', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "johnguant.com", true */ 'j', 'o', 'h', 'n', 'g', 'u', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "johnkastler.net", true */ 'j', 'o', 'h', 'n', 'k', 'a', 's', 't', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "johnmalloneemd.com", false */ 'j', 'o', 'h', 'n', 'm', 'a', 'l', 'l', 'o', 'n', 'e', 'e', 'm', 'd', '.', 'c', 'o', 'm', '\0', + /* "johnmcintosh.pro", true */ 'j', 'o', 'h', 'n', 'm', 'c', 'i', 'n', 't', 'o', 's', 'h', '.', 'p', 'r', 'o', '\0', + /* "johnmh.me", true */ 'j', 'o', 'h', 'n', 'm', 'h', '.', 'm', 'e', '\0', + /* "johnmichel.org", true */ 'j', 'o', 'h', 'n', 'm', 'i', 'c', 'h', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "johnmorganpartnership.co.uk", true */ 'j', 'o', 'h', 'n', 'm', 'o', 'r', 'g', 'a', 'n', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "johnnybet.com", true */ 'j', 'o', 'h', 'n', 'n', 'y', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "johnnybsecure.com", true */ 'j', 'o', 'h', 'n', 'n', 'y', 'b', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "johnroach.io", true */ 'j', 'o', 'h', 'n', 'r', 'o', 'a', 'c', 'h', '.', 'i', 'o', '\0', + /* "johnroberts.me", true */ 'j', 'o', 'h', 'n', 'r', 'o', 'b', 'e', 'r', 't', 's', '.', 'm', 'e', '\0', + /* "johnrockefeller.net", true */ 'j', 'o', 'h', 'n', 'r', 'o', 'c', 'k', 'e', 'f', 'e', 'l', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "johnsegovia.com", true */ 'j', 'o', 'h', 'n', 's', 'e', 'g', 'o', 'v', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "johnsiu.com", true */ 'j', 'o', 'h', 'n', 's', 'i', 'u', '.', 'c', 'o', 'm', '\0', + /* "johntomasowa.com", true */ 'j', 'o', 'h', 'n', 't', 'o', 'm', 'a', 's', 'o', 'w', 'a', '.', 'c', 'o', 'm', '\0', + /* "johnvanhese.nl", true */ 'j', 'o', 'h', 'n', 'v', 'a', 'n', 'h', 'e', 's', 'e', '.', 'n', 'l', '\0', + /* "joi-dhl.ch", true */ 'j', 'o', 'i', '-', 'd', 'h', 'l', '.', 'c', 'h', '\0', + /* "jojosplaycentreandcafeteria.co.uk", true */ 'j', 'o', 'j', 'o', 's', 'p', 'l', 'a', 'y', 'c', 'e', 'n', 't', 'r', 'e', 'a', 'n', 'd', 'c', 'a', 'f', 'e', 't', 'e', 'r', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jokedalderup.nl", true */ 'j', 'o', 'k', 'e', 'd', 'a', 'l', 'd', 'e', 'r', 'u', 'p', '.', 'n', 'l', '\0', + /* "joker.menu", true */ 'j', 'o', 'k', 'e', 'r', '.', 'm', 'e', 'n', 'u', '\0', + /* "jokerice.co.uk", true */ 'j', 'o', 'k', 'e', 'r', 'i', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jokescoff.com", true */ 'j', 'o', 'k', 'e', 's', 'c', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "jokewignand.nl", true */ 'j', 'o', 'k', 'e', 'w', 'i', 'g', 'n', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "joliettech.com", true */ 'j', 'o', 'l', 'i', 'e', 't', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "jollausers.de", true */ 'j', 'o', 'l', 'l', 'a', 'u', 's', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "jollykidswobbleworld.co.uk", true */ 'j', 'o', 'l', 'l', 'y', 'k', 'i', 'd', 's', 'w', 'o', 'b', 'b', 'l', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jomo.tv", true */ 'j', 'o', 'm', 'o', '.', 't', 'v', '\0', + /* "jomp16.tk", true */ 'j', 'o', 'm', 'p', '1', '6', '.', 't', 'k', '\0', + /* "jonandnoraswedding.com", true */ 'j', 'o', 'n', 'a', 'n', 'd', 'n', 'o', 'r', 'a', 's', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "jonarcher.info", true */ 'j', 'o', 'n', 'a', 'r', 'c', 'h', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "jonas-thelemann.de", true */ 'j', 'o', 'n', 'a', 's', '-', 't', 'h', 'e', 'l', 'e', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "jonas-wenk.de", true */ 'j', 'o', 'n', 'a', 's', '-', 'w', 'e', 'n', 'k', '.', 'd', 'e', '\0', + /* "jonaskjodt.com", true */ 'j', 'o', 'n', 'a', 's', 'k', 'j', 'o', 'd', 't', '.', 'c', 'o', 'm', '\0', + /* "jonaswitmer.ch", true */ 'j', 'o', 'n', 'a', 's', 'w', 'i', 't', 'm', 'e', 'r', '.', 'c', 'h', '\0', + /* "jonathan-apps.com", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', '-', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "jonathancarter.org", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'c', 'a', 'r', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "jonathandowning.uk", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'd', 'o', 'w', 'n', 'i', 'n', 'g', '.', 'u', 'k', '\0', + /* "jonathandupree.com", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'd', 'u', 'p', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "jonathanmassacand.ch", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'm', 'a', 's', 's', 'a', 'c', 'a', 'n', 'd', '.', 'c', 'h', '\0', + /* "jonathanschle.de", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 's', 'c', 'h', 'l', 'e', '.', 'd', 'e', '\0', + /* "jonathanwisdom.com", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'w', 'i', 's', 'd', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "jondarby.com", true */ 'j', 'o', 'n', 'd', 'a', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "jondevin.com", true */ 'j', 'o', 'n', 'd', 'e', 'v', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "jonesborostatebank.com", false */ 'j', 'o', 'n', 'e', 's', 'b', 'o', 'r', 'o', 's', 't', 'a', 't', 'e', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "jonferwerda.net", true */ 'j', 'o', 'n', 'f', 'e', 'r', 'w', 'e', 'r', 'd', 'a', '.', 'n', 'e', 't', '\0', + /* "jonfor.net", true */ 'j', 'o', 'n', 'f', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "jongbloed.nl", true */ 'j', 'o', 'n', 'g', 'b', 'l', 'o', 'e', 'd', '.', 'n', 'l', '\0', + /* "jongcs.com", true */ 'j', 'o', 'n', 'g', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "jonilar.com", true */ 'j', 'o', 'n', 'i', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "jonirrings.com", true */ 'j', 'o', 'n', 'i', 'r', 'r', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "jonkermedia.nl", true */ 'j', 'o', 'n', 'k', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0', + /* "jonlabelle.com", true */ 'j', 'o', 'n', 'l', 'a', 'b', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "jonnybarnes.uk", true */ 'j', 'o', 'n', 'n', 'y', 'b', 'a', 'r', 'n', 'e', 's', '.', 'u', 'k', '\0', + /* "jonnystoten.com", true */ 'j', 'o', 'n', 'n', 'y', 's', 't', 'o', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "jonoalderson.com", true */ 'j', 'o', 'n', 'o', 'a', 'l', 'd', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "jonpads.com", true */ 'j', 'o', 'n', 'p', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "jonpavelich.com", true */ 'j', 'o', 'n', 'p', 'a', 'v', 'e', 'l', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "jons.org", true */ 'j', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "jonscaife.com", true */ 'j', 'o', 'n', 's', 'c', 'a', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "jooksuratas.ee", true */ 'j', 'o', 'o', 'k', 's', 'u', 'r', 'a', 't', 'a', 's', '.', 'e', 'e', '\0', + /* "joomlant.org", true */ 'j', 'o', 'o', 'm', 'l', 'a', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "joostrijneveld.nl", true */ 'j', 'o', 'o', 's', 't', 'r', 'i', 'j', 'n', 'e', 'v', 'e', 'l', 'd', '.', 'n', 'l', '\0', + /* "joostvanderlaan.nl", true */ 'j', 'o', 'o', 's', 't', 'v', 'a', 'n', 'd', 'e', 'r', 'l', 'a', 'a', 'n', '.', 'n', 'l', '\0', + /* "jopl.org", true */ 'j', 'o', 'p', 'l', '.', 'o', 'r', 'g', '\0', + /* "jopsens.de", true */ 'j', 'o', 'p', 's', 'e', 'n', 's', '.', 'd', 'e', '\0', + /* "joran.org", true */ 'j', 'o', 'r', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "jordankmportal.com", true */ 'j', 'o', 'r', 'd', 'a', 'n', 'k', 'm', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "jordans.co.uk", true */ 'j', 'o', 'r', 'd', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jordanscorporatelaw.com", true */ 'j', 'o', 'r', 'd', 'a', 'n', 's', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "jordanstrustcompany.com", true */ 'j', 'o', 'r', 'd', 'a', 'n', 's', 't', 'r', 'u', 's', 't', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "jorisdalderup.nl", true */ 'j', 'o', 'r', 'i', 's', 'd', 'a', 'l', 'd', 'e', 'r', 'u', 'p', '.', 'n', 'l', '\0', + /* "jornadasciberdefensa2016.es", true */ 'j', 'o', 'r', 'n', 'a', 'd', 'a', 's', 'c', 'i', 'b', 'e', 'r', 'd', 'e', 'f', 'e', 'n', 's', 'a', '2', '0', '1', '6', '.', 'e', 's', '\0', + /* "jornalalerta.com.br", true */ 'j', 'o', 'r', 'n', 'a', 'l', 'a', 'l', 'e', 'r', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "jorovik.com", true */ 'j', 'o', 'r', 'o', 'v', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "jorrit.info", true */ 'j', 'o', 'r', 'r', 'i', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "josc.com.au", true */ 'j', 'o', 's', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "joscares.com", true */ 'j', 'o', 's', 'c', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "jose.eti.br", true */ 'j', 'o', 's', 'e', '.', 'e', 't', 'i', '.', 'b', 'r', '\0', + /* "joseetesser.nl", true */ 'j', 'o', 's', 'e', 'e', 't', 'e', 's', 's', 'e', 'r', '.', 'n', 'l', '\0', + /* "josef-lotz.de", true */ 'j', 'o', 's', 'e', 'f', '-', 'l', 'o', 't', 'z', '.', 'd', 'e', '\0', + /* "josefjanosec.com", true */ 'j', 'o', 's', 'e', 'f', 'j', 'a', 'n', 'o', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "josefottosson.se", true */ 'j', 'o', 's', 'e', 'f', 'o', 't', 't', 'o', 's', 's', 'o', 'n', '.', 's', 'e', '\0', + /* "josegerber.ch", true */ 'j', 'o', 's', 'e', 'g', 'e', 'r', 'b', 'e', 'r', '.', 'c', 'h', '\0', + /* "josemikkola.fi", true */ 'j', 'o', 's', 'e', 'm', 'i', 'k', 'k', 'o', 'l', 'a', '.', 'f', 'i', '\0', + /* "josepbel.com", true */ 'j', 'o', 's', 'e', 'p', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "josephre.es", true */ 'j', 'o', 's', 'e', 'p', 'h', 'r', 'e', '.', 'e', 's', '\0', + /* "josephsniderman.com", true */ 'j', 'o', 's', 'e', 'p', 'h', 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "josephsniderman.net", true */ 'j', 'o', 's', 'e', 'p', 'h', 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "josephsniderman.org", true */ 'j', 'o', 's', 'e', 'p', 'h', 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "josephv.website", true */ 'j', 'o', 's', 'e', 'p', 'h', 'v', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0', + /* "josericaurte.com", true */ 'j', 'o', 's', 'e', 'r', 'i', 'c', 'a', 'u', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "joshgrancell.com", true */ 'j', 'o', 's', 'h', 'g', 'r', 'a', 'n', 'c', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "joshharkema.com", true */ 'j', 'o', 's', 'h', 'h', 'a', 'r', 'k', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "joshharmon.me", true */ 'j', 'o', 's', 'h', 'h', 'a', 'r', 'm', 'o', 'n', '.', 'm', 'e', '\0', + /* "joshlovephotography.co.uk", true */ 'j', 'o', 's', 'h', 'l', 'o', 'v', 'e', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "joshpanter.com", true */ 'j', 'o', 's', 'h', 'p', 'a', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "joshrickert.com", true */ 'j', 'o', 's', 'h', 'r', 'i', 'c', 'k', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "joshschmelzle.com", true */ 'j', 'o', 's', 'h', 's', 'c', 'h', 'm', 'e', 'l', 'z', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "joshtriplett.org", true */ 'j', 'o', 's', 'h', 't', 'r', 'i', 'p', 'l', 'e', 't', 't', '.', 'o', 'r', 'g', '\0', + /* "joshua-kuepper.de", true */ 'j', 'o', 's', 'h', 'u', 'a', '-', 'k', 'u', 'e', 'p', 'p', 'e', 'r', '.', 'd', 'e', '\0', + /* "joshuajohnson.ca", true */ 'j', 'o', 's', 'h', 'u', 'a', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'c', 'a', '\0', + /* "joshuarogers.net", true */ 'j', 'o', 's', 'h', 'u', 'a', 'r', 'o', 'g', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "josoansi.de", true */ 'j', 'o', 's', 'o', 'a', 'n', 's', 'i', '.', 'd', 'e', '\0', + /* "joto.de", true */ 'j', 'o', 't', 'o', '.', 'd', 'e', '\0', + /* "jouetspetitechanson.com", true */ 'j', 'o', 'u', 'e', 't', 's', 'p', 'e', 't', 'i', 't', 'e', 'c', 'h', 'a', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "journeyfriday.rocks", true */ 'j', 'o', 'u', 'r', 'n', 'e', 'y', 'f', 'r', 'i', 'd', 'a', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "journeytomastery.net", true */ 'j', 'o', 'u', 'r', 'n', 'e', 'y', 't', 'o', 'm', 'a', 's', 't', 'e', 'r', 'y', '.', 'n', 'e', 't', '\0', + /* "jovani.com", false */ 'j', 'o', 'v', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "joviam.com", true */ 'j', 'o', 'v', 'i', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "jovic.hamburg", true */ 'j', 'o', 'v', 'i', 'c', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0', + /* "joworld.net", true */ 'j', 'o', 'w', 'o', 'r', 'l', 'd', '.', 'n', 'e', 't', '\0', + /* "joyful.house", true */ 'j', 'o', 'y', 'f', 'u', 'l', '.', 'h', 'o', 'u', 's', 'e', '\0', + /* "joyfulexpressions.gallery", true */ 'j', 'o', 'y', 'f', 'u', 'l', 'e', 'x', 'p', 'r', 'e', 's', 's', 'i', 'o', 'n', 's', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0', + /* "joyofcookingandbaking.com", true */ 'j', 'o', 'y', 'o', 'f', 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'a', 'n', 'd', 'b', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "jpcrochetapparel.com", true */ 'j', 'p', 'c', 'r', 'o', 'c', 'h', 'e', 't', 'a', 'p', 'p', 'a', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "jpdeharenne.be", true */ 'j', 'p', 'd', 'e', 'h', 'a', 'r', 'e', 'n', 'n', 'e', '.', 'b', 'e', '\0', + /* "jpeg.io", true */ 'j', 'p', 'e', 'g', '.', 'i', 'o', '\0', + /* "jpgangbang.com", true */ 'j', 'p', 'g', 'a', 'n', 'g', 'b', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "jphandjob.com", true */ 'j', 'p', 'h', 'a', 'n', 'd', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0', + /* "jplesbian.com", true */ 'j', 'p', 'l', 'e', 's', 'b', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "jpmelos.com", true */ 'j', 'p', 'm', 'e', 'l', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "jpmelos.com.br", true */ 'j', 'p', 'm', 'e', 'l', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "jpod.cc", true */ 'j', 'p', 'o', 'd', '.', 'c', 'c', '\0', + /* "jproxx.com", true */ 'j', 'p', 'r', 'o', 'x', 'x', '.', 'c', 'o', 'm', '\0', + /* "jps-selection.co.uk", true */ 'j', 'p', 's', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jps-selection.com", true */ 'j', 'p', 's', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "jps-selection.eu", true */ 'j', 'p', 's', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'e', 'u', '\0', + /* "jpshop.ru", true */ 'j', 'p', 's', 'h', 'o', 'p', '.', 'r', 'u', '\0', + /* "jpsinflatables.co.uk", true */ 'j', 'p', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jpslconsulting.ca", true */ 'j', 'p', 's', 'l', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'a', '\0', + /* "jr5devdoug.xyz", true */ 'j', 'r', '5', 'd', 'e', 'v', 'd', 'o', 'u', 'g', '.', 'x', 'y', 'z', '\0', + /* "jr5devdouglas.xyz", true */ 'j', 'r', '5', 'd', 'e', 'v', 'd', 'o', 'u', 'g', 'l', 'a', 's', '.', 'x', 'y', 'z', '\0', + /* "jr5proxdoug.xyz", true */ 'j', 'r', '5', 'p', 'r', 'o', 'x', 'd', 'o', 'u', 'g', '.', 'x', 'y', 'z', '\0', + /* "jrc9.ca", true */ 'j', 'r', 'c', '9', '.', 'c', 'a', '\0', + /* "jreb.nl", true */ 'j', 'r', 'e', 'b', '.', 'n', 'l', '\0', + /* "jreinert.com", true */ 'j', 'r', 'e', 'i', 'n', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "jross.me", true */ 'j', 'r', 'o', 's', 's', '.', 'm', 'e', '\0', + /* "jrtapsell.co.uk", true */ 'j', 'r', 't', 'a', 'p', 's', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jrxpress.com", true */ 'j', 'r', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "js-online.net", false */ 'j', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "jschoi.org", true */ 'j', 's', 'c', 'h', 'o', 'i', '.', 'o', 'r', 'g', '\0', + /* "jschumacher.info", true */ 'j', 's', 'c', 'h', 'u', 'm', 'a', 'c', 'h', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "jsd-cog.org", true */ 'j', 's', 'd', '-', 'c', 'o', 'g', '.', 'o', 'r', 'g', '\0', + /* "jsent.co.uk", true */ 'j', 's', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jsevilleja.org", true */ 'j', 's', 'e', 'v', 'i', 'l', 'l', 'e', 'j', 'a', '.', 'o', 'r', 'g', '\0', + /* "jskier.com", false */ 'j', 's', 'k', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "jskoelliken.ch", true */ 'j', 's', 'k', 'o', 'e', 'l', 'l', 'i', 'k', 'e', 'n', '.', 'c', 'h', '\0', + /* "jslidong.top", true */ 'j', 's', 'l', 'i', 'd', 'o', 'n', 'g', '.', 't', 'o', 'p', '\0', + /* "jsmetallerie.fr", true */ 'j', 's', 'm', 'e', 't', 'a', 'l', 'l', 'e', 'r', 'i', 'e', '.', 'f', 'r', '\0', + /* "json-viewer.com", true */ 'j', 's', 'o', 'n', '-', 'v', 'i', 'e', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "jstelecom.com.br", true */ 'j', 's', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "jsteward.moe", true */ 'j', 's', 't', 'e', 'w', 'a', 'r', 'd', '.', 'm', 'o', 'e', '\0', + /* "jstore.ch", true */ 'j', 's', 't', 'o', 'r', 'e', '.', 'c', 'h', '\0', + /* "jsvr.tk", true */ 'j', 's', 'v', 'r', '.', 't', 'k', '\0', + /* "jtcat.com", true */ 'j', 't', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "jthackery.com", false */ 'j', 't', 'h', 'a', 'c', 'k', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "jts3servermod.com", true */ 'j', 't', 's', '3', 's', 'e', 'r', 'v', 'e', 'r', 'm', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "jtslay.com", true */ 'j', 't', 's', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "jtwp470.net", false */ 'j', 't', 'w', 'p', '4', '7', '0', '.', 'n', 'e', 't', '\0', + /* "ju1ro.de", true */ 'j', 'u', '1', 'r', 'o', '.', 'd', 'e', '\0', + /* "juan23.edu.uy", true */ 'j', 'u', 'a', 'n', '2', '3', '.', 'e', 'd', 'u', '.', 'u', 'y', '\0', + /* "juanhub.com", true */ 'j', 'u', 'a', 'n', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "juanmaguitar.com", true */ 'j', 'u', 'a', 'n', 'm', 'a', 'g', 'u', 'i', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "juanxt.ddns.net", true */ 'j', 'u', 'a', 'n', 'x', 't', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "jubileum.online", true */ 'j', 'u', 'b', 'i', 'l', 'e', 'u', 'm', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "juch.cc", true */ 'j', 'u', 'c', 'h', '.', 'c', 'c', '\0', + /* "juchheim-methode.de", true */ 'j', 'u', 'c', 'h', 'h', 'e', 'i', 'm', '-', 'm', 'e', 't', 'h', 'o', 'd', 'e', '.', 'd', 'e', '\0', + /* "juchit.at", true */ 'j', 'u', 'c', 'h', 'i', 't', '.', 'a', 't', '\0', + /* "judc-ge.ch", true */ 'j', 'u', 'd', 'c', '-', 'g', 'e', '.', 'c', 'h', '\0', + /* "judoprodeti.cz", true */ 'j', 'u', 'd', 'o', 'p', 'r', 'o', 'd', 'e', 't', 'i', '.', 'c', 'z', '\0', + /* "juegosycodigos.es", true */ 'j', 'u', 'e', 'g', 'o', 's', 'y', 'c', 'o', 'd', 'i', 'g', 'o', 's', '.', 'e', 's', '\0', + /* "juegosycodigos.mx", true */ 'j', 'u', 'e', 'g', 'o', 's', 'y', 'c', 'o', 'd', 'i', 'g', 'o', 's', '.', 'm', 'x', '\0', + /* "juergen-elbert.de", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', '-', 'e', 'l', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0', + /* "juergenhecht.de", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', 'h', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "juergenspecht.com", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', 's', 'p', 'e', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "juergenspecht.de", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', 's', 'p', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "jugendsuenden.info", true */ 'j', 'u', 'g', 'e', 'n', 'd', 's', 'u', 'e', 'n', 'd', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "jugh.de", true */ 'j', 'u', 'g', 'h', '.', 'd', 'e', '\0', + /* "juhakoho.com", true */ 'j', 'u', 'h', 'a', 'k', 'o', 'h', 'o', '.', 'c', 'o', 'm', '\0', + /* "juice.codes", true */ 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'd', 'e', 's', '\0', + /* "juiced.gs", true */ 'j', 'u', 'i', 'c', 'e', 'd', '.', 'g', 's', '\0', + /* "juku-info.top", true */ 'j', 'u', 'k', 'u', '-', 'i', 'n', 'f', 'o', '.', 't', 'o', 'p', '\0', + /* "juku-wing.jp", true */ 'j', 'u', 'k', 'u', '-', 'w', 'i', 'n', 'g', '.', 'j', 'p', '\0', + /* "julegoerke.de", true */ 'j', 'u', 'l', 'e', 'g', 'o', 'e', 'r', 'k', 'e', '.', 'd', 'e', '\0', + /* "julenlanda.com", true */ 'j', 'u', 'l', 'e', 'n', 'l', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "julian-weigle.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', '-', 'w', 'e', 'i', 'g', 'l', 'e', '.', 'd', 'e', '\0', + /* "juliangonggrijp.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'g', 'o', 'n', 'g', 'g', 'r', 'i', 'j', 'p', '.', 'c', 'o', 'm', '\0', + /* "julianickel.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'i', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0', + /* "julianmeyer.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'm', 'e', 'y', 'e', 'r', '.', 'd', 'e', '\0', + /* "juliansimioni.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 's', 'i', 'm', 'i', 'o', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "julianskitchen.ch", true */ 'j', 'u', 'l', 'i', 'a', 'n', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'h', '\0', + /* "julianvmodesto.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'v', 'm', 'o', 'd', 'e', 's', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "julianwallmeroth.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'w', 'a', 'l', 'l', 'm', 'e', 'r', 'o', 't', 'h', '.', 'd', 'e', '\0', + /* "julianweigle.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'w', 'e', 'i', 'g', 'l', 'e', '.', 'd', 'e', '\0', + /* "julianxhokaxhiu.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'x', 'h', 'o', 'k', 'a', 'x', 'h', 'i', 'u', '.', 'c', 'o', 'm', '\0', + /* "julibear.com", true */ 'j', 'u', 'l', 'i', 'b', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "julico.nl", true */ 'j', 'u', 'l', 'i', 'c', 'o', '.', 'n', 'l', '\0', + /* "julie-and-stevens-wedding.com", true */ 'j', 'u', 'l', 'i', 'e', '-', 'a', 'n', 'd', '-', 's', 't', 'e', 'v', 'e', 'n', 's', '-', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "juliedecubber.com", true */ 'j', 'u', 'l', 'i', 'e', 'd', 'e', 'c', 'u', 'b', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "juliekoubova.net", true */ 'j', 'u', 'l', 'i', 'e', 'k', 'o', 'u', 'b', 'o', 'v', 'a', '.', 'n', 'e', 't', '\0', + /* "juliemaurel.fr", true */ 'j', 'u', 'l', 'i', 'e', 'm', 'a', 'u', 'r', 'e', 'l', '.', 'f', 'r', '\0', + /* "julienc.io", true */ 'j', 'u', 'l', 'i', 'e', 'n', 'c', '.', 'i', 'o', '\0', + /* "julienpaterne.com", true */ 'j', 'u', 'l', 'i', 'e', 'n', 'p', 'a', 't', 'e', 'r', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "julientartarin.com", true */ 'j', 'u', 'l', 'i', 'e', 'n', 't', 'a', 'r', 't', 'a', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "julio.jamil.nom.br", true */ 'j', 'u', 'l', 'i', 'o', '.', 'j', 'a', 'm', 'i', 'l', '.', 'n', 'o', 'm', '.', 'b', 'r', '\0', + /* "juls.cloud", true */ 'j', 'u', 'l', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "jultube.de", true */ 'j', 'u', 'l', 't', 'u', 'b', 'e', '.', 'd', 'e', '\0', + /* "jumba.com.au", true */ 'j', 'u', 'm', 'b', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "jumboquid.co.uk", true */ 'j', 'u', 'm', 'b', 'o', 'q', 'u', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jump-zone.co.uk", true */ 'j', 'u', 'm', 'p', '-', 'z', 'o', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jump.bg", false */ 'j', 'u', 'm', 'p', '.', 'b', 'g', '\0', + /* "jump.wtf", true */ 'j', 'u', 'm', 'p', '.', 'w', 't', 'f', '\0', + /* "jump4funinflatables.co.uk", true */ 'j', 'u', 'm', 'p', '4', 'f', 'u', 'n', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumpandbounce.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumpandjivechildrensparties.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'n', 'd', 'j', 'i', 'v', 'e', 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumparoundbouncycastles.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'r', 'o', 'u', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumparoundreading.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'r', 'o', 'u', 'n', 'd', 'r', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumparty.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumpeasy.com.au", true */ 'j', 'u', 'm', 'p', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "jumperoos.co.uk", true */ 'j', 'u', 'm', 'p', 'e', 'r', 'o', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumpin-jax.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', '-', 'j', 'a', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumpinchat.com", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "jumpingbee.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'b', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumpingcastlesonline.com.au", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "jumpingjacksbouncycastles.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'j', 'a', 'c', 'k', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumpinjaes.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'j', 'a', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumpinmonkeys.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'm', 'o', 'n', 'k', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jumpman-iphone-design.de", true */ 'j', 'u', 'm', 'p', 'm', 'a', 'n', '-', 'i', 'p', 'h', 'o', 'n', 'e', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0', + /* "jumpnplay.co.uk", true */ 'j', 'u', 'm', 'p', 'n', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "junespina.com", true */ 'j', 'u', 'n', 'e', 's', 'p', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "junethack.net", true */ 'j', 'u', 'n', 'e', 't', 'h', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0', + /* "jungaa.fr", true */ 'j', 'u', 'n', 'g', 'a', 'a', '.', 'f', 'r', '\0', + /* "jungesforumkonstanz.de", true */ 'j', 'u', 'n', 'g', 'e', 's', 'f', 'o', 'r', 'u', 'm', 'k', 'o', 'n', 's', 't', 'a', 'n', 'z', '.', 'd', 'e', '\0', + /* "jungleculture.co.za", true */ 'j', 'u', 'n', 'g', 'l', 'e', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "jungleducks.ca", true */ 'j', 'u', 'n', 'g', 'l', 'e', 'd', 'u', 'c', 'k', 's', '.', 'c', 'a', '\0', + /* "junglejackscastles.co.uk", true */ 'j', 'u', 'n', 'g', 'l', 'e', 'j', 'a', 'c', 'k', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "junglist.org", true */ 'j', 'u', 'n', 'g', 'l', 'i', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "juni.io", true */ 'j', 'u', 'n', 'i', '.', 'i', 'o', '\0', + /* "juniperroots.ca", true */ 'j', 'u', 'n', 'i', 'p', 'e', 'r', 'r', 'o', 'o', 't', 's', '.', 'c', 'a', '\0', + /* "juniwalk.cz", true */ 'j', 'u', 'n', 'i', 'w', 'a', 'l', 'k', '.', 'c', 'z', '\0', + /* "junkdrome.org", true */ 'j', 'u', 'n', 'k', 'd', 'r', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "junqueiropolis.com", true */ 'j', 'u', 'n', 'q', 'u', 'e', 'i', 'r', 'o', 'p', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "jurassicbarkharrogate.co.uk", true */ 'j', 'u', 'r', 'a', 's', 's', 'i', 'c', 'b', 'a', 'r', 'k', 'h', 'a', 'r', 'r', 'o', 'g', 'a', 't', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jurassicgolf.nl", true */ 'j', 'u', 'r', 'a', 's', 's', 'i', 'c', 'g', 'o', 'l', 'f', '.', 'n', 'l', '\0', + /* "juridoc.com.br", true */ 'j', 'u', 'r', 'i', 'd', 'o', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "juristeo.com", true */ 'j', 'u', 'r', 'i', 's', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "jurke.com", true */ 'j', 'u', 'r', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "jurko.cz", true */ 'j', 'u', 'r', 'k', 'o', '.', 'c', 'z', '\0', + /* "jurriaan.ninja", true */ 'j', 'u', 'r', 'r', 'i', 'a', 'a', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "just-a-clanpage.de", true */ 'j', 'u', 's', 't', '-', 'a', '-', 'c', 'l', 'a', 'n', 'p', 'a', 'g', 'e', '.', 'd', 'e', '\0', + /* "just2trade.com", true */ 'j', 'u', 's', 't', '2', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "justanothercompany.name", true */ 'j', 'u', 's', 't', 'a', 'n', 'o', 't', 'h', 'e', 'r', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'n', 'a', 'm', 'e', '\0', + /* "justbelieverecovery.com", true */ 'j', 'u', 's', 't', 'b', 'e', 'l', 'i', 'e', 'v', 'e', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "justbookexcursions.com", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'k', 'e', 'x', 'c', 'u', 'r', 's', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "justbookhotels.com", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'k', 'h', 'o', 't', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "justbooktransfers.com", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'k', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "justboom.co", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'm', '.', 'c', 'o', '\0', + /* "justbouncecastles.co.uk", true */ 'j', 'u', 's', 't', 'b', 'o', 'u', 'n', 'c', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "justchunks.net", true */ 'j', 'u', 's', 't', 'c', 'h', 'u', 'n', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "justgalak.com", true */ 'j', 'u', 's', 't', 'g', 'a', 'l', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "justgalak.org", true */ 'j', 'u', 's', 't', 'g', 'a', 'l', 'a', 'k', '.', 'o', 'r', 'g', '\0', + /* "justice.gov", false */ 'j', 'u', 's', 't', 'i', 'c', 'e', '.', 'g', 'o', 'v', '\0', + /* "justice4assange.com", true */ 'j', 'u', 's', 't', 'i', 'c', 'e', '4', 'a', 's', 's', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "justinellingwood.com", true */ 'j', 'u', 's', 't', 'i', 'n', 'e', 'l', 'l', 'i', 'n', 'g', 'w', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "justinho.com", true */ 'j', 'u', 's', 't', 'i', 'n', 'h', 'o', '.', 'c', 'o', 'm', '\0', + /* "justinstandring.com", true */ 'j', 'u', 's', 't', 'i', 'n', 's', 't', 'a', 'n', 'd', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "justnu.se", false */ 'j', 'u', 's', 't', 'n', 'u', '.', 's', 'e', '\0', + /* "justpaste.it", true */ 'j', 'u', 's', 't', 'p', 'a', 's', 't', 'e', '.', 'i', 't', '\0', + /* "justupdate.me", true */ 'j', 'u', 's', 't', 'u', 'p', 'd', 'a', 't', 'e', '.', 'm', 'e', '\0', + /* "justyy.com", true */ 'j', 'u', 's', 't', 'y', 'y', '.', 'c', 'o', 'm', '\0', + /* "juszkiewicz.com.pl", true */ 'j', 'u', 's', 'z', 'k', 'i', 'e', 'w', 'i', 'c', 'z', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0', + /* "jutlander-netbank.dk", true */ 'j', 'u', 't', 'l', 'a', 'n', 'd', 'e', 'r', '-', 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 'd', 'k', '\0', + /* "jutlander.dk", true */ 'j', 'u', 't', 'l', 'a', 'n', 'd', 'e', 'r', '.', 'd', 'k', '\0', + /* "juventusclublugano.ch", true */ 'j', 'u', 'v', 'e', 'n', 't', 'u', 's', 'c', 'l', 'u', 'b', 'l', 'u', 'g', 'a', 'n', 'o', '.', 'c', 'h', '\0', + /* "juwelierstoopman.nl", true */ 'j', 'u', 'w', 'e', 'l', 'i', 'e', 'r', 's', 't', 'o', 'o', 'p', 'm', 'a', 'n', '.', 'n', 'l', '\0', + /* "juzgalo.com", true */ 'j', 'u', 'z', 'g', 'a', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "jva-wuerzburg.de", true */ 'j', 'v', 'a', '-', 'w', 'u', 'e', 'r', 'z', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "jvanerp.nl", true */ 'j', 'v', 'a', 'n', 'e', 'r', 'p', '.', 'n', 'l', '\0', + /* "jvbouncycastlehire.co.uk", true */ 'j', 'v', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jvn.com", false */ 'j', 'v', 'n', '.', 'c', 'o', 'm', '\0', + /* "jvphotoboothhire.co.uk", true */ 'j', 'v', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "jvwdev.nl", true */ 'j', 'v', 'w', 'd', 'e', 'v', '.', 'n', 'l', '\0', + /* "jwatt.org", true */ 'j', 'w', 'a', 't', 't', '.', 'o', 'r', 'g', '\0', + /* "jwe.nl", true */ 'j', 'w', 'e', '.', 'n', 'l', '\0', + /* "jwilsson.com", true */ 'j', 'w', 'i', 'l', 's', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "jwjwjw.com", true */ 'j', 'w', 'j', 'w', 'j', 'w', '.', 'c', 'o', 'm', '\0', + /* "jwnotifier.org", true */ 'j', 'w', 'n', 'o', 't', 'i', 'f', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "jwolt-lx.com", true */ 'j', 'w', 'o', 'l', 't', '-', 'l', 'x', '.', 'c', 'o', 'm', '\0', + /* "jwschuepfheim.ch", true */ 'j', 'w', 's', 'c', 'h', 'u', 'e', 'p', 'f', 'h', 'e', 'i', 'm', '.', 'c', 'h', '\0', + /* "jxir.de", true */ 'j', 'x', 'i', 'r', '.', 'd', 'e', '\0', + /* "jyggen.com", true */ 'j', 'y', 'g', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "jyoti-fairworks.org", true */ 'j', 'y', 'o', 't', 'i', '-', 'f', 'a', 'i', 'r', 'w', 'o', 'r', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "jzbk.org", true */ 'j', 'z', 'b', 'k', '.', 'o', 'r', 'g', '\0', + /* "k-homes.net", true */ 'k', '-', 'h', 'o', 'm', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "k-netz.de", true */ 'k', '-', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "k-pan.com", true */ 'k', '-', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "k-pture.com", true */ 'k', '-', 'p', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "k-scr.me", true */ 'k', '-', 's', 'c', 'r', '.', 'm', 'e', '\0', + /* "k-tube.com", true */ 'k', '-', 't', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "k258059.net", true */ 'k', '2', '5', '8', '0', '5', '9', '.', 'n', 'e', 't', '\0', + /* "k2mts.org", true */ 'k', '2', 'm', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "k82.org", true */ 'k', '8', '2', '.', 'o', 'r', 'g', '\0', + /* "k8r.eu", true */ 'k', '8', 'r', '.', 'e', 'u', '\0', + /* "k9swx.com", true */ 'k', '9', 's', 'w', 'x', '.', 'c', 'o', 'm', '\0', + /* "kaamoscreations.com", true */ 'k', 'a', 'a', 'm', 'o', 's', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "kaanduman.com", true */ 'k', 'a', 'a', 'n', 'd', 'u', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "kaangenc.me", true */ 'k', 'a', 'a', 'n', 'g', 'e', 'n', 'c', '.', 'm', 'e', '\0', + /* "kaatha-kamrater.se", true */ 'k', 'a', 'a', 't', 'h', 'a', '-', 'k', 'a', 'm', 'r', 'a', 't', 'e', 'r', '.', 's', 'e', '\0', + /* "kab-s.de", true */ 'k', 'a', 'b', '-', 's', '.', 'd', 'e', '\0', + /* "kabashop.com.br", true */ 'k', 'a', 'b', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "kabat-fans.cz", false */ 'k', 'a', 'b', 'a', 't', '-', 'f', 'a', 'n', 's', '.', 'c', 'z', '\0', + /* "kabeltv.co.nz", true */ 'k', 'a', 'b', 'e', 'l', 't', 'v', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "kabeuchi.com", true */ 'k', 'a', 'b', 'e', 'u', 'c', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "kaboom.pw", true */ 'k', 'a', 'b', 'o', 'o', 'm', '.', 'p', 'w', '\0', + /* "kabu-abc.com", true */ 'k', 'a', 'b', 'u', '-', 'a', 'b', 'c', '.', 'c', 'o', 'm', '\0', + /* "kabus.org", true */ 'k', 'a', 'b', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "kachlikova2.cz", true */ 'k', 'a', 'c', 'h', 'l', 'i', 'k', 'o', 'v', 'a', '2', '.', 'c', 'z', '\0', + /* "kack.website", true */ 'k', 'a', 'c', 'k', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0', + /* "kadhambam.in", true */ 'k', 'a', 'd', 'h', 'a', 'm', 'b', 'a', 'm', '.', 'i', 'n', '\0', + /* "kadmec.com", true */ 'k', 'a', 'd', 'm', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "kaffeekrone.de", true */ 'k', 'a', 'f', 'f', 'e', 'e', 'k', 'r', 'o', 'n', 'e', '.', 'd', 'e', '\0', + /* "kafoom.de", true */ 'k', 'a', 'f', 'o', 'o', 'm', '.', 'd', 'e', '\0', + /* "kaheim.de", false */ 'k', 'a', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0', + /* "kai-ratzeburg.de", true */ 'k', 'a', 'i', '-', 'r', 'a', 't', 'z', 'e', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "kaigojj.com", true */ 'k', 'a', 'i', 'g', 'o', 'j', 'j', '.', 'c', 'o', 'm', '\0', + /* "kaika-hms.de", true */ 'k', 'a', 'i', 'k', 'a', '-', 'h', 'm', 's', '.', 'd', 'e', '\0', + /* "kaileymslusser.com", true */ 'k', 'a', 'i', 'l', 'e', 'y', 'm', 's', 'l', 'u', 's', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "kainetsoft.com", true */ 'k', 'a', 'i', 'n', 'e', 't', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "kainz.bayern", true */ 'k', 'a', 'i', 'n', 'z', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0', + /* "kainz.be", true */ 'k', 'a', 'i', 'n', 'z', '.', 'b', 'e', '\0', + /* "kairion.de", true */ 'k', 'a', 'i', 'r', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "kaisakura.net", true */ 'k', 'a', 'i', 's', 'a', 'k', 'u', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "kaisev.net", true */ 'k', 'a', 'i', 's', 'e', 'v', '.', 'n', 'e', 't', '\0', + /* "kaiusaltd.com", true */ 'k', 'a', 'i', 'u', 's', 'a', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0', + /* "kaizenreporting.com", true */ 'k', 'a', 'i', 'z', 'e', 'n', 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "kaizeronion.com", true */ 'k', 'a', 'i', 'z', 'e', 'r', 'o', 'n', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "kajak.land", true */ 'k', 'a', 'j', 'a', 'k', '.', 'l', 'a', 'n', 'd', '\0', + /* "kajlovo.cz", true */ 'k', 'a', 'j', 'l', 'o', 'v', 'o', '.', 'c', 'z', '\0', + /* "kaka.farm", true */ 'k', 'a', 'k', 'a', '.', 'f', 'a', 'r', 'm', '\0', + /* "kakao-karten.de", true */ 'k', 'a', 'k', 'a', 'o', '-', 'k', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "kakaomilchkuh.de", true */ 'k', 'a', 'k', 'a', 'o', 'm', 'i', 'l', 'c', 'h', 'k', 'u', 'h', '.', 'd', 'e', '\0', + /* "kakaravaara.fi", true */ 'k', 'a', 'k', 'a', 'r', 'a', 'v', 'a', 'a', 'r', 'a', '.', 'f', 'i', '\0', + /* "kakie-gobocha.jp", true */ 'k', 'a', 'k', 'i', 'e', '-', 'g', 'o', 'b', 'o', 'c', 'h', 'a', '.', 'j', 'p', '\0', + /* "kakie-kolesa.ru", true */ 'k', 'a', 'k', 'i', 'e', '-', 'k', 'o', 'l', 'e', 's', 'a', '.', 'r', 'u', '\0', + /* "kakolightingmuseum.or.jp", true */ 'k', 'a', 'k', 'o', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', '.', 'j', 'p', '\0', + /* "kakoo-media.nl", true */ 'k', 'a', 'k', 'o', 'o', '-', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0', + /* "kakoo.nl", true */ 'k', 'a', 'k', 'o', 'o', '.', 'n', 'l', '\0', + /* "kakoomedia.nl", true */ 'k', 'a', 'k', 'o', 'o', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0', + /* "kalastus.com", true */ 'k', 'a', 'l', 'a', 's', 't', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "kaleidoscope.co.uk", true */ 'k', 'a', 'l', 'e', 'i', 'd', 'o', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kalender.com", true */ 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "kalender.goip.de", true */ 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0', + /* "kalevlamps.co.uk", true */ 'k', 'a', 'l', 'e', 'v', 'l', 'a', 'm', 'p', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kaliaa.fi", true */ 'k', 'a', 'l', 'i', 'a', 'a', '.', 'f', 'i', '\0', + /* "kalian.cz", true */ 'k', 'a', 'l', 'i', 'a', 'n', '.', 'c', 'z', '\0', + /* "kalifornien-tourismus.de", true */ 'k', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'e', 'n', '-', 't', 'o', 'u', 'r', 'i', 's', 'm', 'u', 's', '.', 'd', 'e', '\0', + /* "kall.is", true */ 'k', 'a', 'l', 'l', '.', 'i', 's', '\0', + /* "kallies-net.de", true */ 'k', 'a', 'l', 'l', 'i', 'e', 's', '-', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "kalmar.com", true */ 'k', 'a', 'l', 'm', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "kalsbouncies.com", true */ 'k', 'a', 'l', 's', 'b', 'o', 'u', 'n', 'c', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "kaltenbrunner.it", true */ 'k', 'a', 'l', 't', 'e', 'n', 'b', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'i', 't', '\0', + /* "kalterersee.ch", true */ 'k', 'a', 'l', 't', 'e', 'r', 'e', 'r', 's', 'e', 'e', '.', 'c', 'h', '\0', + /* "kamalame.co", true */ 'k', 'a', 'm', 'a', 'l', 'a', 'm', 'e', '.', 'c', 'o', '\0', + /* "kamikaichimaru.com", true */ 'k', 'a', 'm', 'i', 'k', 'a', 'i', 'c', 'h', 'i', 'm', 'a', 'r', 'u', '.', 'c', 'o', 'm', '\0', + /* "kamikatse.net", true */ 'k', 'a', 'm', 'i', 'k', 'a', 't', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "kamixa.se", true */ 'k', 'a', 'm', 'i', 'x', 'a', '.', 's', 'e', '\0', + /* "kana.me", true */ 'k', 'a', 'n', 'a', '.', 'm', 'e', '\0', + /* "kanaete-uranai.com", true */ 'k', 'a', 'n', 'a', 'e', 't', 'e', '-', 'u', 'r', 'a', 'n', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "kanagawachuo-hospital.jp", true */ 'k', 'a', 'n', 'a', 'g', 'a', 'w', 'a', 'c', 'h', 'u', 'o', '-', 'h', 'o', 's', 'p', 'i', 't', 'a', 'l', '.', 'j', 'p', '\0', + /* "kanal-schaefer.de", true */ 'k', 'a', 'n', 'a', 'l', '-', 's', 'c', 'h', 'a', 'e', 'f', 'e', 'r', '.', 'd', 'e', '\0', + /* "kanal-tv-haensch.de", true */ 'k', 'a', 'n', 'a', 'l', '-', 't', 'v', '-', 'h', 'a', 'e', 'n', 's', 'c', 'h', '.', 'd', 'e', '\0', + /* "kanar.nl", true */ 'k', 'a', 'n', 'a', 'r', '.', 'n', 'l', '\0', + /* "kancolle.me", true */ 'k', 'a', 'n', 'c', 'o', 'l', 'l', 'e', '.', 'm', 'e', '\0', + /* "kandalife.com", true */ 'k', 'a', 'n', 'd', 'a', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "kandec.co.jp", true */ 'k', 'a', 'n', 'd', 'e', 'c', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "kanecastles.com", true */ 'k', 'a', 'n', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "kanehusky.com", true */ 'k', 'a', 'n', 'e', 'h', 'u', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "kangaroo-bouncycastle.co.uk", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', '-', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kangarooislandholidayaccommodation.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'i', 's', 'l', 'a', 'n', 'd', 'h', 'o', 'l', 'i', 'd', 'a', 'y', 'a', 'c', 'c', 'o', 'm', 'm', 'o', 'd', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "kangaroojacks.co.uk", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'j', 'a', 'c', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kangaroos.org", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 's', '.', 'o', 'r', 'g', '\0', + /* "kangaroovalleykayaks.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'k', 'a', 'y', 'a', 'k', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "kangaroovalleymuseum.com", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'm', 'u', 's', 'e', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "kangaroovalleyolives.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'o', 'l', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "kangaroovalleyshow.org.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 's', 'h', 'o', 'w', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "kangaroovalleywoodcrafts.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'w', 'o', 'o', 'd', 'c', 'r', 'a', 'f', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "kangkai.me", true */ 'k', 'a', 'n', 'g', 'k', 'a', 'i', '.', 'm', 'e', '\0', + /* "kangooroule.fr", true */ 'k', 'a', 'n', 'g', 'o', 'o', 'r', 'o', 'u', 'l', 'e', '.', 'f', 'r', '\0', + /* "kanis.ag", true */ 'k', 'a', 'n', 'i', 's', '.', 'a', 'g', '\0', + /* "kankimaru.com", true */ 'k', 'a', 'n', 'k', 'i', 'm', 'a', 'r', 'u', '.', 'c', 'o', 'm', '\0', + /* "kanmitao.com", true */ 'k', 'a', 'n', 'm', 'i', 't', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "kanna.cf", true */ 'k', 'a', 'n', 'n', 'a', '.', 'c', 'f', '\0', + /* "kannchen.de", true */ 'k', 'a', 'n', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "kanotijd.nl", true */ 'k', 'a', 'n', 'o', 't', 'i', 'j', 'd', '.', 'n', 'l', '\0', + /* "kansaiyamamoto.jp", true */ 'k', 'a', 'n', 's', 'a', 'i', 'y', 'a', 'm', 'a', 'm', 'o', 't', 'o', '.', 'j', 'p', '\0', + /* "kantankye.nl", true */ 'k', 'a', 'n', 't', 'a', 'n', 'k', 'y', 'e', '.', 'n', 'l', '\0', + /* "kantanmt.com", true */ 'k', 'a', 'n', 't', 'a', 'n', 'm', 't', '.', 'c', 'o', 'm', '\0', + /* "kantorad.io", true */ 'k', 'a', 'n', 't', 'o', 'r', 'a', 'd', '.', 'i', 'o', '\0', + /* "kantorkita.net", true */ 'k', 'a', 'n', 't', 'o', 'r', 'k', 'i', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "kantorosobisty.pl", true */ 'k', 'a', 'n', 't', 'o', 'r', 'o', 's', 'o', 'b', 'i', 's', 't', 'y', '.', 'p', 'l', '\0', + /* "kanuvu.de", true */ 'k', 'a', 'n', 'u', 'v', 'u', '.', 'd', 'e', '\0', + /* "kanzashi.com", true */ 'k', 'a', 'n', 'z', 'a', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "kanzlei-sixt.de", true */ 'k', 'a', 'n', 'z', 'l', 'e', 'i', '-', 's', 'i', 'x', 't', '.', 'd', 'e', '\0', + /* "kanzshop.com", true */ 'k', 'a', 'n', 'z', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "kaomojis.net", true */ 'k', 'a', 'o', 'm', 'o', 'j', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "kap-genial.de", true */ 'k', 'a', 'p', '-', 'g', 'e', 'n', 'i', 'a', 'l', '.', 'd', 'e', '\0', + /* "kapiorr.duckdns.org", true */ 'k', 'a', 'p', 'i', 'o', 'r', 'r', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "kappit.dk", true */ 'k', 'a', 'p', 'p', 'i', 't', '.', 'd', 'k', '\0', + /* "kapseli.net", true */ 'k', 'a', 'p', 's', 'e', 'l', 'i', '.', 'n', 'e', 't', '\0', + /* "kaptadata.com", true */ 'k', 'a', 'p', 't', 'a', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "kaptamedia.com", true */ 'k', 'a', 'p', 't', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "kara-fabian.com", true */ 'k', 'a', 'r', 'a', '-', 'f', 'a', 'b', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "karabas.com", true */ 'k', 'a', 'r', 'a', 'b', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "karabijnhaken.nl", false */ 'k', 'a', 'r', 'a', 'b', 'i', 'j', 'n', 'h', 'a', 'k', 'e', 'n', '.', 'n', 'l', '\0', + /* "karachi.dating", true */ 'k', 'a', 'r', 'a', 'c', 'h', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "karamomo.net", true */ 'k', 'a', 'r', 'a', 'm', 'o', 'm', 'o', '.', 'n', 'e', 't', '\0', + /* "karanjthakkar.com", true */ 'k', 'a', 'r', 'a', 'n', 'j', 't', 'h', 'a', 'k', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "karasik.by", true */ 'k', 'a', 'r', 'a', 's', 'i', 'k', '.', 'b', 'y', '\0', + /* "karateka.org", true */ 'k', 'a', 'r', 'a', 't', 'e', 'k', 'a', '.', 'o', 'r', 'g', '\0', + /* "karateka.ru", true */ 'k', 'a', 'r', 'a', 't', 'e', 'k', 'a', '.', 'r', 'u', '\0', + /* "karatorian.org", true */ 'k', 'a', 'r', 'a', 't', 'o', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "kardize24.pl", true */ 'k', 'a', 'r', 'd', 'i', 'z', 'e', '2', '4', '.', 'p', 'l', '\0', + /* "karguine.in", true */ 'k', 'a', 'r', 'g', 'u', 'i', 'n', 'e', '.', 'i', 'n', '\0', + /* "karhm.com", true */ 'k', 'a', 'r', 'h', 'm', '.', 'c', 'o', 'm', '\0', + /* "karhukamera.com", true */ 'k', 'a', 'r', 'h', 'u', 'k', 'a', 'm', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "karina.gd", true */ 'k', 'a', 'r', 'i', 'n', 'a', '.', 'g', 'd', '\0', + /* "karit.nz", true */ 'k', 'a', 'r', 'i', 't', '.', 'n', 'z', '\0', + /* "karjala-ski.ru", true */ 'k', 'a', 'r', 'j', 'a', 'l', 'a', '-', 's', 'k', 'i', '.', 'r', 'u', '\0', + /* "karlbowden.com", true */ 'k', 'a', 'r', 'l', 'b', 'o', 'w', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "karlis-kavacis.id.lv", true */ 'k', 'a', 'r', 'l', 'i', 's', '-', 'k', 'a', 'v', 'a', 'c', 'i', 's', '.', 'i', 'd', '.', 'l', 'v', '\0', + /* "karlsmithmn.org", true */ 'k', 'a', 'r', 'l', 's', 'm', 'i', 't', 'h', 'm', 'n', '.', 'o', 'r', 'g', '\0', + /* "karlstabo.se", true */ 'k', 'a', 'r', 'l', 's', 't', 'a', 'b', 'o', '.', 's', 'e', '\0', + /* "karlzotter.com", true */ 'k', 'a', 'r', 'l', 'z', 'o', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "karmaassurance.ca", true */ 'k', 'a', 'r', 'm', 'a', 'a', 's', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'a', '\0', + /* "karmabaker.com", true */ 'k', 'a', 'r', 'm', 'a', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "karmaflux.com", true */ 'k', 'a', 'r', 'm', 'a', 'f', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "karmainsurance.ca", true */ 'k', 'a', 'r', 'm', 'a', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'a', '\0', + /* "karmaplatform.com", true */ 'k', 'a', 'r', 'm', 'a', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "karmaspa.se", true */ 'k', 'a', 'r', 'm', 'a', 's', 'p', 'a', '.', 's', 'e', '\0', + /* "karmic.com", true */ 'k', 'a', 'r', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "karn.nu", true */ 'k', 'a', 'r', 'n', '.', 'n', 'u', '\0', + /* "karneid.info", true */ 'k', 'a', 'r', 'n', 'e', 'i', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "karpanhellas.com", false */ 'k', 'a', 'r', 'p', 'a', 'n', 'h', 'e', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "kartacha.com", true */ 'k', 'a', 'r', 't', 'a', 'c', 'h', 'a', '.', 'c', 'o', 'm', '\0', + /* "kartec.com", true */ 'k', 'a', 'r', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "kartonmodellbau.org", true */ 'k', 'a', 'r', 't', 'o', 'n', 'm', 'o', 'd', 'e', 'l', 'l', 'b', 'a', 'u', '.', 'o', 'r', 'g', '\0', + /* "kasadara.com", true */ 'k', 'a', 's', 'a', 'd', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "kasei.im", true */ 'k', 'a', 's', 'e', 'i', '.', 'i', 'm', '\0', + /* "kashis.com.au", true */ 'k', 'a', 's', 'h', 'i', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "kashmirobserver.net", true */ 'k', 'a', 's', 'h', 'm', 'i', 'r', 'o', 'b', 's', 'e', 'r', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "kasilag.me", false */ 'k', 'a', 's', 'i', 'l', 'a', 'g', '.', 'm', 'e', '\0', + /* "kasko.io", true */ 'k', 'a', 's', 'k', 'o', '.', 'i', 'o', '\0', + /* "kasnoffskinclinic.com", true */ 'k', 'a', 's', 'n', 'o', 'f', 'f', 's', 'k', 'i', 'n', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "kassa.at", true */ 'k', 'a', 's', 's', 'a', '.', 'a', 't', '\0', + /* "kastankaoffice.cz", true */ 'k', 'a', 's', 't', 'a', 'n', 'k', 'a', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'z', '\0', + /* "kastelruth.biz", true */ 'k', 'a', 's', 't', 'e', 'l', 'r', 'u', 't', 'h', '.', 'b', 'i', 'z', '\0', + /* "kat.al", true */ 'k', 'a', 't', '.', 'a', 'l', '\0', + /* "katalogbutikker.dk", true */ 'k', 'a', 't', 'a', 'l', 'o', 'g', 'b', 'u', 't', 'i', 'k', 'k', 'e', 'r', '.', 'd', 'k', '\0', + /* "katata-kango.ac.jp", true */ 'k', 'a', 't', 'a', 't', 'a', '-', 'k', 'a', 'n', 'g', 'o', '.', 'a', 'c', '.', 'j', 'p', '\0', + /* "katedra.de", true */ 'k', 'a', 't', 'e', 'd', 'r', 'a', '.', 'd', 'e', '\0', + /* "kateduggan.net", true */ 'k', 'a', 't', 'e', 'd', 'u', 'g', 'g', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "kateenzenauer.com", true */ 'k', 'a', 't', 'e', 'e', 'n', 'z', 'e', 'n', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "katekligys.com", true */ 'k', 'a', 't', 'e', 'k', 'l', 'i', 'g', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "katemarsh.com", true */ 'k', 'a', 't', 'e', 'm', 'a', 'r', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "katericke.com", true */ 'k', 'a', 't', 'e', 'r', 'i', 'c', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "kathardt.de", true */ 'k', 'a', 't', 'h', 'a', 'r', 'd', 't', '.', 'd', 'e', '\0', + /* "kathegiraldo.com", true */ 'k', 'a', 't', 'h', 'e', 'g', 'i', 'r', 'a', 'l', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "kati-raumplaner.de", true */ 'k', 'a', 't', 'i', '-', 'r', 'a', 'u', 'm', 'p', 'l', 'a', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "katiechai.xyz", true */ 'k', 'a', 't', 'i', 'e', 'c', 'h', 'a', 'i', '.', 'x', 'y', 'z', '\0', + /* "katieskandy.co.uk", true */ 'k', 'a', 't', 'i', 'e', 's', 'k', 'a', 'n', 'd', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "katieskastles.co.uk", true */ 'k', 'a', 't', 'i', 'e', 's', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "katja-nikolic-design.de", true */ 'k', 'a', 't', 'j', 'a', '-', 'n', 'i', 'k', 'o', 'l', 'i', 'c', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0', + /* "katka.info", true */ 'k', 'a', 't', 'k', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "katnunn.co.uk", true */ 'k', 'a', 't', 'n', 'u', 'n', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kato-yane.com", true */ 'k', 'a', 't', 'o', '-', 'y', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "katscastles.co.uk", true */ 'k', 'a', 't', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kattelans.eu", true */ 'k', 'a', 't', 't', 'e', 'l', 'a', 'n', 's', '.', 'e', 'u', '\0', + /* "kattenfun.be", true */ 'k', 'a', 't', 't', 'e', 'n', 'f', 'u', 'n', '.', 'b', 'e', '\0', + /* "kattenfun.nl", true */ 'k', 'a', 't', 't', 'e', 'n', 'f', 'u', 'n', '.', 'n', 'l', '\0', + /* "katyl.info", false */ 'k', 'a', 't', 'y', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "katzspeech.com", true */ 'k', 'a', 't', 'z', 's', 'p', 'e', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "kau-boys.com", true */ 'k', 'a', 'u', '-', 'b', 'o', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "kau-boys.de", true */ 'k', 'a', 'u', '-', 'b', 'o', 'y', 's', '.', 'd', 'e', '\0', + /* "kaufberatung.community", true */ 'k', 'a', 'u', 'f', 'b', 'e', 'r', 'a', 't', 'u', 'n', 'g', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0', + /* "kauperwood.ovh", true */ 'k', 'a', 'u', 'p', 'e', 'r', 'w', 'o', 'o', 'd', '.', 'o', 'v', 'h', '\0', + /* "kausta.me", true */ 'k', 'a', 'u', 's', 't', 'a', '.', 'm', 'e', '\0', + /* "kavik.no", true */ 'k', 'a', 'v', 'i', 'k', '.', 'n', 'o', '\0', + /* "kavovary-kava.cz", true */ 'k', 'a', 'v', 'o', 'v', 'a', 'r', 'y', '-', 'k', 'a', 'v', 'a', '.', 'c', 'z', '\0', + /* "kawaiii.link", true */ 'k', 'a', 'w', 'a', 'i', 'i', 'i', '.', 'l', 'i', 'n', 'k', '\0', + /* "kaweus.de", true */ 'k', 'a', 'w', 'e', 'u', 's', '.', 'd', 'e', '\0', + /* "kayakabovegroundswimmingpools.com", true */ 'k', 'a', 'y', 'a', 'k', 'a', 'b', 'o', 'v', 'e', 'g', 'r', 'o', 'u', 'n', 'd', 's', 'w', 'i', 'm', 'm', 'i', 'n', 'g', 'p', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "kaydan.io", true */ 'k', 'a', 'y', 'd', 'a', 'n', '.', 'i', 'o', '\0', + /* "kayipmurekkep.com", true */ 'k', 'a', 'y', 'i', 'p', 'm', 'u', 'r', 'e', 'k', 'k', 'e', 'p', '.', 'c', 'o', 'm', '\0', + /* "kayleen.net", true */ 'k', 'a', 'y', 'l', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "kaylyn.ink", false */ 'k', 'a', 'y', 'l', 'y', 'n', '.', 'i', 'n', 'k', '\0', + /* "kayon.cf", true */ 'k', 'a', 'y', 'o', 'n', '.', 'c', 'f', '\0', + /* "kayscs.com", true */ 'k', 'a', 'y', 's', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "kaysis.gov.tr", true */ 'k', 'a', 'y', 's', 'i', 's', '.', 'g', 'o', 'v', '.', 't', 'r', '\0', + /* "kazamasion.com", true */ 'k', 'a', 'z', 'a', 'm', 'a', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "kazandaemon.ru", true */ 'k', 'a', 'z', 'a', 'n', 'd', 'a', 'e', 'm', 'o', 'n', '.', 'r', 'u', '\0', + /* "kazenojiyu.fr", true */ 'k', 'a', 'z', 'e', 'n', 'o', 'j', 'i', 'y', 'u', '.', 'f', 'r', '\0', + /* "kazu.click", true */ 'k', 'a', 'z', 'u', '.', 'c', 'l', 'i', 'c', 'k', '\0', + /* "kazuhirohigashi.com", true */ 'k', 'a', 'z', 'u', 'h', 'i', 'r', 'o', 'h', 'i', 'g', 'a', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "kazumi.ro", true */ 'k', 'a', 'z', 'u', 'm', 'i', '.', 'r', 'o', '\0', + /* "kazy111.info", true */ 'k', 'a', 'z', 'y', '1', '1', '1', '.', 'i', 'n', 'f', 'o', '\0', + /* "kb3.net", true */ 'k', 'b', '3', '.', 'n', 'e', 't', '\0', + /* "kba-online.de", true */ 'k', 'b', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "kbb-ev.de", true */ 'k', 'b', 'b', '-', 'e', 'v', '.', 'd', 'e', '\0', + /* "kbbouncycastlehire.co.uk", true */ 'k', 'b', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kbcequitas.hu", true */ 'k', 'b', 'c', 'e', 'q', 'u', 'i', 't', 'a', 's', '.', 'h', 'u', '\0', + /* "kbfl.org", true */ 'k', 'b', 'f', 'l', '.', 'o', 'r', 'g', '\0', + /* "kbit.dk", true */ 'k', 'b', 'i', 't', '.', 'd', 'k', '\0', + /* "kbjorklu.com", true */ 'k', 'b', 'j', 'o', 'r', 'k', 'l', 'u', '.', 'c', 'o', 'm', '\0', + /* "kbleventhire.co.uk", true */ 'k', 'b', 'l', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kc-holzfaeller.de", true */ 'k', 'c', '-', 'h', 'o', 'l', 'z', 'f', 'a', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "kc5mpk.com", true */ 'k', 'c', '5', 'm', 'p', 'k', '.', 'c', 'o', 'm', '\0', + /* "kcolford.com", true */ 'k', 'c', 'o', 'l', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "kcore.org", true */ 'k', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "kcptun.com", true */ 'k', 'c', 'p', 't', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "kcsordparticipation.org", true */ 'k', 'c', 's', 'o', 'r', 'd', 'p', 'a', 'r', 't', 'i', 'c', 'i', 'p', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "kd.net.nz", true */ 'k', 'd', '.', 'n', 'e', 't', '.', 'n', 'z', '\0', + /* "kdex.de", true */ 'k', 'd', 'e', 'x', '.', 'd', 'e', '\0', + /* "kdw.cloud", true */ 'k', 'd', 'w', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "kdyby.org", true */ 'k', 'd', 'y', 'b', 'y', '.', 'o', 'r', 'g', '\0', + /* "ke7tlf.us", true */ 'k', 'e', '7', 't', 'l', 'f', '.', 'u', 's', '\0', + /* "keakon.net", true */ 'k', 'e', 'a', 'k', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "keaneokelley.com", true */ 'k', 'e', 'a', 'n', 'e', 'o', 'k', 'e', 'l', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "kearney.io", true */ 'k', 'e', 'a', 'r', 'n', 'e', 'y', '.', 'i', 'o', '\0', + /* "keartanddesign.com", true */ 'k', 'e', 'a', 'r', 't', 'a', 'n', 'd', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "keaysmillwork.com", true */ 'k', 'e', 'a', 'y', 's', 'm', 'i', 'l', 'l', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "keb.com.au", true */ 'k', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "keb.net.au", true */ 'k', 'e', 'b', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "kedarastudios.com", true */ 'k', 'e', 'd', 'a', 'r', 'a', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "kedibizworx.com", true */ 'k', 'e', 'd', 'i', 'b', 'i', 'z', 'w', 'o', 'r', 'x', '.', 'c', 'o', 'm', '\0', + /* "keechain.io", true */ 'k', 'e', 'e', 'c', 'h', 'a', 'i', 'n', '.', 'i', 'o', '\0', + /* "keeleysam.com", true */ 'k', 'e', 'e', 'l', 'e', 'y', 's', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "keepa.com", true */ 'k', 'e', 'e', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "keeperapp.com", true */ 'k', 'e', 'e', 'p', 'e', 'r', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "keeperklan.com", false */ 'k', 'e', 'e', 'p', 'e', 'r', 'k', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "keepersecurity.com", true */ 'k', 'e', 'e', 'p', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "keepiteasy.eu", true */ 'k', 'e', 'e', 'p', 'i', 't', 'e', 'a', 's', 'y', '.', 'e', 'u', '\0', + /* "keeweb.info", true */ 'k', 'e', 'e', 'w', 'e', 'b', '.', 'i', 'n', 'f', 'o', '\0', + /* "keezin.ga", true */ 'k', 'e', 'e', 'z', 'i', 'n', '.', 'g', 'a', '\0', + /* "keganthorrez.com", true */ 'k', 'e', 'g', 'a', 'n', 't', 'h', 'o', 'r', 'r', 'e', 'z', '.', 'c', 'o', 'm', '\0', + /* "kehlenbach.net", true */ 'k', 'e', 'h', 'l', 'e', 'n', 'b', 'a', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "keifel.de", true */ 'k', 'e', 'i', 'f', 'e', 'l', '.', 'd', 'e', '\0', + /* "kein-design.de", true */ 'k', 'e', 'i', 'n', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0', + /* "kein-fidget-spinner-werden.de", true */ 'k', 'e', 'i', 'n', '-', 'f', 'i', 'd', 'g', 'e', 't', '-', 's', 'p', 'i', 'n', 'n', 'e', 'r', '-', 'w', 'e', 'r', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "keinanung.nl", true */ 'k', 'e', 'i', 'n', 'a', 'n', 'u', 'n', 'g', '.', 'n', 'l', '\0', + /* "keinefilterblase.de", true */ 'k', 'e', 'i', 'n', 'e', 'f', 'i', 'l', 't', 'e', 'r', 'b', 'l', 'a', 's', 'e', '.', 'd', 'e', '\0', + /* "keisaku.org", true */ 'k', 'e', 'i', 's', 'a', 'k', 'u', '.', 'o', 'r', 'g', '\0', + /* "keishiando.com", true */ 'k', 'e', 'i', 's', 'h', 'i', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "keithws.net", true */ 'k', 'e', 'i', 't', 'h', 'w', 's', '.', 'n', 'e', 't', '\0', + /* "keke-shop.ch", true */ 'k', 'e', 'k', 'e', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0', + /* "kekku.li", true */ 'k', 'e', 'k', 'k', 'u', '.', 'l', 'i', '\0', + /* "keksi.io", true */ 'k', 'e', 'k', 's', 'i', '.', 'i', 'o', '\0', + /* "kekz.org", true */ 'k', 'e', 'k', 'z', '.', 'o', 'r', 'g', '\0', + /* "kela.jp", true */ 'k', 'e', 'l', 'a', '.', 'j', 'p', '\0', + /* "keldan.fo", true */ 'k', 'e', 'l', 'd', 'a', 'n', '.', 'f', 'o', '\0', + /* "kelgtermans-usedcars.be", true */ 'k', 'e', 'l', 'g', 't', 'e', 'r', 'm', 'a', 'n', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "kellyandantony.com", true */ 'k', 'e', 'l', 'l', 'y', 'a', 'n', 'd', 'a', 'n', 't', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "kellygrenard.com", true */ 'k', 'e', 'l', 'l', 'y', 'g', 'r', 'e', 'n', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "kellyskastles.co.uk", true */ 'k', 'e', 'l', 'l', 'y', 's', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kelmarsafety.com", true */ 'k', 'e', 'l', 'm', 'a', 'r', 's', 'a', 'f', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "kempkens.io", true */ 'k', 'e', 'm', 'p', 'k', 'e', 'n', 's', '.', 'i', 'o', '\0', + /* "kemptown.co.uk", true */ 'k', 'e', 'm', 'p', 't', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kemptown.com", true */ 'k', 'e', 'm', 'p', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "kemptown.net", true */ 'k', 'e', 'm', 'p', 't', 'o', 'w', 'n', '.', 'n', 'e', 't', '\0', + /* "ken-electric.com.br", true */ 'k', 'e', 'n', '-', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ken.fm", true */ 'k', 'e', 'n', '.', 'f', 'm', '\0', + /* "kenalsworld.com", true */ 'k', 'e', 'n', 'a', 'l', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "kenderbeton-magyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'b', 'e', 't', 'o', 'n', '-', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0', + /* "kenderbetonmagyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'b', 'e', 't', 'o', 'n', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0', + /* "kenderhaz-magyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'h', 'a', 'z', '-', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0', + /* "kenderhazmagyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'h', 'a', 'z', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0', + /* "kendra.io", true */ 'k', 'e', 'n', 'd', 'r', 'a', '.', 'i', 'o', '\0', + /* "kendu.si", true */ 'k', 'e', 'n', 'd', 'u', '.', 's', 'i', '\0', + /* "kengilmour.com", true */ 'k', 'e', 'n', 'g', 'i', 'l', 'm', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "kenguntokku.jp", true */ 'k', 'e', 'n', 'g', 'u', 'n', 't', 'o', 'k', 'k', 'u', '.', 'j', 'p', '\0', + /* "kennedy.ie", true */ 'k', 'e', 'n', 'n', 'e', 'd', 'y', '.', 'i', 'e', '\0', + /* "kenners.org", true */ 'k', 'e', 'n', 'n', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "kennethaasan.no", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 'a', 'a', 's', 'a', 'n', '.', 'n', 'o', '\0', + /* "kennethferguson.com", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 'f', 'e', 'r', 'g', 'u', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "kennethlim.me", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 'l', 'i', 'm', '.', 'm', 'e', '\0', + /* "kenneths.org", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 's', '.', 'o', 'r', 'g', '\0', + /* "kenny-peck.com", true */ 'k', 'e', 'n', 'n', 'y', '-', 'p', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "keno.im", true */ 'k', 'e', 'n', 'o', '.', 'i', 'm', '\0', + /* "kenoschwalb.com", true */ 'k', 'e', 'n', 'o', 's', 'c', 'h', 'w', 'a', 'l', 'b', '.', 'c', 'o', 'm', '\0', + /* "kenrogers.co", false */ 'k', 'e', 'n', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', '\0', + /* "kens.pics", true */ 'k', 'e', 'n', 's', '.', 'p', 'i', 'c', 's', '\0', + /* "kensbouncycastles.co.uk", true */ 'k', 'e', 'n', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kentec.net", true */ 'k', 'e', 'n', 't', 'e', 'c', '.', 'n', 'e', 't', '\0', + /* "kenterlis.gr", true */ 'k', 'e', 'n', 't', 'e', 'r', 'l', 'i', 's', '.', 'g', 'r', '\0', + /* "keops-spine.fr", true */ 'k', 'e', 'o', 'p', 's', '-', 's', 'p', 'i', 'n', 'e', '.', 'f', 'r', '\0', + /* "keops-spine.us", true */ 'k', 'e', 'o', 'p', 's', '-', 's', 'p', 'i', 'n', 'e', '.', 'u', 's', '\0', + /* "kepler-seminar.de", true */ 'k', 'e', 'p', 'l', 'e', 'r', '-', 's', 'e', 'm', 'i', 'n', 'a', 'r', '.', 'd', 'e', '\0', + /* "kerebro.com", true */ 'k', 'e', 'r', 'e', 'b', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "kerem.xyz", true */ 'k', 'e', 'r', 'e', 'm', '.', 'x', 'y', 'z', '\0', + /* "kerforhome.com", true */ 'k', 'e', 'r', 'f', 'o', 'r', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "kerijacoby.com", true */ 'k', 'e', 'r', 'i', 'j', 'a', 'c', 'o', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "kermadec.com", true */ 'k', 'e', 'r', 'm', 'a', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "kernel-error.de", true */ 'k', 'e', 'r', 'n', 'e', 'l', '-', 'e', 'r', 'r', 'o', 'r', '.', 'd', 'e', '\0', + /* "kernelpanics.nl", true */ 'k', 'e', 'r', 'n', 'e', 'l', 'p', 'a', 'n', 'i', 'c', 's', '.', 'n', 'l', '\0', + /* "kerrfrequencycombs.org", true */ 'k', 'e', 'r', 'r', 'f', 'r', 'e', 'q', 'u', 'e', 'n', 'c', 'y', 'c', 'o', 'm', 'b', 's', '.', 'o', 'r', 'g', '\0', + /* "kerstkaart.nl", true */ 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', '.', 'n', 'l', '\0', + /* "kerus.net", true */ 'k', 'e', 'r', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "keshausconsulting.com", true */ 'k', 'e', 's', 'h', 'a', 'u', 's', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "kessel-runners.com", true */ 'k', 'e', 's', 's', 'e', 'l', '-', 'r', 'u', 'n', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "kesslerwine.com", true */ 'k', 'e', 's', 's', 'l', 'e', 'r', 'w', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "kesteren.com", true */ 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "kesteren.org", true */ 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "ketamine.co.uk", true */ 'k', 'e', 't', 'a', 'm', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ketosecology.co.uk", true */ 'k', 'e', 't', 'o', 's', 'e', 'c', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kettner.com", true */ 'k', 'e', 't', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ketty-voyance.com", true */ 'k', 'e', 't', 't', 'y', '-', 'v', 'o', 'y', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "kevinapease.com", true */ 'k', 'e', 'v', 'i', 'n', 'a', 'p', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "kevinbusse.de", true */ 'k', 'e', 'v', 'i', 'n', 'b', 'u', 's', 's', 'e', '.', 'd', 'e', '\0', + /* "kevincox.ca", false */ 'k', 'e', 'v', 'i', 'n', 'c', 'o', 'x', '.', 'c', 'a', '\0', + /* "kevinfoley.cc", true */ 'k', 'e', 'v', 'i', 'n', 'f', 'o', 'l', 'e', 'y', '.', 'c', 'c', '\0', + /* "kevinfoley.org", true */ 'k', 'e', 'v', 'i', 'n', 'f', 'o', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0', + /* "kevinhill.nl", true */ 'k', 'e', 'v', 'i', 'n', 'h', 'i', 'l', 'l', '.', 'n', 'l', '\0', + /* "kevinkla.es", true */ 'k', 'e', 'v', 'i', 'n', 'k', 'l', 'a', '.', 'e', 's', '\0', + /* "kevinlocke.name", true */ 'k', 'e', 'v', 'i', 'n', 'l', 'o', 'c', 'k', 'e', '.', 'n', 'a', 'm', 'e', '\0', + /* "kevinmeijer.nl", true */ 'k', 'e', 'v', 'i', 'n', 'm', 'e', 'i', 'j', 'e', 'r', '.', 'n', 'l', '\0', + /* "kevinmorssink.nl", true */ 'k', 'e', 'v', 'i', 'n', 'm', 'o', 'r', 's', 's', 'i', 'n', 'k', '.', 'n', 'l', '\0', + /* "kevinpirnie.com", true */ 'k', 'e', 'v', 'i', 'n', 'p', 'i', 'r', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "kevinratcliff.com", true */ 'k', 'e', 'v', 'i', 'n', 'r', 'a', 't', 'c', 'l', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "kevinroebert.de", true */ 'k', 'e', 'v', 'i', 'n', 'r', 'o', 'e', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0', + /* "kevlar.pw", true */ 'k', 'e', 'v', 'l', 'a', 'r', '.', 'p', 'w', '\0', + /* "kevyn.lu", true */ 'k', 'e', 'v', 'y', 'n', '.', 'l', 'u', '\0', + /* "kewego.co.uk", true */ 'k', 'e', 'w', 'e', 'g', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "keybase.io", true */ 'k', 'e', 'y', 'b', 'a', 's', 'e', '.', 'i', 'o', '\0', + /* "keybored.me", true */ 'k', 'e', 'y', 'b', 'o', 'r', 'e', 'd', '.', 'm', 'e', '\0', + /* "keycdn.com", true */ 'k', 'e', 'y', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0', + /* "keycenter.com.br", true */ 'k', 'e', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "keycontainers.co.za", true */ 'k', 'e', 'y', 'c', 'o', 'n', 't', 'a', 'i', 'n', 'e', 'r', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "keyerror.com", true */ 'k', 'e', 'y', 'e', 'r', 'r', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "keyholdingservices.co.uk", true */ 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "keyihao.cn", true */ 'k', 'e', 'y', 'i', 'h', 'a', 'o', '.', 'c', 'n', '\0', + /* "keyinfo.io", true */ 'k', 'e', 'y', 'i', 'n', 'f', 'o', '.', 'i', 'o', '\0', + /* "keypersonins.com", true */ 'k', 'e', 'y', 'p', 'e', 'r', 's', 'o', 'n', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "keys.fedoraproject.org", true */ 'k', 'e', 'y', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "keystoneok.com", true */ 'k', 'e', 'y', 's', 't', 'o', 'n', 'e', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "keysupport.org", true */ 'k', 'e', 'y', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '\0', + /* "kf7joz.com", true */ 'k', 'f', '7', 'j', 'o', 'z', '.', 'c', 'o', 'm', '\0', + /* "kfv-kiel.de", false */ 'k', 'f', 'v', '-', 'k', 'i', 'e', 'l', '.', 'd', 'e', '\0', + /* "kfz-hantschel.de", true */ 'k', 'f', 'z', '-', 'h', 'a', 'n', 't', 's', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0', + /* "kgnk.ru", true */ 'k', 'g', 'n', 'k', '.', 'r', 'u', '\0', + /* "khanovaskola.cz", true */ 'k', 'h', 'a', 'n', 'o', 'v', 'a', 's', 'k', 'o', 'l', 'a', '.', 'c', 'z', '\0', + /* "khas.co.uk", true */ 'k', 'h', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "khasiatmanfaat.com", true */ 'k', 'h', 'a', 's', 'i', 'a', 't', 'm', 'a', 'n', 'f', 'a', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "kheshtar.pl", true */ 'k', 'h', 'e', 's', 'h', 't', 'a', 'r', '.', 'p', 'l', '\0', + /* "khetzal.info", true */ 'k', 'h', 'e', 't', 'z', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "khipu.com", true */ 'k', 'h', 'i', 'p', 'u', '.', 'c', 'o', 'm', '\0', + /* "khlee.net", true */ 'k', 'h', 'l', 'e', 'e', '.', 'n', 'e', 't', '\0', + /* "khmath.com", true */ 'k', 'h', 'm', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "khmb.ru", true */ 'k', 'h', 'm', 'b', '.', 'r', 'u', '\0', + /* "khoury-dulla.ch", true */ 'k', 'h', 'o', 'u', 'r', 'y', '-', 'd', 'u', 'l', 'l', 'a', '.', 'c', 'h', '\0', + /* "khs1994.com", true */ 'k', 'h', 's', '1', '9', '9', '4', '.', 'c', 'o', 'm', '\0', + /* "kiadoapartman.hu", true */ 'k', 'i', 'a', 'd', 'o', 'a', 'p', 'a', 'r', 't', 'm', 'a', 'n', '.', 'h', 'u', '\0', + /* "kiahoriane.com", true */ 'k', 'i', 'a', 'h', 'o', 'r', 'i', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "kiano.net", true */ 'k', 'i', 'a', 'n', 'o', '.', 'n', 'e', 't', '\0', + /* "kiapartscenter.net", true */ 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "kiapartsdepartment.com", true */ 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', 'd', 'e', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "kiapps.ovh", true */ 'k', 'i', 'a', 'p', 'p', 's', '.', 'o', 'v', 'h', '\0', + /* "kibibit.net", true */ 'k', 'i', 'b', 'i', 'b', 'i', 't', '.', 'n', 'e', 't', '\0', + /* "kibriscicek.net", true */ 'k', 'i', 'b', 'r', 'i', 's', 'c', 'i', 'c', 'e', 'k', '.', 'n', 'e', 't', '\0', + /* "kick-in.nl", true */ 'k', 'i', 'c', 'k', '-', 'i', 'n', '.', 'n', 'l', '\0', + /* "kickasscanadians.ca", true */ 'k', 'i', 'c', 'k', 'a', 's', 's', 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 's', '.', 'c', 'a', '\0', + /* "kickedmycat.com", true */ 'k', 'i', 'c', 'k', 'e', 'd', 'm', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "kickerplaza.nl", true */ 'k', 'i', 'c', 'k', 'e', 'r', 'p', 'l', 'a', 'z', 'a', '.', 'n', 'l', '\0', + /* "kiddyboom.ua", true */ 'k', 'i', 'd', 'd', 'y', 'b', 'o', 'o', 'm', '.', 'u', 'a', '\0', + /* "kids-at-home.ch", true */ 'k', 'i', 'd', 's', '-', 'a', 't', '-', 'h', 'o', 'm', 'e', '.', 'c', 'h', '\0', + /* "kids-castles.com", true */ 'k', 'i', 'd', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "kidsforsavingearth.org", true */ 'k', 'i', 'd', 's', 'f', 'o', 'r', 's', 'a', 'v', 'i', 'n', 'g', 'e', 'a', 'r', 't', 'h', '.', 'o', 'r', 'g', '\0', + /* "kidsinwoods-interfacesouth.org", true */ 'k', 'i', 'd', 's', 'i', 'n', 'w', 'o', 'o', 'd', 's', '-', 'i', 'n', 't', 'e', 'r', 'f', 'a', 'c', 'e', 's', 'o', 'u', 't', 'h', '.', 'o', 'r', 'g', '\0', + /* "kidsmark.net", true */ 'k', 'i', 'd', 's', 'm', 'a', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "kidsneversleep.com", true */ 'k', 'i', 'd', 's', 'n', 'e', 'v', 'e', 'r', 's', 'l', 'e', 'e', 'p', '.', 'c', 'o', 'm', '\0', + /* "kidsplay-plymouth.co.uk", true */ 'k', 'i', 'd', 's', 'p', 'l', 'a', 'y', '-', 'p', 'l', 'y', 'm', 'o', 'u', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kidsplaybouncycastles.co.uk", true */ 'k', 'i', 'd', 's', 'p', 'l', 'a', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kidswallstickers.com.au", true */ 'k', 'i', 'd', 's', 'w', 'a', 'l', 'l', 's', 't', 'i', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "kidtoyshop.ru", true */ 'k', 'i', 'd', 't', 'o', 'y', 's', 'h', 'o', 'p', '.', 'r', 'u', '\0', + /* "kidzpartiesllp.co.uk", true */ 'k', 'i', 'd', 'z', 'p', 'a', 'r', 't', 'i', 'e', 's', 'l', 'l', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kidzsmile.co.uk", true */ 'k', 'i', 'd', 'z', 's', 'm', 'i', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kiebel.de", true */ 'k', 'i', 'e', 'b', 'e', 'l', '.', 'd', 'e', '\0', + /* "kiefer-networks.de", true */ 'k', 'i', 'e', 'f', 'e', 'r', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0', + /* "kiehls.pt", true */ 'k', 'i', 'e', 'h', 'l', 's', '.', 'p', 't', '\0', + /* "kiekin.org", true */ 'k', 'i', 'e', 'k', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "kiekko.pro", true */ 'k', 'i', 'e', 'k', 'k', 'o', '.', 'p', 'r', 'o', '\0', + /* "kiel-kind.de", true */ 'k', 'i', 'e', 'l', '-', 'k', 'i', 'n', 'd', '.', 'd', 'e', '\0', + /* "kielderweather.org.uk", true */ 'k', 'i', 'e', 'l', 'd', 'e', 'r', 'w', 'e', 'a', 't', 'h', 'e', 'r', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "kienlen.org", true */ 'k', 'i', 'e', 'n', 'l', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "kiesuwkerstkaart.nl", true */ 'k', 'i', 'e', 's', 'u', 'w', 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', '.', 'n', 'l', '\0', + /* "kiffmarks.com", true */ 'k', 'i', 'f', 'f', 'm', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "kigmbh.com", true */ 'k', 'i', 'g', 'm', 'b', 'h', '.', 'c', 'o', 'm', '\0', + /* "kikbb.com", true */ 'k', 'i', 'k', 'b', 'b', '.', 'c', 'o', 'm', '\0', + /* "kiki-voice.jp", true */ 'k', 'i', 'k', 'i', '-', 'v', 'o', 'i', 'c', 'e', '.', 'j', 'p', '\0', + /* "kiku.pw", true */ 'k', 'i', 'k', 'u', '.', 'p', 'w', '\0', + /* "kikuzuki.org", true */ 'k', 'i', 'k', 'u', 'z', 'u', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "kilerd.me", true */ 'k', 'i', 'l', 'e', 'r', 'd', '.', 'm', 'e', '\0', + /* "kilianvalkhof.com", true */ 'k', 'i', 'l', 'i', 'a', 'n', 'v', 'a', 'l', 'k', 'h', 'o', 'f', '.', 'c', 'o', 'm', '\0', + /* "kill-paff.com", true */ 'k', 'i', 'l', 'l', '-', 'p', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "killaraapartments.com.au", true */ 'k', 'i', 'l', 'l', 'a', 'r', 'a', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "killerit.in", true */ 'k', 'i', 'l', 'l', 'e', 'r', 'i', 't', '.', 'i', 'n', '\0', + /* "killerrobots.com", true */ 'k', 'i', 'l', 'l', 'e', 'r', 'r', 'o', 'b', 'o', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "killymoonbouncycastles.com", true */ 'k', 'i', 'l', 'l', 'y', 'm', 'o', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "kilobyte22.de", true */ 'k', 'i', 'l', 'o', 'b', 'y', 't', 'e', '2', '2', '.', 'd', 'e', '\0', + /* "kilogram.nl", true */ 'k', 'i', 'l', 'o', 'g', 'r', 'a', 'm', '.', 'n', 'l', '\0', + /* "kilometertje.nl", true */ 'k', 'i', 'l', 'o', 'm', 'e', 't', 'e', 'r', 't', 'j', 'e', '.', 'n', 'l', '\0', + /* "kimamass.com", true */ 'k', 'i', 'm', 'a', 'm', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "kimiris.com", true */ 'k', 'i', 'm', 'i', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "kimisia.net", true */ 'k', 'i', 'm', 'i', 's', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "kimmel.com", true */ 'k', 'i', 'm', 'm', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "kimmel.in", true */ 'k', 'i', 'm', 'm', 'e', 'l', '.', 'i', 'n', '\0', + /* "kimoota.net", false */ 'k', 'i', 'm', 'o', 'o', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "kimotodental.com", true */ 'k', 'i', 'm', 'o', 't', 'o', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "kimscrazeecastles.co.uk", true */ 'k', 'i', 'm', 's', 'c', 'r', 'a', 'z', 'e', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kimsufi-jordi.tk", true */ 'k', 'i', 'm', 's', 'u', 'f', 'i', '-', 'j', 'o', 'r', 'd', 'i', '.', 't', 'k', '\0', + /* "kin.pet", true */ 'k', 'i', 'n', '.', 'p', 'e', 't', '\0', + /* "kinderbasar-luhe.de", true */ 'k', 'i', 'n', 'd', 'e', 'r', 'b', 'a', 's', 'a', 'r', '-', 'l', 'u', 'h', 'e', '.', 'd', 'e', '\0', + /* "kinderbuecher-kostenlos.de", true */ 'k', 'i', 'n', 'd', 'e', 'r', 'b', 'u', 'e', 'c', 'h', 'e', 'r', '-', 'k', 'o', 's', 't', 'e', 'n', 'l', 'o', 's', '.', 'd', 'e', '\0', + /* "kinderopvangengeltjes.nl", true */ 'k', 'i', 'n', 'd', 'e', 'r', 'o', 'p', 'v', 'a', 'n', 'g', 'e', 'n', 'g', 'e', 'l', 't', 'j', 'e', 's', '.', 'n', 'l', '\0', + /* "kindleworth.com", true */ 'k', 'i', 'n', 'd', 'l', 'e', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "kinepolis-studio.be", true */ 'k', 'i', 'n', 'e', 'p', 'o', 'l', 'i', 's', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'b', 'e', '\0', + /* "kinetiq.com", true */ 'k', 'i', 'n', 'e', 't', 'i', 'q', '.', 'c', 'o', 'm', '\0', + /* "kineto.space", true */ 'k', 'i', 'n', 'e', 't', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "king-henris-castles.co.uk", true */ 'k', 'i', 'n', 'g', '-', 'h', 'e', 'n', 'r', 'i', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "king-of-the-castles.com", true */ 'k', 'i', 'n', 'g', '-', 'o', 'f', '-', 't', 'h', 'e', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "kingant.net", true */ 'k', 'i', 'n', 'g', 'a', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "kinganywhere.eu", true */ 'k', 'i', 'n', 'g', 'a', 'n', 'y', 'w', 'h', 'e', 'r', 'e', '.', 'e', 'u', '\0', + /* "kingdomcrc.org", true */ 'k', 'i', 'n', 'g', 'd', 'o', 'm', 'c', 'r', 'c', '.', 'o', 'r', 'g', '\0', + /* "kingiescastles.co.uk", true */ 'k', 'i', 'n', 'g', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kinglaksa.com", false */ 'k', 'i', 'n', 'g', 'l', 'a', 'k', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "kingofshooting.com", true */ 'k', 'i', 'n', 'g', 'o', 'f', 's', 'h', 'o', 'o', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "kingofthecastlecoventry.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 'c', 'o', 'v', 'e', 'n', 't', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kingofthecastlesentertainments.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kingofthecastlesouthwales.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', 'o', 'u', 't', 'h', 'w', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kingofthecastlesrhyl.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', 'r', 'h', 'y', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kingpincages.com", true */ 'k', 'i', 'n', 'g', 'p', 'i', 'n', 'c', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "kingqueen.org.uk", true */ 'k', 'i', 'n', 'g', 'q', 'u', 'e', 'e', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "kingstclinic.com", true */ 'k', 'i', 'n', 'g', 's', 't', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "kingtecservices.com", true */ 'k', 'i', 'n', 'g', 't', 'e', 'c', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "kini24.ru", true */ 'k', 'i', 'n', 'i', '2', '4', '.', 'r', 'u', '\0', + /* "kinkenonline.com", true */ 'k', 'i', 'n', 'k', 'e', 'n', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "kinmunity.com", true */ 'k', 'i', 'n', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "kinnikinnick.com", true */ 'k', 'i', 'n', 'n', 'i', 'k', 'i', 'n', 'n', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "kinocheck.de", true */ 'k', 'i', 'n', 'o', 'c', 'h', 'e', 'c', 'k', '.', 'd', 'e', '\0', + /* "kinohled.cz", true */ 'k', 'i', 'n', 'o', 'h', 'l', 'e', 'd', '.', 'c', 'z', '\0', + /* "kinomoto.me", true */ 'k', 'i', 'n', 'o', 'm', 'o', 't', 'o', '.', 'm', 'e', '\0', + /* "kinomoto.ovh", true */ 'k', 'i', 'n', 'o', 'm', 'o', 't', 'o', '.', 'o', 'v', 'h', '\0', + /* "kinow.com", true */ 'k', 'i', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "kinozal-tv.appspot.com", true */ 'k', 'i', 'n', 'o', 'z', 'a', 'l', '-', 't', 'v', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "kinsights.com", false */ 'k', 'i', 'n', 's', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "kinsmenhomelottery.com", true */ 'k', 'i', 'n', 's', 'm', 'e', 'n', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "kintawifi.com", false */ 'k', 'i', 'n', 't', 'a', 'w', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0', + /* "kintone.com", true */ 'k', 'i', 'n', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "kintore.tv", true */ 'k', 'i', 'n', 't', 'o', 'r', 'e', '.', 't', 'v', '\0', + /* "kintzingerfilm.de", true */ 'k', 'i', 'n', 't', 'z', 'i', 'n', 'g', 'e', 'r', 'f', 'i', 'l', 'm', '.', 'd', 'e', '\0', + /* "kiocloud.com", true */ 'k', 'i', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "kionetworks.es", true */ 'k', 'i', 'o', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'e', 's', '\0', + /* "kippenbart.gq", true */ 'k', 'i', 'p', 'p', 'e', 'n', 'b', 'a', 'r', 't', '.', 'g', 'q', '\0', + /* "kipriakipita.gr", true */ 'k', 'i', 'p', 'r', 'i', 'a', 'k', 'i', 'p', 'i', 't', 'a', '.', 'g', 'r', '\0', + /* "kiraboshi.xyz", true */ 'k', 'i', 'r', 'a', 'b', 'o', 's', 'h', 'i', '.', 'x', 'y', 'z', '\0', + /* "kiragameforum.net", true */ 'k', 'i', 'r', 'a', 'g', 'a', 'm', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "kiraku.co", true */ 'k', 'i', 'r', 'a', 'k', 'u', '.', 'c', 'o', '\0', + /* "kirbear.com", true */ 'k', 'i', 'r', 'b', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "kirche-dortmund-ost.de", true */ 'k', 'i', 'r', 'c', 'h', 'e', '-', 'd', 'o', 'r', 't', 'm', 'u', 'n', 'd', '-', 'o', 's', 't', '.', 'd', 'e', '\0', + /* "kirchen-im-web.de", true */ 'k', 'i', 'r', 'c', 'h', 'e', 'n', '-', 'i', 'm', '-', 'w', 'e', 'b', '.', 'd', 'e', '\0', + /* "kirchengemeinde-markt-erlbach.de", true */ 'k', 'i', 'r', 'c', 'h', 'e', 'n', 'g', 'e', 'm', 'e', 'i', 'n', 'd', 'e', '-', 'm', 'a', 'r', 'k', 't', '-', 'e', 'r', 'l', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0', + /* "kircp.com", true */ 'k', 'i', 'r', 'c', 'p', '.', 'c', 'o', 'm', '\0', + /* "kirei.se", true */ 'k', 'i', 'r', 'e', 'i', '.', 's', 'e', '\0', + /* "kirig.ph", false */ 'k', 'i', 'r', 'i', 'g', '.', 'p', 'h', '\0', + /* "kirillpokrovsky.de", true */ 'k', 'i', 'r', 'i', 'l', 'l', 'p', 'o', 'k', 'r', 'o', 'v', 's', 'k', 'y', '.', 'd', 'e', '\0', + /* "kirinas.com", true */ 'k', 'i', 'r', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "kirkovsky.com", true */ 'k', 'i', 'r', 'k', 'o', 'v', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "kirrie.pe.kr", true */ 'k', 'i', 'r', 'r', 'i', 'e', '.', 'p', 'e', '.', 'k', 'r', '\0', + /* "kirsch-gestaltung.de", true */ 'k', 'i', 'r', 's', 'c', 'h', '-', 'g', 'e', 's', 't', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "kirschbaum.me", true */ 'k', 'i', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', '.', 'm', 'e', '\0', + /* "kirstenbos.ca", true */ 'k', 'i', 'r', 's', 't', 'e', 'n', 'b', 'o', 's', '.', 'c', 'a', '\0', + /* "kirstin-peters.de", true */ 'k', 'i', 'r', 's', 't', 'i', 'n', '-', 'p', 'e', 't', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "kis-toitoidixi.de", true */ 'k', 'i', 's', '-', 't', 'o', 'i', 't', 'o', 'i', 'd', 'i', 'x', 'i', '.', 'd', 'e', '\0', + /* "kisallatorvos.hu", true */ 'k', 'i', 's', 'a', 'l', 'l', 'a', 't', 'o', 'r', 'v', 'o', 's', '.', 'h', 'u', '\0', + /* "kisiselveri.com", true */ 'k', 'i', 's', 'i', 's', 'e', 'l', 'v', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "kissflow.com", true */ 'k', 'i', 's', 's', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "kissgyms.com", true */ 'k', 'i', 's', 's', 'g', 'y', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "kisskiss.ch", true */ 'k', 'i', 's', 's', 'k', 'i', 's', 's', '.', 'c', 'h', '\0', + /* "kisstube.tv", true */ 'k', 'i', 's', 's', 't', 'u', 'b', 'e', '.', 't', 'v', '\0', + /* "kitbag.com.au", true */ 'k', 'i', 't', 'b', 'a', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "kitchen-profi.by", true */ 'k', 'i', 't', 'c', 'h', 'e', 'n', '-', 'p', 'r', 'o', 'f', 'i', '.', 'b', 'y', '\0', + /* "kitchen-profi.com.ua", true */ 'k', 'i', 't', 'c', 'h', 'e', 'n', '-', 'p', 'r', 'o', 'f', 'i', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "kiteadventure.nl", true */ 'k', 'i', 't', 'e', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'n', 'l', '\0', + /* "kitegarage.eu", true */ 'k', 'i', 't', 'e', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'e', 'u', '\0', + /* "kiteschoolamsterdam.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'a', 'm', 's', 't', 'e', 'r', 'd', 'a', 'm', '.', 'n', 'l', '\0', + /* "kiteschooledam.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'e', 'd', 'a', 'm', '.', 'n', 'l', '\0', + /* "kiteschoolijmuiden.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'i', 'j', 'm', 'u', 'i', 'd', 'e', 'n', '.', 'n', 'l', '\0', + /* "kiteschoolkatwijk.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'k', 'a', 't', 'w', 'i', 'j', 'k', '.', 'n', 'l', '\0', + /* "kiteschoolnoordwijk.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'n', 'o', 'o', 'r', 'd', 'w', 'i', 'j', 'k', '.', 'n', 'l', '\0', + /* "kiteschoolschellinkhout.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 's', 'c', 'h', 'e', 'l', 'l', 'i', 'n', 'k', 'h', 'o', 'u', 't', '.', 'n', 'l', '\0', + /* "kiteschoolwijkaanzee.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'w', 'i', 'j', 'k', 'a', 'a', 'n', 'z', 'e', 'e', '.', 'n', 'l', '\0', + /* "kiteschoolzandvoort.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'z', 'a', 'n', 'd', 'v', 'o', 'o', 'r', 't', '.', 'n', 'l', '\0', + /* "kittmedia.com", true */ 'k', 'i', 't', 't', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "kittpress.com", true */ 'k', 'i', 't', 't', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "kittyhacker101.tk", true */ 'k', 'i', 't', 't', 'y', 'h', 'a', 'c', 'k', 'e', 'r', '1', '0', '1', '.', 't', 'k', '\0', + /* "kiwi.digital", true */ 'k', 'i', 'w', 'i', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "kiwi.global", true */ 'k', 'i', 'w', 'i', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0', + /* "kiwico.com", true */ 'k', 'i', 'w', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "kiwipayment.com", true */ 'k', 'i', 'w', 'i', 'p', 'a', 'y', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "kiwipayments.com", true */ 'k', 'i', 'w', 'i', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "kiwiplace.com", true */ 'k', 'i', 'w', 'i', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "kj-prince.com", true */ 'k', 'j', '-', 'p', 'r', 'i', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "kjaer.io", true */ 'k', 'j', 'a', 'e', 'r', '.', 'i', 'o', '\0', + /* "kjarni.cc", true */ 'k', 'j', 'a', 'r', 'n', 'i', '.', 'c', 'c', '\0', + /* "kjarrval.is", true */ 'k', 'j', 'a', 'r', 'r', 'v', 'a', 'l', '.', 'i', 's', '\0', + /* "kjellner.com", true */ 'k', 'j', 'e', 'l', 'l', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "kjellvn.net", true */ 'k', 'j', 'e', 'l', 'l', 'v', 'n', '.', 'n', 'e', 't', '\0', + /* "kk-neudorf-duissern.de", false */ 'k', 'k', '-', 'n', 'e', 'u', 'd', 'o', 'r', 'f', '-', 'd', 'u', 'i', 's', 's', 'e', 'r', 'n', '.', 'd', 'e', '\0', + /* "kkaefer.com", true */ 'k', 'k', 'a', 'e', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "kkaufmann.de", false */ 'k', 'k', 'a', 'u', 'f', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "kki.org", true */ 'k', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "kkovacs.eu", true */ 'k', 'k', 'o', 'v', 'a', 'c', 's', '.', 'e', 'u', '\0', + /* "kks-karlstadt.de", true */ 'k', 'k', 's', '-', 'k', 'a', 'r', 'l', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0', + /* "kksg.com", true */ 'k', 'k', 's', 'g', '.', 'c', 'o', 'm', '\0', + /* "kkyy.me", true */ 'k', 'k', 'y', 'y', '.', 'm', 'e', '\0', + /* "kkzxak47.com", true */ 'k', 'k', 'z', 'x', 'a', 'k', '4', '7', '.', 'c', 'o', 'm', '\0', + /* "kl-diaetist.dk", true */ 'k', 'l', '-', 'd', 'i', 'a', 'e', 't', 'i', 's', 't', '.', 'd', 'k', '\0', + /* "klaim.us", true */ 'k', 'l', 'a', 'i', 'm', '.', 'u', 's', '\0', + /* "klamathrestoration.gov", true */ 'k', 'l', 'a', 'm', 'a', 't', 'h', 'r', 'e', 's', 't', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0', + /* "klanggut.at", true */ 'k', 'l', 'a', 'n', 'g', 'g', 'u', 't', '.', 'a', 't', '\0', + /* "klares-licht.de", true */ 'k', 'l', 'a', 'r', 'e', 's', '-', 'l', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "klarika.com", true */ 'k', 'l', 'a', 'r', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "klarmobil-empfehlen.de", true */ 'k', 'l', 'a', 'r', 'm', 'o', 'b', 'i', 'l', '-', 'e', 'm', 'p', 'f', 'e', 'h', 'l', 'e', 'n', '.', 'd', 'e', '\0', + /* "klasfauseweh.de", true */ 'k', 'l', 'a', 's', 'f', 'a', 'u', 's', 'e', 'w', 'e', 'h', '.', 'd', 'e', '\0', + /* "klatschreime.de", true */ 'k', 'l', 'a', 't', 's', 'c', 'h', 'r', 'e', 'i', 'm', 'e', '.', 'd', 'e', '\0', + /* "klausbrinch.dk", true */ 'k', 'l', 'a', 'u', 's', 'b', 'r', 'i', 'n', 'c', 'h', '.', 'd', 'k', '\0', + /* "klausimas.lt", true */ 'k', 'l', 'a', 'u', 's', 'i', 'm', 'a', 's', '.', 'l', 't', '\0', + /* "klaver.it", true */ 'k', 'l', 'a', 'v', 'e', 'r', '.', 'i', 't', '\0', + /* "klaw.xyz", true */ 'k', 'l', 'a', 'w', '.', 'x', 'y', 'z', '\0', + /* "kle.cz", true */ 'k', 'l', 'e', '.', 'c', 'z', '\0', + /* "kleaning.by", true */ 'k', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'b', 'y', '\0', + /* "kleberstoff.xyz", true */ 'k', 'l', 'e', 'b', 'e', 'r', 's', 't', 'o', 'f', 'f', '.', 'x', 'y', 'z', '\0', + /* "klebetape.de", true */ 'k', 'l', 'e', 'b', 'e', 't', 'a', 'p', 'e', '.', 'd', 'e', '\0', + /* "kledingrekken.nl", true */ 'k', 'l', 'e', 'd', 'i', 'n', 'g', 'r', 'e', 'k', 'k', 'e', 'n', '.', 'n', 'l', '\0', + /* "kleidertauschpartys.de", true */ 'k', 'l', 'e', 'i', 'd', 'e', 'r', 't', 'a', 'u', 's', 'c', 'h', 'p', 'a', 'r', 't', 'y', 's', '.', 'd', 'e', '\0', + /* "kleine-dingen.nl", true */ 'k', 'l', 'e', 'i', 'n', 'e', '-', 'd', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "kleineanfragen.de", true */ 'k', 'l', 'e', 'i', 'n', 'e', 'a', 'n', 'f', 'r', 'a', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "kleinfein.co", true */ 'k', 'l', 'e', 'i', 'n', 'f', 'e', 'i', 'n', '.', 'c', 'o', '\0', + /* "kleinholding.com", true */ 'k', 'l', 'e', 'i', 'n', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "kleinreich.de", true */ 'k', 'l', 'e', 'i', 'n', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "kleinserienproduktion.com", true */ 'k', 'l', 'e', 'i', 'n', 's', 'e', 'r', 'i', 'e', 'n', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "kleinsys.com", true */ 'k', 'l', 'e', 'i', 'n', 's', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "kleteckova.cz", true */ 'k', 'l', 'e', 't', 'e', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0', + /* "klickstdu.com", true */ 'k', 'l', 'i', 'c', 'k', 's', 't', 'd', 'u', '.', 'c', 'o', 'm', '\0', + /* "kliemann.me", true */ 'k', 'l', 'i', 'e', 'm', 'a', 'n', 'n', '.', 'm', 'e', '\0', + /* "klif1.nl", true */ 'k', 'l', 'i', 'f', '1', '.', 'n', 'l', '\0', + /* "klimaloven.no", true */ 'k', 'l', 'i', 'm', 'a', 'l', 'o', 'v', 'e', 'n', '.', 'n', 'o', '\0', + /* "klimapartner.de", true */ 'k', 'l', 'i', 'm', 'a', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "klimapartner.net", true */ 'k', 'l', 'i', 'm', 'a', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "klimchuk.by", true */ 'k', 'l', 'i', 'm', 'c', 'h', 'u', 'k', '.', 'b', 'y', '\0', + /* "klimchuk.com", true */ 'k', 'l', 'i', 'm', 'c', 'h', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "klinikac.co.id", false */ 'k', 'l', 'i', 'n', 'i', 'k', 'a', 'c', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "klinkerstreet.com.ua", true */ 'k', 'l', 'i', 'n', 'k', 'e', 'r', 's', 't', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "klinknetz.de", true */ 'k', 'l', 'i', 'n', 'k', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "klm-huisjes.nl", true */ 'k', 'l', 'm', '-', 'h', 'u', 'i', 's', 'j', 'e', 's', '.', 'n', 'l', '\0', + /* "klmhouses.com", true */ 'k', 'l', 'm', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "klocker-ausserlechner.com", true */ 'k', 'l', 'o', 'c', 'k', 'e', 'r', '-', 'a', 'u', 's', 's', 'e', 'r', 'l', 'e', 'c', 'h', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "kloia.com", true */ 'k', 'l', 'o', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "klosko.net", true */ 'k', 'l', 'o', 's', 'k', 'o', '.', 'n', 'e', 't', '\0', + /* "klotz-labs.com", true */ 'k', 'l', 'o', 't', 'z', '-', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "kls-agency.com.ua", true */ 'k', 'l', 's', '-', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "klssn.com", true */ 'k', 'l', 's', 's', 'n', '.', 'c', 'o', 'm', '\0', + /* "kluck.me", true */ 'k', 'l', 'u', 'c', 'k', '.', 'm', 'e', '\0', + /* "klugemedia.de", true */ 'k', 'l', 'u', 'g', 'e', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0', + /* "klustekeningen.nl", true */ 'k', 'l', 'u', 's', 't', 'e', 'k', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "klustermedia.com", true */ 'k', 'l', 'u', 's', 't', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "klva.cz", true */ 'k', 'l', 'v', 'a', '.', 'c', 'z', '\0', + /* "km-net.pl", true */ 'k', 'm', '-', 'n', 'e', 't', '.', 'p', 'l', '\0', + /* "kmashworth.co.uk", true */ 'k', 'm', 'a', 's', 'h', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kmkz.jp", true */ 'k', 'm', 'k', 'z', '.', 'j', 'p', '\0', + /* "kmsci.com.ph", true */ 'k', 'm', 's', 'c', 'i', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0', + /* "kn007.net", true */ 'k', 'n', '0', '0', '7', '.', 'n', 'e', 't', '\0', + /* "knaake.net", true */ 'k', 'n', 'a', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0', + /* "knab-networks.com", true */ 'k', 'n', 'a', 'b', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "knapp.noip.me", true */ 'k', 'n', 'a', 'p', 'p', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0', + /* "knarcraft.net", true */ 'k', 'n', 'a', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "kncg.pw", true */ 'k', 'n', 'c', 'g', '.', 'p', 'w', '\0', + /* "kneblinghausen.de", true */ 'k', 'n', 'e', 'b', 'l', 'i', 'n', 'g', 'h', 'a', 'u', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "knegten-agilis.com", true */ 'k', 'n', 'e', 'g', 't', 'e', 'n', '-', 'a', 'g', 'i', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "knep.me", true */ 'k', 'n', 'e', 'p', '.', 'm', 'e', '\0', + /* "kngk-azs.ru", true */ 'k', 'n', 'g', 'k', '-', 'a', 'z', 's', '.', 'r', 'u', '\0', + /* "kngk-group.ru", true */ 'k', 'n', 'g', 'k', '-', 'g', 'r', 'o', 'u', 'p', '.', 'r', 'u', '\0', + /* "kngk-transavto.ru", true */ 'k', 'n', 'g', 'k', '-', 't', 'r', 'a', 'n', 's', 'a', 'v', 't', 'o', '.', 'r', 'u', '\0', + /* "kngk.org", true */ 'k', 'n', 'g', 'k', '.', 'o', 'r', 'g', '\0', + /* "kngkng.com", true */ 'k', 'n', 'g', 'k', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "kniga.market", true */ 'k', 'n', 'i', 'g', 'a', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0', + /* "knight-industries.org", true */ 'k', 'n', 'i', 'g', 'h', 't', '-', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "knightsblog.de", true */ 'k', 'n', 'i', 'g', 'h', 't', 's', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "knightsbridge.net", true */ 'k', 'n', 'i', 'g', 'h', 't', 's', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0', + /* "knip.ch", true */ 'k', 'n', 'i', 'p', '.', 'c', 'h', '\0', + /* "kniwweler.com", true */ 'k', 'n', 'i', 'w', 'w', 'e', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "knnet.ch", true */ 'k', 'n', 'n', 'e', 't', '.', 'c', 'h', '\0', + /* "knot-store.com", true */ 'k', 'n', 'o', 't', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "knowledgehook.com", true */ 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', 'h', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "knowlevillagecc.co.uk", true */ 'k', 'n', 'o', 'w', 'l', 'e', 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'c', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "knthost.com", true */ 'k', 'n', 't', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "knurps.de", true */ 'k', 'n', 'u', 'r', 'p', 's', '.', 'd', 'e', '\0', + /* "knutur.is", true */ 'k', 'n', 'u', 't', 'u', 'r', '.', 'i', 's', '\0', + /* "knygos.lt", true */ 'k', 'n', 'y', 'g', 'o', 's', '.', 'l', 't', '\0', + /* "ko-sys.com", true */ 'k', 'o', '-', 's', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "ko.si", true */ 'k', 'o', '.', 's', 'i', '\0', + /* "koalapress.fr", true */ 'k', 'o', 'a', 'l', 'a', 'p', 'r', 'e', 's', 's', '.', 'f', 'r', '\0', + /* "koalas.org", true */ 'k', 'o', 'a', 'l', 'a', 's', '.', 'o', 'r', 'g', '\0', + /* "kobezda.net", true */ 'k', 'o', 'b', 'e', 'z', 'd', 'a', '.', 'n', 'e', 't', '\0', + /* "kobieta.guru", true */ 'k', 'o', 'b', 'i', 'e', 't', 'a', '.', 'g', 'u', 'r', 'u', '\0', + /* "kobofarm.com", true */ 'k', 'o', 'b', 'o', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "koboldcraft.ch", true */ 'k', 'o', 'b', 'o', 'l', 'd', 'c', 'r', 'a', 'f', 't', '.', 'c', 'h', '\0', + /* "kobolya.hu", true */ 'k', 'o', 'b', 'o', 'l', 'y', 'a', '.', 'h', 'u', '\0', + /* "kodak-ism.com", true */ 'k', 'o', 'd', 'a', 'k', '-', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "kodden.com.br", true */ 'k', 'o', 'd', 'd', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "kode-it.de", true */ 'k', 'o', 'd', 'e', '-', 'i', 't', '.', 'd', 'e', '\0', + /* "kode.ch", true */ 'k', 'o', 'd', 'e', '.', 'c', 'h', '\0', + /* "koebbes.de", true */ 'k', 'o', 'e', 'b', 'b', 'e', 's', '.', 'd', 'e', '\0', + /* "koelbli.ch", true */ 'k', 'o', 'e', 'l', 'b', 'l', 'i', '.', 'c', 'h', '\0', + /* "koelnmafia.de", true */ 'k', 'o', 'e', 'l', 'n', 'm', 'a', 'f', 'i', 'a', '.', 'd', 'e', '\0', + /* "koenen-bau.de", true */ 'k', 'o', 'e', 'n', 'e', 'n', '-', 'b', 'a', 'u', '.', 'd', 'e', '\0', + /* "koenigsbrunner-tafel.de", true */ 'k', 'o', 'e', 'n', 'i', 'g', 's', 'b', 'r', 'u', 'n', 'n', 'e', 'r', '-', 't', 'a', 'f', 'e', 'l', '.', 'd', 'e', '\0', + /* "koerper-wie-seele.de", false */ 'k', 'o', 'e', 'r', 'p', 'e', 'r', '-', 'w', 'i', 'e', '-', 's', 'e', 'e', 'l', 'e', '.', 'd', 'e', '\0', + /* "koertner-muth.com", true */ 'k', 'o', 'e', 'r', 't', 'n', 'e', 'r', '-', 'm', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "koertner-muth.de", true */ 'k', 'o', 'e', 'r', 't', 'n', 'e', 'r', '-', 'm', 'u', 't', 'h', '.', 'd', 'e', '\0', + /* "koethen-markt.de", true */ 'k', 'o', 'e', 't', 'h', 'e', 'n', '-', 'm', 'a', 'r', 'k', 't', '.', 'd', 'e', '\0', + /* "koetjesenkanker.nl", true */ 'k', 'o', 'e', 't', 'j', 'e', 's', 'e', 'n', 'k', 'a', 'n', 'k', 'e', 'r', '.', 'n', 'l', '\0', + /* "kofler.info", true */ 'k', 'o', 'f', 'l', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "kogak.ninja", true */ 'k', 'o', 'g', 'a', 'k', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "kogi.fr", true */ 'k', 'o', 'g', 'i', '.', 'f', 'r', '\0', + /* "kogro.de", true */ 'k', 'o', 'g', 'r', 'o', '.', 'd', 'e', '\0', + /* "kogudesi.com", true */ 'k', 'o', 'g', 'u', 'd', 'e', 's', 'i', '.', 'c', 'o', 'm', '\0', + /* "koha.be", true */ 'k', 'o', 'h', 'a', '.', 'b', 'e', '\0', + /* "kohlistkool.tk", true */ 'k', 'o', 'h', 'l', 'i', 's', 't', 'k', 'o', 'o', 'l', '.', 't', 'k', '\0', + /* "koho.fi", true */ 'k', 'o', 'h', 'o', '.', 'f', 'i', '\0', + /* "kohsandra.com", true */ 'k', 'o', 'h', 's', 'a', 'n', 'd', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "koi-sama.net", true */ 'k', 'o', 'i', '-', 's', 'a', 'm', 'a', '.', 'n', 'e', 't', '\0', + /* "koifish.org", true */ 'k', 'o', 'i', 'f', 'i', 's', 'h', '.', 'o', 'r', 'g', '\0', + /* "kokensupport.com", true */ 'k', 'o', 'k', 'e', 'n', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "koketteriet.se", true */ 'k', 'o', 'k', 'e', 't', 't', 'e', 'r', 'i', 'e', 't', '.', 's', 'e', '\0', + /* "kokumoto.com", true */ 'k', 'o', 'k', 'u', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "koldanews.com", true */ 'k', 'o', 'l', 'd', 'a', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "kolin.org", true */ 'k', 'o', 'l', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "kolizaskrap.bg", true */ 'k', 'o', 'l', 'i', 'z', 'a', 's', 'k', 'r', 'a', 'p', '.', 'b', 'g', '\0', + /* "kolja-engelmann.de", true */ 'k', 'o', 'l', 'j', 'a', '-', 'e', 'n', 'g', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "kolkataflowermall.com", true */ 'k', 'o', 'l', 'k', 'a', 't', 'a', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "kollect.ie", true */ 'k', 'o', 'l', 'l', 'e', 'c', 't', '.', 'i', 'e', '\0', + /* "kollega.it", true */ 'k', 'o', 'l', 'l', 'e', 'g', 'a', '.', 'i', 't', '\0', + /* "kolmann.at", true */ 'k', 'o', 'l', 'm', 'a', 'n', 'n', '.', 'a', 't', '\0', + /* "kolmann.eu", true */ 'k', 'o', 'l', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0', + /* "koluke.co", true */ 'k', 'o', 'l', 'u', 'k', 'e', '.', 'c', 'o', '\0', + /* "koluke.com", true */ 'k', 'o', 'l', 'u', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "komandakovalchuk.com", false */ 'k', 'o', 'm', 'a', 'n', 'd', 'a', 'k', 'o', 'v', 'a', 'l', 'c', 'h', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "komicloud.com", true */ 'k', 'o', 'm', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "komidoc.com", true */ 'k', 'o', 'm', 'i', 'd', 'o', 'c', '.', 'c', 'o', 'm', '\0', + /* "kominfo.go.id", true */ 'k', 'o', 'm', 'i', 'n', 'f', 'o', '.', 'g', 'o', '.', 'i', 'd', '\0', + /* "kominfo.net", true */ 'k', 'o', 'm', 'i', 'n', 'f', 'o', '.', 'n', 'e', 't', '\0', + /* "kominki-sauny.pl", true */ 'k', 'o', 'm', 'i', 'n', 'k', 'i', '-', 's', 'a', 'u', 'n', 'y', '.', 'p', 'l', '\0', + /* "komintek.ru", true */ 'k', 'o', 'm', 'i', 'n', 't', 'e', 'k', '.', 'r', 'u', '\0', + /* "komischkeszeug.de", true */ 'k', 'o', 'm', 'i', 's', 'c', 'h', 'k', 'e', 's', 'z', 'e', 'u', 'g', '.', 'd', 'e', '\0', + /* "kommune42.org", true */ 'k', 'o', 'm', 'm', 'u', 'n', 'e', '4', '2', '.', 'o', 'r', 'g', '\0', + /* "komoju.com", true */ 'k', 'o', 'm', 'o', 'j', 'u', '.', 'c', 'o', 'm', '\0', + /* "komok.co.uk", true */ 'k', 'o', 'm', 'o', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kompetenzkurs.de", true */ 'k', 'o', 'm', 'p', 'e', 't', 'e', 'n', 'z', 'k', 'u', 'r', 's', '.', 'd', 'e', '\0', + /* "kon-sil.de", true */ 'k', 'o', 'n', '-', 's', 'i', 'l', '.', 'd', 'e', '\0', + /* "kondi.net", true */ 'k', 'o', 'n', 'd', 'i', '.', 'n', 'e', 't', '\0', + /* "kondou-butsudan.com", true */ 'k', 'o', 'n', 'd', 'o', 'u', '-', 'b', 'u', 't', 's', 'u', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "kongar.org", true */ 'k', 'o', 'n', 'g', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "koniecfica.sk", true */ 'k', 'o', 'n', 'i', 'e', 'c', 'f', 'i', 'c', 'a', '.', 's', 'k', '\0', + /* "konijntjes.nl", true */ 'k', 'o', 'n', 'i', 'j', 'n', 't', 'j', 'e', 's', '.', 'n', 'l', '\0', + /* "konings.it", true */ 'k', 'o', 'n', 'i', 'n', 'g', 's', '.', 'i', 't', '\0', + /* "koningskwartiertje.nl", true */ 'k', 'o', 'n', 'i', 'n', 'g', 's', 'k', 'w', 'a', 'r', 't', 'i', 'e', 'r', 't', 'j', 'e', '.', 'n', 'l', '\0', + /* "konklone.com", true */ 'k', 'o', 'n', 'k', 'l', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "konkurs.ba", true */ 'k', 'o', 'n', 'k', 'u', 'r', 's', '.', 'b', 'a', '\0', + /* "konoe.studio", true */ 'k', 'o', 'n', 'o', 'e', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "konosuke.jp", true */ 'k', 'o', 'n', 'o', 's', 'u', 'k', 'e', '.', 'j', 'p', '\0', + /* "konsertoversikt.no", true */ 'k', 'o', 'n', 's', 'e', 'r', 't', 'o', 'v', 'e', 'r', 's', 'i', 'k', 't', '.', 'n', 'o', '\0', + /* "konst.se", true */ 'k', 'o', 'n', 's', 't', '.', 's', 'e', '\0', + /* "kontakthuman.hu", true */ 'k', 'o', 'n', 't', 'a', 'k', 't', 'h', 'u', 'm', 'a', 'n', '.', 'h', 'u', '\0', + /* "kontaxis.org", true */ 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "kontorhaus-schlachte.de", true */ 'k', 'o', 'n', 't', 'o', 'r', 'h', 'a', 'u', 's', '-', 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', '.', 'd', 'e', '\0', + /* "konyalian.com", true */ 'k', 'o', 'n', 'y', 'a', 'l', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "konzertheld.de", true */ 'k', 'o', 'n', 'z', 'e', 'r', 't', 'h', 'e', 'l', 'd', '.', 'd', 'e', '\0', + /* "koodimasin.ee", true */ 'k', 'o', 'o', 'd', 'i', 'm', 'a', 's', 'i', 'n', '.', 'e', 'e', '\0', + /* "koolikatsed.ee", true */ 'k', 'o', 'o', 'l', 'i', 'k', 'a', 't', 's', 'e', 'd', '.', 'e', 'e', '\0', + /* "kooponline.eu", true */ 'k', 'o', 'o', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0', + /* "koot.nl", true */ 'k', 'o', 'o', 't', '.', 'n', 'l', '\0', + /* "kopfkrieg.org", true */ 'k', 'o', 'p', 'f', 'k', 'r', 'i', 'e', 'g', '.', 'o', 'r', 'g', '\0', + /* "koptev.ru", true */ 'k', 'o', 'p', 't', 'e', 'v', '.', 'r', 'u', '\0', + /* "kopteva.ru", true */ 'k', 'o', 'p', 't', 'e', 'v', 'a', '.', 'r', 'u', '\0', + /* "kopular.com", true */ 'k', 'o', 'p', 'u', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "kopykatz.org", false */ 'k', 'o', 'p', 'y', 'k', 'a', 't', 'z', '.', 'o', 'r', 'g', '\0', + /* "korea.dating", true */ 'k', 'o', 'r', 'e', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "koreaboo.com", true */ 'k', 'o', 'r', 'e', 'a', 'b', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "koretech.nl", true */ 'k', 'o', 'r', 'e', 't', 'e', 'c', 'h', '.', 'n', 'l', '\0', + /* "korinar.com", true */ 'k', 'o', 'r', 'i', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "korobi.io", true */ 'k', 'o', 'r', 'o', 'b', 'i', '.', 'i', 'o', '\0', + /* "korobkovsky.ru", true */ 'k', 'o', 'r', 'o', 'b', 'k', 'o', 'v', 's', 'k', 'y', '.', 'r', 'u', '\0', + /* "korono.de", true */ 'k', 'o', 'r', 'o', 'n', 'o', '.', 'd', 'e', '\0', + /* "korosiprogram.hu", true */ 'k', 'o', 'r', 'o', 's', 'i', 'p', 'r', 'o', 'g', 'r', 'a', 'm', '.', 'h', 'u', '\0', + /* "korp.fr", true */ 'k', 'o', 'r', 'p', '.', 'f', 'r', '\0', + /* "korrelzout.nl", true */ 'k', 'o', 'r', 'r', 'e', 'l', 'z', 'o', 'u', 't', '.', 'n', 'l', '\0', + /* "kortgebyr.dk", true */ 'k', 'o', 'r', 't', 'g', 'e', 'b', 'y', 'r', '.', 'd', 'k', '\0', + /* "koryfi.com", true */ 'k', 'o', 'r', 'y', 'f', 'i', '.', 'c', 'o', 'm', '\0', + /* "kosaki.moe", true */ 'k', 'o', 's', 'a', 'k', 'i', '.', 'm', 'o', 'e', '\0', + /* "koscielniak-nieruchomosci.pl", true */ 'k', 'o', 's', 'c', 'i', 'e', 'l', 'n', 'i', 'a', 'k', '-', 'n', 'i', 'e', 'r', 'u', 'c', 'h', 'o', 'm', 'o', 's', 'c', 'i', '.', 'p', 'l', '\0', + /* "kosho.org", true */ 'k', 'o', 's', 'h', 'o', '.', 'o', 'r', 'g', '\0', + /* "kosmetik-grothe.de", true */ 'k', 'o', 's', 'm', 'e', 't', 'i', 'k', '-', 'g', 'r', 'o', 't', 'h', 'e', '.', 'd', 'e', '\0', + /* "kostecki.com", true */ 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "kostecki.org", true */ 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "kostecki.tel", true */ 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 't', 'e', 'l', '\0', + /* "kostya.net", false */ 'k', 'o', 's', 't', 'y', 'a', '.', 'n', 'e', 't', '\0', + /* "kostya.ws", true */ 'k', 'o', 's', 't', 'y', 'a', '.', 'w', 's', '\0', + /* "kotausaha.com", true */ 'k', 'o', 't', 'a', 'u', 's', 'a', 'h', 'a', '.', 'c', 'o', 'm', '\0', + /* "kotelezobiztositas.eu", true */ 'k', 'o', 't', 'e', 'l', 'e', 'z', 'o', 'b', 'i', 'z', 't', 'o', 's', 'i', 't', 'a', 's', '.', 'e', 'u', '\0', + /* "kotilinkki.fi", true */ 'k', 'o', 't', 'i', 'l', 'i', 'n', 'k', 'k', 'i', '.', 'f', 'i', '\0', + /* "kotitesti.fi", true */ 'k', 'o', 't', 'i', 't', 'e', 's', 't', 'i', '.', 'f', 'i', '\0', + /* "kotomei.moe", true */ 'k', 'o', 't', 'o', 'm', 'e', 'i', '.', 'm', 'o', 'e', '\0', + /* "kotori.love", true */ 'k', 'o', 't', 'o', 'r', 'i', '.', 'l', 'o', 'v', 'e', '\0', + /* "kottur.is", true */ 'k', 'o', 't', 't', 'u', 'r', '.', 'i', 's', '\0', + /* "koumuwin.com", true */ 'k', 'o', 'u', 'm', 'u', 'w', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "koushinjo.org", true */ 'k', 'o', 'u', 's', 'h', 'i', 'n', 'j', 'o', '.', 'o', 'r', 'g', '\0', + /* "kov.space", true */ 'k', 'o', 'v', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "kovaldo.ru", true */ 'k', 'o', 'v', 'a', 'l', 'd', 'o', '.', 'r', 'u', '\0', + /* "kovals.sk", true */ 'k', 'o', 'v', 'a', 'l', 's', '.', 's', 'k', '\0', + /* "kovnsk.net", true */ 'k', 'o', 'v', 'n', 's', 'k', '.', 'n', 'e', 't', '\0', + /* "kovspace.com", true */ 'k', 'o', 'v', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "kowalmik.tk", true */ 'k', 'o', 'w', 'a', 'l', 'm', 'i', 'k', '.', 't', 'k', '\0', + /* "kowarschick.de", true */ 'k', 'o', 'w', 'a', 'r', 's', 'c', 'h', 'i', 'c', 'k', '.', 'd', 'e', '\0', + /* "kowshiksundararajan.com", true */ 'k', 'o', 'w', 's', 'h', 'i', 'k', 's', 'u', 'n', 'd', 'a', 'r', 'a', 'r', 'a', 'j', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "koyaanis.com", true */ 'k', 'o', 'y', 'a', 'a', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "kozuch.biz", true */ 'k', 'o', 'z', 'u', 'c', 'h', '.', 'b', 'i', 'z', '\0', + /* "kpebetka.net", true */ 'k', 'p', 'e', 'b', 'e', 't', 'k', 'a', '.', 'n', 'e', 't', '\0', + /* "kpfanworld.com", true */ 'k', 'p', 'f', 'a', 'n', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "kpinvest.eu", true */ 'k', 'p', 'i', 'n', 'v', 'e', 's', 't', '.', 'e', 'u', '\0', + /* "kplasticsurgery.com", true */ 'k', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "kplnet.net", true */ 'k', 'p', 'l', 'n', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "kpmgpublications.ie", true */ 'k', 'p', 'm', 'g', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'i', 'e', '\0', + /* "kpn-dnssec.com", true */ 'k', 'p', 'n', '-', 'd', 'n', 's', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "kpop.re", true */ 'k', 'p', 'o', 'p', '.', 'r', 'e', '\0', + /* "kpumuk.info", true */ 'k', 'p', 'u', 'm', 'u', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "kpvpn.com", true */ 'k', 'p', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0', + /* "kpx1.de", true */ 'k', 'p', 'x', '1', '.', 'd', 'e', '\0', + /* "kr.search.yahoo.com", false */ 'k', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "krachtinverbinding.nl", true */ 'k', 'r', 'a', 'c', 'h', 't', 'i', 'n', 'v', 'e', 'r', 'b', 'i', 'n', 'd', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "kradalby.no", true */ 'k', 'r', 'a', 'd', 'a', 'l', 'b', 'y', '.', 'n', 'o', '\0', + /* "kraft.blog", true */ 'k', 'r', 'a', 'f', 't', '.', 'b', 'l', 'o', 'g', '\0', + /* "kraft.im", true */ 'k', 'r', 'a', 'f', 't', '.', 'i', 'm', '\0', + /* "krag.be", true */ 'k', 'r', 'a', 'g', '.', 'b', 'e', '\0', + /* "kraga.sk", true */ 'k', 'r', 'a', 'g', 'a', '.', 's', 'k', '\0', + /* "kraiwan.com", true */ 'k', 'r', 'a', 'i', 'w', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "kraiwon.com", true */ 'k', 'r', 'a', 'i', 'w', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "kraken.io", true */ 'k', 'r', 'a', 'k', 'e', 'n', '.', 'i', 'o', '\0', + /* "kralik.io", true */ 'k', 'r', 'a', 'l', 'i', 'k', '.', 'i', 'o', '\0', + /* "kralovstvimap.cz", true */ 'k', 'r', 'a', 'l', 'o', 'v', 's', 't', 'v', 'i', 'm', 'a', 'p', '.', 'c', 'z', '\0', + /* "kram.nz", true */ 'k', 'r', 'a', 'm', '.', 'n', 'z', '\0', + /* "krambeutel.de", true */ 'k', 'r', 'a', 'm', 'b', 'e', 'u', 't', 'e', 'l', '.', 'd', 'e', '\0', + /* "kramsj.uk", true */ 'k', 'r', 'a', 'm', 's', 'j', '.', 'u', 'k', '\0', + /* "krang.org.uk", true */ 'k', 'r', 'a', 'n', 'g', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "krasavchik.by", true */ 'k', 'r', 'a', 's', 'a', 'v', 'c', 'h', 'i', 'k', '.', 'b', 'y', '\0', + /* "krasota.ru", false */ 'k', 'r', 'a', 's', 'o', 't', 'a', '.', 'r', 'u', '\0', + /* "krasovsky.me", true */ 'k', 'r', 'a', 's', 'o', 'v', 's', 'k', 'y', '.', 'm', 'e', '\0', + /* "krautomat.com", true */ 'k', 'r', 'a', 'u', 't', 'o', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "kraynik.com", true */ 'k', 'r', 'a', 'y', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "krazykastles.co.uk", true */ 'k', 'r', 'a', 'z', 'y', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "krazykoolkastles.com", true */ 'k', 'r', 'a', 'z', 'y', 'k', 'o', 'o', 'l', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "krazyphotobooths.co.uk", true */ 'k', 'r', 'a', 'z', 'y', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "krc.link", true */ 'k', 'r', 'c', '.', 'l', 'i', 'n', 'k', '\0', + /* "kreationnext.com", true */ 'k', 'r', 'e', 'a', 't', 'i', 'o', 'n', 'n', 'e', 'x', 't', '.', 'c', 'o', 'm', '\0', + /* "kreativelabs.ch", true */ 'k', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'l', 'a', 'b', 's', '.', 'c', 'h', '\0', + /* "kreativstrecke.de", true */ 'k', 'r', 'e', 'a', 't', 'i', 'v', 's', 't', 'r', 'e', 'c', 'k', 'e', '.', 'd', 'e', '\0', + /* "kredit-abzocke.com", true */ 'k', 'r', 'e', 'd', 'i', 't', '-', 'a', 'b', 'z', 'o', 'c', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "kredite24.de", true */ 'k', 'r', 'e', 'd', 'i', 't', 'e', '2', '4', '.', 'd', 'e', '\0', + /* "kreditkacs.cz", true */ 'k', 'r', 'e', 'd', 'i', 't', 'k', 'a', 'c', 's', '.', 'c', 'z', '\0', + /* "kreen.org", true */ 'k', 'r', 'e', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "kremalicious.com", true */ 'k', 'r', 'e', 'm', 'a', 'l', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "kretschmann.consulting", true */ 'k', 'r', 'e', 't', 's', 'c', 'h', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0', + /* "kreuzpfadfinder.de", true */ 'k', 'r', 'e', 'u', 'z', 'p', 'f', 'a', 'd', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "kreza.de", true */ 'k', 'r', 'e', 'z', 'a', '.', 'd', 'e', '\0', + /* "kriechel.de", true */ 'k', 'r', 'i', 'e', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0', + /* "kriegskindernothilfe.de", true */ 'k', 'r', 'i', 'e', 'g', 's', 'k', 'i', 'n', 'd', 'e', 'r', 'n', 'o', 't', 'h', 'i', 'l', 'f', 'e', '.', 'd', 'e', '\0', + /* "krinetzki.de", true */ 'k', 'r', 'i', 'n', 'e', 't', 'z', 'k', 'i', '.', 'd', 'e', '\0', + /* "krislamoureux.com", true */ 'k', 'r', 'i', 's', 'l', 'a', 'm', 'o', 'u', 'r', 'e', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "krismurray.co.uk", true */ 'k', 'r', 'i', 's', 'm', 'u', 'r', 'r', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "krisstarkey.co.uk", true */ 'k', 'r', 'i', 's', 's', 't', 'a', 'r', 'k', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "krist.club", true */ 'k', 'r', 'i', 's', 't', '.', 'c', 'l', 'u', 'b', '\0', + /* "kristikala.nl", true */ 'k', 'r', 'i', 's', 't', 'i', 'k', 'a', 'l', 'a', '.', 'n', 'l', '\0', + /* "kristinbailey.com", true */ 'k', 'r', 'i', 's', 't', 'i', 'n', 'b', 'a', 'i', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "kristofdv.be", true */ 'k', 'r', 'i', 's', 't', 'o', 'f', 'd', 'v', '.', 'b', 'e', '\0', + /* "krizek.cc", true */ 'k', 'r', 'i', 'z', 'e', 'k', '.', 'c', 'c', '\0', + /* "krizevci.info", true */ 'k', 'r', 'i', 'z', 'e', 'v', 'c', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "krmeni.cz", true */ 'k', 'r', 'm', 'e', 'n', 'i', '.', 'c', 'z', '\0', + /* "krokedil.se", true */ 'k', 'r', 'o', 'k', 'e', 'd', 'i', 'l', '.', 's', 'e', '\0', + /* "krokodent.de", true */ 'k', 'r', 'o', 'k', 'o', 'd', 'e', 'n', 't', '.', 'd', 'e', '\0', + /* "kromamoveis.com.br", true */ 'k', 'r', 'o', 'm', 'a', 'm', 'o', 'v', 'e', 'i', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "kromonos.net", true */ 'k', 'r', 'o', 'm', 'o', 'n', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "kronaw.it", true */ 'k', 'r', 'o', 'n', 'a', 'w', '.', 'i', 't', '\0', + /* "krony.de", true */ 'k', 'r', 'o', 'n', 'y', '.', 'd', 'e', '\0', + /* "kroon.email", true */ 'k', 'r', 'o', 'o', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "kropkait.pl", true */ 'k', 'r', 'o', 'p', 'k', 'a', 'i', 't', '.', 'p', 'l', '\0', + /* "krsn.de", true */ 'k', 'r', 's', 'n', '.', 'd', 'e', '\0', + /* "krugermillions.org", true */ 'k', 'r', 'u', 'g', 'e', 'r', 'm', 'i', 'l', 'l', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "krugoval.hr", true */ 'k', 'r', 'u', 'g', 'o', 'v', 'a', 'l', '.', 'h', 'r', '\0', + /* "kruin.net", true */ 'k', 'r', 'u', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "kruisselbrink.com", true */ 'k', 'r', 'u', 'i', 's', 's', 'e', 'l', 'b', 'r', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "kruk.co", true */ 'k', 'r', 'u', 'k', '.', 'c', 'o', '\0', + /* "krumberconsulting.com", true */ 'k', 'r', 'u', 'm', 'b', 'e', 'r', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "krupa.net.pl", false */ 'k', 'r', 'u', 'p', 'a', '.', 'n', 'e', 't', '.', 'p', 'l', '\0', + /* "krutka.cz", true */ 'k', 'r', 'u', 't', 'k', 'a', '.', 'c', 'z', '\0', + /* "kruu.de", true */ 'k', 'r', 'u', 'u', '.', 'd', 'e', '\0', + /* "kry.no", true */ 'k', 'r', 'y', '.', 'n', 'o', '\0', + /* "kry.se", true */ 'k', 'r', 'y', '.', 's', 'e', '\0', + /* "kryglik.com", true */ 'k', 'r', 'y', 'g', 'l', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "krypsys.com", true */ 'k', 'r', 'y', 'p', 's', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "krypt.com", true */ 'k', 'r', 'y', 'p', 't', '.', 'c', 'o', 'm', '\0', + /* "kryptera.se", true */ 'k', 'r', 'y', 'p', 't', 'e', 'r', 'a', '.', 's', 'e', '\0', + /* "kryx.de", true */ 'k', 'r', 'y', 'x', '.', 'd', 'e', '\0', + /* "ks-watch.de", true */ 'k', 's', '-', 'w', 'a', 't', 'c', 'h', '.', 'd', 'e', '\0', + /* "kschv-rdeck.de", true */ 'k', 's', 'c', 'h', 'v', '-', 'r', 'd', 'e', 'c', 'k', '.', 'd', 'e', '\0', + /* "kshlm.in", true */ 'k', 's', 'h', 'l', 'm', '.', 'i', 'n', '\0', + /* "kspg.tv", true */ 'k', 's', 'p', 'g', '.', 't', 'v', '\0', + /* "kswcosmetics.com", true */ 'k', 's', 'w', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "ktbnetbank.com", true */ 'k', 't', 'b', 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "kthnxbai.xyz", true */ 'k', 't', 'h', 'n', 'x', 'b', 'a', 'i', '.', 'x', 'y', 'z', '\0', + /* "kts-thueringen.de", true */ 'k', 't', 's', '-', 't', 'h', 'u', 'e', 'r', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "ktsee.eu.org", true */ 'k', 't', 's', 'e', 'e', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "ktw.lv", true */ 'k', 't', 'w', '.', 'l', 'v', '\0', + /* "ku.io", true */ 'k', 'u', '.', 'i', 'o', '\0', + /* "kualo.co.uk", true */ 'k', 'u', 'a', 'l', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kualo.com", true */ 'k', 'u', 'a', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "kualo.in", true */ 'k', 'u', 'a', 'l', 'o', '.', 'i', 'n', '\0', + /* "kuaza.com", true */ 'k', 'u', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "kub.hr", true */ 'k', 'u', 'b', '.', 'h', 'r', '\0', + /* "kubik-rubik.de", false */ 'k', 'u', 'b', 'i', 'k', '-', 'r', 'u', 'b', 'i', 'k', '.', 'd', 'e', '\0', + /* "kubiwa.net", true */ 'k', 'u', 'b', 'i', 'w', 'a', '.', 'n', 'e', 't', '\0', + /* "kubkprf.ru", true */ 'k', 'u', 'b', 'k', 'p', 'r', 'f', '.', 'r', 'u', '\0', + /* "kuchenschock.de", true */ 'k', 'u', 'c', 'h', 'e', 'n', 's', 'c', 'h', 'o', 'c', 'k', '.', 'd', 'e', '\0', + /* "kuchentraum.eu", true */ 'k', 'u', 'c', 'h', 'e', 'n', 't', 'r', 'a', 'u', 'm', '.', 'e', 'u', '\0', + /* "kucheryavenkovn.ru", true */ 'k', 'u', 'c', 'h', 'e', 'r', 'y', 'a', 'v', 'e', 'n', 'k', 'o', 'v', 'n', '.', 'r', 'u', '\0', + /* "kucnibudzet.com", true */ 'k', 'u', 'c', 'n', 'i', 'b', 'u', 'd', 'z', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "kueche-co.de", true */ 'k', 'u', 'e', 'c', 'h', 'e', '-', 'c', 'o', '.', 'd', 'e', '\0', + /* "kuechenprofi-group.de", true */ 'k', 'u', 'e', 'c', 'h', 'e', 'n', 'p', 'r', 'o', 'f', 'i', '-', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'e', '\0', + /* "kuehndel.org", true */ 'k', 'u', 'e', 'h', 'n', 'd', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "kuehnel-bs.de", true */ 'k', 'u', 'e', 'h', 'n', 'e', 'l', '-', 'b', 's', '.', 'd', 'e', '\0', + /* "kuehnel-online.eu", true */ 'k', 'u', 'e', 'h', 'n', 'e', 'l', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0', + /* "kuehnel.org", true */ 'k', 'u', 'e', 'h', 'n', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "kuemmerlin.eu", true */ 'k', 'u', 'e', 'm', 'm', 'e', 'r', 'l', 'i', 'n', '.', 'e', 'u', '\0', + /* "kuemmling.eu", true */ 'k', 'u', 'e', 'm', 'm', 'l', 'i', 'n', 'g', '.', 'e', 'u', '\0', + /* "kuhn-elektrotechnik.de", true */ 'k', 'u', 'h', 'n', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0', + /* "kujadin.de", true */ 'k', 'u', 'j', 'a', 'd', 'i', 'n', '.', 'd', 'e', '\0', + /* "kukal.cz", true */ 'k', 'u', 'k', 'a', 'l', '.', 'c', 'z', '\0', + /* "kuketz-blog.de", true */ 'k', 'u', 'k', 'e', 't', 'z', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "kuketz-security.de", true */ 'k', 'u', 'k', 'e', 't', 'z', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'd', 'e', '\0', + /* "kulde.net", true */ 'k', 'u', 'l', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "kulivps.com", true */ 'k', 'u', 'l', 'i', 'v', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "kuma.es", true */ 'k', 'u', 'm', 'a', '.', 'e', 's', '\0', + /* "kumachan.biz", true */ 'k', 'u', 'm', 'a', 'c', 'h', 'a', 'n', '.', 'b', 'i', 'z', '\0', + /* "kumalog.com", true */ 'k', 'u', 'm', 'a', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "kumasanda.jp", true */ 'k', 'u', 'm', 'a', 's', 'a', 'n', 'd', 'a', '.', 'j', 'p', '\0', + /* "kundenerreichen.com", true */ 'k', 'u', 'n', 'd', 'e', 'n', 'e', 'r', 'r', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "kundenerreichen.de", true */ 'k', 'u', 'n', 'd', 'e', 'n', 'e', 'r', 'r', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "kundo.se", true */ 'k', 'u', 'n', 'd', 'o', '.', 's', 'e', '\0', + /* "kungerkueken.de", true */ 'k', 'u', 'n', 'g', 'e', 'r', 'k', 'u', 'e', 'k', 'e', 'n', '.', 'd', 'e', '\0', + /* "kunstundunrat.de", true */ 'k', 'u', 'n', 's', 't', 'u', 'n', 'd', 'u', 'n', 'r', 'a', 't', '.', 'd', 'e', '\0', + /* "kuoruan.com", true */ 'k', 'u', 'o', 'r', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "kupferstichshop.com", true */ 'k', 'u', 'p', 'f', 'e', 'r', 's', 't', 'i', 'c', 'h', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "kupid.com", true */ 'k', 'u', 'p', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "kupiec.eu.org", true */ 'k', 'u', 'p', 'i', 'e', 'c', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "kupimlot.ru", true */ 'k', 'u', 'p', 'i', 'm', 'l', 'o', 't', '.', 'r', 'u', '\0', + /* "kuponrazzi.com", true */ 'k', 'u', 'p', 'o', 'n', 'r', 'a', 'z', 'z', 'i', '.', 'c', 'o', 'm', '\0', + /* "kuponydoher.cz", true */ 'k', 'u', 'p', 'o', 'n', 'y', 'd', 'o', 'h', 'e', 'r', '.', 'c', 'z', '\0', + /* "kupschke.net", true */ 'k', 'u', 'p', 's', 'c', 'h', 'k', 'e', '.', 'n', 'e', 't', '\0', + /* "kurashino-mall.com", true */ 'k', 'u', 'r', 'a', 's', 'h', 'i', 'n', 'o', '-', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "kurofuku.me", true */ 'k', 'u', 'r', 'o', 'f', 'u', 'k', 'u', '.', 'm', 'e', '\0', + /* "kuroisalva.xyz", false */ 'k', 'u', 'r', 'o', 'i', 's', 'a', 'l', 'v', 'a', '.', 'x', 'y', 'z', '\0', + /* "kurona.ga", true */ 'k', 'u', 'r', 'o', 'n', 'a', '.', 'g', 'a', '\0', + /* "kuronekogaro.com", true */ 'k', 'u', 'r', 'o', 'n', 'e', 'k', 'o', 'g', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "kurrietv.nl", true */ 'k', 'u', 'r', 'r', 'i', 'e', 't', 'v', '.', 'n', 'l', '\0', + /* "kurschies.de", true */ 'k', 'u', 'r', 's', 'c', 'h', 'i', 'e', 's', '.', 'd', 'e', '\0', + /* "kursprogramisty.pl", true */ 'k', 'u', 'r', 's', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'i', 's', 't', 'y', '.', 'p', 'l', '\0', + /* "kurswahl-online.de", true */ 'k', 'u', 'r', 's', 'w', 'a', 'h', 'l', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "kurtschlatzer.com", true */ 'k', 'u', 'r', 't', 's', 'c', 'h', 'l', 'a', 't', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "kuruppa.xyz", true */ 'k', 'u', 'r', 'u', 'p', 'p', 'a', '.', 'x', 'y', 'z', '\0', + /* "kuschku.de", true */ 'k', 'u', 's', 'c', 'h', 'k', 'u', '.', 'd', 'e', '\0', + /* "kusdaryanto.web.id", true */ 'k', 'u', 's', 'd', 'a', 'r', 'y', 'a', 'n', 't', 'o', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0', + /* "kushtikidsparties.co.uk", true */ 'k', 'u', 's', 'h', 't', 'i', 'k', 'i', 'd', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kusochi.eu", true */ 'k', 'u', 's', 'o', 'c', 'h', 'i', '.', 'e', 'u', '\0', + /* "kutinsoft.com", true */ 'k', 'u', 't', 'i', 'n', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "kutny.cz", true */ 'k', 'u', 't', 'n', 'y', '.', 'c', 'z', '\0', + /* "kutsankaplan.com", true */ 'k', 'u', 't', 's', 'a', 'n', 'k', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "kutukupret.com", true */ 'k', 'u', 't', 'u', 'k', 'u', 'p', 'r', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "kutus.ee", true */ 'k', 'u', 't', 'u', 's', '.', 'e', 'e', '\0', + /* "kuwago.io", true */ 'k', 'u', 'w', 'a', 'g', 'o', '.', 'i', 'o', '\0', + /* "kuzbass-pwl.ru", true */ 'k', 'u', 'z', 'b', 'a', 's', 's', '-', 'p', 'w', 'l', '.', 'r', 'u', '\0', + /* "kvalita-1a.cz", true */ 'k', 'v', 'a', 'l', 'i', 't', 'a', '-', '1', 'a', '.', 'c', 'z', '\0', + /* "kvalitnitesneni.cz", true */ 'k', 'v', 'a', 'l', 'i', 't', 'n', 'i', 't', 'e', 's', 'n', 'e', 'n', 'i', '.', 'c', 'z', '\0', + /* "kvcc.com.au", true */ 'k', 'v', 'c', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "kvetinymilt.cz", true */ 'k', 'v', 'e', 't', 'i', 'n', 'y', 'm', 'i', 'l', 't', '.', 'c', 'z', '\0', + /* "kvhile.com", true */ 'k', 'v', 'h', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "kvilt.dk", true */ 'k', 'v', 'i', 'l', 't', '.', 'd', 'k', '\0', + /* "kvn.tf", true */ 'k', 'v', 'n', '.', 't', 'f', '\0', + /* "kvpc.com.au", true */ 'k', 'v', 'p', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "kwat.chat", true */ 'k', 'w', 'a', 't', '.', 'c', 'h', 'a', 't', '\0', + /* "kwbresidential.com", true */ 'k', 'w', 'b', 'r', 'e', 's', 'i', 'd', 'e', 'n', 't', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "kwcolville.com", true */ 'k', 'w', 'c', 'o', 'l', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "kwedo.com", true */ 'k', 'w', 'e', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "kwidz.fr", true */ 'k', 'w', 'i', 'd', 'z', '.', 'f', 'r', '\0', + /* "kwipi.com", true */ 'k', 'w', 'i', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "kwmr.me", true */ 'k', 'w', 'm', 'r', '.', 'm', 'e', '\0', + /* "kwok.cc", true */ 'k', 'w', 'o', 'k', '.', 'c', 'c', '\0', + /* "kwyxz.org", true */ 'k', 'w', 'y', 'x', 'z', '.', 'o', 'r', 'g', '\0', + /* "kxah35.com", true */ 'k', 'x', 'a', 'h', '3', '5', '.', 'c', 'o', 'm', '\0', + /* "kxnrl.com", true */ 'k', 'x', 'n', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "kyberna.xyz", true */ 'k', 'y', 'b', 'e', 'r', 'n', 'a', '.', 'x', 'y', 'z', '\0', + /* "kybi.sk", true */ 'k', 'y', 'b', 'i', '.', 's', 'k', '\0', + /* "kydara.com", true */ 'k', 'y', 'd', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "kykoonn.net", true */ 'k', 'y', 'k', 'o', 'o', 'n', 'n', '.', 'n', 'e', 't', '\0', + /* "kyledrake.net", true */ 'k', 'y', 'l', 'e', 'd', 'r', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0', + /* "kylejohnson.io", true */ 'k', 'y', 'l', 'e', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'i', 'o', '\0', + /* "kylelaker.com", true */ 'k', 'y', 'l', 'e', 'l', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "kylerwood.com", true */ 'k', 'y', 'l', 'e', 'r', 'w', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "kylescastles.co.uk", true */ 'k', 'y', 'l', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kyliehunt.com", true */ 'k', 'y', 'l', 'i', 'e', 'h', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "kylinj.com", false */ 'k', 'y', 'l', 'i', 'n', 'j', '.', 'c', 'o', 'm', '\0', + /* "kymo.org", true */ 'k', 'y', 'm', 'o', '.', 'o', 'r', 'g', '\0', + /* "kynaston.org.uk", true */ 'k', 'y', 'n', 'a', 's', 't', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "kynastonwedding.co.uk", true */ 'k', 'y', 'n', 'a', 's', 't', 'o', 'n', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kyoko.org", true */ 'k', 'y', 'o', 'k', 'o', '.', 'o', 'r', 'g', '\0', + /* "kyonagashima.com", true */ 'k', 'y', 'o', 'n', 'a', 'g', 'a', 's', 'h', 'i', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "kyosaku.org", true */ 'k', 'y', 'o', 's', 'a', 'k', 'u', '.', 'o', 'r', 'g', '\0', + /* "kyoto-k9.com", true */ 'k', 'y', 'o', 't', 'o', '-', 'k', '9', '.', 'c', 'o', 'm', '\0', + /* "kyoto-mic.com", true */ 'k', 'y', 'o', 't', 'o', '-', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "kyoto-tomikawa.jp", true */ 'k', 'y', 'o', 't', 'o', '-', 't', 'o', 'm', 'i', 'k', 'a', 'w', 'a', '.', 'j', 'p', '\0', + /* "kyoto-tomoshibi.jp", true */ 'k', 'y', 'o', 't', 'o', '-', 't', 'o', 'm', 'o', 's', 'h', 'i', 'b', 'i', '.', 'j', 'p', '\0', + /* "kyras-castles.co.uk", true */ 'k', 'y', 'r', 'a', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "kyunyuki.com", true */ 'k', 'y', 'u', 'n', 'y', 'u', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "kyusyu.org", true */ 'k', 'y', 'u', 's', 'y', 'u', '.', 'o', 'r', 'g', '\0', + /* "kyy.me", true */ 'k', 'y', 'y', '.', 'm', 'e', '\0', + /* "kz.search.yahoo.com", false */ 'k', 'z', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "kzsdabas.hu", true */ 'k', 'z', 's', 'd', 'a', 'b', 'a', 's', '.', 'h', 'u', '\0', + /* "l-lab.org", true */ 'l', '-', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0', + /* "l0re.com", true */ 'l', '0', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "l4n-clan.de", true */ 'l', '4', 'n', '-', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0', + /* "l7plumbing.com.au", true */ 'l', '7', 'p', 'l', 'u', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "l7world.com", true */ 'l', '7', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "la-baldosa.fr", true */ 'l', 'a', '-', 'b', 'a', 'l', 'd', 'o', 's', 'a', '.', 'f', 'r', '\0', + /* "la-cave-a-nodo.fr", true */ 'l', 'a', '-', 'c', 'a', 'v', 'e', '-', 'a', '-', 'n', 'o', 'd', 'o', '.', 'f', 'r', '\0', + /* "la-ganiere.com", true */ 'l', 'a', '-', 'g', 'a', 'n', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "la-maison.ch", true */ 'l', 'a', '-', 'm', 'a', 'i', 's', 'o', 'n', '.', 'c', 'h', '\0', + /* "la-maison.eu", true */ 'l', 'a', '-', 'm', 'a', 'i', 's', 'o', 'n', '.', 'e', 'u', '\0', + /* "la-petite-entreprise.com", true */ 'l', 'a', '-', 'p', 'e', 't', 'i', 't', 'e', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "la-tourmaline.ch", true */ 'l', 'a', '-', 't', 'o', 'u', 'r', 'm', 'a', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0', + /* "laassari.me", true */ 'l', 'a', 'a', 's', 's', 'a', 'r', 'i', '.', 'm', 'e', '\0', + /* "laatikko.io", true */ 'l', 'a', 'a', 't', 'i', 'k', 'k', 'o', '.', 'i', 'o', '\0', + /* "labande-annonce.fr", true */ 'l', 'a', 'b', 'a', 'n', 'd', 'e', '-', 'a', 'n', 'n', 'o', 'n', 'c', 'e', '.', 'f', 'r', '\0', + /* "labcoat.jp", true */ 'l', 'a', 'b', 'c', 'o', 'a', 't', '.', 'j', 'p', '\0', + /* "labelleza.com.br", true */ 'l', 'a', 'b', 'e', 'l', 'l', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "labfox.de", true */ 'l', 'a', 'b', 'f', 'o', 'x', '.', 'd', 'e', '\0', + /* "labiblioafronebrulepas.com", true */ 'l', 'a', 'b', 'i', 'b', 'l', 'i', 'o', 'a', 'f', 'r', 'o', 'n', 'e', 'b', 'r', 'u', 'l', 'e', 'p', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "labobooks.com", true */ 'l', 'a', 'b', 'o', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "laboiteanem.fr", true */ 'l', 'a', 'b', 'o', 'i', 't', 'e', 'a', 'n', 'e', 'm', '.', 'f', 'r', '\0', + /* "labouncycastlehire.co.uk", true */ 'l', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "labourreedevergheas.fr", true */ 'l', 'a', 'b', 'o', 'u', 'r', 'r', 'e', 'e', 'd', 'e', 'v', 'e', 'r', 'g', 'h', 'e', 'a', 's', '.', 'f', 'r', '\0', + /* "laboxfaitsoncinema.com", true */ 'l', 'a', 'b', 'o', 'x', 'f', 'a', 'i', 't', 's', 'o', 'n', 'c', 'i', 'n', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "labradorpuppiesforsalebyregisteredlabradorbreeders.com", false */ 'l', 'a', 'b', 'r', 'a', 'd', 'o', 'r', 'p', 'u', 'p', 'p', 'i', 'e', 's', 'f', 'o', 'r', 's', 'a', 'l', 'e', 'b', 'y', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'e', 'd', 'l', 'a', 'b', 'r', 'a', 'd', 'o', 'r', 'b', 'r', 'e', 'e', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "lacaveducinquantenaire.com", true */ 'l', 'a', 'c', 'a', 'v', 'e', 'd', 'u', 'c', 'i', 'n', 'q', 'u', 'a', 'n', 't', 'e', 'n', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "lacetsroses.ch", true */ 'l', 'a', 'c', 'e', 't', 's', 'r', 'o', 's', 'e', 's', '.', 'c', 'h', '\0', + /* "lachainedesentrepreneurs.fr", true */ 'l', 'a', 'c', 'h', 'a', 'i', 'n', 'e', 'd', 'e', 's', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0', + /* "lachawoj.de", true */ 'l', 'a', 'c', 'h', 'a', 'w', 'o', 'j', '.', 'd', 'e', '\0', + /* "lachlan.com", true */ 'l', 'a', 'c', 'h', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "lacicloud.net", true */ 'l', 'a', 'c', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0', + /* "lacigf.org", true */ 'l', 'a', 'c', 'i', 'g', 'f', '.', 'o', 'r', 'g', '\0', + /* "laclaque.ch", true */ 'l', 'a', 'c', 'l', 'a', 'q', 'u', 'e', '.', 'c', 'h', '\0', + /* "lacledelareussite.com", true */ 'l', 'a', 'c', 'l', 'e', 'd', 'e', 'l', 'a', 'r', 'e', 'u', 's', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "lacledeslan.com", false */ 'l', 'a', 'c', 'l', 'e', 'd', 'e', 's', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "lacledor.ch", true */ 'l', 'a', 'c', 'l', 'e', 'd', 'o', 'r', '.', 'c', 'h', '\0', + /* "laclefdor.ch", true */ 'l', 'a', 'c', 'l', 'e', 'f', 'd', 'o', 'r', '.', 'c', 'h', '\0', + /* "lacliniquefinanciere.com", true */ 'l', 'a', 'c', 'l', 'i', 'n', 'i', 'q', 'u', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "lacuevadechauvet.com", true */ 'l', 'a', 'c', 'u', 'e', 'v', 'a', 'd', 'e', 'c', 'h', 'a', 'u', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "lacyc3.eu", true */ 'l', 'a', 'c', 'y', 'c', '3', '.', 'e', 'u', '\0', + /* "ladbroke.net", true */ 'l', 'a', 'd', 'b', 'r', 'o', 'k', 'e', '.', 'n', 'e', 't', '\0', + /* "lady-2.jp", true */ 'l', 'a', 'd', 'y', '-', '2', '.', 'j', 'p', '\0', + /* "ladybugjam.com", true */ 'l', 'a', 'd', 'y', 'b', 'u', 'g', 'j', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "laextra.mx", true */ 'l', 'a', 'e', 'x', 't', 'r', 'a', '.', 'm', 'x', '\0', + /* "lafayette-rushford.com", true */ 'l', 'a', 'f', 'a', 'y', 'e', 't', 't', 'e', '-', 'r', 'u', 's', 'h', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "lafeemam.fr", true */ 'l', 'a', 'f', 'e', 'e', 'm', 'a', 'm', '.', 'f', 'r', '\0', + /* "lafema.de", true */ 'l', 'a', 'f', 'e', 'm', 'a', '.', 'd', 'e', '\0', + /* "lafillepolyvalente.ca", true */ 'l', 'a', 'f', 'i', 'l', 'l', 'e', 'p', 'o', 'l', 'y', 'v', 'a', 'l', 'e', 'n', 't', 'e', '.', 'c', 'a', '\0', + /* "lafillepolyvalente.com", true */ 'l', 'a', 'f', 'i', 'l', 'l', 'e', 'p', 'o', 'l', 'y', 'v', 'a', 'l', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "lafka.org", true */ 'l', 'a', 'f', 'k', 'a', '.', 'o', 'r', 'g', '\0', + /* "lafkor.de", true */ 'l', 'a', 'f', 'k', 'o', 'r', '.', 'd', 'e', '\0', + /* "laflash.com", true */ 'l', 'a', 'f', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "laforetenchantee.ch", true */ 'l', 'a', 'f', 'o', 'r', 'e', 't', 'e', 'n', 'c', 'h', 'a', 'n', 't', 'e', 'e', '.', 'c', 'h', '\0', + /* "lafosseobservatoire.be", true */ 'l', 'a', 'f', 'o', 's', 's', 'e', 'o', 'b', 's', 'e', 'r', 'v', 'a', 't', 'o', 'i', 'r', 'e', '.', 'b', 'e', '\0', + /* "lafr4nc3.net", true */ 'l', 'a', 'f', 'r', '4', 'n', 'c', '3', '.', 'n', 'e', 't', '\0', + /* "lag-gbr.gq", true */ 'l', 'a', 'g', '-', 'g', 'b', 'r', '.', 'g', 'q', '\0', + /* "lagarderob.ru", false */ 'l', 'a', 'g', 'a', 'r', 'd', 'e', 'r', 'o', 'b', '.', 'r', 'u', '\0', + /* "lagazzettadigitale.it", true */ 'l', 'a', 'g', 'a', 'z', 'z', 'e', 't', 't', 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'i', 't', '\0', + /* "lagerauftrag.info", true */ 'l', 'a', 'g', 'e', 'r', 'a', 'u', 'f', 't', 'r', 'a', 'g', '.', 'i', 'n', 'f', 'o', '\0', + /* "laglab.org", true */ 'l', 'a', 'g', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0', + /* "laguiadelvaron.com", true */ 'l', 'a', 'g', 'u', 'i', 'a', 'd', 'e', 'l', 'v', 'a', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "laguinguette.fr", true */ 'l', 'a', 'g', 'u', 'i', 'n', 'g', 'u', 'e', 't', 't', 'e', '.', 'f', 'r', '\0', + /* "lahora.com.ec", true */ 'l', 'a', 'h', 'o', 'r', 'a', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0', + /* "laindonleisure.co.uk", true */ 'l', 'a', 'i', 'n', 'd', 'o', 'n', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lajijonencadebarbera.com", true */ 'l', 'a', 'j', 'i', 'j', 'o', 'n', 'e', 'n', 'c', 'a', 'd', 'e', 'b', 'a', 'r', 'b', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "lak-berlin.de", true */ 'l', 'a', 'k', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0', + /* "lakatrop.com", true */ 'l', 'a', 'k', 'a', 't', 'r', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "lakedavid.com.au", true */ 'l', 'a', 'k', 'e', 'd', 'a', 'v', 'i', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "lakefrontlittleelm.com", true */ 'l', 'a', 'k', 'e', 'f', 'r', 'o', 'n', 't', 'l', 'i', 't', 't', 'l', 'e', 'e', 'l', 'm', '.', 'c', 'o', 'm', '\0', + /* "lakehavasucityhomebuyerscredit.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'c', 'i', 't', 'y', 'h', 'o', 'm', 'e', 'b', 'u', 'y', 'e', 'r', 's', 'c', 'r', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "lakehavasucitynews.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'c', 'i', 't', 'y', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "lakehavasuhomebuyercredit.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'm', 'e', 'b', 'u', 'y', 'e', 'r', 'c', 'r', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "lakehavasuhouserentals.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'u', 's', 'e', 'r', 'e', 'n', 't', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "lakehavasuhouses.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "lakehavasuwebsites.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "lakesherwoodelectrical.com", true */ 'l', 'a', 'k', 'e', 's', 'h', 'e', 'r', 'w', 'o', 'o', 'd', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "lakhesis.net", true */ 'l', 'a', 'k', 'h', 'e', 's', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "lakonia.com.br", true */ 'l', 'a', 'k', 'o', 'n', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lalaya.fr", true */ 'l', 'a', 'l', 'a', 'y', 'a', '.', 'f', 'r', '\0', + /* "laled.ch", true */ 'l', 'a', 'l', 'e', 'd', '.', 'c', 'h', '\0', + /* "laltroweb.it", true */ 'l', 'a', 'l', 't', 'r', 'o', 'w', 'e', 'b', '.', 'i', 't', '\0', + /* "lalyre-corcelles.ch", true */ 'l', 'a', 'l', 'y', 'r', 'e', '-', 'c', 'o', 'r', 'c', 'e', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0', + /* "lamakat.de", true */ 'l', 'a', 'm', 'a', 'k', 'a', 't', '.', 'd', 'e', '\0', + /* "lamapoll.de", true */ 'l', 'a', 'm', 'a', 'p', 'o', 'l', 'l', '.', 'd', 'e', '\0', + /* "lamarieealhonneur.com", true */ 'l', 'a', 'm', 'a', 'r', 'i', 'e', 'e', 'a', 'l', 'h', 'o', 'n', 'n', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "lambauer.com", true */ 'l', 'a', 'm', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "lamiaposta.email", false */ 'l', 'a', 'm', 'i', 'a', 'p', 'o', 's', 't', 'a', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "laminine.info", true */ 'l', 'a', 'm', 'i', 'n', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "lampegiganten.dk", true */ 'l', 'a', 'm', 'p', 'e', 'g', 'i', 'g', 'a', 'n', 't', 'e', 'n', '.', 'd', 'k', '\0', + /* "lampegiganten.no", true */ 'l', 'a', 'm', 'p', 'e', 'g', 'i', 'g', 'a', 'n', 't', 'e', 'n', '.', 'n', 'o', '\0', + /* "lampen24.be", true */ 'l', 'a', 'm', 'p', 'e', 'n', '2', '4', '.', 'b', 'e', '\0', + /* "lampenwelt.at", true */ 'l', 'a', 'm', 'p', 'e', 'n', 'w', 'e', 'l', 't', '.', 'a', 't', '\0', + /* "lampenwelt.ch", true */ 'l', 'a', 'm', 'p', 'e', 'n', 'w', 'e', 'l', 't', '.', 'c', 'h', '\0', + /* "lan2k.org", true */ 'l', 'a', 'n', '2', 'k', '.', 'o', 'r', 'g', '\0', + /* "lana.swedbank.se", true */ 'l', 'a', 'n', 'a', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0', + /* "lanbroa.eu", true */ 'l', 'a', 'n', 'b', 'r', 'o', 'a', '.', 'e', 'u', '\0', + /* "lanbyte.se", true */ 'l', 'a', 'n', 'b', 'y', 't', 'e', '.', 's', 'e', '\0', + /* "lancejames.com", true */ 'l', 'a', 'n', 'c', 'e', 'j', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "lancelafontaine.com", true */ 'l', 'a', 'n', 'c', 'e', 'l', 'a', 'f', 'o', 'n', 't', 'a', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "lanceyip.com", true */ 'l', 'a', 'n', 'c', 'e', 'y', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "lancork.net", true */ 'l', 'a', 'n', 'c', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "lancyvbc.ch", true */ 'l', 'a', 'n', 'c', 'y', 'v', 'b', 'c', '.', 'c', 'h', '\0', + /* "land.nrw", false */ 'l', 'a', 'n', 'd', '.', 'n', 'r', 'w', '\0', + /* "landflair-magazin.de", true */ 'l', 'a', 'n', 'd', 'f', 'l', 'a', 'i', 'r', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0', + /* "landhaus-christmann.de", true */ 'l', 'a', 'n', 'd', 'h', 'a', 'u', 's', '-', 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "landinfo.no", true */ 'l', 'a', 'n', 'd', 'i', 'n', 'f', 'o', '.', 'n', 'o', '\0', + /* "landofelves.net", true */ 'l', 'a', 'n', 'd', 'o', 'f', 'e', 'l', 'v', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "landyparts.nl", true */ 'l', 'a', 'n', 'd', 'y', 'p', 'a', 'r', 't', 's', '.', 'n', 'l', '\0', + /* "lanetix.com", true */ 'l', 'a', 'n', 'e', 't', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "lang-php.com", true */ 'l', 'a', 'n', 'g', '-', 'p', 'h', 'p', '.', 'c', 'o', 'm', '\0', + /* "langatang.com", true */ 'l', 'a', 'n', 'g', 'a', 't', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "langbein.org", true */ 'l', 'a', 'n', 'g', 'b', 'e', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "langguth.io", true */ 'l', 'a', 'n', 'g', 'g', 'u', 't', 'h', '.', 'i', 'o', '\0', + /* "langkahteduh.com", true */ 'l', 'a', 'n', 'g', 'k', 'a', 'h', 't', 'e', 'd', 'u', 'h', '.', 'c', 'o', 'm', '\0', + /* "langly.fr", false */ 'l', 'a', 'n', 'g', 'l', 'y', '.', 'f', 'r', '\0', + /* "languageterminal.com", true */ 'l', 'a', 'n', 'g', 'u', 'a', 'g', 'e', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "langworth.com", true */ 'l', 'a', 'n', 'g', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "lanna.io", true */ 'l', 'a', 'n', 'n', 'a', '.', 'i', 'o', '\0', + /* "lannainnovation.com", true */ 'l', 'a', 'n', 'n', 'a', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "lanre.org", true */ 'l', 'a', 'n', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "lanroamer.de", true */ 'l', 'a', 'n', 'r', 'o', 'a', 'm', 'e', 'r', '.', 'd', 'e', '\0', + /* "lansechensilu.com", true */ 'l', 'a', 'n', 's', 'e', 'c', 'h', 'e', 'n', 's', 'i', 'l', 'u', '.', 'c', 'o', 'm', '\0', + /* "lanternalauth.com", true */ 'l', 'a', 'n', 't', 'e', 'r', 'n', 'a', 'l', 'a', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "lantian.pub", true */ 'l', 'a', 'n', 't', 'i', 'a', 'n', '.', 'p', 'u', 'b', '\0', + /* "lanturtle.com", true */ 'l', 'a', 'n', 't', 'u', 'r', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "lanuovariviera.it", true */ 'l', 'a', 'n', 'u', 'o', 'v', 'a', 'r', 'i', 'v', 'i', 'e', 'r', 'a', '.', 'i', 't', '\0', + /* "lanyang.tk", true */ 'l', 'a', 'n', 'y', 'a', 'n', 'g', '.', 't', 'k', '\0', + /* "lanzamientovirtual.es", true */ 'l', 'a', 'n', 'z', 'a', 'm', 'i', 'e', 'n', 't', 'o', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'e', 's', '\0', + /* "lanzarote-online.info", true */ 'l', 'a', 'n', 'z', 'a', 'r', 'o', 't', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "laos.dating", true */ 'l', 'a', 'o', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "laospage.com", true */ 'l', 'a', 'o', 's', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "laozhu.me", true */ 'l', 'a', 'o', 'z', 'h', 'u', '.', 'm', 'e', '\0', + /* "lapassiondutrading.com", true */ 'l', 'a', 'p', 'a', 's', 's', 'i', 'o', 'n', 'd', 'u', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "lapetition.be", true */ 'l', 'a', 'p', 'e', 't', 'i', 't', 'i', 'o', 'n', '.', 'b', 'e', '\0', + /* "lapidge.net", true */ 'l', 'a', 'p', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0', + /* "laplanetebleue.com", true */ 'l', 'a', 'p', 'l', 'a', 'n', 'e', 't', 'e', 'b', 'l', 'e', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "lapolla.com", true */ 'l', 'a', 'p', 'o', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "lapotagere.ch", true */ 'l', 'a', 'p', 'o', 't', 'a', 'g', 'e', 'r', 'e', '.', 'c', 'h', '\0', + /* "lapparente-aise.ch", true */ 'l', 'a', 'p', 'p', 'a', 'r', 'e', 'n', 't', 'e', '-', 'a', 'i', 's', 'e', '.', 'c', 'h', '\0', + /* "laracode.eu", true */ 'l', 'a', 'r', 'a', 'c', 'o', 'd', 'e', '.', 'e', 'u', '\0', + /* "laraeph.com", true */ 'l', 'a', 'r', 'a', 'e', 'p', 'h', '.', 'c', 'o', 'm', '\0', + /* "laraigneedusoir.com", true */ 'l', 'a', 'r', 'a', 'i', 'g', 'n', 'e', 'e', 'd', 'u', 's', 'o', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "laranara.se", true */ 'l', 'a', 'r', 'a', 'n', 'a', 'r', 'a', '.', 's', 'e', '\0', + /* "laraveldirectory.com", true */ 'l', 'a', 'r', 'a', 'v', 'e', 'l', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "lareclame.fr", true */ 'l', 'a', 'r', 'e', 'c', 'l', 'a', 'm', 'e', '.', 'f', 'r', '\0', + /* "larepublicacultural.es", true */ 'l', 'a', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'e', 's', '\0', + /* "largescaleforums.com", true */ 'l', 'a', 'r', 'g', 'e', 's', 'c', 'a', 'l', 'e', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "largeviewer.com", true */ 'l', 'a', 'r', 'g', 'e', 'v', 'i', 'e', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "lariscus.eu", true */ 'l', 'a', 'r', 'i', 's', 'c', 'u', 's', '.', 'e', 'u', '\0', + /* "larondinedisinfestazione.com", true */ 'l', 'a', 'r', 'o', 'n', 'd', 'i', 'n', 'e', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "larptreff.de", true */ 'l', 'a', 'r', 'p', 't', 'r', 'e', 'f', 'f', '.', 'd', 'e', '\0', + /* "larraz.es", true */ 'l', 'a', 'r', 'r', 'a', 'z', '.', 'e', 's', '\0', + /* "larrysalibra.com", true */ 'l', 'a', 'r', 'r', 'y', 's', 'a', 'l', 'i', 'b', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "lars-ewald.com", true */ 'l', 'a', 'r', 's', '-', 'e', 'w', 'a', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "lars-mense.de", true */ 'l', 'a', 'r', 's', '-', 'm', 'e', 'n', 's', 'e', '.', 'd', 'e', '\0', + /* "lars.cloud", true */ 'l', 'a', 'r', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "larsbauer.xyz", true */ 'l', 'a', 'r', 's', 'b', 'a', 'u', 'e', 'r', '.', 'x', 'y', 'z', '\0', + /* "larsklene.nl", true */ 'l', 'a', 'r', 's', 'k', 'l', 'e', 'n', 'e', '.', 'n', 'l', '\0', + /* "larsklint.com", true */ 'l', 'a', 'r', 's', 'k', 'l', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "larsmerke.de", true */ 'l', 'a', 'r', 's', 'm', 'e', 'r', 'k', 'e', '.', 'd', 'e', '\0', + /* "laruga.co.uk", true */ 'l', 'a', 'r', 'u', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lasalle.wa.edu.au", true */ 'l', 'a', 's', 'a', 'l', 'l', 'e', '.', 'w', 'a', '.', 'e', 'd', 'u', '.', 'a', 'u', '\0', + /* "lasarmas.com", true */ 'l', 'a', 's', 'a', 'r', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "lascana.co.uk", true */ 'l', 'a', 's', 'c', 'a', 'n', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lasereyess.net", true */ 'l', 'a', 's', 'e', 'r', 'e', 'y', 'e', 's', 's', '.', 'n', 'e', 't', '\0', + /* "laserpc.net", true */ 'l', 'a', 's', 'e', 'r', 'p', 'c', '.', 'n', 'e', 't', '\0', + /* "laserplaza.de", true */ 'l', 'a', 's', 'e', 'r', 'p', 'l', 'a', 'z', 'a', '.', 'd', 'e', '\0', + /* "laserplaza.net", true */ 'l', 'a', 's', 'e', 'r', 'p', 'l', 'a', 'z', 'a', '.', 'n', 'e', 't', '\0', + /* "lasertechsolutions.com", true */ 'l', 'a', 's', 'e', 'r', 't', 'e', 'c', 'h', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "lask.in", true */ 'l', 'a', 's', 'k', '.', 'i', 'n', '\0', + /* "laskas.pl", true */ 'l', 'a', 's', 'k', 'a', 's', '.', 'p', 'l', '\0', + /* "lasnaves.com", true */ 'l', 'a', 's', 'n', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "laspequenassemillas.com", true */ 'l', 'a', 's', 'p', 'e', 'q', 'u', 'e', 'n', 'a', 's', 's', 'e', 'm', 'i', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "lasrecetasdeguada.com", true */ 'l', 'a', 's', 'r', 'e', 'c', 'e', 't', 'a', 's', 'd', 'e', 'g', 'u', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "lasse-it.dk", true */ 'l', 'a', 's', 's', 'e', '-', 'i', 't', '.', 'd', 'k', '\0', + /* "lasseleegaard.com", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "lasseleegaard.dk", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'k', '\0', + /* "lasseleegaard.net", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0', + /* "lasseleegaard.org", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "lasst-uns-beten.de", true */ 'l', 'a', 's', 's', 't', '-', 'u', 'n', 's', '-', 'b', 'e', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "lastchancetraveler.com", true */ 'l', 'a', 's', 't', 'c', 'h', 'a', 'n', 'c', 'e', 't', 'r', 'a', 'v', 'e', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "lastharo.com", true */ 'l', 'a', 's', 't', 'h', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "lastpass.com", false */ 'l', 'a', 's', 't', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "lastrada-minden.de", true */ 'l', 'a', 's', 't', 'r', 'a', 'd', 'a', '-', 'm', 'i', 'n', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "lastweekinaws.com", true */ 'l', 'a', 's', 't', 'w', 'e', 'e', 'k', 'i', 'n', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "lasuzefc.fr", true */ 'l', 'a', 's', 'u', 'z', 'e', 'f', 'c', '.', 'f', 'r', '\0', + /* "lat.sk", true */ 'l', 'a', 't', '.', 's', 'k', '\0', + /* "latabledebry.be", true */ 'l', 'a', 't', 'a', 'b', 'l', 'e', 'd', 'e', 'b', 'r', 'y', '.', 'b', 'e', '\0', + /* "latabledemontebello.com", true */ 'l', 'a', 't', 'a', 'b', 'l', 'e', 'd', 'e', 'm', 'o', 'n', 't', 'e', 'b', 'e', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "latamarissiere.eu", true */ 'l', 'a', 't', 'a', 'm', 'a', 'r', 'i', 's', 's', 'i', 'e', 'r', 'e', '.', 'e', 'u', '\0', + /* "late.am", true */ 'l', 'a', 't', 'e', '.', 'a', 'm', '\0', + /* "latecnosfera.com", true */ 'l', 'a', 't', 'e', 'c', 'n', 'o', 's', 'f', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "lateliercantaldeco.fr", true */ 'l', 'a', 't', 'e', 'l', 'i', 'e', 'r', 'c', 'a', 'n', 't', 'a', 'l', 'd', 'e', 'c', 'o', '.', 'f', 'r', '\0', + /* "latemodern.com", true */ 'l', 'a', 't', 'e', 'm', 'o', 'd', 'e', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "latenitefilms.com", false */ 'l', 'a', 't', 'e', 'n', 'i', 't', 'e', 'f', 'i', 'l', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "lateralsecurity.com", true */ 'l', 'a', 't', 'e', 'r', 'a', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "latestdeals.co.uk", true */ 'l', 'a', 't', 'e', 's', 't', 'd', 'e', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "latetrain.cn", true */ 'l', 'a', 't', 'e', 't', 'r', 'a', 'i', 'n', '.', 'c', 'n', '\0', + /* "lathen-wahn.de", true */ 'l', 'a', 't', 'h', 'e', 'n', '-', 'w', 'a', 'h', 'n', '.', 'd', 'e', '\0', + /* "latino.dating", true */ 'l', 'a', 't', 'i', 'n', 'o', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "latinphone.com", true */ 'l', 'a', 't', 'i', 'n', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "latitude42technology.com", true */ 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', '4', '2', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "latitudesign.com", true */ 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "latour-managedcare.ch", true */ 'l', 'a', 't', 'o', 'u', 'r', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'd', 'c', 'a', 'r', 'e', '.', 'c', 'h', '\0', + /* "latremebunda.com", true */ 'l', 'a', 't', 'r', 'e', 'm', 'e', 'b', 'u', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "latrine.cz", true */ 'l', 'a', 't', 'r', 'i', 'n', 'e', '.', 'c', 'z', '\0', + /* "latterdaybride.com", true */ 'l', 'a', 't', 't', 'e', 'r', 'd', 'a', 'y', 'b', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "lattyware.co.uk", true */ 'l', 'a', 't', 't', 'y', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lattyware.com", true */ 'l', 'a', 't', 't', 'y', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "laubacher.io", true */ 'l', 'a', 'u', 'b', 'a', 'c', 'h', 'e', 'r', '.', 'i', 'o', '\0', + /* "lauchundei.at", true */ 'l', 'a', 'u', 'c', 'h', 'u', 'n', 'd', 'e', 'i', '.', 'a', 't', '\0', + /* "laufcampus.com", true */ 'l', 'a', 'u', 'f', 'c', 'a', 'm', 'p', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "laufpix.de", true */ 'l', 'a', 'u', 'f', 'p', 'i', 'x', '.', 'd', 'e', '\0', + /* "laufseminare-laufreisen.com", true */ 'l', 'a', 'u', 'f', 's', 'e', 'm', 'i', 'n', 'a', 'r', 'e', '-', 'l', 'a', 'u', 'f', 'r', 'e', 'i', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "lauftrainer-ausbildung.com", true */ 'l', 'a', 'u', 'f', 't', 'r', 'a', 'i', 'n', 'e', 'r', '-', 'a', 'u', 's', 'b', 'i', 'l', 'd', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "lauftreff-himmelgeist.de", true */ 'l', 'a', 'u', 'f', 't', 'r', 'e', 'f', 'f', '-', 'h', 'i', 'm', 'm', 'e', 'l', 'g', 'e', 'i', 's', 't', '.', 'd', 'e', '\0', + /* "laughinggrapepublishing.com", true */ 'l', 'a', 'u', 'g', 'h', 'i', 'n', 'g', 'g', 'r', 'a', 'p', 'e', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "laukstein.com", true */ 'l', 'a', 'u', 'k', 's', 't', 'e', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "launchpad-app2.com", true */ 'l', 'a', 'u', 'n', 'c', 'h', 'p', 'a', 'd', '-', 'a', 'p', 'p', '2', '.', 'c', 'o', 'm', '\0', + /* "lauraandwill.wedding", true */ 'l', 'a', 'u', 'r', 'a', 'a', 'n', 'd', 'w', 'i', 'l', 'l', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0', + /* "laurakashiwase.com", true */ 'l', 'a', 'u', 'r', 'a', 'k', 'a', 's', 'h', 'i', 'w', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "laurasplacefamilysupport.org.au", true */ 'l', 'a', 'u', 'r', 'a', 's', 'p', 'l', 'a', 'c', 'e', 'f', 'a', 'm', 'i', 'l', 'y', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "laurelblack.com", true */ 'l', 'a', 'u', 'r', 'e', 'l', 'b', 'l', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "laurelspaandlash.com", true */ 'l', 'a', 'u', 'r', 'e', 'l', 's', 'p', 'a', 'a', 'n', 'd', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "laurenlobue.com", true */ 'l', 'a', 'u', 'r', 'e', 'n', 'l', 'o', 'b', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "laurent-e-levy.com", true */ 'l', 'a', 'u', 'r', 'e', 'n', 't', '-', 'e', '-', 'l', 'e', 'v', 'y', '.', 'c', 'o', 'm', '\0', + /* "lauriuc.sk", true */ 'l', 'a', 'u', 'r', 'i', 'u', 'c', '.', 's', 'k', '\0', + /* "lausannedentiste.ch", true */ 'l', 'a', 'u', 's', 'a', 'n', 'n', 'e', 'd', 'e', 'n', 't', 'i', 's', 't', 'e', '.', 'c', 'h', '\0', + /* "lausannelovers.ch", true */ 'l', 'a', 'u', 's', 'a', 'n', 'n', 'e', 'l', 'o', 'v', 'e', 'r', 's', '.', 'c', 'h', '\0', + /* "laussat.de", true */ 'l', 'a', 'u', 's', 's', 'a', 't', '.', 'd', 'e', '\0', + /* "lauzon-hitter.com", true */ 'l', 'a', 'u', 'z', 'o', 'n', '-', 'h', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "lavabit.no", true */ 'l', 'a', 'v', 'a', 'b', 'i', 't', '.', 'n', 'o', '\0', + /* "lavalite.de", true */ 'l', 'a', 'v', 'a', 'l', 'i', 't', 'e', '.', 'd', 'e', '\0', + /* "lavamob.com", true */ 'l', 'a', 'v', 'a', 'm', 'o', 'b', '.', 'c', 'o', 'm', '\0', + /* "lavaux.lv", true */ 'l', 'a', 'v', 'a', 'u', 'x', '.', 'l', 'v', '\0', + /* "lavenderx.org", true */ 'l', 'a', 'v', 'e', 'n', 'd', 'e', 'r', 'x', '.', 'o', 'r', 'g', '\0', + /* "laviedalex.ovh", true */ 'l', 'a', 'v', 'i', 'e', 'd', 'a', 'l', 'e', 'x', '.', 'o', 'v', 'h', '\0', + /* "lavita.de", true */ 'l', 'a', 'v', 'i', 't', 'a', '.', 'd', 'e', '\0', + /* "lavitrine-une-collection.be", true */ 'l', 'a', 'v', 'i', 't', 'r', 'i', 'n', 'e', '-', 'u', 'n', 'e', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'b', 'e', '\0', + /* "lavolte.net", true */ 'l', 'a', 'v', 'o', 'l', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "lavval.com", false */ 'l', 'a', 'v', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "law-peters.de", true */ 'l', 'a', 'w', '-', 'p', 'e', 't', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "lawformt.com", true */ 'l', 'a', 'w', 'f', 'o', 'r', 'm', 't', '.', 'c', 'o', 'm', '\0', + /* "lawn-seeds.com", true */ 'l', 'a', 'w', 'n', '-', 's', 'e', 'e', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "lawnuk.com", true */ 'l', 'a', 'w', 'n', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "lawrence-institute.com", true */ 'l', 'a', 'w', 'r', 'e', 'n', 'c', 'e', '-', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "lawrenceberg.nl", true */ 'l', 'a', 'w', 'r', 'e', 'n', 'c', 'e', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0', + /* "lawrencemurgatroyd.com", true */ 'l', 'a', 'w', 'r', 'e', 'n', 'c', 'e', 'm', 'u', 'r', 'g', 'a', 't', 'r', 'o', 'y', 'd', '.', 'c', 'o', 'm', '\0', + /* "laylo.nl", true */ 'l', 'a', 'y', 'l', 'o', '.', 'n', 'l', '\0', + /* "laymans911.info", true */ 'l', 'a', 'y', 'm', 'a', 'n', 's', '9', '1', '1', '.', 'i', 'n', 'f', 'o', '\0', + /* "layoutsatzunddruck.de", true */ 'l', 'a', 'y', 'o', 'u', 't', 's', 'a', 't', 'z', 'u', 'n', 'd', 'd', 'r', 'u', 'c', 'k', '.', 'd', 'e', '\0', + /* "lazerus.net", true */ 'l', 'a', 'z', 'e', 'r', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "lazowik.pl", true */ 'l', 'a', 'z', 'o', 'w', 'i', 'k', '.', 'p', 'l', '\0', + /* "lazurit.com", true */ 'l', 'a', 'z', 'u', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "lazyboston.com", true */ 'l', 'a', 'z', 'y', 'b', 'o', 's', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "lazyclock.com", true */ 'l', 'a', 'z', 'y', 'c', 'l', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "lazyframe.com", true */ 'l', 'a', 'z', 'y', 'f', 'r', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "lazytux.de", true */ 'l', 'a', 'z', 'y', 't', 'u', 'x', '.', 'd', 'e', '\0', + /* "lazytux.org", true */ 'l', 'a', 'z', 'y', 't', 'u', 'x', '.', 'o', 'r', 'g', '\0', + /* "lb-toner.de", true */ 'l', 'b', '-', 't', 'o', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "lbayer.com", true */ 'l', 'b', 'a', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "lbc.gr", true */ 'l', 'b', 'c', '.', 'g', 'r', '\0', + /* "lbgconsultores.com", true */ 'l', 'b', 'g', 'c', 'o', 'n', 's', 'u', 'l', 't', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "lbihrhelpdesk.com", true */ 'l', 'b', 'i', 'h', 'r', 'h', 'e', 'l', 'p', 'd', 'e', 's', 'k', '.', 'c', 'o', 'm', '\0', + /* "lbls.me", true */ 'l', 'b', 'l', 's', '.', 'm', 'e', '\0', + /* "lbphacker.pw", true */ 'l', 'b', 'p', 'h', 'a', 'c', 'k', 'e', 'r', '.', 'p', 'w', '\0', + /* "lbrlh.tk", true */ 'l', 'b', 'r', 'l', 'h', '.', 't', 'k', '\0', + /* "lbrli.tk", true */ 'l', 'b', 'r', 'l', 'i', '.', 't', 'k', '\0', + /* "lbs-logics.com", true */ 'l', 'b', 's', '-', 'l', 'o', 'g', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "lca-pv.de", true */ 'l', 'c', 'a', '-', 'p', 'v', '.', 'd', 'e', '\0', + /* "lce-events.com", true */ 'l', 'c', 'e', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "lcht.ch", false */ 'l', 'c', 'h', 't', '.', 'c', 'h', '\0', + /* "lclarkpdx.com", true */ 'l', 'c', 'l', 'a', 'r', 'k', 'p', 'd', 'x', '.', 'c', 'o', 'm', '\0', + /* "ld-begunjscica.si", true */ 'l', 'd', '-', 'b', 'e', 'g', 'u', 'n', 'j', 's', 'c', 'i', 'c', 'a', '.', 's', 'i', '\0', + /* "ldc.com.br", false */ 'l', 'd', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "le-bar.org", true */ 'l', 'e', '-', 'b', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "le-blog.ch", true */ 'l', 'e', '-', 'b', 'l', 'o', 'g', '.', 'c', 'h', '\0', + /* "le-controle-parental.fr", true */ 'l', 'e', '-', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'e', '-', 'p', 'a', 'r', 'e', 'n', 't', 'a', 'l', '.', 'f', 'r', '\0', + /* "le-creux-du-van.ch", true */ 'l', 'e', '-', 'c', 'r', 'e', 'u', 'x', '-', 'd', 'u', '-', 'v', 'a', 'n', '.', 'c', 'h', '\0', + /* "le-dev.de", false */ 'l', 'e', '-', 'd', 'e', 'v', '.', 'd', 'e', '\0', + /* "le-h.de", true */ 'l', 'e', '-', 'h', '.', 'd', 'e', '\0', + /* "le-hosting.de", true */ 'l', 'e', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "le-page.info", true */ 'l', 'e', '-', 'p', 'a', 'g', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "le-palantir.com", true */ 'l', 'e', '-', 'p', 'a', 'l', 'a', 'n', 't', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "le-traiteur-parisien.fr", true */ 'l', 'e', '-', 't', 'r', 'a', 'i', 't', 'e', 'u', 'r', '-', 'p', 'a', 'r', 'i', 's', 'i', 'e', 'n', '.', 'f', 'r', '\0', + /* "le0.me", true */ 'l', 'e', '0', '.', 'm', 'e', '\0', + /* "le130rb.com", true */ 'l', 'e', '1', '3', '0', 'r', 'b', '.', 'c', 'o', 'm', '\0', + /* "le23.fr", true */ 'l', 'e', '2', '3', '.', 'f', 'r', '\0', + /* "le42mars.fr", true */ 'l', 'e', '4', '2', 'm', 'a', 'r', 's', '.', 'f', 'r', '\0', + /* "leadbox.cz", true */ 'l', 'e', 'a', 'd', 'b', 'o', 'x', '.', 'c', 'z', '\0', + /* "leadgenie.me", true */ 'l', 'e', 'a', 'd', 'g', 'e', 'n', 'i', 'e', '.', 'm', 'e', '\0', + /* "leadingsalons.com", true */ 'l', 'e', 'a', 'd', 'i', 'n', 'g', 's', 'a', 'l', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "leafandseed.co.uk", true */ 'l', 'e', 'a', 'f', 'a', 'n', 'd', 's', 'e', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "leafans.tk", true */ 'l', 'e', 'a', 'f', 'a', 'n', 's', '.', 't', 'k', '\0', + /* "leafinote.com", true */ 'l', 'e', 'a', 'f', 'i', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "leakedminecraft.net", true */ 'l', 'e', 'a', 'k', 'e', 'd', 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "leakforums.net", true */ 'l', 'e', 'a', 'k', 'f', 'o', 'r', 'u', 'm', 's', '.', 'n', 'e', 't', '\0', + /* "leakreporter.net", true */ 'l', 'e', 'a', 'k', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "leaks.directory", true */ 'l', 'e', 'a', 'k', 's', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0', + /* "leanclub.org", true */ 'l', 'e', 'a', 'n', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '\0', + /* "leandre.cn", true */ 'l', 'e', 'a', 'n', 'd', 'r', 'e', '.', 'c', 'n', '\0', + /* "leanplando.com", true */ 'l', 'e', 'a', 'n', 'p', 'l', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "leaodarodesia.com.br", true */ 'l', 'e', 'a', 'o', 'd', 'a', 'r', 'o', 'd', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "leap-it.be", true */ 'l', 'e', 'a', 'p', '-', 'i', 't', '.', 'b', 'e', '\0', + /* "leapandjump.co.uk", true */ 'l', 'e', 'a', 'p', 'a', 'n', 'd', 'j', 'u', 'm', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "learn-smart.uk", true */ 'l', 'e', 'a', 'r', 'n', '-', 's', 'm', 'a', 'r', 't', '.', 'u', 'k', '\0', + /* "learnedhacker.com", true */ 'l', 'e', 'a', 'r', 'n', 'e', 'd', 'h', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "learnerdriving.com", false */ 'l', 'e', 'a', 'r', 'n', 'e', 'r', 'd', 'r', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "learnflakes.net", true */ 'l', 'e', 'a', 'r', 'n', 'f', 'l', 'a', 'k', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "learningis1.st", true */ 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'i', 's', '1', '.', 's', 't', '\0', + /* "learninglaw.com", true */ 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "learnpianogreece.com", true */ 'l', 'e', 'a', 'r', 'n', 'p', 'i', 'a', 'n', 'o', 'g', 'r', 'e', 'e', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "learnplayground.com", true */ 'l', 'e', 'a', 'r', 'n', 'p', 'l', 'a', 'y', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "learntube.cz", true */ 'l', 'e', 'a', 'r', 'n', 't', 'u', 'b', 'e', '.', 'c', 'z', '\0', + /* "leaseit24.com", true */ 'l', 'e', 'a', 's', 'e', 'i', 't', '2', '4', '.', 'c', 'o', 'm', '\0', + /* "leaseit24.de", true */ 'l', 'e', 'a', 's', 'e', 'i', 't', '2', '4', '.', 'd', 'e', '\0', + /* "leasit.at", true */ 'l', 'e', 'a', 's', 'i', 't', '.', 'a', 't', '\0', + /* "leasit.de", true */ 'l', 'e', 'a', 's', 'i', 't', '.', 'd', 'e', '\0', + /* "leatherfurnitureexpo.com", true */ 'l', 'e', 'a', 't', 'h', 'e', 'r', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', 'e', 'x', 'p', 'o', '.', 'c', 'o', 'm', '\0', + /* "leatherwood.nl", true */ 'l', 'e', 'a', 't', 'h', 'e', 'r', 'w', 'o', 'o', 'd', '.', 'n', 'l', '\0', + /* "leavesofchangeweekly.org", true */ 'l', 'e', 'a', 'v', 'e', 's', 'o', 'f', 'c', 'h', 'a', 'n', 'g', 'e', 'w', 'e', 'e', 'k', 'l', 'y', '.', 'o', 'r', 'g', '\0', + /* "lebanesearmy.gov.lb", true */ 'l', 'e', 'b', 'a', 'n', 'e', 's', 'e', 'a', 'r', 'm', 'y', '.', 'g', 'o', 'v', '.', 'l', 'b', '\0', + /* "lebarbatruc.com", true */ 'l', 'e', 'b', 'a', 'r', 'b', 'a', 't', 'r', 'u', 'c', '.', 'c', 'o', 'm', '\0', + /* "lebarmy.gov.lb", true */ 'l', 'e', 'b', 'a', 'r', 'm', 'y', '.', 'g', 'o', 'v', '.', 'l', 'b', '\0', + /* "lebens-fluss.at", true */ 'l', 'e', 'b', 'e', 'n', 's', '-', 'f', 'l', 'u', 's', 's', '.', 'a', 't', '\0', + /* "lebihan.pl", true */ 'l', 'e', 'b', 'i', 'h', 'a', 'n', '.', 'p', 'l', '\0', + /* "leblanc.io", true */ 'l', 'e', 'b', 'l', 'a', 'n', 'c', '.', 'i', 'o', '\0', + /* "lebosse.me", true */ 'l', 'e', 'b', 'o', 's', 's', 'e', '.', 'm', 'e', '\0', + /* "lebourgeo.is", true */ 'l', 'e', 'b', 'o', 'u', 'r', 'g', 'e', 'o', '.', 'i', 's', '\0', + /* "lechaudrondupertuis.ch", true */ 'l', 'e', 'c', 'h', 'a', 'u', 'd', 'r', 'o', 'n', 'd', 'u', 'p', 'e', 'r', 't', 'u', 'i', 's', '.', 'c', 'h', '\0', + /* "lechiennoir.net", true */ 'l', 'e', 'c', 'h', 'i', 'e', 'n', 'n', 'o', 'i', 'r', '.', 'n', 'e', 't', '\0', + /* "leclaire.com.br", true */ 'l', 'e', 'c', 'l', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ledecologie.com.br", true */ 'l', 'e', 'd', 'e', 'c', 'o', 'l', 'o', 'g', 'i', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ledeguisement.com", true */ 'l', 'e', 'd', 'e', 'g', 'u', 'i', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "ledhouse.sk", true */ 'l', 'e', 'd', 'h', 'o', 'u', 's', 'e', '.', 's', 'k', '\0', + /* "ledzom.ru", false */ 'l', 'e', 'd', 'z', 'o', 'm', '.', 'r', 'u', '\0', + /* "lee-fuller.co.uk", true */ 'l', 'e', 'e', '-', 'f', 'u', 'l', 'l', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "leebiblestudycenter.co.uk", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "leebiblestudycenter.com", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "leebiblestudycentre.co.uk", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "leebiblestudycentre.com", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "leech360.com", true */ 'l', 'e', 'e', 'c', 'h', '3', '6', '0', '.', 'c', 'o', 'm', '\0', + /* "leeclemens.net", true */ 'l', 'e', 'e', 'c', 'l', 'e', 'm', 'e', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "leedev.org", true */ 'l', 'e', 'e', 'd', 'e', 'v', '.', 'o', 'r', 'g', '\0', + /* "leelou.wedding", true */ 'l', 'e', 'e', 'l', 'o', 'u', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0', + /* "leere.me", true */ 'l', 'e', 'e', 'r', 'e', '.', 'm', 'e', '\0', + /* "leerkotte.eu", true */ 'l', 'e', 'e', 'r', 'k', 'o', 't', 't', 'e', '.', 'e', 'u', '\0', + /* "leerliga.de", true */ 'l', 'e', 'e', 'r', 'l', 'i', 'g', 'a', '.', 'd', 'e', '\0', + /* "leertipp.de", true */ 'l', 'e', 'e', 'r', 't', 'i', 'p', 'p', '.', 'd', 'e', '\0', + /* "leesilvey.com", true */ 'l', 'e', 'e', 's', 'i', 'l', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "leet2.com", true */ 'l', 'e', 'e', 't', '2', '.', 'c', 'o', 'm', '\0', + /* "leetcode.com", true */ 'l', 'e', 'e', 't', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "leetcode.net", true */ 'l', 'e', 'e', 't', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "leetgamers.asia", true */ 'l', 'e', 'e', 't', 'g', 'a', 'm', 'e', 'r', 's', '.', 'a', 's', 'i', 'a', '\0', + /* "leetsaber.com", true */ 'l', 'e', 'e', 't', 's', 'a', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "leevealdc.com", true */ 'l', 'e', 'e', 'v', 'e', 'a', 'l', 'd', 'c', '.', 'c', 'o', 'm', '\0', + /* "lefebvristes.com", true */ 'l', 'e', 'f', 'e', 'b', 'v', 'r', 'i', 's', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "lefebvristes.fr", true */ 'l', 'e', 'f', 'e', 'b', 'v', 'r', 'i', 's', 't', 'e', 's', '.', 'f', 'r', '\0', + /* "leflibustier.ru", true */ 'l', 'e', 'f', 'l', 'i', 'b', 'u', 's', 't', 'i', 'e', 'r', '.', 'r', 'u', '\0', + /* "lefonddeloeil.com", true */ 'l', 'e', 'f', 'o', 'n', 'd', 'd', 'e', 'l', 'o', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "leftclick.cloud", true */ 'l', 'e', 'f', 't', 'c', 'l', 'i', 'c', 'k', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "leftclick.eu", true */ 'l', 'e', 'f', 't', 'c', 'l', 'i', 'c', 'k', '.', 'e', 'u', '\0', + /* "lega-dental.com", true */ 'l', 'e', 'g', 'a', '-', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "legadental.com", true */ 'l', 'e', 'g', 'a', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "legalcontrol.info", true */ 'l', 'e', 'g', 'a', 'l', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "legalrobot-uat.com", true */ 'l', 'e', 'g', 'a', 'l', 'r', 'o', 'b', 'o', 't', '-', 'u', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "legalrobot.com", true */ 'l', 'e', 'g', 'a', 'l', 'r', 'o', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "legaltip.eu", true */ 'l', 'e', 'g', 'a', 'l', 't', 'i', 'p', '.', 'e', 'u', '\0', + /* "legatofmrc.fr", true */ 'l', 'e', 'g', 'a', 't', 'o', 'f', 'm', 'r', 'c', '.', 'f', 'r', '\0', + /* "legendary.camera", true */ 'l', 'e', 'g', 'e', 'n', 'd', 'a', 'r', 'y', '.', 'c', 'a', 'm', 'e', 'r', 'a', '\0', + /* "legendesdechine.ch", true */ 'l', 'e', 'g', 'e', 'n', 'd', 'e', 's', 'd', 'e', 'c', 'h', 'i', 'n', 'e', '.', 'c', 'h', '\0', + /* "legendofkrystal.com", true */ 'l', 'e', 'g', 'e', 'n', 'd', 'o', 'f', 'k', 'r', 'y', 's', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "legends-game.ru", false */ 'l', 'e', 'g', 'e', 'n', 'd', 's', '-', 'g', 'a', 'm', 'e', '.', 'r', 'u', '\0', + /* "legible.es", true */ 'l', 'e', 'g', 'i', 'b', 'l', 'e', '.', 'e', 's', '\0', + /* "legiscontabilidade.com.br", true */ 'l', 'e', 'g', 'i', 's', 'c', 'o', 'n', 't', 'a', 'b', 'i', 'l', 'i', 'd', 'a', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "legit.nz", true */ 'l', 'e', 'g', 'i', 't', '.', 'n', 'z', '\0', + /* "legjobblogo.hu", true */ 'l', 'e', 'g', 'j', 'o', 'b', 'b', 'l', 'o', 'g', 'o', '.', 'h', 'u', '\0', + /* "legland.fr", true */ 'l', 'e', 'g', 'l', 'a', 'n', 'd', '.', 'f', 'r', '\0', + /* "legoutdesplantes.be", true */ 'l', 'e', 'g', 'o', 'u', 't', 'd', 'e', 's', 'p', 'l', 'a', 'n', 't', 'e', 's', '.', 'b', 'e', '\0', + /* "legumefederation.org", true */ 'l', 'e', 'g', 'u', 'm', 'e', 'f', 'e', 'd', 'e', 'r', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "legumeinfo.org", true */ 'l', 'e', 'g', 'u', 'm', 'e', 'i', 'n', 'f', 'o', '.', 'o', 'r', 'g', '\0', + /* "lehighmathcircle.org", true */ 'l', 'e', 'h', 'i', 'g', 'h', 'm', 'a', 't', 'h', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "leibniz-remscheid.de", false */ 'l', 'e', 'i', 'b', 'n', 'i', 'z', '-', 'r', 'e', 'm', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0', + /* "leideninternationalreview.com", true */ 'l', 'e', 'i', 'd', 'e', 'n', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "leifdreizler.com", false */ 'l', 'e', 'i', 'f', 'd', 'r', 'e', 'i', 'z', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "leigh.life", true */ 'l', 'e', 'i', 'g', 'h', '.', 'l', 'i', 'f', 'e', '\0', + /* "leilautourdumon.de", true */ 'l', 'e', 'i', 'l', 'a', 'u', 't', 'o', 'u', 'r', 'd', 'u', 'm', 'o', 'n', '.', 'd', 'e', '\0', + /* "leilonorte.com", true */ 'l', 'e', 'i', 'l', 'o', 'n', 'o', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "leiming.co", true */ 'l', 'e', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'o', '\0', + /* "leinfelder.in", true */ 'l', 'e', 'i', 'n', 'f', 'e', 'l', 'd', 'e', 'r', '.', 'i', 'n', '\0', + /* "leipzig.photo", true */ 'l', 'e', 'i', 'p', 'z', 'i', 'g', '.', 'p', 'h', 'o', 't', 'o', '\0', + /* "leipziger-triathlon.de", true */ 'l', 'e', 'i', 'p', 'z', 'i', 'g', 'e', 'r', '-', 't', 'r', 'i', 'a', 't', 'h', 'l', 'o', 'n', '.', 'd', 'e', '\0', + /* "leisure-blog.com", true */ 'l', 'e', 'i', 's', 'u', 'r', 'e', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "leisure-supplies-show.co.uk", true */ 'l', 'e', 'i', 's', 'u', 'r', 'e', '-', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '-', 's', 'h', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "leition.com", true */ 'l', 'e', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "leitionusercontent.com", true */ 'l', 'e', 'i', 't', 'i', 'o', 'n', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "lejardindesmesanges.fr", true */ 'l', 'e', 'j', 'a', 'r', 'd', 'i', 'n', 'd', 'e', 's', 'm', 'e', 's', 'a', 'n', 'g', 'e', 's', '.', 'f', 'r', '\0', + /* "lel.ovh", true */ 'l', 'e', 'l', '.', 'o', 'v', 'h', '\0', + /* "lelehei.com", true */ 'l', 'e', 'l', 'e', 'h', 'e', 'i', '.', 'c', 'o', 'm', '\0', + /* "lelubre.info", true */ 'l', 'e', 'l', 'u', 'b', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "lemarcheelagrandeguerra.it", true */ 'l', 'e', 'm', 'a', 'r', 'c', 'h', 'e', 'e', 'l', 'a', 'g', 'r', 'a', 'n', 'd', 'e', 'g', 'u', 'e', 'r', 'r', 'a', '.', 'i', 't', '\0', + /* "lemni.top", true */ 'l', 'e', 'm', 'n', 'i', '.', 't', 'o', 'p', '\0', + /* "lemoine.at", true */ 'l', 'e', 'm', 'o', 'i', 'n', 'e', '.', 'a', 't', '\0', + /* "lemon.co", true */ 'l', 'e', 'm', 'o', 'n', '.', 'c', 'o', '\0', + /* "lemondrops.xyz", true */ 'l', 'e', 'm', 'o', 'n', 'd', 'r', 'o', 'p', 's', '.', 'x', 'y', 'z', '\0', + /* "lemonop.com", true */ 'l', 'e', 'm', 'o', 'n', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "lemonrockbiketours.com", true */ 'l', 'e', 'm', 'o', 'n', 'r', 'o', 'c', 'k', 'b', 'i', 'k', 'e', 't', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "lemuslimpost.com", true */ 'l', 'e', 'm', 'u', 's', 'l', 'i', 'm', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "lenagroben.de", true */ 'l', 'e', 'n', 'a', 'g', 'r', 'o', 'b', 'e', 'n', '.', 'd', 'e', '\0', + /* "lence.net", true */ 'l', 'e', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "lenguajedeprogramacion.com", true */ 'l', 'e', 'n', 'g', 'u', 'a', 'j', 'e', 'd', 'e', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'a', 'c', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "lengzzz.com", true */ 'l', 'e', 'n', 'g', 'z', 'z', 'z', '.', 'c', 'o', 'm', '\0', + /* "lenidh.de", true */ 'l', 'e', 'n', 'i', 'd', 'h', '.', 'd', 'e', '\0', + /* "leninalbertop.com.ve", true */ 'l', 'e', 'n', 'i', 'n', 'a', 'l', 'b', 'e', 'r', 't', 'o', 'p', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0', + /* "lenkunz.me", true */ 'l', 'e', 'n', 'k', 'u', 'n', 'z', '.', 'm', 'e', '\0', + /* "lennier.info", true */ 'l', 'e', 'n', 'n', 'i', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "lennyfaces.net", true */ 'l', 'e', 'n', 'n', 'y', 'f', 'a', 'c', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "lennyobez.be", true */ 'l', 'e', 'n', 'n', 'y', 'o', 'b', 'e', 'z', '.', 'b', 'e', '\0', + /* "lenr-forum.com", true */ 'l', 'e', 'n', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "lensdoctor.com", true */ 'l', 'e', 'n', 's', 'd', 'o', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "lenspirations.com", true */ 'l', 'e', 'n', 's', 'p', 'i', 'r', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "lensual.space", true */ 'l', 'e', 'n', 's', 'u', 'a', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "lenuagebauche.org", true */ 'l', 'e', 'n', 'u', 'a', 'g', 'e', 'b', 'a', 'u', 'c', 'h', 'e', '.', 'o', 'r', 'g', '\0', + /* "lenyip.com", true */ 'l', 'e', 'n', 'y', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "lenyip.me", true */ 'l', 'e', 'n', 'y', 'i', 'p', '.', 'm', 'e', '\0', + /* "lenyip.works", true */ 'l', 'e', 'n', 'y', 'i', 'p', '.', 'w', 'o', 'r', 'k', 's', '\0', + /* "lenzw.de", true */ 'l', 'e', 'n', 'z', 'w', '.', 'd', 'e', '\0', + /* "leoandpeto.com", true */ 'l', 'e', 'o', 'a', 'n', 'd', 'p', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "leodaniels.com", true */ 'l', 'e', 'o', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "leola.cz", true */ 'l', 'e', 'o', 'l', 'a', '.', 'c', 'z', '\0', + /* "leola.sk", true */ 'l', 'e', 'o', 'l', 'a', '.', 's', 'k', '\0', + /* "leominstercu.com", false */ 'l', 'e', 'o', 'm', 'i', 'n', 's', 't', 'e', 'r', 'c', 'u', '.', 'c', 'o', 'm', '\0', + /* "leon-tech.com", true */ 'l', 'e', 'o', 'n', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "leon.net", true */ 'l', 'e', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "leonard.io", false */ 'l', 'e', 'o', 'n', 'a', 'r', 'd', '.', 'i', 'o', '\0', + /* "leonax.net", true */ 'l', 'e', 'o', 'n', 'a', 'x', '.', 'n', 'e', 't', '\0', + /* "leondenard.com", true */ 'l', 'e', 'o', 'n', 'd', 'e', 'n', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "leonklingele.de", true */ 'l', 'e', 'o', 'n', 'k', 'l', 'i', 'n', 'g', 'e', 'l', 'e', '.', 'd', 'e', '\0', + /* "leopoldina.net", true */ 'l', 'e', 'o', 'p', 'o', 'l', 'd', 'i', 'n', 'a', '.', 'n', 'e', 't', '\0', + /* "leowkahman.com", true */ 'l', 'e', 'o', 'w', 'k', 'a', 'h', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "lep.gov", true */ 'l', 'e', 'p', '.', 'g', 'o', 'v', '\0', + /* "lepenetapeti.com", true */ 'l', 'e', 'p', 'e', 'n', 'e', 't', 'a', 'p', 'e', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "lepiquillo.fr", true */ 'l', 'e', 'p', 'i', 'q', 'u', 'i', 'l', 'l', 'o', '.', 'f', 'r', '\0', + /* "leponton-lorient.fr", true */ 'l', 'e', 'p', 'o', 'n', 't', 'o', 'n', '-', 'l', 'o', 'r', 'i', 'e', 'n', 't', '.', 'f', 'r', '\0', + /* "leprado.com", true */ 'l', 'e', 'p', 'r', 'a', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "lepsos.com", true */ 'l', 'e', 'p', 's', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "lereporter.ma", true */ 'l', 'e', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'm', 'a', '\0', + /* "leretour.ch", true */ 'l', 'e', 'r', 'e', 't', 'o', 'u', 'r', '.', 'c', 'h', '\0', + /* "lerku.com", true */ 'l', 'e', 'r', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "lernenamsee.ch", true */ 'l', 'e', 'r', 'n', 'e', 'n', 'a', 'm', 's', 'e', 'e', '.', 'c', 'h', '\0', + /* "lernerspersonalinjury.ca", true */ 'l', 'e', 'r', 'n', 'e', 'r', 's', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', 'i', 'n', 'j', 'u', 'r', 'y', '.', 'c', 'a', '\0', + /* "lernorteuropa.com", true */ 'l', 'e', 'r', 'n', 'o', 'r', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "lernorteuropa.de", true */ 'l', 'e', 'r', 'n', 'o', 'r', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'd', 'e', '\0', + /* "lernorteuropa.eu", true */ 'l', 'e', 'r', 'n', 'o', 'r', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'e', 'u', '\0', + /* "lernplattform-akademie.de", true */ 'l', 'e', 'r', 'n', 'p', 'l', 'a', 't', 't', 'f', 'o', 'r', 'm', '-', 'a', 'k', 'a', 'd', 'e', 'm', 'i', 'e', '.', 'd', 'e', '\0', + /* "lerp.me", true */ 'l', 'e', 'r', 'p', '.', 'm', 'e', '\0', + /* "les-ateliers-de-melineo.be", true */ 'l', 'e', 's', '-', 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', '-', 'd', 'e', '-', 'm', 'e', 'l', 'i', 'n', 'e', 'o', '.', 'b', 'e', '\0', + /* "les-pingouins.com", true */ 'l', 'e', 's', '-', 'p', 'i', 'n', 'g', 'o', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "lesancheslibres.fr", true */ 'l', 'e', 's', 'a', 'n', 'c', 'h', 'e', 's', 'l', 'i', 'b', 'r', 'e', 's', '.', 'f', 'r', '\0', + /* "lesarts.com", true */ 'l', 'e', 's', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "lesberger.ch", true */ 'l', 'e', 's', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'h', '\0', + /* "lesbiansslaves.com", true */ 'l', 'e', 's', 'b', 'i', 'a', 'n', 's', 's', 'l', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "lesbofight.com", true */ 'l', 'e', 's', 'b', 'o', 'f', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "leseditionsbraquage.com", true */ 'l', 'e', 's', 'e', 'd', 'i', 't', 'i', 'o', 'n', 's', 'b', 'r', 'a', 'q', 'u', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "lesformations.net", true */ 'l', 'e', 's', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "lesgoodnews.fr", true */ 'l', 'e', 's', 'g', 'o', 'o', 'd', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0', + /* "leshervelines.com", true */ 'l', 'e', 's', 'h', 'e', 'r', 'v', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "lesjardinsdubanchet.fr", true */ 'l', 'e', 's', 'j', 'a', 'r', 'd', 'i', 'n', 's', 'd', 'u', 'b', 'a', 'n', 'c', 'h', 'e', 't', '.', 'f', 'r', '\0', + /* "lesmamy.ch", true */ 'l', 'e', 's', 'm', 'a', 'm', 'y', '.', 'c', 'h', '\0', + /* "lesmontagne.net", true */ 'l', 'e', 's', 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "lesnet.co.uk", true */ 'l', 'e', 's', 'n', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lespagesweb.ch", true */ 'l', 'e', 's', 'p', 'a', 'g', 'e', 's', 'w', 'e', 'b', '.', 'c', 'h', '\0', + /* "lespecialiste-pradelexcellence.com", true */ 'l', 'e', 's', 'p', 'e', 'c', 'i', 'a', 'l', 'i', 's', 't', 'e', '-', 'p', 'r', 'a', 'd', 'e', 'l', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "lesplatanes.ch", true */ 'l', 'e', 's', 'p', 'l', 'a', 't', 'a', 'n', 'e', 's', '.', 'c', 'h', '\0', + /* "lesquatredauphins.fr", true */ 'l', 'e', 's', 'q', 'u', 'a', 't', 'r', 'e', 'd', 'a', 'u', 'p', 'h', 'i', 'n', 's', '.', 'f', 'r', '\0', + /* "lesscloud.com", true */ 'l', 'e', 's', 's', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "lessing.consulting", true */ 'l', 'e', 's', 's', 'i', 'n', 'g', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0', + /* "lessis.moe", true */ 'l', 'e', 's', 's', 'i', 's', '.', 'm', 'o', 'e', '\0', + /* "lesterrassesdusoleil.ch", true */ 'l', 'e', 's', 't', 'e', 'r', 'r', 'a', 's', 's', 'e', 's', 'd', 'u', 's', 'o', 'l', 'e', 'i', 'l', '.', 'c', 'h', '\0', + /* "lesyndicat.info", true */ 'l', 'e', 's', 'y', 'n', 'd', 'i', 'c', 'a', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "let-go.cc", true */ 'l', 'e', 't', '-', 'g', 'o', '.', 'c', 'c', '\0', + /* "letemps.ch", true */ 'l', 'e', 't', 'e', 'm', 'p', 's', '.', 'c', 'h', '\0', + /* "lets-bounce.com", true */ 'l', 'e', 't', 's', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "lets-go-acoustic.de", true */ 'l', 'e', 't', 's', '-', 'g', 'o', '-', 'a', 'c', 'o', 'u', 's', 't', 'i', 'c', '.', 'd', 'e', '\0', + /* "lets-ktai.jp", true */ 'l', 'e', 't', 's', '-', 'k', 't', 'a', 'i', '.', 'j', 'p', '\0', + /* "lets.ninja", true */ 'l', 'e', 't', 's', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "lets.nu", true */ 'l', 'e', 't', 's', '.', 'n', 'u', '\0', + /* "letsbounceuk.com", true */ 'l', 'e', 't', 's', 'b', 'o', 'u', 'n', 'c', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "letsencrypt-for-cpanel.com", true */ 'l', 'e', 't', 's', 'e', 'n', 'c', 'r', 'y', 'p', 't', '-', 'f', 'o', 'r', '-', 'c', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "letsgame.nl", true */ 'l', 'e', 't', 's', 'g', 'a', 'm', 'e', '.', 'n', 'l', '\0', + /* "letsgetchecked.com", true */ 'l', 'e', 't', 's', 'g', 'e', 't', 'c', 'h', 'e', 'c', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "letsgetintouch.com", true */ 'l', 'e', 't', 's', 'g', 'e', 't', 'i', 'n', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "letsgowhilewereyoung.com", true */ 'l', 'e', 't', 's', 'g', 'o', 'w', 'h', 'i', 'l', 'e', 'w', 'e', 'r', 'e', 'y', 'o', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "letspartyrugby.co.uk", true */ 'l', 'e', 't', 's', 'p', 'a', 'r', 't', 'y', 'r', 'u', 'g', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "letstalkcounseling.com", true */ 'l', 'e', 't', 's', 't', 'a', 'l', 'k', 'c', 'o', 'u', 'n', 's', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "letterbox-online.de", true */ 'l', 'e', 't', 't', 'e', 'r', 'b', 'o', 'x', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "letterdance.de", true */ 'l', 'e', 't', 't', 'e', 'r', 'd', 'a', 'n', 'c', 'e', '.', 'd', 'e', '\0', + /* "letteringinstitute.com", true */ 'l', 'e', 't', 't', 'e', 'r', 'i', 'n', 'g', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "lettersblogatory.com", true */ 'l', 'e', 't', 't', 'e', 'r', 's', 'b', 'l', 'o', 'g', 'a', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "lettland-firma.com", true */ 'l', 'e', 't', 't', 'l', 'a', 'n', 'd', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "lettori.club", true */ 'l', 'e', 't', 't', 'o', 'r', 'i', '.', 'c', 'l', 'u', 'b', '\0', + /* "leuenhagen.com", true */ 'l', 'e', 'u', 'e', 'n', 'h', 'a', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "leuthardtfamily.com", true */ 'l', 'e', 'u', 't', 'h', 'a', 'r', 'd', 't', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "levans.fr", true */ 'l', 'e', 'v', 'a', 'n', 's', '.', 'f', 'r', '\0', + /* "levanscatering.com", true */ 'l', 'e', 'v', 'a', 'n', 's', 'c', 'a', 't', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "leveluprails.com", true */ 'l', 'e', 'v', 'e', 'l', 'u', 'p', 'r', 'a', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "levelupwear.com", true */ 'l', 'e', 'v', 'e', 'l', 'u', 'p', 'w', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "levendwater.org", true */ 'l', 'e', 'v', 'e', 'n', 'd', 'w', 'a', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "levensbron.nl", true */ 'l', 'e', 'v', 'e', 'n', 's', 'b', 'r', 'o', 'n', '.', 'n', 'l', '\0', + /* "leverj.io", true */ 'l', 'e', 'v', 'e', 'r', 'j', '.', 'i', 'o', '\0', + /* "levermann.eu", true */ 'l', 'e', 'v', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0', + /* "levindesalpes.fr", false */ 'l', 'e', 'v', 'i', 'n', 'd', 'e', 's', 'a', 'l', 'p', 'e', 's', '.', 'f', 'r', '\0', + /* "levinus.de", true */ 'l', 'e', 'v', 'i', 'n', 'u', 's', '.', 'd', 'e', '\0', + /* "lew.im", true */ 'l', 'e', 'w', '.', 'i', 'm', '\0', + /* "lewdawson.com", true */ 'l', 'e', 'w', 'd', 'a', 'w', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "lewis.li", true */ 'l', 'e', 'w', 'i', 's', '.', 'l', 'i', '\0', + /* "lewisdatasecurity.com", true */ 'l', 'e', 'w', 'i', 's', 'd', 'a', 't', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "lewislaw.com", true */ 'l', 'e', 'w', 'i', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "lewisllewellyn.me", true */ 'l', 'e', 'w', 'i', 's', 'l', 'l', 'e', 'w', 'e', 'l', 'l', 'y', 'n', '.', 'm', 'e', '\0', + /* "lewisseals.com", true */ 'l', 'e', 'w', 'i', 's', 's', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "lexico.pt", true */ 'l', 'e', 'x', 'i', 'c', 'o', '.', 'p', 't', '\0', + /* "lexicography.online", true */ 'l', 'e', 'x', 'i', 'c', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "lexiphanic.co.uk", true */ 'l', 'e', 'x', 'i', 'p', 'h', 'a', 'n', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lexpartsofac.com", true */ 'l', 'e', 'x', 'p', 'a', 'r', 't', 's', 'o', 'f', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "lexway.pk", true */ 'l', 'e', 'x', 'w', 'a', 'y', '.', 'p', 'k', '\0', + /* "lexxyn.nl", true */ 'l', 'e', 'x', 'x', 'y', 'n', '.', 'n', 'l', '\0', + /* "lezard-com.fr", true */ 'l', 'e', 'z', 'a', 'r', 'd', '-', 'c', 'o', 'm', '.', 'f', 'r', '\0', + /* "lfashion.eu", true */ 'l', 'f', 'a', 's', 'h', 'i', 'o', 'n', '.', 'e', 'u', '\0', + /* "lfgss.com", true */ 'l', 'f', 'g', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "lfrconseil.com", true */ 'l', 'f', 'r', 'c', 'o', 'n', 's', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "lgbt.io", true */ 'l', 'g', 'b', 't', '.', 'i', 'o', '\0', + /* "lghfinancialstrategy.ch", true */ 'l', 'g', 'h', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'c', 'h', '\0', + /* "lgpecasoriginais.com.br", true */ 'l', 'g', 'p', 'e', 'c', 'a', 's', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'i', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lgsg.us", true */ 'l', 'g', 's', 'g', '.', 'u', 's', '\0', + /* "lhalbert.xyz", true */ 'l', 'h', 'a', 'l', 'b', 'e', 'r', 't', '.', 'x', 'y', 'z', '\0', + /* "lhasaapso.com.br", true */ 'l', 'h', 'a', 's', 'a', 'a', 'p', 's', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lhconsult.tk", false */ 'l', 'h', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 't', 'k', '\0', + /* "lheinrich.com", true */ 'l', 'h', 'e', 'i', 'n', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "lheinrich.de", true */ 'l', 'h', 'e', 'i', 'n', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "lhost.su", true */ 'l', 'h', 'o', 's', 't', '.', 's', 'u', '\0', + /* "li-ke.co.jp", true */ 'l', 'i', '-', 'k', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "li.search.yahoo.com", false */ 'l', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "liangbp.com", true */ 'l', 'i', 'a', 'n', 'g', 'b', 'p', '.', 'c', 'o', 'm', '\0', + /* "lianwen.kim", true */ 'l', 'i', 'a', 'n', 'w', 'e', 'n', '.', 'k', 'i', 'm', '\0', + /* "lianye1.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '1', '.', 'c', 'c', '\0', + /* "lianye2.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '2', '.', 'c', 'c', '\0', + /* "lianye3.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '3', '.', 'c', 'c', '\0', + /* "lianye4.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '4', '.', 'c', 'c', '\0', + /* "lianye5.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '5', '.', 'c', 'c', '\0', + /* "lianye6.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '6', '.', 'c', 'c', '\0', + /* "liaozheqi.cn", true */ 'l', 'i', 'a', 'o', 'z', 'h', 'e', 'q', 'i', '.', 'c', 'n', '\0', + /* "liaronce.win", true */ 'l', 'i', 'a', 'r', 'o', 'n', 'c', 'e', '.', 'w', 'i', 'n', '\0', + /* "lib64.net", true */ 'l', 'i', 'b', '6', '4', '.', 'n', 'e', 't', '\0', + /* "libbitcoin.org", true */ 'l', 'i', 'b', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "libble.eu", true */ 'l', 'i', 'b', 'b', 'l', 'e', '.', 'e', 'u', '\0', + /* "libdeer.so", true */ 'l', 'i', 'b', 'd', 'e', 'e', 'r', '.', 's', 'o', '\0', + /* "liberapay.com", true */ 'l', 'i', 'b', 'e', 'r', 'a', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "libmpq.org", true */ 'l', 'i', 'b', 'm', 'p', 'q', '.', 'o', 'r', 'g', '\0', + /* "librairie-asie.com", true */ 'l', 'i', 'b', 'r', 'a', 'i', 'r', 'i', 'e', '-', 'a', 's', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "library-quest.com", true */ 'l', 'i', 'b', 'r', 'a', 'r', 'y', '-', 'q', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "libraryextension.com", true */ 'l', 'i', 'b', 'r', 'a', 'r', 'y', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "libraryfreedomproject.org", false */ 'l', 'i', 'b', 'r', 'a', 'r', 'y', 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "librazy.org", true */ 'l', 'i', 'b', 'r', 'a', 'z', 'y', '.', 'o', 'r', 'g', '\0', + /* "libre.university", true */ 'l', 'i', 'b', 'r', 'e', '.', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '\0', + /* "libreboot.org", true */ 'l', 'i', 'b', 'r', 'e', 'b', 'o', 'o', 't', '.', 'o', 'r', 'g', '\0', + /* "librebox.de", true */ 'l', 'i', 'b', 'r', 'e', 'b', 'o', 'x', '.', 'd', 'e', '\0', + /* "librelamp.com", true */ 'l', 'i', 'b', 'r', 'e', 'l', 'a', 'm', 'p', '.', 'c', 'o', 'm', '\0', + /* "libremail.nl", true */ 'l', 'i', 'b', 'r', 'e', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0', + /* "librends.org", true */ 'l', 'i', 'b', 'r', 'e', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0', + /* "libreoffice-from-collabora.com", true */ 'l', 'i', 'b', 'r', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '-', 'f', 'r', 'o', 'm', '-', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "libreofficefromcollabora.com", true */ 'l', 'i', 'b', 'r', 'e', 'o', 'f', 'f', 'i', 'c', 'e', 'f', 'r', 'o', 'm', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "librervac.org", true */ 'l', 'i', 'b', 'r', 'e', 'r', 'v', 'a', 'c', '.', 'o', 'r', 'g', '\0', + /* "librisulibri.it", true */ 'l', 'i', 'b', 'r', 'i', 's', 'u', 'l', 'i', 'b', 'r', 'i', '.', 'i', 't', '\0', + /* "libscode.com", false */ 'l', 'i', 'b', 's', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "libskia.so", true */ 'l', 'i', 'b', 's', 'k', 'i', 'a', '.', 's', 'o', '\0', + /* "libsodium.org", true */ 'l', 'i', 'b', 's', 'o', 'd', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "libstock.si", true */ 'l', 'i', 'b', 's', 't', 'o', 'c', 'k', '.', 's', 'i', '\0', + /* "licence-registry.com", true */ 'l', 'i', 'c', 'e', 'n', 'c', 'e', '-', 'r', 'e', 'g', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "liceserv.com", true */ 'l', 'i', 'c', 'e', 's', 'e', 'r', 'v', '.', 'c', 'o', 'm', '\0', + /* "lichess.org", true */ 'l', 'i', 'c', 'h', 'e', 's', 's', '.', 'o', 'r', 'g', '\0', + /* "lichtspot.de", true */ 'l', 'i', 'c', 'h', 't', 's', 'p', 'o', 't', '.', 'd', 'e', '\0', + /* "lichttraeumer.de", true */ 'l', 'i', 'c', 'h', 't', 't', 'r', 'a', 'e', 'u', 'm', 'e', 'r', '.', 'd', 'e', '\0', + /* "lickmypussy.us", true */ 'l', 'i', 'c', 'k', 'm', 'y', 'p', 'u', 's', 's', 'y', '.', 'u', 's', '\0', + /* "lickthesalt.com", true */ 'l', 'i', 'c', 'k', 't', 'h', 'e', 's', 'a', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "lidavidm.me", true */ 'l', 'i', 'd', 'a', 'v', 'i', 'd', 'm', '.', 'm', 'e', '\0', + /* "lidel.org", true */ 'l', 'i', 'd', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "liderwalut.pl", false */ 'l', 'i', 'd', 'e', 'r', 'w', 'a', 'l', 'u', 't', '.', 'p', 'l', '\0', + /* "lidl-gewinnspiel.de", true */ 'l', 'i', 'd', 'l', '-', 'g', 'e', 'w', 'i', 'n', 'n', 's', 'p', 'i', 'e', 'l', '.', 'd', 'e', '\0', + /* "lidl-holidays.com", true */ 'l', 'i', 'd', 'l', '-', 'h', 'o', 'l', 'i', 'd', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "lidl-menubox.ch", true */ 'l', 'i', 'd', 'l', '-', 'm', 'e', 'n', 'u', 'b', 'o', 'x', '.', 'c', 'h', '\0', + /* "lidl-selection.at", true */ 'l', 'i', 'd', 'l', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'a', 't', '\0', + /* "lidl-shop.be", true */ 'l', 'i', 'd', 'l', '-', 's', 'h', 'o', 'p', '.', 'b', 'e', '\0', + /* "lidl-shop.cz", true */ 'l', 'i', 'd', 'l', '-', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0', + /* "lidl-shop.nl", true */ 'l', 'i', 'd', 'l', '-', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0', + /* "lidl-tour.ro", true */ 'l', 'i', 'd', 'l', '-', 't', 'o', 'u', 'r', '.', 'r', 'o', '\0', + /* "lidlovajogurteka.si", true */ 'l', 'i', 'd', 'l', 'o', 'v', 'a', 'j', 'o', 'g', 'u', 'r', 't', 'e', 'k', 'a', '.', 's', 'i', '\0', + /* "lidogr.com", true */ 'l', 'i', 'd', 'o', 'g', 'r', '.', 'c', 'o', 'm', '\0', + /* "lidong.me", true */ 'l', 'i', 'd', 'o', 'n', 'g', '.', 'm', 'e', '\0', + /* "lidow.eu", true */ 'l', 'i', 'd', 'o', 'w', '.', 'e', 'u', '\0', + /* "liduan.com", true */ 'l', 'i', 'd', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "liduan.net", true */ 'l', 'i', 'd', 'u', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "liebel.org", true */ 'l', 'i', 'e', 'b', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "lied8.eu", true */ 'l', 'i', 'e', 'd', '8', '.', 'e', 'u', '\0', + /* "liehuojun.com", true */ 'l', 'i', 'e', 'h', 'u', 'o', 'j', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "lifanov.com", true */ 'l', 'i', 'f', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "lifebetweenlives.com.au", true */ 'l', 'i', 'f', 'e', 'b', 'e', 't', 'w', 'e', 'e', 'n', 'l', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "lifecism.com", true */ 'l', 'i', 'f', 'e', 'c', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "lifeinhex.com", true */ 'l', 'i', 'f', 'e', 'i', 'n', 'h', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "lifekiss.ru", true */ 'l', 'i', 'f', 'e', 'k', 'i', 's', 's', '.', 'r', 'u', '\0', + /* "lifemarque.co.uk", true */ 'l', 'i', 'f', 'e', 'm', 'a', 'r', 'q', 'u', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lifematenutrition.com", true */ 'l', 'i', 'f', 'e', 'm', 'a', 't', 'e', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "lifemstyle.com", true */ 'l', 'i', 'f', 'e', 'm', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "lifenexto.com", true */ 'l', 'i', 'f', 'e', 'n', 'e', 'x', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "lifeqa.net", true */ 'l', 'i', 'f', 'e', 'q', 'a', '.', 'n', 'e', 't', '\0', + /* "lifequotes-uk.co.uk", true */ 'l', 'i', 'f', 'e', 'q', 'u', 'o', 't', 'e', 's', '-', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lifesafety.com.br", true */ 'l', 'i', 'f', 'e', 's', 'a', 'f', 'e', 't', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lifescience-japan.com", true */ 'l', 'i', 'f', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "lifestylefinancial.ca", true */ 'l', 'i', 'f', 'e', 's', 't', 'y', 'l', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', '.', 'c', 'a', '\0', + /* "lifeventure.co.uk", true */ 'l', 'i', 'f', 'e', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lifi.digital", true */ 'l', 'i', 'f', 'i', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "lifi.is", true */ 'l', 'i', 'f', 'i', '.', 'i', 's', '\0', + /* "liftie.info", true */ 'l', 'i', 'f', 't', 'i', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "light.mail.ru", true */ 'l', 'i', 'g', 'h', 't', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0', + /* "lightcloud.com", true */ 'l', 'i', 'g', 'h', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "lighting-centres.co.uk", true */ 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '-', 'c', 'e', 'n', 't', 'r', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lightme.us", true */ 'l', 'i', 'g', 'h', 't', 'm', 'e', '.', 'u', 's', '\0', + /* "lightpics.net", true */ 'l', 'i', 'g', 'h', 't', 'p', 'i', 'c', 's', '.', 'n', 'e', 't', '\0', + /* "lights.co.uk", true */ 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lightspeed.com", false */ 'l', 'i', 'g', 'h', 't', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "lighttp.com", true */ 'l', 'i', 'g', 'h', 't', 't', 'p', '.', 'c', 'o', 'm', '\0', + /* "lightupcollective.co.uk", true */ 'l', 'i', 'g', 'h', 't', 'u', 'p', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lignemalin.com", true */ 'l', 'i', 'g', 'n', 'e', 'm', 'a', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "lignenet.com", true */ 'l', 'i', 'g', 'n', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "lignoma.com", true */ 'l', 'i', 'g', 'n', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "ligonier.com", true */ 'l', 'i', 'g', 'o', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "lihaul.dnsalias.net", true */ 'l', 'i', 'h', 'a', 'u', 'l', '.', 'd', 'n', 's', 'a', 'l', 'i', 'a', 's', '.', 'n', 'e', 't', '\0', + /* "lijero.co", true */ 'l', 'i', 'j', 'e', 'r', 'o', '.', 'c', 'o', '\0', + /* "likc.me", true */ 'l', 'i', 'k', 'c', '.', 'm', 'e', '\0', + /* "likeablehub.com", true */ 'l', 'i', 'k', 'e', 'a', 'b', 'l', 'e', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "likeabox.de", true */ 'l', 'i', 'k', 'e', 'a', 'b', 'o', 'x', '.', 'd', 'e', '\0', + /* "likeaross.com", false */ 'l', 'i', 'k', 'e', 'a', 'r', 'o', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "likegeeks.com", true */ 'l', 'i', 'k', 'e', 'g', 'e', 'e', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "likehifi.de", true */ 'l', 'i', 'k', 'e', 'h', 'i', 'f', 'i', '.', 'd', 'e', '\0', + /* "likemovies.de", true */ 'l', 'i', 'k', 'e', 'm', 'o', 'v', 'i', 'e', 's', '.', 'd', 'e', '\0', + /* "likenewhearing.com.au", true */ 'l', 'i', 'k', 'e', 'n', 'e', 'w', 'h', 'e', 'a', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "lilaccakeboutique.com", true */ 'l', 'i', 'l', 'a', 'c', 'c', 'a', 'k', 'e', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "lilapmedia.com", true */ 'l', 'i', 'l', 'a', 'p', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "liliang13.com", true */ 'l', 'i', 'l', 'i', 'a', 'n', 'g', '1', '3', '.', 'c', 'o', 'm', '\0', + /* "lilismartinis.com", true */ 'l', 'i', 'l', 'i', 's', 'm', 'a', 'r', 't', 'i', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "lily-bearing.com", true */ 'l', 'i', 'l', 'y', '-', 'b', 'e', 'a', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "lily-inn.com", true */ 'l', 'i', 'l', 'y', '-', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "lilyfarmfreshskincare.com", true */ 'l', 'i', 'l', 'y', 'f', 'a', 'r', 'm', 'f', 'r', 'e', 's', 'h', 's', 'k', 'i', 'n', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "lilygreen.co.za", true */ 'l', 'i', 'l', 'y', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "lilysbouncycastles.com", true */ 'l', 'i', 'l', 'y', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "limawi.io", true */ 'l', 'i', 'm', 'a', 'w', 'i', '.', 'i', 'o', '\0', + /* "limberg.me", true */ 'l', 'i', 'm', 'b', 'e', 'r', 'g', '.', 'm', 'e', '\0', + /* "limeburst.net", true */ 'l', 'i', 'm', 'e', 'b', 'u', 'r', 's', 't', '.', 'n', 'e', 't', '\0', + /* "limeres.com", true */ 'l', 'i', 'm', 'e', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "limereslaw.com", true */ 'l', 'i', 'm', 'e', 'r', 'e', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "limitededitioncomputers.com", true */ 'l', 'i', 'm', 'i', 't', 'e', 'd', 'e', 'd', 'i', 't', 'i', 'o', 'n', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "limitededitionsolutions.com", true */ 'l', 'i', 'm', 'i', 't', 'e', 'd', 'e', 'd', 'i', 't', 'i', 'o', 'n', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "limix.com", false */ 'l', 'i', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "limoairporttoronto.net", true */ 'l', 'i', 'm', 'o', 'a', 'i', 'r', 'p', 'o', 'r', 't', 't', 'o', 'r', 'o', 'n', 't', 'o', '.', 'n', 'e', 't', '\0', + /* "limousineservicezurich.com", true */ 'l', 'i', 'm', 'o', 'u', 's', 'i', 'n', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'z', 'u', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "limpid.nl", true */ 'l', 'i', 'm', 'p', 'i', 'd', '.', 'n', 'l', '\0', + /* "limules.ch", true */ 'l', 'i', 'm', 'u', 'l', 'e', 's', '.', 'c', 'h', '\0', + /* "limunana.com", true */ 'l', 'i', 'm', 'u', 'n', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "lin.fi", true */ 'l', 'i', 'n', '.', 'f', 'i', '\0', + /* "linan.blog", true */ 'l', 'i', 'n', 'a', 'n', '.', 'b', 'l', 'o', 'g', '\0', + /* "lincdavis.com", true */ 'l', 'i', 'n', 'c', 'd', 'a', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "lincsbouncycastlehire.co.uk", true */ 'l', 'i', 'n', 'c', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "linden.me", true */ 'l', 'i', 'n', 'd', 'e', 'n', '.', 'm', 'e', '\0', + /* "lindeskar.se", true */ 'l', 'i', 'n', 'd', 'e', 's', 'k', 'a', 'r', '.', 's', 'e', '\0', + /* "lindo.ru", true */ 'l', 'i', 'n', 'd', 'o', '.', 'r', 'u', '\0', + /* "lindon.pw", true */ 'l', 'i', 'n', 'd', 'o', 'n', '.', 'p', 'w', '\0', + /* "lindsayanderson.com", true */ 'l', 'i', 'n', 'd', 's', 'a', 'y', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "lindskogen.se", true */ 'l', 'i', 'n', 'd', 's', 'k', 'o', 'g', 'e', 'n', '.', 's', 'e', '\0', + /* "lindy.co", true */ 'l', 'i', 'n', 'd', 'y', '.', 'c', 'o', '\0', + /* "line.co.nz", true */ 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "linearaudio.net", true */ 'l', 'i', 'n', 'e', 'a', 'r', 'a', 'u', 'd', 'i', 'o', '.', 'n', 'e', 't', '\0', + /* "linearaudio.nl", true */ 'l', 'i', 'n', 'e', 'a', 'r', 'a', 'u', 'd', 'i', 'o', '.', 'n', 'l', '\0', + /* "lineauniformes.com.br", true */ 'l', 'i', 'n', 'e', 'a', 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "linernotekids.com", true */ 'l', 'i', 'n', 'e', 'r', 'n', 'o', 't', 'e', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "lingerie.com.br", true */ 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lingerielovers.com.br", true */ 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', 'l', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lingeriesilhouette.com", true */ 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', 's', 'i', 'l', 'h', 'o', 'u', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "lingotaxi.com", true */ 'l', 'i', 'n', 'g', 'o', 't', 'a', 'x', 'i', '.', 'c', 'o', 'm', '\0', + /* "lingting.vip", true */ 'l', 'i', 'n', 'g', 't', 'i', 'n', 'g', '.', 'v', 'i', 'p', '\0', + /* "linguamilla.com", true */ 'l', 'i', 'n', 'g', 'u', 'a', 'm', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "lingvo-svoboda.ru", true */ 'l', 'i', 'n', 'g', 'v', 'o', '-', 's', 'v', 'o', 'b', 'o', 'd', 'a', '.', 'r', 'u', '\0', + /* "link-sanitizer.com", true */ 'l', 'i', 'n', 'k', '-', 's', 'a', 'n', 'i', 't', 'i', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "linkedinbackground.com", true */ 'l', 'i', 'n', 'k', 'e', 'd', 'i', 'n', 'b', 'a', 'c', 'k', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "linkenheil.org", true */ 'l', 'i', 'n', 'k', 'e', 'n', 'h', 'e', 'i', 'l', '.', 'o', 'r', 'g', '\0', + /* "linklocker.co", true */ 'l', 'i', 'n', 'k', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'c', 'o', '\0', + /* "linkmaker.co.uk", true */ 'l', 'i', 'n', 'k', 'm', 'a', 'k', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "linkmauve.fr", true */ 'l', 'i', 'n', 'k', 'm', 'a', 'u', 'v', 'e', '.', 'f', 'r', '\0', + /* "linkonaut.net", true */ 'l', 'i', 'n', 'k', 'o', 'n', 'a', 'u', 't', '.', 'n', 'e', 't', '\0', + /* "linky.tk", true */ 'l', 'i', 'n', 'k', 'y', '.', 't', 'k', '\0', + /* "linkycat.com", true */ 'l', 'i', 'n', 'k', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "linode.com", false */ 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "linost.com", true */ 'l', 'i', 'n', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "linostassi.net", true */ 'l', 'i', 'n', 'o', 's', 't', 'a', 's', 's', 'i', '.', 'n', 'e', 't', '\0', + /* "linpx.com", true */ 'l', 'i', 'n', 'p', 'x', '.', 'c', 'o', 'm', '\0', + /* "linqhost.nl", true */ 'l', 'i', 'n', 'q', 'h', 'o', 's', 't', '.', 'n', 'l', '\0', + /* "linss.com", true */ 'l', 'i', 'n', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "lintmx.com", true */ 'l', 'i', 'n', 't', 'm', 'x', '.', 'c', 'o', 'm', '\0', + /* "linux-florida.com", true */ 'l', 'i', 'n', 'u', 'x', '-', 'f', 'l', 'o', 'r', 'i', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "linux-mint-czech.cz", true */ 'l', 'i', 'n', 'u', 'x', '-', 'm', 'i', 'n', 't', '-', 'c', 'z', 'e', 'c', 'h', '.', 'c', 'z', '\0', + /* "linux-vme.org", true */ 'l', 'i', 'n', 'u', 'x', '-', 'v', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "linux.army", true */ 'l', 'i', 'n', 'u', 'x', '.', 'a', 'r', 'm', 'y', '\0', + /* "linux.cn", true */ 'l', 'i', 'n', 'u', 'x', '.', 'c', 'n', '\0', + /* "linux.conf.au", true */ 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'n', 'f', '.', 'a', 'u', '\0', + /* "linux.fi", true */ 'l', 'i', 'n', 'u', 'x', '.', 'f', 'i', '\0', + /* "linux3.org", true */ 'l', 'i', 'n', 'u', 'x', '3', '.', 'o', 'r', 'g', '\0', + /* "linuxbabe.com", false */ 'l', 'i', 'n', 'u', 'x', 'b', 'a', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "linuxbierwanderung.com", true */ 'l', 'i', 'n', 'u', 'x', 'b', 'i', 'e', 'r', 'w', 'a', 'n', 'd', 'e', 'r', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "linuxchick.se", true */ 'l', 'i', 'n', 'u', 'x', 'c', 'h', 'i', 'c', 'k', '.', 's', 'e', '\0', + /* "linuxcommand.ru", true */ 'l', 'i', 'n', 'u', 'x', 'c', 'o', 'm', 'm', 'a', 'n', 'd', '.', 'r', 'u', '\0', + /* "linuxdays.cz", true */ 'l', 'i', 'n', 'u', 'x', 'd', 'a', 'y', 's', '.', 'c', 'z', '\0', + /* "linuxforum.ch", true */ 'l', 'i', 'n', 'u', 'x', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'h', '\0', + /* "linuxhostsupport.com", true */ 'l', 'i', 'n', 'u', 'x', 'h', 'o', 's', 't', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "linuxiuvat.de", true */ 'l', 'i', 'n', 'u', 'x', 'i', 'u', 'v', 'a', 't', '.', 'd', 'e', '\0', + /* "linuxlounge.net", true */ 'l', 'i', 'n', 'u', 'x', 'l', 'o', 'u', 'n', 'g', 'e', '.', 'n', 'e', 't', '\0', + /* "linuxproperties.com", true */ 'l', 'i', 'n', 'u', 'x', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "linvx.org", true */ 'l', 'i', 'n', 'v', 'x', '.', 'o', 'r', 'g', '\0', + /* "linx.li", true */ 'l', 'i', 'n', 'x', '.', 'l', 'i', '\0', + /* "linx.net", true */ 'l', 'i', 'n', 'x', '.', 'n', 'e', 't', '\0', + /* "linxmind.eu", true */ 'l', 'i', 'n', 'x', 'm', 'i', 'n', 'd', '.', 'e', 'u', '\0', + /* "linzgau.de", true */ 'l', 'i', 'n', 'z', 'g', 'a', 'u', '.', 'd', 'e', '\0', + /* "lionlyrics.com", true */ 'l', 'i', 'o', 'n', 'l', 'y', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "lionsdeal.com", true */ 'l', 'i', 'o', 'n', 's', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "lipartydepot.com", true */ 'l', 'i', 'p', 'a', 'r', 't', 'y', 'd', 'e', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "lipex.com", true */ 'l', 'i', 'p', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "lipo.lol", true */ 'l', 'i', 'p', 'o', '.', 'l', 'o', 'l', '\0', + /* "lipoabaltimore.org", true */ 'l', 'i', 'p', 'o', 'a', 'b', 'a', 'l', 't', 'i', 'm', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "liqd.net", true */ 'l', 'i', 'q', 'd', '.', 'n', 'e', 't', '\0', + /* "liquid.cz", true */ 'l', 'i', 'q', 'u', 'i', 'd', '.', 'c', 'z', '\0', + /* "liquidhost.co", true */ 'l', 'i', 'q', 'u', 'i', 'd', 'h', 'o', 's', 't', '.', 'c', 'o', '\0', + /* "liquidinternet.co", true */ 'l', 'i', 'q', 'u', 'i', 'd', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'c', 'o', '\0', + /* "liquidradio.pro", true */ 'l', 'i', 'q', 'u', 'i', 'd', 'r', 'a', 'd', 'i', 'o', '.', 'p', 'r', 'o', '\0', + /* "lirion.de", true */ 'l', 'i', 'r', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "liris-beautywelt.de", true */ 'l', 'i', 'r', 'i', 's', '-', 'b', 'e', 'a', 'u', 't', 'y', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0', + /* "lirlandais.ch", true */ 'l', 'i', 'r', 'l', 'a', 'n', 'd', 'a', 'i', 's', '.', 'c', 'h', '\0', + /* "lirnberger.com", true */ 'l', 'i', 'r', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "lisamccorrie.com", true */ 'l', 'i', 's', 'a', 'm', 'c', 'c', 'o', 'r', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "lisamortimore.com", true */ 'l', 'i', 's', 'a', 'm', 'o', 'r', 't', 'i', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "lisburnhottubnbounce.co.uk", true */ 'l', 'i', 's', 'b', 'u', 'r', 'n', 'h', 'o', 't', 't', 'u', 'b', 'n', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "liskgdt.net", true */ 'l', 'i', 's', 'k', 'g', 'd', 't', '.', 'n', 'e', 't', '\0', + /* "lislan.org.uk", true */ 'l', 'i', 's', 'l', 'a', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "lisowski-development.com", true */ 'l', 'i', 's', 'o', 'w', 's', 'k', 'i', '-', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "lisowski-photography.com", true */ 'l', 'i', 's', 'o', 'w', 's', 'k', 'i', '-', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "listahu.org", true */ 'l', 'i', 's', 't', 'a', 'h', 'u', '.', 'o', 'r', 'g', '\0', + /* "listen.dk", true */ 'l', 'i', 's', 't', 'e', 'n', '.', 'd', 'k', '\0', + /* "lister-kirchweg.de", true */ 'l', 'i', 's', 't', 'e', 'r', '-', 'k', 'i', 'r', 'c', 'h', 'w', 'e', 'g', '.', 'd', 'e', '\0', + /* "listminut.be", true */ 'l', 'i', 's', 't', 'm', 'i', 'n', 'u', 't', '.', 'b', 'e', '\0', + /* "lists.fedoraproject.org", true */ 'l', 'i', 's', 't', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "lists.mayfirst.org", false */ 'l', 'i', 's', 't', 's', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "lists.stg.fedoraproject.org", true */ 'l', 'i', 's', 't', 's', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "litchidova.nl", true */ 'l', 'i', 't', 'c', 'h', 'i', 'd', 'o', 'v', 'a', '.', 'n', 'l', '\0', + /* "litcomphonors.com", true */ 'l', 'i', 't', 'c', 'o', 'm', 'p', 'h', 'o', 'n', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "litebits.com", true */ 'l', 'i', 't', 'e', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "litemind.com", true */ 'l', 'i', 't', 'e', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "litevault.net", true */ 'l', 'i', 't', 'e', 'v', 'a', 'u', 'l', 't', '.', 'n', 'e', 't', '\0', + /* "litfin.name", true */ 'l', 'i', 't', 'f', 'i', 'n', '.', 'n', 'a', 'm', 'e', '\0', + /* "lithan.com", true */ 'l', 'i', 't', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "lithesalar.se", true */ 'l', 'i', 't', 'h', 'e', 's', 'a', 'l', 'a', 'r', '.', 's', 'e', '\0', + /* "lithianissaneugeneparts.com", true */ 'l', 'i', 't', 'h', 'i', 'a', 'n', 'i', 's', 's', 'a', 'n', 'e', 'u', 'g', 'e', 'n', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "litsovet.com", true */ 'l', 'i', 't', 's', 'o', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "little-cake.com", true */ 'l', 'i', 't', 't', 'l', 'e', '-', 'c', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "littledisney.ro", true */ 'l', 'i', 't', 't', 'l', 'e', 'd', 'i', 's', 'n', 'e', 'y', '.', 'r', 'o', '\0', + /* "littlefairy.no", true */ 'l', 'i', 't', 't', 'l', 'e', 'f', 'a', 'i', 'r', 'y', '.', 'n', 'o', '\0', + /* "littlefamilyadventure.com", true */ 'l', 'i', 't', 't', 'l', 'e', 'f', 'a', 'm', 'i', 'l', 'y', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "littlejumpers.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 'j', 'u', 'm', 'p', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "littlelife.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "littlenina.nz", false */ 'l', 'i', 't', 't', 'l', 'e', 'n', 'i', 'n', 'a', '.', 'n', 'z', '\0', + /* "littlepigcreek.com.au", true */ 'l', 'i', 't', 't', 'l', 'e', 'p', 'i', 'g', 'c', 'r', 'e', 'e', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "littlepincha.fr", true */ 'l', 'i', 't', 't', 'l', 'e', 'p', 'i', 'n', 'c', 'h', 'a', '.', 'f', 'r', '\0', + /* "littleprincessandmascotparties.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 'p', 'r', 'i', 'n', 'c', 'e', 's', 's', 'a', 'n', 'd', 'm', 'a', 's', 'c', 'o', 't', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "littlescallywagsplay.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 's', 'c', 'a', 'l', 'l', 'y', 'w', 'a', 'g', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "littleswitch.co.jp", true */ 'l', 'i', 't', 't', 'l', 'e', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "littlewatcher.com", true */ 'l', 'i', 't', 't', 'l', 'e', 'w', 'a', 't', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "litvideoserver.de", true */ 'l', 'i', 't', 'v', 'i', 'd', 'e', 'o', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "litz.ca", true */ 'l', 'i', 't', 'z', '.', 'c', 'a', '\0', + /* "litzenberger.ca", true */ 'l', 'i', 't', 'z', 'e', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'a', '\0', + /* "liuboznaiko.eu", true */ 'l', 'i', 'u', 'b', 'o', 'z', 'n', 'a', 'i', 'k', 'o', '.', 'e', 'u', '\0', + /* "liud.im", true */ 'l', 'i', 'u', 'd', '.', 'i', 'm', '\0', + /* "liudon.org", true */ 'l', 'i', 'u', 'd', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "liul.in", true */ 'l', 'i', 'u', 'l', '.', 'i', 'n', '\0', + /* "liushuyu.tk", true */ 'l', 'i', 'u', 's', 'h', 'u', 'y', 'u', '.', 't', 'k', '\0', + /* "liv3ly.com", true */ 'l', 'i', 'v', '3', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "livebetterwith.com", true */ 'l', 'i', 'v', 'e', 'b', 'e', 't', 't', 'e', 'r', 'w', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "livecards.co.uk", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "livecards.es", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'e', 's', '\0', + /* "livecards.eu", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'e', 'u', '\0', + /* "livecards.it", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'i', 't', '\0', + /* "livedesign.at", true */ 'l', 'i', 'v', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'a', 't', '\0', + /* "livedesign24.de", true */ 'l', 'i', 'v', 'e', 'd', 'e', 's', 'i', 'g', 'n', '2', '4', '.', 'd', 'e', '\0', + /* "liveflightapp.com", true */ 'l', 'i', 'v', 'e', 'f', 'l', 'i', 'g', 'h', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "liveforspeed.se", true */ 'l', 'i', 'v', 'e', 'f', 'o', 'r', 's', 'p', 'e', 'e', 'd', '.', 's', 'e', '\0', + /* "livejasmin.dk", true */ 'l', 'i', 'v', 'e', 'j', 'a', 's', 'm', 'i', 'n', '.', 'd', 'k', '\0', + /* "livekaarten.be", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'b', 'e', '\0', + /* "livekaarten.nl", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "livekarten.at", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'r', 't', 'e', 'n', '.', 'a', 't', '\0', + /* "livekarten.de", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "livekort.com", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "livekort.dk", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 'd', 'k', '\0', + /* "livekort.no", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 'n', 'o', '\0', + /* "livekort.se", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 's', 'e', '\0', + /* "livekortti.com", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "livekortti.fi", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', 't', 'i', '.', 'f', 'i', '\0', + /* "livelexi.com", true */ 'l', 'i', 'v', 'e', 'l', 'e', 'x', 'i', '.', 'c', 'o', 'm', '\0', + /* "livepaperhelp.com", true */ 'l', 'i', 'v', 'e', 'p', 'a', 'p', 'e', 'r', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0', + /* "livepath.ch", true */ 'l', 'i', 'v', 'e', 'p', 'a', 't', 'h', '.', 'c', 'h', '\0', + /* "liveperformersmeeting.net", true */ 'l', 'i', 'v', 'e', 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'e', 'r', 's', 'm', 'e', 'e', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "liveregistratie.nl", true */ 'l', 'i', 'v', 'e', 'r', 'e', 'g', 'i', 's', 't', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0', + /* "livesearch-fukuoka.com", true */ 'l', 'i', 'v', 'e', 's', 'e', 'a', 'r', 'c', 'h', '-', 'f', 'u', 'k', 'u', 'o', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "livesure.com", true */ 'l', 'i', 'v', 'e', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "livi.co", true */ 'l', 'i', 'v', 'i', '.', 'c', 'o', '\0', + /* "living-space.co.nz", true */ 'l', 'i', 'v', 'i', 'n', 'g', '-', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "living24.de", true */ 'l', 'i', 'v', 'i', 'n', 'g', '2', '4', '.', 'd', 'e', '\0', + /* "livingforreal.com", true */ 'l', 'i', 'v', 'i', 'n', 'g', 'f', 'o', 'r', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "livingworduk.org", true */ 'l', 'i', 'v', 'i', 'n', 'g', 'w', 'o', 'r', 'd', 'u', 'k', '.', 'o', 'r', 'g', '\0', + /* "livnev.me", true */ 'l', 'i', 'v', 'n', 'e', 'v', '.', 'm', 'e', '\0', + /* "livnev.xyz", true */ 'l', 'i', 'v', 'n', 'e', 'v', '.', 'x', 'y', 'z', '\0', + /* "livolett.de", true */ 'l', 'i', 'v', 'o', 'l', 'e', 't', 't', '.', 'd', 'e', '\0', + /* "livrariacoad.com.br", true */ 'l', 'i', 'v', 'r', 'a', 'r', 'i', 'a', 'c', 'o', 'a', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "livroseuniformes.com.br", true */ 'l', 'i', 'v', 'r', 'o', 's', 'e', 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lixtick.com", true */ 'l', 'i', 'x', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "liyin.date", true */ 'l', 'i', 'y', 'i', 'n', '.', 'd', 'a', 't', 'e', '\0', + /* "liyinjia.com", true */ 'l', 'i', 'y', 'i', 'n', 'j', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "lizardsystems.com", true */ 'l', 'i', 'z', 'a', 'r', 'd', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "lizhi.io", true */ 'l', 'i', 'z', 'h', 'i', '.', 'i', 'o', '\0', + /* "lizzythepooch.com", true */ 'l', 'i', 'z', 'z', 'y', 't', 'h', 'e', 'p', 'o', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "ljason.cn", true */ 'l', 'j', 'a', 's', 'o', 'n', '.', 'c', 'n', '\0', + /* "ljs.io", true */ 'l', 'j', 's', '.', 'i', 'o', '\0', + /* "lknw.de", true */ 'l', 'k', 'n', 'w', '.', 'd', 'e', '\0', + /* "lkummer.cz", true */ 'l', 'k', 'u', 'm', 'm', 'e', 'r', '.', 'c', 'z', '\0', + /* "llamacuba.com", true */ 'l', 'l', 'a', 'm', 'a', 'c', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "llm-guide.com", true */ 'l', 'l', 'm', '-', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "lloyd-day.me", true */ 'l', 'l', 'o', 'y', 'd', '-', 'd', 'a', 'y', '.', 'm', 'e', '\0', + /* "llslb.com", true */ 'l', 'l', 's', 'l', 'b', '.', 'c', 'o', 'm', '\0', + /* "lm-pumpen.de", false */ 'l', 'm', '-', 'p', 'u', 'm', 'p', 'e', 'n', '.', 'd', 'e', '\0', + /* "lmcm.io", true */ 'l', 'm', 'c', 'm', '.', 'i', 'o', '\0', + /* "lmddgtfy.net", true */ 'l', 'm', 'd', 'd', 'g', 't', 'f', 'y', '.', 'n', 'e', 't', '\0', + /* "lmerza.com", true */ 'l', 'm', 'e', 'r', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "lmintlcx.com", true */ 'l', 'm', 'i', 'n', 't', 'l', 'c', 'x', '.', 'c', 'o', 'm', '\0', + /* "lmmtfy.io", true */ 'l', 'm', 'm', 't', 'f', 'y', '.', 'i', 'o', '\0', + /* "lmsptfy.com", true */ 'l', 'm', 's', 'p', 't', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "lmtm.eu", true */ 'l', 'm', 't', 'm', '.', 'e', 'u', '\0', + /* "ln.io", true */ 'l', 'n', '.', 'i', 'o', '\0', + /* "lnhequipmentltd.com", true */ 'l', 'n', 'h', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0', + /* "lnoldan.com", true */ 'l', 'n', 'o', 'l', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "lntu.org", true */ 'l', 'n', 't', 'u', '.', 'o', 'r', 'g', '\0', + /* "lnx.li", true */ 'l', 'n', 'x', '.', 'l', 'i', '\0', + /* "load-ev.de", true */ 'l', 'o', 'a', 'd', '-', 'e', 'v', '.', 'd', 'e', '\0', + /* "loadlow.me", true */ 'l', 'o', 'a', 'd', 'l', 'o', 'w', '.', 'm', 'e', '\0', + /* "loadwallet.com", true */ 'l', 'o', 'a', 'd', 'w', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "loanaway.ca", true */ 'l', 'o', 'a', 'n', 'a', 'w', 'a', 'y', '.', 'c', 'a', '\0', + /* "loancompare.co.za", true */ 'l', 'o', 'a', 'n', 'c', 'o', 'm', 'p', 'a', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "loandolphin.com.au", true */ 'l', 'o', 'a', 'n', 'd', 'o', 'l', 'p', 'h', 'i', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "loanmatch.sg", true */ 'l', 'o', 'a', 'n', 'm', 'a', 't', 'c', 'h', '.', 's', 'g', '\0', + /* "loanstreet.nl", true */ 'l', 'o', 'a', 'n', 's', 't', 'r', 'e', 'e', 't', '.', 'n', 'l', '\0', + /* "lobin21.com", true */ 'l', 'o', 'b', 'i', 'n', '2', '1', '.', 'c', 'o', 'm', '\0', + /* "lobivia.de", true */ 'l', 'o', 'b', 'i', 'v', 'i', 'a', '.', 'd', 'e', '\0', + /* "lobsangstudio.com", true */ 'l', 'o', 'b', 's', 'a', 'n', 'g', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "locais.org", true */ 'l', 'o', 'c', 'a', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "local360.net", true */ 'l', 'o', 'c', 'a', 'l', '3', '6', '0', '.', 'n', 'e', 't', '\0', + /* "localbandz.com", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'a', 'n', 'd', 'z', '.', 'c', 'o', 'm', '\0', + /* "localbitcoins.com", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'i', 't', 'c', 'o', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "localblock.co.za", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'l', 'o', 'c', 'k', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "localbouncycastle.com", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "localdecor.com.br", true */ 'l', 'o', 'c', 'a', 'l', 'd', 'e', 'c', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "localhorst.xyz", true */ 'l', 'o', 'c', 'a', 'l', 'h', 'o', 'r', 's', 't', '.', 'x', 'y', 'z', '\0', + /* "localspot.pl", true */ 'l', 'o', 'c', 'a', 'l', 's', 'p', 'o', 't', '.', 'p', 'l', '\0', + /* "locapos.com", true */ 'l', 'o', 'c', 'a', 'p', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "locatorplus.gov", true */ 'l', 'o', 'c', 'a', 't', 'o', 'r', 'p', 'l', 'u', 's', '.', 'g', 'o', 'v', '\0', + /* "locauxrama.fr", true */ 'l', 'o', 'c', 'a', 'u', 'x', 'r', 'a', 'm', 'a', '.', 'f', 'r', '\0', + /* "locchat.com", true */ 'l', 'o', 'c', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "locker.email", true */ 'l', 'o', 'c', 'k', 'e', 'r', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "lockify.com", true */ 'l', 'o', 'c', 'k', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "lockpick.nl", true */ 'l', 'o', 'c', 'k', 'p', 'i', 'c', 'k', '.', 'n', 'l', '\0', + /* "lockpicks.se", true */ 'l', 'o', 'c', 'k', 'p', 'i', 'c', 'k', 's', '.', 's', 'e', '\0', + /* "lockr.io", true */ 'l', 'o', 'c', 'k', 'r', '.', 'i', 'o', '\0', + /* "locksport.org.nz", true */ 'l', 'o', 'c', 'k', 's', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0', + /* "locomore.com", true */ 'l', 'o', 'c', 'o', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "lodash.com", false */ 'l', 'o', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "lodgesdureynou.fr", true */ 'l', 'o', 'd', 'g', 'e', 's', 'd', 'u', 'r', 'e', 'y', 'n', 'o', 'u', '.', 'f', 'r', '\0', + /* "loeildansledoigt.fr", true */ 'l', 'o', 'e', 'i', 'l', 'd', 'a', 'n', 's', 'l', 'e', 'd', 'o', 'i', 'g', 't', '.', 'f', 'r', '\0', + /* "loenshotel.de", true */ 'l', 'o', 'e', 'n', 's', 'h', 'o', 't', 'e', 'l', '.', 'd', 'e', '\0', + /* "loew.de", true */ 'l', 'o', 'e', 'w', '.', 'd', 'e', '\0', + /* "lofttravel.com", true */ 'l', 'o', 'f', 't', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "log.my", false */ 'l', 'o', 'g', '.', 'm', 'y', '\0', + /* "logaldeveloper.com", true */ 'l', 'o', 'g', 'a', 'l', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "loganmarchione.com", true */ 'l', 'o', 'g', 'a', 'n', 'm', 'a', 'r', 'c', 'h', 'i', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "loganparkneighborhood.org", true */ 'l', 'o', 'g', 'a', 'n', 'p', 'a', 'r', 'k', 'n', 'e', 'i', 'g', 'h', 'b', 'o', 'r', 'h', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0', + /* "logbook.ch", true */ 'l', 'o', 'g', 'b', 'o', 'o', 'k', '.', 'c', 'h', '\0', + /* "logbot.info", true */ 'l', 'o', 'g', 'b', 'o', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "logement-saisonnier.com", true */ 'l', 'o', 'g', 'e', 'm', 'e', 'n', 't', '-', 's', 'a', 'i', 's', 'o', 'n', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "logement.com", true */ 'l', 'o', 'g', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "logentries.com", false */ 'l', 'o', 'g', 'e', 'n', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "logfile.at", true */ 'l', 'o', 'g', 'f', 'i', 'l', 'e', '.', 'a', 't', '\0', + /* "logfile.ch", true */ 'l', 'o', 'g', 'f', 'i', 'l', 'e', '.', 'c', 'h', '\0', + /* "logicchen.com", true */ 'l', 'o', 'g', 'i', 'c', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "logiciel-entreprise-seurann.fr", true */ 'l', 'o', 'g', 'i', 'c', 'i', 'e', 'l', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '-', 's', 'e', 'u', 'r', 'a', 'n', 'n', '.', 'f', 'r', '\0', + /* "logicio.ch", false */ 'l', 'o', 'g', 'i', 'c', 'i', 'o', '.', 'c', 'h', '\0', + /* "logicio.de", false */ 'l', 'o', 'g', 'i', 'c', 'i', 'o', '.', 'd', 'e', '\0', + /* "logicio.net", false */ 'l', 'o', 'g', 'i', 'c', 'i', 'o', '.', 'n', 'e', 't', '\0', + /* "logicsale.com", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "logicsale.de", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'd', 'e', '\0', + /* "logicsale.fr", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'f', 'r', '\0', + /* "logicsale.it", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'i', 't', '\0', + /* "login.corp.google.com", true */ 'l', 'o', 'g', 'i', 'n', '.', 'c', 'o', 'r', 'p', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "login.gov", false */ 'l', 'o', 'g', 'i', 'n', '.', 'g', 'o', 'v', '\0', + /* "login.launchpad.net", true */ 'l', 'o', 'g', 'i', 'n', '.', 'l', 'a', 'u', 'n', 'c', 'h', 'p', 'a', 'd', '.', 'n', 'e', 't', '\0', + /* "login.sapo.pt", true */ 'l', 'o', 'g', 'i', 'n', '.', 's', 'a', 'p', 'o', '.', 'p', 't', '\0', + /* "login.ubuntu.com", true */ 'l', 'o', 'g', 'i', 'n', '.', 'u', 'b', 'u', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0', + /* "login.xero.com", false */ 'l', 'o', 'g', 'i', 'n', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "login.yahoo.com", false */ 'l', 'o', 'g', 'i', 'n', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "logitank.net", true */ 'l', 'o', 'g', 'i', 't', 'a', 'n', 'k', '.', 'n', 'e', 't', '\0', + /* "logitel.de", true */ 'l', 'o', 'g', 'i', 't', 'e', 'l', '.', 'd', 'e', '\0', + /* "logojoes.net", true */ 'l', 'o', 'g', 'o', 'j', 'o', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "logopaediereinhard.de", true */ 'l', 'o', 'g', 'o', 'p', 'a', 'e', 'd', 'i', 'e', 'r', 'e', 'i', 'n', 'h', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "logopedistalanni.it", true */ 'l', 'o', 'g', 'o', 'p', 'e', 'd', 'i', 's', 't', 'a', 'l', 'a', 'n', 'n', 'i', '.', 'i', 't', '\0', + /* "logophiliapress.com", true */ 'l', 'o', 'g', 'o', 'p', 'h', 'i', 'l', 'i', 'a', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "logopoeia.com", true */ 'l', 'o', 'g', 'o', 'p', 'o', 'e', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "logostock.jp", true */ 'l', 'o', 'g', 'o', 's', 't', 'o', 'c', 'k', '.', 'j', 'p', '\0', + /* "lohanaflores.com.br", true */ 'l', 'o', 'h', 'a', 'n', 'a', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "loichot.ch", true */ 'l', 'o', 'i', 'c', 'h', 'o', 't', '.', 'c', 'h', '\0', + /* "lojadamimo.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'a', 'm', 'i', 'm', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojadanidrea.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'a', 'n', 'i', 'd', 'r', 'e', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojadewhisky.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'e', 'w', 'h', 'i', 's', 'k', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojadoarcomprimido.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'o', 'a', 'r', 'c', 'o', 'm', 'p', 'r', 'i', 'm', 'i', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojadoprazer.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'o', 'p', 'r', 'a', 'z', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojafazendoarte.com.br", true */ 'l', 'o', 'j', 'a', 'f', 'a', 'z', 'e', 'n', 'd', 'o', 'a', 'r', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojafilipaper.com.br", true */ 'l', 'o', 'j', 'a', 'f', 'i', 'l', 'i', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojamagicalx.com", true */ 'l', 'o', 'j', 'a', 'm', 'a', 'g', 'i', 'c', 'a', 'l', 'x', '.', 'c', 'o', 'm', '\0', + /* "lojamascate.com.br", true */ 'l', 'o', 'j', 'a', 'm', 'a', 's', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojamoleco.com.br", true */ 'l', 'o', 'j', 'a', 'm', 'o', 'l', 'e', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojamulticapmais.com.br", true */ 'l', 'o', 'j', 'a', 'm', 'u', 'l', 't', 'i', 'c', 'a', 'p', 'm', 'a', 'i', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojaprimemed.com.br", true */ 'l', 'o', 'j', 'a', 'p', 'r', 'i', 'm', 'e', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojaprojetoagua.com.br", true */ 'l', 'o', 'j', 'a', 'p', 'r', 'o', 'j', 'e', 't', 'o', 'a', 'g', 'u', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojaterrazul.com.br", true */ 'l', 'o', 'j', 'a', 't', 'e', 'r', 'r', 'a', 'z', 'u', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojavirtualfct.com.br", true */ 'l', 'o', 'j', 'a', 'v', 'i', 'r', 't', 'u', 'a', 'l', 'f', 'c', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojavisamed.com.br", true */ 'l', 'o', 'j', 'a', 'v', 'i', 's', 'a', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lojix.com", true */ 'l', 'o', 'j', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "lojj.pt", true */ 'l', 'o', 'j', 'j', '.', 'p', 't', '\0', + /* "lokaal.org", true */ 'l', 'o', 'k', 'a', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "lolcorp.pl", true */ 'l', 'o', 'l', 'c', 'o', 'r', 'p', '.', 'p', 'l', '\0', + /* "lolcow.farm", true */ 'l', 'o', 'l', 'c', 'o', 'w', '.', 'f', 'a', 'r', 'm', '\0', + /* "lolhax.org", true */ 'l', 'o', 'l', 'h', 'a', 'x', '.', 'o', 'r', 'g', '\0', + /* "loli.net", true */ 'l', 'o', 'l', 'i', '.', 'n', 'e', 't', '\0', + /* "loli.pet", true */ 'l', 'o', 'l', 'i', '.', 'p', 'e', 't', '\0', + /* "loli.world", true */ 'l', 'o', 'l', 'i', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "lolibrary.org", true */ 'l', 'o', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "lolicon.eu", true */ 'l', 'o', 'l', 'i', 'c', 'o', 'n', '.', 'e', 'u', '\0', + /* "lolicon.info", true */ 'l', 'o', 'l', 'i', 'c', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "lolis.stream", true */ 'l', 'o', 'l', 'i', 's', '.', 's', 't', 'r', 'e', 'a', 'm', '\0', + /* "lolkot.ru", true */ 'l', 'o', 'l', 'k', 'o', 't', '.', 'r', 'u', '\0', + /* "lollaconcept.com.br", true */ 'l', 'o', 'l', 'l', 'a', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lolnames.gg", true */ 'l', 'o', 'l', 'n', 'a', 'm', 'e', 's', '.', 'g', 'g', '\0', + /* "lolpatrol.de", true */ 'l', 'o', 'l', 'p', 'a', 't', 'r', 'o', 'l', '.', 'd', 'e', '\0', + /* "lolpatrol.wtf", true */ 'l', 'o', 'l', 'p', 'a', 't', 'r', 'o', 'l', '.', 'w', 't', 'f', '\0', + /* "loma.ml", true */ 'l', 'o', 'm', 'a', '.', 'm', 'l', '\0', + /* "lommyfleet.com", true */ 'l', 'o', 'm', 'm', 'y', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "lon-so.com", true */ 'l', 'o', 'n', '-', 's', 'o', '.', 'c', 'o', 'm', '\0', + /* "lona.io", true */ 'l', 'o', 'n', 'a', '.', 'i', 'o', '\0', + /* "lonal.com", true */ 'l', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "lonasdigital.com", true */ 'l', 'o', 'n', 'a', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "lonbali.com", true */ 'l', 'o', 'n', 'b', 'a', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "london.dating", true */ 'l', 'o', 'n', 'd', 'o', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "londongynaecologist.co", true */ 'l', 'o', 'n', 'd', 'o', 'n', 'g', 'y', 'n', 'a', 'e', 'c', 'o', 'l', 'o', 'g', 'i', 's', 't', '.', 'c', 'o', '\0', + /* "londonkan.jp", true */ 'l', 'o', 'n', 'd', 'o', 'n', 'k', 'a', 'n', '.', 'j', 'p', '\0', + /* "londonkeyholdingcompany.co.uk", true */ 'l', 'o', 'n', 'd', 'o', 'n', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "londonseedcentre.co.uk", true */ 'l', 'o', 'n', 'd', 'o', 'n', 's', 'e', 'e', 'd', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lone-gunman.be", true */ 'l', 'o', 'n', 'e', '-', 'g', 'u', 'n', 'm', 'a', 'n', '.', 'b', 'e', '\0', + /* "lonelytweets.com", true */ 'l', 'o', 'n', 'e', 'l', 'y', 't', 'w', 'e', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "lonesomecosmonaut.com", true */ 'l', 'o', 'n', 'e', 's', 'o', 'm', 'e', 'c', 'o', 's', 'm', 'o', 'n', 'a', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "longhaircareforum.com", true */ 'l', 'o', 'n', 'g', 'h', 'a', 'i', 'r', 'c', 'a', 'r', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "longhorn-imports.com", true */ 'l', 'o', 'n', 'g', 'h', 'o', 'r', 'n', '-', 'i', 'm', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "longhorn.id.au", true */ 'l', 'o', 'n', 'g', 'h', 'o', 'r', 'n', '.', 'i', 'd', '.', 'a', 'u', '\0', + /* "longstride.net", true */ 'l', 'o', 'n', 'g', 's', 't', 'r', 'i', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "lonniec.com", true */ 'l', 'o', 'n', 'n', 'i', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "look.co.il", true */ 'l', 'o', 'o', 'k', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "looka.ch", true */ 'l', 'o', 'o', 'k', 'a', '.', 'c', 'h', '\0', + /* "looka.photo", true */ 'l', 'o', 'o', 'k', 'a', '.', 'p', 'h', 'o', 't', 'o', '\0', + /* "lookagain.co.uk", true */ 'l', 'o', 'o', 'k', 'a', 'g', 'a', 'i', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lookart.ch", true */ 'l', 'o', 'o', 'k', 'a', 'r', 't', '.', 'c', 'h', '\0', + /* "lookasik.eu", true */ 'l', 'o', 'o', 'k', 'a', 's', 'i', 'k', '.', 'e', 'u', '\0', + /* "lookastic.co.uk", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lookastic.com", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "lookastic.de", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'd', 'e', '\0', + /* "lookastic.es", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'e', 's', '\0', + /* "lookastic.fr", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'f', 'r', '\0', + /* "lookastic.mx", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'm', 'x', '\0', + /* "lookastic.ru", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'r', 'u', '\0', + /* "lookbetweenthelines.com", true */ 'l', 'o', 'o', 'k', 'b', 'e', 't', 'w', 'e', 'e', 'n', 't', 'h', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "lookyman.net", true */ 'l', 'o', 'o', 'k', 'y', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "loom.no", true */ 'l', 'o', 'o', 'm', '.', 'n', 'o', '\0', + /* "looneymooney.com", true */ 'l', 'o', 'o', 'n', 'e', 'y', 'm', 'o', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "loony.info", true */ 'l', 'o', 'o', 'n', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "loophost.com.br", false */ 'l', 'o', 'o', 'p', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "loopower.com", true */ 'l', 'o', 'o', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "loopstart.org", true */ 'l', 'o', 'o', 'p', 's', 't', 'a', 'r', 't', '.', 'o', 'r', 'g', '\0', + /* "loovto.net", true */ 'l', 'o', 'o', 'v', 't', 'o', '.', 'n', 'e', 't', '\0', + /* "loperetti.ch", true */ 'l', 'o', 'p', 'e', 'r', 'e', 't', 't', 'i', '.', 'c', 'h', '\0', + /* "loqu8.com", true */ 'l', 'o', 'q', 'u', '8', '.', 'c', 'o', 'm', '\0', + /* "lordgun.com", true */ 'l', 'o', 'r', 'd', 'g', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "lordofthebrick.com", true */ 'l', 'o', 'r', 'd', 'o', 'f', 't', 'h', 'e', 'b', 'r', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "lore.azurewebsites.net", true */ 'l', 'o', 'r', 'e', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "lorenadumitrascu.ro", true */ 'l', 'o', 'r', 'e', 'n', 'a', 'd', 'u', 'm', 'i', 't', 'r', 'a', 's', 'c', 'u', '.', 'r', 'o', '\0', + /* "loritaboegl.de", true */ 'l', 'o', 'r', 'i', 't', 'a', 'b', 'o', 'e', 'g', 'l', '.', 'd', 'e', '\0', + /* "losless.fr", true */ 'l', 'o', 's', 'l', 'e', 's', 's', '.', 'f', 'r', '\0', + /* "loss.no", true */ 'l', 'o', 's', 's', '.', 'n', 'o', '\0', + /* "lost.host", true */ 'l', 'o', 's', 't', '.', 'h', 'o', 's', 't', '\0', + /* "lostandcash.com", true */ 'l', 'o', 's', 't', 'a', 'n', 'd', 'c', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "lostarq.com", true */ 'l', 'o', 's', 't', 'a', 'r', 'q', '.', 'c', 'o', 'm', '\0', + /* "lostingames.de", true */ 'l', 'o', 's', 't', 'i', 'n', 'g', 'a', 'm', 'e', 's', '.', 'd', 'e', '\0', + /* "lostkeys.co.uk", true */ 'l', 'o', 's', 't', 'k', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lostserver.com", true */ 'l', 'o', 's', 't', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "lostwithdan.com", true */ 'l', 'o', 's', 't', 'w', 'i', 't', 'h', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "loteks.de", true */ 'l', 'o', 't', 'e', 'k', 's', '.', 'd', 'e', '\0', + /* "lothlorien.ca", true */ 'l', 'o', 't', 'h', 'l', 'o', 'r', 'i', 'e', 'n', '.', 'c', 'a', '\0', + /* "lottosonline.com", true */ 'l', 'o', 't', 't', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "lottospielen24.org", false */ 'l', 'o', 't', 't', 'o', 's', 'p', 'i', 'e', 'l', 'e', 'n', '2', '4', '.', 'o', 'r', 'g', '\0', + /* "lotuscloud.de", true */ 'l', 'o', 't', 'u', 's', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "lotw.de", true */ 'l', 'o', 't', 'w', '.', 'd', 'e', '\0', + /* "lotz.li", true */ 'l', 'o', 't', 'z', '.', 'l', 'i', '\0', + /* "lou.lt", true */ 'l', 'o', 'u', '.', 'l', 't', '\0', + /* "louange-reconvilier.ch", true */ 'l', 'o', 'u', 'a', 'n', 'g', 'e', '-', 'r', 'e', 'c', 'o', 'n', 'v', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0', + /* "loucanfixit.com", true */ 'l', 'o', 'u', 'c', 'a', 'n', 'f', 'i', 'x', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "louisvillecarguys.com", true */ 'l', 'o', 'u', 'i', 's', 'v', 'i', 'l', 'l', 'e', 'c', 'a', 'r', 'g', 'u', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "louisvillevmug.info", true */ 'l', 'o', 'u', 'i', 's', 'v', 'i', 'l', 'l', 'e', 'v', 'm', 'u', 'g', '.', 'i', 'n', 'f', 'o', '\0', + /* "loune.net", true */ 'l', 'o', 'u', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "love-schna.jp", true */ 'l', 'o', 'v', 'e', '-', 's', 'c', 'h', 'n', 'a', '.', 'j', 'p', '\0', + /* "love4taylor.eu.org", true */ 'l', 'o', 'v', 'e', '4', 't', 'a', 'y', 'l', 'o', 'r', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "love4taylor.me", true */ 'l', 'o', 'v', 'e', '4', 't', 'a', 'y', 'l', 'o', 'r', '.', 'm', 'e', '\0', + /* "loveandadoreboutique.com", true */ 'l', 'o', 'v', 'e', 'a', 'n', 'd', 'a', 'd', 'o', 'r', 'e', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "loveislandgames.com", true */ 'l', 'o', 'v', 'e', 'i', 's', 'l', 'a', 'n', 'd', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "loveismore.de", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'd', 'e', '\0', + /* "loveismore.es", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'e', 's', '\0', + /* "loveismore.eu", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'e', 'u', '\0', + /* "loveismore.fr", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'f', 'r', '\0', + /* "loveismore.it", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'i', 't', '\0', + /* "loveismore.org", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "loveismore.pl", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'p', 'l', '\0', + /* "loveismore.ru", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'r', 'u', '\0', + /* "loveismore.sk", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 's', 'k', '\0', + /* "loveisourweapon.com", true */ 'l', 'o', 'v', 'e', 'i', 's', 'o', 'u', 'r', 'w', 'e', 'a', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "lovelens.ch", true */ 'l', 'o', 'v', 'e', 'l', 'e', 'n', 's', '.', 'c', 'h', '\0', + /* "lovelens.li", true */ 'l', 'o', 'v', 'e', 'l', 'e', 'n', 's', '.', 'l', 'i', '\0', + /* "lovelive-anime.tk", true */ 'l', 'o', 'v', 'e', 'l', 'i', 'v', 'e', '-', 'a', 'n', 'i', 'm', 'e', '.', 't', 'k', '\0', + /* "lovelive.us", true */ 'l', 'o', 'v', 'e', 'l', 'i', 'v', 'e', '.', 'u', 's', '\0', + /* "lovemomiji.com", true */ 'l', 'o', 'v', 'e', 'm', 'o', 'm', 'i', 'j', 'i', '.', 'c', 'o', 'm', '\0', + /* "lovemysafetynet.com", true */ 'l', 'o', 'v', 'e', 'm', 'y', 's', 'a', 'f', 'e', 't', 'y', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "lovenwishes.com", true */ 'l', 'o', 'v', 'e', 'n', 'w', 'i', 's', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "loveph.one", true */ 'l', 'o', 'v', 'e', 'p', 'h', '.', 'o', 'n', 'e', '\0', + /* "lover-bg.com", true */ 'l', 'o', 'v', 'e', 'r', '-', 'b', 'g', '.', 'c', 'o', 'm', '\0', + /* "loveread-ec.appspot.com", true */ 'l', 'o', 'v', 'e', 'r', 'e', 'a', 'd', '-', 'e', 'c', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "loverepublic.ru", true */ 'l', 'o', 'v', 'e', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'r', 'u', '\0', + /* "lovesmagical.com", true */ 'l', 'o', 'v', 'e', 's', 'm', 'a', 'g', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "lovesupremefestival.com", true */ 'l', 'o', 'v', 'e', 's', 'u', 'p', 'r', 'e', 'm', 'e', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "lovetravel360.com", true */ 'l', 'o', 'v', 'e', 't', 'r', 'a', 'v', 'e', 'l', '3', '6', '0', '.', 'c', 'o', 'm', '\0', + /* "loveyounastya.com", true */ 'l', 'o', 'v', 'e', 'y', 'o', 'u', 'n', 'a', 's', 't', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "loveysa.ch", true */ 'l', 'o', 'v', 'e', 'y', 's', 'a', '.', 'c', 'h', '\0', + /* "lovg.ren", true */ 'l', 'o', 'v', 'g', '.', 'r', 'e', 'n', '\0', + /* "lovingearth.co", true */ 'l', 'o', 'v', 'i', 'n', 'g', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', '\0', + /* "lovizaim.ru", true */ 'l', 'o', 'v', 'i', 'z', 'a', 'i', 'm', '.', 'r', 'u', '\0', + /* "low-diets.com", true */ 'l', 'o', 'w', '-', 'd', 'i', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "lowcostwire.com.au", true */ 'l', 'o', 'w', 'c', 'o', 's', 't', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "lowmagnitude.com", true */ 'l', 'o', 'w', 'm', 'a', 'g', 'n', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "lowsec.space", true */ 'l', 'o', 'w', 's', 'e', 'c', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "lowsidetna.com", true */ 'l', 'o', 'w', 's', 'i', 'd', 'e', 't', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "lowson.ca", true */ 'l', 'o', 'w', 's', 'o', 'n', '.', 'c', 'a', '\0', + /* "loyaleco.it", true */ 'l', 'o', 'y', 'a', 'l', 'e', 'c', 'o', '.', 'i', 't', '\0', + /* "lp-support.nl", true */ 'l', 'p', '-', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'n', 'l', '\0', + /* "lpacademy.com.br", true */ 'l', 'p', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "lpbk-bethel.de", false */ 'l', 'p', 'b', 'k', '-', 'b', 'e', 't', 'h', 'e', 'l', '.', 'd', 'e', '\0', + /* "lpm-uk.com", true */ 'l', 'p', 'm', '-', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "lpt-nebreziny.eu", true */ 'l', 'p', 't', '-', 'n', 'e', 'b', 'r', 'e', 'z', 'i', 'n', 'y', '.', 'e', 'u', '\0', + /* "lra-cloud.de", true */ 'l', 'r', 'a', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "lrssystems.com", true */ 'l', 'r', 's', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "ls-alarm.de", true */ 'l', 's', '-', 'a', 'l', 'a', 'r', 'm', '.', 'd', 'e', '\0', + /* "ls-rp.es", true */ 'l', 's', '-', 'r', 'p', '.', 'e', 's', '\0', + /* "lsc-dillingen.de", true */ 'l', 's', 'c', '-', 'd', 'i', 'l', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "lsc.gov", true */ 'l', 's', 'c', '.', 'g', 'o', 'v', '\0', + /* "lsquo.com", true */ 'l', 's', 'q', 'u', 'o', '.', 'c', 'o', 'm', '\0', + /* "lstma.com", true */ 'l', 's', 't', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "lsvih.com", true */ 'l', 's', 'v', 'i', 'h', '.', 'c', 'o', 'm', '\0', + /* "lsys.ac", true */ 'l', 's', 'y', 's', '.', 'a', 'c', '\0', + /* "lszj.com", true */ 'l', 's', 'z', 'j', '.', 'c', 'o', 'm', '\0', + /* "lt.search.yahoo.com", false */ 'l', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "ltba.org", true */ 'l', 't', 'b', 'a', '.', 'o', 'r', 'g', '\0', + /* "ltecode.com", true */ 'l', 't', 'e', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "ltls.org", true */ 'l', 't', 'l', 's', '.', 'o', 'r', 'g', '\0', + /* "ltn-tom-morel.fr", true */ 'l', 't', 'n', '-', 't', 'o', 'm', '-', 'm', 'o', 'r', 'e', 'l', '.', 'f', 'r', '\0', + /* "lu.search.yahoo.com", false */ 'l', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "luav.org", true */ 'l', 'u', 'a', 'v', '.', 'o', 'r', 'g', '\0', + /* "lubar.me", true */ 'l', 'u', 'b', 'a', 'r', '.', 'm', 'e', '\0', + /* "lubbockyounglawyers.org", true */ 'l', 'u', 'b', 'b', 'o', 'c', 'k', 'y', 'o', 'u', 'n', 'g', 'l', 'a', 'w', 'y', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "lubomirkazakov.com", true */ 'l', 'u', 'b', 'o', 'm', 'i', 'r', 'k', 'a', 'z', 'a', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "lubot.net", false */ 'l', 'u', 'b', 'o', 't', '.', 'n', 'e', 't', '\0', + /* "luc-oberson.ch", true */ 'l', 'u', 'c', '-', 'o', 'b', 'e', 'r', 's', 'o', 'n', '.', 'c', 'h', '\0', + /* "luca.swiss", true */ 'l', 'u', 'c', 'a', '.', 's', 'w', 'i', 's', 's', '\0', + /* "lucakrebs.de", true */ 'l', 'u', 'c', 'a', 'k', 'r', 'e', 'b', 's', '.', 'd', 'e', '\0', + /* "lucasantarella.com", true */ 'l', 'u', 'c', 'a', 's', 'a', 'n', 't', 'a', 'r', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "lucascantor.com", true */ 'l', 'u', 'c', 'a', 's', 'c', 'a', 'n', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "lucasem.com", true */ 'l', 'u', 'c', 'a', 's', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "lucasgaland.com", true */ 'l', 'u', 'c', 'a', 's', 'g', 'a', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "lucasgymnastics.com", true */ 'l', 'u', 'c', 'a', 's', 'g', 'y', 'm', 'n', 'a', 's', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "lucassoler.com.ar", true */ 'l', 'u', 'c', 'a', 's', 's', 'o', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "luce.life", true */ 'l', 'u', 'c', 'e', '.', 'l', 'i', 'f', 'e', '\0', + /* "luchscheider.de", false */ 'l', 'u', 'c', 'h', 's', 'c', 'h', 'e', 'i', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "lucid-light.de", true */ 'l', 'u', 'c', 'i', 'd', '-', 'l', 'i', 'g', 'h', 't', '.', 'd', 'e', '\0', + /* "lucidframeworks.com", true */ 'l', 'u', 'c', 'i', 'd', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "lucidlight.de", true */ 'l', 'u', 'c', 'i', 'd', 'l', 'i', 'g', 'h', 't', '.', 'd', 'e', '\0', + /* "lucidlogs.com", true */ 'l', 'u', 'c', 'i', 'd', 'l', 'o', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "lucidoccult.com", true */ 'l', 'u', 'c', 'i', 'd', 'o', 'c', 'c', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "lucielavickova.com", true */ 'l', 'u', 'c', 'i', 'e', 'l', 'a', 'v', 'i', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0', + /* "luckycastles.co.uk", true */ 'l', 'u', 'c', 'k', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "luckyfrog.hk", true */ 'l', 'u', 'c', 'k', 'y', 'f', 'r', 'o', 'g', '.', 'h', 'k', '\0', + /* "luckystarfishing.com", true */ 'l', 'u', 'c', 'k', 'y', 's', 't', 'a', 'r', 'f', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "lucy.science", true */ 'l', 'u', 'c', 'y', '.', 's', 'c', 'i', 'e', 'n', 'c', 'e', '\0', + /* "lucysan.net", true */ 'l', 'u', 'c', 'y', 's', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "ludikovsky.name", true */ 'l', 'u', 'd', 'i', 'k', 'o', 'v', 's', 'k', 'y', '.', 'n', 'a', 'm', 'e', '\0', + /* "ludwig.im", true */ 'l', 'u', 'd', 'w', 'i', 'g', '.', 'i', 'm', '\0', + /* "ludwiggrill.de", true */ 'l', 'u', 'd', 'w', 'i', 'g', 'g', 'r', 'i', 'l', 'l', '.', 'd', 'e', '\0', + /* "ludwigpro.net", true */ 'l', 'u', 'd', 'w', 'i', 'g', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "luehne.de", true */ 'l', 'u', 'e', 'h', 'n', 'e', '.', 'd', 'e', '\0', + /* "luelistan.net", true */ 'l', 'u', 'e', 'l', 'i', 's', 't', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "luenwarneke.com", true */ 'l', 'u', 'e', 'n', 'w', 'a', 'r', 'n', 'e', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "luffyhair.com", true */ 'l', 'u', 'f', 'f', 'y', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "luftbild-siegerland.de", true */ 'l', 'u', 'f', 't', 'b', 'i', 'l', 'd', '-', 's', 'i', 'e', 'g', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0', + /* "luftreiniger.biz", true */ 'l', 'u', 'f', 't', 'r', 'e', 'i', 'n', 'i', 'g', 'e', 'r', '.', 'b', 'i', 'z', '\0', + /* "luganskservers.net", true */ 'l', 'u', 'g', 'a', 'n', 's', 'k', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "lugbb.org", true */ 'l', 'u', 'g', 'b', 'b', '.', 'o', 'r', 'g', '\0', + /* "luginbuehl.be", true */ 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'b', 'e', '\0', + /* "luginbuehl.eu", true */ 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'e', 'u', '\0', + /* "lugui.in", true */ 'l', 'u', 'g', 'u', 'i', '.', 'i', 'n', '\0', + /* "luiscapelo.info", true */ 'l', 'u', 'i', 's', 'c', 'a', 'p', 'e', 'l', 'o', '.', 'i', 'n', 'f', 'o', '\0', + /* "luisgf.es", true */ 'l', 'u', 'i', 's', 'g', 'f', '.', 'e', 's', '\0', + /* "luismaier.de", true */ 'l', 'u', 'i', 's', 'm', 'a', 'i', 'e', 'r', '.', 'd', 'e', '\0', + /* "luisv.me", true */ 'l', 'u', 'i', 's', 'v', '.', 'm', 'e', '\0', + /* "luisyr.com", true */ 'l', 'u', 'i', 's', 'y', 'r', '.', 'c', 'o', 'm', '\0', + /* "luizkowalski.net", true */ 'l', 'u', 'i', 'z', 'k', 'o', 'w', 'a', 'l', 's', 'k', 'i', '.', 'n', 'e', 't', '\0', + /* "luk.earth", true */ 'l', 'u', 'k', '.', 'e', 'a', 'r', 't', 'h', '\0', + /* "luk.photo", true */ 'l', 'u', 'k', '.', 'p', 'h', 'o', 't', 'o', '\0', + /* "lukas-oppermann.de", true */ 'l', 'u', 'k', 'a', 's', '-', 'o', 'p', 'p', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "lukas-schauer.de", true */ 'l', 'u', 'k', 'a', 's', '-', 's', 'c', 'h', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0', + /* "lukas.im", true */ 'l', 'u', 'k', 'a', 's', '.', 'i', 'm', '\0', + /* "lukas2511.de", true */ 'l', 'u', 'k', 'a', 's', '2', '5', '1', '1', '.', 'd', 'e', '\0', + /* "lukasberan.com", true */ 'l', 'u', 'k', 'a', 's', 'b', 'e', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "lukasberan.cz", true */ 'l', 'u', 'k', 'a', 's', 'b', 'e', 'r', 'a', 'n', '.', 'c', 'z', '\0', + /* "lukasfunk.com", true */ 'l', 'u', 'k', 'a', 's', 'f', 'u', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "lukasoppermann.com", true */ 'l', 'u', 'k', 'a', 's', 'o', 'p', 'p', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "lukasoppermann.de", true */ 'l', 'u', 'k', 'a', 's', 'o', 'p', 'p', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "lukasschauer.de", true */ 'l', 'u', 'k', 'a', 's', 's', 'c', 'h', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0', + /* "lukasschick.de", false */ 'l', 'u', 'k', 'a', 's', 's', 'c', 'h', 'i', 'c', 'k', '.', 'd', 'e', '\0', + /* "lukaszorn.de", true */ 'l', 'u', 'k', 'a', 's', 'z', 'o', 'r', 'n', '.', 'd', 'e', '\0', + /* "lukatz.de", true */ 'l', 'u', 'k', 'a', 't', 'z', '.', 'd', 'e', '\0', + /* "luke.ch", true */ 'l', 'u', 'k', 'e', '.', 'c', 'h', '\0', + /* "lukeistschuld.de", true */ 'l', 'u', 'k', 'e', 'i', 's', 't', 's', 'c', 'h', 'u', 'l', 'd', '.', 'd', 'e', '\0', + /* "lukeng.net", true */ 'l', 'u', 'k', 'e', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "lukesbouncycastlehire.com", true */ 'l', 'u', 'k', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "lukestebbing.com", true */ 'l', 'u', 'k', 'e', 's', 't', 'e', 'b', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "lukmanulhakim.id", true */ 'l', 'u', 'k', 'm', 'a', 'n', 'u', 'l', 'h', 'a', 'k', 'i', 'm', '.', 'i', 'd', '\0', + /* "lukull-pizza.de", true */ 'l', 'u', 'k', 'u', 'l', 'l', '-', 'p', 'i', 'z', 'z', 'a', '.', 'd', 'e', '\0', + /* "lumer.tech", true */ 'l', 'u', 'm', 'e', 'r', '.', 't', 'e', 'c', 'h', '\0', + /* "lumiere.com", true */ 'l', 'u', 'm', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "luminancy.com", true */ 'l', 'u', 'm', 'i', 'n', 'a', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "lunafag.ru", true */ 'l', 'u', 'n', 'a', 'f', 'a', 'g', '.', 'r', 'u', '\0', + /* "lunakit.org", true */ 'l', 'u', 'n', 'a', 'k', 'i', 't', '.', 'o', 'r', 'g', '\0', + /* "lunapps.com", true */ 'l', 'u', 'n', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "lunar6.ch", true */ 'l', 'u', 'n', 'a', 'r', '6', '.', 'c', 'h', '\0', + /* "lunarshark.com", true */ 'l', 'u', 'n', 'a', 'r', 's', 'h', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "lunarsoft.net", true */ 'l', 'u', 'n', 'a', 'r', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "lunartail.nl", true */ 'l', 'u', 'n', 'a', 'r', 't', 'a', 'i', 'l', '.', 'n', 'l', '\0', + /* "lunasqu.ee", true */ 'l', 'u', 'n', 'a', 's', 'q', 'u', '.', 'e', 'e', '\0', + /* "lunchbunch.me", true */ 'l', 'u', 'n', 'c', 'h', 'b', 'u', 'n', 'c', 'h', '.', 'm', 'e', '\0', + /* "lune-indigo.ch", true */ 'l', 'u', 'n', 'e', '-', 'i', 'n', 'd', 'i', 'g', 'o', '.', 'c', 'h', '\0', + /* "lungdoc.us", false */ 'l', 'u', 'n', 'g', 'd', 'o', 'c', '.', 'u', 's', '\0', + /* "lunidea.ch", true */ 'l', 'u', 'n', 'i', 'd', 'e', 'a', '.', 'c', 'h', '\0', + /* "lunidea.com", true */ 'l', 'u', 'n', 'i', 'd', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "lunight.ml", true */ 'l', 'u', 'n', 'i', 'g', 'h', 't', '.', 'm', 'l', '\0', + /* "lunis.net", true */ 'l', 'u', 'n', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "lunix.io", true */ 'l', 'u', 'n', 'i', 'x', '.', 'i', 'o', '\0', + /* "lunorian.is", true */ 'l', 'u', 'n', 'o', 'r', 'i', 'a', 'n', '.', 'i', 's', '\0', + /* "luoe.me", true */ 'l', 'u', 'o', 'e', '.', 'm', 'e', '\0', + /* "luoh.cc", true */ 'l', 'u', 'o', 'h', '.', 'c', 'c', '\0', + /* "luoh.me", true */ 'l', 'u', 'o', 'h', '.', 'm', 'e', '\0', + /* "luohua.im", true */ 'l', 'u', 'o', 'h', 'u', 'a', '.', 'i', 'm', '\0', + /* "luolikong.vip", true */ 'l', 'u', 'o', 'l', 'i', 'k', 'o', 'n', 'g', '.', 'v', 'i', 'p', '\0', + /* "luongvu.com", true */ 'l', 'u', 'o', 'n', 'g', 'v', 'u', '.', 'c', 'o', 'm', '\0', + /* "lupinencyclopedia.com", true */ 'l', 'u', 'p', 'i', 'n', 'e', 'n', 'c', 'y', 'c', 'l', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "luso-livros.net", true */ 'l', 'u', 's', 'o', '-', 'l', 'i', 'v', 'r', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "lusteniny.cz", false */ 'l', 'u', 's', 't', 'e', 'n', 'i', 'n', 'y', '.', 'c', 'z', '\0', + /* "lustige-zitate.com", true */ 'l', 'u', 's', 't', 'i', 'g', 'e', '-', 'z', 'i', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "lustin.fr", true */ 'l', 'u', 's', 't', 'i', 'n', '.', 'f', 'r', '\0', + /* "lustrum.ch", true */ 'l', 'u', 's', 't', 'r', 'u', 'm', '.', 'c', 'h', '\0', + /* "lusynth.com", true */ 'l', 'u', 's', 'y', 'n', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "lutizi.com", false */ 'l', 'u', 't', 'i', 'z', 'i', '.', 'c', 'o', 'm', '\0', + /* "lutoma.org", true */ 'l', 'u', 't', 'o', 'm', 'a', '.', 'o', 'r', 'g', '\0', + /* "luukdebruincv.nl", true */ 'l', 'u', 'u', 'k', 'd', 'e', 'b', 'r', 'u', 'i', 'n', 'c', 'v', '.', 'n', 'l', '\0', + /* "luukklene.nl", true */ 'l', 'u', 'u', 'k', 'k', 'l', 'e', 'n', 'e', '.', 'n', 'l', '\0', + /* "luuppi.fi", true */ 'l', 'u', 'u', 'p', 'p', 'i', '.', 'f', 'i', '\0', + /* "luvare.com", true */ 'l', 'u', 'v', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "luvbridal.com.au", true */ 'l', 'u', 'v', 'b', 'r', 'i', 'd', 'a', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "luxcraft.eng.br", true */ 'l', 'u', 'x', 'c', 'r', 'a', 'f', 't', '.', 'e', 'n', 'g', '.', 'b', 'r', '\0', + /* "luxe-it.co.uk", true */ 'l', 'u', 'x', 'e', '-', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "luxescreenprotector.nl", true */ 'l', 'u', 'x', 'e', 's', 'c', 'r', 'e', 'e', 'n', 'p', 'r', 'o', 't', 'e', 'c', 't', 'o', 'r', '.', 'n', 'l', '\0', + /* "luxsci.com", true */ 'l', 'u', 'x', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0', + /* "luxuryweddingsindonesia.com", true */ 'l', 'u', 'x', 'u', 'r', 'y', 'w', 'e', 'd', 'd', 'i', 'n', 'g', 's', 'i', 'n', 'd', 'o', 'n', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "luxusnivoucher.cz", true */ 'l', 'u', 'x', 'u', 's', 'n', 'i', 'v', 'o', 'u', 'c', 'h', 'e', 'r', '.', 'c', 'z', '\0', + /* "luxusnyvoucher.sk", true */ 'l', 'u', 'x', 'u', 's', 'n', 'y', 'v', 'o', 'u', 'c', 'h', 'e', 'r', '.', 's', 'k', '\0', + /* "luxvacuos.net", true */ 'l', 'u', 'x', 'v', 'a', 'c', 'u', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "luxwatch.com", true */ 'l', 'u', 'x', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "luzat.com", true */ 'l', 'u', 'z', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "lv.search.yahoo.com", false */ 'l', 'v', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "lv0.it", true */ 'l', 'v', '0', '.', 'i', 't', '\0', + /* "lv5.top", true */ 'l', 'v', '5', '.', 't', 'o', 'p', '\0', + /* "lvrsystems.com", true */ 'l', 'v', 'r', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "lwl.moe", true */ 'l', 'w', 'l', '.', 'm', 'o', 'e', '\0', + /* "lwl12.com", true */ 'l', 'w', 'l', '1', '2', '.', 'c', 'o', 'm', '\0', + /* "lycee-saintjoseph-mesnieres.fr", true */ 'l', 'y', 'c', 'e', 'e', '-', 's', 'a', 'i', 'n', 't', 'j', 'o', 's', 'e', 'p', 'h', '-', 'm', 'e', 's', 'n', 'i', 'e', 'r', 'e', 's', '.', 'f', 'r', '\0', + /* "lydudlejning.net", true */ 'l', 'y', 'd', 'u', 'd', 'l', 'e', 'j', 'n', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "lyfbits.com", true */ 'l', 'y', 'f', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "lylares.com", true */ 'l', 'y', 'l', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "lynero.dk", true */ 'l', 'y', 'n', 'e', 'r', 'o', '.', 'd', 'k', '\0', + /* "lyness.io", true */ 'l', 'y', 'n', 'e', 's', 's', '.', 'i', 'o', '\0', + /* "lyngvaer.no", true */ 'l', 'y', 'n', 'g', 'v', 'a', 'e', 'r', '.', 'n', 'o', '\0', + /* "lynkos.com", true */ 'l', 'y', 'n', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "lynnlaytonnissanparts.com", true */ 'l', 'y', 'n', 'n', 'l', 'a', 'y', 't', 'o', 'n', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "lynnmosher.com", true */ 'l', 'y', 'n', 'n', 'm', 'o', 's', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "lynthium.com", true */ 'l', 'y', 'n', 't', 'h', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "lynx.nl", true */ 'l', 'y', 'n', 'x', '.', 'n', 'l', '\0', + /* "lynxbroker.de", true */ 'l', 'y', 'n', 'x', 'b', 'r', 'o', 'k', 'e', 'r', '.', 'd', 'e', '\0', + /* "lynxpro.nl", true */ 'l', 'y', 'n', 'x', 'p', 'r', 'o', '.', 'n', 'l', '\0', + /* "lyon-interactive.com", true */ 'l', 'y', 'o', 'n', '-', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "lyon-synergie.com", true */ 'l', 'y', 'o', 'n', '-', 's', 'y', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "lyoness.digital", true */ 'l', 'y', 'o', 'n', 'e', 's', 's', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "lyonl.com", true */ 'l', 'y', 'o', 'n', 'l', '.', 'c', 'o', 'm', '\0', + /* "lyricfm.ie", true */ 'l', 'y', 'r', 'i', 'c', 'f', 'm', '.', 'i', 'e', '\0', + /* "lys.ch", true */ 'l', 'y', 's', '.', 'c', 'h', '\0', + /* "lysergion.com", true */ 'l', 'y', 's', 'e', 'r', 'g', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "lyst.co.uk", true */ 'l', 'y', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "lyx.dk", true */ 'l', 'y', 'x', '.', 'd', 'k', '\0', + /* "lz.sb", true */ 'l', 'z', '.', 's', 'b', '\0', + /* "m-22.com", true */ 'm', '-', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "m-edmondson.co.uk", true */ 'm', '-', 'e', 'd', 'm', 'o', 'n', 'd', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "m-generator.com", true */ 'm', '-', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "m-idea.jp", true */ 'm', '-', 'i', 'd', 'e', 'a', '.', 'j', 'p', '\0', + /* "m-kleinert.de", false */ 'm', '-', 'k', 'l', 'e', 'i', 'n', 'e', 'r', 't', '.', 'd', 'e', '\0', + /* "m-mail.fr", true */ 'm', '-', 'm', 'a', 'i', 'l', '.', 'f', 'r', '\0', + /* "m-orthodontic.com", true */ 'm', '-', 'o', 'r', 't', 'h', 'o', 'd', 'o', 'n', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "m-plan.com", true */ 'm', '-', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "m-ses.fr", true */ 'm', '-', 's', 'e', 's', '.', 'f', 'r', '\0', + /* "m.facebook.com", true */ 'm', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "m.mail.ru", true */ 'm', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0', + /* "m.me", true */ 'm', '.', 'm', 'e', '\0', + /* "m0t0k1ch1.com", true */ 'm', '0', 't', '0', 'k', '1', 'c', 'h', '1', '.', 'c', 'o', 'm', '\0', + /* "m132.eu", true */ 'm', '1', '3', '2', '.', 'e', 'u', '\0', + /* "m2epro.com", true */ 'm', '2', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "m2os.com", true */ 'm', '2', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "m4rcus.de", true */ 'm', '4', 'r', 'c', 'u', 's', '.', 'd', 'e', '\0', + /* "ma-eir.nl", true */ 'm', 'a', '-', 'e', 'i', 'r', '.', 'n', 'l', '\0', + /* "ma-plancha.ch", true */ 'm', 'a', '-', 'p', 'l', 'a', 'n', 'c', 'h', 'a', '.', 'c', 'h', '\0', + /* "ma2t.com", true */ 'm', 'a', '2', 't', '.', 'c', 'o', 'm', '\0', + /* "maartenderaedemaeker.be", true */ 'm', 'a', 'a', 'r', 't', 'e', 'n', 'd', 'e', 'r', 'a', 'e', 'd', 'e', 'm', 'a', 'e', 'k', 'e', 'r', '.', 'b', 'e', '\0', + /* "maartenprovo.be", true */ 'm', 'a', 'a', 'r', 't', 'e', 'n', 'p', 'r', 'o', 'v', 'o', '.', 'b', 'e', '\0', + /* "maartenvandekamp.nl", true */ 'm', 'a', 'a', 'r', 't', 'e', 'n', 'v', 'a', 'n', 'd', 'e', 'k', 'a', 'm', 'p', '.', 'n', 'l', '\0', + /* "maaya.jp", true */ 'm', 'a', 'a', 'y', 'a', '.', 'j', 'p', '\0', + /* "mabankonline.com", true */ 'm', 'a', 'b', 'a', 'n', 'k', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "mabulledu.net", true */ 'm', 'a', 'b', 'u', 'l', 'l', 'e', 'd', 'u', '.', 'n', 'e', 't', '\0', + /* "mac-i-tea.ch", true */ 'm', 'a', 'c', '-', 'i', '-', 't', 'e', 'a', '.', 'c', 'h', '\0', + /* "mac-world.pl", true */ 'm', 'a', 'c', '-', 'w', 'o', 'r', 'l', 'd', '.', 'p', 'l', '\0', + /* "mac1.net", true */ 'm', 'a', 'c', '1', '.', 'n', 'e', 't', '\0', + /* "macandtonic.com", true */ 'm', 'a', 'c', 'a', 'n', 'd', 't', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "macaque.io", false */ 'm', 'a', 'c', 'a', 'q', 'u', 'e', '.', 'i', 'o', '\0', + /* "macaw.nl", true */ 'm', 'a', 'c', 'a', 'w', '.', 'n', 'l', '\0', + /* "macaws.org", true */ 'm', 'a', 'c', 'a', 'w', 's', '.', 'o', 'r', 'g', '\0', + /* "maceinturecuir.com", true */ 'm', 'a', 'c', 'e', 'i', 'n', 't', 'u', 'r', 'e', 'c', 'u', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "maces-net.de", true */ 'm', 'a', 'c', 'e', 's', '-', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "mach-politik.ch", true */ 'm', 'a', 'c', 'h', '-', 'p', 'o', 'l', 'i', 't', 'i', 'k', '.', 'c', 'h', '\0', + /* "macha.cloud", true */ 'm', 'a', 'c', 'h', 'a', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "machbach.com", true */ 'm', 'a', 'c', 'h', 'b', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "machbach.net", true */ 'm', 'a', 'c', 'h', 'b', 'a', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "machetewp.com", true */ 'm', 'a', 'c', 'h', 'e', 't', 'e', 'w', 'p', '.', 'c', 'o', 'm', '\0', + /* "machikka.com", false */ 'm', 'a', 'c', 'h', 'i', 'k', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "machineryhouse.com.au", false */ 'm', 'a', 'c', 'h', 'i', 'n', 'e', 'r', 'y', 'h', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "macht-elektro.de", true */ 'm', 'a', 'c', 'h', 't', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0', + /* "machtweb.de", true */ 'm', 'a', 'c', 'h', 't', 'w', 'e', 'b', '.', 'd', 'e', '\0', + /* "maciespartyhire.co.uk", true */ 'm', 'a', 'c', 'i', 'e', 's', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "macker.io", true */ 'm', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'o', '\0', + /* "mackey7.net", true */ 'm', 'a', 'c', 'k', 'e', 'y', '7', '.', 'n', 'e', 't', '\0', + /* "maclemon.at", true */ 'm', 'a', 'c', 'l', 'e', 'm', 'o', 'n', '.', 'a', 't', '\0', + /* "macleod.io", true */ 'm', 'a', 'c', 'l', 'e', 'o', 'd', '.', 'i', 'o', '\0', + /* "macnemo.de", true */ 'm', 'a', 'c', 'n', 'e', 'm', 'o', '.', 'd', 'e', '\0', + /* "macnetwork.eu", true */ 'm', 'a', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '\0', + /* "macnetwork.fr", true */ 'm', 'a', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'f', 'r', '\0', + /* "macnetwork.net", true */ 'm', 'a', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "maco.org.uk", true */ 'm', 'a', 'c', 'o', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "maconnerie-dcs.ch", true */ 'm', 'a', 'c', 'o', 'n', 'n', 'e', 'r', 'i', 'e', '-', 'd', 'c', 's', '.', 'c', 'h', '\0', + /* "macosxfilerecovery.com", true */ 'm', 'a', 'c', 'o', 's', 'x', 'f', 'i', 'l', 'e', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "macoun.de", true */ 'm', 'a', 'c', 'o', 'u', 'n', '.', 'd', 'e', '\0', + /* "macstore.pe", true */ 'm', 'a', 'c', 's', 't', 'o', 'r', 'e', '.', 'p', 'e', '\0', + /* "mactools.com.co", true */ 'm', 'a', 'c', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0', + /* "madae.nl", true */ 'm', 'a', 'd', 'a', 'e', '.', 'n', 'l', '\0', + /* "madbin.com", true */ 'm', 'a', 'd', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "madbouncycastles.co.uk", true */ 'm', 'a', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "madcatdesign.de", true */ 'm', 'a', 'd', 'c', 'a', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0', + /* "maddi.biz", true */ 'm', 'a', 'd', 'd', 'i', '.', 'b', 'i', 'z', '\0', + /* "made-in-earth.co.jp", true */ 'm', 'a', 'd', 'e', '-', 'i', 'n', '-', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "madebyshore.com", true */ 'm', 'a', 'd', 'e', 'b', 'y', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "madeglobal.com", true */ 'm', 'a', 'd', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "madeinchezmoi.net", true */ 'm', 'a', 'd', 'e', 'i', 'n', 'c', 'h', 'e', 'z', 'm', 'o', 'i', '.', 'n', 'e', 't', '\0', + /* "madeinstudio3.com", true */ 'm', 'a', 'd', 'e', 'i', 'n', 's', 't', 'u', 'd', 'i', 'o', '3', '.', 'c', 'o', 'm', '\0', + /* "madeitwor.se", true */ 'm', 'a', 'd', 'e', 'i', 't', 'w', 'o', 'r', '.', 's', 'e', '\0', + /* "mademoiselledemargaux.com", true */ 'm', 'a', 'd', 'e', 'm', 'o', 'i', 's', 'e', 'l', 'l', 'e', 'd', 'e', 'm', 'a', 'r', 'g', 'a', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "mader.jp", true */ 'm', 'a', 'd', 'e', 'r', '.', 'j', 'p', '\0', + /* "madesurveying.co.uk", true */ 'm', 'a', 'd', 'e', 's', 'u', 'r', 'v', 'e', 'y', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "madin.ru", true */ 'm', 'a', 'd', 'i', 'n', '.', 'r', 'u', '\0', + /* "madirc.net", true */ 'm', 'a', 'd', 'i', 'r', 'c', '.', 'n', 'e', 't', '\0', + /* "madmar.ee", true */ 'm', 'a', 'd', 'm', 'a', 'r', '.', 'e', 'e', '\0', + /* "madnetwork.org", true */ 'm', 'a', 'd', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0', + /* "madoka.nu", true */ 'm', 'a', 'd', 'o', 'k', 'a', '.', 'n', 'u', '\0', + /* "madokami.net", true */ 'm', 'a', 'd', 'o', 'k', 'a', 'm', 'i', '.', 'n', 'e', 't', '\0', + /* "madrants.net", true */ 'm', 'a', 'd', 'r', 'a', 'n', 't', 's', '.', 'n', 'e', 't', '\0', + /* "madreacqua.org", true */ 'm', 'a', 'd', 'r', 'e', 'a', 'c', 'q', 'u', 'a', '.', 'o', 'r', 'g', '\0', + /* "madtec.de", true */ 'm', 'a', 'd', 't', 'e', 'c', '.', 'd', 'e', '\0', + /* "mae-berlinistanbul.com", true */ 'm', 'a', 'e', '-', 'b', 'e', 'r', 'l', 'i', 'n', 'i', 's', 't', 'a', 'n', 'b', 'u', 'l', '.', 'c', 'o', 'm', '\0', + /* "maedchenflohmarkt.at", true */ 'm', 'a', 'e', 'd', 'c', 'h', 'e', 'n', 'f', 'l', 'o', 'h', 'm', 'a', 'r', 'k', 't', '.', 'a', 't', '\0', + /* "maedchenflohmarkt.de", true */ 'm', 'a', 'e', 'd', 'c', 'h', 'e', 'n', 'f', 'l', 'o', 'h', 'm', 'a', 'r', 'k', 't', '.', 'd', 'e', '\0', + /* "maelstrom.ninja", true */ 'm', 'a', 'e', 'l', 's', 't', 'r', 'o', 'm', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "maeplasticsurgery.com", true */ 'm', 'a', 'e', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "maestrano.com", true */ 'm', 'a', 'e', 's', 't', 'r', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "maff.co.uk", true */ 'm', 'a', 'f', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "maff.scot", false */ 'm', 'a', 'f', 'f', '.', 's', 'c', 'o', 't', '\0', + /* "mafia.network", true */ 'm', 'a', 'f', 'i', 'a', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "mafiaforum.de", true */ 'm', 'a', 'f', 'i', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "mafiapenguin.club", true */ 'm', 'a', 'f', 'i', 'a', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'c', 'l', 'u', 'b', '\0', + /* "mafiasi.de", true */ 'm', 'a', 'f', 'i', 'a', 's', 'i', '.', 'd', 'e', '\0', + /* "magasindejouets.com", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 'd', 'e', 'j', 'o', 'u', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "magasinsalledebain.be", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', '.', 'b', 'e', '\0', + /* "magasinsalledebain.fr", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', '.', 'f', 'r', '\0', + /* "magasinsalledebains.be", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', 's', '.', 'b', 'e', '\0', + /* "magasinsalledebains.fr", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', 's', '.', 'f', 'r', '\0', + /* "magazinedabeleza.net", true */ 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', 'd', 'a', 'b', 'e', 'l', 'e', 'z', 'a', '.', 'n', 'e', 't', '\0', + /* "magazinedotreino.com.br", true */ 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', 'd', 'o', 't', 'r', 'e', 'i', 'n', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "magdic.eu", true */ 'm', 'a', 'g', 'd', 'i', 'c', '.', 'e', 'u', '\0', + /* "magebankin.com", true */ 'm', 'a', 'g', 'e', 'b', 'a', 'n', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "magenbrot.net", false */ 'm', 'a', 'g', 'e', 'n', 'b', 'r', 'o', 't', '.', 'n', 'e', 't', '\0', + /* "magenda.sk", true */ 'm', 'a', 'g', 'e', 'n', 'd', 'a', '.', 's', 'k', '\0', + /* "magentaize.net", true */ 'm', 'a', 'g', 'e', 'n', 't', 'a', 'i', 'z', 'e', '.', 'n', 'e', 't', '\0', + /* "magentapinkinteriors.co.uk", true */ 'm', 'a', 'g', 'e', 'n', 't', 'a', 'p', 'i', 'n', 'k', 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "magi.systems", true */ 'm', 'a', 'g', 'i', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0', + /* "magicball.co", true */ 'm', 'a', 'g', 'i', 'c', 'b', 'a', 'l', 'l', '.', 'c', 'o', '\0', + /* "magicdaysomagh.co.uk", true */ 'm', 'a', 'g', 'i', 'c', 'd', 'a', 'y', 's', 'o', 'm', 'a', 'g', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "magickmoments.co.uk", true */ 'm', 'a', 'g', 'i', 'c', 'k', 'm', 'o', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "magiclen.org", true */ 'm', 'a', 'g', 'i', 'c', 'l', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "magicspaceninjapirates.de", true */ 'm', 'a', 'g', 'i', 'c', 's', 'p', 'a', 'c', 'e', 'n', 'i', 'n', 'j', 'a', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 'd', 'e', '\0', + /* "magictable.com", true */ 'm', 'a', 'g', 'i', 'c', 't', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "magilio.com", true */ 'm', 'a', 'g', 'i', 'l', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "magnatronic.com.br", true */ 'm', 'a', 'g', 'n', 'a', 't', 'r', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "magneticattraction.com.au", true */ 'm', 'a', 'g', 'n', 'e', 't', 'i', 'c', 'a', 't', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "magnets.jp", true */ 'm', 'a', 'g', 'n', 'e', 't', 's', '.', 'j', 'p', '\0', + /* "magnettracker.com", true */ 'm', 'a', 'g', 'n', 'e', 't', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "magnificentdata.com", true */ 'm', 'a', 'g', 'n', 'i', 'f', 'i', 'c', 'e', 'n', 't', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "magnoliadoulas.com", true */ 'm', 'a', 'g', 'n', 'o', 'l', 'i', 'a', 'd', 'o', 'u', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "magnoliastrong.com", true */ 'm', 'a', 'g', 'n', 'o', 'l', 'i', 'a', 's', 't', 'r', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "magwin.co.uk", true */ 'm', 'a', 'g', 'w', 'i', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mahai.me", true */ 'm', 'a', 'h', 'a', 'i', '.', 'm', 'e', '\0', + /* "mahansexcavating.com", true */ 'm', 'a', 'h', 'a', 'n', 's', 'e', 'x', 'c', 'a', 'v', 'a', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "mahatmayoga.org", true */ 'm', 'a', 'h', 'a', 't', 'm', 'a', 'y', 'o', 'g', 'a', '.', 'o', 'r', 'g', '\0', + /* "mahefa.co.uk", true */ 'm', 'a', 'h', 'e', 'f', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mahjong.org", true */ 'm', 'a', 'h', 'j', 'o', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "mahrer.net", true */ 'm', 'a', 'h', 'r', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "maiaimobiliare.ro", true */ 'm', 'a', 'i', 'a', 'i', 'm', 'o', 'b', 'i', 'l', 'i', 'a', 'r', 'e', '.', 'r', 'o', '\0', + /* "maiebanatulfruncea.com", true */ 'm', 'a', 'i', 'e', 'b', 'a', 'n', 'a', 't', 'u', 'l', 'f', 'r', 'u', 'n', 'c', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "mail-rotter.de", true */ 'm', 'a', 'i', 'l', '-', 'r', 'o', 't', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "mail-settings.google.com", true */ 'm', 'a', 'i', 'l', '-', 's', 'e', 't', 't', 'i', 'n', 'g', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "mail.com", true */ 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "mail.de", true */ 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0', + /* "mail.google.com", true */ 'm', 'a', 'i', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "mail.yahoo.com", false */ 'm', 'a', 'i', 'l', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "mail4geek.com", true */ 'm', 'a', 'i', 'l', '4', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "mail4you.in", true */ 'm', 'a', 'i', 'l', '4', 'y', 'o', 'u', '.', 'i', 'n', '\0', + /* "mailbox.mg", true */ 'm', 'a', 'i', 'l', 'b', 'o', 'x', '.', 'm', 'g', '\0', + /* "mailbox.org", true */ 'm', 'a', 'i', 'l', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0', + /* "mailer-dot.de", true */ 'm', 'a', 'i', 'l', 'e', 'r', '-', 'd', 'o', 't', '.', 'd', 'e', '\0', + /* "mailfence.com", true */ 'm', 'a', 'i', 'l', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "mailflank.com", true */ 'm', 'a', 'i', 'l', 'f', 'l', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "mailinabox.email", true */ 'm', 'a', 'i', 'l', 'i', 'n', 'a', 'b', 'o', 'x', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "mailjet.tech", true */ 'm', 'a', 'i', 'l', 'j', 'e', 't', '.', 't', 'e', 'c', 'h', '\0', + /* "maillady-susume.com", true */ 'm', 'a', 'i', 'l', 'l', 'a', 'd', 'y', '-', 's', 'u', 's', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "mailmag.net", true */ 'm', 'a', 'i', 'l', 'm', 'a', 'g', '.', 'n', 'e', 't', '\0', + /* "mailpenny.com", true */ 'm', 'a', 'i', 'l', 'p', 'e', 'n', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "mailto.space", true */ 'm', 'a', 'i', 'l', 't', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "main-unit.com", true */ 'm', 'a', 'i', 'n', '-', 'u', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "mainechiro.com", true */ 'm', 'a', 'i', 'n', 'e', 'c', 'h', 'i', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "mainframeserver.space", true */ 'm', 'a', 'i', 'n', 'f', 'r', 'a', 'm', 'e', 's', 'e', 'r', 'v', 'e', 'r', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "mainlined.org", true */ 'm', 'a', 'i', 'n', 'l', 'i', 'n', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "mainston.com", true */ 'm', 'a', 'i', 'n', 's', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "mainzelmaennchen.net", true */ 'm', 'a', 'i', 'n', 'z', 'e', 'l', 'm', 'a', 'e', 'n', 'n', 'c', 'h', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "maisgasolina.com", true */ 'm', 'a', 'i', 's', 'g', 'a', 's', 'o', 'l', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "maispa.com", true */ 'm', 'a', 'i', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "maisretorno.com", true */ 'm', 'a', 'i', 's', 'r', 'e', 't', 'o', 'r', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "maisvitaminas.com.br", true */ 'm', 'a', 'i', 's', 'v', 'i', 't', 'a', 'm', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "maitrechaton.fr", true */ 'm', 'a', 'i', 't', 'r', 'e', 'c', 'h', 'a', 't', 'o', 'n', '.', 'f', 'r', '\0', + /* "maitrise-orthopedique.com", true */ 'm', 'a', 'i', 't', 'r', 'i', 's', 'e', '-', 'o', 'r', 't', 'h', 'o', 'p', 'e', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "majahoidja.ee", true */ 'm', 'a', 'j', 'a', 'h', 'o', 'i', 'd', 'j', 'a', '.', 'e', 'e', '\0', + /* "majaweb.cz", true */ 'm', 'a', 'j', 'a', 'w', 'e', 'b', '.', 'c', 'z', '\0', + /* "majemedia.com", true */ 'm', 'a', 'j', 'e', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "majid.info", true */ 'm', 'a', 'j', 'i', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "majkyto.cz", true */ 'm', 'a', 'j', 'k', 'y', 't', 'o', '.', 'c', 'z', '\0', + /* "makaleci.com", true */ 'm', 'a', 'k', 'a', 'l', 'e', 'c', 'i', '.', 'c', 'o', 'm', '\0', + /* "makeaboldmove.com", true */ 'm', 'a', 'k', 'e', 'a', 'b', 'o', 'l', 'd', 'm', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "makedin.net", true */ 'm', 'a', 'k', 'e', 'd', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "makeit-so.de", false */ 'm', 'a', 'k', 'e', 'i', 't', '-', 's', 'o', '.', 'd', 'e', '\0', + /* "makem-bounce.co.uk", true */ 'm', 'a', 'k', 'e', 'm', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "makemejob.com", true */ 'm', 'a', 'k', 'e', 'm', 'e', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0', + /* "makenaiyo-fx.com", true */ 'm', 'a', 'k', 'e', 'n', 'a', 'i', 'y', 'o', '-', 'f', 'x', '.', 'c', 'o', 'm', '\0', + /* "makeuplove.nl", true */ 'm', 'a', 'k', 'e', 'u', 'p', 'l', 'o', 'v', 'e', '.', 'n', 'l', '\0', + /* "makeyourlaws.org", true */ 'm', 'a', 'k', 'e', 'y', 'o', 'u', 'r', 'l', 'a', 'w', 's', '.', 'o', 'r', 'g', '\0', + /* "makinen.ru", true */ 'm', 'a', 'k', 'i', 'n', 'e', 'n', '.', 'r', 'u', '\0', + /* "makino.games", true */ 'm', 'a', 'k', 'i', 'n', 'o', '.', 'g', 'a', 'm', 'e', 's', '\0', + /* "makkusu.photo", true */ 'm', 'a', 'k', 'k', 'u', 's', 'u', '.', 'p', 'h', 'o', 't', 'o', '\0', + /* "makowitz.cz", true */ 'm', 'a', 'k', 'o', 'w', 'i', 't', 'z', '.', 'c', 'z', '\0', + /* "maktoob.search.yahoo.com", false */ 'm', 'a', 'k', 't', 'o', 'o', 'b', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "maku.edu.tr", true */ 'm', 'a', 'k', 'u', '.', 'e', 'd', 'u', '.', 't', 'r', '\0', + /* "malachiteauth.com", true */ 'm', 'a', 'l', 'a', 'c', 'h', 'i', 't', 'e', 'a', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "malamutedoalasca.com.br", true */ 'm', 'a', 'l', 'a', 'm', 'u', 't', 'e', 'd', 'o', 'a', 'l', 'a', 's', 'c', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "malash.me", true */ 'm', 'a', 'l', 'a', 's', 'h', '.', 'm', 'e', '\0', + /* "malasuk.com", true */ 'm', 'a', 'l', 'a', 's', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "malaysia.search.yahoo.com", false */ 'm', 'a', 'l', 'a', 'y', 's', 'i', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "malaysian.dating", true */ 'm', 'a', 'l', 'a', 'y', 's', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "maldives.cx", true */ 'm', 'a', 'l', 'd', 'i', 'v', 'e', 's', '.', 'c', 'x', '\0', + /* "malenyflorist.com.au", true */ 'm', 'a', 'l', 'e', 'n', 'y', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "maliar.fr", true */ 'm', 'a', 'l', 'i', 'a', 'r', '.', 'f', 'r', '\0', + /* "malibuelectrical.com", true */ 'm', 'a', 'l', 'i', 'b', 'u', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "malik.id", true */ 'm', 'a', 'l', 'i', 'k', '.', 'i', 'd', '\0', + /* "malikussa.id", true */ 'm', 'a', 'l', 'i', 'k', 'u', 's', 's', 'a', '.', 'i', 'd', '\0', + /* "malikussaid.com", true */ 'm', 'a', 'l', 'i', 'k', 'u', 's', 's', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "malinator.net", false */ 'm', 'a', 'l', 'i', 'n', 'a', 't', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "malinheadview.ie", true */ 'm', 'a', 'l', 'i', 'n', 'h', 'e', 'a', 'd', 'v', 'i', 'e', 'w', '.', 'i', 'e', '\0', + /* "maliskovik.si", true */ 'm', 'a', 'l', 'i', 's', 'k', 'o', 'v', 'i', 'k', '.', 's', 'i', '\0', + /* "maljaars-fotografie.nl", true */ 'm', 'a', 'l', 'j', 'a', 'a', 'r', 's', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0', + /* "malkaso.com.ua", true */ 'm', 'a', 'l', 'k', 'a', 's', 'o', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "mall.cz", true */ 'm', 'a', 'l', 'l', '.', 'c', 'z', '\0', + /* "mall.hr", true */ 'm', 'a', 'l', 'l', '.', 'h', 'r', '\0', + /* "mall.hu", true */ 'm', 'a', 'l', 'l', '.', 'h', 'u', '\0', + /* "mall.pl", true */ 'm', 'a', 'l', 'l', '.', 'p', 'l', '\0', + /* "mall.sk", true */ 'm', 'a', 'l', 'l', '.', 's', 'k', '\0', + /* "mallach.net", true */ 'm', 'a', 'l', 'l', 'a', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "mallhonda.com", true */ 'm', 'a', 'l', 'l', 'h', 'o', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "mallner.me", true */ 'm', 'a', 'l', 'l', 'n', 'e', 'r', '.', 'm', 'e', '\0', + /* "mallonline.com.br", true */ 'm', 'a', 'l', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "malmoesport.se", true */ 'm', 'a', 'l', 'm', 'o', 'e', 's', 'p', 'o', 'r', 't', '.', 's', 'e', '\0', + /* "malnex.de", true */ 'm', 'a', 'l', 'n', 'e', 'x', '.', 'd', 'e', '\0', + /* "malta-firma.com", true */ 'm', 'a', 'l', 't', 'a', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "malte-kiefer.de", true */ 'm', 'a', 'l', 't', 'e', '-', 'k', 'i', 'e', 'f', 'e', 'r', '.', 'd', 'e', '\0', + /* "malvy.kiev.ua", true */ 'm', 'a', 'l', 'v', 'y', '.', 'k', 'i', 'e', 'v', '.', 'u', 'a', '\0', + /* "malware.watch", true */ 'm', 'a', 'l', 'w', 'a', 'r', 'e', '.', 'w', 'a', 't', 'c', 'h', '\0', + /* "malwarekillers.com", true */ 'm', 'a', 'l', 'w', 'a', 'r', 'e', 'k', 'i', 'l', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "maly.cz", true */ 'm', 'a', 'l', 'y', '.', 'c', 'z', '\0', + /* "maly.io", true */ 'm', 'a', 'l', 'y', '.', 'i', 'o', '\0', + /* "malyshata.com", true */ 'm', 'a', 'l', 'y', 's', 'h', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "malysvet.net", true */ 'm', 'a', 'l', 'y', 's', 'v', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "mamacobaby.com", true */ 'm', 'a', 'm', 'a', 'c', 'o', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "mamadea.be", true */ 'm', 'a', 'm', 'a', 'd', 'e', 'a', '.', 'b', 'e', '\0', + /* "mamadoma.com.ua", true */ 'm', 'a', 'm', 'a', 'd', 'o', 'm', 'a', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "mamanecesitaungintonic.com", true */ 'm', 'a', 'm', 'a', 'n', 'e', 'c', 'e', 's', 'i', 't', 'a', 'u', 'n', 'g', 'i', 'n', 't', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "mamastore.eu", true */ 'm', 'a', 'm', 'a', 's', 't', 'o', 'r', 'e', '.', 'e', 'u', '\0', + /* "mamiecouscous.com", true */ 'm', 'a', 'm', 'i', 'e', 'c', 'o', 'u', 's', 'c', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "mammals.net", true */ 'm', 'a', 'm', 'm', 'a', 'l', 's', '.', 'n', 'e', 't', '\0', + /* "mammaw.com", true */ 'm', 'a', 'm', 'm', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "mammeitalianeavienna.com", true */ 'm', 'a', 'm', 'm', 'e', 'i', 't', 'a', 'l', 'i', 'a', 'n', 'e', 'a', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "mammooc.org", true */ 'm', 'a', 'm', 'm', 'o', 'o', 'c', '.', 'o', 'r', 'g', '\0', + /* "mamospienas.lt", true */ 'm', 'a', 'm', 'o', 's', 'p', 'i', 'e', 'n', 'a', 's', '.', 'l', 't', '\0', + /* "mamot.fr", false */ 'm', 'a', 'm', 'o', 't', '.', 'f', 'r', '\0', + /* "mamout.xyz", true */ 'm', 'a', 'm', 'o', 'u', 't', '.', 'x', 'y', 'z', '\0', + /* "man3s.jp", true */ 'm', 'a', 'n', '3', 's', '.', 'j', 'p', '\0', + /* "manage.cm", true */ 'm', 'a', 'n', 'a', 'g', 'e', '.', 'c', 'm', '\0', + /* "manage4all.de", true */ 'm', 'a', 'n', 'a', 'g', 'e', '4', 'a', 'l', 'l', '.', 'd', 'e', '\0', + /* "management-companie.ro", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'i', 'e', '.', 'r', 'o', '\0', + /* "management-ethics.com", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '-', 'e', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "managementboek.nl", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', 'b', 'o', 'e', 'k', '.', 'n', 'l', '\0', + /* "managementfeedback.com", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', 'f', 'e', 'e', 'd', 'b', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "manageprojects.com", false */ 'm', 'a', 'n', 'a', 'g', 'e', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "manager-efficacement.com", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'r', '-', 'e', 'f', 'f', 'i', 'c', 'a', 'c', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "manager.linode.com", false */ 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "managewp.org", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'w', 'p', '.', 'o', 'r', 'g', '\0', + /* "manalu.cz", true */ 'm', 'a', 'n', 'a', 'l', 'u', '.', 'c', 'z', '\0', + /* "manatees.net", true */ 'm', 'a', 'n', 'a', 't', 'e', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "manav-it.de", true */ 'm', 'a', 'n', 'a', 'v', '-', 'i', 't', '.', 'd', 'e', '\0', + /* "manavgabhawala.com", true */ 'm', 'a', 'n', 'a', 'v', 'g', 'a', 'b', 'h', 'a', 'w', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "manawill.jp", true */ 'm', 'a', 'n', 'a', 'w', 'i', 'l', 'l', '.', 'j', 'p', '\0', + /* "mandala-ausmalbilder.de", true */ 'm', 'a', 'n', 'd', 'a', 'l', 'a', '-', 'a', 'u', 's', 'm', 'a', 'l', 'b', 'i', 'l', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "mandcbouncycastlehire.co.uk", true */ 'm', 'a', 'n', 'd', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mandm.servebeer.com", true */ 'm', 'a', 'n', 'd', 'm', '.', 's', 'e', 'r', 'v', 'e', 'b', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "manesht.ir", true */ 'm', 'a', 'n', 'e', 's', 'h', 't', '.', 'i', 'r', '\0', + /* "manfredgruber.net", true */ 'm', 'a', 'n', 'f', 'r', 'e', 'd', 'g', 'r', 'u', 'b', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "manfredimatteo.com", true */ 'm', 'a', 'n', 'f', 'r', 'e', 'd', 'i', 'm', 'a', 't', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "mangaristica.com", true */ 'm', 'a', 'n', 'g', 'a', 'r', 'i', 's', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "manhattanchoralensemble.org", true */ 'm', 'a', 'n', 'h', 'a', 't', 't', 'a', 'n', 'c', 'h', 'o', 'r', 'a', 'l', 'e', 'n', 's', 'e', 'm', 'b', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "manhole.club", true */ 'm', 'a', 'n', 'h', 'o', 'l', 'e', '.', 'c', 'l', 'u', 'b', '\0', + /* "manicbouncycastles.co.uk", true */ 'm', 'a', 'n', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "manicode.com", true */ 'm', 'a', 'n', 'i', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "maniorpedi.com", true */ 'm', 'a', 'n', 'i', 'o', 'r', 'p', 'e', 'd', 'i', '.', 'c', 'o', 'm', '\0', + /* "maniosglass.gr", true */ 'm', 'a', 'n', 'i', 'o', 's', 'g', 'l', 'a', 's', 's', '.', 'g', 'r', '\0', + /* "manipil.ch", true */ 'm', 'a', 'n', 'i', 'p', 'i', 'l', '.', 'c', 'h', '\0', + /* "manja-und-martin.de", true */ 'm', 'a', 'n', 'j', 'a', '-', 'u', 'n', 'd', '-', 'm', 'a', 'r', 't', 'i', 'n', '.', 'd', 'e', '\0', + /* "manjaro.ru", true */ 'm', 'a', 'n', 'j', 'a', 'r', 'o', '.', 'r', 'u', '\0', + /* "mankans.com", true */ 'm', 'a', 'n', 'k', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "manneguiden.no", true */ 'm', 'a', 'n', 'n', 'e', 'g', 'u', 'i', 'd', 'e', 'n', '.', 'n', 'o', '\0', + /* "mannford.com", true */ 'm', 'a', 'n', 'n', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "mannheimbloggt.tk", true */ 'm', 'a', 'n', 'n', 'h', 'e', 'i', 'm', 'b', 'l', 'o', 'g', 'g', 't', '.', 't', 'k', '\0', + /* "manns-solutions.co.uk", true */ 'm', 'a', 'n', 'n', 's', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mannschafft.ch", true */ 'm', 'a', 'n', 'n', 's', 'c', 'h', 'a', 'f', 'f', 't', '.', 'c', 'h', '\0', + /* "manoirdecontres.com", true */ 'm', 'a', 'n', 'o', 'i', 'r', 'd', 'e', 'c', 'o', 'n', 't', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "manojsharan.me", true */ 'm', 'a', 'n', 'o', 'j', 's', 'h', 'a', 'r', 'a', 'n', '.', 'm', 'e', '\0', + /* "manova.cz", true */ 'm', 'a', 'n', 'o', 'v', 'a', '.', 'c', 'z', '\0', + /* "manowarus.com", true */ 'm', 'a', 'n', 'o', 'w', 'a', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "mansdell.net", true */ 'm', 'a', 'n', 's', 'd', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0', + /* "mantor.org", false */ 'm', 'a', 'n', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0', + /* "manualscollection.com", true */ 'm', 'a', 'n', 'u', 'a', 'l', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "manuel-herrmann.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', '-', 'h', 'e', 'r', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "manuel-schefczyk.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0', + /* "manueldopheide.com", true */ 'm', 'a', 'n', 'u', 'e', 'l', 'd', 'o', 'p', 'h', 'e', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "manueli.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', 'i', '.', 'd', 'e', '\0', + /* "manuelrueger.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', 'r', 'u', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "manufacturing.gov", true */ 'm', 'a', 'n', 'u', 'f', 'a', 'c', 't', 'u', 'r', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0', + /* "manuscript.com", true */ 'm', 'a', 'n', 'u', 's', 'c', 'r', 'i', 'p', 't', '.', 'c', 'o', 'm', '\0', + /* "manutd.org.np", true */ 'm', 'a', 'n', 'u', 't', 'd', '.', 'o', 'r', 'g', '.', 'n', 'p', '\0', + /* "manuth.life", true */ 'm', 'a', 'n', 'u', 't', 'h', '.', 'l', 'i', 'f', 'e', '\0', + /* "manutrol.com.br", true */ 'm', 'a', 'n', 'u', 't', 'r', 'o', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "manwithavan.co.uk", true */ 'm', 'a', 'n', 'w', 'i', 't', 'h', 'a', 'v', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "manyetikboya.com", true */ 'm', 'a', 'n', 'y', 'e', 't', 'i', 'k', 'b', 'o', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "manyiu.com", true */ 'm', 'a', 'n', 'y', 'i', 'u', '.', 'c', 'o', 'm', '\0', + /* "manyue.org", true */ 'm', 'a', 'n', 'y', 'u', 'e', '.', 'o', 'r', 'g', '\0', + /* "maomihz.com", true */ 'm', 'a', 'o', 'm', 'i', 'h', 'z', '.', 'c', 'o', 'm', '\0', + /* "maone.net", true */ 'm', 'a', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "maorseo.com", true */ 'm', 'a', 'o', 'r', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "maosensanguentadasdejesus.net", true */ 'm', 'a', 'o', 's', 'e', 'n', 's', 'a', 'n', 'g', 'u', 'e', 'n', 't', 'a', 'd', 'a', 's', 'd', 'e', 'j', 'e', 's', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "maowtm.org", true */ 'm', 'a', 'o', 'w', 't', 'm', '.', 'o', 'r', 'g', '\0', + /* "maozedong.red", true */ 'm', 'a', 'o', 'z', 'e', 'd', 'o', 'n', 'g', '.', 'r', 'e', 'd', '\0', + /* "map4erfurt.de", true */ 'm', 'a', 'p', '4', 'e', 'r', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0', + /* "map4jena.de", true */ 'm', 'a', 'p', '4', 'j', 'e', 'n', 'a', '.', 'd', 'e', '\0', + /* "mapasmundi.com.br", true */ 'm', 'a', 'p', 'a', 's', 'm', 'u', 'n', 'd', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mapblender.com", true */ 'm', 'a', 'p', 'b', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "maplanetebeaute.fr", true */ 'm', 'a', 'p', 'l', 'a', 'n', 'e', 't', 'e', 'b', 'e', 'a', 'u', 't', 'e', '.', 'f', 'r', '\0', + /* "maplenorth.co", true */ 'm', 'a', 'p', 'l', 'e', 'n', 'o', 'r', 't', 'h', '.', 'c', 'o', '\0', + /* "mapletime.com", true */ 'm', 'a', 'p', 'l', 'e', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "maquettage.com", true */ 'm', 'a', 'q', 'u', 'e', 't', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "maquillage-permanent-tatoo.com", true */ 'm', 'a', 'q', 'u', 'i', 'l', 'l', 'a', 'g', 'e', '-', 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 't', '-', 't', 'a', 't', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "maquinariaspesadas.org", true */ 'm', 'a', 'q', 'u', 'i', 'n', 'a', 'r', 'i', 'a', 's', 'p', 'e', 's', 'a', 'd', 'a', 's', '.', 'o', 'r', 'g', '\0', + /* "marabumadrid.com", false */ 'm', 'a', 'r', 'a', 'b', 'u', 'm', 'a', 'd', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "marakovits.net", true */ 'm', 'a', 'r', 'a', 'k', 'o', 'v', 'i', 't', 's', '.', 'n', 'e', 't', '\0', + /* "marble.com", true */ 'm', 'a', 'r', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "marbogardenlidkoping.se", true */ 'm', 'a', 'r', 'b', 'o', 'g', 'a', 'r', 'd', 'e', 'n', 'l', 'i', 'd', 'k', 'o', 'p', 'i', 'n', 'g', '.', 's', 'e', '\0', + /* "marc-schlagenhauf.de", true */ 'm', 'a', 'r', 'c', '-', 's', 'c', 'h', 'l', 'a', 'g', 'e', 'n', 'h', 'a', 'u', 'f', '.', 'd', 'e', '\0', + /* "marcaudefroy.com", true */ 'm', 'a', 'r', 'c', 'a', 'u', 'd', 'e', 'f', 'r', 'o', 'y', '.', 'c', 'o', 'm', '\0', + /* "marcbuehlmann.com", true */ 'm', 'a', 'r', 'c', 'b', 'u', 'e', 'h', 'l', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "marcdorka.de", true */ 'm', 'a', 'r', 'c', 'd', 'o', 'r', 'k', 'a', '.', 'd', 'e', '\0', + /* "marceau.ovh", true */ 'm', 'a', 'r', 'c', 'e', 'a', 'u', '.', 'o', 'v', 'h', '\0', + /* "marcel-preuss.de", true */ 'm', 'a', 'r', 'c', 'e', 'l', '-', 'p', 'r', 'e', 'u', 's', 's', '.', 'd', 'e', '\0', + /* "marcelinofranchini.com", true */ 'm', 'a', 'r', 'c', 'e', 'l', 'i', 'n', 'o', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "marcelpreuss.de", true */ 'm', 'a', 'r', 'c', 'e', 'l', 'p', 'r', 'e', 'u', 's', 's', '.', 'd', 'e', '\0', + /* "marcelsiegert.com", true */ 'm', 'a', 'r', 'c', 'e', 'l', 's', 'i', 'e', 'g', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "marcgoertz.de", true */ 'm', 'a', 'r', 'c', 'g', 'o', 'e', 'r', 't', 'z', '.', 'd', 'e', '\0', + /* "marche-contre-monsanto.ch", true */ 'm', 'a', 'r', 'c', 'h', 'e', '-', 'c', 'o', 'n', 't', 'r', 'e', '-', 'm', 'o', 'n', 's', 'a', 'n', 't', 'o', '.', 'c', 'h', '\0', + /* "marciaimportados.com.br", true */ 'm', 'a', 'r', 'c', 'i', 'a', 'i', 'm', 'p', 'o', 'r', 't', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "marcianoandtopazio.com", true */ 'm', 'a', 'r', 'c', 'i', 'a', 'n', 'o', 'a', 'n', 'd', 't', 'o', 'p', 'a', 'z', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "marco-kretz.de", true */ 'm', 'a', 'r', 'c', 'o', '-', 'k', 'r', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "marco-polo-reisen.com", true */ 'm', 'a', 'r', 'c', 'o', '-', 'p', 'o', 'l', 'o', '-', 'r', 'e', 'i', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "marcocasoni.com", true */ 'm', 'a', 'r', 'c', 'o', 'c', 'a', 's', 'o', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "marcohager.de", true */ 'm', 'a', 'r', 'c', 'o', 'h', 'a', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "marcoherten.com", true */ 'm', 'a', 'r', 'c', 'o', 'h', 'e', 'r', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "marcoslater.com", true */ 'm', 'a', 'r', 'c', 'o', 's', 'l', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "marcuskoh.com", true */ 'm', 'a', 'r', 'c', 'u', 's', 'k', 'o', 'h', '.', 'c', 'o', 'm', '\0', + /* "marcusstafford.com", true */ 'm', 'a', 'r', 'c', 'u', 's', 's', 't', 'a', 'f', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "marek.su", true */ 'm', 'a', 'r', 'e', 'k', '.', 's', 'u', '\0', + /* "mareklecian.cz", true */ 'm', 'a', 'r', 'e', 'k', 'l', 'e', 'c', 'i', 'a', 'n', '.', 'c', 'z', '\0', + /* "margagriesser.de", true */ 'm', 'a', 'r', 'g', 'a', 'g', 'r', 'i', 'e', 's', 's', 'e', 'r', '.', 'd', 'e', '\0', + /* "margan.ch", true */ 'm', 'a', 'r', 'g', 'a', 'n', '.', 'c', 'h', '\0', + /* "margecommunication.com", true */ 'm', 'a', 'r', 'g', 'e', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "margo-co.ch", true */ 'm', 'a', 'r', 'g', 'o', '-', 'c', 'o', '.', 'c', 'h', '\0', + /* "margotlondon.co.uk", true */ 'm', 'a', 'r', 'g', 'o', 't', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mariacristinadoces.com.br", true */ 'm', 'a', 'r', 'i', 'a', 'c', 'r', 'i', 's', 't', 'i', 'n', 'a', 'd', 'o', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mariage-photo.ch", true */ 'm', 'a', 'r', 'i', 'a', 'g', 'e', '-', 'p', 'h', 'o', 't', 'o', '.', 'c', 'h', '\0', + /* "marianatherapy.com", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'a', 't', 'h', 'e', 'r', 'a', 'p', 'y', '.', 'c', 'o', 'm', '\0', + /* "marianhoenscheid.de", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'h', 'o', 'e', 'n', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0', + /* "mariannenan.nl", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'n', 'e', 'n', 'a', 'n', '.', 'n', 'l', '\0', + /* "marianwehlus.de", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'w', 'e', 'h', 'l', 'u', 's', '.', 'd', 'e', '\0', + /* "mariaolesen.dk", true */ 'm', 'a', 'r', 'i', 'a', 'o', 'l', 'e', 's', 'e', 'n', '.', 'd', 'k', '\0', + /* "marie.club", true */ 'm', 'a', 'r', 'i', 'e', '.', 'c', 'l', 'u', 'b', '\0', + /* "mariehane.com", true */ 'm', 'a', 'r', 'i', 'e', 'h', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "mariemiramont.fr", true */ 'm', 'a', 'r', 'i', 'e', 'm', 'i', 'r', 'a', 'm', 'o', 'n', 't', '.', 'f', 'r', '\0', + /* "marikafranke.de", true */ 'm', 'a', 'r', 'i', 'k', 'a', 'f', 'r', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0', + /* "marilynmartin.com.au", true */ 'm', 'a', 'r', 'i', 'l', 'y', 'n', 'm', 'a', 'r', 't', 'i', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "marilynstreats.com", true */ 'm', 'a', 'r', 'i', 'l', 'y', 'n', 's', 't', 'r', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "marin-business-center.ch", true */ 'm', 'a', 'r', 'i', 'n', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'h', '\0', + /* "marin-tullet.com", true */ 'm', 'a', 'r', 'i', 'n', '-', 't', 'u', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "marinazarza.es", true */ 'm', 'a', 'r', 'i', 'n', 'a', 'z', 'a', 'r', 'z', 'a', '.', 'e', 's', '\0', + /* "marinbusinesscenter.ch", true */ 'm', 'a', 'r', 'i', 'n', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'h', '\0', + /* "marine.gov", true */ 'm', 'a', 'r', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0', + /* "marinekaplama.com", true */ 'm', 'a', 'r', 'i', 'n', 'e', 'k', 'a', 'p', 'l', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "marines-shop.com", true */ 'm', 'a', 'r', 'i', 'n', 'e', 's', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "mario.party", false */ 'm', 'a', 'r', 'i', 'o', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "marioabela.com", true */ 'm', 'a', 'r', 'i', 'o', 'a', 'b', 'e', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "mariogeckler.de", true */ 'm', 'a', 'r', 'i', 'o', 'g', 'e', 'c', 'k', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "mariposah.ch", true */ 'm', 'a', 'r', 'i', 'p', 'o', 's', 'a', 'h', '.', 'c', 'h', '\0', + /* "marisamorby.com", true */ 'm', 'a', 'r', 'i', 's', 'a', 'm', 'o', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "maritim.go.id", false */ 'm', 'a', 'r', 'i', 't', 'i', 'm', '.', 'g', 'o', '.', 'i', 'd', '\0', + /* "mariushubatschek.de", true */ 'm', 'a', 'r', 'i', 'u', 's', 'h', 'u', 'b', 'a', 't', 's', 'c', 'h', 'e', 'k', '.', 'd', 'e', '\0', + /* "mariusschulte.de", true */ 'm', 'a', 'r', 'i', 'u', 's', 's', 'c', 'h', 'u', 'l', 't', 'e', '.', 'd', 'e', '\0', + /* "mariviolin.com", true */ 'm', 'a', 'r', 'i', 'v', 'i', 'o', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "marix.ro", true */ 'm', 'a', 'r', 'i', 'x', '.', 'r', 'o', '\0', + /* "marjoleindens.be", true */ 'm', 'a', 'r', 'j', 'o', 'l', 'e', 'i', 'n', 'd', 'e', 'n', 's', '.', 'b', 'e', '\0', + /* "mark-a-hydrant.com", true */ 'm', 'a', 'r', 'k', '-', 'a', '-', 'h', 'y', 'd', 'r', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "mark-semmler.de", true */ 'm', 'a', 'r', 'k', '-', 's', 'e', 'm', 'm', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "markepps.com", true */ 'm', 'a', 'r', 'k', 'e', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "market.android.com", true */ 'm', 'a', 'r', 'k', 'e', 't', '.', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "marketgot.com", true */ 'm', 'a', 'r', 'k', 'e', 't', 'g', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "marketing-advertising.eu", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '-', 'a', 'd', 'v', 'e', 'r', 't', 'i', 's', 'i', 'n', 'g', '.', 'e', 'u', '\0', + /* "marketing.limited", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'l', 'i', 'm', 'i', 't', 'e', 'd', '\0', + /* "marketingvirtuales.com", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'v', 'i', 'r', 't', 'u', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "marketio.co", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'o', '.', 'c', 'o', '\0', + /* "marketizare.ro", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'z', 'a', 'r', 'e', '.', 'r', 'o', '\0', + /* "marketnsight.com", true */ 'm', 'a', 'r', 'k', 'e', 't', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "markhaehnel.de", true */ 'm', 'a', 'r', 'k', 'h', 'a', 'e', 'h', 'n', 'e', 'l', '.', 'd', 'e', '\0', + /* "markido.com", true */ 'm', 'a', 'r', 'k', 'i', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "markitzeroday.com", true */ 'm', 'a', 'r', 'k', 'i', 't', 'z', 'e', 'r', 'o', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "markoh.co.uk", true */ 'm', 'a', 'r', 'k', 'o', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "markom.rs", true */ 'm', 'a', 'r', 'k', 'o', 'm', '.', 'r', 's', '\0', + /* "markow.io", true */ 'm', 'a', 'r', 'k', 'o', 'w', '.', 'i', 'o', '\0', + /* "markprof.ru", true */ 'm', 'a', 'r', 'k', 'p', 'r', 'o', 'f', '.', 'r', 'u', '\0', + /* "markrego.com", true */ 'm', 'a', 'r', 'k', 'r', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "markri.nl", false */ 'm', 'a', 'r', 'k', 'r', 'i', '.', 'n', 'l', '\0', + /* "markridgwell.com", true */ 'm', 'a', 'r', 'k', 'r', 'i', 'd', 'g', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "markridgwellcom.appspot.com", true */ 'm', 'a', 'r', 'k', 'r', 'i', 'd', 'g', 'w', 'e', 'l', 'l', 'c', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "markscastles.co.uk", true */ 'm', 'a', 'r', 'k', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "marksouthall.com", true */ 'm', 'a', 'r', 'k', 's', 'o', 'u', 't', 'h', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "markspres.org", true */ 'm', 'a', 'r', 'k', 's', 'p', 'r', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "markt-heiligenstadt.de", false */ 'm', 'a', 'r', 'k', 't', '-', 'h', 'e', 'i', 'l', 'i', 'g', 'e', 'n', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0', + /* "marktcontact.com", true */ 'm', 'a', 'r', 'k', 't', 'c', 'o', 'n', 't', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "marktissink.nl", true */ 'm', 'a', 'r', 'k', 't', 'i', 's', 's', 'i', 'n', 'k', '.', 'n', 'l', '\0', + /* "markup-ua.com", true */ 'm', 'a', 'r', 'k', 'u', 'p', '-', 'u', 'a', '.', 'c', 'o', 'm', '\0', + /* "markus-dev.com", true */ 'm', 'a', 'r', 'k', 'u', 's', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "markus-ullmann.de", true */ 'm', 'a', 'r', 'k', 'u', 's', '-', 'u', 'l', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "markus.design", true */ 'm', 'a', 'r', 'k', 'u', 's', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0', + /* "markusehrlicher.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'e', 'h', 'r', 'l', 'i', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0', + /* "markusgran.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'g', 'r', 'a', 'n', '.', 'd', 'e', '\0', + /* "markuskeppeler.no-ip.biz", true */ 'm', 'a', 'r', 'k', 'u', 's', 'k', 'e', 'p', 'p', 'e', 'l', 'e', 'r', '.', 'n', 'o', '-', 'i', 'p', '.', 'b', 'i', 'z', '\0', + /* "markusueberallassetmanagement.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'u', 'e', 'b', 'e', 'r', 'a', 'l', 'l', 'a', 's', 's', 'e', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'd', 'e', '\0', + /* "markusueberallconsulting.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'u', 'e', 'b', 'e', 'r', 'a', 'l', 'l', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "marl.fr", true */ 'm', 'a', 'r', 'l', '.', 'f', 'r', '\0', + /* "marlen.cz", true */ 'm', 'a', 'r', 'l', 'e', 'n', '.', 'c', 'z', '\0', + /* "marlonlosurdopictures.com", true */ 'm', 'a', 'r', 'l', 'o', 'n', 'l', 'o', 's', 'u', 'r', 'd', 'o', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "marlonschultz.de", true */ 'm', 'a', 'r', 'l', 'o', 'n', 's', 'c', 'h', 'u', 'l', 't', 'z', '.', 'd', 'e', '\0', + /* "marlosoft.net", true */ 'm', 'a', 'r', 'l', 'o', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "marmolesromero.com", true */ 'm', 'a', 'r', 'm', 'o', 'l', 'e', 's', 'r', 'o', 'm', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "marmotte.love", true */ 'm', 'a', 'r', 'm', 'o', 't', 't', 'e', '.', 'l', 'o', 'v', 'e', '\0', + /* "maroc-bivouac.com", true */ 'm', 'a', 'r', 'o', 'c', '-', 'b', 'i', 'v', 'o', 'u', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "marocemploi.co", true */ 'm', 'a', 'r', 'o', 'c', 'e', 'm', 'p', 'l', 'o', 'i', '.', 'c', 'o', '\0', + /* "marocmail.ma", true */ 'm', 'a', 'r', 'o', 'c', 'm', 'a', 'i', 'l', '.', 'm', 'a', '\0', + /* "marqperso.ch", true */ 'm', 'a', 'r', 'q', 'p', 'e', 'r', 's', 'o', '.', 'c', 'h', '\0', + /* "marquepersonnelle.ch", true */ 'm', 'a', 'r', 'q', 'u', 'e', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0', + /* "marqueswines.co.uk", true */ 'm', 'a', 'r', 'q', 'u', 'e', 's', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "marrai.de", true */ 'm', 'a', 'r', 'r', 'a', 'i', '.', 'd', 'e', '\0', + /* "marriage-shrine.jp", true */ 'm', 'a', 'r', 'r', 'i', 'a', 'g', 'e', '-', 's', 'h', 'r', 'i', 'n', 'e', '.', 'j', 'p', '\0', + /* "marrickvilleapartments.com.au", true */ 'm', 'a', 'r', 'r', 'i', 'c', 'k', 'v', 'i', 'l', 'l', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "marsanvet.com", true */ 'm', 'a', 'r', 's', 'a', 'n', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "marsatapp.com", true */ 'm', 'a', 'r', 's', 'a', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "marsble.com", true */ 'm', 'a', 'r', 's', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "marshallscastles.com", true */ 'm', 'a', 'r', 's', 'h', 'a', 'l', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "marshmallow.co", true */ 'm', 'a', 'r', 's', 'h', 'm', 'a', 'l', 'l', 'o', 'w', '.', 'c', 'o', '\0', + /* "martelange.ovh", true */ 'm', 'a', 'r', 't', 'e', 'l', 'a', 'n', 'g', 'e', '.', 'o', 'v', 'h', '\0', + /* "marten-buer.de", true */ 'm', 'a', 'r', 't', 'e', 'n', '-', 'b', 'u', 'e', 'r', '.', 'd', 'e', '\0', + /* "martensmxservice.nl", true */ 'm', 'a', 'r', 't', 'e', 'n', 's', 'm', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'n', 'l', '\0', + /* "marti201.ga", true */ 'm', 'a', 'r', 't', 'i', '2', '0', '1', '.', 'g', 'a', '\0', + /* "martide.com", true */ 'm', 'a', 'r', 't', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "martiestrimsalon.nl", true */ 'm', 'a', 'r', 't', 'i', 'e', 's', 't', 'r', 'i', 'm', 's', 'a', 'l', 'o', 'n', '.', 'n', 'l', '\0', + /* "martijn.site", true */ 'm', 'a', 'r', 't', 'i', 'j', 'n', '.', 's', 'i', 't', 'e', '\0', + /* "martin-arend.de", true */ 'm', 'a', 'r', 't', 'i', 'n', '-', 'a', 'r', 'e', 'n', 'd', '.', 'd', 'e', '\0', + /* "martin-mattel.com", true */ 'm', 'a', 'r', 't', 'i', 'n', '-', 'm', 'a', 't', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "martin-smith.info", true */ 'm', 'a', 'r', 't', 'i', 'n', '-', 's', 'm', 'i', 't', 'h', '.', 'i', 'n', 'f', 'o', '\0', + /* "martine.nu", true */ 'm', 'a', 'r', 't', 'i', 'n', 'e', '.', 'n', 'u', '\0', + /* "martingansler.de", true */ 'm', 'a', 'r', 't', 'i', 'n', 'g', 'a', 'n', 's', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "martinkup.cz", true */ 'm', 'a', 'r', 't', 'i', 'n', 'k', 'u', 'p', '.', 'c', 'z', '\0', + /* "martinkus.eu", true */ 'm', 'a', 'r', 't', 'i', 'n', 'k', 'u', 's', '.', 'e', 'u', '\0', + /* "martinmuc.de", true */ 'm', 'a', 'r', 't', 'i', 'n', 'm', 'u', 'c', '.', 'd', 'e', '\0', + /* "martins.im", true */ 'm', 'a', 'r', 't', 'i', 'n', 's', '.', 'i', 'm', '\0', + /* "martinsfamilyappliance.com", true */ 'm', 'a', 'r', 't', 'i', 'n', 's', 'f', 'a', 'm', 'i', 'l', 'y', 'a', 'p', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "martonmihaly.hu", true */ 'm', 'a', 'r', 't', 'o', 'n', 'm', 'i', 'h', 'a', 'l', 'y', '.', 'h', 'u', '\0', + /* "maru-life.com", true */ 'm', 'a', 'r', 'u', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "maruhoi.com", true */ 'm', 'a', 'r', 'u', 'h', 'o', 'i', '.', 'c', 'o', 'm', '\0', + /* "marvinkeller.de", true */ 'm', 'a', 'r', 'v', 'i', 'n', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "maryeclark.com", true */ 'm', 'a', 'r', 'y', 'e', 'c', 'l', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "maryjruggles.com", true */ 'm', 'a', 'r', 'y', 'j', 'r', 'u', 'g', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "marykatrinaphotography.com", true */ 'm', 'a', 'r', 'y', 'k', 'a', 't', 'r', 'i', 'n', 'a', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "masa-hou.com", true */ 'm', 'a', 's', 'a', '-', 'h', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "mascosolutions.com", true */ 'm', 'a', 's', 'c', 'o', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "maservant.net", true */ 'm', 'a', 's', 'e', 'r', 'v', 'a', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "mashandco.it", true */ 'm', 'a', 's', 'h', 'a', 'n', 'd', 'c', 'o', '.', 'i', 't', '\0', + /* "mashandco.tv", true */ 'm', 'a', 's', 'h', 'a', 'n', 'd', 'c', 'o', '.', 't', 'v', '\0', + /* "mashek.net", true */ 'm', 'a', 's', 'h', 'e', 'k', '.', 'n', 'e', 't', '\0', + /* "masiniunelte.store.ro", true */ 'm', 'a', 's', 'i', 'n', 'i', 'u', 'n', 'e', 'l', 't', 'e', '.', 's', 't', 'o', 'r', 'e', '.', 'r', 'o', '\0', + /* "masiul.is", true */ 'm', 'a', 's', 'i', 'u', 'l', '.', 'i', 's', '\0', + /* "maskinkultur.com", true */ 'm', 'a', 's', 'k', 'i', 'n', 'k', 'u', 'l', 't', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "maslife365.com", true */ 'm', 'a', 's', 'l', 'i', 'f', 'e', '3', '6', '5', '.', 'c', 'o', 'm', '\0', + /* "massage-vitalite.fr", true */ 'm', 'a', 's', 's', 'a', 'g', 'e', '-', 'v', 'i', 't', 'a', 'l', 'i', 't', 'e', '.', 'f', 'r', '\0', + /* "massage4u.net", true */ 'm', 'a', 's', 's', 'a', 'g', 'e', '4', 'u', '.', 'n', 'e', 't', '\0', + /* "massagecupping.com", true */ 'm', 'a', 's', 's', 'a', 'g', 'e', 'c', 'u', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "massdrop.com", true */ 'm', 'a', 's', 's', 'd', 'r', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "masse.org", true */ 'm', 'a', 's', 's', 'e', '.', 'o', 'r', 'g', '\0', + /* "massflix.com", true */ 'm', 'a', 's', 's', 'f', 'l', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "masshiro.blog", true */ 'm', 'a', 's', 's', 'h', 'i', 'r', 'o', '.', 'b', 'l', 'o', 'g', '\0', + /* "massoni.pl", true */ 'm', 'a', 's', 's', 'o', 'n', 'i', '.', 'p', 'l', '\0', + /* "massotherapeutique.com", true */ 'm', 'a', 's', 's', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'e', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "masta.ch", true */ 'm', 'a', 's', 't', 'a', '.', 'c', 'h', '\0', + /* "mastah.fr", true */ 'm', 'a', 's', 't', 'a', 'h', '.', 'f', 'r', '\0', + /* "mastd.fr", true */ 'm', 'a', 's', 't', 'd', '.', 'f', 'r', '\0', + /* "mastd.me", false */ 'm', 'a', 's', 't', 'd', '.', 'm', 'e', '\0', + /* "mastd.onl", true */ 'm', 'a', 's', 't', 'd', '.', 'o', 'n', 'l', '\0', + /* "mastellone.us", true */ 'm', 'a', 's', 't', 'e', 'l', 'l', 'o', 'n', 'e', '.', 'u', 's', '\0', + /* "master-net.org", true */ 'm', 'a', 's', 't', 'e', 'r', '-', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "mastercardpac.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'c', 'a', 'r', 'd', 'p', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "masterdemolitioninc.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'd', 'e', 'm', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "masterdigitale.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "masterhaus.bg", true */ 'm', 'a', 's', 't', 'e', 'r', 'h', 'a', 'u', 's', '.', 'b', 'g', '\0', + /* "masterhelenaroma.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'h', 'e', 'l', 'e', 'n', 'a', 'r', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "masterofallscience.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'o', 'f', 'a', 'l', 'l', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "masterpc.co.uk", true */ 'm', 'a', 's', 't', 'e', 'r', 'p', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "masterplc.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'p', 'l', 'c', '.', 'c', 'o', 'm', '\0', + /* "masters.black", true */ 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'b', 'l', 'a', 'c', 'k', '\0', + /* "mastersthesiswriting.com", true */ 'm', 'a', 's', 't', 'e', 'r', 's', 't', 'h', 'e', 's', 'i', 's', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "masterstuff.de", true */ 'm', 'a', 's', 't', 'e', 'r', 's', 't', 'u', 'f', 'f', '.', 'd', 'e', '\0', + /* "mastiffingles.com.br", true */ 'm', 'a', 's', 't', 'i', 'f', 'f', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "masto.io", true */ 'm', 'a', 's', 't', 'o', '.', 'i', 'o', '\0', + /* "mastodon.at", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'a', 't', '\0', + /* "mastodon.blue", false */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'b', 'l', 'u', 'e', '\0', + /* "mastodon.co.nz", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "mastodon.fun", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'f', 'u', 'n', '\0', + /* "mastodon.host", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'h', 'o', 's', 't', '\0', + /* "mastodon.org.uk", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "mastodon.rocks", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "mastodon.top", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 't', 'o', 'p', '\0', + /* "mat99.dk", true */ 'm', 'a', 't', '9', '9', '.', 'd', 'k', '\0', + /* "matanz.de", true */ 'm', 'a', 't', 'a', 'n', 'z', '.', 'd', 'e', '\0', + /* "matatabimix.com", true */ 'm', 'a', 't', 'a', 't', 'a', 'b', 'i', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "match.audio", true */ 'm', 'a', 't', 'c', 'h', '.', 'a', 'u', 'd', 'i', 'o', '\0', + /* "matcha-iga.jp", true */ 'm', 'a', 't', 'c', 'h', 'a', '-', 'i', 'g', 'a', '.', 'j', 'p', '\0', + /* "matchatea24.com", true */ 'm', 'a', 't', 'c', 'h', 'a', 't', 'e', 'a', '2', '4', '.', 'c', 'o', 'm', '\0', + /* "matchboxdesigngroup.com", true */ 'm', 'a', 't', 'c', 'h', 'b', 'o', 'x', 'd', 'e', 's', 'i', 'g', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "matel.org", true */ 'm', 'a', 't', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "materiaischiquinho.com.br", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'i', 's', 'c', 'h', 'i', 'q', 'u', 'i', 'n', 'h', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "material-world-fuyouhin.com", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', '-', 'w', 'o', 'r', 'l', 'd', '-', 'f', 'u', 'y', 'o', 'u', 'h', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "materialism.com", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "materialyinzynierskie.pl", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 'y', 'i', 'n', 'z', 'y', 'n', 'i', 'e', 'r', 's', 'k', 'i', 'e', '.', 'p', 'l', '\0', + /* "maternum.com", true */ 'm', 'a', 't', 'e', 'r', 'n', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "mathalexservice.info", true */ 'm', 'a', 't', 'h', 'a', 'l', 'e', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "mathembedded.com", true */ 'm', 'a', 't', 'h', 'e', 'm', 'b', 'e', 'd', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "matheo-schefczyk.de", true */ 'm', 'a', 't', 'h', 'e', 'o', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0', + /* "mathhire.org", true */ 'm', 'a', 't', 'h', 'h', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "mathias.re", true */ 'm', 'a', 't', 'h', 'i', 'a', 's', '.', 'r', 'e', '\0', + /* "mathiasbynens.be", true */ 'm', 'a', 't', 'h', 'i', 'a', 's', 'b', 'y', 'n', 'e', 'n', 's', '.', 'b', 'e', '\0', + /* "mathiasgarbe.de", true */ 'm', 'a', 't', 'h', 'i', 'a', 's', 'g', 'a', 'r', 'b', 'e', '.', 'd', 'e', '\0', + /* "mathieuguimond.com", true */ 'm', 'a', 't', 'h', 'i', 'e', 'u', 'g', 'u', 'i', 'm', 'o', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "mathieui.net", true */ 'm', 'a', 't', 'h', 'i', 'e', 'u', 'i', '.', 'n', 'e', 't', '\0', + /* "maths.network", true */ 'm', 'a', 't', 'h', 's', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "mathspace.co", true */ 'm', 'a', 't', 'h', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', '\0', + /* "matildajaneclothing.com", true */ 'm', 'a', 't', 'i', 'l', 'd', 'a', 'j', 'a', 'n', 'e', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "matjaz.it", true */ 'm', 'a', 't', 'j', 'a', 'z', '.', 'i', 't', '\0', + /* "matlabjo.ir", true */ 'm', 'a', 't', 'l', 'a', 'b', 'j', 'o', '.', 'i', 'r', '\0', + /* "matlss.com", true */ 'm', 'a', 't', 'l', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "matomeathena.com", true */ 'm', 'a', 't', 'o', 'm', 'e', 'a', 't', 'h', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "matoutepetiteboutique.com", true */ 'm', 'a', 't', 'o', 'u', 't', 'e', 'p', 'e', 't', 'i', 't', 'e', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "matriterie-sdv.ro", true */ 'm', 'a', 't', 'r', 'i', 't', 'e', 'r', 'i', 'e', '-', 's', 'd', 'v', '.', 'r', 'o', '\0', + /* "matrix.ac", false */ 'm', 'a', 't', 'r', 'i', 'x', '.', 'a', 'c', '\0', + /* "matrixmedia.ro", true */ 'm', 'a', 't', 'r', 'i', 'x', 'm', 'e', 'd', 'i', 'a', '.', 'r', 'o', '\0', + /* "matrixreq.com", true */ 'm', 'a', 't', 'r', 'i', 'x', 'r', 'e', 'q', '.', 'c', 'o', 'm', '\0', + /* "matsu-semi.com", true */ 'm', 'a', 't', 's', 'u', '-', 's', 'e', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "mattandyana.com", true */ 'm', 'a', 't', 't', 'a', 'n', 'd', 'y', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "mattbsg.xyz", true */ 'm', 'a', 't', 't', 'b', 's', 'g', '.', 'x', 'y', 'z', '\0', + /* "mattcarr.net", false */ 'm', 'a', 't', 't', 'c', 'a', 'r', 'r', '.', 'n', 'e', 't', '\0', + /* "mattcoles.io", true */ 'm', 'a', 't', 't', 'c', 'o', 'l', 'e', 's', '.', 'i', 'o', '\0', + /* "matteomarescotti.it", true */ 'm', 'a', 't', 't', 'e', 'o', 'm', 'a', 'r', 'e', 's', 'c', 'o', 't', 't', 'i', '.', 'i', 't', '\0', + /* "mattferderer.com", true */ 'm', 'a', 't', 't', 'f', 'e', 'r', 'd', 'e', 'r', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mattfin.ch", true */ 'm', 'a', 't', 't', 'f', 'i', 'n', '.', 'c', 'h', '\0', + /* "mattforster.ca", true */ 'm', 'a', 't', 't', 'f', 'o', 'r', 's', 't', 'e', 'r', '.', 'c', 'a', '\0', + /* "matthecat.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "matthew-carson.info", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', '-', 'c', 'a', 'r', 's', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "matthewemes.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "matthewfells.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'f', 'e', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "matthewgallagher.co.uk", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'g', 'a', 'l', 'l', 'a', 'g', 'h', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "matthewkenny.co.uk", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'k', 'e', 'n', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "matthewohare.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'o', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "matthey.nl", true */ 'm', 'a', 't', 't', 'h', 'e', 'y', '.', 'n', 'l', '\0', + /* "matthi.coffee", true */ 'm', 'a', 't', 't', 'h', 'i', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "matthias-muenzner.de", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', '-', 'm', 'u', 'e', 'n', 'z', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "matthiasadler.info", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', 'a', 'd', 'l', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "matthiasott.com", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', 'o', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "matthiasschwab.de", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', 's', 'c', 'h', 'w', 'a', 'b', '.', 'd', 'e', '\0', + /* "matthieuschlosser.fr", true */ 'm', 'a', 't', 't', 'h', 'i', 'e', 'u', 's', 'c', 'h', 'l', 'o', 's', 's', 'e', 'r', '.', 'f', 'r', '\0', + /* "matthijssen.info", true */ 'm', 'a', 't', 't', 'h', 'i', 'j', 's', 's', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "mattisam.com", true */ 'm', 'a', 't', 't', 'i', 's', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "mattmccutchen.net", true */ 'm', 'a', 't', 't', 'm', 'c', 'c', 'u', 't', 'c', 'h', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "mattonline.me", true */ 'm', 'a', 't', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'm', 'e', '\0', + /* "mattwservices.co.uk", true */ 'm', 'a', 't', 't', 'w', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "matviet.vn", true */ 'm', 'a', 't', 'v', 'i', 'e', 't', '.', 'v', 'n', '\0', + /* "matze.co", true */ 'm', 'a', 't', 'z', 'e', '.', 'c', 'o', '\0', + /* "mauldincookfence.com", true */ 'm', 'a', 'u', 'l', 'd', 'i', 'n', 'c', 'o', 'o', 'k', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "mauriciog.com.ar", false */ 'm', 'a', 'u', 'r', 'i', 'c', 'i', 'o', 'g', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "mauricioghiorzi.com.ar", false */ 'm', 'a', 'u', 'r', 'i', 'c', 'i', 'o', 'g', 'h', 'i', 'o', 'r', 'z', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "maury-moteurs.com", true */ 'm', 'a', 'u', 'r', 'y', '-', 'm', 'o', 't', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "mavenclinic.com", true */ 'm', 'a', 'v', 'e', 'n', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "mavensecurity.com", true */ 'm', 'a', 'v', 'e', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "maveris.com", true */ 'm', 'a', 'v', 'e', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "mawidabp.com", true */ 'm', 'a', 'w', 'i', 'd', 'a', 'b', 'p', '.', 'c', 'o', 'm', '\0', + /* "mawidaca.com", true */ 'm', 'a', 'w', 'i', 'd', 'a', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "max-moeglich.de", true */ 'm', 'a', 'x', '-', 'm', 'o', 'e', 'g', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "max-went.pl", true */ 'm', 'a', 'x', '-', 'w', 'e', 'n', 't', '.', 'p', 'l', '\0', + /* "max.gov", true */ 'm', 'a', 'x', '.', 'g', 'o', 'v', '\0', + /* "maxbruckner.de", true */ 'm', 'a', 'x', 'b', 'r', 'u', 'c', 'k', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "maxbruckner.org", true */ 'm', 'a', 'x', 'b', 'r', 'u', 'c', 'k', 'n', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "maxbytes.nl", false */ 'm', 'a', 'x', 'b', 'y', 't', 'e', 's', '.', 'n', 'l', '\0', + /* "maxchan.info", true */ 'm', 'a', 'x', 'c', 'h', 'a', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "maxdev72.freeboxos.fr", true */ 'm', 'a', 'x', 'd', 'e', 'v', '7', '2', '.', 'f', 'r', 'e', 'e', 'b', 'o', 'x', 'o', 's', '.', 'f', 'r', '\0', + /* "maxfox.me", true */ 'm', 'a', 'x', 'f', 'o', 'x', '.', 'm', 'e', '\0', + /* "maxhamon.ovh", true */ 'm', 'a', 'x', 'h', 'a', 'm', 'o', 'n', '.', 'o', 'v', 'h', '\0', + /* "maxhoechtl.at", true */ 'm', 'a', 'x', 'h', 'o', 'e', 'c', 'h', 't', 'l', '.', 'a', 't', '\0', + /* "maxhorvath.com", true */ 'm', 'a', 'x', 'h', 'o', 'r', 'v', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "maxibanki.ovh", true */ 'm', 'a', 'x', 'i', 'b', 'a', 'n', 'k', 'i', '.', 'o', 'v', 'h', '\0', + /* "maxicore.co.za", true */ 'm', 'a', 'x', 'i', 'c', 'o', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "maxima.at", true */ 'm', 'a', 'x', 'i', 'm', 'a', '.', 'a', 't', '\0', + /* "maximdeboiserie.be", true */ 'm', 'a', 'x', 'i', 'm', 'd', 'e', 'b', 'o', 'i', 's', 'e', 'r', 'i', 'e', '.', 'b', 'e', '\0', + /* "maximdens.be", true */ 'm', 'a', 'x', 'i', 'm', 'd', 'e', 'n', 's', '.', 'b', 'e', '\0', + /* "maximeferon.fr", true */ 'm', 'a', 'x', 'i', 'm', 'e', 'f', 'e', 'r', 'o', 'n', '.', 'f', 'r', '\0', + /* "maximelouet.me", true */ 'm', 'a', 'x', 'i', 'm', 'e', 'l', 'o', 'u', 'e', 't', '.', 'm', 'e', '\0', + /* "maximilian-graf.de", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', '-', 'g', 'r', 'a', 'f', '.', 'd', 'e', '\0', + /* "maximilian-greger.com", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', '-', 'g', 'r', 'e', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "maximiliankaul.de", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', 'k', 'a', 'u', 'l', '.', 'd', 'e', '\0', + /* "maximiliankrieg.de", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', 'k', 'r', 'i', 'e', 'g', '.', 'd', 'e', '\0', + /* "maxims-travel.com", true */ 'm', 'a', 'x', 'i', 'm', 's', '-', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "maxipcalls.com", true */ 'm', 'a', 'x', 'i', 'p', 'c', 'a', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "maxisito.it", true */ 'm', 'a', 'x', 'i', 's', 'i', 't', 'o', '.', 'i', 't', '\0', + /* "maxkaul.de", true */ 'm', 'a', 'x', 'k', 'a', 'u', 'l', '.', 'd', 'e', '\0', + /* "maxmilton.com", true */ 'm', 'a', 'x', 'm', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "maxrandolph.com", true */ 'm', 'a', 'x', 'r', 'a', 'n', 'd', 'o', 'l', 'p', 'h', '.', 'c', 'o', 'm', '\0', + /* "maxtruxa.com", true */ 'm', 'a', 'x', 't', 'r', 'u', 'x', 'a', '.', 'c', 'o', 'm', '\0', + /* "maxwaellenergie.de", true */ 'm', 'a', 'x', 'w', 'a', 'e', 'l', 'l', 'e', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'd', 'e', '\0', + /* "maxwell-english.co.jp", false */ 'm', 'a', 'x', 'w', 'e', 'l', 'l', '-', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "maxwellflynn.com", true */ 'm', 'a', 'x', 'w', 'e', 'l', 'l', 'f', 'l', 'y', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "maxwellmoore.co.uk", true */ 'm', 'a', 'x', 'w', 'e', 'l', 'l', 'm', 'o', 'o', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "may24.tw", true */ 'm', 'a', 'y', '2', '4', '.', 't', 'w', '\0', + /* "mayavi.co.in", true */ 'm', 'a', 'y', 'a', 'v', 'i', '.', 'c', 'o', '.', 'i', 'n', '\0', + /* "maybeul.com", true */ 'm', 'a', 'y', 'b', 'e', 'u', 'l', '.', 'c', 'o', 'm', '\0', + /* "maydex.info", true */ 'm', 'a', 'y', 'd', 'e', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "mayerbrownllz.com", true */ 'm', 'a', 'y', 'e', 'r', 'b', 'r', 'o', 'w', 'n', 'l', 'l', 'z', '.', 'c', 'o', 'm', '\0', + /* "mayomarquees.com", true */ 'm', 'a', 'y', 'o', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "mayopartyhire.com", true */ 'm', 'a', 'y', 'o', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "mayoristassexshop.com", true */ 'm', 'a', 'y', 'o', 'r', 'i', 's', 't', 'a', 's', 's', 'e', 'x', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "maypolevilla.co.uk", true */ 'm', 'a', 'y', 'p', 'o', 'l', 'e', 'v', 'i', 'l', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mayrhofer.eu.org", true */ 'm', 'a', 'y', 'r', 'h', 'o', 'f', 'e', 'r', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "mazda-mps.de", true */ 'm', 'a', 'z', 'd', 'a', '-', 'm', 'p', 's', '.', 'd', 'e', '\0', + /* "mazda-thermote.com", true */ 'm', 'a', 'z', 'd', 'a', '-', 't', 'h', 'e', 'r', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "mazda626.net", true */ 'm', 'a', 'z', 'd', 'a', '6', '2', '6', '.', 'n', 'e', 't', '\0', + /* "maze.fr", true */ 'm', 'a', 'z', 'e', '.', 'f', 'r', '\0', + /* "mazternet.ru", true */ 'm', 'a', 'z', 't', 'e', 'r', 'n', 'e', 't', '.', 'r', 'u', '\0', + /* "mazzotta.me", true */ 'm', 'a', 'z', 'z', 'o', 't', 't', 'a', '.', 'm', 'e', '\0', + /* "mbaestlein.de", true */ 'm', 'b', 'a', 'e', 's', 't', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0', + /* "mbainflatables.co.uk", true */ 'm', 'b', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mbardot.com", true */ 'm', 'b', 'a', 'r', 'd', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "mbasic.facebook.com", false */ 'm', 'b', 'a', 's', 'i', 'c', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "mbcars.be", true */ 'm', 'b', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "mbeo.ch", true */ 'm', 'b', 'e', 'o', '.', 'c', 'h', '\0', + /* "mbilker.us", true */ 'm', 'b', 'i', 'l', 'k', 'e', 'r', '.', 'u', 's', '\0', + /* "mbinf.de", false */ 'm', 'b', 'i', 'n', 'f', '.', 'd', 'e', '\0', + /* "mbinformatik.de", false */ 'm', 'b', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '.', 'd', 'e', '\0', + /* "mbits.solutions", true */ 'm', 'b', 'i', 't', 's', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0', + /* "mblankhorst.nl", true */ 'm', 'b', 'l', 'a', 'n', 'k', 'h', 'o', 'r', 's', 't', '.', 'n', 'l', '\0', + /* "mble.mg", true */ 'm', 'b', 'l', 'e', '.', 'm', 'g', '\0', + /* "mbp.banking.co.at", false */ 'm', 'b', 'p', '.', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'c', 'o', '.', 'a', 't', '\0', + /* "mbr-net.de", true */ 'm', 'b', 'r', '-', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "mbrooks.info", true */ 'm', 'b', 'r', 'o', 'o', 'k', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "mbs-journey.com", true */ 'm', 'b', 's', '-', 'j', 'o', 'u', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "mburns.duckdns.org", true */ 'm', 'b', 'u', 'r', 'n', 's', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "mbweir.com", true */ 'm', 'b', 'w', 'e', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "mc-venture.net", false */ 'm', 'c', '-', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "mcadmin.net", true */ 'm', 'c', 'a', 'd', 'm', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "mcatnnlo.org", true */ 'm', 'c', 'a', 't', 'n', 'n', 'l', 'o', '.', 'o', 'r', 'g', '\0', + /* "mccordworks.com", true */ 'm', 'c', 'c', 'o', 'r', 'd', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "mccrackon.com", true */ 'm', 'c', 'c', 'r', 'a', 'c', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "mcdermottautomotive.com", true */ 'm', 'c', 'd', 'e', 'r', 'm', 'o', 't', 't', 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "mcdona1d.me", true */ 'm', 'c', 'd', 'o', 'n', 'a', '1', 'd', '.', 'm', 'e', '\0', + /* "mcdonalds.be", true */ 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', 's', '.', 'b', 'e', '\0', + /* "mcdonalds.design", true */ 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', 's', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0', + /* "mcdonaldwhsl.com", false */ 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', 'w', 'h', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "mce.eu", true */ 'm', 'c', 'e', '.', 'e', 'u', '\0', + /* "mce.nyc", true */ 'm', 'c', 'e', '.', 'n', 'y', 'c', '\0', + /* "mce55.eu", true */ 'm', 'c', 'e', '5', '5', '.', 'e', 'u', '\0', + /* "mcea-hld.jp", true */ 'm', 'c', 'e', 'a', '-', 'h', 'l', 'd', '.', 'j', 'p', '\0', + /* "mceconferencecentre.eu", true */ 'm', 'c', 'e', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'c', 'e', 'n', 't', 'r', 'e', '.', 'e', 'u', '\0', + /* "mcfedries.com", true */ 'm', 'c', 'f', 'e', 'd', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "mcgarderen.nl", true */ 'm', 'c', 'g', 'a', 'r', 'd', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0', + /* "mcgavocknissanwichitaparts.com", true */ 'm', 'c', 'g', 'a', 'v', 'o', 'c', 'k', 'n', 'i', 's', 's', 'a', 'n', 'w', 'i', 'c', 'h', 'i', 't', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "mcgovernance.com", true */ 'm', 'c', 'g', 'o', 'v', 'e', 'r', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "mchopkins.net", true */ 'm', 'c', 'h', 'o', 'p', 'k', 'i', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "mchristopher.com", true */ 'm', 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mcideas.tk", true */ 'm', 'c', 'i', 'd', 'e', 'a', 's', '.', 't', 'k', '\0', + /* "mcjackk77.com", true */ 'm', 'c', 'j', 'a', 'c', 'k', 'k', '7', '7', '.', 'c', 'o', 'm', '\0', + /* "mckenry.net", true */ 'm', 'c', 'k', 'e', 'n', 'r', 'y', '.', 'n', 'e', 't', '\0', + /* "mckernan.in", true */ 'm', 'c', 'k', 'e', 'r', 'n', 'a', 'n', '.', 'i', 'n', '\0', + /* "mckinley.school", true */ 'm', 'c', 'k', 'i', 'n', 'l', 'e', 'y', '.', 's', 'c', 'h', 'o', 'o', 'l', '\0', + /* "mckinleytk.com", true */ 'm', 'c', 'k', 'i', 'n', 'l', 'e', 'y', 't', 'k', '.', 'c', 'o', 'm', '\0', + /* "mcl.gg", true */ 'm', 'c', 'l', '.', 'g', 'g', '\0', + /* "mclinflatables.co.uk", true */ 'm', 'c', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mcmillanskiclub.com.au", true */ 'm', 'c', 'm', 'i', 'l', 'l', 'a', 'n', 's', 'k', 'i', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "mcneill.io", true */ 'm', 'c', 'n', 'e', 'i', 'l', 'l', '.', 'i', 'o', '\0', + /* "mcnext.net", true */ 'm', 'c', 'n', 'e', 'x', 't', '.', 'n', 'e', 't', '\0', + /* "mcpart.land", true */ 'm', 'c', 'p', 'a', 'r', 't', '.', 'l', 'a', 'n', 'd', '\0', + /* "mcrn.jp", true */ 'm', 'c', 'r', 'n', '.', 'j', 'p', '\0', + /* "mcsinflatables.co.uk", true */ 'm', 'c', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mcsniper.co", true */ 'm', 'c', 's', 'n', 'i', 'p', 'e', 'r', '.', 'c', 'o', '\0', + /* "mcuong.tk", false */ 'm', 'c', 'u', 'o', 'n', 'g', '.', 't', 'k', '\0', + /* "mcynews.com", true */ 'm', 'c', 'y', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "mcyukon.com", true */ 'm', 'c', 'y', 'u', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "md5file.com", true */ 'm', 'd', '5', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "md5hashing.net", true */ 'm', 'd', '5', 'h', 'a', 's', 'h', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "mdbouncycastlehirelondon.co.uk", true */ 'm', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mdcloudpracticesolutions.com", true */ 'm', 'd', 'c', 'l', 'o', 'u', 'd', 'p', 'r', 'a', 'c', 't', 'i', 'c', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "mdcloudps.com", true */ 'm', 'd', 'c', 'l', 'o', 'u', 'd', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "mdek.at", true */ 'm', 'd', 'e', 'k', '.', 'a', 't', '\0', + /* "mdewendt.de", true */ 'm', 'd', 'e', 'w', 'e', 'n', 'd', 't', '.', 'd', 'e', '\0', + /* "mdf-bis.com", true */ 'm', 'd', 'f', '-', 'b', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "mdiv.pl", true */ 'm', 'd', 'i', 'v', '.', 'p', 'l', '\0', + /* "mdma.net", true */ 'm', 'd', 'm', 'a', '.', 'n', 'e', 't', '\0', + /* "mdmed.clinic", true */ 'm', 'd', 'm', 'e', 'd', '.', 'c', 'l', 'i', 'n', 'i', 'c', '\0', + /* "mdoering.de", true */ 'm', 'd', 'o', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "mdosch.de", true */ 'm', 'd', 'o', 's', 'c', 'h', '.', 'd', 'e', '\0', + /* "mdpraha.cz", true */ 'm', 'd', 'p', 'r', 'a', 'h', 'a', '.', 'c', 'z', '\0', + /* "mdsave.com", true */ 'm', 'd', 's', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "mdwftw.com", true */ 'm', 'd', 'w', 'f', 't', 'w', '.', 'c', 'o', 'm', '\0', + /* "mdx.no", true */ 'm', 'd', 'x', '.', 'n', 'o', '\0', + /* "mdxdave.de", true */ 'm', 'd', 'x', 'd', 'a', 'v', 'e', '.', 'd', 'e', '\0', + /* "mdxn.org", true */ 'm', 'd', 'x', 'n', '.', 'o', 'r', 'g', '\0', + /* "me-center.com", true */ 'm', 'e', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "me-groups.com", true */ 'm', 'e', '-', 'g', 'r', 'o', 'u', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "me.net.nz", true */ 'm', 'e', '.', 'n', 'e', 't', '.', 'n', 'z', '\0', + /* "meadowviewfarms.org", true */ 'm', 'e', 'a', 'd', 'o', 'w', 'v', 'i', 'e', 'w', 'f', 'a', 'r', 'm', 's', '.', 'o', 'r', 'g', '\0', + /* "mealgoo.com", true */ 'm', 'e', 'a', 'l', 'g', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "mealz.com", false */ 'm', 'e', 'a', 'l', 'z', '.', 'c', 'o', 'm', '\0', + /* "meany.xyz", true */ 'm', 'e', 'a', 'n', 'y', '.', 'x', 'y', 'z', '\0', + /* "meap.xyz", true */ 'm', 'e', 'a', 'p', '.', 'x', 'y', 'z', '\0', + /* "measuretwice.com", true */ 'm', 'e', 'a', 's', 'u', 'r', 'e', 't', 'w', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "measureyourpenis.today", true */ 'm', 'e', 'a', 's', 'u', 'r', 'e', 'y', 'o', 'u', 'r', 'p', 'e', 'n', 'i', 's', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "meat.org.uk", true */ 'm', 'e', 'a', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "mecanicoautomotriz.org", true */ 'm', 'e', 'c', 'a', 'n', 'i', 'c', 'o', 'a', 'u', 't', 'o', 'm', 'o', 't', 'r', 'i', 'z', '.', 'o', 'r', 'g', '\0', + /* "mechanixdirect.co.uk", false */ 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'x', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mechanus.io", true */ 'm', 'e', 'c', 'h', 'a', 'n', 'u', 's', '.', 'i', 'o', '\0', + /* "med-otzyv.ru", true */ 'm', 'e', 'd', '-', 'o', 't', 'z', 'y', 'v', '.', 'r', 'u', '\0', + /* "medba.se", true */ 'm', 'e', 'd', 'b', 'a', '.', 's', 'e', '\0', + /* "medcir.com.br", true */ 'm', 'e', 'd', 'c', 'i', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "medcrowd.com", true */ 'm', 'e', 'd', 'c', 'r', 'o', 'w', 'd', '.', 'c', 'o', 'm', '\0', + /* "meddelare.com", true */ 'm', 'e', 'd', 'd', 'e', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "meddigital.com", true */ 'm', 'e', 'd', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "medeinos.lt", true */ 'm', 'e', 'd', 'e', 'i', 'n', 'o', 's', '.', 'l', 't', '\0', + /* "medexpress.co.uk", true */ 'm', 'e', 'd', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "medi-link.co.il", true */ 'm', 'e', 'd', 'i', '-', 'l', 'i', 'n', 'k', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "media-access.online", true */ 'm', 'e', 'd', 'i', 'a', '-', 'a', 'c', 'c', 'e', 's', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "media-courses.com", true */ 'm', 'e', 'd', 'i', 'a', '-', 'c', 'o', 'u', 'r', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "media-credit.eu", true */ 'm', 'e', 'd', 'i', 'a', '-', 'c', 'r', 'e', 'd', 'i', 't', '.', 'e', 'u', '\0', + /* "media-instance.ru", true */ 'm', 'e', 'd', 'i', 'a', '-', 'i', 'n', 's', 't', 'a', 'n', 'c', 'e', '.', 'r', 'u', '\0', + /* "media-pi.com", true */ 'm', 'e', 'd', 'i', 'a', '-', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "mediaarea.net", true */ 'm', 'e', 'd', 'i', 'a', 'a', 'r', 'e', 'a', '.', 'n', 'e', 't', '\0', + /* "mediablaster.com", true */ 'm', 'e', 'd', 'i', 'a', 'b', 'l', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mediaburst.co.uk", true */ 'm', 'e', 'd', 'i', 'a', 'b', 'u', 'r', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mediadex.be", true */ 'm', 'e', 'd', 'i', 'a', 'd', 'e', 'x', '.', 'b', 'e', '\0', + /* "mediaexpert.fr", true */ 'm', 'e', 'd', 'i', 'a', 'e', 'x', 'p', 'e', 'r', 't', '.', 'f', 'r', '\0', + /* "mediafocus.biz", true */ 'm', 'e', 'd', 'i', 'a', 'f', 'o', 'c', 'u', 's', '.', 'b', 'i', 'z', '\0', + /* "mediagenic.ch", true */ 'm', 'e', 'd', 'i', 'a', 'g', 'e', 'n', 'i', 'c', '.', 'c', 'h', '\0', + /* "mediagrand.net", true */ 'm', 'e', 'd', 'i', 'a', 'g', 'r', 'a', 'n', 'd', '.', 'n', 'e', 't', '\0', + /* "mediajurnal.com", true */ 'm', 'e', 'd', 'i', 'a', 'j', 'u', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "medialab.nrw", true */ 'm', 'e', 'd', 'i', 'a', 'l', 'a', 'b', '.', 'n', 'r', 'w', '\0', + /* "mediamarkt.pl", true */ 'm', 'e', 'd', 'i', 'a', 'm', 'a', 'r', 'k', 't', '.', 'p', 'l', '\0', + /* "mediapart.fr", true */ 'm', 'e', 'd', 'i', 'a', 'p', 'a', 'r', 't', '.', 'f', 'r', '\0', + /* "mediaselection.eu", true */ 'm', 'e', 'd', 'i', 'a', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'e', 'u', '\0', + /* "mediastorm.us", true */ 'm', 'e', 'd', 'i', 'a', 's', 't', 'o', 'r', 'm', '.', 'u', 's', '\0', + /* "mediationculturelleclp.ch", true */ 'm', 'e', 'd', 'i', 'a', 't', 'i', 'o', 'n', 'c', 'u', 'l', 't', 'u', 'r', 'e', 'l', 'l', 'e', 'c', 'l', 'p', '.', 'c', 'h', '\0', + /* "mediatorzy.waw.pl", true */ 'm', 'e', 'd', 'i', 'a', 't', 'o', 'r', 'z', 'y', '.', 'w', 'a', 'w', '.', 'p', 'l', '\0', + /* "mediawiki.org", true */ 'm', 'e', 'd', 'i', 'a', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "mediawin.pl", true */ 'm', 'e', 'd', 'i', 'a', 'w', 'i', 'n', '.', 'p', 'l', '\0', + /* "medic-world.com", true */ 'm', 'e', 'd', 'i', 'c', '-', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "medicalcountermeasures.gov", true */ 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'c', 'o', 'u', 'n', 't', 'e', 'r', 'm', 'e', 'a', 's', 'u', 'r', 'e', 's', '.', 'g', 'o', 'v', '\0', + /* "medicinesfast.com", false */ 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'e', 's', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "medicinia.com.br", true */ 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "medicocompetente.it", true */ 'm', 'e', 'd', 'i', 'c', 'o', 'c', 'o', 'm', 'p', 'e', 't', 'e', 'n', 't', 'e', '.', 'i', 't', '\0', + /* "medicoresponde.com.br", true */ 'm', 'e', 'd', 'i', 'c', 'o', 'r', 'e', 's', 'p', 'o', 'n', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "medifab.online", true */ 'm', 'e', 'd', 'i', 'f', 'a', 'b', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "medifi.com", true */ 'm', 'e', 'd', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0', + /* "medireport.fr", true */ 'm', 'e', 'd', 'i', 'r', 'e', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0', + /* "medium.com", true */ 'm', 'e', 'd', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "mediumraw.org", true */ 'm', 'e', 'd', 'i', 'u', 'm', 'r', 'a', 'w', '.', 'o', 'r', 'g', '\0', + /* "medlineplus.gov", true */ 'm', 'e', 'd', 'l', 'i', 'n', 'e', 'p', 'l', 'u', 's', '.', 'g', 'o', 'v', '\0', + /* "medo64.com", true */ 'm', 'e', 'd', 'o', '6', '4', '.', 'c', 'o', 'm', '\0', + /* "medovea.ru", true */ 'm', 'e', 'd', 'o', 'v', 'e', 'a', '.', 'r', 'u', '\0', + /* "medpics.com", true */ 'm', 'e', 'd', 'p', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "medstreaming.com", true */ 'm', 'e', 'd', 's', 't', 'r', 'e', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "medtalents.ch", true */ 'm', 'e', 'd', 't', 'a', 'l', 'e', 'n', 't', 's', '.', 'c', 'h', '\0', + /* "medtankers.management", true */ 'm', 'e', 'd', 't', 'a', 'n', 'k', 'e', 'r', 's', '.', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '\0', + /* "medtehnika.ua", true */ 'm', 'e', 'd', 't', 'e', 'h', 'n', 'i', 'k', 'a', '.', 'u', 'a', '\0', + /* "medusa.wtf", true */ 'm', 'e', 'd', 'u', 's', 'a', '.', 'w', 't', 'f', '\0', + /* "meduza.io", true */ 'm', 'e', 'd', 'u', 'z', 'a', '.', 'i', 'o', '\0', + /* "medwaybouncycastlehire.co.uk", true */ 'm', 'e', 'd', 'w', 'a', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "medyotan.ga", true */ 'm', 'e', 'd', 'y', 'o', 't', 'a', 'n', '.', 'g', 'a', '\0', + /* "meedoenhartvanwestbrabant.nl", true */ 'm', 'e', 'e', 'd', 'o', 'e', 'n', 'h', 'a', 'r', 't', 'v', 'a', 'n', 'w', 'e', 's', 't', 'b', 'r', 'a', 'b', 'a', 'n', 't', '.', 'n', 'l', '\0', + /* "meehle.com", true */ 'm', 'e', 'e', 'h', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "meerutcake.com", true */ 'm', 'e', 'e', 'r', 'u', 't', 'c', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "meet.google.com", true */ 'm', 'e', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "meetbot.fedoraproject.org", true */ 'm', 'e', 'e', 't', 'b', 'o', 't', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "meetingfriends.ch", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'h', '\0', + /* "meetingmanage.nl", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 'm', 'a', 'n', 'a', 'g', 'e', '.', 'n', 'l', '\0', + /* "meetingmanager.ovh", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'o', 'v', 'h', '\0', + /* "meetings2.com", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 's', '2', '.', 'c', 'o', 'm', '\0', + /* "meetmibaby.co.uk", true */ 'm', 'e', 'e', 't', 'm', 'i', 'b', 'a', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "meetmygoods.com", true */ 'm', 'e', 'e', 't', 'm', 'y', 'g', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "meeusen-usedcars.be", true */ 'm', 'e', 'e', 'u', 's', 'e', 'n', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "meeztertom.nl", true */ 'm', 'e', 'e', 'z', 't', 'e', 'r', 't', 'o', 'm', '.', 'n', 'l', '\0', + /* "meg-a-bounce.co.uk", true */ 'm', 'e', 'g', '-', 'a', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mega-feeling.de", true */ 'm', 'e', 'g', 'a', '-', 'f', 'e', 'e', 'l', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "mega.co.nz", true */ 'm', 'e', 'g', 'a', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "mega.nz", true */ 'm', 'e', 'g', 'a', '.', 'n', 'z', '\0', + /* "mega.online", true */ 'm', 'e', 'g', 'a', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "megablogging.org", true */ 'm', 'e', 'g', 'a', 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "megabounce.co.uk", true */ 'm', 'e', 'g', 'a', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "megabounceni.co.uk", true */ 'm', 'e', 'g', 'a', 'b', 'o', 'u', 'n', 'c', 'e', 'n', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "megabouncingcastles.com", true */ 'm', 'e', 'g', 'a', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "megadrol.com", true */ 'm', 'e', 'g', 'a', 'd', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "megaflix.nl", true */ 'm', 'e', 'g', 'a', 'f', 'l', 'i', 'x', '.', 'n', 'l', '\0', + /* "megagifs.de", true */ 'm', 'e', 'g', 'a', 'g', 'i', 'f', 's', '.', 'd', 'e', '\0', + /* "megainflatables.co.uk", true */ 'm', 'e', 'g', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "megamarkey.de", true */ 'm', 'e', 'g', 'a', 'm', 'a', 'r', 'k', 'e', 'y', '.', 'd', 'e', '\0', + /* "megamisja.pl", true */ 'm', 'e', 'g', 'a', 'm', 'i', 's', 'j', 'a', '.', 'p', 'l', '\0', + /* "meganandmarc.us", true */ 'm', 'e', 'g', 'a', 'n', 'a', 'n', 'd', 'm', 'a', 'r', 'c', '.', 'u', 's', '\0', + /* "meganreel.com", true */ 'm', 'e', 'g', 'a', 'n', 'r', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "megapixel.cz", true */ 'm', 'e', 'g', 'a', 'p', 'i', 'x', 'e', 'l', '.', 'c', 'z', '\0', + /* "megaplan.cz", true */ 'm', 'e', 'g', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'z', '\0', + /* "megaplan.ru", true */ 'm', 'e', 'g', 'a', 'p', 'l', 'a', 'n', '.', 'r', 'u', '\0', + /* "megaplonk.com", true */ 'm', 'e', 'g', 'a', 'p', 'l', 'o', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "megasslstore.com", true */ 'm', 'e', 'g', 'a', 's', 's', 'l', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "megaxchange.com", true */ 'm', 'e', 'g', 'a', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "megumico.net", true */ 'm', 'e', 'g', 'u', 'm', 'i', 'c', 'o', '.', 'n', 'e', 't', '\0', + /* "mehalick.com", true */ 'm', 'e', 'h', 'a', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "mehhh.xyz", true */ 'm', 'e', 'h', 'h', 'h', '.', 'x', 'y', 'z', '\0', + /* "mehmetakif.edu.tr", true */ 'm', 'e', 'h', 'm', 'e', 't', 'a', 'k', 'i', 'f', '.', 'e', 'd', 'u', '.', 't', 'r', '\0', + /* "mehmetince.net", true */ 'm', 'e', 'h', 'm', 'e', 't', 'i', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "mehostdd.com", false */ 'm', 'e', 'h', 'o', 's', 't', 'd', 'd', '.', 'c', 'o', 'm', '\0', + /* "mehr-schulferien.de", true */ 'm', 'e', 'h', 'r', '-', 's', 'c', 'h', 'u', 'l', 'f', 'e', 'r', 'i', 'e', 'n', '.', 'd', 'e', '\0', + /* "mehrleben.at", true */ 'm', 'e', 'h', 'r', 'l', 'e', 'b', 'e', 'n', '.', 'a', 't', '\0', + /* "mehrwert.de", true */ 'm', 'e', 'h', 'r', 'w', 'e', 'r', 't', '.', 'd', 'e', '\0', + /* "meierhofer.net", true */ 'm', 'e', 'i', 'e', 'r', 'h', 'o', 'f', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "meiju.video", true */ 'm', 'e', 'i', 'j', 'u', '.', 'v', 'i', 'd', 'e', 'o', '\0', + /* "meikan.moe", true */ 'm', 'e', 'i', 'k', 'a', 'n', '.', 'm', 'o', 'e', '\0', + /* "meillard-auto-ecole.ch", true */ 'm', 'e', 'i', 'l', 'l', 'a', 'r', 'd', '-', 'a', 'u', 't', 'o', '-', 'e', 'c', 'o', 'l', 'e', '.', 'c', 'h', '\0', + /* "meilleur.info", true */ 'm', 'e', 'i', 'l', 'l', 'e', 'u', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "mein-muehlhausen.bayern", true */ 'm', 'e', 'i', 'n', '-', 'm', 'u', 'e', 'h', 'l', 'h', 'a', 'u', 's', 'e', 'n', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0', + /* "mein-webportal.de", true */ 'm', 'e', 'i', 'n', '-', 'w', 'e', 'b', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0', + /* "meinbetriebsrat24.de", true */ 'm', 'e', 'i', 'n', 'b', 'e', 't', 'r', 'i', 'e', 'b', 's', 'r', 'a', 't', '2', '4', '.', 'd', 'e', '\0', + /* "meincenter-meinemeinung.de", true */ 'm', 'e', 'i', 'n', 'c', 'e', 'n', 't', 'e', 'r', '-', 'm', 'e', 'i', 'n', 'e', 'm', 'e', 'i', 'n', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "meincoach.at", true */ 'm', 'e', 'i', 'n', 'c', 'o', 'a', 'c', 'h', '.', 'a', 't', '\0', + /* "meine-email-im.net", true */ 'm', 'e', 'i', 'n', 'e', '-', 'e', 'm', 'a', 'i', 'l', '-', 'i', 'm', '.', 'n', 'e', 't', '\0', + /* "meine-immofinanzierung.de", true */ 'm', 'e', 'i', 'n', 'e', '-', 'i', 'm', 'm', 'o', 'f', 'i', 'n', 'a', 'n', 'z', 'i', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "meine-plancha.ch", true */ 'm', 'e', 'i', 'n', 'e', '-', 'p', 'l', 'a', 'n', 'c', 'h', 'a', '.', 'c', 'h', '\0', + /* "meinezwangsversteigerung.de", true */ 'm', 'e', 'i', 'n', 'e', 'z', 'w', 'a', 'n', 'g', 's', 'v', 'e', 'r', 's', 't', 'e', 'i', 'g', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "meinstartinsleben.com", true */ 'm', 'e', 'i', 'n', 's', 't', 'a', 'r', 't', 'i', 'n', 's', 'l', 'e', 'b', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "meinstartinsleben.de", true */ 'm', 'e', 'i', 'n', 's', 't', 'a', 'r', 't', 'i', 'n', 's', 'l', 'e', 'b', 'e', 'n', '.', 'd', 'e', '\0', + /* "meinv.asia", true */ 'm', 'e', 'i', 'n', 'v', '.', 'a', 's', 'i', 'a', '\0', + /* "meiqia.cn", true */ 'm', 'e', 'i', 'q', 'i', 'a', '.', 'c', 'n', '\0', + /* "meiqia.com", true */ 'm', 'e', 'i', 'q', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "meisterritter.de", true */ 'm', 'e', 'i', 's', 't', 'e', 'r', 'r', 'i', 't', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "meizufans.eu", true */ 'm', 'e', 'i', 'z', 'u', 'f', 'a', 'n', 's', '.', 'e', 'u', '\0', + /* "mekongeye.com", true */ 'm', 'e', 'k', 'o', 'n', 'g', 'e', 'y', 'e', '.', 'c', 'o', 'm', '\0', + /* "melakaltenegger.at", true */ 'm', 'e', 'l', 'a', 'k', 'a', 'l', 't', 'e', 'n', 'e', 'g', 'g', 'e', 'r', '.', 'a', 't', '\0', + /* "melaniebernhardt.com", true */ 'm', 'e', 'l', 'a', 'n', 'i', 'e', 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 't', '.', 'c', 'o', 'm', '\0', + /* "melaniegruber.de", true */ 'm', 'e', 'l', 'a', 'n', 'i', 'e', 'g', 'r', 'u', 'b', 'e', 'r', '.', 'd', 'e', '\0', + /* "melbourne.dating", true */ 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "melbourneapartments.website", true */ 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0', + /* "melchizedek-forum.de", true */ 'm', 'e', 'l', 'c', 'h', 'i', 'z', 'e', 'd', 'e', 'k', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "meldcode-assistent.nl", true */ 'm', 'e', 'l', 'd', 'c', 'o', 'd', 'e', '-', 'a', 's', 's', 'i', 's', 't', 'e', 'n', 't', '.', 'n', 'l', '\0', + /* "melearning.university", false */ 'm', 'e', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '\0', + /* "meledia.com", false */ 'm', 'e', 'l', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "melenchatsmelenchiens.fr", true */ 'm', 'e', 'l', 'e', 'n', 'c', 'h', 'a', 't', 's', 'm', 'e', 'l', 'e', 'n', 'c', 'h', 'i', 'e', 'n', 's', '.', 'f', 'r', '\0', + /* "melerpaine.com", true */ 'm', 'e', 'l', 'e', 'r', 'p', 'a', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "melf.nl", true */ 'm', 'e', 'l', 'f', '.', 'n', 'l', '\0', + /* "melhoresdominios.com", true */ 'm', 'e', 'l', 'h', 'o', 'r', 'e', 's', 'd', 'o', 'm', 'i', 'n', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "melhoresmarcasdenotebook.com.br", true */ 'm', 'e', 'l', 'h', 'o', 'r', 'e', 's', 'm', 'a', 'r', 'c', 'a', 's', 'd', 'e', 'n', 'o', 't', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "melikoff.es", true */ 'm', 'e', 'l', 'i', 'k', 'o', 'f', 'f', '.', 'e', 's', '\0', + /* "melina-schefczyk.de", true */ 'm', 'e', 'l', 'i', 'n', 'a', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0', + /* "melissaadkins.com", true */ 'm', 'e', 'l', 'i', 's', 's', 'a', 'a', 'd', 'k', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "melitopol.co.ua", false */ 'm', 'e', 'l', 'i', 't', 'o', 'p', 'o', 'l', '.', 'c', 'o', '.', 'u', 'a', '\0', + /* "melnessgroup.com", true */ 'm', 'e', 'l', 'n', 'e', 's', 's', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "melnikov.ch", true */ 'm', 'e', 'l', 'n', 'i', 'k', 'o', 'v', '.', 'c', 'h', '\0', + /* "melodic.com.au", true */ 'm', 'e', 'l', 'o', 'd', 'i', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "melodiouscode.net", true */ 'm', 'e', 'l', 'o', 'd', 'i', 'o', 'u', 's', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "melodrom.de", true */ 'm', 'e', 'l', 'o', 'd', 'r', 'o', 'm', '.', 'd', 'e', '\0', + /* "melody-lyrics.com", true */ 'm', 'e', 'l', 'o', 'd', 'y', '-', 'l', 'y', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "melted.me", true */ 'm', 'e', 'l', 't', 'e', 'd', '.', 'm', 'e', '\0', + /* "meltzow.net", true */ 'm', 'e', 'l', 't', 'z', 'o', 'w', '.', 'n', 'e', 't', '\0', + /* "melvinlammerts.nl", true */ 'm', 'e', 'l', 'v', 'i', 'n', 'l', 'a', 'm', 'm', 'e', 'r', 't', 's', '.', 'n', 'l', '\0', + /* "members-only-shopping.com", true */ 'm', 'e', 'm', 'b', 'e', 'r', 's', '-', 'o', 'n', 'l', 'y', '-', 's', 'h', 'o', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "members.nearlyfreespeech.net", false */ 'm', 'e', 'm', 'b', 'e', 'r', 's', '.', 'n', 'e', 'a', 'r', 'l', 'y', 'f', 'r', 'e', 'e', 's', 'p', 'e', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "memdoc.org", true */ 'm', 'e', 'm', 'd', 'o', 'c', '.', 'o', 'r', 'g', '\0', + /* "meme-photostudio.com.tw", true */ 'm', 'e', 'm', 'e', '-', 'p', 'h', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "meme.fi", true */ 'm', 'e', 'm', 'e', '.', 'f', 'i', '\0', + /* "meme.institute", true */ 'm', 'e', 'm', 'e', '.', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '\0', + /* "memepasmal.net", true */ 'm', 'e', 'm', 'e', 'p', 'a', 's', 'm', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "memepasmal.org", true */ 'm', 'e', 'm', 'e', 'p', 'a', 's', 'm', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "memetrash.co.uk", true */ 'm', 'e', 'm', 'e', 't', 'r', 'a', 's', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "memfrob.org", true */ 'm', 'e', 'm', 'f', 'r', 'o', 'b', '.', 'o', 'r', 'g', '\0', + /* "memiux.com", true */ 'm', 'e', 'm', 'i', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "memo-linux.com", true */ 'm', 'e', 'm', 'o', '-', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "memoire-resistance-ariege.fr", true */ 'm', 'e', 'm', 'o', 'i', 'r', 'e', '-', 'r', 'e', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '-', 'a', 'r', 'i', 'e', 'g', 'e', '.', 'f', 'r', '\0', + /* "memorycards.ie", true */ 'm', 'e', 'm', 'o', 'r', 'y', 'c', 'a', 'r', 'd', 's', '.', 'i', 'e', '\0', + /* "memoryex.net", true */ 'm', 'e', 'm', 'o', 'r', 'y', 'e', 'x', '.', 'n', 'e', 't', '\0', + /* "memorygame.io", true */ 'm', 'e', 'm', 'o', 'r', 'y', 'g', 'a', 'm', 'e', '.', 'i', 'o', '\0', + /* "menanwc.org", true */ 'm', 'e', 'n', 'a', 'n', 'w', 'c', '.', 'o', 'r', 'g', '\0', + /* "menaraannonces.com", true */ 'm', 'e', 'n', 'a', 'r', 'a', 'a', 'n', 'n', 'o', 'n', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "menden.com", true */ 'm', 'e', 'n', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "mendipbouncycastles.co.uk", true */ 'm', 'e', 'n', 'd', 'i', 'p', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mendy.jp", true */ 'm', 'e', 'n', 'd', 'y', '.', 'j', 'p', '\0', + /* "menielias.com", true */ 'm', 'e', 'n', 'i', 'e', 'l', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "menole.com", true */ 'm', 'e', 'n', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "menole.de", true */ 'm', 'e', 'n', 'o', 'l', 'e', '.', 'd', 'e', '\0', + /* "menole.net", true */ 'm', 'e', 'n', 'o', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "mensachterdepatient.nl", true */ 'm', 'e', 'n', 's', 'a', 'c', 'h', 't', 'e', 'r', 'd', 'e', 'p', 'a', 't', 'i', 'e', 'n', 't', '.', 'n', 'l', '\0', + /* "mensagemaniversario.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'm', 'a', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mensagemdaluz.com", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'm', 'd', 'a', 'l', 'u', 'z', '.', 'c', 'o', 'm', '\0', + /* "mensagensaniversario.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', 'a', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mensagensdeconforto.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', 'd', 'e', 'c', 'o', 'n', 'f', 'o', 'r', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mensagensperfeitas.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', 'p', 'e', 'r', 'f', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mensch-peter.me", true */ 'm', 'e', 'n', 's', 'c', 'h', '-', 'p', 'e', 't', 'e', 'r', '.', 'm', 'e', '\0', + /* "mentalhealth.gov", true */ 'm', 'e', 'n', 't', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'o', 'v', '\0', + /* "mentalhealthmn.org", true */ 'm', 'e', 'n', 't', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', 'm', 'n', '.', 'o', 'r', 'g', '\0', + /* "mentaltraining-fuer-musiker.ch", true */ 'm', 'e', 'n', 't', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'f', 'u', 'e', 'r', '-', 'm', 'u', 's', 'i', 'k', 'e', 'r', '.', 'c', 'h', '\0', + /* "mentiq.az", true */ 'm', 'e', 'n', 't', 'i', 'q', '.', 'a', 'z', '\0', + /* "mentorithm.com", true */ 'm', 'e', 'n', 't', 'o', 'r', 'i', 't', 'h', 'm', '.', 'c', 'o', 'm', '\0', + /* "mentz.info", true */ 'm', 'e', 'n', 't', 'z', '.', 'i', 'n', 'f', 'o', '\0', + /* "menuonlineordering.com", true */ 'm', 'e', 'n', 'u', 'o', 'n', 'l', 'i', 'n', 'e', 'o', 'r', 'd', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "menzel-motors.com", true */ 'm', 'e', 'n', 'z', 'e', 'l', '-', 'm', 'o', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "menzietti.it", true */ 'm', 'e', 'n', 'z', 'i', 'e', 't', 't', 'i', '.', 'i', 't', '\0', + /* "mephedrone.org", true */ 'm', 'e', 'p', 'h', 'e', 'd', 'r', 'o', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "meransuedtirol.com", true */ 'm', 'e', 'r', 'a', 'n', 's', 'u', 'e', 'd', 't', 'i', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "mercadobitcoin.com.br", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mercadobitcoin.net", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "mercadoleal.com.br", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'l', 'e', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mercadopago.com", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'p', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "mercamaris.es", true */ 'm', 'e', 'r', 'c', 'a', 'm', 'a', 'r', 'i', 's', '.', 'e', 's', '\0', + /* "mercedes-benz.io", true */ 'm', 'e', 'r', 'c', 'e', 'd', 'e', 's', '-', 'b', 'e', 'n', 'z', '.', 'i', 'o', '\0', + /* "mercedes-ig.de", true */ 'm', 'e', 'r', 'c', 'e', 'd', 'e', 's', '-', 'i', 'g', '.', 'd', 'e', '\0', + /* "mercury-studio.com", true */ 'm', 'e', 'r', 'c', 'u', 'r', 'y', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "mercuryamericas.com", false */ 'm', 'e', 'r', 'c', 'u', 'r', 'y', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "meremeti-online.gr", true */ 'm', 'e', 'r', 'e', 'm', 'e', 't', 'i', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'r', '\0', + /* "meridianstore.com.br", true */ 'm', 'e', 'r', 'i', 'd', 'i', 'a', 'n', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "merimatka.fi", true */ 'm', 'e', 'r', 'i', 'm', 'a', 't', 'k', 'a', '.', 'f', 'i', '\0', + /* "merkel.me", true */ 'm', 'e', 'r', 'k', 'e', 'l', '.', 'm', 'e', '\0', + /* "merlet.eu", true */ 'm', 'e', 'r', 'l', 'e', 't', '.', 'e', 'u', '\0', + /* "merojob.com", true */ 'm', 'e', 'r', 'o', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0', + /* "meronberry.jp", true */ 'm', 'e', 'r', 'o', 'n', 'b', 'e', 'r', 'r', 'y', '.', 'j', 'p', '\0', + /* "mertak.cz", true */ 'm', 'e', 'r', 't', 'a', 'k', '.', 'c', 'z', '\0', + /* "mertarauh.com", true */ 'm', 'e', 'r', 't', 'a', 'r', 'a', 'u', 'h', '.', 'c', 'o', 'm', '\0', + /* "mertcangokgoz.com", true */ 'm', 'e', 'r', 't', 'c', 'a', 'n', 'g', 'o', 'k', 'g', 'o', 'z', '.', 'c', 'o', 'm', '\0', + /* "meruri.com", true */ 'm', 'e', 'r', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "mes-finances.be", true */ 'm', 'e', 's', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'e', 's', '.', 'b', 'e', '\0', + /* "mes10doigts.ovh", true */ 'm', 'e', 's', '1', '0', 'd', 'o', 'i', 'g', 't', 's', '.', 'o', 'v', 'h', '\0', + /* "mescaline.com", true */ 'm', 'e', 's', 'c', 'a', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "mescaline.org", true */ 'm', 'e', 's', 'c', 'a', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "mesh.gov", true */ 'm', 'e', 's', 'h', '.', 'g', 'o', 'v', '\0', + /* "meshok.ru", false */ 'm', 'e', 's', 'h', 'o', 'k', '.', 'r', 'u', '\0', + /* "meshotes.com", true */ 'm', 'e', 's', 'h', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "mesicka.com", true */ 'm', 'e', 's', 'i', 'c', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "messagescelestes-archives.ca", true */ 'm', 'e', 's', 's', 'a', 'g', 'e', 's', 'c', 'e', 'l', 'e', 's', 't', 'e', 's', '-', 'a', 'r', 'c', 'h', 'i', 'v', 'e', 's', '.', 'c', 'a', '\0', + /* "messagescelestes.ca", true */ 'm', 'e', 's', 's', 'a', 'g', 'e', 's', 'c', 'e', 'l', 'e', 's', 't', 'e', 's', '.', 'c', 'a', '\0', + /* "messenger.com", false */ 'm', 'e', 's', 's', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "messer24.ch", true */ 'm', 'e', 's', 's', 'e', 'r', '2', '4', '.', 'c', 'h', '\0', + /* "messymom.com", true */ 'm', 'e', 's', 's', 'y', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "mestazitrka.cz", true */ 'm', 'e', 's', 't', 'a', 'z', 'i', 't', 'r', 'k', 'a', '.', 'c', 'z', '\0', + /* "mestr.es", true */ 'm', 'e', 's', 't', 'r', '.', 'e', 's', '\0', + /* "mesvt.com", true */ 'm', 'e', 's', 'v', 't', '.', 'c', 'o', 'm', '\0', + /* "meta-db.com", true */ 'm', 'e', 't', 'a', '-', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "meta.sc", true */ 'm', 'e', 't', 'a', '.', 's', 'c', '\0', + /* "metachris.com", true */ 'm', 'e', 't', 'a', 'c', 'h', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "metacoda.com", true */ 'm', 'e', 't', 'a', 'c', 'o', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "metacode.biz", true */ 'm', 'e', 't', 'a', 'c', 'o', 'd', 'e', '.', 'b', 'i', 'z', '\0', + /* "metadatawiki.com", true */ 'm', 'e', 't', 'a', 'd', 'a', 't', 'a', 'w', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "metaether.net", true */ 'm', 'e', 't', 'a', 'e', 't', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "metalsculpture.co.uk", true */ 'm', 'e', 't', 'a', 'l', 's', 'c', 'u', 'l', 'p', 't', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "metalu.ch", true */ 'm', 'e', 't', 'a', 'l', 'u', '.', 'c', 'h', '\0', + /* "metapeen.nl", true */ 'm', 'e', 't', 'a', 'p', 'e', 'e', 'n', '.', 'n', 'l', '\0', + /* "metasquare.com.au", true */ 'm', 'e', 't', 'a', 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "metasquare.nyc", true */ 'm', 'e', 't', 'a', 's', 'q', 'u', 'a', 'r', 'e', '.', 'n', 'y', 'c', '\0', + /* "meteenonline.nl", true */ 'm', 'e', 't', 'e', 'e', 'n', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0', + /* "meteo-parc.com", true */ 'm', 'e', 't', 'e', 'o', '-', 'p', 'a', 'r', 'c', '.', 'c', 'o', 'm', '\0', + /* "meteobox.co", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'c', 'o', '\0', + /* "meteobox.cz", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'c', 'z', '\0', + /* "meteobox.de", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'd', 'e', '\0', + /* "meteobox.es", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'e', 's', '\0', + /* "meteobox.fr", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'f', 'r', '\0', + /* "meteobox.mx", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'm', 'x', '\0', + /* "meteobox.pl", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'p', 'l', '\0', + /* "meteobox.sk", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 's', 'k', '\0', + /* "meteorapp.space", true */ 'm', 'e', 't', 'e', 'o', 'r', 'a', 'p', 'p', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "meteosmit.it", true */ 'm', 'e', 't', 'e', 'o', 's', 'm', 'i', 't', '.', 'i', 't', '\0', + /* "meterhost.com", true */ 'm', 'e', 't', 'e', 'r', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "methamphetamine.co.uk", true */ 'm', 'e', 't', 'h', 'a', 'm', 'p', 'h', 'e', 't', 'a', 'm', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "methylone.com", true */ 'm', 'e', 't', 'h', 'y', 'l', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "metikam.pl", true */ 'm', 'e', 't', 'i', 'k', 'a', 'm', '.', 'p', 'l', '\0', + /* "metin2sepeti.com", true */ 'm', 'e', 't', 'i', 'n', '2', 's', 'e', 'p', 'e', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "metroairvirtual.com", true */ 'm', 'e', 't', 'r', 'o', 'a', 'i', 'r', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "metrobriefs.com", true */ 'm', 'e', 't', 'r', 'o', 'b', 'r', 'i', 'e', 'f', 's', '.', 'c', 'o', 'm', '\0', + /* "metrolush.com", true */ 'm', 'e', 't', 'r', 'o', 'l', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "metronaut.de", true */ 'm', 'e', 't', 'r', 'o', 'n', 'a', 'u', 't', '.', 'd', 'e', '\0', + /* "metropop.ch", true */ 'm', 'e', 't', 'r', 'o', 'p', 'o', 'p', '.', 'c', 'h', '\0', + /* "metsasta.com", true */ 'm', 'e', 't', 's', 'a', 's', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "meu-smartphone.com", true */ 'm', 'e', 'u', '-', 's', 'm', 'a', 'r', 't', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "meu-solutions.com", true */ 'm', 'e', 'u', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "meulike.us", true */ 'm', 'e', 'u', 'l', 'i', 'k', 'e', '.', 'u', 's', '\0', + /* "meupedido.online", true */ 'm', 'e', 'u', 'p', 'e', 'd', 'i', 'd', 'o', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "meusigno.com", true */ 'm', 'e', 'u', 's', 'i', 'g', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "mevo.xyz", true */ 'm', 'e', 'v', 'o', '.', 'x', 'y', 'z', '\0', + /* "mevs.cz", true */ 'm', 'e', 'v', 's', '.', 'c', 'z', '\0', + /* "mexican.dating", true */ 'm', 'e', 'x', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "mexicanjokes.net", true */ 'm', 'e', 'x', 'i', 'c', 'a', 'n', 'j', 'o', 'k', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "mexicom.org", true */ 'm', 'e', 'x', 'i', 'c', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "mf-fischer.de", true */ 'm', 'f', '-', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0', + /* "mfgod.com", false */ 'm', 'f', 'g', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "mflodin.se", true */ 'm', 'f', 'l', 'o', 'd', 'i', 'n', '.', 's', 'e', '\0', + /* "mfrsgb45.org", true */ 'm', 'f', 'r', 's', 'g', 'b', '4', '5', '.', 'o', 'r', 'g', '\0', + /* "mft.global", true */ 'm', 'f', 't', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0', + /* "mfxbe.de", true */ 'm', 'f', 'x', 'b', 'e', '.', 'd', 'e', '\0', + /* "mghiorzi.com.ar", false */ 'm', 'g', 'h', 'i', 'o', 'r', 'z', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "mgknet.com", true */ 'm', 'g', 'k', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "mgoessel.de", true */ 'm', 'g', 'o', 'e', 's', 's', 'e', 'l', '.', 'd', 'e', '\0', + /* "mgrossklaus.de", true */ 'm', 'g', 'r', 'o', 's', 's', 'k', 'l', 'a', 'u', 's', '.', 'd', 'e', '\0', + /* "mgrt.net", true */ 'm', 'g', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "mgsisk.com", true */ 'm', 'g', 's', 'i', 's', 'k', '.', 'c', 'o', 'm', '\0', + /* "mhalfter.de", true */ 'm', 'h', 'a', 'l', 'f', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "mhatlaw.com", true */ 'm', 'h', 'a', 't', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "mheistermann.de", true */ 'm', 'h', 'e', 'i', 's', 't', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "mhermans.nl", true */ 'm', 'h', 'e', 'r', 'm', 'a', 'n', 's', '.', 'n', 'l', '\0', + /* "mhi.web.id", true */ 'm', 'h', 'i', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0', + /* "mhmfoundationrepair.com", true */ 'm', 'h', 'm', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "mi-beratung.de", true */ 'm', 'i', '-', 'b', 'e', 'r', 'a', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "mi-so-ji.com", true */ 'm', 'i', '-', 's', 'o', '-', 'j', 'i', '.', 'c', 'o', 'm', '\0', + /* "mi80.com", true */ 'm', 'i', '8', '0', '.', 'c', 'o', 'm', '\0', + /* "mia.ac", true */ 'm', 'i', 'a', '.', 'a', 'c', '\0', + /* "mia.to", true */ 'm', 'i', 'a', '.', 't', 'o', '\0', + /* "miagexport.com", true */ 'm', 'i', 'a', 'g', 'e', 'x', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "miamicityballet.org", true */ 'm', 'i', 'a', 'm', 'i', 'c', 'i', 't', 'y', 'b', 'a', 'l', 'l', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "miaoubox.com", true */ 'm', 'i', 'a', 'o', 'u', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "miaowo.org", true */ 'm', 'i', 'a', 'o', 'w', 'o', '.', 'o', 'r', 'g', '\0', + /* "miasarafina.de", true */ 'm', 'i', 'a', 's', 'a', 'r', 'a', 'f', 'i', 'n', 'a', '.', 'd', 'e', '\0', + /* "miboulot.com", true */ 'm', 'i', 'b', 'o', 'u', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "micado-software.com", true */ 'm', 'i', 'c', 'a', 'd', 'o', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "micaiahparker.com", true */ 'm', 'i', 'c', 'a', 'i', 'a', 'h', 'p', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "micalodeal.ch", true */ 'm', 'i', 'c', 'a', 'l', 'o', 'd', 'e', 'a', 'l', '.', 'c', 'h', '\0', + /* "micasamgmt.com", false */ 'm', 'i', 'c', 'a', 's', 'a', 'm', 'g', 'm', 't', '.', 'c', 'o', 'm', '\0', + /* "micbase.com", true */ 'm', 'i', 'c', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "michael-rigart.be", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 'r', 'i', 'g', 'a', 'r', 't', '.', 'b', 'e', '\0', + /* "michael-schefczyk.de", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0', + /* "michael-schilling.de", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 's', 'c', 'h', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "michael-steinhauer.eu", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 's', 't', 'e', 'i', 'n', 'h', 'a', 'u', 'e', 'r', '.', 'e', 'u', '\0', + /* "michaelasawyer.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'a', 's', 'a', 'w', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "michaelcullen.name", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'c', 'u', 'l', 'l', 'e', 'n', '.', 'n', 'a', 'm', 'e', '\0', + /* "michaeleichorn.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'e', 'i', 'c', 'h', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "michaelizquierdo.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'i', 'z', 'q', 'u', 'i', 'e', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "michaeljdennis.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'j', 'd', 'e', 'n', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "michaelkuchta.me", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'k', 'u', 'c', 'h', 't', 'a', '.', 'm', 'e', '\0', + /* "michaelleibundgut.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'l', 'e', 'i', 'b', 'u', 'n', 'd', 'g', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "michaelpfrommer.de", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'p', 'f', 'r', 'o', 'm', 'm', 'e', 'r', '.', 'd', 'e', '\0', + /* "michaelpfrommer.pub", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'p', 'f', 'r', 'o', 'm', 'm', 'e', 'r', '.', 'p', 'u', 'b', '\0', + /* "michaelrigart.be", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'r', 'i', 'g', 'a', 'r', 't', '.', 'b', 'e', '\0', + /* "michaelschubert.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 's', 'c', 'h', 'u', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "michaelsweater.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 's', 'w', 'e', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "michaeltaboada.me", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 't', 'a', 'b', 'o', 'a', 'd', 'a', '.', 'm', 'e', '\0', + /* "michaeltroger.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 't', 'r', 'o', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "michaeltruskowski.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 't', 'r', 'u', 's', 'k', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "michaelzomer.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'z', 'o', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "michal-spacek.com", true */ 'm', 'i', 'c', 'h', 'a', 'l', '-', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "michal-spacek.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', '-', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'z', '\0', + /* "michalkral.tk", true */ 'm', 'i', 'c', 'h', 'a', 'l', 'k', 'r', 'a', 'l', '.', 't', 'k', '\0', + /* "michalspacek.com", true */ 'm', 'i', 'c', 'h', 'a', 'l', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "michalspacek.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'z', '\0', + /* "michalvasicek.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', 'v', 'a', 's', 'i', 'c', 'e', 'k', '.', 'c', 'z', '\0', + /* "michalwiglasz.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', 'w', 'i', 'g', 'l', 'a', 's', 'z', '.', 'c', 'z', '\0', + /* "michasfahrschule.com", true */ 'm', 'i', 'c', 'h', 'a', 's', 'f', 'a', 'h', 'r', 's', 'c', 'h', 'u', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "michel-wein.de", true */ 'm', 'i', 'c', 'h', 'e', 'l', '-', 'w', 'e', 'i', 'n', '.', 'd', 'e', '\0', + /* "michel.pt", true */ 'm', 'i', 'c', 'h', 'e', 'l', '.', 'p', 't', '\0', + /* "michelledonelan.co.uk", true */ 'm', 'i', 'c', 'h', 'e', 'l', 'l', 'e', 'd', 'o', 'n', 'e', 'l', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "michiganunionoptout.com", true */ 'm', 'i', 'c', 'h', 'i', 'g', 'a', 'n', 'u', 'n', 'i', 'o', 'n', 'o', 'p', 't', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "michmexguides.com.mx", true */ 'm', 'i', 'c', 'h', 'm', 'e', 'x', 'g', 'u', 'i', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "michu.pl", true */ 'm', 'i', 'c', 'h', 'u', '.', 'p', 'l', '\0', + /* "mico.world", true */ 'm', 'i', 'c', 'o', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "miconcinemas.com", true */ 'm', 'i', 'c', 'o', 'n', 'c', 'i', 'n', 'e', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "micr.io", true */ 'm', 'i', 'c', 'r', '.', 'i', 'o', '\0', + /* "micr0lab.org", true */ 'm', 'i', 'c', 'r', '0', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0', + /* "microbiote-insectes-vecteurs.group", true */ 'm', 'i', 'c', 'r', 'o', 'b', 'i', 'o', 't', 'e', '-', 'i', 'n', 's', 'e', 'c', 't', 'e', 's', '-', 'v', 'e', 'c', 't', 'e', 'u', 'r', 's', '.', 'g', 'r', 'o', 'u', 'p', '\0', + /* "microblading.pe", true */ 'm', 'i', 'c', 'r', 'o', 'b', 'l', 'a', 'd', 'i', 'n', 'g', '.', 'p', 'e', '\0', + /* "microco.sm", true */ 'm', 'i', 'c', 'r', 'o', 'c', 'o', '.', 's', 'm', '\0', + /* "microcomploja.com.br", true */ 'm', 'i', 'c', 'r', 'o', 'c', 'o', 'm', 'p', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "microdesic.com", true */ 'm', 'i', 'c', 'r', 'o', 'd', 'e', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "microdots.de", true */ 'm', 'i', 'c', 'r', 'o', 'd', 'o', 't', 's', '.', 'd', 'e', '\0', + /* "microlinks.org", true */ 'm', 'i', 'c', 'r', 'o', 'l', 'i', 'n', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "microlog.org", true */ 'm', 'i', 'c', 'r', 'o', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0', + /* "micromata.de", true */ 'm', 'i', 'c', 'r', 'o', 'm', 'a', 't', 'a', '.', 'd', 'e', '\0', + /* "microsoftaffiliates.azurewebsites.net", true */ 'm', 'i', 'c', 'r', 'o', 's', 'o', 'f', 't', 'a', 'f', 'f', 'i', 'l', 'i', 'a', 't', 'e', 's', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "microvb.com", true */ 'm', 'i', 'c', 'r', 'o', 'v', 'b', '.', 'c', 'o', 'm', '\0', + /* "midair.io", true */ 'm', 'i', 'd', 'a', 'i', 'r', '.', 'i', 'o', '\0', + /* "midlandgate.de", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 'g', 'a', 't', 'e', '.', 'd', 'e', '\0', + /* "midlandleisuresales.co.uk", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 'l', 'e', 'i', 's', 'u', 'r', 'e', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "midlandsfundays.co.uk", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'f', 'u', 'n', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "midlandsphotobooths.co.uk", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "midlgx.com", true */ 'm', 'i', 'd', 'l', 'g', 'x', '.', 'c', 'o', 'm', '\0', + /* "midnight-visions.de", true */ 'm', 'i', 'd', 'n', 'i', 'g', 'h', 't', '-', 'v', 'i', 's', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0', + /* "midnightmechanism.com", true */ 'm', 'i', 'd', 'n', 'i', 'g', 'h', 't', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "midterm.us", true */ 'm', 'i', 'd', 't', 'e', 'r', 'm', '.', 'u', 's', '\0', + /* "midtowndentistry.com", true */ 'm', 'i', 'd', 't', 'o', 'w', 'n', 'd', 'e', 'n', 't', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "midwestbloggers.org", true */ 'm', 'i', 'd', 'w', 'e', 's', 't', 'b', 'l', 'o', 'g', 'g', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "midweststructuralrepair.com", true */ 'm', 'i', 'd', 'w', 'e', 's', 't', 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'a', 'l', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "mieterschutzkartei.de", true */ 'm', 'i', 'e', 't', 'e', 'r', 's', 'c', 'h', 'u', 't', 'z', 'k', 'a', 'r', 't', 'e', 'i', '.', 'd', 'e', '\0', + /* "mieuxgrandir.ch", true */ 'm', 'i', 'e', 'u', 'x', 'g', 'r', 'a', 'n', 'd', 'i', 'r', '.', 'c', 'h', '\0', + /* "miffy.me", true */ 'm', 'i', 'f', 'f', 'y', '.', 'm', 'e', '\0', + /* "mig5.net", true */ 'm', 'i', 'g', '5', '.', 'n', 'e', 't', '\0', + /* "miggy.org", true */ 'm', 'i', 'g', 'g', 'y', '.', 'o', 'r', 'g', '\0', + /* "mightymillionsraffle.com", true */ 'm', 'i', 'g', 'h', 't', 'y', 'm', 'i', 'l', 'l', 'i', 'o', 'n', 's', 'r', 'a', 'f', 'f', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "miguel.pw", true */ 'm', 'i', 'g', 'u', 'e', 'l', '.', 'p', 'w', '\0', + /* "migueldemoura.com", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'd', 'e', 'm', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "migueldominguez.ch", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'd', 'o', 'm', 'i', 'n', 'g', 'u', 'e', 'z', '.', 'c', 'h', '\0', + /* "miguelgfierro.com", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'g', 'f', 'i', 'e', 'r', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "miguelmartinez.ch", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'm', 'a', 'r', 't', 'i', 'n', 'e', 'z', '.', 'c', 'h', '\0', + /* "miguelmenendez.pro", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'm', 'e', 'n', 'e', 'n', 'd', 'e', 'z', '.', 'p', 'r', 'o', '\0', + /* "miguelmoura.com", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'm', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "miguia.tv", true */ 'm', 'i', 'g', 'u', 'i', 'a', '.', 't', 'v', '\0', + /* "mihnea.net", true */ 'm', 'i', 'h', 'n', 'e', 'a', '.', 'n', 'e', 't', '\0', + /* "mijn-financien.be", true */ 'm', 'i', 'j', 'n', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'e', 'n', '.', 'b', 'e', '\0', + /* "mijnkerstkaarten.be", true */ 'm', 'i', 'j', 'n', 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'b', 'e', '\0', + /* "mijnreisoverzicht.nl", true */ 'm', 'i', 'j', 'n', 'r', 'e', 'i', 's', 'o', 'v', 'e', 'r', 'z', 'i', 'c', 'h', 't', '.', 'n', 'l', '\0', + /* "mijnsite.ovh", true */ 'm', 'i', 'j', 'n', 's', 'i', 't', 'e', '.', 'o', 'v', 'h', '\0', + /* "mijnstembureau.nl", true */ 'm', 'i', 'j', 'n', 's', 't', 'e', 'm', 'b', 'u', 'r', 'e', 'a', 'u', '.', 'n', 'l', '\0', + /* "mijntransacties.nl", true */ 'm', 'i', 'j', 'n', 't', 'r', 'a', 'n', 's', 'a', 'c', 't', 'i', 'e', 's', '.', 'n', 'l', '\0', + /* "mika.cat", true */ 'm', 'i', 'k', 'a', '.', 'c', 'a', 't', '\0', + /* "mika.moe", true */ 'm', 'i', 'k', 'a', '.', 'm', 'o', 'e', '\0', + /* "mikadoe.nl", true */ 'm', 'i', 'k', 'a', 'd', 'o', 'e', '.', 'n', 'l', '\0', + /* "mikaela.info", true */ 'm', 'i', 'k', 'a', 'e', 'l', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "mikakalevi.com", true */ 'm', 'i', 'k', 'a', 'k', 'a', 'l', 'e', 'v', 'i', '.', 'c', 'o', 'm', '\0', + /* "mikalikes.men", true */ 'm', 'i', 'k', 'a', 'l', 'i', 'k', 'e', 's', '.', 'm', 'e', 'n', '\0', + /* "mike-bland.com", true */ 'm', 'i', 'k', 'e', '-', 'b', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "mike2k.de", true */ 'm', 'i', 'k', 'e', '2', 'k', '.', 'd', 'e', '\0', + /* "mikebelanger.ca", true */ 'm', 'i', 'k', 'e', 'b', 'e', 'l', 'a', 'n', 'g', 'e', 'r', '.', 'c', 'a', '\0', + /* "mikecb.org", true */ 'm', 'i', 'k', 'e', 'c', 'b', '.', 'o', 'r', 'g', '\0', + /* "mikegarnett.co.uk", true */ 'm', 'i', 'k', 'e', 'g', 'a', 'r', 'n', 'e', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mikegerwitz.com", true */ 'm', 'i', 'k', 'e', 'g', 'e', 'r', 'w', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "mikehamburg.com", true */ 'm', 'i', 'k', 'e', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "mikerichards.photography", true */ 'm', 'i', 'k', 'e', 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0', + /* "mikes.tk", true */ 'm', 'i', 'k', 'e', 's', '.', 't', 'k', '\0', + /* "miketabor.com", true */ 'm', 'i', 'k', 'e', 't', 'a', 'b', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "miketheuer.com", true */ 'm', 'i', 'k', 'e', 't', 'h', 'e', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mikevesch.com", true */ 'm', 'i', 'k', 'e', 'v', 'e', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "mikewest.org", true */ 'm', 'i', 'k', 'e', 'w', 'e', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "mikewillia.ms", true */ 'm', 'i', 'k', 'e', 'w', 'i', 'l', 'l', 'i', 'a', '.', 'm', 's', '\0', + /* "mikeybailey.org", true */ 'm', 'i', 'k', 'e', 'y', 'b', 'a', 'i', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0', + /* "mikhlevich.ru", true */ 'm', 'i', 'k', 'h', 'l', 'e', 'v', 'i', 'c', 'h', '.', 'r', 'u', '\0', + /* "miki.it", true */ 'm', 'i', 'k', 'i', '.', 'i', 't', '\0', + /* "mikkelvej.dk", true */ 'm', 'i', 'k', 'k', 'e', 'l', 'v', 'e', 'j', '.', 'd', 'k', '\0', + /* "miklcct.com", true */ 'm', 'i', 'k', 'l', 'c', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "miknight.com", true */ 'm', 'i', 'k', 'n', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "mikonmaa.fi", true */ 'm', 'i', 'k', 'o', 'n', 'm', 'a', 'a', '.', 'f', 'i', '\0', + /* "mikori.sk", true */ 'm', 'i', 'k', 'o', 'r', 'i', '.', 's', 'k', '\0', + /* "mikro-inwestycje.co.uk", true */ 'm', 'i', 'k', 'r', 'o', '-', 'i', 'n', 'w', 'e', 's', 't', 'y', 'c', 'j', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mikrom.cz", false */ 'm', 'i', 'k', 'r', 'o', 'm', '.', 'c', 'z', '\0', + /* "mikropixel.de", true */ 'm', 'i', 'k', 'r', 'o', 'p', 'i', 'x', 'e', 'l', '.', 'd', 'e', '\0', + /* "mikroskeem.eu", true */ 'm', 'i', 'k', 'r', 'o', 's', 'k', 'e', 'e', 'm', '.', 'e', 'u', '\0', + /* "mil-spec.ch", true */ 'm', 'i', 'l', '-', 's', 'p', 'e', 'c', '.', 'c', 'h', '\0', + /* "mil0.com", true */ 'm', 'i', 'l', '0', '.', 'c', 'o', 'm', '\0', + /* "milahendri.com", true */ 'm', 'i', 'l', 'a', 'h', 'e', 'n', 'd', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "milcahsmusings.com", true */ 'm', 'i', 'l', 'c', 'a', 'h', 's', 'm', 'u', 's', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "mileme.com", true */ 'm', 'i', 'l', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "milenaria.es", true */ 'm', 'i', 'l', 'e', 'n', 'a', 'r', 'i', 'a', '.', 'e', 's', '\0', + /* "milesapart.dating", true */ 'm', 'i', 'l', 'e', 's', 'a', 'p', 'a', 'r', 't', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "milhoazul.com.br", true */ 'm', 'i', 'l', 'h', 'o', 'a', 'z', 'u', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "milionshop.sk", true */ 'm', 'i', 'l', 'i', 'o', 'n', 's', 'h', 'o', 'p', '.', 's', 'k', '\0', + /* "militaryconsumer.gov", true */ 'm', 'i', 'l', 'i', 't', 'a', 'r', 'y', 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'g', 'o', 'v', '\0', + /* "milkingit.co.uk", true */ 'm', 'i', 'l', 'k', 'i', 'n', 'g', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "milktea.info", true */ 'm', 'i', 'l', 'k', 't', 'e', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "millanova.wedding", false */ 'm', 'i', 'l', 'l', 'a', 'n', 'o', 'v', 'a', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0', + /* "milldyke.com", true */ 'm', 'i', 'l', 'l', 'd', 'y', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "milldyke.nl", true */ 'm', 'i', 'l', 'l', 'd', 'y', 'k', 'e', '.', 'n', 'l', '\0', + /* "millefleurs.eu", true */ 'm', 'i', 'l', 'l', 'e', 'f', 'l', 'e', 'u', 'r', 's', '.', 'e', 'u', '\0', + /* "millhousenchurch.com", true */ 'm', 'i', 'l', 'l', 'h', 'o', 'u', 's', 'e', 'n', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "millionairessecrets.com", true */ 'm', 'i', 'l', 'l', 'i', 'o', 'n', 'a', 'i', 'r', 'e', 's', 's', 'e', 'c', 'r', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "millistream.com", true */ 'm', 'i', 'l', 'l', 'i', 's', 't', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "millstep.de", true */ 'm', 'i', 'l', 'l', 's', 't', 'e', 'p', '.', 'd', 'e', '\0', + /* "milonga.tips", true */ 'm', 'i', 'l', 'o', 'n', 'g', 'a', '.', 't', 'i', 'p', 's', '\0', + /* "mim.properties", true */ 'm', 'i', 'm', '.', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '\0', + /* "mimbeim.com", true */ 'm', 'i', 'm', 'b', 'e', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "mimemo.io", true */ 'm', 'i', 'm', 'e', 'm', 'o', '.', 'i', 'o', '\0', + /* "mimeo.digital", true */ 'm', 'i', 'm', 'e', 'o', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "mimithedog.com", true */ 'm', 'i', 'm', 'i', 't', 'h', 'e', 'd', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "mimobile.website", true */ 'm', 'i', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0', + /* "mimocad.io", true */ 'm', 'i', 'm', 'o', 'c', 'a', 'd', '.', 'i', 'o', '\0', + /* "mimovrste.com", true */ 'm', 'i', 'm', 'o', 'v', 'r', 's', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "min-sky.no", true */ 'm', 'i', 'n', '-', 's', 'k', 'y', '.', 'n', 'o', '\0', + /* "minacssas.com", true */ 'm', 'i', 'n', 'a', 'c', 's', 's', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "minakov.pro", true */ 'm', 'i', 'n', 'a', 'k', 'o', 'v', '.', 'p', 'r', 'o', '\0', + /* "minami.xyz", true */ 'm', 'i', 'n', 'a', 'm', 'i', '.', 'x', 'y', 'z', '\0', + /* "minamo.io", true */ 'm', 'i', 'n', 'a', 'm', 'o', '.', 'i', 'o', '\0', + /* "minantavla.se", true */ 'm', 'i', 'n', 'a', 'n', 't', 'a', 'v', 'l', 'a', '.', 's', 'e', '\0', + /* "minaprine.com", true */ 'm', 'i', 'n', 'a', 'p', 'r', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "mind-box.ch", true */ 'm', 'i', 'n', 'd', '-', 'b', 'o', 'x', '.', 'c', 'h', '\0', + /* "mind-hochschul-netzwerk.de", true */ 'm', 'i', 'n', 'd', '-', 'h', 'o', 'c', 'h', 's', 'c', 'h', 'u', 'l', '-', 'n', 'e', 't', 'z', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0', + /* "mind-moves.es", true */ 'm', 'i', 'n', 'd', '-', 'm', 'o', 'v', 'e', 's', '.', 'e', 's', '\0', + /* "mindbodycontinuum.com", true */ 'm', 'i', 'n', 'd', 'b', 'o', 'd', 'y', 'c', 'o', 'n', 't', 'i', 'n', 'u', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "mindbodytherapymn.com", true */ 'm', 'i', 'n', 'd', 'b', 'o', 'd', 'y', 't', 'h', 'e', 'r', 'a', 'p', 'y', 'm', 'n', '.', 'c', 'o', 'm', '\0', + /* "mindcoding.ro", true */ 'm', 'i', 'n', 'd', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'r', 'o', '\0', + /* "mindercasso.nl", true */ 'm', 'i', 'n', 'd', 'e', 'r', 'c', 'a', 's', 's', 'o', '.', 'n', 'l', '\0', + /* "mindleaking.org", true */ 'm', 'i', 'n', 'd', 'l', 'e', 'a', 'k', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "mindoktor.se", false */ 'm', 'i', 'n', 'd', 'o', 'k', 't', 'o', 'r', '.', 's', 'e', '\0', + /* "mindorbs.com", true */ 'm', 'i', 'n', 'd', 'o', 'r', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "mindturbo.com", true */ 'm', 'i', 'n', 'd', 't', 'u', 'r', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "mindwerks.net", true */ 'm', 'i', 'n', 'd', 'w', 'e', 'r', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "mindwork.space", true */ 'm', 'i', 'n', 'd', 'w', 'o', 'r', 'k', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "mine260309.me", true */ 'm', 'i', 'n', 'e', '2', '6', '0', '3', '0', '9', '.', 'm', 'e', '\0', + /* "minebier.dk", true */ 'm', 'i', 'n', 'e', 'b', 'i', 'e', 'r', '.', 'd', 'k', '\0', + /* "minecraft-forum.eu", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '-', 'f', 'o', 'r', 'u', 'm', '.', 'e', 'u', '\0', + /* "minecraft-server.eu", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0', + /* "minecraftforum.de", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "minecraftforum.ovh", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'v', 'h', '\0', + /* "minecrell.net", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0', + /* "minei.me", true */ 'm', 'i', 'n', 'e', 'i', '.', 'm', 'e', '\0', + /* "minenash.com", true */ 'm', 'i', 'n', 'e', 'n', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "minepay.net", true */ 'm', 'i', 'n', 'e', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "minepic.org", true */ 'm', 'i', 'n', 'e', 'p', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "minepod.fr", true */ 'm', 'i', 'n', 'e', 'p', 'o', 'd', '.', 'f', 'r', '\0', + /* "minerstat.com", true */ 'm', 'i', 'n', 'e', 'r', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "minesouls.fr", true */ 'm', 'i', 'n', 'e', 's', 'o', 'u', 'l', 's', '.', 'f', 'r', '\0', + /* "minez-nightswatch.com", false */ 'm', 'i', 'n', 'e', 'z', '-', 'n', 'i', 'g', 'h', 't', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "minf3-games.de", true */ 'm', 'i', 'n', 'f', '3', '-', 'g', 'a', 'm', 'e', 's', '.', 'd', 'e', '\0', + /* "mingram.net", true */ 'm', 'i', 'n', 'g', 'r', 'a', 'm', '.', 'n', 'e', 't', '\0', + /* "mingwah.ch", true */ 'm', 'i', 'n', 'g', 'w', 'a', 'h', '.', 'c', 'h', '\0', + /* "minhanossasenhora.com.br", true */ 'm', 'i', 'n', 'h', 'a', 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mini2.fi", true */ 'm', 'i', 'n', 'i', '2', '.', 'f', 'i', '\0', + /* "minigames.com", true */ 'm', 'i', 'n', 'i', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "minigolf-reisinger.com", true */ 'm', 'i', 'n', 'i', 'g', 'o', 'l', 'f', '-', 'r', 'e', 'i', 's', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "minigolfandgames.co.uk", true */ 'm', 'i', 'n', 'i', 'g', 'o', 'l', 'f', 'a', 'n', 'd', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "minikidz.es", true */ 'm', 'i', 'n', 'i', 'k', 'i', 'd', 'z', '.', 'e', 's', '\0', + /* "minikneet.com", true */ 'm', 'i', 'n', 'i', 'k', 'n', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "minilions.fr", true */ 'm', 'i', 'n', 'i', 'l', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0', + /* "minimaltimer.com", true */ 'm', 'i', 'n', 'i', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "minimayhemsoftplay.co.uk", true */ 'm', 'i', 'n', 'i', 'm', 'a', 'y', 'h', 'e', 'm', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "minimbah.com.au", true */ 'm', 'i', 'n', 'i', 'm', 'b', 'a', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "minimvc.com", true */ 'm', 'i', 'n', 'i', 'm', 'v', 'c', '.', 'c', 'o', 'm', '\0', + /* "minipainting.net", true */ 'm', 'i', 'n', 'i', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "miniskipper.at", true */ 'm', 'i', 'n', 'i', 's', 'k', 'i', 'p', 'p', 'e', 'r', '.', 'a', 't', '\0', + /* "minitrucktalk.com", true */ 'm', 'i', 'n', 'i', 't', 'r', 'u', 'c', 'k', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0', + /* "minkymoon.jp", true */ 'm', 'i', 'n', 'k', 'y', 'm', 'o', 'o', 'n', '.', 'j', 'p', '\0', + /* "minnesotakinkyyouth.org", true */ 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', 'k', 'i', 'n', 'k', 'y', 'y', 'o', 'u', 't', 'h', '.', 'o', 'r', 'g', '\0', + /* "minnesotamathcorps.org", true */ 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', 'm', 'a', 't', 'h', 'c', 'o', 'r', 'p', 's', '.', 'o', 'r', 'g', '\0', + /* "minnesotareadingcorps.org", true */ 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', 'r', 'e', 'a', 'd', 'i', 'n', 'g', 'c', 'o', 'r', 'p', 's', '.', 'o', 'r', 'g', '\0', + /* "minnit.chat", true */ 'm', 'i', 'n', 'n', 'i', 't', '.', 'c', 'h', 'a', 't', '\0', + /* "minor.news", true */ 'm', 'i', 'n', 'o', 'r', '.', 'n', 'e', 'w', 's', '\0', + /* "minorshadows.net", true */ 'm', 'i', 'n', 'o', 'r', 's', 'h', 'a', 'd', 'o', 'w', 's', '.', 'n', 'e', 't', '\0', + /* "minpingvin.dk", true */ 'm', 'i', 'n', 'p', 'i', 'n', 'g', 'v', 'i', 'n', '.', 'd', 'k', '\0', + /* "minschuns.ch", true */ 'm', 'i', 'n', 's', 'c', 'h', 'u', 'n', 's', '.', 'c', 'h', '\0', + /* "mintclass.com", true */ 'm', 'i', 'n', 't', 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "minto.cc", true */ 'm', 'i', 'n', 't', 'o', '.', 'c', 'c', '\0', + /* "mintosherbs.com", true */ 'm', 'i', 'n', 't', 'o', 's', 'h', 'e', 'r', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "mintrak2.com", true */ 'm', 'i', 'n', 't', 'r', 'a', 'k', '2', '.', 'c', 'o', 'm', '\0', + /* "minube.co.cr", true */ 'm', 'i', 'n', 'u', 'b', 'e', '.', 'c', 'o', '.', 'c', 'r', '\0', + /* "minux.info", true */ 'm', 'i', 'n', 'u', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "mipapo.de", true */ 'm', 'i', 'p', 'a', 'p', 'o', '.', 'd', 'e', '\0', + /* "mipiaci.co.nz", false */ 'm', 'i', 'p', 'i', 'a', 'c', 'i', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "mipiaci.com.au", false */ 'm', 'i', 'p', 'i', 'a', 'c', 'i', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "mipla.ch", true */ 'm', 'i', 'p', 'l', 'a', '.', 'c', 'h', '\0', + /* "mipymesenlinea.com", true */ 'm', 'i', 'p', 'y', 'm', 'e', 's', 'e', 'n', 'l', 'i', 'n', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "mir.pe", true */ 'm', 'i', 'r', '.', 'p', 'e', '\0', + /* "miraheze.org", true */ 'm', 'i', 'r', 'a', 'h', 'e', 'z', 'e', '.', 'o', 'r', 'g', '\0', + /* "miraidenshi.com", true */ 'm', 'i', 'r', 'a', 'i', 'd', 'e', 'n', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "mirch.com", true */ 'm', 'i', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "mirco-grams.de", true */ 'm', 'i', 'r', 'c', 'o', '-', 'g', 'r', 'a', 'm', 's', '.', 'd', 'e', '\0', + /* "mireiaseuba.com", true */ 'm', 'i', 'r', 'e', 'i', 'a', 's', 'e', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "mireillewendling.com.br", true */ 'm', 'i', 'r', 'e', 'i', 'l', 'l', 'e', 'w', 'e', 'n', 'd', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mireservaonline.es", true */ 'm', 'i', 'r', 'e', 's', 'e', 'r', 'v', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 's', '\0', + /* "mirkofranz.de", true */ 'm', 'i', 'r', 'k', 'o', 'f', 'r', 'a', 'n', 'z', '.', 'd', 'e', '\0', + /* "mirodasilva.be", true */ 'm', 'i', 'r', 'o', 'd', 'a', 's', 'i', 'l', 'v', 'a', '.', 'b', 'e', '\0', + /* "mironet.cz", true */ 'm', 'i', 'r', 'o', 'n', 'e', 't', '.', 'c', 'z', '\0', + /* "mirshak.com", true */ 'm', 'i', 'r', 's', 'h', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "mirtes.cz", true */ 'm', 'i', 'r', 't', 'e', 's', '.', 'c', 'z', '\0', + /* "mirtouf.fr", true */ 'm', 'i', 'r', 't', 'o', 'u', 'f', '.', 'f', 'r', '\0', + /* "miruc.co", true */ 'm', 'i', 'r', 'u', 'c', '.', 'c', 'o', '\0', + /* "mirucon.com", true */ 'm', 'i', 'r', 'u', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "misakiya.co.jp", true */ 'm', 'i', 's', 'a', 'k', 'i', 'y', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "misclick.nl", true */ 'm', 'i', 's', 'c', 'l', 'i', 'c', 'k', '.', 'n', 'l', '\0', + /* "misconfigured.io", true */ 'm', 'i', 's', 'c', 'o', 'n', 'f', 'i', 'g', 'u', 'r', 'e', 'd', '.', 'i', 'o', '\0', + /* "miscreant.me", true */ 'm', 'i', 's', 'c', 'r', 'e', 'a', 'n', 't', '.', 'm', 'e', '\0', + /* "misericordiasegrate.org", true */ 'm', 'i', 's', 'e', 'r', 'i', 'c', 'o', 'r', 'd', 'i', 'a', 's', 'e', 'g', 'r', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "mishkovskyi.net", true */ 'm', 'i', 's', 'h', 'k', 'o', 'v', 's', 'k', 'y', 'i', '.', 'n', 'e', 't', '\0', + /* "miskatonic.org", true */ 'm', 'i', 's', 'k', 'a', 't', 'o', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "misoji-resist.com", true */ 'm', 'i', 's', 'o', 'j', 'i', '-', 'r', 'e', 's', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "misrv.com", true */ 'm', 'i', 's', 'r', 'v', '.', 'c', 'o', 'm', '\0', + /* "miss-inventory.co.uk", true */ 'm', 'i', 's', 's', '-', 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "miss-platinum.net", true */ 'm', 'i', 's', 's', '-', 'p', 'l', 'a', 't', 'i', 'n', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "miss.com.tw", true */ 'm', 'i', 's', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "missdream.org", true */ 'm', 'i', 's', 's', 'd', 'r', 'e', 'a', 'm', '.', 'o', 'r', 'g', '\0', + /* "misseguf.dk", true */ 'm', 'i', 's', 's', 'e', 'g', 'u', 'f', '.', 'd', 'k', '\0', + /* "missguidedus.com", true */ 'm', 'i', 's', 's', 'g', 'u', 'i', 'd', 'e', 'd', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "mission-orange.de", true */ 'm', 'i', 's', 's', 'i', 'o', 'n', '-', 'o', 'r', 'a', 'n', 'g', 'e', '.', 'd', 'e', '\0', + /* "missionsgemeinde.de", true */ 'm', 'i', 's', 's', 'i', 'o', 'n', 's', 'g', 'e', 'm', 'e', 'i', 'n', 'd', 'e', '.', 'd', 'e', '\0', + /* "missip.nl", true */ 'm', 'i', 's', 's', 'i', 'p', '.', 'n', 'l', '\0', + /* "missjoias.com.br", true */ 'm', 'i', 's', 's', 'j', 'o', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "misskey.xyz", true */ 'm', 'i', 's', 's', 'k', 'e', 'y', '.', 'x', 'y', 'z', '\0', + /* "missoy.me", true */ 'm', 'i', 's', 's', 'o', 'y', '.', 'm', 'e', '\0', + /* "misssex.de", true */ 'm', 'i', 's', 's', 's', 'e', 'x', '.', 'd', 'e', '\0', + /* "missualready.com", true */ 'm', 'i', 's', 's', 'u', 'a', 'l', 'r', 'e', 'a', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "missycosmeticos.com.br", true */ 'm', 'i', 's', 's', 'y', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mistacms.com", true */ 'm', 'i', 's', 't', 'a', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "mister-cooks.fr", true */ 'm', 'i', 's', 't', 'e', 'r', '-', 'c', 'o', 'o', 'k', 's', '.', 'f', 'r', '\0', + /* "mistreaded.com", true */ 'm', 'i', 's', 't', 'r', 'e', 'a', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "mistybox.com", true */ 'm', 'i', 's', 't', 'y', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "misupport.dk", true */ 'm', 'i', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'd', 'k', '\0', + /* "misura.re", true */ 'm', 'i', 's', 'u', 'r', 'a', '.', 'r', 'e', '\0', + /* "misuzu.moe", true */ 'm', 'i', 's', 'u', 'z', 'u', '.', 'm', 'o', 'e', '\0', + /* "mit-uns.org", true */ 'm', 'i', 't', '-', 'u', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "mita.me", true */ 'm', 'i', 't', 'a', '.', 'm', 'e', '\0', + /* "mitaines.ch", true */ 'm', 'i', 't', 'a', 'i', 'n', 'e', 's', '.', 'c', 'h', '\0', + /* "mitchellhandymanservices.co.uk", true */ 'm', 'i', 't', 'c', 'h', 'e', 'l', 'l', 'h', 'a', 'n', 'd', 'y', 'm', 'a', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "miticobikes.com", true */ 'm', 'i', 't', 'i', 'c', 'o', 'b', 'i', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "mitior.net", true */ 'm', 'i', 't', 'i', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "mitnetz-gas.de", true */ 'm', 'i', 't', 'n', 'e', 't', 'z', '-', 'g', 'a', 's', '.', 'd', 'e', '\0', + /* "mitnetz-strom.de", true */ 'm', 'i', 't', 'n', 'e', 't', 'z', '-', 's', 't', 'r', 'o', 'm', '.', 'd', 'e', '\0', + /* "mitrax.com.br", true */ 'm', 'i', 't', 'r', 'a', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mitrecaasd.org", true */ 'm', 'i', 't', 'r', 'e', 'c', 'a', 'a', 's', 'd', '.', 'o', 'r', 'g', '\0', + /* "mitremai.org", true */ 'm', 'i', 't', 'r', 'e', 'm', 'a', 'i', '.', 'o', 'r', 'g', '\0', + /* "mitrostudios.com", true */ 'm', 'i', 't', 'r', 'o', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "mitsign.com", true */ 'm', 'i', 't', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "mitsu-szene.de", true */ 'm', 'i', 't', 's', 'u', '-', 's', 'z', 'e', 'n', 'e', '.', 'd', 'e', '\0', + /* "mitsukabose.com", true */ 'm', 'i', 't', 's', 'u', 'k', 'a', 'b', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "mittagonggardencentre.com.au", true */ 'm', 'i', 't', 't', 'a', 'g', 'o', 'n', 'g', 'g', 'a', 'r', 'd', 'e', 'n', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "mittagonghomestead.com.au", true */ 'm', 'i', 't', 't', 'a', 'g', 'o', 'n', 'g', 'h', 'o', 'm', 'e', 's', 't', 'e', 'a', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "mittelunsachlich.de", true */ 'm', 'i', 't', 't', 'e', 'l', 'u', 'n', 's', 'a', 'c', 'h', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "mittenofficesystems.com", true */ 'm', 'i', 't', 't', 'e', 'n', 'o', 'f', 'f', 'i', 'c', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "mitzpettel.com", true */ 'm', 'i', 't', 'z', 'p', 'e', 't', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "miui-germany.de", true */ 'm', 'i', 'u', 'i', '-', 'g', 'e', 'r', 'm', 'a', 'n', 'y', '.', 'd', 'e', '\0', + /* "miukimodafeminina.com", true */ 'm', 'i', 'u', 'k', 'i', 'm', 'o', 'd', 'a', 'f', 'e', 'm', 'i', 'n', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "mivzakim.net", true */ 'm', 'i', 'v', 'z', 'a', 'k', 'i', 'm', '.', 'n', 'e', 't', '\0', + /* "mixnshake.com", true */ 'm', 'i', 'x', 'n', 's', 'h', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "mixposure.com", true */ 'm', 'i', 'x', 'p', 'o', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "mixtape.moe", true */ 'm', 'i', 'x', 't', 'a', 'p', 'e', '.', 'm', 'o', 'e', '\0', + /* "miya.io", true */ 'm', 'i', 'y', 'a', '.', 'i', 'o', '\0', + /* "miyako-kyoto.jp", true */ 'm', 'i', 'y', 'a', 'k', 'o', '-', 'k', 'y', 'o', 't', 'o', '.', 'j', 'p', '\0', + /* "miyatore.com", true */ 'm', 'i', 'y', 'a', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "miyoshi-kikaku.co.jp", true */ 'm', 'i', 'y', 'o', 's', 'h', 'i', '-', 'k', 'i', 'k', 'a', 'k', 'u', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "miyoshi-kikaku.com", true */ 'm', 'i', 'y', 'o', 's', 'h', 'i', '-', 'k', 'i', 'k', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "miyugirls.com", true */ 'm', 'i', 'y', 'u', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "mizipack.com", true */ 'm', 'i', 'z', 'i', 'p', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "mizque.ch", true */ 'm', 'i', 'z', 'q', 'u', 'e', '.', 'c', 'h', '\0', + /* "mizumax.me", true */ 'm', 'i', 'z', 'u', 'm', 'a', 'x', '.', 'm', 'e', '\0', + /* "mj420.com", true */ 'm', 'j', '4', '2', '0', '.', 'c', 'o', 'm', '\0', + /* "mjacobson.net", true */ 'm', 'j', 'a', 'c', 'o', 'b', 's', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "mjanja.ch", true */ 'm', 'j', 'a', 'n', 'j', 'a', '.', 'c', 'h', '\0', + /* "mjasm.org", true */ 'm', 'j', 'a', 's', 'm', '.', 'o', 'r', 'g', '\0', + /* "mjec.net", true */ 'm', 'j', 'e', 'c', '.', 'n', 'e', 't', '\0', + /* "mjlaurindo.pt", true */ 'm', 'j', 'l', 'a', 'u', 'r', 'i', 'n', 'd', 'o', '.', 'p', 't', '\0', + /* "mjmnagy.info", true */ 'm', 'j', 'm', 'n', 'a', 'g', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "mk89.de", true */ 'm', 'k', '8', '9', '.', 'd', 'e', '\0', + /* "mkacg.com", true */ 'm', 'k', 'a', 'c', 'g', '.', 'c', 'o', 'm', '\0', + /* "mkaciuba.com", true */ 'm', 'k', 'a', 'c', 'i', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "mkakh.com", true */ 'm', 'k', 'a', 'k', 'h', '.', 'c', 'o', 'm', '\0', + /* "mkakh.xyz", true */ 'm', 'k', 'a', 'k', 'h', '.', 'x', 'y', 'z', '\0', + /* "mkasu.org", true */ 'm', 'k', 'a', 's', 'u', '.', 'o', 'r', 'g', '\0', + /* "mkbouncycastles.co.uk", true */ 'm', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mkbouncyhire.co.uk", true */ 'm', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mkcert.org", true */ 'm', 'k', 'c', 'e', 'r', 't', '.', 'o', 'r', 'g', '\0', + /* "mkd.mk", true */ 'm', 'k', 'd', '.', 'm', 'k', '\0', + /* "mkes.com", true */ 'm', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "mkhsoft.eu", true */ 'm', 'k', 'h', 's', 'o', 'f', 't', '.', 'e', 'u', '\0', + /* "mkimage.com", true */ 'm', 'k', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "mklpedia.de", true */ 'm', 'k', 'l', 'p', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0', + /* "mkoppmann.at", true */ 'm', 'k', 'o', 'p', 'p', 'm', 'a', 'n', 'n', '.', 'a', 't', '\0', + /* "mkp-deutschland.de", true */ 'm', 'k', 'p', '-', 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0', + /* "mkpef.org", true */ 'm', 'k', 'p', 'e', 'f', '.', 'o', 'r', 'g', '\0', + /* "mkplay.io", true */ 'm', 'k', 'p', 'l', 'a', 'y', '.', 'i', 'o', '\0', + /* "mksac.co.uk", true */ 'm', 'k', 's', 'a', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mkse.com", true */ 'm', 'k', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "mkset.ru", true */ 'm', 'k', 's', 'e', 't', '.', 'r', 'u', '\0', + /* "mktdigital.info", true */ 'm', 'k', 't', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "mktemp.org", true */ 'm', 'k', 't', 'e', 'm', 'p', '.', 'o', 'r', 'g', '\0', + /* "mkuznets.com", true */ 'm', 'k', 'u', 'z', 'n', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "mkw.st", true */ 'm', 'k', 'w', '.', 's', 't', '\0', + /* "mlcambiental.com.br", true */ 'm', 'l', 'c', 'a', 'm', 'b', 'i', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mlcnfriends.com", true */ 'm', 'l', 'c', 'n', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "mlemay.com", true */ 'm', 'l', 'e', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "mlrslateroofing.com.au", true */ 'm', 'l', 'r', 's', 'l', 'a', 't', 'e', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "mlsrv.de", true */ 'm', 'l', 's', 'r', 'v', '.', 'd', 'e', '\0', + /* "mlundberg.se", true */ 'm', 'l', 'u', 'n', 'd', 'b', 'e', 'r', 'g', '.', 's', 'e', '\0', + /* "mlvbphotography.com", true */ 'm', 'l', 'v', 'b', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "mm13.at", true */ 'm', 'm', '1', '3', '.', 'a', 't', '\0', + /* "mm404.com", true */ 'm', 'm', '4', '0', '4', '.', 'c', 'o', 'm', '\0', + /* "mma-acareporting.com", true */ 'm', 'm', 'a', '-', 'a', 'c', 'a', 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "mmalisz.com", true */ 'm', 'm', 'a', 'l', 'i', 's', 'z', '.', 'c', 'o', 'm', '\0', + /* "mmbb.org", true */ 'm', 'm', 'b', 'b', '.', 'o', 'r', 'g', '\0', + /* "mmcc.pe", true */ 'm', 'm', 'c', 'c', '.', 'p', 'e', '\0', + /* "mmilog.hu", true */ 'm', 'm', 'i', 'l', 'o', 'g', '.', 'h', 'u', '\0', + /* "mmin.us", false */ 'm', 'm', 'i', 'n', '.', 'u', 's', '\0', + /* "mmmarco.com", true */ 'm', 'm', 'm', 'a', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "mmogah.com", true */ 'm', 'm', 'o', 'g', 'a', 'h', '.', 'c', 'o', 'm', '\0', + /* "mmonit.com", true */ 'm', 'm', 'o', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "mmt.my", true */ 'm', 'm', 't', '.', 'm', 'y', '\0', + /* "mmucha.de", true */ 'm', 'm', 'u', 'c', 'h', 'a', '.', 'd', 'e', '\0', + /* "mncloud.de", true */ 'm', 'n', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "mncr.nl", true */ 'm', 'n', 'c', 'r', '.', 'n', 'l', '\0', + /* "mnd.sc", true */ 'm', 'n', 'd', '.', 's', 'c', '\0', + /* "mne.moe", true */ 'm', 'n', 'e', '.', 'm', 'o', 'e', '\0', + /* "mnec.io", true */ 'm', 'n', 'e', 'c', '.', 'i', 'o', '\0', + /* "mnedc.org", true */ 'm', 'n', 'e', 'd', 'c', '.', 'o', 'r', 'g', '\0', + /* "mneeb.de", true */ 'm', 'n', 'e', 'e', 'b', '.', 'd', 'e', '\0', + /* "mnguyen.io", true */ 'm', 'n', 'g', 'u', 'y', 'e', 'n', '.', 'i', 'o', '\0', + /* "mnitro.com", true */ 'm', 'n', 'i', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "mnium.de", true */ 'm', 'n', 'i', 'u', 'm', '.', 'd', 'e', '\0', + /* "mnsure.org", true */ 'm', 'n', 's', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "mnt-tech.fr", true */ 'm', 'n', 't', '-', 't', 'e', 'c', 'h', '.', 'f', 'r', '\0', + /* "mnt9.de", true */ 'm', 'n', 't', '9', '.', 'd', 'e', '\0', + /* "mo.nl", true */ 'm', 'o', '.', 'n', 'l', '\0', + /* "moa.moe", true */ 'm', 'o', 'a', '.', 'm', 'o', 'e', '\0', + /* "mobal.com", true */ 'm', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "mobeforlife.com", true */ 'm', 'o', 'b', 'e', 'f', 'o', 'r', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "mobidea.com", true */ 'm', 'o', 'b', 'i', 'd', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "mobifinans.ru", true */ 'm', 'o', 'b', 'i', 'f', 'i', 'n', 'a', 'n', 's', '.', 'r', 'u', '\0', + /* "mobil-bei-uns.de", true */ 'm', 'o', 'b', 'i', 'l', '-', 'b', 'e', 'i', '-', 'u', 'n', 's', '.', 'd', 'e', '\0', + /* "mobilcom-debitel-empfehlen.de", true */ 'm', 'o', 'b', 'i', 'l', 'c', 'o', 'm', '-', 'd', 'e', 'b', 'i', 't', 'e', 'l', '-', 'e', 'm', 'p', 'f', 'e', 'h', 'l', 'e', 'n', '.', 'd', 'e', '\0', + /* "mobilcom-debitel.de", true */ 'm', 'o', 'b', 'i', 'l', 'c', 'o', 'm', '-', 'd', 'e', 'b', 'i', 't', 'e', 'l', '.', 'd', 'e', '\0', + /* "mobile.united.com", false */ 'm', 'o', 'b', 'i', 'l', 'e', '.', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "mobile.usaa.com", false */ 'm', 'o', 'b', 'i', 'l', 'e', '.', 'u', 's', 'a', 'a', '.', 'c', 'o', 'm', '\0', + /* "mobileread.com", true */ 'm', 'o', 'b', 'i', 'l', 'e', 'r', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "mobileritelushi.com", true */ 'm', 'o', 'b', 'i', 'l', 'e', 'r', 'i', 't', 'e', 'l', 'u', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "mobilesector.de", true */ 'm', 'o', 'b', 'i', 'l', 'e', 's', 'e', 'c', 't', 'o', 'r', '.', 'd', 'e', '\0', + /* "mobiletraff.co", true */ 'm', 'o', 'b', 'i', 'l', 'e', 't', 'r', 'a', 'f', 'f', '.', 'c', 'o', '\0', + /* "mobilewikiserver.com", true */ 'm', 'o', 'b', 'i', 'l', 'e', 'w', 'i', 'k', 'i', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mobilinnov.it", true */ 'm', 'o', 'b', 'i', 'l', 'i', 'n', 'n', 'o', 'v', '.', 'i', 't', '\0', + /* "mobilisation-generale.org", true */ 'm', 'o', 'b', 'i', 'l', 'i', 's', 'a', 't', 'i', 'o', 'n', '-', 'g', 'e', 'n', 'e', 'r', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "mobility-events.ch", true */ 'm', 'o', 'b', 'i', 'l', 'i', 't', 'y', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0', + /* "mobilux.lv", true */ 'm', 'o', 'b', 'i', 'l', 'u', 'x', '.', 'l', 'v', '\0', + /* "mobio.net", true */ 'm', 'o', 'b', 'i', 'o', '.', 'n', 'e', 't', '\0', + /* "mobisaar-cloud.de", true */ 'm', 'o', 'b', 'i', 's', 'a', 'a', 'r', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "mobobe.com", true */ 'm', 'o', 'b', 'o', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "mobsender.com", true */ 'm', 'o', 'b', 's', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mobycoders.com", true */ 'm', 'o', 'b', 'y', 'c', 'o', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "mocarps.hk", true */ 'm', 'o', 'c', 'a', 'r', 'p', 's', '.', 'h', 'k', '\0', + /* "mochanstore.com", true */ 'm', 'o', 'c', 'h', 'a', 'n', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "mochoko.com", true */ 'm', 'o', 'c', 'h', 'o', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "modaexecutiva.com.br", true */ 'm', 'o', 'd', 'a', 'e', 'x', 'e', 'c', 'u', 't', 'i', 'v', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "modafinil.com", true */ 'm', 'o', 'd', 'a', 'f', 'i', 'n', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "modafinil.wiki", true */ 'm', 'o', 'd', 'a', 'f', 'i', 'n', 'i', 'l', '.', 'w', 'i', 'k', 'i', '\0', + /* "modafo.com", true */ 'm', 'o', 'd', 'a', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "modalogi.com", true */ 'm', 'o', 'd', 'a', 'l', 'o', 'g', 'i', '.', 'c', 'o', 'm', '\0', + /* "modcasts.video", true */ 'm', 'o', 'd', 'c', 'a', 's', 't', 's', '.', 'v', 'i', 'd', 'e', 'o', '\0', + /* "modcentral.pw", true */ 'm', 'o', 'd', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'p', 'w', '\0', + /* "mode-hautnah.de", true */ 'm', 'o', 'd', 'e', '-', 'h', 'a', 'u', 't', 'n', 'a', 'h', '.', 'd', 'e', '\0', + /* "mode-individuell.de", true */ 'm', 'o', 'd', 'e', '-', 'i', 'n', 'd', 'i', 'v', 'i', 'd', 'u', 'e', 'l', 'l', '.', 'd', 'e', '\0', + /* "modecaso.com", true */ 'm', 'o', 'd', 'e', 'c', 'a', 's', 'o', '.', 'c', 'o', 'm', '\0', + /* "modehaus-marionk.de", true */ 'm', 'o', 'd', 'e', 'h', 'a', 'u', 's', '-', 'm', 'a', 'r', 'i', 'o', 'n', 'k', '.', 'd', 'e', '\0', + /* "modelcase.co.jp", false */ 'm', 'o', 'd', 'e', 'l', 'c', 'a', 's', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "modelcube.com", true */ 'm', 'o', 'd', 'e', 'l', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "modelservis.cz", true */ 'm', 'o', 'd', 'e', 'l', 's', 'e', 'r', 'v', 'i', 's', '.', 'c', 'z', '\0', + /* "modemaille.com", true */ 'm', 'o', 'd', 'e', 'm', 'a', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "modeportaal.nl", true */ 'm', 'o', 'd', 'e', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 'n', 'l', '\0', + /* "moderatoren.org", true */ 'm', 'o', 'd', 'e', 'r', 'a', 't', 'o', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "moderatorenpool.org", true */ 'm', 'o', 'd', 'e', 'r', 'a', 't', 'o', 'r', 'e', 'n', 'p', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0', + /* "modernapprenticeships.org", true */ 'm', 'o', 'd', 'e', 'r', 'n', 'a', 'p', 'p', 'r', 'e', 'n', 't', 'i', 'c', 'e', 's', 'h', 'i', 'p', 's', '.', 'o', 'r', 'g', '\0', + /* "modernibytovytextil.cz", true */ 'm', 'o', 'd', 'e', 'r', 'n', 'i', 'b', 'y', 't', 'o', 'v', 'y', 't', 'e', 'x', 't', 'i', 'l', '.', 'c', 'z', '\0', + /* "modifiedmind.com", true */ 'm', 'o', 'd', 'i', 'f', 'i', 'e', 'd', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "modistry.com", true */ 'm', 'o', 'd', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "modistryusercontent.com", true */ 'm', 'o', 'd', 'i', 's', 't', 'r', 'y', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "modmountain.com", true */ 'm', 'o', 'd', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "module.market", true */ 'm', 'o', 'd', 'u', 'l', 'e', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0', + /* "moe.pe", true */ 'm', 'o', 'e', '.', 'p', 'e', '\0', + /* "moechel.com", true */ 'm', 'o', 'e', 'c', 'h', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "moefactory.com", true */ 'm', 'o', 'e', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "moefi.xyz", true */ 'm', 'o', 'e', 'f', 'i', '.', 'x', 'y', 'z', '\0', + /* "moehrke.cc", true */ 'm', 'o', 'e', 'h', 'r', 'k', 'e', '.', 'c', 'c', '\0', + /* "moellers.systems", true */ 'm', 'o', 'e', 'l', 'l', 'e', 'r', 's', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0', + /* "moetrack.com", true */ 'm', 'o', 'e', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "mofohome.dyndns.org", true */ 'm', 'o', 'f', 'o', 'h', 'o', 'm', 'e', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "moha-swiss.com", true */ 'm', 'o', 'h', 'a', '-', 's', 'w', 'i', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "mohanmekap.com", true */ 'm', 'o', 'h', 'a', 'n', 'm', 'e', 'k', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "mohio.co.nz", true */ 'm', 'o', 'h', 'i', 'o', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "moin.jp", true */ 'm', 'o', 'i', 'n', '.', 'j', 'p', '\0', + /* "moipourtoit.ch", true */ 'm', 'o', 'i', 'p', 'o', 'u', 'r', 't', 'o', 'i', 't', '.', 'c', 'h', '\0', + /* "moipourtoit.com", true */ 'm', 'o', 'i', 'p', 'o', 'u', 'r', 't', 'o', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "moipourtoit.org", true */ 'm', 'o', 'i', 'p', 'o', 'u', 'r', 't', 'o', 'i', 't', '.', 'o', 'r', 'g', '\0', + /* "mojaknjiznica.com", false */ 'm', 'o', 'j', 'a', 'k', 'n', 'j', 'i', 'z', 'n', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "mojapraca.sk", true */ 'm', 'o', 'j', 'a', 'p', 'r', 'a', 'c', 'a', '.', 's', 'k', '\0', + /* "mojavenissanofbarstowparts.com", true */ 'm', 'o', 'j', 'a', 'v', 'e', 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'b', 'a', 'r', 's', 't', 'o', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "mojeco2.cz", true */ 'm', 'o', 'j', 'e', 'c', 'o', '2', '.', 'c', 'z', '\0', + /* "mojefedora.cz", true */ 'm', 'o', 'j', 'e', 'f', 'e', 'd', 'o', 'r', 'a', '.', 'c', 'z', '\0', + /* "mojefilmy.xyz", true */ 'm', 'o', 'j', 'e', 'f', 'i', 'l', 'm', 'y', '.', 'x', 'y', 'z', '\0', + /* "mojilitygroup.com", true */ 'm', 'o', 'j', 'i', 'l', 'i', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "mojnet.eu", true */ 'm', 'o', 'j', 'n', 'e', 't', '.', 'e', 'u', '\0', + /* "mojnet.net", true */ 'm', 'o', 'j', 'n', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "mojoco.co.za", true */ 'm', 'o', 'j', 'o', 'c', 'o', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "mojzis.com", true */ 'm', 'o', 'j', 'z', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "mojzis.cz", true */ 'm', 'o', 'j', 'z', 'i', 's', '.', 'c', 'z', '\0', + /* "mojzisova.com", true */ 'm', 'o', 'j', 'z', 'i', 's', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0', + /* "mokadev.com", true */ 'm', 'o', 'k', 'a', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "mokeedev.review", true */ 'm', 'o', 'k', 'e', 'e', 'd', 'e', 'v', '.', 'r', 'e', 'v', 'i', 'e', 'w', '\0', + /* "mokhtarmial.com", false */ 'm', 'o', 'k', 'h', 't', 'a', 'r', 'm', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "mokote.com", true */ 'm', 'o', 'k', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "mokum-organics.com", true */ 'm', 'o', 'k', 'u', 'm', '-', 'o', 'r', 'g', 'a', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "molb.org", true */ 'm', 'o', 'l', 'b', '.', 'o', 'r', 'g', '\0', + /* "molecularbiosystems.org", true */ 'm', 'o', 'l', 'e', 'c', 'u', 'l', 'a', 'r', 'b', 'i', 'o', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'o', 'r', 'g', '\0', + /* "molinero.xyz", true */ 'm', 'o', 'l', 'i', 'n', 'e', 'r', 'o', '.', 'x', 'y', 'z', '\0', + /* "molti.hu", true */ 'm', 'o', 'l', 't', 'i', '.', 'h', 'u', '\0', + /* "molunerfinn.com", true */ 'm', 'o', 'l', 'u', 'n', 'e', 'r', 'f', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "molwick.com", true */ 'm', 'o', 'l', 'w', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "momentumdash.com", true */ 'm', 'o', 'm', 'e', 'n', 't', 'u', 'm', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "momirfarooq.com", true */ 'm', 'o', 'm', 'i', 'r', 'f', 'a', 'r', 'o', 'o', 'q', '.', 'c', 'o', 'm', '\0', + /* "momozeit.de", true */ 'm', 'o', 'm', 'o', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0', + /* "momstableonline.com", true */ 'm', 'o', 'm', 's', 't', 'a', 'b', 'l', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "momut.org", true */ 'm', 'o', 'm', 'u', 't', '.', 'o', 'r', 'g', '\0', + /* "mon-agenda.org", false */ 'm', 'o', 'n', '-', 'a', 'g', 'e', 'n', 'd', 'a', '.', 'o', 'r', 'g', '\0', + /* "mon-partage.fr", true */ 'm', 'o', 'n', '-', 'p', 'a', 'r', 't', 'a', 'g', 'e', '.', 'f', 'r', '\0', + /* "mon-trafic.com", true */ 'm', 'o', 'n', '-', 't', 'r', 'a', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "mon22.ch", true */ 'm', 'o', 'n', '2', '2', '.', 'c', 'h', '\0', + /* "mona-antenna.com", true */ 'm', 'o', 'n', 'a', '-', 'a', 'n', 't', 'e', 'n', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "mona-dress.com", true */ 'm', 'o', 'n', 'a', '-', 'd', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "monachatdeco.com", true */ 'm', 'o', 'n', 'a', 'c', 'h', 'a', 't', 'd', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "monalisa.wtf", true */ 'm', 'o', 'n', 'a', 'l', 'i', 's', 'a', '.', 'w', 't', 'f', '\0', + /* "monbudget.org", true */ 'm', 'o', 'n', 'b', 'u', 'd', 'g', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "moncoach.ch", true */ 'm', 'o', 'n', 'c', 'o', 'a', 'c', 'h', '.', 'c', 'h', '\0', + /* "mondedesnovels.com", true */ 'm', 'o', 'n', 'd', 'e', 'd', 'e', 's', 'n', 'o', 'v', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "mondedie.fr", true */ 'm', 'o', 'n', 'd', 'e', 'd', 'i', 'e', '.', 'f', 'r', '\0', + /* "mondial-movers.nl", true */ 'm', 'o', 'n', 'd', 'i', 'a', 'l', '-', 'm', 'o', 'v', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "mondo-it.ch", true */ 'm', 'o', 'n', 'd', 'o', '-', 'i', 't', '.', 'c', 'h', '\0', + /* "moneychangersoftware.com", true */ 'm', 'o', 'n', 'e', 'y', 'c', 'h', 'a', 'n', 'g', 'e', 'r', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "moneygo.se", true */ 'm', 'o', 'n', 'e', 'y', 'g', 'o', '.', 's', 'e', '\0', + /* "moneyhouse.de", true */ 'm', 'o', 'n', 'e', 'y', 'h', 'o', 'u', 's', 'e', '.', 'd', 'e', '\0', + /* "moneytoday.se", true */ 'm', 'o', 'n', 'e', 'y', 't', 'o', 'd', 'a', 'y', '.', 's', 'e', '\0', + /* "monique.io", true */ 'm', 'o', 'n', 'i', 'q', 'u', 'e', '.', 'i', 'o', '\0', + /* "moniquedekermadec.com", true */ 'm', 'o', 'n', 'i', 'q', 'u', 'e', 'd', 'e', 'k', 'e', 'r', 'm', 'a', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "moniquemunhoz.com.br", true */ 'm', 'o', 'n', 'i', 'q', 'u', 'e', 'm', 'u', 'n', 'h', 'o', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "monitman.solutions", true */ 'm', 'o', 'n', 'i', 't', 'm', 'a', 'n', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0', + /* "monitoring.kalisz.pl", true */ 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'k', 'a', 'l', 'i', 's', 'z', '.', 'p', 'l', '\0', + /* "monitzer.com", true */ 'm', 'o', 'n', 'i', 't', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "monix.io", true */ 'm', 'o', 'n', 'i', 'x', '.', 'i', 'o', '\0', + /* "monkeydust.net", true */ 'm', 'o', 'n', 'k', 'e', 'y', 'd', 'u', 's', 't', '.', 'n', 'e', 't', '\0', + /* "monkeyhill.us", true */ 'm', 'o', 'n', 'k', 'e', 'y', 'h', 'i', 'l', 'l', '.', 'u', 's', '\0', + /* "monkeytek.ca", true */ 'm', 'o', 'n', 'k', 'e', 'y', 't', 'e', 'k', '.', 'c', 'a', '\0', + /* "monloyer.quebec", true */ 'm', 'o', 'n', 'l', 'o', 'y', 'e', 'r', '.', 'q', 'u', 'e', 'b', 'e', 'c', '\0', + /* "monnyonle.hu", true */ 'm', 'o', 'n', 'n', 'y', 'o', 'n', 'l', 'e', '.', 'h', 'u', '\0', + /* "monobank.no", true */ 'm', 'o', 'n', 'o', 'b', 'a', 'n', 'k', '.', 'n', 'o', '\0', + /* "monochrometoys.com", true */ 'm', 'o', 'n', 'o', 'c', 'h', 'r', 'o', 'm', 'e', 't', 'o', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "monodukuri.com", true */ 'm', 'o', 'n', 'o', 'd', 'u', 'k', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "monokoo.com", true */ 'm', 'o', 'n', 'o', 'k', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "monolithapps.com", true */ 'm', 'o', 'n', 'o', 'l', 'i', 't', 'h', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "monolithindustries.com", true */ 'm', 'o', 'n', 'o', 'l', 'i', 't', 'h', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "monolithinteractive.com", true */ 'm', 'o', 'n', 'o', 'l', 'i', 't', 'h', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "monoseis-monotica.gr", true */ 'm', 'o', 'n', 'o', 's', 'e', 'i', 's', '-', 'm', 'o', 'n', 'o', 't', 'i', 'c', 'a', '.', 'g', 'r', '\0', + /* "monothesis.com", true */ 'm', 'o', 'n', 'o', 't', 'h', 'e', 's', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "monotsuku.com", true */ 'm', 'o', 'n', 'o', 't', 's', 'u', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "monpc-pro.fr", true */ 'm', 'o', 'n', 'p', 'c', '-', 'p', 'r', 'o', '.', 'f', 'r', '\0', + /* "monpermismoto.com", true */ 'm', 'o', 'n', 'p', 'e', 'r', 'm', 'i', 's', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "monpermisvoiture.com", true */ 'm', 'o', 'n', 'p', 'e', 'r', 'm', 'i', 's', 'v', 'o', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "monpetitforfait.com", true */ 'm', 'o', 'n', 'p', 'e', 't', 'i', 't', 'f', 'o', 'r', 'f', 'a', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "monpetitmobile.com", true */ 'm', 'o', 'n', 'p', 'e', 't', 'i', 't', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "monsieurbureau.com", true */ 'm', 'o', 'n', 's', 'i', 'e', 'u', 'r', 'b', 'u', 'r', 'e', 'a', 'u', '.', 'c', 'o', 'm', '\0', + /* "monsieursavon.ch", true */ 'm', 'o', 'n', 's', 'i', 'e', 'u', 'r', 's', 'a', 'v', 'o', 'n', '.', 'c', 'h', '\0', + /* "monstermashentertainments.co.uk", true */ 'm', 'o', 'n', 's', 't', 'e', 'r', 'm', 'a', 's', 'h', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "montage-kaika.de", true */ 'm', 'o', 'n', 't', 'a', 'g', 'e', '-', 'k', 'a', 'i', 'k', 'a', '.', 'd', 'e', '\0', + /* "montagne-tendance.ch", true */ 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '-', 't', 'e', 'n', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0', + /* "montanana.com", true */ 'm', 'o', 'n', 't', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "montand.com", true */ 'm', 'o', 'n', 't', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "montarfotoaki.com", true */ 'm', 'o', 'n', 't', 'a', 'r', 'f', 'o', 't', 'o', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "montas.io", true */ 'm', 'o', 'n', 't', 'a', 's', '.', 'i', 'o', '\0', + /* "montazer.net", true */ 'm', 'o', 'n', 't', 'a', 'z', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "montenero.pl", true */ 'm', 'o', 'n', 't', 'e', 'n', 'e', 'r', 'o', '.', 'p', 'l', '\0', + /* "monteurzimmerfrei.de", true */ 'm', 'o', 'n', 't', 'e', 'u', 'r', 'z', 'i', 'm', 'm', 'e', 'r', 'f', 'r', 'e', 'i', '.', 'd', 'e', '\0', + /* "montopolis.com", true */ 'm', 'o', 'n', 't', 'o', 'p', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "montpreveyres.ch", true */ 'm', 'o', 'n', 't', 'p', 'r', 'e', 'v', 'e', 'y', 'r', 'e', 's', '.', 'c', 'h', '\0', + /* "montsaintaignan.fr", true */ 'm', 'o', 'n', 't', 's', 'a', 'i', 'n', 't', 'a', 'i', 'g', 'n', 'a', 'n', '.', 'f', 'r', '\0', + /* "montychristie.com", true */ 'm', 'o', 'n', 't', 'y', 'c', 'h', 'r', 'i', 's', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "moo.la", true */ 'm', 'o', 'o', '.', 'l', 'a', '\0', + /* "moobo.co.jp", true */ 'm', 'o', 'o', 'b', 'o', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "moodfoods.com", true */ 'm', 'o', 'o', 'd', 'f', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "moodifiers.com", true */ 'm', 'o', 'o', 'd', 'i', 'f', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "moodzshop.com", true */ 'm', 'o', 'o', 'd', 'z', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "moojp.co.jp", true */ 'm', 'o', 'o', 'j', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "moonagic.com", true */ 'm', 'o', 'o', 'n', 'a', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "moonchart.co.uk", true */ 'm', 'o', 'o', 'n', 'c', 'h', 'a', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "moondrop.org", true */ 'm', 'o', 'o', 'n', 'd', 'r', 'o', 'p', '.', 'o', 'r', 'g', '\0', + /* "moonkin.eu", true */ 'm', 'o', 'o', 'n', 'k', 'i', 'n', '.', 'e', 'u', '\0', + /* "moonmelo.com", true */ 'm', 'o', 'o', 'n', 'm', 'e', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "moonraptor.co.uk", true */ 'm', 'o', 'o', 'n', 'r', 'a', 'p', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "moonraptor.com", true */ 'm', 'o', 'o', 'n', 'r', 'a', 'p', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "moonrhythm.info", true */ 'm', 'o', 'o', 'n', 'r', 'h', 'y', 't', 'h', 'm', '.', 'i', 'n', 'f', 'o', '\0', + /* "moonrhythm.io", true */ 'm', 'o', 'o', 'n', 'r', 'h', 'y', 't', 'h', 'm', '.', 'i', 'o', '\0', + /* "moonshyne.org", true */ 'm', 'o', 'o', 'n', 's', 'h', 'y', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "moonvpn.org", true */ 'm', 'o', 'o', 'n', 'v', 'p', 'n', '.', 'o', 'r', 'g', '\0', + /* "moorewelliver.com", true */ 'm', 'o', 'o', 'r', 'e', 'w', 'e', 'l', 'l', 'i', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "moorfunevents.co.uk", true */ 'm', 'o', 'o', 'r', 'f', 'u', 'n', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "moorparkelectrical.com", true */ 'm', 'o', 'o', 'r', 'p', 'a', 'r', 'k', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "mooselook.de", true */ 'm', 'o', 'o', 's', 'e', 'l', 'o', 'o', 'k', '.', 'd', 'e', '\0', + /* "moovablestorage.com", true */ 'm', 'o', 'o', 'v', 'a', 'b', 'l', 'e', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "moparcraft.net", true */ 'm', 'o', 'p', 'a', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "moparisthebest.com", true */ 'm', 'o', 'p', 'a', 'r', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "moparisthebest.net", true */ 'm', 'o', 'p', 'a', 'r', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'n', 'e', 't', '\0', + /* "moparisthebest.org", true */ 'm', 'o', 'p', 'a', 'r', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "moparscape.net", true */ 'm', 'o', 'p', 'a', 'r', 's', 'c', 'a', 'p', 'e', '.', 'n', 'e', 't', '\0', + /* "mopedreifen.de", true */ 'm', 'o', 'p', 'e', 'd', 'r', 'e', 'i', 'f', 'e', 'n', '.', 'd', 'e', '\0', + /* "mople71.cz", true */ 'm', 'o', 'p', 'l', 'e', '7', '1', '.', 'c', 'z', '\0', + /* "moppeleinhorn.de", true */ 'm', 'o', 'p', 'p', 'e', 'l', 'e', 'i', 'n', 'h', 'o', 'r', 'n', '.', 'd', 'e', '\0', + /* "moppy.org", true */ 'm', 'o', 'p', 'p', 'y', '.', 'o', 'r', 'g', '\0', + /* "morbatex.com", true */ 'm', 'o', 'r', 'b', 'a', 't', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "morbitzer.de", false */ 'm', 'o', 'r', 'b', 'i', 't', 'z', 'e', 'r', '.', 'd', 'e', '\0', + /* "morbotron.com", true */ 'm', 'o', 'r', 'b', 'o', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "morchino.ch", true */ 'm', 'o', 'r', 'c', 'h', 'i', 'n', 'o', '.', 'c', 'h', '\0', + /* "morchstore.com", true */ 'm', 'o', 'r', 'c', 'h', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "mordor.io", false */ 'm', 'o', 'r', 'd', 'o', 'r', '.', 'i', 'o', '\0', + /* "moreapp.co.uk", true */ 'm', 'o', 'r', 'e', 'a', 'p', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "morenci.ch", true */ 'm', 'o', 'r', 'e', 'n', 'c', 'i', '.', 'c', 'h', '\0', + /* "morepay.cn", true */ 'm', 'o', 'r', 'e', 'p', 'a', 'y', '.', 'c', 'n', '\0', + /* "moreserviceleads.com", true */ 'm', 'o', 'r', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'l', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "morespacestorage.com.au", true */ 'm', 'o', 'r', 'e', 's', 'p', 'a', 'c', 'e', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "moresw.com", true */ 'm', 'o', 'r', 'e', 's', 'w', '.', 'c', 'o', 'm', '\0', + /* "morganino.eu", true */ 'm', 'o', 'r', 'g', 'a', 'n', 'i', 'n', 'o', '.', 'e', 'u', '\0', + /* "morganino.it", true */ 'm', 'o', 'r', 'g', 'a', 'n', 'i', 'n', 'o', '.', 'i', 't', '\0', + /* "morgansleisure.co.uk", true */ 'm', 'o', 'r', 'g', 'a', 'n', 's', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "moritz-baestlein.de", true */ 'm', 'o', 'r', 'i', 't', 'z', '-', 'b', 'a', 'e', 's', 't', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0', + /* "moritztremmel.de", true */ 'm', 'o', 'r', 'i', 't', 'z', 't', 'r', 'e', 'm', 'm', 'e', 'l', '.', 'd', 'e', '\0', + /* "moriz.de", true */ 'm', 'o', 'r', 'i', 'z', '.', 'd', 'e', '\0', + /* "moriz.net", true */ 'm', 'o', 'r', 'i', 'z', '.', 'n', 'e', 't', '\0', + /* "morphy2k.io", true */ 'm', 'o', 'r', 'p', 'h', 'y', '2', 'k', '.', 'i', 'o', '\0', + /* "morteruelo.net", true */ 'm', 'o', 'r', 't', 'e', 'r', 'u', 'e', 'l', 'o', '.', 'n', 'e', 't', '\0', + /* "mortgagecalculator.biz", true */ 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '.', 'b', 'i', 'z', '\0', + /* "mortis.eu", true */ 'm', 'o', 'r', 't', 'i', 's', '.', 'e', 'u', '\0', + /* "mosaic-design.ru", true */ 'm', 'o', 's', 'a', 'i', 'c', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'r', 'u', '\0', + /* "mosaicadvisors.com", true */ 'm', 'o', 's', 'a', 'i', 'c', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "moscow.dating", true */ 'm', 'o', 's', 'c', 'o', 'w', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "mosfet.cz", true */ 'm', 'o', 's', 'f', 'e', 't', '.', 'c', 'z', '\0', + /* "moshwire.com", true */ 'm', 'o', 's', 'h', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "mosin.org", true */ 'm', 'o', 's', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "moskeedieren.nl", true */ 'm', 'o', 's', 'k', 'e', 'e', 'd', 'i', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0', + /* "moso.io", true */ 'm', 'o', 's', 'o', '.', 'i', 'o', '\0', + /* "mosos.de", true */ 'm', 'o', 's', 'o', 's', '.', 'd', 'e', '\0', + /* "mosscade.com", true */ 'm', 'o', 's', 's', 'c', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "mosstier.com", true */ 'm', 'o', 's', 's', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mostlyharmless.at", true */ 'm', 'o', 's', 't', 'l', 'y', 'h', 'a', 'r', 'm', 'l', 'e', 's', 's', '.', 'a', 't', '\0', + /* "mostlyinfinite.com", true */ 'm', 'o', 's', 't', 'l', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "mostlyoverhead.com", true */ 'm', 'o', 's', 't', 'l', 'y', 'o', 'v', 'e', 'r', 'h', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "motd.ch", true */ 'm', 'o', 't', 'd', '.', 'c', 'h', '\0', + /* "moteksystems.com", true */ 'm', 'o', 't', 'e', 'k', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "motezazer.fr", true */ 'm', 'o', 't', 'e', 'z', 'a', 'z', 'e', 'r', '.', 'f', 'r', '\0', + /* "motherboard.services", true */ 'm', 'o', 't', 'h', 'e', 'r', 'b', 'o', 'a', 'r', 'd', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0', + /* "mothereff.in", false */ 'm', 'o', 't', 'h', 'e', 'r', 'e', 'f', 'f', '.', 'i', 'n', '\0', + /* "motionless.nl", true */ 'm', 'o', 't', 'i', 'o', 'n', 'l', 'e', 's', 's', '.', 'n', 'l', '\0', + /* "motohell.com", true */ 'm', 'o', 't', 'o', 'h', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "motojato.com.br", true */ 'm', 'o', 't', 'o', 'j', 'a', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "motonauticaibiza.com", true */ 'm', 'o', 't', 'o', 'n', 'a', 'u', 't', 'i', 'c', 'a', 'i', 'b', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "motorcheck.ie", true */ 'm', 'o', 't', 'o', 'r', 'c', 'h', 'e', 'c', 'k', '.', 'i', 'e', '\0', + /* "motoroilinfo.com", true */ 'm', 'o', 't', 'o', 'r', 'o', 'i', 'l', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "motorpointarenacardiff.co.uk", true */ 'm', 'o', 't', 'o', 'r', 'p', 'o', 'i', 'n', 't', 'a', 'r', 'e', 'n', 'a', 'c', 'a', 'r', 'd', 'i', 'f', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "motorring.ru", true */ 'm', 'o', 't', 'o', 'r', 'r', 'i', 'n', 'g', '.', 'r', 'u', '\0', + /* "motorsplus.com", true */ 'm', 'o', 't', 'o', 'r', 's', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "motoryachtclub-radolfzell.de", true */ 'm', 'o', 't', 'o', 'r', 'y', 'a', 'c', 'h', 't', 'c', 'l', 'u', 'b', '-', 'r', 'a', 'd', 'o', 'l', 'f', 'z', 'e', 'l', 'l', '.', 'd', 'e', '\0', + /* "motosikletevi.com", true */ 'm', 'o', 't', 'o', 's', 'i', 'k', 'l', 'e', 't', 'e', 'v', 'i', '.', 'c', 'o', 'm', '\0', + /* "motostorie.blog", false */ 'm', 'o', 't', 'o', 's', 't', 'o', 'r', 'i', 'e', '.', 'b', 'l', 'o', 'g', '\0', + /* "motransportinfo.com", true */ 'm', 'o', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "mottomortgage.com", true */ 'm', 'o', 't', 't', 'o', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "moube.fr", true */ 'm', 'o', 'u', 'b', 'e', '.', 'f', 'r', '\0', + /* "moulinaparoles.ca", true */ 'm', 'o', 'u', 'l', 'i', 'n', 'a', 'p', 'a', 'r', 'o', 'l', 'e', 's', '.', 'c', 'a', '\0', + /* "moumaobuchiyu.com", true */ 'm', 'o', 'u', 'm', 'a', 'o', 'b', 'u', 'c', 'h', 'i', 'y', 'u', '.', 'c', 'o', 'm', '\0', + /* "mountain-rock.ru", true */ 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', '-', 'r', 'o', 'c', 'k', '.', 'r', 'u', '\0', + /* "mountainactivitysection.org.uk", true */ 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', 's', 'e', 'c', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "mountainroseherbs.com", true */ 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'r', 'o', 's', 'e', 'h', 'e', 'r', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "mountfarmer.de", true */ 'm', 'o', 'u', 'n', 't', 'f', 'a', 'r', 'm', 'e', 'r', '.', 'd', 'e', '\0', + /* "moveek.com", true */ 'm', 'o', 'v', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "moveisfit.com.br", true */ 'm', 'o', 'v', 'e', 'i', 's', 'f', 'i', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "moveltix.net", true */ 'm', 'o', 'v', 'e', 'l', 't', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "movember.com", false */ 'm', 'o', 'v', 'e', 'm', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "movepin.com", true */ 'm', 'o', 'v', 'e', 'p', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "movie-cross.net", true */ 'm', 'o', 'v', 'i', 'e', '-', 'c', 'r', 'o', 's', 's', '.', 'n', 'e', 't', '\0', + /* "movie-infos.net", true */ 'm', 'o', 'v', 'i', 'e', '-', 'i', 'n', 'f', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "movie4k.fyi", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', '.', 'f', 'y', 'i', '\0', + /* "movie4k.life", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', '.', 'l', 'i', 'f', 'e', '\0', + /* "movie4kto.site", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', 't', 'o', '.', 's', 'i', 't', 'e', '\0', + /* "movie4kto.stream", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', 't', 'o', '.', 's', 't', 'r', 'e', 'a', 'm', '\0', + /* "moviedeposit.com", true */ 'm', 'o', 'v', 'i', 'e', 'd', 'e', 'p', 'o', 's', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "moviefreeze.com", true */ 'm', 'o', 'v', 'i', 'e', 'f', 'r', 'e', 'e', 'z', 'e', '.', 'c', 'o', 'm', '\0', + /* "movieguys.org", true */ 'm', 'o', 'v', 'i', 'e', 'g', 'u', 'y', 's', '.', 'o', 'r', 'g', '\0', + /* "movienang.com", true */ 'm', 'o', 'v', 'i', 'e', 'n', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "moviepilot.com", true */ 'm', 'o', 'v', 'i', 'e', 'p', 'i', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "movil.uno", true */ 'm', 'o', 'v', 'i', 'l', '.', 'u', 'n', 'o', '\0', + /* "movinglogistics.nl", false */ 'm', 'o', 'v', 'i', 'n', 'g', 'l', 'o', 'g', 'i', 's', 't', 'i', 'c', 's', '.', 'n', 'l', '\0', + /* "movingoklahoma.org", true */ 'm', 'o', 'v', 'i', 'n', 'g', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'o', 'r', 'g', '\0', + /* "movingtohttps.com", true */ 'm', 'o', 'v', 'i', 'n', 'g', 't', 'o', 'h', 't', 't', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "movlib.org", true */ 'm', 'o', 'v', 'l', 'i', 'b', '.', 'o', 'r', 'g', '\0', + /* "moyer.pub", true */ 'm', 'o', 'y', 'e', 'r', '.', 'p', 'u', 'b', '\0', + /* "moylen.eu", true */ 'm', 'o', 'y', 'l', 'e', 'n', '.', 'e', 'u', '\0', + /* "moyoo.net", true */ 'm', 'o', 'y', 'o', 'o', '.', 'n', 'e', 't', '\0', + /* "mozilla.cz", true */ 'm', 'o', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'z', '\0', + /* "mozillians.org", true */ 'm', 'o', 'z', 'i', 'l', 'l', 'i', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "mozzez.de", true */ 'm', 'o', 'z', 'z', 'e', 'z', '.', 'd', 'e', '\0', + /* "mp3gratuiti.com", true */ 'm', 'p', '3', 'g', 'r', 'a', 't', 'u', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "mpc-hc.org", true */ 'm', 'p', 'c', '-', 'h', 'c', '.', 'o', 'r', 'g', '\0', + /* "mpcompliance.com", true */ 'm', 'p', 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "mpe.org", true */ 'm', 'p', 'e', '.', 'o', 'r', 'g', '\0', + /* "mpetroff.net", true */ 'm', 'p', 'e', 't', 'r', 'o', 'f', 'f', '.', 'n', 'e', 't', '\0', + /* "mpg-universal.com", true */ 'm', 'p', 'g', '-', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "mpg.ovh", true */ 'm', 'p', 'g', '.', 'o', 'v', 'h', '\0', + /* "mpi-sa.fr", true */ 'm', 'p', 'i', '-', 's', 'a', '.', 'f', 'r', '\0', + /* "mpintaamalabanna.it", true */ 'm', 'p', 'i', 'n', 't', 'a', 'a', 'm', 'a', 'l', 'a', 'b', 'a', 'n', 'n', 'a', '.', 'i', 't', '\0', + /* "mplanetphl.fr", true */ 'm', 'p', 'l', 'a', 'n', 'e', 't', 'p', 'h', 'l', '.', 'f', 'r', '\0', + /* "mplant.io", true */ 'm', 'p', 'l', 'a', 'n', 't', '.', 'i', 'o', '\0', + /* "mplicka.cz", true */ 'm', 'p', 'l', 'i', 'c', 'k', 'a', '.', 'c', 'z', '\0', + /* "mplusm.eu", true */ 'm', 'p', 'l', 'u', 's', 'm', '.', 'e', 'u', '\0', + /* "mpn.poker", true */ 'm', 'p', 'n', '.', 'p', 'o', 'k', 'e', 'r', '\0', + /* "mpnpokertour.com", true */ 'm', 'p', 'n', 'p', 'o', 'k', 'e', 'r', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "mpodraza.pl", true */ 'm', 'p', 'o', 'd', 'r', 'a', 'z', 'a', '.', 'p', 'l', '\0', + /* "mpreserver.com", true */ 'm', 'p', 'r', 'e', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mpsgarage.com.au", true */ 'm', 'p', 's', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "mpsoundcraft.com", true */ 'm', 'p', 's', 'o', 'u', 'n', 'd', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "mpy.ovh", true */ 'm', 'p', 'y', '.', 'o', 'v', 'h', '\0', + /* "mr-anderson.org", true */ 'm', 'r', '-', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "mr-labo.jp", true */ 'm', 'r', '-', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0', + /* "mr-nachhilfe.de", true */ 'm', 'r', '-', 'n', 'a', 'c', 'h', 'h', 'i', 'l', 'f', 'e', '.', 'd', 'e', '\0', + /* "mr-wolf.nl", true */ 'm', 'r', '-', 'w', 'o', 'l', 'f', '.', 'n', 'l', '\0', + /* "mrbmafrica.com", true */ 'm', 'r', 'b', 'm', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "mrbounce.com", true */ 'm', 'r', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "mrbouncescrazycastles.co.uk", true */ 'm', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 's', 'c', 'r', 'a', 'z', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mrbouncycastle.com", true */ 'm', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "mrca-sharp.com", true */ 'm', 'r', 'c', 'a', '-', 's', 'h', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "mrcoolevents.com", true */ 'm', 'r', 'c', 'o', 'o', 'l', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "mrd.ninja", true */ 'm', 'r', 'd', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "mrdayman.com", true */ 'm', 'r', 'd', 'a', 'y', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "mrdleisure.co.uk", true */ 'm', 'r', 'd', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mrevolution.eu", true */ 'm', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'e', 'u', '\0', + /* "mrinalpurohit.in", true */ 'm', 'r', 'i', 'n', 'a', 'l', 'p', 'u', 'r', 'o', 'h', 'i', 't', '.', 'i', 'n', '\0', + /* "mrkapowski.com", true */ 'm', 'r', 'k', 'a', 'p', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "mrketolocksmith.com", true */ 'm', 'r', 'k', 'e', 't', 'o', 'l', 'o', 'c', 'k', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "mrleonardo.com", true */ 'm', 'r', 'l', 'e', 'o', 'n', 'a', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "mrmoregame.de", true */ 'm', 'r', 'm', 'o', 'r', 'e', 'g', 'a', 'm', 'e', '.', 'd', 'e', '\0', + /* "mrnh.de", true */ 'm', 'r', 'n', 'h', '.', 'd', 'e', '\0', + /* "mrnh.tk", true */ 'm', 'r', 'n', 'h', '.', 't', 'k', '\0', + /* "mrpropop.com", true */ 'm', 'r', 'p', 'r', 'o', 'p', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "mrs-labo.jp", true */ 'm', 'r', 's', '-', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0', + /* "mrserge.lv", true */ 'm', 'r', 's', 'e', 'r', 'g', 'e', '.', 'l', 'v', '\0', + /* "mrsk.me", true */ 'm', 'r', 's', 'k', '.', 'm', 'e', '\0', + /* "mrstat.co.uk", true */ 'm', 'r', 's', 't', 'a', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mrx.one", true */ 'm', 'r', 'x', '.', 'o', 'n', 'e', '\0', + /* "ms-alternativ.de", true */ 'm', 's', '-', 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', '.', 'd', 'e', '\0', + /* "ms-host.fr", true */ 'm', 's', '-', 'h', 'o', 's', 't', '.', 'f', 'r', '\0', + /* "msa-aesch.ch", true */ 'm', 's', 'a', '-', 'a', 'e', 's', 'c', 'h', '.', 'c', 'h', '\0', + /* "mscc.mu", true */ 'm', 's', 'c', 'c', '.', 'm', 'u', '\0', + /* "mscc.org", true */ 'm', 's', 'c', 'c', '.', 'o', 'r', 'g', '\0', + /* "mscenter.cf", true */ 'm', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'f', '\0', + /* "msch.pw", true */ 'm', 's', 'c', 'h', '.', 'p', 'w', '\0', + /* "mschuessler.org", true */ 'm', 's', 'c', 'h', 'u', 'e', 's', 's', 'l', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "msebera.cz", true */ 'm', 's', 'e', 'b', 'e', 'r', 'a', '.', 'c', 'z', '\0', + /* "msh100.uk", true */ 'm', 's', 'h', '1', '0', '0', '.', 'u', 'k', '\0', + /* "mshemailmarketer.com.au", true */ 'm', 's', 'h', 'e', 'm', 'a', 'i', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "msi-zlin.cz", true */ 'm', 's', 'i', '-', 'z', 'l', 'i', 'n', '.', 'c', 'z', '\0', + /* "msiegmund.com", true */ 'm', 's', 'i', 'e', 'g', 'm', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "msmails.de", true */ 'm', 's', 'm', 'a', 'i', 'l', 's', '.', 'd', 'e', '\0', + /* "msnr.net", true */ 'm', 's', 'n', 'r', '.', 'n', 'e', 't', '\0', + /* "msp66.de", true */ 'm', 's', 'p', '6', '6', '.', 'd', 'e', '\0', + /* "mspnocsupport.com", true */ 'm', 's', 'p', 'n', 'o', 'c', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "msquadrat.de", true */ 'm', 's', 'q', 'u', 'a', 'd', 'r', 'a', 't', '.', 'd', 'e', '\0', + /* "mssys.de", true */ 'm', 's', 's', 'y', 's', '.', 'd', 'e', '\0', + /* "mstdn.blue", true */ 'm', 's', 't', 'd', 'n', '.', 'b', 'l', 'u', 'e', '\0', + /* "mstdn.club", true */ 'm', 's', 't', 'd', 'n', '.', 'c', 'l', 'u', 'b', '\0', + /* "mstdn.fr", true */ 'm', 's', 't', 'd', 'n', '.', 'f', 'r', '\0', + /* "mstdn.io", true */ 'm', 's', 't', 'd', 'n', '.', 'i', 'o', '\0', + /* "mstdn.nl", true */ 'm', 's', 't', 'd', 'n', '.', 'n', 'l', '\0', + /* "mstdn.onl", true */ 'm', 's', 't', 'd', 'n', '.', 'o', 'n', 'l', '\0', + /* "mstiles92.com", true */ 'm', 's', 't', 'i', 'l', 'e', 's', '9', '2', '.', 'c', 'o', 'm', '\0', + /* "msuess.me", true */ 'm', 's', 'u', 'e', 's', 's', '.', 'm', 'e', '\0', + /* "msuna.net", true */ 'm', 's', 'u', 'n', 'a', '.', 'n', 'e', 't', '\0', + /* "msv-limpezas.pt", true */ 'm', 's', 'v', '-', 'l', 'i', 'm', 'p', 'e', 'z', 'a', 's', '.', 'p', 't', '\0', + /* "msx.org", true */ 'm', 's', 'x', '.', 'o', 'r', 'g', '\0', + /* "msz-fotografie.de", true */ 'm', 's', 'z', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'd', 'e', '\0', + /* "mszavodumiru.cz", true */ 'm', 's', 'z', 'a', 'v', 'o', 'd', 'u', 'm', 'i', 'r', 'u', '.', 'c', 'z', '\0', + /* "mt.search.yahoo.com", false */ 'm', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "mt2414.com", true */ 'm', 't', '2', '4', '1', '4', '.', 'c', 'o', 'm', '\0', + /* "mtasa.com", true */ 'm', 't', 'a', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "mtau.com", true */ 'm', 't', 'a', 'u', '.', 'c', 'o', 'm', '\0', + /* "mtb.wtf", true */ 'm', 't', 'b', '.', 'w', 't', 'f', '\0', + /* "mtcq.jp", true */ 'm', 't', 'c', 'q', '.', 'j', 'p', '\0', + /* "mtd.ovh", true */ 'm', 't', 'd', '.', 'o', 'v', 'h', '\0', + /* "mtfgnettoyage.fr", true */ 'm', 't', 'f', 'g', 'n', 'e', 't', 't', 'o', 'y', 'a', 'g', 'e', '.', 'f', 'r', '\0', + /* "mtg-tutor.de", true */ 'm', 't', 'g', '-', 't', 'u', 't', 'o', 'r', '.', 'd', 'e', '\0', + /* "mthode.org", true */ 'm', 't', 'h', 'o', 'd', 'e', '.', 'o', 'r', 'g', '\0', + /* "mths.be", false */ 'm', 't', 'h', 's', '.', 'b', 'e', '\0', + /* "mticareportal.com", true */ 'm', 't', 'i', 'c', 'a', 'r', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "mtirc.co", true */ 'm', 't', 'i', 'r', 'c', '.', 'c', 'o', '\0', + /* "mtnz.co.za", true */ 'm', 't', 'n', 'z', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "mtouch.facebook.com", false */ 'm', 't', 'o', 'u', 'c', 'h', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "mtr.md", true */ 'm', 't', 'r', '.', 'm', 'd', '\0', + /* "mtrock.ru", true */ 'm', 't', 'r', 'o', 'c', 'k', '.', 'r', 'u', '\0', + /* "mts-energia.eu", true */ 'm', 't', 's', '-', 'e', 'n', 'e', 'r', 'g', 'i', 'a', '.', 'e', 'u', '\0', + /* "mts-server.com", true */ 'm', 't', 's', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mtsolar.es", true */ 'm', 't', 's', 'o', 'l', 'a', 'r', '.', 'e', 's', '\0', + /* "mu.search.yahoo.com", false */ 'm', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "muabannhanh.com", false */ 'm', 'u', 'a', 'b', 'a', 'n', 'n', 'h', 'a', 'n', 'h', '.', 'c', 'o', 'm', '\0', + /* "muahahahaha.co.uk", true */ 'm', 'u', 'a', 'h', 'a', 'h', 'a', 'h', 'a', 'h', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mubiflex.nl", true */ 'm', 'u', 'b', 'i', 'f', 'l', 'e', 'x', '.', 'n', 'l', '\0', + /* "muchohentai.com", true */ 'm', 'u', 'c', 'h', 'o', 'h', 'e', 'n', 't', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "muckingabout.eu", true */ 'm', 'u', 'c', 'k', 'i', 'n', 'g', 'a', 'b', 'o', 'u', 't', '.', 'e', 'u', '\0', + /* "mucmail.de", true */ 'm', 'u', 'c', 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0', + /* "mudcrab.us", false */ 'm', 'u', 'd', 'c', 'r', 'a', 'b', '.', 'u', 's', '\0', + /* "muehlemann.net", true */ 'm', 'u', 'e', 'h', 'l', 'e', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0', + /* "muellapp.com", true */ 'm', 'u', 'e', 'l', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "muenchberger.com", true */ 'm', 'u', 'e', 'n', 'c', 'h', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "muenzubi.de", true */ 'm', 'u', 'e', 'n', 'z', 'u', 'b', 'i', '.', 'd', 'e', '\0', + /* "muffet.pw", true */ 'm', 'u', 'f', 'f', 'e', 't', '.', 'p', 'w', '\0', + /* "muga.space", true */ 'm', 'u', 'g', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "muguayuan.com", true */ 'm', 'u', 'g', 'u', 'a', 'y', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "muh.io", true */ 'm', 'u', 'h', '.', 'i', 'o', '\0', + /* "muk-kobetsu.com", true */ 'm', 'u', 'k', '-', 'k', 'o', 'b', 'e', 't', 's', 'u', '.', 'c', 'o', 'm', '\0', + /* "mukka.ch", true */ 'm', 'u', 'k', 'k', 'a', '.', 'c', 'h', '\0', + /* "mulaccosmetics.com", true */ 'm', 'u', 'l', 'a', 'c', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "mulaisehat.com", true */ 'm', 'u', 'l', 'a', 'i', 's', 'e', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "mulej.net", true */ 'm', 'u', 'l', 'e', 'j', '.', 'n', 'e', 't', '\0', + /* "mulheres18.com", true */ 'm', 'u', 'l', 'h', 'e', 'r', 'e', 's', '1', '8', '.', 'c', 'o', 'm', '\0', + /* "mulherportuguesa.com", true */ 'm', 'u', 'l', 'h', 'e', 'r', 'p', 'o', 'r', 't', 'u', 'g', 'u', 'e', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "muling.lu", true */ 'm', 'u', 'l', 'i', 'n', 'g', '.', 'l', 'u', '\0', + /* "mullens-usedcars.be", true */ 'm', 'u', 'l', 'l', 'e', 'n', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "multi-vpn.biz", true */ 'm', 'u', 'l', 't', 'i', '-', 'v', 'p', 'n', '.', 'b', 'i', 'z', '\0', + /* "multibase.pt", true */ 'm', 'u', 'l', 't', 'i', 'b', 'a', 's', 'e', '.', 'p', 't', '\0', + /* "multibit.org", true */ 'm', 'u', 'l', 't', 'i', 'b', 'i', 't', '.', 'o', 'r', 'g', '\0', + /* "multibomasm.com.br", true */ 'm', 'u', 'l', 't', 'i', 'b', 'o', 'm', 'a', 's', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "multicomhost.com", true */ 'm', 'u', 'l', 't', 'i', 'c', 'o', 'm', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "multigamecard.com", true */ 'm', 'u', 'l', 't', 'i', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "multigeist.de", true */ 'm', 'u', 'l', 't', 'i', 'g', 'e', 'i', 's', 't', '.', 'd', 'e', '\0', + /* "multikalender.de", false */ 'm', 'u', 'l', 't', 'i', 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "multimail.work", true */ 'm', 'u', 'l', 't', 'i', 'm', 'a', 'i', 'l', '.', 'w', 'o', 'r', 'k', '\0', + /* "multimedia-pool.com", true */ 'm', 'u', 'l', 't', 'i', 'm', 'e', 'd', 'i', 'a', '-', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "multiplayernow.com", true */ 'm', 'u', 'l', 't', 'i', 'p', 'l', 'a', 'y', 'e', 'r', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "multipleservers.com", true */ 'm', 'u', 'l', 't', 'i', 'p', 'l', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "multiplexcy.com", true */ 'm', 'u', 'l', 't', 'i', 'p', 'l', 'e', 'x', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "multirep.ch", true */ 'm', 'u', 'l', 't', 'i', 'r', 'e', 'p', '.', 'c', 'h', '\0', + /* "multitek.no", true */ 'm', 'u', 'l', 't', 'i', 't', 'e', 'k', '.', 'n', 'o', '\0', + /* "multitheftauto.com", true */ 'm', 'u', 'l', 't', 'i', 't', 'h', 'e', 'f', 't', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "multivpn.cn.com", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'c', 'n', '.', 'c', 'o', 'm', '\0', + /* "multivpn.com.de", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'c', 'o', 'm', '.', 'd', 'e', '\0', + /* "multivpn.com.ua", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "multivpn.fr", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'f', 'r', '\0', + /* "multiworldsoftware.com", true */ 'm', 'u', 'l', 't', 'i', 'w', 'o', 'r', 'l', 'd', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "multrier.fr", true */ 'm', 'u', 'l', 't', 'r', 'i', 'e', 'r', '.', 'f', 'r', '\0', + /* "mumbaionlinegifts.com", true */ 'm', 'u', 'm', 'b', 'a', 'i', 'o', 'n', 'l', 'i', 'n', 'e', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "mumei.space", true */ 'm', 'u', 'm', 'e', 'i', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "mumolabs.com", true */ 'm', 'u', 'm', 'o', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "munchcorp.com", true */ 'm', 'u', 'n', 'c', 'h', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "mundoadulto.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'a', 'd', 'u', 'l', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mundoalpha.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'a', 'l', 'p', 'h', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mundoarabe.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'a', 'r', 'a', 'b', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mundodasmensagens.com", true */ 'm', 'u', 'n', 'd', 'o', 'd', 'a', 's', 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "mundokinderland.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'k', 'i', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "mundolarraz.es", true */ 'm', 'u', 'n', 'd', 'o', 'l', 'a', 'r', 'r', 'a', 'z', '.', 'e', 's', '\0', + /* "mundschenk.at", true */ 'm', 'u', 'n', 'd', 's', 'c', 'h', 'e', 'n', 'k', '.', 'a', 't', '\0', + /* "mundtec.com.br", true */ 'm', 'u', 'n', 'd', 't', 'e', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "munirajiwa.com", true */ 'm', 'u', 'n', 'i', 'r', 'a', 'j', 'i', 'w', 'a', '.', 'c', 'o', 'm', '\0', + /* "munki.org", true */ 'm', 'u', 'n', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "munkibuilds.org", true */ 'm', 'u', 'n', 'k', 'i', 'b', 'u', 'i', 'l', 'd', 's', '.', 'o', 'r', 'g', '\0', + /* "munpanel.com", true */ 'm', 'u', 'n', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "munrabi.com", true */ 'm', 'u', 'n', 'r', 'a', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "muqu.co", true */ 'm', 'u', 'q', 'u', '.', 'c', 'o', '\0', + /* "mur-vegetal-interieur.fr", true */ 'm', 'u', 'r', '-', 'v', 'e', 'g', 'e', 't', 'a', 'l', '-', 'i', 'n', 't', 'e', 'r', 'i', 'e', 'u', 'r', '.', 'f', 'r', '\0', + /* "murakami-sah.com", true */ 'm', 'u', 'r', 'a', 'k', 'a', 'm', 'i', '-', 's', 'a', 'h', '.', 'c', 'o', 'm', '\0', + /* "murdercube.com", true */ 'm', 'u', 'r', 'd', 'e', 'r', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "murfy.kiwi", true */ 'm', 'u', 'r', 'f', 'y', '.', 'k', 'i', 'w', 'i', '\0', + /* "murfy.nz", true */ 'm', 'u', 'r', 'f', 'y', '.', 'n', 'z', '\0', + /* "murgi.de", true */ 'm', 'u', 'r', 'g', 'i', '.', 'd', 'e', '\0', + /* "murmel.it", false */ 'm', 'u', 'r', 'm', 'e', 'l', '.', 'i', 't', '\0', + /* "murof.com.br", true */ 'm', 'u', 'r', 'o', 'f', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "murraycoin.org", true */ 'm', 'u', 'r', 'r', 'a', 'y', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "mursu.directory", true */ 'm', 'u', 'r', 's', 'u', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0', + /* "muscle-tg.com", true */ 'm', 'u', 's', 'c', 'l', 'e', '-', 't', 'g', '.', 'c', 'o', 'm', '\0', + /* "muscleangels.com", true */ 'm', 'u', 's', 'c', 'l', 'e', 'a', 'n', 'g', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "musclecarresearch.com", true */ 'm', 'u', 's', 'c', 'l', 'e', 'c', 'a', 'r', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "muscolinomusic.com", true */ 'm', 'u', 's', 'c', 'o', 'l', 'i', 'n', 'o', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "musearchengine.com", true */ 'm', 'u', 's', 'e', 'a', 'r', 'c', 'h', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "musehelix.com", true */ 'm', 'u', 's', 'e', 'h', 'e', 'l', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "muses-success.info", true */ 'm', 'u', 's', 'e', 's', '-', 's', 'u', 'c', 'c', 'e', 's', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "museumstreak.com", true */ 'm', 'u', 's', 'e', 'u', 'm', 's', 't', 'r', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "mush-room.co.jp", true */ 'm', 'u', 's', 'h', '-', 'r', 'o', 'o', 'm', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "mushikabu.net", true */ 'm', 'u', 's', 'h', 'i', 'k', 'a', 'b', 'u', '.', 'n', 'e', 't', '\0', + /* "music-is-my-life.de", true */ 'm', 'u', 's', 'i', 'c', '-', 'i', 's', '-', 'm', 'y', '-', 'l', 'i', 'f', 'e', '.', 'd', 'e', '\0', + /* "music-project.eu", true */ 'm', 'u', 's', 'i', 'c', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'e', 'u', '\0', + /* "music.amazon.com", true */ 'm', 'u', 's', 'i', 'c', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "musicalive.nl", true */ 'm', 'u', 's', 'i', 'c', 'a', 'l', 'i', 'v', 'e', '.', 'n', 'l', '\0', + /* "musicall.com", true */ 'm', 'u', 's', 'i', 'c', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "musicalschwarzenburg.ch", true */ 'm', 'u', 's', 'i', 'c', 'a', 'l', 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 'n', 'b', 'u', 'r', 'g', '.', 'c', 'h', '\0', + /* "musicchris.de", true */ 'm', 'u', 's', 'i', 'c', 'c', 'h', 'r', 'i', 's', '.', 'd', 'e', '\0', + /* "musicgamegalaxy.de", true */ 'm', 'u', 's', 'i', 'c', 'g', 'a', 'm', 'e', 'g', 'a', 'l', 'a', 'x', 'y', '.', 'd', 'e', '\0', + /* "musician.dating", true */ 'm', 'u', 's', 'i', 'c', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "musickhouseleveling.com", true */ 'm', 'u', 's', 'i', 'c', 'k', 'h', 'o', 'u', 's', 'e', 'l', 'e', 'v', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "musicschoolonline.com", true */ 'm', 'u', 's', 'i', 'c', 's', 'c', 'h', 'o', 'o', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "musicstore.de", false */ 'm', 'u', 's', 'i', 'c', 's', 't', 'o', 'r', 'e', '.', 'd', 'e', '\0', + /* "musicwear.cz", true */ 'm', 'u', 's', 'i', 'c', 'w', 'e', 'a', 'r', '.', 'c', 'z', '\0', + /* "musik-mentaltraining.ch", true */ 'm', 'u', 's', 'i', 'k', '-', 'm', 'e', 'n', 't', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "musikverein-elten.de", true */ 'm', 'u', 's', 'i', 'k', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "musketonhaken.nl", false */ 'm', 'u', 's', 'k', 'e', 't', 'o', 'n', 'h', 'a', 'k', 'e', 'n', '.', 'n', 'l', '\0', + /* "muslim.singles", true */ 'm', 'u', 's', 'l', 'i', 'm', '.', 's', 'i', 'n', 'g', 'l', 'e', 's', '\0', + /* "musmann.io", true */ 'm', 'u', 's', 'm', 'a', 'n', 'n', '.', 'i', 'o', '\0', + /* "muspla.com", true */ 'm', 'u', 's', 'p', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "muspla.com.br", true */ 'm', 'u', 's', 'p', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "musselsblog.com", true */ 'm', 'u', 's', 's', 'e', 'l', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "mustard.co.uk", true */ 'm', 'u', 's', 't', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mustasj.no", true */ 'm', 'u', 's', 't', 'a', 's', 'j', '.', 'n', 'o', '\0', + /* "musthavesforreal.com", true */ 'm', 'u', 's', 't', 'h', 'a', 'v', 'e', 's', 'f', 'o', 'r', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "mutantmonkey.in", true */ 'm', 'u', 't', 'a', 'n', 't', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'i', 'n', '\0', + /* "mutantmonkey.info", true */ 'm', 'u', 't', 'a', 'n', 't', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "mutantmonkey.sexy", true */ 'm', 'u', 't', 'a', 'n', 't', 'm', 'o', 'n', 'k', 'e', 'y', '.', 's', 'e', 'x', 'y', '\0', + /* "mutuals.cool", true */ 'm', 'u', 't', 'u', 'a', 'l', 's', '.', 'c', 'o', 'o', 'l', '\0', + /* "mutuelle.fr", true */ 'm', 'u', 't', 'u', 'e', 'l', 'l', 'e', '.', 'f', 'r', '\0', + /* "muusika.fun", true */ 'm', 'u', 'u', 's', 'i', 'k', 'a', '.', 'f', 'u', 'n', '\0', + /* "muusikoiden.net", true */ 'm', 'u', 'u', 's', 'i', 'k', 'o', 'i', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "muwatenraqamy.org", true */ 'm', 'u', 'w', 'a', 't', 'e', 'n', 'r', 'a', 'q', 'a', 'm', 'y', '.', 'o', 'r', 'g', '\0', + /* "muzi.cz", true */ 'm', 'u', 'z', 'i', '.', 'c', 'z', '\0', + /* "mv-wohnen.de", true */ 'm', 'v', '-', 'w', 'o', 'h', 'n', 'e', 'n', '.', 'd', 'e', '\0', + /* "mvandek.nl", true */ 'm', 'v', 'a', 'n', 'd', 'e', 'k', '.', 'n', 'l', '\0', + /* "mvbits.com", true */ 'm', 'v', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "mvno.io", true */ 'm', 'v', 'n', 'o', '.', 'i', 'o', '\0', + /* "mvp-stars.com", true */ 'm', 'v', 'p', '-', 's', 't', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "mw.search.yahoo.com", false */ 'm', 'w', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "mwainc.org", true */ 'm', 'w', 'a', 'i', 'n', 'c', '.', 'o', 'r', 'g', '\0', + /* "mware-staging.azurewebsites.net", true */ 'm', 'w', 'a', 'r', 'e', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "mwavuli.co.ke", true */ 'm', 'w', 'a', 'v', 'u', 'l', 'i', '.', 'c', 'o', '.', 'k', 'e', '\0', + /* "mwba.org", true */ 'm', 'w', 'b', 'a', '.', 'o', 'r', 'g', '\0', + /* "mwe.st", true */ 'm', 'w', 'e', '.', 's', 't', '\0', + /* "mwtdev.se", true */ 'm', 'w', 't', 'd', 'e', 'v', '.', 's', 'e', '\0', + /* "mww.moe", true */ 'm', 'w', 'w', '.', 'm', 'o', 'e', '\0', + /* "mx.org.ua", true */ 'm', 'x', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0', + /* "mx.search.yahoo.com", false */ 'm', 'x', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "mx5international.com", true */ 'm', 'x', '5', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "mxawei.cn", true */ 'm', 'x', 'a', 'w', 'e', 'i', '.', 'c', 'n', '\0', + /* "mxihan.xyz", true */ 'm', 'x', 'i', 'h', 'a', 'n', '.', 'x', 'y', 'z', '\0', + /* "mxlife.org", true */ 'm', 'x', 'l', 'i', 'f', 'e', '.', 'o', 'r', 'g', '\0', + /* "mxp.tw", true */ 'm', 'x', 'p', '.', 't', 'w', '\0', + /* "my-cdn.de", true */ 'm', 'y', '-', 'c', 'd', 'n', '.', 'd', 'e', '\0', + /* "my-contract.ch", true */ 'm', 'y', '-', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'c', 'h', '\0', + /* "my-contract.info", true */ 'm', 'y', '-', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "my-contract.net", true */ 'm', 'y', '-', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'n', 'e', 't', '\0', + /* "my-dick.ru", true */ 'm', 'y', '-', 'd', 'i', 'c', 'k', '.', 'r', 'u', '\0', + /* "my-dns.co.il", true */ 'm', 'y', '-', 'd', 'n', 's', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "my-ebook.es", true */ 'm', 'y', '-', 'e', 'b', 'o', 'o', 'k', '.', 'e', 's', '\0', + /* "my-floor.com", true */ 'm', 'y', '-', 'f', 'l', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "my-host.ovh", true */ 'm', 'y', '-', 'h', 'o', 's', 't', '.', 'o', 'v', 'h', '\0', + /* "my-hps.de", true */ 'm', 'y', '-', 'h', 'p', 's', '.', 'd', 'e', '\0', + /* "my-ip.work", true */ 'm', 'y', '-', 'i', 'p', '.', 'w', 'o', 'r', 'k', '\0', + /* "my-pawnshop.com.ua", false */ 'm', 'y', '-', 'p', 'a', 'w', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "my-plancha.ch", true */ 'm', 'y', '-', 'p', 'l', 'a', 'n', 'c', 'h', 'a', '.', 'c', 'h', '\0', + /* "my-static-demo-808795.c.cdn77.org", true */ 'm', 'y', '-', 's', 't', 'a', 't', 'i', 'c', '-', 'd', 'e', 'm', 'o', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "my-static-live-808795.c.cdn77.org", true */ 'm', 'y', '-', 's', 't', 'a', 't', 'i', 'c', '-', 'l', 'i', 'v', 'e', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "my-voice.nl", false */ 'm', 'y', '-', 'v', 'o', 'i', 'c', 'e', '.', 'n', 'l', '\0', + /* "my.onlime.ch", false */ 'm', 'y', '.', 'o', 'n', 'l', 'i', 'm', 'e', '.', 'c', 'h', '\0', + /* "my.usa.gov", false */ 'm', 'y', '.', 'u', 's', 'a', '.', 'g', 'o', 'v', '\0', + /* "my.xero.com", false */ 'm', 'y', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "myaccount.google.com", false */ 'm', 'y', 'a', 'c', 'c', 'o', 'u', 'n', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "myactivity.google.com", true */ 'm', 'y', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "myadself.com", true */ 'm', 'y', 'a', 'd', 's', 'e', 'l', 'f', '.', 'c', 'o', 'm', '\0', + /* "myaggic.com", true */ 'm', 'y', 'a', 'g', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "myalliancechurch.com", true */ 'm', 'y', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "myamend.com", true */ 'm', 'y', 'a', 'm', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "myamity.info", true */ 'm', 'y', 'a', 'm', 'i', 't', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "myanimelist.net", true */ 'm', 'y', 'a', 'n', 'i', 'm', 'e', 'l', 'i', 's', 't', '.', 'n', 'e', 't', '\0', + /* "myapexcard.com", true */ 'm', 'y', 'a', 'p', 'e', 'x', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "myartsjournal.com", true */ 'm', 'y', 'a', 'r', 't', 's', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "mybb.com", true */ 'm', 'y', 'b', 'b', '.', 'c', 'o', 'm', '\0', + /* "mybb.de", true */ 'm', 'y', 'b', 'b', '.', 'd', 'e', '\0', + /* "mybboard.pl", true */ 'm', 'y', 'b', 'b', 'o', 'a', 'r', 'd', '.', 'p', 'l', '\0', + /* "mybicc.org", true */ 'm', 'y', 'b', 'i', 'c', 'c', '.', 'o', 'r', 'g', '\0', + /* "myblockchain.cloud", true */ 'm', 'y', 'b', 'l', 'o', 'c', 'k', 'c', 'h', 'a', 'i', 'n', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "mybloggedlife.com", true */ 'm', 'y', 'b', 'l', 'o', 'g', 'g', 'e', 'd', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "mybon.at", false */ 'm', 'y', 'b', 'o', 'n', '.', 'a', 't', '\0', + /* "mycard.moe", true */ 'm', 'y', 'c', 'a', 'r', 'd', '.', 'm', 'o', 'e', '\0', + /* "mycieokien.info", false */ 'm', 'y', 'c', 'i', 'e', 'o', 'k', 'i', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "mycircleworks.com", true */ 'm', 'y', 'c', 'i', 'r', 'c', 'l', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "myclinicalstudybuddy.com", true */ 'm', 'y', 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'l', 's', 't', 'u', 'd', 'y', 'b', 'u', 'd', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "mycloud-system.com", true */ 'm', 'y', 'c', 'l', 'o', 'u', 'd', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "mycofairtrade.com", true */ 'm', 'y', 'c', 'o', 'f', 'a', 'i', 'r', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "mycompanion.cz", true */ 'm', 'y', 'c', 'o', 'm', 'p', 'a', 'n', 'i', 'o', 'n', '.', 'c', 'z', '\0', + /* "myconan.net", true */ 'm', 'y', 'c', 'o', 'n', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "myconsulting.ch", true */ 'm', 'y', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "mycontrolmonitor.com", true */ 'm', 'y', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "mycr.eu", true */ 'm', 'y', 'c', 'r', '.', 'e', 'u', '\0', + /* "mycreativeartsconsulting.com", true */ 'm', 'y', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'a', 'r', 't', 's', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "mycreditcardcenter.com", true */ 'm', 'y', 'c', 'r', 'e', 'd', 'i', 't', 'c', 'a', 'r', 'd', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mycrypnet.io", true */ 'm', 'y', 'c', 'r', 'y', 'p', 'n', 'e', 't', '.', 'i', 'o', '\0', + /* "mycrystalgrove.com", true */ 'm', 'y', 'c', 'r', 'y', 's', 't', 'a', 'l', 'g', 'r', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "mycustomwriting.com", true */ 'm', 'y', 'c', 'u', 's', 't', 'o', 'm', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "mydarkstar.net", true */ 'm', 'y', 'd', 'a', 'r', 'k', 's', 't', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "myday.eu.com", true */ 'm', 'y', 'd', 'a', 'y', '.', 'e', 'u', '.', 'c', 'o', 'm', '\0', + /* "mydaywebapp.com", true */ 'm', 'y', 'd', 'a', 'y', 'w', 'e', 'b', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "mydebian.in.ua", true */ 'm', 'y', 'd', 'e', 'b', 'i', 'a', 'n', '.', 'i', 'n', '.', 'u', 'a', '\0', + /* "mydevolo.com", true */ 'm', 'y', 'd', 'e', 'v', 'o', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "mydevolo.de", true */ 'm', 'y', 'd', 'e', 'v', 'o', 'l', 'o', '.', 'd', 'e', '\0', + /* "mydigitalweek.com", true */ 'm', 'y', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'w', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "mydjsongbook.com", true */ 'm', 'y', 'd', 'j', 's', 'o', 'n', 'g', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "mydocserve.com", true */ 'm', 'y', 'd', 'o', 'c', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "mydreamlifelab.com", true */ 'm', 'y', 'd', 'r', 'e', 'a', 'm', 'l', 'i', 'f', 'e', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "myeberspaecher.com", true */ 'm', 'y', 'e', 'b', 'e', 'r', 's', 'p', 'a', 'e', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "myeffect.today", true */ 'm', 'y', 'e', 'f', 'f', 'e', 'c', 't', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "myepass.bg", true */ 'm', 'y', 'e', 'p', 'a', 's', 's', '.', 'b', 'g', '\0', + /* "myepass.de", true */ 'm', 'y', 'e', 'p', 'a', 's', 's', '.', 'd', 'e', '\0', + /* "myfantasysportstalk.com", true */ 'm', 'y', 'f', 'a', 'n', 't', 'a', 's', 'y', 's', 'p', 'o', 'r', 't', 's', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0', + /* "myfedloan.org", true */ 'm', 'y', 'f', 'e', 'd', 'l', 'o', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "myfirenet.com", true */ 'm', 'y', 'f', 'i', 'r', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "myfloridadeferredcomp.com", true */ 'm', 'y', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'd', 'e', 'f', 'e', 'r', 'r', 'e', 'd', 'c', 'o', 'm', 'p', '.', 'c', 'o', 'm', '\0', + /* "myforfaitmobile.com", true */ 'm', 'y', 'f', 'o', 'r', 'f', 'a', 'i', 't', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "myfreemp3.click", true */ 'm', 'y', 'f', 'r', 'e', 'e', 'm', 'p', '3', '.', 'c', 'l', 'i', 'c', 'k', '\0', + /* "myfrenchtattoo.fr", true */ 'm', 'y', 'f', 'r', 'e', 'n', 'c', 'h', 't', 'a', 't', 't', 'o', 'o', '.', 'f', 'r', '\0', + /* "myfunworld.de", true */ 'm', 'y', 'f', 'u', 'n', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0', + /* "myg21.com", true */ 'm', 'y', 'g', '2', '1', '.', 'c', 'o', 'm', '\0', + /* "mygadgetguardian.lookout.com", false */ 'm', 'y', 'g', 'a', 'd', 'g', 'e', 't', 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "mygalgame.com", true */ 'm', 'y', 'g', 'a', 'l', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "mygallery.homelinux.net", true */ 'm', 'y', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '.', 'h', 'o', 'm', 'e', 'l', 'i', 'n', 'u', 'x', '.', 'n', 'e', 't', '\0', + /* "mygaysitges.com", true */ 'm', 'y', 'g', 'a', 'y', 's', 'i', 't', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "mygeneral.org", true */ 'm', 'y', 'g', 'e', 'n', 'e', 'r', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "mygeotrip.com", true */ 'm', 'y', 'g', 'e', 'o', 't', 'r', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "mygoldennetwork.com", true */ 'm', 'y', 'g', 'o', 'l', 'd', 'e', 'n', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "mygpsite.com", true */ 'm', 'y', 'g', 'p', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "mygreatjob.eu", true */ 'm', 'y', 'g', 'r', 'e', 'a', 't', 'j', 'o', 'b', '.', 'e', 'u', '\0', + /* "mygreatjobs.de", true */ 'm', 'y', 'g', 'r', 'e', 'a', 't', 'j', 'o', 'b', 's', '.', 'd', 'e', '\0', + /* "mygretchen.de", true */ 'm', 'y', 'g', 'r', 'e', 't', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "mygrotto.org", true */ 'm', 'y', 'g', 'r', 'o', 't', 't', 'o', '.', 'o', 'r', 'g', '\0', + /* "mygymer.ch", true */ 'm', 'y', 'g', 'y', 'm', 'e', 'r', '.', 'c', 'h', '\0', + /* "myhatsuden.jp", true */ 'm', 'y', 'h', 'a', 't', 's', 'u', 'd', 'e', 'n', '.', 'j', 'p', '\0', + /* "myhealthreviews.com", true */ 'm', 'y', 'h', 'e', 'a', 'l', 't', 'h', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "myhostname.net", true */ 'm', 'y', 'h', 'o', 's', 't', 'n', 'a', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "myimds.com", true */ 'm', 'y', 'i', 'm', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "myimmitracker.com", true */ 'm', 'y', 'i', 'm', 'm', 'i', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "myjumparoo.co.uk", true */ 'm', 'y', 'j', 'u', 'm', 'p', 'a', 'r', 'o', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "myki.co", true */ 'm', 'y', 'k', 'i', '.', 'c', 'o', '\0', + /* "mykontool.de", true */ 'm', 'y', 'k', 'o', 'n', 't', 'o', 'o', 'l', '.', 'd', 'e', '\0', + /* "mylatestnews.org", true */ 'm', 'y', 'l', 'a', 't', 'e', 's', 't', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0', + /* "mylawyer.be", true */ 'm', 'y', 'l', 'a', 'w', 'y', 'e', 'r', '.', 'b', 'e', '\0', + /* "myleanfactory.de", true */ 'm', 'y', 'l', 'e', 'a', 'n', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'd', 'e', '\0', + /* "mylene-chandelier.me", true */ 'm', 'y', 'l', 'e', 'n', 'e', '-', 'c', 'h', 'a', 'n', 'd', 'e', 'l', 'i', 'e', 'r', '.', 'm', 'e', '\0', + /* "mylifeabundant.com", true */ 'm', 'y', 'l', 'i', 'f', 'e', 'a', 'b', 'u', 'n', 'd', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "mylighthost.com", true */ 'm', 'y', 'l', 'i', 'g', 'h', 't', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "myliveupdates.com", true */ 'm', 'y', 'l', 'i', 'v', 'e', 'u', 'p', 'd', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "mylocalsearch.co.uk", true */ 'm', 'y', 'l', 'o', 'c', 'a', 'l', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mylookout.com", false */ 'm', 'y', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "mymadina.com", true */ 'm', 'y', 'm', 'a', 'd', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "mymb.pm", true */ 'm', 'y', 'm', 'b', '.', 'p', 'm', '\0', + /* "mymed.de", true */ 'm', 'y', 'm', 'e', 'd', '.', 'd', 'e', '\0', + /* "mymed.eu", true */ 'm', 'y', 'm', 'e', 'd', '.', 'e', 'u', '\0', + /* "mymommyworld.com", true */ 'm', 'y', 'm', 'o', 'm', 'm', 'y', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "mymotor.nl", true */ 'm', 'y', 'm', 'o', 't', 'o', 'r', '.', 'n', 'l', '\0', + /* "mymp3singer.co", true */ 'm', 'y', 'm', 'p', '3', 's', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', '\0', + /* "mymp3singer.net", true */ 'm', 'y', 'm', 'p', '3', 's', 'i', 'n', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "myms.eu", true */ 'm', 'y', 'm', 's', '.', 'e', 'u', '\0', + /* "mymsr.de", true */ 'm', 'y', 'm', 's', 'r', '.', 'd', 'e', '\0', + /* "mymun.net", true */ 'm', 'y', 'm', 'u', 'n', '.', 'n', 'e', 't', '\0', + /* "mymx.lu", true */ 'm', 'y', 'm', 'x', '.', 'l', 'u', '\0', + /* "myna.go.jp", true */ 'm', 'y', 'n', 'a', '.', 'g', 'o', '.', 'j', 'p', '\0', + /* "myndcommunication.com", true */ 'm', 'y', 'n', 'd', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "mynext.events", true */ 'm', 'y', 'n', 'e', 'x', 't', '.', 'e', 'v', 'e', 'n', 't', 's', '\0', + /* "mynn.io", true */ 'm', 'y', 'n', 'n', '.', 'i', 'o', '\0', + /* "mynook.info", true */ 'm', 'y', 'n', 'o', 'o', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "mynortherngarden.com", true */ 'm', 'y', 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "myon.info", true */ 'm', 'y', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "myonline.hu", true */ 'm', 'y', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'h', 'u', '\0', + /* "myonlinedating.club", true */ 'm', 'y', 'o', 'n', 'l', 'i', 'n', 'e', 'd', 'a', 't', 'i', 'n', 'g', '.', 'c', 'l', 'u', 'b', '\0', + /* "myoptumhealthcomplexmedical.com", true */ 'm', 'y', 'o', 'p', 't', 'u', 'm', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'o', 'm', 'p', 'l', 'e', 'x', 'm', 'e', 'd', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "myoptumhealthparentsteps.com", true */ 'm', 'y', 'o', 'p', 't', 'u', 'm', 'h', 'e', 'a', 'l', 't', 'h', 'p', 'a', 'r', 'e', 'n', 't', 's', 't', 'e', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "myoueb.fr", true */ 'm', 'y', 'o', 'u', 'e', 'b', '.', 'f', 'r', '\0', + /* "myoukochou.com", true */ 'm', 'y', 'o', 'u', 'k', 'o', 'c', 'h', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "myownconference.com", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "myownconference.com.ua", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "myownconference.de", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'd', 'e', '\0', + /* "myownconference.es", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'e', 's', '\0', + /* "myownconference.fr", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'f', 'r', '\0', + /* "myownconference.lt", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'l', 't', '\0', + /* "myownconference.lv", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'l', 'v', '\0', + /* "myownconference.pl", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'p', 'l', '\0', + /* "myownconference.pt", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'p', 't', '\0', + /* "myownconference.ru", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'r', 'u', '\0', + /* "myowndisk.com", true */ 'm', 'y', 'o', 'w', 'n', 'd', 'i', 's', 'k', '.', 'c', 'o', 'm', '\0', + /* "myowndisk.net", true */ 'm', 'y', 'o', 'w', 'n', 'd', 'i', 's', 'k', '.', 'n', 'e', 't', '\0', + /* "myownwebinar.com", true */ 'm', 'y', 'o', 'w', 'n', 'w', 'e', 'b', 'i', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "mypanier.com", true */ 'm', 'y', 'p', 'a', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mypaperwriter.com", true */ 'm', 'y', 'p', 'a', 'p', 'e', 'r', 'w', 'r', 'i', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mypayoffloan.com", true */ 'm', 'y', 'p', 'a', 'y', 'o', 'f', 'f', 'l', 'o', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "myperfumecollection.com", true */ 'm', 'y', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "mypillcard.com", true */ 'm', 'y', 'p', 'i', 'l', 'l', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "myplaceonline.com", true */ 'm', 'y', 'p', 'l', 'a', 'c', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "mypress.mx", true */ 'm', 'y', 'p', 'r', 'e', 's', 's', '.', 'm', 'x', '\0', + /* "myprintcard.de", true */ 'm', 'y', 'p', 'r', 'i', 'n', 't', 'c', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "myproblog.com", true */ 'm', 'y', 'p', 'r', 'o', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "myptsite.com", true */ 'm', 'y', 'p', 't', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "mypup.nl", true */ 'm', 'y', 'p', 'u', 'p', '.', 'n', 'l', '\0', + /* "myrandomtips.com", true */ 'm', 'y', 'r', 'a', 'n', 'd', 'o', 'm', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "myranicol.com", true */ 'm', 'y', 'r', 'a', 'n', 'i', 'c', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "myrealestatemate.com.au", true */ 'm', 'y', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "myrekber.co.id", true */ 'm', 'y', 'r', 'e', 'k', 'b', 'e', 'r', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "myrent.quebec", true */ 'm', 'y', 'r', 'e', 'n', 't', '.', 'q', 'u', 'e', 'b', 'e', 'c', '\0', + /* "myresearchapp.com", true */ 'm', 'y', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "myriadof.com", true */ 'm', 'y', 'r', 'i', 'a', 'd', 'o', 'f', '.', 'c', 'o', 'm', '\0', + /* "myrig.com", true */ 'm', 'y', 'r', 'i', 'g', '.', 'c', 'o', 'm', '\0', + /* "myrig.com.ua", true */ 'm', 'y', 'r', 'i', 'g', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "myrig.io", true */ 'm', 'y', 'r', 'i', 'g', '.', 'i', 'o', '\0', + /* "myrig.ru", true */ 'm', 'y', 'r', 'i', 'g', '.', 'r', 'u', '\0', + /* "myrotvorets.center", true */ 'm', 'y', 'r', 'o', 't', 'v', 'o', 'r', 'e', 't', 's', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0', + /* "myruststats.com", true */ 'm', 'y', 'r', 'u', 's', 't', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "myschoolphoto.org", true */ 'm', 'y', 's', 'c', 'h', 'o', 'o', 'l', 'p', 'h', 'o', 't', 'o', '.', 'o', 'r', 'g', '\0', + /* "myseatime.com", true */ 'm', 'y', 's', 'e', 'a', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "myself5.de", true */ 'm', 'y', 's', 'e', 'l', 'f', '5', '.', 'd', 'e', '\0', + /* "mysignal.com", true */ 'm', 'y', 's', 'i', 'g', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "mysize-condooms.nl", true */ 'm', 'y', 's', 'i', 'z', 'e', '-', 'c', 'o', 'n', 'd', 'o', 'o', 'm', 's', '.', 'n', 'l', '\0', + /* "mysmelly.com", true */ 'm', 'y', 's', 'm', 'e', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "mysocialporn.com", true */ 'm', 'y', 's', 'o', 'c', 'i', 'a', 'l', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "mysocrat.com", true */ 'm', 'y', 's', 'o', 'c', 'r', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "mysoundtalks.com", false */ 'm', 'y', 's', 'o', 'u', 'n', 'd', 't', 'a', 'l', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "myspicer.com", true */ 'm', 'y', 's', 'p', 'i', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mysqldump-secure.org", true */ 'm', 'y', 's', 'q', 'l', 'd', 'u', 'm', 'p', '-', 's', 'e', 'c', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "myssl.com", true */ 'm', 'y', 's', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "mystatus24.com", true */ 'm', 'y', 's', 't', 'a', 't', 'u', 's', '2', '4', '.', 'c', 'o', 'm', '\0', + /* "mysteriouscode.io", true */ 'm', 'y', 's', 't', 'e', 'r', 'i', 'o', 'u', 's', 'c', 'o', 'd', 'e', '.', 'i', 'o', '\0', + /* "mysterymind.ch", true */ 'm', 'y', 's', 't', 'e', 'r', 'y', 'm', 'i', 'n', 'd', '.', 'c', 'h', '\0', + /* "mysterysear.ch", true */ 'm', 'y', 's', 't', 'e', 'r', 'y', 's', 'e', 'a', 'r', '.', 'c', 'h', '\0', + /* "mystic-welten.de", true */ 'm', 'y', 's', 't', 'i', 'c', '-', 'w', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "mystickphysick.com", true */ 'm', 'y', 's', 't', 'i', 'c', 'k', 'p', 'h', 'y', 's', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "mysticplumes.com", true */ 'm', 'y', 's', 't', 'i', 'c', 'p', 'l', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "mystorymonster.com", true */ 'm', 'y', 's', 't', 'o', 'r', 'y', 'm', 'o', 'n', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "mystown.org", true */ 'm', 'y', 's', 't', 'o', 'w', 'n', '.', 'o', 'r', 'g', '\0', + /* "mystudy.me", true */ 'm', 'y', 's', 't', 'u', 'd', 'y', '.', 'm', 'e', '\0', + /* "mystudycart.com", true */ 'm', 'y', 's', 't', 'u', 'd', 'y', 'c', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "mysupboard.de", true */ 'm', 'y', 's', 'u', 'p', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "myswissmailaddress.com", true */ 'm', 'y', 's', 'w', 'i', 's', 's', 'm', 'a', 'i', 'l', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "mytc.fr", true */ 'm', 'y', 't', 'c', '.', 'f', 'r', '\0', + /* "mythengay.ch", true */ 'm', 'y', 't', 'h', 'e', 'n', 'g', 'a', 'y', '.', 'c', 'h', '\0', + /* "mythicdelirium.com", true */ 'm', 'y', 't', 'h', 'i', 'c', 'd', 'e', 'l', 'i', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "mytraiteurs.com", true */ 'm', 'y', 't', 'r', 'a', 'i', 't', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "mytripcar.co.uk", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "mytripcar.com", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "mytripcar.de", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'd', 'e', '\0', + /* "mytripcar.es", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'e', 's', '\0', + /* "mytripcar.fr", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'f', 'r', '\0', + /* "mytruecare.org", true */ 'm', 'y', 't', 'r', 'u', 'e', 'c', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "mytty.net", true */ 'm', 'y', 't', 't', 'y', '.', 'n', 'e', 't', '\0', + /* "myulog.net", true */ 'm', 'y', 'u', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0', + /* "myupdatestar.com", true */ 'm', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "myupdatestudio.com", true */ 'm', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "myupdatesystems.com", true */ 'm', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "myusagepayments.com", true */ 'm', 'y', 'u', 's', 'a', 'g', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "myvacompany.com", true */ 'm', 'y', 'v', 'a', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "myvirtualserver.com", true */ 'm', 'y', 'v', 'i', 'r', 't', 'u', 'a', 'l', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "myvoipnews.com", true */ 'm', 'y', 'v', 'o', 'i', 'p', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "myvpl.com", true */ 'm', 'y', 'v', 'p', 'l', '.', 'c', 'o', 'm', '\0', + /* "mywari.com", true */ 'm', 'y', 'w', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "mywebinar.io", true */ 'm', 'y', 'w', 'e', 'b', 'i', 'n', 'a', 'r', '.', 'i', 'o', '\0', + /* "myworkinfo.com", false */ 'm', 'y', 'w', 'o', 'r', 'k', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "myworth.com.au", true */ 'm', 'y', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "myzina.cz", false */ 'm', 'y', 'z', 'i', 'n', 'a', '.', 'c', 'z', '\0', + /* "mz-mz.net", true */ 'm', 'z', '-', 'm', 'z', '.', 'n', 'e', 't', '\0', + /* "mzh.io", true */ 'm', 'z', 'h', '.', 'i', 'o', '\0', + /* "mziulu.me", false */ 'm', 'z', 'i', 'u', 'l', 'u', '.', 'm', 'e', '\0', + /* "mzorn.photography", true */ 'm', 'z', 'o', 'r', 'n', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0', + /* "n-design.de", true */ 'n', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0', + /* "n-kanazawa.jp", true */ 'n', '-', 'k', 'a', 'n', 'a', 'z', 'a', 'w', 'a', '.', 'j', 'p', '\0', + /* "n-m.lu", true */ 'n', '-', 'm', '.', 'l', 'u', '\0', + /* "n-pix.com", false */ 'n', '-', 'p', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "n-soft.info", true */ 'n', '-', 's', 'o', 'f', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "n-un.de", true */ 'n', '-', 'u', 'n', '.', 'd', 'e', '\0', + /* "n0paste.tk", false */ 'n', '0', 'p', 'a', 's', 't', 'e', '.', 't', 'k', '\0', + /* "n26.com", true */ 'n', '2', '6', '.', 'c', 'o', 'm', '\0', + /* "n2servers.com", true */ 'n', '2', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "n3twork.net", true */ 'n', '3', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "n4v.eu", true */ 'n', '4', 'v', '.', 'e', 'u', '\0', + /* "n6a.net", true */ 'n', '6', 'a', '.', 'n', 'e', 't', '\0', + /* "na.hn", true */ 'n', 'a', '.', 'h', 'n', '\0', + /* "naam.me", true */ 'n', 'a', 'a', 'm', '.', 'm', 'e', '\0', + /* "nabaleka.com", true */ 'n', 'a', 'b', 'a', 'l', 'e', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "nabankco.com", true */ 'n', 'a', 'b', 'a', 'n', 'k', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "nachsendeauftrag.net", true */ 'n', 'a', 'c', 'h', 's', 'e', 'n', 'd', 'e', 'a', 'u', 'f', 't', 'r', 'a', 'g', '.', 'n', 'e', 't', '\0', + /* "nachsenden.info", true */ 'n', 'a', 'c', 'h', 's', 'e', 'n', 'd', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "nachtmuziek.info", true */ 'n', 'a', 'c', 'h', 't', 'm', 'u', 'z', 'i', 'e', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "nacin.com", true */ 'n', 'a', 'c', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "nacktwanderfreunde.de", true */ 'n', 'a', 'c', 'k', 't', 'w', 'a', 'n', 'd', 'e', 'r', 'f', 'r', 'e', 'u', 'n', 'd', 'e', '.', 'd', 'e', '\0', + /* "nacyklo.cz", true */ 'n', 'a', 'c', 'y', 'k', 'l', 'o', '.', 'c', 'z', '\0', + /* "nadaquenosepas.com", true */ 'n', 'a', 'd', 'a', 'q', 'u', 'e', 'n', 'o', 's', 'e', 'p', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "nadejeproninu.cz", true */ 'n', 'a', 'd', 'e', 'j', 'e', 'p', 'r', 'o', 'n', 'i', 'n', 'u', '.', 'c', 'z', '\0', + /* "nadelholzkulturen.de", true */ 'n', 'a', 'd', 'e', 'l', 'h', 'o', 'l', 'z', 'k', 'u', 'l', 't', 'u', 'r', 'e', 'n', '.', 'd', 'e', '\0', + /* "nadine-chaudier.net", true */ 'n', 'a', 'd', 'i', 'n', 'e', '-', 'c', 'h', 'a', 'u', 'd', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "nadyaolcer.fr", true */ 'n', 'a', 'd', 'y', 'a', 'o', 'l', 'c', 'e', 'r', '.', 'f', 'r', '\0', + /* "nafod.net", true */ 'n', 'a', 'f', 'o', 'd', '.', 'n', 'e', 't', '\0', + /* "naga-semi.com", true */ 'n', 'a', 'g', 'a', '-', 's', 'e', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "nagaragem.com.br", true */ 'n', 'a', 'g', 'a', 'r', 'a', 'g', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "nagashi.ma", true */ 'n', 'a', 'g', 'a', 's', 'h', 'i', '.', 'm', 'a', '\0', + /* "nagaya.biz", true */ 'n', 'a', 'g', 'a', 'y', 'a', '.', 'b', 'i', 'z', '\0', + /* "nagb.gov", true */ 'n', 'a', 'g', 'b', '.', 'g', 'o', 'v', '\0', + /* "nagb.org", true */ 'n', 'a', 'g', 'b', '.', 'o', 'r', 'g', '\0', + /* "nagel-dentaltechnik.de", true */ 'n', 'a', 'g', 'e', 'l', '-', 'd', 'e', 'n', 't', 'a', 'l', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0', + /* "nagelfam.com", true */ 'n', 'a', 'g', 'e', 'l', 'f', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "naggie.net", true */ 'n', 'a', 'g', 'g', 'i', 'e', '.', 'n', 'e', 't', '\0', + /* "nah.nz", true */ 'n', 'a', 'h', '.', 'n', 'z', '\0', + /* "nah.re", true */ 'n', 'a', 'h', '.', 'r', 'e', '\0', + /* "nahura.com", true */ 'n', 'a', 'h', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "naiaspa.fr", true */ 'n', 'a', 'i', 'a', 's', 'p', 'a', '.', 'f', 'r', '\0', + /* "nailattitude.ch", true */ 'n', 'a', 'i', 'l', 'a', 't', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'h', '\0', + /* "nailchiodo.com", true */ 'n', 'a', 'i', 'l', 'c', 'h', 'i', 'o', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "nailsalon-aztplus.com", true */ 'n', 'a', 'i', 'l', 's', 'a', 'l', 'o', 'n', '-', 'a', 'z', 't', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "nairobibusinessreview.com", true */ 'n', 'a', 'i', 'r', 'o', 'b', 'i', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "nakama.tv", true */ 'n', 'a', 'k', 'a', 'm', 'a', '.', 't', 'v', '\0', + /* "nakandya.com", true */ 'n', 'a', 'k', 'a', 'n', 'd', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "nakanishi-paint.com", true */ 'n', 'a', 'k', 'a', 'n', 'i', 's', 'h', 'i', '-', 'p', 'a', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "nakedalarmclock.me", true */ 'n', 'a', 'k', 'e', 'd', 'a', 'l', 'a', 'r', 'm', 'c', 'l', 'o', 'c', 'k', '.', 'm', 'e', '\0', + /* "nakedfacts.co.uk", false */ 'n', 'a', 'k', 'e', 'd', 'f', 'a', 'c', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "nakedtruthbeauty.com", true */ 'n', 'a', 'k', 'e', 'd', 't', 'r', 'u', 't', 'h', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "nakhonidc.com", true */ 'n', 'a', 'k', 'h', 'o', 'n', 'i', 'd', 'c', '.', 'c', 'o', 'm', '\0', + /* "nakliyatsirketi.biz.tr", true */ 'n', 'a', 'k', 'l', 'i', 'y', 'a', 't', 's', 'i', 'r', 'k', 'e', 't', 'i', '.', 'b', 'i', 'z', '.', 't', 'r', '\0', + /* "nako.no", true */ 'n', 'a', 'k', 'o', '.', 'n', 'o', '\0', + /* "nalao-company.com", true */ 'n', 'a', 'l', 'a', 'o', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "nalepky-na-zed.cz", true */ 'n', 'a', 'l', 'e', 'p', 'k', 'y', '-', 'n', 'a', '-', 'z', 'e', 'd', '.', 'c', 'z', '\0', + /* "nalepte.cz", true */ 'n', 'a', 'l', 'e', 'p', 't', 'e', '.', 'c', 'z', '\0', + /* "nalexandru.xyz", true */ 'n', 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'u', '.', 'x', 'y', 'z', '\0', + /* "nalukfitness.com.br", true */ 'n', 'a', 'l', 'u', 'k', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "namaleaks.com", false */ 'n', 'a', 'm', 'a', 'l', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "namazvakitleri.com.tr", true */ 'n', 'a', 'm', 'a', 'z', 'v', 'a', 'k', 'i', 't', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "namegrep.com", true */ 'n', 'a', 'm', 'e', 'g', 'r', 'e', 'p', '.', 'c', 'o', 'm', '\0', + /* "nameid.org", true */ 'n', 'a', 'm', 'e', 'i', 'd', '.', 'o', 'r', 'g', '\0', + /* "namepros.com", true */ 'n', 'a', 'm', 'e', 'p', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "namereel.com", true */ 'n', 'a', 'm', 'e', 'r', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "namethatporn.com", true */ 'n', 'a', 'm', 'e', 't', 'h', 'a', 't', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "nametiles.co", true */ 'n', 'a', 'm', 'e', 't', 'i', 'l', 'e', 's', '.', 'c', 'o', '\0', + /* "namikawatetsuji.jp", true */ 'n', 'a', 'm', 'i', 'k', 'a', 'w', 'a', 't', 'e', 't', 's', 'u', 'j', 'i', '.', 'j', 'p', '\0', + /* "naminam.de", true */ 'n', 'a', 'm', 'i', 'n', 'a', 'm', '.', 'd', 'e', '\0', + /* "namrs.net", true */ 'n', 'a', 'm', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "namu.moe", true */ 'n', 'a', 'm', 'u', '.', 'm', 'o', 'e', '\0', + /* "namu.wiki", true */ 'n', 'a', 'm', 'u', '.', 'w', 'i', 'k', 'i', '\0', + /* "nanami.moe", true */ 'n', 'a', 'n', 'a', 'm', 'i', '.', 'm', 'o', 'e', '\0', + /* "nanarose.ch", true */ 'n', 'a', 'n', 'a', 'r', 'o', 's', 'e', '.', 'c', 'h', '\0', + /* "nanch.com", true */ 'n', 'a', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "nanderson.me", true */ 'n', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "nanfangstone.com", true */ 'n', 'a', 'n', 'f', 'a', 'n', 'g', 's', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "nani.io", true */ 'n', 'a', 'n', 'i', '.', 'i', 'o', '\0', + /* "nankiseamansclub.com", true */ 'n', 'a', 'n', 'k', 'i', 's', 'e', 'a', 'm', 'a', 'n', 's', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "nanogi.ga", true */ 'n', 'a', 'n', 'o', 'g', 'i', '.', 'g', 'a', '\0', + /* "nanotechnologist.com", true */ 'n', 'a', 'n', 'o', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "nanovolt.nl", true */ 'n', 'a', 'n', 'o', 'v', 'o', 'l', 't', '.', 'n', 'l', '\0', + /* "nanpuyue.com", true */ 'n', 'a', 'n', 'p', 'u', 'y', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "nanubo.com", true */ 'n', 'a', 'n', 'u', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "nanubo.de", true */ 'n', 'a', 'n', 'u', 'b', 'o', '.', 'd', 'e', '\0', + /* "naoar.com", true */ 'n', 'a', 'o', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "naotone.com", true */ 'n', 'a', 'o', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "napcae.de", true */ 'n', 'a', 'p', 'c', 'a', 'e', '.', 'd', 'e', '\0', + /* "napisynapomniky.cz", true */ 'n', 'a', 'p', 'i', 's', 'y', 'n', 'a', 'p', 'o', 'm', 'n', 'i', 'k', 'y', '.', 'c', 'z', '\0', + /* "napolinissanctparts.com", true */ 'n', 'a', 'p', 'o', 'l', 'i', 'n', 'i', 's', 's', 'a', 'n', 'c', 't', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "narach.com", true */ 'n', 'a', 'r', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "narada.com.ua", true */ 'n', 'a', 'r', 'a', 'd', 'a', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "naralogics.com", true */ 'n', 'a', 'r', 'a', 'l', 'o', 'g', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "narazaka.net", true */ 'n', 'a', 'r', 'a', 'z', 'a', 'k', 'a', '.', 'n', 'e', 't', '\0', + /* "narfation.org", true */ 'n', 'a', 'r', 'f', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "nargele.eu", true */ 'n', 'a', 'r', 'g', 'e', 'l', 'e', '.', 'e', 'u', '\0', + /* "nargileh.nl", true */ 'n', 'a', 'r', 'g', 'i', 'l', 'e', 'h', '.', 'n', 'l', '\0', + /* "narindal.ch", true */ 'n', 'a', 'r', 'i', 'n', 'd', 'a', 'l', '.', 'c', 'h', '\0', + /* "narko.space", true */ 'n', 'a', 'r', 'k', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "narmos.ch", true */ 'n', 'a', 'r', 'm', 'o', 's', '.', 'c', 'h', '\0', + /* "naro.se", true */ 'n', 'a', 'r', 'o', '.', 's', 'e', '\0', + /* "naroska.name", true */ 'n', 'a', 'r', 'o', 's', 'k', 'a', '.', 'n', 'a', 'm', 'e', '\0', + /* "narrativasdigitais.pt", true */ 'n', 'a', 'r', 'r', 'a', 't', 'i', 'v', 'a', 's', 'd', 'i', 'g', 'i', 't', 'a', 'i', 's', '.', 'p', 't', '\0', + /* "narthollis.net", false */ 'n', 'a', 'r', 't', 'h', 'o', 'l', 'l', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "nasarawanewsonline.com", true */ 'n', 'a', 's', 'a', 'r', 'a', 'w', 'a', 'n', 'e', 'w', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "nasbi.pl", true */ 'n', 'a', 's', 'b', 'i', '.', 'p', 'l', '\0', + /* "nasbnation.com", true */ 'n', 'a', 's', 'b', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "nascher.org", false */ 'n', 'a', 's', 'c', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "nasmocopati.com", true */ 'n', 'a', 's', 'm', 'o', 'c', 'o', 'p', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "nasrsolar.com", true */ 'n', 'a', 's', 'r', 's', 'o', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "nassi.me", true */ 'n', 'a', 's', 's', 'i', '.', 'm', 'e', '\0', + /* "nastoletni.pl", true */ 'n', 'a', 's', 't', 'o', 'l', 'e', 't', 'n', 'i', '.', 'p', 'l', '\0', + /* "nastysclaw.com", true */ 'n', 'a', 's', 't', 'y', 's', 'c', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "nataldigital.com", true */ 'n', 'a', 't', 'a', 'l', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "nataliedawnhanson.com", true */ 'n', 'a', 't', 'a', 'l', 'i', 'e', 'd', 'a', 'w', 'n', 'h', 'a', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "natalydanilova.com", true */ 'n', 'a', 't', 'a', 'l', 'y', 'd', 'a', 'n', 'i', 'l', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0', + /* "natanaelys.com", false */ 'n', 'a', 't', 'a', 'n', 'a', 'e', 'l', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "natation-nsh.com", true */ 'n', 'a', 't', 'a', 't', 'i', 'o', 'n', '-', 'n', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "natatorium.org", true */ 'n', 'a', 't', 'a', 't', 'o', 'r', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "natchmatch.com", true */ 'n', 'a', 't', 'c', 'h', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "nate.sh", true */ 'n', 'a', 't', 'e', '.', 's', 'h', '\0', + /* "natecraun.net", true */ 'n', 'a', 't', 'e', 'c', 'r', 'a', 'u', 'n', '.', 'n', 'e', 't', '\0', + /* "natenom.com", true */ 'n', 'a', 't', 'e', 'n', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "natenom.de", true */ 'n', 'a', 't', 'e', 'n', 'o', 'm', '.', 'd', 'e', '\0', + /* "natenom.name", true */ 'n', 'a', 't', 'e', 'n', 'o', 'm', '.', 'n', 'a', 'm', 'e', '\0', + /* "nathaliebaron.ch", true */ 'n', 'a', 't', 'h', 'a', 'l', 'i', 'e', 'b', 'a', 'r', 'o', 'n', '.', 'c', 'h', '\0', + /* "nathaliebaroncoaching.ch", true */ 'n', 'a', 't', 'h', 'a', 'l', 'i', 'e', 'b', 'a', 'r', 'o', 'n', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "nathan.io", true */ 'n', 'a', 't', 'h', 'a', 'n', '.', 'i', 'o', '\0', + /* "nathankonopinski.com", true */ 'n', 'a', 't', 'h', 'a', 'n', 'k', 'o', 'n', 'o', 'p', 'i', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "nathansmetana.com", true */ 'n', 'a', 't', 'h', 'a', 'n', 's', 'm', 'e', 't', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "nathumarket.com.br", true */ 'n', 'a', 't', 'h', 'u', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "nationalcentereg.org", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'e', 'n', 't', 'e', 'r', 'e', 'g', '.', 'o', 'r', 'g', '\0', + /* "nationalcprfoundation.com", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'p', 'r', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "nationalcrimecheck.com.au", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'r', 'i', 'm', 'e', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "nationalmap.gov", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'm', 'a', 'p', '.', 'g', 'o', 'v', '\0', + /* "nationalpriorities.org", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'p', 'r', 'i', 'o', 'r', 'i', 't', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "nationaltaxprep.com", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 't', 'a', 'x', 'p', 'r', 'e', 'p', '.', 'c', 'o', 'm', '\0', + /* "natives-team.ch", true */ 'n', 'a', 't', 'i', 'v', 'e', 's', '-', 't', 'e', 'a', 'm', '.', 'c', 'h', '\0', + /* "nativs.ch", true */ 'n', 'a', 't', 'i', 'v', 's', '.', 'c', 'h', '\0', + /* "natlec.com", true */ 'n', 'a', 't', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "natsumihoshino.com", true */ 'n', 'a', 't', 's', 'u', 'm', 'i', 'h', 'o', 's', 'h', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "natur-udvar.hu", true */ 'n', 'a', 't', 'u', 'r', '-', 'u', 'd', 'v', 'a', 'r', '.', 'h', 'u', '\0', + /* "naturalcommission.com", true */ 'n', 'a', 't', 'u', 'r', 'a', 'l', 'c', 'o', 'm', 'm', 'i', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "naturalkitchen.co.uk", true */ 'n', 'a', 't', 'u', 'r', 'a', 'l', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "naturalspacesdomes.com", true */ 'n', 'a', 't', 'u', 'r', 'a', 'l', 's', 'p', 'a', 'c', 'e', 's', 'd', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "naturaum.de", true */ 'n', 'a', 't', 'u', 'r', 'a', 'u', 'm', '.', 'd', 'e', '\0', + /* "natureflo.net", true */ 'n', 'a', 't', 'u', 'r', 'e', 'f', 'l', 'o', '.', 'n', 'e', 't', '\0', + /* "naturesorganichaven.com", true */ 'n', 'a', 't', 'u', 'r', 'e', 's', 'o', 'r', 'g', 'a', 'n', 'i', 'c', 'h', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "naturheilpraxis-orlowsky.de", true */ 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'p', 'r', 'a', 'x', 'i', 's', '-', 'o', 'r', 'l', 'o', 'w', 's', 'k', 'y', '.', 'd', 'e', '\0', + /* "naturheilpraxis-p-grote.de", true */ 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'p', 'r', 'a', 'x', 'i', 's', '-', 'p', '-', 'g', 'r', 'o', 't', 'e', '.', 'd', 'e', '\0', + /* "naturline.com", true */ 'n', 'a', 't', 'u', 'r', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "naturtint.co.uk", true */ 'n', 'a', 't', 'u', 'r', 't', 'i', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "natusvita.com.br", true */ 'n', 'a', 't', 'u', 's', 'v', 'i', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "natuterra.com.br", true */ 'n', 'a', 't', 'u', 't', 'e', 'r', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "naude.co", false */ 'n', 'a', 'u', 'd', 'e', '.', 'c', 'o', '\0', + /* "naughty.audio", true */ 'n', 'a', 'u', 'g', 'h', 't', 'y', '.', 'a', 'u', 'd', 'i', 'o', '\0', + /* "nautiljon.com", true */ 'n', 'a', 'u', 't', 'i', 'l', 'j', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "nautsch.de", true */ 'n', 'a', 'u', 't', 's', 'c', 'h', '.', 'd', 'e', '\0', + /* "navdeep.ca", true */ 'n', 'a', 'v', 'd', 'e', 'e', 'p', '.', 'c', 'a', '\0', + /* "navenlle.com", false */ 'n', 'a', 'v', 'e', 'n', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "naviaddress.io", false */ 'n', 'a', 'v', 'i', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'i', 'o', '\0', + /* "navigate-it-services.de", false */ 'n', 'a', 'v', 'i', 'g', 'a', 't', 'e', '-', 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'd', 'e', '\0', + /* "naviteq.eu", true */ 'n', 'a', 'v', 'i', 't', 'e', 'q', '.', 'e', 'u', '\0', + /* "navitime.me", true */ 'n', 'a', 'v', 'i', 't', 'i', 'm', 'e', '.', 'm', 'e', '\0', + /* "navstevnik.sk", true */ 'n', 'a', 'v', 's', 't', 'e', 'v', 'n', 'i', 'k', '.', 's', 'k', '\0', + /* "navycs.com", true */ 'n', 'a', 'v', 'y', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "nawir.de", true */ 'n', 'a', 'w', 'i', 'r', '.', 'd', 'e', '\0', + /* "nawroth.info", true */ 'n', 'a', 'w', 'r', 'o', 't', 'h', '.', 'i', 'n', 'f', 'o', '\0', + /* "nayahe.ru", true */ 'n', 'a', 'y', 'a', 'h', 'e', '.', 'r', 'u', '\0', + /* "nayanaas.com", true */ 'n', 'a', 'y', 'a', 'n', 'a', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "nazevfirmy.cz", true */ 'n', 'a', 'z', 'e', 'v', 'f', 'i', 'r', 'm', 'y', '.', 'c', 'z', '\0', + /* "nb.zone", true */ 'n', 'b', '.', 'z', 'o', 'n', 'e', '\0', + /* "nb6.de", true */ 'n', 'b', '6', '.', 'd', 'e', '\0', + /* "nba-2k.com", true */ 'n', 'b', 'a', '-', '2', 'k', '.', 'c', 'o', 'm', '\0', + /* "nba.christmas", true */ 'n', 'b', 'a', '.', 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', '\0', + /* "nba.com.de", true */ 'n', 'b', 'a', '.', 'c', 'o', 'm', '.', 'd', 'e', '\0', + /* "nba.de.com", true */ 'n', 'b', 'a', '.', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "nba.download", true */ 'n', 'b', 'a', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0', + /* "nba.gd", true */ 'n', 'b', 'a', '.', 'g', 'd', '\0', + /* "nba.gs", true */ 'n', 'b', 'a', '.', 'g', 's', '\0', + /* "nba.gy", true */ 'n', 'b', 'a', '.', 'g', 'y', '\0', + /* "nba.hosting", true */ 'n', 'b', 'a', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0', + /* "nba.im", true */ 'n', 'b', 'a', '.', 'i', 'm', '\0', + /* "nba.live", true */ 'n', 'b', 'a', '.', 'l', 'i', 'v', 'e', '\0', + /* "nba.lu", true */ 'n', 'b', 'a', '.', 'l', 'u', '\0', + /* "nba.moe", true */ 'n', 'b', 'a', '.', 'm', 'o', 'e', '\0', + /* "nba.trade", true */ 'n', 'b', 'a', '.', 't', 'r', 'a', 'd', 'e', '\0', + /* "nba.vc", true */ 'n', 'b', 'a', '.', 'v', 'c', '\0', + /* "nba.vg", true */ 'n', 'b', 'a', '.', 'v', 'g', '\0', + /* "nba2.com", true */ 'n', 'b', 'a', '2', '.', 'c', 'o', 'm', '\0', + /* "nba2k.blog", true */ 'n', 'b', 'a', '2', 'k', '.', 'b', 'l', 'o', 'g', '\0', + /* "nba2k.cc", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'c', '\0', + /* "nba2k.cn", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'n', '\0', + /* "nba2k.co", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'o', '\0', + /* "nba2k.com.cn", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0', + /* "nba2k.download", true */ 'n', 'b', 'a', '2', 'k', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0', + /* "nba2k.live", true */ 'n', 'b', 'a', '2', 'k', '.', 'l', 'i', 'v', 'e', '\0', + /* "nba2k.net", true */ 'n', 'b', 'a', '2', 'k', '.', 'n', 'e', 't', '\0', + /* "nba2k.online", true */ 'n', 'b', 'a', '2', 'k', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "nba2k.tw", true */ 'n', 'b', 'a', '2', 'k', '.', 't', 'w', '\0', + /* "nba2kcn.com", true */ 'n', 'b', 'a', '2', 'k', 'c', 'n', '.', 'c', 'o', 'm', '\0', + /* "nba2kmods.com", true */ 'n', 'b', 'a', '2', 'k', 'm', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "nba2kmt.com", true */ 'n', 'b', 'a', '2', 'k', 'm', 't', '.', 'c', 'o', 'm', '\0', + /* "nba2kmy.team", true */ 'n', 'b', 'a', '2', 'k', 'm', 'y', '.', 't', 'e', 'a', 'm', '\0', + /* "nba2kol.com", true */ 'n', 'b', 'a', '2', 'k', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "nba2konline.com", true */ 'n', 'b', 'a', '2', 'k', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "nba2konlinex.com", true */ 'n', 'b', 'a', '2', 'k', 'o', 'n', 'l', 'i', 'n', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "nba2kqq.com", true */ 'n', 'b', 'a', '2', 'k', 'q', 'q', '.', 'c', 'o', 'm', '\0', + /* "nba2kx.com", true */ 'n', 'b', 'a', '2', 'k', 'x', '.', 'c', 'o', 'm', '\0', + /* "nbadancers.com", true */ 'n', 'b', 'a', 'd', 'a', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "nbade.com", true */ 'n', 'b', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "nbafile.com", true */ 'n', 'b', 'a', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "nbagirls.com", true */ 'n', 'b', 'a', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "nbaim.com", true */ 'n', 'b', 'a', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "nbaimg.com", true */ 'n', 'b', 'a', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0', + /* "nbalive.cn", true */ 'n', 'b', 'a', 'l', 'i', 'v', 'e', '.', 'c', 'n', '\0', + /* "nbalivecn.com", true */ 'n', 'b', 'a', 'l', 'i', 'v', 'e', 'c', 'n', '.', 'c', 'o', 'm', '\0', + /* "nbalivex.com", true */ 'n', 'b', 'a', 'l', 'i', 'v', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "nbari.com", true */ 'n', 'b', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "nbask.com", true */ 'n', 'b', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0', + /* "nbasky.com", true */ 'n', 'b', 'a', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "nbaspot.com", true */ 'n', 'b', 'a', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "nbavc.com", true */ 'n', 'b', 'a', 'v', 'c', '.', 'c', 'o', 'm', '\0', + /* "nbavg.com", true */ 'n', 'b', 'a', 'v', 'g', '.', 'c', 'o', 'm', '\0', + /* "nbayouxi.com", true */ 'n', 'b', 'a', 'y', 'o', 'u', 'x', 'i', '.', 'c', 'o', 'm', '\0', + /* "nbl.org.tw", true */ 'n', 'b', 'l', '.', 'o', 'r', 'g', '.', 't', 'w', '\0', + /* "nbp.com.pk", true */ 'n', 'b', 'p', '.', 'c', 'o', 'm', '.', 'p', 'k', '\0', + /* "nbrii.com", true */ 'n', 'b', 'r', 'i', 'i', '.', 'c', 'o', 'm', '\0', + /* "nbriresearch.com", true */ 'n', 'b', 'r', 'i', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "nbrown.us", true */ 'n', 'b', 'r', 'o', 'w', 'n', '.', 'u', 's', '\0', + /* "nbtparse.org", true */ 'n', 'b', 't', 'p', 'a', 'r', 's', 'e', '.', 'o', 'r', 'g', '\0', + /* "nbur.co.uk", true */ 'n', 'b', 'u', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "nc99.co", true */ 'n', 'c', '9', '9', '.', 'c', 'o', '\0', + /* "ncamarquee.co.uk", true */ 'n', 'c', 'a', 'm', 'a', 'r', 'q', 'u', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ncands.net", true */ 'n', 'c', 'a', 'n', 'd', 's', '.', 'n', 'e', 't', '\0', + /* "ncaq.net", true */ 'n', 'c', 'a', 'q', '.', 'n', 'e', 't', '\0', + /* "ncc-qualityandsafety.org", true */ 'n', 'c', 'c', '-', 'q', 'u', 'a', 'l', 'i', 't', 'y', 'a', 'n', 'd', 's', 'a', 'f', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "ncconsumer.org", true */ 'n', 'c', 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "ncea.net.au", true */ 'n', 'c', 'e', 'a', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "nchangfong.com", true */ 'n', 'c', 'h', 'a', 'n', 'g', 'f', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "nchristo.com", true */ 'n', 'c', 'h', 'r', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "nclvle.co.uk", true */ 'n', 'c', 'l', 'v', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ncpw.gov", true */ 'n', 'c', 'p', 'w', '.', 'g', 'o', 'v', '\0', + /* "ncrmnt.org", true */ 'n', 'c', 'r', 'm', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "ncsccs.com", true */ 'n', 'c', 's', 'c', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "ncstep.org", true */ 'n', 'c', 's', 't', 'e', 'p', '.', 'o', 'r', 'g', '\0', + /* "ndarville.com", true */ 'n', 'd', 'a', 'r', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "ndbt.com", true */ 'n', 'd', 'b', 't', '.', 'c', 'o', 'm', '\0', + /* "ndcpolipak.com", true */ 'n', 'd', 'c', 'p', 'o', 'l', 'i', 'p', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "ndeoffshore.com", true */ 'n', 'd', 'e', 'o', 'f', 'f', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "nder.be", true */ 'n', 'd', 'e', 'r', '.', 'b', 'e', '\0', + /* "ndmath.club", true */ 'n', 'd', 'm', 'a', 't', 'h', '.', 'c', 'l', 'u', 'b', '\0', + /* "ndpbrn-research.org", true */ 'n', 'd', 'p', 'b', 'r', 'n', '-', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "ndtblog.com", true */ 'n', 'd', 't', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "ndy.sex", true */ 'n', 'd', 'y', '.', 's', 'e', 'x', '\0', + /* "ne-on.org", true */ 'n', 'e', '-', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "ne1home.dyndns.org", true */ 'n', 'e', '1', 'h', 'o', 'm', 'e', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "neap.io", true */ 'n', 'e', 'a', 'p', '.', 'i', 'o', '\0', + /* "nearby.in.th", true */ 'n', 'e', 'a', 'r', 'b', 'y', '.', 'i', 'n', '.', 't', 'h', '\0', + /* "neartothesky.com", true */ 'n', 'e', 'a', 'r', 't', 'o', 't', 'h', 'e', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "neatous.cz", true */ 'n', 'e', 'a', 't', 'o', 'u', 's', '.', 'c', 'z', '\0', + /* "neatous.net", true */ 'n', 'e', 'a', 't', 'o', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "neave.tv", true */ 'n', 'e', 'a', 'v', 'e', '.', 't', 'v', '\0', + /* "neba.io", true */ 'n', 'e', 'b', 'a', '.', 'i', 'o', '\0', + /* "nebelheim.de", true */ 'n', 'e', 'b', 'e', 'l', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0', + /* "nebra.io", true */ 'n', 'e', 'b', 'r', 'a', '.', 'i', 'o', '\0', + /* "nebul.at", true */ 'n', 'e', 'b', 'u', 'l', '.', 'a', 't', '\0', + /* "nebulae.co", true */ 'n', 'e', 'b', 'u', 'l', 'a', 'e', '.', 'c', 'o', '\0', + /* "nebuluxcapital.com", true */ 'n', 'e', 'b', 'u', 'l', 'u', 'x', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "necesitodinero.org", true */ 'n', 'e', 'c', 'e', 's', 'i', 't', 'o', 'd', 'i', 'n', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0', + /* "necessaryandproportionate.net", true */ 'n', 'e', 'c', 'e', 's', 's', 'a', 'r', 'y', 'a', 'n', 'd', 'p', 'r', 'o', 'p', 'o', 'r', 't', 'i', 'o', 'n', 'a', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "necessaryandproportionate.org", true */ 'n', 'e', 'c', 'e', 's', 's', 'a', 'r', 'y', 'a', 'n', 'd', 'p', 'r', 'o', 'p', 'o', 'r', 't', 'i', 'o', 'n', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "necormansir.com", true */ 'n', 'e', 'c', 'o', 'r', 'm', 'a', 'n', 's', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "nectarleaf.com", true */ 'n', 'e', 'c', 't', 'a', 'r', 'l', 'e', 'a', 'f', '.', 'c', 'o', 'm', '\0', + /* "nedcdata.org", true */ 'n', 'e', 'd', 'c', 'd', 'a', 't', 'a', '.', 'o', 'r', 'g', '\0', + /* "nedim-accueil.fr", true */ 'n', 'e', 'd', 'i', 'm', '-', 'a', 'c', 'c', 'u', 'e', 'i', 'l', '.', 'f', 'r', '\0', + /* "nediyor.com", true */ 'n', 'e', 'd', 'i', 'y', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "nedlinin.com", true */ 'n', 'e', 'd', 'l', 'i', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "nedraconsult.ru", true */ 'n', 'e', 'd', 'r', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'r', 'u', '\0', + /* "neecist.org", true */ 'n', 'e', 'e', 'c', 'i', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "needle.net.nz", true */ 'n', 'e', 'e', 'd', 'l', 'e', '.', 'n', 'e', 't', '.', 'n', 'z', '\0', + /* "needle.nz", true */ 'n', 'e', 'e', 'd', 'l', 'e', '.', 'n', 'z', '\0', + /* "needstyle.ru", true */ 'n', 'e', 'e', 'd', 's', 't', 'y', 'l', 'e', '.', 'r', 'u', '\0', + /* "neeerd.org", true */ 'n', 'e', 'e', 'e', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "neel.ch", true */ 'n', 'e', 'e', 'l', '.', 'c', 'h', '\0', + /* "neemzy.org", true */ 'n', 'e', 'e', 'm', 'z', 'y', '.', 'o', 'r', 'g', '\0', + /* "neet-investor.biz", true */ 'n', 'e', 'e', 't', '-', 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', '.', 'b', 'i', 'z', '\0', + /* "nefertitis.cz", true */ 'n', 'e', 'f', 'e', 'r', 't', 'i', 't', 'i', 's', '.', 'c', 'z', '\0', + /* "neftebitum-kngk.ru", true */ 'n', 'e', 'f', 't', 'e', 'b', 'i', 't', 'u', 'm', '-', 'k', 'n', 'g', 'k', '.', 'r', 'u', '\0', + /* "neg9.org", false */ 'n', 'e', 'g', '9', '.', 'o', 'r', 'g', '\0', + /* "negai.moe", true */ 'n', 'e', 'g', 'a', 'i', '.', 'm', 'o', 'e', '\0', + /* "neglecteddiseases.gov", true */ 'n', 'e', 'g', 'l', 'e', 'c', 't', 'e', 'd', 'd', 'i', 's', 'e', 'a', 's', 'e', 's', '.', 'g', 'o', 'v', '\0', + /* "negraelinda.com", true */ 'n', 'e', 'g', 'r', 'a', 'e', 'l', 'i', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "nehoupat.cz", true */ 'n', 'e', 'h', 'o', 'u', 'p', 'a', 't', '.', 'c', 'z', '\0', + /* "neillans.co.uk", true */ 'n', 'e', 'i', 'l', 'l', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "neillans.com", true */ 'n', 'e', 'i', 'l', 'l', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "neilwynne.com", true */ 'n', 'e', 'i', 'l', 'w', 'y', 'n', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "neio.uk", true */ 'n', 'e', 'i', 'o', '.', 'u', 'k', '\0', + /* "neko-nyan-nuko.com", true */ 'n', 'e', 'k', 'o', '-', 'n', 'y', 'a', 'n', '-', 'n', 'u', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "neko-nyan.org", true */ 'n', 'e', 'k', 'o', '-', 'n', 'y', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "neko.li", true */ 'n', 'e', 'k', 'o', '.', 'l', 'i', '\0', + /* "neko.ml", true */ 'n', 'e', 'k', 'o', '.', 'm', 'l', '\0', + /* "nekodex.net", true */ 'n', 'e', 'k', 'o', 'd', 'e', 'x', '.', 'n', 'e', 't', '\0', + /* "nekoku.io", true */ 'n', 'e', 'k', 'o', 'k', 'u', '.', 'i', 'o', '\0', + /* "nekolove.jp", true */ 'n', 'e', 'k', 'o', 'l', 'o', 'v', 'e', '.', 'j', 'p', '\0', + /* "nekomimi.pl", true */ 'n', 'e', 'k', 'o', 'm', 'i', 'm', 'i', '.', 'p', 'l', '\0', + /* "nekosc.com", true */ 'n', 'e', 'k', 'o', 's', 'c', '.', 'c', 'o', 'm', '\0', + /* "nekowa.moe", true */ 'n', 'e', 'k', 'o', 'w', 'a', '.', 'm', 'o', 'e', '\0', + /* "nelhage.com", true */ 'n', 'e', 'l', 'h', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "nella-project.org", true */ 'n', 'e', 'l', 'l', 'a', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "nella.io", true */ 'n', 'e', 'l', 'l', 'a', '.', 'i', 'o', '\0', + /* "nellacms.com", true */ 'n', 'e', 'l', 'l', 'a', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "nellacms.org", true */ 'n', 'e', 'l', 'l', 'a', 'c', 'm', 's', '.', 'o', 'r', 'g', '\0', + /* "nellafw.org", true */ 'n', 'e', 'l', 'l', 'a', 'f', 'w', '.', 'o', 'r', 'g', '\0', + /* "nellen.it", true */ 'n', 'e', 'l', 'l', 'e', 'n', '.', 'i', 't', '\0', + /* "nemcd.com", true */ 'n', 'e', 'm', 'c', 'd', '.', 'c', 'o', 'm', '\0', + /* "nemecl.eu", true */ 'n', 'e', 'm', 'e', 'c', 'l', '.', 'e', 'u', '\0', + /* "nemez.net", true */ 'n', 'e', 'm', 'e', 'z', '.', 'n', 'e', 't', '\0', + /* "nemo.run", true */ 'n', 'e', 'm', 'o', '.', 'r', 'u', 'n', '\0', + /* "nemopan.com", true */ 'n', 'e', 'm', 'o', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "nemumu.com", true */ 'n', 'e', 'm', 'u', 'm', 'u', '.', 'c', 'o', 'm', '\0', + /* "nemunai.re", true */ 'n', 'e', 'm', 'u', 'n', 'a', 'i', '.', 'r', 'e', '\0', + /* "neo2shyalien.eu", false */ 'n', 'e', 'o', '2', 's', 'h', 'y', 'a', 'l', 'i', 'e', 'n', '.', 'e', 'u', '\0', + /* "neobits.nl", true */ 'n', 'e', 'o', 'b', 'i', 't', 's', '.', 'n', 'l', '\0', + /* "neocities.org", true */ 'n', 'e', 'o', 'c', 'i', 't', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "neoclick.io", true */ 'n', 'e', 'o', 'c', 'l', 'i', 'c', 'k', '.', 'i', 'o', '\0', + /* "neojo.org", true */ 'n', 'e', 'o', 'j', 'o', '.', 'o', 'r', 'g', '\0', + /* "neokobe.city", true */ 'n', 'e', 'o', 'k', 'o', 'b', 'e', '.', 'c', 'i', 't', 'y', '\0', + /* "neolaudia.es", true */ 'n', 'e', 'o', 'l', 'a', 'u', 'd', 'i', 'a', '.', 'e', 's', '\0', + /* "neons.org", true */ 'n', 'e', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "neophilus.net", true */ 'n', 'e', 'o', 'p', 'h', 'i', 'l', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "neosdesignstudio.co.uk", true */ 'n', 'e', 'o', 's', 'd', 'e', 's', 'i', 'g', 'n', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "neostralis.com", true */ 'n', 'e', 'o', 's', 't', 'r', 'a', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "neowlan.net", true */ 'n', 'e', 'o', 'w', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "neoxcrf.com", true */ 'n', 'e', 'o', 'x', 'c', 'r', 'f', '.', 'c', 'o', 'm', '\0', + /* "neoz.com.br", true */ 'n', 'e', 'o', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "nepal-evolution.org", true */ 'n', 'e', 'p', 'a', 'l', '-', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "nephelion.org", true */ 'n', 'e', 'p', 'h', 'e', 'l', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "nephos.xyz", true */ 'n', 'e', 'p', 'h', 'o', 's', '.', 'x', 'y', 'z', '\0', + /* "nepovolenainternetovahazardnihra.cz", true */ 'n', 'e', 'p', 'o', 'v', 'o', 'l', 'e', 'n', 'a', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'v', 'a', 'h', 'a', 'z', 'a', 'r', 'd', 'n', 'i', 'h', 'r', 'a', '.', 'c', 'z', '\0', + /* "nercp.org.uk", true */ 'n', 'e', 'r', 'c', 'p', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "nerdjokes.de", true */ 'n', 'e', 'r', 'd', 'j', 'o', 'k', 'e', 's', '.', 'd', 'e', '\0', + /* "nerdmind.de", true */ 'n', 'e', 'r', 'd', 'm', 'i', 'n', 'd', '.', 'd', 'e', '\0', + /* "nerdoutstudios.tv", true */ 'n', 'e', 'r', 'd', 'o', 'u', 't', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 't', 'v', '\0', + /* "nerdpol.ch", true */ 'n', 'e', 'r', 'd', 'p', 'o', 'l', '.', 'c', 'h', '\0', + /* "nerds-gegen-stephan.de", true */ 'n', 'e', 'r', 'd', 's', '-', 'g', 'e', 'g', 'e', 'n', '-', 's', 't', 'e', 'p', 'h', 'a', 'n', '.', 'd', 'e', '\0', + /* "nerds.company", false */ 'n', 'e', 'r', 'd', 's', '.', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '\0', + /* "nerdtime.de", true */ 'n', 'e', 'r', 'd', 't', 'i', 'm', 'e', '.', 'd', 'e', '\0', + /* "nerdydev.net", true */ 'n', 'e', 'r', 'd', 'y', 'd', 'e', 'v', '.', 'n', 'e', 't', '\0', + /* "nerot.eu", true */ 'n', 'e', 'r', 'o', 't', '.', 'e', 'u', '\0', + /* "nerull7.info", true */ 'n', 'e', 'r', 'u', 'l', 'l', '7', '.', 'i', 'n', 'f', 'o', '\0', + /* "nerven.se", false */ 'n', 'e', 'r', 'v', 'e', 'n', '.', 's', 'e', '\0', + /* "nesantuoka.lt", true */ 'n', 'e', 's', 'a', 'n', 't', 'u', 'o', 'k', 'a', '.', 'l', 't', '\0', + /* "nesolabs.com", true */ 'n', 'e', 's', 'o', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "nesolabs.de", true */ 'n', 'e', 's', 'o', 'l', 'a', 'b', 's', '.', 'd', 'e', '\0', + /* "nesterov.pw", true */ 'n', 'e', 's', 't', 'e', 'r', 'o', 'v', '.', 'p', 'w', '\0', + /* "nestor.nu", true */ 'n', 'e', 's', 't', 'o', 'r', '.', 'n', 'u', '\0', + /* "neswec.org.uk", true */ 'n', 'e', 's', 'w', 'e', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "net-safe.info", true */ 'n', 'e', 't', '-', 's', 'a', 'f', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "net4visions.at", true */ 'n', 'e', 't', '4', 'v', 'i', 's', 'i', 'o', 'n', 's', '.', 'a', 't', '\0', + /* "net4visions.de", true */ 'n', 'e', 't', '4', 'v', 'i', 's', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0', + /* "netamia.com", true */ 'n', 'e', 't', 'a', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "netapps.de", true */ 'n', 'e', 't', 'a', 'p', 'p', 's', '.', 'd', 'e', '\0', + /* "netba.net", true */ 'n', 'e', 't', 'b', 'a', '.', 'n', 'e', 't', '\0', + /* "netbank.com.au", true */ 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "netbears.com", true */ 'n', 'e', 't', 'b', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "netbears.ro", true */ 'n', 'e', 't', 'b', 'e', 'a', 'r', 's', '.', 'r', 'o', '\0', + /* "netbows.com", true */ 'n', 'e', 't', 'b', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "netbows.es", true */ 'n', 'e', 't', 'b', 'o', 'w', 's', '.', 'e', 's', '\0', + /* "netbulls.io", true */ 'n', 'e', 't', 'b', 'u', 'l', 'l', 's', '.', 'i', 'o', '\0', + /* "netbuzz.ru", true */ 'n', 'e', 't', 'b', 'u', 'z', 'z', '.', 'r', 'u', '\0', + /* "netconnect.at", true */ 'n', 'e', 't', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'a', 't', '\0', + /* "netcoolusers.org", true */ 'n', 'e', 't', 'c', 'o', 'o', 'l', 'u', 's', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "netde.jp", true */ 'n', 'e', 't', 'd', 'e', '.', 'j', 'p', '\0', + /* "netdego.jp", true */ 'n', 'e', 't', 'd', 'e', 'g', 'o', '.', 'j', 'p', '\0', + /* "netdex.co", true */ 'n', 'e', 't', 'd', 'e', 'x', '.', 'c', 'o', '\0', + /* "netducks.com", true */ 'n', 'e', 't', 'd', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "netducks.space", true */ 'n', 'e', 't', 'd', 'u', 'c', 'k', 's', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "netera.se", true */ 'n', 'e', 't', 'e', 'r', 'a', '.', 's', 'e', '\0', + /* "netfabb.com", true */ 'n', 'e', 't', 'f', 'a', 'b', 'b', '.', 'c', 'o', 'm', '\0', + /* "netfs.pl", false */ 'n', 'e', 't', 'f', 's', '.', 'p', 'l', '\0', + /* "netfxharmonics.com", true */ 'n', 'e', 't', 'f', 'x', 'h', 'a', 'r', 'm', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "netguide.co.nz", true */ 'n', 'e', 't', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "nethackwiki.com", true */ 'n', 'e', 't', 'h', 'a', 'c', 'k', 'w', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "nethruster.com", true */ 'n', 'e', 't', 'h', 'r', 'u', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "nethunter.top", true */ 'n', 'e', 't', 'h', 'u', 'n', 't', 'e', 'r', '.', 't', 'o', 'p', '\0', + /* "netki.com", true */ 'n', 'e', 't', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "netlentes.com.br", true */ 'n', 'e', 't', 'l', 'e', 'n', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "netlocal.ru", true */ 'n', 'e', 't', 'l', 'o', 'c', 'a', 'l', '.', 'r', 'u', '\0', + /* "netmagicas.com.br", true */ 'n', 'e', 't', 'm', 'a', 'g', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "netmeister.org", true */ 'n', 'e', 't', 'm', 'e', 'i', 's', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "netnik.de", true */ 'n', 'e', 't', 'n', 'i', 'k', '.', 'd', 'e', '\0', + /* "netnodes.net", true */ 'n', 'e', 't', 'n', 'o', 'd', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "netrelay.email", true */ 'n', 'e', 't', 'r', 'e', 'l', 'a', 'y', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "netrider.net.au", false */ 'n', 'e', 't', 'r', 'i', 'd', 'e', 'r', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "netronix.be", true */ 'n', 'e', 't', 'r', 'o', 'n', 'i', 'x', '.', 'b', 'e', '\0', + /* "netscaler.expert", true */ 'n', 'e', 't', 's', 'c', 'a', 'l', 'e', 'r', '.', 'e', 'x', 'p', 'e', 'r', 't', '\0', + /* "netsight.org", true */ 'n', 'e', 't', 's', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0', + /* "netsigna.de", true */ 'n', 'e', 't', 's', 'i', 'g', 'n', 'a', '.', 'd', 'e', '\0', + /* "netsite.dk", true */ 'n', 'e', 't', 's', 'i', 't', 'e', '.', 'd', 'k', '\0', + /* "netsoins.org", true */ 'n', 'e', 't', 's', 'o', 'i', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "netsparker.com", false */ 'n', 'e', 't', 's', 'p', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "netsystems.pro", true */ 'n', 'e', 't', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'p', 'r', 'o', '\0', + /* "nette.org", true */ 'n', 'e', 't', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "nettia.fi", true */ 'n', 'e', 't', 't', 'i', 'a', '.', 'f', 'i', '\0', + /* "netto-service.ch", true */ 'n', 'e', 't', 't', 'o', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'h', '\0', + /* "nettools.link", true */ 'n', 'e', 't', 't', 'o', 'o', 'l', 's', '.', 'l', 'i', 'n', 'k', '\0', + /* "nettopower.dk", true */ 'n', 'e', 't', 't', 'o', 'p', 'o', 'w', 'e', 'r', '.', 'd', 'k', '\0', + /* "nettplusultra-rhone.fr", true */ 'n', 'e', 't', 't', 'p', 'l', 'u', 's', 'u', 'l', 't', 'r', 'a', '-', 'r', 'h', 'o', 'n', 'e', '.', 'f', 'r', '\0', + /* "nettx.co.uk", true */ 'n', 'e', 't', 't', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "netulo.com", true */ 'n', 'e', 't', 'u', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "netvizura.co.uk", true */ 'n', 'e', 't', 'v', 'i', 'z', 'u', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "netwarc.eu", true */ 'n', 'e', 't', 'w', 'a', 'r', 'c', '.', 'e', 'u', '\0', + /* "netwarc.nl", true */ 'n', 'e', 't', 'w', 'a', 'r', 'c', '.', 'n', 'l', '\0', + /* "netweaver.uk", true */ 'n', 'e', 't', 'w', 'e', 'a', 'v', 'e', 'r', '.', 'u', 'k', '\0', + /* "netwerkmanager.nl", false */ 'n', 'e', 't', 'w', 'e', 'r', 'k', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'n', 'l', '\0', + /* "network-notes.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', '-', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "network23.nl", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', '2', '3', '.', 'n', 'l', '\0', + /* "networkersdiary.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'e', 'r', 's', 'd', 'i', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "networking4all.com", false */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "networkingnexus.net", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'n', 'e', 'x', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "networkingphoenix.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'p', 'h', 'o', 'e', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "networkmarketingpro.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "networkposting.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'p', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "networth.at", true */ 'n', 'e', 't', 'w', 'o', 'r', 't', 'h', '.', 'a', 't', '\0', + /* "netzfrauen.org", true */ 'n', 'e', 't', 'z', 'f', 'r', 'a', 'u', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "netzspielplatz.de", true */ 'n', 'e', 't', 'z', 's', 'p', 'i', 'e', 'l', 'p', 'l', 'a', 't', 'z', '.', 'd', 'e', '\0', + /* "netzwerkwerk.de", true */ 'n', 'e', 't', 'z', 'w', 'e', 'r', 'k', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0', + /* "neuch.info", true */ 'n', 'e', 'u', 'c', 'h', '.', 'i', 'n', 'f', 'o', '\0', + /* "neuflizeobc.net", true */ 'n', 'e', 'u', 'f', 'l', 'i', 'z', 'e', 'o', 'b', 'c', '.', 'n', 'e', 't', '\0', + /* "neuhaus-city.de", true */ 'n', 'e', 'u', 'h', 'a', 'u', 's', '-', 'c', 'i', 't', 'y', '.', 'd', 'e', '\0', + /* "neurabyte.com", true */ 'n', 'e', 'u', 'r', 'a', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "neurexcellence.com", true */ 'n', 'e', 'u', 'r', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "neurobiology.com", true */ 'n', 'e', 'u', 'r', 'o', 'b', 'i', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "neurochip.com", true */ 'n', 'e', 'u', 'r', 'o', 'c', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "neurocny.cloud", true */ 'n', 'e', 'u', 'r', 'o', 'c', 'n', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "neuroethics.com", true */ 'n', 'e', 'u', 'r', 'o', 'e', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "neurogroove.info", true */ 'n', 'e', 'u', 'r', 'o', 'g', 'r', 'o', 'o', 'v', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "neuronasdigitales.com", true */ 'n', 'e', 'u', 'r', 'o', 'n', 'a', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "neuropharmacology.com", true */ 'n', 'e', 'u', 'r', 'o', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "neurotransmitter.net", true */ 'n', 'e', 'u', 'r', 'o', 't', 'r', 'a', 'n', 's', 'm', 'i', 't', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "neutralox.com", false */ 'n', 'e', 'u', 't', 'r', 'a', 'l', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "neutralvehicle.com", true */ 'n', 'e', 'u', 't', 'r', 'a', 'l', 'v', 'e', 'h', 'i', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "neuwal.com", true */ 'n', 'e', 'u', 'w', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "neverwetturkey.com", true */ 'n', 'e', 'v', 'e', 'r', 'w', 'e', 't', 't', 'u', 'r', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "nevntech.com", true */ 'n', 'e', 'v', 'n', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "nevolution.me", true */ 'n', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'm', 'e', '\0', + /* "nevoxo.com", true */ 'n', 'e', 'v', 'o', 'x', 'o', '.', 'c', 'o', 'm', '\0', + /* "new-black-order.com", true */ 'n', 'e', 'w', '-', 'b', 'l', 'a', 'c', 'k', '-', 'o', 'r', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "new-ms.com", true */ 'n', 'e', 'w', '-', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "new-process.ch", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'c', 'h', '\0', + /* "new-process.com", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "new-process.de", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'd', 'e', '\0', + /* "new-process.eu", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'e', 'u', '\0', + /* "new.travel.pl", true */ 'n', 'e', 'w', '.', 't', 'r', 'a', 'v', 'e', 'l', '.', 'p', 'l', '\0', + /* "newaccess.ch", true */ 'n', 'e', 'w', 'a', 'c', 'c', 'e', 's', 's', '.', 'c', 'h', '\0', + /* "newantiagingcreams.com", true */ 'n', 'e', 'w', 'a', 'n', 't', 'i', 'a', 'g', 'i', 'n', 'g', 'c', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "newbietech.cn", true */ 'n', 'e', 'w', 'b', 'i', 'e', 't', 'e', 'c', 'h', '.', 'c', 'n', '\0', + /* "newbownerton.xyz", true */ 'n', 'e', 'w', 'b', 'o', 'w', 'n', 'e', 'r', 't', 'o', 'n', '.', 'x', 'y', 'z', '\0', + /* "newburybouncycastles.co.uk", true */ 'n', 'e', 'w', 'b', 'u', 'r', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "newburyparkelectrical.com", true */ 'n', 'e', 'w', 'b', 'u', 'r', 'y', 'p', 'a', 'r', 'k', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "newcitygas.ca", true */ 'n', 'e', 'w', 'c', 'i', 't', 'y', 'g', 'a', 's', '.', 'c', 'a', '\0', + /* "newcityinfo.ch", true */ 'n', 'e', 'w', 'c', 'i', 't', 'y', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0', + /* "newcitystudio.ch", true */ 'n', 'e', 'w', 'c', 'i', 't', 'y', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'h', '\0', + /* "newcreamforface.com", true */ 'n', 'e', 'w', 'c', 'r', 'e', 'a', 'm', 'f', 'o', 'r', 'f', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "newday.host", true */ 'n', 'e', 'w', 'd', 'a', 'y', '.', 'h', 'o', 's', 't', '\0', + /* "newfacialbeautycream.com", true */ 'n', 'e', 'w', 'f', 'a', 'c', 'i', 'a', 'l', 'b', 'e', 'a', 'u', 't', 'y', 'c', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "newfiepedia.ca", true */ 'n', 'e', 'w', 'f', 'i', 'e', 'p', 'e', 'd', 'i', 'a', '.', 'c', 'a', '\0', + /* "newgrowbook.com", true */ 'n', 'e', 'w', 'g', 'r', 'o', 'w', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "newguidance.ch", true */ 'n', 'e', 'w', 'g', 'u', 'i', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0', + /* "newind.info", true */ 'n', 'e', 'w', 'i', 'n', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "newizv.ru", true */ 'n', 'e', 'w', 'i', 'z', 'v', '.', 'r', 'u', '\0', + /* "newjianzhi.com", true */ 'n', 'e', 'w', 'j', 'i', 'a', 'n', 'z', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "newknd.com", true */ 'n', 'e', 'w', 'k', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "newline.online", true */ 'n', 'e', 'w', 'l', 'i', 'n', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "newmarketbouncycastlehire.co.uk", true */ 'n', 'e', 'w', 'm', 'a', 'r', 'k', 'e', 't', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "newmed.com.br", true */ 'n', 'e', 'w', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "newmediaone.net", true */ 'n', 'e', 'w', 'm', 'e', 'd', 'i', 'a', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "newmovements.net", true */ 'n', 'e', 'w', 'm', 'o', 'v', 'e', 'm', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0', + /* "newodesign.com", true */ 'n', 'e', 'w', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "newpathintegratedtherapy.com", true */ 'n', 'e', 'w', 'p', 'a', 't', 'h', 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'e', 'd', 't', 'h', 'e', 'r', 'a', 'p', 'y', '.', 'c', 'o', 'm', '\0', + /* "news47ell.com", true */ 'n', 'e', 'w', 's', '4', '7', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "newsa2.com", true */ 'n', 'e', 'w', 's', 'a', '2', '.', 'c', 'o', 'm', '\0', + /* "newserumforskin.com", true */ 'n', 'e', 'w', 's', 'e', 'r', 'u', 'm', 'f', 'o', 'r', 's', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "newsmotor.info", true */ 'n', 'e', 'w', 's', 'm', 'o', 't', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "newspsychology.com", true */ 'n', 'e', 'w', 's', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "newsquantified.com", true */ 'n', 'e', 'w', 's', 'q', 'u', 'a', 'n', 't', 'i', 'f', 'i', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "newstone-tech.com", true */ 'n', 'e', 'w', 's', 't', 'o', 'n', 'e', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "newsyslog.org", true */ 'n', 'e', 'w', 's', 'y', 's', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0', + /* "newtnote.com", true */ 'n', 'e', 'w', 't', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "newtonhaus.com", true */ 'n', 'e', 'w', 't', 'o', 'n', 'h', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "newtrackon.com", true */ 'n', 'e', 'w', 't', 'r', 'a', 'c', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "nex.sx", true */ 'n', 'e', 'x', '.', 's', 'x', '\0', + /* "nexicafiles.com", true */ 'n', 'e', 'x', 'i', 'c', 'a', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "nexlab.org", true */ 'n', 'e', 'x', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0', + /* "next-taxi.ru", true */ 'n', 'e', 'x', 't', '-', 't', 'a', 'x', 'i', '.', 'r', 'u', '\0', + /* "next24.io", true */ 'n', 'e', 'x', 't', '2', '4', '.', 'i', 'o', '\0', + /* "nextads.ch", true */ 'n', 'e', 'x', 't', 'a', 'd', 's', '.', 'c', 'h', '\0', + /* "nextcairn.com", true */ 'n', 'e', 'x', 't', 'c', 'a', 'i', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "nextcloud.com", true */ 'n', 'e', 'x', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "nextcloud.li", true */ 'n', 'e', 'x', 't', 'c', 'l', 'o', 'u', 'd', '.', 'l', 'i', '\0', + /* "nextend.net", true */ 'n', 'e', 'x', 't', 'e', 'n', 'd', '.', 'n', 'e', 't', '\0', + /* "nextend.org", true */ 'n', 'e', 'x', 't', 'e', 'n', 'd', '.', 'o', 'r', 'g', '\0', + /* "nextgen.sk", true */ 'n', 'e', 'x', 't', 'g', 'e', 'n', '.', 's', 'k', '\0', + /* "nextgencel.com", true */ 'n', 'e', 'x', 't', 'g', 'e', 'n', 'c', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "nexthop.co.jp", true */ 'n', 'e', 'x', 't', 'h', 'o', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "nexthop.jp", true */ 'n', 'e', 'x', 't', 'h', 'o', 'p', '.', 'j', 'p', '\0', + /* "nextmbta.com", true */ 'n', 'e', 'x', 't', 'm', 'b', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "nextnowagency.com", true */ 'n', 'e', 'x', 't', 'n', 'o', 'w', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "nextrobotics.de", true */ 'n', 'e', 'x', 't', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'd', 'e', '\0', + /* "nextshutter.com", true */ 'n', 'e', 'x', 't', 's', 'h', 'u', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "nexus-exit.de", true */ 'n', 'e', 'x', 'u', 's', '-', 'e', 'x', 'i', 't', '.', 'd', 'e', '\0', + /* "nexus-vienna.at", true */ 'n', 'e', 'x', 'u', 's', '-', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'a', 't', '\0', + /* "nexusconnectinternational.eu", true */ 'n', 'e', 'x', 'u', 's', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'e', 'u', '\0', + /* "nexxus-sistemas.net.br", true */ 'n', 'e', 'x', 'x', 'u', 's', '-', 's', 'i', 's', 't', 'e', 'm', 'a', 's', '.', 'n', 'e', 't', '.', 'b', 'r', '\0', + /* "neyer-lorenz.de", true */ 'n', 'e', 'y', 'e', 'r', '-', 'l', 'o', 'r', 'e', 'n', 'z', '.', 'd', 'e', '\0', + /* "nezrouge-est-vaudois.ch", true */ 'n', 'e', 'z', 'r', 'o', 'u', 'g', 'e', '-', 'e', 's', 't', '-', 'v', 'a', 'u', 'd', 'o', 'i', 's', '.', 'c', 'h', '\0', + /* "nezrouge-geneve.ch", true */ 'n', 'e', 'z', 'r', 'o', 'u', 'g', 'e', '-', 'g', 'e', 'n', 'e', 'v', 'e', '.', 'c', 'h', '\0', + /* "nf9q.com", true */ 'n', 'f', '9', 'q', '.', 'c', 'o', 'm', '\0', + /* "nfe-elektro.de", true */ 'n', 'f', 'e', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0', + /* "nfhome.be", true */ 'n', 'f', 'h', 'o', 'm', 'e', '.', 'b', 'e', '\0', + /* "nfir.nl", true */ 'n', 'f', 'i', 'r', '.', 'n', 'l', '\0', + /* "nfl.dedyn.io", true */ 'n', 'f', 'l', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0', + /* "nfl.duckdns.org", true */ 'n', 'f', 'l', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "nfls.io", true */ 'n', 'f', 'l', 's', '.', 'i', 'o', '\0', + /* "nframe.io", true */ 'n', 'f', 'r', 'a', 'm', 'e', '.', 'i', 'o', '\0', + /* "nfrost.me", true */ 'n', 'f', 'r', 'o', 's', 't', '.', 'm', 'e', '\0', + /* "nfsec.pl", true */ 'n', 'f', 's', 'e', 'c', '.', 'p', 'l', '\0', + /* "nfz.moe", true */ 'n', 'f', 'z', '.', 'm', 'o', 'e', '\0', + /* "ng-firewall.com", true */ 'n', 'g', '-', 'f', 'i', 'r', 'e', 'w', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "ngasembaru.com", true */ 'n', 'g', 'a', 's', 'e', 'm', 'b', 'a', 'r', 'u', '.', 'c', 'o', 'm', '\0', + /* "nghe.net", true */ 'n', 'g', 'h', 'e', '.', 'n', 'e', 't', '\0', + /* "ngiemboon.net", true */ 'n', 'g', 'i', 'e', 'm', 'b', 'o', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "nginxyii.tk", true */ 'n', 'g', 'i', 'n', 'x', 'y', 'i', 'i', '.', 't', 'k', '\0', + /* "ngndn.jp", true */ 'n', 'g', 'n', 'd', 'n', '.', 'j', 'p', '\0', + /* "ngocuong.net", true */ 'n', 'g', 'o', 'c', 'u', 'o', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "ngvf.de", true */ 'n', 'g', 'v', 'f', '.', 'd', 'e', '\0', + /* "ngxpkg.com", true */ 'n', 'g', 'x', 'p', 'k', 'g', '.', 'c', 'o', 'm', '\0', + /* "nhccnews.org", true */ 'n', 'h', 'c', 'c', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0', + /* "nhimf.org", true */ 'n', 'h', 'i', 'm', 'f', '.', 'o', 'r', 'g', '\0', + /* "nhliberty.org", true */ 'n', 'h', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "nhome.ba", true */ 'n', 'h', 'o', 'm', 'e', '.', 'b', 'a', '\0', + /* "nhus.de", true */ 'n', 'h', 'u', 's', '.', 'd', 'e', '\0', + /* "ni-mate.com", true */ 'n', 'i', '-', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "ni.search.yahoo.com", false */ 'n', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "niadd.com", true */ 'n', 'i', 'a', 'd', 'd', '.', 'c', 'o', 'm', '\0', + /* "niagara.ru", false */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', '.', 'r', 'u', '\0', + /* "niagarafalls.ca", true */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', 'f', 'a', 'l', 'l', 's', '.', 'c', 'a', '\0', + /* "niagarafallsmuseums.ca", true */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', 'f', 'a', 'l', 'l', 's', 'm', 'u', 's', 'e', 'u', 'm', 's', '.', 'c', 'a', '\0', + /* "niagaraschoice.org", true */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', 's', 'c', 'h', 'o', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "nibb13.tech", true */ 'n', 'i', 'b', 'b', '1', '3', '.', 't', 'e', 'c', 'h', '\0', + /* "nic.gov", true */ 'n', 'i', 'c', '.', 'g', 'o', 'v', '\0', + /* "niceb5y.net", false */ 'n', 'i', 'c', 'e', 'b', '5', 'y', '.', 'n', 'e', 't', '\0', + /* "niceguyit.biz", true */ 'n', 'i', 'c', 'e', 'g', 'u', 'y', 'i', 't', '.', 'b', 'i', 'z', '\0', + /* "nicestudio.co.il", false */ 'n', 'i', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "nichijou.com", true */ 'n', 'i', 'c', 'h', 'i', 'j', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "nicholaspruss.com", true */ 'n', 'i', 'c', 'h', 'o', 'l', 'a', 's', 'p', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "nicholasquigley.com", true */ 'n', 'i', 'c', 'h', 'o', 'l', 'a', 's', 'q', 'u', 'i', 'g', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "nichteinschalten.de", false */ 'n', 'i', 'c', 'h', 't', 'e', 'i', 'n', 's', 'c', 'h', 'a', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "nichthelfer.de", true */ 'n', 'i', 'c', 'h', 't', 'h', 'e', 'l', 'f', 'e', 'r', '.', 'd', 'e', '\0', + /* "nicic.gov", true */ 'n', 'i', 'c', 'i', 'c', '.', 'g', 'o', 'v', '\0', + /* "nickcleans.co.uk", true */ 'n', 'i', 'c', 'k', 'c', 'l', 'e', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "nickcraver.com", true */ 'n', 'i', 'c', 'k', 'c', 'r', 'a', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "nickdekruijk.nl", true */ 'n', 'i', 'c', 'k', 'd', 'e', 'k', 'r', 'u', 'i', 'j', 'k', '.', 'n', 'l', '\0', + /* "nickguyver.com", true */ 'n', 'i', 'c', 'k', 'g', 'u', 'y', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "nickloose.de", true */ 'n', 'i', 'c', 'k', 'l', 'o', 'o', 's', 'e', '.', 'd', 'e', '\0', + /* "nickmorri.com", true */ 'n', 'i', 'c', 'k', 'm', 'o', 'r', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "nickrickard.co.uk", true */ 'n', 'i', 'c', 'k', 'r', 'i', 'c', 'k', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "nickserve.com", true */ 'n', 'i', 'c', 'k', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "nickstories.de", true */ 'n', 'i', 'c', 'k', 's', 't', 'o', 'r', 'i', 'e', 's', '.', 'd', 'e', '\0', + /* "niclasreich.de", true */ 'n', 'i', 'c', 'l', 'a', 's', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "nicn.me", true */ 'n', 'i', 'c', 'n', '.', 'm', 'e', '\0', + /* "nicocourts.com", true */ 'n', 'i', 'c', 'o', 'c', 'o', 'u', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "nicoknibbe.nl", true */ 'n', 'i', 'c', 'o', 'k', 'n', 'i', 'b', 'b', 'e', '.', 'n', 'l', '\0', + /* "nicolaeiotcu.ro", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'e', 'i', 'o', 't', 'c', 'u', '.', 'r', 'o', '\0', + /* "nicolaelmer.ch", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'e', 'l', 'm', 'e', 'r', '.', 'c', 'h', '\0', + /* "nicolajanedesigns.co.uk", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'j', 'a', 'n', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "nicolas-dumermuth.com", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', '-', 'd', 'u', 'm', 'e', 'r', 'm', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "nicolas-hoffmann.net", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', '-', 'h', 'o', 'f', 'f', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0', + /* "nicolas-hoizey.com", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', '-', 'h', 'o', 'i', 'z', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "nicolasiung.me", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', 'i', 'u', 'n', 'g', '.', 'm', 'e', '\0', + /* "nicolasklotz.de", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', 'k', 'l', 'o', 't', 'z', '.', 'd', 'e', '\0', + /* "nicolaszambetti.ch", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', 'z', 'a', 'm', 'b', 'e', 't', 't', 'i', '.', 'c', 'h', '\0', + /* "nicolaw.uk", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'w', '.', 'u', 'k', '\0', + /* "nicoleoquendo.com", true */ 'n', 'i', 'c', 'o', 'l', 'e', 'o', 'q', 'u', 'e', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "nicul.in", true */ 'n', 'i', 'c', 'u', 'l', '.', 'i', 'n', '\0', + /* "nidro.de", true */ 'n', 'i', 'd', 'r', 'o', '.', 'd', 'e', '\0', + /* "nidsuber.ch", true */ 'n', 'i', 'd', 's', 'u', 'b', 'e', 'r', '.', 'c', 'h', '\0', + /* "niederohmig.de", true */ 'n', 'i', 'e', 'd', 'e', 'r', 'o', 'h', 'm', 'i', 'g', '.', 'd', 'e', '\0', + /* "niedersetz.de", true */ 'n', 'i', 'e', 'd', 'e', 'r', 's', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "niehage.name", true */ 'n', 'i', 'e', 'h', 'a', 'g', 'e', '.', 'n', 'a', 'm', 'e', '\0', + /* "nielshoogenhout.be", true */ 'n', 'i', 'e', 'l', 's', 'h', 'o', 'o', 'g', 'e', 'n', 'h', 'o', 'u', 't', '.', 'b', 'e', '\0', + /* "nielshoogenhout.eu", true */ 'n', 'i', 'e', 'l', 's', 'h', 'o', 'o', 'g', 'e', 'n', 'h', 'o', 'u', 't', '.', 'e', 'u', '\0', + /* "nielshoogenhout.nl", true */ 'n', 'i', 'e', 'l', 's', 'h', 'o', 'o', 'g', 'e', 'n', 'h', 'o', 'u', 't', '.', 'n', 'l', '\0', + /* "nien.cf", true */ 'n', 'i', 'e', 'n', '.', 'c', 'f', '\0', + /* "nien.co", true */ 'n', 'i', 'e', 'n', '.', 'c', 'o', '\0', + /* "nien.com", true */ 'n', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "nien.com.tw", true */ 'n', 'i', 'e', 'n', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "nien.eu.org", true */ 'n', 'i', 'e', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "nien.gq", true */ 'n', 'i', 'e', 'n', '.', 'g', 'q', '\0', + /* "nien.org", true */ 'n', 'i', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "nien.taipei", true */ 'n', 'i', 'e', 'n', '.', 't', 'a', 'i', 'p', 'e', 'i', '\0', + /* "nien.tk", true */ 'n', 'i', 'e', 'n', '.', 't', 'k', '\0', + /* "nienkeslop.nl", true */ 'n', 'i', 'e', 'n', 'k', 'e', 's', 'l', 'o', 'p', '.', 'n', 'l', '\0', + /* "nierenpraxis-dr-merkel.de", true */ 'n', 'i', 'e', 'r', 'e', 'n', 'p', 'r', 'a', 'x', 'i', 's', '-', 'd', 'r', '-', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'd', 'e', '\0', + /* "nierenpraxis-merkel.de", true */ 'n', 'i', 'e', 'r', 'e', 'n', 'p', 'r', 'a', 'x', 'i', 's', '-', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'd', 'e', '\0', + /* "nieselregen.com", false */ 'n', 'i', 'e', 's', 'e', 'l', 'r', 'e', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "niess.space", true */ 'n', 'i', 'e', 's', 's', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "niesstar.com", true */ 'n', 'i', 'e', 's', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "nietzsche.com", true */ 'n', 'i', 'e', 't', 'z', 's', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "nieuwsoverijssel.nl", true */ 'n', 'i', 'e', 'u', 'w', 's', 'o', 'v', 'e', 'r', 'i', 'j', 's', 's', 'e', 'l', '.', 'n', 'l', '\0', + /* "niftiestsoftware.com", true */ 'n', 'i', 'f', 't', 'i', 'e', 's', 't', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "nifume.com", true */ 'n', 'i', 'f', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "nigelwakefield.com", true */ 'n', 'i', 'g', 'e', 'l', 'w', 'a', 'k', 'e', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "nigensha.co.jp", true */ 'n', 'i', 'g', 'e', 'n', 's', 'h', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "niggemeier.cc", true */ 'n', 'i', 'g', 'g', 'e', 'm', 'e', 'i', 'e', 'r', '.', 'c', 'c', '\0', + /* "nigger.racing", true */ 'n', 'i', 'g', 'g', 'e', 'r', '.', 'r', 'a', 'c', 'i', 'n', 'g', '\0', + /* "night2stay.cn", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'c', 'n', '\0', + /* "night2stay.com", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "night2stay.de", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'd', 'e', '\0', + /* "night2stay.fr", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'f', 'r', '\0', + /* "night2stay.ru", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'r', 'u', '\0', + /* "nightbutterflies.com", true */ 'n', 'i', 'g', 'h', 't', 'b', 'u', 't', 't', 'e', 'r', 'f', 'l', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "nightfirec.at", true */ 'n', 'i', 'g', 'h', 't', 'f', 'i', 'r', 'e', 'c', '.', 'a', 't', '\0', + /* "nightfirecat.com", true */ 'n', 'i', 'g', 'h', 't', 'f', 'i', 'r', 'e', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "nightmoose.org", true */ 'n', 'i', 'g', 'h', 't', 'm', 'o', 'o', 's', 'e', '.', 'o', 'r', 'g', '\0', + /* "nightwinds.tk", true */ 'n', 'i', 'g', 'h', 't', 'w', 'i', 'n', 'd', 's', '.', 't', 'k', '\0', + /* "nihon-no-sake.net", true */ 'n', 'i', 'h', 'o', 'n', '-', 'n', 'o', '-', 's', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0', + /* "nihseniorhealth.gov", false */ 'n', 'i', 'h', 's', 'e', 'n', 'i', 'o', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'o', 'v', '\0', + /* "nijiero-ch.com", false */ 'n', 'i', 'j', 'i', 'e', 'r', 'o', '-', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "nijikata.com", true */ 'n', 'i', 'j', 'i', 'k', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "nijm.nl", true */ 'n', 'i', 'j', 'm', '.', 'n', 'l', '\0', + /* "nikandcara.com", true */ 'n', 'i', 'k', 'a', 'n', 'd', 'c', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "nikao-tech.com", true */ 'n', 'i', 'k', 'a', 'o', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "nikavandenbos.nl", true */ 'n', 'i', 'k', 'a', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0', + /* "nikimix.com", true */ 'n', 'i', 'k', 'i', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "nikkila.me", true */ 'n', 'i', 'k', 'k', 'i', 'l', 'a', '.', 'm', 'e', '\0', + /* "niklas.pw", true */ 'n', 'i', 'k', 'l', 'a', 's', '.', 'p', 'w', '\0', + /* "niklasbabel.com", true */ 'n', 'i', 'k', 'l', 'a', 's', 'b', 'a', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "nikobradshaw.com", true */ 'n', 'i', 'k', 'o', 'b', 'r', 'a', 'd', 's', 'h', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "nikolasgrottendieck.com", true */ 'n', 'i', 'k', 'o', 'l', 'a', 's', 'g', 'r', 'o', 't', 't', 'e', 'n', 'd', 'i', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "nikomo.fi", false */ 'n', 'i', 'k', 'o', 'm', 'o', '.', 'f', 'i', '\0', + /* "nikz.in", true */ 'n', 'i', 'k', 'z', '.', 'i', 'n', '\0', + /* "nil.gs", true */ 'n', 'i', 'l', '.', 'g', 's', '\0', + /* "nilrem.org", true */ 'n', 'i', 'l', 'r', 'e', 'm', '.', 'o', 'r', 'g', '\0', + /* "nimeshjm.com", true */ 'n', 'i', 'm', 'e', 's', 'h', 'j', 'm', '.', 'c', 'o', 'm', '\0', + /* "ninaforever.com", true */ 'n', 'i', 'n', 'a', 'f', 'o', 'r', 'e', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ninarinaldi.com.br", true */ 'n', 'i', 'n', 'a', 'r', 'i', 'n', 'a', 'l', 'd', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ninaundandre.de", true */ 'n', 'i', 'n', 'a', 'u', 'n', 'd', 'a', 'n', 'd', 'r', 'e', '.', 'd', 'e', '\0', + /* "ninchat.com", true */ 'n', 'i', 'n', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "ninebennink.com", true */ 'n', 'i', 'n', 'e', 'b', 'e', 'n', 'n', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "ninebytes.xyz", true */ 'n', 'i', 'n', 'e', 'b', 'y', 't', 'e', 's', '.', 'x', 'y', 'z', '\0', + /* "ninespec.com", true */ 'n', 'i', 'n', 'e', 's', 'p', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "ninetaillabs.com", true */ 'n', 'i', 'n', 'e', 't', 'a', 'i', 'l', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "ninetaillabs.xyz", true */ 'n', 'i', 'n', 'e', 't', 'a', 'i', 'l', 'l', 'a', 'b', 's', '.', 'x', 'y', 'z', '\0', + /* "ninfora.com", true */ 'n', 'i', 'n', 'f', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "ning.so", true */ 'n', 'i', 'n', 'g', '.', 's', 'o', '\0', + /* "ninja-galerie.de", true */ 'n', 'i', 'n', 'j', 'a', '-', 'g', 'a', 'l', 'e', 'r', 'i', 'e', '.', 'd', 'e', '\0', + /* "ninofink.com", true */ 'n', 'i', 'n', 'o', 'f', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "nintendoforum.no", true */ 'n', 'i', 'n', 't', 'e', 'n', 'd', 'o', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'o', '\0', + /* "ninthfloor.org", true */ 'n', 'i', 'n', 't', 'h', 'f', 'l', 'o', 'o', 'r', '.', 'o', 'r', 'g', '\0', + /* "ninux.ch", false */ 'n', 'i', 'n', 'u', 'x', '.', 'c', 'h', '\0', + /* "nipax.cz", true */ 'n', 'i', 'p', 'a', 'x', '.', 'c', 'z', '\0', + /* "nipe-systems.de", true */ 'n', 'i', 'p', 'e', '-', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'd', 'e', '\0', + /* "nippon-oku.com", true */ 'n', 'i', 'p', 'p', 'o', 'n', '-', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "nippon.fr", true */ 'n', 'i', 'p', 'p', 'o', 'n', '.', 'f', 'r', '\0', + /* "nirna.io", true */ 'n', 'i', 'r', 'n', 'a', '.', 'i', 'o', '\0', + /* "nirudo.me", true */ 'n', 'i', 'r', 'u', 'd', 'o', '.', 'm', 'e', '\0', + /* "nirvanashop.com", true */ 'n', 'i', 'r', 'v', 'a', 'n', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "nishaswonderland.be", true */ 'n', 'i', 's', 'h', 'a', 's', 'w', 'o', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'b', 'e', '\0', + /* "nishaswonderland.nl", true */ 'n', 'i', 's', 'h', 'a', 's', 'w', 'o', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "nishisbma.com", true */ 'n', 'i', 's', 'h', 'i', 's', 'b', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "nissanofbismarckparts.com", true */ 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'b', 'i', 's', 'm', 'a', 'r', 'c', 'k', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "nitaonline.org", true */ 'n', 'i', 't', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "nitifilter.com", true */ 'n', 'i', 't', 'i', 'f', 'i', 'l', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "nitrix.me", true */ 'n', 'i', 't', 'r', 'i', 'x', '.', 'm', 'e', '\0', + /* "nitrokey.com", true */ 'n', 'i', 't', 'r', 'o', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "nitropanel.com", true */ 'n', 'i', 't', 'r', 'o', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "nitropur.com", true */ 'n', 'i', 't', 'r', 'o', 'p', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "nitropur.de", true */ 'n', 'i', 't', 'r', 'o', 'p', 'u', 'r', '.', 'd', 'e', '\0', + /* "nitrous-networks.com", true */ 'n', 'i', 't', 'r', 'o', 'u', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "niu.moe", true */ 'n', 'i', 'u', '.', 'm', 'o', 'e', '\0', + /* "nivi.ca", true */ 'n', 'i', 'v', 'i', '.', 'c', 'a', '\0', + /* "nix.black", true */ 'n', 'i', 'x', '.', 'b', 'l', 'a', 'c', 'k', '\0', + /* "nix.org.ua", false */ 'n', 'i', 'x', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0', + /* "nixonlibrary.gov", true */ 'n', 'i', 'x', 'o', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0', + /* "niyawe.de", true */ 'n', 'i', 'y', 'a', 'w', 'e', '.', 'd', 'e', '\0', + /* "nja.id.au", true */ 'n', 'j', 'a', '.', 'i', 'd', '.', 'a', 'u', '\0', + /* "njguardtraining.com", true */ 'n', 'j', 'g', 'u', 'a', 'r', 'd', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "njpjanssen.nl", true */ 'n', 'j', 'p', 'j', 'a', 'n', 's', 's', 'e', 'n', '.', 'n', 'l', '\0', + /* "nkinka.de", true */ 'n', 'k', 'i', 'n', 'k', 'a', '.', 'd', 'e', '\0', + /* "nkp-media.de", true */ 'n', 'k', 'p', '-', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0', + /* "nl-ix.net", true */ 'n', 'l', '-', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "nl.search.yahoo.com", false */ 'n', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "nlap.ca", true */ 'n', 'l', 'a', 'p', '.', 'c', 'a', '\0', + /* "nlbewustgezond.nl", true */ 'n', 'l', 'b', 'e', 'w', 'u', 's', 't', 'g', 'e', 'z', 'o', 'n', 'd', '.', 'n', 'l', '\0', + /* "nlegall.fr", true */ 'n', 'l', 'e', 'g', 'a', 'l', 'l', '.', 'f', 'r', '\0', + /* "nlfant.eu", true */ 'n', 'l', 'f', 'a', 'n', 't', '.', 'e', 'u', '\0', + /* "nlm.gov", true */ 'n', 'l', 'm', '.', 'g', 'o', 'v', '\0', + /* "nlrb.gov", true */ 'n', 'l', 'r', 'b', '.', 'g', 'o', 'v', '\0', + /* "nlt.by", false */ 'n', 'l', 't', '.', 'b', 'y', '\0', + /* "nmd.so", true */ 'n', 'm', 'd', '.', 's', 'o', '\0', + /* "nmnd.de", true */ 'n', 'm', 'n', 'd', '.', 'd', 'e', '\0', + /* "nmsnj.com", true */ 'n', 'm', 's', 'n', 'j', '.', 'c', 'o', 'm', '\0', + /* "nn.cz", true */ 'n', 'n', '.', 'c', 'z', '\0', + /* "nna774.net", true */ 'n', 'n', 'a', '7', '7', '4', '.', 'n', 'e', 't', '\0', + /* "nnqc.nl", true */ 'n', 'n', 'q', 'c', '.', 'n', 'l', '\0', + /* "no-xice.com", true */ 'n', 'o', '-', 'x', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "no.search.yahoo.com", false */ 'n', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "noagendahr.org", true */ 'n', 'o', 'a', 'g', 'e', 'n', 'd', 'a', 'h', 'r', '.', 'o', 'r', 'g', '\0', + /* "nobleparkapartments.com.au", true */ 'n', 'o', 'b', 'l', 'e', 'p', 'a', 'r', 'k', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "nobly.de", true */ 'n', 'o', 'b', 'l', 'y', '.', 'd', 'e', '\0', + /* "noc.org", true */ 'n', 'o', 'c', '.', 'o', 'r', 'g', '\0', + /* "noc.wang", true */ 'n', 'o', 'c', '.', 'w', 'a', 'n', 'g', '\0', + /* "nocit.dk", true */ 'n', 'o', 'c', 'i', 't', '.', 'd', 'k', '\0', + /* "nocs.cn", true */ 'n', 'o', 'c', 's', '.', 'c', 'n', '\0', + /* "nodari.com.ar", true */ 'n', 'o', 'd', 'a', 'r', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "nodariweb.com.ar", true */ 'n', 'o', 'd', 'a', 'r', 'i', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "nodecompat.com", true */ 'n', 'o', 'd', 'e', 'c', 'o', 'm', 'p', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "nodefiles.com", true */ 'n', 'o', 'd', 'e', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "nodefoo.com", true */ 'n', 'o', 'd', 'e', 'f', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "nodejs.de", true */ 'n', 'o', 'd', 'e', 'j', 's', '.', 'd', 'e', '\0', + /* "nodelia.com", true */ 'n', 'o', 'd', 'e', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "nodepositcasinouk.com", true */ 'n', 'o', 'd', 'e', 'p', 'o', 's', 'i', 't', 'c', 'a', 's', 'i', 'n', 'o', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "nodesturut.cl", true */ 'n', 'o', 'd', 'e', 's', 't', 'u', 'r', 'u', 't', '.', 'c', 'l', '\0', + /* "nodum.io", true */ 'n', 'o', 'd', 'u', 'm', '.', 'i', 'o', '\0', + /* "noeatnosleep.me", true */ 'n', 'o', 'e', 'a', 't', 'n', 'o', 's', 'l', 'e', 'e', 'p', '.', 'm', 'e', '\0', + /* "noedidacticos.com", true */ 'n', 'o', 'e', 'd', 'i', 'd', 'a', 'c', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "noegoph.com", true */ 'n', 'o', 'e', 'g', 'o', 'p', 'h', '.', 'c', 'o', 'm', '\0', + /* "noellabo.jp", true */ 'n', 'o', 'e', 'l', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0', + /* "noematic.space", true */ 'n', 'o', 'e', 'm', 'a', 't', 'i', 'c', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "noemax.com", true */ 'n', 'o', 'e', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "noesberts-weidmoos.de", true */ 'n', 'o', 'e', 's', 'b', 'e', 'r', 't', 's', '-', 'w', 'e', 'i', 'd', 'm', 'o', 'o', 's', '.', 'd', 'e', '\0', + /* "noexec.org", true */ 'n', 'o', 'e', 'x', 'e', 'c', '.', 'o', 'r', 'g', '\0', + /* "noez.de", true */ 'n', 'o', 'e', 'z', '.', 'd', 'e', '\0', + /* "nofrillsdns.com", true */ 'n', 'o', 'f', 'r', 'i', 'l', 'l', 's', 'd', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "noglobalwarrants.org", true */ 'n', 'o', 'g', 'l', 'o', 'b', 'a', 'l', 'w', 'a', 'r', 'r', 'a', 'n', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "nohats.ca", true */ 'n', 'o', 'h', 'a', 't', 's', '.', 'c', 'a', '\0', + /* "nohkan.fr", true */ 'n', 'o', 'h', 'k', 'a', 'n', '.', 'f', 'r', '\0', + /* "nohm.eu", true */ 'n', 'o', 'h', 'm', '.', 'e', 'u', '\0', + /* "nohttps.org", true */ 'n', 'o', 'h', 't', 't', 'p', 's', '.', 'o', 'r', 'g', '\0', + /* "nohup.se", true */ 'n', 'o', 'h', 'u', 'p', '.', 's', 'e', '\0', + /* "nohup.xyz", true */ 'n', 'o', 'h', 'u', 'p', '.', 'x', 'y', 'z', '\0', + /* "noincludesubdomains.preloaded.test", false */ 'n', 'o', 'i', 'n', 'c', 'l', 'u', 'd', 'e', 's', 'u', 'b', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '.', 't', 'e', 's', 't', '\0', + /* "noisebridge.social", true */ 'n', 'o', 'i', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0', + /* "noisetrap.cz", true */ 'n', 'o', 'i', 's', 'e', 't', 'r', 'a', 'p', '.', 'c', 'z', '\0', + /* "noisky.cn", true */ 'n', 'o', 'i', 's', 'k', 'y', '.', 'c', 'n', '\0', + /* "noisyfox.cn", true */ 'n', 'o', 'i', 's', 'y', 'f', 'o', 'x', '.', 'c', 'n', '\0', + /* "nojestorget.se", true */ 'n', 'o', 'j', 'e', 's', 't', 'o', 'r', 'g', 'e', 't', '.', 's', 'e', '\0', + /* "nojok.es", true */ 'n', 'o', 'j', 'o', 'k', '.', 'e', 's', '\0', + /* "nokono.com", true */ 'n', 'o', 'k', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "nolaviz.org", true */ 'n', 'o', 'l', 'a', 'v', 'i', 'z', '.', 'o', 'r', 'g', '\0', + /* "noma-film.com", true */ 'n', 'o', 'm', 'a', '-', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0', + /* "nomadproject.io", true */ 'n', 'o', 'm', 'a', 'd', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0', + /* "nomesbiblicos.com", true */ 'n', 'o', 'm', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "nomial.co.uk", true */ 'n', 'o', 'm', 'i', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "nomifensine.com", true */ 'n', 'o', 'm', 'i', 'f', 'e', 'n', 's', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "nomsy.net", true */ 'n', 'o', 'm', 's', 'y', '.', 'n', 'e', 't', '\0', + /* "noname-ev.de", true */ 'n', 'o', 'n', 'a', 'm', 'e', '-', 'e', 'v', '.', 'd', 'e', '\0', + /* "noncombatant.org", true */ 'n', 'o', 'n', 'c', 'o', 'm', 'b', 'a', 't', 'a', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "noob-box.net", true */ 'n', 'o', 'o', 'b', '-', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "noobunbox.net", true */ 'n', 'o', 'o', 'b', 'u', 'n', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "noodles.net.nz", true */ 'n', 'o', 'o', 'd', 'l', 'e', 's', '.', 'n', 'e', 't', '.', 'n', 'z', '\0', + /* "noodleyum.com", true */ 'n', 'o', 'o', 'd', 'l', 'e', 'y', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "noodweer.be", true */ 'n', 'o', 'o', 'd', 'w', 'e', 'e', 'r', '.', 'b', 'e', '\0', + /* "noon-entertainments.com", true */ 'n', 'o', 'o', 'n', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "noop.ch", true */ 'n', 'o', 'o', 'p', '.', 'c', 'h', '\0', + /* "noordsee.de", true */ 'n', 'o', 'o', 'r', 'd', 's', 'e', 'e', '.', 'd', 'e', '\0', + /* "noorsolidarity.com", true */ 'n', 'o', 'o', 'r', 's', 'o', 'l', 'i', 'd', 'a', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "nootropic.com", true */ 'n', 'o', 'o', 't', 'r', 'o', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "noovell.com", true */ 'n', 'o', 'o', 'v', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "nopaste.xyz", true */ 'n', 'o', 'p', 'a', 's', 't', 'e', '.', 'x', 'y', 'z', '\0', + /* "nopaynocure.com", true */ 'n', 'o', 'p', 'a', 'y', 'n', 'o', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "nord-sud.be", true */ 'n', 'o', 'r', 'd', '-', 's', 'u', 'd', '.', 'b', 'e', '\0', + /* "nordakademie.de", true */ 'n', 'o', 'r', 'd', 'a', 'k', 'a', 'd', 'e', 'm', 'i', 'e', '.', 'd', 'e', '\0', + /* "nordic-survival.de", true */ 'n', 'o', 'r', 'd', 'i', 'c', '-', 's', 'u', 'r', 'v', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0', + /* "nordiccasinocommunity.com", true */ 'n', 'o', 'r', 'd', 'i', 'c', 'c', 'a', 's', 'i', 'n', 'o', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "nordinfo.fi", true */ 'n', 'o', 'r', 'd', 'i', 'n', 'f', 'o', '.', 'f', 'i', '\0', + /* "nordmoregatebilklubb.com", true */ 'n', 'o', 'r', 'd', 'm', 'o', 'r', 'e', 'g', 'a', 't', 'e', 'b', 'i', 'l', 'k', 'l', 'u', 'b', 'b', '.', 'c', 'o', 'm', '\0', + /* "nordnetz-hamburg.de", true */ 'n', 'o', 'r', 'd', 'n', 'e', 't', 'z', '-', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "nordor.homeip.net", true */ 'n', 'o', 'r', 'd', 'o', 'r', '.', 'h', 'o', 'm', 'e', 'i', 'p', '.', 'n', 'e', 't', '\0', + /* "nordwaldzendo.de", true */ 'n', 'o', 'r', 'd', 'w', 'a', 'l', 'd', 'z', 'e', 'n', 'd', 'o', '.', 'd', 'e', '\0', + /* "noref.tk", true */ 'n', 'o', 'r', 'e', 'f', '.', 't', 'k', '\0', + /* "noreply.mx", true */ 'n', 'o', 'r', 'e', 'p', 'l', 'y', '.', 'm', 'x', '\0', + /* "normaculta.com.br", true */ 'n', 'o', 'r', 'm', 'a', 'c', 'u', 'l', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "normalady.com", true */ 'n', 'o', 'r', 'm', 'a', 'l', 'a', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "norman-preusser-gmbh.de", true */ 'n', 'o', 'r', 'm', 'a', 'n', '-', 'p', 'r', 'e', 'u', 's', 's', 'e', 'r', '-', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0', + /* "normanbauer.com", true */ 'n', 'o', 'r', 'm', 'a', 'n', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "normandgascon.com", true */ 'n', 'o', 'r', 'm', 'a', 'n', 'd', 'g', 'a', 's', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "normankranich.de", true */ 'n', 'o', 'r', 'm', 'a', 'n', 'k', 'r', 'a', 'n', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "norrkemi.se", true */ 'n', 'o', 'r', 'r', 'k', 'e', 'm', 'i', '.', 's', 'e', '\0', + /* "norrliden.de", true */ 'n', 'o', 'r', 'r', 'l', 'i', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "norskpensjon.no", true */ 'n', 'o', 'r', 's', 'k', 'p', 'e', 'n', 's', 'j', 'o', 'n', '.', 'n', 'o', '\0', + /* "north.supply", true */ 'n', 'o', 'r', 't', 'h', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0', + /* "northatlantalaw.net", true */ 'n', 'o', 'r', 't', 'h', 'a', 't', 'l', 'a', 'n', 't', 'a', 'l', 'a', 'w', '.', 'n', 'e', 't', '\0', + /* "northbrisbaneapartments.com.au", true */ 'n', 'o', 'r', 't', 'h', 'b', 'r', 'i', 's', 'b', 'a', 'n', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "northconsulting.fr", true */ 'n', 'o', 'r', 't', 'h', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'f', 'r', '\0', + /* "northcountykiaparts.com", true */ 'n', 'o', 'r', 't', 'h', 'c', 'o', 'u', 'n', 't', 'y', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "northdevonbouncycastles.co.uk", true */ 'n', 'o', 'r', 't', 'h', 'd', 'e', 'v', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "northeastcdc.org", true */ 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', 'c', 'd', 'c', '.', 'o', 'r', 'g', '\0', + /* "northeastrodeo.co.uk", true */ 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', 'r', 'o', 'd', 'e', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "northern-lakes.com", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', '-', 'l', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "northernhamsterclub.com", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 'h', 'a', 'm', 's', 't', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "northernmuscle.ca", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 'm', 'u', 's', 'c', 'l', 'e', '.', 'c', 'a', '\0', + /* "northernselfstorage.co.za", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 's', 'e', 'l', 'f', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "northfieldyarn.com", true */ 'n', 'o', 'r', 't', 'h', 'f', 'i', 'e', 'l', 'd', 'y', 'a', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "northpennvwparts.com", true */ 'n', 'o', 'r', 't', 'h', 'p', 'e', 'n', 'n', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "northpole.dance", true */ 'n', 'o', 'r', 't', 'h', 'p', 'o', 'l', 'e', '.', 'd', 'a', 'n', 'c', 'e', '\0', + /* "northridgeelectrical.com", true */ 'n', 'o', 'r', 't', 'h', 'r', 'i', 'd', 'g', 'e', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "northumbriagames.co.uk", true */ 'n', 'o', 'r', 't', 'h', 'u', 'm', 'b', 'r', 'i', 'a', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "northwoodsfish.com", true */ 'n', 'o', 'r', 't', 'h', 'w', 'o', 'o', 'd', 's', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "nos-medias.fr", true */ 'n', 'o', 's', '-', 'm', 'e', 'd', 'i', 'a', 's', '.', 'f', 'r', '\0', + /* "nos-oignons.net", true */ 'n', 'o', 's', '-', 'o', 'i', 'g', 'n', 'o', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "noscript.net", true */ 'n', 'o', 's', 'c', 'r', 'i', 'p', 't', '.', 'n', 'e', 't', '\0', + /* "nosfermiers.com", true */ 'n', 'o', 's', 'f', 'e', 'r', 'm', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "noslite.nl", true */ 'n', 'o', 's', 'l', 'i', 't', 'e', '.', 'n', 'l', '\0', + /* "nospoint.cz", true */ 'n', 'o', 's', 'p', 'o', 'i', 'n', 't', '.', 'c', 'z', '\0', + /* "nossasenhora.net", true */ 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "nossasenhoradaconceicao.com.br", true */ 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', 'd', 'a', 'c', 'o', 'n', 'c', 'e', 'i', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "nossasenhoradodesterro.com.br", true */ 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', 'd', 'o', 'd', 'e', 's', 't', 'e', 'r', 'r', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "nostraforma.com", false */ 'n', 'o', 's', 't', 'r', 'a', 'f', 'o', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "noswap.com", true */ 'n', 'o', 's', 'w', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "nosyu.pe.kr", true */ 'n', 'o', 's', 'y', 'u', '.', 'p', 'e', '.', 'k', 'r', '\0', + /* "not-a.link", true */ 'n', 'o', 't', '-', 'a', '.', 'l', 'i', 'n', 'k', '\0', + /* "nota-web.com", true */ 'n', 'o', 't', 'a', '-', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "nota.moe", true */ 'n', 'o', 't', 'a', '.', 'm', 'o', 'e', '\0', + /* "notablog.xyz", true */ 'n', 'o', 't', 'a', 'b', 'l', 'o', 'g', '.', 'x', 'y', 'z', '\0', + /* "notabug.org", true */ 'n', 'o', 't', 'a', 'b', 'u', 'g', '.', 'o', 'r', 'g', '\0', + /* "notadd.com", true */ 'n', 'o', 't', 'a', 'd', 'd', '.', 'c', 'o', 'm', '\0', + /* "notadd.store", true */ 'n', 'o', 't', 'a', 'd', 'd', '.', 's', 't', 'o', 'r', 'e', '\0', + /* "notalone.gov", true */ 'n', 'o', 't', 'a', 'l', 'o', 'n', 'e', '.', 'g', 'o', 'v', '\0', + /* "notar-glagowski.com", true */ 'n', 'o', 't', 'a', 'r', '-', 'g', 'l', 'a', 'g', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "notar-glagowski.de", true */ 'n', 'o', 't', 'a', 'r', '-', 'g', 'l', 'a', 'g', 'o', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0', + /* "notar-peikert.com", true */ 'n', 'o', 't', 'a', 'r', '-', 'p', 'e', 'i', 'k', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "notarvysocina.cz", true */ 'n', 'o', 't', 'a', 'r', 'v', 'y', 's', 'o', 'c', 'i', 'n', 'a', '.', 'c', 'z', '\0', + /* "notbolaget.se", true */ 'n', 'o', 't', 'b', 'o', 'l', 'a', 'g', 'e', 't', '.', 's', 'e', '\0', + /* "notboring.co.uk", true */ 'n', 'o', 't', 'b', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "notcompletelycorrect.com", true */ 'n', 'o', 't', 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 'l', 'y', 'c', 'o', 'r', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "notdienstreform-nordrhein.de", true */ 'n', 'o', 't', 'd', 'i', 'e', 'n', 's', 't', 'r', 'e', 'f', 'o', 'r', 'm', '-', 'n', 'o', 'r', 'd', 'r', 'h', 'e', 'i', 'n', '.', 'd', 'e', '\0', + /* "noticiasdehumor.com", true */ 'n', 'o', 't', 'i', 'c', 'i', 'a', 's', 'd', 'e', 'h', 'u', 'm', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "notificami.com", true */ 'n', 'o', 't', 'i', 'f', 'i', 'c', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "notify.moe", true */ 'n', 'o', 't', 'i', 'f', 'y', '.', 'm', 'o', 'e', '\0', + /* "notinglife.com", true */ 'n', 'o', 't', 'i', 'n', 'g', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "notjustvacs.com", true */ 'n', 'o', 't', 'j', 'u', 's', 't', 'v', 'a', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "notnize.net", true */ 'n', 'o', 't', 'n', 'i', 'z', 'e', '.', 'n', 'e', 't', '\0', + /* "notnl.com", true */ 'n', 'o', 't', 'n', 'l', '.', 'c', 'o', 'm', '\0', + /* "notoriousdev.com", true */ 'n', 'o', 't', 'o', 'r', 'i', 'o', 'u', 's', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "notrecourrier.net", true */ 'n', 'o', 't', 'r', 'e', 'c', 'o', 'u', 'r', 'r', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "nottres.com", true */ 'n', 'o', 't', 't', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "notypiesni.sk", false */ 'n', 'o', 't', 'y', 'p', 'i', 'e', 's', 'n', 'i', '.', 's', 'k', '\0', + /* "noudjalink.nl", true */ 'n', 'o', 'u', 'd', 'j', 'a', 'l', 'i', 'n', 'k', '.', 'n', 'l', '\0', + /* "nouma.fr", true */ 'n', 'o', 'u', 'm', 'a', '.', 'f', 'r', '\0', + /* "nova-dess.ch", true */ 'n', 'o', 'v', 'a', '-', 'd', 'e', 's', 's', '.', 'c', 'h', '\0', + /* "nova-wd.org.uk", true */ 'n', 'o', 'v', 'a', '-', 'w', 'd', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "nova.live", true */ 'n', 'o', 'v', 'a', '.', 'l', 'i', 'v', 'e', '\0', + /* "novabench.com", true */ 'n', 'o', 'v', 'a', 'b', 'e', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "novacoast.com", false */ 'n', 'o', 'v', 'a', 'c', 'o', 'a', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "novadermis.es", true */ 'n', 'o', 'v', 'a', 'd', 'e', 'r', 'm', 'i', 's', '.', 'e', 's', '\0', + /* "novafreixo.pt", true */ 'n', 'o', 'v', 'a', 'f', 'r', 'e', 'i', 'x', 'o', '.', 'p', 't', '\0', + /* "novaopcaofestas.com.br", true */ 'n', 'o', 'v', 'a', 'o', 'p', 'c', 'a', 'o', 'f', 'e', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "novawave.ca", true */ 'n', 'o', 'v', 'a', 'w', 'a', 'v', 'e', '.', 'c', 'a', '\0', + /* "nove.city", true */ 'n', 'o', 'v', 'e', '.', 'c', 'i', 't', 'y', '\0', + /* "noveciti.com", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "novecity.cloud", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "novecity.com", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "novecity.info", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "novecity.it", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'i', 't', '\0', + /* "novecity.org", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "novecitymail.com", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "novelfeed.com", true */ 'n', 'o', 'v', 'e', 'l', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "novelinglife.net", true */ 'n', 'o', 'v', 'e', 'l', 'i', 'n', 'g', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0', + /* "novelvyretraite.fr", true */ 'n', 'o', 'v', 'e', 'l', 'v', 'y', 'r', 'e', 't', 'r', 'a', 'i', 't', 'e', '.', 'f', 'r', '\0', + /* "novfishing.ru", true */ 'n', 'o', 'v', 'f', 'i', 's', 'h', 'i', 'n', 'g', '.', 'r', 'u', '\0', + /* "novilaw.com", true */ 'n', 'o', 'v', 'i', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "novinhabucetuda.com", true */ 'n', 'o', 'v', 'i', 'n', 'h', 'a', 'b', 'u', 'c', 'e', 't', 'u', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "novoresume.com", false */ 'n', 'o', 'v', 'o', 'r', 'e', 's', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "nowcost.com", true */ 'n', 'o', 'w', 'c', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "nowhere.dk", true */ 'n', 'o', 'w', 'h', 'e', 'r', 'e', '.', 'd', 'k', '\0', + /* "nowlas.org", true */ 'n', 'o', 'w', 'l', 'a', 's', '.', 'o', 'r', 'g', '\0', + /* "nowloading.co", true */ 'n', 'o', 'w', 'l', 'o', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', '\0', + /* "noxlogic.nl", true */ 'n', 'o', 'x', 'l', 'o', 'g', 'i', 'c', '.', 'n', 'l', '\0', + /* "noyocenter.org", true */ 'n', 'o', 'y', 'o', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "np.search.yahoo.com", false */ 'n', 'p', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "npath.de", true */ 'n', 'p', 'a', 't', 'h', '.', 'd', 'e', '\0', + /* "npm.li", true */ 'n', 'p', 'm', '.', 'l', 'i', '\0', + /* "npmcdn.com", true */ 'n', 'p', 'm', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0', + /* "npw.net", true */ 'n', 'p', 'w', '.', 'n', 'e', 't', '\0', + /* "nqesh.com", true */ 'n', 'q', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "nrd.li", true */ 'n', 'r', 'd', '.', 'l', 'i', '\0', + /* "nrdstd.io", true */ 'n', 'r', 'd', 's', 't', 'd', '.', 'i', 'o', '\0', + /* "nrev.ch", true */ 'n', 'r', 'e', 'v', '.', 'c', 'h', '\0', + /* "nrkn.fr", true */ 'n', 'r', 'k', 'n', '.', 'f', 'r', '\0', + /* "ns-frontier.com", true */ 'n', 's', '-', 'f', 'r', 'o', 'n', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ns2servers.pw", true */ 'n', 's', '2', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'p', 'w', '\0', + /* "nsa.lol", true */ 'n', 's', 'a', '.', 'l', 'o', 'l', '\0', + /* "nsa.wtf", true */ 'n', 's', 'a', '.', 'w', 't', 'f', '\0', + /* "nsboston.org", true */ 'n', 's', 'b', 'o', 's', 't', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "nsboutique.com", true */ 'n', 's', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "nscnet.jp", true */ 'n', 's', 'c', 'n', 'e', 't', '.', 'j', 'p', '\0', + /* "nsellier.fr", true */ 'n', 's', 'e', 'l', 'l', 'i', 'e', 'r', '.', 'f', 'r', '\0', + /* "nsfw-story.com", true */ 'n', 's', 'f', 'w', '-', 's', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "nshost.ro", true */ 'n', 's', 'h', 'o', 's', 't', '.', 'r', 'o', '\0', + /* "nsm.ee", true */ 'n', 's', 'm', '.', 'e', 'e', '\0', + /* "nsm.stat.no", true */ 'n', 's', 'm', '.', 's', 't', 'a', 't', '.', 'n', 'o', '\0', + /* "nso.ie", true */ 'n', 's', 'o', '.', 'i', 'e', '\0', + /* "nsp.ua", true */ 'n', 's', 'p', '.', 'u', 'a', '\0', + /* "nspeaks.com", true */ 'n', 's', 'p', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "nst-maroc.com", true */ 'n', 's', 't', '-', 'm', 'a', 'r', 'o', 'c', '.', 'c', 'o', 'm', '\0', + /* "nstd.net", true */ 'n', 's', 't', 'd', '.', 'n', 'e', 't', '\0', + /* "nstremsdoerfer.ovh", true */ 'n', 's', 't', 'r', 'e', 'm', 's', 'd', 'o', 'e', 'r', 'f', 'e', 'r', '.', 'o', 'v', 'h', '\0', + /* "nsure.us", true */ 'n', 's', 'u', 'r', 'e', '.', 'u', 's', '\0', + /* "nsworks.com", true */ 'n', 's', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "ntotten.com", true */ 'n', 't', 'o', 't', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "ntppool.org", true */ 'n', 't', 'p', 'p', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0', + /* "ntx360grad-fallakte.de", true */ 'n', 't', 'x', '3', '6', '0', 'g', 'r', 'a', 'd', '-', 'f', 'a', 'l', 'l', 'a', 'k', 't', 'e', '.', 'd', 'e', '\0', + /* "ntzwrk.org", true */ 'n', 't', 'z', 'w', 'r', 'k', '.', 'o', 'r', 'g', '\0', + /* "nu-pogodi.net", true */ 'n', 'u', '-', 'p', 'o', 'g', 'o', 'd', 'i', '.', 'n', 'e', 't', '\0', + /* "nu3tion.com", true */ 'n', 'u', '3', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "nu3tion.cz", true */ 'n', 'u', '3', 't', 'i', 'o', 'n', '.', 'c', 'z', '\0', + /* "nuacht.ie", true */ 'n', 'u', 'a', 'c', 'h', 't', '.', 'i', 'e', '\0', + /* "nuamooreaindonesia.com", true */ 'n', 'u', 'a', 'm', 'o', 'o', 'r', 'e', 'a', 'i', 'n', 'd', 'o', 'n', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "nubella.com.au", true */ 'n', 'u', 'b', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "nubu.at", true */ 'n', 'u', 'b', 'u', '.', 'a', 't', '\0', + /* "nuclear-crimes.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', '-', 'c', 'r', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "nuclearcat.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "nuclearcrimes.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'c', 'r', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "nuclearcrimes1.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'c', 'r', 'i', 'm', 'e', 's', '1', '.', 'c', 'o', 'm', '\0', + /* "nucleuscore.org", true */ 'n', 'u', 'c', 'l', 'e', 'u', 's', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "nudestpics.com", true */ 'n', 'u', 'd', 'e', 's', 't', 'p', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "nuel.cl", true */ 'n', 'u', 'e', 'l', '.', 'c', 'l', '\0', + /* "nuevaimagenpublicidad.es", true */ 'n', 'u', 'e', 'v', 'a', 'i', 'm', 'a', 'g', 'e', 'n', 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'd', 'a', 'd', '.', 'e', 's', '\0', + /* "null-life.com", true */ 'n', 'u', 'l', 'l', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "nullday.de", true */ 'n', 'u', 'l', 'l', 'd', 'a', 'y', '.', 'd', 'e', '\0', + /* "nullpointer.io", true */ 'n', 'u', 'l', 'l', 'p', 'o', 'i', 'n', 't', 'e', 'r', '.', 'i', 'o', '\0', + /* "nullroute.com", true */ 'n', 'u', 'l', 'l', 'r', 'o', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "nulltime.net", true */ 'n', 'u', 'l', 'l', 't', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "numarasorgulama.tel", true */ 'n', 'u', 'm', 'a', 'r', 'a', 's', 'o', 'r', 'g', 'u', 'l', 'a', 'm', 'a', '.', 't', 'e', 'l', '\0', + /* "numatic.co.uk", true */ 'n', 'u', 'm', 'a', 't', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "number.me", true */ 'n', 'u', 'm', 'b', 'e', 'r', '.', 'm', 'e', '\0', + /* "numbercult.net", true */ 'n', 'u', 'm', 'b', 'e', 'r', 'c', 'u', 'l', 't', '.', 'n', 'e', 't', '\0', + /* "numberoneshoes.co.nz", false */ 'n', 'u', 'm', 'b', 'e', 'r', 'o', 'n', 'e', 's', 'h', 'o', 'e', 's', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "numberzero.org", true */ 'n', 'u', 'm', 'b', 'e', 'r', 'z', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0', + /* "numerik-games.ch", true */ 'n', 'u', 'm', 'e', 'r', 'i', 'k', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'h', '\0', + /* "numero-aleatorio.com", true */ 'n', 'u', 'm', 'e', 'r', 'o', '-', 'a', 'l', 'e', 'a', 't', 'o', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "numero1.ch", true */ 'n', 'u', 'm', 'e', 'r', 'o', '1', '.', 'c', 'h', '\0', + /* "numerossanos.com.ar", true */ 'n', 'u', 'm', 'e', 'r', 'o', 's', 's', 'a', 'n', 'o', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "numis.tech", true */ 'n', 'u', 'm', 'i', 's', '.', 't', 'e', 'c', 'h', '\0', + /* "numm.fr", true */ 'n', 'u', 'm', 'm', '.', 'f', 'r', '\0', + /* "numwave.nl", true */ 'n', 'u', 'm', 'w', 'a', 'v', 'e', '.', 'n', 'l', '\0', + /* "nunnenmacher.net", true */ 'n', 'u', 'n', 'n', 'e', 'n', 'm', 'a', 'c', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "nunomoura.com", true */ 'n', 'u', 'n', 'o', 'm', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "nuos.org", true */ 'n', 'u', 'o', 's', '.', 'o', 'r', 'g', '\0', + /* "nupef.org.br", true */ 'n', 'u', 'p', 'e', 'f', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0', + /* "nuquery.com", true */ 'n', 'u', 'q', 'u', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "nursejj.com", true */ 'n', 'u', 'r', 's', 'e', 'j', 'j', '.', 'c', 'o', 'm', '\0', + /* "nurses.dating", true */ 'n', 'u', 'r', 's', 'e', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "nuryahan.com.br", true */ 'n', 'u', 'r', 'y', 'a', 'h', 'a', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "nusku.biz", true */ 'n', 'u', 's', 'k', 'u', '.', 'b', 'i', 'z', '\0', + /* "nussadoclub.org", true */ 'n', 'u', 's', 's', 'a', 'd', 'o', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '\0', + /* "nutikell.com", true */ 'n', 'u', 't', 'i', 'k', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "nutleyeducationalfoundation.org", true */ 'n', 'u', 't', 'l', 'e', 'y', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "nutleyef.org", true */ 'n', 'u', 't', 'l', 'e', 'y', 'e', 'f', '.', 'o', 'r', 'g', '\0', + /* "nutonic-sports.com", true */ 'n', 'u', 't', 'o', 'n', 'i', 'c', '-', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "nutri-spec.me", true */ 'n', 'u', 't', 'r', 'i', '-', 's', 'p', 'e', 'c', '.', 'm', 'e', '\0', + /* "nutrienti.eu", false */ 'n', 'u', 't', 'r', 'i', 'e', 'n', 't', 'i', '.', 'e', 'u', '\0', + /* "nutrifyyourself.com", true */ 'n', 'u', 't', 'r', 'i', 'f', 'y', 'y', 'o', 'u', 'r', 's', 'e', 'l', 'f', '.', 'c', 'o', 'm', '\0', + /* "nutripedia.gr", true */ 'n', 'u', 't', 'r', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'g', 'r', '\0', + /* "nutrivisa.com.br", true */ 'n', 'u', 't', 'r', 'i', 'v', 'i', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "nuvechtdal.nl", true */ 'n', 'u', 'v', 'e', 'c', 'h', 't', 'd', 'a', 'l', '.', 'n', 'l', '\0', + /* "nuvini.com", true */ 'n', 'u', 'v', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "nuxer.fr", true */ 'n', 'u', 'x', 'e', 'r', '.', 'f', 'r', '\0', + /* "nvlop.xyz", true */ 'n', 'v', 'l', 'o', 'p', '.', 'x', 'y', 'z', '\0', + /* "nvq.nl", true */ 'n', 'v', 'q', '.', 'n', 'l', '\0', + /* "nvr.bz", true */ 'n', 'v', 'r', '.', 'b', 'z', '\0', + /* "nwerc.party", true */ 'n', 'w', 'e', 'r', 'c', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "nwgh.org", false */ 'n', 'w', 'g', 'h', '.', 'o', 'r', 'g', '\0', + /* "nwk1.com", true */ 'n', 'w', 'k', '1', '.', 'c', 'o', 'm', '\0', + /* "nwra.com", true */ 'n', 'w', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "nwwc.dk", true */ 'n', 'w', 'w', 'c', '.', 'd', 'k', '\0', + /* "nwwnetwork.net", true */ 'n', 'w', 'w', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "nxinfo.ch", true */ 'n', 'x', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0', + /* "nyan.it", true */ 'n', 'y', 'a', 'n', '.', 'i', 't', '\0', + /* "nyanco.space", true */ 'n', 'y', 'a', 'n', 'c', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "nyantec.com", true */ 'n', 'y', 'a', 'n', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "nycoyote.org", true */ 'n', 'y', 'c', 'o', 'y', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "nydnxs.com", true */ 'n', 'y', 'd', 'n', 'x', 's', '.', 'c', 'o', 'm', '\0', + /* "nyffo.com", true */ 'n', 'y', 'f', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "nyiad.edu", true */ 'n', 'y', 'i', 'a', 'd', '.', 'e', 'd', 'u', '\0', + /* "nyip.co.uk", true */ 'n', 'y', 'i', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "nyip.edu", true */ 'n', 'y', 'i', 'p', '.', 'e', 'd', 'u', '\0', + /* "nyloc.de", true */ 'n', 'y', 'l', 'o', 'c', '.', 'd', 'e', '\0', + /* "nylonfeetporn.com", true */ 'n', 'y', 'l', 'o', 'n', 'f', 'e', 'e', 't', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "nymphetomania.net", true */ 'n', 'y', 'm', 'p', 'h', 'e', 't', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "nynex.net", true */ 'n', 'y', 'n', 'e', 'x', '.', 'n', 'e', 't', '\0', + /* "nyphox.ovh", true */ 'n', 'y', 'p', 'h', 'o', 'x', '.', 'o', 'v', 'h', '\0', + /* "nyronet.de", false */ 'n', 'y', 'r', 'o', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "nys-hk.com", true */ 'n', 'y', 's', '-', 'h', 'k', '.', 'c', 'o', 'm', '\0', + /* "nystudio107.com", true */ 'n', 'y', 's', 't', 'u', 'd', 'i', 'o', '1', '0', '7', '.', 'c', 'o', 'm', '\0', + /* "nyyu.tk", true */ 'n', 'y', 'y', 'u', '.', 't', 'k', '\0', + /* "nzb.cat", false */ 'n', 'z', 'b', '.', 'c', 'a', 't', '\0', + /* "nzstudy.ac.nz", true */ 'n', 'z', 's', 't', 'u', 'd', 'y', '.', 'a', 'c', '.', 'n', 'z', '\0', + /* "o-loska.cz", true */ 'o', '-', 'l', 'o', 's', 'k', 'a', '.', 'c', 'z', '\0', + /* "o-sp.com", true */ 'o', '-', 's', 'p', '.', 'c', 'o', 'm', '\0', + /* "o2careers.co.uk", true */ 'o', '2', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "o3.wf", true */ 'o', '3', '.', 'w', 'f', '\0', + /* "o3wallet.com", true */ 'o', '3', 'w', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "o6asan.com", true */ 'o', '6', 'a', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "oaic.gov.au", true */ 'o', 'a', 'i', 'c', '.', 'g', 'o', 'v', '.', 'a', 'u', '\0', + /* "oakington.info", true */ 'o', 'a', 'k', 'i', 'n', 'g', 't', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "oakparkelectrical.com", true */ 'o', 'a', 'k', 'p', 'a', 'r', 'k', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "oaksbloom.com", true */ 'o', 'a', 'k', 's', 'b', 'l', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "oakslighting.co.uk", true */ 'o', 'a', 'k', 's', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "oasis-conference.org.nz", true */ 'o', 'a', 's', 'i', 's', '-', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0', + /* "oasisdabeleza.com.br", true */ 'o', 'a', 's', 'i', 's', 'd', 'a', 'b', 'e', 'l', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "oatberry.me", false */ 'o', 'a', 't', 'b', 'e', 'r', 'r', 'y', '.', 'm', 'e', '\0', + /* "oauth-dropins.appspot.com", false */ 'o', 'a', 'u', 't', 'h', '-', 'd', 'r', 'o', 'p', 'i', 'n', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "obamalibrary.gov", true */ 'o', 'b', 'a', 'm', 'a', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0', + /* "oberhofdrinks.com", true */ 'o', 'b', 'e', 'r', 'h', 'o', 'f', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "oberhofjuice.com", true */ 'o', 'b', 'e', 'r', 'h', 'o', 'f', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "obermeiers.eu", true */ 'o', 'b', 'e', 'r', 'm', 'e', 'i', 'e', 'r', 's', '.', 'e', 'u', '\0', + /* "oberoi.de", true */ 'o', 'b', 'e', 'r', 'o', 'i', '.', 'd', 'e', '\0', + /* "obfuscate.xyz", true */ 'o', 'b', 'f', 'u', 's', 'c', 'a', 't', 'e', '.', 'x', 'y', 'z', '\0', + /* "obg-global.com", true */ 'o', 'b', 'g', '-', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "object.earth", true */ 'o', 'b', 'j', 'e', 'c', 't', '.', 'e', 'a', 'r', 't', 'h', '\0', + /* "objectif-terre.ch", true */ 'o', 'b', 'j', 'e', 'c', 't', 'i', 'f', '-', 't', 'e', 'r', 'r', 'e', '.', 'c', 'h', '\0', + /* "objekt-textil.ch", true */ 'o', 'b', 'j', 'e', 'k', 't', '-', 't', 'e', 'x', 't', 'i', 'l', '.', 'c', 'h', '\0', + /* "oblast45.ru", false */ 'o', 'b', 'l', 'a', 's', 't', '4', '5', '.', 'r', 'u', '\0', + /* "oblikdom.pro", true */ 'o', 'b', 'l', 'i', 'k', 'd', 'o', 'm', '.', 'p', 'r', 'o', '\0', + /* "oblikdom.ru", true */ 'o', 'b', 'l', 'i', 'k', 'd', 'o', 'm', '.', 'r', 'u', '\0', + /* "oblondata.io", true */ 'o', 'b', 'l', 'o', 'n', 'd', 'a', 't', 'a', '.', 'i', 'o', '\0', + /* "obrienlab.com", true */ 'o', 'b', 'r', 'i', 'e', 'n', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "obscur.us", true */ 'o', 'b', 's', 'c', 'u', 'r', '.', 'u', 's', '\0', + /* "observatory.se", true */ 'o', 'b', 's', 'e', 'r', 'v', 'a', 't', 'o', 'r', 'y', '.', 's', 'e', '\0', + /* "obsidianirc.net", true */ 'o', 'b', 's', 'i', 'd', 'i', 'a', 'n', 'i', 'r', 'c', '.', 'n', 'e', 't', '\0', + /* "obsproject.com", true */ 'o', 'b', 's', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "obtima.org", true */ 'o', 'b', 't', 'i', 'm', 'a', '.', 'o', 'r', 'g', '\0', + /* "obud.cz", true */ 'o', 'b', 'u', 'd', '.', 'c', 'z', '\0', + /* "obyvateleceska.cz", true */ 'o', 'b', 'y', 'v', 'a', 't', 'e', 'l', 'e', 'c', 'e', 's', 'k', 'a', '.', 'c', 'z', '\0', + /* "oc-minecraft.com", true */ 'o', 'c', '-', 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "oc-sa.ch", true */ 'o', 'c', '-', 's', 'a', '.', 'c', 'h', '\0', + /* "ocad.com.au", true */ 'o', 'c', 'a', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "ocapic.com", true */ 'o', 'c', 'a', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "occasion-impro.com", true */ 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', '-', 'i', 'm', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "occentus.net", true */ 'o', 'c', 'c', 'e', 'n', 't', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "occmon.net", true */ 'o', 'c', 'c', 'm', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "ocd2016.com", true */ 'o', 'c', 'd', '2', '0', '1', '6', '.', 'c', 'o', 'm', '\0', + /* "oceandns.eu", true */ 'o', 'c', 'e', 'a', 'n', 'd', 'n', 's', '.', 'e', 'u', '\0', + /* "oceandns.net", true */ 'o', 'c', 'e', 'a', 'n', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "oceandns.nl", true */ 'o', 'c', 'e', 'a', 'n', 'd', 'n', 's', '.', 'n', 'l', '\0', + /* "oceanvisuals.com", true */ 'o', 'c', 'e', 'a', 'n', 'v', 'i', 's', 'u', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "ocelot.help", true */ 'o', 'c', 'e', 'l', 'o', 't', '.', 'h', 'e', 'l', 'p', '\0', + /* "ocenovani-inspekce.cz", true */ 'o', 'c', 'e', 'n', 'o', 'v', 'a', 'n', 'i', '-', 'i', 'n', 's', 'p', 'e', 'k', 'c', 'e', '.', 'c', 'z', '\0', + /* "ocf.io", true */ 'o', 'c', 'f', '.', 'i', 'o', '\0', + /* "ocg-card.com", true */ 'o', 'c', 'g', '-', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "ochsundjunior.ch", true */ 'o', 'c', 'h', 's', 'u', 'n', 'd', 'j', 'u', 'n', 'i', 'o', 'r', '.', 'c', 'h', '\0', + /* "ocim.ch", true */ 'o', 'c', 'i', 'm', '.', 'c', 'h', '\0', + /* "ockendenhemming.co.uk", true */ 'o', 'c', 'k', 'e', 'n', 'd', 'e', 'n', 'h', 'e', 'm', 'm', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ocloud.fr", true */ 'o', 'c', 'l', 'o', 'u', 'd', '.', 'f', 'r', '\0', + /* "ocolere.ch", true */ 'o', 'c', 'o', 'l', 'e', 'r', 'e', '.', 'c', 'h', '\0', + /* "ocotg.com", true */ 'o', 'c', 'o', 't', 'g', '.', 'c', 'o', 'm', '\0', + /* "ocrn.nl", true */ 'o', 'c', 'r', 'n', '.', 'n', 'l', '\0', + /* "ocsigroup.fr", true */ 'o', 'c', 's', 'i', 'g', 'r', 'o', 'u', 'p', '.', 'f', 'r', '\0', + /* "ocsr.nl", true */ 'o', 'c', 's', 'r', '.', 'n', 'l', '\0', + /* "octal.es", true */ 'o', 'c', 't', 'a', 'l', '.', 'e', 's', '\0', + /* "octanio.com", true */ 'o', 'c', 't', 'a', 'n', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "octav.name", false */ 'o', 'c', 't', 'a', 'v', '.', 'n', 'a', 'm', 'e', '\0', + /* "octod.tk", true */ 'o', 'c', 't', 'o', 'd', '.', 't', 'k', '\0', + /* "octofox.de", true */ 'o', 'c', 't', 'o', 'f', 'o', 'x', '.', 'd', 'e', '\0', + /* "octohedralpvp.tk", true */ 'o', 'c', 't', 'o', 'h', 'e', 'd', 'r', 'a', 'l', 'p', 'v', 'p', '.', 't', 'k', '\0', + /* "octolopagon.games", true */ 'o', 'c', 't', 'o', 'l', 'o', 'p', 'a', 'g', 'o', 'n', '.', 'g', 'a', 'm', 'e', 's', '\0', + /* "octopus-agents.com", true */ 'o', 'c', 't', 'o', 'p', 'u', 's', '-', 'a', 'g', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "octosniff.net", true */ 'o', 'c', 't', 'o', 's', 'n', 'i', 'f', 'f', '.', 'n', 'e', 't', '\0', + /* "octosys.net", true */ 'o', 'c', 't', 'o', 's', 'y', 's', '.', 'n', 'e', 't', '\0', + /* "octosys.org", true */ 'o', 'c', 't', 'o', 's', 'y', 's', '.', 'o', 'r', 'g', '\0', + /* "octosys.ru", true */ 'o', 'c', 't', 'o', 's', 'y', 's', '.', 'r', 'u', '\0', + /* "octothorpe.club", true */ 'o', 'c', 't', 'o', 't', 'h', 'o', 'r', 'p', 'e', '.', 'c', 'l', 'u', 'b', '\0', + /* "octothorpe.ninja", true */ 'o', 'c', 't', 'o', 't', 'h', 'o', 'r', 'p', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "oddnumber.ca", true */ 'o', 'd', 'd', 'n', 'u', 'm', 'b', 'e', 'r', '.', 'c', 'a', '\0', + /* "oddsandevens.ca", true */ 'o', 'd', 'd', 's', 'a', 'n', 'd', 'e', 'v', 'e', 'n', 's', '.', 'c', 'a', '\0', + /* "oddsandevensbookkeeping.ca", true */ 'o', 'd', 'd', 's', 'a', 'n', 'd', 'e', 'v', 'e', 'n', 's', 'b', 'o', 'o', 'k', 'k', 'e', 'e', 'p', 'i', 'n', 'g', '.', 'c', 'a', '\0', + /* "oddtime.net", true */ 'o', 'd', 'd', 't', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "odensc.me", true */ 'o', 'd', 'e', 'n', 's', 'c', '.', 'm', 'e', '\0', + /* "odifi.com", true */ 'o', 'd', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0', + /* "odoo.co.th", false */ 'o', 'd', 'o', 'o', '.', 'c', 'o', '.', 't', 'h', '\0', + /* "odtu.lu", true */ 'o', 'd', 't', 'u', '.', 'l', 'u', '\0', + /* "oducs.org", true */ 'o', 'd', 'u', 'c', 's', '.', 'o', 'r', 'g', '\0', + /* "odysseyconservationtrust.com", true */ 'o', 'd', 'y', 's', 's', 'e', 'y', 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'i', 'o', 'n', 't', 'r', 'u', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "odysseyofthemind.eu", true */ 'o', 'd', 'y', 's', 's', 'e', 'y', 'o', 'f', 't', 'h', 'e', 'm', 'i', 'n', 'd', '.', 'e', 'u', '\0', + /* "odzyskaniedomeny.pl", true */ 'o', 'd', 'z', 'y', 's', 'k', 'a', 'n', 'i', 'e', 'd', 'o', 'm', 'e', 'n', 'y', '.', 'p', 'l', '\0', + /* "oec-music.com", true */ 'o', 'e', 'c', '-', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "oeh.ac.at", true */ 'o', 'e', 'h', '.', 'a', 'c', '.', 'a', 't', '\0', + /* "oeko-bundesfreiwilligendienst-sh.de", true */ 'o', 'e', 'k', 'o', '-', 'b', 'u', 'n', 'd', 'e', 's', 'f', 'r', 'e', 'i', 'w', 'i', 'l', 'l', 'i', 'g', 'e', 'n', 'd', 'i', 'e', 'n', 's', 't', '-', 's', 'h', '.', 'd', 'e', '\0', + /* "oeko-bundesfreiwilligendienst.de", true */ 'o', 'e', 'k', 'o', '-', 'b', 'u', 'n', 'd', 'e', 's', 'f', 'r', 'e', 'i', 'w', 'i', 'l', 'l', 'i', 'g', 'e', 'n', 'd', 'i', 'e', 'n', 's', 't', '.', 'd', 'e', '\0', + /* "oeko-jahr-jubilaeum.de", true */ 'o', 'e', 'k', 'o', '-', 'j', 'a', 'h', 'r', '-', 'j', 'u', 'b', 'i', 'l', 'a', 'e', 'u', 'm', '.', 'd', 'e', '\0', + /* "oeko-jahr.de", true */ 'o', 'e', 'k', 'o', '-', 'j', 'a', 'h', 'r', '.', 'd', 'e', '\0', + /* "oelsner.net", true */ 'o', 'e', 'l', 's', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "oemwolf.com", true */ 'o', 'e', 'm', 'w', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0', + /* "ofcampuslausanne.ch", true */ 'o', 'f', 'c', 'a', 'm', 'p', 'u', 's', 'l', 'a', 'u', 's', 'a', 'n', 'n', 'e', '.', 'c', 'h', '\0', + /* "ofcss.com", true */ 'o', 'f', 'c', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "ofda.gov", true */ 'o', 'f', 'd', 'a', '.', 'g', 'o', 'v', '\0', + /* "offbyinfinity.com", true */ 'o', 'f', 'f', 'b', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "offenekommune.de", true */ 'o', 'f', 'f', 'e', 'n', 'e', 'k', 'o', 'm', 'm', 'u', 'n', 'e', '.', 'd', 'e', '\0', + /* "offersgame.com", true */ 'o', 'f', 'f', 'e', 'r', 's', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "offgames.io", true */ 'o', 'f', 'f', 'g', 'a', 'm', 'e', 's', '.', 'i', 'o', '\0', + /* "office-de-tourisme.net", false */ 'o', 'f', 'f', 'i', 'c', 'e', '-', 'd', 'e', '-', 't', 'o', 'u', 'r', 'i', 's', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "office-morimoto.com", true */ 'o', 'f', 'f', 'i', 'c', 'e', '-', 'm', 'o', 'r', 'i', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "officefundays.co.uk", true */ 'o', 'f', 'f', 'i', 'c', 'e', 'f', 'u', 'n', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "officemovepro.com", true */ 'o', 'f', 'f', 'i', 'c', 'e', 'm', 'o', 'v', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "officeprint.co.th", true */ 'o', 'f', 'f', 'i', 'c', 'e', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', '.', 't', 'h', '\0', + /* "officiants.wedding", false */ 'o', 'f', 'f', 'i', 'c', 'i', 'a', 'n', 't', 's', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0', + /* "officium.tech", true */ 'o', 'f', 'f', 'i', 'c', 'i', 'u', 'm', '.', 't', 'e', 'c', 'h', '\0', + /* "offroadeq.com", true */ 'o', 'f', 'f', 'r', 'o', 'a', 'd', 'e', 'q', '.', 'c', 'o', 'm', '\0', + /* "offshoot.rentals", true */ 'o', 'f', 'f', 's', 'h', 'o', 'o', 't', '.', 'r', 'e', 'n', 't', 'a', 'l', 's', '\0', + /* "offtherails.ie", true */ 'o', 'f', 'f', 't', 'h', 'e', 'r', 'a', 'i', 'l', 's', '.', 'i', 'e', '\0', + /* "ofggolf.com", true */ 'o', 'f', 'g', 'g', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0', + /* "oflow.me", true */ 'o', 'f', 'l', 'o', 'w', '.', 'm', 'e', '\0', + /* "oftamedic.com", true */ 'o', 'f', 't', 'a', 'm', 'e', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "oftn.org", true */ 'o', 'f', 't', 'n', '.', 'o', 'r', 'g', '\0', + /* "oge.ch", true */ 'o', 'g', 'e', '.', 'c', 'h', '\0', + /* "oggw.us", true */ 'o', 'g', 'g', 'w', '.', 'u', 's', '\0', + /* "ogis.gov", true */ 'o', 'g', 'i', 's', '.', 'g', 'o', 'v', '\0', + /* "ogkw.de", true */ 'o', 'g', 'k', 'w', '.', 'd', 'e', '\0', + /* "oglen.ca", true */ 'o', 'g', 'l', 'e', 'n', '.', 'c', 'a', '\0', + /* "ogocare.com", true */ 'o', 'g', 'o', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "ogrodywstudniach.pl", true */ 'o', 'g', 'r', 'o', 'd', 'y', 'w', 's', 't', 'u', 'd', 'n', 'i', 'a', 'c', 'h', '.', 'p', 'l', '\0', + /* "oguya.ch", true */ 'o', 'g', 'u', 'y', 'a', '.', 'c', 'h', '\0', + /* "oh14.de", true */ 'o', 'h', '1', '4', '.', 'd', 'e', '\0', + /* "ohadsoft.com", true */ 'o', 'h', 'a', 'd', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "ohai.su", true */ 'o', 'h', 'a', 'i', '.', 's', 'u', '\0', + /* "ohayosoro.me", true */ 'o', 'h', 'a', 'y', 'o', 's', 'o', 'r', 'o', '.', 'm', 'e', '\0', + /* "ohchouette.com", true */ 'o', 'h', 'c', 'h', 'o', 'u', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "ohd.dk", true */ 'o', 'h', 'd', '.', 'd', 'k', '\0', + /* "oheila.com", true */ 'o', 'h', 'e', 'i', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "ohhdeertrade.com", true */ 'o', 'h', 'h', 'd', 'e', 'e', 'r', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "ohiohealthfortune100.com", true */ 'o', 'h', 'i', 'o', 'h', 'e', 'a', 'l', 't', 'h', 'f', 'o', 'r', 't', 'u', 'n', 'e', '1', '0', '0', '.', 'c', 'o', 'm', '\0', + /* "ohling.org", true */ 'o', 'h', 'l', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "ohma.ga", true */ 'o', 'h', 'm', 'a', '.', 'g', 'a', '\0', + /* "ohnemusik.com", true */ 'o', 'h', 'n', 'e', 'm', 'u', 's', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "ohreally.de", true */ 'o', 'h', 'r', 'e', 'a', 'l', 'l', 'y', '.', 'd', 'e', '\0', + /* "ohsohairy.co.uk", true */ 'o', 'h', 's', 'o', 'h', 'a', 'i', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "oilpaintingsonly.com", true */ 'o', 'i', 'l', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 's', 'o', 'n', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "oinky.ddns.net", true */ 'o', 'i', 'n', 'k', 'y', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "ojaioliveoil.com", true */ 'o', 'j', 'a', 'i', 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "ojdip.net", true */ 'o', 'j', 'd', 'i', 'p', '.', 'n', 'e', 't', '\0', + /* "ojomovies.com", true */ 'o', 'j', 'o', 'm', 'o', 'v', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ojp.gov", true */ 'o', 'j', 'p', '.', 'g', 'o', 'v', '\0', + /* "okad-center.de", true */ 'o', 'k', 'a', 'd', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "okad.de", true */ 'o', 'k', 'a', 'd', '.', 'd', 'e', '\0', + /* "okad.eu", true */ 'o', 'k', 'a', 'd', '.', 'e', 'u', '\0', + /* "okakuro.org", true */ 'o', 'k', 'a', 'k', 'u', 'r', 'o', '.', 'o', 'r', 'g', '\0', + /* "okanaganrailtrail.ca", true */ 'o', 'k', 'a', 'n', 'a', 'g', 'a', 'n', 'r', 'a', 'i', 'l', 't', 'r', 'a', 'i', 'l', '.', 'c', 'a', '\0', + /* "okay.cf", true */ 'o', 'k', 'a', 'y', '.', 'c', 'f', '\0', + /* "okay.coffee", true */ 'o', 'k', 'a', 'y', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "okaz.de", true */ 'o', 'k', 'a', 'z', '.', 'd', 'e', '\0', + /* "okburrito.com", true */ 'o', 'k', 'b', 'u', 'r', 'r', 'i', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "okchicas.com", true */ 'o', 'k', 'c', 'h', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "okchousebuyer.com", true */ 'o', 'k', 'c', 'h', 'o', 'u', 's', 'e', 'b', 'u', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "okeeferanch.ca", true */ 'o', 'k', 'e', 'e', 'f', 'e', 'r', 'a', 'n', 'c', 'h', '.', 'c', 'a', '\0', + /* "okhrana.agency", true */ 'o', 'k', 'h', 'r', 'a', 'n', 'a', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0', + /* "okib.ca", true */ 'o', 'k', 'i', 'b', '.', 'c', 'a', '\0', + /* "okin-jp.net", true */ 'o', 'k', 'i', 'n', '-', 'j', 'p', '.', 'n', 'e', 't', '\0', + /* "oklahomamoversassociation.org", true */ 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', 'm', 'o', 'v', 'e', 'r', 's', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "oklahomanotepro.com", true */ 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', 'n', 'o', 't', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "okmx.de", false */ 'o', 'k', 'm', 'x', '.', 'd', 'e', '\0', + /* "okonetwork.org.uk", true */ 'o', 'k', 'o', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "oktime.cz", true */ 'o', 'k', 't', 'i', 'm', 'e', '.', 'c', 'z', '\0', + /* "oktoberfeststore.nl", true */ 'o', 'k', 't', 'o', 'b', 'e', 'r', 'f', 'e', 's', 't', 's', 't', 'o', 'r', 'e', '.', 'n', 'l', '\0', + /* "oktomus.com", true */ 'o', 'k', 't', 'o', 'm', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "okusiassociates.com", true */ 'o', 'k', 'u', 's', 'i', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "olasouris.com", true */ 'o', 'l', 'a', 's', 'o', 'u', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "olback.net", true */ 'o', 'l', 'b', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0', + /* "oldandyounglesbians.us", true */ 'o', 'l', 'd', 'a', 'n', 'd', 'y', 'o', 'u', 'n', 'g', 'l', 'e', 's', 'b', 'i', 'a', 'n', 's', '.', 'u', 's', '\0', + /* "oldbrookinflatables.co.uk", true */ 'o', 'l', 'd', 'b', 'r', 'o', 'o', 'k', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "oldbrookmarqueehire.co.uk", true */ 'o', 'l', 'd', 'b', 'r', 'o', 'o', 'k', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "oldchaphome.nl", true */ 'o', 'l', 'd', 'c', 'h', 'a', 'p', 'h', 'o', 'm', 'e', '.', 'n', 'l', '\0', + /* "oldenglishsheepdog.com.br", true */ 'o', 'l', 'd', 'e', 'n', 'g', 'l', 'i', 's', 'h', 's', 'h', 'e', 'e', 'p', 'd', 'o', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "oldking.net", true */ 'o', 'l', 'd', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "oldtimer-trifft-flugplatz.de", true */ 'o', 'l', 'd', 't', 'i', 'm', 'e', 'r', '-', 't', 'r', 'i', 'f', 'f', 't', '-', 'f', 'l', 'u', 'g', 'p', 'l', 'a', 't', 'z', '.', 'd', 'e', '\0', + /* "olegon.ru", true */ 'o', 'l', 'e', 'g', 'o', 'n', '.', 'r', 'u', '\0', + /* "olegs.be", true */ 'o', 'l', 'e', 'g', 's', '.', 'b', 'e', '\0', + /* "oleksii.name", true */ 'o', 'l', 'e', 'k', 's', 'i', 'i', '.', 'n', 'a', 'm', 'e', '\0', + /* "oleodecopayba.com.br", true */ 'o', 'l', 'e', 'o', 'd', 'e', 'c', 'o', 'p', 'a', 'y', 'b', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "olgiati.org", true */ 'o', 'l', 'g', 'i', 'a', 't', 'i', '.', 'o', 'r', 'g', '\0', + /* "olightstore.com", true */ 'o', 'l', 'i', 'g', 'h', 't', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "olightstore.ro", true */ 'o', 'l', 'i', 'g', 'h', 't', 's', 't', 'o', 'r', 'e', '.', 'r', 'o', '\0', + /* "oliode.tk", true */ 'o', 'l', 'i', 'o', 'd', 'e', '.', 't', 'k', '\0', + /* "oliveoiltest.com", true */ 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "oliveoiltimes.com", true */ 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "oliveraiedelabastideblanche.fr", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'a', 'i', 'e', 'd', 'e', 'l', 'a', 'b', 'a', 's', 't', 'i', 'd', 'e', 'b', 'l', 'a', 'n', 'c', 'h', 'e', '.', 'f', 'r', '\0', + /* "oliverfaircliff.com", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'f', 'a', 'i', 'r', 'c', 'l', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "olivernaraki.com", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'n', 'a', 'r', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "oliverniebuhr.de", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'n', 'i', 'e', 'b', 'u', 'h', 'r', '.', 'd', 'e', '\0', + /* "olivierberardphotographe.com", true */ 'o', 'l', 'i', 'v', 'i', 'e', 'r', 'b', 'e', 'r', 'a', 'r', 'd', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "olivierlemoal.fr", true */ 'o', 'l', 'i', 'v', 'i', 'e', 'r', 'l', 'e', 'm', 'o', 'a', 'l', '.', 'f', 'r', '\0', + /* "olivierpieters.be", true */ 'o', 'l', 'i', 'v', 'i', 'e', 'r', 'p', 'i', 'e', 't', 'e', 'r', 's', '.', 'b', 'e', '\0', + /* "olivlabs.com", true */ 'o', 'l', 'i', 'v', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "olizeite.ch", true */ 'o', 'l', 'i', 'z', 'e', 'i', 't', 'e', '.', 'c', 'h', '\0', + /* "ollie.io", true */ 'o', 'l', 'l', 'i', 'e', '.', 'i', 'o', '\0', + /* "ollies.cloud", true */ 'o', 'l', 'l', 'i', 'e', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "olliespage.com", true */ 'o', 'l', 'l', 'i', 'e', 's', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "olliespage.net", true */ 'o', 'l', 'l', 'i', 'e', 's', 'p', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0', + /* "olliespage.uk", true */ 'o', 'l', 'l', 'i', 'e', 's', 'p', 'a', 'g', 'e', '.', 'u', 'k', '\0', + /* "ollning.com", true */ 'o', 'l', 'l', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "olmari.fi", true */ 'o', 'l', 'm', 'a', 'r', 'i', '.', 'f', 'i', '\0', + /* "olmsted.io", true */ 'o', 'l', 'm', 's', 't', 'e', 'd', '.', 'i', 'o', '\0', + /* "olygazoo.com", true */ 'o', 'l', 'y', 'g', 'a', 'z', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "olymp-arts.world", true */ 'o', 'l', 'y', 'm', 'p', '-', 'a', 'r', 't', 's', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "olympe-transport.fr", true */ 'o', 'l', 'y', 'm', 'p', 'e', '-', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0', + /* "olympiads.ca", true */ 'o', 'l', 'y', 'm', 'p', 'i', 'a', 'd', 's', '.', 'c', 'a', '\0', + /* "olympic-research.com", true */ 'o', 'l', 'y', 'm', 'p', 'i', 'c', '-', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "om1.com", true */ 'o', 'm', '1', '.', 'c', 'o', 'm', '\0', + /* "omanko.porn", true */ 'o', 'm', 'a', 'n', 'k', 'o', '.', 'p', 'o', 'r', 'n', '\0', + /* "omarh.net", true */ 'o', 'm', 'a', 'r', 'h', '.', 'n', 'e', 't', '\0', + /* "omegahosting.net", true */ 'o', 'm', 'e', 'g', 'a', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "omertabeyond.com", true */ 'o', 'm', 'e', 'r', 't', 'a', 'b', 'e', 'y', 'o', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "omertabeyond.net", true */ 'o', 'm', 'e', 'r', 't', 'a', 'b', 'e', 'y', 'o', 'n', 'd', '.', 'n', 'e', 't', '\0', + /* "ometepeislandinfo.com", true */ 'o', 'm', 'e', 't', 'e', 'p', 'e', 'i', 's', 'l', 'a', 'n', 'd', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "omf.link", true */ 'o', 'm', 'f', '.', 'l', 'i', 'n', 'k', '\0', + /* "omgbouncycastlehire.co.uk", true */ 'o', 'm', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "omi-news.fr", true */ 'o', 'm', 'i', '-', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0', + /* "omifind.com", true */ 'o', 'm', 'i', 'f', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "omise.co", true */ 'o', 'm', 'i', 's', 'e', '.', 'c', 'o', '\0', + /* "omitech.co.uk", true */ 'o', 'm', 'i', 't', 'e', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ommahpost.com", true */ 'o', 'm', 'm', 'a', 'h', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "omniasl.com", true */ 'o', 'm', 'n', 'i', 'a', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "omniatv.com", true */ 'o', 'm', 'n', 'i', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "omnienviro.com", false */ 'o', 'm', 'n', 'i', 'e', 'n', 'v', 'i', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "omnienviro.com.au", false */ 'o', 'm', 'n', 'i', 'e', 'n', 'v', 'i', 'r', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "omniscimus.net", false */ 'o', 'm', 'n', 'i', 's', 'c', 'i', 'm', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "omnisiens.se", true */ 'o', 'm', 'n', 'i', 's', 'i', 'e', 'n', 's', '.', 's', 'e', '\0', + /* "omnitrack.org", true */ 'o', 'm', 'n', 'i', 't', 'r', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "omniverse.ru", true */ 'o', 'm', 'n', 'i', 'v', 'e', 'r', 's', 'e', '.', 'r', 'u', '\0', + /* "omorashi.org", true */ 'o', 'm', 'o', 'r', 'a', 's', 'h', 'i', '.', 'o', 'r', 'g', '\0', + /* "omoteura.com", true */ 'o', 'm', 'o', 't', 'e', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "omranic.com", true */ 'o', 'm', 'r', 'a', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "omronwellness.com", true */ 'o', 'm', 'r', 'o', 'n', 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "omsdieppe.fr", true */ 'o', 'm', 's', 'd', 'i', 'e', 'p', 'p', 'e', '.', 'f', 'r', '\0', + /* "omyogarishikesh.com", true */ 'o', 'm', 'y', 'o', 'g', 'a', 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "on-te.ch", true */ 'o', 'n', '-', 't', 'e', '.', 'c', 'h', '\0', + /* "on-tech.co.uk", true */ 'o', 'n', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ona.io", true */ 'o', 'n', 'a', '.', 'i', 'o', '\0', + /* "onaboat.se", true */ 'o', 'n', 'a', 'b', 'o', 'a', 't', '.', 's', 'e', '\0', + /* "onarto.com", true */ 'o', 'n', 'a', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "onceuponarainbow.co.uk", true */ 'o', 'n', 'c', 'e', 'u', 'p', 'o', 'n', 'a', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "oncf.asso.fr", true */ 'o', 'n', 'c', 'f', '.', 'a', 's', 's', 'o', '.', 'f', 'r', '\0', + /* "oncodedesign.com", true */ 'o', 'n', 'c', 'o', 'd', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "ond-inc.com", true */ 'o', 'n', 'd', '-', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "ondrej.org", true */ 'o', 'n', 'd', 'r', 'e', 'j', '.', 'o', 'r', 'g', '\0', + /* "one-resource.com", true */ 'o', 'n', 'e', '-', 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "one-s.co.jp", true */ 'o', 'n', 'e', '-', 's', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "one-tab.com", true */ 'o', 'n', 'e', '-', 't', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "one2edit.com", true */ 'o', 'n', 'e', '2', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "oneazcu.com", false */ 'o', 'n', 'e', 'a', 'z', 'c', 'u', '.', 'c', 'o', 'm', '\0', + /* "onebigcow.com", true */ 'o', 'n', 'e', 'b', 'i', 'g', 'c', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "oneclic.ch", true */ 'o', 'n', 'e', 'c', 'l', 'i', 'c', '.', 'c', 'h', '\0', + /* "oneclickonejob.com", true */ 'o', 'n', 'e', 'c', 'l', 'i', 'c', 'k', 'o', 'n', 'e', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0', + /* "onedot.nl", true */ 'o', 'n', 'e', 'd', 'o', 't', '.', 'n', 'l', '\0', + /* "onedottwelve.co.jp", true */ 'o', 'n', 'e', 'd', 'o', 't', 't', 'w', 'e', 'l', 'v', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "onedottwelve.com", true */ 'o', 'n', 'e', 'd', 'o', 't', 't', 'w', 'e', 'l', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "onedrive.com", true */ 'o', 'n', 'e', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "onedrive.live.com", false */ 'o', 'n', 'e', 'd', 'r', 'i', 'v', 'e', '.', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "onee3.org", true */ 'o', 'n', 'e', 'e', '3', '.', 'o', 'r', 'g', '\0', + /* "onefour.ga", false */ 'o', 'n', 'e', 'f', 'o', 'u', 'r', '.', 'g', 'a', '\0', + /* "onelawsuit.com", true */ 'o', 'n', 'e', 'l', 'a', 'w', 's', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "onemid.net", true */ 'o', 'n', 'e', 'm', 'i', 'd', '.', 'n', 'e', 't', '\0', + /* "onemoonmedia.de", true */ 'o', 'n', 'e', 'm', 'o', 'o', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0', + /* "oneononeonone.de", true */ 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', '.', 'd', 'e', '\0', + /* "oneononeonone.tv", true */ 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', '.', 't', 'v', '\0', + /* "onepointzero.com", true */ 'o', 'n', 'e', 'p', 'o', 'i', 'n', 't', 'z', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "onestepfootcare.com", true */ 'o', 'n', 'e', 's', 't', 'e', 'p', 'f', 'o', 'o', 't', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "onestopcastles.co.uk", true */ 'o', 'n', 'e', 's', 't', 'o', 'p', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "onetech.it", true */ 'o', 'n', 'e', 't', 'e', 'c', 'h', '.', 'i', 't', '\0', + /* "onetime.info", true */ 'o', 'n', 'e', 't', 'i', 'm', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "oneway.ga", true */ 'o', 'n', 'e', 'w', 'a', 'y', '.', 'g', 'a', '\0', + /* "onewaymail.com", true */ 'o', 'n', 'e', 'w', 'a', 'y', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "oneweb.hu", true */ 'o', 'n', 'e', 'w', 'e', 'b', '.', 'h', 'u', '\0', + /* "onfarma.it", true */ 'o', 'n', 'f', 'a', 'r', 'm', 'a', '.', 'i', 't', '\0', + /* "onguardonline.gov", true */ 'o', 'n', 'g', 'u', 'a', 'r', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0', + /* "onhub1.com", true */ 'o', 'n', 'h', 'u', 'b', '1', '.', 'c', 'o', 'm', '\0', + /* "onionscan.org", true */ 'o', 'n', 'i', 'o', 'n', 's', 'c', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "oniria.ch", true */ 'o', 'n', 'i', 'r', 'i', 'a', '.', 'c', 'h', '\0', + /* "onix.eu.com", true */ 'o', 'n', 'i', 'x', '.', 'e', 'u', '.', 'c', 'o', 'm', '\0', + /* "onixcco.com.br", true */ 'o', 'n', 'i', 'x', 'c', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "onlfait.ch", true */ 'o', 'n', 'l', 'f', 'a', 'i', 't', '.', 'c', 'h', '\0', + /* "online-bouwmaterialen.nl", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'b', 'o', 'u', 'w', 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 'e', 'n', '.', 'n', 'l', '\0', + /* "online-consulting-corp.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '-', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "online-consulting-corp.fr", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '-', 'c', 'o', 'r', 'p', '.', 'f', 'r', '\0', + /* "online-eikaiwa-guide.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'e', 'i', 'k', 'a', 'i', 'w', 'a', '-', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "online-results.dk", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'd', 'k', '\0', + /* "online-scene.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 's', 'c', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "online.marketing", true */ 'o', 'n', 'l', 'i', 'n', 'e', '.', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '\0', + /* "online.swedbank.se", true */ 'o', 'n', 'l', 'i', 'n', 'e', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0', + /* "online24.pt", true */ 'o', 'n', 'l', 'i', 'n', 'e', '2', '4', '.', 'p', 't', '\0', + /* "onlinebizdirect.com", false */ 'o', 'n', 'l', 'i', 'n', 'e', 'b', 'i', 'z', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "onlinecasino.vlaanderen", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'a', 's', 'i', 'n', 'o', '.', 'v', 'l', 'a', 'a', 'n', 'd', 'e', 'r', 'e', 'n', '\0', + /* "onlinecasinobluebook.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'a', 's', 'i', 'n', 'o', 'b', 'l', 'u', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "onlinecensorship.org", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'e', 'n', 's', 'o', 'r', 's', 'h', 'i', 'p', '.', 'o', 'r', 'g', '\0', + /* "onlinecollegeessay.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'o', 'l', 'l', 'e', 'g', 'e', 'e', 's', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "onlinefashion.it", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'f', 'a', 's', 'h', 'i', 'o', 'n', '.', 'i', 't', '\0', + /* "onlinelegalmarketing.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'l', 'e', 'g', 'a', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "onlinelegalmedia.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'l', 'e', 'g', 'a', 'l', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "onlinelighting.com.au", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "onlinemarketingtraining.co.uk", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "onlinepokerspelen.be", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'p', 'o', 'k', 'e', 'r', 's', 'p', 'e', 'l', 'e', 'n', '.', 'b', 'e', '\0', + /* "onlinerollout.de", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'r', 'o', 'l', 'l', 'o', 'u', 't', '.', 'd', 'e', '\0', + /* "onlinestoreninjas.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 's', 't', 'o', 'r', 'e', 'n', 'i', 'n', 'j', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "onlineth.com", false */ 'o', 'n', 'l', 'i', 'n', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "onlinetravelmoney.co.uk", true */ 'o', 'n', 'l', 'i', 'n', 'e', 't', 'r', 'a', 'v', 'e', 'l', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "onlineweblearning.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'w', 'e', 'b', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "onlylebanon.net", true */ 'o', 'n', 'l', 'y', 'l', 'e', 'b', 'a', 'n', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "onmaps.de", true */ 'o', 'n', 'm', 'a', 'p', 's', '.', 'd', 'e', '\0', + /* "onmarketbookbuilds.com", true */ 'o', 'n', 'm', 'a', 'r', 'k', 'e', 't', 'b', 'o', 'o', 'k', 'b', 'u', 'i', 'l', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "onmyoji.biz", true */ 'o', 'n', 'm', 'y', 'o', 'j', 'i', '.', 'b', 'i', 'z', '\0', + /* "onnee.ch", true */ 'o', 'n', 'n', 'e', 'e', '.', 'c', 'h', '\0', + /* "ono.es", true */ 'o', 'n', 'o', '.', 'e', 's', '\0', + /* "ononpay.com", true */ 'o', 'n', 'o', 'n', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "onpay.io", true */ 'o', 'n', 'p', 'a', 'y', '.', 'i', 'o', '\0', + /* "onqproductions.com", true */ 'o', 'n', 'q', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "onrr.gov", true */ 'o', 'n', 'r', 'r', '.', 'g', 'o', 'v', '\0', + /* "ons.ca", true */ 'o', 'n', 's', '.', 'c', 'a', '\0', + /* "onsennuie.fr", true */ 'o', 'n', 's', 'e', 'n', 'n', 'u', 'i', 'e', '.', 'f', 'r', '\0', + /* "onshuistrust.co.za", true */ 'o', 'n', 's', 'h', 'u', 'i', 's', 't', 'r', 'u', 's', 't', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "onsite4u.de", true */ 'o', 'n', 's', 'i', 't', 'e', '4', 'u', '.', 'd', 'e', '\0', + /* "ontdekhetzelf.nu", true */ 'o', 'n', 't', 'd', 'e', 'k', 'h', 'e', 't', 'z', 'e', 'l', 'f', '.', 'n', 'u', '\0', + /* "onthe.network", true */ 'o', 'n', 't', 'h', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "ontheboard.com", true */ 'o', 'n', 't', 'h', 'e', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "onthebriteside.com", true */ 'o', 'n', 't', 'h', 'e', 'b', 'r', 'i', 't', 'e', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "onthecheap.store", true */ 'o', 'n', 't', 'h', 'e', 'c', 'h', 'e', 'a', 'p', '.', 's', 't', 'o', 'r', 'e', '\0', + /* "ontheten.org", true */ 'o', 'n', 't', 'h', 'e', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "onvey.io", true */ 'o', 'n', 'v', 'e', 'y', '.', 'i', 'o', '\0', + /* "onviga.de", true */ 'o', 'n', 'v', 'i', 'g', 'a', '.', 'd', 'e', '\0', + /* "onvirt.de", true */ 'o', 'n', 'v', 'i', 'r', 't', '.', 'd', 'e', '\0', + /* "onvori.com", true */ 'o', 'n', 'v', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "onvori.de", true */ 'o', 'n', 'v', 'o', 'r', 'i', '.', 'd', 'e', '\0', + /* "onwie.com", true */ 'o', 'n', 'w', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "onysix.net", true */ 'o', 'n', 'y', 's', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "onyxfireinc.com", true */ 'o', 'n', 'y', 'x', 'f', 'i', 'r', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "oodlessoftplay.co.uk", true */ 'o', 'o', 'd', 'l', 'e', 's', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "oogartsennet.nl", true */ 'o', 'o', 'g', 'a', 'r', 't', 's', 'e', 'n', 'n', 'e', 't', '.', 'n', 'l', '\0', + /* "ooharttemplates.com", true */ 'o', 'o', 'h', 'a', 'r', 't', 't', 'e', 'm', 'p', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ooonja.de", true */ 'o', 'o', 'o', 'n', 'j', 'a', '.', 'd', 'e', '\0', + /* "oopsis.com", true */ 'o', 'o', 'p', 's', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "ooyo.be", true */ 'o', 'o', 'y', 'o', '.', 'b', 'e', '\0', + /* "op11.co.uk", true */ 'o', 'p', '1', '1', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "oparl.org", true */ 'o', 'p', 'a', 'r', 'l', '.', 'o', 'r', 'g', '\0', + /* "opatut.de", true */ 'o', 'p', 'a', 't', 'u', 't', '.', 'd', 'e', '\0', + /* "opcaobolsas.com.br", true */ 'o', 'p', 'c', 'a', 'o', 'b', 'o', 'l', 's', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "opcenter.de", true */ 'o', 'p', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "ope.ee", true */ 'o', 'p', 'e', '.', 'e', 'e', '\0', + /* "open-bs.com", true */ 'o', 'p', 'e', 'n', '-', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "open-bs.ru", true */ 'o', 'p', 'e', 'n', '-', 'b', 's', '.', 'r', 'u', '\0', + /* "open-desk.org", true */ 'o', 'p', 'e', 'n', '-', 'd', 'e', 's', 'k', '.', 'o', 'r', 'g', '\0', + /* "open-freax.fr", true */ 'o', 'p', 'e', 'n', '-', 'f', 'r', 'e', 'a', 'x', '.', 'f', 'r', '\0', + /* "open-future.be", true */ 'o', 'p', 'e', 'n', '-', 'f', 'u', 't', 'u', 'r', 'e', '.', 'b', 'e', '\0', + /* "open-infrastructure.net", true */ 'o', 'p', 'e', 'n', '-', 'i', 'n', 'f', 'r', 'a', 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "open-letters.de", true */ 'o', 'p', 'e', 'n', '-', 'l', 'e', 't', 't', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "open-mesh.org", true */ 'o', 'p', 'e', 'n', '-', 'm', 'e', 's', 'h', '.', 'o', 'r', 'g', '\0', + /* "open-sauce-recipes.co.uk", true */ 'o', 'p', 'e', 'n', '-', 's', 'a', 'u', 'c', 'e', '-', 'r', 'e', 'c', 'i', 'p', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "open-source.gr", true */ 'o', 'p', 'e', 'n', '-', 's', 'o', 'u', 'r', 'c', 'e', '.', 'g', 'r', '\0', + /* "open.gl", true */ 'o', 'p', 'e', 'n', '.', 'g', 'l', '\0', + /* "openacademies.com", true */ 'o', 'p', 'e', 'n', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "openacte.ch", true */ 'o', 'p', 'e', 'n', 'a', 'c', 't', 'e', '.', 'c', 'h', '\0', + /* "openblox.org", true */ 'o', 'p', 'e', 'n', 'b', 'l', 'o', 'x', '.', 'o', 'r', 'g', '\0', + /* "openbsd.id", true */ 'o', 'p', 'e', 'n', 'b', 's', 'd', '.', 'i', 'd', '\0', + /* "opencad.io", true */ 'o', 'p', 'e', 'n', 'c', 'a', 'd', '.', 'i', 'o', '\0', + /* "opencircuit.nl", true */ 'o', 'p', 'e', 'n', 'c', 'i', 'r', 'c', 'u', 'i', 't', '.', 'n', 'l', '\0', + /* "opencluster.at", true */ 'o', 'p', 'e', 'n', 'c', 'l', 'u', 's', 't', 'e', 'r', '.', 'a', 't', '\0', + /* "openconnect.com.au", true */ 'o', 'p', 'e', 'n', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "opendataincubator.eu", true */ 'o', 'p', 'e', 'n', 'd', 'a', 't', 'a', 'i', 'n', 'c', 'u', 'b', 'a', 't', 'o', 'r', '.', 'e', 'u', '\0', + /* "opendecide.com", true */ 'o', 'p', 'e', 'n', 'd', 'e', 'c', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "openevic.info", true */ 'o', 'p', 'e', 'n', 'e', 'v', 'i', 'c', '.', 'i', 'n', 'f', 'o', '\0', + /* "openfir.st", true */ 'o', 'p', 'e', 'n', 'f', 'i', 'r', '.', 's', 't', '\0', + /* "openfitapi-falke.azurewebsites.net", true */ 'o', 'p', 'e', 'n', 'f', 'i', 't', 'a', 'p', 'i', '-', 'f', 'a', 'l', 'k', 'e', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "opengg.me", true */ 'o', 'p', 'e', 'n', 'g', 'g', '.', 'm', 'e', '\0', + /* "openings.ninja", true */ 'o', 'p', 'e', 'n', 'i', 'n', 'g', 's', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "openintelligence.uk", true */ 'o', 'p', 'e', 'n', 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '.', 'u', 'k', '\0', + /* "openiocdb.com", true */ 'o', 'p', 'e', 'n', 'i', 'o', 'c', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "openitforum.pl", true */ 'o', 'p', 'e', 'n', 'i', 't', 'f', 'o', 'r', 'u', 'm', '.', 'p', 'l', '\0', + /* "openkim.org", true */ 'o', 'p', 'e', 'n', 'k', 'i', 'm', '.', 'o', 'r', 'g', '\0', + /* "openkvk.nl", true */ 'o', 'p', 'e', 'n', 'k', 'v', 'k', '.', 'n', 'l', '\0', + /* "openmirrors.cf", true */ 'o', 'p', 'e', 'n', 'm', 'i', 'r', 'r', 'o', 'r', 's', '.', 'c', 'f', '\0', + /* "opennippon.com", true */ 'o', 'p', 'e', 'n', 'n', 'i', 'p', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "opennippon.ru", true */ 'o', 'p', 'e', 'n', 'n', 'i', 'p', 'p', 'o', 'n', '.', 'r', 'u', '\0', + /* "openpictures.ch", true */ 'o', 'p', 'e', 'n', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'h', '\0', + /* "openquery.com.au", true */ 'o', 'p', 'e', 'n', 'q', 'u', 'e', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "openrainbow.com", true */ 'o', 'p', 'e', 'n', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "openrainbow.net", true */ 'o', 'p', 'e', 'n', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'n', 'e', 't', '\0', + /* "openrainbow.org", true */ 'o', 'p', 'e', 'n', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'o', 'r', 'g', '\0', + /* "openrealestate.co", true */ 'o', 'p', 'e', 'n', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', '\0', + /* "openresty.com", true */ 'o', 'p', 'e', 'n', 'r', 'e', 's', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "openrtv.com", true */ 'o', 'p', 'e', 'n', 'r', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "opensource-cms.nl", true */ 'o', 'p', 'e', 'n', 's', 'o', 'u', 'r', 'c', 'e', '-', 'c', 'm', 's', '.', 'n', 'l', '\0', + /* "opensourcedmind.eu", true */ 'o', 'p', 'e', 'n', 's', 'o', 'u', 'r', 'c', 'e', 'd', 'm', 'i', 'n', 'd', '.', 'e', 'u', '\0', + /* "openspa.webhop.info", true */ 'o', 'p', 'e', 'n', 's', 'p', 'a', '.', 'w', 'e', 'b', 'h', 'o', 'p', '.', 'i', 'n', 'f', 'o', '\0', + /* "openssl.org", true */ 'o', 'p', 'e', 'n', 's', 's', 'l', '.', 'o', 'r', 'g', '\0', + /* "openstem.com.au", true */ 'o', 'p', 'e', 'n', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "openstreetmap.is", true */ 'o', 'p', 'e', 'n', 's', 't', 'r', 'e', 'e', 't', 'm', 'a', 'p', '.', 'i', 's', '\0', + /* "opentexon.com", true */ 'o', 'p', 'e', 'n', 't', 'e', 'x', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "opentrack.info", true */ 'o', 'p', 'e', 'n', 't', 'r', 'a', 'c', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "opentrash.org", true */ 'o', 'p', 'e', 'n', 't', 'r', 'a', 's', 'h', '.', 'o', 'r', 'g', '\0', + /* "openverse.com", true */ 'o', 'p', 'e', 'n', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "openvz.org", true */ 'o', 'p', 'e', 'n', 'v', 'z', '.', 'o', 'r', 'g', '\0', + /* "openwaveguide.de", true */ 'o', 'p', 'e', 'n', 'w', 'a', 'v', 'e', 'g', 'u', 'i', 'd', 'e', '.', 'd', 'e', '\0', + /* "openwifi.gr", true */ 'o', 'p', 'e', 'n', 'w', 'i', 'f', 'i', '.', 'g', 'r', '\0', + /* "openwireless.org", true */ 'o', 'p', 'e', 'n', 'w', 'i', 'r', 'e', 'l', 'e', 's', 's', '.', 'o', 'r', 'g', '\0', + /* "operad.fr", true */ 'o', 'p', 'e', 'r', 'a', 'd', '.', 'f', 'r', '\0', + /* "opfin.com", true */ 'o', 'p', 'f', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "opiates.ca", true */ 'o', 'p', 'i', 'a', 't', 'e', 's', '.', 'c', 'a', '\0', + /* "opiates.net", true */ 'o', 'p', 'i', 'a', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "opic.gov", true */ 'o', 'p', 'i', 'c', '.', 'g', 'o', 'v', '\0', + /* "opin.me", true */ 'o', 'p', 'i', 'n', '.', 'm', 'e', '\0', + /* "opinion8td.com", true */ 'o', 'p', 'i', 'n', 'i', 'o', 'n', '8', 't', 'd', '.', 'c', 'o', 'm', '\0', + /* "opinionicentrifuga.it", true */ 'o', 'p', 'i', 'n', 'i', 'o', 'n', 'i', 'c', 'e', 'n', 't', 'r', 'i', 'f', 'u', 'g', 'a', '.', 'i', 't', '\0', + /* "opinionipannolini.it", true */ 'o', 'p', 'i', 'n', 'i', 'o', 'n', 'i', 'p', 'a', 'n', 'n', 'o', 'l', 'i', 'n', 'i', '.', 'i', 't', '\0', + /* "opioids.co.uk", true */ 'o', 'p', 'i', 'o', 'i', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "opioids.com", true */ 'o', 'p', 'i', 'o', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "oplop.appspot.com", true */ 'o', 'p', 'l', 'o', 'p', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "oportho.com.br", true */ 'o', 'p', 'o', 'r', 't', 'h', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "opp.ag", true */ 'o', 'p', 'p', '.', 'a', 'g', '\0', + /* "oppaiti.me", true */ 'o', 'p', 'p', 'a', 'i', 't', 'i', '.', 'm', 'e', '\0', + /* "oppejoud.ee", true */ 'o', 'p', 'p', 'e', 'j', 'o', 'u', 'd', '.', 'e', 'e', '\0', + /* "opportunis.me", true */ 'o', 'p', 'p', 'o', 'r', 't', 'u', 'n', 'i', 's', '.', 'm', 'e', '\0', + /* "opportunitycorps.org", true */ 'o', 'p', 'p', 'o', 'r', 't', 'u', 'n', 'i', 't', 'y', 'c', 'o', 'r', 'p', 's', '.', 'o', 'r', 'g', '\0', + /* "opposer.me", true */ 'o', 'p', 'p', 'o', 's', 'e', 'r', '.', 'm', 'e', '\0', + /* "opq.pw", true */ 'o', 'p', 'q', '.', 'p', 'w', '\0', + /* "oprbox.com", true */ 'o', 'p', 'r', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "oprechtgezegd.nl", true */ 'o', 'p', 'r', 'e', 'c', 'h', 't', 'g', 'e', 'z', 'e', 'g', 'd', '.', 'n', 'l', '\0', + /* "opryshok.com", true */ 'o', 'p', 'r', 'y', 's', 'h', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "opsmate.com", false */ 'o', 'p', 's', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "opsnotepad.com", true */ 'o', 'p', 's', 'n', 'o', 't', 'e', 'p', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "opticaltest.com", true */ 'o', 'p', 't', 'i', 'c', 'a', 'l', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "optiekzien.nl", true */ 'o', 'p', 't', 'i', 'e', 'k', 'z', 'i', 'e', 'n', '.', 'n', 'l', '\0', + /* "optik-trosdorff.de", true */ 'o', 'p', 't', 'i', 'k', '-', 't', 'r', 'o', 's', 'd', 'o', 'r', 'f', 'f', '.', 'd', 'e', '\0', + /* "optimalsetup.com", true */ 'o', 'p', 't', 'i', 'm', 'a', 'l', 's', 'e', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "optimisedlabs.com", true */ 'o', 'p', 't', 'i', 'm', 'i', 's', 'e', 'd', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "optimist.bg", true */ 'o', 'p', 't', 'i', 'm', 'i', 's', 't', '.', 'b', 'g', '\0', + /* "optimumwebdesigns.com", true */ 'o', 'p', 't', 'i', 'm', 'u', 'm', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "optimus.io", true */ 'o', 'p', 't', 'i', 'm', 'u', 's', '.', 'i', 'o', '\0', + /* "optimuscrime.net", true */ 'o', 'p', 't', 'i', 'm', 'u', 's', 'c', 'r', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "optisure.de", true */ 'o', 'p', 't', 'i', 's', 'u', 'r', 'e', '.', 'd', 'e', '\0', + /* "optmos.at", true */ 'o', 'p', 't', 'm', 'o', 's', '.', 'a', 't', '\0', + /* "optoutday.de", true */ 'o', 'p', 't', 'o', 'u', 't', 'd', 'a', 'y', '.', 'd', 'e', '\0', + /* "opunch.org", true */ 'o', 'p', 'u', 'n', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "opus-codium.fr", true */ 'o', 'p', 'u', 's', '-', 'c', 'o', 'd', 'i', 'u', 'm', '.', 'f', 'r', '\0', + /* "orang-utans.com", true */ 'o', 'r', 'a', 'n', 'g', '-', 'u', 't', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "orangecomputers.com", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "orangefinanse.com.pl", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'f', 'i', 'n', 'a', 'n', 's', 'e', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0', + /* "orangejetpack.com", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'j', 'e', 't', 'p', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "orangenbaum.at", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'n', 'b', 'a', 'u', 'm', '.', 'a', 't', '\0', + /* "oranges.tokyo", true */ 'o', 'r', 'a', 'n', 'g', 'e', 's', '.', 't', 'o', 'k', 'y', 'o', '\0', + /* "orangetravel.eu", true */ 'o', 'r', 'a', 'n', 'g', 'e', 't', 'r', 'a', 'v', 'e', 'l', '.', 'e', 'u', '\0', + /* "orangutan-appeal.org.uk", true */ 'o', 'r', 'a', 'n', 'g', 'u', 't', 'a', 'n', '-', 'a', 'p', 'p', 'e', 'a', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "oranic.com", true */ 'o', 'r', 'a', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "orcahq.com", true */ 'o', 'r', 'c', 'a', 'h', 'q', '.', 'c', 'o', 'm', '\0', + /* "orcamoney.com", true */ 'o', 'r', 'c', 'a', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "orchideenettoyage.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 'e', 'e', 'n', 'e', 't', 't', 'o', 'y', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "orchidlive.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "orchidsforum.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 's', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "orchidspaper.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 's', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "orcsnet.com", true */ 'o', 'r', 'c', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "orderessay.net", true */ 'o', 'r', 'd', 'e', 'r', 'e', 's', 's', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "ordernow.at", true */ 'o', 'r', 'd', 'e', 'r', 'n', 'o', 'w', '.', 'a', 't', '\0', + /* "orderswift.com", true */ 'o', 'r', 'd', 'e', 'r', 's', 'w', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "ordr.mobi", true */ 'o', 'r', 'd', 'r', '.', 'm', 'o', 'b', 'i', '\0', + /* "oref-idf.com", true */ 'o', 'r', 'e', 'f', '-', 'i', 'd', 'f', '.', 'c', 'o', 'm', '\0', + /* "oref-idf.net", true */ 'o', 'r', 'e', 'f', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0', + /* "oref-idf.org", true */ 'o', 'r', 'e', 'f', '-', 'i', 'd', 'f', '.', 'o', 'r', 'g', '\0', + /* "oreka.online", true */ 'o', 'r', 'e', 'k', 'a', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "oreshinya.xyz", true */ 'o', 'r', 'e', 's', 'h', 'i', 'n', 'y', 'a', '.', 'x', 'y', 'z', '\0', + /* "oreto.de", true */ 'o', 'r', 'e', 't', 'o', '.', 'd', 'e', '\0', + /* "orf-digitalsatkarte.at", false */ 'o', 'r', 'f', '-', 'd', 'i', 'g', 'i', 't', 'a', 'l', 's', 'a', 't', 'k', 'a', 'r', 't', 'e', '.', 'a', 't', '\0', + /* "orf-kartentausch.at", false */ 'o', 'r', 'f', '-', 'k', 'a', 'r', 't', 'e', 'n', 't', 'a', 'u', 's', 'c', 'h', '.', 'a', 't', '\0', + /* "orfeo-engineering.ch", true */ 'o', 'r', 'f', 'e', 'o', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "organica.co.za", true */ 'o', 'r', 'g', 'a', 'n', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "organicae.com", true */ 'o', 'r', 'g', 'a', 'n', 'i', 'c', 'a', 'e', '.', 'c', 'o', 'm', '\0', + /* "organisatieteam.nl", true */ 'o', 'r', 'g', 'a', 'n', 'i', 's', 'a', 't', 'i', 'e', 't', 'e', 'a', 'm', '.', 'n', 'l', '\0', + /* "organix.ma", true */ 'o', 'r', 'g', 'a', 'n', 'i', 'x', '.', 'm', 'a', '\0', + /* "orgasmium.com", true */ 'o', 'r', 'g', 'a', 's', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "orhideous.name", true */ 'o', 'r', 'h', 'i', 'd', 'e', 'o', 'u', 's', '.', 'n', 'a', 'm', 'e', '\0', + /* "orians.eu", true */ 'o', 'r', 'i', 'a', 'n', 's', '.', 'e', 'u', '\0', + /* "oribia.net", true */ 'o', 'r', 'i', 'b', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "oricejoc.com", false */ 'o', 'r', 'i', 'c', 'e', 'j', 'o', 'c', '.', 'c', 'o', 'm', '\0', + /* "orientalart.nl", true */ 'o', 'r', 'i', 'e', 'n', 't', 'a', 'l', 'a', 'r', 't', '.', 'n', 'l', '\0', + /* "origami.to", true */ 'o', 'r', 'i', 'g', 'a', 'm', 'i', '.', 't', 'o', '\0', + /* "origamika.com", true */ 'o', 'r', 'i', 'g', 'a', 'm', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "originalniknihy.cz", true */ 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 'n', 'i', 'k', 'n', 'i', 'h', 'y', '.', 'c', 'z', '\0', + /* "orimex-mebel.ru", true */ 'o', 'r', 'i', 'm', 'e', 'x', '-', 'm', 'e', 'b', 'e', 'l', '.', 'r', 'u', '\0', + /* "orion-universe.com", true */ 'o', 'r', 'i', 'o', 'n', '-', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "oriongames.eu", true */ 'o', 'r', 'i', 'o', 'n', 'g', 'a', 'm', 'e', 's', '.', 'e', 'u', '\0', + /* "orkestar-krizevci.hr", true */ 'o', 'r', 'k', 'e', 's', 't', 'a', 'r', '-', 'k', 'r', 'i', 'z', 'e', 'v', 'c', 'i', '.', 'h', 'r', '\0', + /* "orlandoprojects.com", true */ 'o', 'r', 'l', 'a', 'n', 'd', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "orleika.io", true */ 'o', 'r', 'l', 'e', 'i', 'k', 'a', '.', 'i', 'o', '\0', + /* "orlives.de", false */ 'o', 'r', 'l', 'i', 'v', 'e', 's', '.', 'd', 'e', '\0', + /* "ormer.nl", true */ 'o', 'r', 'm', 'e', 'r', '.', 'n', 'l', '\0', + /* "orovillelaw.com", true */ 'o', 'r', 'o', 'v', 'i', 'l', 'l', 'e', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "orro.ro", true */ 'o', 'r', 'r', 'o', '.', 'r', 'o', '\0', + /* "orrs.de", true */ 'o', 'r', 'r', 's', '.', 'd', 'e', '\0', + /* "ortho-graz.at", true */ 'o', 'r', 't', 'h', 'o', '-', 'g', 'r', 'a', 'z', '.', 'a', 't', '\0', + /* "orthodontiste-geneve-docteur-rioux.com", true */ 'o', 'r', 't', 'h', 'o', 'd', 'o', 'n', 't', 'i', 's', 't', 'e', '-', 'g', 'e', 'n', 'e', 'v', 'e', '-', 'd', 'o', 'c', 't', 'e', 'u', 'r', '-', 'r', 'i', 'o', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "orthotictransfers.com", true */ 'o', 'r', 't', 'h', 'o', 't', 'i', 'c', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "ortlepp.eu", true */ 'o', 'r', 't', 'l', 'e', 'p', 'p', '.', 'e', 'u', '\0', + /* "orui.com.br", true */ 'o', 'r', 'u', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "orwell1984.today", true */ 'o', 'r', 'w', 'e', 'l', 'l', '1', '9', '8', '4', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "orz.uno", true */ 'o', 'r', 'z', '.', 'u', 'n', 'o', '\0', + /* "os-chrome.ru", true */ 'o', 's', '-', 'c', 'h', 'r', 'o', 'm', 'e', '.', 'r', 'u', '\0', + /* "os-s.net", true */ 'o', 's', '-', 's', '.', 'n', 'e', 't', '\0', + /* "os24.cz", true */ 'o', 's', '2', '4', '.', 'c', 'z', '\0', + /* "osacrypt.studio", true */ 'o', 's', 'a', 'c', 'r', 'y', 'p', 't', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "osaka-fukushi.jp", true */ 'o', 's', 'a', 'k', 'a', '-', 'f', 'u', 'k', 'u', 's', 'h', 'i', '.', 'j', 'p', '\0', + /* "osakeannit.fi", true */ 'o', 's', 'a', 'k', 'e', 'a', 'n', 'n', 'i', 't', '.', 'f', 'i', '\0', + /* "osao.org", true */ 'o', 's', 'a', 'o', '.', 'o', 'r', 'g', '\0', + /* "osbi.pl", true */ 'o', 's', 'b', 'i', '.', 'p', 'l', '\0', + /* "osborneinn.com", true */ 'o', 's', 'b', 'o', 'r', 'n', 'e', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "osburn.com", true */ 'o', 's', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "oscamp.eu", true */ 'o', 's', 'c', 'a', 'm', 'p', '.', 'e', 'u', '\0', + /* "oscarvk.ch", true */ 'o', 's', 'c', 'a', 'r', 'v', 'k', '.', 'c', 'h', '\0', + /* "osereso.tn", true */ 'o', 's', 'e', 'r', 'e', 's', 'o', '.', 't', 'n', '\0', + /* "oses.mobi", true */ 'o', 's', 'e', 's', '.', 'm', 'o', 'b', 'i', '\0', + /* "osha-kimi.com", true */ 'o', 's', 'h', 'a', '-', 'k', 'i', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "oshanko.de", true */ 'o', 's', 'h', 'a', 'n', 'k', 'o', '.', 'd', 'e', '\0', + /* "oshayr.com", true */ 'o', 's', 'h', 'a', 'y', 'r', '.', 'c', 'o', 'm', '\0', + /* "oshell.me", true */ 'o', 's', 'h', 'e', 'l', 'l', '.', 'm', 'e', '\0', + /* "oshinagaki.jp", true */ 'o', 's', 'h', 'i', 'n', 'a', 'g', 'a', 'k', 'i', '.', 'j', 'p', '\0', + /* "oshrc.gov", true */ 'o', 's', 'h', 'r', 'c', '.', 'g', 'o', 'v', '\0', + /* "oskrba.net", true */ 'o', 's', 'k', 'r', 'b', 'a', '.', 'n', 'e', 't', '\0', + /* "oskuro.net", true */ 'o', 's', 'k', 'u', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "oslinux.net", true */ 'o', 's', 'l', 'i', 'n', 'u', 'x', '.', 'n', 'e', 't', '\0', + /* "osm.is", true */ 'o', 's', 'm', '.', 'i', 's', '\0', + /* "osmosis.org", true */ 'o', 's', 'm', 'o', 's', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "ospree.me", true */ 'o', 's', 'p', 'r', 'e', 'e', '.', 'm', 'e', '\0', + /* "osquery.io", true */ 'o', 's', 'q', 'u', 'e', 'r', 'y', '.', 'i', 'o', '\0', + /* "ostan-collections.net", true */ 'o', 's', 't', 'a', 'n', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "osterkraenzchen.de", true */ 'o', 's', 't', 'e', 'r', 'k', 'r', 'a', 'e', 'n', 'z', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "ostr.io", true */ 'o', 's', 't', 'r', '.', 'i', 'o', '\0', + /* "ostrov8.com", true */ 'o', 's', 't', 'r', 'o', 'v', '8', '.', 'c', 'o', 'm', '\0', + /* "osusume-houhou.com", true */ 'o', 's', 'u', 's', 'u', 'm', 'e', '-', 'h', 'o', 'u', 'h', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "oswalds.co.uk", true */ 'o', 's', 'w', 'a', 'l', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "oswaldsmillaudio.com", true */ 'o', 's', 'w', 'a', 'l', 'd', 's', 'm', 'i', 'l', 'l', 'a', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "oswbouncycastles.co.uk", true */ 'o', 's', 'w', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "osx86spain.com", true */ 'o', 's', 'x', '8', '6', 's', 'p', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "osxentwicklerforum.de", true */ 'o', 's', 'x', 'e', 'n', 't', 'w', 'i', 'c', 'k', 'l', 'e', 'r', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "oszri.hu", true */ 'o', 's', 'z', 'r', 'i', '.', 'h', 'u', '\0', + /* "otako.pl", true */ 'o', 't', 'a', 'k', 'o', '.', 'p', 'l', '\0', + /* "otakubox.de", true */ 'o', 't', 'a', 'k', 'u', 'b', 'o', 'x', '.', 'd', 'e', '\0', + /* "otakurepublic.com", true */ 'o', 't', 'a', 'k', 'u', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "otakurumi.de", true */ 'o', 't', 'a', 'k', 'u', 'r', 'u', 'm', 'i', '.', 'd', 'e', '\0', + /* "otchecker.com", true */ 'o', 't', 'c', 'h', 'e', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "otellio.com", true */ 'o', 't', 'e', 'l', 'l', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "otellio.de", true */ 'o', 't', 'e', 'l', 'l', 'i', 'o', '.', 'd', 'e', '\0', + /* "otellio.it", true */ 'o', 't', 'e', 'l', 'l', 'i', 'o', '.', 'i', 't', '\0', + /* "oticasaopaulo.com.br", true */ 'o', 't', 'i', 'c', 'a', 's', 'a', 'o', 'p', 'a', 'u', 'l', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "oticasvisao.net.br", true */ 'o', 't', 'i', 'c', 'a', 's', 'v', 'i', 's', 'a', 'o', '.', 'n', 'e', 't', '.', 'b', 'r', '\0', + /* "otmns.net", true */ 'o', 't', 'm', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "otorrino.pt", true */ 'o', 't', 'o', 'r', 'r', 'i', 'n', 'o', '.', 'p', 't', '\0', + /* "otoy.com", true */ 'o', 't', 'o', 'y', '.', 'c', 'o', 'm', '\0', + /* "otoya.space", true */ 'o', 't', 'o', 'y', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "otpsmart.com.ua", true */ 'o', 't', 'p', 's', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "otr.ie", true */ 'o', 't', 'r', '.', 'i', 'e', '\0', + /* "otrm.de", true */ 'o', 't', 'r', 'm', '.', 'd', 'e', '\0', + /* "ottoproject.io", true */ 'o', 't', 't', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0', + /* "otvaracie-hodiny.sk", true */ 'o', 't', 'v', 'a', 'r', 'a', 'c', 'i', 'e', '-', 'h', 'o', 'd', 'i', 'n', 'y', '.', 's', 'k', '\0', + /* "otya.me", true */ 'o', 't', 'y', 'a', '.', 'm', 'e', '\0', + /* "ouaibe.qc.ca", true */ 'o', 'u', 'a', 'i', 'b', 'e', '.', 'q', 'c', '.', 'c', 'a', '\0', + /* "ouestsolutions.com", true */ 'o', 'u', 'e', 's', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "ouimoove.com", true */ 'o', 'u', 'i', 'm', 'o', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "oulunjujutsu.com", true */ 'o', 'u', 'l', 'u', 'n', 'j', 'u', 'j', 'u', 't', 's', 'u', '.', 'c', 'o', 'm', '\0', + /* "ourai.ws", true */ 'o', 'u', 'r', 'a', 'i', '.', 'w', 's', '\0', + /* "ourcloud.at", true */ 'o', 'u', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'a', 't', '\0', + /* "ourcodinglives.com", true */ 'o', 'u', 'r', 'c', 'o', 'd', 'i', 'n', 'g', 'l', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "ourevents.net", true */ 'o', 'u', 'r', 'e', 'v', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0', + /* "ourwedding.xyz", true */ 'o', 'u', 'r', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0', + /* "outdoorfurniture.ie", true */ 'o', 'u', 't', 'd', 'o', 'o', 'r', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'i', 'e', '\0', + /* "outdoorimagingportal.com", true */ 'o', 'u', 't', 'd', 'o', 'o', 'r', 'i', 'm', 'a', 'g', 'i', 'n', 'g', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "outerlimitsdigital.com", true */ 'o', 'u', 't', 'e', 'r', 'l', 'i', 'm', 'i', 't', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "outgress.com", true */ 'o', 'u', 't', 'g', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "outka.xyz", true */ 'o', 'u', 't', 'k', 'a', '.', 'x', 'y', 'z', '\0', + /* "outline.ski", true */ 'o', 'u', 't', 'l', 'i', 'n', 'e', '.', 's', 'k', 'i', '\0', + /* "outlookonthedesktop.com", true */ 'o', 'u', 't', 'l', 'o', 'o', 'k', 'o', 'n', 't', 'h', 'e', 'd', 'e', 's', 'k', 't', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "outofcontrol.ca", true */ 'o', 'u', 't', 'o', 'f', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'c', 'a', '\0', + /* "outpostinfo.com", true */ 'o', 'u', 't', 'p', 'o', 's', 't', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "outsideconnections.com", true */ 'o', 'u', 't', 's', 'i', 'd', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "overalglas.nl", true */ 'o', 'v', 'e', 'r', 'a', 'l', 'g', 'l', 'a', 's', '.', 'n', 'l', '\0', + /* "overclockers.ge", true */ 'o', 'v', 'e', 'r', 'c', 'l', 'o', 'c', 'k', 'e', 'r', 's', '.', 'g', 'e', '\0', + /* "overdrive-usedcars.be", true */ 'o', 'v', 'e', 'r', 'd', 'r', 'i', 'v', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "overkillshop.com", true */ 'o', 'v', 'e', 'r', 'k', 'i', 'l', 'l', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "overseamusic.de", true */ 'o', 'v', 'e', 'r', 's', 'e', 'a', 'm', 'u', 's', 'i', 'c', '.', 'd', 'e', '\0', + /* "oversight.garden", true */ 'o', 'v', 'e', 'r', 's', 'i', 'g', 'h', 't', '.', 'g', 'a', 'r', 'd', 'e', 'n', '\0', + /* "oversight.gov", true */ 'o', 'v', 'e', 'r', 's', 'i', 'g', 'h', 't', '.', 'g', 'o', 'v', '\0', + /* "overstap.deals", true */ 'o', 'v', 'e', 'r', 's', 't', 'a', 'p', '.', 'd', 'e', 'a', 'l', 's', '\0', + /* "overstappen.nl", true */ 'o', 'v', 'e', 'r', 's', 't', 'a', 'p', 'p', 'e', 'n', '.', 'n', 'l', '\0', + /* "overstemmen.nl", true */ 'o', 'v', 'e', 'r', 's', 't', 'e', 'm', 'm', 'e', 'n', '.', 'n', 'l', '\0', + /* "overstockpromote.com", true */ 'o', 'v', 'e', 'r', 's', 't', 'o', 'c', 'k', 'p', 'r', 'o', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "overthecloud.it", true */ 'o', 'v', 'e', 'r', 't', 'h', 'e', 'c', 'l', 'o', 'u', 'd', '.', 'i', 't', '\0', + /* "overthinkingit.com", true */ 'o', 'v', 'e', 'r', 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "overture.london", true */ 'o', 'v', 'e', 'r', 't', 'u', 'r', 'e', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0', + /* "ovnrain.com", true */ 'o', 'v', 'n', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "ovpn.to", true */ 'o', 'v', 'p', 'n', '.', 't', 'o', '\0', + /* "owapi.net", true */ 'o', 'w', 'a', 'p', 'i', '.', 'n', 'e', 't', '\0', + /* "owennelson.co.uk", true */ 'o', 'w', 'e', 'n', 'n', 'e', 'l', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "owensmith.website", true */ 'o', 'w', 'e', 'n', 's', 'm', 'i', 't', 'h', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0', + /* "owl-stat.ch", true */ 'o', 'w', 'l', '-', 's', 't', 'a', 't', '.', 'c', 'h', '\0', + /* "owl.net", true */ 'o', 'w', 'l', '.', 'n', 'e', 't', '\0', + /* "owlishmedia.com", true */ 'o', 'w', 'l', 'i', 's', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "own3d.ch", true */ 'o', 'w', 'n', '3', 'd', '.', 'c', 'h', '\0', + /* "ownc.at", true */ 'o', 'w', 'n', 'c', '.', 'a', 't', '\0', + /* "owngeek.com", true */ 'o', 'w', 'n', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "ownit.se", false */ 'o', 'w', 'n', 'i', 't', '.', 's', 'e', '\0', + /* "ownmay.com", true */ 'o', 'w', 'n', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "ownspec.com", true */ 'o', 'w', 'n', 's', 'p', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "oxanababy.com", true */ 'o', 'x', 'a', 'n', 'a', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "oxborrow.ca", true */ 'o', 'x', 'b', 'o', 'r', 'r', 'o', 'w', '.', 'c', 'a', '\0', + /* "oxelie.com", true */ 'o', 'x', 'e', 'l', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "oxytocin.org", true */ 'o', 'x', 'y', 't', 'o', 'c', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "oyesunn.com", true */ 'o', 'y', 'e', 's', 'u', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "oyoony.de", true */ 'o', 'y', 'o', 'o', 'n', 'y', '.', 'd', 'e', '\0', + /* "oyosoft.fr", true */ 'o', 'y', 'o', 's', 'o', 'f', 't', '.', 'f', 'r', '\0', + /* "ozark.be", true */ 'o', 'z', 'a', 'r', 'k', '.', 'b', 'e', '\0', + /* "oznamovacipovinnost.cz", true */ 'o', 'z', 'n', 'a', 'm', 'o', 'v', 'a', 'c', 'i', 'p', 'o', 'v', 'i', 'n', 'n', 'o', 's', 't', '.', 'c', 'z', '\0', + /* "ozonitron.com", true */ 'o', 'z', 'o', 'n', 'i', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "ozonitron.de", true */ 'o', 'z', 'o', 'n', 'i', 't', 'r', 'o', 'n', '.', 'd', 'e', '\0', + /* "ozonitron.eu", true */ 'o', 'z', 'o', 'n', 'i', 't', 'r', 'o', 'n', '.', 'e', 'u', '\0', + /* "ozonytron.com", true */ 'o', 'z', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "ozonytron.de", true */ 'o', 'z', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'd', 'e', '\0', + /* "ozonytron.eu", true */ 'o', 'z', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'e', 'u', '\0', + /* "ozvolvo.org", true */ 'o', 'z', 'v', 'o', 'l', 'v', 'o', '.', 'o', 'r', 'g', '\0', + /* "p-pc.de", true */ 'p', '-', 'p', 'c', '.', 'd', 'e', '\0', + /* "p-s-b.com", true */ 'p', '-', 's', '-', 'b', '.', 'c', 'o', 'm', '\0', + /* "p1984.nl", false */ 'p', '1', '9', '8', '4', '.', 'n', 'l', '\0', + /* "p1ratrulezzz.me", true */ 'p', '1', 'r', 'a', 't', 'r', 'u', 'l', 'e', 'z', 'z', 'z', '.', 'm', 'e', '\0', + /* "p22.co", true */ 'p', '2', '2', '.', 'c', 'o', '\0', + /* "p3ter.fr", true */ 'p', '3', 't', 'e', 'r', '.', 'f', 'r', '\0', + /* "p4chivtac.com", true */ 'p', '4', 'c', 'h', 'i', 'v', 't', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "pa-w.de", true */ 'p', 'a', '-', 'w', '.', 'd', 'e', '\0', + /* "pa.search.yahoo.com", false */ 'p', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "paarberatung-hn.de", true */ 'p', 'a', 'a', 'r', 'b', 'e', 'r', 'a', 't', 'u', 'n', 'g', '-', 'h', 'n', '.', 'd', 'e', '\0', + /* "paazmaya.fi", true */ 'p', 'a', 'a', 'z', 'm', 'a', 'y', 'a', '.', 'f', 'i', '\0', + /* "pabloartea.ga", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', '.', 'g', 'a', '\0', + /* "pabloarteaga.co.uk", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pabloarteaga.com", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'c', 'o', 'm', '\0', + /* "pabloarteaga.es", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'e', 's', '\0', + /* "pabloarteaga.me", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'm', 'e', '\0', + /* "pabloarteaga.net", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'n', 'e', 't', '\0', + /* "pabloarteaga.tech", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 't', 'e', 'c', 'h', '\0', + /* "pabloarteaga.uk", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'u', 'k', '\0', + /* "pabuzo.vn", true */ 'p', 'a', 'b', 'u', 'z', 'o', '.', 'v', 'n', '\0', + /* "pacco.com.br", true */ 'p', 'a', 'c', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pace.car", true */ 'p', 'a', 'c', 'e', '.', 'c', 'a', 'r', '\0', + /* "pacelink.de", true */ 'p', 'a', 'c', 'e', 'l', 'i', 'n', 'k', '.', 'd', 'e', '\0', + /* "pacificpalisadeselectrical.com", true */ 'p', 'a', 'c', 'i', 'f', 'i', 'c', 'p', 'a', 'l', 'i', 's', 'a', 'd', 'e', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "pacifictilkin-occasions.be", true */ 'p', 'a', 'c', 'i', 'f', 'i', 'c', 't', 'i', 'l', 'k', 'i', 'n', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0', + /* "packagingproject.management", true */ 'p', 'a', 'c', 'k', 'a', 'g', 'i', 'n', 'g', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '\0', + /* "packagist.org", false */ 'p', 'a', 'c', 'k', 'a', 'g', 'i', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "packaware.com", true */ 'p', 'a', 'c', 'k', 'a', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "packer.io", true */ 'p', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'o', '\0', + /* "packetapp.ru", true */ 'p', 'a', 'c', 'k', 'e', 't', 'a', 'p', 'p', '.', 'r', 'u', '\0', + /* "packetcrash.net", true */ 'p', 'a', 'c', 'k', 'e', 't', 'c', 'r', 'a', 's', 'h', '.', 'n', 'e', 't', '\0', + /* "packetlinux.com", true */ 'p', 'a', 'c', 'k', 'e', 't', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "pacoda.de", false */ 'p', 'a', 'c', 'o', 'd', 'a', '.', 'd', 'e', '\0', + /* "pactf-flag-4boxdpa21ogonzkcrs9p.com", true */ 'p', 'a', 'c', 't', 'f', '-', 'f', 'l', 'a', 'g', '-', '4', 'b', 'o', 'x', 'd', 'p', 'a', '2', '1', 'o', 'g', 'o', 'n', 'z', 'k', 'c', 'r', 's', '9', 'p', '.', 'c', 'o', 'm', '\0', + /* "pactf.com", true */ 'p', 'a', 'c', 't', 'f', '.', 'c', 'o', 'm', '\0', + /* "paddy.rocks", true */ 'p', 'a', 'd', 'd', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "padianda.com", true */ 'p', 'a', 'd', 'i', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "padovani.de", true */ 'p', 'a', 'd', 'o', 'v', 'a', 'n', 'i', '.', 'd', 'e', '\0', + /* "padrepio.in", true */ 'p', 'a', 'd', 'r', 'e', 'p', 'i', 'o', '.', 'i', 'n', '\0', + /* "paducaheic.com", true */ 'p', 'a', 'd', 'u', 'c', 'a', 'h', 'e', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "padzilla.com", true */ 'p', 'a', 'd', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "paedlink.ca", true */ 'p', 'a', 'e', 'd', 'l', 'i', 'n', 'k', '.', 'c', 'a', '\0', + /* "paf-events.ch", true */ 'p', 'a', 'f', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0', + /* "pagalworld.la", true */ 'p', 'a', 'g', 'a', 'l', 'w', 'o', 'r', 'l', 'd', '.', 'l', 'a', '\0', + /* "pagalworld.me", true */ 'p', 'a', 'g', 'a', 'l', 'w', 'o', 'r', 'l', 'd', '.', 'm', 'e', '\0', + /* "page-builders.com", true */ 'p', 'a', 'g', 'e', '-', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "pageantsnews.com", false */ 'p', 'a', 'g', 'e', 'a', 'n', 't', 's', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "pagedesignhub.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "pagedesignpro.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "pagedesignshop.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "pagedesignweb.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "pagefulloflies.io", true */ 'p', 'a', 'g', 'e', 'f', 'u', 'l', 'l', 'o', 'f', 'l', 'i', 'e', 's', '.', 'i', 'o', '\0', + /* "pages-tocaven.com", true */ 'p', 'a', 'g', 'e', 's', '-', 't', 'o', 'c', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "pagewizz.com", false */ 'p', 'a', 'g', 'e', 'w', 'i', 'z', 'z', '.', 'c', 'o', 'm', '\0', + /* "pagiamtzis.com", true */ 'p', 'a', 'g', 'i', 'a', 'm', 't', 'z', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "pagina.com.mx", true */ 'p', 'a', 'g', 'i', 'n', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "paginapolitica.ro", true */ 'p', 'a', 'g', 'i', 'n', 'a', 'p', 'o', 'l', 'i', 't', 'i', 'c', 'a', '.', 'r', 'o', '\0', + /* "pagure.io", true */ 'p', 'a', 'g', 'u', 'r', 'e', '.', 'i', 'o', '\0', + /* "pagure.org", true */ 'p', 'a', 'g', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "pahae.de", true */ 'p', 'a', 'h', 'a', 'e', '.', 'd', 'e', '\0', + /* "pahealthbilling.com", true */ 'p', 'a', 'h', 'e', 'a', 'l', 't', 'h', 'b', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "paindata.dk", true */ 'p', 'a', 'i', 'n', 'd', 'a', 't', 'a', '.', 'd', 'k', '\0', + /* "painefamily.co.uk", true */ 'p', 'a', 'i', 'n', 'e', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "painlessproperty.co.uk", true */ 'p', 'a', 'i', 'n', 'l', 'e', 's', 's', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "painosso.org", true */ 'p', 'a', 'i', 'n', 'o', 's', 's', 'o', '.', 'o', 'r', 'g', '\0', + /* "paint-it.pink", true */ 'p', 'a', 'i', 'n', 't', '-', 'i', 't', '.', 'p', 'i', 'n', 'k', '\0', + /* "paipuman.jp", true */ 'p', 'a', 'i', 'p', 'u', 'm', 'a', 'n', '.', 'j', 'p', '\0', + /* "paizinhovirgula.com", true */ 'p', 'a', 'i', 'z', 'i', 'n', 'h', 'o', 'v', 'i', 'r', 'g', 'u', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "pajadam.me", true */ 'p', 'a', 'j', 'a', 'd', 'a', 'm', '.', 'm', 'e', '\0', + /* "pajuvuo.fi", true */ 'p', 'a', 'j', 'u', 'v', 'u', 'o', '.', 'f', 'i', '\0', + /* "paketkreditsuzuki.com", true */ 'p', 'a', 'k', 'e', 't', 'k', 'r', 'e', 'd', 'i', 't', 's', 'u', 'z', 'u', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "paketwatch.de", true */ 'p', 'a', 'k', 'e', 't', 'w', 'a', 't', 'c', 'h', '.', 'd', 'e', '\0', + /* "pakistani.dating", true */ 'p', 'a', 'k', 'i', 's', 't', 'a', 'n', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "pakitow.fr", true */ 'p', 'a', 'k', 'i', 't', 'o', 'w', '.', 'f', 'r', '\0', + /* "pakke.de", true */ 'p', 'a', 'k', 'k', 'e', '.', 'd', 'e', '\0', + /* "pakremit.com", true */ 'p', 'a', 'k', 'r', 'e', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "paktolos.net", true */ 'p', 'a', 'k', 't', 'o', 'l', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "palabr.as", true */ 'p', 'a', 'l', 'a', 'b', 'r', '.', 'a', 's', '\0', + /* "palapadev.com", true */ 'p', 'a', 'l', 'a', 'p', 'a', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "palatin.at", true */ 'p', 'a', 'l', 'a', 't', 'i', 'n', '.', 'a', 't', '\0', + /* "palationtrade.com", true */ 'p', 'a', 'l', 'a', 't', 'i', 'o', 'n', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "palava.tv", true */ 'p', 'a', 'l', 'a', 'v', 'a', '.', 't', 'v', '\0', + /* "palavatv.com", true */ 'p', 'a', 'l', 'a', 'v', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "paleosquawk.com", true */ 'p', 'a', 'l', 'e', 'o', 's', 'q', 'u', 'a', 'w', 'k', '.', 'c', 'o', 'm', '\0', + /* "palletflow.com", true */ 'p', 'a', 'l', 'l', 'e', 't', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "palli.ch", true */ 'p', 'a', 'l', 'l', 'i', '.', 'c', 'h', '\0', + /* "palmavile.us", true */ 'p', 'a', 'l', 'm', 'a', 'v', 'i', 'l', 'e', '.', 'u', 's', '\0', + /* "palmaville.com", true */ 'p', 'a', 'l', 'm', 'a', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "pamaniqu.nl", true */ 'p', 'a', 'm', 'a', 'n', 'i', 'q', 'u', '.', 'n', 'l', '\0', + /* "pamatv.hk", true */ 'p', 'a', 'm', 'a', 't', 'v', '.', 'h', 'k', '\0', + /* "pan.digital", true */ 'p', 'a', 'n', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "panaxis.ch", true */ 'p', 'a', 'n', 'a', 'x', 'i', 's', '.', 'c', 'h', '\0', + /* "panda-community.com", true */ 'p', 'a', 'n', 'd', 'a', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "panda.tf", true */ 'p', 'a', 'n', 'd', 'a', '.', 't', 'f', '\0', + /* "pandemicflu.gov", true */ 'p', 'a', 'n', 'd', 'e', 'm', 'i', 'c', 'f', 'l', 'u', '.', 'g', 'o', 'v', '\0', + /* "pandoraflora.com", true */ 'p', 'a', 'n', 'd', 'o', 'r', 'a', 'f', 'l', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "pandymic.com", true */ 'p', 'a', 'n', 'd', 'y', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "paneldewelopera.pl", true */ 'p', 'a', 'n', 'e', 'l', 'd', 'e', 'w', 'e', 'l', 'o', 'p', 'e', 'r', 'a', '.', 'p', 'l', '\0', + /* "paneu.de", true */ 'p', 'a', 'n', 'e', 'u', '.', 'd', 'e', '\0', + /* "panier-legumes.bio", true */ 'p', 'a', 'n', 'i', 'e', 'r', '-', 'l', 'e', 'g', 'u', 'm', 'e', 's', '.', 'b', 'i', 'o', '\0', + /* "panj.ws", true */ 'p', 'a', 'n', 'j', '.', 'w', 's', '\0', + /* "panmetro.com", true */ 'p', 'a', 'n', 'm', 'e', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "panoti.com", false */ 'p', 'a', 'n', 'o', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "panoxadrez.com.br", true */ 'p', 'a', 'n', 'o', 'x', 'a', 'd', 'r', 'e', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "panpsychism.com", true */ 'p', 'a', 'n', 'p', 's', 'y', 'c', 'h', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "panpsychist.com", true */ 'p', 'a', 'n', 'p', 's', 'y', 'c', 'h', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "pantallasled.com.mx", true */ 'p', 'a', 'n', 't', 'a', 'l', 'l', 'a', 's', 'l', 'e', 'd', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "pantallasled.mx", true */ 'p', 'a', 'n', 't', 'a', 'l', 'l', 'a', 's', 'l', 'e', 'd', '.', 'm', 'x', '\0', + /* "panthur.com.au", false */ 'p', 'a', 'n', 't', 'h', 'u', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "pantographe.info", true */ 'p', 'a', 'n', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "pantou.org", false */ 'p', 'a', 'n', 't', 'o', 'u', '.', 'o', 'r', 'g', '\0', + /* "panzer72.ru", true */ 'p', 'a', 'n', 'z', 'e', 'r', '7', '2', '.', 'r', 'u', '\0', + /* "pap.la", false */ 'p', 'a', 'p', '.', 'l', 'a', '\0', + /* "papa-webzeit.de", true */ 'p', 'a', 'p', 'a', '-', 'w', 'e', 'b', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0', + /* "papadopoulos.me", true */ 'p', 'a', 'p', 'a', 'd', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'm', 'e', '\0', + /* "papakatsu-life.com", true */ 'p', 'a', 'p', 'a', 'k', 'a', 't', 's', 'u', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "papatest24.de", true */ 'p', 'a', 'p', 'a', 't', 'e', 's', 't', '2', '4', '.', 'd', 'e', '\0', + /* "papayame.com", true */ 'p', 'a', 'p', 'a', 'y', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "papayapythons.com", true */ 'p', 'a', 'p', 'a', 'y', 'a', 'p', 'y', 't', 'h', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "paper-republic.org", true */ 'p', 'a', 'p', 'e', 'r', '-', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "paperhaven.com.au", true */ 'p', 'a', 'p', 'e', 'r', 'h', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "paperhoney.by", true */ 'p', 'a', 'p', 'e', 'r', 'h', 'o', 'n', 'e', 'y', '.', 'b', 'y', '\0', + /* "papermasters.com", true */ 'p', 'a', 'p', 'e', 'r', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "papersmart.net", true */ 'p', 'a', 'p', 'e', 'r', 's', 'm', 'a', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "papertracker.net", true */ 'p', 'a', 'p', 'e', 'r', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "paperturn.com", true */ 'p', 'a', 'p', 'e', 'r', 't', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "paperwork.co.za", true */ 'p', 'a', 'p', 'e', 'r', 'w', 'o', 'r', 'k', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "paperwritinghelp.net", true */ 'p', 'a', 'p', 'e', 'r', 'w', 'r', 'i', 't', 'i', 'n', 'g', 'h', 'e', 'l', 'p', '.', 'n', 'e', 't', '\0', + /* "paprikas.fr", true */ 'p', 'a', 'p', 'r', 'i', 'k', 'a', 's', '.', 'f', 'r', '\0', + /* "paraborsa.net", true */ 'p', 'a', 'r', 'a', 'b', 'o', 'r', 's', 'a', '.', 'n', 'e', 't', '\0', + /* "parachute70.com", true */ 'p', 'a', 'r', 'a', 'c', 'h', 'u', 't', 'e', '7', '0', '.', 'c', 'o', 'm', '\0', + /* "paradiesgirls.ch", true */ 'p', 'a', 'r', 'a', 'd', 'i', 'e', 's', 'g', 'i', 'r', 'l', 's', '.', 'c', 'h', '\0', + /* "paradigi.com.br", true */ 'p', 'a', 'r', 'a', 'd', 'i', 'g', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "paradise-engineer.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "paradise-engineering.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "paradise-engineers.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "paradiselost.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', 'l', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "paradisenazarene.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', 'n', 'a', 'z', 'a', 'r', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "paradoxdesigns.org", true */ 'p', 'a', 'r', 'a', 'd', 'o', 'x', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "paragon.edu", true */ 'p', 'a', 'r', 'a', 'g', 'o', 'n', '.', 'e', 'd', 'u', '\0', + /* "paragonie.com", false */ 'p', 'a', 'r', 'a', 'g', 'o', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "paragreen.net", true */ 'p', 'a', 'r', 'a', 'g', 'r', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "parakranov.ru", true */ 'p', 'a', 'r', 'a', 'k', 'r', 'a', 'n', 'o', 'v', '.', 'r', 'u', '\0', + /* "paranoidmode.com", true */ 'p', 'a', 'r', 'a', 'n', 'o', 'i', 'd', 'm', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "paranoidpenguin.net", true */ 'p', 'a', 'r', 'a', 'n', 'o', 'i', 'd', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "paranoxer.hu", true */ 'p', 'a', 'r', 'a', 'n', 'o', 'x', 'e', 'r', '.', 'h', 'u', '\0', + /* "parasitologyclub.org", true */ 'p', 'a', 'r', 'a', 's', 'i', 't', 'o', 'l', 'o', 'g', 'y', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '\0', + /* "paratlan.hu", true */ 'p', 'a', 'r', 'a', 't', 'l', 'a', 'n', '.', 'h', 'u', '\0', + /* "paratxt.org", true */ 'p', 'a', 'r', 'a', 't', 'x', 't', '.', 'o', 'r', 'g', '\0', + /* "parcelbroker.co.uk", true */ 'p', 'a', 'r', 'c', 'e', 'l', 'b', 'r', 'o', 'k', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "parchcraftaustralia.com", true */ 'p', 'a', 'r', 'c', 'h', 'c', 'r', 'a', 'f', 't', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "parckwart.de", true */ 'p', 'a', 'r', 'c', 'k', 'w', 'a', 'r', 't', '.', 'd', 'e', '\0', + /* "parcon.it", true */ 'p', 'a', 'r', 'c', 'o', 'n', '.', 'i', 't', '\0', + /* "parentheseardenne.be", true */ 'p', 'a', 'r', 'e', 'n', 't', 'h', 'e', 's', 'e', 'a', 'r', 'd', 'e', 'n', 'n', 'e', '.', 'b', 'e', '\0', + /* "parentinterview.com", true */ 'p', 'a', 'r', 'e', 'n', 't', 'i', 'n', 't', 'e', 'r', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "parentsintouch.co.uk", true */ 'p', 'a', 'r', 'e', 'n', 't', 's', 'i', 'n', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pariga.co.uk", true */ 'p', 'a', 'r', 'i', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "parisescortgirls.com", true */ 'p', 'a', 'r', 'i', 's', 'e', 's', 'c', 'o', 'r', 't', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "parisfranceparking.com", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "parisfranceparking.de", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "parisfranceparking.fr", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'f', 'r', '\0', + /* "parisfranceparking.nl", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "parishome.jp", true */ 'p', 'a', 'r', 'i', 's', 'h', 'o', 'm', 'e', '.', 'j', 'p', '\0', + /* "parkingpoint.co.uk", true */ 'p', 'a', 'r', 'k', 'i', 'n', 'g', 'p', 'o', 'i', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "parksubaruoemparts.com", true */ 'p', 'a', 'r', 'k', 's', 'u', 'b', 'a', 'r', 'u', 'o', 'e', 'm', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "parkviewmotorcompany.com", true */ 'p', 'a', 'r', 'k', 'v', 'i', 'e', 'w', 'm', 'o', 't', 'o', 'r', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "parkwayminyan.org", true */ 'p', 'a', 'r', 'k', 'w', 'a', 'y', 'm', 'i', 'n', 'y', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "parlamento.gub.uy", true */ 'p', 'a', 'r', 'l', 'a', 'm', 'e', 'n', 't', 'o', '.', 'g', 'u', 'b', '.', 'u', 'y', '\0', + /* "parleamonluc.fr", true */ 'p', 'a', 'r', 'l', 'e', 'a', 'm', 'o', 'n', 'l', 'u', 'c', '.', 'f', 'r', '\0', + /* "parleu2016.nl", true */ 'p', 'a', 'r', 'l', 'e', 'u', '2', '0', '1', '6', '.', 'n', 'l', '\0', + /* "parolu.io", true */ 'p', 'a', 'r', 'o', 'l', 'u', '.', 'i', 'o', '\0', + /* "parquettista.roma.it", true */ 'p', 'a', 'r', 'q', 'u', 'e', 't', 't', 'i', 's', 't', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "parsemail.org", true */ 'p', 'a', 'r', 's', 'e', 'm', 'a', 'i', 'l', '.', 'o', 'r', 'g', '\0', + /* "parser.nu", true */ 'p', 'a', 'r', 's', 'e', 'r', '.', 'n', 'u', '\0', + /* "parsonsfamilyhomes.com", true */ 'p', 'a', 'r', 's', 'o', 'n', 's', 'f', 'a', 'm', 'i', 'l', 'y', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "partecipa.tn.it", true */ 'p', 'a', 'r', 't', 'e', 'c', 'i', 'p', 'a', '.', 't', 'n', '.', 'i', 't', '\0', + /* "parthkolekar.me", true */ 'p', 'a', 'r', 't', 'h', 'k', 'o', 'l', 'e', 'k', 'a', 'r', '.', 'm', 'e', '\0', + /* "participatorybudgeting.de", true */ 'p', 'a', 'r', 't', 'i', 'c', 'i', 'p', 'a', 't', 'o', 'r', 'y', 'b', 'u', 'd', 'g', 'e', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "participatorybudgeting.info", true */ 'p', 'a', 'r', 't', 'i', 'c', 'i', 'p', 'a', 't', 'o', 'r', 'y', 'b', 'u', 'd', 'g', 'e', 't', 'i', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0', + /* "partijtjevoordevrijheid.nl", false */ 'p', 'a', 'r', 't', 'i', 'j', 't', 'j', 'e', 'v', 'o', 'o', 'r', 'd', 'e', 'v', 'r', 'i', 'j', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0', + /* "partner.sh", true */ 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 's', 'h', '\0', + /* "partnerbeam.com", true */ 'p', 'a', 'r', 't', 'n', 'e', 'r', 'b', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "partou.de", true */ 'p', 'a', 'r', 't', 'o', 'u', '.', 'd', 'e', '\0', + /* "partridge.tech", true */ 'p', 'a', 'r', 't', 'r', 'i', 'd', 'g', 'e', '.', 't', 'e', 'c', 'h', '\0', + /* "parts4phone.com", true */ 'p', 'a', 'r', 't', 's', '4', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "partsestore.com", true */ 'p', 'a', 'r', 't', 's', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "party-and-play.co.uk", true */ 'p', 'a', 'r', 't', 'y', '-', 'a', 'n', 'd', '-', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "party-calendar.net", true */ 'p', 'a', 'r', 't', 'y', '-', 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "party-kneipe-bar.com", true */ 'p', 'a', 'r', 't', 'y', '-', 'k', 'n', 'e', 'i', 'p', 'e', '-', 'b', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "party-time-inflatables-durham.co.uk", true */ 'p', 'a', 'r', 't', 'y', '-', 't', 'i', 'm', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '-', 'd', 'u', 'r', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "partybounceplay.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'b', 'o', 'u', 'n', 'c', 'e', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "partycentrumdebinnenhof.nl", true */ 'p', 'a', 'r', 't', 'y', 'c', 'e', 'n', 't', 'r', 'u', 'm', 'd', 'e', 'b', 'i', 'n', 'n', 'e', 'n', 'h', 'o', 'f', '.', 'n', 'l', '\0', + /* "partycentrumopenhuis.nl", true */ 'p', 'a', 'r', 't', 'y', 'c', 'e', 'n', 't', 'r', 'u', 'm', 'o', 'p', 'e', 'n', 'h', 'u', 'i', 's', '.', 'n', 'l', '\0', + /* "partyhireisleofwight.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', 'i', 's', 'l', 'e', 'o', 'f', 'w', 'i', 'g', 'h', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "partyhireliverpool.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', 'l', 'i', 'v', 'e', 'r', 'p', 'o', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "partyrocksbounce.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'r', 'o', 'c', 'k', 's', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "partyschnaps.com", true */ 'p', 'a', 'r', 't', 'y', 's', 'c', 'h', 'n', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "partyspaces.co.uk", true */ 'p', 'a', 'r', 't', 'y', 's', 'p', 'a', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "partytime-uk.co.uk", true */ 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', '-', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "partytimeltd.ie", true */ 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', 'l', 't', 'd', '.', 'i', 'e', '\0', + /* "partytownireland.co.uk", true */ 'p', 'a', 'r', 't', 'y', 't', 'o', 'w', 'n', 'i', 'r', 'e', 'l', 'a', 'n', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "partytownmarquees.co.uk", true */ 'p', 'a', 'r', 't', 'y', 't', 'o', 'w', 'n', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "partyvan.io", true */ 'p', 'a', 'r', 't', 'y', 'v', 'a', 'n', '.', 'i', 'o', '\0', + /* "partyzone.ie", true */ 'p', 'a', 'r', 't', 'y', 'z', 'o', 'n', 'e', '.', 'i', 'e', '\0', + /* "parvaneh.fr", true */ 'p', 'a', 'r', 'v', 'a', 'n', 'e', 'h', '.', 'f', 'r', '\0', + /* "pasadenapooch.org", true */ 'p', 'a', 's', 'a', 'd', 'e', 'n', 'a', 'p', 'o', 'o', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "pasadenasandwichcompany.com", true */ 'p', 'a', 's', 'a', 'd', 'e', 'n', 'a', 's', 'a', 'n', 'd', 'w', 'i', 'c', 'h', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "pasarella.eu", true */ 'p', 'a', 's', 'a', 'r', 'e', 'l', 'l', 'a', '.', 'e', 'u', '\0', + /* "pascal-bourhis.com", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "pascal-bourhis.net", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "pascal-kannchen.de", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'k', 'a', 'n', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "pascal-wittmann.de", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'w', 'i', 't', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "pascaline-jouis.fr", true */ 'p', 'a', 's', 'c', 'a', 'l', 'i', 'n', 'e', '-', 'j', 'o', 'u', 'i', 's', '.', 'f', 'r', '\0', + /* "pascalleguern.com", true */ 'p', 'a', 's', 'c', 'a', 'l', 'l', 'e', 'g', 'u', 'e', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "pascalmathis.com", true */ 'p', 'a', 's', 'c', 'a', 'l', 'm', 'a', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "pascalmathis.me", true */ 'p', 'a', 's', 'c', 'a', 'l', 'm', 'a', 't', 'h', 'i', 's', '.', 'm', 'e', '\0', + /* "pascalmathis.net", true */ 'p', 'a', 's', 'c', 'a', 'l', 'm', 'a', 't', 'h', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "pascalspoerri.ch", false */ 'p', 'a', 's', 'c', 'a', 'l', 's', 'p', 'o', 'e', 'r', 'r', 'i', '.', 'c', 'h', '\0', + /* "pass.org.my", true */ 'p', 'a', 's', 's', '.', 'o', 'r', 'g', '.', 'm', 'y', '\0', + /* "passfoto-deinfoto.ch", true */ 'p', 'a', 's', 's', 'f', 'o', 't', 'o', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0', + /* "passieposse.nl", true */ 'p', 'a', 's', 's', 'i', 'e', 'p', 'o', 's', 's', 'e', '.', 'n', 'l', '\0', + /* "passionatefoodie.co.uk", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 'a', 't', 'e', 'f', 'o', 'o', 'd', 'i', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "passionatehorsemanship.com", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 'a', 't', 'e', 'h', 'o', 'r', 's', 'e', 'm', 'a', 'n', 's', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "passionpictures.eu", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'e', 'u', '\0', + /* "passions-art.com", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 's', '-', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "passphrase.today", true */ 'p', 'a', 's', 's', 'p', 'h', 'r', 'a', 's', 'e', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "passpilot.co.uk", true */ 'p', 'a', 's', 's', 'p', 'i', 'l', 'o', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "passport.yandex.by", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'b', 'y', '\0', + /* "passport.yandex.com", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "passport.yandex.com.tr", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "passport.yandex.kz", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'k', 'z', '\0', + /* "passport.yandex.ru", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'r', 'u', '\0', + /* "passport.yandex.ua", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'u', 'a', '\0', + /* "passports.govt.nz", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', 's', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0', + /* "passthepopcorn.me", true */ 'p', 'a', 's', 's', 't', 'h', 'e', 'p', 'o', 'p', 'c', 'o', 'r', 'n', '.', 'm', 'e', '\0', + /* "passvau.lt", true */ 'p', 'a', 's', 's', 'v', 'a', 'u', '.', 'l', 't', '\0', + /* "passwd.one", true */ 'p', 'a', 's', 's', 'w', 'd', '.', 'o', 'n', 'e', '\0', + /* "passwd.org", true */ 'p', 'a', 's', 's', 'w', 'd', '.', 'o', 'r', 'g', '\0', + /* "password-checker.de", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '-', 'c', 'h', 'e', 'c', 'k', 'e', 'r', '.', 'd', 'e', '\0', + /* "password.codes", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'd', 'e', 's', '\0', + /* "password.consulting", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0', + /* "password.work", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'w', 'o', 'r', 'k', '\0', + /* "passwordhashing.com", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 'h', 'a', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "passwordkeeperbooks.com", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 'k', 'e', 'e', 'p', 'e', 'r', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "passwords.google.com", false */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "passwordscon.com", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "passwordscon.org", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "passwordsecurity.info", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "passworks.io", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'k', 's', '.', 'i', 'o', '\0', + /* "pasta-factory.co.il", true */ 'p', 'a', 's', 't', 'a', '-', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "pastaenprosecco.nl", true */ 'p', 'a', 's', 't', 'a', 'e', 'n', 'p', 'r', 'o', 's', 'e', 'c', 'c', 'o', '.', 'n', 'l', '\0', + /* "paste.fedoraproject.org", true */ 'p', 'a', 's', 't', 'e', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "pastebin.co.za", true */ 'p', 'a', 's', 't', 'e', 'b', 'i', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "pasternok.org", true */ 'p', 'a', 's', 't', 'e', 'r', 'n', 'o', 'k', '.', 'o', 'r', 'g', '\0', + /* "pasteros.io", true */ 'p', 'a', 's', 't', 'e', 'r', 'o', 's', '.', 'i', 'o', '\0', + /* "pastoral-verbund.de", true */ 'p', 'a', 's', 't', 'o', 'r', 'a', 'l', '-', 'v', 'e', 'r', 'b', 'u', 'n', 'd', '.', 'd', 'e', '\0', + /* "pastorbelgagroenendael.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'b', 'e', 'l', 'g', 'a', 'g', 'r', 'o', 'e', 'n', 'e', 'n', 'd', 'a', 'e', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pastorcanadense.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'c', 'a', 'n', 'a', 'd', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pastordocaucaso.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'd', 'o', 'c', 'a', 'u', 'c', 'a', 's', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pastormaremanoabruzes.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'm', 'a', 'r', 'e', 'm', 'a', 'n', 'o', 'a', 'b', 'r', 'u', 'z', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pastorsuico.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 's', 'u', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pasztor.at", true */ 'p', 'a', 's', 'z', 't', 'o', 'r', '.', 'a', 't', '\0', + /* "patadanabouca.pw", true */ 'p', 'a', 't', 'a', 'd', 'a', 'n', 'a', 'b', 'o', 'u', 'c', 'a', '.', 'p', 'w', '\0', + /* "pataterosviajeros.com", true */ 'p', 'a', 't', 'a', 't', 'e', 'r', 'o', 's', 'v', 'i', 'a', 'j', 'e', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "patbatesremodeling.com", false */ 'p', 'a', 't', 'b', 'a', 't', 'e', 's', 'r', 'e', 'm', 'o', 'd', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "patdorf.com", true */ 'p', 'a', 't', 'd', 'o', 'r', 'f', '.', 'c', 'o', 'm', '\0', + /* "patechmasters.com", true */ 'p', 'a', 't', 'e', 'c', 'h', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "patentfamily.de", true */ 'p', 'a', 't', 'e', 'n', 't', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'd', 'e', '\0', + /* "paterno-gaming.com", true */ 'p', 'a', 't', 'e', 'r', 'n', 'o', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "pathagoras.com", true */ 'p', 'a', 't', 'h', 'a', 'g', 'o', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "pathwaystoresilience.org", true */ 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', 't', 'o', 'r', 'e', 's', 'i', 'l', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "pathwaytofaith.com", true */ 'p', 'a', 't', 'h', 'w', 'a', 'y', 't', 'o', 'f', 'a', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "patikabiztositas.hu", true */ 'p', 'a', 't', 'i', 'k', 'a', 'b', 'i', 'z', 't', 'o', 's', 'i', 't', 'a', 's', '.', 'h', 'u', '\0', + /* "patouille-et-gribouille.fr", true */ 'p', 'a', 't', 'o', 'u', 'i', 'l', 'l', 'e', '-', 'e', 't', '-', 'g', 'r', 'i', 'b', 'o', 'u', 'i', 'l', 'l', 'e', '.', 'f', 'r', '\0', + /* "patralos.at", false */ 'p', 'a', 't', 'r', 'a', 'l', 'o', 's', '.', 'a', 't', '\0', + /* "patriaco.net", true */ 'p', 'a', 't', 'r', 'i', 'a', 'c', 'o', '.', 'n', 'e', 't', '\0', + /* "patric-lenhart.de", true */ 'p', 'a', 't', 'r', 'i', 'c', '-', 'l', 'e', 'n', 'h', 'a', 'r', 't', '.', 'd', 'e', '\0', + /* "patrick-othmer.de", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', '-', 'o', 't', 'h', 'm', 'e', 'r', '.', 'd', 'e', '\0', + /* "patrick-robrecht.de", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', '-', 'r', 'o', 'b', 'r', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "patrick.dark.name", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', '.', 'd', 'a', 'r', 'k', '.', 'n', 'a', 'm', 'e', '\0', + /* "patrickaudley.ca", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'a', '\0', + /* "patrickaudley.com", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "patrickbrosi.de", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 'b', 'r', 'o', 's', 'i', '.', 'd', 'e', '\0', + /* "patrickschneider.me", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 's', 'c', 'h', 'n', 'e', 'i', 'd', 'e', 'r', '.', 'm', 'e', '\0', + /* "patriksima.cz", true */ 'p', 'a', 't', 'r', 'i', 'k', 's', 'i', 'm', 'a', '.', 'c', 'z', '\0', + /* "patriksimek.cz", true */ 'p', 'a', 't', 'r', 'i', 'k', 's', 'i', 'm', 'e', 'k', '.', 'c', 'z', '\0', + /* "patrz.eu", true */ 'p', 'a', 't', 'r', 'z', '.', 'e', 'u', '\0', + /* "patsyforyou.ch", true */ 'p', 'a', 't', 's', 'y', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'c', 'h', '\0', + /* "patsytoforyou.ch", true */ 'p', 'a', 't', 's', 'y', 't', 'o', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'c', 'h', '\0', + /* "pattuka.com", true */ 'p', 'a', 't', 't', 'u', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "pattyliao.com", true */ 'p', 'a', 't', 't', 'y', 'l', 'i', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "paudley.ca", true */ 'p', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'a', '\0', + /* "paudley.com", true */ 'p', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "paudley.org", true */ 'p', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0', + /* "paul-bronski.de", true */ 'p', 'a', 'u', 'l', '-', 'b', 'r', 'o', 'n', 's', 'k', 'i', '.', 'd', 'e', '\0', + /* "paul.reviews", true */ 'p', 'a', 'u', 'l', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0', + /* "pauladamsmith.com", true */ 'p', 'a', 'u', 'l', 'a', 'd', 'a', 'm', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "paulbakaus.com", true */ 'p', 'a', 'u', 'l', 'b', 'a', 'k', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "paulbdelaat.nl", true */ 'p', 'a', 'u', 'l', 'b', 'd', 'e', 'l', 'a', 'a', 't', '.', 'n', 'l', '\0', + /* "paulchen.at", true */ 'p', 'a', 'u', 'l', 'c', 'h', 'e', 'n', '.', 'a', 't', '\0', + /* "pauldcox.com", true */ 'p', 'a', 'u', 'l', 'd', 'c', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "paulerhof.com", true */ 'p', 'a', 'u', 'l', 'e', 'r', 'h', 'o', 'f', '.', 'c', 'o', 'm', '\0', + /* "paulinewesterman.nl", true */ 'p', 'a', 'u', 'l', 'i', 'n', 'e', 'w', 'e', 's', 't', 'e', 'r', 'm', 'a', 'n', '.', 'n', 'l', '\0', + /* "paulomonteiro.pt", true */ 'p', 'a', 'u', 'l', 'o', 'm', 'o', 'n', 't', 'e', 'i', 'r', 'o', '.', 'p', 't', '\0', + /* "paulov.com", true */ 'p', 'a', 'u', 'l', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "paulov.info", true */ 'p', 'a', 'u', 'l', 'o', 'v', '.', 'i', 'n', 'f', 'o', '\0', + /* "paulov.ru", true */ 'p', 'a', 'u', 'l', 'o', 'v', '.', 'r', 'u', '\0', + /* "paulpetersen.dk", true */ 'p', 'a', 'u', 'l', 'p', 'e', 't', 'e', 'r', 's', 'e', 'n', '.', 'd', 'k', '\0', + /* "paulrobertlloyd.com", true */ 'p', 'a', 'u', 'l', 'r', 'o', 'b', 'e', 'r', 't', 'l', 'l', 'o', 'y', 'd', '.', 'c', 'o', 'm', '\0', + /* "paulrotter.de", true */ 'p', 'a', 'u', 'l', 'r', 'o', 't', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "paulschreiber.com", true */ 'p', 'a', 'u', 'l', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "paulscustomauto.com", true */ 'p', 'a', 'u', 'l', 's', 'c', 'u', 's', 't', 'o', 'm', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "paulswartz.net", true */ 'p', 'a', 'u', 'l', 's', 'w', 'a', 'r', 't', 'z', '.', 'n', 'e', 't', '\0', + /* "paultibbetts.uk", true */ 'p', 'a', 'u', 'l', 't', 'i', 'b', 'b', 'e', 't', 't', 's', '.', 'u', 'k', '\0', + /* "paulus-foto.pl", true */ 'p', 'a', 'u', 'l', 'u', 's', '-', 'f', 'o', 't', 'o', '.', 'p', 'l', '\0', + /* "paulward.net", true */ 'p', 'a', 'u', 'l', 'w', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0', + /* "paulwatabe.com", true */ 'p', 'a', 'u', 'l', 'w', 'a', 't', 'a', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "pauspam.net", true */ 'p', 'a', 'u', 's', 'p', 'a', 'm', '.', 'n', 'e', 't', '\0', + /* "pautadiaria.com", true */ 'p', 'a', 'u', 't', 'a', 'd', 'i', 'a', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "pavando.com", true */ 'p', 'a', 'v', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "paveljanda.com", true */ 'p', 'a', 'v', 'e', 'l', 'j', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "pavelrebrov.com", true */ 'p', 'a', 'v', 'e', 'l', 'r', 'e', 'b', 'r', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "paw.cloud", true */ 'p', 'a', 'w', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "paw.pt", true */ 'p', 'a', 'w', '.', 'p', 't', '\0', + /* "pawel-international.com", true */ 'p', 'a', 'w', 'e', 'l', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "pawelnazaruk.com", true */ 'p', 'a', 'w', 'e', 'l', 'n', 'a', 'z', 'a', 'r', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "pawsomebox.co.uk", true */ 'p', 'a', 'w', 's', 'o', 'm', 'e', 'b', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pawsr.us", true */ 'p', 'a', 'w', 's', 'r', '.', 'u', 's', '\0', + /* "pay.ubuntu.com", true */ 'p', 'a', 'y', '.', 'u', 'b', 'u', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0', + /* "pay8522.com", true */ 'p', 'a', 'y', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "payboy.biz", true */ 'p', 'a', 'y', 'b', 'o', 'y', '.', 'b', 'i', 'z', '\0', + /* "payboy.rocks", true */ 'p', 'a', 'y', 'b', 'o', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "paybro.eu", true */ 'p', 'a', 'y', 'b', 'r', 'o', '.', 'e', 'u', '\0', + /* "payclixpayments.com", true */ 'p', 'a', 'y', 'c', 'l', 'i', 'x', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "payfazz.com", true */ 'p', 'a', 'y', 'f', 'a', 'z', 'z', '.', 'c', 'o', 'm', '\0', + /* "paylike.io", true */ 'p', 'a', 'y', 'l', 'i', 'k', 'e', '.', 'i', 'o', '\0', + /* "payload.tech", true */ 'p', 'a', 'y', 'l', 'o', 'a', 'd', '.', 't', 'e', 'c', 'h', '\0', + /* "payloc.io", true */ 'p', 'a', 'y', 'l', 'o', 'c', '.', 'i', 'o', '\0', + /* "payme.uz", true */ 'p', 'a', 'y', 'm', 'e', '.', 'u', 'z', '\0', + /* "payment-network.com", true */ 'p', 'a', 'y', 'm', 'e', 'n', 't', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "paymentaccuracy.gov", true */ 'p', 'a', 'y', 'm', 'e', 'n', 't', 'a', 'c', 'c', 'u', 'r', 'a', 'c', 'y', '.', 'g', 'o', 'v', '\0', + /* "payments.google.com", true */ 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "paymerang.com", true */ 'p', 'a', 'y', 'm', 'e', 'r', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "paymill.com", true */ 'p', 'a', 'y', 'm', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "paymill.de", true */ 'p', 'a', 'y', 'm', 'i', 'l', 'l', '.', 'd', 'e', '\0', + /* "payoff.com", true */ 'p', 'a', 'y', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "paypal.com", false */ 'p', 'a', 'y', 'p', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "paypaq.com", true */ 'p', 'a', 'y', 'p', 'a', 'q', '.', 'c', 'o', 'm', '\0', + /* "paypro.nl", false */ 'p', 'a', 'y', 'p', 'r', 'o', '.', 'n', 'l', '\0', + /* "payroll.xero.com", false */ 'p', 'a', 'y', 'r', 'o', 'l', 'l', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "payrollhive.com", true */ 'p', 'a', 'y', 'r', 'o', 'l', 'l', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "paysera.com", false */ 'p', 'a', 'y', 's', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "payslipview.com", true */ 'p', 'a', 'y', 's', 'l', 'i', 'p', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "payssaintgilles.fr", true */ 'p', 'a', 'y', 's', 's', 'a', 'i', 'n', 't', 'g', 'i', 'l', 'l', 'e', 's', '.', 'f', 'r', '\0', + /* "paystack.com", true */ 'p', 'a', 'y', 's', 't', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "paytm.in", true */ 'p', 'a', 'y', 't', 'm', '.', 'i', 'n', '\0', + /* "payupay.ru", true */ 'p', 'a', 'y', 'u', 'p', 'a', 'y', '.', 'r', 'u', '\0', + /* "payzang.com", true */ 'p', 'a', 'y', 'z', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "pback.se", true */ 'p', 'b', 'a', 'c', 'k', '.', 's', 'e', '\0', + /* "pbcknd.ml", true */ 'p', 'b', 'c', 'k', 'n', 'd', '.', 'm', 'l', '\0', + /* "pbosquet.com", true */ 'p', 'b', 'o', 's', 'q', 'u', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "pbourhis.me", true */ 'p', 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'm', 'e', '\0', + /* "pbqs.site", true */ 'p', 'b', 'q', 's', '.', 's', 'i', 't', 'e', '\0', + /* "pbraunschdash.com", true */ 'p', 'b', 'r', 'a', 'u', 'n', 's', 'c', 'h', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "pbreen.co.uk", true */ 'p', 'b', 'r', 'e', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pbrumby.com", true */ 'p', 'b', 'r', 'u', 'm', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "pbscreens.com", true */ 'p', 'b', 's', 'c', 'r', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "pbytes.com", true */ 'p', 'b', 'y', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "pbz.im", true */ 'p', 'b', 'z', '.', 'i', 'm', '\0', + /* "pc-rescue.me", true */ 'p', 'c', '-', 'r', 'e', 's', 'c', 'u', 'e', '.', 'm', 'e', '\0', + /* "pc-tweak.de", true */ 'p', 'c', '-', 't', 'w', 'e', 'a', 'k', '.', 'd', 'e', '\0', + /* "pcbricole.fr", true */ 'p', 'c', 'b', 'r', 'i', 'c', 'o', 'l', 'e', '.', 'f', 'r', '\0', + /* "pccentral.nl", true */ 'p', 'c', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'n', 'l', '\0', + /* "pcel.com", true */ 'p', 'c', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "pcf92.fr", true */ 'p', 'c', 'f', '9', '2', '.', 'f', 'r', '\0', + /* "pcfeuerwehr.de", true */ 'p', 'c', 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '.', 'd', 'e', '\0', + /* "pcforum.sk", true */ 'p', 'c', 'f', 'o', 'r', 'u', 'm', '.', 's', 'k', '\0', + /* "pcgamingfreaks.at", true */ 'p', 'c', 'g', 'a', 'm', 'i', 'n', 'g', 'f', 'r', 'e', 'a', 'k', 's', '.', 'a', 't', '\0', + /* "pchelpforum.net", true */ 'p', 'c', 'h', 'e', 'l', 'p', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "pciconcursos.com.br", true */ 'p', 'c', 'i', 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pcipac.com", true */ 'p', 'c', 'i', 'p', 'a', 'c', '.', 'c', 'o', 'm', '\0', + /* "pclaeuft.de", true */ 'p', 'c', 'l', 'a', 'e', 'u', 'f', 't', '.', 'd', 'e', '\0', + /* "pclob.gov", false */ 'p', 'c', 'l', 'o', 'b', '.', 'g', 'o', 'v', '\0', + /* "pcloud.com", true */ 'p', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "pcmkrembangan.or.id", true */ 'p', 'c', 'm', 'k', 'r', 'e', 'm', 'b', 'a', 'n', 'g', 'a', 'n', '.', 'o', 'r', '.', 'i', 'd', '\0', + /* "pcnotdienst-oldenburg-rastede.de", true */ 'p', 'c', 'n', 'o', 't', 'd', 'i', 'e', 'n', 's', 't', '-', 'o', 'l', 'd', 'e', 'n', 'b', 'u', 'r', 'g', '-', 'r', 'a', 's', 't', 'e', 'd', 'e', '.', 'd', 'e', '\0', + /* "pcrypt.org", true */ 'p', 'c', 'r', 'y', 'p', 't', '.', 'o', 'r', 'g', '\0', + /* "pctonic.net", true */ 'p', 'c', 't', 'o', 'n', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "pctrouble.net", true */ 'p', 'c', 't', 'r', 'o', 'u', 'b', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "pcxserver.com", false */ 'p', 'c', 'x', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "pdfconvert.me", true */ 'p', 'd', 'f', 'c', 'o', 'n', 'v', 'e', 'r', 't', '.', 'm', 'e', '\0', + /* "pdfmint.com", true */ 'p', 'd', 'f', 'm', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "pdfresizer.com", true */ 'p', 'd', 'f', 'r', 'e', 's', 'i', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "pdox.net", true */ 'p', 'd', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "pdthings.net", true */ 'p', 'd', 't', 'h', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0', + /* "pe.search.yahoo.com", false */ 'p', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "peak-careers.com", true */ 'p', 'e', 'a', 'k', '-', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "peaksloth.com", true */ 'p', 'e', 'a', 'k', 's', 'l', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "peanutbase.org", true */ 'p', 'e', 'a', 'n', 'u', 't', 'b', 'a', 's', 'e', '.', 'o', 'r', 'g', '\0', + /* "peanutproductionsnyc.com", true */ 'p', 'e', 'a', 'n', 'u', 't', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', 'n', 'y', 'c', '.', 'c', 'o', 'm', '\0', + /* "pearbloom.com", true */ 'p', 'e', 'a', 'r', 'b', 'l', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "pebbles.net.in", true */ 'p', 'e', 'b', 'b', 'l', 'e', 's', '.', 'n', 'e', 't', '.', 'i', 'n', '\0', + /* "pecker-johnson.com", true */ 'p', 'e', 'c', 'k', 'e', 'r', '-', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "pecot.fr", true */ 'p', 'e', 'c', 'o', 't', '.', 'f', 'r', '\0', + /* "pedicurean.nl", true */ 'p', 'e', 'd', 'i', 'c', 'u', 'r', 'e', 'a', 'n', '.', 'n', 'l', '\0', + /* "pedicureduiven.nl", true */ 'p', 'e', 'd', 'i', 'c', 'u', 'r', 'e', 'd', 'u', 'i', 'v', 'e', 'n', '.', 'n', 'l', '\0', + /* "pedidamanosevilla.com", true */ 'p', 'e', 'd', 'i', 'd', 'a', 'm', 'a', 'n', 'o', 's', 'e', 'v', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "pedimoda.com.br", true */ 'p', 'e', 'd', 'i', 'm', 'o', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pedrosaurus.com", true */ 'p', 'e', 'd', 'r', 'o', 's', 'a', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "pedrosluiter.nl", true */ 'p', 'e', 'd', 'r', 'o', 's', 'l', 'u', 'i', 't', 'e', 'r', '.', 'n', 'l', '\0', + /* "pedroventura.com", false */ 'p', 'e', 'd', 'r', 'o', 'v', 'e', 'n', 't', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "peeekaaabooo.com", true */ 'p', 'e', 'e', 'e', 'k', 'a', 'a', 'a', 'b', 'o', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "peekier.com", true */ 'p', 'e', 'e', 'k', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "peep.gq", true */ 'p', 'e', 'e', 'p', '.', 'g', 'q', '\0', + /* "peercraft.at", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'a', 't', '\0', + /* "peercraft.be", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'b', 'e', '\0', + /* "peercraft.biz", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'b', 'i', 'z', '\0', + /* "peercraft.ch", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'h', '\0', + /* "peercraft.cn", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'n', '\0', + /* "peercraft.co.uk", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "peercraft.com", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "peercraft.de", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'd', 'e', '\0', + /* "peercraft.dk", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'd', 'k', '\0', + /* "peercraft.es", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'e', 's', '\0', + /* "peercraft.eu", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'e', 'u', '\0', + /* "peercraft.fr", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'f', 'r', '\0', + /* "peercraft.info", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "peercraft.it", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'i', 't', '\0', + /* "peercraft.net", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "peercraft.nl", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'l', '\0', + /* "peercraft.org", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'o', 'r', 'g', '\0', + /* "peercraft.pl", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'p', 'l', '\0', + /* "peercraft.pt", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'p', 't', '\0', + /* "peercraft.se", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 's', 'e', '\0', + /* "peercraft.us", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'u', 's', '\0', + /* "peerless.ae", true */ 'p', 'e', 'e', 'r', 'l', 'e', 's', 's', '.', 'a', 'e', '\0', + /* "peername.com", true */ 'p', 'e', 'e', 'r', 'n', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "peervpn.net", true */ 'p', 'e', 'e', 'r', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0', + /* "peetah.com", true */ 'p', 'e', 'e', 't', 'a', 'h', '.', 'c', 'o', 'm', '\0', + /* "peeters.io", true */ 'p', 'e', 'e', 't', 'e', 'r', 's', '.', 'i', 'o', '\0', + /* "peg.nu", true */ 'p', 'e', 'g', '.', 'n', 'u', '\0', + /* "pegas-studio.net", true */ 'p', 'e', 'g', 'a', 's', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'n', 'e', 't', '\0', + /* "pehapkari.cz", true */ 'p', 'e', 'h', 'a', 'p', 'k', 'a', 'r', 'i', '.', 'c', 'z', '\0', + /* "peifi.de", false */ 'p', 'e', 'i', 'f', 'i', '.', 'd', 'e', '\0', + /* "peippo.at", true */ 'p', 'e', 'i', 'p', 'p', 'o', '.', 'a', 't', '\0', + /* "pekkapleppanen.fi", true */ 'p', 'e', 'k', 'k', 'a', 'p', 'l', 'e', 'p', 'p', 'a', 'n', 'e', 'n', '.', 'f', 'i', '\0', + /* "pekoe.se", true */ 'p', 'e', 'k', 'o', 'e', '.', 's', 'e', '\0', + /* "pelanucto.cz", true */ 'p', 'e', 'l', 'a', 'n', 'u', 'c', 't', 'o', '.', 'c', 'z', '\0', + /* "pelican.ie", true */ 'p', 'e', 'l', 'i', 'c', 'a', 'n', '.', 'i', 'e', '\0', + /* "pelletsprice.com", true */ 'p', 'e', 'l', 'l', 'e', 't', 's', 'p', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "pelopogrund.com", true */ 'p', 'e', 'l', 'o', 'p', 'o', 'g', 'r', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "pelopoplot.com", true */ 'p', 'e', 'l', 'o', 'p', 'o', 'p', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "pemagrid.org", true */ 'p', 'e', 'm', 'a', 'g', 'r', 'i', 'd', '.', 'o', 'r', 'g', '\0', + /* "penaugustin.com", true */ 'p', 'e', 'n', 'a', 'u', 'g', 'u', 's', 't', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "pencepay.com", true */ 'p', 'e', 'n', 'c', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "pencillab.cn", true */ 'p', 'e', 'n', 'c', 'i', 'l', 'l', 'a', 'b', '.', 'c', 'n', '\0', + /* "penetrationstest.se", true */ 'p', 'e', 'n', 'e', 't', 'r', 'a', 't', 'i', 'o', 'n', 's', 't', 'e', 's', 't', '.', 's', 'e', '\0', + /* "penfold.fr", true */ 'p', 'e', 'n', 'f', 'o', 'l', 'd', '.', 'f', 'r', '\0', + /* "pengi.me", true */ 'p', 'e', 'n', 'g', 'i', '.', 'm', 'e', '\0', + /* "pennergold.net", true */ 'p', 'e', 'n', 'n', 'e', 'r', 'g', 'o', 'l', 'd', '.', 'n', 'e', 't', '\0', + /* "pennyapp.io", true */ 'p', 'e', 'n', 'n', 'y', 'a', 'p', 'p', '.', 'i', 'o', '\0', + /* "pennyparkerpaper.com", true */ 'p', 'e', 'n', 'n', 'y', 'p', 'a', 'r', 'k', 'e', 'r', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "penrithapartments.com.au", true */ 'p', 'e', 'n', 'r', 'i', 't', 'h', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "pensacolawinterfest.org", true */ 'p', 'e', 'n', 's', 'a', 'c', 'o', 'l', 'a', 'w', 'i', 'n', 't', 'e', 'r', 'f', 'e', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "pensador.com", true */ 'p', 'e', 'n', 's', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "pensador.info", true */ 'p', 'e', 'n', 's', 'a', 'd', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "pensioenfonds-ey.nl", true */ 'p', 'e', 'n', 's', 'i', 'o', 'e', 'n', 'f', 'o', 'n', 'd', 's', '-', 'e', 'y', '.', 'n', 'l', '\0', + /* "pension-veldzigt.nl", true */ 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 'v', 'e', 'l', 'd', 'z', 'i', 'g', 't', '.', 'n', 'l', '\0', + /* "pension-waldesruh.de", true */ 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 'w', 'a', 'l', 'd', 'e', 's', 'r', 'u', 'h', '.', 'd', 'e', '\0', + /* "pensiunealido.ro", true */ 'p', 'e', 'n', 's', 'i', 'u', 'n', 'e', 'a', 'l', 'i', 'd', 'o', '.', 'r', 'o', '\0', + /* "pentandra.com", true */ 'p', 'e', 'n', 't', 'a', 'n', 'd', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "pentest.blog", true */ 'p', 'e', 'n', 't', 'e', 's', 't', '.', 'b', 'l', 'o', 'g', '\0', + /* "pentest.nl", true */ 'p', 'e', 'n', 't', 'e', 's', 't', '.', 'n', 'l', '\0', + /* "pentesterlab.com", true */ 'p', 'e', 'n', 't', 'e', 's', 't', 'e', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "penticton.photography", true */ 'p', 'e', 'n', 't', 'i', 'c', 't', 'o', 'n', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0', + /* "penz.media", true */ 'p', 'e', 'n', 'z', '.', 'm', 'e', 'd', 'i', 'a', '\0', + /* "peoplelikemeapp.com", true */ 'p', 'e', 'o', 'p', 'l', 'e', 'l', 'i', 'k', 'e', 'm', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "peoplesbankal.com", true */ 'p', 'e', 'o', 'p', 'l', 'e', 's', 'b', 'a', 'n', 'k', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "pepemodelismo.com.br", true */ 'p', 'e', 'p', 'e', 'm', 'o', 'd', 'e', 'l', 'i', 's', 'm', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "peplog.nl", true */ 'p', 'e', 'p', 'l', 'o', 'g', '.', 'n', 'l', '\0', + /* "pepwaterproofing.com", true */ 'p', 'e', 'p', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "per-pedes.at", true */ 'p', 'e', 'r', '-', 'p', 'e', 'd', 'e', 's', '.', 'a', 't', '\0', + /* "pera.gs", true */ 'p', 'e', 'r', 'a', '.', 'g', 's', '\0', + /* "peraparker.cz", true */ 'p', 'e', 'r', 'a', 'p', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'z', '\0', + /* "percolate.com", true */ 'p', 'e', 'r', 'c', 'o', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "percraft.com", true */ 'p', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "percy.io", true */ 'p', 'e', 'r', 'c', 'y', '.', 'i', 'o', '\0', + /* "perd.re", true */ 'p', 'e', 'r', 'd', '.', 'r', 'e', '\0', + /* "perecraft.com", true */ 'p', 'e', 'r', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "pereuda.com", true */ 'p', 'e', 'r', 'e', 'u', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "perezdecastro.org", true */ 'p', 'e', 'r', 'e', 'z', 'd', 'e', 'c', 'a', 's', 't', 'r', 'o', '.', 'o', 'r', 'g', '\0', + /* "perfect.in.th", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', '.', 'i', 'n', '.', 't', 'h', '\0', + /* "perfectbalance.tech", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'b', 'a', 'l', 'a', 'n', 'c', 'e', '.', 't', 'e', 'c', 'h', '\0', + /* "perfectcloud.org", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'r', 'g', '\0', + /* "perfectionunite.com", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "perfectoparty.co.uk", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'o', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "perfectsnap.co.uk", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 's', 'n', 'a', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "perfektesgewicht.com", true */ 'p', 'e', 'r', 'f', 'e', 'k', 't', 'e', 's', 'g', 'e', 'w', 'i', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "perfektesgewicht.de", true */ 'p', 'e', 'r', 'f', 'e', 'k', 't', 'e', 's', 'g', 'e', 'w', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "performancesantafe.org", true */ 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'a', 'n', 'c', 'e', 's', 'a', 'n', 't', 'a', 'f', 'e', '.', 'o', 'r', 'g', '\0', + /* "performaride.com.au", true */ 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'a', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "performetric.net", true */ 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'e', 't', 'r', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "perfumeaz.com", true */ 'p', 'e', 'r', 'f', 'u', 'm', 'e', 'a', 'z', '.', 'c', 'o', 'm', '\0', + /* "perfumes.com.br", true */ 'p', 'e', 'r', 'f', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "periodismoactual.com", true */ 'p', 'e', 'r', 'i', 'o', 'd', 'i', 's', 'm', 'o', 'a', 'c', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "periscope.tv", true */ 'p', 'e', 'r', 'i', 's', 'c', 'o', 'p', 'e', '.', 't', 'v', '\0', + /* "perishablepress.com", true */ 'p', 'e', 'r', 'i', 's', 'h', 'a', 'b', 'l', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "perm-jur.ch", true */ 'p', 'e', 'r', 'm', '-', 'j', 'u', 'r', '.', 'c', 'h', '\0', + /* "perm-juridique.ch", true */ 'p', 'e', 'r', 'm', '-', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0', + /* "perm4.com", true */ 'p', 'e', 'r', 'm', '4', '.', 'c', 'o', 'm', '\0', + /* "permanence-juridique.com", true */ 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 'c', 'e', '-', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "permanencejuridique-ge.ch", true */ 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 'c', 'e', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '-', 'g', 'e', '.', 'c', 'h', '\0', + /* "permanencejuridique.com", true */ 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 'c', 'e', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "perniciousgames.com", true */ 'p', 'e', 'r', 'n', 'i', 'c', 'i', 'o', 'u', 's', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "peromsik.com", true */ 'p', 'e', 'r', 'o', 'm', 's', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "perot.me", true */ 'p', 'e', 'r', 'o', 't', '.', 'm', 'e', '\0', + /* "perpetualemotion.com", true */ 'p', 'e', 'r', 'p', 'e', 't', 'u', 'a', 'l', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "perrau.lt", true */ 'p', 'e', 'r', 'r', 'a', 'u', '.', 'l', 't', '\0', + /* "perrone.co", true */ 'p', 'e', 'r', 'r', 'o', 'n', 'e', '.', 'c', 'o', '\0', + /* "perroquet-passion.ch", true */ 'p', 'e', 'r', 'r', 'o', 'q', 'u', 'e', 't', '-', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "personal-genome.com", true */ 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', '-', 'g', 'e', 'n', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "personcar.com.br", true */ 'p', 'e', 'r', 's', 'o', 'n', 'c', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "personnedisparue.fr", true */ 'p', 'e', 'r', 's', 'o', 'n', 'n', 'e', 'd', 'i', 's', 'p', 'a', 'r', 'u', 'e', '.', 'f', 'r', '\0', + /* "perspectivum.com", true */ 'p', 'e', 'r', 's', 'p', 'e', 'c', 't', 'i', 'v', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "perspektivwechsel-coaching.de", true */ 'p', 'e', 'r', 's', 'p', 'e', 'k', 't', 'i', 'v', 'w', 'e', 'c', 'h', 's', 'e', 'l', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "persson.im", true */ 'p', 'e', 'r', 's', 's', 'o', 'n', '.', 'i', 'm', '\0', + /* "persson.me", true */ 'p', 'e', 'r', 's', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "perucasestoril.com.br", true */ 'p', 'e', 'r', 'u', 'c', 'a', 's', 'e', 's', 't', 'o', 'r', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pervacio.hu", true */ 'p', 'e', 'r', 'v', 'a', 'c', 'i', 'o', '.', 'h', 'u', '\0', + /* "perzeidi.hr", true */ 'p', 'e', 'r', 'z', 'e', 'i', 'd', 'i', '.', 'h', 'r', '\0', + /* "pestici.de", true */ 'p', 'e', 's', 't', 'i', 'c', 'i', '.', 'd', 'e', '\0', + /* "pet-hotel-mura.net", true */ 'p', 'e', 't', '-', 'h', 'o', 't', 'e', 'l', '-', 'm', 'u', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "pet-life.top", true */ 'p', 'e', 't', '-', 'l', 'i', 'f', 'e', '.', 't', 'o', 'p', '\0', + /* "petabits.de", true */ 'p', 'e', 't', 'a', 'b', 'i', 't', 's', '.', 'd', 'e', '\0', + /* "petangen.se", true */ 'p', 'e', 't', 'a', 'n', 'g', 'e', 'n', '.', 's', 'e', '\0', + /* "petcarvers.com", true */ 'p', 'e', 't', 'c', 'a', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "petelew.is", true */ 'p', 'e', 't', 'e', 'l', 'e', 'w', '.', 'i', 's', '\0', + /* "peter.org.ua", true */ 'p', 'e', 't', 'e', 'r', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0', + /* "peterandjoelle.co.uk", true */ 'p', 'e', 't', 'e', 'r', 'a', 'n', 'd', 'j', 'o', 'e', 'l', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "peterboers.info", true */ 'p', 'e', 't', 'e', 'r', 'b', 'o', 'e', 'r', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "peterdavehello.org", true */ 'p', 'e', 't', 'e', 'r', 'd', 'a', 'v', 'e', 'h', 'e', 'l', 'l', 'o', '.', 'o', 'r', 'g', '\0', + /* "peterfolta.net", true */ 'p', 'e', 't', 'e', 'r', 'f', 'o', 'l', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "peterhuetz.at", true */ 'p', 'e', 't', 'e', 'r', 'h', 'u', 'e', 't', 'z', '.', 'a', 't', '\0', + /* "peterhuetz.com", true */ 'p', 'e', 't', 'e', 'r', 'h', 'u', 'e', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "peterjohnson.io", true */ 'p', 'e', 't', 'e', 'r', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'i', 'o', '\0', + /* "peterlew.is", true */ 'p', 'e', 't', 'e', 'r', 'l', 'e', 'w', '.', 'i', 's', '\0', + /* "peternagy.ie", true */ 'p', 'e', 't', 'e', 'r', 'n', 'a', 'g', 'y', '.', 'i', 'e', '\0', + /* "petersontoscano.com", true */ 'p', 'e', 't', 'e', 'r', 's', 'o', 'n', 't', 'o', 's', 'c', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "pethelpers.org", true */ 'p', 'e', 't', 'h', 'e', 'l', 'p', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "petite-maison.ch", true */ 'p', 'e', 't', 'i', 't', 'e', '-', 'm', 'a', 'i', 's', 'o', 'n', '.', 'c', 'h', '\0', + /* "petitsfrenchies.com", true */ 'p', 'e', 't', 'i', 't', 's', 'f', 'r', 'e', 'n', 'c', 'h', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "petja.me", false */ 'p', 'e', 't', 'j', 'a', '.', 'm', 'e', '\0', + /* "petko.me", true */ 'p', 'e', 't', 'k', 'o', '.', 'm', 'e', '\0', + /* "petlife.vet", true */ 'p', 'e', 't', 'l', 'i', 'f', 'e', '.', 'v', 'e', 't', '\0', + /* "petmall.bg", true */ 'p', 'e', 't', 'm', 'a', 'l', 'l', '.', 'b', 'g', '\0', + /* "petofiprogram.hu", true */ 'p', 'e', 't', 'o', 'f', 'i', 'p', 'r', 'o', 'g', 'r', 'a', 'm', '.', 'h', 'u', '\0', + /* "petplus.com", true */ 'p', 'e', 't', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "petpost.co.nz", false */ 'p', 'e', 't', 'p', 'o', 's', 't', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "petrachuk.ru", true */ 'p', 'e', 't', 'r', 'a', 'c', 'h', 'u', 'k', '.', 'r', 'u', '\0', + /* "petrasestakova.cz", true */ 'p', 'e', 't', 'r', 'a', 's', 'e', 's', 't', 'a', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0', + /* "petroscand.eu", true */ 'p', 'e', 't', 'r', 'o', 's', 'c', 'a', 'n', 'd', '.', 'e', 'u', '\0', + /* "petruzz.net", true */ 'p', 'e', 't', 'r', 'u', 'z', 'z', '.', 'n', 'e', 't', '\0', + /* "pettitcoat.com", true */ 'p', 'e', 't', 't', 'i', 't', 'c', 'o', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "petwall.info", true */ 'p', 'e', 't', 'w', 'a', 'l', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "peuterspeelzaalhoekvanholland.nl", true */ 'p', 'e', 'u', 't', 'e', 'r', 's', 'p', 'e', 'e', 'l', 'z', 'a', 'a', 'l', 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "pex.digital", true */ 'p', 'e', 'x', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "peyote.com", true */ 'p', 'e', 'y', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "peyote.org", true */ 'p', 'e', 'y', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "pfa.or.jp", true */ 'p', 'f', 'a', '.', 'o', 'r', '.', 'j', 'p', '\0', + /* "pfadfinder-aurich.de", true */ 'p', 'f', 'a', 'd', 'f', 'i', 'n', 'd', 'e', 'r', '-', 'a', 'u', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "pfadfinder-grossauheim.de", true */ 'p', 'f', 'a', 'd', 'f', 'i', 'n', 'd', 'e', 'r', '-', 'g', 'r', 'o', 's', 's', 'a', 'u', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0', + /* "pfarchimedes-pensioen123.nl", true */ 'p', 'f', 'a', 'r', 'c', 'h', 'i', 'm', 'e', 'd', 'e', 's', '-', 'p', 'e', 'n', 's', 'i', 'o', 'e', 'n', '1', '2', '3', '.', 'n', 'l', '\0', + /* "pfd-nz.com", false */ 'p', 'f', 'd', '-', 'n', 'z', '.', 'c', 'o', 'm', '\0', + /* "pferdeeinstreu-kaufen.com", true */ 'p', 'f', 'e', 'r', 'd', 'e', 'e', 'i', 'n', 's', 't', 'r', 'e', 'u', '-', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "pfeuffer-elektro.de", true */ 'p', 'f', 'e', 'u', 'f', 'f', 'e', 'r', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0', + /* "pfft.net", true */ 'p', 'f', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "pfmeasure.com", true */ 'p', 'f', 'm', 'e', 'a', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "pfo.io", true */ 'p', 'f', 'o', '.', 'i', 'o', '\0', + /* "pfolta.net", true */ 'p', 'f', 'o', 'l', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "pfudor.tk", true */ 'p', 'f', 'u', 'd', 'o', 'r', '.', 't', 'k', '\0', + /* "pg-forum.de", true */ 'p', 'g', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "pgmann.cf", true */ 'p', 'g', 'm', 'a', 'n', 'n', '.', 'c', 'f', '\0', + /* "pgnetwork.net", true */ 'p', 'g', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "pgpmail.cc", true */ 'p', 'g', 'p', 'm', 'a', 'i', 'l', '.', 'c', 'c', '\0', + /* "pgregg.com", false */ 'p', 'g', 'r', 'e', 'g', 'g', '.', 'c', 'o', 'm', '\0', + /* "ph-blog.de", true */ 'p', 'h', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "ph.search.yahoo.com", false */ 'p', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "phantasie.cc", true */ 'p', 'h', 'a', 'n', 't', 'a', 's', 'i', 'e', '.', 'c', 'c', '\0', + /* "phantastikon.de", true */ 'p', 'h', 'a', 'n', 't', 'a', 's', 't', 'i', 'k', 'o', 'n', '.', 'd', 'e', '\0', + /* "pharma-display.com", true */ 'p', 'h', 'a', 'r', 'm', 'a', '-', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "pharmaabsoluta.com.br", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'a', 'b', 's', 'o', 'l', 'u', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pharmaboard.de", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "pharmaboard.org", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'b', 'o', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "pharmacieplusfm.ch", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'i', 'e', 'p', 'l', 'u', 's', 'f', 'm', '.', 'c', 'h', '\0', + /* "pharmafoto.ch", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0', + /* "pharmaphoto.ch", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'p', 'h', 'o', 't', 'o', '.', 'c', 'h', '\0', + /* "pharmapolitics.com", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'p', 'o', 'l', 'i', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "pharynks.com", true */ 'p', 'h', 'a', 'r', 'y', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "phasme-2016.com", true */ 'p', 'h', 'a', 's', 'm', 'e', '-', '2', '0', '1', '6', '.', 'c', 'o', 'm', '\0', + /* "phcimages.com", true */ 'p', 'h', 'c', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "phcmembers.com", true */ 'p', 'h', 'c', 'm', 'e', 'm', 'b', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "phcnetworks.net", true */ 'p', 'h', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "phcorner.net", true */ 'p', 'h', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "phdhub.it", true */ 'p', 'h', 'd', 'h', 'u', 'b', '.', 'i', 't', '\0', + /* "phelx.de", true */ 'p', 'h', 'e', 'l', 'x', '.', 'd', 'e', '\0', + /* "phenomeno-porto.com", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', '-', 'p', 'o', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "phenomeno.nl", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', '.', 'n', 'l', '\0', + /* "phenomenoporto.com", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', 'p', 'o', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "phenomenoporto.nl", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', 'p', 'o', 'r', 't', 'o', '.', 'n', 'l', '\0', + /* "phget.com", true */ 'p', 'h', 'g', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "phi-works.com", true */ 'p', 'h', 'i', '-', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "phialo.de", true */ 'p', 'h', 'i', 'a', 'l', 'o', '.', 'd', 'e', '\0', + /* "phil-phillies.com", true */ 'p', 'h', 'i', 'l', '-', 'p', 'h', 'i', 'l', 'l', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "philadelphia.com.mx", true */ 'p', 'h', 'i', 'l', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "philadelphiadancefoundation.org", true */ 'p', 'h', 'i', 'l', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', 'd', 'a', 'n', 'c', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "philia-sa.com", true */ 'p', 'h', 'i', 'l', 'i', 'a', '-', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "philipdb.com", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "philipkohn.com", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'k', 'o', 'h', 'n', '.', 'c', 'o', 'm', '\0', + /* "philipmordue.co.uk", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'm', 'o', 'r', 'd', 'u', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "philippbirkholz.com", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'b', 'i', 'r', 'k', 'h', 'o', 'l', 'z', '.', 'c', 'o', 'm', '\0', + /* "philippbirkholz.de", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'b', 'i', 'r', 'k', 'h', 'o', 'l', 'z', '.', 'd', 'e', '\0', + /* "philippe-mignotte.fr", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'e', '-', 'm', 'i', 'g', 'n', 'o', 't', 't', 'e', '.', 'f', 'r', '\0', + /* "philippebonnard.fr", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'e', 'b', 'o', 'n', 'n', 'a', 'r', 'd', '.', 'f', 'r', '\0', + /* "philipperoose.be", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'e', 'r', 'o', 'o', 's', 'e', '.', 'b', 'e', '\0', + /* "philippheenen.de", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'h', 'e', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0', + /* "philippkeschl.at", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'k', 'e', 's', 'c', 'h', 'l', '.', 'a', 't', '\0', + /* "phillipgoldfarb.com", true */ 'p', 'h', 'i', 'l', 'l', 'i', 'p', 'g', 'o', 'l', 'd', 'f', 'a', 'r', 'b', '.', 'c', 'o', 'm', '\0', + /* "phillippi.me", true */ 'p', 'h', 'i', 'l', 'l', 'i', 'p', 'p', 'i', '.', 'm', 'e', '\0', + /* "phillprice.com", true */ 'p', 'h', 'i', 'l', 'l', 'p', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "philonas.net", true */ 'p', 'h', 'i', 'l', 'o', 'n', 'a', 's', '.', 'n', 'e', 't', '\0', + /* "philosoftware.com.br", true */ 'p', 'h', 'i', 'l', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "philosopherswool.com", true */ 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'e', 'r', 's', 'w', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "philosophyguides.org", true */ 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'y', 'g', 'u', 'i', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "philphonic.de", true */ 'p', 'h', 'i', 'l', 'p', 'h', 'o', 'n', 'i', 'c', '.', 'd', 'e', '\0', + /* "philsturgeon.uk", true */ 'p', 'h', 'i', 'l', 's', 't', 'u', 'r', 'g', 'e', 'o', 'n', '.', 'u', 'k', '\0', + /* "philux.ch", true */ 'p', 'h', 'i', 'l', 'u', 'x', '.', 'c', 'h', '\0', + /* "phippsreporting.com", true */ 'p', 'h', 'i', 'p', 'p', 's', 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "phishingusertraining.com", true */ 'p', 'h', 'i', 's', 'h', 'i', 'n', 'g', 'u', 's', 'e', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "phocean.net", true */ 'p', 'h', 'o', 'c', 'e', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "phoenix.dj", true */ 'p', 'h', 'o', 'e', 'n', 'i', 'x', '.', 'd', 'j', '\0', + /* "phoenixlogan.com", true */ 'p', 'h', 'o', 'e', 'n', 'i', 'x', 'l', 'o', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "phone-service-center.de", true */ 'p', 'h', 'o', 'n', 'e', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "phood.be", true */ 'p', 'h', 'o', 'o', 'd', '.', 'b', 'e', '\0', + /* "phormance.com", true */ 'p', 'h', 'o', 'r', 'm', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "phosagro.biz", true */ 'p', 'h', 'o', 's', 'a', 'g', 'r', 'o', '.', 'b', 'i', 'z', '\0', + /* "phosagro.com", true */ 'p', 'h', 'o', 's', 'a', 'g', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "phosagro.ru", true */ 'p', 'h', 'o', 's', 'a', 'g', 'r', 'o', '.', 'r', 'u', '\0', + /* "photistic.org", true */ 'p', 'h', 'o', 't', 'i', 's', 't', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "photo-livesearch.com", true */ 'p', 'h', 'o', 't', 'o', '-', 'l', 'i', 'v', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "photo-paysage.com", true */ 'p', 'h', 'o', 't', 'o', '-', 'p', 'a', 'y', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "photo.org.il", true */ 'p', 'h', 'o', 't', 'o', '.', 'o', 'r', 'g', '.', 'i', 'l', '\0', + /* "photoancestry.com", true */ 'p', 'h', 'o', 't', 'o', 'a', 'n', 'c', 'e', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "photoartelle.com", true */ 'p', 'h', 'o', 't', 'o', 'a', 'r', 't', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "photodeal.fr", true */ 'p', 'h', 'o', 't', 'o', 'd', 'e', 'a', 'l', '.', 'f', 'r', '\0', + /* "photographe-reims.com", true */ 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '-', 'r', 'e', 'i', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "photographyforchange.com", true */ 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', 'f', 'o', 'r', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "photographyforchange.org", true */ 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', 'f', 'o', 'r', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "photolium.net", true */ 'p', 'h', 'o', 't', 'o', 'l', 'i', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "photomodelcasting.com", true */ 'p', 'h', 'o', 't', 'o', 'm', 'o', 'd', 'e', 'l', 'c', 'a', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "photon.sh", true */ 'p', 'h', 'o', 't', 'o', 'n', '.', 's', 'h', '\0', + /* "phototravel.uk", true */ 'p', 'h', 'o', 't', 'o', 't', 'r', 'a', 'v', 'e', 'l', '.', 'u', 'k', '\0', + /* "phototrio.com", true */ 'p', 'h', 'o', 't', 'o', 't', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "phoxmeh.com", true */ 'p', 'h', 'o', 'x', 'm', 'e', 'h', '.', 'c', 'o', 'm', '\0', + /* "php-tuning.de", true */ 'p', 'h', 'p', '-', 't', 'u', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "phparcade.com", true */ 'p', 'h', 'p', 'a', 'r', 'c', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "phpartners.org", true */ 'p', 'h', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "phpbbchinese.com", true */ 'p', 'h', 'p', 'b', 'b', 'c', 'h', 'i', 'n', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "phpdistribution.com", true */ 'p', 'h', 'p', 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "phpdorset.co.uk", true */ 'p', 'h', 'p', 'd', 'o', 'r', 's', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "phpkari.cz", true */ 'p', 'h', 'p', 'k', 'a', 'r', 'i', '.', 'c', 'z', '\0', + /* "phpliteadmin.org", true */ 'p', 'h', 'p', 'l', 'i', 't', 'e', 'a', 'd', 'm', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "phpmyadmin.net", true */ 'p', 'h', 'p', 'm', 'y', 'a', 'd', 'm', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "phpprime.com", true */ 'p', 'h', 'p', 'p', 'r', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "phpsecure.info", true */ 'p', 'h', 'p', 's', 'e', 'c', 'u', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "phra.gs", true */ 'p', 'h', 'r', 'a', '.', 'g', 's', '\0', + /* "phrive.space", true */ 'p', 'h', 'r', 'i', 'v', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "phryanjr.com", false */ 'p', 'h', 'r', 'y', 'a', 'n', 'j', 'r', '.', 'c', 'o', 'm', '\0', + /* "phryneas.de", true */ 'p', 'h', 'r', 'y', 'n', 'e', 'a', 's', '.', 'd', 'e', '\0', + /* "phuket-idc.com", true */ 'p', 'h', 'u', 'k', 'e', 't', '-', 'i', 'd', 'c', '.', 'c', 'o', 'm', '\0', + /* "phuket-idc.de", true */ 'p', 'h', 'u', 'k', 'e', 't', '-', 'i', 'd', 'c', '.', 'd', 'e', '\0', + /* "phunehehe.net", true */ 'p', 'h', 'u', 'n', 'e', 'h', 'e', 'h', 'e', '.', 'n', 'e', 't', '\0', + /* "phuong.faith", true */ 'p', 'h', 'u', 'o', 'n', 'g', '.', 'f', 'a', 'i', 't', 'h', '\0', + /* "phurl.de", true */ 'p', 'h', 'u', 'r', 'l', '.', 'd', 'e', '\0', + /* "phurl.io", true */ 'p', 'h', 'u', 'r', 'l', '.', 'i', 'o', '\0', + /* "phus.lu", true */ 'p', 'h', 'u', 's', '.', 'l', 'u', '\0', + /* "physicalism.com", true */ 'p', 'h', 'y', 's', 'i', 'c', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "physicalist.com", true */ 'p', 'h', 'y', 's', 'i', 'c', 'a', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "physiovesenaz.ch", true */ 'p', 'h', 'y', 's', 'i', 'o', 'v', 'e', 's', 'e', 'n', 'a', 'z', '.', 'c', 'h', '\0', + /* "pi-control.de", true */ 'p', 'i', '-', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'd', 'e', '\0', + /* "pi-dash.com", true */ 'p', 'i', '-', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "pi-supply.com", true */ 'p', 'i', '-', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "pianetaottica.com", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 'o', 't', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "pianetaottica.info", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 'o', 't', 't', 'i', 'c', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "pianetaottica.it", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 'o', 't', 't', 'i', 'c', 'a', '.', 'i', 't', '\0', + /* "pianetatatuaggi.it", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 't', 'a', 't', 'u', 'a', 'g', 'g', 'i', '.', 'i', 't', '\0', + /* "piatabrasil.com.br", true */ 'p', 'i', 'a', 't', 'a', 'b', 'r', 'a', 's', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "piatanoua.md", true */ 'p', 'i', 'a', 't', 'a', 'n', 'o', 'u', 'a', '.', 'm', 'd', '\0', + /* "pic.gov", true */ 'p', 'i', 'c', '.', 'g', 'o', 'v', '\0', + /* "pic.sr", true */ 'p', 'i', 'c', '.', 's', 'r', '\0', + /* "pic2map.com", true */ 'p', 'i', 'c', '2', 'm', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "piccirello.com", true */ 'p', 'i', 'c', 'c', 'i', 'r', 'e', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "piccolo-parties.co.uk", true */ 'p', 'i', 'c', 'c', 'o', 'l', 'o', '-', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pickme.nl", true */ 'p', 'i', 'c', 'k', 'm', 'e', '.', 'n', 'l', '\0', + /* "pickormix.co.uk", true */ 'p', 'i', 'c', 'k', 'o', 'r', 'm', 'i', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "picksin.club", true */ 'p', 'i', 'c', 'k', 's', 'i', 'n', '.', 'c', 'l', 'u', 'b', '\0', + /* "piclect.com", true */ 'p', 'i', 'c', 'l', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "picoauto.com", true */ 'p', 'i', 'c', 'o', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "picone.com.au", true */ 'p', 'i', 'c', 'o', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "piconepress.com", true */ 'p', 'i', 'c', 'o', 'n', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "picotech.com", true */ 'p', 'i', 'c', 'o', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "picotronic.de", true */ 'p', 'i', 'c', 'o', 't', 'r', 'o', 'n', 'i', 'c', '.', 'd', 'e', '\0', + /* "picsandtours.com", true */ 'p', 'i', 'c', 's', 'a', 'n', 'd', 't', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "picster.at", true */ 'p', 'i', 'c', 's', 't', 'e', 'r', '.', 'a', 't', '\0', + /* "picsto.re", true */ 'p', 'i', 'c', 's', 't', 'o', '.', 'r', 'e', '\0', + /* "pictr.nl", true */ 'p', 'i', 'c', 't', 'r', '.', 'n', 'l', '\0', + /* "picture.team", true */ 'p', 'i', 'c', 't', 'u', 'r', 'e', '.', 't', 'e', 'a', 'm', '\0', + /* "picturingjordan.com", true */ 'p', 'i', 'c', 't', 'u', 'r', 'i', 'n', 'g', 'j', 'o', 'r', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "pidginhost.com", true */ 'p', 'i', 'd', 'g', 'i', 'n', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "pidjipi.com", true */ 'p', 'i', 'd', 'j', 'i', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "pieceofme.be", false */ 'p', 'i', 'e', 'c', 'e', 'o', 'f', 'm', 'e', '.', 'b', 'e', '\0', + /* "piedfeed.com", true */ 'p', 'i', 'e', 'd', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "pieinsurance.com", true */ 'p', 'i', 'e', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "piekacz.co.uk", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "piekacz.eu.org", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "piekacz.net", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 'n', 'e', 't', '\0', + /* "piekacz.tel", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 't', 'e', 'l', '\0', + /* "piem.org", true */ 'p', 'i', 'e', 'm', '.', 'o', 'r', 'g', '\0', + /* "pieperhome.de", true */ 'p', 'i', 'e', 'p', 'e', 'r', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0', + /* "pieq.eu", true */ 'p', 'i', 'e', 'q', '.', 'e', 'u', '\0', + /* "pieq.eu.org", true */ 'p', 'i', 'e', 'q', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "pier28.com", true */ 'p', 'i', 'e', 'r', '2', '8', '.', 'c', 'o', 'm', '\0', + /* "piercing-store.com", true */ 'p', 'i', 'e', 'r', 'c', 'i', 'n', 'g', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "piercraft.com", true */ 'p', 'i', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "pierre-denoblens.net", true */ 'p', 'i', 'e', 'r', 'r', 'e', '-', 'd', 'e', 'n', 'o', 'b', 'l', 'e', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "pierre-schmitz.com", true */ 'p', 'i', 'e', 'r', 'r', 'e', '-', 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "pierrefv.com", true */ 'p', 'i', 'e', 'r', 'r', 'e', 'f', 'v', '.', 'c', 'o', 'm', '\0', + /* "pietawittermans.nl", true */ 'p', 'i', 'e', 't', 'a', 'w', 'i', 't', 't', 'e', 'r', 'm', 'a', 'n', 's', '.', 'n', 'l', '\0', + /* "pietechsf.com", true */ 'p', 'i', 'e', 't', 'e', 'c', 'h', 's', 'f', '.', 'c', 'o', 'm', '\0', + /* "pieterbos.nl", true */ 'p', 'i', 'e', 't', 'e', 'r', 'b', 'o', 's', '.', 'n', 'l', '\0', + /* "pietz.uk", true */ 'p', 'i', 'e', 't', 'z', '.', 'u', 'k', '\0', + /* "pigritia.de", true */ 'p', 'i', 'g', 'r', 'i', 't', 'i', 'a', '.', 'd', 'e', '\0', + /* "piils.fr", true */ 'p', 'i', 'i', 'l', 's', '.', 'f', 'r', '\0', + /* "pijuice.com", true */ 'p', 'i', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "pik.bzh", true */ 'p', 'i', 'k', '.', 'b', 'z', 'h', '\0', + /* "pikeitservices.com.au", true */ 'p', 'i', 'k', 'e', 'i', 't', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "pikmy.com", true */ 'p', 'i', 'k', 'm', 'y', '.', 'c', 'o', 'm', '\0', + /* "pilani.ch", true */ 'p', 'i', 'l', 'a', 'n', 'i', '.', 'c', 'h', '\0', + /* "pileofgarbage.net", true */ 'p', 'i', 'l', 'e', 'o', 'f', 'g', 'a', 'r', 'b', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0', + /* "piliszek.net", true */ 'p', 'i', 'l', 'i', 's', 'z', 'e', 'k', '.', 'n', 'e', 't', '\0', + /* "pill.id", true */ 'p', 'i', 'l', 'l', '.', 'i', 'd', '\0', + /* "pimhaarsma.nl", true */ 'p', 'i', 'm', 'h', 'a', 'a', 'r', 's', 'm', 'a', '.', 'n', 'l', '\0', + /* "pimhaarsmamedia.nl", true */ 'p', 'i', 'm', 'h', 'a', 'a', 'r', 's', 'm', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0', + /* "pimpmyperf.fr", true */ 'p', 'i', 'm', 'p', 'm', 'y', 'p', 'e', 'r', 'f', '.', 'f', 'r', '\0', + /* "pin.net.au", true */ 'p', 'i', 'n', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "pinceaux.org", true */ 'p', 'i', 'n', 'c', 'e', 'a', 'u', 'x', '.', 'o', 'r', 'g', '\0', + /* "pincha.com.tw", false */ 'p', 'i', 'n', 'c', 'h', 'a', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "pincodeit.com", true */ 'p', 'i', 'n', 'c', 'o', 'd', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "pindanutjes.be", false */ 'p', 'i', 'n', 'd', 'a', 'n', 'u', 't', 'j', 'e', 's', '.', 'b', 'e', '\0', + /* "pinemountainnursery.com.au", true */ 'p', 'i', 'n', 'e', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "pinemountbaptistchurch.org", true */ 'p', 'i', 'n', 'e', 'm', 'o', 'u', 'n', 't', 'b', 'a', 'p', 't', 'i', 's', 't', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "pinesandneedles.com", true */ 'p', 'i', 'n', 'e', 's', 'a', 'n', 'd', 'n', 'e', 'e', 'd', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "pingworks.com", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "pingworks.de", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0', + /* "pingworks.eu", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'e', 'u', '\0', + /* "pingworks.net", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "pinhadigital.com", true */ 'p', 'i', 'n', 'h', 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "pinimg.com", true */ 'p', 'i', 'n', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0', + /* "pinkapple.com", true */ 'p', 'i', 'n', 'k', 'a', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "pinkbike.com", true */ 'p', 'i', 'n', 'k', 'b', 'i', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "pinkcasino.co.uk", true */ 'p', 'i', 'n', 'k', 'c', 'a', 's', 'i', 'n', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pinkfis.ch", true */ 'p', 'i', 'n', 'k', 'f', 'i', 's', '.', 'c', 'h', '\0', + /* "pinkhq.com", true */ 'p', 'i', 'n', 'k', 'h', 'q', '.', 'c', 'o', 'm', '\0', + /* "pinkinked.com", true */ 'p', 'i', 'n', 'k', 'i', 'n', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "pinkladyapples.co.uk", true */ 'p', 'i', 'n', 'k', 'l', 'a', 'd', 'y', 'a', 'p', 'p', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pinklecfest.org", true */ 'p', 'i', 'n', 'k', 'l', 'e', 'c', 'f', 'e', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "pinnaclelife.co.nz", true */ 'p', 'i', 'n', 'n', 'a', 'c', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "pinnaclelife.nz", true */ 'p', 'i', 'n', 'n', 'a', 'c', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'n', 'z', '\0', + /* "pinnacles.com", true */ 'p', 'i', 'n', 'n', 'a', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "pinoyonlinetv.com", true */ 'p', 'i', 'n', 'o', 'y', 'o', 'n', 'l', 'i', 'n', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "pinpayments.com", true */ 'p', 'i', 'n', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "pinpointengineer.co.uk", true */ 'p', 'i', 'n', 'p', 'o', 'i', 'n', 't', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pinscher.com.br", true */ 'p', 'i', 'n', 's', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pinterest.at", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'a', 't', '\0', + /* "pinterest.co.uk", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pinterest.com", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "pinterest.de", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "pinterest.engineering", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0', + /* "pinterest.ie", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'i', 'e', '\0', + /* "pinterest.info", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "pinterest.jp", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'j', 'p', '\0', + /* "pipenny.net", true */ 'p', 'i', 'p', 'e', 'n', 'n', 'y', '.', 'n', 'e', 't', '\0', + /* "piranil.com", true */ 'p', 'i', 'r', 'a', 'n', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "pirate.trade", true */ 'p', 'i', 'r', 'a', 't', 'e', '.', 't', 'r', 'a', 'd', 'e', '\0', + /* "pirateahoy.eu", true */ 'p', 'i', 'r', 'a', 't', 'e', 'a', 'h', 'o', 'y', '.', 'e', 'u', '\0', + /* "piratebayproxy.tf", true */ 'p', 'i', 'r', 'a', 't', 'e', 'b', 'a', 'y', 'p', 'r', 'o', 'x', 'y', '.', 't', 'f', '\0', + /* "piraten-basel.ch", true */ 'p', 'i', 'r', 'a', 't', 'e', 'n', '-', 'b', 'a', 's', 'e', 'l', '.', 'c', 'h', '\0', + /* "piraten-bv-nord.de", true */ 'p', 'i', 'r', 'a', 't', 'e', 'n', '-', 'b', 'v', '-', 'n', 'o', 'r', 'd', '.', 'd', 'e', '\0', + /* "piratepay.io", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'a', 'y', '.', 'i', 'o', '\0', + /* "piratepay.ir", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'a', 'y', '.', 'i', 'r', '\0', + /* "pirateproxy.cam", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'a', 'm', '\0', + /* "pirateproxy.cat", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'a', 't', '\0', + /* "pirateproxy.cc", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'c', '\0', + /* "pirateproxy.ist", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'i', 's', 't', '\0', + /* "pirateproxy.la", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'l', 'a', '\0', + /* "pirateproxy.one", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'o', 'n', 'e', '\0', + /* "pirateproxy.pl", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'p', 'l', '\0', + /* "pirateproxy.pw", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'p', 'w', '\0', + /* "pirateproxy.red", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'r', 'e', 'd', '\0', + /* "pirateproxy.tf", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 't', 'f', '\0', + /* "pirateproxy.tv", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 't', 'v', '\0', + /* "piratesforums.co", true */ 'p', 'i', 'r', 'a', 't', 'e', 's', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', '\0', + /* "pires.ovh", true */ 'p', 'i', 'r', 'e', 's', '.', 'o', 'v', 'h', '\0', + /* "pirganj24.com", true */ 'p', 'i', 'r', 'g', 'a', 'n', 'j', '2', '4', '.', 'c', 'o', 'm', '\0', + /* "pirman.es", true */ 'p', 'i', 'r', 'm', 'a', 'n', '.', 'e', 's', '\0', + /* "pirxpilot.me", true */ 'p', 'i', 'r', 'x', 'p', 'i', 'l', 'o', 't', '.', 'm', 'e', '\0', + /* "piseach.be", true */ 'p', 'i', 's', 'e', 'a', 'c', 'h', '.', 'b', 'e', '\0', + /* "pissblau.com", true */ 'p', 'i', 's', 's', 'b', 'l', 'a', 'u', '.', 'c', 'o', 'm', '\0', + /* "pissflaps.co.uk", true */ 'p', 'i', 's', 's', 'f', 'l', 'a', 'p', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pisupp.ly", true */ 'p', 'i', 's', 'u', 'p', 'p', '.', 'l', 'y', '\0', + /* "pitchpinecapital.com", true */ 'p', 'i', 't', 'c', 'h', 'p', 'i', 'n', 'e', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "pitfire.io", true */ 'p', 'i', 't', 'f', 'i', 'r', 'e', '.', 'i', 'o', '\0', + /* "pitot-rs.org", true */ 'p', 'i', 't', 'o', 't', '-', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "pitsstop.nu", true */ 'p', 'i', 't', 's', 's', 't', 'o', 'p', '.', 'n', 'u', '\0', + /* "pittaya.com", true */ 'p', 'i', 't', 't', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "pittmantraffic.co.uk", true */ 'p', 'i', 't', 't', 'm', 'a', 'n', 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pivotaltracker.com", true */ 'p', 'i', 'v', 'o', 't', 'a', 'l', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "pivotanimation.org", true */ 'p', 'i', 'v', 'o', 't', 'a', 'n', 'i', 'm', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "pix5.de", true */ 'p', 'i', 'x', '5', '.', 'd', 'e', '\0', + /* "pixel.facebook.com", false */ 'p', 'i', 'x', 'e', 'l', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "pixel.google.com", true */ 'p', 'i', 'x', 'e', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "pixelbash.de", true */ 'p', 'i', 'x', 'e', 'l', 'b', 'a', 's', 'h', '.', 'd', 'e', '\0', + /* "pixelcubed.com", true */ 'p', 'i', 'x', 'e', 'l', 'c', 'u', 'b', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "pixelesque.uk", true */ 'p', 'i', 'x', 'e', 'l', 'e', 's', 'q', 'u', 'e', '.', 'u', 'k', '\0', + /* "pixelfou.com", true */ 'p', 'i', 'x', 'e', 'l', 'f', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "pixelminers.net", true */ 'p', 'i', 'x', 'e', 'l', 'm', 'i', 'n', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "pixelpoint.io", true */ 'p', 'i', 'x', 'e', 'l', 'p', 'o', 'i', 'n', 't', '.', 'i', 'o', '\0', + /* "pixelrain.info", true */ 'p', 'i', 'x', 'e', 'l', 'r', 'a', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "pixelsquared.us", true */ 'p', 'i', 'x', 'e', 'l', 's', 'q', 'u', 'a', 'r', 'e', 'd', '.', 'u', 's', '\0', + /* "pixelurbia.com", true */ 'p', 'i', 'x', 'e', 'l', 'u', 'r', 'b', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "pixelution.at", true */ 'p', 'i', 'x', 'e', 'l', 'u', 't', 'i', 'o', 'n', '.', 'a', 't', '\0', + /* "pixiv.moe", true */ 'p', 'i', 'x', 'i', 'v', '.', 'm', 'o', 'e', '\0', + /* "pixivimg.me", true */ 'p', 'i', 'x', 'i', 'v', 'i', 'm', 'g', '.', 'm', 'e', '\0', + /* "pixlfox.com", true */ 'p', 'i', 'x', 'l', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "pizala.de", true */ 'p', 'i', 'z', 'a', 'l', 'a', '.', 'd', 'e', '\0', + /* "pizzabottle.com", true */ 'p', 'i', 'z', 'z', 'a', 'b', 'o', 't', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "pizzacook.ch", true */ 'p', 'i', 'z', 'z', 'a', 'c', 'o', 'o', 'k', '.', 'c', 'h', '\0', + /* "pizzafest.ddns.net", true */ 'p', 'i', 'z', 'z', 'a', 'f', 'e', 's', 't', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "pizzagigant.hu", true */ 'p', 'i', 'z', 'z', 'a', 'g', 'i', 'g', 'a', 'n', 't', '.', 'h', 'u', '\0', + /* "pizzeria-mehrhoog.de", true */ 'p', 'i', 'z', 'z', 'e', 'r', 'i', 'a', '-', 'm', 'e', 'h', 'r', 'h', 'o', 'o', 'g', '.', 'd', 'e', '\0', + /* "pizzeriacolore.com", true */ 'p', 'i', 'z', 'z', 'e', 'r', 'i', 'a', 'c', 'o', 'l', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "pj539999.com", true */ 'p', 'j', '5', '3', '9', '9', '9', '9', '.', 'c', 'o', 'm', '\0', + /* "pjentertainments.co.uk", true */ 'p', 'j', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pjili.com", true */ 'p', 'j', 'i', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "pjleisure.co.uk", true */ 'p', 'j', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pjuu.com", false */ 'p', 'j', 'u', 'u', '.', 'c', 'o', 'm', '\0', + /* "pk.search.yahoo.com", false */ 'p', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "pkgt.de", false */ 'p', 'k', 'g', 't', '.', 'd', 'e', '\0', + /* "pko.ch", true */ 'p', 'k', 'o', '.', 'c', 'h', '\0', + /* "pkov.cz", true */ 'p', 'k', 'o', 'v', '.', 'c', 'z', '\0', + /* "pkphotobooths.co.uk", true */ 'p', 'k', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pl-cours.ch", true */ 'p', 'l', '-', 'c', 'o', 'u', 'r', 's', '.', 'c', 'h', '\0', + /* "pl.search.yahoo.com", false */ 'p', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "placasonline.com.br", true */ 'p', 'l', 'a', 'c', 'a', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "placassinal.com.br", true */ 'p', 'l', 'a', 'c', 'a', 's', 's', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "placefade.com", true */ 'p', 'l', 'a', 'c', 'e', 'f', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "placehold.co", true */ 'p', 'l', 'a', 'c', 'e', 'h', 'o', 'l', 'd', '.', 'c', 'o', '\0', + /* "placeralplato.com", true */ 'p', 'l', 'a', 'c', 'e', 'r', 'a', 'l', 'p', 'l', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "placker.com", false */ 'p', 'l', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "plae.com.au", true */ 'p', 'l', 'a', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "plainjs.com", false */ 'p', 'l', 'a', 'i', 'n', 'j', 's', '.', 'c', 'o', 'm', '\0', + /* "plainmark.com", true */ 'p', 'l', 'a', 'i', 'n', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "plaintech.net.au", true */ 'p', 'l', 'a', 'i', 'n', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "plaintray.com", true */ 'p', 'l', 'a', 'i', 'n', 't', 'r', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "plakbak.nl", true */ 'p', 'l', 'a', 'k', 'b', 'a', 'k', '.', 'n', 'l', '\0', + /* "plan-immobilier.fr", true */ 'p', 'l', 'a', 'n', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'f', 'r', '\0', + /* "planboardapp.com", true */ 'p', 'l', 'a', 'n', 'b', 'o', 'a', 'r', 'd', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "planet-work.com", true */ 'p', 'l', 'a', 'n', 'e', 't', '-', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "planetasuboficial.com.br", true */ 'p', 'l', 'a', 'n', 'e', 't', 'a', 's', 'u', 'b', 'o', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "planetau2.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'a', 'u', '2', '.', 'c', 'o', 'm', '\0', + /* "planetbeauty.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "planetbreath.ch", true */ 'p', 'l', 'a', 'n', 'e', 't', 'b', 'r', 'e', 'a', 't', 'h', '.', 'c', 'h', '\0', + /* "planete-cocoon.com", false */ 'p', 'l', 'a', 'n', 'e', 't', 'e', '-', 'c', 'o', 'c', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "planete-lira.fr", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', '-', 'l', 'i', 'r', 'a', '.', 'f', 'r', '\0', + /* "planete-secu.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', '-', 's', 'e', 'c', 'u', '.', 'c', 'o', 'm', '\0', + /* "planeteroliste.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', 'r', 'o', 'l', 'i', 's', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "planeteroliste.fr", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', 'r', 'o', 'l', 'i', 's', 't', 'e', '.', 'f', 'r', '\0', + /* "planetexpress.cc", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'c', '\0', + /* "planetromeofoundation.org", true */ 'p', 'l', 'a', 'n', 'e', 't', 'r', 'o', 'm', 'e', 'o', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "planify.io", true */ 'p', 'l', 'a', 'n', 'i', 'f', 'y', '.', 'i', 'o', '\0', + /* "planitz.com", true */ 'p', 'l', 'a', 'n', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "planitz.net", true */ 'p', 'l', 'a', 'n', 'i', 't', 'z', '.', 'n', 'e', 't', '\0', + /* "planktonforhealth.co.uk", true */ 'p', 'l', 'a', 'n', 'k', 't', 'o', 'n', 'f', 'o', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "planktonholland.com", true */ 'p', 'l', 'a', 'n', 'k', 't', 'o', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "planktonholland.nl", true */ 'p', 'l', 'a', 'n', 'k', 't', 'o', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "planlos.net", true */ 'p', 'l', 'a', 'n', 'l', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "planmemberpartners.com", true */ 'p', 'l', 'a', 'n', 'm', 'e', 'm', 'b', 'e', 'r', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "planningexcellence.com.au", true */ 'p', 'l', 'a', 'n', 'n', 'i', 'n', 'g', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "plant-gift.jp", true */ 'p', 'l', 'a', 'n', 't', '-', 'g', 'i', 'f', 't', '.', 'j', 'p', '\0', + /* "plantarum.com.br", true */ 'p', 'l', 'a', 'n', 't', 'a', 'r', 'u', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "plantastique.ch", true */ 'p', 'l', 'a', 'n', 't', 'a', 's', 't', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0', + /* "plantastique.com", true */ 'p', 'l', 'a', 'n', 't', 'a', 's', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "planteforum.no", true */ 'p', 'l', 'a', 'n', 't', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'o', '\0', + /* "plantroon.com", true */ 'p', 'l', 'a', 'n', 't', 'r', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "plantrustler.com", true */ 'p', 'l', 'a', 'n', 't', 'r', 'u', 's', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "plaque-funeraire.fr", true */ 'p', 'l', 'a', 'q', 'u', 'e', '-', 'f', 'u', 'n', 'e', 'r', 'a', 'i', 'r', 'e', '.', 'f', 'r', '\0', + /* "plassmann.ws", true */ 'p', 'l', 'a', 's', 's', 'm', 'a', 'n', 'n', '.', 'w', 's', '\0', + /* "plasti-pac.ch", true */ 'p', 'l', 'a', 's', 't', 'i', '-', 'p', 'a', 'c', '.', 'c', 'h', '\0', + /* "plasticsurgeryartist.com", true */ 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', 'a', 'r', 't', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "platformadmin.com", true */ 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "platinumpeek.com", true */ 'p', 'l', 'a', 't', 'i', 'n', 'u', 'm', 'p', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "platomania.nl", true */ 'p', 'l', 'a', 't', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'n', 'l', '\0', + /* "platschi.net", true */ 'p', 'l', 'a', 't', 's', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0', + /* "platten-nach-mass.de", true */ 'p', 'l', 'a', 't', 't', 'e', 'n', '-', 'n', 'a', 'c', 'h', '-', 'm', 'a', 's', 's', '.', 'd', 'e', '\0', + /* "platterlauncher.com", true */ 'p', 'l', 'a', 't', 't', 'e', 'r', 'l', 'a', 'u', 'n', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "plattner.club", true */ 'p', 'l', 'a', 't', 't', 'n', 'e', 'r', '.', 'c', 'l', 'u', 'b', '\0', + /* "play.cash", true */ 'p', 'l', 'a', 'y', '.', 'c', 'a', 's', 'h', '\0', + /* "play.google.com", true */ 'p', 'l', 'a', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "playanka.com", true */ 'p', 'l', 'a', 'y', 'a', 'n', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "playawaycastles.co.uk", true */ 'p', 'l', 'a', 'y', 'a', 'w', 'a', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "playdaysparties.co.uk", true */ 'p', 'l', 'a', 'y', 'd', 'a', 'y', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "playdreamcraft.com.br", true */ 'p', 'l', 'a', 'y', 'd', 'r', 'e', 'a', 'm', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "playform.cloud", true */ 'p', 'l', 'a', 'y', 'f', 'o', 'r', 'm', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "playhappywheelsunblocked.com", true */ 'p', 'l', 'a', 'y', 'h', 'a', 'p', 'p', 'y', 'w', 'h', 'e', 'e', 'l', 's', 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "playkh.com", true */ 'p', 'l', 'a', 'y', 'k', 'h', '.', 'c', 'o', 'm', '\0', + /* "playmfe.com", true */ 'p', 'l', 'a', 'y', 'm', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "playpirates.com", true */ 'p', 'l', 'a', 'y', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "playsnake.org", true */ 'p', 'l', 'a', 'y', 's', 'n', 'a', 'k', 'e', '.', 'o', 'r', 'g', '\0', + /* "playsoundevents.be", true */ 'p', 'l', 'a', 'y', 's', 'o', 'u', 'n', 'd', 'e', 'v', 'e', 'n', 't', 's', '.', 'b', 'e', '\0', + /* "playsource.co", true */ 'p', 'l', 'a', 'y', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', '\0', + /* "playsprout.industries", false */ 'p', 'l', 'a', 'y', 's', 'p', 'r', 'o', 'u', 't', '.', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '\0', + /* "playtictactoe.org", true */ 'p', 'l', 'a', 'y', 't', 'i', 'c', 't', 'a', 'c', 't', 'o', 'e', '.', 'o', 'r', 'g', '\0', + /* "playtimebouncycastles.co.uk", true */ 'p', 'l', 'a', 'y', 't', 'i', 'm', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "playwhyyza.com", true */ 'p', 'l', 'a', 'y', 'w', 'h', 'y', 'y', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "playzonecastles.co.uk", true */ 'p', 'l', 'a', 'y', 'z', 'o', 'n', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pld-entertainment.co.uk", true */ 'p', 'l', 'd', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pldx.org", true */ 'p', 'l', 'd', 'x', '.', 'o', 'r', 'g', '\0', + /* "please-deny.me", true */ 'p', 'l', 'e', 'a', 's', 'e', '-', 'd', 'e', 'n', 'y', '.', 'm', 'e', '\0', + /* "pleaseuseansnisupportedbrowser.ml", true */ 'p', 'l', 'e', 'a', 's', 'e', 'u', 's', 'e', 'a', 'n', 's', 'n', 'i', 's', 'u', 'p', 'p', 'o', 'r', 't', 'e', 'd', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'm', 'l', '\0', + /* "pleasure-science.com", true */ 'p', 'l', 'e', 'a', 's', 'u', 'r', 'e', '-', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "pleine-conscience.ch", true */ 'p', 'l', 'e', 'i', 'n', 'e', '-', 'c', 'o', 'n', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'h', '\0', + /* "plen.io", true */ 'p', 'l', 'e', 'n', '.', 'i', 'o', '\0', + /* "plenigo.com", true */ 'p', 'l', 'e', 'n', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "plexhome13.ddns.net", true */ 'p', 'l', 'e', 'x', 'h', 'o', 'm', 'e', '1', '3', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "plexi.dyndns.tv", true */ 'p', 'l', 'e', 'x', 'i', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 't', 'v', '\0', + /* "plexpy13.ddns.net", true */ 'p', 'l', 'e', 'x', 'p', 'y', '1', '3', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "plextv.de", true */ 'p', 'l', 'e', 'x', 't', 'v', '.', 'd', 'e', '\0', + /* "plexusmd.com", true */ 'p', 'l', 'e', 'x', 'u', 's', 'm', 'd', '.', 'c', 'o', 'm', '\0', + /* "plinc.co", true */ 'p', 'l', 'i', 'n', 'c', '.', 'c', 'o', '\0', + /* "pliosoft.com", true */ 'p', 'l', 'i', 'o', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "plitu.de", true */ 'p', 'l', 'i', 't', 'u', '.', 'd', 'e', '\0', + /* "ploader.ru", false */ 'p', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'r', 'u', '\0', + /* "plochka.bg", true */ 'p', 'l', 'o', 'c', 'h', 'k', 'a', '.', 'b', 'g', '\0', + /* "plomberierenga.com", true */ 'p', 'l', 'o', 'm', 'b', 'e', 'r', 'i', 'e', 'r', 'e', 'n', 'g', 'a', '.', 'c', 'o', 'm', '\0', + /* "plongee-phuket.fr", true */ 'p', 'l', 'o', 'n', 'g', 'e', 'e', '-', 'p', 'h', 'u', 'k', 'e', 't', '.', 'f', 'r', '\0', + /* "ploofer.com", true */ 'p', 'l', 'o', 'o', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "plot.ly", true */ 'p', 'l', 'o', 't', '.', 'l', 'y', '\0', + /* "plr4wp.com", true */ 'p', 'l', 'r', '4', 'w', 'p', '.', 'c', 'o', 'm', '\0', + /* "plsboop.me", true */ 'p', 'l', 's', 'b', 'o', 'o', 'p', '.', 'm', 'e', '\0', + /* "pluga.co", true */ 'p', 'l', 'u', 'g', 'a', '.', 'c', 'o', '\0', + /* "plugboard.xyz", true */ 'p', 'l', 'u', 'g', 'b', 'o', 'a', 'r', 'd', '.', 'x', 'y', 'z', '\0', + /* "plugcubed.net", false */ 'p', 'l', 'u', 'g', 'c', 'u', 'b', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "pluggedhead.com", true */ 'p', 'l', 'u', 'g', 'g', 'e', 'd', 'h', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "plugin-planet.com", true */ 'p', 'l', 'u', 'g', 'i', 'n', '-', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "pluginfactory.io", true */ 'p', 'l', 'u', 'g', 'i', 'n', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'i', 'o', '\0', + /* "pluginsloaded.com", true */ 'p', 'l', 'u', 'g', 'i', 'n', 's', 'l', 'o', 'a', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "plumber-in-sandton.co.za", true */ 'p', 'l', 'u', 'm', 'b', 'e', 'r', '-', 'i', 'n', '-', 's', 'a', 'n', 'd', 't', 'o', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "plumbingbenoni.co.za", true */ 'p', 'l', 'u', 'm', 'b', 'i', 'n', 'g', 'b', 'e', 'n', 'o', 'n', 'i', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "plumlocosoft.com", true */ 'p', 'l', 'u', 'm', 'l', 'o', 'c', 'o', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "plumnet.ch", true */ 'p', 'l', 'u', 'm', 'n', 'e', 't', '.', 'c', 'h', '\0', + /* "plumpie.net", false */ 'p', 'l', 'u', 'm', 'p', 'i', 'e', '.', 'n', 'e', 't', '\0', + /* "plus-5.com", true */ 'p', 'l', 'u', 's', '-', '5', '.', 'c', 'o', 'm', '\0', + /* "plus.google.com", false */ 'p', 'l', 'u', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "plus.sandbox.google.com", true */ 'p', 'l', 'u', 's', '.', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "plus1s.tk", true */ 'p', 'l', 'u', 's', '1', 's', '.', 't', 'k', '\0', + /* "plushev.com", true */ 'p', 'l', 'u', 's', 'h', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "pluslink.co.jp", true */ 'p', 'l', 'u', 's', 'l', 'i', 'n', 'k', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "plusstreamfeed.appspot.com", true */ 'p', 'l', 'u', 's', 's', 't', 'r', 'e', 'a', 'm', 'f', 'e', 'e', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "plustech.id", true */ 'p', 'l', 'u', 's', 't', 'e', 'c', 'h', '.', 'i', 'd', '\0', + /* "pluta.net", true */ 'p', 'l', 'u', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "pluto.life", true */ 'p', 'l', 'u', 't', 'o', '.', 'l', 'i', 'f', 'e', '\0', + /* "plutokorea.com", true */ 'p', 'l', 'u', 't', 'o', 'k', 'o', 'r', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "plutopia.ch", true */ 'p', 'l', 'u', 't', 'o', 'p', 'i', 'a', '.', 'c', 'h', '\0', + /* "plymouthbouncycastles.co.uk", true */ 'p', 'l', 'y', 'm', 'o', 'u', 't', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "plymouthglassgallery.com", true */ 'p', 'l', 'y', 'm', 'o', 'u', 't', 'h', 'g', 'l', 'a', 's', 's', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "plzdontpwn.me", true */ 'p', 'l', 'z', 'd', 'o', 'n', 't', 'p', 'w', 'n', '.', 'm', 'e', '\0', + /* "plzenskybarcamp.cz", true */ 'p', 'l', 'z', 'e', 'n', 's', 'k', 'y', 'b', 'a', 'r', 'c', 'a', 'm', 'p', '.', 'c', 'z', '\0', + /* "plzh4x.me", true */ 'p', 'l', 'z', 'h', '4', 'x', '.', 'm', 'e', '\0', + /* "pm-onboarding-external-dev.azurewebsites.net", true */ 'p', 'm', '-', 'o', 'n', 'b', 'o', 'a', 'r', 'd', 'i', 'n', 'g', '-', 'e', 'x', 't', 'e', 'r', 'n', 'a', 'l', '-', 'd', 'e', 'v', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "pm-partners-management-dev.azurewebsites.net", true */ 'p', 'm', '-', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '-', 'd', 'e', 'v', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "pm13.cz", true */ 'p', 'm', '1', '3', '.', 'c', 'z', '\0', + /* "pm13.org", true */ 'p', 'm', '1', '3', '.', 'o', 'r', 'g', '\0', + /* "pmalaty.com", true */ 'p', 'm', 'a', 'l', 'a', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "pmarques.info", true */ 'p', 'm', 'a', 'r', 'q', 'u', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "pmbc.org", true */ 'p', 'm', 'b', 'c', '.', 'o', 'r', 'g', '\0', + /* "pmconference.ch", true */ 'p', 'm', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'h', '\0', + /* "pmctire.com", true */ 'p', 'm', 'c', 't', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "pmessage.ch", true */ 'p', 'm', 'e', 's', 's', 'a', 'g', 'e', '.', 'c', 'h', '\0', + /* "pmg-offshore-company.com", true */ 'p', 'm', 'g', '-', 'o', 'f', 'f', 's', 'h', 'o', 'r', 'e', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "pmg-purchase.com", true */ 'p', 'm', 'g', '-', 'p', 'u', 'r', 'c', 'h', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "pmg-purchase.net", true */ 'p', 'm', 'g', '-', 'p', 'u', 'r', 'c', 'h', 'a', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "pmklaassen.com", true */ 'p', 'm', 'k', 'l', 'a', 'a', 's', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "pmoreau.org", true */ 'p', 'm', 'o', 'r', 'e', 'a', 'u', '.', 'o', 'r', 'g', '\0', + /* "pmp-art.com", true */ 'p', 'm', 'p', '-', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "pmponline.de", true */ 'p', 'm', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "pmsacorp.com", true */ 'p', 'm', 's', 'a', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "pmsf.eu", true */ 'p', 'm', 's', 'f', '.', 'e', 'u', '\0', + /* "pmt-documenten.nl", true */ 'p', 'm', 't', '-', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "pneuhaus-lemp.ch", true */ 'p', 'n', 'e', 'u', 'h', 'a', 'u', 's', '-', 'l', 'e', 'm', 'p', '.', 'c', 'h', '\0', + /* "pneusgppremium.com.br", true */ 'p', 'n', 'e', 'u', 's', 'g', 'p', 'p', 'r', 'e', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pnimmobilier.ch", true */ 'p', 'n', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0', + /* "pnmhomecheckup.com", true */ 'p', 'n', 'm', 'h', 'o', 'm', 'e', 'c', 'h', 'e', 'c', 'k', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "pnona.cz", true */ 'p', 'n', 'o', 'n', 'a', '.', 'c', 'z', '\0', + /* "pnut.io", false */ 'p', 'n', 'u', 't', '.', 'i', 'o', '\0', + /* "poba.fr", true */ 'p', 'o', 'b', 'a', '.', 'f', 'r', '\0', + /* "pocatellonissanparts.com", true */ 'p', 'o', 'c', 'a', 't', 'e', 'l', 'l', 'o', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "pochaneko.com", false */ 'p', 'o', 'c', 'h', 'a', 'n', 'e', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "pocketfruity.com", true */ 'p', 'o', 'c', 'k', 'e', 't', 'f', 'r', 'u', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "pocketfullofapps.com", true */ 'p', 'o', 'c', 'k', 'e', 't', 'f', 'u', 'l', 'l', 'o', 'f', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "pocketinsure.com", true */ 'p', 'o', 'c', 'k', 'e', 't', 'i', 'n', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "pocketmemories.net", true */ 'p', 'o', 'c', 'k', 'e', 't', 'm', 'e', 'm', 'o', 'r', 'i', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "pocobelli.ch", true */ 'p', 'o', 'c', 'o', 'b', 'e', 'l', 'l', 'i', '.', 'c', 'h', '\0', + /* "podcast.style", true */ 'p', 'o', 'd', 'c', 'a', 's', 't', '.', 's', 't', 'y', 'l', 'e', '\0', + /* "podemos.info", true */ 'p', 'o', 'd', 'e', 'm', 'o', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "podia.com.gr", true */ 'p', 'o', 'd', 'i', 'a', '.', 'c', 'o', 'm', '.', 'g', 'r', '\0', + /* "podroof.com", true */ 'p', 'o', 'd', 'r', 'o', 'o', 'f', '.', 'c', 'o', 'm', '\0', + /* "podroof.com.au", true */ 'p', 'o', 'd', 'r', 'o', 'o', 'f', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "podshrink.de", true */ 'p', 'o', 'd', 's', 'h', 'r', 'i', 'n', 'k', '.', 'd', 'e', '\0', + /* "poe.digital", true */ 'p', 'o', 'e', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0', + /* "poed.com.au", true */ 'p', 'o', 'e', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "poed.net.au", true */ 'p', 'o', 'e', 'd', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "poedgirl.com", true */ 'p', 'o', 'e', 'd', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "poeg.cz", true */ 'p', 'o', 'e', 'g', '.', 'c', 'z', '\0', + /* "pogoswine.com", true */ 'p', 'o', 'g', 'o', 's', 'w', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "pogrebisky.net", true */ 'p', 'o', 'g', 'r', 'e', 'b', 'i', 's', 'k', 'y', '.', 'n', 'e', 't', '\0', + /* "poinsot.info", true */ 'p', 'o', 'i', 'n', 's', 'o', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "pointaction.com", true */ 'p', 'o', 'i', 'n', 't', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "pointhost.de", true */ 'p', 'o', 'i', 'n', 't', 'h', 'o', 's', 't', '.', 'd', 'e', '\0', + /* "pointiswunderland.de", true */ 'p', 'o', 'i', 'n', 't', 'i', 's', 'w', 'u', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0', + /* "points4unitedway.com", true */ 'p', 'o', 'i', 'n', 't', 's', '4', 'u', 'n', 'i', 't', 'e', 'd', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "pointsixtyfive.com", true */ 'p', 'o', 'i', 'n', 't', 's', 'i', 'x', 't', 'y', 'f', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "pointum.com", true */ 'p', 'o', 'i', 'n', 't', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "poiru.net", true */ 'p', 'o', 'i', 'r', 'u', '.', 'n', 'e', 't', '\0', + /* "poitiers-ttacc-86.eu.org", true */ 'p', 'o', 'i', 't', 'i', 'e', 'r', 's', '-', 't', 't', 'a', 'c', 'c', '-', '8', '6', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "pojer.me", true */ 'p', 'o', 'j', 'e', 'r', '.', 'm', 'e', '\0', + /* "pokalsocial.de", true */ 'p', 'o', 'k', 'a', 'l', 's', 'o', 'c', 'i', 'a', 'l', '.', 'd', 'e', '\0', + /* "pokefarm.com", true */ 'p', 'o', 'k', 'e', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "pokeinthe.io", true */ 'p', 'o', 'k', 'e', 'i', 'n', 't', 'h', 'e', '.', 'i', 'o', '\0', + /* "pokemondb.net", true */ 'p', 'o', 'k', 'e', 'm', 'o', 'n', 'd', 'b', '.', 'n', 'e', 't', '\0', + /* "pokemontabletopadventures.com", true */ 'p', 'o', 'k', 'e', 'm', 'o', 'n', 't', 'a', 'b', 'l', 'e', 't', 'o', 'p', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "pokemori.jp", true */ 'p', 'o', 'k', 'e', 'm', 'o', 'r', 'i', '.', 'j', 'p', '\0', + /* "pokepon.center", true */ 'p', 'o', 'k', 'e', 'p', 'o', 'n', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0', + /* "pokl.cz", true */ 'p', 'o', 'k', 'l', '.', 'c', 'z', '\0', + /* "polaire.org", true */ 'p', 'o', 'l', 'a', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "polandb2b.directory", true */ 'p', 'o', 'l', 'a', 'n', 'd', 'b', '2', 'b', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0', + /* "pole-emotion.ch", true */ 'p', 'o', 'l', 'e', '-', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "poleacademie.com", true */ 'p', 'o', 'l', 'e', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "poleartschool.com", false */ 'p', 'o', 'l', 'e', 'a', 'r', 't', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "poles4pilots.com", true */ 'p', 'o', 'l', 'e', 's', '4', 'p', 'i', 'l', 'o', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "policedriver.com", true */ 'p', 'o', 'l', 'i', 'c', 'e', 'd', 'r', 'i', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "polis.or.at", true */ 'p', 'o', 'l', 'i', 's', '.', 'o', 'r', '.', 'a', 't', '\0', + /* "polis.to", false */ 'p', 'o', 'l', 'i', 's', '.', 't', 'o', '\0', + /* "polish.directory", true */ 'p', 'o', 'l', 'i', 's', 'h', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0', + /* "politeiaudesa.org", true */ 'p', 'o', 'l', 'i', 't', 'e', 'i', 'a', 'u', 'd', 'e', 's', 'a', '.', 'o', 'r', 'g', '\0', + /* "politik-bei-uns.de", true */ 'p', 'o', 'l', 'i', 't', 'i', 'k', '-', 'b', 'e', 'i', '-', 'u', 'n', 's', '.', 'd', 'e', '\0', + /* "polizeiwallis.ch", true */ 'p', 'o', 'l', 'i', 'z', 'e', 'i', 'w', 'a', 'l', 'l', 'i', 's', '.', 'c', 'h', '\0', + /* "polkam.go.id", false */ 'p', 'o', 'l', 'k', 'a', 'm', '.', 'g', 'o', '.', 'i', 'd', '\0', + /* "pollet-ghijs.be", true */ 'p', 'o', 'l', 'l', 'e', 't', '-', 'g', 'h', 'i', 'j', 's', '.', 'b', 'e', '\0', + /* "pollet-ghys.be", true */ 'p', 'o', 'l', 'l', 'e', 't', '-', 'g', 'h', 'y', 's', '.', 'b', 'e', '\0', + /* "polletmera.com", true */ 'p', 'o', 'l', 'l', 'e', 't', 'm', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "pollingplace.uk", true */ 'p', 'o', 'l', 'l', 'i', 'n', 'g', 'p', 'l', 'a', 'c', 'e', '.', 'u', 'k', '\0', + /* "pollpodium.nl", true */ 'p', 'o', 'l', 'l', 'p', 'o', 'd', 'i', 'u', 'm', '.', 'n', 'l', '\0', + /* "polsport.live", true */ 'p', 'o', 'l', 's', 'p', 'o', 'r', 't', '.', 'l', 'i', 'v', 'e', '\0', + /* "poly-fast.com", true */ 'p', 'o', 'l', 'y', '-', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "polyfill.io", true */ 'p', 'o', 'l', 'y', 'f', 'i', 'l', 'l', '.', 'i', 'o', '\0', + /* "polygamer.net", true */ 'p', 'o', 'l', 'y', 'g', 'a', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "polymake.org", true */ 'p', 'o', 'l', 'y', 'm', 'a', 'k', 'e', '.', 'o', 'r', 'g', '\0', + /* "polymathematician.com", true */ 'p', 'o', 'l', 'y', 'm', 'a', 't', 'h', 'e', 'm', 'a', 't', 'i', 'c', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "polynomapp.com", true */ 'p', 'o', 'l', 'y', 'n', 'o', 'm', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "polypane.rocks", true */ 'p', 'o', 'l', 'y', 'p', 'a', 'n', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "polypet.com.sg", true */ 'p', 'o', 'l', 'y', 'p', 'e', 't', '.', 'c', 'o', 'm', '.', 's', 'g', '\0', + /* "polytarian.com", true */ 'p', 'o', 'l', 'y', 't', 'a', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "polytechecosystem.vc", true */ 'p', 'o', 'l', 'y', 't', 'e', 'c', 'h', 'e', 'c', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'v', 'c', '\0', + /* "pomar.club", false */ 'p', 'o', 'm', 'a', 'r', '.', 'c', 'l', 'u', 'b', '\0', + /* "pomfe.co", true */ 'p', 'o', 'm', 'f', 'e', '.', 'c', 'o', '\0', + /* "pommedepain.fr", true */ 'p', 'o', 'm', 'm', 'e', 'd', 'e', 'p', 'a', 'i', 'n', '.', 'f', 'r', '\0', + /* "pomocniczy.eu.org", true */ 'p', 'o', 'm', 'o', 'c', 'n', 'i', 'c', 'z', 'y', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "pompiers-martigny.ch", true */ 'p', 'o', 'm', 'p', 'i', 'e', 'r', 's', '-', 'm', 'a', 'r', 't', 'i', 'g', 'n', 'y', '.', 'c', 'h', '\0', + /* "pomsinoz.com", true */ 'p', 'o', 'm', 's', 'i', 'n', 'o', 'z', '.', 'c', 'o', 'm', '\0', + /* "pondof.fish", true */ 'p', 'o', 'n', 'd', 'o', 'f', '.', 'f', 'i', 's', 'h', '\0', + /* "poneypourtous.com", true */ 'p', 'o', 'n', 'e', 'y', 'p', 'o', 'u', 'r', 't', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "poneytelecom.org", true */ 'p', 'o', 'n', 'e', 'y', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "ponga.se", true */ 'p', 'o', 'n', 'g', 'a', '.', 's', 'e', '\0', + /* "ponteus.com", true */ 'p', 'o', 'n', 't', 'e', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "pontodogame.com.br", true */ 'p', 'o', 'n', 't', 'o', 'd', 'o', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pony-cl.co.jp", true */ 'p', 'o', 'n', 'y', '-', 'c', 'l', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "pony.tf", true */ 'p', 'o', 'n', 'y', '.', 't', 'f', '\0', + /* "ponychan.net", true */ 'p', 'o', 'n', 'y', 'c', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "ponycyclepals.co.uk", true */ 'p', 'o', 'n', 'y', 'c', 'y', 'c', 'l', 'e', 'p', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ponyfoo.com", true */ 'p', 'o', 'n', 'y', 'f', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "ponzi.life", true */ 'p', 'o', 'n', 'z', 'i', '.', 'l', 'i', 'f', 'e', '\0', + /* "pookl.com", true */ 'p', 'o', 'o', 'k', 'l', '.', 'c', 'o', 'm', '\0', + /* "poollicht.be", true */ 'p', 'o', 'o', 'l', 'l', 'i', 'c', 'h', 't', '.', 'b', 'e', '\0', + /* "poolvilla-margarita.net", false */ 'p', 'o', 'o', 'l', 'v', 'i', 'l', 'l', 'a', '-', 'm', 'a', 'r', 'g', 'a', 'r', 'i', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "poon.io", true */ 'p', 'o', 'o', 'n', '.', 'i', 'o', '\0', + /* "poopjournal.rocks", true */ 'p', 'o', 'o', 'p', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "pop-corn.ro", true */ 'p', 'o', 'p', '-', 'c', 'o', 'r', 'n', '.', 'r', 'o', '\0', + /* "popcornpalacefundraising.com", true */ 'p', 'o', 'p', 'c', 'o', 'r', 'n', 'p', 'a', 'l', 'a', 'c', 'e', 'f', 'u', 'n', 'd', 'r', 'a', 'i', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "popcultureshack.com", true */ 'p', 'o', 'p', 'c', 'u', 'l', 't', 'u', 'r', 'e', 's', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "popinga.it", true */ 'p', 'o', 'p', 'i', 'n', 'g', 'a', '.', 'i', 't', '\0', + /* "popkins.cf", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 'c', 'f', '\0', + /* "popkins.ga", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 'g', 'a', '\0', + /* "popkins.gq", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 'g', 'q', '\0', + /* "popkins.tk", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 't', 'k', '\0', + /* "popmagz.com", true */ 'p', 'o', 'p', 'm', 'a', 'g', 'z', '.', 'c', 'o', 'm', '\0', + /* "popoway.cloud", true */ 'p', 'o', 'p', 'o', 'w', 'a', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "popoway.me", true */ 'p', 'o', 'p', 'o', 'w', 'a', 'y', '.', 'm', 'e', '\0', + /* "poppetsphere.de", true */ 'p', 'o', 'p', 'p', 'e', 't', 's', 'p', 'h', 'e', 'r', 'e', '.', 'd', 'e', '\0', + /* "population-ethics.com", true */ 'p', 'o', 'p', 'u', 'l', 'a', 't', 'i', 'o', 'n', '-', 'e', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "popupsoftplay.com", true */ 'p', 'o', 'p', 'u', 'p', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "poquvi.net", true */ 'p', 'o', 'q', 'u', 'v', 'i', '.', 'n', 'e', 't', '\0', + /* "porg.es", true */ 'p', 'o', 'r', 'g', '.', 'e', 's', '\0', + /* "pork.org.uk", true */ 'p', 'o', 'r', 'k', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "porn77.info", true */ 'p', 'o', 'r', 'n', '7', '7', '.', 'i', 'n', 'f', 'o', '\0', + /* "pornbase.info", true */ 'p', 'o', 'r', 'n', 'b', 'a', 's', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "pornbay.org", true */ 'p', 'o', 'r', 'n', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "pornblog.org", true */ 'p', 'o', 'r', 'n', 'b', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0', + /* "porncandi.com", true */ 'p', 'o', 'r', 'n', 'c', 'a', 'n', 'd', 'i', '.', 'c', 'o', 'm', '\0', + /* "pornohub.su", true */ 'p', 'o', 'r', 'n', 'o', 'h', 'u', 'b', '.', 's', 'u', '\0', + /* "pornolab-net.appspot.com", false */ 'p', 'o', 'r', 'n', 'o', 'l', 'a', 'b', '-', 'n', 'e', 't', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "pornomens.be", true */ 'p', 'o', 'r', 'n', 'o', 'm', 'e', 'n', 's', '.', 'b', 'e', '\0', + /* "porschen.fr", true */ 'p', 'o', 'r', 's', 'c', 'h', 'e', 'n', '.', 'f', 'r', '\0', + /* "port.social", true */ 'p', 'o', 'r', 't', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0', + /* "port443.hamburg", true */ 'p', 'o', 'r', 't', '4', '4', '3', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0', + /* "port443.se", true */ 'p', 'o', 'r', 't', '4', '4', '3', '.', 's', 'e', '\0', + /* "port67.org", true */ 'p', 'o', 'r', 't', '6', '7', '.', 'o', 'r', 'g', '\0', + /* "port80.hamburg", true */ 'p', 'o', 'r', 't', '8', '0', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0', + /* "portailevangelique.ca", true */ 'p', 'o', 'r', 't', 'a', 'i', 'l', 'e', 'v', 'a', 'n', 'g', 'e', 'l', 'i', 'q', 'u', 'e', '.', 'c', 'a', '\0', + /* "portal.tirol.gv.at", true */ 'p', 'o', 'r', 't', 'a', 'l', '.', 't', 'i', 'r', 'o', 'l', '.', 'g', 'v', '.', 'a', 't', '\0', + /* "portalcarriers.com", true */ 'p', 'o', 'r', 't', 'a', 'l', 'c', 'a', 'r', 'r', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "portalcentric.net", true */ 'p', 'o', 'r', 't', 'a', 'l', 'c', 'e', 'n', 't', 'r', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "portalisapres.cl", true */ 'p', 'o', 'r', 't', 'a', 'l', 'i', 's', 'a', 'p', 'r', 'e', 's', '.', 'c', 'l', '\0', + /* "portalkla.com.br", true */ 'p', 'o', 'r', 't', 'a', 'l', 'k', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "portefeuillesignalen.nl", true */ 'p', 'o', 'r', 't', 'e', 'f', 'e', 'u', 'i', 'l', 'l', 'e', 's', 'i', 'g', 'n', 'a', 'l', 'e', 'n', '.', 'n', 'l', '\0', + /* "portercup.com", true */ 'p', 'o', 'r', 't', 'e', 'r', 'c', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "porterranchelectrical.com", true */ 'p', 'o', 'r', 't', 'e', 'r', 'r', 'a', 'n', 'c', 'h', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "portofacil.com", true */ 'p', 'o', 'r', 't', 'o', 'f', 'a', 'c', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "portofrotterdam.com", true */ 'p', 'o', 'r', 't', 'o', 'f', 'r', 'o', 't', 't', 'e', 'r', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "portosonline.pl", true */ 'p', 'o', 'r', 't', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'l', '\0', + /* "portraitsystem.biz", true */ 'p', 'o', 'r', 't', 'r', 'a', 'i', 't', 's', 'y', 's', 't', 'e', 'm', '.', 'b', 'i', 'z', '\0', + /* "portsdebalears.gob.es", true */ 'p', 'o', 'r', 't', 's', 'd', 'e', 'b', 'a', 'l', 'e', 'a', 'r', 's', '.', 'g', 'o', 'b', '.', 'e', 's', '\0', + /* "portsmouthbouncycastles.co.uk", true */ 'p', 'o', 'r', 't', 's', 'm', 'o', 'u', 't', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "portugalsko.net", true */ 'p', 'o', 'r', 't', 'u', 'g', 'a', 'l', 's', 'k', 'o', '.', 'n', 'e', 't', '\0', + /* "portvaletickets.com", true */ 'p', 'o', 'r', 't', 'v', 'a', 'l', 'e', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "porybox.com", true */ 'p', 'o', 'r', 'y', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "porzgmbh.de", true */ 'p', 'o', 'r', 'z', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0', + /* "posaunenchor-senden.de", true */ 'p', 'o', 's', 'a', 'u', 'n', 'e', 'n', 'c', 'h', 'o', 'r', '-', 's', 'e', 'n', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "posbank.co.uk", true */ 'p', 'o', 's', 'b', 'a', 'n', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "poseidonwaterproofing.com", true */ 'p', 'o', 's', 'e', 'i', 'd', 'o', 'n', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "poshcastles.co.uk", true */ 'p', 'o', 's', 'h', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "poshsecurity.com", true */ 'p', 'o', 's', 'h', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "positionus.io", true */ 'p', 'o', 's', 'i', 't', 'i', 'o', 'n', 'u', 's', '.', 'i', 'o', '\0', + /* "positive.com.cy", true */ 'p', 'o', 's', 'i', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '.', 'c', 'y', '\0', + /* "positivesobrietyinstitute.com", true */ 'p', 'o', 's', 'i', 't', 'i', 'v', 'e', 's', 'o', 'b', 'r', 'i', 'e', 't', 'y', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "posobota.cz", true */ 'p', 'o', 's', 'o', 'b', 'o', 't', 'a', '.', 'c', 'z', '\0', + /* "post-darwinian.com", true */ 'p', 'o', 's', 't', '-', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "post-darwinism.com", true */ 'p', 'o', 's', 't', '-', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "post.com.ar", true */ 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "post.io", true */ 'p', 'o', 's', 't', '.', 'i', 'o', '\0', + /* "post4me.at", true */ 'p', 'o', 's', 't', '4', 'm', 'e', '.', 'a', 't', '\0', + /* "postal.dk", true */ 'p', 'o', 's', 't', 'a', 'l', '.', 'd', 'k', '\0', + /* "postal3.es", true */ 'p', 'o', 's', 't', 'a', 'l', '3', '.', 'e', 's', '\0', + /* "postback.io", true */ 'p', 'o', 's', 't', 'b', 'a', 'c', 'k', '.', 'i', 'o', '\0', + /* "postblue.info", true */ 'p', 'o', 's', 't', 'b', 'l', 'u', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "postbox.life", true */ 'p', 'o', 's', 't', 'b', 'o', 'x', '.', 'l', 'i', 'f', 'e', '\0', + /* "postcardpayment.com", true */ 'p', 'o', 's', 't', 'c', 'a', 'r', 'd', 'p', 'a', 'y', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "postcode.nl", true */ 'p', 'o', 's', 't', 'c', 'o', 'd', 'e', '.', 'n', 'l', '\0', + /* "postcodegarant.nl", true */ 'p', 'o', 's', 't', 'c', 'o', 'd', 'e', 'g', 'a', 'r', 'a', 'n', 't', '.', 'n', 'l', '\0', + /* "postdarwinian.com", true */ 'p', 'o', 's', 't', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "postdarwinism.com", true */ 'p', 'o', 's', 't', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "postdeck.de", true */ 'p', 'o', 's', 't', 'd', 'e', 'c', 'k', '.', 'd', 'e', '\0', + /* "posteo.de", false */ 'p', 'o', 's', 't', 'e', 'o', '.', 'd', 'e', '\0', + /* "posters.win", true */ 'p', 'o', 's', 't', 'e', 'r', 's', '.', 'w', 'i', 'n', '\0', + /* "posterspy.com", true */ 'p', 'o', 's', 't', 'e', 'r', 's', 'p', 'y', '.', 'c', 'o', 'm', '\0', + /* "postfalls-naturopathic.com", true */ 'p', 'o', 's', 't', 'f', 'a', 'l', 'l', 's', '-', 'n', 'a', 't', 'u', 'r', 'o', 'p', 'a', 't', 'h', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "postfinance.ch", true */ 'p', 'o', 's', 't', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0', + /* "postmatescode.com", true */ 'p', 'o', 's', 't', 'm', 'a', 't', 'e', 's', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "postn.eu", true */ 'p', 'o', 's', 't', 'n', '.', 'e', 'u', '\0', + /* "postpot.co.kr", true */ 'p', 'o', 's', 't', 'p', 'o', 't', '.', 'c', 'o', '.', 'k', 'r', '\0', + /* "posttigo.com", true */ 'p', 'o', 's', 't', 't', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "potatiz.com", true */ 'p', 'o', 't', 'a', 't', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "potatofrom.space", false */ 'p', 'o', 't', 'a', 't', 'o', 'f', 'r', 'o', 'm', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "potatopro.com", true */ 'p', 'o', 't', 'a', 't', 'o', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "potbox.com", true */ 'p', 'o', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "potentialproject.com", true */ 'p', 'o', 't', 'e', 'n', 't', 'i', 'a', 'l', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "pothe.com", true */ 'p', 'o', 't', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "pothe.de", true */ 'p', 'o', 't', 'h', 'e', '.', 'd', 'e', '\0', + /* "potolok.am", true */ 'p', 'o', 't', 'o', 'l', 'o', 'k', '.', 'a', 'm', '\0', + /* "potomania.cz", true */ 'p', 'o', 't', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'z', '\0', + /* "potpourrifestival.de", true */ 'p', 'o', 't', 'p', 'o', 'u', 'r', 'r', 'i', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0', + /* "potrillionaires.com", true */ 'p', 'o', 't', 'r', 'i', 'l', 'l', 'i', 'o', 'n', 'a', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "potterscraftcider.com", true */ 'p', 'o', 't', 't', 'e', 'r', 's', 'c', 'r', 'a', 'f', 't', 'c', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "pottersheartministry.org", true */ 'p', 'o', 't', 't', 'e', 'r', 's', 'h', 'e', 'a', 'r', 't', 'm', 'i', 'n', 'i', 's', 't', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "pottshome.co.uk", true */ 'p', 'o', 't', 't', 's', 'h', 'o', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "potworowski.de", true */ 'p', 'o', 't', 'w', 'o', 'r', 'o', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0', + /* "pouet.it", true */ 'p', 'o', 'u', 'e', 't', '.', 'i', 't', '\0', + /* "poupatempo.org", true */ 'p', 'o', 'u', 'p', 'a', 't', 'e', 'm', 'p', 'o', '.', 'o', 'r', 'g', '\0', + /* "pourlesenfants.info", true */ 'p', 'o', 'u', 'r', 'l', 'e', 's', 'e', 'n', 'f', 'a', 'n', 't', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "pourout.org", true */ 'p', 'o', 'u', 'r', 'o', 'u', 't', '.', 'o', 'r', 'g', '\0', + /* "povareschka.ru", true */ 'p', 'o', 'v', 'a', 'r', 'e', 's', 'c', 'h', 'k', 'a', '.', 'r', 'u', '\0', + /* "povesham.tk", true */ 'p', 'o', 'v', 'e', 's', 'h', 'a', 'm', '.', 't', 'k', '\0', + /* "powdersnow.top", true */ 'p', 'o', 'w', 'd', 'e', 'r', 's', 'n', 'o', 'w', '.', 't', 'o', 'p', '\0', + /* "power-coonies.de", true */ 'p', 'o', 'w', 'e', 'r', '-', 'c', 'o', 'o', 'n', 'i', 'e', 's', '.', 'd', 'e', '\0', + /* "power-fit.org", true */ 'p', 'o', 'w', 'e', 'r', '-', 'f', 'i', 't', '.', 'o', 'r', 'g', '\0', + /* "power-flowengineer.com", true */ 'p', 'o', 'w', 'e', 'r', '-', 'f', 'l', 'o', 'w', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "power-tools24.com", true */ 'p', 'o', 'w', 'e', 'r', '-', 't', 'o', 'o', 'l', 's', '2', '4', '.', 'c', 'o', 'm', '\0', + /* "powerb.ch", true */ 'p', 'o', 'w', 'e', 'r', 'b', '.', 'c', 'h', '\0', + /* "powercloud.technology", true */ 'p', 'o', 'w', 'e', 'r', 'c', 'l', 'o', 'u', 'd', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0', + /* "powerdent.net.br", true */ 'p', 'o', 'w', 'e', 'r', 'd', 'e', 'n', 't', '.', 'n', 'e', 't', '.', 'b', 'r', '\0', + /* "poweredbyiris.nl", true */ 'p', 'o', 'w', 'e', 'r', 'e', 'd', 'b', 'y', 'i', 'r', 'i', 's', '.', 'n', 'l', '\0', + /* "poweredbypurdy.com", true */ 'p', 'o', 'w', 'e', 'r', 'e', 'd', 'b', 'y', 'p', 'u', 'r', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "powergridess.com", false */ 'p', 'o', 'w', 'e', 'r', 'g', 'r', 'i', 'd', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "powermeter.at", true */ 'p', 'o', 'w', 'e', 'r', 'm', 'e', 't', 'e', 'r', '.', 'a', 't', '\0', + /* "powersergdatasystems.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'd', 'a', 't', 'a', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "powersergthisisthewebsitefuckyouscott.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 't', 'h', 'i', 's', 'i', 's', 't', 'h', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 'f', 'u', 'c', 'k', 'y', 'o', 'u', 's', 'c', 'o', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "powersergunited.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "powersergunited.org", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'u', 'n', 'i', 't', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "powersergusercontent.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "powershellmagic.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'h', 'e', 'l', 'l', 'm', 'a', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "powerwellness-korecki.de", true */ 'p', 'o', 'w', 'e', 'r', 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '-', 'k', 'o', 'r', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0', + /* "pozemedicale.org", true */ 'p', 'o', 'z', 'e', 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "pozytywnyplan.pl", true */ 'p', 'o', 'z', 'y', 't', 'y', 'w', 'n', 'y', 'p', 'l', 'a', 'n', '.', 'p', 'l', '\0', + /* "pozzo-balbi.com", true */ 'p', 'o', 'z', 'z', 'o', '-', 'b', 'a', 'l', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "ppipe.net", true */ 'p', 'p', 'i', 'p', 'e', '.', 'n', 'e', 't', '\0', + /* "ppmathis.ch", true */ 'p', 'p', 'm', 'a', 't', 'h', 'i', 's', '.', 'c', 'h', '\0', + /* "ppmathis.com", true */ 'p', 'p', 'm', 'a', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "ppmoon.com", true */ 'p', 'p', 'm', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "ppoozl.com", true */ 'p', 'p', 'o', 'o', 'z', 'l', '.', 'c', 'o', 'm', '\0', + /* "pptavmdata.org", true */ 'p', 'p', 't', 'a', 'v', 'm', 'd', 'a', 't', 'a', '.', 'o', 'r', 'g', '\0', + /* "ppy.sh", true */ 'p', 'p', 'y', '.', 's', 'h', '\0', + /* "pr.search.yahoo.com", false */ 'p', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "pr1sm.com", true */ 'p', 'r', '1', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "pr2studio.com", true */ 'p', 'r', '2', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "prac.to", true */ 'p', 'r', 'a', 'c', '.', 't', 'o', '\0', + /* "pracowniatkanin.com", true */ 'p', 'r', 'a', 'c', 'o', 'w', 'n', 'i', 'a', 't', 'k', 'a', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "practicepanther.com", true */ 'p', 'r', 'a', 'c', 't', 'i', 'c', 'e', 'p', 'a', 'n', 't', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "practo.com", true */ 'p', 'r', 'a', 'c', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "prado.it", true */ 'p', 'r', 'a', 'd', 'o', '.', 'i', 't', '\0', + /* "praeparation-keppner.de", true */ 'p', 'r', 'a', 'e', 'p', 'a', 'r', 'a', 't', 'i', 'o', 'n', '-', 'k', 'e', 'p', 'p', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "praerien-racing.com", true */ 'p', 'r', 'a', 'e', 'r', 'i', 'e', 'n', '-', 'r', 'a', 'c', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "prague-swim.cz", true */ 'p', 'r', 'a', 'g', 'u', 'e', '-', 's', 'w', 'i', 'm', '.', 'c', 'z', '\0', + /* "praguepsychology.com", true */ 'p', 'r', 'a', 'g', 'u', 'e', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "praguepsychology.cz", true */ 'p', 'r', 'a', 'g', 'u', 'e', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'z', '\0', + /* "pragueswim.cz", true */ 'p', 'r', 'a', 'g', 'u', 'e', 's', 'w', 'i', 'm', '.', 'c', 'z', '\0', + /* "prajwalkoirala.com", true */ 'p', 'r', 'a', 'j', 'w', 'a', 'l', 'k', 'o', 'i', 'r', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "prakhar.uk", true */ 'p', 'r', 'a', 'k', 'h', 'a', 'r', '.', 'u', 'k', '\0', + /* "prakharprasad.com", true */ 'p', 'r', 'a', 'k', 'h', 'a', 'r', 'p', 'r', 'a', 's', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "praxino.de", true */ 'p', 'r', 'a', 'x', 'i', 'n', 'o', '.', 'd', 'e', '\0', + /* "praxis-dingeldey.de", true */ 'p', 'r', 'a', 'x', 'i', 's', '-', 'd', 'i', 'n', 'g', 'e', 'l', 'd', 'e', 'y', '.', 'd', 'e', '\0', + /* "praxis-familienglueck.de", true */ 'p', 'r', 'a', 'x', 'i', 's', '-', 'f', 'a', 'm', 'i', 'l', 'i', 'e', 'n', 'g', 'l', 'u', 'e', 'c', 'k', '.', 'd', 'e', '\0', + /* "prayerrequest.com", true */ 'p', 'r', 'a', 'y', 'e', 'r', 'r', 'e', 'q', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "prazeresdavida.com.br", true */ 'p', 'r', 'a', 'z', 'e', 'r', 'e', 's', 'd', 'a', 'v', 'i', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "prazynka.pl", true */ 'p', 'r', 'a', 'z', 'y', 'n', 'k', 'a', '.', 'p', 'l', '\0', + /* "prc-newmedia.com", true */ 'p', 'r', 'c', '-', 'n', 'e', 'w', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "prc.gov", true */ 'p', 'r', 'c', '.', 'g', 'o', 'v', '\0', + /* "precedecaritas.com.br", true */ 'p', 'r', 'e', 'c', 'e', 'd', 'e', 'c', 'a', 'r', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "preciouslife.fr", true */ 'p', 'r', 'e', 'c', 'i', 'o', 'u', 's', 'l', 'i', 'f', 'e', '.', 'f', 'r', '\0', + /* "preciscx.com", true */ 'p', 'r', 'e', 'c', 'i', 's', 'c', 'x', '.', 'c', 'o', 'm', '\0', + /* "preciseassemblies.com", true */ 'p', 'r', 'e', 'c', 'i', 's', 'e', 'a', 's', 's', 'e', 'm', 'b', 'l', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "precode.eu", true */ 'p', 'r', 'e', 'c', 'o', 'd', 'e', '.', 'e', 'u', '\0', + /* "predoiu.ro", true */ 'p', 'r', 'e', 'd', 'o', 'i', 'u', '.', 'r', 'o', '\0', + /* "preexport.com", true */ 'p', 'r', 'e', 'e', 'x', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "prefix.eu", true */ 'p', 'r', 'e', 'f', 'i', 'x', '.', 'e', 'u', '\0', + /* "pregunteleakaren.gov", true */ 'p', 'r', 'e', 'g', 'u', 'n', 't', 'e', 'l', 'e', 'a', 'k', 'a', 'r', 'e', 'n', '.', 'g', 'o', 'v', '\0', + /* "preigu.de", true */ 'p', 'r', 'e', 'i', 'g', 'u', '.', 'd', 'e', '\0', + /* "preis-alarm.info", true */ 'p', 'r', 'e', 'i', 's', '-', 'a', 'l', 'a', 'r', 'm', '.', 'i', 'n', 'f', 'o', '\0', + /* "preis-alarm.org", true */ 'p', 'r', 'e', 'i', 's', '-', 'a', 'l', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0', + /* "preisser-it.de", true */ 'p', 'r', 'e', 'i', 's', 's', 'e', 'r', '-', 'i', 't', '.', 'd', 'e', '\0', + /* "preisser.it", true */ 'p', 'r', 'e', 'i', 's', 's', 'e', 'r', '.', 'i', 't', '\0', + /* "prekladysanca.cz", true */ 'p', 'r', 'e', 'k', 'l', 'a', 'd', 'y', 's', 'a', 'n', 'c', 'a', '.', 'c', 'z', '\0', + /* "preloaded-hsts.badssl.com", true */ 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '-', 'h', 's', 't', 's', '.', 'b', 'a', 'd', 's', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "preludes.org", true */ 'p', 'r', 'e', 'l', 'u', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "prelved.com", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "prelved.es", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'e', 's', '\0', + /* "prelved.fi", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'f', 'i', '\0', + /* "prelved.fr", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'f', 'r', '\0', + /* "prelved.it", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'i', 't', '\0', + /* "prelved.nl", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'n', 'l', '\0', + /* "prelved.pl", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'p', 'l', '\0', + /* "prelved.se", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 's', 'e', '\0', + /* "premaritalsex.info", true */ 'p', 'r', 'e', 'm', 'a', 'r', 'i', 't', 'a', 'l', 's', 'e', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "premierbouncycastles.co.uk", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "premierevents.ie", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 'e', 'v', 'e', 'n', 't', 's', '.', 'i', 'e', '\0', + /* "premierheart.com", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 'h', 'e', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "premiership-predictors.co.uk", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 's', 'h', 'i', 'p', '-', 'p', 'r', 'e', 'd', 'i', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "premiumweb.co.id", true */ 'p', 'r', 'e', 'm', 'i', 'u', 'm', 'w', 'e', 'b', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "premiumwebdesign.it", true */ 'p', 'r', 'e', 'm', 'i', 'u', 'm', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'i', 't', '\0', + /* "premiumzweirad.de", false */ 'p', 'r', 'e', 'm', 'i', 'u', 'm', 'z', 'w', 'e', 'i', 'r', 'a', 'd', '.', 'd', 'e', '\0', + /* "prenatalgeboortekaartjes.nl", true */ 'p', 'r', 'e', 'n', 'a', 't', 'a', 'l', 'g', 'e', 'b', 'o', 'o', 'r', 't', 'e', 'k', 'a', 'a', 'r', 't', 'j', 'e', 's', '.', 'n', 'l', '\0', + /* "prenger.co", true */ 'p', 'r', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', '\0', + /* "prepaid-cards.xyz", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', '-', 'c', 'a', 'r', 'd', 's', '.', 'x', 'y', 'z', '\0', + /* "prepaid-voip.nl", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', '-', 'v', 'o', 'i', 'p', '.', 'n', 'l', '\0', + /* "prepaidgirl.com", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "prepaidkredietkaart.be", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', 'k', 'r', 'e', 'd', 'i', 'e', 't', 'k', 'a', 'a', 'r', 't', '.', 'b', 'e', '\0', + /* "prepare-job-hunting.com", true */ 'p', 'r', 'e', 'p', 'a', 'r', 'e', '-', 'j', 'o', 'b', '-', 'h', 'u', 'n', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "preparedcapital.com", true */ 'p', 'r', 'e', 'p', 'a', 'r', 'e', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "preparetheword.com", false */ 'p', 'r', 'e', 'p', 'a', 'r', 'e', 't', 'h', 'e', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "presbee.com", true */ 'p', 'r', 'e', 's', 'b', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "prescotonline.co.uk", true */ 'p', 'r', 'e', 's', 'c', 'o', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "prescriptionrex.com", true */ 'p', 'r', 'e', 's', 'c', 'r', 'i', 'p', 't', 'i', 'o', 'n', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "present-m.com", true */ 'p', 'r', 'e', 's', 'e', 'n', 't', '-', 'm', '.', 'c', 'o', 'm', '\0', + /* "presentesdegrife.com.br", true */ 'p', 'r', 'e', 's', 'e', 'n', 't', 'e', 's', 'd', 'e', 'g', 'r', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "president.bg", true */ 'p', 'r', 'e', 's', 'i', 'd', 'e', 'n', 't', '.', 'b', 'g', '\0', + /* "prespanok.sk", true */ 'p', 'r', 'e', 's', 'p', 'a', 'n', 'o', 'k', '.', 's', 'k', '\0', + /* "press-presse.ca", true */ 'p', 'r', 'e', 's', 's', '-', 'p', 'r', 'e', 's', 's', 'e', '.', 'c', 'a', '\0', + /* "presscenter.jp", true */ 'p', 'r', 'e', 's', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'j', 'p', '\0', + /* "presses.ch", true */ 'p', 'r', 'e', 's', 's', 'e', 's', '.', 'c', 'h', '\0', + /* "pressography.org", true */ 'p', 'r', 'e', 's', 's', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'o', 'r', 'g', '\0', + /* "pressrush.com", true */ 'p', 'r', 'e', 's', 's', 'r', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "pressureradio.com", true */ 'p', 'r', 'e', 's', 's', 'u', 'r', 'e', 'r', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "prestburyscouts.org.uk", true */ 'p', 'r', 'e', 's', 't', 'b', 'u', 'r', 'y', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "prestige-car-location.ch", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', '-', 'c', 'a', 'r', '-', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "prestige-portal.com", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "prestigebouncycastles.co.uk", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "prestigeeventshire.co.uk", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 'e', 'v', 'e', 'n', 't', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "prestigerepairs.com.au", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 'r', 'e', 'p', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "prestigesigns.net", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 's', 'i', 'g', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "prestonandsons.com.au", true */ 'p', 'r', 'e', 's', 't', 'o', 'n', 'a', 'n', 'd', 's', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "prestonbrant.com", true */ 'p', 'r', 'e', 's', 't', 'o', 'n', 'b', 'r', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "pretachique.com.br", true */ 'p', 'r', 'e', 't', 'a', 'c', 'h', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pretix.eu", true */ 'p', 'r', 'e', 't', 'i', 'x', '.', 'e', 'u', '\0', + /* "pretrialservices.gov", true */ 'p', 'r', 'e', 't', 'r', 'i', 'a', 'l', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'g', 'o', 'v', '\0', + /* "pretty.hu", true */ 'p', 'r', 'e', 't', 't', 'y', '.', 'h', 'u', '\0', + /* "prettytunesapp.com", true */ 'p', 'r', 'e', 't', 't', 'y', 't', 'u', 'n', 'e', 's', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "pretwolk.nl", true */ 'p', 'r', 'e', 't', 'w', 'o', 'l', 'k', '.', 'n', 'l', '\0', + /* "pretzelx.com", true */ 'p', 'r', 'e', 't', 'z', 'e', 'l', 'x', '.', 'c', 'o', 'm', '\0', + /* "prevenir.ch", true */ 'p', 'r', 'e', 'v', 'e', 'n', 'i', 'r', '.', 'c', 'h', '\0', + /* "priceholic.com", true */ 'p', 'r', 'i', 'c', 'e', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "pricesniffer.co", true */ 'p', 'r', 'i', 'c', 'e', 's', 'n', 'i', 'f', 'f', 'e', 'r', '.', 'c', 'o', '\0', + /* "prideindomination.com", true */ 'p', 'r', 'i', 'd', 'e', 'i', 'n', 'd', 'o', 'm', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "pridetechdesign.com", true */ 'p', 'r', 'i', 'd', 'e', 't', 'e', 'c', 'h', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "prielwurmjaeger.de", true */ 'p', 'r', 'i', 'e', 'l', 'w', 'u', 'r', 'm', 'j', 'a', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "prifo.se", true */ 'p', 'r', 'i', 'f', 'o', '.', 's', 'e', '\0', + /* "primaconsulting.net", true */ 'p', 'r', 'i', 'm', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "primalinea.pro", true */ 'p', 'r', 'i', 'm', 'a', 'l', 'i', 'n', 'e', 'a', '.', 'p', 'r', 'o', '\0', + /* "primates.com", true */ 'p', 'r', 'i', 'm', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "primewho.org", true */ 'p', 'r', 'i', 'm', 'e', 'w', 'h', 'o', '.', 'o', 'r', 'g', '\0', + /* "primordialsnooze.com", true */ 'p', 'r', 'i', 'm', 'o', 'r', 'd', 'i', 'a', 'l', 's', 'n', 'o', 'o', 'z', 'e', '.', 'c', 'o', 'm', '\0', + /* "primotiles.co.uk", true */ 'p', 'r', 'i', 'm', 'o', 't', 'i', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "primotilesandbathrooms.co.uk", true */ 'p', 'r', 'i', 'm', 'o', 't', 'i', 'l', 'e', 's', 'a', 'n', 'd', 'b', 'a', 't', 'h', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "princeagency.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "princeofwhales.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 'o', 'f', 'w', 'h', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "princesparktouch.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 's', 'p', 'a', 'r', 'k', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "princessmargaretlotto.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 's', 's', 'm', 'a', 'r', 'g', 'a', 'r', 'e', 't', 'l', 'o', 't', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "principalstest.com", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'a', 'l', 's', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "principaltoolbox.com", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'a', 'l', 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "principia-journal.de", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'i', 'a', '-', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'd', 'e', '\0', + /* "principia-magazin.de", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'i', 'a', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0', + /* "principia-online.de", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'i', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "princovi.cz", true */ 'p', 'r', 'i', 'n', 'c', 'o', 'v', 'i', '.', 'c', 'z', '\0', + /* "prinesdoma.at", true */ 'p', 'r', 'i', 'n', 'e', 's', 'd', 'o', 'm', 'a', '.', 'a', 't', '\0', + /* "prinice.org", true */ 'p', 'r', 'i', 'n', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "printeknologies.com", true */ 'p', 'r', 'i', 'n', 't', 'e', 'k', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "printerleasing.be", true */ 'p', 'r', 'i', 'n', 't', 'e', 'r', 'l', 'e', 'a', 's', 'i', 'n', 'g', '.', 'b', 'e', '\0', + /* "printexpress.cloud", true */ 'p', 'r', 'i', 'n', 't', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "printf.de", true */ 'p', 'r', 'i', 'n', 't', 'f', '.', 'd', 'e', '\0', + /* "printler.com", true */ 'p', 'r', 'i', 'n', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "printmet.com", true */ 'p', 'r', 'i', 'n', 't', 'm', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "prior-it.be", true */ 'p', 'r', 'i', 'o', 'r', '-', 'i', 't', '.', 'b', 'e', '\0', + /* "priorite-education.com", true */ 'p', 'r', 'i', 'o', 'r', 'i', 't', 'e', '-', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "priorityelectric.net", true */ 'p', 'r', 'i', 'o', 'r', 'i', 't', 'y', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "prioritynissannewportnewsparts.com", true */ 'p', 'r', 'i', 'o', 'r', 'i', 't', 'y', 'n', 'i', 's', 's', 'a', 'n', 'n', 'e', 'w', 'p', 'o', 'r', 't', 'n', 'e', 'w', 's', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "pristal.eu", true */ 'p', 'r', 'i', 's', 't', 'a', 'l', '.', 'e', 'u', '\0', + /* "pristineevents.co.uk", true */ 'p', 'r', 'i', 's', 't', 'i', 'n', 'e', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "priv.im", true */ 'p', 'r', 'i', 'v', '.', 'i', 'm', '\0', + /* "priva.si", true */ 'p', 'r', 'i', 'v', 'a', '.', 's', 'i', '\0', + /* "privacy-week-vienna.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', '-', 'w', 'e', 'e', 'k', '-', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'a', 't', '\0', + /* "privacy-week.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', '-', 'w', 'e', 'e', 'k', '.', 'a', 't', '\0', + /* "privacy.com", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "privacybadger.org", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'b', 'a', 'd', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "privacyforjournalists.org.au", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'f', 'o', 'r', 'j', 'o', 'u', 'r', 'n', 'a', 'l', 'i', 's', 't', 's', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "privacyinternational.org", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "privacynow.eu", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'n', 'o', 'w', '.', 'e', 'u', '\0', + /* "privacyscore.org", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 's', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "privacyweek.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', '.', 'a', 't', '\0', + /* "privacyweek.de", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', '.', 'd', 'e', '\0', + /* "privacyweek.eu", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', '.', 'e', 'u', '\0', + /* "privacyweekvienna.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'a', 't', '\0', + /* "privaday.de", true */ 'p', 'r', 'i', 'v', 'a', 'd', 'a', 'y', '.', 'd', 'e', '\0', + /* "privasphere.com", true */ 'p', 'r', 'i', 'v', 'a', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "privatebanks.uk", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'b', 'a', 'n', 'k', 's', '.', 'u', 'k', '\0', + /* "privatebin.info", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'b', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "privategiant.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'g', 'i', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "privateideas.de", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'i', 'd', 'e', 'a', 's', '.', 'd', 'e', '\0', + /* "privateimarketing.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'i', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "privatepokertour.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'p', 'o', 'k', 'e', 'r', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "privatepropertymallorca.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'm', 'a', 'l', 'l', 'o', 'r', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "privaterelay.com", false */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'r', 'e', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "privatestatic.com", false */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 's', 't', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "privatewolke.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'w', 'o', 'l', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "privatfrei.de", true */ 'p', 'r', 'i', 'v', 'a', 't', 'f', 'r', 'e', 'i', '.', 'd', 'e', '\0', + /* "privea.fr", true */ 'p', 'r', 'i', 'v', 'e', 'a', '.', 'f', 'r', '\0', + /* "priverify.com", true */ 'p', 'r', 'i', 'v', 'e', 'r', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "privu.me", true */ 'p', 'r', 'i', 'v', 'u', '.', 'm', 'e', '\0', + /* "prjktruby.com", true */ 'p', 'r', 'j', 'k', 't', 'r', 'u', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "prknje.com", true */ 'p', 'r', 'k', 'n', 'j', 'e', '.', 'c', 'o', 'm', '\0', + /* "prlved.co.uk", true */ 'p', 'r', 'l', 'v', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "prnav.com", true */ 'p', 'r', 'n', 'a', 'v', '.', 'c', 'o', 'm', '\0', + /* "pro-bike.ro", true */ 'p', 'r', 'o', '-', 'b', 'i', 'k', 'e', '.', 'r', 'o', '\0', + /* "pro-ing.com", true */ 'p', 'r', 'o', '-', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "pro-link.eu", true */ 'p', 'r', 'o', '-', 'l', 'i', 'n', 'k', '.', 'e', 'u', '\0', + /* "pro-mile.pl", true */ 'p', 'r', 'o', '-', 'm', 'i', 'l', 'e', '.', 'p', 'l', '\0', + /* "pro-netz.de", true */ 'p', 'r', 'o', '-', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "pro-wiert.pl", true */ 'p', 'r', 'o', '-', 'w', 'i', 'e', 'r', 't', '.', 'p', 'l', '\0', + /* "proautorepairs.com.au", true */ 'p', 'r', 'o', 'a', 'u', 't', 'o', 'r', 'e', 'p', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "probase.ph", true */ 'p', 'r', 'o', 'b', 'a', 's', 'e', '.', 'p', 'h', '\0', + /* "probely.com", true */ 'p', 'r', 'o', 'b', 'e', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "probiv.biz", true */ 'p', 'r', 'o', 'b', 'i', 'v', '.', 'b', 'i', 'z', '\0', + /* "probiv.cc", true */ 'p', 'r', 'o', 'b', 'i', 'v', '.', 'c', 'c', '\0', + /* "procens.us", true */ 'p', 'r', 'o', 'c', 'e', 'n', 's', '.', 'u', 's', '\0', + /* "procensus.com", true */ 'p', 'r', 'o', 'c', 'e', 'n', 's', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "procert.ch", true */ 'p', 'r', 'o', 'c', 'e', 'r', 't', '.', 'c', 'h', '\0', + /* "processesinmotion.com", true */ 'p', 'r', 'o', 'c', 'e', 's', 's', 'e', 's', 'i', 'n', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "procharter.com", true */ 'p', 'r', 'o', 'c', 'h', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "procinorte.net", true */ 'p', 'r', 'o', 'c', 'i', 'n', 'o', 'r', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "proclib.org", true */ 'p', 'r', 'o', 'c', 'l', 'i', 'b', '.', 'o', 'r', 'g', '\0', + /* "procrastinationland.com", true */ 'p', 'r', 'o', 'c', 'r', 'a', 's', 't', 'i', 'n', 'a', 't', 'i', 'o', 'n', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "proctorio.com", true */ 'p', 'r', 'o', 'c', 't', 'o', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "prodct.info", true */ 'p', 'r', 'o', 'd', 'c', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "prodigia.com", true */ 'p', 'r', 'o', 'd', 'i', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "prodinger.com", true */ 'p', 'r', 'o', 'd', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "prodsim.ninja", true */ 'p', 'r', 'o', 'd', 's', 'i', 'm', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "producertools.io", true */ 'p', 'r', 'o', 'd', 'u', 'c', 'e', 'r', 't', 'o', 'o', 'l', 's', '.', 'i', 'o', '\0', + /* "productbarcodes.com", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'b', 'a', 'r', 'c', 'o', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "productboard.com", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "productdesignsoftware.com.au", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'd', 'e', 's', 'i', 'g', 'n', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "productgap.com", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'g', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "productived.net", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'v', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "productpeo.pl", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'p', 'e', 'o', '.', 'p', 'l', '\0', + /* "products4more.at", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', '4', 'm', 'o', 'r', 'e', '.', 'a', 't', '\0', + /* "proefteksten.nl", false */ 'p', 'r', 'o', 'e', 'f', 't', 'e', 'k', 's', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "proemployeeprotection.com", true */ 'p', 'r', 'o', 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "proemployeeprotection.net", true */ 'p', 'r', 'o', 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "prof.ch", true */ 'p', 'r', 'o', 'f', '.', 'c', 'h', '\0', + /* "profection.biz", true */ 'p', 'r', 'o', 'f', 'e', 'c', 't', 'i', 'o', 'n', '.', 'b', 'i', 'z', '\0', + /* "professionalboundaries.com", true */ 'p', 'r', 'o', 'f', 'e', 's', 's', 'i', 'o', 'n', 'a', 'l', 'b', 'o', 'u', 'n', 'd', 'a', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "professors.ee", true */ 'p', 'r', 'o', 'f', 'e', 's', 's', 'o', 'r', 's', '.', 'e', 'e', '\0', + /* "profidea.cz", true */ 'p', 'r', 'o', 'f', 'i', 'd', 'e', 'a', '.', 'c', 'z', '\0', + /* "profile.tf", true */ 'p', 'r', 'o', 'f', 'i', 'l', 'e', '.', 't', 'f', '\0', + /* "profiles.google.com", true */ 'p', 'r', 'o', 'f', 'i', 'l', 'e', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "profinetz.de", true */ 'p', 'r', 'o', 'f', 'i', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "profitablewebprojects.com", true */ 'p', 'r', 'o', 'f', 'i', 't', 'a', 'b', 'l', 'e', 'w', 'e', 'b', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "profitopia.de", true */ 'p', 'r', 'o', 'f', 'i', 't', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0', + /* "proft.eu", true */ 'p', 'r', 'o', 'f', 't', '.', 'e', 'u', '\0', + /* "progarm.org", true */ 'p', 'r', 'o', 'g', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0', + /* "progeon.nl", true */ 'p', 'r', 'o', 'g', 'e', 'o', 'n', '.', 'n', 'l', '\0', + /* "progg.no", true */ 'p', 'r', 'o', 'g', 'g', '.', 'n', 'o', '\0', + /* "proggersession.com", true */ 'p', 'r', 'o', 'g', 'g', 'e', 'r', 's', 'e', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "proggersession.de", true */ 'p', 'r', 'o', 'g', 'g', 'e', 'r', 's', 'e', 's', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "progiscad.com", true */ 'p', 'r', 'o', 'g', 'i', 's', 'c', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "progolfjourney.com", true */ 'p', 'r', 'o', 'g', 'o', 'l', 'f', 'j', 'o', 'u', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "programsupport300procent.com", true */ 'p', 'r', 'o', 'g', 'r', 'a', 'm', 's', 'u', 'p', 'p', 'o', 'r', 't', '3', '0', '0', 'p', 'r', 'o', 'c', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "progreso.pl", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 'o', '.', 'p', 'l', '\0', + /* "progress-linux.org", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', '-', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0', + /* "progress.photos", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', '.', 'p', 'h', 'o', 't', 'o', 's', '\0', + /* "progressive.work", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', 'i', 'v', 'e', '.', 'w', 'o', 'r', 'k', '\0', + /* "progressiveplanning.com", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', 'i', 'v', 'e', 'p', 'l', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "prohrcloud.com", true */ 'p', 'r', 'o', 'h', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "proj.org.cn", true */ 'p', 'r', 'o', 'j', '.', 'o', 'r', 'g', '.', 'c', 'n', '\0', + /* "project-rune.tech", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '-', 'r', 'u', 'n', 'e', '.', 't', 'e', 'c', 'h', '\0', + /* "project-splash.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '-', 's', 'p', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "project-stats.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '-', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "project.supply", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0', + /* "projectarmy.net", false */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'a', 'r', 'm', 'y', '.', 'n', 'e', 't', '\0', + /* "projectbenson.com", false */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'b', 'e', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "projectblackbook.us", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'b', 'l', 'a', 'c', 'k', 'b', 'o', 'o', 'k', '.', 'u', 's', '\0', + /* "projectcastle.tech", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'c', 'a', 's', 't', 'l', 'e', '.', 't', 'e', 'c', 'h', '\0', + /* "projectforge.org", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'f', 'o', 'r', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "projectherogames.xyz", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'h', 'e', 'r', 'o', 'g', 'a', 'm', 'e', 's', '.', 'x', 'y', 'z', '\0', + /* "projectnom.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'n', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "projectsecretidentity.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', 'e', 'c', 'r', 'e', 't', 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "projectsecretidentity.org", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', 'e', 'c', 'r', 'e', 't', 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "projectte.ch", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 't', 'e', '.', 'c', 'h', '\0', + /* "projectunity.io", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'u', 'n', 'i', 't', 'y', '.', 'i', 'o', '\0', + /* "projekt-umbriel.de", true */ 'p', 'r', 'o', 'j', 'e', 'k', 't', '-', 'u', 'm', 'b', 'r', 'i', 'e', 'l', '.', 'd', 'e', '\0', + /* "projektzentrisch.de", true */ 'p', 'r', 'o', 'j', 'e', 'k', 't', 'z', 'e', 'n', 't', 'r', 'i', 's', 'c', 'h', '.', 'd', 'e', '\0', + /* "projest.ch", true */ 'p', 'r', 'o', 'j', 'e', 's', 't', '.', 'c', 'h', '\0', + /* "prok.pw", true */ 'p', 'r', 'o', 'k', '.', 'p', 'w', '\0', + /* "promedicalapplications.com", true */ 'p', 'r', 'o', 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "prometheanfire.net", true */ 'p', 'r', 'o', 'm', 'e', 't', 'h', 'e', 'a', 'n', 'f', 'i', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "prometheanfire.org", true */ 'p', 'r', 'o', 'm', 'e', 't', 'h', 'e', 'a', 'n', 'f', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "promhadan.com", true */ 'p', 'r', 'o', 'm', 'h', 'a', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "promisesaplus.com", true */ 'p', 'r', 'o', 'm', 'i', 's', 'e', 's', 'a', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "promocao.email", true */ 'p', 'r', 'o', 'm', 'o', 'c', 'a', 'o', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "promods.net", true */ 'p', 'r', 'o', 'm', 'o', 'd', 's', '.', 'n', 'e', 't', '\0', + /* "promohunt.ru", true */ 'p', 'r', 'o', 'm', 'o', 'h', 'u', 'n', 't', '.', 'r', 'u', '\0', + /* "promolover.com", true */ 'p', 'r', 'o', 'm', 'o', 'l', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "promopony.com", true */ 'p', 'r', 'o', 'm', 'o', 'p', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "promoscuola.net", true */ 'p', 'r', 'o', 'm', 'o', 's', 'c', 'u', 'o', 'l', 'a', '.', 'n', 'e', 't', '\0', + /* "promoterms.com.au", true */ 'p', 'r', 'o', 'm', 'o', 't', 'e', 'r', 'm', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "promotiongeeks.com", false */ 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 'g', 'e', 'e', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "pronto-intervento.net", true */ 'p', 'r', 'o', 'n', 't', 'o', '-', 'i', 'n', 't', 'e', 'r', 'v', 'e', 'n', 't', 'o', '.', 'n', 'e', 't', '\0', + /* "proobec.cz", true */ 'p', 'r', 'o', 'o', 'b', 'e', 'c', '.', 'c', 'z', '\0', + /* "proofwiki.org", true */ 'p', 'r', 'o', 'o', 'f', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "proos.nl", true */ 'p', 'r', 'o', 'o', 's', '.', 'n', 'l', '\0', + /* "proovn.com", true */ 'p', 'r', 'o', 'o', 'v', 'n', '.', 'c', 'o', 'm', '\0', + /* "propagandablog.de", true */ 'p', 'r', 'o', 'p', 'a', 'g', 'a', 'n', 'd', 'a', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "propagandism.org", true */ 'p', 'r', 'o', 'p', 'a', 'g', 'a', 'n', 'd', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0', + /* "propagationtools.com", true */ 'p', 'r', 'o', 'p', 'a', 'g', 'a', 't', 'i', 'o', 'n', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "propepper.net", true */ 'p', 'r', 'o', 'p', 'e', 'p', 'p', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "propershave.com", true */ 'p', 'r', 'o', 'p', 'e', 'r', 's', 'h', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "properticons.com", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "property-catalogue.eu", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '-', 'c', 'a', 't', 'a', 'l', 'o', 'g', 'u', 'e', '.', 'e', 'u', '\0', + /* "propertygroup.pl", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'p', 'l', '\0', + /* "propertyone.mk", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'o', 'n', 'e', '.', 'm', 'k', '\0', + /* "propipesystem.com", true */ 'p', 'r', 'o', 'p', 'i', 'p', 'e', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "proplan.co.il", true */ 'p', 'r', 'o', 'p', 'l', 'a', 'n', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "proposalonline.com", true */ 'p', 'r', 'o', 'p', 'o', 's', 'a', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "propr.no", true */ 'p', 'r', 'o', 'p', 'r', '.', 'n', 'o', '\0', + /* "propseller.com", true */ 'p', 'r', 'o', 'p', 's', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "proseandleprechauns.com", true */ 'p', 'r', 'o', 's', 'e', 'a', 'n', 'd', 'l', 'e', 'p', 'r', 'e', 'c', 'h', 'a', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "prosenseit.com", true */ 'p', 'r', 'o', 's', 'e', 'n', 's', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "proslimdiets.com", true */ 'p', 'r', 'o', 's', 'l', 'i', 'm', 'd', 'i', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "prosocialmachines.com", true */ 'p', 'r', 'o', 's', 'o', 'c', 'i', 'a', 'l', 'm', 'a', 'c', 'h', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "prospanek.cz", true */ 'p', 'r', 'o', 's', 'p', 'a', 'n', 'e', 'k', '.', 'c', 'z', '\0', + /* "prospo.co", true */ 'p', 'r', 'o', 's', 'p', 'o', '.', 'c', 'o', '\0', + /* "prostohobby.ru", true */ 'p', 'r', 'o', 's', 't', 'o', 'h', 'o', 'b', 'b', 'y', '.', 'r', 'u', '\0', + /* "prostye-recepty.com", true */ 'p', 'r', 'o', 's', 't', 'y', 'e', '-', 'r', 'e', 'c', 'e', 'p', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "prot.ch", true */ 'p', 'r', 'o', 't', '.', 'c', 'h', '\0', + /* "proteapower.co.za", true */ 'p', 'r', 'o', 't', 'e', 'a', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "protecciondelconsumidor.gov", true */ 'p', 'r', 'o', 't', 'e', 'c', 'c', 'i', 'o', 'n', 'd', 'e', 'l', 'c', 'o', 'n', 's', 'u', 'm', 'i', 'd', 'o', 'r', '.', 'g', 'o', 'v', '\0', + /* "protegetudescanso.com", true */ 'p', 'r', 'o', 't', 'e', 'g', 'e', 't', 'u', 'd', 'e', 's', 'c', 'a', 'n', 's', 'o', '.', 'c', 'o', 'm', '\0', + /* "proteinnuts.cz", true */ 'p', 'r', 'o', 't', 'e', 'i', 'n', 'n', 'u', 't', 's', '.', 'c', 'z', '\0', + /* "proteinnuts.sk", true */ 'p', 'r', 'o', 't', 'e', 'i', 'n', 'n', 'u', 't', 's', '.', 's', 'k', '\0', + /* "protempore.fr", true */ 'p', 'r', 'o', 't', 'e', 'm', 'p', 'o', 'r', 'e', '.', 'f', 'r', '\0', + /* "proteus-eretes.nl", true */ 'p', 'r', 'o', 't', 'e', 'u', 's', '-', 'e', 'r', 'e', 't', 'e', 's', '.', 'n', 'l', '\0', + /* "proteus-tech.com", true */ 'p', 'r', 'o', 't', 'e', 'u', 's', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "proto-online.ru", true */ 'p', 'r', 'o', 't', 'o', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'u', '\0', + /* "protonmail.ch", true */ 'p', 'r', 'o', 't', 'o', 'n', 'm', 'a', 'i', 'l', '.', 'c', 'h', '\0', + /* "protonmail.com", true */ 'p', 'r', 'o', 't', 'o', 'n', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "protonvpn.com", true */ 'p', 'r', 'o', 't', 'o', 'n', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0', + /* "prototypefund.de", true */ 'p', 'r', 'o', 't', 'o', 't', 'y', 'p', 'e', 'f', 'u', 'n', 'd', '.', 'd', 'e', '\0', + /* "protoxin.net", false */ 'p', 'r', 'o', 't', 'o', 'x', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "proust.ch", false */ 'p', 'r', 'o', 'u', 's', 't', '.', 'c', 'h', '\0', + /* "proust.media", false */ 'p', 'r', 'o', 'u', 's', 't', '.', 'm', 'e', 'd', 'i', 'a', '\0', + /* "proustmedia.de", false */ 'p', 'r', 'o', 'u', 's', 't', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0', + /* "provectus.de", true */ 'p', 'r', 'o', 'v', 'e', 'c', 't', 'u', 's', '.', 'd', 'e', '\0', + /* "proveits.me", false */ 'p', 'r', 'o', 'v', 'e', 'i', 't', 's', '.', 'm', 'e', '\0', + /* "provence-appartements.com", true */ 'p', 'r', 'o', 'v', 'e', 'n', 'c', 'e', '-', 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "providerlijst.com", true */ 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', 'l', 'i', 'j', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "providerlijst.nl", true */ 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', 'l', 'i', 'j', 's', 't', '.', 'n', 'l', '\0', + /* "provision-isr.nl", true */ 'p', 'r', 'o', 'v', 'i', 's', 'i', 'o', 'n', '-', 'i', 's', 'r', '.', 'n', 'l', '\0', + /* "provisionaldriving.com", true */ 'p', 'r', 'o', 'v', 'i', 's', 'i', 'o', 'n', 'a', 'l', 'd', 'r', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "provitec.com", true */ 'p', 'r', 'o', 'v', 'i', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "provitec.de", true */ 'p', 'r', 'o', 'v', 'i', 't', 'e', 'c', '.', 'd', 'e', '\0', + /* "provokator.co.il", true */ 'p', 'r', 'o', 'v', 'o', 'k', 'a', 't', 'o', 'r', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "proweser.de", true */ 'p', 'r', 'o', 'w', 'e', 's', 'e', 'r', '.', 'd', 'e', '\0', + /* "prowise.com", true */ 'p', 'r', 'o', 'w', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "proxbox.net", true */ 'p', 'r', 'o', 'x', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "proximityradio.fr", true */ 'p', 'r', 'o', 'x', 'i', 'm', 'i', 't', 'y', 'r', 'a', 'd', 'i', 'o', '.', 'f', 'r', '\0', + /* "proxybay.co", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'c', 'o', '\0', + /* "proxybay.eu.org", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "proxybay.la", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'l', 'a', '\0', + /* "proxybay.one", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'o', 'n', 'e', '\0', + /* "proxybay.tv", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 't', 'v', '\0', + /* "proxyportal.me", true */ 'p', 'r', 'o', 'x', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'm', 'e', '\0', + /* "proxyportal.net", true */ 'p', 'r', 'o', 'x', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "proxyportal.org", true */ 'p', 'r', 'o', 'x', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "proymaganadera.com", true */ 'p', 'r', 'o', 'y', 'm', 'a', 'g', 'a', 'n', 'a', 'd', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "prstatic.com", true */ 'p', 'r', 's', 't', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "prt.in.th", true */ 'p', 'r', 't', '.', 'i', 'n', '.', 't', 'h', '\0', + /* "prtimes.com", true */ 'p', 'r', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "prtpe.com", true */ 'p', 'r', 't', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "pruma.com.br", true */ 'p', 'r', 'u', 'm', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "prvikvadrat.hr", true */ 'p', 'r', 'v', 'i', 'k', 'v', 'a', 'd', 'r', 'a', 't', '.', 'h', 'r', '\0', + /* "pryspry.com", true */ 'p', 'r', 'y', 's', 'p', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "przemas.pl", true */ 'p', 'r', 'z', 'e', 'm', 'a', 's', '.', 'p', 'l', '\0', + /* "ps-provider.co.jp", true */ 'p', 's', '-', 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "ps-qa.com", true */ 'p', 's', '-', 'q', 'a', '.', 'c', 'o', 'm', '\0', + /* "ps-w.ru", true */ 'p', 's', '-', 'w', '.', 'r', 'u', '\0', + /* "ps-x.ru", true */ 'p', 's', '-', 'x', '.', 'r', 'u', '\0', + /* "ps4all.nl", true */ 'p', 's', '4', 'a', 'l', 'l', '.', 'n', 'l', '\0', + /* "psa.gov", true */ 'p', 's', 'a', '.', 'g', 'o', 'v', '\0', + /* "psb.cloud", true */ 'p', 's', 'b', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "psb1.org", true */ 'p', 's', 'b', '1', '.', 'o', 'r', 'g', '\0', + /* "psb1911.com", true */ 'p', 's', 'b', '1', '9', '1', '1', '.', 'c', 'o', 'm', '\0', + /* "psb4ukr.org", true */ 'p', 's', 'b', '4', 'u', 'k', 'r', '.', 'o', 'r', 'g', '\0', + /* "psbarrett.com", true */ 'p', 's', 'b', 'a', 'r', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "psc.gov", true */ 'p', 's', 'c', '.', 'g', 'o', 'v', '\0', + /* "pschierl.com", true */ 'p', 's', 'c', 'h', 'i', 'e', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "psdsfn.com", true */ 'p', 's', 'd', 's', 'f', 'n', '.', 'c', 'o', 'm', '\0', + /* "pseta.ru", true */ 'p', 's', 'e', 't', 'a', '.', 'r', 'u', '\0', + /* "pseudo.coffee", true */ 'p', 's', 'e', 'u', 'd', 'o', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0', + /* "psicoexpansao.com.br", true */ 'p', 's', 'i', 'c', 'o', 'e', 'x', 'p', 'a', 'n', 's', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "psicologoforensebarcelona.com", true */ 'p', 's', 'i', 'c', 'o', 'l', 'o', 'g', 'o', 'f', 'o', 'r', 'e', 'n', 's', 'e', 'b', 'a', 'r', 'c', 'e', 'l', 'o', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "psicologoforensemadrid.com", true */ 'p', 's', 'i', 'c', 'o', 'l', 'o', 'g', 'o', 'f', 'o', 'r', 'e', 'n', 's', 'e', 'm', 'a', 'd', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "psicosalud.online", true */ 'p', 's', 'i', 'c', 'o', 's', 'a', 'l', 'u', 'd', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "psm.org.ph", true */ 'p', 's', 'm', '.', 'o', 'r', 'g', '.', 'p', 'h', '\0', + /* "pson.ninja", true */ 'p', 's', 'o', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "psono.pw", true */ 'p', 's', 'o', 'n', 'o', '.', 'p', 'w', '\0', + /* "pssgcsim.org", true */ 'p', 's', 's', 'g', 'c', 's', 'i', 'm', '.', 'o', 'r', 'g', '\0', + /* "pste.pw", true */ 'p', 's', 't', 'e', '.', 'p', 'w', '\0', + /* "pstrozniak.com", true */ 'p', 's', 't', 'r', 'o', 'z', 'n', 'i', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "psu.je", true */ 'p', 's', 'u', '.', 'j', 'e', '\0', + /* "psw-consulting.de", true */ 'p', 's', 'w', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "psw-group.de", true */ 'p', 's', 'w', '-', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'e', '\0', + /* "psw.net", true */ 'p', 's', 'w', '.', 'n', 'e', 't', '\0', + /* "psxtr.com", true */ 'p', 's', 'x', 't', 'r', '.', 'c', 'o', 'm', '\0', + /* "psyao.ch", true */ 'p', 's', 'y', 'a', 'o', '.', 'c', 'h', '\0', + /* "psychedelia.com", true */ 'p', 's', 'y', 'c', 'h', 'e', 'd', 'e', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "psychedelics.org", true */ 'p', 's', 'y', 'c', 'h', 'e', 'd', 'e', 'l', 'i', 'c', 's', '.', 'o', 'r', 'g', '\0', + /* "psychiatrie-betreuung.ch", true */ 'p', 's', 'y', 'c', 'h', 'i', 'a', 't', 'r', 'i', 'e', '-', 'b', 'e', 't', 'r', 'e', 'u', 'u', 'n', 'g', '.', 'c', 'h', '\0', + /* "psychic-healer-mariya-i-petrova-boyankinska-b-borovan-bg.com", true */ 'p', 's', 'y', 'c', 'h', 'i', 'c', '-', 'h', 'e', 'a', 'l', 'e', 'r', '-', 'm', 'a', 'r', 'i', 'y', 'a', '-', 'i', '-', 'p', 'e', 't', 'r', 'o', 'v', 'a', '-', 'b', 'o', 'y', 'a', 'n', 'k', 'i', 'n', 's', 'k', 'a', '-', 'b', '-', 'b', 'o', 'r', 'o', 'v', 'a', 'n', '-', 'b', 'g', '.', 'c', 'o', 'm', '\0', + /* "psychintervention.com", true */ 'p', 's', 'y', 'c', 'h', 'i', 'n', 't', 'e', 'r', 'v', 'e', 'n', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "psycho-lobby.com", true */ 'p', 's', 'y', 'c', 'h', 'o', '-', 'l', 'o', 'b', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "psycho.space", true */ 'p', 's', 'y', 'c', 'h', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "psychoactive.com", true */ 'p', 's', 'y', 'c', 'h', 'o', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "psychotherapie-kp.de", true */ 'p', 's', 'y', 'c', 'h', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'i', 'e', '-', 'k', 'p', '.', 'd', 'e', '\0', + /* "psydix.org", true */ 'p', 's', 'y', 'd', 'i', 'x', '.', 'o', 'r', 'g', '\0', + /* "psyk.yt", true */ 'p', 's', 'y', 'k', '.', 'y', 't', '\0', + /* "psylab.cc", true */ 'p', 's', 'y', 'l', 'a', 'b', '.', 'c', 'c', '\0', + /* "psylab.re", true */ 'p', 's', 'y', 'l', 'a', 'b', '.', 'r', 'e', '\0', + /* "psylab.vip", true */ 'p', 's', 'y', 'l', 'a', 'b', '.', 'v', 'i', 'p', '\0', + /* "psynapse.net.au", true */ 'p', 's', 'y', 'n', 'a', 'p', 's', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "pt-server.de", true */ 'p', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "ptal.eu", true */ 'p', 't', 'a', 'l', '.', 'e', 'u', '\0', + /* "ptbi.org.pl", true */ 'p', 't', 'b', 'i', '.', 'o', 'r', 'g', '.', 'p', 'l', '\0', + /* "ptbx.co", true */ 'p', 't', 'b', 'x', '.', 'c', 'o', '\0', + /* "pterodactylus.cz", true */ 'p', 't', 'e', 'r', 'o', 'd', 'a', 'c', 't', 'y', 'l', 'u', 's', '.', 'c', 'z', '\0', + /* "ptgoldensun.com", true */ 'p', 't', 'g', 'o', 'l', 'd', 'e', 'n', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "ptm.ro", false */ 'p', 't', 'm', '.', 'r', 'o', '\0', + /* "ptmarquees.ie", true */ 'p', 't', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'i', 'e', '\0', + /* "ptrbrs.nl", true */ 'p', 't', 'r', 'b', 'r', 's', '.', 'n', 'l', '\0', + /* "ptrl.ws", true */ 'p', 't', 'r', 'l', '.', 'w', 's', '\0', + /* "ptron.org", true */ 'p', 't', 'r', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "ptrujillo.com", true */ 'p', 't', 'r', 'u', 'j', 'i', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "puac.de", true */ 'p', 'u', 'a', 'c', '.', 'd', 'e', '\0', + /* "pub-online.ro", true */ 'p', 'u', 'b', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'o', '\0', + /* "pubi.me", true */ 'p', 'u', 'b', 'i', '.', 'm', 'e', '\0', + /* "publanda.nl", true */ 'p', 'u', 'b', 'l', 'a', 'n', 'd', 'a', '.', 'n', 'l', '\0', + /* "public-g.de", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'g', '.', 'd', 'e', '\0', + /* "public-projects.com", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "public-projects.de", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'd', 'e', '\0', + /* "public-vocals.de", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'v', 'o', 'c', 'a', 'l', 's', '.', 'd', 'e', '\0', + /* "publiccarauctionscalifornia.com", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'c', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "publicintegrity.org", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "publicintelligence.net", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "publick.net", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'k', '.', 'n', 'e', 't', '\0', + /* "publicsuffix.org", true */ 'p', 'u', 'b', 'l', 'i', 'c', 's', 'u', 'f', 'f', 'i', 'x', '.', 'o', 'r', 'g', '\0', + /* "publiq.space", true */ 'p', 'u', 'b', 'l', 'i', 'q', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "pubreviews.com", true */ 'p', 'u', 'b', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "pucchi.net", true */ 'p', 'u', 'c', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0', + /* "puchunguis.com", true */ 'p', 'u', 'c', 'h', 'u', 'n', 'g', 'u', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "pucssa.org", true */ 'p', 'u', 'c', 's', 's', 'a', '.', 'o', 'r', 'g', '\0', + /* "puddis.de", true */ 'p', 'u', 'd', 'd', 'i', 's', '.', 'd', 'e', '\0', + /* "puetter.eu", true */ 'p', 'u', 'e', 't', 't', 'e', 'r', '.', 'e', 'u', '\0', + /* "pugovka72.ru", true */ 'p', 'u', 'g', 'o', 'v', 'k', 'a', '7', '2', '.', 'r', 'u', '\0', + /* "puhka.me", true */ 'p', 'u', 'h', 'k', 'a', '.', 'm', 'e', '\0', + /* "puikheid.nl", true */ 'p', 'u', 'i', 'k', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0', + /* "puissancemac.ch", true */ 'p', 'u', 'i', 's', 's', 'a', 'n', 'c', 'e', 'm', 'a', 'c', '.', 'c', 'h', '\0', + /* "puli.com.br", true */ 'p', 'u', 'l', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "pulledporkheaven.com", true */ 'p', 'u', 'l', 'l', 'e', 'd', 'p', 'o', 'r', 'k', 'h', 'e', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "pulsedursley.co.uk", true */ 'p', 'u', 'l', 's', 'e', 'd', 'u', 'r', 's', 'l', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "pumperszene.com", true */ 'p', 'u', 'm', 'p', 'e', 'r', 's', 'z', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "puneflowermall.com", true */ 'p', 'u', 'n', 'e', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "punikonta.de", true */ 'p', 'u', 'n', 'i', 'k', 'o', 'n', 't', 'a', '.', 'd', 'e', '\0', + /* "punitsheth.com", true */ 'p', 'u', 'n', 'i', 't', 's', 'h', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "punkapoule.fr", true */ 'p', 'u', 'n', 'k', 'a', 'p', 'o', 'u', 'l', 'e', '.', 'f', 'r', '\0', + /* "punkdns.top", true */ 'p', 'u', 'n', 'k', 'd', 'n', 's', '.', 't', 'o', 'p', '\0', + /* "punknews.org", true */ 'p', 'u', 'n', 'k', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0', + /* "pupboss.com", true */ 'p', 'u', 'p', 'b', 'o', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "puppet.pl", true */ 'p', 'u', 'p', 'p', 'e', 't', '.', 'p', 'l', '\0', + /* "purahealthyliving.com", true */ 'p', 'u', 'r', 'a', 'h', 'e', 'a', 'l', 't', 'h', 'y', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "purelunch.co.uk", true */ 'p', 'u', 'r', 'e', 'l', 'u', 'n', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "purevapeofficial.com", true */ 'p', 'u', 'r', 'e', 'v', 'a', 'p', 'e', 'o', 'f', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "purikore.com", true */ 'p', 'u', 'r', 'i', 'k', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "purplebooth.co.uk", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'b', 'o', 'o', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "purplebricksplc.com", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'b', 'r', 'i', 'c', 'k', 's', 'p', 'l', 'c', '.', 'c', 'o', 'm', '\0', + /* "purplemoon.ch", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'm', 'o', 'o', 'n', '.', 'c', 'h', '\0', + /* "purpleplains.net", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'p', 'l', 'a', 'i', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "purplepr.bg", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'p', 'r', '.', 'b', 'g', '\0', + /* "purplestar.ch", true */ 'p', 'u', 'r', 'p', 'l', 'e', 's', 't', 'a', 'r', '.', 'c', 'h', '\0', + /* "purplestar.com", true */ 'p', 'u', 'r', 'p', 'l', 'e', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "purplewindows.net", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'n', 'e', 't', '\0', + /* "purplez.pw", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'z', '.', 'p', 'w', '\0', + /* "purpspc.com", true */ 'p', 'u', 'r', 'p', 's', 'p', 'c', '.', 'c', 'o', 'm', '\0', + /* "purrfect-box.co.uk", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', '-', 'b', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "purrfectboudoir.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 'b', 'o', 'u', 'd', 'o', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "purrfectcams.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "purrfectmembersclub.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 'm', 'e', 'm', 'b', 'e', 'r', 's', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "purrfectswingers.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 's', 'w', 'i', 'n', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "puryearlaw.com", true */ 'p', 'u', 'r', 'y', 'e', 'a', 'r', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "pusatinkubatorbayi.com", true */ 'p', 'u', 's', 'a', 't', 'i', 'n', 'k', 'u', 'b', 'a', 't', 'o', 'r', 'b', 'a', 'y', 'i', '.', 'c', 'o', 'm', '\0', + /* "put.moe", true */ 'p', 'u', 't', '.', 'm', 'o', 'e', '\0', + /* "put.re", true */ 'p', 'u', 't', '.', 'r', 'e', '\0', + /* "putatara.net", true */ 'p', 'u', 't', 'a', 't', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "putney.io", true */ 'p', 'u', 't', 'n', 'e', 'y', '.', 'i', 'o', '\0', + /* "puurwonengeldrop.nl", false */ 'p', 'u', 'u', 'r', 'w', 'o', 'n', 'e', 'n', 'g', 'e', 'l', 'd', 'r', 'o', 'p', '.', 'n', 'l', '\0', + /* "puxlit.net", true */ 'p', 'u', 'x', 'l', 'i', 't', '.', 'n', 'e', 't', '\0', + /* "puyallupnissanparts.com", true */ 'p', 'u', 'y', 'a', 'l', 'l', 'u', 'p', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "puyblanc.info", true */ 'p', 'u', 'y', 'b', 'l', 'a', 'n', 'c', '.', 'i', 'n', 'f', 'o', '\0', + /* "puzz.gg", true */ 'p', 'u', 'z', 'z', '.', 'g', 'g', '\0', + /* "puzz.me", true */ 'p', 'u', 'z', 'z', '.', 'm', 'e', '\0', + /* "puzzle-welt.ch", true */ 'p', 'u', 'z', 'z', 'l', 'e', '-', 'w', 'e', 'l', 't', '.', 'c', 'h', '\0', + /* "puzzlepoint.ch", true */ 'p', 'u', 'z', 'z', 'l', 'e', 'p', 'o', 'i', 'n', 't', '.', 'c', 'h', '\0', + /* "pv-paderborn-now.de", true */ 'p', 'v', '-', 'p', 'a', 'd', 'e', 'r', 'b', 'o', 'r', 'n', '-', 'n', 'o', 'w', '.', 'd', 'e', '\0', + /* "pvcvoordeel.nl", false */ 'p', 'v', 'c', 'v', 'o', 'o', 'r', 'd', 'e', 'e', 'l', '.', 'n', 'l', '\0', + /* "pvmotorco.com", true */ 'p', 'v', 'm', 'o', 't', 'o', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "pvpcraft.ca", true */ 'p', 'v', 'p', 'c', 'r', 'a', 'f', 't', '.', 'c', 'a', '\0', + /* "pvtschlag.com", true */ 'p', 'v', 't', 's', 'c', 'h', 'l', 'a', 'g', '.', 'c', 'o', 'm', '\0', + /* "pwdsafe.com", true */ 'p', 'w', 'd', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "pwe.vision", true */ 'p', 'w', 'e', '.', 'v', 'i', 's', 'i', 'o', 'n', '\0', + /* "pwfrance.com", true */ 'p', 'w', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "pwi.agency", true */ 'p', 'w', 'i', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0', + /* "pwnies.dk", true */ 'p', 'w', 'n', 'i', 'e', 's', '.', 'd', 'k', '\0', + /* "pwntr.com", true */ 'p', 'w', 'n', 't', 'r', '.', 'c', 'o', 'm', '\0', + /* "pwolk.com", true */ 'p', 'w', 'o', 'l', 'k', '.', 'c', 'o', 'm', '\0', + /* "pxx.io", true */ 'p', 'x', 'x', '.', 'i', 'o', '\0', + /* "py-amf.org", true */ 'p', 'y', '-', 'a', 'm', 'f', '.', 'o', 'r', 'g', '\0', + /* "py.search.yahoo.com", false */ 'p', 'y', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "pygarage.com", true */ 'p', 'y', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "pyjiaoyi.cf", true */ 'p', 'y', 'j', 'i', 'a', 'o', 'y', 'i', '.', 'c', 'f', '\0', + /* "pyopenssl.org", true */ 'p', 'y', 'o', 'p', 'e', 'n', 's', 's', 'l', '.', 'o', 'r', 'g', '\0', + /* "pypa.io", true */ 'p', 'y', 'p', 'a', '.', 'i', 'o', '\0', + /* "pypi.io", true */ 'p', 'y', 'p', 'i', '.', 'i', 'o', '\0', + /* "pypi.org", true */ 'p', 'y', 'p', 'i', '.', 'o', 'r', 'g', '\0', + /* "pypi.python.org", true */ 'p', 'y', 'p', 'i', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "pyrotechnologie.de", true */ 'p', 'y', 'r', 'o', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', '.', 'd', 'e', '\0', + /* "pyspace.org", true */ 'p', 'y', 's', 'p', 'a', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "python-hyper.org", true */ 'p', 'y', 't', 'h', 'o', 'n', '-', 'h', 'y', 'p', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "python.org", false */ 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "pyzlnar.com", true */ 'p', 'y', 'z', 'l', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "q-inn.com", true */ 'q', '-', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "q-inn.nl", true */ 'q', '-', 'i', 'n', 'n', '.', 'n', 'l', '\0', + /* "qa-brandywineglobal.com", true */ 'q', 'a', '-', 'b', 'r', 'a', 'n', 'd', 'y', 'w', 'i', 'n', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "qa.stg.fedoraproject.org", true */ 'q', 'a', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "qaconstrucciones.com", true */ 'q', 'a', 'c', 'o', 'n', 's', 't', 'r', 'u', 'c', 'c', 'i', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "qamrulhaque.com", true */ 'q', 'a', 'm', 'r', 'u', 'l', 'h', 'a', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "qandavision.com", false */ 'q', 'a', 'n', 'd', 'a', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "qapital.com", true */ 'q', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "qbeing.info", true */ 'q', 'b', 'e', 'i', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0', + /* "qbiju.com.br", true */ 'q', 'b', 'i', 'j', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "qbin.io", true */ 'q', 'b', 'i', 'n', '.', 'i', 'o', '\0', + /* "qbus.pl", true */ 'q', 'b', 'u', 's', '.', 'p', 'l', '\0', + /* "qc.search.yahoo.com", false */ 'q', 'c', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "qccareerschool.com", false */ 'q', 'c', 'c', 'a', 'r', 'e', 'e', 'r', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "qcdesignschool.com", true */ 'q', 'c', 'd', 'e', 's', 'i', 'g', 'n', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "qceventplanning.com", false */ 'q', 'c', 'e', 'v', 'e', 'n', 't', 'p', 'l', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "qcloud.cz", true */ 'q', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'z', '\0', + /* "qcmakeupacademy.com", true */ 'q', 'c', 'm', 'a', 'k', 'e', 'u', 'p', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0', + /* "qcstudentcenter.com", false */ 'q', 'c', 's', 't', 'u', 'd', 'e', 'n', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "qcstyleacademy.com", false */ 'q', 'c', 's', 't', 'y', 'l', 'e', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0', + /* "qctravelschool.com", false */ 'q', 'c', 't', 'r', 'a', 'v', 'e', 'l', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "qe2homelottery.com", true */ 'q', 'e', '2', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "qedcon.org", false */ 'q', 'e', 'd', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "qelectrotech.org", true */ 'q', 'e', 'l', 'e', 'c', 't', 'r', 'o', 't', 'e', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "qetesh.de", true */ 'q', 'e', 't', 'e', 's', 'h', '.', 'd', 'e', '\0', + /* "qetic.co.jp", true */ 'q', 'e', 't', 'i', 'c', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "qewc.com", true */ 'q', 'e', 'w', 'c', '.', 'c', 'o', 'm', '\0', + /* "qgustavor.tk", true */ 'q', 'g', 'u', 's', 't', 'a', 'v', 'o', 'r', '.', 't', 'k', '\0', + /* "qhse-professionals.nl", true */ 'q', 'h', 's', 'e', '-', 'p', 'r', 'o', 'f', 'e', 's', 's', 'i', 'o', 'n', 'a', 'l', 's', '.', 'n', 'l', '\0', + /* "qianalysis.com", true */ 'q', 'i', 'a', 'n', 'a', 'l', 'y', 's', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "qifu.me", true */ 'q', 'i', 'f', 'u', '.', 'm', 'e', '\0', + /* "qifu.org.cn", true */ 'q', 'i', 'f', 'u', '.', 'o', 'r', 'g', '.', 'c', 'n', '\0', + /* "qimiao.io", true */ 'q', 'i', 'm', 'i', 'a', 'o', '.', 'i', 'o', '\0', + /* "qingpat.com", true */ 'q', 'i', 'n', 'g', 'p', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "qingpei.me", false */ 'q', 'i', 'n', 'g', 'p', 'e', 'i', '.', 'm', 'e', '\0', + /* "qionouu.cn", true */ 'q', 'i', 'o', 'n', 'o', 'u', 'u', '.', 'c', 'n', '\0', + /* "qirinus.com", true */ 'q', 'i', 'r', 'i', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "qitarabutrans.com", true */ 'q', 'i', 't', 'a', 'r', 'a', 'b', 'u', 't', 'r', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "qits.de", false */ 'q', 'i', 't', 's', '.', 'd', 'e', '\0', + /* "qivonline.pt", true */ 'q', 'i', 'v', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 't', '\0', + /* "qiwi.be", true */ 'q', 'i', 'w', 'i', '.', 'b', 'e', '\0', + /* "qixi.biz", true */ 'q', 'i', 'x', 'i', '.', 'b', 'i', 'z', '\0', + /* "qkka.org", true */ 'q', 'k', 'k', 'a', '.', 'o', 'r', 'g', '\0', + /* "qkmortgage.com", true */ 'q', 'k', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "qldconservation.org.au", true */ 'q', 'l', 'd', 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "qledtech.com", true */ 'q', 'l', 'e', 'd', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "qlrace.com", false */ 'q', 'l', 'r', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "qm-marzahnnordwest.de", true */ 'q', 'm', '-', 'm', 'a', 'r', 'z', 'a', 'h', 'n', 'n', 'o', 'r', 'd', 'w', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "qochealth.com", true */ 'q', 'o', 'c', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "qoohoot.com", true */ 'q', 'o', 'o', 'h', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "qotw.net", true */ 'q', 'o', 't', 'w', '.', 'n', 'e', 't', '\0', + /* "qq-navi.com", true */ 'q', 'q', '-', 'n', 'a', 'v', 'i', '.', 'c', 'o', 'm', '\0', + /* "qqj.net", true */ 'q', 'q', 'j', '.', 'n', 'e', 't', '\0', + /* "qqvips.com", false */ 'q', 'q', 'v', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "qrcontagion.com", true */ 'q', 'r', 'c', 'o', 'n', 't', 'a', 'g', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "qrpth.eu", true */ 'q', 'r', 'p', 't', 'h', '.', 'e', 'u', '\0', + /* "qtl.me", true */ 'q', 't', 'l', '.', 'm', 'e', '\0', + /* "qto.com", true */ 'q', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "qtpass.org", true */ 'q', 't', 'p', 'a', 's', 's', '.', 'o', 'r', 'g', '\0', + /* "qtpower.co.uk", true */ 'q', 't', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "qtpower.net", true */ 'q', 't', 'p', 'o', 'w', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "qtpower.org", true */ 'q', 't', 'p', 'o', 'w', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "qtvr.com", true */ 'q', 't', 'v', 'r', '.', 'c', 'o', 'm', '\0', + /* "qtxh.net", true */ 'q', 't', 'x', 'h', '.', 'n', 'e', 't', '\0', + /* "quackerswaterproofing.com", true */ 'q', 'u', 'a', 'c', 'k', 'e', 'r', 's', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "quaedam.org", true */ 'q', 'u', 'a', 'e', 'd', 'a', 'm', '.', 'o', 'r', 'g', '\0', + /* "quaggan.co", true */ 'q', 'u', 'a', 'g', 'g', 'a', 'n', '.', 'c', 'o', '\0', + /* "quai10.org", false */ 'q', 'u', 'a', 'i', '1', '0', '.', 'o', 'r', 'g', '\0', + /* "quakelive.dk", false */ 'q', 'u', 'a', 'k', 'e', 'l', 'i', 'v', 'e', '.', 'd', 'k', '\0', + /* "qualite-ecole-et-formation.ch", true */ 'q', 'u', 'a', 'l', 'i', 't', 'e', '-', 'e', 'c', 'o', 'l', 'e', '-', 'e', 't', '-', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "quality-life.gr", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', '-', 'l', 'i', 'f', 'e', '.', 'g', 'r', '\0', + /* "qualityedgarsolutions.com", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'e', 'd', 'g', 'a', 'r', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "qualityhomesystems.com", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'h', 'o', 'm', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "qualityofcourse.com", false */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'o', 'f', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "qualitypropertycare.co.uk", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'c', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "qualtrics.com", true */ 'q', 'u', 'a', 'l', 't', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "quanterra.ch", true */ 'q', 'u', 'a', 'n', 't', 'e', 'r', 'r', 'a', '.', 'c', 'h', '\0', + /* "quantor.dk", true */ 'q', 'u', 'a', 'n', 't', 'o', 'r', '.', 'd', 'k', '\0', + /* "quantoras.com", true */ 'q', 'u', 'a', 'n', 't', 'o', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "quantum-lviv.pp.ua", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', '-', 'l', 'v', 'i', 'v', '.', 'p', 'p', '.', 'u', 'a', '\0', + /* "quantum-mechanics.com", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', '-', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "quantum2.xyz", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', '2', '.', 'x', 'y', 'z', '\0', + /* "quantumfurball.net", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', 'f', 'u', 'r', 'b', 'a', 'l', 'l', '.', 'n', 'e', 't', '\0', + /* "quantumwebs.co", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', 'w', 'e', 'b', 's', '.', 'c', 'o', '\0', + /* "quanyin.eu.org", true */ 'q', 'u', 'a', 'n', 'y', 'i', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "quareal.ru", true */ 'q', 'u', 'a', 'r', 'e', 'a', 'l', '.', 'r', 'u', '\0', + /* "quarryhillrentals.com", true */ 'q', 'u', 'a', 'r', 'r', 'y', 'h', 'i', 'l', 'l', 'r', 'e', 'n', 't', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "quarterfull.com", true */ 'q', 'u', 'a', 'r', 't', 'e', 'r', 'f', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "quasarelectronics.co.uk", true */ 'q', 'u', 'a', 's', 'a', 'r', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "quasseldroid.info", true */ 'q', 'u', 'a', 's', 's', 'e', 'l', 'd', 'r', 'o', 'i', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "quatrefoiscent.fr", true */ 'q', 'u', 'a', 't', 'r', 'e', 'f', 'o', 'i', 's', 'c', 'e', 'n', 't', '.', 'f', 'r', '\0', + /* "qubes-os.org", true */ 'q', 'u', 'b', 'e', 's', '-', 'o', 's', '.', 'o', 'r', 'g', '\0', + /* "qubyte.codes", true */ 'q', 'u', 'b', 'y', 't', 'e', '.', 'c', 'o', 'd', 'e', 's', '\0', + /* "quchao.com", true */ 'q', 'u', 'c', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "queenshaflo.com", true */ 'q', 'u', 'e', 'e', 'n', 's', 'h', 'a', 'f', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "queensrdapartments.com.au", true */ 'q', 'u', 'e', 'e', 'n', 's', 'r', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "queer.party", true */ 'q', 'u', 'e', 'e', 'r', '.', 'p', 'a', 'r', 't', 'y', '\0', + /* "queercinema.ch", true */ 'q', 'u', 'e', 'e', 'r', 'c', 'i', 'n', 'e', 'm', 'a', '.', 'c', 'h', '\0', + /* "queercoders.com", false */ 'q', 'u', 'e', 'e', 'r', 'c', 'o', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "quehacerencusco.com", true */ 'q', 'u', 'e', 'h', 'a', 'c', 'e', 'r', 'e', 'n', 'c', 'u', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "quelleformation.net", true */ 'q', 'u', 'e', 'l', 'l', 'e', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "queminventou.com.br", true */ 'q', 'u', 'e', 'm', 'i', 'n', 'v', 'e', 'n', 't', 'o', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "quemmeliga.com", true */ 'q', 'u', 'e', 'm', 'm', 'e', 'l', 'i', 'g', 'a', '.', 'c', 'o', 'm', '\0', + /* "quentinchevre.ch", true */ 'q', 'u', 'e', 'n', 't', 'i', 'n', 'c', 'h', 'e', 'v', 'r', 'e', '.', 'c', 'h', '\0', + /* "quera.ir", true */ 'q', 'u', 'e', 'r', 'a', '.', 'i', 'r', '\0', + /* "queroreceitasoberana.com.br", true */ 'q', 'u', 'e', 'r', 'o', 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', 'o', 'b', 'e', 'r', 'a', 'n', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "query-massage.com", true */ 'q', 'u', 'e', 'r', 'y', '-', 'm', 'a', 's', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "question.com", true */ 'q', 'u', 'e', 's', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "questionable.host", true */ 'q', 'u', 'e', 's', 't', 'i', 'o', 'n', 'a', 'b', 'l', 'e', '.', 'h', 'o', 's', 't', '\0', + /* "questsocial.it", true */ 'q', 'u', 'e', 's', 't', 's', 'o', 'c', 'i', 'a', 'l', '.', 'i', 't', '\0', + /* "quevisiongrafica.com", true */ 'q', 'u', 'e', 'v', 'i', 's', 'i', 'o', 'n', 'g', 'r', 'a', 'f', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "quic.fr", true */ 'q', 'u', 'i', 'c', '.', 'f', 'r', '\0', + /* "quickboysvrouwen2.nl", true */ 'q', 'u', 'i', 'c', 'k', 'b', 'o', 'y', 's', 'v', 'r', 'o', 'u', 'w', 'e', 'n', '2', '.', 'n', 'l', '\0', + /* "quietapple.org", true */ 'q', 'u', 'i', 'e', 't', 'a', 'p', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "quikchange.net", true */ 'q', 'u', 'i', 'k', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'n', 'e', 't', '\0', + /* "quikpay.com.au", true */ 'q', 'u', 'i', 'k', 'p', 'a', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "quikrmovies.to", true */ 'q', 'u', 'i', 'k', 'r', 'm', 'o', 'v', 'i', 'e', 's', '.', 't', 'o', '\0', + /* "quinnlabs.com", true */ 'q', 'u', 'i', 'n', 'n', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "quinoa24.com", true */ 'q', 'u', 'i', 'n', 'o', 'a', '2', '4', '.', 'c', 'o', 'm', '\0', + /* "quintessa.org", true */ 'q', 'u', 'i', 'n', 't', 'e', 's', 's', 'a', '.', 'o', 'r', 'g', '\0', + /* "quire.io", true */ 'q', 'u', 'i', 'r', 'e', '.', 'i', 'o', '\0', + /* "quizogames.com", true */ 'q', 'u', 'i', 'z', 'o', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "qul.link", true */ 'q', 'u', 'l', '.', 'l', 'i', 'n', 'k', '\0', + /* "quli.nl", false */ 'q', 'u', 'l', 'i', '.', 'n', 'l', '\0', + /* "quocdesign.ch", true */ 'q', 'u', 'o', 'c', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'h', '\0', + /* "quotev.com", true */ 'q', 'u', 'o', 't', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "quppa.net", true */ 'q', 'u', 'p', 'p', 'a', '.', 'n', 'e', 't', '\0', + /* "quuz.org", true */ 'q', 'u', 'u', 'z', '.', 'o', 'r', 'g', '\0', + /* "qvggroup.com", true */ 'q', 'v', 'g', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "qvi.st", true */ 'q', 'v', 'i', '.', 's', 't', '\0', + /* "qvitoo.com", true */ 'q', 'v', 'i', 't', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "qwans.nl", true */ 'q', 'w', 'a', 'n', 's', '.', 'n', 'l', '\0', + /* "qwant.com", true */ 'q', 'w', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "qwant.fr", true */ 'q', 'w', 'a', 'n', 't', '.', 'f', 'r', '\0', + /* "qwaser.fr", true */ 'q', 'w', 'a', 's', 'e', 'r', '.', 'f', 'r', '\0', + /* "qwe7002.com", true */ 'q', 'w', 'e', '7', '0', '0', '2', '.', 'c', 'o', 'm', '\0', + /* "qweepi.de", true */ 'q', 'w', 'e', 'e', 'p', 'i', '.', 'd', 'e', '\0', + /* "qwertee.com", true */ 'q', 'w', 'e', 'r', 't', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "qwerty.work", true */ 'q', 'w', 'e', 'r', 't', 'y', '.', 'w', 'o', 'r', 'k', '\0', + /* "qwikdash.com", true */ 'q', 'w', 'i', 'k', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "qxy.ch", true */ 'q', 'x', 'y', '.', 'c', 'h', '\0', + /* "r-core.org", true */ 'r', '-', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "r-cut.fr", true */ 'r', '-', 'c', 'u', 't', '.', 'f', 'r', '\0', + /* "r-rwebdesign.com", true */ 'r', '-', 'r', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "r0t.co", true */ 'r', '0', 't', '.', 'c', 'o', '\0', + /* "r0uzic.net", true */ 'r', '0', 'u', 'z', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "r2d2pc.com", true */ 'r', '2', 'd', '2', 'p', 'c', '.', 'c', 'o', 'm', '\0', + /* "r3nt3r.com", true */ 'r', '3', 'n', 't', '3', 'r', '.', 'c', 'o', 'm', '\0', + /* "r3s1stanc3.me", true */ 'r', '3', 's', '1', 's', 't', 'a', 'n', 'c', '3', '.', 'm', 'e', '\0', + /* "r40.us", true */ 'r', '4', '0', '.', 'u', 's', '\0', + /* "r6-team.ru", true */ 'r', '6', '-', 't', 'e', 'a', 'm', '.', 'r', 'u', '\0', + /* "r7h.at", true */ 'r', '7', 'h', '.', 'a', 't', '\0', + /* "r811.de", true */ 'r', '8', '1', '1', '.', 'd', 'e', '\0', + /* "ra-micro-koeln.de", true */ 'r', 'a', '-', 'm', 'i', 'c', 'r', 'o', '-', 'k', 'o', 'e', 'l', 'n', '.', 'd', 'e', '\0', + /* "ra.co.ke", true */ 'r', 'a', '.', 'c', 'o', '.', 'k', 'e', '\0', + /* "ra4wvpn.com", true */ 'r', 'a', '4', 'w', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0', + /* "raah.co", true */ 'r', 'a', 'a', 'h', '.', 'c', 'o', '\0', + /* "rabbit.wales", false */ 'r', 'a', 'b', 'b', 'i', 't', '.', 'w', 'a', 'l', 'e', 's', '\0', + /* "rabbitvcactus.eu", true */ 'r', 'a', 'b', 'b', 'i', 't', 'v', 'c', 'a', 'c', 't', 'u', 's', '.', 'e', 'u', '\0', + /* "rabotaescort.com", true */ 'r', 'a', 'b', 'o', 't', 'a', 'e', 's', 'c', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "rabynska.eu", true */ 'r', 'a', 'b', 'y', 'n', 's', 'k', 'a', '.', 'e', 'u', '\0', + /* "racasdecachorro.org", true */ 'r', 'a', 'c', 'a', 's', 'd', 'e', 'c', 'a', 'c', 'h', 'o', 'r', 'r', 'o', '.', 'o', 'r', 'g', '\0', + /* "raccoltarifiuti.com", true */ 'r', 'a', 'c', 'c', 'o', 'l', 't', 'a', 'r', 'i', 'f', 'i', 'u', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "racermaster.xyz", true */ 'r', 'a', 'c', 'e', 'r', 'm', 'a', 's', 't', 'e', 'r', '.', 'x', 'y', 'z', '\0', + /* "raceviewcycles.com", true */ 'r', 'a', 'c', 'e', 'v', 'i', 'e', 'w', 'c', 'y', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "raceviewequestrian.com", true */ 'r', 'a', 'c', 'e', 'v', 'i', 'e', 'w', 'e', 'q', 'u', 'e', 's', 't', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "rachaelrussell.com", true */ 'r', 'a', 'c', 'h', 'a', 'e', 'l', 'r', 'u', 's', 's', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "rachelchen.me", true */ 'r', 'a', 'c', 'h', 'e', 'l', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0', + /* "rachelreagan.com", true */ 'r', 'a', 'c', 'h', 'e', 'l', 'r', 'e', 'a', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "rachelsbouncycastles.co.uk", true */ 'r', 'a', 'c', 'h', 'e', 'l', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rachida-dati.eu", true */ 'r', 'a', 'c', 'h', 'i', 'd', 'a', '-', 'd', 'a', 't', 'i', '.', 'e', 'u', '\0', + /* "racius.com", true */ 'r', 'a', 'c', 'i', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "rackerlab.com", true */ 'r', 'a', 'c', 'k', 'e', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "racktear.com", true */ 'r', 'a', 'c', 'k', 't', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "raconconsulting.co.uk", true */ 'r', 'a', 'c', 'o', 'n', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "racoo.net", true */ 'r', 'a', 'c', 'o', 'o', '.', 'n', 'e', 't', '\0', + /* "racunovodstvo-prina.si", true */ 'r', 'a', 'c', 'u', 'n', 'o', 'v', 'o', 'd', 's', 't', 'v', 'o', '-', 'p', 'r', 'i', 'n', 'a', '.', 's', 'i', '\0', + /* "rad-route.de", true */ 'r', 'a', 'd', '-', 'r', 'o', 'u', 't', 'e', '.', 'd', 'e', '\0', + /* "radar.sx", true */ 'r', 'a', 'd', 'a', 'r', '.', 's', 'x', '\0', + /* "radaravia.ru", true */ 'r', 'a', 'd', 'a', 'r', 'a', 'v', 'i', 'a', '.', 'r', 'u', '\0', + /* "radcube.hu", true */ 'r', 'a', 'd', 'c', 'u', 'b', 'e', '.', 'h', 'u', '\0', + /* "raddavarden.nu", true */ 'r', 'a', 'd', 'd', 'a', 'v', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'u', '\0', + /* "radfieldhomecare.co.uk", true */ 'r', 'a', 'd', 'f', 'i', 'e', 'l', 'd', 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "radfieldhomecarefranchising.co.uk", true */ 'r', 'a', 'd', 'f', 'i', 'e', 'l', 'd', 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 's', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "radical.org", true */ 'r', 'a', 'd', 'i', 'c', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "radicaloptimism.org", true */ 'r', 'a', 'd', 'i', 'c', 'a', 'l', 'o', 'p', 't', 'i', 'm', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0', + /* "radicalsub.com.br", true */ 'r', 'a', 'd', 'i', 'c', 'a', 'l', 's', 'u', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "radins.com", true */ 'r', 'a', 'd', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "radio-utopie.de", true */ 'r', 'a', 'd', 'i', 'o', '-', 'u', 't', 'o', 'p', 'i', 'e', '.', 'd', 'e', '\0', + /* "radio1.ie", true */ 'r', 'a', 'd', 'i', 'o', '1', '.', 'i', 'e', '\0', + /* "radioilusion.es", true */ 'r', 'a', 'd', 'i', 'o', 'i', 'l', 'u', 's', 'i', 'o', 'n', '.', 'e', 's', '\0', + /* "radiom.fr", true */ 'r', 'a', 'd', 'i', 'o', 'm', '.', 'f', 'r', '\0', + /* "radiomodem.dk", true */ 'r', 'a', 'd', 'i', 'o', 'm', 'o', 'd', 'e', 'm', '.', 'd', 'k', '\0', + /* "radiomontebianco.it", true */ 'r', 'a', 'd', 'i', 'o', 'm', 'o', 'n', 't', 'e', 'b', 'i', 'a', 'n', 'c', 'o', '.', 'i', 't', '\0', + /* "radionicabg.com", true */ 'r', 'a', 'd', 'i', 'o', 'n', 'i', 'c', 'a', 'b', 'g', '.', 'c', 'o', 'm', '\0', + /* "radiopolarniki.spb.ru", true */ 'r', 'a', 'd', 'i', 'o', 'p', 'o', 'l', 'a', 'r', 'n', 'i', 'k', 'i', '.', 's', 'p', 'b', '.', 'r', 'u', '\0', + /* "radiormi.com", true */ 'r', 'a', 'd', 'i', 'o', 'r', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "radis-adopt.com", true */ 'r', 'a', 'd', 'i', 's', '-', 'a', 'd', 'o', 'p', 't', '.', 'c', 'o', 'm', '\0', + /* "radondetectionandcontrol.com", true */ 'r', 'a', 'd', 'o', 'n', 'd', 'e', 't', 'e', 'c', 't', 'i', 'o', 'n', 'a', 'n', 'd', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "radreisetraumtreibstoff.de", true */ 'r', 'a', 'd', 'r', 'e', 'i', 's', 'e', 't', 'r', 'a', 'u', 'm', 't', 'r', 'e', 'i', 'b', 's', 't', 'o', 'f', 'f', '.', 'd', 'e', '\0', + /* "radtke.bayern", true */ 'r', 'a', 'd', 't', 'k', 'e', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0', + /* "radyn.com", true */ 'r', 'a', 'd', 'y', 'n', '.', 'c', 'o', 'm', '\0', + /* "raeu.me", true */ 'r', 'a', 'e', 'u', '.', 'm', 'e', '\0', + /* "raeven.nl", true */ 'r', 'a', 'e', 'v', 'e', 'n', '.', 'n', 'l', '\0', + /* "rafaelmagalhaesweb.com", true */ 'r', 'a', 'f', 'a', 'e', 'l', 'm', 'a', 'g', 'a', 'l', 'h', 'a', 'e', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "rafey.xyz", true */ 'r', 'a', 'f', 'e', 'y', '.', 'x', 'y', 'z', '\0', + /* "rafting-japan.com", true */ 'r', 'a', 'f', 't', 'i', 'n', 'g', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "rage-overload.ch", true */ 'r', 'a', 'g', 'e', '-', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', '.', 'c', 'h', '\0', + /* "rage.rip", true */ 'r', 'a', 'g', 'e', '.', 'r', 'i', 'p', '\0', + /* "rage4.com", true */ 'r', 'a', 'g', 'e', '4', '.', 'c', 'o', 'm', '\0', + /* "raghavdua.in", true */ 'r', 'a', 'g', 'h', 'a', 'v', 'd', 'u', 'a', '.', 'i', 'n', '\0', + /* "ragnaroktop.com.br", true */ 'r', 'a', 'g', 'n', 'a', 'r', 'o', 'k', 't', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "rahamasin.eu", true */ 'r', 'a', 'h', 'a', 'm', 'a', 's', 'i', 'n', '.', 'e', 'u', '\0', + /* "raiffeisen-kosovo.com", true */ 'r', 'a', 'i', 'f', 'f', 'e', 'i', 's', 'e', 'n', '-', 'k', 'o', 's', 'o', 'v', 'o', '.', 'c', 'o', 'm', '\0', + /* "railgun.ac", true */ 'r', 'a', 'i', 'l', 'g', 'u', 'n', '.', 'a', 'c', '\0', + /* "railgun.com.cn", true */ 'r', 'a', 'i', 'l', 'g', 'u', 'n', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0', + /* "railjob.cn", true */ 'r', 'a', 'i', 'l', 'j', 'o', 'b', '.', 'c', 'n', '\0', + /* "railyardurgentcare.com", true */ 'r', 'a', 'i', 'l', 'y', 'a', 'r', 'd', 'u', 'r', 'g', 'e', 'n', 't', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "rainbowbay.org", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "rainbowinflatables.co.uk", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rainbowstore.com.au", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "rainbowstore.com.ua", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "rainforest.engineering", true */ 'r', 'a', 'i', 'n', 'f', 'o', 'r', 'e', 's', 't', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0', + /* "rainpaper.com", true */ 'r', 'a', 'i', 'n', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "rainville.me", true */ 'r', 'a', 'i', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'm', 'e', '\0', + /* "rainway.io", true */ 'r', 'a', 'i', 'n', 'w', 'a', 'y', '.', 'i', 'o', '\0', + /* "raiseyourflag.com", true */ 'r', 'a', 'i', 's', 'e', 'y', 'o', 'u', 'r', 'f', 'l', 'a', 'g', '.', 'c', 'o', 'm', '\0', + /* "raissarobles.com", true */ 'r', 'a', 'i', 's', 's', 'a', 'r', 'o', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "raitza.de", true */ 'r', 'a', 'i', 't', 'z', 'a', '.', 'd', 'e', '\0', + /* "rajyogarishikesh.com", true */ 'r', 'a', 'j', 'y', 'o', 'g', 'a', 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "rak-business-service.com", true */ 'r', 'a', 'k', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "rakugokai.net", true */ 'r', 'a', 'k', 'u', 'g', 'o', 'k', 'a', 'i', '.', 'n', 'e', 't', '\0', + /* "ralf-huebscher.de", true */ 'r', 'a', 'l', 'f', '-', 'h', 'u', 'e', 'b', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0', + /* "ralfs-zusizone.de", true */ 'r', 'a', 'l', 'f', 's', '-', 'z', 'u', 's', 'i', 'z', 'o', 'n', 'e', '.', 'd', 'e', '\0', + /* "rally-base.com", true */ 'r', 'a', 'l', 'l', 'y', '-', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "rally-base.cz", true */ 'r', 'a', 'l', 'l', 'y', '-', 'b', 'a', 's', 'e', '.', 'c', 'z', '\0', + /* "rally-base.eu", true */ 'r', 'a', 'l', 'l', 'y', '-', 'b', 'a', 's', 'e', '.', 'e', 'u', '\0', + /* "rally-results.eu", true */ 'r', 'a', 'l', 'l', 'y', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'e', 'u', '\0', + /* "rally-vysledky.cz", true */ 'r', 'a', 'l', 'l', 'y', '-', 'v', 'y', 's', 'l', 'e', 'd', 'k', 'y', '.', 'c', 'z', '\0', + /* "rallybase.cz", true */ 'r', 'a', 'l', 'l', 'y', 'b', 'a', 's', 'e', '.', 'c', 'z', '\0', + /* "rallybase.eu", true */ 'r', 'a', 'l', 'l', 'y', 'b', 'a', 's', 'e', '.', 'e', 'u', '\0', + /* "rallycycling.com", true */ 'r', 'a', 'l', 'l', 'y', 'c', 'y', 'c', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "ralph.bike", true */ 'r', 'a', 'l', 'p', 'h', '.', 'b', 'i', 'k', 'e', '\0', + /* "ralphwoessner.com", true */ 'r', 'a', 'l', 'p', 'h', 'w', 'o', 'e', 's', 's', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ram-it.nl", true */ 'r', 'a', 'm', '-', 'i', 't', '.', 'n', 'l', '\0', + /* "ram.nl", true */ 'r', 'a', 'm', '.', 'n', 'l', '\0', + /* "ramatola.uk", true */ 'r', 'a', 'm', 'a', 't', 'o', 'l', 'a', '.', 'u', 'k', '\0', + /* "rambii.de", true */ 'r', 'a', 'm', 'b', 'i', 'i', '.', 'd', 'e', '\0', + /* "ramblingrf.tech", true */ 'r', 'a', 'm', 'b', 'l', 'i', 'n', 'g', 'r', 'f', '.', 't', 'e', 'c', 'h', '\0', + /* "rametrix.com", true */ 'r', 'a', 'm', 'e', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "ramov.com", true */ 'r', 'a', 'm', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "ramrecha.com", true */ 'r', 'a', 'm', 'r', 'e', 'c', 'h', 'a', '.', 'c', 'o', 'm', '\0', + /* "ramsor-gaming.de", true */ 'r', 'a', 'm', 's', 'o', 'r', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "randc.org", true */ 'r', 'a', 'n', 'd', 'c', '.', 'o', 'r', 'g', '\0', + /* "random-samplings.org", true */ 'r', 'a', 'n', 'd', 'o', 'm', '-', 's', 'a', 'm', 'p', 'l', 'i', 'n', 'g', 's', '.', 'o', 'r', 'g', '\0', + /* "randomadversary.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'a', 'd', 'v', 'e', 'r', 's', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "randombit.eu", false */ 'r', 'a', 'n', 'd', 'o', 'm', 'b', 'i', 't', '.', 'e', 'u', '\0', + /* "randomdysfunctions.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'd', 'y', 's', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "randomkoalafacts.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'k', 'o', 'a', 'l', 'a', 'f', 'a', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "randomprecision.co.uk", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'p', 'r', 'e', 'c', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "randomquotesapp.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'q', 'u', 'o', 't', 'e', 's', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "randy.su", true */ 'r', 'a', 'n', 'd', 'y', '.', 's', 'u', '\0', + /* "rangde.org", true */ 'r', 'a', 'n', 'g', 'd', 'e', '.', 'o', 'r', 'g', '\0', + /* "ranking-deli.jp", true */ 'r', 'a', 'n', 'k', 'i', 'n', 'g', '-', 'd', 'e', 'l', 'i', '.', 'j', 'p', '\0', + /* "ranson.com.au", true */ 'r', 'a', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "rantanda.com", true */ 'r', 'a', 'n', 't', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "ranyeh.com", true */ 'r', 'a', 'n', 'y', 'e', 'h', '.', 'c', 'o', 'm', '\0', + /* "ranzbak.nl", true */ 'r', 'a', 'n', 'z', 'b', 'a', 'k', '.', 'n', 'l', '\0', + /* "rapenroer.com", true */ 'r', 'a', 'p', 'e', 'n', 'r', 'o', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "rapenroer.nl", true */ 'r', 'a', 'p', 'e', 'n', 'r', 'o', 'e', 'r', '.', 'n', 'l', '\0', + /* "raphael.li", true */ 'r', 'a', 'p', 'h', 'a', 'e', 'l', '.', 'l', 'i', '\0', + /* "raphaelcasazza.ch", true */ 'r', 'a', 'p', 'h', 'a', 'e', 'l', 'c', 'a', 's', 'a', 'z', 'z', 'a', '.', 'c', 'h', '\0', + /* "rapidapp.io", true */ 'r', 'a', 'p', 'i', 'd', 'a', 'p', 'p', '.', 'i', 'o', '\0', + /* "rapido.nu", true */ 'r', 'a', 'p', 'i', 'd', 'o', '.', 'n', 'u', '\0', + /* "rapidshit.net", true */ 'r', 'a', 'p', 'i', 'd', 's', 'h', 'i', 't', '.', 'n', 'e', 't', '\0', + /* "rapidstone.com", true */ 'r', 'a', 'p', 'i', 'd', 's', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "raraflora.com.au", true */ 'r', 'a', 'r', 'a', 'f', 'l', 'o', 'r', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "rareative.com", true */ 'r', 'a', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "raryosu.info", true */ 'r', 'a', 'r', 'y', 'o', 's', 'u', '.', 'i', 'n', 'f', 'o', '\0', + /* "rasagiline.com", true */ 'r', 'a', 's', 'a', 'g', 'i', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "rascals-castles.co.uk", true */ 'r', 'a', 's', 'c', 'a', 'l', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rascalscastles.co.uk", true */ 'r', 'a', 's', 'c', 'a', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rascalscastlesdoncaster.co.uk", true */ 'r', 'a', 's', 'c', 'a', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', 'd', 'o', 'n', 'c', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rasebo.ro", true */ 'r', 'a', 's', 'e', 'b', 'o', '.', 'r', 'o', '\0', + /* "raspass.me", true */ 'r', 'a', 's', 'p', 'a', 's', 's', '.', 'm', 'e', '\0', + /* "raspberry.us", true */ 'r', 'a', 's', 'p', 'b', 'e', 'r', 'r', 'y', '.', 'u', 's', '\0', + /* "raspberryultradrops.com", true */ 'r', 'a', 's', 'p', 'b', 'e', 'r', 'r', 'y', 'u', 'l', 't', 'r', 'a', 'd', 'r', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "rastreie.net", true */ 'r', 'a', 's', 't', 'r', 'e', 'i', 'e', '.', 'n', 'e', 't', '\0', + /* "rasty.cz", true */ 'r', 'a', 's', 't', 'y', '.', 'c', 'z', '\0', + /* "ratd.net", true */ 'r', 'a', 't', 'd', '.', 'n', 'e', 't', '\0', + /* "ratebridge.com", true */ 'r', 'a', 't', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "rathbonesonline.com", true */ 'r', 'a', 't', 'h', 'b', 'o', 'n', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "rathgeb.org", true */ 'r', 'a', 't', 'h', 'g', 'e', 'b', '.', 'o', 'r', 'g', '\0', + /* "rathorian.fr", true */ 'r', 'a', 't', 'h', 'o', 'r', 'i', 'a', 'n', '.', 'f', 'r', '\0', + /* "rationalcreation.com", true */ 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "rationalism.com", true */ 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "rationalops.com", true */ 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "rattenkot.io", true */ 'r', 'a', 't', 't', 'e', 'n', 'k', 'o', 't', '.', 'i', 'o', '\0', + /* "raulrivero.es", true */ 'r', 'a', 'u', 'l', 'r', 'i', 'v', 'e', 'r', 'o', '.', 'e', 's', '\0', + /* "raumzeitlabor.de", false */ 'r', 'a', 'u', 'm', 'z', 'e', 'i', 't', 'l', 'a', 'b', 'o', 'r', '.', 'd', 'e', '\0', + /* "rauros.net", true */ 'r', 'a', 'u', 'r', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "rautermods.net", true */ 'r', 'a', 'u', 't', 'e', 'r', 'm', 'o', 'd', 's', '.', 'n', 'e', 't', '\0', + /* "ravchat.com", true */ 'r', 'a', 'v', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "raven.dog", true */ 'r', 'a', 'v', 'e', 'n', '.', 'd', 'o', 'g', '\0', + /* "ravenger.net", true */ 'r', 'a', 'v', 'e', 'n', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "ravensbuch.de", true */ 'r', 'a', 'v', 'e', 'n', 's', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0', + /* "ravhaaglanden.org", true */ 'r', 'a', 'v', 'h', 'a', 'a', 'g', 'l', 'a', 'n', 'd', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "ravindran.me", true */ 'r', 'a', 'v', 'i', 'n', 'd', 'r', 'a', 'n', '.', 'm', 'e', '\0', + /* "ravis.org", true */ 'r', 'a', 'v', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "rawsec.net", true */ 'r', 'a', 'w', 's', 'e', 'c', '.', 'n', 'e', 't', '\0', + /* "raxion.cf", true */ 'r', 'a', 'x', 'i', 'o', 'n', '.', 'c', 'f', '\0', + /* "raxion.tk", true */ 'r', 'a', 'x', 'i', 'o', 'n', '.', 't', 'k', '\0', + /* "ray-home.de", true */ 'r', 'a', 'y', '-', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0', + /* "ray-works.de", true */ 'r', 'a', 'y', '-', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0', + /* "rayiris.com", true */ 'r', 'a', 'y', 'i', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "raykitchenware.com", true */ 'r', 'a', 'y', 'k', 'i', 't', 'c', 'h', 'e', 'n', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "raymcbride.com", true */ 'r', 'a', 'y', 'm', 'c', 'b', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "raymd.de", true */ 'r', 'a', 'y', 'm', 'd', '.', 'd', 'e', '\0', + /* "raymii.org", true */ 'r', 'a', 'y', 'm', 'i', 'i', '.', 'o', 'r', 'g', '\0', + /* "raymondelooff.nl", true */ 'r', 'a', 'y', 'm', 'o', 'n', 'd', 'e', 'l', 'o', 'o', 'f', 'f', '.', 'n', 'l', '\0', + /* "rayworks.de", true */ 'r', 'a', 'y', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0', + /* "razberry.kr", true */ 'r', 'a', 'z', 'b', 'e', 'r', 'r', 'y', '.', 'k', 'r', '\0', + /* "rb-china.net", true */ 'r', 'b', '-', 'c', 'h', 'i', 'n', 'a', '.', 'n', 'e', 't', '\0', + /* "rbensch.com", true */ 'r', 'b', 'e', 'n', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "rbflote.lv", true */ 'r', 'b', 'f', 'l', 'o', 't', 'e', '.', 'l', 'v', '\0', + /* "rbltracker.com", true */ 'r', 'b', 'l', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "rbmafrica.co.za", true */ 'r', 'b', 'm', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "rbnet.xyz", true */ 'r', 'b', 'n', 'e', 't', '.', 'x', 'y', 'z', '\0', + /* "rbran.com", true */ 'r', 'b', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "rbtvshitstorm.is", true */ 'r', 'b', 't', 'v', 's', 'h', 'i', 't', 's', 't', 'o', 'r', 'm', '.', 'i', 's', '\0', + /* "rburchell.com", true */ 'r', 'b', 'u', 'r', 'c', 'h', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "rbxcatalog.com", true */ 'r', 'b', 'x', 'c', 'a', 't', 'a', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "rc-offi.net", true */ 'r', 'c', '-', 'o', 'f', 'f', 'i', '.', 'n', 'e', 't', '\0', + /* "rc-shop.ch", true */ 'r', 'c', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0', + /* "rc7.ch", true */ 'r', 'c', '7', '.', 'c', 'h', '\0', + /* "rca.fr", true */ 'r', 'c', 'a', '.', 'f', 'r', '\0', + /* "rcdocuments.com", true */ 'r', 'c', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "rchrdsn.uk", true */ 'r', 'c', 'h', 'r', 'd', 's', 'n', '.', 'u', 'k', '\0', + /* "rclsm.net", true */ 'r', 'c', 'l', 's', 'm', '.', 'n', 'e', 't', '\0', + /* "rcmlinx.com", true */ 'r', 'c', 'm', 'l', 'i', 'n', 'x', '.', 'c', 'o', 'm', '\0', + /* "rcmurphy.com", true */ 'r', 'c', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "rcnitrotalk.com", true */ 'r', 'c', 'n', 'i', 't', 'r', 'o', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0', + /* "rcraigmurphy.com", true */ 'r', 'c', 'r', 'a', 'i', 'g', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "rcx.io", true */ 'r', 'c', 'x', '.', 'i', 'o', '\0', + /* "rdh.asia", true */ 'r', 'd', 'h', '.', 'a', 's', 'i', 'a', '\0', + /* "rdl.at", false */ 'r', 'd', 'l', '.', 'a', 't', '\0', + /* "rdns.cc", true */ 'r', 'd', 'n', 's', '.', 'c', 'c', '\0', + /* "re-curi.com", true */ 'r', 'e', '-', 'c', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "re-wilding.com", true */ 'r', 'e', '-', 'w', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "reachrss.com", true */ 'r', 'e', 'a', 'c', 'h', 'r', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "reaconverter.com", true */ 'r', 'e', 'a', 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "react-db.com", true */ 'r', 'e', 'a', 'c', 't', '-', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "reactivarte.es", true */ 'r', 'e', 'a', 'c', 't', 'i', 'v', 'a', 'r', 't', 'e', '.', 'e', 's', '\0', + /* "read.sc", true */ 'r', 'e', 'a', 'd', '.', 's', 'c', '\0', + /* "reades.co.uk", true */ 'r', 'e', 'a', 'd', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "readheadcopywriting.com", true */ 'r', 'e', 'a', 'd', 'h', 'e', 'a', 'd', 'c', 'o', 'p', 'y', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "readingandmath.org", true */ 'r', 'e', 'a', 'd', 'i', 'n', 'g', 'a', 'n', 'd', 'm', 'a', 't', 'h', '.', 'o', 'r', 'g', '\0', + /* "readism.io", true */ 'r', 'e', 'a', 'd', 'i', 's', 'm', '.', 'i', 'o', '\0', + /* "readonly.de", true */ 'r', 'e', 'a', 'd', 'o', 'n', 'l', 'y', '.', 'd', 'e', '\0', + /* "readouble.com", false */ 'r', 'e', 'a', 'd', 'o', 'u', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "readtldr.com", true */ 'r', 'e', 'a', 'd', 't', 'l', 'd', 'r', '.', 'c', 'o', 'm', '\0', + /* "readysell.net", true */ 'r', 'e', 'a', 'd', 'y', 's', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0', + /* "readytongue.com", true */ 'r', 'e', 'a', 'd', 'y', 't', 'o', 'n', 'g', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "readytowear.es", true */ 'r', 'e', 'a', 'd', 'y', 't', 'o', 'w', 'e', 'a', 'r', '.', 'e', 's', '\0', + /* "reaganlibrary.gov", true */ 'r', 'e', 'a', 'g', 'a', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0', + /* "real-bits.com", true */ 'r', 'e', 'a', 'l', '-', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "real-digital.co.uk", true */ 'r', 'e', 'a', 'l', '-', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "real-it.nl", true */ 'r', 'e', 'a', 'l', '-', 'i', 't', '.', 'n', 'l', '\0', + /* "realcapoeira.ru", true */ 'r', 'e', 'a', 'l', 'c', 'a', 'p', 'o', 'e', 'i', 'r', 'a', '.', 'r', 'u', '\0', + /* "realestateonehowell.com", true */ 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'o', 'n', 'e', 'h', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "realestateradioshow.com", true */ 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'r', 'a', 'd', 'i', 'o', 's', 'h', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "realfamilyincest.com", true */ 'r', 'e', 'a', 'l', 'f', 'a', 'm', 'i', 'l', 'y', 'i', 'n', 'c', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "realgarant-shop.de", false */ 'r', 'e', 'a', 'l', 'g', 'a', 'r', 'a', 'n', 't', '-', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0', + /* "realhorsegirls.net", true */ 'r', 'e', 'a', 'l', 'h', 'o', 'r', 's', 'e', 'g', 'i', 'r', 'l', 's', '.', 'n', 'e', 't', '\0', + /* "realhost.name", true */ 'r', 'e', 'a', 'l', 'h', 'o', 's', 't', '.', 'n', 'a', 'm', 'e', '\0', + /* "realitea.co.uk", true */ 'r', 'e', 'a', 'l', 'i', 't', 'e', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "reality.news", true */ 'r', 'e', 'a', 'l', 'i', 't', 'y', '.', 'n', 'e', 'w', 's', '\0', + /* "reality0ne.com", false */ 'r', 'e', 'a', 'l', 'i', 't', 'y', '0', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "realitycrazy.com", true */ 'r', 'e', 'a', 'l', 'i', 't', 'y', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0', + /* "reallifeforums.com", true */ 'r', 'e', 'a', 'l', 'l', 'i', 'f', 'e', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "realloc.me", true */ 'r', 'e', 'a', 'l', 'l', 'o', 'c', '.', 'm', 'e', '\0', + /* "really-simple-ssl.com", true */ 'r', 'e', 'a', 'l', 'l', 'y', '-', 's', 'i', 'm', 'p', 'l', 'e', '-', 's', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "really.ai", true */ 'r', 'e', 'a', 'l', 'l', 'y', '.', 'a', 'i', '\0', + /* "really.io", true */ 'r', 'e', 'a', 'l', 'l', 'y', '.', 'i', 'o', '\0', + /* "reallyreally.io", true */ 'r', 'e', 'a', 'l', 'l', 'y', 'r', 'e', 'a', 'l', 'l', 'y', '.', 'i', 'o', '\0', + /* "realmofespionage.xyz", true */ 'r', 'e', 'a', 'l', 'm', 'o', 'f', 'e', 's', 'p', 'i', 'o', 'n', 'a', 'g', 'e', '.', 'x', 'y', 'z', '\0', + /* "realnewhomes.com", true */ 'r', 'e', 'a', 'l', 'n', 'e', 'w', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "realum.com", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "realum.de", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'd', 'e', '\0', + /* "realum.eu", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'e', 'u', '\0', + /* "realum.net", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "realwaycome.com", true */ 'r', 'e', 'a', 'l', 'w', 'a', 'y', 'c', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "realwildart.com", true */ 'r', 'e', 'a', 'l', 'w', 'i', 'l', 'd', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "realworldholidays.co.uk", true */ 'r', 'e', 'a', 'l', 'w', 'o', 'r', 'l', 'd', 'h', 'o', 'l', 'i', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "reancos.report", true */ 'r', 'e', 'a', 'n', 'c', 'o', 's', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0', + /* "reanimated.eu", true */ 'r', 'e', 'a', 'n', 'i', 'm', 'a', 't', 'e', 'd', '.', 'e', 'u', '\0', + /* "reath.me", true */ 'r', 'e', 'a', 't', 'h', '.', 'm', 'e', '\0', + /* "reaven.nl", true */ 'r', 'e', 'a', 'v', 'e', 'n', '.', 'n', 'l', '\0', + /* "rebane2001.com", true */ 'r', 'e', 'b', 'a', 'n', 'e', '2', '0', '0', '1', '.', 'c', 'o', 'm', '\0', + /* "rebelessex.com", true */ 'r', 'e', 'b', 'e', 'l', 'e', 's', 's', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "rebelz.se", true */ 'r', 'e', 'b', 'e', 'l', 'z', '.', 's', 'e', '\0', + /* "rebirthia.me", true */ 'r', 'e', 'b', 'i', 'r', 't', 'h', 'i', 'a', '.', 'm', 'e', '\0', + /* "reboxetine.com", true */ 'r', 'e', 'b', 'o', 'x', 'e', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "reboxonline.com", true */ 'r', 'e', 'b', 'o', 'x', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "recantoshop.com", true */ 'r', 'e', 'c', 'a', 'n', 't', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "recantoshop.com.br", true */ 'r', 'e', 'c', 'a', 'n', 't', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "recapp.ch", true */ 'r', 'e', 'c', 'a', 'p', 'p', '.', 'c', 'h', '\0', + /* "receitas-de-bolos.pt", true */ 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', '-', 'd', 'e', '-', 'b', 'o', 'l', 'o', 's', '.', 'p', 't', '\0', + /* "receitasdebacalhau.pt", true */ 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', 'd', 'e', 'b', 'a', 'c', 'a', 'l', 'h', 'a', 'u', '.', 'p', 't', '\0', + /* "receptionsbook.com", true */ 'r', 'e', 'c', 'e', 'p', 't', 'i', 'o', 'n', 's', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "recepty.eu", false */ 'r', 'e', 'c', 'e', 'p', 't', 'y', '.', 'e', 'u', '\0', + /* "recetasdecocinaideal.com", true */ 'r', 'e', 'c', 'e', 't', 'a', 's', 'd', 'e', 'c', 'o', 'c', 'i', 'n', 'a', 'i', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "recetasfacilesdehacer.com", true */ 'r', 'e', 'c', 'e', 't', 'a', 's', 'f', 'a', 'c', 'i', 'l', 'e', 's', 'd', 'e', 'h', 'a', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "rechat.com", true */ 'r', 'e', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "rechenknaecht.de", true */ 'r', 'e', 'c', 'h', 'e', 'n', 'k', 'n', 'a', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "rechenwerk.net", true */ 'r', 'e', 'c', 'h', 'e', 'n', 'w', 'e', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "recht-freundlich.de", true */ 'r', 'e', 'c', 'h', 't', '-', 'f', 'r', 'e', 'u', 'n', 'd', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "rechtenliteratuurleiden.nl", true */ 'r', 'e', 'c', 'h', 't', 'e', 'n', 'l', 'i', 't', 'e', 'r', 'a', 't', 'u', 'u', 'r', 'l', 'e', 'i', 'd', 'e', 'n', '.', 'n', 'l', '\0', + /* "rechtsanwaeltin-vollmer.de", true */ 'r', 'e', 'c', 'h', 't', 's', 'a', 'n', 'w', 'a', 'e', 'l', 't', 'i', 'n', '-', 'v', 'o', 'l', 'l', 'm', 'e', 'r', '.', 'd', 'e', '\0', + /* "rechtsanwalt-koeppen-feucht.de", true */ 'r', 'e', 'c', 'h', 't', 's', 'a', 'n', 'w', 'a', 'l', 't', '-', 'k', 'o', 'e', 'p', 'p', 'e', 'n', '-', 'f', 'e', 'u', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "rechtschreibpruefung24.de", true */ 'r', 'e', 'c', 'h', 't', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'p', 'r', 'u', 'e', 'f', 'u', 'n', 'g', '2', '4', '.', 'd', 'e', '\0', + /* "reclamebureau-ultrax.nl", true */ 'r', 'e', 'c', 'l', 'a', 'm', 'e', 'b', 'u', 'r', 'e', 'a', 'u', '-', 'u', 'l', 't', 'r', 'a', 'x', '.', 'n', 'l', '\0', + /* "reclametoolz.nl", true */ 'r', 'e', 'c', 'l', 'a', 'm', 'e', 't', 'o', 'o', 'l', 'z', '.', 'n', 'l', '\0', + /* "reclusiam.net", true */ 'r', 'e', 'c', 'l', 'u', 's', 'i', 'a', 'm', '.', 'n', 'e', 't', '\0', + /* "recmon.hu", true */ 'r', 'e', 'c', 'm', 'o', 'n', '.', 'h', 'u', '\0', + /* "reco-studio.de", true */ 'r', 'e', 'c', 'o', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'd', 'e', '\0', + /* "recolic.net", true */ 'r', 'e', 'c', 'o', 'l', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "recommended.reviews", true */ 'r', 'e', 'c', 'o', 'm', 'm', 'e', 'n', 'd', 'e', 'd', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0', + /* "recompiled.org", true */ 'r', 'e', 'c', 'o', 'm', 'p', 'i', 'l', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "recon-networks.com", true */ 'r', 'e', 'c', 'o', 'n', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "recordeuropa.com", false */ 'r', 'e', 'c', 'o', 'r', 'd', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "recoveringspirit.com", true */ 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'i', 'n', 'g', 's', 'p', 'i', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "recreation.gov", true */ 'r', 'e', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0', + /* "recreoviral.com", true */ 'r', 'e', 'c', 'r', 'e', 'o', 'v', 'i', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "recruitmade.jp", true */ 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'a', 'd', 'e', '.', 'j', 'p', '\0', + /* "recruitsecuritytraining.co.uk", true */ 'r', 'e', 'c', 'r', 'u', 'i', 't', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "recruitsecuritytraining.com", true */ 'r', 'e', 'c', 'r', 'u', 'i', 't', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "rectoraudiparts.com", true */ 'r', 'e', 'c', 't', 'o', 'r', 'a', 'u', 'd', 'i', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "recuerdafilms.com", true */ 'r', 'e', 'c', 'u', 'e', 'r', 'd', 'a', 'f', 'i', 'l', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "recurly.com", true */ 'r', 'e', 'c', 'u', 'r', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "recyclingpromotions.us", true */ 'r', 'e', 'c', 'y', 'c', 'l', 'i', 'n', 'g', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'u', 's', '\0', + /* "red-t-shirt.ru", true */ 'r', 'e', 'd', '-', 't', '-', 's', 'h', 'i', 'r', 't', '.', 'r', 'u', '\0', + /* "redable.hosting", true */ 'r', 'e', 'd', 'a', 'b', 'l', 'e', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0', + /* "redb.cz", true */ 'r', 'e', 'd', 'b', '.', 'c', 'z', '\0', + /* "redballoonsecurity.com", true */ 'r', 'e', 'd', 'b', 'a', 'l', 'l', 'o', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "redburn.com", true */ 'r', 'e', 'd', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "redcomet.org", true */ 'r', 'e', 'd', 'c', 'o', 'm', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "redcone.net", true */ 'r', 'e', 'd', 'c', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "redcorus.com", true */ 'r', 'e', 'd', 'c', 'o', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "redd.it", true */ 'r', 'e', 'd', 'd', '.', 'i', 't', '\0', + /* "reddingo.at", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'a', 't', '\0', + /* "reddingo.be", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'b', 'e', '\0', + /* "reddingo.ch", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'c', 'h', '\0', + /* "reddingo.com", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "reddingo.com.au", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "reddingo.de", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'd', 'e', '\0', + /* "reddingo.es", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'e', 's', '\0', + /* "reddingo.eu", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'e', 'u', '\0', + /* "reddingo.fr", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'f', 'r', '\0', + /* "reddingo.it", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'i', 't', '\0', + /* "reddingo.jp", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'j', 'p', '\0', + /* "reddingo.nl", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'n', 'l', '\0', + /* "reddingo.nz", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'n', 'z', '\0', + /* "reddingsbrigade-zwolle.nl", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 's', 'b', 'r', 'i', 'g', 'a', 'd', 'e', '-', 'z', 'w', 'o', 'l', 'l', 'e', '.', 'n', 'l', '\0', + /* "reddit2kindle.com", true */ 'r', 'e', 'd', 'd', 'i', 't', '2', 'k', 'i', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "reddraggone9.com", true */ 'r', 'e', 'd', 'd', 'r', 'a', 'g', 'g', 'o', 'n', 'e', '9', '.', 'c', 'o', 'm', '\0', + /* "rede-reim.de", true */ 'r', 'e', 'd', 'e', '-', 'r', 'e', 'i', 'm', '.', 'd', 'e', '\0', + /* "redeemingbeautyminerals.com", true */ 'r', 'e', 'd', 'e', 'e', 'm', 'i', 'n', 'g', 'b', 'e', 'a', 'u', 't', 'y', 'm', 'i', 'n', 'e', 'r', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "redessantaluzia.com.br", true */ 'r', 'e', 'd', 'e', 's', 's', 'a', 'n', 't', 'a', 'l', 'u', 'z', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "redgatesoftware.co.uk", true */ 'r', 'e', 'd', 'g', 'a', 't', 'e', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "redheeler.com.br", true */ 'r', 'e', 'd', 'h', 'e', 'e', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "redigest.it", true */ 'r', 'e', 'd', 'i', 'g', 'e', 's', 't', '.', 'i', 't', '\0', + /* "redir.me", true */ 'r', 'e', 'd', 'i', 'r', '.', 'm', 'e', '\0', + /* "redirect.fedoraproject.org", true */ 'r', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "redirect.stg.fedoraproject.org", true */ 'r', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "rediske.me", true */ 'r', 'e', 'd', 'i', 's', 'k', 'e', '.', 'm', 'e', '\0', + /* "redit.com", true */ 'r', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "redivis.com", true */ 'r', 'e', 'd', 'i', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "redizoo.com", true */ 'r', 'e', 'd', 'i', 'z', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "redletter.link", true */ 'r', 'e', 'd', 'l', 'e', 't', 't', 'e', 'r', '.', 'l', 'i', 'n', 'k', '\0', + /* "redlink.de", true */ 'r', 'e', 'd', 'l', 'i', 'n', 'k', '.', 'd', 'e', '\0', + /* "redneragenturen.org", true */ 'r', 'e', 'd', 'n', 'e', 'r', 'a', 'g', 'e', 'n', 't', 'u', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "rednoseday.com", true */ 'r', 'e', 'd', 'n', 'o', 's', 'e', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "rednsx.org", true */ 'r', 'e', 'd', 'n', 's', 'x', '.', 'o', 'r', 'g', '\0', + /* "redperegrine.com", true */ 'r', 'e', 'd', 'p', 'e', 'r', 'e', 'g', 'r', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "redprice.by", true */ 'r', 'e', 'd', 'p', 'r', 'i', 'c', 'e', '.', 'b', 'y', '\0', + /* "redshield.co", true */ 'r', 'e', 'd', 's', 'h', 'i', 'e', 'l', 'd', '.', 'c', 'o', '\0', + /* "redshiftcybersecurity.co.za", true */ 'r', 'e', 'd', 's', 'h', 'i', 'f', 't', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "redshiftlabs.com.au", true */ 'r', 'e', 'd', 's', 'h', 'i', 'f', 't', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "redshoeswalking.net", true */ 'r', 'e', 'd', 's', 'h', 'o', 'e', 's', 'w', 'a', 'l', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "redsicom.com", true */ 'r', 'e', 'd', 's', 'i', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "redstoner.com", true */ 'r', 'e', 'd', 's', 't', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "redteam-pentesting.de", true */ 'r', 'e', 'd', 't', 'e', 'a', 'm', '-', 'p', 'e', 'n', 't', 'e', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "reducerin.ro", true */ 'r', 'e', 'd', 'u', 'c', 'e', 'r', 'i', 'n', '.', 'r', 'o', '\0', + /* "redwoodpaddle.es", true */ 'r', 'e', 'd', 'w', 'o', 'o', 'd', 'p', 'a', 'd', 'd', 'l', 'e', '.', 'e', 's', '\0', + /* "redwoodpaddle.pt", true */ 'r', 'e', 'd', 'w', 'o', 'o', 'd', 'p', 'a', 'd', 'd', 'l', 'e', '.', 'p', 't', '\0', + /* "redzurl.com", true */ 'r', 'e', 'd', 'z', 'u', 'r', 'l', '.', 'c', 'o', 'm', '\0', + /* "reed-sensor.com", true */ 'r', 'e', 'e', 'd', '-', 's', 'e', 'n', 's', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "reedloden.com", true */ 'r', 'e', 'e', 'd', 'l', 'o', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "reepay.com", true */ 'r', 'e', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "reeson.at", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'a', 't', '\0', + /* "reeson.de", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'd', 'e', '\0', + /* "reeson.info", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "reeson.org", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "reevoo.com", true */ 'r', 'e', 'e', 'v', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "reezer.org", true */ 'r', 'e', 'e', 'z', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "ref1oct.nl", true */ 'r', 'e', 'f', '1', 'o', 'c', 't', '.', 'n', 'l', '\0', + /* "refactor.zone", true */ 'r', 'e', 'f', 'a', 'c', 't', 'o', 'r', '.', 'z', 'o', 'n', 'e', '\0', + /* "refficience.com", true */ 'r', 'e', 'f', 'f', 'i', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "refill-roboter.de", true */ 'r', 'e', 'f', 'i', 'l', 'l', '-', 'r', 'o', 'b', 'o', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "reflexions.co", true */ 'r', 'e', 'f', 'l', 'e', 'x', 'i', 'o', 'n', 's', '.', 'c', 'o', '\0', + /* "refood-cascaiscpr.eu", true */ 'r', 'e', 'f', 'o', 'o', 'd', '-', 'c', 'a', 's', 'c', 'a', 'i', 's', 'c', 'p', 'r', '.', 'e', 'u', '\0', + /* "reforesttheplanet.com", true */ 'r', 'e', 'f', 'o', 'r', 'e', 's', 't', 't', 'h', 'e', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "refreshingserum.com", true */ 'r', 'e', 'f', 'r', 'e', 's', 'h', 'i', 'n', 'g', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "refreshliving.us", true */ 'r', 'e', 'f', 'r', 'e', 's', 'h', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'u', 's', '\0', + /* "refundo.cz", true */ 'r', 'e', 'f', 'u', 'n', 'd', 'o', '.', 'c', 'z', '\0', + /* "refundo.sk", true */ 'r', 'e', 'f', 'u', 'n', 'd', 'o', '.', 's', 'k', '\0', + /* "regain.us", true */ 'r', 'e', 'g', 'a', 'i', 'n', '.', 'u', 's', '\0', + /* "regalcapitalwi.com", true */ 'r', 'e', 'g', 'a', 'l', 'c', 'a', 'p', 'i', 't', 'a', 'l', 'w', 'i', '.', 'c', 'o', 'm', '\0', + /* "regalosymuestrasgratis.com", true */ 'r', 'e', 'g', 'a', 'l', 'o', 's', 'y', 'm', 'u', 'e', 's', 't', 'r', 'a', 's', 'g', 'r', 'a', 't', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "regalpaintingfdl.com", true */ 'r', 'e', 'g', 'a', 'l', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 'f', 'd', 'l', '.', 'c', 'o', 'm', '\0', + /* "reganclassics.co.uk", true */ 'r', 'e', 'g', 'a', 'n', 'c', 'l', 'a', 's', 's', 'i', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "reganclassics.com", true */ 'r', 'e', 'g', 'a', 'n', 'c', 'l', 'a', 's', 's', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "reganparty.com", true */ 'r', 'e', 'g', 'a', 'n', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "regar42.fr", false */ 'r', 'e', 'g', 'a', 'r', '4', '2', '.', 'f', 'r', '\0', + /* "regily.com", true */ 'r', 'e', 'g', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "regime-maigrir-vite.com", true */ 'r', 'e', 'g', 'i', 'm', 'e', '-', 'm', 'a', 'i', 'g', 'r', 'i', 'r', '-', 'v', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "regiobeveland.nl", true */ 'r', 'e', 'g', 'i', 'o', 'b', 'e', 'v', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "regionalbasementandcrawlspacerepair.com", true */ 'r', 'e', 'g', 'i', 'o', 'n', 'a', 'l', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'a', 'n', 'd', 'c', 'r', 'a', 'w', 'l', 's', 'p', 'a', 'c', 'e', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "regionalcoalition.org", true */ 'r', 'e', 'g', 'i', 'o', 'n', 'a', 'l', 'c', 'o', 'a', 'l', 'i', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "regiosalland.nl", true */ 'r', 'e', 'g', 'i', 'o', 's', 'a', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "regiovertrieb.de", false */ 'r', 'e', 'g', 'i', 'o', 'v', 'e', 'r', 't', 'r', 'i', 'e', 'b', '.', 'd', 'e', '\0', + /* "register.gov.uk", true */ 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0', + /* "registerforevent.co.uk", true */ 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'f', 'o', 'r', 'e', 'v', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "registrar.io", true */ 'r', 'e', 'g', 'i', 's', 't', 'r', 'a', 'r', '.', 'i', 'o', '\0', + /* "regmyr.se", true */ 'r', 'e', 'g', 'm', 'y', 'r', '.', 's', 'e', '\0', + /* "regnix.net", true */ 'r', 'e', 'g', 'n', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "regnr.info", true */ 'r', 'e', 'g', 'n', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "regolithmedia.com", true */ 'r', 'e', 'g', 'o', 'l', 'i', 't', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "regraph.de", true */ 'r', 'e', 'g', 'r', 'a', 'p', 'h', '.', 'd', 'e', '\0', + /* "regsec.com", true */ 'r', 'e', 'g', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "regulations.gov", true */ 'r', 'e', 'g', 'u', 'l', 'a', 't', 'i', 'o', 'n', 's', '.', 'g', 'o', 'v', '\0', + /* "reha-honpo.jp", true */ 'r', 'e', 'h', 'a', '-', 'h', 'o', 'n', 'p', 'o', '.', 'j', 'p', '\0', + /* "rehabili-shigoto.com", true */ 'r', 'e', 'h', 'a', 'b', 'i', 'l', 'i', '-', 's', 'h', 'i', 'g', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "rehabphilippines.com", true */ 'r', 'e', 'h', 'a', 'b', 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "rehabthailand.com", true */ 'r', 'e', 'h', 'a', 'b', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "rehabthailand.org", true */ 'r', 'e', 'h', 'a', 'b', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0', + /* "rei.ki", true */ 'r', 'e', 'i', '.', 'k', 'i', '\0', + /* "reichel-steinmetz.de", true */ 'r', 'e', 'i', 'c', 'h', 'e', 'l', '-', 's', 't', 'e', 'i', 'n', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0', + /* "reichelt-cloud.de", true */ 'r', 'e', 'i', 'c', 'h', 'e', 'l', 't', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "reichl-online.net", true */ 'r', 'e', 'i', 'c', 'h', 'l', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "reidasbombas.com", true */ 'r', 'e', 'i', 'd', 'a', 's', 'b', 'o', 'm', 'b', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "reiki-coaching.nl", false */ 'r', 'e', 'i', 'k', 'i', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "reilly.io", true */ 'r', 'e', 'i', 'l', 'l', 'y', '.', 'i', 'o', '\0', + /* "reimaginebelonging.de", true */ 'r', 'e', 'i', 'm', 'a', 'g', 'i', 'n', 'e', 'b', 'e', 'l', 'o', 'n', 'g', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "reimann.me", true */ 'r', 'e', 'i', 'm', 'a', 'n', 'n', '.', 'm', 'e', '\0', + /* "reimers.de", true */ 'r', 'e', 'i', 'm', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "reimu.ink", false */ 'r', 'e', 'i', 'm', 'u', '.', 'i', 'n', 'k', '\0', + /* "rein.kr", true */ 'r', 'e', 'i', 'n', '.', 'k', 'r', '\0', + /* "reinaertvandecruys.me", false */ 'r', 'e', 'i', 'n', 'a', 'e', 'r', 't', 'v', 'a', 'n', 'd', 'e', 'c', 'r', 'u', 'y', 's', '.', 'm', 'e', '\0', + /* "reinaldudras.ee", true */ 'r', 'e', 'i', 'n', 'a', 'l', 'd', 'u', 'd', 'r', 'a', 's', '.', 'e', 'e', '\0', + /* "reinaldudrasfamily.ee", true */ 'r', 'e', 'i', 'n', 'a', 'l', 'd', 'u', 'd', 'r', 'a', 's', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'e', 'e', '\0', + /* "reineberthe.ch", true */ 'r', 'e', 'i', 'n', 'e', 'b', 'e', 'r', 't', 'h', 'e', '.', 'c', 'h', '\0', + /* "reinencaressa.be", true */ 'r', 'e', 'i', 'n', 'e', 'n', 'c', 'a', 'r', 'e', 's', 's', 'a', '.', 'b', 'e', '\0', + /* "reinfer.io", true */ 'r', 'e', 'i', 'n', 'f', 'e', 'r', '.', 'i', 'o', '\0', + /* "reinhard.codes", true */ 'r', 'e', 'i', 'n', 'h', 'a', 'r', 'd', '.', 'c', 'o', 'd', 'e', 's', '\0', + /* "reinhardtsgrimma.de", true */ 'r', 'e', 'i', 'n', 'h', 'a', 'r', 'd', 't', 's', 'g', 'r', 'i', 'm', 'm', 'a', '.', 'd', 'e', '\0', + /* "reinierjonker.nl", true */ 'r', 'e', 'i', 'n', 'i', 'e', 'r', 'j', 'o', 'n', 'k', 'e', 'r', '.', 'n', 'l', '\0', + /* "reinoldus.ddns.net", true */ 'r', 'e', 'i', 'n', 'o', 'l', 'd', 'u', 's', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "reinout.nu", true */ 'r', 'e', 'i', 'n', 'o', 'u', 't', '.', 'n', 'u', '\0', + /* "reinouthoornweg.nl", true */ 'r', 'e', 'i', 'n', 'o', 'u', 't', 'h', 'o', 'o', 'r', 'n', 'w', 'e', 'g', '.', 'n', 'l', '\0', + /* "reisekosten-gorilla.com", true */ 'r', 'e', 'i', 's', 'e', 'k', 'o', 's', 't', 'e', 'n', '-', 'g', 'o', 'r', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "reishunger.de", true */ 'r', 'e', 'i', 's', 'h', 'u', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "rejahrehim.com", true */ 'r', 'e', 'j', 'a', 'h', 'r', 'e', 'h', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "rejushiiplotter.ru", true */ 'r', 'e', 'j', 'u', 's', 'h', 'i', 'i', 'p', 'l', 'o', 't', 't', 'e', 'r', '.', 'r', 'u', '\0', + /* "rekorsanat.com.tr", true */ 'r', 'e', 'k', 'o', 'r', 's', 'a', 'n', 'a', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "relates.link", true */ 'r', 'e', 'l', 'a', 't', 'e', 's', '.', 'l', 'i', 'n', 'k', '\0', + /* "relatethesport.com", false */ 'r', 'e', 'l', 'a', 't', 'e', 't', 'h', 'e', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "relatic.net", true */ 'r', 'e', 'l', 'a', 't', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "relax.hn", true */ 'r', 'e', 'l', 'a', 'x', '.', 'h', 'n', '\0', + /* "relaxdom.net", true */ 'r', 'e', 'l', 'a', 'x', 'd', 'o', 'm', '.', 'n', 'e', 't', '\0', + /* "relaxhavefun.com", true */ 'r', 'e', 'l', 'a', 'x', 'h', 'a', 'v', 'e', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "relaxpointhyncice.cz", true */ 'r', 'e', 'l', 'a', 'x', 'p', 'o', 'i', 'n', 't', 'h', 'y', 'n', 'c', 'i', 'c', 'e', '.', 'c', 'z', '\0', + /* "relaybox.io", true */ 'r', 'e', 'l', 'a', 'y', 'b', 'o', 'x', '.', 'i', 'o', '\0', + /* "release-monitoring.org", true */ 'r', 'e', 'l', 'e', 'a', 's', 'e', '-', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "reliancebank.bank", true */ 'r', 'e', 'l', 'i', 'a', 'n', 'c', 'e', 'b', 'a', 'n', 'k', '.', 'b', 'a', 'n', 'k', '\0', + /* "religiousforums.com", true */ 'r', 'e', 'l', 'i', 'g', 'i', 'o', 'u', 's', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "relsak.cz", true */ 'r', 'e', 'l', 's', 'a', 'k', '.', 'c', 'z', '\0', + /* "rem0te.net", true */ 'r', 'e', 'm', '0', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "remambo.jp", true */ 'r', 'e', 'm', 'a', 'm', 'b', 'o', '.', 'j', 'p', '\0', + /* "remedioparaherpes.com", true */ 'r', 'e', 'm', 'e', 'd', 'i', 'o', 'p', 'a', 'r', 'a', 'h', 'e', 'r', 'p', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "remedioscaserosparalacistitis.com", true */ 'r', 'e', 'm', 'e', 'd', 'i', 'o', 's', 'c', 'a', 's', 'e', 'r', 'o', 's', 'p', 'a', 'r', 'a', 'l', 'a', 'c', 'i', 's', 't', 'i', 't', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "remedyrehab.com", true */ 'r', 'e', 'm', 'e', 'd', 'y', 'r', 'e', 'h', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "remejeanne.com", true */ 'r', 'e', 'm', 'e', 'j', 'e', 'a', 'n', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "rememberthemilk.com", false */ 'r', 'e', 'm', 'e', 'm', 'b', 'e', 'r', 't', 'h', 'e', 'm', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0', + /* "remodelwithlegacy.com", true */ 'r', 'e', 'm', 'o', 'd', 'e', 'l', 'w', 'i', 't', 'h', 'l', 'e', 'g', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "remonti.info", true */ 'r', 'e', 'm', 'o', 'n', 't', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "remote.so", true */ 'r', 'e', 'm', 'o', 't', 'e', '.', 's', 'o', '\0', + /* "remoteutilities.com", true */ 'r', 'e', 'm', 'o', 't', 'e', 'u', 't', 'i', 'l', 'i', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "removedrepo.com", true */ 'r', 'e', 'm', 'o', 'v', 'e', 'd', 'r', 'e', 'p', 'o', '.', 'c', 'o', 'm', '\0', + /* "renascentia.asia", true */ 'r', 'e', 'n', 'a', 's', 'c', 'e', 'n', 't', 'i', 'a', '.', 'a', 's', 'i', 'a', '\0', + /* "renaultclubticino.ch", true */ 'r', 'e', 'n', 'a', 'u', 'l', 't', 'c', 'l', 'u', 'b', 't', 'i', 'c', 'i', 'n', 'o', '.', 'c', 'h', '\0', + /* "renderloop.com", true */ 'r', 'e', 'n', 'd', 'e', 'r', 'l', 'o', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "rene-schwarz.com", true */ 'r', 'e', 'n', 'e', '-', 's', 'c', 'h', 'w', 'a', 'r', 'z', '.', 'c', 'o', 'm', '\0', + /* "rene-stolp.de", true */ 'r', 'e', 'n', 'e', '-', 's', 't', 'o', 'l', 'p', '.', 'd', 'e', '\0', + /* "renearends.nl", true */ 'r', 'e', 'n', 'e', 'a', 'r', 'e', 'n', 'd', 's', '.', 'n', 'l', '\0', + /* "reneleu.ch", true */ 'r', 'e', 'n', 'e', 'l', 'e', 'u', '.', 'c', 'h', '\0', + /* "renem.net", false */ 'r', 'e', 'n', 'e', 'm', '.', 'n', 'e', 't', '\0', + /* "renerehelse.no", false */ 'r', 'e', 'n', 'e', 'r', 'e', 'h', 'e', 'l', 's', 'e', '.', 'n', 'o', '\0', + /* "reneschmidt.de", true */ 'r', 'e', 'n', 'e', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 'd', 'e', '\0', + /* "renewablefreedom.org", true */ 'r', 'e', 'n', 'e', 'w', 'a', 'b', 'l', 'e', 'f', 'r', 'e', 'e', 'd', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "renezuo.com", true */ 'r', 'e', 'n', 'e', 'z', 'u', 'o', '.', 'c', 'o', 'm', '\0', + /* "renkenlaw.com", true */ 'r', 'e', 'n', 'k', 'e', 'n', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "renlen.nl", true */ 'r', 'e', 'n', 'l', 'e', 'n', '.', 'n', 'l', '\0', + /* "rennfire.org", true */ 'r', 'e', 'n', 'n', 'f', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "renov8sa.co.za", true */ 'r', 'e', 'n', 'o', 'v', '8', 's', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "renrenche.com", false */ 'r', 'e', 'n', 'r', 'e', 'n', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "rens.nu", true */ 'r', 'e', 'n', 's', '.', 'n', 'u', '\0', + /* "rent-a-coder.de", true */ 'r', 'e', 'n', 't', '-', 'a', '-', 'c', 'o', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "rentacaramerica.com", true */ 'r', 'e', 'n', 't', 'a', 'c', 'a', 'r', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "rentasweb.gob.ar", true */ 'r', 'e', 'n', 't', 'a', 's', 'w', 'e', 'b', '.', 'g', 'o', 'b', '.', 'a', 'r', '\0', + /* "rentinsingapore.com.sg", true */ 'r', 'e', 'n', 't', 'i', 'n', 's', 'i', 'n', 'g', 'a', 'p', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 's', 'g', '\0', + /* "rentourhomeinprovence.com", true */ 'r', 'e', 'n', 't', 'o', 'u', 'r', 'h', 'o', 'm', 'e', 'i', 'n', 'p', 'r', 'o', 'v', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "renuo.ch", false */ 'r', 'e', 'n', 'u', 'o', '.', 'c', 'h', '\0', + /* "reorz.com", true */ 'r', 'e', 'o', 'r', 'z', '.', 'c', 'o', 'm', '\0', + /* "reox.at", false */ 'r', 'e', 'o', 'x', '.', 'a', 't', '\0', + /* "repaik.com", true */ 'r', 'e', 'p', 'a', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "repair.by", true */ 'r', 'e', 'p', 'a', 'i', 'r', '.', 'b', 'y', '\0', + /* "repaper.org", true */ 'r', 'e', 'p', 'a', 'p', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "repaxan.com", true */ 'r', 'e', 'p', 'a', 'x', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "repex.co.il", true */ 'r', 'e', 'p', 'e', 'x', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "replaceits.me", true */ 'r', 'e', 'p', 'l', 'a', 'c', 'e', 'i', 't', 's', '.', 'm', 'e', '\0', + /* "replicagunsswords.com", false */ 'r', 'e', 'p', 'l', 'i', 'c', 'a', 'g', 'u', 'n', 's', 's', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "replicaswiss.nl", true */ 'r', 'e', 'p', 'l', 'i', 'c', 'a', 's', 'w', 'i', 's', 's', '.', 'n', 'l', '\0', + /* "report-uri.com", true */ 'r', 'e', 'p', 'o', 'r', 't', '-', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "reporting.gov", false */ 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0', + /* "reporturi.com", true */ 'r', 'e', 'p', 'o', 'r', 't', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "reporturi.io", true */ 'r', 'e', 'p', 'o', 'r', 't', 'u', 'r', 'i', '.', 'i', 'o', '\0', + /* "reposaarenkuva.fi", true */ 'r', 'e', 'p', 'o', 's', 'a', 'a', 'r', 'e', 'n', 'k', 'u', 'v', 'a', '.', 'f', 'i', '\0', + /* "reproduciblescience.org", true */ 'r', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 'i', 'b', 'l', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "reproductive-revolution.com", true */ 'r', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'v', 'e', '-', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "reproductiverevolution.com", true */ 'r', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'v', 'e', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "reprogramming-predators.com", true */ 'r', 'e', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', '-', 'p', 'r', 'e', 'd', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "reprogrammingpredators.com", true */ 'r', 'e', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', 'p', 'r', 'e', 'd', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "reprozip.org", true */ 'r', 'e', 'p', 'r', 'o', 'z', 'i', 'p', '.', 'o', 'r', 'g', '\0', + /* "repsomelt.com", true */ 'r', 'e', 'p', 's', 'o', 'm', 'e', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "reptrax.com", true */ 'r', 'e', 'p', 't', 'r', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "republic.gr", true */ 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'g', 'r', '\0', + /* "republique.org", true */ 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'q', 'u', 'e', '.', 'o', 'r', 'g', '\0', + /* "repugnant-conclusion.com", true */ 'r', 'e', 'p', 'u', 'g', 'n', 'a', 'n', 't', '-', 'c', 'o', 'n', 'c', 'l', 'u', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "repugnantconclusion.com", true */ 'r', 'e', 'p', 'u', 'g', 'n', 'a', 'n', 't', 'c', 'o', 'n', 'c', 'l', 'u', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "repustate.com", true */ 'r', 'e', 'p', 'u', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "reputationweaver.com", true */ 'r', 'e', 'p', 'u', 't', 'a', 't', 'i', 'o', 'n', 'w', 'e', 'a', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "reqrut.net", true */ 'r', 'e', 'q', 'r', 'u', 't', '.', 'n', 'e', 't', '\0', + /* "request-trent.com", true */ 'r', 'e', 'q', 'u', 'e', 's', 't', '-', 't', 'r', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "requestr.co.uk", true */ 'r', 'e', 'q', 'u', 'e', 's', 't', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "resama.eu", true */ 'r', 'e', 's', 'a', 'm', 'a', '.', 'e', 'u', '\0', + /* "resc.la", true */ 'r', 'e', 's', 'c', '.', 'l', 'a', '\0', + /* "rescms-secure.com", true */ 'r', 'e', 's', 'c', 'm', 's', '-', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "research.facebook.com", false */ 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "researchgate.net", true */ 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'g', 'a', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "reseausyndic.ca", true */ 'r', 'e', 's', 'e', 'a', 'u', 's', 'y', 'n', 'd', 'i', 'c', '.', 'c', 'a', '\0', + /* "reservar-un-hotel.com", true */ 'r', 'e', 's', 'e', 'r', 'v', 'a', 'r', '-', 'u', 'n', '-', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "residence-simoncelli.com", true */ 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'e', '-', 's', 'i', 'm', 'o', 'n', 'c', 'e', 'l', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "resist.ca", true */ 'r', 'e', 's', 'i', 's', 't', '.', 'c', 'a', '\0', + /* "resolvefa.co.uk", true */ 'r', 'e', 's', 'o', 'l', 'v', 'e', 'f', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "resolvefa.com", true */ 'r', 'e', 's', 'o', 'l', 'v', 'e', 'f', 'a', '.', 'c', 'o', 'm', '\0', + /* "resoplus.ch", true */ 'r', 'e', 's', 'o', 'p', 'l', 'u', 's', '.', 'c', 'h', '\0', + /* "resortohshima.com", true */ 'r', 'e', 's', 'o', 'r', 't', 'o', 'h', 's', 'h', 'i', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "resoundpro.ca", true */ 'r', 'e', 's', 'o', 'u', 'n', 'd', 'p', 'r', 'o', '.', 'c', 'a', '\0', + /* "resourceconnect.com", true */ 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "resourceguruapp.com", true */ 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 'g', 'u', 'r', 'u', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "resources.flowfinity.com", true */ 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', '.', 'f', 'l', 'o', 'w', 'f', 'i', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "respectmyprivacy.eu", true */ 'r', 'e', 's', 'p', 'e', 'c', 't', 'm', 'y', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'e', 'u', '\0', + /* "respectmyprivacy.net", true */ 'r', 'e', 's', 'p', 'e', 'c', 't', 'm', 'y', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'n', 'e', 't', '\0', + /* "respectmyprivacy.nl", true */ 'r', 'e', 's', 'p', 'e', 'c', 't', 'm', 'y', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'n', 'l', '\0', + /* "respon.jp", true */ 'r', 'e', 's', 'p', 'o', 'n', '.', 'j', 'p', '\0', + /* "responer.com", true */ 'r', 'e', 's', 'p', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "responsibledisclosure.nl", false */ 'r', 'e', 's', 'p', 'o', 'n', 's', 'i', 'b', 'l', 'e', 'd', 'i', 's', 'c', 'l', 'o', 's', 'u', 'r', 'e', '.', 'n', 'l', '\0', + /* "respostas.com.br", true */ 'r', 'e', 's', 'p', 'o', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "restaurant-mangal.ch", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '-', 'm', 'a', 'n', 'g', 'a', 'l', '.', 'c', 'h', '\0', + /* "restaurant-oregano.de", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '-', 'o', 'r', 'e', 'g', 'a', 'n', 'o', '.', 'd', 'e', '\0', + /* "restaurant-rosengarten.at", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '-', 'r', 'o', 's', 'e', 'n', 'g', 'a', 'r', 't', 'e', 'n', '.', 'a', 't', '\0', + /* "restaurantesimonetti.com.br", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', 'e', 's', 'i', 'm', 'o', 'n', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "restaurantmangal.ch", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', 'm', 'a', 'n', 'g', 'a', 'l', '.', 'c', 'h', '\0', + /* "restauranttester.at", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', 't', 'e', 's', 't', 'e', 'r', '.', 'a', 't', '\0', + /* "rester-a-domicile.ch", true */ 'r', 'e', 's', 't', 'e', 'r', '-', 'a', '-', 'd', 'o', 'm', 'i', 'c', 'i', 'l', 'e', '.', 'c', 'h', '\0', + /* "rester-autonome-chez-soi.ch", true */ 'r', 'e', 's', 't', 'e', 'r', '-', 'a', 'u', 't', 'o', 'n', 'o', 'm', 'e', '-', 'c', 'h', 'e', 'z', '-', 's', 'o', 'i', '.', 'c', 'h', '\0', + /* "restioson.me", true */ 'r', 'e', 's', 't', 'i', 'o', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "restoran-radovce.me", true */ 'r', 'e', 's', 't', 'o', 'r', 'a', 'n', '-', 'r', 'a', 'd', 'o', 'v', 'c', 'e', '.', 'm', 'e', '\0', + /* "restoreresearchstudy.com", true */ 'r', 'e', 's', 't', 'o', 'r', 'e', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 's', 't', 'u', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "restoruns.com", true */ 'r', 'e', 's', 't', 'o', 'r', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "restoruns.xyz", true */ 'r', 'e', 's', 't', 'o', 'r', 'u', 'n', 's', '.', 'x', 'y', 'z', '\0', + /* "restrealitaet.de", false */ 'r', 'e', 's', 't', 'r', 'e', 'a', 'l', 'i', 't', 'a', 'e', 't', '.', 'd', 'e', '\0', + /* "restrito.org", true */ 'r', 'e', 's', 't', 'r', 'i', 't', 'o', '.', 'o', 'r', 'g', '\0', + /* "resursedigitale.ro", true */ 'r', 'e', 's', 'u', 'r', 's', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'r', 'o', '\0', + /* "retcor.net", true */ 'r', 'e', 't', 'c', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "retetenoi.net", true */ 'r', 'e', 't', 'e', 't', 'e', 'n', 'o', 'i', '.', 'n', 'e', 't', '\0', + /* "reto.ch", true */ 'r', 'e', 't', 'o', '.', 'c', 'h', '\0', + /* "reto.com", true */ 'r', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "reto.io", true */ 'r', 'e', 't', 'o', '.', 'i', 'o', '\0', + /* "retogroup.com", true */ 'r', 'e', 't', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "retokromer.ch", true */ 'r', 'e', 't', 'o', 'k', 'r', 'o', 'm', 'e', 'r', '.', 'c', 'h', '\0', + /* "retro.rocks", true */ 'r', 'e', 't', 'r', 'o', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "retro.sx", true */ 'r', 'e', 't', 'r', 'o', '.', 's', 'x', '\0', + /* "retrofitlab.com", true */ 'r', 'e', 't', 'r', 'o', 'f', 'i', 't', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "retroity.net", true */ 'r', 'e', 't', 'r', 'o', 'i', 't', 'y', '.', 'n', 'e', 't', '\0', + /* "retropage.co", true */ 'r', 'e', 't', 'r', 'o', 'p', 'a', 'g', 'e', '.', 'c', 'o', '\0', + /* "retroroundup.com", true */ 'r', 'e', 't', 'r', 'o', 'r', 'o', 'u', 'n', 'd', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "retrotracks.net", true */ 'r', 'e', 't', 'r', 'o', 't', 'r', 'a', 'c', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "retrowave.eu", true */ 'r', 'e', 't', 'r', 'o', 'w', 'a', 'v', 'e', '.', 'e', 'u', '\0', + /* "rets.org.br", true */ 'r', 'e', 't', 's', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0', + /* "reucon.com", false */ 'r', 'e', 'u', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "reulitz.de", true */ 'r', 'e', 'u', 'l', 'i', 't', 'z', '.', 'd', 'e', '\0', + /* "reussirsavie.info", true */ 'r', 'e', 'u', 's', 's', 'i', 'r', 's', 'a', 'v', 'i', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "reuter-profishop.de", true */ 'r', 'e', 'u', 't', 'e', 'r', '-', 'p', 'r', 'o', 'f', 'i', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0', + /* "reuter-shop.com", true */ 'r', 'e', 'u', 't', 'e', 'r', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "reuter.de", true */ 'r', 'e', 'u', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "revamed.com", false */ 'r', 'e', 'v', 'a', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "revapost.fr", true */ 'r', 'e', 'v', 'a', 'p', 'o', 's', 't', '.', 'f', 'r', '\0', + /* "revayd.net", true */ 'r', 'e', 'v', 'a', 'y', 'd', '.', 'n', 'e', 't', '\0', + /* "revensoftware.com", true */ 'r', 'e', 'v', 'e', 'n', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "reverencestudios.com", true */ 'r', 'e', 'v', 'e', 'r', 'e', 'n', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "reverse.design", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0', + /* "reverseaustralia.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "reversecanada.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "reverseloansolutions.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 'l', 'o', 'a', 'n', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "reversesouthafrica.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "review.jp", true */ 'r', 'e', 'v', 'i', 'e', 'w', '.', 'j', 'p', '\0', + /* "revisionnotes.xyz", true */ 'r', 'e', 'v', 'i', 's', 'i', 'o', 'n', 'n', 'o', 't', 'e', 's', '.', 'x', 'y', 'z', '\0', + /* "revistapequenosolhares.com.br", true */ 'r', 'e', 'v', 'i', 's', 't', 'a', 'p', 'e', 'q', 'u', 'e', 'n', 'o', 's', 'o', 'l', 'h', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "revivalinhisword.com", true */ 'r', 'e', 'v', 'i', 'v', 'a', 'l', 'i', 'n', 'h', 'i', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "revivingtheredeemed.org", true */ 'r', 'e', 'v', 'i', 'v', 'i', 'n', 'g', 't', 'h', 'e', 'r', 'e', 'd', 'e', 'e', 'm', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "revlect.com", true */ 'r', 'e', 'v', 'l', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "revolt.tv", true */ 'r', 'e', 'v', 'o', 'l', 't', '.', 't', 'v', '\0', + /* "revthefox.co.uk", true */ 'r', 'e', 'v', 't', 'h', 'e', 'f', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rewardingexcellence.com", true */ 'r', 'e', 'w', 'a', 'r', 'd', 'i', 'n', 'g', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "rewrite3.com", true */ 'r', 'e', 'w', 'r', 'i', 't', 'e', '3', '.', 'c', 'o', 'm', '\0', + /* "rex.st", true */ 'r', 'e', 'x', '.', 's', 't', '\0', + /* "rex.tc", true */ 'r', 'e', 'x', '.', 't', 'c', '\0', + /* "rezexpert.com", true */ 'r', 'e', 'z', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "rezosup.net", true */ 'r', 'e', 'z', 'o', 's', 'u', 'p', '.', 'n', 'e', 't', '\0', + /* "rezosup.org", true */ 'r', 'e', 'z', 'o', 's', 'u', 'p', '.', 'o', 'r', 'g', '\0', + /* "rezultant.ru", true */ 'r', 'e', 'z', 'u', 'l', 't', 'a', 'n', 't', '.', 'r', 'u', '\0', + /* "rezun.cloud", true */ 'r', 'e', 'z', 'u', 'n', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "rf.tn", true */ 'r', 'f', '.', 't', 'n', '\0', + /* "rfeif.org", true */ 'r', 'f', 'e', 'i', 'f', '.', 'o', 'r', 'g', '\0', + /* "rgavmf.ru", true */ 'r', 'g', 'a', 'v', 'm', 'f', '.', 'r', 'u', '\0', + /* "rgbinnovation.com", true */ 'r', 'g', 'b', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "rgcomportement.fr", true */ 'r', 'g', 'c', 'o', 'm', 'p', 'o', 'r', 't', 'e', 'm', 'e', 'n', 't', '.', 'f', 'r', '\0', + /* "rgservers.com", true */ 'r', 'g', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "rhees.nl", true */ 'r', 'h', 'e', 'e', 's', '.', 'n', 'l', '\0', + /* "rhein-liebe.de", true */ 'r', 'h', 'e', 'i', 'n', '-', 'l', 'i', 'e', 'b', 'e', '.', 'd', 'e', '\0', + /* "rheinneckarmetal.com", true */ 'r', 'h', 'e', 'i', 'n', 'n', 'e', 'c', 'k', 'a', 'r', 'm', 'e', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "rheocube.com", true */ 'r', 'h', 'e', 'o', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "rhese.net", true */ 'r', 'h', 'e', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "rhetthenckel.com", true */ 'r', 'h', 'e', 't', 't', 'h', 'e', 'n', 'c', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "rheuma-online.de", true */ 'r', 'h', 'e', 'u', 'm', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "rhinelander.ca", true */ 'r', 'h', 'i', 'n', 'e', 'l', 'a', 'n', 'd', 'e', 'r', '.', 'c', 'a', '\0', + /* "rhinoceroses.org", true */ 'r', 'h', 'i', 'n', 'o', 'c', 'e', 'r', 'o', 's', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "rhiskiapril.com", true */ 'r', 'h', 'i', 's', 'k', 'i', 'a', 'p', 'r', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "rhnet.at", true */ 'r', 'h', 'n', 'e', 't', '.', 'a', 't', '\0', + /* "rhodenmanorcattery.co.uk", true */ 'r', 'h', 'o', 'd', 'e', 'n', 'm', 'a', 'n', 'o', 'r', 'c', 'a', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rhodes.ml", true */ 'r', 'h', 'o', 'd', 'e', 's', '.', 'm', 'l', '\0', + /* "rhodesianridgeback.com.br", true */ 'r', 'h', 'o', 'd', 'e', 's', 'i', 'a', 'n', 'r', 'i', 'd', 'g', 'e', 'b', 'a', 'c', 'k', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "rhodri.io", true */ 'r', 'h', 'o', 'd', 'r', 'i', '.', 'i', 'o', '\0', + /* "rhymeswithmogul.com", true */ 'r', 'h', 'y', 'm', 'e', 's', 'w', 'i', 't', 'h', 'm', 'o', 'g', 'u', 'l', '.', 'c', 'o', 'm', '\0', + /* "rhymix.org", true */ 'r', 'h', 'y', 'm', 'i', 'x', '.', 'o', 'r', 'g', '\0', + /* "rhynl.io", true */ 'r', 'h', 'y', 'n', 'l', '.', 'i', 'o', '\0', + /* "rial.space", true */ 'r', 'i', 'a', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "ribs.com", true */ 'r', 'i', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "ricardo.nu", true */ 'r', 'i', 'c', 'a', 'r', 'd', 'o', '.', 'n', 'u', '\0', + /* "ricardobalk.nl", true */ 'r', 'i', 'c', 'a', 'r', 'd', 'o', 'b', 'a', 'l', 'k', '.', 'n', 'l', '\0', + /* "ricaud.me", true */ 'r', 'i', 'c', 'a', 'u', 'd', '.', 'm', 'e', '\0', + /* "riccy.org", true */ 'r', 'i', 'c', 'c', 'y', '.', 'o', 'r', 'g', '\0', + /* "riceadvice.info", true */ 'r', 'i', 'c', 'e', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "richardb.me", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'b', '.', 'm', 'e', '\0', + /* "richardcrosby.co.uk", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'c', 'r', 'o', 's', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "richardhering.de", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'h', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "richardjgreen.net", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'j', 'g', 'r', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "richardlangworth.com", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'l', 'a', 'n', 'g', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "richardlugten.nl", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'l', 'u', 'g', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "richardrblocker.net", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'r', 'b', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "richardson.engineering", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0', + /* "richardson.pictures", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '\0', + /* "richardson.software", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0', + /* "richardson.systems", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0', + /* "richardwarrender.com", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'w', 'a', 'r', 'r', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "richie.link", true */ 'r', 'i', 'c', 'h', 'i', 'e', '.', 'l', 'i', 'n', 'k', '\0', + /* "richonrails.com", true */ 'r', 'i', 'c', 'h', 'o', 'n', 'r', 'a', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "ricketyspace.net", true */ 'r', 'i', 'c', 'k', 'e', 't', 'y', 's', 'p', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "ricki-z.com", true */ 'r', 'i', 'c', 'k', 'i', '-', 'z', '.', 'c', 'o', 'm', '\0', + /* "rickmartensen.nl", true */ 'r', 'i', 'c', 'k', 'm', 'a', 'r', 't', 'e', 'n', 's', 'e', 'n', '.', 'n', 'l', '\0', + /* "ricknox.com", true */ 'r', 'i', 'c', 'k', 'n', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "rickrongen.nl", true */ 'r', 'i', 'c', 'k', 'r', 'o', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "rickscastles.co.uk", true */ 'r', 'i', 'c', 'k', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rickweijers.nl", true */ 'r', 'i', 'c', 'k', 'w', 'e', 'i', 'j', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "rickyromero.com", true */ 'r', 'i', 'c', 'k', 'y', 'r', 'o', 'm', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "rico-brase.de", false */ 'r', 'i', 'c', 'o', '-', 'b', 'r', 'a', 's', 'e', '.', 'd', 'e', '\0', + /* "rico.ovh", true */ 'r', 'i', 'c', 'o', '.', 'o', 'v', 'h', '\0', + /* "ricochet.im", true */ 'r', 'i', 'c', 'o', 'c', 'h', 'e', 't', '.', 'i', 'm', '\0', + /* "ricozienke.de", true */ 'r', 'i', 'c', 'o', 'z', 'i', 'e', 'n', 'k', 'e', '.', 'd', 'e', '\0', + /* "riddims.co", true */ 'r', 'i', 'd', 'd', 'i', 'm', 's', '.', 'c', 'o', '\0', + /* "ride-up.com", true */ 'r', 'i', 'd', 'e', '-', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "ridingboutique.de", true */ 'r', 'i', 'd', 'i', 'n', 'g', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'd', 'e', '\0', + /* "ridingoklahoma.com", true */ 'r', 'i', 'd', 'i', 'n', 'g', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "rienasemettre.fr", true */ 'r', 'i', 'e', 'n', 'a', 's', 'e', 'm', 'e', 't', 't', 'r', 'e', '.', 'f', 'r', '\0', + /* "riesenmagnete.de", true */ 'r', 'i', 'e', 's', 'e', 'n', 'm', 'a', 'g', 'n', 'e', 't', 'e', '.', 'd', 'e', '\0', + /* "riesenweber.id.au", true */ 'r', 'i', 'e', 's', 'e', 'n', 'w', 'e', 'b', 'e', 'r', '.', 'i', 'd', '.', 'a', 'u', '\0', + /* "riesheating.com", true */ 'r', 'i', 'e', 's', 'h', 'e', 'a', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "rievo.net", true */ 'r', 'i', 'e', 'v', 'o', '.', 'n', 'e', 't', '\0', + /* "riffreporter.de", true */ 'r', 'i', 'f', 'f', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "rift.pictures", true */ 'r', 'i', 'f', 't', '.', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '\0', + /* "rigabeerbike.com", true */ 'r', 'i', 'g', 'a', 'b', 'e', 'e', 'r', 'b', 'i', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "rigabeerbike.lv", true */ 'r', 'i', 'g', 'a', 'b', 'e', 'e', 'r', 'b', 'i', 'k', 'e', '.', 'l', 'v', '\0', + /* "rigart-michael.be", true */ 'r', 'i', 'g', 'a', 'r', 't', '-', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'b', 'e', '\0', + /* "rigartmichael.be", true */ 'r', 'i', 'g', 'a', 'r', 't', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'b', 'e', '\0', + /* "righettod.eu", true */ 'r', 'i', 'g', 'h', 'e', 't', 't', 'o', 'd', '.', 'e', 'u', '\0', + /* "righini.ch", true */ 'r', 'i', 'g', 'h', 'i', 'n', 'i', '.', 'c', 'h', '\0', + /* "rightbrain.training", true */ 'r', 'i', 'g', 'h', 't', 'b', 'r', 'a', 'i', 'n', '.', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '\0', + /* "rightcapital.com", true */ 'r', 'i', 'g', 'h', 't', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "righteousendeavour.com", true */ 'r', 'i', 'g', 'h', 't', 'e', 'o', 'u', 's', 'e', 'n', 'd', 'e', 'a', 'v', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "rightstuff.link", true */ 'r', 'i', 'g', 'h', 't', 's', 't', 'u', 'f', 'f', '.', 'l', 'i', 'n', 'k', '\0', + /* "righttobuy.gov.uk", true */ 'r', 'i', 'g', 'h', 't', 't', 'o', 'b', 'u', 'y', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0', + /* "rijk-catering.nl", false */ 'r', 'i', 'j', 'k', '-', 'c', 'a', 't', 'e', 'r', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "rijschoolgevonden.nl", false */ 'r', 'i', 'j', 's', 'c', 'h', 'o', 'o', 'l', 'g', 'e', 'v', 'o', 'n', 'd', 'e', 'n', '.', 'n', 'l', '\0', + /* "rijsinkunst.nl", true */ 'r', 'i', 'j', 's', 'i', 'n', 'k', 'u', 'n', 's', 't', '.', 'n', 'l', '\0', + /* "rile5.com", true */ 'r', 'i', 'l', 'e', '5', '.', 'c', 'o', 'm', '\0', + /* "rileyevans.co.uk", true */ 'r', 'i', 'l', 'e', 'y', 'e', 'v', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rimax.vn", true */ 'r', 'i', 'm', 'a', 'x', '.', 'v', 'n', '\0', + /* "rimcountrymuseum.org", true */ 'r', 'i', 'm', 'c', 'o', 'u', 'n', 't', 'r', 'y', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "rimeto.io", true */ 'r', 'i', 'm', 'e', 't', 'o', '.', 'i', 'o', '\0', + /* "rimo.site", true */ 'r', 'i', 'm', 'o', '.', 's', 'i', 't', 'e', '\0', + /* "ringingliberty.com", true */ 'r', 'i', 'n', 'g', 'i', 'n', 'g', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "rinj.se", true */ 'r', 'i', 'n', 'j', '.', 's', 'e', '\0', + /* "rinvex.com", true */ 'r', 'i', 'n', 'v', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "rio-weimar.de", true */ 'r', 'i', 'o', '-', 'w', 'e', 'i', 'm', 'a', 'r', '.', 'd', 'e', '\0', + /* "rioshop.com.br", true */ 'r', 'i', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "rip-sport.cz", true */ 'r', 'i', 'p', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'z', '\0', + /* "ripmixmake.org", true */ 'r', 'i', 'p', 'm', 'i', 'x', 'm', 'a', 'k', 'e', '.', 'o', 'r', 'g', '\0', + /* "ripple.com", true */ 'r', 'i', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "ris.fi", true */ 'r', 'i', 's', '.', 'f', 'i', '\0', + /* "risada.nl", true */ 'r', 'i', 's', 'a', 'd', 'a', '.', 'n', 'l', '\0', + /* "risaphuketproperty.com", true */ 'r', 'i', 's', 'a', 'p', 'h', 'u', 'k', 'e', 't', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "riscascape.net", true */ 'r', 'i', 's', 'c', 'a', 's', 'c', 'a', 'p', 'e', '.', 'n', 'e', 't', '\0', + /* "rischard.org", true */ 'r', 'i', 's', 'c', 'h', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "rise-technologies.com", true */ 'r', 'i', 's', 'e', '-', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "riseup.net", true */ 'r', 'i', 's', 'e', 'u', 'p', '.', 'n', 'e', 't', '\0', + /* "rishikeshyoga.in", true */ 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', 'y', 'o', 'g', 'a', '.', 'i', 'n', '\0', + /* "risiinfo.com", true */ 'r', 'i', 's', 'i', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "risingsun.red", true */ 'r', 'i', 's', 'i', 'n', 'g', 's', 'u', 'n', '.', 'r', 'e', 'd', '\0', + /* "riskmitigation.ch", true */ 'r', 'i', 's', 'k', 'm', 'i', 't', 'i', 'g', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0', + /* "risparmiare.info", true */ 'r', 'i', 's', 'p', 'a', 'r', 'm', 'i', 'a', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "rissato.com.br", true */ 'r', 'i', 's', 's', 'a', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "ristioja.ee", true */ 'r', 'i', 's', 't', 'i', 'o', 'j', 'a', '.', 'e', 'e', '\0', + /* "ristoarea.it", true */ 'r', 'i', 's', 't', 'o', 'a', 'r', 'e', 'a', '.', 'i', 't', '\0', + /* "ristorantefattoamano.eu", true */ 'r', 'i', 's', 't', 'o', 'r', 'a', 'n', 't', 'e', 'f', 'a', 't', 't', 'o', 'a', 'm', 'a', 'n', 'o', '.', 'e', 'u', '\0', + /* "ristorantefattoamano.it", true */ 'r', 'i', 's', 't', 'o', 'r', 'a', 'n', 't', 'e', 'f', 'a', 't', 't', 'o', 'a', 'm', 'a', 'n', 'o', '.', 'i', 't', '\0', + /* "rittau.biz", true */ 'r', 'i', 't', 't', 'a', 'u', '.', 'b', 'i', 'z', '\0', + /* "rittau.org", true */ 'r', 'i', 't', 't', 'a', 'u', '.', 'o', 'r', 'g', '\0', + /* "ritzlux.com.tw", true */ 'r', 'i', 't', 'z', 'l', 'u', 'x', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "rivaforum.de", true */ 'r', 'i', 'v', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "rivagecare.it", true */ 'r', 'i', 'v', 'a', 'g', 'e', 'c', 'a', 'r', 'e', '.', 'i', 't', '\0', + /* "rivalsa.cn", true */ 'r', 'i', 'v', 'a', 'l', 's', 'a', '.', 'c', 'n', '\0', + /* "rivastation.de", true */ 'r', 'i', 'v', 'a', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "riverbanktearooms.co.uk", true */ 'r', 'i', 'v', 'e', 'r', 'b', 'a', 'n', 'k', 't', 'e', 'a', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "riverford.co.uk", true */ 'r', 'i', 'v', 'e', 'r', 'f', 'o', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rivermendhealthcenters.com", true */ 'r', 'i', 'v', 'e', 'r', 'm', 'e', 'n', 'd', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'e', 'n', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "rivermist.com.au", true */ 'r', 'i', 'v', 'e', 'r', 'm', 'i', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "riversideauto.net", true */ 'r', 'i', 'v', 'e', 'r', 's', 'i', 'd', 'e', 'a', 'u', 't', 'o', '.', 'n', 'e', 't', '\0', + /* "riversideradio.nl", true */ 'r', 'i', 'v', 'e', 'r', 's', 'i', 'd', 'e', 'r', 'a', 'd', 'i', 'o', '.', 'n', 'l', '\0', + /* "riverstyxgame.com", true */ 'r', 'i', 'v', 'e', 'r', 's', 't', 'y', 'x', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "riverweb.gr", true */ 'r', 'i', 'v', 'e', 'r', 'w', 'e', 'b', '.', 'g', 'r', '\0', + /* "rivierasaints.ch", true */ 'r', 'i', 'v', 'i', 'e', 'r', 'a', 's', 'a', 'i', 'n', 't', 's', '.', 'c', 'h', '\0', + /* "rivy.org", true */ 'r', 'i', 'v', 'y', '.', 'o', 'r', 'g', '\0', + /* "rix.ninja", true */ 'r', 'i', 'x', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "rixter.com", true */ 'r', 'i', 'x', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "riyono.com", true */ 'r', 'i', 'y', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "rizospastis.gr", true */ 'r', 'i', 'z', 'o', 's', 'p', 'a', 's', 't', 'i', 's', '.', 'g', 'r', '\0', + /* "rj-onderneemt.nl", true */ 'r', 'j', '-', 'o', 'n', 'd', 'e', 'r', 'n', 'e', 'e', 'm', 't', '.', 'n', 'l', '\0', + /* "rjnutrition.consulting", true */ 'r', 'j', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0', + /* "rkc-hygrotherm.de", true */ 'r', 'k', 'c', '-', 'h', 'y', 'g', 'r', 'o', 't', 'h', 'e', 'r', 'm', '.', 'd', 'e', '\0', + /* "rlalique.com", true */ 'r', 'l', 'a', 'l', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "rld.org", true */ 'r', 'l', 'd', '.', 'o', 'r', 'g', '\0', + /* "rlds.ch", true */ 'r', 'l', 'd', 's', '.', 'c', 'h', '\0', + /* "rleh.de", true */ 'r', 'l', 'e', 'h', '.', 'd', 'e', '\0', + /* "rlove.org", true */ 'r', 'l', 'o', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "rlsnet.ru", false */ 'r', 'l', 's', 'n', 'e', 't', '.', 'r', 'u', '\0', + /* "rm-it.de", true */ 'r', 'm', '-', 'i', 't', '.', 'd', 'e', '\0', + /* "rmb.li", true */ 'r', 'm', 'b', '.', 'l', 'i', '\0', + /* "rmcbs.de", true */ 'r', 'm', 'c', 'b', 's', '.', 'd', 'e', '\0', + /* "rmdlingerie.com.br", true */ 'r', 'm', 'd', 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "rmf.io", true */ 'r', 'm', 'f', '.', 'i', 'o', '\0', + /* "rmit.me", true */ 'r', 'm', 'i', 't', '.', 'm', 'e', '\0', + /* "rmk.si", true */ 'r', 'm', 'k', '.', 's', 'i', '\0', + /* "rmmanfredi.com", true */ 'r', 'm', 'm', 'a', 'n', 'f', 'r', 'e', 'd', 'i', '.', 'c', 'o', 'm', '\0', + /* "rmpsolution.de", true */ 'r', 'm', 'p', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "rmrig.org", true */ 'r', 'm', 'r', 'i', 'g', '.', 'o', 'r', 'g', '\0', + /* "rms.sexy", true */ 'r', 'm', 's', '.', 's', 'e', 'x', 'y', '\0', + /* "rmsides.com", true */ 'r', 'm', 's', 'i', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "rmstudio.tw", true */ 'r', 'm', 's', 't', 'u', 'd', 'i', 'o', '.', 't', 'w', '\0', + /* "rmsupply.nl", true */ 'r', 'm', 's', 'u', 'p', 'p', 'l', 'y', '.', 'n', 'l', '\0', + /* "rnag.ie", true */ 'r', 'n', 'a', 'g', '.', 'i', 'e', '\0', + /* "rnb-storenbau.ch", true */ 'r', 'n', 'b', '-', 's', 't', 'o', 'r', 'e', 'n', 'b', 'a', 'u', '.', 'c', 'h', '\0', + /* "rngmeme.com", true */ 'r', 'n', 'g', 'm', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "rnt.cl", true */ 'r', 'n', 't', '.', 'c', 'l', '\0', + /* "ro.search.yahoo.com", false */ 'r', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "roadguard.nl", true */ 'r', 'o', 'a', 'd', 'g', 'u', 'a', 'r', 'd', '.', 'n', 'l', '\0', + /* "roadtopgm.com", true */ 'r', 'o', 'a', 'd', 't', 'o', 'p', 'g', 'm', '.', 'c', 'o', 'm', '\0', + /* "roave.com", true */ 'r', 'o', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "rob.uk.com", true */ 'r', 'o', 'b', '.', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "rob006.net", true */ 'r', 'o', 'b', '0', '0', '6', '.', 'n', 'e', 't', '\0', + /* "robandjanine.com", true */ 'r', 'o', 'b', 'a', 'n', 'd', 'j', 'a', 'n', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "robbertt.com", true */ 'r', 'o', 'b', 'b', 'e', 'r', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "robert-flynn.de", true */ 'r', 'o', 'b', 'e', 'r', 't', '-', 'f', 'l', 'y', 'n', 'n', '.', 'd', 'e', '\0', + /* "robertabittle.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'a', 'b', 'i', 't', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "robertattfield.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'a', 't', 't', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "robertg.me", true */ 'r', 'o', 'b', 'e', 'r', 't', 'g', '.', 'm', 'e', '\0', + /* "robertglastra.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'g', 'l', 'a', 's', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "roberthurlbut.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'h', 'u', 'r', 'l', 'b', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "robertkrueger.de", true */ 'r', 'o', 'b', 'e', 'r', 't', 'k', 'r', 'u', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "robertlysik.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'l', 'y', 's', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "roberto-webhosting.nl", true */ 'r', 'o', 'b', 'e', 'r', 't', 'o', '-', 'w', 'e', 'b', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "robertoentringer.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'o', 'e', 'n', 't', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "robertof.ovh", true */ 'r', 'o', 'b', 'e', 'r', 't', 'o', 'f', '.', 'o', 'v', 'h', '\0', + /* "robertreiser.photography", true */ 'r', 'o', 'b', 'e', 'r', 't', 'r', 'e', 'i', 's', 'e', 'r', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0', + /* "robertrijnders.nl", true */ 'r', 'o', 'b', 'e', 'r', 't', 'r', 'i', 'j', 'n', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "robertsmits.be", true */ 'r', 'o', 'b', 'e', 'r', 't', 's', 'm', 'i', 't', 's', '.', 'b', 'e', '\0', + /* "robhorstmanshof.nl", true */ 'r', 'o', 'b', 'h', 'o', 'r', 's', 't', 'm', 'a', 'n', 's', 'h', 'o', 'f', '.', 'n', 'l', '\0', + /* "robin-novotny.com", true */ 'r', 'o', 'b', 'i', 'n', '-', 'n', 'o', 'v', 'o', 't', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "robin.co.kr", true */ 'r', 'o', 'b', 'i', 'n', '.', 'c', 'o', '.', 'k', 'r', '\0', + /* "robin.info", true */ 'r', 'o', 'b', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "robinadr.com", true */ 'r', 'o', 'b', 'i', 'n', 'a', 'd', 'r', '.', 'c', 'o', 'm', '\0', + /* "robinevandenbos.nl", true */ 'r', 'o', 'b', 'i', 'n', 'e', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0', + /* "robinflikkema.nl", true */ 'r', 'o', 'b', 'i', 'n', 'f', 'l', 'i', 'k', 'k', 'e', 'm', 'a', '.', 'n', 'l', '\0', + /* "robinhoodbingo.com", true */ 'r', 'o', 'b', 'i', 'n', 'h', 'o', 'o', 'd', 'b', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "robinlinden.eu", true */ 'r', 'o', 'b', 'i', 'n', 'l', 'i', 'n', 'd', 'e', 'n', '.', 'e', 'u', '\0', + /* "robinsonstrategy.com", true */ 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "robinsonyu.com", true */ 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', 'y', 'u', '.', 'c', 'o', 'm', '\0', + /* "robinvdmarkt.nl", true */ 'r', 'o', 'b', 'i', 'n', 'v', 'd', 'm', 'a', 'r', 'k', 't', '.', 'n', 'l', '\0', + /* "robinwinslow.uk", true */ 'r', 'o', 'b', 'i', 'n', 'w', 'i', 'n', 's', 'l', 'o', 'w', '.', 'u', 'k', '\0', + /* "robjager-fotografie.nl", true */ 'r', 'o', 'b', 'j', 'a', 'g', 'e', 'r', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0', + /* "robocop.no", true */ 'r', 'o', 'b', 'o', 'c', 'o', 'p', '.', 'n', 'o', '\0', + /* "robodeidentidad.gov", true */ 'r', 'o', 'b', 'o', 'd', 'e', 'i', 'd', 'e', 'n', 't', 'i', 'd', 'a', 'd', '.', 'g', 'o', 'v', '\0', + /* "robohash.org", true */ 'r', 'o', 'b', 'o', 'h', 'a', 's', 'h', '.', 'o', 'r', 'g', '\0', + /* "robot.car", true */ 'r', 'o', 'b', 'o', 't', '.', 'c', 'a', 'r', '\0', + /* "robotattack.org", true */ 'r', 'o', 'b', 'o', 't', 'a', 't', 't', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "robotham.org", true */ 'r', 'o', 'b', 'o', 't', 'h', 'a', 'm', '.', 'o', 'r', 'g', '\0', + /* "robototes.com", true */ 'r', 'o', 'b', 'o', 't', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "robots-ju.ch", true */ 'r', 'o', 'b', 'o', 't', 's', '-', 'j', 'u', '.', 'c', 'h', '\0', + /* "robpol86.com", true */ 'r', 'o', 'b', 'p', 'o', 'l', '8', '6', '.', 'c', 'o', 'm', '\0', + /* "robspc.repair", true */ 'r', 'o', 'b', 's', 'p', 'c', '.', 'r', 'e', 'p', 'a', 'i', 'r', '\0', + /* "robspeed.rocks", true */ 'r', 'o', 'b', 's', 'p', 'e', 'e', 'd', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "robu.in", true */ 'r', 'o', 'b', 'u', '.', 'i', 'n', '\0', + /* "robud.info", true */ 'r', 'o', 'b', 'u', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "rocka.me", true */ 'r', 'o', 'c', 'k', 'a', '.', 'm', 'e', '\0', + /* "rockagogo.com", true */ 'r', 'o', 'c', 'k', 'a', 'g', 'o', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "rockbankland.com.au", true */ 'r', 'o', 'c', 'k', 'b', 'a', 'n', 'k', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "rockcanyonbank.com", true */ 'r', 'o', 'c', 'k', 'c', 'a', 'n', 'y', 'o', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "rockcellar.ch", true */ 'r', 'o', 'c', 'k', 'c', 'e', 'l', 'l', 'a', 'r', '.', 'c', 'h', '\0', + /* "rockenfuerlachenhelfen.de", true */ 'r', 'o', 'c', 'k', 'e', 'n', 'f', 'u', 'e', 'r', 'l', 'a', 'c', 'h', 'e', 'n', 'h', 'e', 'l', 'f', 'e', 'n', '.', 'd', 'e', '\0', + /* "rocketr.net", true */ 'r', 'o', 'c', 'k', 'e', 't', 'r', '.', 'n', 'e', 't', '\0', + /* "rockfax.com", true */ 'r', 'o', 'c', 'k', 'f', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "rockhounds.co.za", true */ 'r', 'o', 'c', 'k', 'h', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "rockinronniescastles.co.uk", true */ 'r', 'o', 'c', 'k', 'i', 'n', 'r', 'o', 'n', 'n', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rockitinflatables.co.uk", true */ 'r', 'o', 'c', 'k', 'i', 't', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rockpesado.com.br", true */ 'r', 'o', 'c', 'k', 'p', 'e', 's', 'a', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "rockthebabybump.com", true */ 'r', 'o', 'c', 'k', 't', 'h', 'e', 'b', 'a', 'b', 'y', 'b', 'u', 'm', 'p', '.', 'c', 'o', 'm', '\0', + /* "rockuse.com.br", true */ 'r', 'o', 'c', 'k', 'u', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "rockymountainspice.com", true */ 'r', 'o', 'c', 'k', 'y', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 's', 'p', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "rocssti.net", true */ 'r', 'o', 'c', 's', 's', 't', 'i', '.', 'n', 'e', 't', '\0', + /* "rodeobull.biz", true */ 'r', 'o', 'd', 'e', 'o', 'b', 'u', 'l', 'l', '.', 'b', 'i', 'z', '\0', + /* "rodeohire.com", true */ 'r', 'o', 'd', 'e', 'o', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "rodeosales.co.uk", true */ 'r', 'o', 'd', 'e', 'o', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rodevlaggen.nl", true */ 'r', 'o', 'd', 'e', 'v', 'l', 'a', 'g', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "rodichi.net", true */ 'r', 'o', 'd', 'i', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0', + /* "rodolfo.gs", true */ 'r', 'o', 'd', 'o', 'l', 'f', 'o', '.', 'g', 's', '\0', + /* "rodomonte.org", true */ 'r', 'o', 'd', 'o', 'm', 'o', 'n', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "rodrigocarvalho.blog.br", true */ 'r', 'o', 'd', 'r', 'i', 'g', 'o', 'c', 'a', 'r', 'v', 'a', 'l', 'h', 'o', '.', 'b', 'l', 'o', 'g', '.', 'b', 'r', '\0', + /* "rodzina-kupiec.eu.org", true */ 'r', 'o', 'd', 'z', 'i', 'n', 'a', '-', 'k', 'u', 'p', 'i', 'e', 'c', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "roeckx.be", true */ 'r', 'o', 'e', 'c', 'k', 'x', '.', 'b', 'e', '\0', + /* "roeitijd.nl", true */ 'r', 'o', 'e', 'i', 't', 'i', 'j', 'd', '.', 'n', 'l', '\0', + /* "roeldevries.me", true */ 'r', 'o', 'e', 'l', 'd', 'e', 'v', 'r', 'i', 'e', 's', '.', 'm', 'e', '\0', + /* "roelf.org", true */ 'r', 'o', 'e', 'l', 'f', '.', 'o', 'r', 'g', '\0', + /* "roelhollander.eu", true */ 'r', 'o', 'e', 'l', 'h', 'o', 'l', 'l', 'a', 'n', 'd', 'e', 'r', '.', 'e', 'u', '\0', + /* "roelof.io", true */ 'r', 'o', 'e', 'l', 'o', 'f', '.', 'i', 'o', '\0', + /* "roelsworld.eu", true */ 'r', 'o', 'e', 'l', 's', 'w', 'o', 'r', 'l', 'd', '.', 'e', 'u', '\0', + /* "roemhild.de", true */ 'r', 'o', 'e', 'm', 'h', 'i', 'l', 'd', '.', 'd', 'e', '\0', + /* "roerstaafjes.nl", true */ 'r', 'o', 'e', 'r', 's', 't', 'a', 'a', 'f', 'j', 'e', 's', '.', 'n', 'l', '\0', + /* "roessner-network-solutions.com", false */ 'r', 'o', 'e', 's', 's', 'n', 'e', 'r', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "roffe.nu", true */ 'r', 'o', 'f', 'f', 'e', '.', 'n', 'u', '\0', + /* "rofl.com.ua", true */ 'r', 'o', 'f', 'l', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "roflcopter.fr", true */ 'r', 'o', 'f', 'l', 'c', 'o', 'p', 't', 'e', 'r', '.', 'f', 'r', '\0', + /* "rogagym.com", true */ 'r', 'o', 'g', 'a', 'g', 'y', 'm', '.', 'c', 'o', 'm', '\0', + /* "rogeiro.net", true */ 'r', 'o', 'g', 'e', 'i', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "roger101.com", true */ 'r', 'o', 'g', 'e', 'r', '1', '0', '1', '.', 'c', 'o', 'm', '\0', + /* "rogerdat.ovh", true */ 'r', 'o', 'g', 'e', 'r', 'd', 'a', 't', '.', 'o', 'v', 'h', '\0', + /* "rogerhub.com", true */ 'r', 'o', 'g', 'e', 'r', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "rogerriendeau.ca", true */ 'r', 'o', 'g', 'e', 'r', 'r', 'i', 'e', 'n', 'd', 'e', 'a', 'u', '.', 'c', 'a', '\0', + /* "rogersaam.ch", true */ 'r', 'o', 'g', 'e', 'r', 's', 'a', 'a', 'm', '.', 'c', 'h', '\0', + /* "rogersremovals.co.uk", true */ 'r', 'o', 'g', 'e', 'r', 's', 'r', 'e', 'm', 'o', 'v', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rogersvilleumc.org", true */ 'r', 'o', 'g', 'e', 'r', 's', 'v', 'i', 'l', 'l', 'e', 'u', 'm', 'c', '.', 'o', 'r', 'g', '\0', + /* "rognhaugen.no", true */ 'r', 'o', 'g', 'n', 'h', 'a', 'u', 'g', 'e', 'n', '.', 'n', 'o', '\0', + /* "rogue-e.xyz", true */ 'r', 'o', 'g', 'u', 'e', '-', 'e', '.', 'x', 'y', 'z', '\0', + /* "roguefinancial.com", true */ 'r', 'o', 'g', 'u', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "roguefortgame.com", true */ 'r', 'o', 'g', 'u', 'e', 'f', 'o', 'r', 't', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "roguesignal.net", true */ 'r', 'o', 'g', 'u', 'e', 's', 'i', 'g', 'n', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "roguetechhub.org", true */ 'r', 'o', 'g', 'u', 'e', 't', 'e', 'c', 'h', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0', + /* "rohedaten.de", true */ 'r', 'o', 'h', 'e', 'd', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "rohitagr.com", true */ 'r', 'o', 'h', 'i', 't', 'a', 'g', 'r', '.', 'c', 'o', 'm', '\0', + /* "rointe.online", true */ 'r', 'o', 'i', 'n', 't', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "roiscroll.com", true */ 'r', 'o', 'i', 's', 'c', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "rokki.ch", true */ 'r', 'o', 'k', 'k', 'i', '.', 'c', 'h', '\0', + /* "rokort.dk", true */ 'r', 'o', 'k', 'o', 'r', 't', '.', 'd', 'k', '\0', + /* "rokudenashi.de", true */ 'r', 'o', 'k', 'u', 'd', 'e', 'n', 'a', 's', 'h', 'i', '.', 'd', 'e', '\0', + /* "roland.io", true */ 'r', 'o', 'l', 'a', 'n', 'd', '.', 'i', 'o', '\0', + /* "rolandkolodziej.com", true */ 'r', 'o', 'l', 'a', 'n', 'd', 'k', 'o', 'l', 'o', 'd', 'z', 'i', 'e', 'j', '.', 'c', 'o', 'm', '\0', + /* "rolandreed.cn", true */ 'r', 'o', 'l', 'a', 'n', 'd', 'r', 'e', 'e', 'd', '.', 'c', 'n', '\0', + /* "rolandszabo.com", true */ 'r', 'o', 'l', 'a', 'n', 'd', 's', 'z', 'a', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "rolliwelt.de", true */ 'r', 'o', 'l', 'l', 'i', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0', + /* "rolodato.com", true */ 'r', 'o', 'l', 'o', 'd', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "roma-servizi.it", true */ 'r', 'o', 'm', 'a', '-', 's', 'e', 'r', 'v', 'i', 'z', 'i', '.', 'i', 't', '\0', + /* "romab.com", true */ 'r', 'o', 'm', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "roman-pavlik.cz", true */ 'r', 'o', 'm', 'a', 'n', '-', 'p', 'a', 'v', 'l', 'i', 'k', '.', 'c', 'z', '\0', + /* "romande-entretien.ch", true */ 'r', 'o', 'm', 'a', 'n', 'd', 'e', '-', 'e', 'n', 't', 'r', 'e', 't', 'i', 'e', 'n', '.', 'c', 'h', '\0', + /* "romanpavlodar.kz", true */ 'r', 'o', 'm', 'a', 'n', 'p', 'a', 'v', 'l', 'o', 'd', 'a', 'r', '.', 'k', 'z', '\0', + /* "romantelychko.com", true */ 'r', 'o', 'm', 'a', 'n', 't', 'e', 'l', 'y', 'c', 'h', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "romantic-quotes.co.uk", true */ 'r', 'o', 'm', 'a', 'n', 't', 'i', 'c', '-', 'q', 'u', 'o', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "romanticschemermovie.com", true */ 'r', 'o', 'm', 'a', 'n', 't', 'i', 'c', 's', 'c', 'h', 'e', 'm', 'e', 'r', 'm', 'o', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "romarin.es", true */ 'r', 'o', 'm', 'a', 'r', 'i', 'n', '.', 'e', 's', '\0', + /* "rome.dating", true */ 'r', 'o', 'm', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "rommelwood.de", true */ 'r', 'o', 'm', 'm', 'e', 'l', 'w', 'o', 'o', 'd', '.', 'd', 'e', '\0', + /* "rondommen.nl", true */ 'r', 'o', 'n', 'd', 'o', 'm', 'm', 'e', 'n', '.', 'n', 'l', '\0', + /* "rondouin.fr", true */ 'r', 'o', 'n', 'd', 'o', 'u', 'i', 'n', '.', 'f', 'r', '\0', + /* "rondreis-planner.nl", true */ 'r', 'o', 'n', 'd', 'r', 'e', 'i', 's', '-', 'p', 'l', 'a', 'n', 'n', 'e', 'r', '.', 'n', 'l', '\0', + /* "roninf.ch", true */ 'r', 'o', 'n', 'i', 'n', 'f', '.', 'c', 'h', '\0', + /* "ronomon.com", true */ 'r', 'o', 'n', 'o', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "roo.ie", true */ 'r', 'o', 'o', '.', 'i', 'e', '\0', + /* "roofingomaha.com", true */ 'r', 'o', 'o', 'f', 'i', 'n', 'g', 'o', 'm', 'a', 'h', 'a', '.', 'c', 'o', 'm', '\0', + /* "roofsandbasements.com", true */ 'r', 'o', 'o', 'f', 's', 'a', 'n', 'd', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "rool.me", true */ 'r', 'o', 'o', 'l', '.', 'm', 'e', '\0', + /* "room208.org", true */ 'r', 'o', 'o', 'm', '2', '0', '8', '.', 'o', 'r', 'g', '\0', + /* "room2d.com", true */ 'r', 'o', 'o', 'm', '2', 'd', '.', 'c', 'o', 'm', '\0', + /* "room3b.eu", true */ 'r', 'o', 'o', 'm', '3', 'b', '.', 'e', 'u', '\0', + /* "roombase.nl", true */ 'r', 'o', 'o', 'm', 'b', 'a', 's', 'e', '.', 'n', 'l', '\0', + /* "roomhub.jp", true */ 'r', 'o', 'o', 'm', 'h', 'u', 'b', '.', 'j', 'p', '\0', + /* "roomongo.com", true */ 'r', 'o', 'o', 'm', 'o', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "rooneytours.nl", true */ 'r', 'o', 'o', 'n', 'e', 'y', 't', 'o', 'u', 'r', 's', '.', 'n', 'l', '\0', + /* "roosabels.nl", false */ 'r', 'o', 'o', 's', 'a', 'b', 'e', 'l', 's', '.', 'n', 'l', '\0', + /* "roosteroriginals.com", true */ 'r', 'o', 'o', 's', 't', 'e', 'r', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "roosterpgplus.nl", true */ 'r', 'o', 'o', 's', 't', 'e', 'r', 'p', 'g', 'p', 'l', 'u', 's', '.', 'n', 'l', '\0', + /* "root.bg", true */ 'r', 'o', 'o', 't', '.', 'b', 'g', '\0', + /* "root.eu.org", true */ 'r', 'o', 'o', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "rootcamp.net", true */ 'r', 'o', 'o', 't', 'c', 'a', 'm', 'p', '.', 'n', 'e', 't', '\0', + /* "rootcommand.com", true */ 'r', 'o', 'o', 't', 'c', 'o', 'm', 'm', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "rootear.com", true */ 'r', 'o', 'o', 't', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "rootedlifemontessori.com", true */ 'r', 'o', 'o', 't', 'e', 'd', 'l', 'i', 'f', 'e', 'm', 'o', 'n', 't', 'e', 's', 's', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "rootlair.com", true */ 'r', 'o', 'o', 't', 'l', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "rootrelativity.com", true */ 'r', 'o', 'o', 't', 'r', 'e', 'l', 'a', 't', 'i', 'v', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "roots-example-project.com", true */ 'r', 'o', 'o', 't', 's', '-', 'e', 'x', 'a', 'm', 'p', 'l', 'e', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "roots.io", true */ 'r', 'o', 'o', 't', 's', '.', 'i', 'o', '\0', + /* "rootsandrain.com", true */ 'r', 'o', 'o', 't', 's', 'a', 'n', 'd', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "rootsbar.fr", true */ 'r', 'o', 'o', 't', 's', 'b', 'a', 'r', '.', 'f', 'r', '\0', + /* "rootscope.co.uk", true */ 'r', 'o', 'o', 't', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rootswitch.com", true */ 'r', 'o', 'o', 't', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "rootusers.com", true */ 'r', 'o', 'o', 't', 'u', 's', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "roryneville.com", true */ 'r', 'o', 'r', 'y', 'n', 'e', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "rosabellas.co.uk", true */ 'r', 'o', 's', 'a', 'b', 'e', 'l', 'l', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rosbass.ru", true */ 'r', 'o', 's', 'b', 'a', 's', 's', '.', 'r', 'u', '\0', + /* "rose-prism.org", true */ 'r', 'o', 's', 'e', '-', 'p', 'r', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0', + /* "rosehosting.reviews", true */ 'r', 'o', 's', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0', + /* "roseitsolutions.co.uk", true */ 'r', 'o', 's', 'e', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "roseitsolutions.uk", true */ 'r', 'o', 's', 'e', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'u', 'k', '\0', + /* "roseliere.ch", true */ 'r', 'o', 's', 'e', 'l', 'i', 'e', 'r', 'e', '.', 'c', 'h', '\0', + /* "roseliere.com", true */ 'r', 'o', 's', 'e', 'l', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "roseluna.com", true */ 'r', 'o', 's', 'e', 'l', 'u', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "rosemariefloydballet.com", true */ 'r', 'o', 's', 'e', 'm', 'a', 'r', 'i', 'e', 'f', 'l', 'o', 'y', 'd', 'b', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "rosenheimsingles.de", true */ 'r', 'o', 's', 'e', 'n', 'h', 'e', 'i', 'm', 's', 'i', 'n', 'g', 'l', 'e', 's', '.', 'd', 'e', '\0', + /* "rosenkeller.org", true */ 'r', 'o', 's', 'e', 'n', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "roseofyork.com", true */ 'r', 'o', 's', 'e', 'o', 'f', 'y', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "roseofyorkbooking.com", true */ 'r', 'o', 's', 'e', 'o', 'f', 'y', 'o', 'r', 'k', 'b', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "rosesciences.com", true */ 'r', 'o', 's', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "rosevillefacialplasticsurgery.com", true */ 'r', 'o', 's', 'e', 'v', 'i', 'l', 'l', 'e', 'f', 'a', 'c', 'i', 'a', 'l', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "rosewoodranch.com", true */ 'r', 'o', 's', 'e', 'w', 'o', 'o', 'd', 'r', 'a', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "rosi-royal.com", true */ 'r', 'o', 's', 'i', '-', 'r', 'o', 'y', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "roslynpad.net", true */ 'r', 'o', 's', 'l', 'y', 'n', 'p', 'a', 'd', '.', 'n', 'e', 't', '\0', + /* "rosset.me", true */ 'r', 'o', 's', 's', 'e', 't', '.', 'm', 'e', '\0', + /* "rosset.net", true */ 'r', 'o', 's', 's', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "rossiworld.com", true */ 'r', 'o', 's', 's', 'i', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "rosslug.org.uk", true */ 'r', 'o', 's', 's', 'l', 'u', 'g', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "rot47.net", true */ 'r', 'o', 't', '4', '7', '.', 'n', 'e', 't', '\0', + /* "roten.email", true */ 'r', 'o', 't', 'e', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0', + /* "rothkranz.net", true */ 'r', 'o', 't', 'h', 'k', 'r', 'a', 'n', 'z', '.', 'n', 'e', 't', '\0', + /* "rothnater.ch", true */ 'r', 'o', 't', 'h', 'n', 'a', 't', 'e', 'r', '.', 'c', 'h', '\0', + /* "rotol.me", true */ 'r', 'o', 't', 'o', 'l', '.', 'm', 'e', '\0', + /* "rottweil-hilft.de", true */ 'r', 'o', 't', 't', 'w', 'e', 'i', 'l', '-', 'h', 'i', 'l', 'f', 't', '.', 'd', 'e', '\0', + /* "rotunneling.net", true */ 'r', 'o', 't', 'u', 'n', 'n', 'e', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "rotzonline.com", true */ 'r', 'o', 't', 'z', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "rougechocolat.fr", true */ 'r', 'o', 'u', 'g', 'e', 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', '.', 'f', 'r', '\0', + /* "roughgrain.com", true */ 'r', 'o', 'u', 'g', 'h', 'g', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "roulinfo.ch", true */ 'r', 'o', 'u', 'l', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0', + /* "roulons-autrement.com", true */ 'r', 'o', 'u', 'l', 'o', 'n', 's', '-', 'a', 'u', 't', 'r', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "rounda.it", true */ 'r', 'o', 'u', 'n', 'd', 'a', '.', 'i', 't', '\0', + /* "roundcube.mayfirst.org", false */ 'r', 'o', 'u', 'n', 'd', 'c', 'u', 'b', 'e', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "roussos.cc", true */ 'r', 'o', 'u', 's', 's', 'o', 's', '.', 'c', 'c', '\0', + /* "rout0r.org", true */ 'r', 'o', 'u', 't', '0', 'r', '.', 'o', 'r', 'g', '\0', + /* "routeragency.com", true */ 'r', 'o', 'u', 't', 'e', 'r', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "routerclub.ru", true */ 'r', 'o', 'u', 't', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'r', 'u', '\0', + /* "routetracker.co", true */ 'r', 'o', 'u', 't', 'e', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', '\0', + /* "rove3d.com", true */ 'r', 'o', 'v', 'e', '3', 'd', '.', 'c', 'o', 'm', '\0', + /* "rowancasting.ie", true */ 'r', 'o', 'w', 'a', 'n', 'c', 'a', 's', 't', 'i', 'n', 'g', '.', 'i', 'e', '\0', + /* "rowankaag.nl", true */ 'r', 'o', 'w', 'a', 'n', 'k', 'a', 'a', 'g', '.', 'n', 'l', '\0', + /* "rowlog.com", true */ 'r', 'o', 'w', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "rows.io", true */ 'r', 'o', 'w', 's', '.', 'i', 'o', '\0', + /* "roxiesbouncycastlehire.co.uk", true */ 'r', 'o', 'x', 'i', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "roxtri.cz", true */ 'r', 'o', 'x', 't', 'r', 'i', '.', 'c', 'z', '\0', + /* "royal-mangal.ch", true */ 'r', 'o', 'y', 'a', 'l', '-', 'm', 'a', 'n', 'g', 'a', 'l', '.', 'c', 'h', '\0', + /* "royal-rangers.de", true */ 'r', 'o', 'y', 'a', 'l', '-', 'r', 'a', 'n', 'g', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "royalacademy.org.uk", true */ 'r', 'o', 'y', 'a', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "royalbluewa3.cc", true */ 'r', 'o', 'y', 'a', 'l', 'b', 'l', 'u', 'e', 'w', 'a', '3', '.', 'c', 'c', '\0', + /* "royalcitytaxi.ca", true */ 'r', 'o', 'y', 'a', 'l', 'c', 'i', 't', 'y', 't', 'a', 'x', 'i', '.', 'c', 'a', '\0', + /* "royalcitytaxi.com", true */ 'r', 'o', 'y', 'a', 'l', 'c', 'i', 't', 'y', 't', 'a', 'x', 'i', '.', 'c', 'o', 'm', '\0', + /* "royalmarinesassociation.org.uk", true */ 'r', 'o', 'y', 'a', 'l', 'm', 'a', 'r', 'i', 'n', 'e', 's', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "royalnissanparts.com", true */ 'r', 'o', 'y', 'a', 'l', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "royalpalacenogent.fr", true */ 'r', 'o', 'y', 'a', 'l', 'p', 'a', 'l', 'a', 'c', 'e', 'n', 'o', 'g', 'e', 'n', 't', '.', 'f', 'r', '\0', + /* "royalrangers.fi", true */ 'r', 'o', 'y', 'a', 'l', 'r', 'a', 'n', 'g', 'e', 'r', 's', '.', 'f', 'i', '\0', + /* "royalty-market.com", true */ 'r', 'o', 'y', 'a', 'l', 't', 'y', '-', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "royalvisiongroup.com", true */ 'r', 'o', 'y', 'a', 'l', 'v', 'i', 's', 'i', 'o', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "rozhodce.cz", true */ 'r', 'o', 'z', 'h', 'o', 'd', 'c', 'e', '.', 'c', 'z', '\0', + /* "rpadovani.com", true */ 'r', 'p', 'a', 'd', 'o', 'v', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "rpgmaker.es", true */ 'r', 'p', 'g', 'm', 'a', 'k', 'e', 'r', '.', 'e', 's', '\0', + /* "rpherbig.com", true */ 'r', 'p', 'h', 'e', 'r', 'b', 'i', 'g', '.', 'c', 'o', 'm', '\0', + /* "rpine.net", true */ 'r', 'p', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "rpy.xyz", true */ 'r', 'p', 'y', '.', 'x', 'y', 'z', '\0', + /* "rq-labo.jp", true */ 'r', 'q', '-', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0', + /* "rr105.de", true */ 'r', 'r', '1', '0', '5', '.', 'd', 'e', '\0', + /* "rraesthetics.com", true */ 'r', 'r', 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "rrdesignsuisse.com", true */ 'r', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', 'u', 'i', 's', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "rrg-partner.ch", true */ 'r', 'r', 'g', '-', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'c', 'h', '\0', + /* "rring.me", true */ 'r', 'r', 'i', 'n', 'g', '.', 'm', 'e', '\0', + /* "rro.rs", true */ 'r', 'r', 'o', '.', 'r', 's', '\0', + /* "rrom.me", true */ 'r', 'r', 'o', 'm', '.', 'm', 'e', '\0', + /* "rrudnik.com", true */ 'r', 'r', 'u', 'd', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "rrwolfe.com", true */ 'r', 'r', 'w', 'o', 'l', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "rsap.ca", true */ 'r', 's', 'a', 'p', '.', 'c', 'a', '\0', + /* "rsauget.fr", true */ 'r', 's', 'a', 'u', 'g', 'e', 't', '.', 'f', 'r', '\0', + /* "rsgcard.com", true */ 'r', 's', 'g', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "rsi.im", false */ 'r', 's', 'i', '.', 'i', 'm', '\0', + /* "rsingermd.com", true */ 'r', 's', 'i', 'n', 'g', 'e', 'r', 'm', 'd', '.', 'c', 'o', 'm', '\0', + /* "rskuipers.com", true */ 'r', 's', 'k', 'u', 'i', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "rsl.gd", true */ 'r', 's', 'l', '.', 'g', 'd', '\0', + /* "rsm-intern.de", true */ 'r', 's', 'm', '-', 'i', 'n', 't', 'e', 'r', 'n', '.', 'd', 'e', '\0', + /* "rsm-liga.de", true */ 'r', 's', 'm', '-', 'l', 'i', 'g', 'a', '.', 'd', 'e', '\0', + /* "rss.sh", false */ 'r', 's', 's', '.', 's', 'h', '\0', + /* "rssr.se", true */ 'r', 's', 's', 'r', '.', 's', 'e', '\0', + /* "rstraining.co.uk", true */ 'r', 's', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rstsecuritygroup.co.uk", true */ 'r', 's', 't', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rsttraining.co.uk", true */ 'r', 's', 't', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rsvaachen.de", true */ 'r', 's', 'v', 'a', 'a', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "rsync.eu", false */ 'r', 's', 'y', 'n', 'c', '.', 'e', 'u', '\0', + /* "rtate.ca", true */ 'r', 't', 'a', 't', 'e', '.', 'c', 'a', '\0', + /* "rtate.se", true */ 'r', 't', 'a', 't', 'e', '.', 's', 'e', '\0', + /* "rtcx.net", true */ 'r', 't', 'c', 'x', '.', 'n', 'e', 't', '\0', + /* "rtd.uk.com", true */ 'r', 't', 'd', '.', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "rte.eu", true */ 'r', 't', 'e', '.', 'e', 'u', '\0', + /* "rte2fm.ie", true */ 'r', 't', 'e', '2', 'f', 'm', '.', 'i', 'e', '\0', + /* "rteaertel.ie", true */ 'r', 't', 'e', 'a', 'e', 'r', 't', 'e', 'l', '.', 'i', 'e', '\0', + /* "rtechservices.io", true */ 'r', 't', 'e', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'i', 'o', '\0', + /* "rteinternational.ie", true */ 'r', 't', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'i', 'e', '\0', + /* "rtejr.ie", true */ 'r', 't', 'e', 'j', 'r', '.', 'i', 'e', '\0', + /* "rtek.se", true */ 'r', 't', 'e', 'k', '.', 's', 'e', '\0', + /* "rtenews.eu", true */ 'r', 't', 'e', 'n', 'e', 'w', 's', '.', 'e', 'u', '\0', + /* "rteone.ie", true */ 'r', 't', 'e', 'o', 'n', 'e', '.', 'i', 'e', '\0', + /* "rteplayer.com", true */ 'r', 't', 'e', 'p', 'l', 'a', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "rtesport.eu", true */ 'r', 't', 'e', 's', 'p', 'o', 'r', 't', '.', 'e', 'u', '\0', + /* "rtfpessoa.xyz", true */ 'r', 't', 'f', 'p', 'e', 's', 's', 'o', 'a', '.', 'x', 'y', 'z', '\0', + /* "rtho.me", true */ 'r', 't', 'h', 'o', '.', 'm', 'e', '\0', + /* "rtrinflatables.co.uk", true */ 'r', 't', 'r', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rtsr.ch", true */ 'r', 't', 's', 'r', '.', 'c', 'h', '\0', + /* "rtvi.com", true */ 'r', 't', 'v', 'i', '.', 'c', 'o', 'm', '\0', + /* "rtwcourse.com", true */ 'r', 't', 'w', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "ru-sprachstudio.ch", true */ 'r', 'u', '-', 's', 'p', 'r', 'a', 'c', 'h', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'h', '\0', + /* "ru.search.yahoo.com", false */ 'r', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "ruanmi.de", true */ 'r', 'u', 'a', 'n', 'm', 'i', '.', 'd', 'e', '\0', + /* "rubberfurs.org", true */ 'r', 'u', 'b', 'b', 'e', 'r', 'f', 'u', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "rubberlegscastles.co.uk", true */ 'r', 'u', 'b', 'b', 'e', 'r', 'l', 'e', 'g', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rubbermaidoutlet.com", true */ 'r', 'u', 'b', 'b', 'e', 'r', 'm', 'a', 'i', 'd', 'o', 'u', 't', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "rubbix.net", true */ 'r', 'u', 'b', 'b', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "rubbleremovalsbenoni.co.za", true */ 'r', 'u', 'b', 'b', 'l', 'e', 'r', 'e', 'm', 'o', 'v', 'a', 'l', 's', 'b', 'e', 'n', 'o', 'n', 'i', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "ruben.am", true */ 'r', 'u', 'b', 'e', 'n', '.', 'a', 'm', '\0', + /* "rubenbarbero.com", true */ 'r', 'u', 'b', 'e', 'n', 'b', 'a', 'r', 'b', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "rubenkruisselbrink.nl", true */ 'r', 'u', 'b', 'e', 'n', 'k', 'r', 'u', 'i', 's', 's', 'e', 'l', 'b', 'r', 'i', 'n', 'k', '.', 'n', 'l', '\0', + /* "rublacklist.net", true */ 'r', 'u', 'b', 'l', 'a', 'c', 'k', 'l', 'i', 's', 't', '.', 'n', 'e', 't', '\0', + /* "ruby-auf-schienen.de", true */ 'r', 'u', 'b', 'y', '-', 'a', 'u', 'f', '-', 's', 'c', 'h', 'i', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0', + /* "rubyist.today", true */ 'r', 'u', 'b', 'y', 'i', 's', 't', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "rubymartin.com.au", true */ 'r', 'u', 'b', 'y', 'm', 'a', 'r', 't', 'i', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "rubyquincunx.com", true */ 'r', 'u', 'b', 'y', 'q', 'u', 'i', 'n', 'c', 'u', 'n', 'x', '.', 'c', 'o', 'm', '\0', + /* "rubyquincunx.org", true */ 'r', 'u', 'b', 'y', 'q', 'u', 'i', 'n', 'c', 'u', 'n', 'x', '.', 'o', 'r', 'g', '\0', + /* "rubytune.com", true */ 'r', 'u', 'b', 'y', 't', 'u', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "rucnerobene.eu", true */ 'r', 'u', 'c', 'n', 'e', 'r', 'o', 'b', 'e', 'n', 'e', '.', 'e', 'u', '\0', + /* "ruconsole.com", true */ 'r', 'u', 'c', 'o', 'n', 's', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "rud.is", true */ 'r', 'u', 'd', '.', 'i', 's', '\0', + /* "rudd-o.com", true */ 'r', 'u', 'd', 'd', '-', 'o', '.', 'c', 'o', 'm', '\0', + /* "rudelune.fr", true */ 'r', 'u', 'd', 'e', 'l', 'u', 'n', 'e', '.', 'f', 'r', '\0', + /* "ruderverein-gelsenkirchen.de", true */ 'r', 'u', 'd', 'e', 'r', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'g', 'e', 'l', 's', 'e', 'n', 'k', 'i', 'r', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "rudloff.pro", false */ 'r', 'u', 'd', 'l', 'o', 'f', 'f', '.', 'p', 'r', 'o', '\0', + /* "rudolph.life", true */ 'r', 'u', 'd', 'o', 'l', 'p', 'h', '.', 'l', 'i', 'f', 'e', '\0', + /* "rudolphmarketing.com", true */ 'r', 'u', 'd', 'o', 'l', 'p', 'h', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "rudrastyh.com", true */ 'r', 'u', 'd', 'r', 'a', 's', 't', 'y', 'h', '.', 'c', 'o', 'm', '\0', + /* "ruedirrenggli.ch", true */ 'r', 'u', 'e', 'd', 'i', 'r', 'r', 'e', 'n', 'g', 'g', 'l', 'i', '.', 'c', 'h', '\0', + /* "rueg.eu", true */ 'r', 'u', 'e', 'g', '.', 'e', 'u', '\0', + /* "ruerte.net", true */ 'r', 'u', 'e', 'r', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "rufabula-com.appspot.com", true */ 'r', 'u', 'f', 'a', 'b', 'u', 'l', 'a', '-', 'c', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "ruffbeatz.com", true */ 'r', 'u', 'f', 'f', 'b', 'e', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "rugby.video", true */ 'r', 'u', 'g', 'b', 'y', '.', 'v', 'i', 'd', 'e', 'o', '\0', + /* "rugk.dedyn.io", true */ 'r', 'u', 'g', 'k', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0', + /* "ruh-veit.de", true */ 'r', 'u', 'h', '-', 'v', 'e', 'i', 't', '.', 'd', 'e', '\0', + /* "ruhrmobil-e.de", true */ 'r', 'u', 'h', 'r', 'm', 'o', 'b', 'i', 'l', '-', 'e', '.', 'd', 'e', '\0', + /* "ruhrnalist.de", true */ 'r', 'u', 'h', 'r', 'n', 'a', 'l', 'i', 's', 't', '.', 'd', 'e', '\0', + /* "ruht.ro", true */ 'r', 'u', 'h', 't', '.', 'r', 'o', '\0', + /* "ruigomes.me", true */ 'r', 'u', 'i', 'g', 'o', 'm', 'e', 's', '.', 'm', 'e', '\0', + /* "ruiming.me", false */ 'r', 'u', 'i', 'm', 'i', 'n', 'g', '.', 'm', 'e', '\0', + /* "ruja.dk", true */ 'r', 'u', 'j', 'a', '.', 'd', 'k', '\0', + /* "ruk.ca", true */ 'r', 'u', 'k', '.', 'c', 'a', '\0', + /* "rukhaiyar.com", true */ 'r', 'u', 'k', 'h', 'a', 'i', 'y', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "rullzer.com", true */ 'r', 'u', 'l', 'l', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "rulu.co", true */ 'r', 'u', 'l', 'u', '.', 'c', 'o', '\0', + /* "rulu.tv", true */ 'r', 'u', 'l', 'u', '.', 't', 'v', '\0', + /* "rulutv.com", true */ 'r', 'u', 'l', 'u', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "rumlager.de", true */ 'r', 'u', 'm', 'l', 'a', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "rummel-platz.de", true */ 'r', 'u', 'm', 'm', 'e', 'l', '-', 'p', 'l', 'a', 't', 'z', '.', 'd', 'e', '\0', + /* "rumplesinflatables.co.uk", true */ 'r', 'u', 'm', 'p', 'l', 'e', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rumtaste.com", true */ 'r', 'u', 'm', 't', 'a', 's', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "rumtaste.de", true */ 'r', 'u', 'm', 't', 'a', 's', 't', 'e', '.', 'd', 'e', '\0', + /* "run-forrest.run", true */ 'r', 'u', 'n', '-', 'f', 'o', 'r', 'r', 'e', 's', 't', '.', 'r', 'u', 'n', '\0', + /* "runagain.ch", true */ 'r', 'u', 'n', 'a', 'g', 'a', 'i', 'n', '.', 'c', 'h', '\0', + /* "runebet.com", true */ 'r', 'u', 'n', 'e', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "runklesecurity.com", true */ 'r', 'u', 'n', 'k', 'l', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "runnergrapher.com", true */ 'r', 'u', 'n', 'n', 'e', 'r', 'g', 'r', 'a', 'p', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "runreport.fr", true */ 'r', 'u', 'n', 'r', 'e', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0', + /* "runschrauger.com", true */ 'r', 'u', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "runvs.io", true */ 'r', 'u', 'n', 'v', 's', '.', 'i', 'o', '\0', + /* "ruobiyi.com", true */ 'r', 'u', 'o', 'b', 'i', 'y', 'i', '.', 'c', 'o', 'm', '\0', + /* "ruri.io", true */ 'r', 'u', 'r', 'i', '.', 'i', 'o', '\0', + /* "rus-trip.ru", true */ 'r', 'u', 's', '-', 't', 'r', 'i', 'p', '.', 'r', 'u', '\0', + /* "rusempire.ru", true */ 'r', 'u', 's', 'e', 'm', 'p', 'i', 'r', 'e', '.', 'r', 'u', '\0', + /* "rushball.net", true */ 'r', 'u', 's', 'h', 'b', 'a', 'l', 'l', '.', 'n', 'e', 't', '\0', + /* "rushiiworks.com", true */ 'r', 'u', 's', 'h', 'i', 'i', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "rushpoppershop.co.uk", true */ 'r', 'u', 's', 'h', 'p', 'o', 'p', 'p', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "rusi-ns.ca", true */ 'r', 'u', 's', 'i', '-', 'n', 's', '.', 'c', 'a', '\0', + /* "ruskod.net", true */ 'r', 'u', 's', 'k', 'o', 'd', '.', 'n', 'e', 't', '\0', + /* "rusl.net", true */ 'r', 'u', 's', 'l', '.', 'n', 'e', 't', '\0', + /* "russellandbrowns.co.uk", true */ 'r', 'u', 's', 's', 'e', 'l', 'l', 'a', 'n', 'd', 'b', 'r', 'o', 'w', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "russellupevents.co.uk", true */ 'r', 'u', 's', 's', 'e', 'l', 'l', 'u', 'p', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "russia.dating", true */ 'r', 'u', 's', 's', 'i', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "russianorthodoxchurch.co.uk", true */ 'r', 'u', 's', 's', 'i', 'a', 'n', 'o', 'r', 't', 'h', 'o', 'd', 'o', 'x', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "russt.me", true */ 'r', 'u', 's', 's', 't', '.', 'm', 'e', '\0', + /* "rust.mn", true */ 'r', 'u', 's', 't', '.', 'm', 'n', '\0', + /* "rustable.com", true */ 'r', 'u', 's', 't', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "rustbyexample.com", true */ 'r', 'u', 's', 't', 'b', 'y', 'e', 'x', 'a', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "rustyrambles.com", true */ 'r', 'u', 's', 't', 'y', 'r', 'a', 'm', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "rusxakep.com", true */ 'r', 'u', 's', 'x', 'a', 'k', 'e', 'p', '.', 'c', 'o', 'm', '\0', + /* "rutgerschimmel.nl", true */ 'r', 'u', 't', 'g', 'e', 'r', 's', 'c', 'h', 'i', 'm', 'm', 'e', 'l', '.', 'n', 'l', '\0', + /* "rutiger.com", true */ 'r', 'u', 't', 'i', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ruurdboomsma.nl", true */ 'r', 'u', 'u', 'r', 'd', 'b', 'o', 'o', 'm', 's', 'm', 'a', '.', 'n', 'l', '\0', + /* "ruwhof.net", true */ 'r', 'u', 'w', 'h', 'o', 'f', '.', 'n', 'e', 't', '\0', + /* "rv-jpshop.com", true */ 'r', 'v', '-', 'j', 'p', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "rva-asbestgroep.nl", true */ 'r', 'v', 'a', '-', 'a', 's', 'b', 'e', 's', 't', 'g', 'r', 'o', 'e', 'p', '.', 'n', 'l', '\0', + /* "rvg.zone", true */ 'r', 'v', 'g', '.', 'z', 'o', 'n', 'e', '\0', + /* "rvnoel.net", true */ 'r', 'v', 'n', 'o', 'e', 'l', '.', 'n', 'e', 't', '\0', + /* "rvolve.net", true */ 'r', 'v', 'o', 'l', 'v', 'e', '.', 'n', 'e', 't', '\0', + /* "rvsa2bevestigingen.nl", true */ 'r', 'v', 's', 'a', '2', 'b', 'e', 'v', 'e', 's', 't', 'i', 'g', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "rvsa4bevestigingen.nl", true */ 'r', 'v', 's', 'a', '4', 'b', 'e', 'v', 'e', 's', 't', 'i', 'g', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "rvsbevestigingen.nl", true */ 'r', 'v', 's', 'b', 'e', 'v', 'e', 's', 't', 'i', 'g', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "rw.search.yahoo.com", false */ 'r', 'w', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "rwanderlust.com", false */ 'r', 'w', 'a', 'n', 'd', 'e', 'r', 'l', 'u', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "rwky.net", true */ 'r', 'w', 'k', 'y', '.', 'n', 'e', 't', '\0', + /* "rws-vertriebsportal.de", true */ 'r', 'w', 's', '-', 'v', 'e', 'r', 't', 'r', 'i', 'e', 'b', 's', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0', + /* "rx-contact.com", false */ 'r', 'x', '-', 'c', 'o', 'n', 't', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "rxbn.de", true */ 'r', 'x', 'b', 'n', '.', 'd', 'e', '\0', + /* "rxbusiness.com", true */ 'r', 'x', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "rxcheck.com", true */ 'r', 'x', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "ryan-goldstein.com", true */ 'r', 'y', 'a', 'n', '-', 'g', 'o', 'l', 'd', 's', 't', 'e', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "ryanbritton.com", true */ 'r', 'y', 'a', 'n', 'b', 'r', 'i', 't', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "ryanhowell.io", true */ 'r', 'y', 'a', 'n', 'h', 'o', 'w', 'e', 'l', 'l', '.', 'i', 'o', '\0', + /* "ryankearney.com", false */ 'r', 'y', 'a', 'n', 'k', 'e', 'a', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "ryanmcdonough.co.uk", true */ 'r', 'y', 'a', 'n', 'm', 'c', 'd', 'o', 'n', 'o', 'u', 'g', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ryazan-region.ru", true */ 'r', 'y', 'a', 'z', 'a', 'n', '-', 'r', 'e', 'g', 'i', 'o', 'n', '.', 'r', 'u', '\0', + /* "rybox.info", true */ 'r', 'y', 'b', 'o', 'x', '.', 'i', 'n', 'f', 'o', '\0', + /* "rychlikoderi.cz", true */ 'r', 'y', 'c', 'h', 'l', 'i', 'k', 'o', 'd', 'e', 'r', 'i', '.', 'c', 'z', '\0', + /* "ryejuice.sytes.net", true */ 'r', 'y', 'e', 'j', 'u', 'i', 'c', 'e', '.', 's', 'y', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "rylore.com", true */ 'r', 'y', 'l', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "rynekpierwotny.pl", true */ 'r', 'y', 'n', 'e', 'k', 'p', 'i', 'e', 'r', 'w', 'o', 't', 'n', 'y', '.', 'p', 'l', '\0', + /* "rythgs.co", false */ 'r', 'y', 't', 'h', 'g', 's', '.', 'c', 'o', '\0', + /* "ryu22e.org", true */ 'r', 'y', 'u', '2', '2', 'e', '.', 'o', 'r', 'g', '\0', + /* "ryuu.es", true */ 'r', 'y', 'u', 'u', '.', 'e', 's', '\0', + /* "ryzhov.me", true */ 'r', 'y', 'z', 'h', 'o', 'v', '.', 'm', 'e', '\0', + /* "rzentarzewski.net", true */ 'r', 'z', 'e', 'n', 't', 'a', 'r', 'z', 'e', 'w', 's', 'k', 'i', '.', 'n', 'e', 't', '\0', + /* "s-c.se", true */ 's', '-', 'c', '.', 's', 'e', '\0', + /* "s-cubed.net", true */ 's', '-', 'c', 'u', 'b', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "s-ip-media.de", true */ 's', '-', 'i', 'p', '-', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0', + /* "s-mainte.com", true */ 's', '-', 'm', 'a', 'i', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "s-mdb.com", true */ 's', '-', 'm', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "s-on.li", true */ 's', '-', 'o', 'n', '.', 'l', 'i', '\0', + /* "s007.co", true */ 's', '0', '0', '7', '.', 'c', 'o', '\0', + /* "s13d.fr", true */ 's', '1', '3', 'd', '.', 'f', 'r', '\0', + /* "s16e.no", true */ 's', '1', '6', 'e', '.', 'n', 'o', '\0', + /* "s2member.com", true */ 's', '2', 'm', 'e', 'm', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "s3cur3.it", true */ 's', '3', 'c', 'u', 'r', '3', '.', 'i', 't', '\0', + /* "s3gfault.com", true */ 's', '3', 'g', 'f', 'a', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "s404.de", true */ 's', '4', '0', '4', '.', 'd', 'e', '\0', + /* "s4db.net", true */ 's', '4', 'd', 'b', '.', 'n', 'e', 't', '\0', + /* "s4tips.com", true */ 's', '4', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "s4ur0n.com", true */ 's', '4', 'u', 'r', '0', 'n', '.', 'c', 'o', 'm', '\0', + /* "s8a.us", true */ 's', '8', 'a', '.', 'u', 's', '\0', + /* "s95.de", true */ 's', '9', '5', '.', 'd', 'e', '\0', + /* "sa-blog.net", true */ 's', 'a', '-', 'b', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0', + /* "sa-mp.ro", true */ 's', 'a', '-', 'm', 'p', '.', 'r', 'o', '\0', + /* "saabpartsdistribution.com", true */ 's', 'a', 'a', 'b', 'p', 'a', 'r', 't', 's', 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "saamhorigheidsfonds.nl", false */ 's', 'a', 'a', 'm', 'h', 'o', 'r', 'i', 'g', 'h', 'e', 'i', 'd', 's', 'f', 'o', 'n', 'd', 's', '.', 'n', 'l', '\0', + /* "saba-piserver.info", true */ 's', 'a', 'b', 'a', '-', 'p', 'i', 's', 'e', 'r', 'v', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "sabahattin-gucukoglu.com", true */ 's', 'a', 'b', 'a', 'h', 'a', 't', 't', 'i', 'n', '-', 'g', 'u', 'c', 'u', 'k', 'o', 'g', 'l', 'u', '.', 'c', 'o', 'm', '\0', + /* "sabatek.pl", true */ 's', 'a', 'b', 'a', 't', 'e', 'k', '.', 'p', 'l', '\0', + /* "sabrinajoiasprontaentrega.com.br", true */ 's', 'a', 'b', 'r', 'i', 'n', 'a', 'j', 'o', 'i', 'a', 's', 'p', 'r', 'o', 'n', 't', 'a', 'e', 'n', 't', 'r', 'e', 'g', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sacaentradas.com", true */ 's', 'a', 'c', 'a', 'e', 'n', 't', 'r', 'a', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "saccani.net", true */ 's', 'a', 'c', 'c', 'a', 'n', 'i', '.', 'n', 'e', 't', '\0', + /* "sackers.com", true */ 's', 'a', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "sackmesser.ch", true */ 's', 'a', 'c', 'k', 'm', 'e', 's', 's', 'e', 'r', '.', 'c', 'h', '\0', + /* "saclier.at", true */ 's', 'a', 'c', 'l', 'i', 'e', 'r', '.', 'a', 't', '\0', + /* "saco-ceso.com", true */ 's', 'a', 'c', 'o', '-', 'c', 'e', 's', 'o', '.', 'c', 'o', 'm', '\0', + /* "sacred-knights.net", true */ 's', 'a', 'c', 'r', 'e', 'd', '-', 'k', 'n', 'i', 'g', 'h', 't', 's', '.', 'n', 'e', 't', '\0', + /* "sadbox.es", true */ 's', 'a', 'd', 'b', 'o', 'x', '.', 'e', 's', '\0', + /* "sadbox.org", true */ 's', 'a', 'd', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0', + /* "sadhawkict.org", true */ 's', 'a', 'd', 'h', 'a', 'w', 'k', 'i', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "sadmansh.com", true */ 's', 'a', 'd', 'm', 'a', 'n', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "saengsook.com", true */ 's', 'a', 'e', 'n', 'g', 's', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "saengsuk.com", true */ 's', 'a', 'e', 'n', 'g', 's', 'u', 'k', '.', 'c', 'o', 'm', '\0', + /* "safar.sk", true */ 's', 'a', 'f', 'a', 'r', '.', 's', 'k', '\0', + /* "safcstore.com", true */ 's', 'a', 'f', 'c', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "safe.moe", true */ 's', 'a', 'f', 'e', '.', 'm', 'o', 'e', '\0', + /* "safe.space", true */ 's', 'a', 'f', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "safebasements.com", true */ 's', 'a', 'f', 'e', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "safebasementsnorthdakota.com", true */ 's', 'a', 'f', 'e', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', 'n', 'o', 'r', 't', 'h', 'd', 'a', 'k', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "safebuyerscheme.co.uk", true */ 's', 'a', 'f', 'e', 'b', 'u', 'y', 'e', 'r', 's', 'c', 'h', 'e', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "safecar.gov", false */ 's', 'a', 'f', 'e', 'c', 'a', 'r', '.', 'g', 'o', 'v', '\0', + /* "safedevice.net", true */ 's', 'a', 'f', 'e', 'd', 'e', 'v', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "safegold.ca", true */ 's', 'a', 'f', 'e', 'g', 'o', 'l', 'd', '.', 'c', 'a', '\0', + /* "safegroup.pl", true */ 's', 'a', 'f', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'p', 'l', '\0', + /* "safeinfra.nl", true */ 's', 'a', 'f', 'e', 'i', 'n', 'f', 'r', 'a', '.', 'n', 'l', '\0', + /* "safeme.ga", true */ 's', 'a', 'f', 'e', 'm', 'e', '.', 'g', 'a', '\0', + /* "safer-networking.org", true */ 's', 'a', 'f', 'e', 'r', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "saferchildren.eu", false */ 's', 'a', 'f', 'e', 'r', 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', '.', 'e', 'u', '\0', + /* "saferedirect.link", true */ 's', 'a', 'f', 'e', 'r', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 'l', 'i', 'n', 'k', '\0', + /* "saferpost.com", true */ 's', 'a', 'f', 'e', 'r', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "safescan.com", true */ 's', 'a', 'f', 'e', 's', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "safesecret.info", true */ 's', 'a', 'f', 'e', 's', 'e', 'c', 'r', 'e', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "safetext.me", true */ 's', 'a', 'f', 'e', 't', 'e', 'x', 't', '.', 'm', 'e', '\0', + /* "safetycloud.me", true */ 's', 'a', 'f', 'e', 't', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'm', 'e', '\0', + /* "safezone.cc", true */ 's', 'a', 'f', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'c', '\0', + /* "safire.ac.za", true */ 's', 'a', 'f', 'i', 'r', 'e', '.', 'a', 'c', '.', 'z', 'a', '\0', + /* "sagedocumentmanager.com", true */ 's', 'a', 'g', 'e', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sagemontchurch.org", true */ 's', 'a', 'g', 'e', 'm', 'o', 'n', 't', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "sagerus.com", true */ 's', 'a', 'g', 'e', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "sagsmarseille.com", true */ 's', 'a', 'g', 's', 'm', 'a', 'r', 's', 'e', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "sahar.io", true */ 's', 'a', 'h', 'a', 'r', '.', 'i', 'o', '\0', + /* "sahb.dk", true */ 's', 'a', 'h', 'b', '.', 'd', 'k', '\0', + /* "sahkotyot.eu", true */ 's', 'a', 'h', 'k', 'o', 't', 'y', 'o', 't', '.', 'e', 'u', '\0', + /* "said.id", true */ 's', 'a', 'i', 'd', '.', 'i', 'd', '\0', + /* "said.my.id", true */ 's', 'a', 'i', 'd', '.', 'm', 'y', '.', 'i', 'd', '\0', + /* "saier.me", true */ 's', 'a', 'i', 'e', 'r', '.', 'm', 'e', '\0', + /* "saifoundation.in", true */ 's', 'a', 'i', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'i', 'n', '\0', + /* "saigonflowers.com", true */ 's', 'a', 'i', 'g', 'o', 'n', 'f', 'l', 'o', 'w', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "saikarra.com", true */ 's', 'a', 'i', 'k', 'a', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "saikou.moe", true */ 's', 'a', 'i', 'k', 'o', 'u', '.', 'm', 'o', 'e', '\0', + /* "saikouji.tokushima.jp", true */ 's', 'a', 'i', 'k', 'o', 'u', 'j', 'i', '.', 't', 'o', 'k', 'u', 's', 'h', 'i', 'm', 'a', '.', 'j', 'p', '\0', + /* "sailormoonevents.org", false */ 's', 'a', 'i', 'l', 'o', 'r', 'm', 'o', 'o', 'n', 'e', 'v', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "saimoe.moe", true */ 's', 'a', 'i', 'm', 'o', 'e', '.', 'm', 'o', 'e', '\0', + /* "saimoe.org", true */ 's', 'a', 'i', 'm', 'o', 'e', '.', 'o', 'r', 'g', '\0', + /* "sainetworks.net", true */ 's', 'a', 'i', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0', + /* "saintaardvarkthecarpeted.com", true */ 's', 'a', 'i', 'n', 't', 'a', 'a', 'r', 'd', 'v', 'a', 'r', 'k', 't', 'h', 'e', 'c', 'a', 'r', 'p', 'e', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "saintanthonyscorner.com", true */ 's', 'a', 'i', 'n', 't', 'a', 'n', 't', 'h', 'o', 'n', 'y', 's', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sainth.de", true */ 's', 'a', 'i', 'n', 't', 'h', '.', 'd', 'e', '\0', + /* "saintsrobotics.com", true */ 's', 'a', 'i', 'n', 't', 's', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "saipariwar.com", true */ 's', 'a', 'i', 'p', 'a', 'r', 'i', 'w', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "saiputra.com", true */ 's', 'a', 'i', 'p', 'u', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "saitrance.com", true */ 's', 'a', 'i', 't', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "saiyasu-search.com", true */ 's', 'a', 'i', 'y', 'a', 's', 'u', '-', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "sakostacloud.de", true */ 's', 'a', 'k', 'o', 's', 't', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "sakuraflores.com.br", true */ 's', 'a', 'k', 'u', 'r', 'a', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "salaervergleich.com", true */ 's', 'a', 'l', 'a', 'e', 'r', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "salde.net", true */ 's', 'a', 'l', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "sale4ru.ru", true */ 's', 'a', 'l', 'e', '4', 'r', 'u', '.', 'r', 'u', '\0', + /* "saleaks.org", true */ 's', 'a', 'l', 'e', 'a', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "salearnership.co.za", true */ 's', 'a', 'l', 'e', 'a', 'r', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "salensmotors-usedcars.be", true */ 's', 'a', 'l', 'e', 'n', 's', 'm', 'o', 't', 'o', 'r', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "salesflare.com", true */ 's', 'a', 'l', 'e', 's', 'f', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "salesmachine.io", true */ 's', 'a', 'l', 'e', 's', 'm', 'a', 'c', 'h', 'i', 'n', 'e', '.', 'i', 'o', '\0', + /* "salishseawhalewatching.ca", true */ 's', 'a', 'l', 'i', 's', 'h', 's', 'e', 'a', 'w', 'h', 'a', 'l', 'e', 'w', 'a', 't', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'a', '\0', + /* "salixcode.com", true */ 's', 'a', 'l', 'i', 'x', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "salle-quali.fr", true */ 's', 'a', 'l', 'l', 'e', '-', 'q', 'u', 'a', 'l', 'i', '.', 'f', 'r', '\0', + /* "sallydowns.name", true */ 's', 'a', 'l', 'l', 'y', 'd', 'o', 'w', 'n', 's', '.', 'n', 'a', 'm', 'e', '\0', + /* "salmo23.com.br", true */ 's', 'a', 'l', 'm', 'o', '2', '3', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "salmododia.net", true */ 's', 'a', 'l', 'm', 'o', 'd', 'o', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "salmonella.co.uk", true */ 's', 'a', 'l', 'm', 'o', 'n', 'e', 'l', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "salmonrecovery.gov", true */ 's', 'a', 'l', 'm', 'o', 'n', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'g', 'o', 'v', '\0', + /* "salmonvision.com.tw", true */ 's', 'a', 'l', 'm', 'o', 'n', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "salmos91.com", true */ 's', 'a', 'l', 'm', 'o', 's', '9', '1', '.', 'c', 'o', 'm', '\0', + /* "salmotierra-salvatierra.com", true */ 's', 'a', 'l', 'm', 'o', 't', 'i', 'e', 'r', 'r', 'a', '-', 's', 'a', 'l', 'v', 'a', 't', 'i', 'e', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "salon-claudia.ch", true */ 's', 'a', 'l', 'o', 'n', '-', 'c', 'l', 'a', 'u', 'd', 'i', 'a', '.', 'c', 'h', '\0', + /* "salon-minipli.de", true */ 's', 'a', 'l', 'o', 'n', '-', 'm', 'i', 'n', 'i', 'p', 'l', 'i', '.', 'd', 'e', '\0', + /* "salon.io", false */ 's', 'a', 'l', 'o', 'n', '.', 'i', 'o', '\0', + /* "salonestella.it", true */ 's', 'a', 'l', 'o', 'n', 'e', 's', 't', 'e', 'l', 'l', 'a', '.', 'i', 't', '\0', + /* "salonsantebienetre.ch", true */ 's', 'a', 'l', 'o', 'n', 's', 'a', 'n', 't', 'e', 'b', 'i', 'e', 'n', 'e', 't', 'r', 'e', '.', 'c', 'h', '\0', + /* "salsa-straubing.de", true */ 's', 'a', 'l', 's', 'a', '-', 's', 't', 'r', 'a', 'u', 'b', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "saltbythesea.com", true */ 's', 'a', 'l', 't', 'b', 'y', 't', 'h', 'e', 's', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "saltercane.com", false */ 's', 'a', 'l', 't', 'e', 'r', 'c', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "saltro.nl", true */ 's', 'a', 'l', 't', 'r', 'o', '.', 'n', 'l', '\0', + /* "saltstack.cz", true */ 's', 'a', 'l', 't', 's', 't', 'a', 'c', 'k', '.', 'c', 'z', '\0', + /* "salud.top", false */ 's', 'a', 'l', 'u', 'd', '.', 't', 'o', 'p', '\0', + /* "saludsexualmasculina.org", true */ 's', 'a', 'l', 'u', 'd', 's', 'e', 'x', 'u', 'a', 'l', 'm', 'a', 's', 'c', 'u', 'l', 'i', 'n', 'a', '.', 'o', 'r', 'g', '\0', + /* "saludsis.mil.co", true */ 's', 'a', 'l', 'u', 'd', 's', 'i', 's', '.', 'm', 'i', 'l', '.', 'c', 'o', '\0', + /* "salutethepig.com", true */ 's', 'a', 'l', 'u', 't', 'e', 't', 'h', 'e', 'p', 'i', 'g', '.', 'c', 'o', 'm', '\0', + /* "salverainha.org", true */ 's', 'a', 'l', 'v', 'e', 'r', 'a', 'i', 'n', 'h', 'a', '.', 'o', 'r', 'g', '\0', + /* "sam-football.fr", true */ 's', 'a', 'm', '-', 'f', 'o', 'o', 't', 'b', 'a', 'l', 'l', '.', 'f', 'r', '\0', + /* "samanthahumphreysstudio.com", true */ 's', 'a', 'm', 'a', 'n', 't', 'h', 'a', 'h', 'u', 'm', 'p', 'h', 'r', 'e', 'y', 's', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "samanthasgeckos.com", true */ 's', 'a', 'm', 'a', 'n', 't', 'h', 'a', 's', 'g', 'e', 'c', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "samappleton.com", true */ 's', 'a', 'm', 'a', 'p', 'p', 'l', 'e', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "samaritainsmeyrin.ch", true */ 's', 'a', 'm', 'a', 'r', 'i', 't', 'a', 'i', 'n', 's', 'm', 'e', 'y', 'r', 'i', 'n', '.', 'c', 'h', '\0', + /* "samaritansnet.org", true */ 's', 'a', 'm', 'a', 'r', 'i', 't', 'a', 'n', 's', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "samatva-yogalaya.com", true */ 's', 'a', 'm', 'a', 't', 'v', 'a', '-', 'y', 'o', 'g', 'a', 'l', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "samba.org", true */ 's', 'a', 'm', 'b', 'a', '.', 'o', 'r', 'g', '\0', + /* "sambaa.com.br", true */ 's', 'a', 'm', 'b', 'a', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sambaash.com", true */ 's', 'a', 'm', 'b', 'a', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "sambeso.net", true */ 's', 'a', 'm', 'b', 'e', 's', 'o', '.', 'n', 'e', 't', '\0', + /* "samegoal.com", true */ 's', 'a', 'm', 'e', 'g', 'o', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "samel.de", true */ 's', 'a', 'm', 'e', 'l', '.', 'd', 'e', '\0', + /* "samenwerkingsportaal.nl", true */ 's', 'a', 'm', 'e', 'n', 'w', 'e', 'r', 'k', 'i', 'n', 'g', 's', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 'n', 'l', '\0', + /* "samenwerkingsportaal.tk", true */ 's', 'a', 'm', 'e', 'n', 'w', 'e', 'r', 'k', 'i', 'n', 'g', 's', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 't', 'k', '\0', + /* "sameworks.com", true */ 's', 'a', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "samgrayson.me", true */ 's', 'a', 'm', 'g', 'r', 'a', 'y', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "samifar.in", true */ 's', 'a', 'm', 'i', 'f', 'a', 'r', '.', 'i', 'n', '\0', + /* "samizdat.cz", true */ 's', 'a', 'm', 'i', 'z', 'd', 'a', 't', '.', 'c', 'z', '\0', + /* "samkelleher.com", true */ 's', 'a', 'm', 'k', 'e', 'l', 'l', 'e', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "saml-gateway.org", true */ 's', 'a', 'm', 'l', '-', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "samm.com.au", true */ 's', 'a', 'm', 'm', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "sammyjohnson.com", false */ 's', 'a', 'm', 'm', 'y', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "sammyservers.com", true */ 's', 'a', 'm', 'm', 'y', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "samp.im", true */ 's', 'a', 'm', 'p', '.', 'i', 'm', '\0', + /* "samsonova.de", true */ 's', 'a', 'm', 's', 'o', 'n', 'o', 'v', 'a', '.', 'd', 'e', '\0', + /* "samsungphonegenerator.xyz", true */ 's', 'a', 'm', 's', 'u', 'n', 'g', 'p', 'h', 'o', 'n', 'e', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'x', 'y', 'z', '\0', + /* "samsungxoa.com", true */ 's', 'a', 'm', 's', 'u', 'n', 'g', 'x', 'o', 'a', '.', 'c', 'o', 'm', '\0', + /* "samuelkeeley.com", true */ 's', 'a', 'm', 'u', 'e', 'l', 'k', 'e', 'e', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "samuellaulhau.fr", true */ 's', 'a', 'm', 'u', 'e', 'l', 'l', 'a', 'u', 'l', 'h', 'a', 'u', '.', 'f', 'r', '\0', + /* "samui-samui.de", true */ 's', 'a', 'm', 'u', 'i', '-', 's', 'a', 'm', 'u', 'i', '.', 'd', 'e', '\0', + /* "samuirehabcenter.com", true */ 's', 'a', 'm', 'u', 'i', 'r', 'e', 'h', 'a', 'b', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "samvanderkris.com", true */ 's', 'a', 'm', 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "samwilberforce.com", true */ 's', 'a', 'm', 'w', 'i', 'l', 'b', 'e', 'r', 'f', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "samwu.tw", false */ 's', 'a', 'm', 'w', 'u', '.', 't', 'w', '\0', + /* "samyerkes.com", true */ 's', 'a', 'm', 'y', 'e', 'r', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "sana-store.com", true */ 's', 'a', 'n', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "sana-store.cz", true */ 's', 'a', 'n', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'z', '\0', + /* "sana-store.sk", true */ 's', 'a', 'n', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 's', 'k', '\0', + /* "sanandreasstories.com", true */ 's', 'a', 'n', 'a', 'n', 'd', 'r', 'e', 'a', 's', 's', 't', 'o', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "sanasport.cz", true */ 's', 'a', 'n', 'a', 's', 'p', 'o', 'r', 't', '.', 'c', 'z', '\0', + /* "sanasport.sk", true */ 's', 'a', 'n', 'a', 's', 'p', 'o', 'r', 't', '.', 's', 'k', '\0', + /* "sanatorii-sverdlovskoy-oblasti.ru", true */ 's', 'a', 'n', 'a', 't', 'o', 'r', 'i', 'i', '-', 's', 'v', 'e', 'r', 'd', 'l', 'o', 'v', 's', 'k', 'o', 'y', '-', 'o', 'b', 'l', 'a', 's', 't', 'i', '.', 'r', 'u', '\0', + /* "sanatorionosti.com.ar", true */ 's', 'a', 'n', 'a', 't', 'o', 'r', 'i', 'o', 'n', 'o', 's', 't', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "sanchez.adv.br", true */ 's', 'a', 'n', 'c', 'h', 'e', 'z', '.', 'a', 'd', 'v', '.', 'b', 'r', '\0', + /* "sancy.de", true */ 's', 'a', 'n', 'c', 'y', '.', 'd', 'e', '\0', + /* "sand-islets.de", true */ 's', 'a', 'n', 'd', '-', 'i', 's', 'l', 'e', 't', 's', '.', 'd', 'e', '\0', + /* "sandalj.com", true */ 's', 'a', 'n', 'd', 'a', 'l', 'j', '.', 'c', 'o', 'm', '\0', + /* "sandbagexpress.com", true */ 's', 'a', 'n', 'd', 'b', 'a', 'g', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "sandbox.mydigipass.com", false */ 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'm', 'y', 'd', 'i', 'g', 'i', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "sandburner.net", true */ 's', 'a', 'n', 'd', 'b', 'u', 'r', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "sanderdorigo.nl", true */ 's', 'a', 'n', 'd', 'e', 'r', 'd', 'o', 'r', 'i', 'g', 'o', '.', 'n', 'l', '\0', + /* "sanderknape.com", true */ 's', 'a', 'n', 'd', 'e', 'r', 'k', 'n', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "sanderkoenders.eu", true */ 's', 'a', 'n', 'd', 'e', 'r', 'k', 'o', 'e', 'n', 'd', 'e', 'r', 's', '.', 'e', 'u', '\0', + /* "sanderkoenders.nl", true */ 's', 'a', 'n', 'd', 'e', 'r', 'k', 'o', 'e', 'n', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "sandervankasteel.nl", false */ 's', 'a', 'n', 'd', 'e', 'r', 'v', 'a', 'n', 'k', 'a', 's', 't', 'e', 'e', 'l', '.', 'n', 'l', '\0', + /* "sandhaufen.tk", true */ 's', 'a', 'n', 'd', 'h', 'a', 'u', 'f', 'e', 'n', '.', 't', 'k', '\0', + /* "sandmanintel.com", true */ 's', 'a', 'n', 'd', 'm', 'a', 'n', 'i', 'n', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "sandmarc.cz", true */ 's', 'a', 'n', 'd', 'm', 'a', 'r', 'c', '.', 'c', 'z', '\0', + /* "sandobygg.se", true */ 's', 'a', 'n', 'd', 'o', 'b', 'y', 'g', 'g', '.', 's', 'e', '\0', + /* "sandogruppen.se", true */ 's', 'a', 'n', 'd', 'o', 'g', 'r', 'u', 'p', 'p', 'e', 'n', '.', 's', 'e', '\0', + /* "sandor.wtf", true */ 's', 'a', 'n', 'd', 'o', 'r', '.', 'w', 't', 'f', '\0', + /* "sandrainden.nl", true */ 's', 'a', 'n', 'd', 'r', 'a', 'i', 'n', 'd', 'e', 'n', '.', 'n', 'l', '\0', + /* "sandraindenfotografie.nl", true */ 's', 'a', 'n', 'd', 'r', 'a', 'i', 'n', 'd', 'e', 'n', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0', + /* "sandrolittke.de", true */ 's', 'a', 'n', 'd', 'r', 'o', 'l', 'i', 't', 't', 'k', 'e', '.', 'd', 'e', '\0', + /* "sandyrobsonhypnotherapy.co.uk", true */ 's', 'a', 'n', 'd', 'y', 'r', 'o', 'b', 's', 'o', 'n', 'h', 'y', 'p', 'n', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sanepsychologen.nl", true */ 's', 'a', 'n', 'e', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'e', 'n', '.', 'n', 'l', '\0', + /* "sanex.ca", false */ 's', 'a', 'n', 'e', 'x', '.', 'c', 'a', '\0', + /* "sanglierhurlant.fr", true */ 's', 'a', 'n', 'g', 'l', 'i', 'e', 'r', 'h', 'u', 'r', 'l', 'a', 'n', 't', '.', 'f', 'r', '\0', + /* "sangwon.io", true */ 's', 'a', 'n', 'g', 'w', 'o', 'n', '.', 'i', 'o', '\0', + /* "sanilodge.com", true */ 's', 'a', 'n', 'i', 'l', 'o', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "sanitairwinkel.be", true */ 's', 'a', 'n', 'i', 't', 'a', 'i', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'b', 'e', '\0', + /* "sanitairwinkel.com", true */ 's', 'a', 'n', 'i', 't', 'a', 'i', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "sanitairwinkel.nl", true */ 's', 'a', 'n', 'i', 't', 'a', 'i', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0', + /* "sanooktiew.com", false */ 's', 'a', 'n', 'o', 'o', 'k', 't', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "sanpham-balea.org", true */ 's', 'a', 'n', 'p', 'h', 'a', 'm', '-', 'b', 'a', 'l', 'e', 'a', '.', 'o', 'r', 'g', '\0', + /* "sanradon.by", true */ 's', 'a', 'n', 'r', 'a', 'd', 'o', 'n', '.', 'b', 'y', '\0', + /* "sanskritiyoga.com", true */ 's', 'a', 'n', 's', 'k', 'r', 'i', 't', 'i', 'y', 'o', 'g', 'a', '.', 'c', 'o', 'm', '\0', + /* "sansonehowell.com", true */ 's', 'a', 'n', 's', 'o', 'n', 'e', 'h', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "santafemacas.com.br", true */ 's', 'a', 'n', 't', 'a', 'f', 'e', 'm', 'a', 'c', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "santanderideas.com", true */ 's', 'a', 'n', 't', 'a', 'n', 'd', 'e', 'r', 'i', 'd', 'e', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "santenatureetcie.com", true */ 's', 'a', 'n', 't', 'e', 'n', 'a', 't', 'u', 'r', 'e', 'e', 't', 'c', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "santevie.ch", true */ 's', 'a', 'n', 't', 'e', 'v', 'i', 'e', '.', 'c', 'h', '\0', + /* "santmark.com", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "santmark.eu", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'e', 'u', '\0', + /* "santmark.fi", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'f', 'i', '\0', + /* "santmark.info", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "santmark.net", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "santmark.org", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'o', 'r', 'g', '\0', + /* "santodomingocg.org", true */ 's', 'a', 'n', 't', 'o', 'd', 'o', 'm', 'i', 'n', 'g', 'o', 'c', 'g', '.', 'o', 'r', 'g', '\0', + /* "santojuken.co.jp", true */ 's', 'a', 'n', 't', 'o', 'j', 'u', 'k', 'e', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "santorinibbs.com", true */ 's', 'a', 'n', 't', 'o', 'r', 'i', 'n', 'i', 'b', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "sanvitolocapobus.com", true */ 's', 'a', 'n', 'v', 'i', 't', 'o', 'l', 'o', 'c', 'a', 'p', 'o', 'b', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "saoneth.pl", true */ 's', 'a', 'o', 'n', 'e', 't', 'h', '.', 'p', 'l', '\0', + /* "saorsat.com", true */ 's', 'a', 'o', 'r', 's', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "saorsat.ie", true */ 's', 'a', 'o', 'r', 's', 'a', 't', '.', 'i', 'e', '\0', + /* "saorview.com", true */ 's', 'a', 'o', 'r', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "saorviewconnect.ie", true */ 's', 'a', 'o', 'r', 'v', 'i', 'e', 'w', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'i', 'e', '\0', + /* "saorviewconnected.ie", true */ 's', 'a', 'o', 'r', 'v', 'i', 'e', 'w', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'e', 'd', '.', 'i', 'e', '\0', + /* "sapac.es", true */ 's', 'a', 'p', 'a', 'c', '.', 'e', 's', '\0', + /* "sapereaude.com.pl", true */ 's', 'a', 'p', 'e', 'r', 'e', 'a', 'u', 'd', 'e', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0', + /* "sapien-ci.com", true */ 's', 'a', 'p', 'i', 'e', 'n', '-', 'c', 'i', '.', 'c', 'o', 'm', '\0', + /* "sapience.com", true */ 's', 'a', 'p', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "sapk.fr", true */ 's', 'a', 'p', 'k', '.', 'f', 'r', '\0', + /* "saposute-s.jp", true */ 's', 'a', 'p', 'o', 's', 'u', 't', 'e', '-', 's', '.', 'j', 'p', '\0', + /* "sapporobeer.com", true */ 's', 'a', 'p', 'p', 'o', 'r', 'o', 'b', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sapprendre.ch", true */ 's', 'a', 'p', 'p', 'r', 'e', 'n', 'd', 'r', 'e', '.', 'c', 'h', '\0', + /* "sapuncheta.com", true */ 's', 'a', 'p', 'u', 'n', 'c', 'h', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "saq.com", true */ 's', 'a', 'q', '.', 'c', 'o', 'm', '\0', + /* "sarahbeckettharpist.com", true */ 's', 'a', 'r', 'a', 'h', 'b', 'e', 'c', 'k', 'e', 't', 't', 'h', 'a', 'r', 'p', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "sarahlicity.co.uk", false */ 's', 'a', 'r', 'a', 'h', 'l', 'i', 'c', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sarahlicity.me.uk", true */ 's', 'a', 'r', 'a', 'h', 'l', 'i', 'c', 'i', 't', 'y', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "sarahs-roestcafe.de", false */ 's', 'a', 'r', 'a', 'h', 's', '-', 'r', 'o', 'e', 's', 't', 'c', 'a', 'f', 'e', '.', 'd', 'e', '\0', + /* "sarahvictor.co.uk", true */ 's', 'a', 'r', 'a', 'h', 'v', 'i', 'c', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sarariman.com", true */ 's', 'a', 'r', 'a', 'r', 'i', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "sarasturdivant.com", true */ 's', 'a', 'r', 'a', 's', 't', 'u', 'r', 'd', 'i', 'v', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "sardegnatirocini.it", true */ 's', 'a', 'r', 'd', 'e', 'g', 'n', 'a', 't', 'i', 'r', 'o', 'c', 'i', 'n', 'i', '.', 'i', 't', '\0', + /* "sarink.eu", true */ 's', 'a', 'r', 'i', 'n', 'k', '.', 'e', 'u', '\0', + /* "sarkarikhoj.com", true */ 's', 'a', 'r', 'k', 'a', 'r', 'i', 'k', 'h', 'o', 'j', '.', 'c', 'o', 'm', '\0', + /* "sarkisozleri.us", true */ 's', 'a', 'r', 'k', 'i', 's', 'o', 'z', 'l', 'e', 'r', 'i', '.', 'u', 's', '\0', + /* "saro.me", true */ 's', 'a', 'r', 'o', '.', 'm', 'e', '\0', + /* "saronno5stelle.it", true */ 's', 'a', 'r', 'o', 'n', 'n', 'o', '5', 's', 't', 'e', 'l', 'l', 'e', '.', 'i', 't', '\0', + /* "sarpsb.org", true */ 's', 'a', 'r', 'p', 's', 'b', '.', 'o', 'r', 'g', '\0', + /* "sarumtechnologies.com", true */ 's', 'a', 'r', 'u', 'm', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "sas-snowboarding.sk", true */ 's', 'a', 's', '-', 's', 'n', 'o', 'w', 'b', 'o', 'a', 'r', 'd', 'i', 'n', 'g', '.', 's', 'k', '\0', + /* "sash.pw", true */ 's', 'a', 's', 'h', '.', 'p', 'w', '\0', + /* "sashaokun.com", true */ 's', 'a', 's', 'h', 'a', 'o', 'k', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "sashascollections.com", true */ 's', 'a', 's', 'h', 'a', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "saskpension.com", true */ 's', 'a', 's', 'k', 'p', 'e', 'n', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "sastd.com", true */ 's', 'a', 's', 't', 'd', '.', 'c', 'o', 'm', '\0', + /* "sasyabapi.com", true */ 's', 'a', 's', 'y', 'a', 'b', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "sat4all.com", true */ 's', 'a', 't', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "satai.dk", true */ 's', 'a', 't', 'a', 'i', '.', 'd', 'k', '\0', + /* "saterdalen.net", true */ 's', 'a', 't', 'e', 'r', 'd', 'a', 'l', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "satimagingcorp.com", true */ 's', 'a', 't', 'i', 'm', 'a', 'g', 'i', 'n', 'g', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "satinn.pl", true */ 's', 'a', 't', 'i', 'n', 'n', '.', 'p', 'l', '\0', + /* "satmd.de", true */ 's', 'a', 't', 'm', 'd', '.', 'd', 'e', '\0', + /* "saturn.pl", true */ 's', 'a', 't', 'u', 'r', 'n', '.', 'p', 'l', '\0', + /* "saudavel.com.vc", true */ 's', 'a', 'u', 'd', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '.', 'v', 'c', '\0', + /* "saudeealimentos.com", true */ 's', 'a', 'u', 'd', 'e', 'e', 'a', 'l', 'i', 'm', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "saudeintimadamulher.com.br", true */ 's', 'a', 'u', 'd', 'e', 'i', 'n', 't', 'i', 'm', 'a', 'd', 'a', 'm', 'u', 'l', 'h', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "saudenoclique.com.br", true */ 's', 'a', 'u', 'd', 'e', 'n', 'o', 'c', 'l', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sauenytt.no", true */ 's', 'a', 'u', 'e', 'n', 'y', 't', 't', '.', 'n', 'o', '\0', + /* "sauer-systems.net", true */ 's', 'a', 'u', 'e', 'r', '-', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'n', 'e', 't', '\0', + /* "sauerland-schnittgruen.de", true */ 's', 'a', 'u', 'e', 'r', 'l', 'a', 'n', 'd', '-', 's', 'c', 'h', 'n', 'i', 't', 't', 'g', 'r', 'u', 'e', 'n', '.', 'd', 'e', '\0', + /* "saulchristie.com", true */ 's', 'a', 'u', 'l', 'c', 'h', 'r', 'i', 's', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "saumon-de-france.com", true */ 's', 'a', 'u', 'm', 'o', 'n', '-', 'd', 'e', '-', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "saumon-france.com", true */ 's', 'a', 'u', 'm', 'o', 'n', '-', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "saumon.io", true */ 's', 'a', 'u', 'm', 'o', 'n', '.', 'i', 'o', '\0', + /* "saumondefrance.fr", true */ 's', 'a', 'u', 'm', 'o', 'n', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'f', 'r', '\0', + /* "saumonfrance.fr", true */ 's', 'a', 'u', 'm', 'o', 'n', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'f', 'r', '\0', + /* "saunahats.eu", true */ 's', 'a', 'u', 'n', 'a', 'h', 'a', 't', 's', '.', 'e', 'u', '\0', + /* "saunas.fr", true */ 's', 'a', 'u', 'n', 'a', 's', '.', 'f', 'r', '\0', + /* "saurel.me", true */ 's', 'a', 'u', 'r', 'e', 'l', '.', 'm', 'e', '\0', + /* "savacloud.com", true */ 's', 'a', 'v', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "savageorgiev.com", true */ 's', 'a', 'v', 'a', 'g', 'e', 'o', 'r', 'g', 'i', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "savannahtasteexperience.com", true */ 's', 'a', 'v', 'a', 'n', 'n', 'a', 'h', 't', 'a', 's', 't', 'e', 'e', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "save-me-aachen.de", true */ 's', 'a', 'v', 'e', '-', 'm', 'e', '-', 'a', 'a', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "save-me-koeln.de", true */ 's', 'a', 'v', 'e', '-', 'm', 'e', '-', 'k', 'o', 'e', 'l', 'n', '.', 'd', 'e', '\0', + /* "savecrypto.org", true */ 's', 'a', 'v', 'e', 'c', 'r', 'y', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0', + /* "savekorea.net", true */ 's', 'a', 'v', 'e', 'k', 'o', 'r', 'e', 'a', '.', 'n', 'e', 't', '\0', + /* "savemoneyonenergy.com", true */ 's', 'a', 'v', 'e', 'm', 'o', 'n', 'e', 'y', 'o', 'n', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "savenet.org", true */ 's', 'a', 'v', 'e', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "saveora.com", true */ 's', 'a', 'v', 'e', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "saveora.shop", true */ 's', 'a', 'v', 'e', 'o', 'r', 'a', '.', 's', 'h', 'o', 'p', '\0', + /* "savetheinternet.eu", true */ 's', 'a', 'v', 'e', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'e', 'u', '\0', + /* "savic.com", true */ 's', 'a', 'v', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "savingbytes.com", true */ 's', 'a', 'v', 'i', 'n', 'g', 'b', 'y', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "savinggoliath.com", true */ 's', 'a', 'v', 'i', 'n', 'g', 'g', 'o', 'l', 'i', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "savingsbondwizard.gov", true */ 's', 'a', 'v', 'i', 'n', 'g', 's', 'b', 'o', 'n', 'd', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0', + /* "savingsomegreen.com", true */ 's', 'a', 'v', 'i', 'n', 'g', 's', 'o', 'm', 'e', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "savingsstoreonline.ca", true */ 's', 'a', 'v', 'i', 'n', 'g', 's', 's', 't', 'o', 'r', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'a', '\0', + /* "savisasolutions.co.za", true */ 's', 'a', 'v', 'i', 's', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "savvytime.com", true */ 's', 'a', 'v', 'v', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "sawyerroofing.com", true */ 's', 'a', 'w', 'y', 'e', 'r', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "saxojoe.co.uk", true */ 's', 'a', 'x', 'o', 'j', 'o', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "saxojoe.de", true */ 's', 'a', 'x', 'o', 'j', 'o', 'e', '.', 'd', 'e', '\0', + /* "saxol-group.com", true */ 's', 'a', 'x', 'o', 'l', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "saxoncreative.com", true */ 's', 'a', 'x', 'o', 'n', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "saxwereld.nl", true */ 's', 'a', 'x', 'w', 'e', 'r', 'e', 'l', 'd', '.', 'n', 'l', '\0', + /* "sayprepay.com", true */ 's', 'a', 'y', 'p', 'r', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "sayura.net", true */ 's', 'a', 'y', 'u', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "saz.sh", true */ 's', 'a', 'z', '.', 's', 'h', '\0', + /* "sazuz.cz", true */ 's', 'a', 'z', 'u', 'z', '.', 'c', 'z', '\0', + /* "sb-group.dk", true */ 's', 'b', '-', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'k', '\0', + /* "sb-tuning.ru", true */ 's', 'b', '-', 't', 'u', 'n', 'i', 'n', 'g', '.', 'r', 'u', '\0', + /* "sb.im", true */ 's', 'b', '.', 'i', 'm', '\0', + /* "sb.sb", true */ 's', 'b', '.', 's', 'b', '\0', + /* "sb0.io", true */ 's', 'b', '0', '.', 'i', 'o', '\0', + /* "sbanken.no", true */ 's', 'b', 'a', 'n', 'k', 'e', 'n', '.', 'n', 'o', '\0', + /* "sber.us", true */ 's', 'b', 'e', 'r', '.', 'u', 's', '\0', + /* "sberbank.ch", true */ 's', 'b', 'e', 'r', 'b', 'a', 'n', 'k', '.', 'c', 'h', '\0', + /* "sbf888.com", true */ 's', 'b', 'f', '8', '8', '8', '.', 'c', 'o', 'm', '\0', + /* "sbiewald.de", true */ 's', 'b', 'i', 'e', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0', + /* "sbirecruitment.co.in", true */ 's', 'b', 'i', 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'i', 'n', '\0', + /* "sbit.com.br", true */ 's', 'b', 'i', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sblum.de", true */ 's', 'b', 'l', 'u', 'm', '.', 'd', 'e', '\0', + /* "sbo-dresden.de", true */ 's', 'b', 'o', '-', 'd', 'r', 'e', 's', 'd', 'e', 'n', '.', 'd', 'e', '\0', + /* "sbr.red", true */ 's', 'b', 'r', '.', 'r', 'e', 'd', '\0', + /* "sbsavings.bank", true */ 's', 'b', 's', 'a', 'v', 'i', 'n', 'g', 's', '.', 'b', 'a', 'n', 'k', '\0', + /* "sbsnursery.co.uk", true */ 's', 'b', 's', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sbssoft.ru", true */ 's', 'b', 's', 's', 'o', 'f', 't', '.', 'r', 'u', '\0', + /* "sbytes.info", true */ 's', 'b', 'y', 't', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "scalaire.com", true */ 's', 'c', 'a', 'l', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "scalaire.fr", true */ 's', 'c', 'a', 'l', 'a', 'i', 'r', 'e', '.', 'f', 'r', '\0', + /* "scalesbiolab.com", true */ 's', 'c', 'a', 'l', 'e', 's', 'b', 'i', 'o', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "scaling.solutions", true */ 's', 'c', 'a', 'l', 'i', 'n', 'g', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0', + /* "scallywagsbouncycastles.co.uk", true */ 's', 'c', 'a', 'l', 'l', 'y', 'w', 'a', 'g', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "scamblockplus.org", true */ 's', 'c', 'a', 'm', 'b', 'l', 'o', 'c', 'k', 'p', 'l', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "scandicom.fi", true */ 's', 'c', 'a', 'n', 'd', 'i', 'c', 'o', 'm', '.', 'f', 'i', '\0', + /* "scandinavia.dating", true */ 's', 'c', 'a', 'n', 'd', 'i', 'n', 'a', 'v', 'i', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "scangeo.net", true */ 's', 'c', 'a', 'n', 'g', 'e', 'o', '.', 'n', 'e', 't', '\0', + /* "scanleasing.net", true */ 's', 'c', 'a', 'n', 'l', 'e', 'a', 's', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "scanpay.dk", true */ 's', 'c', 'a', 'n', 'p', 'a', 'y', '.', 'd', 'k', '\0', + /* "scatsbouncingcastles.ie", true */ 's', 'c', 'a', 't', 's', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0', + /* "scelec.com.au", true */ 's', 'c', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "scenastu.pl", true */ 's', 'c', 'e', 'n', 'a', 's', 't', 'u', '.', 'p', 'l', '\0', + /* "scenester.tv", false */ 's', 'c', 'e', 'n', 'e', 's', 't', 'e', 'r', '.', 't', 'v', '\0', + /* "scenicbyways.info", true */ 's', 'c', 'e', 'n', 'i', 'c', 'b', 'y', 'w', 'a', 'y', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "scepticism.com", true */ 's', 'c', 'e', 'p', 't', 'i', 'c', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "sceptique.eu", true */ 's', 'c', 'e', 'p', 't', 'i', 'q', 'u', 'e', '.', 'e', 'u', '\0', + /* "schadevergoedingen.eu", true */ 's', 'c', 'h', 'a', 'd', 'e', 'v', 'e', 'r', 'g', 'o', 'e', 'd', 'i', 'n', 'g', 'e', 'n', '.', 'e', 'u', '\0', + /* "schalkoortbv.nl", true */ 's', 'c', 'h', 'a', 'l', 'k', 'o', 'o', 'r', 't', 'b', 'v', '.', 'n', 'l', '\0', + /* "schallert.com", true */ 's', 'c', 'h', 'a', 'l', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "schamlosharmlos.de", true */ 's', 'c', 'h', 'a', 'm', 'l', 'o', 's', 'h', 'a', 'r', 'm', 'l', 'o', 's', '.', 'd', 'e', '\0', + /* "schaper-sport.com", true */ 's', 'c', 'h', 'a', 'p', 'e', 'r', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "schatzibaers.de", true */ 's', 'c', 'h', 'a', 't', 'z', 'i', 'b', 'a', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "schawe.me", true */ 's', 'c', 'h', 'a', 'w', 'e', '.', 'm', 'e', '\0', + /* "schd.io", true */ 's', 'c', 'h', 'd', '.', 'i', 'o', '\0', + /* "scheduleme.io", true */ 's', 'c', 'h', 'e', 'd', 'u', 'l', 'e', 'm', 'e', '.', 'i', 'o', '\0', + /* "scheemadigital.com", true */ 's', 'c', 'h', 'e', 'e', 'm', 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "schefczyk.com", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'c', 'o', 'm', '\0', + /* "schefczyk.de", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0', + /* "schefczyk.eu", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'e', 'u', '\0', + /* "schefczyk.net", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'n', 'e', 't', '\0', + /* "scheidtweiler.de", true */ 's', 'c', 'h', 'e', 'i', 'd', 't', 'w', 'e', 'i', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "scheinlichter.de", true */ 's', 'c', 'h', 'e', 'i', 'n', 'l', 'i', 'c', 'h', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "schelberts.de", true */ 's', 'c', 'h', 'e', 'l', 'b', 'e', 'r', 't', 's', '.', 'd', 'e', '\0', + /* "schellevis.net", true */ 's', 'c', 'h', 'e', 'l', 'l', 'e', 'v', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "schenkes.de", true */ 's', 'c', 'h', 'e', 'n', 'k', 'e', 's', '.', 'd', 'e', '\0', + /* "scherfke.de", true */ 's', 'c', 'h', 'e', 'r', 'f', 'k', 'e', '.', 'd', 'e', '\0', + /* "scheuchenstuel.at", true */ 's', 'c', 'h', 'e', 'u', 'c', 'h', 'e', 'n', 's', 't', 'u', 'e', 'l', '.', 'a', 't', '\0', + /* "schier.info", true */ 's', 'c', 'h', 'i', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "schildbach.de", true */ 's', 'c', 'h', 'i', 'l', 'd', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0', + /* "schippendale.de", true */ 's', 'c', 'h', 'i', 'p', 'p', 'e', 'n', 'd', 'a', 'l', 'e', '.', 'd', 'e', '\0', + /* "schippers-it.nl", true */ 's', 'c', 'h', 'i', 'p', 'p', 'e', 'r', 's', '-', 'i', 't', '.', 'n', 'l', '\0', + /* "schizoids.net", true */ 's', 'c', 'h', 'i', 'z', 'o', 'i', 'd', 's', '.', 'n', 'e', 't', '\0', + /* "schlabbi.com", false */ 's', 'c', 'h', 'l', 'a', 'b', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "schlachter.ca", true */ 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', 'r', '.', 'c', 'a', '\0', + /* "schlafguru.com", true */ 's', 'c', 'h', 'l', 'a', 'f', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0', + /* "schlagenhauf.info", true */ 's', 'c', 'h', 'l', 'a', 'g', 'e', 'n', 'h', 'a', 'u', 'f', '.', 'i', 'n', 'f', 'o', '\0', + /* "schlagma.de", true */ 's', 'c', 'h', 'l', 'a', 'g', 'm', 'a', '.', 'd', 'e', '\0', + /* "schlarp.com", true */ 's', 'c', 'h', 'l', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "schlechtewitze.com", true */ 's', 'c', 'h', 'l', 'e', 'c', 'h', 't', 'e', 'w', 'i', 't', 'z', 'e', '.', 'c', 'o', 'm', '\0', + /* "schlossereieder.at", true */ 's', 'c', 'h', 'l', 'o', 's', 's', 'e', 'r', 'e', 'i', 'e', 'd', 'e', 'r', '.', 'a', 't', '\0', + /* "schlueter-software.de", true */ 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'd', 'e', '\0', + /* "schmaeh-coaching.ch", true */ 's', 'c', 'h', 'm', 'a', 'e', 'h', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "schmelzle.io", true */ 's', 'c', 'h', 'm', 'e', 'l', 'z', 'l', 'e', '.', 'i', 'o', '\0', + /* "schmetterlingsapp.at", true */ 's', 'c', 'h', 'm', 'e', 't', 't', 'e', 'r', 'l', 'i', 'n', 'g', 's', 'a', 'p', 'p', '.', 'a', 't', '\0', + /* "schmidthomes.com", true */ 's', 'c', 'h', 'm', 'i', 'd', 't', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "schmidtplasticsurgery.com", true */ 's', 'c', 'h', 'm', 'i', 'd', 't', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "schmidttulskie.de", true */ 's', 'c', 'h', 'm', 'i', 'd', 't', 't', 'u', 'l', 's', 'k', 'i', 'e', '.', 'd', 'e', '\0', + /* "schmitt-max.com", true */ 's', 'c', 'h', 'm', 'i', 't', 't', '-', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "schmitz.link", true */ 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'l', 'i', 'n', 'k', '\0', + /* "schnegg.name", true */ 's', 'c', 'h', 'n', 'e', 'g', 'g', '.', 'n', 'a', 'm', 'e', '\0', + /* "schneids.me", true */ 's', 'c', 'h', 'n', 'e', 'i', 'd', 's', '.', 'm', 'e', '\0', + /* "schnellno.de", true */ 's', 'c', 'h', 'n', 'e', 'l', 'l', 'n', 'o', '.', 'd', 'e', '\0', + /* "schnellsuche.de", true */ 's', 'c', 'h', 'n', 'e', 'l', 'l', 's', 'u', 'c', 'h', 'e', '.', 'd', 'e', '\0', + /* "schnouki.net", true */ 's', 'c', 'h', 'n', 'o', 'u', 'k', 'i', '.', 'n', 'e', 't', '\0', + /* "schnyder-werbung.ch", true */ 's', 'c', 'h', 'n', 'y', 'd', 'e', 'r', '-', 'w', 'e', 'r', 'b', 'u', 'n', 'g', '.', 'c', 'h', '\0', + /* "schoeck-elektro.de", true */ 's', 'c', 'h', 'o', 'e', 'c', 'k', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0', + /* "schoepski.de", true */ 's', 'c', 'h', 'o', 'e', 'p', 's', 'k', 'i', '.', 'd', 'e', '\0', + /* "schoknecht.net", true */ 's', 'c', 'h', 'o', 'k', 'n', 'e', 'c', 'h', 't', '.', 'n', 'e', 't', '\0', + /* "schoknecht.one", true */ 's', 'c', 'h', 'o', 'k', 'n', 'e', 'c', 'h', 't', '.', 'o', 'n', 'e', '\0', + /* "schokokeks.org", true */ 's', 'c', 'h', 'o', 'k', 'o', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "scholarly.com.ph", true */ 's', 'c', 'h', 'o', 'l', 'a', 'r', 'l', 'y', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0', + /* "scholarly.ph", true */ 's', 'c', 'h', 'o', 'l', 'a', 'r', 'l', 'y', '.', 'p', 'h', '\0', + /* "scholierenvervoerzeeland.nl", true */ 's', 'c', 'h', 'o', 'l', 'i', 'e', 'r', 'e', 'n', 'v', 'e', 'r', 'v', 'o', 'e', 'r', 'z', 'e', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "schont.org", true */ 's', 'c', 'h', 'o', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "school.in.th", true */ 's', 'c', 'h', 'o', 'o', 'l', '.', 'i', 'n', '.', 't', 'h', '\0', + /* "schooli.io", true */ 's', 'c', 'h', 'o', 'o', 'l', 'i', '.', 'i', 'o', '\0', + /* "schoolotzyv.ru", true */ 's', 'c', 'h', 'o', 'o', 'l', 'o', 't', 'z', 'y', 'v', '.', 'r', 'u', '\0', + /* "schoolze.com", true */ 's', 'c', 'h', 'o', 'o', 'l', 'z', 'e', '.', 'c', 'o', 'm', '\0', + /* "schopenhauer-institut.de", true */ 's', 'c', 'h', 'o', 'p', 'e', 'n', 'h', 'a', 'u', 'e', 'r', '-', 'i', 'n', 's', 't', 'i', 't', 'u', 't', '.', 'd', 'e', '\0', + /* "schorel.ovh", true */ 's', 'c', 'h', 'o', 'r', 'e', 'l', '.', 'o', 'v', 'h', '\0', + /* "schorelweb.nl", true */ 's', 'c', 'h', 'o', 'r', 'e', 'l', 'w', 'e', 'b', '.', 'n', 'l', '\0', + /* "schraebanowicz.net", true */ 's', 'c', 'h', 'r', 'a', 'e', 'b', 'a', 'n', 'o', 'w', 'i', 'c', 'z', '.', 'n', 'e', 't', '\0', + /* "schrauger.com", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "schrauger.info", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "schrauger.net", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "schrauger.org", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "schrauger.run", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'r', 'u', 'n', '\0', + /* "schraugerrun.com", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', 'r', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "schreibers.ca", true */ 's', 'c', 'h', 'r', 'e', 'i', 'b', 'e', 'r', 's', '.', 'c', 'a', '\0', + /* "schreibnacht.de", true */ 's', 'c', 'h', 'r', 'e', 'i', 'b', 'n', 'a', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "schreinerei-jahreis.de", true */ 's', 'c', 'h', 'r', 'e', 'i', 'n', 'e', 'r', 'e', 'i', '-', 'j', 'a', 'h', 'r', 'e', 'i', 's', '.', 'd', 'e', '\0', + /* "schreinerei-wortmann.de", true */ 's', 'c', 'h', 'r', 'e', 'i', 'n', 'e', 'r', 'e', 'i', '-', 'w', 'o', 'r', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "schrenkinzl.at", true */ 's', 'c', 'h', 'r', 'e', 'n', 'k', 'i', 'n', 'z', 'l', '.', 'a', 't', '\0', + /* "schritt4fit.de", true */ 's', 'c', 'h', 'r', 'i', 't', 't', '4', 'f', 'i', 't', '.', 'd', 'e', '\0', + /* "schrodingersscat.com", true */ 's', 'c', 'h', 'r', 'o', 'd', 'i', 'n', 'g', 'e', 'r', 's', 's', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "schrodingersscat.org", true */ 's', 'c', 'h', 'r', 'o', 'd', 'i', 'n', 'g', 'e', 'r', 's', 's', 'c', 'a', 't', '.', 'o', 'r', 'g', '\0', + /* "schroeder-immobilien-sundern.de", true */ 's', 'c', 'h', 'r', 'o', 'e', 'd', 'e', 'r', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '-', 's', 'u', 'n', 'd', 'e', 'r', 'n', '.', 'd', 'e', '\0', + /* "schroepfi.de", true */ 's', 'c', 'h', 'r', 'o', 'e', 'p', 'f', 'i', '.', 'd', 'e', '\0', + /* "schrolm.de", true */ 's', 'c', 'h', 'r', 'o', 'l', 'm', '.', 'd', 'e', '\0', + /* "schsrch.org", true */ 's', 'c', 'h', 's', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "schsrch.xyz", true */ 's', 'c', 'h', 's', 'r', 'c', 'h', '.', 'x', 'y', 'z', '\0', + /* "schtiehve.duckdns.org", true */ 's', 'c', 'h', 't', 'i', 'e', 'h', 'v', 'e', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "schubergphilis.com", true */ 's', 'c', 'h', 'u', 'b', 'e', 'r', 'g', 'p', 'h', 'i', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "schubertgmbh-ingelheim.de", true */ 's', 'c', 'h', 'u', 'b', 'e', 'r', 't', 'g', 'm', 'b', 'h', '-', 'i', 'n', 'g', 'e', 'l', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0', + /* "schuhbeck.tk", true */ 's', 'c', 'h', 'u', 'h', 'b', 'e', 'c', 'k', '.', 't', 'k', '\0', + /* "schuhwerkstatt.at", true */ 's', 'c', 'h', 'u', 'h', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'a', 't', '\0', + /* "schul-bar.de", true */ 's', 'c', 'h', 'u', 'l', '-', 'b', 'a', 'r', '.', 'd', 'e', '\0', + /* "schulderinsky.de", true */ 's', 'c', 'h', 'u', 'l', 'd', 'e', 'r', 'i', 'n', 's', 'k', 'y', '.', 'd', 'e', '\0', + /* "schuler.st", true */ 's', 'c', 'h', 'u', 'l', 'e', 'r', '.', 's', 't', '\0', + /* "schulfotograf-deinfoto.ch", true */ 's', 'c', 'h', 'u', 'l', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0', + /* "schull.ch", true */ 's', 'c', 'h', 'u', 'l', 'l', '.', 'c', 'h', '\0', + /* "schum.world", true */ 's', 'c', 'h', 'u', 'm', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "schumanandmonnet.eu", true */ 's', 'c', 'h', 'u', 'm', 'a', 'n', 'a', 'n', 'd', 'm', 'o', 'n', 'n', 'e', 't', '.', 'e', 'u', '\0', + /* "schummar.de", true */ 's', 'c', 'h', 'u', 'm', 'm', 'a', 'r', '.', 'd', 'e', '\0', + /* "schunako.ch", true */ 's', 'c', 'h', 'u', 'n', 'a', 'k', 'o', '.', 'c', 'h', '\0', + /* "schurkenstaat.net", true */ 's', 'c', 'h', 'u', 'r', 'k', 'e', 'n', 's', 't', 'a', 'a', 't', '.', 'n', 'e', 't', '\0', + /* "schutznetze24.de", true */ 's', 'c', 'h', 'u', 't', 'z', 'n', 'e', 't', 'z', 'e', '2', '4', '.', 'd', 'e', '\0', + /* "schutzwerk.com", true */ 's', 'c', 'h', 'u', 't', 'z', 'w', 'e', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "schwabenhaus-ka.de", true */ 's', 'c', 'h', 'w', 'a', 'b', 'e', 'n', 'h', 'a', 'u', 's', '-', 'k', 'a', '.', 'd', 'e', '\0', + /* "schwanke.in", true */ 's', 'c', 'h', 'w', 'a', 'n', 'k', 'e', '.', 'i', 'n', '\0', + /* "schwarzegar.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 'g', 'a', 'r', '.', 'd', 'e', '\0', + /* "schwarzer.it", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 'r', '.', 'i', 't', '\0', + /* "schwarzes-muenchen.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 's', '-', 'm', 'u', 'e', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "schwarzhenri.ch", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'h', 'e', 'n', 'r', 'i', '.', 'c', 'h', '\0', + /* "schwarztrade.cz", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 't', 'r', 'a', 'd', 'e', '.', 'c', 'z', '\0', + /* "schwarzwald-flirt.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'w', 'a', 'l', 'd', '-', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0', + /* "schwarzwaldcon.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'w', 'a', 'l', 'd', 'c', 'o', 'n', '.', 'd', 'e', '\0', + /* "schwedenhaus.ag", true */ 's', 'c', 'h', 'w', 'e', 'd', 'e', 'n', 'h', 'a', 'u', 's', '.', 'a', 'g', '\0', + /* "schwinabart.com", true */ 's', 'c', 'h', 'w', 'i', 'n', 'a', 'b', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "schwinger.me", true */ 's', 'c', 'h', 'w', 'i', 'n', 'g', 'e', 'r', '.', 'm', 'e', '\0', + /* "schwinnbike.ru", true */ 's', 'c', 'h', 'w', 'i', 'n', 'n', 'b', 'i', 'k', 'e', '.', 'r', 'u', '\0', + /* "schwuppengrillen.de", true */ 's', 'c', 'h', 'w', 'u', 'p', 'p', 'e', 'n', 'g', 'r', 'i', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0', + /* "sci-internet.tk", true */ 's', 'c', 'i', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 't', 'k', '\0', + /* "science-network.ch", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'h', '\0', + /* "science-questions.org", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 'q', 'u', 'e', 's', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "science-texts.de", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 't', 'e', 'x', 't', 's', '.', 'd', 'e', '\0', + /* "science360.gov", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '3', '6', '0', '.', 'g', 'o', 'v', '\0', + /* "scienceminnesota.com", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "sciencesolutions.eu", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'e', 'u', '\0', + /* "sciencex.com", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "scifi.fyi", true */ 's', 'c', 'i', 'f', 'i', '.', 'f', 'y', 'i', '\0', + /* "scimage.com", true */ 's', 'c', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "scintilla.nl", true */ 's', 'c', 'i', 'n', 't', 'i', 'l', 'l', 'a', '.', 'n', 'l', '\0', + /* "scintillating.stream", true */ 's', 'c', 'i', 'n', 't', 'i', 'l', 'l', 'a', 't', 'i', 'n', 'g', '.', 's', 't', 'r', 'e', 'a', 'm', '\0', + /* "scionasset.com", true */ 's', 'c', 'i', 'o', 'n', 'a', 's', 's', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "scis.com.ua", true */ 's', 'c', 'i', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "scistarter.com", true */ 's', 'c', 'i', 's', 't', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "scitopia.me", true */ 's', 'c', 'i', 't', 'o', 'p', 'i', 'a', '.', 'm', 'e', '\0', + /* "sckc.stream", true */ 's', 'c', 'k', 'c', '.', 's', 't', 'r', 'e', 'a', 'm', '\0', + /* "scm-2017.org", true */ 's', 'c', 'm', '-', '2', '0', '1', '7', '.', 'o', 'r', 'g', '\0', + /* "scoolcode.com", true */ 's', 'c', 'o', 'o', 'l', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "scooterservis.com", true */ 's', 'c', 'o', 'o', 't', 'e', 'r', 's', 'e', 'r', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "scootfleet.com", true */ 's', 'c', 'o', 'o', 't', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "scopea.fr", true */ 's', 'c', 'o', 'p', 'e', 'a', '.', 'f', 'r', '\0', + /* "scorobudem.ru", true */ 's', 'c', 'o', 'r', 'o', 'b', 'u', 'd', 'e', 'm', '.', 'r', 'u', '\0', + /* "scorocode.ru", true */ 's', 'c', 'o', 'r', 'o', 'c', 'o', 'd', 'e', '.', 'r', 'u', '\0', + /* "scorp13.com", true */ 's', 'c', 'o', 'r', 'p', '1', '3', '.', 'c', 'o', 'm', '\0', + /* "scottgruber.me", true */ 's', 'c', 'o', 't', 't', 'g', 'r', 'u', 'b', 'e', 'r', '.', 'm', 'e', '\0', + /* "scottgthomas.com", true */ 's', 'c', 'o', 't', 't', 'g', 't', 'h', 'o', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "scotthel.me", true */ 's', 'c', 'o', 't', 't', 'h', 'e', 'l', '.', 'm', 'e', '\0', + /* "scotthelme.co.uk", true */ 's', 'c', 'o', 't', 't', 'h', 'e', 'l', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "scotthelme.com", true */ 's', 'c', 'o', 't', 't', 'h', 'e', 'l', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "scottstorey.co.uk", true */ 's', 'c', 'o', 't', 't', 's', 't', 'o', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "scottynordstrom.org", false */ 's', 'c', 'o', 't', 't', 'y', 'n', 'o', 'r', 'd', 's', 't', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "scoutdb.ch", true */ 's', 'c', 'o', 'u', 't', 'd', 'b', '.', 'c', 'h', '\0', + /* "scoutingridderkerk.nl", true */ 's', 'c', 'o', 'u', 't', 'i', 'n', 'g', 'r', 'i', 'd', 'd', 'e', 'r', 'k', 'e', 'r', 'k', '.', 'n', 'l', '\0', + /* "scoutnet.de", true */ 's', 'c', 'o', 'u', 't', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "scp-trens.notaires.fr", true */ 's', 'c', 'p', '-', 't', 'r', 'e', 'n', 's', '.', 'n', 'o', 't', 'a', 'i', 'r', 'e', 's', '.', 'f', 'r', '\0', + /* "scp500.com", true */ 's', 'c', 'p', '5', '0', '0', '.', 'c', 'o', 'm', '\0', + /* "scpartyentertainment.co.uk", true */ 's', 'c', 'p', 'a', 'r', 't', 'y', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "scrambox.com", true */ 's', 'c', 'r', 'a', 'm', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "scramget.com", true */ 's', 'c', 'r', 'a', 'm', 'g', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "scramsoft.com", true */ 's', 'c', 'r', 'a', 'm', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "scrap.tf", true */ 's', 'c', 'r', 'a', 'p', '.', 't', 'f', '\0', + /* "scrayos.net", true */ 's', 'c', 'r', 'a', 'y', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "scredible.com", true */ 's', 'c', 'r', 'e', 'd', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "screen64.tk", true */ 's', 'c', 'r', 'e', 'e', 'n', '6', '4', '.', 't', 'k', '\0', + /* "screenlight.tv", true */ 's', 'c', 'r', 'e', 'e', 'n', 'l', 'i', 'g', 'h', 't', '.', 't', 'v', '\0', + /* "screenparadigm.com", true */ 's', 'c', 'r', 'e', 'e', 'n', 'p', 'a', 'r', 'a', 'd', 'i', 'g', 'm', '.', 'c', 'o', 'm', '\0', + /* "scripo-bay.com", true */ 's', 'c', 'r', 'i', 'p', 'o', '-', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "script.google.com", true */ 's', 'c', 'r', 'i', 'p', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "scriptgates.ru", true */ 's', 'c', 'r', 'i', 'p', 't', 'g', 'a', 't', 'e', 's', '.', 'r', 'u', '\0', + /* "scriptum.gr", true */ 's', 'c', 'r', 'i', 'p', 't', 'u', 'm', '.', 'g', 'r', '\0', + /* "scrisulfacebine.ro", true */ 's', 'c', 'r', 'i', 's', 'u', 'l', 'f', 'a', 'c', 'e', 'b', 'i', 'n', 'e', '.', 'r', 'o', '\0', + /* "scruffymen.com", true */ 's', 'c', 'r', 'u', 'f', 'f', 'y', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "scrumbleship.com", true */ 's', 'c', 'r', 'u', 'm', 'b', 'l', 'e', 's', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "scrumstack.co.uk", true */ 's', 'c', 'r', 'u', 'm', 's', 't', 'a', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "scryfall.com", true */ 's', 'c', 'r', 'y', 'f', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "scs-simulatoren.de", true */ 's', 'c', 's', '-', 's', 'i', 'm', 'u', 'l', 'a', 't', 'o', 'r', 'e', 'n', '.', 'd', 'e', '\0', + /* "scswam.com", true */ 's', 'c', 's', 'w', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "sctrainingllc.com", true */ 's', 'c', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', 'l', 'l', 'c', '.', 'c', 'o', 'm', '\0', + /* "scubadiving-phuket.com", true */ 's', 'c', 'u', 'b', 'a', 'd', 'i', 'v', 'i', 'n', 'g', '-', 'p', 'h', 'u', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "sculpture.support", true */ 's', 'c', 'u', 'l', 'p', 't', 'u', 'r', 'e', '.', 's', 'u', 'p', 'p', 'o', 'r', 't', '\0', + /* "scuolaguidalame.ch", true */ 's', 'c', 'u', 'o', 'l', 'a', 'g', 'u', 'i', 'd', 'a', 'l', 'a', 'm', 'e', '.', 'c', 'h', '\0', + /* "scw.com", true */ 's', 'c', 'w', '.', 'c', 'o', 'm', '\0', + /* "scw.nz", true */ 's', 'c', 'w', '.', 'n', 'z', '\0', + /* "scwilliams.co.uk", true */ 's', 'c', 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "scwilliams.uk", true */ 's', 'c', 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', '.', 'u', 'k', '\0', + /* "sd.af", true */ 's', 'd', '.', 'a', 'f', '\0', + /* "sdcardrecovery.de", true */ 's', 'd', 'c', 'a', 'r', 'd', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'd', 'e', '\0', + /* "sdho.org", true */ 's', 'd', 'h', 'o', '.', 'o', 'r', 'g', '\0', + /* "sdns.fr", true */ 's', 'd', 'n', 's', '.', 'f', 'r', '\0', + /* "sdsi.us", true */ 's', 'd', 's', 'i', '.', 'u', 's', '\0', + /* "sdsmanagement.me", true */ 's', 'd', 's', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'm', 'e', '\0', + /* "sdsmt.engineering", true */ 's', 'd', 's', 'm', 't', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0', + /* "sdvigpress.org", true */ 's', 'd', 'v', 'i', 'g', 'p', 'r', 'e', 's', 's', '.', 'o', 'r', 'g', '\0', + /* "sdvx.net", true */ 's', 'd', 'v', 'x', '.', 'n', 'e', 't', '\0', + /* "se.search.yahoo.com", false */ 's', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "sea-godzilla.com", true */ 's', 'e', 'a', '-', 'g', 'o', 'd', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "seacam-store.com", true */ 's', 'e', 'a', 'c', 'a', 'm', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "seafood.co.nz", true */ 's', 'e', 'a', 'f', 'o', 'o', 'd', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "seaholmwines.com", true */ 's', 'e', 'a', 'h', 'o', 'l', 'm', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "sealbaker.com", true */ 's', 'e', 'a', 'l', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sealtitebasement.com", true */ 's', 'e', 'a', 'l', 't', 'i', 't', 'e', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "seamless.no", true */ 's', 'e', 'a', 'm', 'l', 'e', 's', 's', '.', 'n', 'o', '\0', + /* "seanholcroft.co.uk", true */ 's', 'e', 'a', 'n', 'h', 'o', 'l', 'c', 'r', 'o', 'f', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "seankilgarriff.com", true */ 's', 'e', 'a', 'n', 'k', 'i', 'l', 'g', 'a', 'r', 'r', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "seanstrout.com", true */ 's', 'e', 'a', 'n', 's', 't', 'r', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "seansyardservice.com", true */ 's', 'e', 'a', 'n', 's', 'y', 'a', 'r', 'd', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "seaplayhomes.com", true */ 's', 'e', 'a', 'p', 'l', 'a', 'y', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "search-job-in.com", true */ 's', 'e', 'a', 'r', 'c', 'h', '-', 'j', 'o', 'b', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "search-one.de", true */ 's', 'e', 'a', 'r', 'c', 'h', '-', 'o', 'n', 'e', '.', 'd', 'e', '\0', + /* "search.gov", true */ 's', 'e', 'a', 'r', 'c', 'h', '.', 'g', 'o', 'v', '\0', + /* "search.yahoo.com", false */ 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "searchbrothers.at", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'a', 't', '\0', + /* "searchbrothers.ch", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'c', 'h', '\0', + /* "searchbrothers.co.il", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "searchbrothers.com", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "searchbrothers.de", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "searchbrothers.dk", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'd', 'k', '\0', + /* "searchbrothers.es", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'e', 's', '\0', + /* "searchbrothers.fr", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'f', 'r', '\0', + /* "searchbrothers.it", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'i', 't', '\0', + /* "searchbrothers.nl", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "searchbrothers.ru", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'r', 'u', '\0', + /* "searchbrothers.uk", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'u', 'k', '\0', + /* "searchdatalogy.com", true */ 's', 'e', 'a', 'r', 'c', 'h', 'd', 'a', 't', 'a', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "searchgov.gov.il", true */ 's', 'e', 'a', 'r', 'c', 'h', 'g', 'o', 'v', '.', 'g', 'o', 'v', '.', 'i', 'l', '\0', + /* "seareytraining.com", true */ 's', 'e', 'a', 'r', 'e', 'y', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "seasons.nu", false */ 's', 'e', 'a', 's', 'o', 'n', 's', '.', 'n', 'u', '\0', + /* "seatbeltpledge.com", true */ 's', 'e', 'a', 't', 'b', 'e', 'l', 't', 'p', 'l', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "seattle-life.net", true */ 's', 'e', 'a', 't', 't', 'l', 'e', '-', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0', + /* "seattlefabrication.com", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'f', 'a', 'b', 'r', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "seattlemesh.net", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'm', 'e', 's', 'h', '.', 'n', 'e', 't', '\0', + /* "seattleprivacy.org", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'o', 'r', 'g', '\0', + /* "seattlewalkinbathtubs.com", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'w', 'a', 'l', 'k', 'i', 'n', 'b', 'a', 't', 'h', 't', 'u', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "seb-mgl.de", true */ 's', 'e', 'b', '-', 'm', 'g', 'l', '.', 'd', 'e', '\0', + /* "sebascelis.com", true */ 's', 'e', 'b', 'a', 's', 'c', 'e', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "sebastiaandouma.com", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'a', 'n', 'd', 'o', 'u', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "sebastian-janich.de", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 'j', 'a', 'n', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "sebastian-kraus.me", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 'k', 'r', 'a', 'u', 's', '.', 'm', 'e', '\0', + /* "sebastian-lutsch.de", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 'l', 'u', 't', 's', 'c', 'h', '.', 'd', 'e', '\0', + /* "sebastian-schmidt.me", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 'm', 'e', '\0', + /* "sebastian.expert", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '.', 'e', 'x', 'p', 'e', 'r', 't', '\0', + /* "sebastianblade.com", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', 'b', 'l', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "sebastianboegl.de", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', 'b', 'o', 'e', 'g', 'l', '.', 'd', 'e', '\0', + /* "sebastiaperis.com", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'p', 'e', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "sebi.cf", true */ 's', 'e', 'b', 'i', '.', 'c', 'f', '\0', + /* "sebi.org", true */ 's', 'e', 'b', 'i', '.', 'o', 'r', 'g', '\0', + /* "sec-mails.de", true */ 's', 'e', 'c', '-', 'm', 'a', 'i', 'l', 's', '.', 'd', 'e', '\0', + /* "sec-research.com", true */ 's', 'e', 'c', '-', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "sec-wiki.com", true */ 's', 'e', 'c', '-', 'w', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "sec.ec", true */ 's', 'e', 'c', '.', 'e', 'c', '\0', + /* "sec.gd", true */ 's', 'e', 'c', '.', 'g', 'd', '\0', + /* "sec3ure.co.uk", true */ 's', 'e', 'c', '3', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "secanje.nl", true */ 's', 'e', 'c', 'a', 'n', 'j', 'e', '.', 'n', 'l', '\0', + /* "secboom.com", true */ 's', 'e', 'c', 'b', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "seccom.ch", true */ 's', 'e', 'c', 'c', 'o', 'm', '.', 'c', 'h', '\0', + /* "seccomp.ru", true */ 's', 'e', 'c', 'c', 'o', 'm', 'p', '.', 'r', 'u', '\0', + /* "secctexasgiving.org", false */ 's', 'e', 'c', 'c', 't', 'e', 'x', 'a', 's', 'g', 'i', 'v', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "secgui.de", true */ 's', 'e', 'c', 'g', 'u', 'i', '.', 'd', 'e', '\0', + /* "sech.me", true */ 's', 'e', 'c', 'h', '.', 'm', 'e', '\0', + /* "secitem.at", true */ 's', 'e', 'c', 'i', 't', 'e', 'm', '.', 'a', 't', '\0', + /* "secitem.eu", true */ 's', 'e', 'c', 'i', 't', 'e', 'm', '.', 'e', 'u', '\0', + /* "secnews.gr", true */ 's', 'e', 'c', 'n', 'e', 'w', 's', '.', 'g', 'r', '\0', + /* "secomo.org", true */ 's', 'e', 'c', 'o', 'm', 'o', '.', 'o', 'r', 'g', '\0', + /* "seconfig.sytes.net", true */ 's', 'e', 'c', 'o', 'n', 'f', 'i', 'g', '.', 's', 'y', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "secpatrol.de", true */ 's', 'e', 'c', 'p', 'a', 't', 'r', 'o', 'l', '.', 'd', 'e', '\0', + /* "secretar.is", true */ 's', 'e', 'c', 'r', 'e', 't', 'a', 'r', '.', 'i', 's', '\0', + /* "secretofanah.com", true */ 's', 'e', 'c', 'r', 'e', 't', 'o', 'f', 'a', 'n', 'a', 'h', '.', 'c', 'o', 'm', '\0', + /* "secretpanties.com", true */ 's', 'e', 'c', 'r', 'e', 't', 'p', 'a', 'n', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "secretsanta.fr", true */ 's', 'e', 'c', 'r', 'e', 't', 's', 'a', 'n', 't', 'a', '.', 'f', 'r', '\0', + /* "secretserveronline.com", true */ 's', 'e', 'c', 'r', 'e', 't', 's', 'e', 'r', 'v', 'e', 'r', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "secretum.tech", true */ 's', 'e', 'c', 'r', 'e', 't', 'u', 'm', '.', 't', 'e', 'c', 'h', '\0', + /* "sectelligence.nl", true */ 's', 'e', 'c', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '.', 'n', 'l', '\0', + /* "sectio-aurea.org", true */ 's', 'e', 'c', 't', 'i', 'o', '-', 'a', 'u', 'r', 'e', 'a', '.', 'o', 'r', 'g', '\0', + /* "section-31.org", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', '-', '3', '1', '.', 'o', 'r', 'g', '\0', + /* "section.io", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', '.', 'i', 'o', '\0', + /* "section508.gov", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', '5', '0', '8', '.', 'g', 'o', 'v', '\0', + /* "sectionw2s.org", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', 'w', '2', 's', '.', 'o', 'r', 'g', '\0', + /* "sector5.xyz", true */ 's', 'e', 'c', 't', 'o', 'r', '5', '.', 'x', 'y', 'z', '\0', + /* "secumail.nl", true */ 's', 'e', 'c', 'u', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0', + /* "secundity.nl", true */ 's', 'e', 'c', 'u', 'n', 'd', 'i', 't', 'y', '.', 'n', 'l', '\0', + /* "securai.de", true */ 's', 'e', 'c', 'u', 'r', 'a', 'i', '.', 'd', 'e', '\0', + /* "secure-graphic.de", true */ 's', 'e', 'c', 'u', 'r', 'e', '-', 'g', 'r', 'a', 'p', 'h', 'i', 'c', '.', 'd', 'e', '\0', + /* "secure-gw.de", true */ 's', 'e', 'c', 'u', 'r', 'e', '-', 'g', 'w', '.', 'd', 'e', '\0', + /* "secure-server-hosting.com", true */ 's', 'e', 'c', 'u', 'r', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "secure.advancepayroll.com.au", true */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'p', 'a', 'y', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "secure.chat", true */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'h', 'a', 't', '\0', + /* "secure.co.hu", true */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', '.', 'h', 'u', '\0', + /* "secure.facebook.com", false */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "securedrop.org", true */ 's', 'e', 'c', 'u', 'r', 'e', 'd', 'r', 'o', 'p', '.', 'o', 'r', 'g', '\0', + /* "secureesolutions.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "secureheaders.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 'h', 'e', 'a', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "secureideas.com", false */ 's', 'e', 'c', 'u', 'r', 'e', 'i', 'd', 'e', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "securejabber.me", true */ 's', 'e', 'c', 'u', 'r', 'e', 'j', 'a', 'b', 'b', 'e', 'r', '.', 'm', 'e', '\0', + /* "securelect-inspection.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 'l', 'e', 'c', 't', '-', 'i', 'n', 's', 'p', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "secureonline.co", true */ 's', 'e', 'c', 'u', 'r', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '\0', + /* "securethe.news", true */ 's', 'e', 'c', 'u', 'r', 'e', 't', 'h', 'e', '.', 'n', 'e', 'w', 's', '\0', + /* "securetheorem.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 't', 'h', 'e', 'o', 'r', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "securetronic.ch", true */ 's', 'e', 'c', 'u', 'r', 'e', 't', 'r', 'o', 'n', 'i', 'c', '.', 'c', 'h', '\0', + /* "securi-tay.co.uk", true */ 's', 'e', 'c', 'u', 'r', 'i', '-', 't', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "securify.nl", true */ 's', 'e', 'c', 'u', 'r', 'i', 'f', 'y', '.', 'n', 'l', '\0', + /* "securiscan.io", true */ 's', 'e', 'c', 'u', 'r', 'i', 's', 'c', 'a', 'n', '.', 'i', 'o', '\0', + /* "security-24-7.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '-', '2', '4', '-', '7', '.', 'c', 'o', 'm', '\0', + /* "security-brokers.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '-', 'b', 'r', 'o', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "security.gives", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'g', 'i', 'v', 'e', 's', '\0', + /* "security.google.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "security.love", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'l', 'o', 'v', 'e', '\0', + /* "security201.co.uk", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '2', '0', '1', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "security201.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '2', '0', '1', '.', 'c', 'o', 'm', '\0', + /* "securitybrief.asia", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'a', 's', 'i', 'a', '\0', + /* "securitybrief.co.nz", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "securitybrief.com.au", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "securitybrief.eu", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'e', 'u', '\0', + /* "securityfest.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'f', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "securityheaders.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'h', 'e', 'a', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "securityheaders.io", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'h', 'e', 'a', 'd', 'e', 'r', 's', '.', 'i', 'o', '\0', + /* "securityinet.com", false */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'i', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "securitykey.co", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'k', 'e', 'y', '.', 'c', 'o', '\0', + /* "securitymap.wiki", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'm', 'a', 'p', '.', 'w', 'i', 'k', 'i', '\0', + /* "securitypluspro.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'p', 'l', 'u', 's', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "securityprimes.in", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'p', 'r', 'i', 'm', 'e', 's', '.', 'i', 'n', '\0', + /* "securitysnobs.com", false */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 's', 'n', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "securitystrata.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 's', 't', 'r', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "securitystreak.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 's', 't', 'r', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "securitytalk.pl", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 't', 'a', 'l', 'k', '.', 'p', 'l', '\0', + /* "securitywatch.co.nz", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "securitywithnick.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'w', 'i', 't', 'h', 'n', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "securitywithoutborders.org", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'w', 'i', 't', 'h', 'o', 'u', 't', 'b', 'o', 'r', 'd', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "securocloud.com", true */ 's', 'e', 'c', 'u', 'r', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "secutrans.com", true */ 's', 'e', 'c', 'u', 't', 'r', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "secuvera.de", true */ 's', 'e', 'c', 'u', 'v', 'e', 'r', 'a', '.', 'd', 'e', '\0', + /* "secwall.me", true */ 's', 'e', 'c', 'w', 'a', 'l', 'l', '.', 'm', 'e', '\0', + /* "secwise.nl", true */ 's', 'e', 'c', 'w', 'i', 's', 'e', '.', 'n', 'l', '\0', + /* "sedeusquiser.net", true */ 's', 'e', 'd', 'e', 'u', 's', 'q', 'u', 'i', 's', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "sedussa.ro", true */ 's', 'e', 'd', 'u', 's', 's', 'a', '.', 'r', 'o', '\0', + /* "seeclop.ch", true */ 's', 'e', 'e', 'c', 'l', 'o', 'p', '.', 'c', 'h', '\0', + /* "seedalpha.com", true */ 's', 'e', 'e', 'd', 'a', 'l', 'p', 'h', 'a', '.', 'c', 'o', 'm', '\0', + /* "seedbox.fr", true */ 's', 'e', 'e', 'd', 'b', 'o', 'x', '.', 'f', 'r', '\0', + /* "seedsofangelica.net", true */ 's', 'e', 'e', 'd', 's', 'o', 'f', 'a', 'n', 'g', 'e', 'l', 'i', 'c', 'a', '.', 'n', 'e', 't', '\0', + /* "seekers.ch", true */ 's', 'e', 'e', 'k', 'e', 'r', 's', '.', 'c', 'h', '\0', + /* "seeks.ru", true */ 's', 'e', 'e', 'k', 's', '.', 'r', 'u', '\0', + /* "seekthe.net", true */ 's', 'e', 'e', 'k', 't', 'h', 'e', '.', 'n', 'e', 't', '\0', + /* "seemeagain.com", true */ 's', 'e', 'e', 'm', 'e', 'a', 'g', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "seemeasaperson.com", true */ 's', 'e', 'e', 'm', 'e', 'a', 's', 'a', 'p', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "seesuite.com", true */ 's', 'e', 'e', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "seewhatididhere.com", true */ 's', 'e', 'e', 'w', 'h', 'a', 't', 'i', 'd', 'i', 'd', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "seeworkdone.com", true */ 's', 'e', 'e', 'w', 'o', 'r', 'k', 'd', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "sefru.de", true */ 's', 'e', 'f', 'r', 'u', '.', 'd', 'e', '\0', + /* "seg-leipzig.org", true */ 's', 'e', 'g', '-', 'l', 'e', 'i', 'p', 'z', 'i', 'g', '.', 'o', 'r', 'g', '\0', + /* "segitz.de", true */ 's', 'e', 'g', 'i', 't', 'z', '.', 'd', 'e', '\0', + /* "segmetic.com", true */ 's', 'e', 'g', 'm', 'e', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "segulink.com", true */ 's', 'e', 'g', 'u', 'l', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "segurosbalboa.com.ec", false */ 's', 'e', 'g', 'u', 'r', 'o', 's', 'b', 'a', 'l', 'b', 'o', 'a', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0', + /* "segurosocial.gov", true */ 's', 'e', 'g', 'u', 'r', 'o', 's', 'o', 'c', 'i', 'a', 'l', '.', 'g', 'o', 'v', '\0', + /* "seguroviagem.srv.br", true */ 's', 'e', 'g', 'u', 'r', 'o', 'v', 'i', 'a', 'g', 'e', 'm', '.', 's', 'r', 'v', '.', 'b', 'r', '\0', + /* "sehnenweh.org", true */ 's', 'e', 'h', 'n', 'e', 'n', 'w', 'e', 'h', '.', 'o', 'r', 'g', '\0', + /* "seida.at", true */ 's', 'e', 'i', 'd', 'a', '.', 'a', 't', '\0', + /* "seifried.org", true */ 's', 'e', 'i', 'f', 'r', 'i', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "seikatu-navi.com", true */ 's', 'e', 'i', 'k', 'a', 't', 'u', '-', 'n', 'a', 'v', 'i', '.', 'c', 'o', 'm', '\0', + /* "seinfeldquote.com", true */ 's', 'e', 'i', 'n', 'f', 'e', 'l', 'd', 'q', 'u', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "seiryokuzai-ch.com", true */ 's', 'e', 'i', 'r', 'y', 'o', 'k', 'u', 'z', 'a', 'i', '-', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "seitai-taiyou.com", true */ 's', 'e', 'i', 't', 'a', 'i', '-', 't', 'a', 'i', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "seitenwaelzer.de", true */ 's', 'e', 'i', 't', 'e', 'n', 'w', 'a', 'e', 'l', 'z', 'e', 'r', '.', 'd', 'e', '\0', + /* "sekisonn.com", true */ 's', 'e', 'k', 'i', 's', 'o', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "selbys.net.au", true */ 's', 'e', 'l', 'b', 'y', 's', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "selco-himejiminami.com", true */ 's', 'e', 'l', 'c', 'o', '-', 'h', 'i', 'm', 'e', 'j', 'i', 'm', 'i', 'n', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "selected-properties.com", true */ 's', 'e', 'l', 'e', 'c', 't', 'e', 'd', '-', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "selectel.com", true */ 's', 'e', 'l', 'e', 'c', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "selectel.ru", true */ 's', 'e', 'l', 'e', 'c', 't', 'e', 'l', '.', 'r', 'u', '\0', + /* "selectorders.com", true */ 's', 'e', 'l', 'e', 'c', 't', 'o', 'r', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "selegiline.com", true */ 's', 'e', 'l', 'e', 'g', 'i', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "selent.me", true */ 's', 'e', 'l', 'e', 'n', 't', '.', 'm', 'e', '\0', + /* "self-evident.org", true */ 's', 'e', 'l', 'f', '-', 'e', 'v', 'i', 'd', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "self-signed.com", true */ 's', 'e', 'l', 'f', '-', 's', 'i', 'g', 'n', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "self.nu", true */ 's', 'e', 'l', 'f', '.', 'n', 'u', '\0', + /* "selfassess.govt.nz", true */ 's', 'e', 'l', 'f', 'a', 's', 's', 'e', 's', 's', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0', + /* "selfdestruct.net", true */ 's', 'e', 'l', 'f', 'd', 'e', 's', 't', 'r', 'u', 'c', 't', '.', 'n', 'e', 't', '\0', + /* "selfhosters.com", true */ 's', 'e', 'l', 'f', 'h', 'o', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "selfici.com", true */ 's', 'e', 'l', 'f', 'i', 'c', 'i', '.', 'c', 'o', 'm', '\0', + /* "selfici.cz", true */ 's', 'e', 'l', 'f', 'i', 'c', 'i', '.', 'c', 'z', '\0', + /* "selfishness.com", true */ 's', 'e', 'l', 'f', 'i', 's', 'h', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "selfloath.in", true */ 's', 'e', 'l', 'f', 'l', 'o', 'a', 't', 'h', '.', 'i', 'n', '\0', + /* "selfmade4u.de", true */ 's', 'e', 'l', 'f', 'm', 'a', 'd', 'e', '4', 'u', '.', 'd', 'e', '\0', + /* "selkiemckatrick.com", true */ 's', 'e', 'l', 'k', 'i', 'e', 'm', 'c', 'k', 'a', 't', 'r', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "sellajoch.com", true */ 's', 'e', 'l', 'l', 'a', 'j', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "sellguard.pl", true */ 's', 'e', 'l', 'l', 'g', 'u', 'a', 'r', 'd', '.', 'p', 'l', '\0', + /* "sellme.biz", true */ 's', 'e', 'l', 'l', 'm', 'e', '.', 'b', 'i', 'z', '\0', + /* "seltendoof.de", true */ 's', 'e', 'l', 't', 'e', 'n', 'd', 'o', 'o', 'f', '.', 'd', 'e', '\0', + /* "semacode.com", true */ 's', 'e', 'm', 'a', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "semaflex.it", true */ 's', 'e', 'm', 'a', 'f', 'l', 'e', 'x', '.', 'i', 't', '\0', + /* "semaphore-studios.com", true */ 's', 'e', 'm', 'a', 'p', 'h', 'o', 'r', 'e', '-', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "sementes.gratis", true */ 's', 'e', 'm', 'e', 'n', 't', 'e', 's', '.', 'g', 'r', 'a', 't', 'i', 's', '\0', + /* "semianalog.com", true */ 's', 'e', 'm', 'i', 'a', 'n', 'a', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "seminariruum.ee", true */ 's', 'e', 'm', 'i', 'n', 'a', 'r', 'i', 'r', 'u', 'u', 'm', '.', 'e', 'e', '\0', + /* "semiocast.com", true */ 's', 'e', 'm', 'i', 'o', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "semjonov.de", true */ 's', 'e', 'm', 'j', 'o', 'n', 'o', 'v', '.', 'd', 'e', '\0', + /* "semmlers.com", true */ 's', 'e', 'm', 'm', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "semox.de", true */ 's', 'e', 'm', 'o', 'x', '.', 'd', 'e', '\0', + /* "semps-2fa.de", true */ 's', 'e', 'm', 'p', 's', '-', '2', 'f', 'a', '.', 'd', 'e', '\0', + /* "semps-threema.de", true */ 's', 'e', 'm', 'p', 's', '-', 't', 'h', 'r', 'e', 'e', 'm', 'a', '.', 'd', 'e', '\0', + /* "semyonov.su", true */ 's', 'e', 'm', 'y', 'o', 'n', 'o', 'v', '.', 's', 'u', '\0', + /* "semyonov.us", true */ 's', 'e', 'm', 'y', 'o', 'n', 'o', 'v', '.', 'u', 's', '\0', + /* "senarius.de", true */ 's', 'e', 'n', 'a', 'r', 'i', 'u', 's', '.', 'd', 'e', '\0', + /* "sendai-sisters.com", true */ 's', 'e', 'n', 'd', 'a', 'i', '-', 's', 'i', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "sendc.at", true */ 's', 'e', 'n', 'd', 'c', '.', 'a', 't', '\0', + /* "sendcat.com", true */ 's', 'e', 'n', 'd', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "sendinvoice.nl", true */ 's', 'e', 'n', 'd', 'i', 'n', 'v', 'o', 'i', 'c', 'e', '.', 'n', 'l', '\0', + /* "sendonce.io", true */ 's', 'e', 'n', 'd', 'o', 'n', 'c', 'e', '.', 'i', 'o', '\0', + /* "sendthisfile.com", true */ 's', 'e', 'n', 'd', 't', 'h', 'i', 's', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "sendway.com", true */ 's', 'e', 'n', 'd', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "sendya.me", true */ 's', 'e', 'n', 'd', 'y', 'a', '.', 'm', 'e', '\0', + /* "sengokulife.com", true */ 's', 'e', 'n', 'g', 'o', 'k', 'u', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "seniors.singles", true */ 's', 'e', 'n', 'i', 'o', 'r', 's', '.', 's', 'i', 'n', 'g', 'l', 'e', 's', '\0', + /* "senmendai-reform.com", true */ 's', 'e', 'n', 'm', 'e', 'n', 'd', 'a', 'i', '-', 'r', 'e', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "senmonsyoku.top", true */ 's', 'e', 'n', 'm', 'o', 'n', 's', 'y', 'o', 'k', 'u', '.', 't', 'o', 'p', '\0', + /* "senorcontento.com", true */ 's', 'e', 'n', 'o', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "sensebridge.com", true */ 's', 'e', 'n', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "sensebridge.net", true */ 's', 'e', 'n', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0', + /* "sensepixel.com", true */ 's', 'e', 'n', 's', 'e', 'p', 'i', 'x', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "senshudo.tv", true */ 's', 'e', 'n', 's', 'h', 'u', 'd', 'o', '.', 't', 'v', '\0', + /* "sensualism.com", true */ 's', 'e', 'n', 's', 'u', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "sentinel.gov", true */ 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', '.', 'g', 'o', 'v', '\0', + /* "sentinelproject.io", true */ 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0', + /* "sentry.io", true */ 's', 'e', 'n', 't', 'r', 'y', '.', 'i', 'o', '\0', + /* "senzaparole.de", true */ 's', 'e', 'n', 'z', 'a', 'p', 'a', 'r', 'o', 'l', 'e', '.', 'd', 'e', '\0', + /* "seo-analyse.com", true */ 's', 'e', 'o', '-', 'a', 'n', 'a', 'l', 'y', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "seo-linz.at", true */ 's', 'e', 'o', '-', 'l', 'i', 'n', 'z', '.', 'a', 't', '\0', + /* "seo-nerd.de", true */ 's', 'e', 'o', '-', 'n', 'e', 'r', 'd', '.', 'd', 'e', '\0', + /* "seo-portal.de", true */ 's', 'e', 'o', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0', + /* "seo.consulting", true */ 's', 'e', 'o', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0', + /* "seo.london", true */ 's', 'e', 'o', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0', + /* "seo.tl", true */ 's', 'e', 'o', '.', 't', 'l', '\0', + /* "seoagentur2go.de", true */ 's', 'e', 'o', 'a', 'g', 'e', 'n', 't', 'u', 'r', '2', 'g', 'o', '.', 'd', 'e', '\0', + /* "seoarchive.org", true */ 's', 'e', 'o', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "seocomposer.com", true */ 's', 'e', 'o', 'c', 'o', 'm', 'p', 'o', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "seogeek.nl", true */ 's', 'e', 'o', 'g', 'e', 'e', 'k', '.', 'n', 'l', '\0', + /* "seohochschule.de", true */ 's', 'e', 'o', 'h', 'o', 'c', 'h', 's', 'c', 'h', 'u', 'l', 'e', '.', 'd', 'e', '\0', + /* "seoinc.com", true */ 's', 'e', 'o', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "seoium.com", true */ 's', 'e', 'o', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "seokay.com", true */ 's', 'e', 'o', 'k', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "seolib.org", true */ 's', 'e', 'o', 'l', 'i', 'b', '.', 'o', 'r', 'g', '\0', + /* "seomen.biz", true */ 's', 'e', 'o', 'm', 'e', 'n', '.', 'b', 'i', 'z', '\0', + /* "seon.me", true */ 's', 'e', 'o', 'n', '.', 'm', 'e', '\0', + /* "seoprovider.nl", true */ 's', 'e', 'o', 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', '.', 'n', 'l', '\0', + /* "seoquake.com", true */ 's', 'e', 'o', 'q', 'u', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "seosof.com", true */ 's', 'e', 'o', 's', 'o', 'f', '.', 'c', 'o', 'm', '\0', + /* "seoul.dating", true */ 's', 'e', 'o', 'u', 'l', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "seouniversity.org", true */ 's', 'e', 'o', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "sepalandseed.com", true */ 's', 'e', 'p', 'a', 'l', 'a', 'n', 'd', 's', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "sephr.com", true */ 's', 'e', 'p', 'h', 'r', '.', 'c', 'o', 'm', '\0', + /* "sepie.gob.es", true */ 's', 'e', 'p', 'i', 'e', '.', 'g', 'o', 'b', '.', 'e', 's', '\0', + /* "seppelec.com", true */ 's', 'e', 'p', 'p', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "seproco.com", true */ 's', 'e', 'p', 'r', 'o', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "septakkordeon.de", true */ 's', 'e', 'p', 't', 'a', 'k', 'k', 'o', 'r', 'd', 'e', 'o', 'n', '.', 'd', 'e', '\0', + /* "septfinance.ch", true */ 's', 'e', 'p', 't', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0', + /* "septillion.cn", true */ 's', 'e', 'p', 't', 'i', 'l', 'l', 'i', 'o', 'n', '.', 'c', 'n', '\0', + /* "septs.pw", true */ 's', 'e', 'p', 't', 's', '.', 'p', 'w', '\0', + /* "sequencing.com", true */ 's', 'e', 'q', 'u', 'e', 'n', 'c', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "sequiturs.com", true */ 's', 'e', 'q', 'u', 'i', 't', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "sera.jp", true */ 's', 'e', 'r', 'a', '.', 'j', 'p', '\0', + /* "serafin.tech", true */ 's', 'e', 'r', 'a', 'f', 'i', 'n', '.', 't', 'e', 'c', 'h', '\0', + /* "seraph.tokyo", true */ 's', 'e', 'r', 'a', 'p', 'h', '.', 't', 'o', 'k', 'y', 'o', '\0', + /* "serbanpaun.ro", true */ 's', 'e', 'r', 'b', 'a', 'n', 'p', 'a', 'u', 'n', '.', 'r', 'o', '\0', + /* "sereema.com", true */ 's', 'e', 'r', 'e', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "serenaden.at", true */ 's', 'e', 'r', 'e', 'n', 'a', 'd', 'e', 'n', '.', 'a', 't', '\0', + /* "serf.io", true */ 's', 'e', 'r', 'f', '.', 'i', 'o', '\0', + /* "sergefonville.nl", true */ 's', 'e', 'r', 'g', 'e', 'f', 'o', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'n', 'l', '\0', + /* "sergeyreznikov.com", true */ 's', 'e', 'r', 'g', 'e', 'y', 'r', 'e', 'z', 'n', 'i', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "sergije-stanic.me", true */ 's', 'e', 'r', 'g', 'i', 'j', 'e', '-', 's', 't', 'a', 'n', 'i', 'c', '.', 'm', 'e', '\0', + /* "sergiosantoro.it", true */ 's', 'e', 'r', 'g', 'i', 'o', 's', 'a', 'n', 't', 'o', 'r', 'o', '.', 'i', 't', '\0', + /* "sergos.de", true */ 's', 'e', 'r', 'g', 'o', 's', '.', 'd', 'e', '\0', + /* "serienstream.to", true */ 's', 'e', 'r', 'i', 'e', 'n', 's', 't', 'r', 'e', 'a', 'm', '.', 't', 'o', '\0', + /* "serigraphs.co.uk", true */ 's', 'e', 'r', 'i', 'g', 'r', 'a', 'p', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "seriousclimbing.com", true */ 's', 'e', 'r', 'i', 'o', 'u', 's', 'c', 'l', 'i', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "sernate.com", true */ 's', 'e', 'r', 'n', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "serpenteq.com", true */ 's', 'e', 'r', 'p', 'e', 'n', 't', 'e', 'q', '.', 'c', 'o', 'm', '\0', + /* "serrano-chris.ch", true */ 's', 'e', 'r', 'r', 'a', 'n', 'o', '-', 'c', 'h', 'r', 'i', 's', '.', 'c', 'h', '\0', + /* "servdiscount.com", true */ 's', 'e', 'r', 'v', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "serve-a.com.au", true */ 's', 'e', 'r', 'v', 'e', '-', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "servea.com.au", true */ 's', 'e', 'r', 'v', 'e', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "serveatechnologies.com", true */ 's', 'e', 'r', 'v', 'e', 'a', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "servecrypt.net", true */ 's', 'e', 'r', 'v', 'e', 'c', 'r', 'y', 'p', 't', '.', 'n', 'e', 't', '\0', + /* "servecrypt.ru", true */ 's', 'e', 'r', 'v', 'e', 'c', 'r', 'y', 'p', 't', '.', 'r', 'u', '\0', + /* "servemnaction.org", true */ 's', 'e', 'r', 'v', 'e', 'm', 'n', 'a', 'c', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "servepublic.com", true */ 's', 'e', 'r', 'v', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "servepublic.org", true */ 's', 'e', 'r', 'v', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "server-bg.net", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'b', 'g', '.', 'n', 'e', 't', '\0', + /* "server-daten.de", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'd', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "server-datenrettung.de", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'd', 'a', 't', 'e', 'n', 'r', 'e', 't', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "server-eye.de", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'e', 'y', 'e', '.', 'd', 'e', '\0', + /* "server.pk", true */ 's', 'e', 'r', 'v', 'e', 'r', '.', 'p', 'k', '\0', + /* "serveradminz.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 'a', 'd', 'm', 'i', 'n', 'z', '.', 'c', 'o', 'm', '\0', + /* "serverco.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "serverd.de", true */ 's', 'e', 'r', 'v', 'e', 'r', 'd', '.', 'd', 'e', '\0', + /* "serverfrog.de", true */ 's', 'e', 'r', 'v', 'e', 'r', 'f', 'r', 'o', 'g', '.', 'd', 'e', '\0', + /* "serverlog.net", true */ 's', 'e', 'r', 'v', 'e', 'r', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0', + /* "serveroffline.net", false */ 's', 'e', 'r', 'v', 'e', 'r', 'o', 'f', 'f', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "servers4all.co.uk", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', '4', 'a', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "serversftw.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', 'f', 't', 'w', '.', 'c', 'o', 'm', '\0', + /* "serverstuff.info", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', 't', 'u', 'f', 'f', '.', 'i', 'n', 'f', 'o', '\0', + /* "serversuit.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "servertastic.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 't', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "servethecity-karlsruhe.de", true */ 's', 'e', 'r', 'v', 'e', 't', 'h', 'e', 'c', 'i', 't', 'y', '-', 'k', 'a', 'r', 'l', 's', 'r', 'u', 'h', 'e', '.', 'd', 'e', '\0', + /* "servgate.jp", true */ 's', 'e', 'r', 'v', 'g', 'a', 't', 'e', '.', 'j', 'p', '\0', + /* "service.gov.uk", true */ 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0', + /* "serviceboss.de", true */ 's', 'e', 'r', 'v', 'i', 'c', 'e', 'b', 'o', 's', 's', '.', 'd', 'e', '\0', + /* "serviettenhaus.de", true */ 's', 'e', 'r', 'v', 'i', 'e', 't', 't', 'e', 'n', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0', + /* "servingbaby.com", true */ 's', 'e', 'r', 'v', 'i', 'n', 'g', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "servious.org", true */ 's', 'e', 'r', 'v', 'i', 'o', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "servpanel.de", false */ 's', 'e', 'r', 'v', 'p', 'a', 'n', 'e', 'l', '.', 'd', 'e', '\0', + /* "serw.org", true */ 's', 'e', 'r', 'w', '.', 'o', 'r', 'g', '\0', + /* "seryox.com", true */ 's', 'e', 'r', 'y', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "sesslerimmo.ch", true */ 's', 'e', 's', 's', 'l', 'e', 'r', 'i', 'm', 'm', 'o', '.', 'c', 'h', '\0', + /* "setfix.de", true */ 's', 'e', 't', 'f', 'i', 'x', '.', 'd', 'e', '\0', + /* "sethcaplan.com", true */ 's', 'e', 't', 'h', 'c', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "sethvargo.com", true */ 's', 'e', 't', 'h', 'v', 'a', 'r', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "seti-germany.de", true */ 's', 'e', 't', 'i', '-', 'g', 'e', 'r', 'm', 'a', 'n', 'y', '.', 'd', 'e', '\0', + /* "setkit.net", true */ 's', 'e', 't', 'k', 'i', 't', '.', 'n', 'e', 't', '\0', + /* "settberg.de", true */ 's', 'e', 't', 't', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0', + /* "setterirlandes.com.br", true */ 's', 'e', 't', 't', 'e', 'r', 'i', 'r', 'l', 'a', 'n', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "settleapp.co", true */ 's', 'e', 't', 't', 'l', 'e', 'a', 'p', 'p', '.', 'c', 'o', '\0', + /* "setuid0.kr", true */ 's', 'e', 't', 'u', 'i', 'd', '0', '.', 'k', 'r', '\0', + /* "setyoursite.nl", true */ 's', 'e', 't', 'y', 'o', 'u', 'r', 's', 'i', 't', 'e', '.', 'n', 'l', '\0', + /* "seven-purple.com", true */ 's', 'e', 'v', 'e', 'n', '-', 'p', 'u', 'r', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "sevencooks.com", true */ 's', 'e', 'v', 'e', 'n', 'c', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "sevenet.pl", true */ 's', 'e', 'v', 'e', 'n', 'e', 't', '.', 'p', 'l', '\0', + /* "sevenhillsapartments.com.au", true */ 's', 'e', 'v', 'e', 'n', 'h', 'i', 'l', 'l', 's', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "sevenmatches.com", true */ 's', 'e', 'v', 'e', 'n', 'm', 'a', 't', 'c', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "severine-trousselard.com", true */ 's', 'e', 'v', 'e', 'r', 'i', 'n', 'e', '-', 't', 'r', 'o', 'u', 's', 's', 'e', 'l', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "severntrentinsuranceportal.com", true */ 's', 'e', 'v', 'e', 'r', 'n', 't', 'r', 'e', 'n', 't', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "sevinci.ch", true */ 's', 'e', 'v', 'i', 'n', 'c', 'i', '.', 'c', 'h', '\0', + /* "sevsey.ru", true */ 's', 'e', 'v', 's', 'e', 'y', '.', 'r', 'u', '\0', + /* "sevsopr.ru", true */ 's', 'e', 'v', 's', 'o', 'p', 'r', '.', 'r', 'u', '\0', + /* "sewafineseam.com", true */ 's', 'e', 'w', 'a', 'f', 'i', 'n', 'e', 's', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "sewinginsight.com", true */ 's', 'e', 'w', 'i', 'n', 'g', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "sewoo.co.uk", true */ 's', 'e', 'w', 'o', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sex-education.com", true */ 's', 'e', 'x', '-', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "sexaki.com", true */ 's', 'e', 'x', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "sexgarage.de", true */ 's', 'e', 'x', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'd', 'e', '\0', + /* "sexmobil.de", true */ 's', 'e', 'x', 'm', 'o', 'b', 'i', 'l', '.', 'd', 'e', '\0', + /* "sexocomgravidas.com", true */ 's', 'e', 'x', 'o', 'c', 'o', 'm', 'g', 'r', 'a', 'v', 'i', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "sexpay.net", true */ 's', 'e', 'x', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "sexservice.io", true */ 's', 'e', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'i', 'o', '\0', + /* "sexshopfacil.com.br", true */ 's', 'e', 'x', 's', 'h', 'o', 'p', 'f', 'a', 'c', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sexshopnet.com.br", true */ 's', 'e', 'x', 's', 'h', 'o', 'p', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sexshopsgay.com", true */ 's', 'e', 'x', 's', 'h', 'o', 'p', 's', 'g', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "sexwork.net", true */ 's', 'e', 'x', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "sexy-store.nl", true */ 's', 'e', 'x', 'y', '-', 's', 't', 'o', 'r', 'e', '.', 'n', 'l', '\0', + /* "seyfarth.de", true */ 's', 'e', 'y', 'f', 'a', 'r', 't', 'h', '.', 'd', 'e', '\0', + /* "seyr.it", true */ 's', 'e', 'y', 'r', '.', 'i', 't', '\0', + /* "seyr.me", true */ 's', 'e', 'y', 'r', '.', 'm', 'e', '\0', + /* "sfaturiit.ro", true */ 's', 'f', 'a', 't', 'u', 'r', 'i', 'i', 't', '.', 'r', 'o', '\0', + /* "sfdev.ovh", true */ 's', 'f', 'd', 'e', 'v', '.', 'o', 'v', 'h', '\0', + /* "sfg-nordholz.de", true */ 's', 'f', 'g', '-', 'n', 'o', 'r', 'd', 'h', 'o', 'l', 'z', '.', 'd', 'e', '\0', + /* "sfile.eu", true */ 's', 'f', 'i', 'l', 'e', '.', 'e', 'u', '\0', + /* "sfirat-haomer.com", true */ 's', 'f', 'i', 'r', 'a', 't', '-', 'h', 'a', 'o', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sfleisure.com", true */ 's', 'f', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "sfo-fog.ch", true */ 's', 'f', 'o', '-', 'f', 'o', 'g', '.', 'c', 'h', '\0', + /* "sft-framework.org", true */ 's', 'f', 't', '-', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0', + /* "sftool.gov", true */ 's', 'f', 't', 'o', 'o', 'l', '.', 'g', 'o', 'v', '\0', + /* "sg-elektro.de", true */ 's', 'g', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0', + /* "sg.search.yahoo.com", false */ 's', 'g', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "sgb.co", true */ 's', 'g', 'b', '.', 'c', 'o', '\0', + /* "sgroup-hitoduma.com", true */ 's', 'g', 'r', 'o', 'u', 'p', '-', 'h', 'i', 't', 'o', 'd', 'u', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "sgroup-rec.com", true */ 's', 'g', 'r', 'o', 'u', 'p', '-', 'r', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "sgtcodfish.com", true */ 's', 'g', 't', 'c', 'o', 'd', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "sgthotshot.com", true */ 's', 'g', 't', 'h', 'o', 't', 's', 'h', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "sgtsnookums.net", true */ 's', 'g', 't', 's', 'n', 'o', 'o', 'k', 'u', 'm', 's', '.', 'n', 'e', 't', '\0', + /* "sgtt.ch", true */ 's', 'g', 't', 't', '.', 'c', 'h', '\0', + /* "sh-heppelmann.de", true */ 's', 'h', '-', 'h', 'e', 'p', 'p', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "sh-network.de", false */ 's', 'h', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0', + /* "sh0rt.in", true */ 's', 'h', '0', 'r', 't', '.', 'i', 'n', '\0', + /* "sh4y.com", true */ 's', 'h', '4', 'y', '.', 'c', 'o', 'm', '\0', + /* "shaaaaaaaaaaaaa.com", true */ 's', 'h', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', '.', 'c', 'o', 'm', '\0', + /* "shad.waw.pl", true */ 's', 'h', 'a', 'd', '.', 'w', 'a', 'w', '.', 'p', 'l', '\0', + /* "shadesofgrayadr.com", true */ 's', 'h', 'a', 'd', 'e', 's', 'o', 'f', 'g', 'r', 'a', 'y', 'a', 'd', 'r', '.', 'c', 'o', 'm', '\0', + /* "shadesofgraylaw.com", true */ 's', 'h', 'a', 'd', 'e', 's', 'o', 'f', 'g', 'r', 'a', 'y', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "shadigee.org", true */ 's', 'h', 'a', 'd', 'i', 'g', 'e', 'e', '.', 'o', 'r', 'g', '\0', + /* "shadowict.net", true */ 's', 'h', 'a', 'd', 'o', 'w', 'i', 'c', 't', '.', 'n', 'e', 't', '\0', + /* "shadowict.tech", true */ 's', 'h', 'a', 'd', 'o', 'w', 'i', 'c', 't', '.', 't', 'e', 'c', 'h', '\0', + /* "shadowkitsune.net", true */ 's', 'h', 'a', 'd', 'o', 'w', 'k', 'i', 't', 's', 'u', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "shadowlurker.com.au", true */ 's', 'h', 'a', 'd', 'o', 'w', 'l', 'u', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "shadowsing.com", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "shadowsocks.com", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "shadowsocks.com.au", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "shadowsocks.com.hk", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0', + /* "shadowsocks.la", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'l', 'a', '\0', + /* "shadowsocks.software", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0', + /* "shadowsworldonline.co.uk", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'w', 'o', 'r', 'l', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "shag-shag.ru", true */ 's', 'h', 'a', 'g', '-', 's', 'h', 'a', 'g', '.', 'r', 'u', '\0', + /* "shaharyaranjum.com", true */ 's', 'h', 'a', 'h', 'a', 'r', 'y', 'a', 'r', 'a', 'n', 'j', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "shaicoleman.com", true */ 's', 'h', 'a', 'i', 'c', 'o', 'l', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "shaitan.eu", true */ 's', 'h', 'a', 'i', 't', 'a', 'n', '.', 'e', 'u', '\0', + /* "shakan.ch", true */ 's', 'h', 'a', 'k', 'a', 'n', '.', 'c', 'h', '\0', + /* "shaken-kyoto.jp", true */ 's', 'h', 'a', 'k', 'e', 'n', '-', 'k', 'y', 'o', 't', 'o', '.', 'j', 'p', '\0', + /* "shaken110.com", true */ 's', 'h', 'a', 'k', 'e', 'n', '1', '1', '0', '.', 'c', 'o', 'm', '\0', + /* "shakepeers.org", false */ 's', 'h', 'a', 'k', 'e', 'p', 'e', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "shakes4u.com", true */ 's', 'h', 'a', 'k', 'e', 's', '4', 'u', '.', 'c', 'o', 'm', '\0', + /* "shakespearesolutions.com.au", false */ 's', 'h', 'a', 'k', 'e', 's', 'p', 'e', 'a', 'r', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "shakespearevet.com", true */ 's', 'h', 'a', 'k', 'e', 's', 'p', 'e', 'a', 'r', 'e', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "shalott.org", true */ 's', 'h', 'a', 'l', 'o', 't', 't', '.', 'o', 'r', 'g', '\0', + /* "shamara.info", true */ 's', 'h', 'a', 'm', 'a', 'r', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "shamariki.ru", true */ 's', 'h', 'a', 'm', 'a', 'r', 'i', 'k', 'i', '.', 'r', 'u', '\0', + /* "shamka.ru", true */ 's', 'h', 'a', 'm', 'k', 'a', '.', 'r', 'u', '\0', + /* "shan.io", false */ 's', 'h', 'a', 'n', '.', 'i', 'o', '\0', + /* "shanae.nl", true */ 's', 'h', 'a', 'n', 'a', 'e', '.', 'n', 'l', '\0', + /* "shanetully.com", true */ 's', 'h', 'a', 'n', 'e', 't', 'u', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "shanewadleigh.com", true */ 's', 'h', 'a', 'n', 'e', 'w', 'a', 'd', 'l', 'e', 'i', 'g', 'h', '.', 'c', 'o', 'm', '\0', + /* "shannoneichorn.com", true */ 's', 'h', 'a', 'n', 'n', 'o', 'n', 'e', 'i', 'c', 'h', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "shansing.cn", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 'c', 'n', '\0', + /* "shansing.com", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "shansing.net", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "shansing.space", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "sharanyamunsi.net", true */ 's', 'h', 'a', 'r', 'a', 'n', 'y', 'a', 'm', 'u', 'n', 's', 'i', '.', 'n', 'e', 't', '\0', + /* "sharedhost.de", true */ 's', 'h', 'a', 'r', 'e', 'd', 'h', 'o', 's', 't', '.', 'd', 'e', '\0', + /* "shareeri.com", true */ 's', 'h', 'a', 'r', 'e', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "sharemessage.net", true */ 's', 'h', 'a', 'r', 'e', 'm', 'e', 's', 's', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0', + /* "shareoffice.ch", true */ 's', 'h', 'a', 'r', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'h', '\0', + /* "shareoine.com", true */ 's', 'h', 'a', 'r', 'e', 'o', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "sharepointdrive.com", true */ 's', 'h', 'a', 'r', 'e', 'p', 'o', 'i', 'n', 't', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "sharescope.co.uk", false */ 's', 'h', 'a', 'r', 'e', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "shareselecttools.com", true */ 's', 'h', 'a', 'r', 'e', 's', 'e', 'l', 'e', 'c', 't', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "sharesplitter.com", true */ 's', 'h', 'a', 'r', 'e', 's', 'p', 'l', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sharevari.com", true */ 's', 'h', 'a', 'r', 'e', 'v', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "shareworx.net", true */ 's', 'h', 'a', 'r', 'e', 'w', 'o', 'r', 'x', '.', 'n', 'e', 't', '\0', + /* "shariahlawcenter.com", true */ 's', 'h', 'a', 'r', 'i', 'a', 'h', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "shariahlawcenter.org", true */ 's', 'h', 'a', 'r', 'i', 'a', 'h', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "sharialawcenter.com", true */ 's', 'h', 'a', 'r', 'i', 'a', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sharialawcenter.org", true */ 's', 'h', 'a', 'r', 'i', 'a', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "sharperedge.pw", true */ 's', 'h', 'a', 'r', 'p', 'e', 'r', 'e', 'd', 'g', 'e', '.', 'p', 'w', '\0', + /* "sharperedgecomputers.com", true */ 's', 'h', 'a', 'r', 'p', 'e', 'r', 'e', 'd', 'g', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "sharu.me", true */ 's', 'h', 'a', 'r', 'u', '.', 'm', 'e', '\0', + /* "sharvey.ca", true */ 's', 'h', 'a', 'r', 'v', 'e', 'y', '.', 'c', 'a', '\0', + /* "shasso.com", true */ 's', 'h', 'a', 's', 's', 'o', '.', 'c', 'o', 'm', '\0', + /* "shatorin.com", true */ 's', 'h', 'a', 't', 'o', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "shaun.net", true */ 's', 'h', 'a', 'u', 'n', '.', 'n', 'e', 't', '\0', + /* "shaundanielz.com", true */ 's', 'h', 'a', 'u', 'n', 'd', 'a', 'n', 'i', 'e', 'l', 'z', '.', 'c', 'o', 'm', '\0', + /* "shaunharker.com", true */ 's', 'h', 'a', 'u', 'n', 'h', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "shav.it", true */ 's', 'h', 'a', 'v', '.', 'i', 't', '\0', + /* "shawcentral.ca", false */ 's', 'h', 'a', 'w', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'a', '\0', + /* "shawnhogan.com", true */ 's', 'h', 'a', 'w', 'n', 'h', 'o', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "shawnstarrcustomhomes.com", true */ 's', 'h', 'a', 'w', 'n', 's', 't', 'a', 'r', 'r', 'c', 'u', 's', 't', 'o', 'm', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "shawnwilson.info", true */ 's', 'h', 'a', 'w', 'n', 'w', 'i', 'l', 's', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "shazbots.org", true */ 's', 'h', 'a', 'z', 'b', 'o', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "shazzlemd.com", true */ 's', 'h', 'a', 'z', 'z', 'l', 'e', 'm', 'd', '.', 'c', 'o', 'm', '\0', + /* "shazzlepro.com", true */ 's', 'h', 'a', 'z', 'z', 'l', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "sheaf.site", true */ 's', 'h', 'e', 'a', 'f', '.', 's', 'i', 't', 'e', '\0', + /* "shearcomfort.com", true */ 's', 'h', 'e', 'a', 'r', 'c', 'o', 'm', 'f', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "sheehyinfinitioftysonsparts.com", true */ 's', 'h', 'e', 'e', 'h', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 't', 'y', 's', 'o', 'n', 's', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "sheepfriends.com", true */ 's', 'h', 'e', 'e', 'p', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "shehata.com", true */ 's', 'h', 'e', 'h', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "sheilasdrivingschool.com", true */ 's', 'h', 'e', 'i', 'l', 'a', 's', 'd', 'r', 'i', 'v', 'i', 'n', 'g', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "shelfordsandstaplefordscouts.org.uk", true */ 's', 'h', 'e', 'l', 'f', 'o', 'r', 'd', 's', 'a', 'n', 'd', 's', 't', 'a', 'p', 'l', 'e', 'f', 'o', 'r', 'd', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "shellday.cc", true */ 's', 'h', 'e', 'l', 'l', 'd', 'a', 'y', '.', 'c', 'c', '\0', + /* "shelleystoybox.com", true */ 's', 'h', 'e', 'l', 'l', 'e', 'y', 's', 't', 'o', 'y', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "shellfire.de", true */ 's', 'h', 'e', 'l', 'l', 'f', 'i', 'r', 'e', '.', 'd', 'e', '\0', + /* "shellj.me", true */ 's', 'h', 'e', 'l', 'l', 'j', '.', 'm', 'e', '\0', + /* "shellshock.eu", true */ 's', 'h', 'e', 'l', 'l', 's', 'h', 'o', 'c', 'k', '.', 'e', 'u', '\0', + /* "shellvatore.us", true */ 's', 'h', 'e', 'l', 'l', 'v', 'a', 't', 'o', 'r', 'e', '.', 'u', 's', '\0', + /* "shemissed.me", true */ 's', 'h', 'e', 'm', 'i', 's', 's', 'e', 'd', '.', 'm', 'e', '\0', + /* "shemsconseils.ma", true */ 's', 'h', 'e', 'm', 's', 'c', 'o', 'n', 's', 'e', 'i', 'l', 's', '.', 'm', 'a', '\0', + /* "shenghaiautoparts.com", true */ 's', 'h', 'e', 'n', 'g', 'h', 'a', 'i', 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "shenghaiautoparts.net", true */ 's', 'h', 'e', 'n', 'g', 'h', 'a', 'i', 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'n', 'e', 't', '\0', + /* "shentengtu.idv.tw", true */ 's', 'h', 'e', 'n', 't', 'e', 'n', 'g', 't', 'u', '.', 'i', 'd', 'v', '.', 't', 'w', '\0', + /* "shenyuqi.com", false */ 's', 'h', 'e', 'n', 'y', 'u', 'q', 'i', '.', 'c', 'o', 'm', '\0', + /* "sherbers.de", true */ 's', 'h', 'e', 'r', 'b', 'e', 'r', 's', '.', 'd', 'e', '\0', + /* "shethbox.com", true */ 's', 'h', 'e', 't', 'h', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "shevronpatriot.ru", true */ 's', 'h', 'e', 'v', 'r', 'o', 'n', 'p', 'a', 't', 'r', 'i', 'o', 't', '.', 'r', 'u', '\0', + /* "shft.cl", true */ 's', 'h', 'f', 't', '.', 'c', 'l', '\0', + /* "shgt.jp", true */ 's', 'h', 'g', 't', '.', 'j', 'p', '\0', + /* "shh-listen.com", true */ 's', 'h', 'h', '-', 'l', 'i', 's', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "shh.sh", true */ 's', 'h', 'h', '.', 's', 'h', '\0', + /* "shiawasedo.co.jp", true */ 's', 'h', 'i', 'a', 'w', 'a', 's', 'e', 'd', 'o', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "shibainu.com.br", true */ 's', 'h', 'i', 'b', 'a', 'i', 'n', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "shichibukai.net", true */ 's', 'h', 'i', 'c', 'h', 'i', 'b', 'u', 'k', 'a', 'i', '.', 'n', 'e', 't', '\0', + /* "shieldcomputer.com", true */ 's', 'h', 'i', 'e', 'l', 'd', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "shieldofachilles.in", true */ 's', 'h', 'i', 'e', 'l', 'd', 'o', 'f', 'a', 'c', 'h', 'i', 'l', 'l', 'e', 's', '.', 'i', 'n', '\0', + /* "shift-record.com", true */ 's', 'h', 'i', 'f', 't', '-', 'r', 'e', 'c', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "shift-to.co.jp", true */ 's', 'h', 'i', 'f', 't', '-', 't', 'o', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "shiftdevices.com", true */ 's', 'h', 'i', 'f', 't', 'd', 'e', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "shiftj.is", true */ 's', 'h', 'i', 'f', 't', 'j', '.', 'i', 's', '\0', + /* "shiftleft.org", true */ 's', 'h', 'i', 'f', 't', 'l', 'e', 'f', 't', '.', 'o', 'r', 'g', '\0', + /* "shijing.me", true */ 's', 'h', 'i', 'j', 'i', 'n', 'g', '.', 'm', 'e', '\0', + /* "shikimori.one", true */ 's', 'h', 'i', 'k', 'i', 'm', 'o', 'r', 'i', '.', 'o', 'n', 'e', '\0', + /* "shikimori.org", true */ 's', 'h', 'i', 'k', 'i', 'm', 'o', 'r', 'i', '.', 'o', 'r', 'g', '\0', + /* "shikinobi.com", true */ 's', 'h', 'i', 'k', 'i', 'n', 'o', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "shimi.net", true */ 's', 'h', 'i', 'm', 'i', '.', 'n', 'e', 't', '\0', + /* "shimo.im", true */ 's', 'h', 'i', 'm', 'o', '.', 'i', 'm', '\0', + /* "shin-inc.jp", true */ 's', 'h', 'i', 'n', '-', 'i', 'n', 'c', '.', 'j', 'p', '\0', + /* "shinghoi.com", true */ 's', 'h', 'i', 'n', 'g', 'h', 'o', 'i', '.', 'c', 'o', 'm', '\0', + /* "shining.gifts", true */ 's', 'h', 'i', 'n', 'i', 'n', 'g', '.', 'g', 'i', 'f', 't', 's', '\0', + /* "shinko-osaka.jp", true */ 's', 'h', 'i', 'n', 'k', 'o', '-', 'o', 's', 'a', 'k', 'a', '.', 'j', 'p', '\0', + /* "shinnyosangha.org", false */ 's', 'h', 'i', 'n', 'n', 'y', 'o', 's', 'a', 'n', 'g', 'h', 'a', '.', 'o', 'r', 'g', '\0', + /* "shinobi-fansub.ro", true */ 's', 'h', 'i', 'n', 'o', 'b', 'i', '-', 'f', 'a', 'n', 's', 'u', 'b', '.', 'r', 'o', '\0', + /* "shinonome-lab.eu.org", true */ 's', 'h', 'i', 'n', 'o', 'n', 'o', 'm', 'e', '-', 'l', 'a', 'b', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "shintoism.com", true */ 's', 'h', 'i', 'n', 't', 'o', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "shinyuu.net", true */ 's', 'h', 'i', 'n', 'y', 'u', 'u', '.', 'n', 'e', 't', '\0', + /* "shipard.com", true */ 's', 'h', 'i', 'p', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "shipard.cz", true */ 's', 'h', 'i', 'p', 'a', 'r', 'd', '.', 'c', 'z', '\0', + /* "shipcloud.io", true */ 's', 'h', 'i', 'p', 'c', 'l', 'o', 'u', 'd', '.', 'i', 'o', '\0', + /* "shiroki-k.net", true */ 's', 'h', 'i', 'r', 'o', 'k', 'i', '-', 'k', '.', 'n', 'e', 't', '\0', + /* "shirt2go.shop", true */ 's', 'h', 'i', 'r', 't', '2', 'g', 'o', '.', 's', 'h', 'o', 'p', '\0', + /* "shirtsofholland.com", true */ 's', 'h', 'i', 'r', 't', 's', 'o', 'f', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "shiseki.top", true */ 's', 'h', 'i', 's', 'e', 'k', 'i', '.', 't', 'o', 'p', '\0', + /* "shishamania.de", true */ 's', 'h', 'i', 's', 'h', 'a', 'm', 'a', 'n', 'i', 'a', '.', 'd', 'e', '\0', + /* "shishkin.link", true */ 's', 'h', 'i', 's', 'h', 'k', 'i', 'n', '.', 'l', 'i', 'n', 'k', '\0', + /* "shishkin.us", true */ 's', 'h', 'i', 's', 'h', 'k', 'i', 'n', '.', 'u', 's', '\0', + /* "shishlik.net", true */ 's', 'h', 'i', 's', 'h', 'l', 'i', 'k', '.', 'n', 'e', 't', '\0', + /* "shitagi-shop.com", true */ 's', 'h', 'i', 't', 'a', 'g', 'i', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "shitbeast.institute", true */ 's', 'h', 'i', 't', 'b', 'e', 'a', 's', 't', '.', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '\0', + /* "shitmybradsays.com", true */ 's', 'h', 'i', 't', 'm', 'y', 'b', 'r', 'a', 'd', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "shitposts.se", true */ 's', 'h', 'i', 't', 'p', 'o', 's', 't', 's', '.', 's', 'e', '\0', + /* "shitproductions.org", true */ 's', 'h', 'i', 't', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "shitsta.in", true */ 's', 'h', 'i', 't', 's', 't', 'a', '.', 'i', 'n', '\0', + /* "shk.im", true */ 's', 'h', 'k', '.', 'i', 'm', '\0', + /* "shlemenkov.by", true */ 's', 'h', 'l', 'e', 'm', 'e', 'n', 'k', 'o', 'v', '.', 'b', 'y', '\0', + /* "shobhanayogsadan.com", true */ 's', 'h', 'o', 'b', 'h', 'a', 'n', 'a', 'y', 'o', 'g', 's', 'a', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "shock.ee", true */ 's', 'h', 'o', 'c', 'k', '.', 'e', 'e', '\0', + /* "shockercityservices.com", true */ 's', 'h', 'o', 'c', 'k', 'e', 'r', 'c', 'i', 't', 'y', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "shodan.io", true */ 's', 'h', 'o', 'd', 'a', 'n', '.', 'i', 'o', '\0', + /* "shoemuse.com", true */ 's', 'h', 'o', 'e', 'm', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "shoestringeventing.co.uk", true */ 's', 'h', 'o', 'e', 's', 't', 'r', 'i', 'n', 'g', 'e', 'v', 'e', 'n', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "shokola.com", true */ 's', 'h', 'o', 'k', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "shome.de", true */ 's', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0', + /* "shooter.dog", true */ 's', 'h', 'o', 'o', 't', 'e', 'r', '.', 'd', 'o', 'g', '\0', + /* "shootpooloklahoma.com", true */ 's', 'h', 'o', 'o', 't', 'p', 'o', 'o', 'l', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "shop-s.net", true */ 's', 'h', 'o', 'p', '-', 's', '.', 'n', 'e', 't', '\0', + /* "shopapi.cz", true */ 's', 'h', 'o', 'p', 'a', 'p', 'i', '.', 'c', 'z', '\0', + /* "shopatkei.com", true */ 's', 'h', 'o', 'p', 'a', 't', 'k', 'e', 'i', '.', 'c', 'o', 'm', '\0', + /* "shopbakersnook.com", true */ 's', 'h', 'o', 'p', 'b', 'a', 'k', 'e', 'r', 's', 'n', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "shopcoupon.co.za", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "shopcoupons.co.id", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "shopcoupons.my", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 'm', 'y', '\0', + /* "shopcoupons.ph", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 'p', 'h', '\0', + /* "shopcoupons.sg", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 's', 'g', '\0', + /* "shopdopastor.com.br", true */ 's', 'h', 'o', 'p', 'd', 'o', 'p', 'a', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "shopifycloud.com", true */ 's', 'h', 'o', 'p', 'i', 'f', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "shopkini.com", true */ 's', 'h', 'o', 'p', 'k', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "shoplandia.co", true */ 's', 'h', 'o', 'p', 'l', 'a', 'n', 'd', 'i', 'a', '.', 'c', 'o', '\0', + /* "shoppia.se", true */ 's', 'h', 'o', 'p', 'p', 'i', 'a', '.', 's', 'e', '\0', + /* "shopping24.de", true */ 's', 'h', 'o', 'p', 'p', 'i', 'n', 'g', '2', '4', '.', 'd', 'e', '\0', + /* "shoppr.dk", true */ 's', 'h', 'o', 'p', 'p', 'r', '.', 'd', 'k', '\0', + /* "shoprsc.com", true */ 's', 'h', 'o', 'p', 'r', 's', 'c', '.', 'c', 'o', 'm', '\0', + /* "shopsouthafrican.com", true */ 's', 'h', 'o', 'p', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "shoptec.sk", true */ 's', 'h', 'o', 'p', 't', 'e', 'c', '.', 's', 'k', '\0', + /* "shorebreaksecurity.com", true */ 's', 'h', 'o', 'r', 'e', 'b', 'r', 'e', 'a', 'k', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "shortdiary.me", true */ 's', 'h', 'o', 'r', 't', 'd', 'i', 'a', 'r', 'y', '.', 'm', 'e', '\0', + /* "shortpath.com", true */ 's', 'h', 'o', 'r', 't', 'p', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "shoshin-aikido.de", true */ 's', 'h', 'o', 's', 'h', 'i', 'n', '-', 'a', 'i', 'k', 'i', 'd', 'o', '.', 'd', 'e', '\0', + /* "shota.vip", true */ 's', 'h', 'o', 't', 'a', '.', 'v', 'i', 'p', '\0', + /* "shotbow.net", true */ 's', 'h', 'o', 't', 'b', 'o', 'w', '.', 'n', 'e', 't', '\0', + /* "shotonwhat.com", true */ 's', 'h', 'o', 't', 'o', 'n', 'w', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "shotpixonline.com.br", true */ 's', 'h', 'o', 't', 'p', 'i', 'x', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "show-saratov.ru", false */ 's', 'h', 'o', 'w', '-', 's', 'a', 'r', 'a', 't', 'o', 'v', '.', 'r', 'u', '\0', + /* "showbits.net", true */ 's', 'h', 'o', 'w', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0', + /* "showdepiscinas.com.br", true */ 's', 'h', 'o', 'w', 'd', 'e', 'p', 'i', 's', 'c', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "shower.im", true */ 's', 'h', 'o', 'w', 'e', 'r', '.', 'i', 'm', '\0', + /* "showmax.com", true */ 's', 'h', 'o', 'w', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "showroom.de", true */ 's', 'h', 'o', 'w', 'r', 'o', 'o', 'm', '.', 'd', 'e', '\0', + /* "showsonar.com", true */ 's', 'h', 'o', 'w', 's', 'o', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "shrike.me", false */ 's', 'h', 'r', 'i', 'k', 'e', '.', 'm', 'e', '\0', + /* "shrinidhiclinic.in", true */ 's', 'h', 'r', 'i', 'n', 'i', 'd', 'h', 'i', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'i', 'n', '\0', + /* "shrinkhub.com", true */ 's', 'h', 'r', 'i', 'n', 'k', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "shrub.ca", true */ 's', 'h', 'r', 'u', 'b', '.', 'c', 'a', '\0', + /* "shtorku.com", true */ 's', 'h', 't', 'o', 'r', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "shu-fu.net", true */ 's', 'h', 'u', '-', 'f', 'u', '.', 'n', 'e', 't', '\0', + /* "shu-kin.net", true */ 's', 'h', 'u', '-', 'k', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "shulan.moe", true */ 's', 'h', 'u', 'l', 'a', 'n', '.', 'm', 'o', 'e', '\0', + /* "shuro.de", true */ 's', 'h', 'u', 'r', 'o', '.', 'd', 'e', '\0', + /* "shushu.media", true */ 's', 'h', 'u', 's', 'h', 'u', '.', 'm', 'e', 'd', 'i', 'a', '\0', + /* "shutter-shower.com", true */ 's', 'h', 'u', 't', 't', 'e', 'r', '-', 's', 'h', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "shux.pro", true */ 's', 'h', 'u', 'x', '.', 'p', 'r', 'o', '\0', + /* "si-benelux.nl", true */ 's', 'i', '-', 'b', 'e', 'n', 'e', 'l', 'u', 'x', '.', 'n', 'l', '\0', + /* "si.to", true */ 's', 'i', '.', 't', 'o', '\0', + /* "siamojo.com", true */ 's', 'i', 'a', 'm', 'o', 'j', 'o', '.', 'c', 'o', 'm', '\0', + /* "siamsnus.com", true */ 's', 'i', 'a', 'm', 's', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "siao-mei.com", true */ 's', 'i', 'a', 'o', '-', 'm', 'e', 'i', '.', 'c', 'o', 'm', '\0', + /* "sibfk.org", true */ 's', 'i', 'b', 'f', 'k', '.', 'o', 'r', 'g', '\0', + /* "sibrenvasse.nl", true */ 's', 'i', 'b', 'r', 'e', 'n', 'v', 'a', 's', 's', 'e', '.', 'n', 'l', '\0', + /* "siciliadisinfestazioni.it", true */ 's', 'i', 'c', 'i', 'l', 'i', 'a', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'i', 't', '\0', + /* "siciliamconsulting.com", true */ 's', 'i', 'c', 'i', 'l', 'i', 'a', 'm', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "sicilianbalm.com", true */ 's', 'i', 'c', 'i', 'l', 'i', 'a', 'n', 'b', 'a', 'l', 'm', '.', 'c', 'o', 'm', '\0', + /* "sicken.eu", true */ 's', 'i', 'c', 'k', 'e', 'n', '.', 'e', 'u', '\0', + /* "sicklepod.com", true */ 's', 'i', 'c', 'k', 'l', 'e', 'p', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "siconnect.us", true */ 's', 'i', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'u', 's', '\0', + /* "sidelka-tver.ru", true */ 's', 'i', 'd', 'e', 'l', 'k', 'a', '-', 't', 'v', 'e', 'r', '.', 'r', 'u', '\0', + /* "sidepodcast.com", true */ 's', 'i', 'd', 'e', 'p', 'o', 'd', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "sidepodcastdaily.com", true */ 's', 'i', 'd', 'e', 'p', 'o', 'd', 'c', 'a', 's', 't', 'd', 'a', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "sidepodcastextra.com", true */ 's', 'i', 'd', 'e', 'p', 'o', 'd', 'c', 'a', 's', 't', 'e', 'x', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "sideshowbarker.net", true */ 's', 'i', 'd', 'e', 's', 'h', 'o', 'w', 'b', 'a', 'r', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "sidium.de", true */ 's', 'i', 'd', 'i', 'u', 'm', '.', 'd', 'e', '\0', + /* "sidnicio.us", true */ 's', 'i', 'd', 'n', 'i', 'c', 'i', 'o', '.', 'u', 's', '\0', + /* "sidonge.com", true */ 's', 'i', 'd', 'o', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "sidongkim.com", true */ 's', 'i', 'd', 'o', 'n', 'g', 'k', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "sidpod.ru", true */ 's', 'i', 'd', 'p', 'o', 'd', '.', 'r', 'u', '\0', + /* "siegemund-frankfurt.de", true */ 's', 'i', 'e', 'g', 'e', 'm', 'u', 'n', 'd', '-', 'f', 'r', 'a', 'n', 'k', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0', + /* "sieh.es", true */ 's', 'i', 'e', 'h', '.', 'e', 's', '\0', + /* "sientemendoza.com.ar", true */ 's', 'i', 'e', 'n', 't', 'e', 'm', 'e', 'n', 'd', 'o', 'z', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "sieulog.com", true */ 's', 'i', 'e', 'u', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "siewert-kau.de", true */ 's', 'i', 'e', 'w', 'e', 'r', 't', '-', 'k', 'a', 'u', '.', 'd', 'e', '\0', + /* "sift-tool.org", true */ 's', 'i', 'f', 't', '-', 't', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0', + /* "sig6.org", true */ 's', 'i', 'g', '6', '.', 'o', 'r', 'g', '\0', + /* "sigabrt.org", true */ 's', 'i', 'g', 'a', 'b', 'r', 't', '.', 'o', 'r', 'g', '\0', + /* "siggerudklatreklubb.no", true */ 's', 'i', 'g', 'g', 'e', 'r', 'u', 'd', 'k', 'l', 'a', 't', 'r', 'e', 'k', 'l', 'u', 'b', 'b', '.', 'n', 'o', '\0', + /* "sightcure.jp", true */ 's', 'i', 'g', 'h', 't', 'c', 'u', 'r', 'e', '.', 'j', 'p', '\0', + /* "sighup.nz", true */ 's', 'i', 'g', 'h', 'u', 'p', '.', 'n', 'z', '\0', + /* "sigismonda.ch", true */ 's', 'i', 'g', 'i', 's', 'm', 'o', 'n', 'd', 'a', '.', 'c', 'h', '\0', + /* "sigma-signalisation.com", true */ 's', 'i', 'g', 'm', 'a', '-', 's', 'i', 'g', 'n', 'a', 'l', 'i', 's', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "sigmalux.sarl", true */ 's', 'i', 'g', 'm', 'a', 'l', 'u', 'x', '.', 's', 'a', 'r', 'l', '\0', + /* "sign.io", true */ 's', 'i', 'g', 'n', '.', 'i', 'o', '\0', + /* "signaltransmitter.de", true */ 's', 'i', 'g', 'n', 'a', 'l', 't', 'r', 'a', 'n', 's', 'm', 'i', 't', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "signere.com", true */ 's', 'i', 'g', 'n', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "signere.no", true */ 's', 'i', 'g', 'n', 'e', 'r', 'e', '.', 'n', 'o', '\0', + /* "significados.com", true */ 's', 'i', 'g', 'n', 'i', 'f', 'i', 'c', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "significados.com.br", true */ 's', 'i', 'g', 'n', 'i', 'f', 'i', 'c', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "significantbanter.com", true */ 's', 'i', 'g', 'n', 'i', 'f', 'i', 'c', 'a', 'n', 't', 'b', 'a', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "signing-milter.org", true */ 's', 'i', 'g', 'n', 'i', 'n', 'g', '-', 'm', 'i', 'l', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "signix.net", true */ 's', 'i', 'g', 'n', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "signslabelstapesandmore.com", false */ 's', 'i', 'g', 'n', 's', 'l', 'a', 'b', 'e', 'l', 's', 't', 'a', 'p', 'e', 's', 'a', 'n', 'd', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "signtul.com", false */ 's', 'i', 'g', 'n', 't', 'u', 'l', '.', 'c', 'o', 'm', '\0', + /* "sigsegv.run", true */ 's', 'i', 'g', 's', 'e', 'g', 'v', '.', 'r', 'u', 'n', '\0', + /* "sigterm.sh", true */ 's', 'i', 'g', 't', 'e', 'r', 'm', '.', 's', 'h', '\0', + /* "siikarantacamping.fi", true */ 's', 'i', 'i', 'k', 'a', 'r', 'a', 'n', 't', 'a', 'c', 'a', 'm', 'p', 'i', 'n', 'g', '.', 'f', 'i', '\0', + /* "siirtutkusu.com", true */ 's', 'i', 'i', 'r', 't', 'u', 't', 'k', 'u', 's', 'u', '.', 'c', 'o', 'm', '\0', + /* "sijmenschoon.nl", true */ 's', 'i', 'j', 'm', 'e', 'n', 's', 'c', 'h', 'o', 'o', 'n', '.', 'n', 'l', '\0', + /* "sikevux.se", true */ 's', 'i', 'k', 'e', 'v', 'u', 'x', '.', 's', 'e', '\0', + /* "sikko.biz", true */ 's', 'i', 'k', 'k', 'o', '.', 'b', 'i', 'z', '\0', + /* "siku-shop.ch", true */ 's', 'i', 'k', 'u', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0', + /* "silashes.com", true */ 's', 'i', 'l', 'a', 's', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "silashes.ru", true */ 's', 'i', 'l', 'a', 's', 'h', 'e', 's', '.', 'r', 'u', '\0', + /* "silentexplosion.de", true */ 's', 'i', 'l', 'e', 'n', 't', 'e', 'x', 'p', 'l', 'o', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "silentkernel.fr", false */ 's', 'i', 'l', 'e', 'n', 't', 'k', 'e', 'r', 'n', 'e', 'l', '.', 'f', 'r', '\0', + /* "silentmode.com", true */ 's', 'i', 'l', 'e', 'n', 't', 'm', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "silentundo.org", true */ 's', 'i', 'l', 'e', 'n', 't', 'u', 'n', 'd', 'o', '.', 'o', 'r', 'g', '\0', + /* "siliconchip.me", true */ 's', 'i', 'l', 'i', 'c', 'o', 'n', 'c', 'h', 'i', 'p', '.', 'm', 'e', '\0', + /* "silkebaekken.no", true */ 's', 'i', 'l', 'k', 'e', 'b', 'a', 'e', 'k', 'k', 'e', 'n', '.', 'n', 'o', '\0', + /* "sillisalaatti.fi", true */ 's', 'i', 'l', 'l', 'i', 's', 'a', 'l', 'a', 'a', 't', 't', 'i', '.', 'f', 'i', '\0', + /* "sillysnapz.co.uk", true */ 's', 'i', 'l', 'l', 'y', 's', 'n', 'a', 'p', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "siloportem.net", true */ 's', 'i', 'l', 'o', 'p', 'o', 'r', 't', 'e', 'm', '.', 'n', 'e', 't', '\0', + /* "silqueskineyeserum.com", true */ 's', 'i', 'l', 'q', 'u', 'e', 's', 'k', 'i', 'n', 'e', 'y', 'e', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "silsha.me", true */ 's', 'i', 'l', 's', 'h', 'a', '.', 'm', 'e', '\0', + /* "silv.me", true */ 's', 'i', 'l', 'v', '.', 'm', 'e', '\0', + /* "silver-heart.co.uk", true */ 's', 'i', 'l', 'v', 'e', 'r', '-', 'h', 'e', 'a', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "silverback.is", true */ 's', 'i', 'l', 'v', 'e', 'r', 'b', 'a', 'c', 'k', '.', 'i', 's', '\0', + /* "silverbowflyshop.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 'b', 'o', 'w', 'f', 'l', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "silverdragonart.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 'd', 'r', 'a', 'g', 'o', 'n', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "silvergoldbull.be", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'b', 'e', '\0', + /* "silvergoldbull.by", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'b', 'y', '\0', + /* "silvergoldbull.ca", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'a', '\0', + /* "silvergoldbull.cl", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'l', '\0', + /* "silvergoldbull.cm", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'm', '\0', + /* "silvergoldbull.cn", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'n', '\0', + /* "silvergoldbull.co", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '\0', + /* "silvergoldbull.co.il", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "silvergoldbull.co.no", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 'n', 'o', '\0', + /* "silvergoldbull.co.tz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 't', 'z', '\0', + /* "silvergoldbull.co.uk", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "silvergoldbull.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "silvergoldbull.com.ar", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "silvergoldbull.com.au", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "silvergoldbull.com.mt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '.', 'm', 't', '\0', + /* "silvergoldbull.cr", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'r', '\0', + /* "silvergoldbull.cz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'z', '\0', + /* "silvergoldbull.de", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'd', 'e', '\0', + /* "silvergoldbull.do", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'd', 'o', '\0', + /* "silvergoldbull.ec", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'e', 'c', '\0', + /* "silvergoldbull.ee", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'e', 'e', '\0', + /* "silvergoldbull.es", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'e', 's', '\0', + /* "silvergoldbull.fi", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'f', 'i', '\0', + /* "silvergoldbull.gd", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'd', '\0', + /* "silvergoldbull.ge", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'e', '\0', + /* "silvergoldbull.gl", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'l', '\0', + /* "silvergoldbull.gr", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'r', '\0', + /* "silvergoldbull.gt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 't', '\0', + /* "silvergoldbull.hk", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'h', 'k', '\0', + /* "silvergoldbull.hn", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'h', 'n', '\0', + /* "silvergoldbull.hu", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'h', 'u', '\0', + /* "silvergoldbull.id", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 'd', '\0', + /* "silvergoldbull.in", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 'n', '\0', + /* "silvergoldbull.is", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 's', '\0', + /* "silvergoldbull.it", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 't', '\0', + /* "silvergoldbull.kr", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'k', 'r', '\0', + /* "silvergoldbull.ky", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'k', 'y', '\0', + /* "silvergoldbull.li", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'l', 'i', '\0', + /* "silvergoldbull.lt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'l', 't', '\0', + /* "silvergoldbull.lv", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'l', 'v', '\0', + /* "silvergoldbull.ma", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'a', '\0', + /* "silvergoldbull.mk", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'k', '\0', + /* "silvergoldbull.ml", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'l', '\0', + /* "silvergoldbull.mw", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'w', '\0', + /* "silvergoldbull.nz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'n', 'z', '\0', + /* "silvergoldbull.ph", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'p', 'h', '\0', + /* "silvergoldbull.pl", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'p', 'l', '\0', + /* "silvergoldbull.pt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'p', 't', '\0', + /* "silvergoldbull.qa", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'q', 'a', '\0', + /* "silvergoldbull.rs", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'r', 's', '\0', + /* "silvergoldbull.se", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 's', 'e', '\0', + /* "silvergoldbull.si", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 's', 'i', '\0', + /* "silvergoldbull.sv", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 's', 'v', '\0', + /* "silvergoldbull.tj", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 'j', '\0', + /* "silvergoldbull.tn", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 'n', '\0', + /* "silvergoldbull.tt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 't', '\0', + /* "silvergoldbull.tw", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 'w', '\0', + /* "silvergoldbull.uy", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'u', 'y', '\0', + /* "silvergoldbull.uz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'u', 'z', '\0', + /* "silvergoldbull.ws", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'w', 's', '\0', + /* "silverlinkz.net", true */ 's', 'i', 'l', 'v', 'e', 'r', 'l', 'i', 'n', 'k', 'z', '.', 'n', 'e', 't', '\0', + /* "silverseen.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 's', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "silverstartup.sk", true */ 's', 'i', 'l', 'v', 'e', 'r', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 's', 'k', '\0', + /* "silverwind.io", true */ 's', 'i', 'l', 'v', 'e', 'r', 'w', 'i', 'n', 'd', '.', 'i', 'o', '\0', + /* "silviamacallister.com", true */ 's', 'i', 'l', 'v', 'i', 'a', 'm', 'a', 'c', 'a', 'l', 'l', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "silvine.xyz", true */ 's', 'i', 'l', 'v', 'i', 'n', 'e', '.', 'x', 'y', 'z', '\0', + /* "sim-karten.net", true */ 's', 'i', 'm', '-', 'k', 'a', 'r', 't', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "sim-sim.appspot.com", true */ 's', 'i', 'm', '-', 's', 'i', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "sim4seed.org", true */ 's', 'i', 'm', '4', 's', 'e', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "simam.de", true */ 's', 'i', 'm', 'a', 'm', '.', 'd', 'e', '\0', + /* "simbeton.nl", true */ 's', 'i', 'm', 'b', 'e', 't', 'o', 'n', '.', 'n', 'l', '\0', + /* "simbolo.co.uk", false */ 's', 'i', 'm', 'b', 'o', 'l', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "simeonoff.ninja", true */ 's', 'i', 'm', 'e', 'o', 'n', 'o', 'f', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "simetal.ch", true */ 's', 'i', 'm', 'e', 't', 'a', 'l', '.', 'c', 'h', '\0', + /* "simfed.org", true */ 's', 'i', 'm', 'f', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "simivalleyelectrical.com", true */ 's', 'i', 'm', 'i', 'v', 'a', 'l', 'l', 'e', 'y', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "simlau.net", true */ 's', 'i', 'm', 'l', 'a', 'u', '.', 'n', 'e', 't', '\0', + /* "simmis.fr", true */ 's', 'i', 'm', 'm', 'i', 's', '.', 'f', 'r', '\0', + /* "simoesgoulart.com.br", true */ 's', 'i', 'm', 'o', 'e', 's', 'g', 'o', 'u', 'l', 'a', 'r', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "simon-hofmann.org", true */ 's', 'i', 'm', 'o', 'n', '-', 'h', 'o', 'f', 'm', 'a', 'n', 'n', '.', 'o', 'r', 'g', '\0', + /* "simon-mueller.de", true */ 's', 'i', 'm', 'o', 'n', '-', 'm', 'u', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "simon.lc", true */ 's', 'i', 'm', 'o', 'n', '.', 'l', 'c', '\0', + /* "simonberard.garden", true */ 's', 'i', 'm', 'o', 'n', 'b', 'e', 'r', 'a', 'r', 'd', '.', 'g', 'a', 'r', 'd', 'e', 'n', '\0', + /* "simonbondo.dk", true */ 's', 'i', 'm', 'o', 'n', 'b', 'o', 'n', 'd', 'o', '.', 'd', 'k', '\0', + /* "simoncommunity.org.uk", true */ 's', 'i', 'm', 'o', 'n', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "simoncook.org", true */ 's', 'i', 'm', 'o', 'n', 'c', 'o', 'o', 'k', '.', 'o', 'r', 'g', '\0', + /* "simonfischer.info", true */ 's', 'i', 'm', 'o', 'n', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "simonhirscher.de", true */ 's', 'i', 'm', 'o', 'n', 'h', 'i', 'r', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0', + /* "simonkjellberg.com", true */ 's', 'i', 'm', 'o', 'n', 'k', 'j', 'e', 'l', 'l', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "simonkjellberg.se", true */ 's', 'i', 'm', 'o', 'n', 'k', 'j', 'e', 'l', 'l', 'b', 'e', 'r', 'g', '.', 's', 'e', '\0', + /* "simonlyabonnement.nl", true */ 's', 'i', 'm', 'o', 'n', 'l', 'y', 'a', 'b', 'o', 'n', 'n', 'e', 'm', 'e', 'n', 't', '.', 'n', 'l', '\0', + /* "simonpaarlberg.com", true */ 's', 'i', 'm', 'o', 'n', 'p', 'a', 'a', 'r', 'l', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "simonreich.de", true */ 's', 'i', 'm', 'o', 'n', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "simonschmitt.ch", true */ 's', 'i', 'm', 'o', 'n', 's', 'c', 'h', 'm', 'i', 't', 't', '.', 'c', 'h', '\0', + /* "simonsmh.cc", true */ 's', 'i', 'm', 'o', 'n', 's', 'm', 'h', '.', 'c', 'c', '\0', + /* "simonspeich.ch", true */ 's', 'i', 'm', 'o', 'n', 's', 'p', 'e', 'i', 'c', 'h', '.', 'c', 'h', '\0', + /* "simonsreich.de", true */ 's', 'i', 'm', 'o', 'n', 's', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "simontaite.com", true */ 's', 'i', 'm', 'o', 'n', 't', 'a', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "simonwessel.net", true */ 's', 'i', 'm', 'o', 'n', 'w', 'e', 's', 's', 'e', 'l', '.', 'n', 'e', 't', '\0', + /* "simonwoodside.com", true */ 's', 'i', 'm', 'o', 'n', 'w', 'o', 'o', 'd', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "simpbx.net", true */ 's', 'i', 'm', 'p', 'b', 'x', '.', 'n', 'e', 't', '\0', + /* "simpel.be", true */ 's', 'i', 'm', 'p', 'e', 'l', '.', 'b', 'e', '\0', + /* "simpeo.fr", true */ 's', 'i', 'm', 'p', 'e', 'o', '.', 'f', 'r', '\0', + /* "simpeo.org", true */ 's', 'i', 'm', 'p', 'e', 'o', '.', 'o', 'r', 'g', '\0', + /* "simphony.cz", true */ 's', 'i', 'm', 'p', 'h', 'o', 'n', 'y', '.', 'c', 'z', '\0', + /* "simpip.com", true */ 's', 'i', 'm', 'p', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "simple.com", false */ 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "simplecontacts.com", true */ 's', 'i', 'm', 'p', 'l', 'e', 'c', 'o', 'n', 't', 'a', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "simplednscrypt.org", true */ 's', 'i', 'm', 'p', 'l', 'e', 'd', 'n', 's', 'c', 'r', 'y', 'p', 't', '.', 'o', 'r', 'g', '\0', + /* "simpleindianrecipes.com", true */ 's', 'i', 'm', 'p', 'l', 'e', 'i', 'n', 'd', 'i', 'a', 'n', 'r', 'e', 'c', 'i', 'p', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "simpleinout.com", true */ 's', 'i', 'm', 'p', 'l', 'e', 'i', 'n', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "simpleinvoices.io", true */ 's', 'i', 'm', 'p', 'l', 'e', 'i', 'n', 'v', 'o', 'i', 'c', 'e', 's', '.', 'i', 'o', '\0', + /* "simplesamlphp.org", true */ 's', 'i', 'm', 'p', 'l', 'e', 's', 'a', 'm', 'l', 'p', 'h', 'p', '.', 'o', 'r', 'g', '\0', + /* "simpletax.ca", true */ 's', 'i', 'm', 'p', 'l', 'e', 't', 'a', 'x', '.', 'c', 'a', '\0', + /* "simplewire.de", true */ 's', 'i', 'm', 'p', 'l', 'e', 'w', 'i', 'r', 'e', '.', 'd', 'e', '\0', + /* "simplexgame.net", true */ 's', 'i', 'm', 'p', 'l', 'e', 'x', 'g', 'a', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "simplia.cz", true */ 's', 'i', 'm', 'p', 'l', 'i', 'a', '.', 'c', 'z', '\0', + /* "simplicitypvp.net", true */ 's', 'i', 'm', 'p', 'l', 'i', 'c', 'i', 't', 'y', 'p', 'v', 'p', '.', 'n', 'e', 't', '\0', + /* "simplidesigns.nl", true */ 's', 'i', 'm', 'p', 'l', 'i', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'n', 'l', '\0', + /* "simplifylivelove.com", true */ 's', 'i', 'm', 'p', 'l', 'i', 'f', 'y', 'l', 'i', 'v', 'e', 'l', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "simply.scot", true */ 's', 'i', 'm', 'p', 'l', 'y', '.', 's', 'c', 'o', 't', '\0', + /* "simplycharlottemason.com", true */ 's', 'i', 'm', 'p', 'l', 'y', 'c', 'h', 'a', 'r', 'l', 'o', 't', 't', 'e', 'm', 'a', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "simplycloud.de", true */ 's', 'i', 'm', 'p', 'l', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "simplyfixit.co.uk", true */ 's', 'i', 'm', 'p', 'l', 'y', 'f', 'i', 'x', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "simplyhelen.de", true */ 's', 'i', 'm', 'p', 'l', 'y', 'h', 'e', 'l', 'e', 'n', '.', 'd', 'e', '\0', + /* "simplylovejesus.com", true */ 's', 'i', 'm', 'p', 'l', 'y', 'l', 'o', 'v', 'e', 'j', 'e', 's', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "simplymozzo.se", true */ 's', 'i', 'm', 'p', 'l', 'y', 'm', 'o', 'z', 'z', 'o', '.', 's', 'e', '\0', + /* "simplystudio.com", true */ 's', 'i', 'm', 'p', 'l', 'y', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "simpte.com", true */ 's', 'i', 'm', 'p', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "simpul.nl", true */ 's', 'i', 'm', 'p', 'u', 'l', '.', 'n', 'l', '\0', + /* "simsnieuws.nl", true */ 's', 'i', 'm', 's', 'n', 'i', 'e', 'u', 'w', 's', '.', 'n', 'l', '\0', + /* "simukti.net", true */ 's', 'i', 'm', 'u', 'k', 't', 'i', '.', 'n', 'e', 't', '\0', + /* "simumiehet.com", true */ 's', 'i', 'm', 'u', 'm', 'i', 'e', 'h', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "simus.fr", true */ 's', 'i', 'm', 'u', 's', '.', 'f', 'r', '\0', + /* "sin-nombre-alleria.de", true */ 's', 'i', 'n', '-', 'n', 'o', 'm', 'b', 'r', 'e', '-', 'a', 'l', 'l', 'e', 'r', 'i', 'a', '.', 'd', 'e', '\0', + /* "sin.swiss", true */ 's', 'i', 'n', '.', 's', 'w', 'i', 's', 's', '\0', + /* "sinaryuda.web.id", true */ 's', 'i', 'n', 'a', 'r', 'y', 'u', 'd', 'a', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0', + /* "sinatrafamily.com", true */ 's', 'i', 'n', 'a', 't', 'r', 'a', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "sinefili.com", true */ 's', 'i', 'n', 'e', 'f', 'i', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "sinergy.ch", true */ 's', 'i', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'h', '\0', + /* "sinfield.com", false */ 's', 'i', 'n', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "singaporemint.com", true */ 's', 'i', 'n', 'g', 'a', 'p', 'o', 'r', 'e', 'm', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "singapurfirma.com", true */ 's', 'i', 'n', 'g', 'a', 'p', 'u', 'r', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "singee.site", true */ 's', 'i', 'n', 'g', 'e', 'e', '.', 's', 'i', 't', 'e', '\0', + /* "singel.ch", true */ 's', 'i', 'n', 'g', 'e', 'l', '.', 'c', 'h', '\0', + /* "singerwang.com", true */ 's', 'i', 'n', 'g', 'e', 'r', 'w', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "single-in-stuttgart.de", true */ 's', 'i', 'n', 'g', 'l', 'e', '-', 'i', 'n', '-', 's', 't', 'u', 't', 't', 'g', 'a', 'r', 't', '.', 'd', 'e', '\0', + /* "singles-aus-hamburg.de", true */ 's', 'i', 'n', 'g', 'l', 'e', 's', '-', 'a', 'u', 's', '-', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "singles-berlin.de", true */ 's', 'i', 'n', 'g', 'l', 'e', 's', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0', + /* "singleuse.link", true */ 's', 'i', 'n', 'g', 'l', 'e', 'u', 's', 'e', '.', 'l', 'i', 'n', 'k', '\0', + /* "singlu10.org", false */ 's', 'i', 'n', 'g', 'l', 'u', '1', '0', '.', 'o', 'r', 'g', '\0', + /* "sinkip.com", true */ 's', 'i', 'n', 'k', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "sinktank.de", true */ 's', 'i', 'n', 'k', 't', 'a', 'n', 'k', '.', 'd', 'e', '\0', + /* "sinnersprojects.ro", true */ 's', 'i', 'n', 'n', 'e', 'r', 's', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'r', 'o', '\0', + /* "sinnovate.de", true */ 's', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'e', '.', 'd', 'e', '\0', + /* "sinomod.com", true */ 's', 'i', 'n', 'o', 'm', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "sinonimos.com.br", true */ 's', 'i', 'n', 'o', 'n', 'i', 'm', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sinonimosonline.com", true */ 's', 'i', 'n', 'o', 'n', 'i', 'm', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "sinonimosonline.com.br", true */ 's', 'i', 'n', 'o', 'n', 'i', 'm', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sinoscandinavia.se", true */ 's', 'i', 'n', 'o', 's', 'c', 'a', 'n', 'd', 'i', 'n', 'a', 'v', 'i', 'a', '.', 's', 'e', '\0', + /* "sinquin.eu", true */ 's', 'i', 'n', 'q', 'u', 'i', 'n', '.', 'e', 'u', '\0', + /* "sint-joris.nl", true */ 's', 'i', 'n', 't', '-', 'j', 'o', 'r', 'i', 's', '.', 'n', 'l', '\0', + /* "sinterama.biz", true */ 's', 'i', 'n', 't', 'e', 'r', 'a', 'm', 'a', '.', 'b', 'i', 'z', '\0', + /* "sintesysglobal.com", true */ 's', 'i', 'n', 't', 'e', 's', 'y', 's', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "sinuelovirtual.com.br", true */ 's', 'i', 'n', 'u', 'e', 'l', 'o', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sion.moe", true */ 's', 'i', 'o', 'n', '.', 'm', 'o', 'e', '\0', + /* "siraweb.org", true */ 's', 'i', 'r', 'a', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0', + /* "sirbouncealotcastles.co.uk", true */ 's', 'i', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'l', 'o', 't', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sirbouncelot.co.uk", true */ 's', 'i', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 'l', 'o', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sirburton.com", true */ 's', 'i', 'r', 'b', 'u', 'r', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "sirena.co.jp", true */ 's', 'i', 'r', 'e', 'n', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "sirenslove.com", true */ 's', 'i', 'r', 'e', 'n', 's', 'l', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "siriuspup.com", true */ 's', 'i', 'r', 'i', 'u', 's', 'p', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "siroop.ch", true */ 's', 'i', 'r', 'o', 'o', 'p', '.', 'c', 'h', '\0', + /* "sirtaptap.com", true */ 's', 'i', 'r', 't', 'a', 'p', 't', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "sirtuins.com", true */ 's', 'i', 'r', 't', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "sistel.es", true */ 's', 'i', 's', 't', 'e', 'l', '.', 'e', 's', '\0', + /* "sistem-maklumat.com", true */ 's', 'i', 's', 't', 'e', 'm', '-', 'm', 'a', 'k', 'l', 'u', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "sistem-maklumat.com.my", true */ 's', 'i', 's', 't', 'e', 'm', '-', 'm', 'a', 'k', 'l', 'u', 'm', 'a', 't', '.', 'c', 'o', 'm', '.', 'm', 'y', '\0', + /* "sistemy48.ru", false */ 's', 'i', 's', 't', 'e', 'm', 'y', '4', '8', '.', 'r', 'u', '\0', + /* "sistersurprise.de", true */ 's', 'i', 's', 't', 'e', 'r', 's', 'u', 'r', 'p', 'r', 'i', 's', 'e', '.', 'd', 'e', '\0', + /* "sistimiki-anaparastasi.gr", true */ 's', 'i', 's', 't', 'i', 'm', 'i', 'k', 'i', '-', 'a', 'n', 'a', 'p', 'a', 'r', 'a', 's', 't', 'a', 's', 'i', '.', 'g', 'r', '\0', + /* "sisv.eu", true */ 's', 'i', 's', 'v', '.', 'e', 'u', '\0', + /* "sit-brn.ru", true */ 's', 'i', 't', '-', 'b', 'r', 'n', '.', 'r', 'u', '\0', + /* "sit.ec", true */ 's', 'i', 't', '.', 'e', 'c', '\0', + /* "sitc.sk", true */ 's', 'i', 't', 'c', '.', 's', 'k', '\0', + /* "sitecloudify.com", true */ 's', 'i', 't', 'e', 'c', 'l', 'o', 'u', 'd', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "sitecuatui.com", true */ 's', 'i', 't', 'e', 'c', 'u', 'a', 't', 'u', 'i', '.', 'c', 'o', 'm', '\0', + /* "sitedrive.fi", true */ 's', 'i', 't', 'e', 'd', 'r', 'i', 'v', 'e', '.', 'f', 'i', '\0', + /* "sitehoster.org", true */ 's', 'i', 't', 'e', 'h', 'o', 's', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "siterencontre.me", true */ 's', 'i', 't', 'e', 'r', 'e', 'n', 'c', 'o', 'n', 't', 'r', 'e', '.', 'm', 'e', '\0', + /* "sites.google.com", true */ 's', 'i', 't', 'e', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "sitesko.de", true */ 's', 'i', 't', 'e', 's', 'k', 'o', '.', 'd', 'e', '\0', + /* "sitsy.ru", false */ 's', 'i', 't', 's', 'y', '.', 'r', 'u', '\0', + /* "sivyerge.com", true */ 's', 'i', 'v', 'y', 'e', 'r', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "sixpackholubice.cz", true */ 's', 'i', 'x', 'p', 'a', 'c', 'k', 'h', 'o', 'l', 'u', 'b', 'i', 'c', 'e', '.', 'c', 'z', '\0', + /* "sixtwentyten.com", true */ 's', 'i', 'x', 't', 'w', 'e', 'n', 't', 'y', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "sj-leisure.com", true */ 's', 'j', '-', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "sja-se-training.com", true */ 's', 'j', 'a', '-', 's', 'e', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "sjd.is", true */ 's', 'j', 'd', '.', 'i', 's', '\0', + /* "sjdaws.com", true */ 's', 'j', 'd', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "sjleisure.co.uk", true */ 's', 'j', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sjoorm.com", true */ 's', 'j', 'o', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "sjsc.fr", true */ 's', 'j', 's', 'c', '.', 'f', 'r', '\0', + /* "sk-net.cz", true */ 's', 'k', '-', 'n', 'e', 't', '.', 'c', 'z', '\0', + /* "skanvordoff.ru", true */ 's', 'k', 'a', 'n', 'v', 'o', 'r', 'd', 'o', 'f', 'f', '.', 'r', 'u', '\0', + /* "skarox.com", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "skarox.ee", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'e', 'e', '\0', + /* "skarox.eu", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'e', 'u', '\0', + /* "skarox.net", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "skatclub-beratzhausen.de", true */ 's', 'k', 'a', 't', 'c', 'l', 'u', 'b', '-', 'b', 'e', 'r', 'a', 't', 'z', 'h', 'a', 'u', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "skates.guru", true */ 's', 'k', 'a', 't', 'e', 's', '.', 'g', 'u', 'r', 'u', '\0', + /* "skatingchina.com", true */ 's', 'k', 'a', 't', 'i', 'n', 'g', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "skatn.de", true */ 's', 'k', 'a', 't', 'n', '.', 'd', 'e', '\0', + /* "skazka.ru", true */ 's', 'k', 'a', 'z', 'k', 'a', '.', 'r', 'u', '\0', + /* "skday.com", true */ 's', 'k', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "skeeley.com", true */ 's', 'k', 'e', 'e', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "skei.org", true */ 's', 'k', 'e', 'i', '.', 'o', 'r', 'g', '\0', + /* "skepticalsports.com", true */ 's', 'k', 'e', 'p', 't', 'i', 'c', 'a', 'l', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "sketchmyroom.com", true */ 's', 'k', 'e', 't', 'c', 'h', 'm', 'y', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "sketchywebsite.net", true */ 's', 'k', 'e', 't', 'c', 'h', 'y', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "skhire.co.uk", true */ 's', 'k', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "skhoop.cz", true */ 's', 'k', 'h', 'o', 'o', 'p', '.', 'c', 'z', '\0', + /* "skia.org", false */ 's', 'k', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "skifairview.com", true */ 's', 'k', 'i', 'f', 'a', 'i', 'r', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "skigebied.nl", true */ 's', 'k', 'i', 'g', 'e', 'b', 'i', 'e', 'd', '.', 'n', 'l', '\0', + /* "skigebiete-test.de", true */ 's', 'k', 'i', 'g', 'e', 'b', 'i', 'e', 't', 'e', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "skile.ru", true */ 's', 'k', 'i', 'l', 'e', '.', 'r', 'u', '\0', + /* "skilldetector.com", true */ 's', 'k', 'i', 'l', 'l', 'd', 'e', 't', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "skilletfood.com", true */ 's', 'k', 'i', 'l', 'l', 'e', 't', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "skillled.com", true */ 's', 'k', 'i', 'l', 'l', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "skills2services.com", true */ 's', 'k', 'i', 'l', 'l', 's', '2', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "skillseo.com", true */ 's', 'k', 'i', 'l', 'l', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "skimming.net", true */ 's', 'k', 'i', 'm', 'm', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "skinbet.co", true */ 's', 'k', 'i', 'n', 'b', 'e', 't', '.', 'c', 'o', '\0', + /* "skincases.co", true */ 's', 'k', 'i', 'n', 'c', 'a', 's', 'e', 's', '.', 'c', 'o', '\0', + /* "skincontracts.co", true */ 's', 'k', 'i', 'n', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 's', '.', 'c', 'o', '\0', + /* "sking.io", true */ 's', 'k', 'i', 'n', 'g', '.', 'i', 'o', '\0', + /* "skingame.co", true */ 's', 'k', 'i', 'n', 'g', 'a', 'm', 'e', '.', 'c', 'o', '\0', + /* "skingames.co", true */ 's', 'k', 'i', 'n', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '\0', + /* "skinmarket.co", true */ 's', 'k', 'i', 'n', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', '\0', + /* "skinpwrd.com", true */ 's', 'k', 'i', 'n', 'p', 'w', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "skins.net", true */ 's', 'k', 'i', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "skipfault.com", true */ 's', 'k', 'i', 'p', 'f', 'a', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "skipperinnovations.com", true */ 's', 'k', 'i', 'p', 'p', 'e', 'r', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "skischule-wildewiese.de", true */ 's', 'k', 'i', 's', 'c', 'h', 'u', 'l', 'e', '-', 'w', 'i', 'l', 'd', 'e', 'w', 'i', 'e', 's', 'e', '.', 'd', 'e', '\0', + /* "skks.cz", true */ 's', 'k', 'k', 's', '.', 'c', 'z', '\0', + /* "sklepsamsung.pl", true */ 's', 'k', 'l', 'e', 'p', 's', 'a', 'm', 's', 'u', 'n', 'g', '.', 'p', 'l', '\0', + /* "sklotechnik.cz", true */ 's', 'k', 'l', 'o', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'c', 'z', '\0', + /* "skocia.net", true */ 's', 'k', 'o', 'c', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "skoda-im-dialog.de", true */ 's', 'k', 'o', 'd', 'a', '-', 'i', 'm', '-', 'd', 'i', 'a', 'l', 'o', 'g', '.', 'd', 'e', '\0', + /* "skogsbruket.fi", true */ 's', 'k', 'o', 'g', 's', 'b', 'r', 'u', 'k', 'e', 't', '.', 'f', 'i', '\0', + /* "skogskultur.fi", true */ 's', 'k', 'o', 'g', 's', 'k', 'u', 'l', 't', 'u', 'r', '.', 'f', 'i', '\0', + /* "skol.bzh", true */ 's', 'k', 'o', 'l', '.', 'b', 'z', 'h', '\0', + /* "skolem.de", true */ 's', 'k', 'o', 'l', 'e', 'm', '.', 'd', 'e', '\0', + /* "skoleniphp.cz", true */ 's', 'k', 'o', 'l', 'e', 'n', 'i', 'p', 'h', 'p', '.', 'c', 'z', '\0', + /* "skommettiamo.it", true */ 's', 'k', 'o', 'm', 'm', 'e', 't', 't', 'i', 'a', 'm', 'o', '.', 'i', 't', '\0', + /* "skontakt.cz", true */ 's', 'k', 'o', 'n', 't', 'a', 'k', 't', '.', 'c', 'z', '\0', + /* "skontorp-enterprise.no", true */ 's', 'k', 'o', 'n', 't', 'o', 'r', 'p', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', '.', 'n', 'o', '\0', + /* "skortekaas.nl", false */ 's', 'k', 'o', 'r', 't', 'e', 'k', 'a', 'a', 's', '.', 'n', 'l', '\0', + /* "skory.us", true */ 's', 'k', 'o', 'r', 'y', '.', 'u', 's', '\0', + /* "skou.dk", true */ 's', 'k', 'o', 'u', '.', 'd', 'k', '\0', + /* "skram.de", true */ 's', 'k', 'r', 'a', 'm', '.', 'd', 'e', '\0', + /* "skryptersi.pl", true */ 's', 'k', 'r', 'y', 'p', 't', 'e', 'r', 's', 'i', '.', 'p', 'l', '\0', + /* "sktan.com", true */ 's', 'k', 't', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "sktsolution.com", false */ 's', 'k', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "skuldwyrm.no", true */ 's', 'k', 'u', 'l', 'd', 'w', 'y', 'r', 'm', '.', 'n', 'o', '\0', + /* "skwile-cafe.com", true */ 's', 'k', 'w', 'i', 'l', 'e', '-', 'c', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "skyanchor.com", true */ 's', 'k', 'y', 'a', 'n', 'c', 'h', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "skybound.link", true */ 's', 'k', 'y', 'b', 'o', 'u', 'n', 'd', '.', 'l', 'i', 'n', 'k', '\0', + /* "skydragoness.com", true */ 's', 'k', 'y', 'd', 'r', 'a', 'g', 'o', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "skydrive.live.com", false */ 's', 'k', 'y', 'd', 'r', 'i', 'v', 'e', '.', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "skylgenet.nl", true */ 's', 'k', 'y', 'l', 'g', 'e', 'n', 'e', 't', '.', 'n', 'l', '\0', + /* "skylightcreative.com.au", true */ 's', 'k', 'y', 'l', 'i', 'g', 'h', 't', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "skylinertech.com", true */ 's', 'k', 'y', 'l', 'i', 'n', 'e', 'r', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "skylineservers.com", true */ 's', 'k', 'y', 'l', 'i', 'n', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "skyloisirs.ch", true */ 's', 'k', 'y', 'l', 'o', 'i', 's', 'i', 'r', 's', '.', 'c', 'h', '\0', + /* "skyminds.net", true */ 's', 'k', 'y', 'm', 'i', 'n', 'd', 's', '.', 'n', 'e', 't', '\0', + /* "skynet233.ch", true */ 's', 'k', 'y', 'n', 'e', 't', '2', '3', '3', '.', 'c', 'h', '\0', + /* "skynetnetwork.eu.org", true */ 's', 'k', 'y', 'n', 'e', 't', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "skynetz.tk", true */ 's', 'k', 'y', 'n', 'e', 't', 'z', '.', 't', 'k', '\0', + /* "skype.com", true */ 's', 'k', 'y', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "skypoker.com", true */ 's', 'k', 'y', 'p', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "skyquid.co.uk", true */ 's', 'k', 'y', 'q', 'u', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "skyris.co", true */ 's', 'k', 'y', 'r', 'i', 's', '.', 'c', 'o', '\0', + /* "skys-entertainment.com", true */ 's', 'k', 'y', 's', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "skysuite.nl", true */ 's', 'k', 'y', 's', 'u', 'i', 't', 'e', '.', 'n', 'l', '\0', + /* "skyvault.io", true */ 's', 'k', 'y', 'v', 'a', 'u', 'l', 't', '.', 'i', 'o', '\0', + /* "skyzimba.com.br", true */ 's', 'k', 'y', 'z', 'i', 'm', 'b', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sl0.us", true */ 's', 'l', '0', '.', 'u', 's', '\0', + /* "slack-files.com", true */ 's', 'l', 'a', 'c', 'k', '-', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "slack.com", true */ 's', 'l', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "sladic.si", false */ 's', 'l', 'a', 'd', 'i', 'c', '.', 's', 'i', '\0', + /* "slainvet.net", true */ 's', 'l', 'a', 'i', 'n', 'v', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "slamdjapan.com", true */ 's', 'l', 'a', 'm', 'd', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "slamix.nl", true */ 's', 'l', 'a', 'm', 'i', 'x', '.', 'n', 'l', '\0', + /* "slane.cn", true */ 's', 'l', 'a', 'n', 'e', '.', 'c', 'n', '\0', + /* "slangbellor.com", true */ 's', 'l', 'a', 'n', 'g', 'b', 'e', 'l', 'l', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "slapen17.nl", true */ 's', 'l', 'a', 'p', 'e', 'n', '1', '7', '.', 'n', 'l', '\0', + /* "slash32.co.uk", true */ 's', 'l', 'a', 's', 'h', '3', '2', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "slash64.co.uk", true */ 's', 'l', 'a', 's', 'h', '6', '4', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "slash64.com", true */ 's', 'l', 'a', 's', 'h', '6', '4', '.', 'c', 'o', 'm', '\0', + /* "slash64.uk", true */ 's', 'l', 'a', 's', 'h', '6', '4', '.', 'u', 'k', '\0', + /* "slashbits.no", true */ 's', 'l', 'a', 's', 'h', 'b', 'i', 't', 's', '.', 'n', 'o', '\0', + /* "slatemc.fun", true */ 's', 'l', 'a', 't', 'e', 'm', 'c', '.', 'f', 'u', 'n', '\0', + /* "slatop.org", true */ 's', 'l', 'a', 't', 'o', 'p', '.', 'o', 'r', 'g', '\0', + /* "slaughter.com", true */ 's', 'l', 'a', 'u', 'g', 'h', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "slaughterhouse.fr", true */ 's', 'l', 'a', 'u', 'g', 'h', 't', 'e', 'r', 'h', 'o', 'u', 's', 'e', '.', 'f', 'r', '\0', + /* "slavasveta.info", true */ 's', 'l', 'a', 'v', 'a', 's', 'v', 'e', 't', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "slaws.io", true */ 's', 'l', 'a', 'w', 's', '.', 'i', 'o', '\0', + /* "sleeplessbeastie.eu", true */ 's', 'l', 'e', 'e', 'p', 'l', 'e', 's', 's', 'b', 'e', 'a', 's', 't', 'i', 'e', '.', 'e', 'u', '\0', + /* "sleepmap.de", true */ 's', 'l', 'e', 'e', 'p', 'm', 'a', 'p', '.', 'd', 'e', '\0', + /* "sleepstar.co.uk", true */ 's', 'l', 'e', 'e', 'p', 's', 't', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sleepstar.de", true */ 's', 'l', 'e', 'e', 'p', 's', 't', 'a', 'r', '.', 'd', 'e', '\0', + /* "sleio.com", true */ 's', 'l', 'e', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "slever.cz", true */ 's', 'l', 'e', 'v', 'e', 'r', '.', 'c', 'z', '\0', + /* "slevermann.de", true */ 's', 'l', 'e', 'v', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "slevomat.cz", true */ 's', 'l', 'e', 'v', 'o', 'm', 'a', 't', '.', 'c', 'z', '\0', + /* "sliceone.com", true */ 's', 'l', 'i', 'c', 'e', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "slicklines.co.uk", true */ 's', 'l', 'i', 'c', 'k', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "slidebatch.com", true */ 's', 'l', 'i', 'd', 'e', 'b', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "slides.zone", true */ 's', 'l', 'i', 'd', 'e', 's', '.', 'z', 'o', 'n', 'e', '\0', + /* "slik.ai", true */ 's', 'l', 'i', 'k', '.', 'a', 'i', '\0', + /* "slimk1nd.nl", true */ 's', 'l', 'i', 'm', 'k', '1', 'n', 'd', '.', 'n', 'l', '\0', + /* "slimmerbouwen.be", true */ 's', 'l', 'i', 'm', 'm', 'e', 'r', 'b', 'o', 'u', 'w', 'e', 'n', '.', 'b', 'e', '\0', + /* "slimspots.com", true */ 's', 'l', 'i', 'm', 's', 'p', 'o', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "slingo-sta.com", true */ 's', 'l', 'i', 'n', 'g', 'o', '-', 's', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "slingo.com", true */ 's', 'l', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "slingooriginals.com", true */ 's', 'l', 'i', 'n', 'g', 'o', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "slingoweb.com", true */ 's', 'l', 'i', 'n', 'g', 'o', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "slink.hr", true */ 's', 'l', 'i', 'n', 'k', '.', 'h', 'r', '\0', + /* "slip-gaming.tk", true */ 's', 'l', 'i', 'p', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 't', 'k', '\0', + /* "slneighbors.org", true */ 's', 'l', 'n', 'e', 'i', 'g', 'h', 'b', 'o', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "slo-net.net", true */ 's', 'l', 'o', '-', 'n', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "slo-tech.com", true */ 's', 'l', 'o', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "sloancom.com", true */ 's', 'l', 'o', 'a', 'n', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "slopeedge.com", true */ 's', 'l', 'o', 'p', 'e', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "slotboss.co.uk", true */ 's', 'l', 'o', 't', 'b', 'o', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "slotcar.com", false */ 's', 'l', 'o', 't', 'c', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "slotfara.com", true */ 's', 'l', 'o', 't', 'f', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "slotfara.net", true */ 's', 'l', 'o', 't', 'f', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "sloths.org", true */ 's', 'l', 'o', 't', 'h', 's', '.', 'o', 'r', 'g', '\0', + /* "slotlist.info", true */ 's', 'l', 'o', 't', 'l', 'i', 's', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "slovenskycestovatel.sk", true */ 's', 'l', 'o', 'v', 'e', 'n', 's', 'k', 'y', 'c', 'e', 's', 't', 'o', 'v', 'a', 't', 'e', 'l', '.', 's', 'k', '\0', + /* "slow.zone", true */ 's', 'l', 'o', 'w', '.', 'z', 'o', 'n', 'e', '\0', + /* "slowb.ro", true */ 's', 'l', 'o', 'w', 'b', '.', 'r', 'o', '\0', + /* "slowfood.es", true */ 's', 'l', 'o', 'w', 'f', 'o', 'o', 'd', '.', 'e', 's', '\0', + /* "slowgames.xyz", true */ 's', 'l', 'o', 'w', 'g', 'a', 'm', 'e', 's', '.', 'x', 'y', 'z', '\0', + /* "slowsociety.org", true */ 's', 'l', 'o', 'w', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "slpower.com", true */ 's', 'l', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "slrd-isperih.com", true */ 's', 'l', 'r', 'd', '-', 'i', 's', 'p', 'e', 'r', 'i', 'h', '.', 'c', 'o', 'm', '\0', + /* "slse.ca", true */ 's', 'l', 's', 'e', '.', 'c', 'a', '\0', + /* "sluimann.de", true */ 's', 'l', 'u', 'i', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "sluitkampzeist.nl", false */ 's', 'l', 'u', 'i', 't', 'k', 'a', 'm', 'p', 'z', 'e', 'i', 's', 't', '.', 'n', 'l', '\0', + /* "slvh.fr", true */ 's', 'l', 'v', 'h', '.', 'f', 'r', '\0', + /* "slwilde.ca", true */ 's', 'l', 'w', 'i', 'l', 'd', 'e', '.', 'c', 'a', '\0', + /* "slxh.eu", true */ 's', 'l', 'x', 'h', '.', 'e', 'u', '\0', + /* "slxh.nl", true */ 's', 'l', 'x', 'h', '.', 'n', 'l', '\0', + /* "sm.ms", true */ 's', 'm', '.', 'm', 's', '\0', + /* "sm2016.ch", true */ 's', 'm', '2', '0', '1', '6', '.', 'c', 'h', '\0', + /* "sma-gift.com", true */ 's', 'm', 'a', '-', 'g', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "smackhappy.com", true */ 's', 'm', 'a', 'c', 'k', 'h', 'a', 'p', 'p', 'y', '.', 'c', 'o', 'm', '\0', + /* "smalldogbreeds.net", true */ 's', 'm', 'a', 'l', 'l', 'd', 'o', 'g', 'b', 'r', 'e', 'e', 'd', 's', '.', 'n', 'e', 't', '\0', + /* "smallhadroncollider.com", true */ 's', 'm', 'a', 'l', 'l', 'h', 'a', 'd', 'r', 'o', 'n', 'c', 'o', 'l', 'l', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "smallpath.me", true */ 's', 'm', 'a', 'l', 'l', 'p', 'a', 't', 'h', '.', 'm', 'e', '\0', + /* "smallplanet.ch", true */ 's', 'm', 'a', 'l', 'l', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'h', '\0', + /* "smalltalkconsulting.com", true */ 's', 'm', 'a', 'l', 'l', 't', 'a', 'l', 'k', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "smaltimento-rifiuti.org", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', '-', 'r', 'i', 'f', 'i', 'u', 't', 'i', '.', 'o', 'r', 'g', '\0', + /* "smaltimento.napoli.it", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', '.', 'n', 'a', 'p', 'o', 'l', 'i', '.', 'i', 't', '\0', + /* "smaltimentoamianto.latina.it", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', 'a', 'm', 'i', 'a', 'n', 't', 'o', '.', 'l', 'a', 't', 'i', 'n', 'a', '.', 'i', 't', '\0', + /* "smaltimentorifiuti.veneto.it", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', 'r', 'i', 'f', 'i', 'u', 't', 'i', '.', 'v', 'e', 'n', 'e', 't', 'o', '.', 'i', 't', '\0', + /* "smares.de", true */ 's', 'm', 'a', 'r', 'e', 's', '.', 'd', 'e', '\0', + /* "smart-cp.jp", true */ 's', 'm', 'a', 'r', 't', '-', 'c', 'p', '.', 'j', 'p', '\0', + /* "smart-informatics.com", true */ 's', 'm', 'a', 'r', 't', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "smart-shapes.co.uk", true */ 's', 'm', 'a', 'r', 't', '-', 's', 'h', 'a', 'p', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "smart-wohnen.net", true */ 's', 'm', 'a', 'r', 't', '-', 'w', 'o', 'h', 'n', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "smart.gov", true */ 's', 'm', 'a', 'r', 't', '.', 'g', 'o', 'v', '\0', + /* "smartairkey.com", true */ 's', 'm', 'a', 'r', 't', 'a', 'i', 'r', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "smartandcom.ch", true */ 's', 'm', 'a', 'r', 't', 'a', 'n', 'd', 'c', 'o', 'm', '.', 'c', 'h', '\0', + /* "smartandhappychild.ro", true */ 's', 'm', 'a', 'r', 't', 'a', 'n', 'd', 'h', 'a', 'p', 'p', 'y', 'c', 'h', 'i', 'l', 'd', '.', 'r', 'o', '\0', + /* "smartbiz.vn", true */ 's', 'm', 'a', 'r', 't', 'b', 'i', 'z', '.', 'v', 'n', '\0', + /* "smartcheck.gov", true */ 's', 'm', 'a', 'r', 't', 'c', 'h', 'e', 'c', 'k', '.', 'g', 'o', 'v', '\0', + /* "smartest-trading.com", true */ 's', 'm', 'a', 'r', 't', 'e', 's', 't', '-', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "smartfit.cz", true */ 's', 'm', 'a', 'r', 't', 'f', 'i', 't', '.', 'c', 'z', '\0', + /* "smartftp.com", true */ 's', 'm', 'a', 'r', 't', 'f', 't', 'p', '.', 'c', 'o', 'm', '\0', + /* "smarthdd.com", true */ 's', 'm', 'a', 'r', 't', 'h', 'd', 'd', '.', 'c', 'o', 'm', '\0', + /* "smarthinking.nl", true */ 's', 'm', 'a', 'r', 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "smarthouse.de", true */ 's', 'm', 'a', 'r', 't', 'h', 'o', 'u', 's', 'e', '.', 'd', 'e', '\0', + /* "smartit.pro", true */ 's', 'm', 'a', 'r', 't', 'i', 't', '.', 'p', 'r', 'o', '\0', + /* "smartjoin.style", true */ 's', 'm', 'a', 'r', 't', 'j', 'o', 'i', 'n', '.', 's', 't', 'y', 'l', 'e', '\0', + /* "smartlend.se", true */ 's', 'm', 'a', 'r', 't', 'l', 'e', 'n', 'd', '.', 's', 'e', '\0', + /* "smartlocksmith.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'c', 'k', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "smartlogreturns.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'g', 'r', 'e', 't', 'u', 'r', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "smartlogstock.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'g', 's', 't', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "smartlogtower.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'g', 't', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "smartmeal.ru", true */ 's', 'm', 'a', 'r', 't', 'm', 'e', 'a', 'l', '.', 'r', 'u', '\0', + /* "smartmessages.net", true */ 's', 'm', 'a', 'r', 't', 'm', 'e', 's', 's', 'a', 'g', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "smartmomsmartideas.com", true */ 's', 'm', 'a', 'r', 't', 'm', 'o', 'm', 's', 'm', 'a', 'r', 't', 'i', 'd', 'e', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "smartpass.government.ae", true */ 's', 'm', 'a', 'r', 't', 'p', 'a', 's', 's', '.', 'g', 'o', 'v', 'e', 'r', 'n', 'm', 'e', 'n', 't', '.', 'a', 'e', '\0', + /* "smartpolicingplatform.com", true */ 's', 'm', 'a', 'r', 't', 'p', 'o', 'l', 'i', 'c', 'i', 'n', 'g', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "smartrade.tech", true */ 's', 'm', 'a', 'r', 't', 'r', 'a', 'd', 'e', '.', 't', 'e', 'c', 'h', '\0', + /* "smartshiftme.com", true */ 's', 'm', 'a', 'r', 't', 's', 'h', 'i', 'f', 't', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "smartship.co.jp", true */ 's', 'm', 'a', 'r', 't', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "smartshoppers.es", true */ 's', 'm', 'a', 'r', 't', 's', 'h', 'o', 'p', 'p', 'e', 'r', 's', '.', 'e', 's', '\0', + /* "smartsparrow.com", true */ 's', 'm', 'a', 'r', 't', 's', 'p', 'a', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "smartvideo.io", true */ 's', 'm', 'a', 'r', 't', 'v', 'i', 'd', 'e', 'o', '.', 'i', 'o', '\0', + /* "smartviewing.com", true */ 's', 'm', 'a', 'r', 't', 'v', 'i', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "smartwelve.com", true */ 's', 'm', 'a', 'r', 't', 'w', 'e', 'l', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "smartwritingservice.com", true */ 's', 'm', 'a', 'r', 't', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "smartwurk.nl", true */ 's', 'm', 'a', 'r', 't', 'w', 'u', 'r', 'k', '.', 'n', 'l', '\0', + /* "smash-gg.club", true */ 's', 'm', 'a', 's', 'h', '-', 'g', 'g', '.', 'c', 'l', 'u', 'b', '\0', + /* "smatch.com", true */ 's', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "smb445.com", true */ 's', 'm', 'b', '4', '4', '5', '.', 'c', 'o', 'm', '\0', + /* "smdavis.us", true */ 's', 'm', 'd', 'a', 'v', 'i', 's', '.', 'u', 's', '\0', + /* "smdcn.net", true */ 's', 'm', 'd', 'c', 'n', '.', 'n', 'e', 't', '\0', + /* "sme-gmbh.net", true */ 's', 'm', 'e', '-', 'g', 'm', 'b', 'h', '.', 'n', 'e', 't', '\0', + /* "smeetsengraas.com", true */ 's', 'm', 'e', 'e', 't', 's', 'e', 'n', 'g', 'r', 'a', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "smeso.it", true */ 's', 'm', 'e', 's', 'o', '.', 'i', 't', '\0', + /* "smi-a.me", true */ 's', 'm', 'i', '-', 'a', '.', 'm', 'e', '\0', + /* "smiatek.name", true */ 's', 'm', 'i', 'a', 't', 'e', 'k', '.', 'n', 'a', 'm', 'e', '\0', + /* "smileandpay.com", true */ 's', 'm', 'i', 'l', 'e', 'a', 'n', 'd', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "smiledirectsales.com", true */ 's', 'm', 'i', 'l', 'e', 'd', 'i', 'r', 'e', 'c', 't', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "smilessoftplay.co.uk", true */ 's', 'm', 'i', 'l', 'e', 's', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "smime.io", true */ 's', 'm', 'i', 'm', 'e', '.', 'i', 'o', '\0', + /* "smimea.info", true */ 's', 'm', 'i', 'm', 'e', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "smipty.cn", true */ 's', 'm', 'i', 'p', 't', 'y', '.', 'c', 'n', '\0', + /* "smipty.com", true */ 's', 'm', 'i', 'p', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "smit.com.ua", true */ 's', 'm', 'i', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "smithandcanova.co.uk", false */ 's', 'm', 'i', 't', 'h', 'a', 'n', 'd', 'c', 'a', 'n', 'o', 'v', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "smkw.com", false */ 's', 'm', 'k', 'w', '.', 'c', 'o', 'm', '\0', + /* "smm.im", true */ 's', 'm', 'm', '.', 'i', 'm', '\0', + /* "smoo.st", true */ 's', 'm', 'o', 'o', '.', 's', 't', '\0', + /* "smoothgesturesplus.com", true */ 's', 'm', 'o', 'o', 't', 'h', 'g', 'e', 's', 't', 'u', 'r', 'e', 's', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "smoothics.at", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'a', 't', '\0', + /* "smoothics.com", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "smoothics.eu", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'e', 'u', '\0', + /* "smoothics.mobi", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'm', 'o', 'b', 'i', '\0', + /* "smoothics.net", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'n', 'e', 't', '\0', + /* "smorgasblog.ie", true */ 's', 'm', 'o', 'r', 'g', 'a', 's', 'b', 'l', 'o', 'g', '.', 'i', 'e', '\0', + /* "smow.com", true */ 's', 'm', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "smow.de", true */ 's', 'm', 'o', 'w', '.', 'd', 'e', '\0', + /* "smpetrey.com", true */ 's', 'm', 'p', 'e', 't', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "sms1.ro", true */ 's', 'm', 's', '1', '.', 'r', 'o', '\0', + /* "smsappointment.com", true */ 's', 'm', 's', 'a', 'p', 'p', 'o', 'i', 'n', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "smsg-dev.ch", true */ 's', 'm', 's', 'g', '-', 'd', 'e', 'v', '.', 'c', 'h', '\0', + /* "smskeywords.co.uk", true */ 's', 'm', 's', 'k', 'e', 'y', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "smsprivacy.org", true */ 's', 'm', 's', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'o', 'r', 'g', '\0', + /* "smuncensored.com", true */ 's', 'm', 'u', 'n', 'c', 'e', 'n', 's', 'o', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "smutba.se", true */ 's', 'm', 'u', 't', 'b', 'a', '.', 's', 'e', '\0', + /* "smutek.net", true */ 's', 'm', 'u', 't', 'e', 'k', '.', 'n', 'e', 't', '\0', + /* "snafarms.com", true */ 's', 'n', 'a', 'f', 'a', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "snafu.cz", true */ 's', 'n', 'a', 'f', 'u', '.', 'c', 'z', '\0', + /* "snakafya.com", true */ 's', 'n', 'a', 'k', 'a', 'f', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "snake.dog", true */ 's', 'n', 'a', 'k', 'e', '.', 'd', 'o', 'g', '\0', + /* "snap.com", true */ 's', 'n', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "snapappointments.com", true */ 's', 'n', 'a', 'p', 'a', 'p', 'p', 'o', 'i', 'n', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "snapappts.com", true */ 's', 'n', 'a', 'p', 'a', 'p', 'p', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "snapfinance.com", true */ 's', 'n', 'a', 'p', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "snapserv.ch", true */ 's', 'n', 'a', 'p', 's', 'e', 'r', 'v', '.', 'c', 'h', '\0', + /* "snapserv.net", true */ 's', 'n', 'a', 'p', 's', 'e', 'r', 'v', '.', 'n', 'e', 't', '\0', + /* "snaptools.io", true */ 's', 'n', 'a', 'p', 't', 'o', 'o', 'l', 's', '.', 'i', 'o', '\0', + /* "snarf.in", true */ 's', 'n', 'a', 'r', 'f', '.', 'i', 'n', '\0', + /* "snatch.com.ua", true */ 's', 'n', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "snazel.co.uk", true */ 's', 'n', 'a', 'z', 'e', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "snazzie.nl", true */ 's', 'n', 'a', 'z', 'z', 'i', 'e', '.', 'n', 'l', '\0', + /* "sncdn.com", true */ 's', 'n', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0', + /* "sndbouncycastles.co.uk", true */ 's', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sneak.berlin", true */ 's', 'n', 'e', 'a', 'k', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0', + /* "sneaker.date", true */ 's', 'n', 'e', 'a', 'k', 'e', 'r', '.', 'd', 'a', 't', 'e', '\0', + /* "sneakpod.de", true */ 's', 'n', 'e', 'a', 'k', 'p', 'o', 'd', '.', 'd', 'e', '\0', + /* "sneakynote.com", true */ 's', 'n', 'e', 'a', 'k', 'y', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "sneakypaw.com", true */ 's', 'n', 'e', 'a', 'k', 'y', 'p', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "sneberger.cz", false */ 's', 'n', 'e', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'z', '\0', + /* "sneed.company", true */ 's', 'n', 'e', 'e', 'd', '.', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '\0', + /* "sneed.it", true */ 's', 'n', 'e', 'e', 'd', '.', 'i', 't', '\0', + /* "sneedit.com", true */ 's', 'n', 'e', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "sneedit.de", true */ 's', 'n', 'e', 'e', 'd', 'i', 't', '.', 'd', 'e', '\0', + /* "sneeuwhoogtes.eu", true */ 's', 'n', 'e', 'e', 'u', 'w', 'h', 'o', 'o', 'g', 't', 'e', 's', '.', 'e', 'u', '\0', + /* "sneezry.com", true */ 's', 'n', 'e', 'e', 'z', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "snel4u.nl", true */ 's', 'n', 'e', 'l', '4', 'u', '.', 'n', 'l', '\0', + /* "snelbv.nl", true */ 's', 'n', 'e', 'l', 'b', 'v', '.', 'n', 'l', '\0', + /* "snelshops.nl", true */ 's', 'n', 'e', 'l', 's', 'h', 'o', 'p', 's', '.', 'n', 'l', '\0', + /* "snelwebshop.nl", true */ 's', 'n', 'e', 'l', 'w', 'e', 'b', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0', + /* "snelxboxlivegold.nl", true */ 's', 'n', 'e', 'l', 'x', 'b', 'o', 'x', 'l', 'i', 'v', 'e', 'g', 'o', 'l', 'd', '.', 'n', 'l', '\0', + /* "snerith.com", true */ 's', 'n', 'e', 'r', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "snfdata.com", false */ 's', 'n', 'f', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "sniderman.eu.org", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0', + /* "sniderman.pro", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'p', 'r', 'o', '\0', + /* "sniderman.us", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'u', 's', '\0', + /* "sniderman.xyz", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'x', 'y', 'z', '\0', + /* "sniep.net", true */ 's', 'n', 'i', 'e', 'p', '.', 'n', 'e', 't', '\0', + /* "snight.co", true */ 's', 'n', 'i', 'g', 'h', 't', '.', 'c', 'o', '\0', + /* "snille.com", true */ 's', 'n', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "snip.run", true */ 's', 'n', 'i', 'p', '.', 'r', 'u', 'n', '\0', + /* "snl.no", true */ 's', 'n', 'l', '.', 'n', 'o', '\0', + /* "snod.land", true */ 's', 'n', 'o', 'd', '.', 'l', 'a', 'n', 'd', '\0', + /* "snote.io", true */ 's', 'n', 'o', 't', 'e', '.', 'i', 'o', '\0', + /* "snoupon.com", true */ 's', 'n', 'o', 'u', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "snovey.com", true */ 's', 'n', 'o', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "snow-online.com", true */ 's', 'n', 'o', 'w', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "snow-online.de", true */ 's', 'n', 'o', 'w', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "snow.dog", true */ 's', 'n', 'o', 'w', '.', 'd', 'o', 'g', '\0', + /* "snowalerts.eu", true */ 's', 'n', 'o', 'w', 'a', 'l', 'e', 'r', 't', 's', '.', 'e', 'u', '\0', + /* "snowalerts.nl", true */ 's', 'n', 'o', 'w', 'a', 'l', 'e', 'r', 't', 's', '.', 'n', 'l', '\0', + /* "snowchamps.nl", true */ 's', 'n', 'o', 'w', 'c', 'h', 'a', 'm', 'p', 's', '.', 'n', 'l', '\0', + /* "snowcrestdesign.com", true */ 's', 'n', 'o', 'w', 'c', 'r', 'e', 's', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "snowdy.dk", true */ 's', 'n', 'o', 'w', 'd', 'y', '.', 'd', 'k', '\0', + /* "snowdy.link", true */ 's', 'n', 'o', 'w', 'd', 'y', '.', 'l', 'i', 'n', 'k', '\0', + /* "snowhaze.ch", true */ 's', 'n', 'o', 'w', 'h', 'a', 'z', 'e', '.', 'c', 'h', '\0', + /* "snowhaze.com", true */ 's', 'n', 'o', 'w', 'h', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0', + /* "snowplane.net", true */ 's', 'n', 'o', 'w', 'p', 'l', 'a', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "snowraven.de", true */ 's', 'n', 'o', 'w', 'r', 'a', 'v', 'e', 'n', '.', 'd', 'e', '\0', + /* "snrub.co", true */ 's', 'n', 'r', 'u', 'b', '.', 'c', 'o', '\0', + /* "snuff.porn", true */ 's', 'n', 'u', 'f', 'f', '.', 'p', 'o', 'r', 'n', '\0', + /* "snughealth.org.uk", true */ 's', 'n', 'u', 'g', 'h', 'e', 'a', 'l', 't', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "sny.no", true */ 's', 'n', 'y', '.', 'n', 'o', '\0', + /* "so-healthy.co.uk", true */ 's', 'o', '-', 'h', 'e', 'a', 'l', 't', 'h', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "so.is-a-cpa.com", true */ 's', 'o', '.', 'i', 's', '-', 'a', '-', 'c', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "soapitup.com.au", true */ 's', 'o', 'a', 'p', 'i', 't', 'u', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "sobaya-gohei.com", true */ 's', 'o', 'b', 'a', 'y', 'a', '-', 'g', 'o', 'h', 'e', 'i', '.', 'c', 'o', 'm', '\0', + /* "sobelift.com", true */ 's', 'o', 'b', 'e', 'l', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "sobie.ch", true */ 's', 'o', 'b', 'i', 'e', '.', 'c', 'h', '\0', + /* "sobieray.dyndns.org", true */ 's', 'o', 'b', 'i', 'e', 'r', 'a', 'y', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "sobinski.pl", false */ 's', 'o', 'b', 'i', 'n', 's', 'k', 'i', '.', 'p', 'l', '\0', + /* "sobotkama.eu", true */ 's', 'o', 'b', 'o', 't', 'k', 'a', 'm', 'a', '.', 'e', 'u', '\0', + /* "soc.net", true */ 's', 'o', 'c', '.', 'n', 'e', 't', '\0', + /* "socal-babes.com", true */ 's', 'o', 'c', 'a', 'l', '-', 'b', 'a', 'b', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "soccersavings.com", true */ 's', 'o', 'c', 'c', 'e', 'r', 's', 'a', 'v', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "soccorso-stradale.org", true */ 's', 'o', 'c', 'c', 'o', 'r', 's', 'o', '-', 's', 't', 'r', 'a', 'd', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "sochi-sochno.ru", true */ 's', 'o', 'c', 'h', 'i', '-', 's', 'o', 'c', 'h', 'n', 'o', '.', 'r', 'u', '\0', + /* "soci.ml", true */ 's', 'o', 'c', 'i', '.', 'm', 'l', '\0', + /* "social-events.net", false */ 's', 'o', 'c', 'i', 'a', 'l', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0', + /* "social-media-strategies.it", true */ 's', 'o', 'c', 'i', 'a', 'l', '-', 'm', 'e', 'd', 'i', 'a', '-', 's', 't', 'r', 'a', 't', 'e', 'g', 'i', 'e', 's', '.', 'i', 't', '\0', + /* "socialdj.de", true */ 's', 'o', 'c', 'i', 'a', 'l', 'd', 'j', '.', 'd', 'e', '\0', + /* "socialhams.net", true */ 's', 'o', 'c', 'i', 'a', 'l', 'h', 'a', 'm', 's', '.', 'n', 'e', 't', '\0', + /* "socialmedia.ro", true */ 's', 'o', 'c', 'i', 'a', 'l', 'm', 'e', 'd', 'i', 'a', '.', 'r', 'o', '\0', + /* "socialnitro.com", true */ 's', 'o', 'c', 'i', 'a', 'l', 'n', 'i', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "socialnous.co", true */ 's', 'o', 'c', 'i', 'a', 'l', 'n', 'o', 'u', 's', '.', 'c', 'o', '\0', + /* "socialrank.com", true */ 's', 'o', 'c', 'i', 'a', 'l', 'r', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "socialsecurity.gov", false */ 's', 'o', 'c', 'i', 'a', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0', + /* "socialweblearning.com", true */ 's', 'o', 'c', 'i', 'a', 'l', 'w', 'e', 'b', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "societyhilldance.com", true */ 's', 'o', 'c', 'i', 'e', 't', 'y', 'h', 'i', 'l', 'l', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "socioambiental.org", true */ 's', 'o', 'c', 'i', 'o', 'a', 'm', 'b', 'i', 'e', 'n', 't', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "sociobiology.com", true */ 's', 'o', 'c', 'i', 'o', 'b', 'i', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "sociopathy.org", true */ 's', 'o', 'c', 'i', 'o', 'p', 'a', 't', 'h', 'y', '.', 'o', 'r', 'g', '\0', + /* "sockeye.io", true */ 's', 'o', 'c', 'k', 'e', 'y', 'e', '.', 'i', 'o', '\0', + /* "sockscap64.com", true */ 's', 'o', 'c', 'k', 's', 'c', 'a', 'p', '6', '4', '.', 'c', 'o', 'm', '\0', + /* "socoastal.com", true */ 's', 'o', 'c', 'o', 'a', 's', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "sodafilm.de", true */ 's', 'o', 'd', 'a', 'f', 'i', 'l', 'm', '.', 'd', 'e', '\0', + /* "sodexam.pro", true */ 's', 'o', 'd', 'e', 'x', 'a', 'm', '.', 'p', 'r', 'o', '\0', + /* "sodi.nl", true */ 's', 'o', 'd', 'i', '.', 'n', 'l', '\0', + /* "sodiao.cc", true */ 's', 'o', 'd', 'i', 'a', 'o', '.', 'c', 'c', '\0', + /* "soe-server.com", true */ 's', 'o', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sofa-rockers.org", true */ 's', 'o', 'f', 'a', '-', 'r', 'o', 'c', 'k', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "sofabedshop.de", true */ 's', 'o', 'f', 'a', 'b', 'e', 'd', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0', + /* "sofiavanmoorsel.com", true */ 's', 'o', 'f', 'i', 'a', 'v', 'a', 'n', 'm', 'o', 'o', 'r', 's', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "sofort.com", true */ 's', 'o', 'f', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "sofortueberweisung.de", true */ 's', 'o', 'f', 'o', 'r', 't', 'u', 'e', 'b', 'e', 'r', 'w', 'e', 'i', 's', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "softandbouncy.co.uk", true */ 's', 'o', 'f', 't', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "softanka.com", true */ 's', 'o', 'f', 't', 'a', 'n', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "softballrampage.com", true */ 's', 'o', 'f', 't', 'b', 'a', 'l', 'l', 'r', 'a', 'm', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "softclean.pt", true */ 's', 'o', 'f', 't', 'c', 'l', 'e', 'a', 'n', '.', 'p', 't', '\0', + /* "softcreatr.de", true */ 's', 'o', 'f', 't', 'c', 'r', 'e', 'a', 't', 'r', '.', 'd', 'e', '\0', + /* "softplay4hire.co.uk", true */ 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '4', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "softplaynation.co.uk", true */ 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "softprayog.in", true */ 's', 'o', 'f', 't', 'p', 'r', 'a', 'y', 'o', 'g', '.', 'i', 'n', '\0', + /* "softrobot.se", true */ 's', 'o', 'f', 't', 'r', 'o', 'b', 'o', 't', '.', 's', 'e', '\0', + /* "softtennis-zenei.com", true */ 's', 'o', 'f', 't', 't', 'e', 'n', 'n', 'i', 's', '-', 'z', 'e', 'n', 'e', 'i', '.', 'c', 'o', 'm', '\0', + /* "software.rocks", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "softwarebetrieb.de", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'b', 'e', 't', 'r', 'i', 'e', 'b', '.', 'd', 'e', '\0', + /* "softwaredesign.foundation", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '\0', + /* "softwarevoortherapeuten.nl", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'v', 'o', 'o', 'r', 't', 'h', 'e', 'r', 'a', 'p', 'e', 'u', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "softwerk-edv.de", true */ 's', 'o', 'f', 't', 'w', 'e', 'r', 'k', '-', 'e', 'd', 'v', '.', 'd', 'e', '\0', + /* "sogola.com", true */ 's', 'o', 'g', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "sogravatas.com.br", true */ 's', 'o', 'g', 'r', 'a', 'v', 'a', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sogutma.com.tr", true */ 's', 'o', 'g', 'u', 't', 'm', 'a', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "soia.ca", true */ 's', 'o', 'i', 'a', '.', 'c', 'a', '\0', + /* "soinvett.com", true */ 's', 'o', 'i', 'n', 'v', 'e', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "soju.fi", true */ 's', 'o', 'j', 'u', '.', 'f', 'i', '\0', + /* "sokche.com", true */ 's', 'o', 'k', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "sokietech.com", true */ 's', 'o', 'k', 'i', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "sokkenhoek.nl", true */ 's', 'o', 'k', 'k', 'e', 'n', 'h', 'o', 'e', 'k', '.', 'n', 'l', '\0', + /* "sokolkarvina.cz", true */ 's', 'o', 'k', 'o', 'l', 'k', 'a', 'r', 'v', 'i', 'n', 'a', '.', 'c', 'z', '\0', + /* "sol-computers.es", true */ 's', 'o', 'l', '-', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'e', 's', '\0', + /* "sol24.net", true */ 's', 'o', 'l', '2', '4', '.', 'n', 'e', 't', '\0', + /* "solacyre.ch", true */ 's', 'o', 'l', 'a', 'c', 'y', 'r', 'e', '.', 'c', 'h', '\0', + /* "solanum-games.com", true */ 's', 'o', 'l', 'a', 'n', 'u', 'm', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "solar-aydinlatma.com", true */ 's', 'o', 'l', 'a', 'r', '-', 'a', 'y', 'd', 'i', 'n', 'l', 'a', 't', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "solar-ec.com", true */ 's', 'o', 'l', 'a', 'r', '-', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "solariiknight.org", true */ 's', 'o', 'l', 'a', 'r', 'i', 'i', 'k', 'n', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0', + /* "solariilacheie.ro", true */ 's', 'o', 'l', 'a', 'r', 'i', 'i', 'l', 'a', 'c', 'h', 'e', 'i', 'e', '.', 'r', 'o', '\0', + /* "solarplan-berlin.de", true */ 's', 'o', 'l', 'a', 'r', 'p', 'l', 'a', 'n', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0', + /* "soldecom.com", true */ 's', 'o', 'l', 'd', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "soldout-app.com", true */ 's', 'o', 'l', 'd', 'o', 'u', 't', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "sole-erdwaermetauscher.de", true */ 's', 'o', 'l', 'e', '-', 'e', 'r', 'd', 'w', 'a', 'e', 'r', 'm', 'e', 't', 'a', 'u', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0', + /* "soledadpenades.com", true */ 's', 'o', 'l', 'e', 'd', 'a', 'd', 'p', 'e', 'n', 'a', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "solentbubblesandbounce.co.uk", true */ 's', 'o', 'l', 'e', 'n', 't', 'b', 'u', 'b', 'b', 'l', 'e', 's', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "soleria.eu", true */ 's', 'o', 'l', 'e', 'r', 'i', 'a', '.', 'e', 'u', '\0', + /* "solfegiator.ch", true */ 's', 'o', 'l', 'f', 'e', 'g', 'i', 'a', 't', 'o', 'r', '.', 'c', 'h', '\0', + /* "soli.cafe", true */ 's', 'o', 'l', 'i', '.', 'c', 'a', 'f', 'e', '\0', + /* "solicafe.at", true */ 's', 'o', 'l', 'i', 'c', 'a', 'f', 'e', '.', 'a', 't', '\0', + /* "solidimage.com.br", true */ 's', 'o', 'l', 'i', 'd', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "solidshield.com", true */ 's', 'o', 'l', 'i', 'd', 's', 'h', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "solidwebnetworks.co.uk", true */ 's', 'o', 'l', 'i', 'd', 'w', 'e', 'b', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "solihullcarnival.co.uk", true */ 's', 'o', 'l', 'i', 'h', 'u', 'l', 'l', 'c', 'a', 'r', 'n', 'i', 'v', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "solihullinflatables.com", true */ 's', 'o', 'l', 'i', 'h', 'u', 'l', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "solihulllionsclub.org.uk", true */ 's', 'o', 'l', 'i', 'h', 'u', 'l', 'l', 'l', 'i', 'o', 'n', 's', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "solipym.net", true */ 's', 'o', 'l', 'i', 'p', 'y', 'm', '.', 'n', 'e', 't', '\0', + /* "solisrey.es", true */ 's', 'o', 'l', 'i', 's', 'r', 'e', 'y', '.', 'e', 's', '\0', + /* "solit.systems", true */ 's', 'o', 'l', 'i', 't', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0', + /* "solmek.co.uk", true */ 's', 'o', 'l', 'm', 'e', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "solmek.com", true */ 's', 'o', 'l', 'm', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "solomisael.com", true */ 's', 'o', 'l', 'o', 'm', 'i', 's', 'a', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "solomo.pt", true */ 's', 'o', 'l', 'o', 'm', 'o', '.', 'p', 't', '\0', + /* "solonotizie24.it", true */ 's', 'o', 'l', 'o', 'n', 'o', 't', 'i', 'z', 'i', 'e', '2', '4', '.', 'i', 't', '\0', + /* "solos.im", true */ 's', 'o', 'l', 'o', 's', '.', 'i', 'm', '\0', + /* "solsocog.de", true */ 's', 'o', 'l', 's', 'o', 'c', 'o', 'g', '.', 'd', 'e', '\0', + /* "soluphant.de", true */ 's', 'o', 'l', 'u', 'p', 'h', 'a', 'n', 't', '.', 'd', 'e', '\0', + /* "solus-project.com", true */ 's', 'o', 'l', 'u', 's', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "solutionhoisthire.com.au", true */ 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'h', 'o', 'i', 's', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "solve-it.se", true */ 's', 'o', 'l', 'v', 'e', '-', 'i', 't', '.', 's', 'e', '\0', + /* "solved.tips", true */ 's', 'o', 'l', 'v', 'e', 'd', '.', 't', 'i', 'p', 's', '\0', + /* "solvemethod.com", true */ 's', 'o', 'l', 'v', 'e', 'm', 'e', 't', 'h', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "solvops.com", true */ 's', 'o', 'l', 'v', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "somaini.li", true */ 's', 'o', 'm', 'a', 'i', 'n', 'i', '.', 'l', 'i', '\0', + /* "somali-derp.com", true */ 's', 'o', 'm', 'a', 'l', 'i', '-', 'd', 'e', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "somaliagenda.com", true */ 's', 'o', 'm', 'a', 'l', 'i', 'a', 'g', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "somanao.com", true */ 's', 'o', 'm', 'a', 'n', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "somcase.com.br", true */ 's', 'o', 'm', 'c', 'a', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "somebodycares.org", true */ 's', 'o', 'm', 'e', 'b', 'o', 'd', 'y', 'c', 'a', 'r', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "somecrazy.com", true */ 's', 'o', 'm', 'e', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0', + /* "somethingsimilar.com", true */ 's', 'o', 'm', 'e', 't', 'h', 'i', 'n', 'g', 's', 'i', 'm', 'i', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "somuchbetterwithage.com", true */ 's', 'o', 'm', 'u', 'c', 'h', 'b', 'e', 't', 't', 'e', 'r', 'w', 'i', 't', 'h', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "somweyr.de", true */ 's', 'o', 'm', 'w', 'e', 'y', 'r', '.', 'd', 'e', '\0', + /* "sona-gaming.com", true */ 's', 'o', 'n', 'a', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "sonacupalova.cz", true */ 's', 'o', 'n', 'a', 'c', 'u', 'p', 'a', 'l', 'o', 'v', 'a', '.', 'c', 'z', '\0', + /* "sonarqube.com", false */ 's', 'o', 'n', 'a', 'r', 'q', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "sondergaard.de", true */ 's', 'o', 'n', 'd', 'e', 'r', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'e', '\0', + /* "songsmp3.co", true */ 's', 'o', 'n', 'g', 's', 'm', 'p', '3', '.', 'c', 'o', '\0', + /* "songsthatsavedyourlife.com", true */ 's', 'o', 'n', 'g', 's', 't', 'h', 'a', 't', 's', 'a', 'v', 'e', 'd', 'y', 'o', 'u', 'r', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "songzhuolun.com", true */ 's', 'o', 'n', 'g', 'z', 'h', 'u', 'o', 'l', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "soniafauville.com", true */ 's', 'o', 'n', 'i', 'a', 'f', 'a', 'u', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "sonixonline.com", true */ 's', 'o', 'n', 'i', 'x', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "sonja-daniels.com", true */ 's', 'o', 'n', 'j', 'a', '-', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "sonja-kowa.de", true */ 's', 'o', 'n', 'j', 'a', '-', 'k', 'o', 'w', 'a', '.', 'd', 'e', '\0', + /* "sonoecoracao.com.br", true */ 's', 'o', 'n', 'o', 'e', 'c', 'o', 'r', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sonyunlock.nu", true */ 's', 'o', 'n', 'y', 'u', 'n', 'l', 'o', 'c', 'k', '.', 'n', 'u', '\0', + /* "soohealthy.nl", true */ 's', 'o', 'o', 'h', 'e', 'a', 'l', 't', 'h', 'y', '.', 'n', 'l', '\0', + /* "soomee.be", true */ 's', 'o', 'o', 'm', 'e', 'e', '.', 'b', 'e', '\0', + /* "soomee1.be", true */ 's', 'o', 'o', 'm', 'e', 'e', '1', '.', 'b', 'e', '\0', + /* "soontm.de", false */ 's', 'o', 'o', 'n', 't', 'm', '.', 'd', 'e', '\0', + /* "soopure.nl", true */ 's', 'o', 'o', 'p', 'u', 'r', 'e', '.', 'n', 'l', '\0', + /* "soph.us", true */ 's', 'o', 'p', 'h', '.', 'u', 's', '\0', + /* "sopheos.com", false */ 's', 'o', 'p', 'h', 'e', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "sopher.io", true */ 's', 'o', 'p', 'h', 'e', 'r', '.', 'i', 'o', '\0', + /* "sophiaandmatt.co.uk", true */ 's', 'o', 'p', 'h', 'i', 'a', 'a', 'n', 'd', 'm', 'a', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sophiakligys.com", true */ 's', 'o', 'p', 'h', 'i', 'a', 'k', 'l', 'i', 'g', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "sophieandtrey.com", true */ 's', 'o', 'p', 'h', 'i', 'e', 'a', 'n', 'd', 't', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "soprabalao.com.br", true */ 's', 'o', 'p', 'r', 'a', 'b', 'a', 'l', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sor.so", true */ 's', 'o', 'r', '.', 's', 'o', '\0', + /* "sorakumo.jp", true */ 's', 'o', 'r', 'a', 'k', 'u', 'm', 'o', '.', 'j', 'p', '\0', + /* "sorcix.com", true */ 's', 'o', 'r', 'c', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "sorellecollection.com.au", true */ 's', 'o', 'r', 'e', 'l', 'l', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "sorenstudios.com", true */ 's', 'o', 'r', 'e', 'n', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "sorex.photo", true */ 's', 'o', 'r', 'e', 'x', '.', 'p', 'h', 'o', 't', 'o', '\0', + /* "sorincocorada.ro", true */ 's', 'o', 'r', 'i', 'n', 'c', 'o', 'c', 'o', 'r', 'a', 'd', 'a', '.', 'r', 'o', '\0', + /* "sorinmuntean.ro", true */ 's', 'o', 'r', 'i', 'n', 'm', 'u', 'n', 't', 'e', 'a', 'n', '.', 'r', 'o', '\0', + /* "sorn.service.gov.uk", true */ 's', 'o', 'r', 'n', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0', + /* "sorrowfulunfounded.com", true */ 's', 'o', 'r', 'r', 'o', 'w', 'f', 'u', 'l', 'u', 'n', 'f', 'o', 'u', 'n', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "soruly.com", true */ 's', 'o', 'r', 'u', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "sorz.org", true */ 's', 'o', 'r', 'z', '.', 'o', 'r', 'g', '\0', + /* "sos-idraulico.it", true */ 's', 'o', 's', '-', 'i', 'd', 'r', 'a', 'u', 'l', 'i', 'c', 'o', '.', 'i', 't', '\0', + /* "sos.sk", false */ 's', 'o', 's', '.', 's', 'k', '\0', + /* "sosecu.red", true */ 's', 'o', 's', 'e', 'c', 'u', '.', 'r', 'e', 'd', '\0', + /* "sosoftplay.co.uk", true */ 's', 'o', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sospromotions.com.au", true */ 's', 'o', 's', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "sostacancun.com", true */ 's', 'o', 's', 't', 'a', 'c', 'a', 'n', 'c', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "sosteric.si", true */ 's', 'o', 's', 't', 'e', 'r', 'i', 'c', '.', 's', 'i', '\0', + /* "sotadb.info", true */ 's', 'o', 't', 'a', 'd', 'b', '.', 'i', 'n', 'f', 'o', '\0', + /* "sotar.us", true */ 's', 'o', 't', 'a', 'r', '.', 'u', 's', '\0', + /* "sotavasara.net", true */ 's', 'o', 't', 'a', 'v', 'a', 's', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "sotiran.com", true */ 's', 'o', 't', 'i', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "sotoasobi.net", true */ 's', 'o', 't', 'o', 'a', 's', 'o', 'b', 'i', '.', 'n', 'e', 't', '\0', + /* "sou-co.jp", true */ 's', 'o', 'u', '-', 'c', 'o', '.', 'j', 'p', '\0', + /* "soubriquet.org", true */ 's', 'o', 'u', 'b', 'r', 'i', 'q', 'u', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "soufastnet.com.br", true */ 's', 'o', 'u', 'f', 'a', 's', 't', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sougi-review.top", true */ 's', 'o', 'u', 'g', 'i', '-', 'r', 'e', 'v', 'i', 'e', 'w', '.', 't', 'o', 'p', '\0', + /* "souki.cz", true */ 's', 'o', 'u', 'k', 'i', '.', 'c', 'z', '\0', + /* "soukodou.jp", true */ 's', 'o', 'u', 'k', 'o', 'd', 'o', 'u', '.', 'j', 'p', '\0', + /* "soul-source.co.uk", true */ 's', 'o', 'u', 'l', '-', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "soulcrazy.org", true */ 's', 'o', 'u', 'l', 'c', 'r', 'a', 'z', 'y', '.', 'o', 'r', 'g', '\0', + /* "soulmate.dating", true */ 's', 'o', 'u', 'l', 'm', 'a', 't', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "soulogic.com", false */ 's', 'o', 'u', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "soumikghosh.com", true */ 's', 'o', 'u', 'm', 'i', 'k', 'g', 'h', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "soumya92.me", true */ 's', 'o', 'u', 'm', 'y', 'a', '9', '2', '.', 'm', 'e', '\0', + /* "soundabout.nl", true */ 's', 'o', 'u', 'n', 'd', 'a', 'b', 'o', 'u', 't', '.', 'n', 'l', '\0', + /* "soundedj.com.br", true */ 's', 'o', 'u', 'n', 'd', 'e', 'd', 'j', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "soundeo.com", true */ 's', 'o', 'u', 'n', 'd', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "soundeo.net", true */ 's', 'o', 'u', 'n', 'd', 'e', 'o', '.', 'n', 'e', 't', '\0', + /* "soundgasm.net", true */ 's', 'o', 'u', 'n', 'd', 'g', 'a', 's', 'm', '.', 'n', 'e', 't', '\0', + /* "soundhunter.xyz", false */ 's', 'o', 'u', 'n', 'd', 'h', 'u', 'n', 't', 'e', 'r', '.', 'x', 'y', 'z', '\0', + /* "soundsecurity.io", true */ 's', 'o', 'u', 'n', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'i', 'o', '\0', + /* "sour.is", true */ 's', 'o', 'u', 'r', '.', 'i', 's', '\0', + /* "souravsaha.com", true */ 's', 'o', 'u', 'r', 'a', 'v', 's', 'a', 'h', 'a', '.', 'c', 'o', 'm', '\0', + /* "sourcebox.be", true */ 's', 'o', 'u', 'r', 'c', 'e', 'b', 'o', 'x', '.', 'b', 'e', '\0', + /* "sourcecode.love", true */ 's', 'o', 'u', 'r', 'c', 'e', 'c', 'o', 'd', 'e', '.', 'l', 'o', 'v', 'e', '\0', + /* "sourcely.net", true */ 's', 'o', 'u', 'r', 'c', 'e', 'l', 'y', '.', 'n', 'e', 't', '\0', + /* "sourceway.de", true */ 's', 'o', 'u', 'r', 'c', 'e', 'w', 'a', 'y', '.', 'd', 'e', '\0', + /* "souris.ch", true */ 's', 'o', 'u', 'r', 'i', 's', '.', 'c', 'h', '\0', + /* "sous-surveillance.net", true */ 's', 'o', 'u', 's', '-', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "southafrican.dating", true */ 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "southambouncycastle.co.uk", true */ 's', 'o', 'u', 't', 'h', 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "southamerican.dating", true */ 's', 'o', 'u', 't', 'h', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "southbankregister.com.au", true */ 's', 'o', 'u', 't', 'h', 'b', 'a', 'n', 'k', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "southcoastkitesurf.co.uk", true */ 's', 'o', 'u', 't', 'h', 'c', 'o', 'a', 's', 't', 'k', 'i', 't', 'e', 's', 'u', 'r', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "southernmost.us", true */ 's', 'o', 'u', 't', 'h', 'e', 'r', 'n', 'm', 'o', 's', 't', '.', 'u', 's', '\0', + /* "southernutahinfluencers.com", true */ 's', 'o', 'u', 't', 'h', 'e', 'r', 'n', 'u', 't', 'a', 'h', 'i', 'n', 'f', 'l', 'u', 'e', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "southlakenissanparts.com", true */ 's', 'o', 'u', 't', 'h', 'l', 'a', 'k', 'e', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "southmelbourne.apartments", true */ 's', 'o', 'u', 't', 'h', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '\0', + /* "southmorangtownhouses.com.au", true */ 's', 'o', 'u', 't', 'h', 'm', 'o', 'r', 'a', 'n', 'g', 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "southside-crew.com", true */ 's', 'o', 'u', 't', 'h', 's', 'i', 'd', 'e', '-', 'c', 'r', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "southside-tuning-day.de", true */ 's', 'o', 'u', 't', 'h', 's', 'i', 'd', 'e', '-', 't', 'u', 'n', 'i', 'n', 'g', '-', 'd', 'a', 'y', '.', 'd', 'e', '\0', + /* "southwaymotors.com", true */ 's', 'o', 'u', 't', 'h', 'w', 'a', 'y', 'm', 'o', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "southwestrda.org.uk", true */ 's', 'o', 'u', 't', 'h', 'w', 'e', 's', 't', 'r', 'd', 'a', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "soutien-naissance.com", true */ 's', 'o', 'u', 't', 'i', 'e', 'n', '-', 'n', 'a', 'i', 's', 's', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "soved.eu", true */ 's', 'o', 'v', 'e', 'd', '.', 'e', 'u', '\0', + /* "soybase.org", true */ 's', 'o', 'y', 'b', 'a', 's', 'e', '.', 'o', 'r', 'g', '\0', + /* "sozai-good.com", true */ 's', 'o', 'z', 'a', 'i', '-', 'g', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "sozialy.com", true */ 's', 'o', 'z', 'i', 'a', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "sozon.ca", true */ 's', 'o', 'z', 'o', 'n', '.', 'c', 'a', '\0', + /* "sp-sephiroth.jp", true */ 's', 'p', '-', 's', 'e', 'p', 'h', 'i', 'r', 'o', 't', 'h', '.', 'j', 'p', '\0', + /* "sp.com.pl", true */ 's', 'p', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0', + /* "space-it.de", true */ 's', 'p', 'a', 'c', 'e', '-', 'i', 't', '.', 'd', 'e', '\0', + /* "spacebaseapp.com", true */ 's', 'p', 'a', 'c', 'e', 'b', 'a', 's', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "spacecafe.org", true */ 's', 'p', 'a', 'c', 'e', 'c', 'a', 'f', 'e', '.', 'o', 'r', 'g', '\0', + /* "spacedirectory.org", true */ 's', 'p', 'a', 'c', 'e', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "spacehighway.ms", true */ 's', 'p', 'a', 'c', 'e', 'h', 'i', 'g', 'h', 'w', 'a', 'y', '.', 'm', 's', '\0', + /* "spacehost.de", false */ 's', 'p', 'a', 'c', 'e', 'h', 'o', 's', 't', '.', 'd', 'e', '\0', + /* "spacelabs.io", true */ 's', 'p', 'a', 'c', 'e', 'l', 'a', 'b', 's', '.', 'i', 'o', '\0', + /* "spacepage.be", true */ 's', 'p', 'a', 'c', 'e', 'p', 'a', 'g', 'e', '.', 'b', 'e', '\0', + /* "spaceweather.live", true */ 's', 'p', 'a', 'c', 'e', 'w', 'e', 'a', 't', 'h', 'e', 'r', '.', 'l', 'i', 'v', 'e', '\0', + /* "spaceweatherlive.com", true */ 's', 'p', 'a', 'c', 'e', 'w', 'e', 'a', 't', 'h', 'e', 'r', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "spackova.cz", true */ 's', 'p', 'a', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0', + /* "spahireleeds.co.uk", true */ 's', 'p', 'a', 'h', 'i', 'r', 'e', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "spaid.xyz", true */ 's', 'p', 'a', 'i', 'd', '.', 'x', 'y', 'z', '\0', + /* "spam.lol", true */ 's', 'p', 'a', 'm', '.', 'l', 'o', 'l', '\0', + /* "spamdrain.com", true */ 's', 'p', 'a', 'm', 'd', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "spamwc.de", true */ 's', 'p', 'a', 'm', 'w', 'c', '.', 'd', 'e', '\0', + /* "sparanoid.com", true */ 's', 'p', 'a', 'r', 'a', 'n', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "sparkasse.de", true */ 's', 'p', 'a', 'r', 'k', 'a', 's', 's', 'e', '.', 'd', 'e', '\0', + /* "sparkbase.cn", true */ 's', 'p', 'a', 'r', 'k', 'b', 'a', 's', 'e', '.', 'c', 'n', '\0', + /* "sparkforautism.org", true */ 's', 'p', 'a', 'r', 'k', 'f', 'o', 'r', 'a', 'u', 't', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0', + /* "sparklebastard.com", true */ 's', 'p', 'a', 'r', 'k', 'l', 'e', 'b', 'a', 's', 't', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "sparkwood.org", true */ 's', 'p', 'a', 'r', 'k', 'w', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0', + /* "sparta-solutions.de", true */ 's', 'p', 'a', 'r', 't', 'a', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0', + /* "spartaconsulting.fi", true */ 's', 'p', 'a', 'r', 't', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'f', 'i', '\0', + /* "spartantheatre.org", true */ 's', 'p', 'a', 'r', 't', 'a', 'n', 't', 'h', 'e', 'a', 't', 'r', 'e', '.', 'o', 'r', 'g', '\0', + /* "spasicilia.it", true */ 's', 'p', 'a', 's', 'i', 'c', 'i', 'l', 'i', 'a', '.', 'i', 't', '\0', + /* "spatzenwerkstatt.de", true */ 's', 'p', 'a', 't', 'z', 'e', 'n', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'd', 'e', '\0', + /* "spawn.cz", true */ 's', 'p', 'a', 'w', 'n', '.', 'c', 'z', '\0', + /* "spaysy.com", true */ 's', 'p', 'a', 'y', 's', 'y', '.', 'c', 'o', 'm', '\0', + /* "spaziobenedetti.com.br", true */ 's', 'p', 'a', 'z', 'i', 'o', 'b', 'e', 'n', 'e', 'd', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "spaziopervoi.com.br", true */ 's', 'p', 'a', 'z', 'i', 'o', 'p', 'e', 'r', 'v', 'o', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "spdepartamentos.com.br", true */ 's', 'p', 'd', 'e', 'p', 'a', 'r', 't', 'a', 'm', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "spdf.net", true */ 's', 'p', 'd', 'f', '.', 'n', 'e', 't', '\0', + /* "spearfishingmx.com", true */ 's', 'p', 'e', 'a', 'r', 'f', 'i', 's', 'h', 'i', 'n', 'g', 'm', 'x', '.', 'c', 'o', 'm', '\0', + /* "speciesism.com", true */ 's', 'p', 'e', 'c', 'i', 'e', 's', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "spectrosoftware.de", true */ 's', 'p', 'e', 'c', 't', 'r', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'd', 'e', '\0', + /* "spedplus.com.br", false */ 's', 'p', 'e', 'd', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "speech-balloon.com", true */ 's', 'p', 'e', 'e', 'c', 'h', '-', 'b', 'a', 'l', 'l', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "speechmate.com", true */ 's', 'p', 'e', 'e', 'c', 'h', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "speechndraw.com", true */ 's', 'p', 'e', 'e', 'c', 'h', 'n', 'd', 'r', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "speeddate.it", false */ 's', 'p', 'e', 'e', 'd', 'd', 'a', 't', 'e', '.', 'i', 't', '\0', + /* "speedracer.ca", true */ 's', 'p', 'e', 'e', 'd', 'r', 'a', 'c', 'e', 'r', '.', 'c', 'a', '\0', + /* "speeds.vip", true */ 's', 'p', 'e', 'e', 'd', 's', '.', 'v', 'i', 'p', '\0', + /* "speedsportofhull.co.uk", true */ 's', 'p', 'e', 'e', 'd', 's', 'p', 'o', 'r', 't', 'o', 'f', 'h', 'u', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "speedtailors.com", true */ 's', 'p', 'e', 'e', 'd', 't', 'a', 'i', 'l', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "speedtest-russia.com", true */ 's', 'p', 'e', 'e', 'd', 't', 'e', 's', 't', '-', 'r', 'u', 's', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "speedychat.it", true */ 's', 'p', 'e', 'e', 'd', 'y', 'c', 'h', 'a', 't', '.', 'i', 't', '\0', + /* "speerpunt.info", true */ 's', 'p', 'e', 'e', 'r', 'p', 'u', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "speich.net", true */ 's', 'p', 'e', 'i', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "spek.tech", true */ 's', 'p', 'e', 'k', '.', 't', 'e', 'c', 'h', '\0', + /* "spellcheck24.net", true */ 's', 'p', 'e', 'l', 'l', 'c', 'h', 'e', 'c', 'k', '2', '4', '.', 'n', 'e', 't', '\0', + /* "spendwise.com.au", true */ 's', 'p', 'e', 'n', 'd', 'w', 'i', 's', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "spenglerei-shop.de", true */ 's', 'p', 'e', 'n', 'g', 'l', 'e', 'r', 'e', 'i', '-', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0', + /* "sperohub.com", true */ 's', 'p', 'e', 'r', 'o', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "sperohub.lt", true */ 's', 'p', 'e', 'r', 'o', 'h', 'u', 'b', '.', 'l', 't', '\0', + /* "sperrstun.de", true */ 's', 'p', 'e', 'r', 'r', 's', 't', 'u', 'n', '.', 'd', 'e', '\0', + /* "spesys-services.fr", true */ 's', 'p', 'e', 's', 'y', 's', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'f', 'r', '\0', + /* "sphereblur.com", true */ 's', 'p', 'h', 'e', 'r', 'e', 'b', 'l', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "spherenix.org", true */ 's', 'p', 'h', 'e', 'r', 'e', 'n', 'i', 'x', '.', 'o', 'r', 'g', '\0', + /* "spicydog.org", true */ 's', 'p', 'i', 'c', 'y', 'd', 'o', 'g', '.', 'o', 'r', 'g', '\0', + /* "spicydog.tk", false */ 's', 'p', 'i', 'c', 'y', 'd', 'o', 'g', '.', 't', 'k', '\0', + /* "spicymatch.com", true */ 's', 'p', 'i', 'c', 'y', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "spidermail.tk", true */ 's', 'p', 'i', 'd', 'e', 'r', 'm', 'a', 'i', 'l', '.', 't', 'k', '\0', + /* "spidernet.tk", true */ 's', 'p', 'i', 'd', 'e', 'r', 'n', 'e', 't', '.', 't', 'k', '\0', + /* "spideroak.com", true */ 's', 'p', 'i', 'd', 'e', 'r', 'o', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "spiders.org.ua", true */ 's', 'p', 'i', 'd', 'e', 'r', 's', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0', + /* "spielezar.ch", true */ 's', 'p', 'i', 'e', 'l', 'e', 'z', 'a', 'r', '.', 'c', 'h', '\0', + /* "spielland.ch", true */ 's', 'p', 'i', 'e', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'h', '\0', + /* "spiellawine.de", true */ 's', 'p', 'i', 'e', 'l', 'l', 'a', 'w', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "spiet.nl", true */ 's', 'p', 'i', 'e', 't', '.', 'n', 'l', '\0', + /* "spiff.eu", true */ 's', 'p', 'i', 'f', 'f', '.', 'e', 'u', '\0', + /* "spiga.ch", true */ 's', 'p', 'i', 'g', 'a', '.', 'c', 'h', '\0', + /* "spillersfamily.net", true */ 's', 'p', 'i', 'l', 'l', 'e', 'r', 's', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'n', 'e', 't', '\0', + /* "spilogkoder.dk", true */ 's', 'p', 'i', 'l', 'o', 'g', 'k', 'o', 'd', 'e', 'r', '.', 'd', 'k', '\0', + /* "spinalien.net", true */ 's', 'p', 'i', 'n', 'a', 'l', 'i', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "spingenie.com", true */ 's', 'p', 'i', 'n', 'g', 'e', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "spinner.dnshome.de", true */ 's', 'p', 'i', 'n', 'n', 'e', 'r', '.', 'd', 'n', 's', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0', + /* "spins.fedoraproject.org", true */ 's', 'p', 'i', 'n', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "spinspin.wtf", true */ 's', 'p', 'i', 'n', 's', 'p', 'i', 'n', '.', 'w', 't', 'f', '\0', + /* "spiralschneiderkaufen.de", true */ 's', 'p', 'i', 'r', 'a', 'l', 's', 'c', 'h', 'n', 'e', 'i', 'd', 'e', 'r', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0', + /* "spirella-shop.ch", true */ 's', 'p', 'i', 'r', 'e', 'l', 'l', 'a', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0', + /* "spiritbionic.ro", true */ 's', 'p', 'i', 'r', 'i', 't', 'b', 'i', 'o', 'n', 'i', 'c', '.', 'r', 'o', '\0', + /* "spiritual.dating", true */ 's', 'p', 'i', 'r', 'i', 't', 'u', 'a', 'l', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "spiritualife.net", true */ 's', 'p', 'i', 'r', 'i', 't', 'u', 'a', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0', + /* "spiritualregression.com.au", true */ 's', 'p', 'i', 'r', 'i', 't', 'u', 'a', 'l', 'r', 'e', 'g', 'r', 'e', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "spisbilligt.dk", true */ 's', 'p', 'i', 's', 'b', 'i', 'l', 'l', 'i', 'g', 't', '.', 'd', 'k', '\0', + /* "spitfireuav.com", true */ 's', 'p', 'i', 't', 'f', 'i', 'r', 'e', 'u', 'a', 'v', '.', 'c', 'o', 'm', '\0', + /* "splarty.net", true */ 's', 'p', 'l', 'a', 'r', 't', 'y', '.', 'n', 'e', 't', '\0', + /* "splendidspoon.com", true */ 's', 'p', 'l', 'e', 'n', 'd', 'i', 'd', 's', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "splendorservizi.it", true */ 's', 'p', 'l', 'e', 'n', 'd', 'o', 'r', 's', 'e', 'r', 'v', 'i', 'z', 'i', '.', 'i', 't', '\0', + /* "splikity.com", true */ 's', 'p', 'l', 'i', 'k', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "splitdna.com", true */ 's', 'p', 'l', 'i', 't', 'd', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "splitreflection.com", true */ 's', 'p', 'l', 'i', 't', 'r', 'e', 'f', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "splunk.net", true */ 's', 'p', 'l', 'u', 'n', 'k', '.', 'n', 'e', 't', '\0', + /* "spodelime.com", true */ 's', 'p', 'o', 'd', 'e', 'l', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "spoketwist.com", true */ 's', 'p', 'o', 'k', 'e', 't', 'w', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "spolwind.de", true */ 's', 'p', 'o', 'l', 'w', 'i', 'n', 'd', '.', 'd', 'e', '\0', + /* "spom.net", true */ 's', 'p', 'o', 'm', '.', 'n', 'e', 't', '\0', + /* "spon.cz", true */ 's', 'p', 'o', 'n', '.', 'c', 'z', '\0', + /* "sponc.de", true */ 's', 'p', 'o', 'n', 'c', '.', 'd', 'e', '\0', + /* "spongepowered.org", true */ 's', 'p', 'o', 'n', 'g', 'e', 'p', 'o', 'w', 'e', 'r', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "sponsor.network", true */ 's', 'p', 'o', 'n', 's', 'o', 'r', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "sponsorowani.pl", true */ 's', 'p', 'o', 'n', 's', 'o', 'r', 'o', 'w', 'a', 'n', 'i', '.', 'p', 'l', '\0', + /* "spontex.org", true */ 's', 'p', 'o', 'n', 't', 'e', 'x', '.', 'o', 'r', 'g', '\0', + /* "spoofhaus.com", true */ 's', 'p', 'o', 'o', 'f', 'h', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "spookbook.net", true */ 's', 'p', 'o', 'o', 'k', 'b', 'o', 'o', 'k', '.', 'n', 'e', 't', '\0', + /* "spookquest.com", true */ 's', 'p', 'o', 'o', 'k', 'q', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "spoopy.link", true */ 's', 'p', 'o', 'o', 'p', 'y', '.', 'l', 'i', 'n', 'k', '\0', + /* "sporcard.com", true */ 's', 'p', 'o', 'r', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "spornkuller.de", true */ 's', 'p', 'o', 'r', 'n', 'k', 'u', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "sport-in-sundern.de", true */ 's', 'p', 'o', 'r', 't', '-', 'i', 'n', '-', 's', 'u', 'n', 'd', 'e', 'r', 'n', '.', 'd', 'e', '\0', + /* "sport-potreby.cz", true */ 's', 'p', 'o', 'r', 't', '-', 'p', 'o', 't', 'r', 'e', 'b', 'y', '.', 'c', 'z', '\0', + /* "sport-potreby.sk", true */ 's', 'p', 'o', 'r', 't', '-', 'p', 'o', 't', 'r', 'e', 'b', 'y', '.', 's', 'k', '\0', + /* "sport-socken.net", true */ 's', 'p', 'o', 'r', 't', '-', 's', 'o', 'c', 'k', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "sporter.com", true */ 's', 'p', 'o', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sportflash.info", true */ 's', 'p', 'o', 'r', 't', 'f', 'l', 'a', 's', 'h', '.', 'i', 'n', 'f', 'o', '\0', + /* "sportnesia.com", true */ 's', 'p', 'o', 'r', 't', 'n', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "sportovnidum.cz", true */ 's', 'p', 'o', 'r', 't', 'o', 'v', 'n', 'i', 'd', 'u', 'm', '.', 'c', 'z', '\0', + /* "sportparks.com", true */ 's', 'p', 'o', 'r', 't', 'p', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "sportparks.org", true */ 's', 'p', 'o', 'r', 't', 'p', 'a', 'r', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "sportressofblogitude.com", true */ 's', 'p', 'o', 'r', 't', 'r', 'e', 's', 's', 'o', 'f', 'b', 'l', 'o', 'g', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "sports.dating", true */ 's', 'p', 'o', 'r', 't', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "sportsmansblog.com", true */ 's', 'p', 'o', 'r', 't', 's', 'm', 'a', 'n', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "sportstraineradvisor.com", true */ 's', 'p', 'o', 'r', 't', 's', 't', 'r', 'a', 'i', 'n', 'e', 'r', 'a', 'd', 'v', 'i', 's', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "sportugalia.ru", true */ 's', 'p', 'o', 'r', 't', 'u', 'g', 'a', 'l', 'i', 'a', '.', 'r', 'u', '\0', + /* "sportxt.ru", true */ 's', 'p', 'o', 'r', 't', 'x', 't', '.', 'r', 'u', '\0', + /* "spotlightsrule.com", true */ 's', 'p', 'o', 't', 'l', 'i', 'g', 'h', 't', 's', 'r', 'u', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "spotupload.com", true */ 's', 'p', 'o', 't', 'u', 'p', 'l', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "sprachfreudehoch3.de", true */ 's', 'p', 'r', 'a', 'c', 'h', 'f', 'r', 'e', 'u', 'd', 'e', 'h', 'o', 'c', 'h', '3', '.', 'd', 'e', '\0', + /* "spreadsheets.google.com", true */ 's', 'p', 'r', 'e', 'a', 'd', 's', 'h', 'e', 'e', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "spreadthenews.eu", true */ 's', 'p', 'r', 'e', 'a', 'd', 't', 'h', 'e', 'n', 'e', 'w', 's', '.', 'e', 'u', '\0', + /* "spree.co.za", true */ 's', 'p', 'r', 'e', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "spreed.me", true */ 's', 'p', 'r', 'e', 'e', 'd', '.', 'm', 'e', '\0', + /* "spricknet.de", true */ 's', 'p', 'r', 'i', 'c', 'k', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "sprigings.com", true */ 's', 'p', 'r', 'i', 'g', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "springerundpartner.de", true */ 's', 'p', 'r', 'i', 'n', 'g', 'e', 'r', 'u', 'n', 'd', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "springfieldbricks.com", true */ 's', 'p', 'r', 'i', 'n', 'g', 'f', 'i', 'e', 'l', 'd', 'b', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "springsoffthegrid.com", true */ 's', 'p', 'r', 'i', 'n', 'g', 's', 'o', 'f', 'f', 't', 'h', 'e', 'g', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "sprock.io", false */ 's', 'p', 'r', 'o', 'c', 'k', '.', 'i', 'o', '\0', + /* "sproing.ca", true */ 's', 'p', 'r', 'o', 'i', 'n', 'g', '.', 'c', 'a', '\0', + /* "spron.in", true */ 's', 'p', 'r', 'o', 'n', '.', 'i', 'n', '\0', + /* "sprucecreekclubs.com", true */ 's', 'p', 'r', 'u', 'c', 'e', 'c', 'r', 'e', 'e', 'k', 'c', 'l', 'u', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "sprucecreekgcc.com", true */ 's', 'p', 'r', 'u', 'c', 'e', 'c', 'r', 'e', 'e', 'k', 'g', 'c', 'c', '.', 'c', 'o', 'm', '\0', + /* "sprueche-zum-valentinstag.de", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'm', '-', 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 's', 't', 'a', 'g', '.', 'd', 'e', '\0', + /* "sprueche-zur-geburt.info", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'r', '-', 'g', 'e', 'b', 'u', 'r', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "sprueche-zur-hochzeit.de", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'r', '-', 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0', + /* "sprueche-zur-konfirmation.de", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'r', '-', 'k', 'o', 'n', 'f', 'i', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "sps-lehrgang.de", true */ 's', 'p', 's', '-', 'l', 'e', 'h', 'r', 'g', 'a', 'n', 'g', '.', 'd', 'e', '\0', + /* "sptk.org", true */ 's', 'p', 't', 'k', '.', 'o', 'r', 'g', '\0', + /* "spuffin.com", true */ 's', 'p', 'u', 'f', 'f', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "spufpowered.com", true */ 's', 'p', 'u', 'f', 'p', 'o', 'w', 'e', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "spunkt.fr", true */ 's', 'p', 'u', 'n', 'k', 't', '.', 'f', 'r', '\0', + /* "spur.com.br", true */ 's', 'p', 'u', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sputnik1net.org", true */ 's', 'p', 'u', 't', 'n', 'i', 'k', '1', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "spydar007.com", true */ 's', 'p', 'y', 'd', 'a', 'r', '0', '0', '7', '.', 'c', 'o', 'm', '\0', + /* "spydar007.net", true */ 's', 'p', 'y', 'd', 'a', 'r', '0', '0', '7', '.', 'n', 'e', 't', '\0', + /* "spydersec.com", true */ 's', 'p', 'y', 'd', 'e', 'r', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "spykedigital.com", true */ 's', 'p', 'y', 'k', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "spyprofit.ru", true */ 's', 'p', 'y', 'p', 'r', 'o', 'f', 'i', 't', '.', 'r', 'u', '\0', + /* "sqetsa.com", true */ 's', 'q', 'e', 't', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "sql-und-xml.de", true */ 's', 'q', 'l', '-', 'u', 'n', 'd', '-', 'x', 'm', 'l', '.', 'd', 'e', '\0', + /* "sqlapius.net", true */ 's', 'q', 'l', 'a', 'p', 'i', 'u', 's', '.', 'n', 'e', 't', '\0', + /* "sqlfeatures.com", true */ 's', 'q', 'l', 'f', 'e', 'a', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "sqr-training.com", true */ 's', 'q', 'r', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "sqroot.eu", true */ 's', 'q', 'r', 'o', 'o', 't', '.', 'e', 'u', '\0', + /* "sqshq.de", true */ 's', 'q', 's', 'h', 'q', '.', 'd', 'e', '\0', + /* "squadlinx.com", true */ 's', 'q', 'u', 'a', 'd', 'l', 'i', 'n', 'x', '.', 'c', 'o', 'm', '\0', + /* "square-gaming.org", true */ 's', 'q', 'u', 'a', 'r', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "square-src.de", false */ 's', 'q', 'u', 'a', 'r', 'e', '-', 's', 'r', 'c', '.', 'd', 'e', '\0', + /* "square.com", false */ 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "squarelab.it", true */ 's', 'q', 'u', 'a', 'r', 'e', 'l', 'a', 'b', '.', 'i', 't', '\0', + /* "squareonebgc.com.ph", true */ 's', 'q', 'u', 'a', 'r', 'e', 'o', 'n', 'e', 'b', 'g', 'c', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0', + /* "squareup.com", false */ 's', 'q', 'u', 'a', 'r', 'e', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "squawk.cc", true */ 's', 'q', 'u', 'a', 'w', 'k', '.', 'c', 'c', '\0', + /* "squeezemetrics.com", true */ 's', 'q', 'u', 'e', 'e', 'z', 'e', 'm', 'e', 't', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "squido.ch", true */ 's', 'q', 'u', 'i', 'd', 'o', '.', 'c', 'h', '\0', + /* "squidparty.com", true */ 's', 'q', 'u', 'i', 'd', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "squirex2.com", true */ 's', 'q', 'u', 'i', 'r', 'e', 'x', '2', '.', 'c', 'o', 'm', '\0', + /* "sr-cs.net", true */ 's', 'r', '-', 'c', 's', '.', 'n', 'e', 't', '\0', + /* "sr33.com", true */ 's', 'r', '3', '3', '.', 'c', 'o', 'm', '\0', + /* "srandom.com", true */ 's', 'r', 'a', 'n', 'd', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "srbija-nekretnine.org", true */ 's', 'r', 'b', 'i', 'j', 'a', '-', 'n', 'e', 'k', 'r', 'e', 't', 'n', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "src.fedoraproject.org", true */ 's', 'r', 'c', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "srchub.org", true */ 's', 'r', 'c', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0', + /* "sreeharis.tk", true */ 's', 'r', 'e', 'e', 'h', 'a', 'r', 'i', 's', '.', 't', 'k', '\0', + /* "srinivasan.io", true */ 's', 'r', 'i', 'n', 'i', 'v', 'a', 's', 'a', 'n', '.', 'i', 'o', '\0', + /* "sro.center", true */ 's', 'r', 'o', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0', + /* "srolim.com", true */ 's', 'r', 'o', 'l', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "srrdb.com", true */ 's', 'r', 'r', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "srroddy.com", true */ 's', 'r', 'r', 'o', 'd', 'd', 'y', '.', 'c', 'o', 'm', '\0', + /* "srv.so", true */ 's', 'r', 'v', '.', 's', 'o', '\0', + /* "srvc.io", true */ 's', 'r', 'v', 'c', '.', 'i', 'o', '\0', + /* "ss-x.ru", true */ 's', 's', '-', 'x', '.', 'r', 'u', '\0', + /* "ss.com", true */ 's', 's', '.', 'c', 'o', 'm', '\0', + /* "ss.lt", true */ 's', 's', '.', 'l', 't', '\0', + /* "ss.lv", true */ 's', 's', '.', 'l', 'v', '\0', + /* "ss.ua", true */ 's', 's', '.', 'u', 'a', '\0', + /* "ss64.com", true */ 's', 's', '6', '4', '.', 'c', 'o', 'm', '\0', + /* "ss64.org", true */ 's', 's', '6', '4', '.', 'o', 'r', 'g', '\0', + /* "ss88.uk", true */ 's', 's', '8', '8', '.', 'u', 'k', '\0', + /* "ssa.gov", false */ 's', 's', 'a', '.', 'g', 'o', 'v', '\0', + /* "ssbkk.ru", true */ 's', 's', 'b', 'k', 'k', '.', 'r', 'u', '\0', + /* "ssbrm.ch", true */ 's', 's', 'b', 'r', 'm', '.', 'c', 'h', '\0', + /* "sscd.no", true */ 's', 's', 'c', 'd', '.', 'n', 'o', '\0', + /* "ssdax.com", false */ 's', 's', 'd', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "ssenberg.nl", true */ 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0', + /* "ssh-keys.online", true */ 's', 's', 'h', '-', 'k', 'e', 'y', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "ssh-vault.com", true */ 's', 's', 'h', '-', 'v', 'a', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0', + /* "sshool.at", true */ 's', 's', 'h', 'o', 'o', 'l', '.', 'a', 't', '\0', + /* "ssky.cn", true */ 's', 's', 'k', 'y', '.', 'c', 'n', '\0', + /* "ssl-zertifikate.de", true */ 's', 's', 'l', '-', 'z', 'e', 'r', 't', 'i', 'f', 'i', 'k', 'a', 't', 'e', '.', 'd', 'e', '\0', + /* "ssl.do", true */ 's', 's', 'l', '.', 'd', 'o', '\0', + /* "ssl.doctor", true */ 's', 's', 'l', '.', 'd', 'o', 'c', 't', 'o', 'r', '\0', + /* "ssl.google-analytics.com", true */ 's', 's', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "ssl.md", true */ 's', 's', 'l', '.', 'm', 'd', '\0', + /* "ssl247.co.uk", true */ 's', 's', 'l', '2', '4', '7', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ssl247.com.mx", true */ 's', 's', 'l', '2', '4', '7', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "ssl247.de", true */ 's', 's', 'l', '2', '4', '7', '.', 'd', 'e', '\0', + /* "ssl247.dk", true */ 's', 's', 'l', '2', '4', '7', '.', 'd', 'k', '\0', + /* "ssl888.com", true */ 's', 's', 'l', '8', '8', '8', '.', 'c', 'o', 'm', '\0', + /* "sslcertificaten.nl", true */ 's', 's', 'l', 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "sslcheck.nl", true */ 's', 's', 'l', 'c', 'h', 'e', 'c', 'k', '.', 'n', 'l', '\0', + /* "ssldecoder.org", true */ 's', 's', 'l', 'd', 'e', 'c', 'o', 'd', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "ssldev.net", true */ 's', 's', 'l', 'd', 'e', 'v', '.', 'n', 'e', 't', '\0', + /* "sslmate.com", true */ 's', 's', 'l', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "sslok.com", true */ 's', 's', 'l', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "sslping.com", true */ 's', 's', 'l', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "sslpoint.com", true */ 's', 's', 'l', 'p', 'o', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "ssls.cz", true */ 's', 's', 'l', 's', '.', 'c', 'z', '\0', + /* "sslsurvey.de", true */ 's', 's', 'l', 's', 'u', 'r', 'v', 'e', 'y', '.', 'd', 'e', '\0', + /* "sslzilla.de", true */ 's', 's', 'l', 'z', 'i', 'l', 'l', 'a', '.', 'd', 'e', '\0', + /* "ssnet.vip", true */ 's', 's', 'n', 'e', 't', '.', 'v', 'i', 'p', '\0', + /* "ssrvpn.tech", true */ 's', 's', 'r', 'v', 'p', 'n', '.', 't', 'e', 'c', 'h', '\0', + /* "sss3s.com", true */ 's', 's', 's', '3', 's', '.', 'c', 'o', 'm', '\0', + /* "sstaging.com", true */ 's', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "sstewartgallus.com", true */ 's', 's', 't', 'e', 'w', 'a', 'r', 't', 'g', 'a', 'l', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "ssuiteoffice.com", true */ 's', 's', 'u', 'i', 't', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "ssuitesoft.com", true */ 's', 's', 'u', 'i', 't', 'e', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "st-kilian-markt-erlbach.de", true */ 's', 't', '-', 'k', 'i', 'l', 'i', 'a', 'n', '-', 'm', 'a', 'r', 'k', 't', '-', 'e', 'r', 'l', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0', + /* "st-news.de", true */ 's', 't', '-', 'n', 'e', 'w', 's', '.', 'd', 'e', '\0', + /* "st-steuern.de", true */ 's', 't', '-', 's', 't', 'e', 'u', 'e', 'r', 'n', '.', 'd', 'e', '\0', + /* "staatschutz.at", true */ 's', 't', 'a', 'a', 't', 's', 'c', 'h', 'u', 't', 'z', '.', 'a', 't', '\0', + /* "staatsschutz.at", true */ 's', 't', 'a', 'a', 't', 's', 's', 'c', 'h', 'u', 't', 'z', '.', 'a', 't', '\0', + /* "staatsschutzgesetz.at", true */ 's', 't', 'a', 'a', 't', 's', 's', 'c', 'h', 'u', 't', 'z', 'g', 'e', 's', 'e', 't', 'z', '.', 'a', 't', '\0', + /* "stablelib.com", true */ 's', 't', 'a', 'b', 'l', 'e', 'l', 'i', 'b', '.', 'c', 'o', 'm', '\0', + /* "staceyhankeinc.com", true */ 's', 't', 'a', 'c', 'e', 'y', 'h', 'a', 'n', 'k', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "stackhub.cc", true */ 's', 't', 'a', 'c', 'k', 'h', 'u', 'b', '.', 'c', 'c', '\0', + /* "stackptr.com", true */ 's', 't', 'a', 'c', 'k', 'p', 't', 'r', '.', 'c', 'o', 'm', '\0', + /* "stacktile.io", false */ 's', 't', 'a', 'c', 'k', 't', 'i', 'l', 'e', '.', 'i', 'o', '\0', + /* "stackunderflow.com", true */ 's', 't', 'a', 'c', 'k', 'u', 'n', 'd', 'e', 'r', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "stadm.com", true */ 's', 't', 'a', 'd', 'm', '.', 'c', 'o', 'm', '\0', + /* "stadsbygd.info", true */ 's', 't', 'a', 'd', 's', 'b', 'y', 'g', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "stadt-apotheke-muensingen.de", true */ 's', 't', 'a', 'd', 't', '-', 'a', 'p', 'o', 't', 'h', 'e', 'k', 'e', '-', 'm', 'u', 'e', 'n', 's', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "stadterneuerung-hwb.de", true */ 's', 't', 'a', 'd', 't', 'e', 'r', 'n', 'e', 'u', 'e', 'r', 'u', 'n', 'g', '-', 'h', 'w', 'b', '.', 'd', 'e', '\0', + /* "stadtpapa.de", true */ 's', 't', 'a', 'd', 't', 'p', 'a', 'p', 'a', '.', 'd', 'e', '\0', + /* "stadtplan-ilmenau.de", true */ 's', 't', 'a', 'd', 't', 'p', 'l', 'a', 'n', '-', 'i', 'l', 'm', 'e', 'n', 'a', 'u', '.', 'd', 'e', '\0', + /* "stage-props-blank-guns.com", false */ 's', 't', 'a', 'g', 'e', '-', 'p', 'r', 'o', 'p', 's', '-', 'b', 'l', 'a', 'n', 'k', '-', 'g', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "stage.wepay.com", false */ 's', 't', 'a', 'g', 'e', '.', 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "stage4.ch", true */ 's', 't', 'a', 'g', 'e', '4', '.', 'c', 'h', '\0', + /* "stageirites.com", true */ 's', 't', 'a', 'g', 'e', 'i', 'r', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "stageirites.fr", true */ 's', 't', 'a', 'g', 'e', 'i', 'r', 'i', 't', 'e', 's', '.', 'f', 'r', '\0', + /* "stageirites.org", true */ 's', 't', 'a', 'g', 'e', 'i', 'r', 'i', 't', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "stagingjobshq.com", true */ 's', 't', 'a', 'g', 'i', 'n', 'g', 'j', 'o', 'b', 's', 'h', 'q', '.', 'c', 'o', 'm', '\0', + /* "stagstickets.co.uk", true */ 's', 't', 'a', 'g', 's', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "stahlfors.com", true */ 's', 't', 'a', 'h', 'l', 'f', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "stainedglass.net.au", true */ 's', 't', 'a', 'i', 'n', 'e', 'd', 'g', 'l', 'a', 's', 's', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "stair.ch", true */ 's', 't', 'a', 'i', 'r', '.', 'c', 'h', '\0', + /* "stairfallgames.com", true */ 's', 't', 'a', 'i', 'r', 'f', 'a', 'l', 'l', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "stairlin.com", true */ 's', 't', 'a', 'i', 'r', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "stalder.work", true */ 's', 't', 'a', 'l', 'd', 'e', 'r', '.', 'w', 'o', 'r', 'k', '\0', + /* "stalker-shop.com", true */ 's', 't', 'a', 'l', 'k', 'e', 'r', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "stalkr.net", true */ 's', 't', 'a', 'l', 'k', 'r', '.', 'n', 'e', 't', '\0', + /* "stamboommuller.nl", true */ 's', 't', 'a', 'm', 'b', 'o', 'o', 'm', 'm', 'u', 'l', 'l', 'e', 'r', '.', 'n', 'l', '\0', + /* "stamboomvanderwal.nl", true */ 's', 't', 'a', 'm', 'b', 'o', 'o', 'm', 'v', 'a', 'n', 'd', 'e', 'r', 'w', 'a', 'l', '.', 'n', 'l', '\0', + /* "stameystreet.com", true */ 's', 't', 'a', 'm', 'e', 'y', 's', 't', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "stamkassa.nl", true */ 's', 't', 'a', 'm', 'k', 'a', 's', 's', 'a', '.', 'n', 'l', '\0', + /* "stammtisch.domains", true */ 's', 't', 'a', 'm', 'm', 't', 'i', 's', 'c', 'h', '.', 'd', 'o', 'm', 'a', 'i', 'n', 's', '\0', + /* "stampederadon.com", true */ 's', 't', 'a', 'm', 'p', 'e', 'd', 'e', 'r', 'a', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "standagainstspying.org", true */ 's', 't', 'a', 'n', 'd', 'a', 'g', 'a', 'i', 'n', 's', 't', 's', 'p', 'y', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "standardequipment.com", true */ 's', 't', 'a', 'n', 'd', 'a', 'r', 'd', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "standards.gov", true */ 's', 't', 'a', 'n', 'd', 'a', 'r', 'd', 's', '.', 'g', 'o', 'v', '\0', + /* "standoutbooks.com", true */ 's', 't', 'a', 'n', 'd', 'o', 'u', 't', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "stanthonymaryclaret.org", true */ 's', 't', 'a', 'n', 't', 'h', 'o', 'n', 'y', 'm', 'a', 'r', 'y', 'c', 'l', 'a', 'r', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "star-citizen.wiki", true */ 's', 't', 'a', 'r', '-', 'c', 'i', 't', 'i', 'z', 'e', 'n', '.', 'w', 'i', 'k', 'i', '\0', + /* "star-killer.net", true */ 's', 't', 'a', 'r', '-', 'k', 'i', 'l', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "star-stuff.de", true */ 's', 't', 'a', 'r', '-', 's', 't', 'u', 'f', 'f', '.', 'd', 'e', '\0', + /* "starcafe.me", true */ 's', 't', 'a', 'r', 'c', 'a', 'f', 'e', '.', 'm', 'e', '\0', + /* "starcomproj.com", true */ 's', 't', 'a', 'r', 'c', 'o', 'm', 'p', 'r', 'o', 'j', '.', 'c', 'o', 'm', '\0', + /* "stardanceacademy.net", true */ 's', 't', 'a', 'r', 'd', 'a', 'n', 'c', 'e', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'n', 'e', 't', '\0', + /* "stardeeps.net", true */ 's', 't', 'a', 'r', 'd', 'e', 'e', 'p', 's', '.', 'n', 'e', 't', '\0', + /* "stardust-entertainments.co.uk", true */ 's', 't', 'a', 'r', 'd', 'u', 's', 't', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "starfm.de", true */ 's', 't', 'a', 'r', 'f', 'm', '.', 'd', 'e', '\0', + /* "stargarder-jungs.de", true */ 's', 't', 'a', 'r', 'g', 'a', 'r', 'd', 'e', 'r', '-', 'j', 'u', 'n', 'g', 's', '.', 'd', 'e', '\0', + /* "stargazer.de", true */ 's', 't', 'a', 'r', 'g', 'a', 'z', 'e', 'r', '.', 'd', 'e', '\0', + /* "stari.co", true */ 's', 't', 'a', 'r', 'i', '.', 'c', 'o', '\0', + /* "starina.ru", true */ 's', 't', 'a', 'r', 'i', 'n', 'a', '.', 'r', 'u', '\0', + /* "starka.st", true */ 's', 't', 'a', 'r', 'k', 'a', '.', 's', 't', '\0', + /* "starkbim.com", true */ 's', 't', 'a', 'r', 'k', 'b', 'i', 'm', '.', 'c', 'o', 'm', '\0', + /* "starlightentertainmentdevon.co.uk", true */ 's', 't', 'a', 'r', 'l', 'i', 'g', 'h', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 'd', 'e', 'v', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "starlim.co.in", true */ 's', 't', 'a', 'r', 'l', 'i', 'm', '.', 'c', 'o', '.', 'i', 'n', '\0', + /* "starlim.org", true */ 's', 't', 'a', 'r', 'l', 'i', 'm', '.', 'o', 'r', 'g', '\0', + /* "starpeak.org", true */ 's', 't', 'a', 'r', 'p', 'e', 'a', 'k', '.', 'o', 'r', 'g', '\0', + /* "starphotoboothsni.co.uk", true */ 's', 't', 'a', 'r', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', 'n', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "starplatinum.jp", true */ 's', 't', 'a', 'r', 'p', 'l', 'a', 't', 'i', 'n', 'u', 'm', '.', 'j', 'p', '\0', + /* "starquake.nl", true */ 's', 't', 'a', 'r', 'q', 'u', 'a', 'k', 'e', '.', 'n', 'l', '\0', + /* "starsam80.net", true */ 's', 't', 'a', 'r', 's', 'a', 'm', '8', '0', '.', 'n', 'e', 't', '\0', + /* "starsbattle.net", true */ 's', 't', 'a', 'r', 's', 'b', 'a', 't', 't', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "starstreak.net", true */ 's', 't', 'a', 'r', 's', 't', 'r', 'e', 'a', 'k', '.', 'n', 'e', 't', '\0', + /* "startaninflatablebusiness.com", true */ 's', 't', 'a', 'r', 't', 'a', 'n', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "startlab.sk", true */ 's', 't', 'a', 'r', 't', 'l', 'a', 'b', '.', 's', 'k', '\0', + /* "startpage.com", true */ 's', 't', 'a', 'r', 't', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "startpage.info", true */ 's', 't', 'a', 'r', 't', 'p', 'a', 'g', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "startrek.in", true */ 's', 't', 'a', 'r', 't', 'r', 'e', 'k', '.', 'i', 'n', '\0', + /* "starttraffic.com", true */ 's', 't', 'a', 'r', 't', 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "starttraffic.uk", true */ 's', 't', 'a', 'r', 't', 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'u', 'k', '\0', + /* "startup.melbourne", true */ 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0', + /* "startuplevel.com", true */ 's', 't', 'a', 'r', 't', 'u', 'p', 'l', 'e', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "startuppeople.co.uk", true */ 's', 't', 'a', 'r', 't', 'u', 'p', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "startupum.ru", true */ 's', 't', 'a', 'r', 't', 'u', 'p', 'u', 'm', '.', 'r', 'u', '\0', + /* "starwatches.eu", true */ 's', 't', 'a', 'r', 'w', 'a', 't', 'c', 'h', 'e', 's', '.', 'e', 'u', '\0', + /* "starwins.co.uk", true */ 's', 't', 'a', 'r', 'w', 'i', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "stassi.ch", true */ 's', 't', 'a', 's', 's', 'i', '.', 'c', 'h', '\0', + /* "stastka.ch", true */ 's', 't', 'a', 's', 't', 'k', 'a', '.', 'c', 'h', '\0', + /* "stat.ink", true */ 's', 't', 'a', 't', '.', 'i', 'n', 'k', '\0', + /* "state-of-body-and-mind.com", true */ 's', 't', 'a', 't', 'e', '-', 'o', 'f', '-', 'b', 'o', 'd', 'y', '-', 'a', 'n', 'd', '-', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "statecollegemortgages.com", true */ 's', 't', 'a', 't', 'e', 'c', 'o', 'l', 'l', 'e', 'g', 'e', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "static-692b8c32.de", true */ 's', 't', 'a', 't', 'i', 'c', '-', '6', '9', '2', 'b', '8', 'c', '3', '2', '.', 'd', 'e', '\0', + /* "static-myfxee-808795.c.cdn77.org", true */ 's', 't', 'a', 't', 'i', 'c', '-', 'm', 'y', 'f', 'x', 'e', 'e', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "static-myfxoau-808795.c.cdn77.org", true */ 's', 't', 'a', 't', 'i', 'c', '-', 'm', 'y', 'f', 'x', 'o', 'a', 'u', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "static-myfxouk-808795.c.cdn77.org", true */ 's', 't', 'a', 't', 'i', 'c', '-', 'm', 'y', 'f', 'x', 'o', 'u', 'k', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0', + /* "static.wepay.com", false */ 's', 't', 'a', 't', 'i', 'c', '.', 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "stationa.ch", true */ 's', 't', 'a', 't', 'i', 'o', 'n', 'a', '.', 'c', 'h', '\0', + /* "stationary-traveller.eu", true */ 's', 't', 'a', 't', 'i', 'o', 'n', 'a', 'r', 'y', '-', 't', 'r', 'a', 'v', 'e', 'l', 'l', 'e', 'r', '.', 'e', 'u', '\0', + /* "stationcharlie.co.za", true */ 's', 't', 'a', 't', 'i', 'o', 'n', 'c', 'h', 'a', 'r', 'l', 'i', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "statistikian.com", true */ 's', 't', 'a', 't', 'i', 's', 't', 'i', 'k', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "statofus.com", true */ 's', 't', 'a', 't', 'o', 'f', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "stats.g.doubleclick.net", true */ 's', 't', 'a', 't', 's', '.', 'g', '.', 'd', 'o', 'u', 'b', 'l', 'e', 'c', 'l', 'i', 'c', 'k', '.', 'n', 'e', 't', '\0', + /* "status2u.com", true */ 's', 't', 'a', 't', 'u', 's', '2', 'u', '.', 'c', 'o', 'm', '\0', + /* "statuscode.ch", true */ 's', 't', 'a', 't', 'u', 's', 'c', 'o', 'd', 'e', '.', 'c', 'h', '\0', + /* "stav.io", true */ 's', 't', 'a', 'v', '.', 'i', 'o', '\0', + /* "stavros.ovh", true */ 's', 't', 'a', 'v', 'r', 'o', 's', '.', 'o', 'v', 'h', '\0', + /* "staxflax.tk", true */ 's', 't', 'a', 'x', 'f', 'l', 'a', 'x', '.', 't', 'k', '\0', + /* "stay.black", true */ 's', 't', 'a', 'y', '.', 'b', 'l', 'a', 'c', 'k', '\0', + /* "stayme.cz", true */ 's', 't', 'a', 'y', 'm', 'e', '.', 'c', 'z', '\0', + /* "stb-schefczyk.de", true */ 's', 't', 'b', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0', + /* "stb-strzyzewski.de", true */ 's', 't', 'b', '-', 's', 't', 'r', 'z', 'y', 'z', 'e', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0', + /* "stbennett.org", true */ 's', 't', 'b', 'e', 'n', 'n', 'e', 't', 't', '.', 'o', 'r', 'g', '\0', + /* "stcu.org", true */ 's', 't', 'c', 'u', '.', 'o', 'r', 'g', '\0', + /* "std-home-test.com", true */ 's', 't', 'd', '-', 'h', 'o', 'm', 'e', '-', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "stderr.cc", true */ 's', 't', 'd', 'e', 'r', 'r', '.', 'c', 'c', '\0', + /* "stdrc.cc", true */ 's', 't', 'd', 'r', 'c', '.', 'c', 'c', '\0', + /* "steakovercooked.com", true */ 's', 't', 'e', 'a', 'k', 'o', 'v', 'e', 'r', 'c', 'o', 'o', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "stealsaga.net", true */ 's', 't', 'e', 'a', 'l', 's', 'a', 'g', 'a', '.', 'n', 'e', 't', '\0', + /* "steamdb.info", true */ 's', 't', 'e', 'a', 'm', 'd', 'b', '.', 'i', 'n', 'f', 'o', '\0', + /* "steamerrors.com", true */ 's', 't', 'e', 'a', 'm', 'e', 'r', 'r', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "steamgifts.com", true */ 's', 't', 'e', 'a', 'm', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "steampress.io", true */ 's', 't', 'e', 'a', 'm', 'p', 'r', 'e', 's', 's', '.', 'i', 'o', '\0', + /* "steamscore.info", true */ 's', 't', 'e', 'a', 'm', 's', 'c', 'o', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "steamtrades.com", true */ 's', 't', 'e', 'a', 'm', 't', 'r', 'a', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "steborio.pw", true */ 's', 't', 'e', 'b', 'o', 'r', 'i', 'o', '.', 'p', 'w', '\0', + /* "steckel.cc", true */ 's', 't', 'e', 'c', 'k', 'e', 'l', '.', 'c', 'c', '\0', + /* "steckregal-super.de", false */ 's', 't', 'e', 'c', 'k', 'r', 'e', 'g', 'a', 'l', '-', 's', 'u', 'p', 'e', 'r', '.', 'd', 'e', '\0', + /* "stedb.eu", true */ 's', 't', 'e', 'd', 'b', '.', 'e', 'u', '\0', + /* "stedbg.net", true */ 's', 't', 'e', 'd', 'b', 'g', '.', 'n', 'e', 't', '\0', + /* "steef389.eu", true */ 's', 't', 'e', 'e', 'f', '3', '8', '9', '.', 'e', 'u', '\0', + /* "steelephys.com.au", true */ 's', 't', 'e', 'e', 'l', 'e', 'p', 'h', 'y', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "steemit.com", true */ 's', 't', 'e', 'e', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "steenackers.be", true */ 's', 't', 'e', 'e', 'n', 'a', 'c', 'k', 'e', 'r', 's', '.', 'b', 'e', '\0', + /* "stefan-bayer.eu", true */ 's', 't', 'e', 'f', 'a', 'n', '-', 'b', 'a', 'y', 'e', 'r', '.', 'e', 'u', '\0', + /* "stefan-schlueter.de", true */ 's', 't', 'e', 'f', 'a', 'n', '-', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "stefanbayer.de", true */ 's', 't', 'e', 'f', 'a', 'n', 'b', 'a', 'y', 'e', 'r', '.', 'd', 'e', '\0', + /* "stefanovski.io", false */ 's', 't', 'e', 'f', 'a', 'n', 'o', 'v', 's', 'k', 'i', '.', 'i', 'o', '\0', + /* "stefanvanburen.xyz", true */ 's', 't', 'e', 'f', 'a', 'n', 'v', 'a', 'n', 'b', 'u', 'r', 'e', 'n', '.', 'x', 'y', 'z', '\0', + /* "stefany.eu", true */ 's', 't', 'e', 'f', 'a', 'n', 'y', '.', 'e', 'u', '\0', + /* "steidlewirt.de", true */ 's', 't', 'e', 'i', 'd', 'l', 'e', 'w', 'i', 'r', 't', '.', 'd', 'e', '\0', + /* "steigerplank.com", false */ 's', 't', 'e', 'i', 'g', 'e', 'r', 'p', 'l', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "steinbergmedia.de", true */ 's', 't', 'e', 'i', 'n', 'b', 'e', 'r', 'g', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0', + /* "steinibox.de", true */ 's', 't', 'e', 'i', 'n', 'i', 'b', 'o', 'x', '.', 'd', 'e', '\0', + /* "steklein.de", true */ 's', 't', 'e', 'k', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0', + /* "stella-artis-ensemble.at", true */ 's', 't', 'e', 'l', 'l', 'a', '-', 'a', 'r', 't', 'i', 's', '-', 'e', 'n', 's', 'e', 'm', 'b', 'l', 'e', '.', 'a', 't', '\0', + /* "stellanova-planeten.de", false */ 's', 't', 'e', 'l', 'l', 'a', 'n', 'o', 'v', 'a', '-', 'p', 'l', 'a', 'n', 'e', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "stellarium-gornergrat.ch", true */ 's', 't', 'e', 'l', 'l', 'a', 'r', 'i', 'u', 'm', '-', 'g', 'o', 'r', 'n', 'e', 'r', 'g', 'r', 'a', 't', '.', 'c', 'h', '\0', + /* "stellarvale.net", true */ 's', 't', 'e', 'l', 'l', 'a', 'r', 'v', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "stellen.ch", true */ 's', 't', 'e', 'l', 'l', 'e', 'n', '.', 'c', 'h', '\0', + /* "stelleninserate.de", true */ 's', 't', 'e', 'l', 'l', 'e', 'n', 'i', 'n', 's', 'e', 'r', 'a', 't', 'e', '.', 'd', 'e', '\0', + /* "stellenticket.de", true */ 's', 't', 'e', 'l', 'l', 'e', 'n', 't', 'i', 'c', 'k', 'e', 't', '.', 'd', 'e', '\0', + /* "stellmacher.name", true */ 's', 't', 'e', 'l', 'l', 'm', 'a', 'c', 'h', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0', + /* "stem.is", true */ 's', 't', 'e', 'm', '.', 'i', 's', '\0', + /* "stembureauledenindenhaag.nl", true */ 's', 't', 'e', 'm', 'b', 'u', 'r', 'e', 'a', 'u', 'l', 'e', 'd', 'e', 'n', 'i', 'n', 'd', 'e', 'n', 'h', 'a', 'a', 'g', '.', 'n', 'l', '\0', + /* "stemsims.com", true */ 's', 't', 'e', 'm', 's', 'i', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "stening.co", true */ 's', 't', 'e', 'n', 'i', 'n', 'g', '.', 'c', 'o', '\0', + /* "stenzhorn-cloud.de", true */ 's', 't', 'e', 'n', 'z', 'h', 'o', 'r', 'n', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "stepanvanek.cz", true */ 's', 't', 'e', 'p', 'a', 'n', 'v', 'a', 'n', 'e', 'k', '.', 'c', 'z', '\0', + /* "steph3n.me", true */ 's', 't', 'e', 'p', 'h', '3', 'n', '.', 'm', 'e', '\0', + /* "stephan-matthiesen.de", true */ 's', 't', 'e', 'p', 'h', 'a', 'n', '-', 'm', 'a', 't', 't', 'h', 'i', 'e', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "stephane-huc.net", true */ 's', 't', 'e', 'p', 'h', 'a', 'n', 'e', '-', 'h', 'u', 'c', '.', 'n', 'e', 't', '\0', + /* "stephanieschreiber.com", true */ 's', 't', 'e', 'p', 'h', 'a', 'n', 'i', 'e', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "stephenhaunts.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'h', 'a', 'u', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "stephenhorler.com.au", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'h', 'o', 'r', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "stephenj.co.uk", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'j', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "stephenjvoiceovers.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'j', 'v', 'o', 'i', 'c', 'e', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "stephenperreira.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'p', 'e', 'r', 'r', 'e', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "stephenschrauger.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "stephenschrauger.info", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "stephenschrauger.net", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "stephenschrauger.org", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "stephenskory.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'k', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "stephensol.is", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', '.', 'i', 's', '\0', + /* "stephensolis.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "stephensolis.net", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "stephensolisrey.es", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', 'i', 's', 'r', 'e', 'y', '.', 'e', 's', '\0', + /* "stephsolis.net", true */ 's', 't', 'e', 'p', 'h', 's', 'o', 'l', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "stephspace.net", true */ 's', 't', 'e', 'p', 'h', 's', 'p', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "steplogictalent.com", true */ 's', 't', 'e', 'p', 'l', 'o', 'g', 'i', 'c', 't', 'a', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "stepstone.dk", true */ 's', 't', 'e', 'p', 's', 't', 'o', 'n', 'e', '.', 'd', 'k', '\0', + /* "stepsweb.com", true */ 's', 't', 'e', 'p', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "ster-enzo.nl", true */ 's', 't', 'e', 'r', '-', 'e', 'n', 'z', 'o', '.', 'n', 'l', '\0', + /* "sterchi-fromages.ch", true */ 's', 't', 'e', 'r', 'c', 'h', 'i', '-', 'f', 'r', 'o', 'm', 'a', 'g', 'e', 's', '.', 'c', 'h', '\0', + /* "stereo.lu", true */ 's', 't', 'e', 'r', 'e', 'o', '.', 'l', 'u', '\0', + /* "stereochro.me", false */ 's', 't', 'e', 'r', 'e', 'o', 'c', 'h', 'r', 'o', '.', 'm', 'e', '\0', + /* "stern-freunde.de", true */ 's', 't', 'e', 'r', 'n', '-', 'f', 'r', 'e', 'u', 'n', 'd', 'e', '.', 'd', 'e', '\0', + /* "stern.koeln", true */ 's', 't', 'e', 'r', 'n', '.', 'k', 'o', 'e', 'l', 'n', '\0', + /* "sternen-sitzberg.ch", true */ 's', 't', 'e', 'r', 'n', 'e', 'n', '-', 's', 'i', 't', 'z', 'b', 'e', 'r', 'g', '.', 'c', 'h', '\0', + /* "sternplastic.com", true */ 's', 't', 'e', 'r', 'n', 'p', 'l', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "stesti.cz", true */ 's', 't', 'e', 's', 't', 'i', '.', 'c', 'z', '\0', + /* "stetspa.it", true */ 's', 't', 'e', 't', 's', 'p', 'a', '.', 'i', 't', '\0', + /* "steuerkanzlei-edel.de", true */ 's', 't', 'e', 'u', 'e', 'r', 'k', 'a', 'n', 'z', 'l', 'e', 'i', '-', 'e', 'd', 'e', 'l', '.', 'd', 'e', '\0', + /* "steuerseminare-graf.de", true */ 's', 't', 'e', 'u', 'e', 'r', 's', 'e', 'm', 'i', 'n', 'a', 'r', 'e', '-', 'g', 'r', 'a', 'f', '.', 'd', 'e', '\0', + /* "steve.kiwi", true */ 's', 't', 'e', 'v', 'e', '.', 'k', 'i', 'w', 'i', '\0', + /* "steveborba.com", true */ 's', 't', 'e', 'v', 'e', 'b', 'o', 'r', 'b', 'a', '.', 'c', 'o', 'm', '\0', + /* "stevedesmond.ca", true */ 's', 't', 'e', 'v', 'e', 'd', 'e', 's', 'm', 'o', 'n', 'd', '.', 'c', 'a', '\0', + /* "stevedoggett.com", true */ 's', 't', 'e', 'v', 'e', 'd', 'o', 'g', 'g', 'e', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "stevegrav.es", true */ 's', 't', 'e', 'v', 'e', 'g', 'r', 'a', 'v', '.', 'e', 's', '\0', + /* "stevenberg.net", true */ 's', 't', 'e', 'v', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'e', 't', '\0', + /* "stevengoodpaster.com", true */ 's', 't', 'e', 'v', 'e', 'n', 'g', 'o', 'o', 'd', 'p', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "stevenhumphrey.uk", true */ 's', 't', 'e', 'v', 'e', 'n', 'h', 'u', 'm', 'p', 'h', 'r', 'e', 'y', '.', 'u', 'k', '\0', + /* "stevenkwan.me", true */ 's', 't', 'e', 'v', 'e', 'n', 'k', 'w', 'a', 'n', '.', 'm', 'e', '\0', + /* "stevens.se", true */ 's', 't', 'e', 'v', 'e', 'n', 's', '.', 's', 'e', '\0', + /* "stevenski.com", false */ 's', 't', 'e', 'v', 'e', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "steventress.com", true */ 's', 't', 'e', 'v', 'e', 'n', 't', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "stevenwooding.com", true */ 's', 't', 'e', 'v', 'e', 'n', 'w', 'o', 'o', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "stevenz.science", true */ 's', 't', 'e', 'v', 'e', 'n', 'z', '.', 's', 'c', 'i', 'e', 'n', 'c', 'e', '\0', + /* "stevenz.xyz", true */ 's', 't', 'e', 'v', 'e', 'n', 'z', '.', 'x', 'y', 'z', '\0', + /* "stevesdrivingschooltyneside.com", true */ 's', 't', 'e', 'v', 'e', 's', 'd', 'r', 'i', 'v', 'i', 'n', 'g', 's', 'c', 'h', 'o', 'o', 'l', 't', 'y', 'n', 'e', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "stewartswines.com", true */ 's', 't', 'e', 'w', 'a', 'r', 't', 's', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "stewonet.nl", true */ 's', 't', 'e', 'w', 'o', 'n', 'e', 't', '.', 'n', 'l', '\0', + /* "steyaert.be", false */ 's', 't', 'e', 'y', 'a', 'e', 'r', 't', '.', 'b', 'e', '\0', + /* "stforex.com", true */ 's', 't', 'f', 'o', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "stfw.info", true */ 's', 't', 'f', 'w', '.', 'i', 'n', 'f', 'o', '\0', + /* "stichtingliab.nl", true */ 's', 't', 'i', 'c', 'h', 't', 'i', 'n', 'g', 'l', 'i', 'a', 'b', '.', 'n', 'l', '\0', + /* "stichtingscholierenvervoerzeeland.nl", true */ 's', 't', 'i', 'c', 'h', 't', 'i', 'n', 'g', 's', 'c', 'h', 'o', 'l', 'i', 'e', 'r', 'e', 'n', 'v', 'e', 'r', 'v', 'o', 'e', 'r', 'z', 'e', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "stichtingsticky.nl", true */ 's', 't', 'i', 'c', 'h', 't', 'i', 'n', 'g', 's', 't', 'i', 'c', 'k', 'y', '.', 'n', 'l', '\0', + /* "stick2bike.de", true */ 's', 't', 'i', 'c', 'k', '2', 'b', 'i', 'k', 'e', '.', 'd', 'e', '\0', + /* "stickergiant.com", true */ 's', 't', 'i', 'c', 'k', 'e', 'r', 'g', 'i', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "stickies.io", true */ 's', 't', 'i', 'c', 'k', 'i', 'e', 's', '.', 'i', 'o', '\0', + /* "stickmanventures.com", false */ 's', 't', 'i', 'c', 'k', 'm', 'a', 'n', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "stift-kremsmuenster.at", true */ 's', 't', 'i', 'f', 't', '-', 'k', 'r', 'e', 'm', 's', 'm', 'u', 'e', 'n', 's', 't', 'e', 'r', '.', 'a', 't', '\0', + /* "stigharder.com", true */ 's', 't', 'i', 'g', 'h', 'a', 'r', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "stijnbelmans.be", true */ 's', 't', 'i', 'j', 'n', 'b', 'e', 'l', 'm', 'a', 'n', 's', '.', 'b', 'e', '\0', + /* "stijnodink.nl", true */ 's', 't', 'i', 'j', 'n', 'o', 'd', 'i', 'n', 'k', '.', 'n', 'l', '\0', + /* "stikic.me", true */ 's', 't', 'i', 'k', 'i', 'c', '.', 'm', 'e', '\0', + /* "stikkie.me", true */ 's', 't', 'i', 'k', 'k', 'i', 'e', '.', 'm', 'e', '\0', + /* "stikonas.eu", false */ 's', 't', 'i', 'k', 'o', 'n', 'a', 's', '.', 'e', 'u', '\0', + /* "stilartmoebel.de", true */ 's', 't', 'i', 'l', 'a', 'r', 't', 'm', 'o', 'e', 'b', 'e', 'l', '.', 'd', 'e', '\0', + /* "stillyarts.com", false */ 's', 't', 'i', 'l', 'l', 'y', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "stilmobil.se", true */ 's', 't', 'i', 'l', 'm', 'o', 'b', 'i', 'l', '.', 's', 'e', '\0', + /* "stimmgabel.lu", true */ 's', 't', 'i', 'm', 'm', 'g', 'a', 'b', 'e', 'l', '.', 'l', 'u', '\0', + /* "stin.hr", true */ 's', 't', 'i', 'n', '.', 'h', 'r', '\0', + /* "stintup.com", true */ 's', 't', 'i', 'n', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "stipsan.me", true */ 's', 't', 'i', 'p', 's', 'a', 'n', '.', 'm', 'e', '\0', + /* "stirling.co", true */ 's', 't', 'i', 'r', 'l', 'i', 'n', 'g', '.', 'c', 'o', '\0', + /* "stirlingpoon.com", true */ 's', 't', 'i', 'r', 'l', 'i', 'n', 'g', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "stitchfiddle.com", true */ 's', 't', 'i', 't', 'c', 'h', 'f', 'i', 'd', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "stitthappens.com", true */ 's', 't', 'i', 't', 't', 'h', 'a', 'p', 'p', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "stivesbouncycastlehire.co.uk", true */ 's', 't', 'i', 'v', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "stjohnin.com", true */ 's', 't', 'j', 'o', 'h', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "stjohnmiami.org", true */ 's', 't', 'j', 'o', 'h', 'n', 'm', 'i', 'a', 'm', 'i', '.', 'o', 'r', 'g', '\0', + /* "stjohnsc.com", true */ 's', 't', 'j', 'o', 'h', 'n', 's', 'c', '.', 'c', 'o', 'm', '\0', + /* "stlu.de", true */ 's', 't', 'l', 'u', '.', 'd', 'e', '\0', + /* "stlucasmuseum.org", true */ 's', 't', 'l', 'u', 'c', 'a', 's', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "stlukesbrandon.org", true */ 's', 't', 'l', 'u', 'k', 'e', 's', 'b', 'r', 'a', 'n', 'd', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "stm-net.de", true */ 's', 't', 'm', '-', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "stmlearning.com", true */ 's', 't', 'm', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "stmsolutions.pl", true */ 's', 't', 'm', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'p', 'l', '\0', + /* "stneotsbouncycastlehire.co.uk", true */ 's', 't', 'n', 'e', 'o', 't', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "stnl.de", false */ 's', 't', 'n', 'l', '.', 'd', 'e', '\0', + /* "stockpile.com", true */ 's', 't', 'o', 'c', 'k', 'p', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "stockrow.com", true */ 's', 't', 'o', 'c', 'k', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "stocktrader.com", true */ 's', 't', 'o', 'c', 'k', 't', 'r', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "stodieck.com", true */ 's', 't', 'o', 'd', 'i', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "stoebermehl.at", true */ 's', 't', 'o', 'e', 'b', 'e', 'r', 'm', 'e', 'h', 'l', '.', 'a', 't', '\0', + /* "stoffelen.nl", true */ 's', 't', 'o', 'f', 'f', 'e', 'l', 'e', 'n', '.', 'n', 'l', '\0', + /* "stoffelnet.de", true */ 's', 't', 'o', 'f', 'f', 'e', 'l', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "stoianlawfirm.com", true */ 's', 't', 'o', 'i', 'a', 'n', 'l', 'a', 'w', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "stolina.de", false */ 's', 't', 'o', 'l', 'i', 'n', 'a', '.', 'd', 'e', '\0', + /* "stolkpotplanten.nl", true */ 's', 't', 'o', 'l', 'k', 'p', 'o', 't', 'p', 'l', 'a', 'n', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "stolkschepen.nl", true */ 's', 't', 'o', 'l', 'k', 's', 'c', 'h', 'e', 'p', 'e', 'n', '.', 'n', 'l', '\0', + /* "stomadental.com", true */ 's', 't', 'o', 'm', 'a', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "stonedworms.de", true */ 's', 't', 'o', 'n', 'e', 'd', 'w', 'o', 'r', 'm', 's', '.', 'd', 'e', '\0', + /* "stonefusion.org.uk", true */ 's', 't', 'o', 'n', 'e', 'f', 'u', 's', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "stonehammerhead.org", true */ 's', 't', 'o', 'n', 'e', 'h', 'a', 'm', 'm', 'e', 'r', 'h', 'e', 'a', 'd', '.', 'o', 'r', 'g', '\0', + /* "stonemain.eu", true */ 's', 't', 'o', 'n', 'e', 'm', 'a', 'i', 'n', '.', 'e', 'u', '\0', + /* "stonewuu.com", true */ 's', 't', 'o', 'n', 'e', 'w', 'u', 'u', '.', 'c', 'o', 'm', '\0', + /* "stony.com", true */ 's', 't', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "stonystratford.org", true */ 's', 't', 'o', 'n', 'y', 's', 't', 'r', 'a', 't', 'f', 'o', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "stopakwardhandshakes.org", true */ 's', 't', 'o', 'p', 'a', 'k', 'w', 'a', 'r', 'd', 'h', 'a', 'n', 'd', 's', 'h', 'a', 'k', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "stopbullying.gov", true */ 's', 't', 'o', 'p', 'b', 'u', 'l', 'l', 'y', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0', + /* "stopfraud.gov", true */ 's', 't', 'o', 'p', 'f', 'r', 'a', 'u', 'd', '.', 'g', 'o', 'v', '\0', + /* "stopthethyroidmadness.com", true */ 's', 't', 'o', 'p', 't', 'h', 'e', 't', 'h', 'y', 'r', 'o', 'i', 'd', 'm', 'a', 'd', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "stordbatlag.no", true */ 's', 't', 'o', 'r', 'd', 'b', 'a', 't', 'l', 'a', 'g', '.', 'n', 'o', '\0', + /* "store10.de", false */ 's', 't', 'o', 'r', 'e', '1', '0', '.', 'd', 'e', '\0', + /* "storedsafe.com", true */ 's', 't', 'o', 'r', 'e', 'd', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "storgom.ua", false */ 's', 't', 'o', 'r', 'g', 'o', 'm', '.', 'u', 'a', '\0', + /* "stormi.io", true */ 's', 't', 'o', 'r', 'm', 'i', '.', 'i', 'o', '\0', + /* "stormwatcher.org", true */ 's', 't', 'o', 'r', 'm', 'w', 'a', 't', 'c', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "storvann.net", true */ 's', 't', 'o', 'r', 'v', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0', + /* "storvann.no", true */ 's', 't', 'o', 'r', 'v', 'a', 'n', 'n', '.', 'n', 'o', '\0', + /* "storycollective.film", true */ 's', 't', 'o', 'r', 'y', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'f', 'i', 'l', 'm', '\0', + /* "storycollective.nl", true */ 's', 't', 'o', 'r', 'y', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'n', 'l', '\0', + /* "storyland.ie", true */ 's', 't', 'o', 'r', 'y', 'l', 'a', 'n', 'd', '.', 'i', 'e', '\0', + /* "storysift.news", true */ 's', 't', 'o', 'r', 'y', 's', 'i', 'f', 't', '.', 'n', 'e', 'w', 's', '\0', + /* "storytime.hu", true */ 's', 't', 'o', 'r', 'y', 't', 'i', 'm', 'e', '.', 'h', 'u', '\0', + /* "stoxford.com", true */ 's', 't', 'o', 'x', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "stpatricksguild.com", true */ 's', 't', 'p', 'a', 't', 'r', 'i', 'c', 'k', 's', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "straatderzotten.nl", true */ 's', 't', 'r', 'a', 'a', 't', 'd', 'e', 'r', 'z', 'o', 't', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "strahlende-augen.info", true */ 's', 't', 'r', 'a', 'h', 'l', 'e', 'n', 'd', 'e', '-', 'a', 'u', 'g', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "straka.name", true */ 's', 't', 'r', 'a', 'k', 'a', '.', 'n', 'a', 'm', 'e', '\0', + /* "strangemusicinc.net", true */ 's', 't', 'r', 'a', 'n', 'g', 'e', 'm', 'u', 's', 'i', 'c', 'i', 'n', 'c', '.', 'n', 'e', 't', '\0', + /* "strangeplace.net", true */ 's', 't', 'r', 'a', 'n', 'g', 'e', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "strate.io", true */ 's', 't', 'r', 'a', 't', 'e', '.', 'i', 'o', '\0', + /* "strategiclivingblog.com", true */ 's', 't', 'r', 'a', 't', 'e', 'g', 'i', 'c', 'l', 'i', 'v', 'i', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "strategie-zone.de", true */ 's', 't', 'r', 'a', 't', 'e', 'g', 'i', 'e', '-', 'z', 'o', 'n', 'e', '.', 'd', 'e', '\0', + /* "strathewerd.de", true */ 's', 't', 'r', 'a', 't', 'h', 'e', 'w', 'e', 'r', 'd', '.', 'd', 'e', '\0', + /* "stratmann-b.de", true */ 's', 't', 'r', 'a', 't', 'm', 'a', 'n', 'n', '-', 'b', '.', 'd', 'e', '\0', + /* "straubis.org", true */ 's', 't', 'r', 'a', 'u', 'b', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "strauser.com", true */ 's', 't', 'r', 'a', 'u', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "stravers.shoes", true */ 's', 't', 'r', 'a', 'v', 'e', 'r', 's', '.', 's', 'h', 'o', 'e', 's', '\0', + /* "stream-ing.xyz", true */ 's', 't', 'r', 'e', 'a', 'm', '-', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0', + /* "streamchan.org", true */ 's', 't', 'r', 'e', 'a', 'm', 'c', 'h', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "streamdesk.ca", true */ 's', 't', 'r', 'e', 'a', 'm', 'd', 'e', 's', 'k', '.', 'c', 'a', '\0', + /* "streamer.tips", true */ 's', 't', 'r', 'e', 'a', 'm', 'e', 'r', '.', 't', 'i', 'p', 's', '\0', + /* "streamingeverywhere.com", true */ 's', 't', 'r', 'e', 'a', 'm', 'i', 'n', 'g', 'e', 'v', 'e', 'r', 'y', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "streamlineautogroup.com", true */ 's', 't', 'r', 'e', 'a', 'm', 'l', 'i', 'n', 'e', 'a', 'u', 't', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "streampanel.net", true */ 's', 't', 'r', 'e', 'a', 'm', 'p', 'a', 'n', 'e', 'l', '.', 'n', 'e', 't', '\0', + /* "streamthemeeting.com", true */ 's', 't', 'r', 'e', 'a', 'm', 't', 'h', 'e', 'm', 'e', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "streamzilla.com", true */ 's', 't', 'r', 'e', 'a', 'm', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "street-smart-home.de", true */ 's', 't', 'r', 'e', 'e', 't', '-', 's', 'm', 'a', 'r', 't', '-', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0', + /* "streetdancecenter.com", true */ 's', 't', 'r', 'e', 'e', 't', 'd', 'a', 'n', 'c', 'e', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "streets.mn", true */ 's', 't', 'r', 'e', 'e', 't', 's', '.', 'm', 'n', '\0', + /* "streetspotr.com", true */ 's', 't', 'r', 'e', 'e', 't', 's', 'p', 'o', 't', 'r', '.', 'c', 'o', 'm', '\0', + /* "streetview.wien", true */ 's', 't', 'r', 'e', 'e', 't', 'v', 'i', 'e', 'w', '.', 'w', 'i', 'e', 'n', '\0', + /* "strefapi.com", true */ 's', 't', 'r', 'e', 'f', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "strehl.tk", true */ 's', 't', 'r', 'e', 'h', 'l', '.', 't', 'k', '\0', + /* "streklhof.at", true */ 's', 't', 'r', 'e', 'k', 'l', 'h', 'o', 'f', '.', 'a', 't', '\0', + /* "strengthroots.com", true */ 's', 't', 'r', 'e', 'n', 'g', 't', 'h', 'r', 'o', 'o', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "stressfreehousehold.com", true */ 's', 't', 'r', 'e', 's', 's', 'f', 'r', 'e', 'e', 'h', 'o', 'u', 's', 'e', 'h', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "stretchmyan.us", true */ 's', 't', 'r', 'e', 't', 'c', 'h', 'm', 'y', 'a', 'n', '.', 'u', 's', '\0', + /* "stretchpc.com", true */ 's', 't', 'r', 'e', 't', 'c', 'h', 'p', 'c', '.', 'c', 'o', 'm', '\0', + /* "stricted.net", true */ 's', 't', 'r', 'i', 'c', 't', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "strictlynormal.com", true */ 's', 't', 'r', 'i', 'c', 't', 'l', 'y', 'n', 'o', 'r', 'm', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "strijkshop.be", true */ 's', 't', 'r', 'i', 'j', 'k', 's', 'h', 'o', 'p', '.', 'b', 'e', '\0', + /* "stringtoolbox.com", true */ 's', 't', 'r', 'i', 'n', 'g', 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "stringvox.com", true */ 's', 't', 'r', 'i', 'n', 'g', 'v', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "stripe.com", true */ 's', 't', 'r', 'i', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "striptizer.tk", true */ 's', 't', 'r', 'i', 'p', 't', 'i', 'z', 'e', 'r', '.', 't', 'k', '\0', + /* "strm.hu", true */ 's', 't', 'r', 'm', '.', 'h', 'u', '\0', + /* "strobeltobias.de", true */ 's', 't', 'r', 'o', 'b', 'e', 'l', 't', 'o', 'b', 'i', 'a', 's', '.', 'd', 'e', '\0', + /* "strobeto.de", true */ 's', 't', 'r', 'o', 'b', 'e', 't', 'o', '.', 'd', 'e', '\0', + /* "strobotti.com", true */ 's', 't', 'r', 'o', 'b', 'o', 't', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "stroginohelp.ru", true */ 's', 't', 'r', 'o', 'g', 'i', 'n', 'o', 'h', 'e', 'l', 'p', '.', 'r', 'u', '\0', + /* "strom.family", true */ 's', 't', 'r', 'o', 'm', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0', + /* "strongrandom.com", false */ 's', 't', 'r', 'o', 'n', 'g', 'r', 'a', 'n', 'd', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "strozik.de", true */ 's', 't', 'r', 'o', 'z', 'i', 'k', '.', 'd', 'e', '\0', + /* "structurally.net", true */ 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'a', 'l', 'l', 'y', '.', 'n', 'e', 't', '\0', + /* "strugee.net", true */ 's', 't', 'r', 'u', 'g', 'e', 'e', '.', 'n', 'e', 't', '\0', + /* "strutta.me", true */ 's', 't', 'r', 'u', 't', 't', 'a', '.', 'm', 'e', '\0', + /* "struxureon.com", true */ 's', 't', 'r', 'u', 'x', 'u', 'r', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "strydom.me.uk", true */ 's', 't', 'r', 'y', 'd', 'o', 'm', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "stt.wiki", true */ 's', 't', 't', '.', 'w', 'i', 'k', 'i', '\0', + /* "stuartbell.co.uk", true */ 's', 't', 'u', 'a', 'r', 't', 'b', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "stuarts.xyz", true */ 's', 't', 'u', 'a', 'r', 't', 's', '.', 'x', 'y', 'z', '\0', + /* "stuco.co", true */ 's', 't', 'u', 'c', 'o', '.', 'c', 'o', '\0', + /* "stucydee.nl", true */ 's', 't', 'u', 'c', 'y', 'd', 'e', 'e', '.', 'n', 'l', '\0', + /* "studenckiemetody.pl", true */ 's', 't', 'u', 'd', 'e', 'n', 'c', 'k', 'i', 'e', 'm', 'e', 't', 'o', 'd', 'y', '.', 'p', 'l', '\0', + /* "student-eshop.cz", true */ 's', 't', 'u', 'd', 'e', 'n', 't', '-', 'e', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0', + /* "student-eshop.sk", true */ 's', 't', 'u', 'd', 'e', 'n', 't', '-', 'e', 's', 'h', 'o', 'p', '.', 's', 'k', '\0', + /* "student.andover.edu", true */ 's', 't', 'u', 'd', 'e', 'n', 't', '.', 'a', 'n', 'd', 'o', 'v', 'e', 'r', '.', 'e', 'd', 'u', '\0', + /* "studentforums.biz", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 'f', 'o', 'r', 'u', 'm', 's', '.', 'b', 'i', 'z', '\0', + /* "studentite.bg", false */ 's', 't', 'u', 'd', 'e', 'n', 't', 'i', 't', 'e', '.', 'b', 'g', '\0', + /* "studentloans.gov", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 'l', 'o', 'a', 'n', 's', '.', 'g', 'o', 'v', '\0', + /* "studentrightsadvocate.org", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 'r', 'i', 'g', 'h', 't', 's', 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "studenttenant.com", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 't', 'e', 'n', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "studer.su", true */ 's', 't', 'u', 'd', 'e', 'r', '.', 's', 'u', '\0', + /* "studiemeter.nl", true */ 's', 't', 'u', 'd', 'i', 'e', 'm', 'e', 't', 'e', 'r', '.', 'n', 'l', '\0', + /* "studienportal.eu", true */ 's', 't', 'u', 'd', 'i', 'e', 'n', 'p', 'o', 'r', 't', 'a', 'l', '.', 'e', 'u', '\0', + /* "studienservice.de", true */ 's', 't', 'u', 'd', 'i', 'e', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'd', 'e', '\0', + /* "studiereader.nl", true */ 's', 't', 'u', 'd', 'i', 'e', 'r', 'e', 'a', 'd', 'e', 'r', '.', 'n', 'l', '\0', + /* "studio-architetto.com", true */ 's', 't', 'u', 'd', 'i', 'o', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 't', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "studio-fotografico.ru", true */ 's', 't', 'u', 'd', 'i', 'o', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'c', 'o', '.', 'r', 'u', '\0', + /* "studiodentisticosanmarco.it", true */ 's', 't', 'u', 'd', 'i', 'o', 'd', 'e', 'n', 't', 'i', 's', 't', 'i', 'c', 'o', 's', 'a', 'n', 'm', 'a', 'r', 'c', 'o', '.', 'i', 't', '\0', + /* "studiodewit.nl", true */ 's', 't', 'u', 'd', 'i', 'o', 'd', 'e', 'w', 'i', 't', '.', 'n', 'l', '\0', + /* "studiodoprazer.com.br", true */ 's', 't', 'u', 'd', 'i', 'o', 'd', 'o', 'p', 'r', 'a', 'z', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "studiograou.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'g', 'r', 'a', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "studiokicca.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'k', 'i', 'c', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "studiomarcella.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'm', 'a', 'r', 'c', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "studionowystyl.pl", true */ 's', 't', 'u', 'd', 'i', 'o', 'n', 'o', 'w', 'y', 's', 't', 'y', 'l', '.', 'p', 'l', '\0', + /* "studioriehl.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'r', 'i', 'e', 'h', 'l', '.', 'c', 'o', 'm', '\0', + /* "studiostawki.com", true */ 's', 't', 'u', 'd', 'i', 'o', 's', 't', 'a', 'w', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "studiostudio.net", true */ 's', 't', 'u', 'd', 'i', 'o', 's', 't', 'u', 'd', 'i', 'o', '.', 'n', 'e', 't', '\0', + /* "studiotheatrestains.fr", true */ 's', 't', 'u', 'd', 'i', 'o', 't', 'h', 'e', 'a', 't', 'r', 'e', 's', 't', 'a', 'i', 'n', 's', '.', 'f', 'r', '\0', + /* "studiovaud.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'v', 'a', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "studium.cz", true */ 's', 't', 'u', 'd', 'i', 'u', 'm', '.', 'c', 'z', '\0', + /* "studlan.no", true */ 's', 't', 'u', 'd', 'l', 'a', 'n', '.', 'n', 'o', '\0', + /* "studport.rv.ua", true */ 's', 't', 'u', 'd', 'p', 'o', 'r', 't', '.', 'r', 'v', '.', 'u', 'a', '\0', + /* "studyabroadstation.com", true */ 's', 't', 'u', 'd', 'y', 'a', 'b', 'r', 'o', 'a', 'd', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "studying-neet.com", true */ 's', 't', 'u', 'd', 'y', 'i', 'n', 'g', '-', 'n', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "stuermer.me", true */ 's', 't', 'u', 'e', 'r', 'm', 'e', 'r', '.', 'm', 'e', '\0', + /* "stuetzredli.ch", true */ 's', 't', 'u', 'e', 't', 'z', 'r', 'e', 'd', 'l', 'i', '.', 'c', 'h', '\0', + /* "stuff-fibre.co.nz", true */ 's', 't', 'u', 'f', 'f', '-', 'f', 'i', 'b', 'r', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "stuffi.fr", true */ 's', 't', 'u', 'f', 'f', 'i', '.', 'f', 'r', '\0', + /* "stuka-art.de", true */ 's', 't', 'u', 'k', 'a', '-', 'a', 'r', 't', '.', 'd', 'e', '\0', + /* "stulda.cz", true */ 's', 't', 'u', 'l', 'd', 'a', '.', 'c', 'z', '\0', + /* "stumeta.de", true */ 's', 't', 'u', 'm', 'e', 't', 'a', '.', 'd', 'e', '\0', + /* "stumeta2018.de", true */ 's', 't', 'u', 'm', 'e', 't', 'a', '2', '0', '1', '8', '.', 'd', 'e', '\0', + /* "stumf.si", true */ 's', 't', 'u', 'm', 'f', '.', 's', 'i', '\0', + /* "stuntmen.xyz", true */ 's', 't', 'u', 'n', 't', 'm', 'e', 'n', '.', 'x', 'y', 'z', '\0', + /* "stupidstatetricks.com", true */ 's', 't', 'u', 'p', 'i', 'd', 's', 't', 'a', 't', 'e', 't', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "sturbi.de", true */ 's', 't', 'u', 'r', 'b', 'i', '.', 'd', 'e', '\0', + /* "sturge.co.uk", true */ 's', 't', 'u', 'r', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "stutelage.com", true */ 's', 't', 'u', 't', 'e', 'l', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "stuttgart-gablenberg.de", true */ 's', 't', 'u', 't', 't', 'g', 'a', 'r', 't', '-', 'g', 'a', 'b', 'l', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0', + /* "stuudium.com", true */ 's', 't', 'u', 'u', 'd', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "stuudium.life", true */ 's', 't', 'u', 'u', 'd', 'i', 'u', 'm', '.', 'l', 'i', 'f', 'e', '\0', + /* "stuudium.pro", true */ 's', 't', 'u', 'u', 'd', 'i', 'u', 'm', '.', 'p', 'r', 'o', '\0', + /* "stuur.nl", false */ 's', 't', 'u', 'u', 'r', '.', 'n', 'l', '\0', + /* "stuvel.eu", true */ 's', 't', 'u', 'v', 'e', 'l', '.', 'e', 'u', '\0', + /* "stw-group.at", true */ 's', 't', 'w', '-', 'g', 'r', 'o', 'u', 'p', '.', 'a', 't', '\0', + /* "stygium.net", false */ 's', 't', 'y', 'g', 'i', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "styleci.io", true */ 's', 't', 'y', 'l', 'e', 'c', 'i', '.', 'i', 'o', '\0', + /* "stylecollective.us", true */ 's', 't', 'y', 'l', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'u', 's', '\0', + /* "stylefast.com.au", true */ 's', 't', 'y', 'l', 'e', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "styles.pm", true */ 's', 't', 'y', 'l', 'e', 's', '.', 'p', 'm', '\0', + /* "stylett.ru", true */ 's', 't', 'y', 'l', 'e', 't', 't', '.', 'r', 'u', '\0', + /* "stylewish.me", true */ 's', 't', 'y', 'l', 'e', 'w', 'i', 's', 'h', '.', 'm', 'e', '\0', + /* "styloeart.com", true */ 's', 't', 'y', 'l', 'o', 'e', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "stypr.com", true */ 's', 't', 'y', 'p', 'r', '.', 'c', 'o', 'm', '\0', + /* "stytt.com", true */ 's', 't', 'y', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "su1ph3r.io", true */ 's', 'u', '1', 'p', 'h', '3', 'r', '.', 'i', 'o', '\0', + /* "suareforma.com", true */ 's', 'u', 'a', 'r', 'e', 'f', 'o', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "suave.io", true */ 's', 'u', 'a', 'v', 'e', '.', 'i', 'o', '\0', + /* "sub-net.at", true */ 's', 'u', 'b', '-', 'n', 'e', 't', '.', 'a', 't', '\0', + /* "sub.media", true */ 's', 'u', 'b', '.', 'm', 'e', 'd', 'i', 'a', '\0', + /* "subastasdecarros.net", true */ 's', 'u', 'b', 'a', 's', 't', 'a', 's', 'd', 'e', 'c', 'a', 'r', 'r', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "subdev.org", true */ 's', 'u', 'b', 'd', 'e', 'v', '.', 'o', 'r', 'g', '\0', + /* "sublevel.net", false */ 's', 'u', 'b', 'l', 'e', 'v', 'e', 'l', '.', 'n', 'e', 't', '\0', + /* "sublimebits.com", true */ 's', 'u', 'b', 'l', 'i', 'm', 'e', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "submedia.tv", true */ 's', 'u', 'b', 'm', 'e', 'd', 'i', 'a', '.', 't', 'v', '\0', + /* "submelon.tech", true */ 's', 'u', 'b', 'm', 'e', 'l', 'o', 'n', '.', 't', 'e', 'c', 'h', '\0', + /* "subohm.com", true */ 's', 'u', 'b', 'o', 'h', 'm', '.', 'c', 'o', 'm', '\0', + /* "suborbital.io", true */ 's', 'u', 'b', 'o', 'r', 'b', 'i', 't', 'a', 'l', '.', 'i', 'o', '\0', + /* "subrain.com", true */ 's', 'u', 'b', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "subrosa.io", false */ 's', 'u', 'b', 'r', 'o', 's', 'a', '.', 'i', 'o', '\0', + /* "subseq.net", false */ 's', 'u', 'b', 's', 'e', 'q', '.', 'n', 'e', 't', '\0', + /* "substitutealert.com", true */ 's', 'u', 'b', 's', 't', 'i', 't', 'u', 't', 'e', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "subterfuge.io", true */ 's', 'u', 'b', 't', 'e', 'r', 'f', 'u', 'g', 'e', '.', 'i', 'o', '\0', + /* "suburban-landscape.net", true */ 's', 'u', 'b', 'u', 'r', 'b', 'a', 'n', '-', 'l', 'a', 'n', 'd', 's', 'c', 'a', 'p', 'e', '.', 'n', 'e', 't', '\0', + /* "suburbaninfinitioftroyparts.com", true */ 's', 'u', 'b', 'u', 'r', 'b', 'a', 'n', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 't', 'r', 'o', 'y', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "subzerolosangeles.com", true */ 's', 'u', 'b', 'z', 'e', 'r', 'o', 'l', 'o', 's', 'a', 'n', 'g', 'e', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "succ.in", true */ 's', 'u', 'c', 'c', '.', 'i', 'n', '\0', + /* "suche.org", true */ 's', 'u', 'c', 'h', 'e', '.', 'o', 'r', 'g', '\0', + /* "suchmaschinen-werkstatt.de", true */ 's', 'u', 'c', 'h', 'm', 'a', 's', 'c', 'h', 'i', 'n', 'e', 'n', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'd', 'e', '\0', + /* "suchprogrammer.net", true */ 's', 'u', 'c', 'h', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "suckmyan.us", false */ 's', 'u', 'c', 'k', 'm', 'y', 'a', 'n', '.', 'u', 's', '\0', + /* "sudaraka.org", true */ 's', 'u', 'd', 'a', 'r', 'a', 'k', 'a', '.', 'o', 'r', 'g', '\0', + /* "sudmotor-occasions.be", true */ 's', 'u', 'd', 'm', 'o', 't', 'o', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0', + /* "sudo.ws", true */ 's', 'u', 'd', 'o', '.', 'w', 's', '\0', + /* "sudoschool.com", true */ 's', 'u', 'd', 'o', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "suelyonjones.com", true */ 's', 'u', 'e', 'l', 'y', 'o', 'n', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "suempresa.cloud", true */ 's', 'u', 'e', 'm', 'p', 'r', 'e', 's', 'a', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "suevia-ka.de", true */ 's', 'u', 'e', 'v', 'i', 'a', '-', 'k', 'a', '.', 'd', 'e', '\0', + /* "sufix.cz", true */ 's', 'u', 'f', 'i', 'x', '.', 'c', 'z', '\0', + /* "sugarandcloth.com", true */ 's', 'u', 'g', 'a', 'r', 'a', 'n', 'd', 'c', 'l', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "sugarbrother.com", true */ 's', 'u', 'g', 'a', 'r', 'b', 'r', 'o', 't', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sugarcitycon.com", true */ 's', 'u', 'g', 'a', 'r', 'c', 'i', 't', 'y', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "sugarshin.net", true */ 's', 'u', 'g', 'a', 'r', 's', 'h', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "suggea.com", true */ 's', 'u', 'g', 'g', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "suggestim.ch", true */ 's', 'u', 'g', 'g', 'e', 's', 't', 'i', 'm', '.', 'c', 'h', '\0', + /* "suiranfes.com", true */ 's', 'u', 'i', 'r', 'a', 'n', 'f', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "sujoydhar.in", true */ 's', 'u', 'j', 'o', 'y', 'd', 'h', 'a', 'r', '.', 'i', 'n', '\0', + /* "suki.moe", true */ 's', 'u', 'k', 'i', '.', 'm', 'o', 'e', '\0', + /* "sukrie.net", true */ 's', 'u', 'k', 'r', 'i', 'e', '.', 'n', 'e', 't', '\0', + /* "suksit.com", true */ 's', 'u', 'k', 's', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "sulian.me", true */ 's', 'u', 'l', 'i', 'a', 'n', '.', 'm', 'e', '\0', + /* "suluvir.com", true */ 's', 'u', 'l', 'u', 'v', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "sumguy.com", true */ 's', 'u', 'm', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0', + /* "summa-prefis.com", true */ 's', 'u', 'm', 'm', 'a', '-', 'p', 'r', 'e', 'f', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "summa.eu", false */ 's', 'u', 'm', 'm', 'a', '.', 'e', 'u', '\0', + /* "summercampthailand.com", true */ 's', 'u', 'm', 'm', 'e', 'r', 'c', 'a', 'm', 'p', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "summitmasters.net", true */ 's', 'u', 'm', 'm', 'i', 't', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "sumthing.com", true */ 's', 'u', 'm', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "sunboxstore.jp", true */ 's', 'u', 'n', 'b', 'o', 'x', 's', 't', 'o', 'r', 'e', '.', 'j', 'p', '\0', + /* "sunbritetv.com", true */ 's', 'u', 'n', 'b', 'r', 'i', 't', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "sundanceusa.com", true */ 's', 'u', 'n', 'd', 'a', 'n', 'c', 'e', 'u', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "sundaycooks.com", true */ 's', 'u', 'n', 'd', 'a', 'y', 'c', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "sundayfundayjapan.com", true */ 's', 'u', 'n', 'd', 'a', 'y', 'f', 'u', 'n', 'd', 'a', 'y', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "sunfeathers.net", true */ 's', 'u', 'n', 'f', 'e', 'a', 't', 'h', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "sunfox.cz", true */ 's', 'u', 'n', 'f', 'o', 'x', '.', 'c', 'z', '\0', + /* "sunfulong.me", true */ 's', 'u', 'n', 'f', 'u', 'l', 'o', 'n', 'g', '.', 'm', 'e', '\0', + /* "sunjaydhama.com", true */ 's', 'u', 'n', 'j', 'a', 'y', 'd', 'h', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "sunn.ie", true */ 's', 'u', 'n', 'n', '.', 'i', 'e', '\0', + /* "sunsetwx.com", true */ 's', 'u', 'n', 's', 'e', 't', 'w', 'x', '.', 'c', 'o', 'm', '\0', + /* "sunshinesf.org", true */ 's', 'u', 'n', 's', 'h', 'i', 'n', 'e', 's', 'f', '.', 'o', 'r', 'g', '\0', + /* "sunsmartresorts.com", true */ 's', 'u', 'n', 's', 'm', 'a', 'r', 't', 'r', 'e', 's', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "sunstar.bg", true */ 's', 'u', 'n', 's', 't', 'a', 'r', '.', 'b', 'g', '\0', + /* "supa.sexy", true */ 's', 'u', 'p', 'a', '.', 's', 'e', 'x', 'y', '\0', + /* "supastuds.com", true */ 's', 'u', 'p', 'a', 's', 't', 'u', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "super-o-blog.com", true */ 's', 'u', 'p', 'e', 'r', '-', 'o', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "superbouncebouncycastles.com", true */ 's', 'u', 'p', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "superbowlkneel.com", true */ 's', 'u', 'p', 'e', 'r', 'b', 'o', 'w', 'l', 'k', 'n', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "superbshare.com", true */ 's', 'u', 'p', 'e', 'r', 'b', 's', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "supercalorias.com", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 'l', 'o', 'r', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "supercastlesadelaide.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 'a', 'd', 'e', 'l', 'a', 'i', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "supercastlesbrisbane.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 'b', 'r', 'i', 's', 'b', 'a', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "supercastlesmelbourne.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "supercastlessouthsydney.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'o', 'u', 't', 'h', 's', 'y', 'd', 'n', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "supercastlessunshinecoast.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'u', 'n', 's', 'h', 'i', 'n', 'e', 'c', 'o', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "supercastlessydney.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'y', 'd', 'n', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "supercentenarian.com", true */ 's', 'u', 'p', 'e', 'r', 'c', 'e', 'n', 't', 'e', 'n', 'a', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "supercinebattle.fr", true */ 's', 'u', 'p', 'e', 'r', 'c', 'i', 'n', 'e', 'b', 'a', 't', 't', 'l', 'e', '.', 'f', 'r', '\0', + /* "superguide.com.au", true */ 's', 'u', 'p', 'e', 'r', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "superhappiness.com", true */ 's', 'u', 'p', 'e', 'r', 'h', 'a', 'p', 'p', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "superhome.com.au", true */ 's', 'u', 'p', 'e', 'r', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "superkonsult.se", true */ 's', 'u', 'p', 'e', 'r', 'k', 'o', 'n', 's', 'u', 'l', 't', '.', 's', 'e', '\0', + /* "supermarx.nl", true */ 's', 'u', 'p', 'e', 'r', 'm', 'a', 'r', 'x', '.', 'n', 'l', '\0', + /* "supermil.ch", true */ 's', 'u', 'p', 'e', 'r', 'm', 'i', 'l', '.', 'c', 'h', '\0', + /* "supern0va.net", true */ 's', 'u', 'p', 'e', 'r', 'n', '0', 'v', 'a', '.', 'n', 'e', 't', '\0', + /* "supernt.lt", true */ 's', 'u', 'p', 'e', 'r', 'n', 't', '.', 'l', 't', '\0', + /* "supersahnetorten.de", true */ 's', 'u', 'p', 'e', 'r', 's', 'a', 'h', 'n', 'e', 't', 'o', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "supersec.es", true */ 's', 'u', 'p', 'e', 'r', 's', 'e', 'c', '.', 'e', 's', '\0', + /* "supersole.net", true */ 's', 'u', 'p', 'e', 'r', 's', 'o', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "supersonnig-festival.de", true */ 's', 'u', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'i', 'g', '-', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0', + /* "supersonnigfestival.de", true */ 's', 'u', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'i', 'g', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0', + /* "supersteosbouncycastles.com", true */ 's', 'u', 'p', 'e', 'r', 's', 't', 'e', 'o', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "supersu.kr", true */ 's', 'u', 'p', 'e', 'r', 's', 'u', '.', 'k', 'r', '\0', + /* "superswingtrainer.com", true */ 's', 'u', 'p', 'e', 'r', 's', 'w', 'i', 'n', 'g', 't', 'r', 'a', 'i', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "supertasker.org", true */ 's', 'u', 'p', 'e', 'r', 't', 'a', 's', 'k', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "supeuro.com", true */ 's', 'u', 'p', 'e', 'u', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "supplementler.com", true */ 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "supplies24.at", true */ 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '2', '4', '.', 'a', 't', '\0', + /* "supplies24.es", true */ 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '2', '4', '.', 'e', 's', '\0', + /* "support.mayfirst.org", false */ 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "supportdesk.nu", true */ 's', 'u', 'p', 'p', 'o', 'r', 't', 'd', 'e', 's', 'k', '.', 'n', 'u', '\0', + /* "supportericking.org", true */ 's', 'u', 'p', 'p', 'o', 'r', 't', 'e', 'r', 'i', 'c', 'k', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "supportme123.com", true */ 's', 'u', 'p', 'p', 'o', 'r', 't', 'm', 'e', '1', '2', '3', '.', 'c', 'o', 'm', '\0', + /* "suprem.biz", true */ 's', 'u', 'p', 'r', 'e', 'm', '.', 'b', 'i', 'z', '\0', + /* "suprem.ch", true */ 's', 'u', 'p', 'r', 'e', 'm', '.', 'c', 'h', '\0', + /* "supriville.com.br", true */ 's', 'u', 'p', 'r', 'i', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "sur-v.com", true */ 's', 'u', 'r', '-', 'v', '.', 'c', 'o', 'm', '\0', + /* "surao.cz", true */ 's', 'u', 'r', 'a', 'o', '.', 'c', 'z', '\0', + /* "sure-it.de", true */ 's', 'u', 'r', 'e', '-', 'i', 't', '.', 'd', 'e', '\0', + /* "suretone.co.za", true */ 's', 'u', 'r', 'e', 't', 'o', 'n', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "surgenet.nl", true */ 's', 'u', 'r', 'g', 'e', 'n', 'e', 't', '.', 'n', 'l', '\0', + /* "surgeongeneral.gov", true */ 's', 'u', 'r', 'g', 'e', 'o', 'n', 'g', 'e', 'n', 'e', 'r', 'a', 'l', '.', 'g', 'o', 'v', '\0', + /* "surgicalassociateswny.com", true */ 's', 'u', 'r', 'g', 'i', 'c', 'a', 'l', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', 'w', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "surkatty.org", true */ 's', 'u', 'r', 'k', 'a', 't', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "surpreem.com", true */ 's', 'u', 'r', 'p', 'r', 'e', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "survature.com", true */ 's', 'u', 'r', 'v', 'a', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "surveymill.co.uk", true */ 's', 'u', 'r', 'v', 'e', 'y', 'm', 'i', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "survivalmonkey.com", true */ 's', 'u', 'r', 'v', 'i', 'v', 'a', 'l', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "survivebox.fr", true */ 's', 'u', 'r', 'v', 'i', 'v', 'e', 'b', 'o', 'x', '.', 'f', 'r', '\0', + /* "susanbpilates.co", true */ 's', 'u', 's', 'a', 'n', 'b', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', '\0', + /* "susanbpilates.com", true */ 's', 'u', 's', 'a', 'n', 'b', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "susann-kerk.de", true */ 's', 'u', 's', 'a', 'n', 'n', '-', 'k', 'e', 'r', 'k', '.', 'd', 'e', '\0', + /* "susanna-komischke.de", true */ 's', 'u', 's', 'a', 'n', 'n', 'a', '-', 'k', 'o', 'm', 'i', 's', 'c', 'h', 'k', 'e', '.', 'd', 'e', '\0', + /* "susastudentenjobs.de", true */ 's', 'u', 's', 'a', 's', 't', 'u', 'd', 'e', 'n', 't', 'e', 'n', 'j', 'o', 'b', 's', '.', 'd', 'e', '\0', + /* "susc.org.uk", true */ 's', 'u', 's', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "suseasky.com", true */ 's', 'u', 's', 'e', 'a', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "sush.us", true */ 's', 'u', 's', 'h', '.', 'u', 's', '\0', + /* "sushi.roma.it", true */ 's', 'u', 's', 'h', 'i', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "sushifrick.de", true */ 's', 'u', 's', 'h', 'i', 'f', 'r', 'i', 'c', 'k', '.', 'd', 'e', '\0', + /* "sushikatze.de", true */ 's', 'u', 's', 'h', 'i', 'k', 'a', 't', 'z', 'e', '.', 'd', 'e', '\0', + /* "susosudon.com", true */ 's', 'u', 's', 'o', 's', 'u', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "suspension-shop.com", true */ 's', 'u', 's', 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "sussexwebdesigns.co.uk", true */ 's', 'u', 's', 's', 'e', 'x', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "sussexwebsites.info", true */ 's', 'u', 's', 's', 'e', 'x', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "sustainabilityknowledgegroup.com", true */ 's', 'u', 's', 't', 'a', 'i', 'n', 'a', 'b', 'i', 'l', 'i', 't', 'y', 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "sustsol.com", true */ 's', 'u', 's', 't', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "sutas.market", true */ 's', 'u', 't', 'a', 's', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0', + /* "suts.co.uk", true */ 's', 'u', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "suttonbouncycastles.co.uk", true */ 's', 'u', 't', 't', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "suuria.de", true */ 's', 'u', 'u', 'r', 'i', 'a', '.', 'd', 'e', '\0', + /* "suvidhaapay.com", true */ 's', 'u', 'v', 'i', 'd', 'h', 'a', 'a', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "suwalls.com", true */ 's', 'u', 'w', 'a', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "suzi3d.com", true */ 's', 'u', 'z', 'i', '3', 'd', '.', 'c', 'o', 'm', '\0', + /* "suzukimarinepress.com", true */ 's', 'u', 'z', 'u', 'k', 'i', 'm', 'a', 'r', 'i', 'n', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "sv-1966-medenbach.de", true */ 's', 'v', '-', '1', '9', '6', '6', '-', 'm', 'e', 'd', 'e', 'n', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0', + /* "sv-turm-hohenlimburg.de", true */ 's', 'v', '-', 't', 'u', 'r', 'm', '-', 'h', 'o', 'h', 'e', 'n', 'l', 'i', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "sv.search.yahoo.com", false */ 's', 'v', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "svadobkajuvi.sk", true */ 's', 'v', 'a', 'd', 'o', 'b', 'k', 'a', 'j', 'u', 'v', 'i', '.', 's', 'k', '\0', + /* "svager.cz", true */ 's', 'v', 'a', 'g', 'e', 'r', '.', 'c', 'z', '\0', + /* "svantner.sk", true */ 's', 'v', 'a', 'n', 't', 'n', 'e', 'r', '.', 's', 'k', '\0', + /* "svarnyjunak.cz", true */ 's', 'v', 'a', 'r', 'n', 'y', 'j', 'u', 'n', 'a', 'k', '.', 'c', 'z', '\0', + /* "svarovani.tk", true */ 's', 'v', 'a', 'r', 'o', 'v', 'a', 'n', 'i', '.', 't', 'k', '\0', + /* "svc-sitec.com", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "svc-sitec.com.mx", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "svc-sitec.mx", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'm', 'x', '\0', + /* "svc-sitec.org", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'o', 'r', 'g', '\0', + /* "svdb.co", false */ 's', 'v', 'd', 'b', '.', 'c', 'o', '\0', + /* "svdreamcatcher.com", true */ 's', 'v', 'd', 'r', 'e', 'a', 'm', 'c', 'a', 't', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "sve-hosting.nl", true */ 's', 'v', 'e', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "sveinerik.org", true */ 's', 'v', 'e', 'i', 'n', 'e', 'r', 'i', 'k', '.', 'o', 'r', 'g', '\0', + /* "svendubbeld.nl", true */ 's', 'v', 'e', 'n', 'd', 'u', 'b', 'b', 'e', 'l', 'd', '.', 'n', 'l', '\0', + /* "sveneckelmann.de", true */ 's', 'v', 'e', 'n', 'e', 'c', 'k', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "svenjaundchristian.de", true */ 's', 'v', 'e', 'n', 'j', 'a', 'u', 'n', 'd', 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '.', 'd', 'e', '\0', + /* "svennd.be", true */ 's', 'v', 'e', 'n', 'n', 'd', '.', 'b', 'e', '\0', + /* "svetandroida.cz", true */ 's', 'v', 'e', 't', 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'a', '.', 'c', 'z', '\0', + /* "svetlilo.com", true */ 's', 'v', 'e', 't', 'l', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "svetzitrka.cz", false */ 's', 'v', 'e', 't', 'z', 'i', 't', 'r', 'k', 'a', '.', 'c', 'z', '\0', + /* "svijet-medija.hr", true */ 's', 'v', 'i', 'j', 'e', 't', '-', 'm', 'e', 'd', 'i', 'j', 'a', '.', 'h', 'r', '\0', + /* "sviz.pro", true */ 's', 'v', 'i', 'z', '.', 'p', 'r', 'o', '\0', + /* "svj-stochovska.cz", true */ 's', 'v', 'j', '-', 's', 't', 'o', 'c', 'h', 'o', 'v', 's', 'k', 'a', '.', 'c', 'z', '\0', + /* "svjvn.cz", true */ 's', 'v', 'j', 'v', 'n', '.', 'c', 'z', '\0', + /* "svm-basketball.de", true */ 's', 'v', 'm', '-', 'b', 'a', 's', 'k', 'e', 't', 'b', 'a', 'l', 'l', '.', 'd', 'e', '\0', + /* "svm-it.eu", true */ 's', 'v', 'm', '-', 'i', 't', '.', 'e', 'u', '\0', + /* "sw-servers.net", true */ 's', 'w', '-', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "sw33tp34.com", true */ 's', 'w', '3', '3', 't', 'p', '3', '4', '.', 'c', 'o', 'm', '\0', + /* "swacp.com", true */ 's', 'w', 'a', 'c', 'p', '.', 'c', 'o', 'm', '\0', + /* "swansdoor.org", true */ 's', 'w', 'a', 'n', 's', 'd', 'o', 'o', 'r', '.', 'o', 'r', 'g', '\0', + /* "swapadoodle.com", true */ 's', 'w', 'a', 'p', 'a', 'd', 'o', 'o', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "swarfarm.com", true */ 's', 'w', 'a', 'r', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "swarlys-server.de", true */ 's', 'w', 'a', 'r', 'l', 'y', 's', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0', + /* "swarmation.com", true */ 's', 'w', 'a', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "swat4stats.com", true */ 's', 'w', 'a', 't', '4', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "swattransport.ae", true */ 's', 'w', 'a', 't', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'a', 'e', '\0', + /* "sway-cdn.com", true */ 's', 'w', 'a', 'y', '-', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0', + /* "sway.com", true */ 's', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "swd.agency", true */ 's', 'w', 'd', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0', + /* "swedishhost.com", true */ 's', 'w', 'e', 'd', 'i', 's', 'h', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "swedishhost.se", true */ 's', 'w', 'e', 'd', 'i', 's', 'h', 'h', 'o', 's', 't', '.', 's', 'e', '\0', + /* "sweep-me.net", true */ 's', 'w', 'e', 'e', 'p', '-', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "sweepay.ch", true */ 's', 'w', 'e', 'e', 'p', 'a', 'y', '.', 'c', 'h', '\0', + /* "sweetair.com", true */ 's', 'w', 'e', 'e', 't', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "sweetgood.de", true */ 's', 'w', 'e', 'e', 't', 'g', 'o', 'o', 'd', '.', 'd', 'e', '\0', + /* "sweetll.me", false */ 's', 'w', 'e', 'e', 't', 'l', 'l', '.', 'm', 'e', '\0', + /* "sweetvanilla.jp", true */ 's', 'w', 'e', 'e', 't', 'v', 'a', 'n', 'i', 'l', 'l', 'a', '.', 'j', 'p', '\0', + /* "swehack.org", true */ 's', 'w', 'e', 'h', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0', + /* "sweharris.org", true */ 's', 'w', 'e', 'h', 'a', 'r', 'r', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "swfloshatraining.com", true */ 's', 'w', 'f', 'l', 'o', 's', 'h', 'a', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "swfmax.com", true */ 's', 'w', 'f', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "swift-devedge.de", true */ 's', 'w', 'i', 'f', 't', '-', 'd', 'e', 'v', 'e', 'd', 'g', 'e', '.', 'd', 'e', '\0', + /* "swiftconf.com", true */ 's', 'w', 'i', 'f', 't', 'c', 'o', 'n', 'f', '.', 'c', 'o', 'm', '\0', + /* "swiftqueue.com", true */ 's', 'w', 'i', 'f', 't', 'q', 'u', 'e', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "swilly.org", true */ 's', 'w', 'i', 'l', 'l', 'y', '.', 'o', 'r', 'g', '\0', + /* "swimbee.nl", true */ 's', 'w', 'i', 'm', 'b', 'e', 'e', '.', 'n', 'l', '\0', + /* "swimturk.com.tr", true */ 's', 'w', 'i', 'm', 't', 'u', 'r', 'k', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "swimwear365.co.uk", true */ 's', 'w', 'i', 'm', 'w', 'e', 'a', 'r', '3', '6', '5', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "swineson.me", true */ 's', 'w', 'i', 'n', 'e', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "swingmonkey.com", true */ 's', 'w', 'i', 'n', 'g', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "swipetv.ie", true */ 's', 'w', 'i', 'p', 'e', 't', 'v', '.', 'i', 'e', '\0', + /* "swiss-apartments.com", true */ 's', 'w', 'i', 's', 's', '-', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "swiss-connection.net", true */ 's', 'w', 'i', 's', 's', '-', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "swiss-cyber-experts.ch", true */ 's', 'w', 'i', 's', 's', '-', 'c', 'y', 'b', 'e', 'r', '-', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'c', 'h', '\0', + /* "swisscannabis.club", true */ 's', 'w', 'i', 's', 's', 'c', 'a', 'n', 'n', 'a', 'b', 'i', 's', '.', 'c', 'l', 'u', 'b', '\0', + /* "swissdojo.ch", true */ 's', 'w', 'i', 's', 's', 'd', 'o', 'j', 'o', '.', 'c', 'h', '\0', + /* "swisselement365.com", true */ 's', 'w', 'i', 's', 's', 'e', 'l', 'e', 'm', 'e', 'n', 't', '3', '6', '5', '.', 'c', 'o', 'm', '\0', + /* "swissentreprises.ch", true */ 's', 'w', 'i', 's', 's', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'h', '\0', + /* "swissfreshaircan.ch", true */ 's', 'w', 'i', 's', 's', 'f', 'r', 'e', 's', 'h', 'a', 'i', 'r', 'c', 'a', 'n', '.', 'c', 'h', '\0', + /* "swissfreshaircan.com", true */ 's', 'w', 'i', 's', 's', 'f', 'r', 'e', 's', 'h', 'a', 'i', 'r', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "swissid.ch", true */ 's', 'w', 'i', 's', 's', 'i', 'd', '.', 'c', 'h', '\0', + /* "swisslinux.org", true */ 's', 'w', 'i', 's', 's', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0', + /* "swisswebhelp.ch", true */ 's', 'w', 'i', 's', 's', 'w', 'e', 'b', 'h', 'e', 'l', 'p', '.', 'c', 'h', '\0', + /* "swissxperts.ch", true */ 's', 'w', 'i', 's', 's', 'x', 'p', 'e', 'r', 't', 's', '.', 'c', 'h', '\0', + /* "switch.moe", true */ 's', 'w', 'i', 't', 'c', 'h', '.', 'm', 'o', 'e', '\0', + /* "switzerland-family-office.com", true */ 's', 'w', 'i', 't', 'z', 'e', 'r', 'l', 'a', 'n', 'd', '-', 'f', 'a', 'm', 'i', 'l', 'y', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "swordfeng.xyz", true */ 's', 'w', 'o', 'r', 'd', 'f', 'e', 'n', 'g', '.', 'x', 'y', 'z', '\0', + /* "swuosa.org", true */ 's', 'w', 'u', 'o', 's', 'a', '.', 'o', 'r', 'g', '\0', + /* "swvaux.com", true */ 's', 'w', 'v', 'a', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "swyn.net", true */ 's', 'w', 'y', 'n', '.', 'n', 'e', 't', '\0', + /* "sy24.ru", true */ 's', 'y', '2', '4', '.', 'r', 'u', '\0', + /* "syajvo.if.ua", true */ 's', 'y', 'a', 'j', 'v', 'o', '.', 'i', 'f', '.', 'u', 'a', '\0', + /* "sycamorememphis.org", true */ 's', 'y', 'c', 'a', 'm', 'o', 'r', 'e', 'm', 'e', 'm', 'p', 'h', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "sychov.pro", true */ 's', 'y', 'c', 'h', 'o', 'v', '.', 'p', 'r', 'o', '\0', + /* "sydney-sehen.com", true */ 's', 'y', 'd', 'n', 'e', 'y', '-', 's', 'e', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "sydney.dating", true */ 's', 'y', 'd', 'n', 'e', 'y', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "syenar.net", true */ 's', 'y', 'e', 'n', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "syezd.com.au", true */ 's', 'y', 'e', 'z', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "syha.org.uk", true */ 's', 'y', 'h', 'a', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "syhost.at", true */ 's', 'y', 'h', 'o', 's', 't', '.', 'a', 't', '\0', + /* "syhost.ch", true */ 's', 'y', 'h', 'o', 's', 't', '.', 'c', 'h', '\0', + /* "syhost.de", true */ 's', 'y', 'h', 'o', 's', 't', '.', 'd', 'e', '\0', + /* "sykepleien.no", false */ 's', 'y', 'k', 'e', 'p', 'l', 'e', 'i', 'e', 'n', '.', 'n', 'o', '\0', + /* "sylaps.com", true */ 's', 'y', 'l', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "syleam.in", true */ 's', 'y', 'l', 'e', 'a', 'm', '.', 'i', 'n', '\0', + /* "syllogi.xyz", true */ 's', 'y', 'l', 'l', 'o', 'g', 'i', '.', 'x', 'y', 'z', '\0', + /* "sylvaindurand.fr", true */ 's', 'y', 'l', 'v', 'a', 'i', 'n', 'd', 'u', 'r', 'a', 'n', 'd', '.', 'f', 'r', '\0', + /* "sylvaindurand.org", true */ 's', 'y', 'l', 'v', 'a', 'i', 'n', 'd', 'u', 'r', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0', + /* "sylvan.me", true */ 's', 'y', 'l', 'v', 'a', 'n', '.', 'm', 'e', '\0', + /* "sylvangarden.net", true */ 's', 'y', 'l', 'v', 'a', 'n', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "sylve.ch", true */ 's', 'y', 'l', 'v', 'e', '.', 'c', 'h', '\0', + /* "symb.ch", true */ 's', 'y', 'm', 'b', '.', 'c', 'h', '\0', + /* "symbiose-bien-etre.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '-', 'b', 'i', 'e', 'n', '-', 'e', 't', 'r', 'e', '.', 'c', 'h', '\0', + /* "symbiose-com.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '-', 'c', 'o', 'm', '.', 'c', 'h', '\0', + /* "symbiose-immobilier.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0', + /* "symbiose.com", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "symbiosecom.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', 'c', 'o', 'm', '.', 'c', 'h', '\0', + /* "symeda.de", true */ 's', 'y', 'm', 'e', 'd', 'a', '.', 'd', 'e', '\0', + /* "symphonos.it", true */ 's', 'y', 'm', 'p', 'h', 'o', 'n', 'o', 's', '.', 'i', 't', '\0', + /* "symptome-erklaert.de", true */ 's', 'y', 'm', 'p', 't', 'o', 'm', 'e', '-', 'e', 'r', 'k', 'l', 'a', 'e', 'r', 't', '.', 'd', 'e', '\0', + /* "synabi.com", true */ 's', 'y', 'n', 'a', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "synaptickz.me", true */ 's', 'y', 'n', 'a', 'p', 't', 'i', 'c', 'k', 'z', '.', 'm', 'e', '\0', + /* "synatra.co", true */ 's', 'y', 'n', 'a', 't', 'r', 'a', '.', 'c', 'o', '\0', + /* "sync-it.no", true */ 's', 'y', 'n', 'c', '-', 'i', 't', '.', 'n', 'o', '\0', + /* "syncaddict.net", true */ 's', 'y', 'n', 'c', 'a', 'd', 'd', 'i', 'c', 't', '.', 'n', 'e', 't', '\0', + /* "synchrocube.com", true */ 's', 'y', 'n', 'c', 'h', 'r', 'o', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "synchtu.be", false */ 's', 'y', 'n', 'c', 'h', 't', 'u', '.', 'b', 'e', '\0', + /* "syncmylife.net", false */ 's', 'y', 'n', 'c', 'm', 'y', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0', + /* "syncrise.co.jp", true */ 's', 'y', 'n', 'c', 'r', 'i', 's', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "syndic-discount.fr", false */ 's', 'y', 'n', 'd', 'i', 'c', '-', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'f', 'r', '\0', + /* "syneart.com", true */ 's', 'y', 'n', 'e', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "synecek11.cz", true */ 's', 'y', 'n', 'e', 'c', 'e', 'k', '1', '1', '.', 'c', 'z', '\0', + /* "synergyflare.com", true */ 's', 'y', 'n', 'e', 'r', 'g', 'y', 'f', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "synergyworkingdogclub.com", true */ 's', 'y', 'n', 'e', 'r', 'g', 'y', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'd', 'o', 'g', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "synfin.org", true */ 's', 'y', 'n', 'f', 'i', 'n', '.', 'o', 'r', 'g', '\0', + /* "synony.me", true */ 's', 'y', 'n', 'o', 'n', 'y', '.', 'm', 'e', '\0', + /* "synotna.eu", true */ 's', 'y', 'n', 'o', 't', 'n', 'a', '.', 'e', 'u', '\0', + /* "syntaxnightmare.com", true */ 's', 'y', 'n', 't', 'a', 'x', 'n', 'i', 'g', 'h', 't', 'm', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "syntheticmotoroil.org", true */ 's', 'y', 'n', 't', 'h', 'e', 't', 'i', 'c', 'm', 'o', 't', 'o', 'r', 'o', 'i', 'l', '.', 'o', 'r', 'g', '\0', + /* "synthetik.com", true */ 's', 'y', 'n', 't', 'h', 'e', 't', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "syriatalk.biz", true */ 's', 'y', 'r', 'i', 'a', 't', 'a', 'l', 'k', '.', 'b', 'i', 'z', '\0', + /* "syriatalk.org", true */ 's', 'y', 'r', 'i', 'a', 't', 'a', 'l', 'k', '.', 'o', 'r', 'g', '\0', + /* "sys.tf", true */ 's', 'y', 's', '.', 't', 'f', '\0', + /* "sysadm.guru", true */ 's', 'y', 's', 'a', 'd', 'm', '.', 'g', 'u', 'r', 'u', '\0', + /* "sysadmin.pm", false */ 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', '.', 'p', 'm', '\0', + /* "sysadmin.xyz", true */ 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', '.', 'x', 'y', 'z', '\0', + /* "sysadmins.ro", true */ 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', 's', '.', 'r', 'o', '\0', + /* "sysctl.se", true */ 's', 'y', 's', 'c', 't', 'l', '.', 's', 'e', '\0', + /* "sysert.tv", false */ 's', 'y', 's', 'e', 'r', 't', '.', 't', 'v', '\0', + /* "sysmike.de", true */ 's', 'y', 's', 'm', 'i', 'k', 'e', '.', 'd', 'e', '\0', + /* "sysmike.net", true */ 's', 'y', 's', 'm', 'i', 'k', 'e', '.', 'n', 'e', 't', '\0', + /* "systea.fr", true */ 's', 'y', 's', 't', 'e', 'a', '.', 'f', 'r', '\0', + /* "systea.net", true */ 's', 'y', 's', 't', 'e', 'a', '.', 'n', 'e', 't', '\0', + /* "system-m.de", true */ 's', 'y', 's', 't', 'e', 'm', '-', 'm', '.', 'd', 'e', '\0', + /* "system.cf", true */ 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'f', '\0', + /* "system.is", true */ 's', 'y', 's', 't', 'e', 'm', '.', 'i', 's', '\0', + /* "system12.pl", true */ 's', 'y', 's', 't', 'e', 'm', '1', '2', '.', 'p', 'l', '\0', + /* "system365.eu", true */ 's', 'y', 's', 't', 'e', 'm', '3', '6', '5', '.', 'e', 'u', '\0', + /* "systemd.ch", true */ 's', 'y', 's', 't', 'e', 'm', 'd', '.', 'c', 'h', '\0', + /* "systemeprod.fr", true */ 's', 'y', 's', 't', 'e', 'm', 'e', 'p', 'r', 'o', 'd', '.', 'f', 'r', '\0', + /* "systemintegra.ru", true */ 's', 'y', 's', 't', 'e', 'm', 'i', 'n', 't', 'e', 'g', 'r', 'a', '.', 'r', 'u', '\0', + /* "systemli.org", true */ 's', 'y', 's', 't', 'e', 'm', 'l', 'i', '.', 'o', 'r', 'g', '\0', + /* "systemreboot.net", true */ 's', 'y', 's', 't', 'e', 'm', 'r', 'e', 'b', 'o', 'o', 't', '.', 'n', 'e', 't', '\0', + /* "systemspace.link", true */ 's', 'y', 's', 't', 'e', 'm', 's', 'p', 'a', 'c', 'e', '.', 'l', 'i', 'n', 'k', '\0', + /* "systoolbox.net", true */ 's', 'y', 's', 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "sysystems.cz", true */ 's', 'y', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'z', '\0', + /* "syt3.net", true */ 's', 'y', 't', '3', '.', 'n', 'e', 't', '\0', + /* "syy.im", true */ 's', 'y', 'y', '.', 'i', 'm', '\0', + /* "syzygy-tables.info", true */ 's', 'y', 'z', 'y', 'g', 'y', '-', 't', 'a', 'b', 'l', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "szagun.net", true */ 's', 'z', 'a', 'g', 'u', 'n', '.', 'n', 'e', 't', '\0', + /* "szamitogepdepo.com", true */ 's', 'z', 'a', 'm', 'i', 't', 'o', 'g', 'e', 'p', 'd', 'e', 'p', 'o', '.', 'c', 'o', 'm', '\0', + /* "szaydon.me", false */ 's', 'z', 'a', 'y', 'd', 'o', 'n', '.', 'm', 'e', '\0', + /* "szczot3k.pl", true */ 's', 'z', 'c', 'z', 'o', 't', '3', 'k', '.', 'p', 'l', '\0', + /* "szechenyi2020.hu", true */ 's', 'z', 'e', 'c', 'h', 'e', 'n', 'y', 'i', '2', '0', '2', '0', '.', 'h', 'u', '\0', + /* "szentistvanpt.sk", true */ 's', 'z', 'e', 'n', 't', 'i', 's', 't', 'v', 'a', 'n', 'p', 't', '.', 's', 'k', '\0', + /* "szerelem.love", true */ 's', 'z', 'e', 'r', 'e', 'l', 'e', 'm', '.', 'l', 'o', 'v', 'e', '\0', + /* "szongott.net", true */ 's', 'z', 'o', 'n', 'g', 'o', 't', 't', '.', 'n', 'e', 't', '\0', + /* "szunia.com", true */ 's', 'z', 'u', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "szybkiebieganie.pl", true */ 's', 'z', 'y', 'b', 'k', 'i', 'e', 'b', 'i', 'e', 'g', 'a', 'n', 'i', 'e', '.', 'p', 'l', '\0', + /* "szyndler.ch", true */ 's', 'z', 'y', 'n', 'd', 'l', 'e', 'r', '.', 'c', 'h', '\0', + /* "t-hawk.com", true */ 't', '-', 'h', 'a', 'w', 'k', '.', 'c', 'o', 'm', '\0', + /* "t-net.org.hu", true */ 't', '-', 'n', 'e', 't', '.', 'o', 'r', 'g', '.', 'h', 'u', '\0', + /* "t-point.eu", true */ 't', '-', 'p', 'o', 'i', 'n', 't', '.', 'e', 'u', '\0', + /* "t-shirts4less.nl", true */ 't', '-', 's', 'h', 'i', 'r', 't', 's', '4', 'l', 'e', 's', 's', '.', 'n', 'l', '\0', + /* "t-stonegroup.com", true */ 't', '-', 's', 't', 'o', 'n', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "t.facebook.com", false */ 't', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "t0ne.net", false */ 't', '0', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "t12u.com", true */ 't', '1', '2', 'u', '.', 'c', 'o', 'm', '\0', + /* "t2000headphones.com", true */ 't', '2', '0', '0', '0', 'h', 'e', 'a', 'd', 'p', 'h', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "t2000laserpointers.com", true */ 't', '2', '0', '0', '0', 'l', 'a', 's', 'e', 'r', 'p', 'o', 'i', 'n', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "t23m-navi.jp", false */ 't', '2', '3', 'm', '-', 'n', 'a', 'v', 'i', '.', 'j', 'p', '\0', + /* "t2i.nl", true */ 't', '2', 'i', '.', 'n', 'l', '\0', + /* "t47.io", true */ 't', '4', '7', '.', 'i', 'o', '\0', + /* "t7e.de", false */ 't', '7', 'e', '.', 'd', 'e', '\0', + /* "ta-65.com", true */ 't', 'a', '-', '6', '5', '.', 'c', 'o', 'm', '\0', + /* "ta-sports.net", true */ 't', 'a', '-', 's', 'p', 'o', 'r', 't', 's', '.', 'n', 'e', 't', '\0', + /* "ta65.com", true */ 't', 'a', '6', '5', '.', 'c', 'o', 'm', '\0', + /* "taabe.net", true */ 't', 'a', 'a', 'b', 'e', '.', 'n', 'e', 't', '\0', + /* "taartenfeesies.nl", true */ 't', 'a', 'a', 'r', 't', 'e', 'n', 'f', 'e', 'e', 's', 'i', 'e', 's', '.', 'n', 'l', '\0', + /* "tab.watch", true */ 't', 'a', 'b', '.', 'w', 'a', 't', 'c', 'h', '\0', + /* "tabernadovinho.com.br", true */ 't', 'a', 'b', 'e', 'r', 'n', 'a', 'd', 'o', 'v', 'i', 'n', 'h', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "taberu-fujitsubo.com", true */ 't', 'a', 'b', 'e', 'r', 'u', '-', 'f', 'u', 'j', 'i', 't', 's', 'u', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "tabino.top", true */ 't', 'a', 'b', 'i', 'n', 'o', '.', 't', 'o', 'p', '\0', + /* "tabithawebb.co.uk", true */ 't', 'a', 'b', 'i', 't', 'h', 'a', 'w', 'e', 'b', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tabla-periodica.com", true */ 't', 'a', 'b', 'l', 'a', '-', 'p', 'e', 'r', 'i', 'o', 'd', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "tabledusud.be", true */ 't', 'a', 'b', 'l', 'e', 'd', 'u', 's', 'u', 'd', '.', 'b', 'e', '\0', + /* "tabledusud.nl", true */ 't', 'a', 'b', 'l', 'e', 'd', 'u', 's', 'u', 'd', '.', 'n', 'l', '\0', + /* "tablescraps.com", true */ 't', 'a', 'b', 'l', 'e', 's', 'c', 'r', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "tablet.facebook.com", false */ 't', 'a', 'b', 'l', 'e', 't', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "tablotv.com", false */ 't', 'a', 'b', 'l', 'o', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "taborsky.cz", true */ 't', 'a', 'b', 'o', 'r', 's', 'k', 'y', '.', 'c', 'z', '\0', + /* "tac-volley.com", true */ 't', 'a', 'c', '-', 'v', 'o', 'l', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "tacklog.com", true */ 't', 'a', 'c', 'k', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "tacoma-games.com", true */ 't', 'a', 'c', 'o', 'm', 'a', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tacomafia.net", false */ 't', 'a', 'c', 'o', 'm', 'a', 'f', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "tacotown.tk", true */ 't', 'a', 'c', 'o', 't', 'o', 'w', 'n', '.', 't', 'k', '\0', + /* "tacticalsquare.com", true */ 't', 'a', 'c', 't', 'i', 'c', 'a', 'l', 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "tadata.me", true */ 't', 'a', 'd', 'a', 't', 'a', '.', 'm', 'e', '\0', + /* "tadcastercircuit.org.uk", true */ 't', 'a', 'd', 'c', 'a', 's', 't', 'e', 'r', 'c', 'i', 'r', 'c', 'u', 'i', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "tadtadya.com", true */ 't', 'a', 'd', 't', 'a', 'd', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "tadu.de", true */ 't', 'a', 'd', 'u', '.', 'd', 'e', '\0', + /* "tagdocumentary.com", true */ 't', 'a', 'g', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "tagesmutter-in-bilm.de", true */ 't', 'a', 'g', 'e', 's', 'm', 'u', 't', 't', 'e', 'r', '-', 'i', 'n', '-', 'b', 'i', 'l', 'm', '.', 'd', 'e', '\0', + /* "taggedpdf.com", false */ 't', 'a', 'g', 'g', 'e', 'd', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0', + /* "taglioepiega.com", true */ 't', 'a', 'g', 'l', 'i', 'o', 'e', 'p', 'i', 'e', 'g', 'a', '.', 'c', 'o', 'm', '\0', + /* "taglioepiega.eu", true */ 't', 'a', 'g', 'l', 'i', 'o', 'e', 'p', 'i', 'e', 'g', 'a', '.', 'e', 'u', '\0', + /* "taglioepiega.it", true */ 't', 'a', 'g', 'l', 'i', 'o', 'e', 'p', 'i', 'e', 'g', 'a', '.', 'i', 't', '\0', + /* "tahf.net", true */ 't', 'a', 'h', 'f', '.', 'n', 'e', 't', '\0', + /* "tahosa.co", true */ 't', 'a', 'h', 'o', 's', 'a', '.', 'c', 'o', '\0', + /* "tahosalodge.org", true */ 't', 'a', 'h', 'o', 's', 'a', 'l', 'o', 'd', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "taidu.news", true */ 't', 'a', 'i', 'd', 'u', '.', 'n', 'e', 'w', 's', '\0', + /* "tailandfur.com", true */ 't', 'a', 'i', 'l', 'a', 'n', 'd', 'f', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "tailpuff.net", true */ 't', 'a', 'i', 'l', 'p', 'u', 'f', 'f', '.', 'n', 'e', 't', '\0', + /* "tails.boum.org", true */ 't', 'a', 'i', 'l', 's', '.', 'b', 'o', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "taim.io", true */ 't', 'a', 'i', 'm', '.', 'i', 'o', '\0', + /* "taishon.nagoya", true */ 't', 'a', 'i', 's', 'h', 'o', 'n', '.', 'n', 'a', 'g', 'o', 'y', 'a', '\0', + /* "taiwan.dating", true */ 't', 'a', 'i', 'w', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "taiwantour.info", true */ 't', 'a', 'i', 'w', 'a', 'n', 't', 'o', 'u', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "taiyouko-hatuden.net", true */ 't', 'a', 'i', 'y', 'o', 'u', 'k', 'o', '-', 'h', 'a', 't', 'u', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "tajper.pl", true */ 't', 'a', 'j', 'p', 'e', 'r', '.', 'p', 'l', '\0', + /* "take1give1.com", false */ 't', 'a', 'k', 'e', '1', 'g', 'i', 'v', 'e', '1', '.', 'c', 'o', 'm', '\0', + /* "takebonus.com", true */ 't', 'a', 'k', 'e', 'b', 'o', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "takedownthissite.com", true */ 't', 'a', 'k', 'e', 'd', 'o', 'w', 'n', 't', 'h', 'i', 's', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "takeitoffline.co.uk", true */ 't', 'a', 'k', 'e', 'i', 't', 'o', 'f', 'f', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "takemoto-ped.com", true */ 't', 'a', 'k', 'e', 'm', 'o', 't', 'o', '-', 'p', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "taken.pl", true */ 't', 'a', 'k', 'e', 'n', '.', 'p', 'l', '\0', + /* "takeshifujimoto.com", true */ 't', 'a', 'k', 'e', 's', 'h', 'i', 'f', 'u', 'j', 'i', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "takinet.kr", true */ 't', 'a', 'k', 'i', 'n', 'e', 't', '.', 'k', 'r', '\0', + /* "takk.pl", true */ 't', 'a', 'k', 'k', '.', 'p', 'l', '\0', + /* "takkaaaaa.com", true */ 't', 'a', 'k', 'k', 'a', 'a', 'a', 'a', 'a', '.', 'c', 'o', 'm', '\0', + /* "takuto.de", true */ 't', 'a', 'k', 'u', 't', 'o', '.', 'd', 'e', '\0', + /* "takuyaphotos.com", true */ 't', 'a', 'k', 'u', 'y', 'a', 'p', 'h', 'o', 't', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "talado.gr", false */ 't', 'a', 'l', 'a', 'd', 'o', '.', 'g', 'r', '\0', + /* "talentcast.nl", false */ 't', 'a', 'l', 'e', 'n', 't', 'c', 'a', 's', 't', '.', 'n', 'l', '\0', + /* "talenthero.io", true */ 't', 'a', 'l', 'e', 'n', 't', 'h', 'e', 'r', 'o', '.', 'i', 'o', '\0', + /* "talentos.pt", true */ 't', 'a', 'l', 'e', 'n', 't', 'o', 's', '.', 'p', 't', '\0', + /* "taler.net", true */ 't', 'a', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "talideon.com", false */ 't', 'a', 'l', 'i', 'd', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "talk.google.com", true */ 't', 'a', 'l', 'k', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "talk.xyz", true */ 't', 'a', 'l', 'k', '.', 'x', 'y', 'z', '\0', + /* "talkgadget.google.com", true */ 't', 'a', 'l', 'k', 'g', 'a', 'd', 'g', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "talkreal.net", true */ 't', 'a', 'l', 'k', 'r', 'e', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "talktodarcy.com", true */ 't', 'a', 'l', 'k', 't', 'o', 'd', 'a', 'r', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "talkwithyourbaby.org", true */ 't', 'a', 'l', 'k', 'w', 'i', 't', 'h', 'y', 'o', 'u', 'r', 'b', 'a', 'b', 'y', '.', 'o', 'r', 'g', '\0', + /* "tallcraft.com", true */ 't', 'a', 'l', 'l', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "talldude.net", true */ 't', 'a', 'l', 'l', 'd', 'u', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "talltreeskv.com.au", true */ 't', 'a', 'l', 'l', 't', 'r', 'e', 'e', 's', 'k', 'v', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "talon.rip", true */ 't', 'a', 'l', 'o', 'n', '.', 'r', 'i', 'p', '\0', + /* "talsi.eu", true */ 't', 'a', 'l', 's', 'i', '.', 'e', 'u', '\0', + /* "talun.de", true */ 't', 'a', 'l', 'u', 'n', '.', 'd', 'e', '\0', + /* "tam7t.com", true */ 't', 'a', 'm', '7', 't', '.', 'c', 'o', 'm', '\0', + /* "tamasszabo.net", true */ 't', 'a', 'm', 'a', 's', 's', 'z', 'a', 'b', 'o', '.', 'n', 'e', 't', '\0', + /* "tamchunho.com", true */ 't', 'a', 'm', 'c', 'h', 'u', 'n', 'h', 'o', '.', 'c', 'o', 'm', '\0', + /* "tamindir.com", true */ 't', 'a', 'm', 'i', 'n', 'd', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "tammy.pro", true */ 't', 'a', 'm', 'm', 'y', '.', 'p', 'r', 'o', '\0', + /* "tampabaybusinesslistings.com", true */ 't', 'a', 'm', 'p', 'a', 'b', 'a', 'y', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'l', 'i', 's', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "tanak3n.xyz", true */ 't', 'a', 'n', 'a', 'k', '3', 'n', '.', 'x', 'y', 'z', '\0', + /* "tancredi.nl", true */ 't', 'a', 'n', 'c', 'r', 'e', 'd', 'i', '.', 'n', 'l', '\0', + /* "tandblekningidag.com", true */ 't', 'a', 'n', 'd', 'b', 'l', 'e', 'k', 'n', 'i', 'n', 'g', 'i', 'd', 'a', 'g', '.', 'c', 'o', 'm', '\0', + /* "tangiblesecurity.com", true */ 't', 'a', 'n', 'g', 'i', 'b', 'l', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "tango-cats.de", true */ 't', 'a', 'n', 'g', 'o', '-', 'c', 'a', 't', 's', '.', 'd', 'e', '\0', + /* "tango-ouest.com", true */ 't', 'a', 'n', 'g', 'o', '-', 'o', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "tangoalpha.co.uk", true */ 't', 'a', 'n', 'g', 'o', 'a', 'l', 'p', 'h', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tanhit.com", true */ 't', 'a', 'n', 'h', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "taniku-succulent.com", true */ 't', 'a', 'n', 'i', 'k', 'u', '-', 's', 'u', 'c', 'c', 'u', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "tankski.co.uk", true */ 't', 'a', 'n', 'k', 's', 'k', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tannenhof-moelln.de", true */ 't', 'a', 'n', 'n', 'e', 'n', 'h', 'o', 'f', '-', 'm', 'o', 'e', 'l', 'l', 'n', '.', 'd', 'e', '\0', + /* "tantalos.nl", true */ 't', 'a', 'n', 't', 'a', 'l', 'o', 's', '.', 'n', 'l', '\0', + /* "tantei100.net", true */ 't', 'a', 'n', 't', 'e', 'i', '1', '0', '0', '.', 'n', 'e', 't', '\0', + /* "tanto259.name", true */ 't', 'a', 'n', 't', 'o', '2', '5', '9', '.', 'n', 'a', 'm', 'e', '\0', + /* "tanz.info", true */ 't', 'a', 'n', 'z', '.', 'i', 'n', 'f', 'o', '\0', + /* "tanzhijun.com", true */ 't', 'a', 'n', 'z', 'h', 'i', 'j', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "taoburee.com", true */ 't', 'a', 'o', 'b', 'u', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0', + /* "tapestries.tk", true */ 't', 'a', 'p', 'e', 's', 't', 'r', 'i', 'e', 's', '.', 't', 'k', '\0', + /* "taqsim.jp", true */ 't', 'a', 'q', 's', 'i', 'm', '.', 'j', 'p', '\0', + /* "taquilla.com", true */ 't', 'a', 'q', 'u', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "taqun.club", true */ 't', 'a', 'q', 'u', 'n', '.', 'c', 'l', 'u', 'b', '\0', + /* "taranis.re", true */ 't', 'a', 'r', 'a', 'n', 'i', 's', '.', 'r', 'e', '\0', + /* "tarantul.org.ua", true */ 't', 'a', 'r', 'a', 'n', 't', 'u', 'l', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0', + /* "tarasecurity.co.uk", true */ 't', 'a', 'r', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tarasecurity.com", true */ 't', 'a', 'r', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "tarasevich.by", true */ 't', 'a', 'r', 'a', 's', 'e', 'v', 'i', 'c', 'h', '.', 'b', 'y', '\0', + /* "taravancil.com", false */ 't', 'a', 'r', 'a', 'v', 'a', 'n', 'c', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "tardis.io", true */ 't', 'a', 'r', 'd', 'i', 's', '.', 'i', 'o', '\0', + /* "tardybaker.com", true */ 't', 'a', 'r', 'd', 'y', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "tarek.link", true */ 't', 'a', 'r', 'e', 'k', '.', 'l', 'i', 'n', 'k', '\0', + /* "targimieszkaniowe.net", true */ 't', 'a', 'r', 'g', 'i', 'm', 'i', 'e', 's', 'z', 'k', 'a', 'n', 'i', 'o', 'w', 'e', '.', 'n', 'e', 't', '\0', + /* "tarik.io", true */ 't', 'a', 'r', 'i', 'k', '.', 'i', 'o', '\0', + /* "tarsan.cz", true */ 't', 'a', 'r', 's', 'a', 'n', '.', 'c', 'z', '\0', + /* "tarsashaz-biztositas.hu", true */ 't', 'a', 'r', 's', 'a', 's', 'h', 'a', 'z', '-', 'b', 'i', 'z', 't', 'o', 's', 'i', 't', 'a', 's', '.', 'h', 'u', '\0', + /* "tartaneagle.org.uk", true */ 't', 'a', 'r', 't', 'a', 'n', 'e', 'a', 'g', 'l', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "tartanhamedshop.com.br", true */ 't', 'a', 'r', 't', 'a', 'n', 'h', 'a', 'm', 'e', 'd', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "taskin.me", true */ 't', 'a', 's', 'k', 'i', 'n', '.', 'm', 'e', '\0', + /* "taskotron.fedoraproject.org", true */ 't', 'a', 's', 'k', 'o', 't', 'r', 'o', 'n', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "taskotron.stg.fedoraproject.org", true */ 't', 'a', 's', 'k', 'o', 't', 'r', 'o', 'n', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "taskstream.com", true */ 't', 'a', 's', 'k', 's', 't', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "taskulu.com", true */ 't', 'a', 's', 'k', 'u', 'l', 'u', '.', 'c', 'o', 'm', '\0', + /* "tasta.ro", true */ 't', 'a', 's', 't', 'a', '.', 'r', 'o', '\0', + /* "tasticfilm.com", true */ 't', 'a', 's', 't', 'i', 'c', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0', + /* "tastycake.net", true */ 't', 'a', 's', 't', 'y', 'c', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0', + /* "tastystakes.com", true */ 't', 'a', 's', 't', 'y', 's', 't', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tat2grl85.com", true */ 't', 'a', 't', '2', 'g', 'r', 'l', '8', '5', '.', 'c', 'o', 'm', '\0', + /* "tatara.ne.jp", true */ 't', 'a', 't', 'a', 'r', 'a', '.', 'n', 'e', '.', 'j', 'p', '\0', + /* "tateesq.com", true */ 't', 'a', 't', 'e', 'e', 's', 'q', '.', 'c', 'o', 'm', '\0', + /* "tatiloley.com", true */ 't', 'a', 't', 'i', 'l', 'o', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "tatort-fanpage.de", true */ 't', 'a', 't', 'o', 'r', 't', '-', 'f', 'a', 'n', 'p', 'a', 'g', 'e', '.', 'd', 'e', '\0', + /* "tatsidou.gr", true */ 't', 'a', 't', 's', 'i', 'd', 'o', 'u', '.', 'g', 'r', '\0', + /* "tattoo.dating", true */ 't', 'a', 't', 't', 'o', 'o', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "tavolaquadrada.com.br", true */ 't', 'a', 'v', 'o', 'l', 'a', 'q', 'u', 'a', 'd', 'r', 'a', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "tavsys.net", true */ 't', 'a', 'v', 's', 'y', 's', '.', 'n', 'e', 't', '\0', + /* "taxaroo.com", true */ 't', 'a', 'x', 'a', 'r', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "taxaudit.com", true */ 't', 'a', 'x', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "taxi-24std.de", true */ 't', 'a', 'x', 'i', '-', '2', '4', 's', 't', 'd', '.', 'd', 'e', '\0', + /* "taxi-chamonix.fr", true */ 't', 'a', 'x', 'i', '-', 'c', 'h', 'a', 'm', 'o', 'n', 'i', 'x', '.', 'f', 'r', '\0', + /* "taxi-collectif.ch", true */ 't', 'a', 'x', 'i', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', '.', 'c', 'h', '\0', + /* "taxicollectif.ch", true */ 't', 'a', 'x', 'i', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', '.', 'c', 'h', '\0', + /* "taxiindenbosch.nl", true */ 't', 'a', 'x', 'i', 'i', 'n', 'd', 'e', 'n', 'b', 'o', 's', 'c', 'h', '.', 'n', 'l', '\0', + /* "taxis-collectifs.ch", true */ 't', 'a', 'x', 'i', 's', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', 's', '.', 'c', 'h', '\0', + /* "taxisafmatosinhos.pt", true */ 't', 'a', 'x', 'i', 's', 'a', 'f', 'm', 'a', 't', 'o', 's', 'i', 'n', 'h', 'o', 's', '.', 'p', 't', '\0', + /* "taxiscollectifs.ch", true */ 't', 'a', 'x', 'i', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', 's', '.', 'c', 'h', '\0', + /* "taxlab.co.nz", true */ 't', 'a', 'x', 'l', 'a', 'b', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "taxmadras.com", true */ 't', 'a', 'x', 'm', 'a', 'd', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "taxspeaker.com", true */ 't', 'a', 'x', 's', 'p', 'e', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "taxsquirrel.com", true */ 't', 'a', 'x', 's', 'q', 'u', 'i', 'r', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "taylorpearson.me", false */ 't', 'a', 'y', 'l', 'o', 'r', 'p', 'e', 'a', 'r', 's', 'o', 'n', '.', 'm', 'e', '\0', + /* "taylors-castles.co.uk", true */ 't', 'a', 'y', 'l', 'o', 'r', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "taysonvodao.fr", true */ 't', 'a', 'y', 's', 'o', 'n', 'v', 'o', 'd', 'a', 'o', '.', 'f', 'r', '\0', + /* "tazemama.biz", true */ 't', 'a', 'z', 'e', 'm', 'a', 'm', 'a', '.', 'b', 'i', 'z', '\0', + /* "tb-devel.de", true */ 't', 'b', '-', 'd', 'e', 'v', 'e', 'l', '.', 'd', 'e', '\0', + /* "tb-itf.de", true */ 't', 'b', '-', 'i', 't', 'f', '.', 'd', 'e', '\0', + /* "tbarter.com", false */ 't', 'b', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "tbitc.ch", true */ 't', 'b', 'i', 't', 'c', '.', 'c', 'h', '\0', + /* "tbonejs.org", true */ 't', 'b', 'o', 'n', 'e', 'j', 's', '.', 'o', 'r', 'g', '\0', + /* "tbrindus.ca", true */ 't', 'b', 'r', 'i', 'n', 'd', 'u', 's', '.', 'c', 'a', '\0', + /* "tbrss.com", true */ 't', 'b', 'r', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "tbs-certificates.co.uk", true */ 't', 'b', 's', '-', 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tbtech.cz", true */ 't', 'b', 't', 'e', 'c', 'h', '.', 'c', 'z', '\0', + /* "tbuchloh.de", true */ 't', 'b', 'u', 'c', 'h', 'l', 'o', 'h', '.', 'd', 'e', '\0', + /* "tc-st-leonard.ch", true */ 't', 'c', '-', 's', 't', '-', 'l', 'e', 'o', 'n', 'a', 'r', 'd', '.', 'c', 'h', '\0', + /* "tc.nz", true */ 't', 'c', '.', 'n', 'z', '\0', + /* "tcacademy.co.uk", true */ 't', 'c', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tcb-a.org", true */ 't', 'c', 'b', '-', 'a', '.', 'o', 'r', 'g', '\0', + /* "tcb-b.org", true */ 't', 'c', 'b', '-', 'b', '.', 'o', 'r', 'g', '\0', + /* "tcf.org", true */ 't', 'c', 'f', '.', 'o', 'r', 'g', '\0', + /* "tcgrepublic.com", true */ 't', 'c', 'g', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "tchebb.me", true */ 't', 'c', 'h', 'e', 'b', 'b', '.', 'm', 'e', '\0', + /* "tchnics.de", true */ 't', 'c', 'h', 'n', 'i', 'c', 's', '.', 'd', 'e', '\0', + /* "tchoukball.ch", true */ 't', 'c', 'h', 'o', 'u', 'k', 'b', 'a', 'l', 'l', '.', 'c', 'h', '\0', + /* "tcnapplications.com", true */ 't', 'c', 'n', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "tcptun.com", true */ 't', 'c', 'p', 't', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "tdchrom.com", true */ 't', 'd', 'c', 'h', 'r', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "tdfbfoundation.org", true */ 't', 'd', 'f', 'b', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "tdrcartuchos.com.br", true */ 't', 'd', 'r', 'c', 'a', 'r', 't', 'u', 'c', 'h', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "tdrs.info", true */ 't', 'd', 'r', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "tdsinflatables.co.uk", true */ 't', 'd', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tdude.co", true */ 't', 'd', 'u', 'd', 'e', '.', 'c', 'o', '\0', + /* "teabagdesign.co.uk", true */ 't', 'e', 'a', 'b', 'a', 'g', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "teachercreatedmaterials.com", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'c', 'r', 'e', 'a', 't', 'e', 'd', 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "teacherph.com", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'p', 'h', '.', 'c', 'o', 'm', '\0', + /* "teacherph.net", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'p', 'h', '.', 'n', 'e', 't', '\0', + /* "teacherpowered.org", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'p', 'o', 'w', 'e', 'r', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "teachingcopyright.com", true */ 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "teachingcopyright.net", true */ 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0', + /* "teachingcopyright.org", true */ 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0', + /* "teachmeplease.com", true */ 't', 'e', 'a', 'c', 'h', 'm', 'e', 'p', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "teachmeplease.ru", true */ 't', 'e', 'a', 'c', 'h', 'm', 'e', 'p', 'l', 'e', 'a', 's', 'e', '.', 'r', 'u', '\0', + /* "teachpeople.org", true */ 't', 'e', 'a', 'c', 'h', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "teachwithouttears.com", true */ 't', 'e', 'a', 'c', 'h', 'w', 'i', 't', 'h', 'o', 'u', 't', 't', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "teahut.net", true */ 't', 'e', 'a', 'h', 'u', 't', '.', 'n', 'e', 't', '\0', + /* "team-azerty.com", true */ 't', 'e', 'a', 'm', '-', 'a', 'z', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "team-bbd.com", true */ 't', 'e', 'a', 'm', '-', 'b', 'b', 'd', '.', 'c', 'o', 'm', '\0', + /* "team-pancake.eu", true */ 't', 'e', 'a', 'm', '-', 'p', 'a', 'n', 'c', 'a', 'k', 'e', '.', 'e', 'u', '\0', + /* "team3482.com", true */ 't', 'e', 'a', 'm', '3', '4', '8', '2', '.', 'c', 'o', 'm', '\0', + /* "teamassists.com", true */ 't', 'e', 'a', 'm', 'a', 's', 's', 'i', 's', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "teambeam.at", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'a', 't', '\0', + /* "teambeam.ch", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'c', 'h', '\0', + /* "teambeam.com", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "teambeam.de", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'd', 'e', '\0', + /* "teambition.com", true */ 't', 'e', 'a', 'm', 'b', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "teamcombat.com", true */ 't', 'e', 'a', 'm', 'c', 'o', 'm', 'b', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "teamdaylo.xyz", true */ 't', 'e', 'a', 'm', 'd', 'a', 'y', 'l', 'o', '.', 'x', 'y', 'z', '\0', + /* "teamliquidpro.com", true */ 't', 'e', 'a', 'm', 'l', 'i', 'q', 'u', 'i', 'd', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "teammathics.com", true */ 't', 'e', 'a', 'm', 'm', 'a', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "teamnetsol.com", true */ 't', 'e', 'a', 'm', 'n', 'e', 't', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "teamnissannorthparts.com", true */ 't', 'e', 'a', 'm', 'n', 'i', 's', 's', 'a', 'n', 'n', 'o', 'r', 't', 'h', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "teamnorthgermany.de", true */ 't', 'e', 'a', 'm', 'n', 'o', 'r', 't', 'h', 'g', 'e', 'r', 'm', 'a', 'n', 'y', '.', 'd', 'e', '\0', + /* "teampaddymurphy.ch", true */ 't', 'e', 'a', 'm', 'p', 'a', 'd', 'd', 'y', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'c', 'h', '\0', + /* "teampaddymurphy.ie", true */ 't', 'e', 'a', 'm', 'p', 'a', 'd', 'd', 'y', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'i', 'e', '\0', + /* "teamtouring.net", true */ 't', 'e', 'a', 'm', 't', 'o', 'u', 'r', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "teamtrack.uk", true */ 't', 'e', 'a', 'm', 't', 'r', 'a', 'c', 'k', '.', 'u', 'k', '\0', + /* "teamupturn.com", true */ 't', 'e', 'a', 'm', 'u', 'p', 't', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "teamupturn.org", true */ 't', 'e', 'a', 'm', 'u', 'p', 't', 'u', 'r', 'n', '.', 'o', 'r', 'g', '\0', + /* "teamx-gaming.de", true */ 't', 'e', 'a', 'm', 'x', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "teaparty.id", true */ 't', 'e', 'a', 'p', 'a', 'r', 't', 'y', '.', 'i', 'd', '\0', + /* "teasenetwork.com", true */ 't', 'e', 'a', 's', 'e', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "teaser-trailer.com", true */ 't', 'e', 'a', 's', 'e', 'r', '-', 't', 'r', 'a', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "teatrarium.com", true */ 't', 'e', 'a', 't', 'r', 'a', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "tec3000.ch", true */ 't', 'e', 'c', '3', '0', '0', '0', '.', 'c', 'h', '\0', + /* "tecart-cloud.de", true */ 't', 'e', 'c', 'a', 'r', 't', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "tecart-system.de", true */ 't', 'e', 'c', 'a', 'r', 't', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'd', 'e', '\0', + /* "tecartcrm.de", true */ 't', 'e', 'c', 'a', 'r', 't', 'c', 'r', 'm', '.', 'd', 'e', '\0', + /* "tech-blogger.net", true */ 't', 'e', 'c', 'h', '-', 'b', 'l', 'o', 'g', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "tech-clips.com", true */ 't', 'e', 'c', 'h', '-', 'c', 'l', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "tech-director.ru", true */ 't', 'e', 'c', 'h', '-', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', '.', 'r', 'u', '\0', + /* "tech-essential.com", true */ 't', 'e', 'c', 'h', '-', 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "tech-rat.com", true */ 't', 'e', 'c', 'h', '-', 'r', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "tech-seminar.jp", true */ 't', 'e', 'c', 'h', '-', 's', 'e', 'm', 'i', 'n', 'a', 'r', '.', 'j', 'p', '\0', + /* "tech-value.eu", true */ 't', 'e', 'c', 'h', '-', 'v', 'a', 'l', 'u', 'e', '.', 'e', 'u', '\0', + /* "tech-zealots.com", true */ 't', 'e', 'c', 'h', '-', 'z', 'e', 'a', 'l', 'o', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "techace.jp", true */ 't', 'e', 'c', 'h', 'a', 'c', 'e', '.', 'j', 'p', '\0', + /* "techademy.nl", true */ 't', 'e', 'c', 'h', 'a', 'd', 'e', 'm', 'y', '.', 'n', 'l', '\0', + /* "techarea.fr", true */ 't', 'e', 'c', 'h', 'a', 'r', 'e', 'a', '.', 'f', 'r', '\0', + /* "techbrown.com", true */ 't', 'e', 'c', 'h', 'b', 'r', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "techcentric.com", false */ 't', 'e', 'c', 'h', 'c', 'e', 'n', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "techcracky.com", true */ 't', 'e', 'c', 'h', 'c', 'r', 'a', 'c', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "techcultivation.de", false */ 't', 'e', 'c', 'h', 'c', 'u', 'l', 't', 'i', 'v', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "techcultivation.net", false */ 't', 'e', 'c', 'h', 'c', 'u', 'l', 't', 'i', 'v', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "techcultivation.org", false */ 't', 'e', 'c', 'h', 'c', 'u', 'l', 't', 'i', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "techday.co.nz", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "techday.com", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "techday.com.au", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "techday.eu", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'e', 'u', '\0', + /* "techdirt.com", true */ 't', 'e', 'c', 'h', 'd', 'i', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "techendeavors.com", true */ 't', 'e', 'c', 'h', 'e', 'n', 'd', 'e', 'a', 'v', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "techhappy.ca", true */ 't', 'e', 'c', 'h', 'h', 'a', 'p', 'p', 'y', '.', 'c', 'a', '\0', + /* "techinet.pl", true */ 't', 'e', 'c', 'h', 'i', 'n', 'e', 't', '.', 'p', 'l', '\0', + /* "techjoe.co", true */ 't', 'e', 'c', 'h', 'j', 'o', 'e', '.', 'c', 'o', '\0', + /* "techmajesty.com", true */ 't', 'e', 'c', 'h', 'm', 'a', 'j', 'e', 's', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "techmasters.io", true */ 't', 'e', 'c', 'h', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'i', 'o', '\0', + /* "techmunchies.net", false */ 't', 'e', 'c', 'h', 'm', 'u', 'n', 'c', 'h', 'i', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "technicabv.nl", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'b', 'v', '.', 'n', 'l', '\0', + /* "technicalforensic.com", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 'f', 'o', 'r', 'e', 'n', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "technicallyeasy.net", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 'l', 'y', 'e', 'a', 's', 'y', '.', 'n', 'e', 't', '\0', + /* "technicalpenguins.com", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 'p', 'e', 'n', 'g', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "technifocal.com", true */ 't', 'e', 'c', 'h', 'n', 'i', 'f', 'o', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "technikrom.org", true */ 't', 'e', 'c', 'h', 'n', 'i', 'k', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "technoinfogroup.it", true */ 't', 'e', 'c', 'h', 'n', 'o', 'i', 'n', 'f', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'i', 't', '\0', + /* "technologie-innovation.fr", true */ 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', '-', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0', + /* "technologyand.me", true */ 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', 'a', 'n', 'd', '.', 'm', 'e', '\0', + /* "technologysi.com", true */ 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', 's', 'i', '.', 'c', 'o', 'm', '\0', + /* "technoparcepsilon.fr", true */ 't', 'e', 'c', 'h', 'n', 'o', 'p', 'a', 'r', 'c', 'e', 'p', 's', 'i', 'l', 'o', 'n', '.', 'f', 'r', '\0', + /* "technoscoots.com", true */ 't', 'e', 'c', 'h', 'n', 'o', 's', 'c', 'o', 'o', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "technosorcery.net", true */ 't', 'e', 'c', 'h', 'n', 'o', 's', 'o', 'r', 'c', 'e', 'r', 'y', '.', 'n', 'e', 't', '\0', + /* "technotonic.co.uk", true */ 't', 'e', 'c', 'h', 'n', 'o', 't', 'o', 'n', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "techold.ru", true */ 't', 'e', 'c', 'h', 'o', 'l', 'd', '.', 'r', 'u', '\0', + /* "techorbiter.com", true */ 't', 'e', 'c', 'h', 'o', 'r', 'b', 'i', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "techosmarcelo.com.ar", true */ 't', 'e', 'c', 'h', 'o', 's', 'm', 'a', 'r', 'c', 'e', 'l', 'o', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "techpivot.net", true */ 't', 'e', 'c', 'h', 'p', 'i', 'v', 'o', 't', '.', 'n', 'e', 't', '\0', + /* "techpro.net.br", true */ 't', 'e', 'c', 'h', 'p', 'r', 'o', '.', 'n', 'e', 't', '.', 'b', 'r', '\0', + /* "techshift.eu", true */ 't', 'e', 'c', 'h', 's', 'h', 'i', 'f', 't', '.', 'e', 'u', '\0', + /* "techshift.nl", true */ 't', 'e', 'c', 'h', 's', 'h', 'i', 'f', 't', '.', 'n', 'l', '\0', + /* "techshift.se", true */ 't', 'e', 'c', 'h', 's', 'h', 'i', 'f', 't', '.', 's', 'e', '\0', + /* "techtalks.no", true */ 't', 'e', 'c', 'h', 't', 'a', 'l', 'k', 's', '.', 'n', 'o', '\0', + /* "techtuts.info", true */ 't', 'e', 'c', 'h', 't', 'u', 't', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "techunit.org", true */ 't', 'e', 'c', 'h', 'u', 'n', 'i', 't', '.', 'o', 'r', 'g', '\0', + /* "techvalue.gr", true */ 't', 'e', 'c', 'h', 'v', 'a', 'l', 'u', 'e', '.', 'g', 'r', '\0', + /* "techviewforum.com", true */ 't', 'e', 'c', 'h', 'v', 'i', 'e', 'w', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "techwayz.com", true */ 't', 'e', 'c', 'h', 'w', 'a', 'y', 'z', '.', 'c', 'o', 'm', '\0', + /* "techwords.io", true */ 't', 'e', 'c', 'h', 'w', 'o', 'r', 'd', 's', '.', 'i', 'o', '\0', + /* "tecit.ch", true */ 't', 'e', 'c', 'i', 't', '.', 'c', 'h', '\0', + /* "tecne.ws", true */ 't', 'e', 'c', 'n', 'e', '.', 'w', 's', '\0', + /* "tecnoarea.com.ar", true */ 't', 'e', 'c', 'n', 'o', 'a', 'r', 'e', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "tecnobrasilloja.com.br", true */ 't', 'e', 'c', 'n', 'o', 'b', 'r', 'a', 's', 'i', 'l', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "tecnodritte.it", true */ 't', 'e', 'c', 'n', 'o', 'd', 'r', 'i', 't', 't', 'e', '.', 'i', 't', '\0', + /* "tecyt.com", true */ 't', 'e', 'c', 'y', 't', '.', 'c', 'o', 'm', '\0', + /* "tedb.us", true */ 't', 'e', 'd', 'b', '.', 'u', 's', '\0', + /* "teddy.ch", true */ 't', 'e', 'd', 'd', 'y', '.', 'c', 'h', '\0', + /* "teddybradford.com", true */ 't', 'e', 'd', 'd', 'y', 'b', 'r', 'a', 'd', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "teddylu.info", true */ 't', 'e', 'd', 'd', 'y', 'l', 'u', '.', 'i', 'n', 'f', 'o', '\0', + /* "tedeh.net", true */ 't', 'e', 'd', 'e', 'h', '.', 'n', 'e', 't', '\0', + /* "tedsdivingsystem.com", true */ 't', 'e', 'd', 's', 'd', 'i', 'v', 'i', 'n', 'g', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "tee-idf.net", true */ 't', 'e', 'e', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0', + /* "teebeedee.org", true */ 't', 'e', 'e', 'b', 'e', 'e', 'd', 'e', 'e', '.', 'o', 'r', 'g', '\0', + /* "teedb.de", true */ 't', 'e', 'e', 'd', 'b', '.', 'd', 'e', '\0', + /* "teemo.gg", true */ 't', 'e', 'e', 'm', 'o', '.', 'g', 'g', '\0', + /* "teemperor.de", true */ 't', 'e', 'e', 'm', 'p', 'e', 'r', 'o', 'r', '.', 'd', 'e', '\0', + /* "teemulintula.fi", true */ 't', 'e', 'e', 'm', 'u', 'l', 'i', 'n', 't', 'u', 'l', 'a', '.', 'f', 'i', '\0', + /* "teencounseling.com", true */ 't', 'e', 'e', 'n', 'c', 'o', 'u', 'n', 's', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "teeplelaw.com", true */ 't', 'e', 'e', 'p', 'l', 'e', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "teeworlds-friends.de", true */ 't', 'e', 'e', 'w', 'o', 'r', 'l', 'd', 's', '-', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'd', 'e', '\0', + /* "tefek.cz", true */ 't', 'e', 'f', 'e', 'k', '.', 'c', 'z', '\0', + /* "tege-elektronik.hu", true */ 't', 'e', 'g', 'e', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 'n', 'i', 'k', '.', 'h', 'u', '\0', + /* "tehcrayz.com", true */ 't', 'e', 'h', 'c', 'r', 'a', 'y', 'z', '.', 'c', 'o', 'm', '\0', + /* "tehplace.club", true */ 't', 'e', 'h', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'l', 'u', 'b', '\0', + /* "tehrabbitt.com", false */ 't', 'e', 'h', 'r', 'a', 'b', 'b', 'i', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "tehranperfume.com", true */ 't', 'e', 'h', 'r', 'a', 'n', 'p', 'e', 'r', 'f', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "teixobactin.com", true */ 't', 'e', 'i', 'x', 'o', 'b', 'a', 'c', 't', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "tejarat98.com", true */ 't', 'e', 'j', 'a', 'r', 'a', 't', '9', '8', '.', 'c', 'o', 'm', '\0', + /* "tekiro.com", true */ 't', 'e', 'k', 'i', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "teknemodus.com.au", true */ 't', 'e', 'k', 'n', 'e', 'm', 'o', 'd', 'u', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "teknik.io", true */ 't', 'e', 'k', 'n', 'i', 'k', '.', 'i', 'o', '\0', + /* "teknogeek.id", true */ 't', 'e', 'k', 'n', 'o', 'g', 'e', 'e', 'k', '.', 'i', 'd', '\0', + /* "tekstschrijvers.net", true */ 't', 'e', 'k', 's', 't', 's', 'c', 'h', 'r', 'i', 'j', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "tektuts.com", true */ 't', 'e', 'k', 't', 'u', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "tekuteku.jp", true */ 't', 'e', 'k', 'u', 't', 'e', 'k', 'u', '.', 'j', 'p', '\0', + /* "tele-alarme.ch", true */ 't', 'e', 'l', 'e', '-', 'a', 'l', 'a', 'r', 'm', 'e', '.', 'c', 'h', '\0', + /* "tele-assistance.ch", true */ 't', 'e', 'l', 'e', '-', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0', + /* "tele-online.com", true */ 't', 'e', 'l', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "telealarme.ch", true */ 't', 'e', 'l', 'e', 'a', 'l', 'a', 'r', 'm', 'e', '.', 'c', 'h', '\0', + /* "telealarmevalais.ch", true */ 't', 'e', 'l', 'e', 'a', 'l', 'a', 'r', 'm', 'e', 'v', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0', + /* "telecamera.pro", false */ 't', 'e', 'l', 'e', 'c', 'a', 'm', 'e', 'r', 'a', '.', 'p', 'r', 'o', '\0', + /* "telecharger-open-office.com", true */ 't', 'e', 'l', 'e', 'c', 'h', 'a', 'r', 'g', 'e', 'r', '-', 'o', 'p', 'e', 'n', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "telecharger-winrar.com", true */ 't', 'e', 'l', 'e', 'c', 'h', 'a', 'r', 'g', 'e', 'r', '-', 'w', 'i', 'n', 'r', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "telecomwestland.nl", true */ 't', 'e', 'l', 'e', 'c', 'o', 'm', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "teledivi.com", true */ 't', 'e', 'l', 'e', 'd', 'i', 'v', 'i', '.', 'c', 'o', 'm', '\0', + /* "telefon.report", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0', + /* "telefoncek.si", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 'c', 'e', 'k', '.', 's', 'i', '\0', + /* "telefonkonferenz.ch", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 'k', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'z', '.', 'c', 'h', '\0', + /* "telefonni-ustredna.cz", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 'n', 'i', '-', 'u', 's', 't', 'r', 'e', 'd', 'n', 'a', '.', 'c', 'z', '\0', + /* "telefonseelsorge-paderborn.de", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 's', 'e', 'e', 'l', 's', 'o', 'r', 'g', 'e', '-', 'p', 'a', 'd', 'e', 'r', 'b', 'o', 'r', 'n', '.', 'd', 'e', '\0', + /* "telefoonabonnement.nl", true */ 't', 'e', 'l', 'e', 'f', 'o', 'o', 'n', 'a', 'b', 'o', 'n', 'n', 'e', 'm', 'e', 'n', 't', '.', 'n', 'l', '\0', + /* "telehealthventures.com", false */ 't', 'e', 'l', 'e', 'h', 'e', 'a', 'l', 't', 'h', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "teleogistic.net", true */ 't', 'e', 'l', 'e', 'o', 'g', 'i', 's', 't', 'i', 'c', '.', 'n', 'e', 't', '\0', + /* "telepass.me", true */ 't', 'e', 'l', 'e', 'p', 'a', 's', 's', '.', 'm', 'e', '\0', + /* "telling.xyz", true */ 't', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0', + /* "telly.site", true */ 't', 'e', 'l', 'l', 'y', '.', 's', 'i', 't', 'e', '\0', + /* "tellygames.com", true */ 't', 'e', 'l', 'l', 'y', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "teloo.pl", true */ 't', 'e', 'l', 'o', 'o', '.', 'p', 'l', '\0', + /* "telos-analytics.com", true */ 't', 'e', 'l', 'o', 's', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "telugu4u.net", true */ 't', 'e', 'l', 'u', 'g', 'u', '4', 'u', '.', 'n', 'e', 't', '\0', + /* "tem.li", true */ 't', 'e', 'm', '.', 'l', 'i', '\0', + /* "temizmama.com", true */ 't', 'e', 'm', 'i', 'z', 'm', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "temp.pm", true */ 't', 'e', 'm', 'p', '.', 'p', 'm', '\0', + /* "tempdomain.ml", true */ 't', 'e', 'm', 'p', 'd', 'o', 'm', 'a', 'i', 'n', '.', 'm', 'l', '\0', + /* "template-parks.com", true */ 't', 'e', 'm', 'p', 'l', 'a', 't', 'e', '-', 'p', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "templateinvaders.com", true */ 't', 'e', 'm', 'p', 'l', 'a', 't', 'e', 'i', 'n', 'v', 'a', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "temptraining.ru", false */ 't', 'e', 'm', 'p', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'r', 'u', '\0', + /* "tempus-aquilae.de", true */ 't', 'e', 'm', 'p', 'u', 's', '-', 'a', 'q', 'u', 'i', 'l', 'a', 'e', '.', 'd', 'e', '\0', + /* "tenable.com.au", true */ 't', 'e', 'n', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "tenberg.com", true */ 't', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "tenbos.ch", true */ 't', 'e', 'n', 'b', 'o', 's', '.', 'c', 'h', '\0', + /* "tendermaster.com.ua", true */ 't', 'e', 'n', 'd', 'e', 'r', 'm', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "tenderstem.co.uk", true */ 't', 'e', 'n', 'd', 'e', 'r', 's', 't', 'e', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tendomag.com", true */ 't', 'e', 'n', 'd', 'o', 'm', 'a', 'g', '.', 'c', 'o', 'm', '\0', + /* "tenenz.com", true */ 't', 'e', 'n', 'e', 'n', 'z', '.', 'c', 'o', 'm', '\0', + /* "tengu.cloud", true */ 't', 'e', 'n', 'g', 'u', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "tenisservis.eu", true */ 't', 'e', 'n', 'i', 's', 's', 'e', 'r', 'v', 'i', 's', '.', 'e', 'u', '\0', + /* "tenkofx.com", true */ 't', 'e', 'n', 'k', 'o', 'f', 'x', '.', 'c', 'o', 'm', '\0', + /* "tennisadmin.com", true */ 't', 'e', 'n', 'n', 'i', 's', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "tennismindgame.com", true */ 't', 'e', 'n', 'n', 'i', 's', 'm', 'i', 'n', 'd', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "tenpolab.com", true */ 't', 'e', 'n', 'p', 'o', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "tenseapp.pl", true */ 't', 'e', 'n', 's', 'e', 'a', 'p', 'p', '.', 'p', 'l', '\0', + /* "tenshoku-hanashi.com", true */ 't', 'e', 'n', 's', 'h', 'o', 'k', 'u', '-', 'h', 'a', 'n', 'a', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0', + /* "tent.io", true */ 't', 'e', 'n', 't', '.', 'i', 'o', '\0', + /* "tenta.com", true */ 't', 'e', 'n', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "tentabrowser.com", true */ 't', 'e', 'n', 't', 'a', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "tentations-voyages.com", false */ 't', 'e', 'n', 't', 'a', 't', 'i', 'o', 'n', 's', '-', 'v', 'o', 'y', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tenthousandcoffees.com", true */ 't', 'e', 'n', 't', 'h', 'o', 'u', 's', 'a', 'n', 'd', 'c', 'o', 'f', 'f', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tenyx.de", true */ 't', 'e', 'n', 'y', 'x', '.', 'd', 'e', '\0', + /* "teodio.cl", true */ 't', 'e', 'o', 'd', 'i', 'o', '.', 'c', 'l', '\0', + /* "teoskanta.fi", true */ 't', 'e', 'o', 's', 'k', 'a', 'n', 't', 'a', '.', 'f', 'i', '\0', + /* "tepid.org", true */ 't', 'e', 'p', 'i', 'd', '.', 'o', 'r', 'g', '\0', + /* "tepitus.de", true */ 't', 'e', 'p', 'i', 't', 'u', 's', '.', 'd', 'e', '\0', + /* "tequilazor.com", true */ 't', 'e', 'q', 'u', 'i', 'l', 'a', 'z', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "teracloud.at", true */ 't', 'e', 'r', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'a', 't', '\0', + /* "teranacreative.com", true */ 't', 'e', 'r', 'a', 'n', 'a', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "teranga.ch", true */ 't', 'e', 'r', 'a', 'n', 'g', 'a', '.', 'c', 'h', '\0', + /* "teriiphotography.com", true */ 't', 'e', 'r', 'i', 'i', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "terlindung.com", true */ 't', 'e', 'r', 'l', 'i', 'n', 'd', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "terminalvelocity.co.nz", true */ 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', 'v', 'e', 'l', 'o', 'c', 'i', 't', 'y', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "termitemounds.org", true */ 't', 'e', 'r', 'm', 'i', 't', 'e', 'm', 'o', 'u', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0', + /* "termitinitus.org", true */ 't', 'e', 'r', 'm', 'i', 't', 'i', 'n', 'i', 't', 'u', 's', '.', 'o', 'r', 'g', '\0', + /* "terrab.de", false */ 't', 'e', 'r', 'r', 'a', 'b', '.', 'd', 'e', '\0', + /* "terracloud.de", false */ 't', 'e', 'r', 'r', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "terraelectronica.ru", true */ 't', 'e', 'r', 'r', 'a', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'a', '.', 'r', 'u', '\0', + /* "terrafinanz.de", true */ 't', 'e', 'r', 'r', 'a', 'f', 'i', 'n', 'a', 'n', 'z', '.', 'd', 'e', '\0', + /* "terraform.io", true */ 't', 'e', 'r', 'r', 'a', 'f', 'o', 'r', 'm', '.', 'i', 'o', '\0', + /* "terragni-sarasin.ch", true */ 't', 'e', 'r', 'r', 'a', 'g', 'n', 'i', '-', 's', 'a', 'r', 'a', 's', 'i', 'n', '.', 'c', 'h', '\0', + /* "terrainator.com", true */ 't', 'e', 'r', 'r', 'a', 'i', 'n', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "terralimno.com", true */ 't', 'e', 'r', 'r', 'a', 'l', 'i', 'm', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "terralimno.eu", true */ 't', 'e', 'r', 'r', 'a', 'l', 'i', 'm', 'n', 'o', '.', 'e', 'u', '\0', + /* "terraluna.space", true */ 't', 'e', 'r', 'r', 'a', 'l', 'u', 'n', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "terrastaffinggroup.com", false */ 't', 'e', 'r', 'r', 'a', 's', 't', 'a', 'f', 'f', 'i', 'n', 'g', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "terraweb.net", true */ 't', 'e', 'r', 'r', 'a', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0', + /* "terrazoo.de", true */ 't', 'e', 'r', 'r', 'a', 'z', 'o', 'o', '.', 'd', 'e', '\0', + /* "terresmagiques.com", true */ 't', 'e', 'r', 'r', 'e', 's', 'm', 'a', 'g', 'i', 'q', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "terrty.net", true */ 't', 'e', 'r', 'r', 't', 'y', '.', 'n', 'e', 't', '\0', + /* "tes.com", true */ 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tesche.biz", true */ 't', 'e', 's', 'c', 'h', 'e', '.', 'b', 'i', 'z', '\0', + /* "teschenhausen.com", true */ 't', 'e', 's', 'c', 'h', 'e', 'n', 'h', 'a', 'u', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "tescoirelandpayslips.com", true */ 't', 'e', 's', 'c', 'o', 'i', 'r', 'e', 'l', 'a', 'n', 'd', 'p', 'a', 'y', 's', 'l', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "tescolide.cz", true */ 't', 'e', 's', 'c', 'o', 'l', 'i', 'd', 'e', '.', 'c', 'z', '\0', + /* "tescoludia.sk", true */ 't', 'e', 's', 'c', 'o', 'l', 'u', 'd', 'i', 'a', '.', 's', 'k', '\0', + /* "teskalabs.com", true */ 't', 'e', 's', 'k', 'a', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "tesoro.pr", true */ 't', 'e', 's', 'o', 'r', 'o', '.', 'p', 'r', '\0', + /* "tessai.ga", true */ 't', 'e', 's', 's', 'a', 'i', '.', 'g', 'a', '\0', + /* "test.de", true */ 't', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "testadren.com", true */ 't', 'e', 's', 't', 'a', 'd', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "testadron.com", true */ 't', 'e', 's', 't', 'a', 'd', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "testbawks.com", true */ 't', 'e', 's', 't', 'b', 'a', 'w', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "testbirds.cz", true */ 't', 'e', 's', 't', 'b', 'i', 'r', 'd', 's', '.', 'c', 'z', '\0', + /* "testbirds.sk", true */ 't', 'e', 's', 't', 'b', 'i', 'r', 'd', 's', '.', 's', 'k', '\0', + /* "testgeomed.ro", true */ 't', 'e', 's', 't', 'g', 'e', 'o', 'm', 'e', 'd', '.', 'r', 'o', '\0', + /* "testi.info", true */ 't', 'e', 's', 't', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "testingbot.com", false */ 't', 'e', 's', 't', 'i', 'n', 'g', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "testnode.xyz", false */ 't', 'e', 's', 't', 'n', 'o', 'd', 'e', '.', 'x', 'y', 'z', '\0', + /* "testomato.com", true */ 't', 'e', 's', 't', 'o', 'm', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "testosterone-complex.com", true */ 't', 'e', 's', 't', 'o', 's', 't', 'e', 'r', 'o', 'n', 'e', '-', 'c', 'o', 'm', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "testpornsite.com", true */ 't', 'e', 's', 't', 'p', 'o', 'r', 'n', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "testsuite.org", true */ 't', 'e', 's', 't', 's', 'u', 'i', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "testuje.net", true */ 't', 'e', 's', 't', 'u', 'j', 'e', '.', 'n', 'e', 't', '\0', + /* "tetedelacourse.ch", true */ 't', 'e', 't', 'e', 'd', 'e', 'l', 'a', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'h', '\0', + /* "tetrarch.co", true */ 't', 'e', 't', 'r', 'a', 'r', 'c', 'h', '.', 'c', 'o', '\0', + /* "tetsugakunomichi.jp", true */ 't', 'e', 't', 's', 'u', 'g', 'a', 'k', 'u', 'n', 'o', 'm', 'i', 'c', 'h', 'i', '.', 'j', 'p', '\0', + /* "tetsumaki.net", true */ 't', 'e', 't', 's', 'u', 'm', 'a', 'k', 'i', '.', 'n', 'e', 't', '\0', + /* "teuniz.nl", true */ 't', 'e', 'u', 'n', 'i', 'z', '.', 'n', 'l', '\0', + /* "teunstuinposters.nl", true */ 't', 'e', 'u', 'n', 's', 't', 'u', 'i', 'n', 'p', 'o', 's', 't', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "teva-li.com", true */ 't', 'e', 'v', 'a', '-', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "tewarilab.co.uk", true */ 't', 'e', 'w', 'a', 'r', 'i', 'l', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tewkesburybouncycastles.co.uk", true */ 't', 'e', 'w', 'k', 'e', 's', 'b', 'u', 'r', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "texasllcpros.com", true */ 't', 'e', 'x', 'a', 's', 'l', 'l', 'c', 'p', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "texaspaintingandgutters.com", true */ 't', 'e', 'x', 'a', 's', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 'a', 'n', 'd', 'g', 'u', 't', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "texastwostepdivorce.com", true */ 't', 'e', 'x', 'a', 's', 't', 'w', 'o', 's', 't', 'e', 'p', 'd', 'i', 'v', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "texasvolunteerattorneys.org", true */ 't', 'e', 'x', 'a', 's', 'v', 'o', 'l', 'u', 'n', 't', 'e', 'e', 'r', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', 's', '.', 'o', 'r', 'g', '\0', + /* "texby.com", true */ 't', 'e', 'x', 'b', 'y', '.', 'c', 'o', 'm', '\0', + /* "texhnolyze.net", true */ 't', 'e', 'x', 'h', 'n', 'o', 'l', 'y', 'z', 'e', '.', 'n', 'e', 't', '\0', + /* "text-shirt.com", true */ 't', 'e', 'x', 't', '-', 's', 'h', 'i', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "textburst.com", true */ 't', 'e', 'x', 't', 'b', 'u', 'r', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "texter-linz.at", true */ 't', 'e', 'x', 't', 'e', 'r', '-', 'l', 'i', 'n', 'z', '.', 'a', 't', '\0', + /* "texterseo.at", true */ 't', 'e', 'x', 't', 'e', 'r', 's', 'e', 'o', '.', 'a', 't', '\0', + /* "texterseo.de", true */ 't', 'e', 'x', 't', 'e', 'r', 's', 'e', 'o', '.', 'd', 'e', '\0', + /* "textpedia.org", true */ 't', 'e', 'x', 't', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "textualapp.com", true */ 't', 'e', 'x', 't', 'u', 'a', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "texture.net.au", true */ 't', 'e', 'x', 't', 'u', 'r', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "texus.me", true */ 't', 'e', 'x', 'u', 's', '.', 'm', 'e', '\0', + /* "texy.info", true */ 't', 'e', 'x', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "teysens.com", true */ 't', 'e', 'y', 's', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "teyssedre.ca", true */ 't', 'e', 'y', 's', 's', 'e', 'd', 'r', 'e', '.', 'c', 'a', '\0', + /* "tezcam.tk", true */ 't', 'e', 'z', 'c', 'a', 'm', '.', 't', 'k', '\0', + /* "tf-network.de", true */ 't', 'f', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0', + /* "tf2b.com", true */ 't', 'f', '2', 'b', '.', 'c', 'o', 'm', '\0', + /* "tf2calculator.com", true */ 't', 'f', '2', 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "tfg-bouncycastles.com", true */ 't', 'f', 'g', '-', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tfle.xyz", true */ 't', 'f', 'l', 'e', '.', 'x', 'y', 'z', '\0', + /* "tflite.com", true */ 't', 'f', 'l', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "tfnapps.de", true */ 't', 'f', 'n', 'a', 'p', 'p', 's', '.', 'd', 'e', '\0', + /* "tfx.com.br", true */ 't', 'f', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "tfx.pt", true */ 't', 'f', 'x', '.', 'p', 't', '\0', + /* "tfxstartup.com", true */ 't', 'f', 'x', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "tfxstartup.com.br", true */ 't', 'f', 'x', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "tgamobility.co.uk", true */ 't', 'g', 'a', 'm', 'o', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tgbyte.com", true */ 't', 'g', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "tgbyte.de", true */ 't', 'g', 'b', 'y', 't', 'e', '.', 'd', 'e', '\0', + /* "tgexport.eu", true */ 't', 'g', 'e', 'x', 'p', 'o', 'r', 't', '.', 'e', 'u', '\0', + /* "tgmkanis.com", true */ 't', 'g', 'm', 'k', 'a', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "tgod.co", true */ 't', 'g', 'o', 'd', '.', 'c', 'o', '\0', + /* "tgtv.tn", true */ 't', 'g', 't', 'v', '.', 't', 'n', '\0', + /* "tgui.eu", true */ 't', 'g', 'u', 'i', '.', 'e', 'u', '\0', + /* "tgui.net", true */ 't', 'g', 'u', 'i', '.', 'n', 'e', 't', '\0', + /* "tgw.com", true */ 't', 'g', 'w', '.', 'c', 'o', 'm', '\0', + /* "th.search.yahoo.com", false */ 't', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "thablubb.de", true */ 't', 'h', 'a', 'b', 'l', 'u', 'b', 'b', '.', 'd', 'e', '\0', + /* "thaedal.net", true */ 't', 'h', 'a', 'e', 'd', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "thai.dating", true */ 't', 'h', 'a', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "thai.land", false */ 't', 'h', 'a', 'i', '.', 'l', 'a', 'n', 'd', '\0', + /* "thaianthro.com", true */ 't', 'h', 'a', 'i', 'a', 'n', 't', 'h', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "thaicyberpoint.com", true */ 't', 'h', 'a', 'i', 'c', 'y', 'b', 'e', 'r', 'p', 'o', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "thaiforest.ch", true */ 't', 'h', 'a', 'i', 'f', 'o', 'r', 'e', 's', 't', '.', 'c', 'h', '\0', + /* "thaihomecooking.com", true */ 't', 'h', 'a', 'i', 'h', 'o', 'm', 'e', 'c', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "thailandpharmacy.net", true */ 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'n', 'e', 't', '\0', + /* "thairehabassociation.com", true */ 't', 'h', 'a', 'i', 'r', 'e', 'h', 'a', 'b', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "thajskyraj.com", true */ 't', 'h', 'a', 'j', 's', 'k', 'y', 'r', 'a', 'j', '.', 'c', 'o', 'm', '\0', + /* "thalan.fr", true */ 't', 'h', 'a', 'l', 'a', 'n', '.', 'f', 'r', '\0', + /* "thalgott.net", true */ 't', 'h', 'a', 'l', 'g', 'o', 't', 't', '.', 'n', 'e', 't', '\0', + /* "thalhammer.it", true */ 't', 'h', 'a', 'l', 'h', 'a', 'm', 'm', 'e', 'r', '.', 'i', 't', '\0', + /* "thalskarth.com", true */ 't', 'h', 'a', 'l', 's', 'k', 'a', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "thamesfamilydentistry.com", true */ 't', 'h', 'a', 'm', 'e', 's', 'f', 'a', 'm', 'i', 'l', 'y', 'd', 'e', 'n', 't', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "thanabh.at", true */ 't', 'h', 'a', 'n', 'a', 'b', 'h', '.', 'a', 't', '\0', + /* "thanatoid.net", true */ 't', 'h', 'a', 'n', 'a', 't', 'o', 'i', 'd', '.', 'n', 'e', 't', '\0', + /* "thanhthinhbui.com", true */ 't', 'h', 'a', 'n', 'h', 't', 'h', 'i', 'n', 'h', 'b', 'u', 'i', '.', 'c', 'o', 'm', '\0', + /* "thatgudstuff.com", true */ 't', 'h', 'a', 't', 'g', 'u', 'd', 's', 't', 'u', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "thatpodcast.io", true */ 't', 'h', 'a', 't', 'p', 'o', 'd', 'c', 'a', 's', 't', '.', 'i', 'o', '\0', + /* "thatquiz.org", true */ 't', 'h', 'a', 't', 'q', 'u', 'i', 'z', '.', 'o', 'r', 'g', '\0', + /* "thca.ca", true */ 't', 'h', 'c', 'a', '.', 'c', 'a', '\0', + /* "thcpbees.co.uk", true */ 't', 'h', 'c', 'p', 'b', 'e', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "the-body-shop.hu", false */ 't', 'h', 'e', '-', 'b', 'o', 'd', 'y', '-', 's', 'h', 'o', 'p', '.', 'h', 'u', '\0', + /* "the-earth-yui.net", false */ 't', 'h', 'e', '-', 'e', 'a', 'r', 't', 'h', '-', 'y', 'u', 'i', '.', 'n', 'e', 't', '\0', + /* "the-hemingway-code.de", true */ 't', 'h', 'e', '-', 'h', 'e', 'm', 'i', 'n', 'g', 'w', 'a', 'y', '-', 'c', 'o', 'd', 'e', '.', 'd', 'e', '\0', + /* "the-mystery.org", true */ 't', 'h', 'e', '-', 'm', 'y', 's', 't', 'e', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "the-paddies.de", true */ 't', 'h', 'e', '-', 'p', 'a', 'd', 'd', 'i', 'e', 's', '.', 'd', 'e', '\0', + /* "the-pcca.org", true */ 't', 'h', 'e', '-', 'p', 'c', 'c', 'a', '.', 'o', 'r', 'g', '\0', + /* "the-webmaster.com", true */ 't', 'h', 'e', '-', 'w', 'e', 'b', 'm', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "the-zenti.de", true */ 't', 'h', 'e', '-', 'z', 'e', 'n', 't', 'i', '.', 'd', 'e', '\0', + /* "the2f.de", true */ 't', 'h', 'e', '2', 'f', '.', 'd', 'e', '\0', + /* "the3musketeers.biz", true */ 't', 'h', 'e', '3', 'm', 'u', 's', 'k', 'e', 't', 'e', 'e', 'r', 's', '.', 'b', 'i', 'z', '\0', + /* "theankhlife.com", true */ 't', 'h', 'e', 'a', 'n', 'k', 'h', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "thebakers.com.br", true */ 't', 'h', 'e', 'b', 'a', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "thebasebk.org", true */ 't', 'h', 'e', 'b', 'a', 's', 'e', 'b', 'k', '.', 'o', 'r', 'g', '\0', + /* "thebcm.co.uk", true */ 't', 'h', 'e', 'b', 'c', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thebest.ch", true */ 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'c', 'h', '\0', + /* "thebestfun.co.uk", true */ 't', 'h', 'e', 'b', 'e', 's', 't', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thebestsavingsplan.com", true */ 't', 'h', 'e', 'b', 'e', 's', 't', 's', 'a', 'v', 'i', 'n', 'g', 's', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "thebigbitch.nl", true */ 't', 'h', 'e', 'b', 'i', 'g', 'b', 'i', 't', 'c', 'h', '.', 'n', 'l', '\0', + /* "thebigdatacompany.com", true */ 't', 'h', 'e', 'b', 'i', 'g', 'd', 'a', 't', 'a', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "thebigwave.de", true */ 't', 'h', 'e', 'b', 'i', 'g', 'w', 'a', 'v', 'e', '.', 'd', 'e', '\0', + /* "thebikeinsurer.co.uk", true */ 't', 'h', 'e', 'b', 'i', 'k', 'e', 'i', 'n', 's', 'u', 'r', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thebimhub.com", true */ 't', 'h', 'e', 'b', 'i', 'm', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "thebit.link", true */ 't', 'h', 'e', 'b', 'i', 't', '.', 'l', 'i', 'n', 'k', '\0', + /* "theblackknightsings.com", true */ 't', 'h', 'e', 'b', 'l', 'a', 'c', 'k', 'k', 'n', 'i', 'g', 'h', 't', 's', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "thebodyprinciple.com", true */ 't', 'h', 'e', 'b', 'o', 'd', 'y', 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "thebouncedepartment.co.uk", true */ 't', 'h', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'd', 'e', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thebouncyman.co.uk", true */ 't', 'h', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'm', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "theboxofcarlos.com", true */ 't', 'h', 'e', 'b', 'o', 'x', 'o', 'f', 'c', 'a', 'r', 'l', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "thebreakhotel.com", true */ 't', 'h', 'e', 'b', 'r', 'e', 'a', 'k', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "thebreakroom.org", true */ 't', 'h', 'e', 'b', 'r', 'e', 'a', 'k', 'r', 'o', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "thebte.com", true */ 't', 'h', 'e', 'b', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "thebuffalotavern.com", true */ 't', 'h', 'e', 'b', 'u', 'f', 'f', 'a', 'l', 'o', 't', 'a', 'v', 'e', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "thecandidforum.com", true */ 't', 'h', 'e', 'c', 'a', 'n', 'd', 'i', 'd', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "thecarolingconnection.com", true */ 't', 'h', 'e', 'c', 'a', 'r', 'o', 'l', 'i', 'n', 'g', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "thecherryship.ch", true */ 't', 'h', 'e', 'c', 'h', 'e', 'r', 'r', 'y', 's', 'h', 'i', 'p', '.', 'c', 'h', '\0', + /* "theciderlink.com.au", true */ 't', 'h', 'e', 'c', 'i', 'd', 'e', 'r', 'l', 'i', 'n', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "thecitizens.com", true */ 't', 'h', 'e', 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "thecitywarehouse.clothing", true */ 't', 'h', 'e', 'c', 'i', 't', 'y', 'w', 'a', 'r', 'e', 'h', 'o', 'u', 's', 'e', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0', + /* "theclimbingunit.com", true */ 't', 'h', 'e', 'c', 'l', 'i', 'm', 'b', 'i', 'n', 'g', 'u', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "thecloudmigrator.com", true */ 't', 'h', 'e', 'c', 'l', 'o', 'u', 'd', 'm', 'i', 'g', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "thecloudrevolution.net", true */ 't', 'h', 'e', 'c', 'l', 'o', 'u', 'd', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "thecoffeepod.co.uk", true */ 't', 'h', 'e', 'c', 'o', 'f', 'f', 'e', 'e', 'p', 'o', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thecoffeesuperstore.com", true */ 't', 'h', 'e', 'c', 'o', 'f', 'f', 'e', 'e', 's', 'u', 'p', 'e', 'r', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "thecolumnist.net", true */ 't', 'h', 'e', 'c', 'o', 'l', 'u', 'm', 'n', 'i', 's', 't', '.', 'n', 'e', 't', '\0', + /* "thecondobuyers.com", true */ 't', 'h', 'e', 'c', 'o', 'n', 'd', 'o', 'b', 'u', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "thecozycastle.com", true */ 't', 'h', 'e', 'c', 'o', 'z', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "thecrazytravel.com", true */ 't', 'h', 'e', 'c', 'r', 'a', 'z', 'y', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "thecrew-exchange.com", true */ 't', 'h', 'e', 'c', 'r', 'e', 'w', '-', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "thecrochetcottage.net", true */ 't', 'h', 'e', 'c', 'r', 'o', 'c', 'h', 'e', 't', 'c', 'o', 't', 't', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0', + /* "thecskr.in", true */ 't', 'h', 'e', 'c', 's', 'k', 'r', '.', 'i', 'n', '\0', + /* "thecsw.com", true */ 't', 'h', 'e', 'c', 's', 'w', '.', 'c', 'o', 'm', '\0', + /* "thecuppacakery.co.uk", true */ 't', 'h', 'e', 'c', 'u', 'p', 'p', 'a', 'c', 'a', 'k', 'e', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thecuriouscat.net", true */ 't', 'h', 'e', 'c', 'u', 'r', 'i', 'o', 'u', 's', 'c', 'a', 't', '.', 'n', 'e', 't', '\0', + /* "thecustomizewindows.com", true */ 't', 'h', 'e', 'c', 'u', 's', 't', 'o', 'm', 'i', 'z', 'e', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "thedailyupvote.com", true */ 't', 'h', 'e', 'd', 'a', 'i', 'l', 'y', 'u', 'p', 'v', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "thedark1337.com", true */ 't', 'h', 'e', 'd', 'a', 'r', 'k', '1', '3', '3', '7', '.', 'c', 'o', 'm', '\0', + /* "thederminstitute.com", true */ 't', 'h', 'e', 'd', 'e', 'r', 'm', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "thedevilwearswibra.nl", true */ 't', 'h', 'e', 'd', 'e', 'v', 'i', 'l', 'w', 'e', 'a', 'r', 's', 'w', 'i', 'b', 'r', 'a', '.', 'n', 'l', '\0', + /* "thedevrycommonsbrasil.com", false */ 't', 'h', 'e', 'd', 'e', 'v', 'r', 'y', 'c', 'o', 'm', 'm', 'o', 'n', 's', 'b', 'r', 'a', 's', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "thediaryofadam.com", true */ 't', 'h', 'e', 'd', 'i', 'a', 'r', 'y', 'o', 'f', 'a', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "thedisc.nl", true */ 't', 'h', 'e', 'd', 'i', 's', 'c', '.', 'n', 'l', '\0', + /* "thediscovine.com", true */ 't', 'h', 'e', 'd', 'i', 's', 'c', 'o', 'v', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "thedocumentrefinery.com", true */ 't', 'h', 'e', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'r', 'e', 'f', 'i', 'n', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "thedominatorsclan.com", true */ 't', 'h', 'e', 'd', 'o', 'm', 'i', 'n', 'a', 't', 'o', 'r', 's', 'c', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "thedreamtravelgroup.co.uk", true */ 't', 'h', 'e', 'd', 'r', 'e', 'a', 'm', 't', 'r', 'a', 'v', 'e', 'l', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thedrinks.co", true */ 't', 'h', 'e', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', '\0', + /* "thedronechart.com", true */ 't', 'h', 'e', 'd', 'r', 'o', 'n', 'e', 'c', 'h', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "thedrunkencabbage.com", true */ 't', 'h', 'e', 'd', 'r', 'u', 'n', 'k', 'e', 'n', 'c', 'a', 'b', 'b', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "thedutchmarketers.com", true */ 't', 'h', 'e', 'd', 'u', 't', 'c', 'h', 'm', 'a', 'r', 'k', 'e', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "theebookkeepers.co.za", true */ 't', 'h', 'e', 'e', 'b', 'o', 'o', 'k', 'k', 'e', 'e', 'p', 'e', 'r', 's', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "theeducationchannel.info", true */ 't', 'h', 'e', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "theeducationdirectory.org", true */ 't', 'h', 'e', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "theevergreen.me", true */ 't', 'h', 'e', 'e', 'v', 'e', 'r', 'g', 'r', 'e', 'e', 'n', '.', 'm', 'e', '\0', + /* "theexpatriate.de", true */ 't', 'h', 'e', 'e', 'x', 'p', 'a', 't', 'r', 'i', 'a', 't', 'e', '.', 'd', 'e', '\0', + /* "thefanimatrix.net", true */ 't', 'h', 'e', 'f', 'a', 'n', 'i', 'm', 'a', 't', 'r', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "thefbstalker.com", true */ 't', 'h', 'e', 'f', 'b', 's', 't', 'a', 'l', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "theferrarista.com", true */ 't', 'h', 'e', 'f', 'e', 'r', 'r', 'a', 'r', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "theflyingbear.net", true */ 't', 'h', 'e', 'f', 'l', 'y', 'i', 'n', 'g', 'b', 'e', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "thefnafarchive.org", true */ 't', 'h', 'e', 'f', 'n', 'a', 'f', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "thefox.com.fr", true */ 't', 'h', 'e', 'f', 'o', 'x', '.', 'c', 'o', 'm', '.', 'f', 'r', '\0', + /* "thefrk.pw", true */ 't', 'h', 'e', 'f', 'r', 'k', '.', 'p', 'w', '\0', + /* "thefunfirm.co.uk", true */ 't', 'h', 'e', 'f', 'u', 'n', 'f', 'i', 'r', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thegarrowcompany.com", true */ 't', 'h', 'e', 'g', 'a', 'r', 'r', 'o', 'w', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "thegcccoin.com", true */ 't', 'h', 'e', 'g', 'c', 'c', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "thegeekdiary.com", true */ 't', 'h', 'e', 'g', 'e', 'e', 'k', 'd', 'i', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "thegioinano.com", true */ 't', 'h', 'e', 'g', 'i', 'o', 'i', 'n', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "thegraciousgourmet.com", true */ 't', 'h', 'e', 'g', 'r', 'a', 'c', 'i', 'o', 'u', 's', 'g', 'o', 'u', 'r', 'm', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "thegrape.ro", true */ 't', 'h', 'e', 'g', 'r', 'a', 'p', 'e', '.', 'r', 'o', '\0', + /* "thegreatplains.com", true */ 't', 'h', 'e', 'g', 'r', 'e', 'a', 't', 'p', 'l', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "thegreenfields.se", true */ 't', 'h', 'e', 'g', 'r', 'e', 'e', 'n', 'f', 'i', 'e', 'l', 'd', 's', '.', 's', 'e', '\0', + /* "thegreenmanpottery.com", true */ 't', 'h', 'e', 'g', 'r', 'e', 'e', 'n', 'm', 'a', 'n', 'p', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "thegreens.us", true */ 't', 'h', 'e', 'g', 'r', 'e', 'e', 'n', 's', '.', 'u', 's', '\0', + /* "thegvoffice.net", true */ 't', 'h', 'e', 'g', 'v', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "thegym.org", true */ 't', 'h', 'e', 'g', 'y', 'm', '.', 'o', 'r', 'g', '\0', + /* "thehackerblog.com", true */ 't', 'h', 'e', 'h', 'a', 'c', 'k', 'e', 'r', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "thehaxbys.co.uk", true */ 't', 'h', 'e', 'h', 'a', 'x', 'b', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thehiddenbay.cc", true */ 't', 'h', 'e', 'h', 'i', 'd', 'd', 'e', 'n', 'b', 'a', 'y', '.', 'c', 'c', '\0', + /* "thehiddenbay.info", true */ 't', 'h', 'e', 'h', 'i', 'd', 'd', 'e', 'n', 'b', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "thehivedesign.org", true */ 't', 'h', 'e', 'h', 'i', 'v', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'o', 'r', 'g', '\0', + /* "thehomeicreate.com", true */ 't', 'h', 'e', 'h', 'o', 'm', 'e', 'i', 'c', 'r', 'e', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "thehookup.be", true */ 't', 'h', 'e', 'h', 'o', 'o', 'k', 'u', 'p', '.', 'b', 'e', '\0', + /* "theidiotboard.com", true */ 't', 'h', 'e', 'i', 'd', 'i', 'o', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "theinflatables-ni.co.uk", true */ 't', 'h', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '-', 'n', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "theinflatablesne.co.uk", true */ 't', 'h', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "theinitium.com", true */ 't', 'h', 'e', 'i', 'n', 'i', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "theintercept.com", true */ 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '\0', + /* "theinternationalgeekconspiracy.eu", true */ 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'g', 'e', 'e', 'k', 'c', 'o', 'n', 's', 'p', 'i', 'r', 'a', 'c', 'y', '.', 'e', 'u', '\0', + /* "thejacksoninstitute.com.au", true */ 't', 'h', 'e', 'j', 'a', 'c', 'k', 's', 'o', 'n', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "thekev.in", true */ 't', 'h', 'e', 'k', 'e', 'v', '.', 'i', 'n', '\0', + /* "thekeymusic.com", true */ 't', 'h', 'e', 'k', 'e', 'y', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "thekingofhate.com", true */ 't', 'h', 'e', 'k', 'i', 'n', 'g', 'o', 'f', 'h', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "thekrewserver.com", true */ 't', 'h', 'e', 'k', 'r', 'e', 'w', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "thelaimlife.com", true */ 't', 'h', 'e', 'l', 'a', 'i', 'm', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "thelanscape.com", true */ 't', 'h', 'e', 'l', 'a', 'n', 's', 'c', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "thelastsurprise.com", true */ 't', 'h', 'e', 'l', 'a', 's', 't', 's', 'u', 'r', 'p', 'r', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "thelefthand.org", true */ 't', 'h', 'e', 'l', 'e', 'f', 't', 'h', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0', + /* "thelinuxspace.com", true */ 't', 'h', 'e', 'l', 'i', 'n', 'u', 'x', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "thelinuxtree.net", true */ 't', 'h', 'e', 'l', 'i', 'n', 'u', 'x', 't', 'r', 'e', 'e', '.', 'n', 'e', 't', '\0', + /* "thelittlecraft.com", true */ 't', 'h', 'e', 'l', 'i', 't', 't', 'l', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "thelocals.ru", true */ 't', 'h', 'e', 'l', 'o', 'c', 'a', 'l', 's', '.', 'r', 'u', '\0', + /* "thelonelyones.co.uk", true */ 't', 'h', 'e', 'l', 'o', 'n', 'e', 'l', 'y', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "themacoaching.nl", true */ 't', 'h', 'e', 'm', 'a', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "themarshallproject.org", true */ 't', 'h', 'e', 'm', 'a', 'r', 's', 'h', 'a', 'l', 'l', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "themeaudit.com", true */ 't', 'h', 'e', 'm', 'e', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "themecraft.studio", true */ 't', 'h', 'e', 'm', 'e', 'c', 'r', 'a', 'f', 't', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "themetacity.com", true */ 't', 'h', 'e', 'm', 'e', 't', 'a', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "themilanlife.com", true */ 't', 'h', 'e', 'm', 'i', 'l', 'a', 'n', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "themillerslive.com", true */ 't', 'h', 'e', 'm', 'i', 'l', 'l', 'e', 'r', 's', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "themist.cz", true */ 't', 'h', 'e', 'm', 'i', 's', 't', '.', 'c', 'z', '\0', + /* "themoep.at", true */ 't', 'h', 'e', 'm', 'o', 'e', 'p', '.', 'a', 't', '\0', + /* "themoneyconverter.com", true */ 't', 'h', 'e', 'm', 'o', 'n', 'e', 'y', 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "themonthly.com.au", true */ 't', 'h', 'e', 'm', 'o', 'n', 't', 'h', 'l', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "themostexpensiveworkofart.com", true */ 't', 'h', 'e', 'm', 'o', 's', 't', 'e', 'x', 'p', 'e', 'n', 's', 'i', 'v', 'e', 'w', 'o', 'r', 'k', 'o', 'f', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "themusecollaborative.org", true */ 't', 'h', 'e', 'm', 'u', 's', 'e', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "themusicinnoise.net", true */ 't', 'h', 'e', 'm', 'u', 's', 'i', 'c', 'i', 'n', 'n', 'o', 'i', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "thenanfang.com", true */ 't', 'h', 'e', 'n', 'a', 'n', 'f', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "thenarcissisticlife.com", true */ 't', 'h', 'e', 'n', 'a', 'r', 'c', 'i', 's', 's', 'i', 's', 't', 'i', 'c', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "thenexwork.com", true */ 't', 'h', 'e', 'n', 'e', 'x', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "thenib.com", true */ 't', 'h', 'e', 'n', 'i', 'b', '.', 'c', 'o', 'm', '\0', + /* "thenichecast.com", true */ 't', 'h', 'e', 'n', 'i', 'c', 'h', 'e', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "thenocman.com", true */ 't', 'h', 'e', 'n', 'o', 'c', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "theobromos.fr", true */ 't', 'h', 'e', 'o', 'b', 'r', 'o', 'm', 'o', 's', '.', 'f', 'r', '\0', + /* "theocharis.org", true */ 't', 'h', 'e', 'o', 'c', 'h', 'a', 'r', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "theodorahome.co", true */ 't', 'h', 'e', 'o', 'd', 'o', 'r', 'a', 'h', 'o', 'm', 'e', '.', 'c', 'o', '\0', + /* "theodorahome.com.br", true */ 't', 'h', 'e', 'o', 'd', 'o', 'r', 'a', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "theofleck.com", true */ 't', 'h', 'e', 'o', 'f', 'l', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "theojones.name", true */ 't', 'h', 'e', 'o', 'j', 'o', 'n', 'e', 's', '.', 'n', 'a', 'm', 'e', '\0', + /* "theokonst.tk", true */ 't', 'h', 'e', 'o', 'k', 'o', 'n', 's', 't', '.', 't', 'k', '\0', + /* "theokouzelis.com", true */ 't', 'h', 'e', 'o', 'k', 'o', 'u', 'z', 'e', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "theoldbrewhouse.info", true */ 't', 'h', 'e', 'o', 'l', 'd', 'b', 'r', 'e', 'w', 'h', 'o', 'u', 's', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "theoriginalbit.com", true */ 't', 'h', 'e', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "theory-test-online.co.uk", true */ 't', 'h', 'e', 'o', 'r', 'y', '-', 't', 'e', 's', 't', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "theory.org", true */ 't', 'h', 'e', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "theoscure.eu", true */ 't', 'h', 'e', 'o', 's', 'c', 'u', 'r', 'e', '.', 'e', 'u', '\0', + /* "theosophie-afrique.org", true */ 't', 'h', 'e', 'o', 's', 'o', 'p', 'h', 'i', 'e', '-', 'a', 'f', 'r', 'i', 'q', 'u', 'e', '.', 'o', 'r', 'g', '\0', + /* "theoutline.com", true */ 't', 'h', 'e', 'o', 'u', 't', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "theoverfly.co", true */ 't', 'h', 'e', 'o', 'v', 'e', 'r', 'f', 'l', 'y', '.', 'c', 'o', '\0', + /* "thepaffy.de", true */ 't', 'h', 'e', 'p', 'a', 'f', 'f', 'y', '.', 'd', 'e', '\0', + /* "thepartner.co.uk", true */ 't', 'h', 'e', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thepartydoctors.co.uk", true */ 't', 'h', 'e', 'p', 'a', 'r', 't', 'y', 'd', 'o', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thepasteb.in", true */ 't', 'h', 'e', 'p', 'a', 's', 't', 'e', 'b', '.', 'i', 'n', '\0', + /* "thepathsofdiscovery.com", true */ 't', 'h', 'e', 'p', 'a', 't', 'h', 's', 'o', 'f', 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "thepaulagcompany.com", true */ 't', 'h', 'e', 'p', 'a', 'u', 'l', 'a', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "thepaymentscompany.com", true */ 't', 'h', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "thepb.in", true */ 't', 'h', 'e', 'p', 'b', '.', 'i', 'n', '\0', + /* "thepeninsulaires.com", true */ 't', 'h', 'e', 'p', 'e', 'n', 'i', 'n', 's', 'u', 'l', 'a', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "thephonecaseplace.com", true */ 't', 'h', 'e', 'p', 'h', 'o', 'n', 'e', 'c', 'a', 's', 'e', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "thephp.cc", true */ 't', 'h', 'e', 'p', 'h', 'p', '.', 'c', 'c', '\0', + /* "thepiabo.ovh", true */ 't', 'h', 'e', 'p', 'i', 'a', 'b', 'o', '.', 'o', 'v', 'h', '\0', + /* "thepieslicer.com", true */ 't', 'h', 'e', 'p', 'i', 'e', 's', 'l', 'i', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "thepiratesociety.org", true */ 't', 'h', 'e', 'p', 'i', 'r', 'a', 't', 'e', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "theplasticsurgerycenterofnashville.com", true */ 't', 'h', 'e', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', 'c', 'e', 'n', 't', 'e', 'r', 'o', 'f', 'n', 'a', 's', 'h', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "theplaydaysbus.co.uk", true */ 't', 'h', 'e', 'p', 'l', 'a', 'y', 'd', 'a', 'y', 's', 'b', 'u', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "theplayspot.co.uk", true */ 't', 'h', 'e', 'p', 'l', 'a', 'y', 's', 'p', 'o', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "theploughharborne.co.uk", true */ 't', 'h', 'e', 'p', 'l', 'o', 'u', 'g', 'h', 'h', 'a', 'r', 'b', 'o', 'r', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "theposhfudgecompany.co.uk", true */ 't', 'h', 'e', 'p', 'o', 's', 'h', 'f', 'u', 'd', 'g', 'e', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thepostoffice.ro", true */ 't', 'h', 'e', 'p', 'o', 's', 't', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'r', 'o', '\0', + /* "thepromisemusic.com", true */ 't', 'h', 'e', 'p', 'r', 'o', 'm', 'i', 's', 'e', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "theragran.co.id", true */ 't', 'h', 'e', 'r', 'a', 'g', 'r', 'a', 'n', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "theralino.de", true */ 't', 'h', 'e', 'r', 'a', 'l', 'i', 'n', 'o', '.', 'd', 'e', '\0', + /* "theramo.re", true */ 't', 'h', 'e', 'r', 'a', 'm', 'o', '.', 'r', 'e', '\0', + /* "therapynotes.com", true */ 't', 'h', 'e', 'r', 'a', 'p', 'y', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "therapyportal.com", true */ 't', 'h', 'e', 'r', 'a', 'p', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "therapysxm.com", true */ 't', 'h', 'e', 'r', 'a', 'p', 'y', 's', 'x', 'm', '.', 'c', 'o', 'm', '\0', + /* "therealcost.gov", true */ 't', 'h', 'e', 'r', 'e', 'a', 'l', 'c', 'o', 's', 't', '.', 'g', 'o', 'v', '\0', + /* "theresa-mayer.eu", true */ 't', 'h', 'e', 'r', 'e', 's', 'a', '-', 'm', 'a', 'y', 'e', 'r', '.', 'e', 'u', '\0', + /* "therevenge.me", true */ 't', 'h', 'e', 'r', 'e', 'v', 'e', 'n', 'g', 'e', '.', 'm', 'e', '\0', + /* "therewill.be", true */ 't', 'h', 'e', 'r', 'e', 'w', 'i', 'l', 'l', '.', 'b', 'e', '\0', + /* "thermity.com", true */ 't', 'h', 'e', 'r', 'm', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "thermolamina.nl", true */ 't', 'h', 'e', 'r', 'm', 'o', 'l', 'a', 'm', 'i', 'n', 'a', '.', 'n', 'l', '\0', + /* "theroks.com", true */ 't', 'h', 'e', 'r', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "theroyalmarinescharity.org.uk", true */ 't', 'h', 'e', 'r', 'o', 'y', 'a', 'l', 'm', 'a', 'r', 'i', 'n', 'e', 's', 'c', 'h', 'a', 'r', 'i', 't', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "theruizes.com", true */ 't', 'h', 'e', 'r', 'u', 'i', 'z', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "theruleslawyer.net", true */ 't', 'h', 'e', 'r', 'u', 'l', 'e', 's', 'l', 'a', 'w', 'y', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "therumfordcitizen.com", true */ 't', 'h', 'e', 'r', 'u', 'm', 'f', 'o', 'r', 'd', 'c', 'i', 't', 'i', 'z', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "thesalonthing.com", false */ 't', 'h', 'e', 's', 'a', 'l', 'o', 'n', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "thesaturdaypaper.com.au", true */ 't', 'h', 'e', 's', 'a', 't', 'u', 'r', 'd', 'a', 'y', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "theschool.jp", true */ 't', 'h', 'e', 's', 'c', 'h', 'o', 'o', 'l', '.', 'j', 'p', '\0', + /* "thesecondsposts.com", true */ 't', 'h', 'e', 's', 'e', 'c', 'o', 'n', 'd', 's', 'p', 'o', 's', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "theseed.io", true */ 't', 'h', 'e', 's', 'e', 'e', 'd', '.', 'i', 'o', '\0', + /* "theseedbox.xyz", true */ 't', 'h', 'e', 's', 'e', 'e', 'd', 'b', 'o', 'x', '.', 'x', 'y', 'z', '\0', + /* "theseletarmall.com", true */ 't', 'h', 'e', 's', 'e', 'l', 'e', 't', 'a', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "theseoframework.com", true */ 't', 'h', 'e', 's', 'e', 'o', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "theseosystem.com", true */ 't', 'h', 'e', 's', 'e', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "thesession.org", false */ 't', 'h', 'e', 's', 'e', 's', 's', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "theshadestore.com", true */ 't', 'h', 'e', 's', 'h', 'a', 'd', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "thesharedbrain.ch", true */ 't', 'h', 'e', 's', 'h', 'a', 'r', 'e', 'd', 'b', 'r', 'a', 'i', 'n', '.', 'c', 'h', '\0', + /* "thesharedbrain.com", true */ 't', 'h', 'e', 's', 'h', 'a', 'r', 'e', 'd', 'b', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "thesharepointfarm.com", true */ 't', 'h', 'e', 's', 'h', 'a', 'r', 'e', 'p', 'o', 'i', 'n', 't', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "theshine.pl", true */ 't', 'h', 'e', 's', 'h', 'i', 'n', 'e', '.', 'p', 'l', '\0', + /* "thesignalco.com.au", true */ 't', 'h', 'e', 's', 'i', 'g', 'n', 'a', 'l', 'c', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "thesisgeek.com", true */ 't', 'h', 'e', 's', 'i', 's', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "thesishelp.net", true */ 't', 'h', 'e', 's', 'i', 's', 'h', 'e', 'l', 'p', '.', 'n', 'e', 't', '\0', + /* "thesled.net", true */ 't', 'h', 'e', 's', 'l', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "thesocialmediacentral.com", true */ 't', 'h', 'e', 's', 'o', 'c', 'i', 'a', 'l', 'm', 'e', 'd', 'i', 'a', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "thestoritplace.com", true */ 't', 'h', 'e', 's', 't', 'o', 'r', 'i', 't', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "thestory.ie", true */ 't', 'h', 'e', 's', 't', 'o', 'r', 'y', '.', 'i', 'e', '\0', + /* "thestoryshack.com", true */ 't', 'h', 'e', 's', 't', 'o', 'r', 'y', 's', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "thestrategyagency.com.au", true */ 't', 'h', 'e', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "thestyle.city", true */ 't', 'h', 'e', 's', 't', 'y', 'l', 'e', '.', 'c', 'i', 't', 'y', '\0', + /* "thesuppercircle.com", true */ 't', 'h', 'e', 's', 'u', 'p', 'p', 'e', 'r', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "theswissbay.ch", true */ 't', 'h', 'e', 's', 'w', 'i', 's', 's', 'b', 'a', 'y', '.', 'c', 'h', '\0', + /* "thetapirsmouth.com", true */ 't', 'h', 'e', 't', 'a', 'p', 'i', 'r', 's', 'm', 'o', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "thetenscrolls.com", true */ 't', 'h', 'e', 't', 'e', 'n', 's', 'c', 'r', 'o', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "thetomharling.com", true */ 't', 'h', 'e', 't', 'o', 'm', 'h', 'a', 'r', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "thetrendspotter.net", true */ 't', 'h', 'e', 't', 'r', 'e', 'n', 'd', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "thetruthhurvitz.com", true */ 't', 'h', 'e', 't', 'r', 'u', 't', 'h', 'h', 'u', 'r', 'v', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "thetuxkeeper.de", false */ 't', 'h', 'e', 't', 'u', 'x', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'd', 'e', '\0', + /* "theunitedstates.io", true */ 't', 'h', 'e', 'u', 'n', 'i', 't', 'e', 'd', 's', 't', 'a', 't', 'e', 's', '.', 'i', 'o', '\0', + /* "thevacweb.com", true */ 't', 'h', 'e', 'v', 'a', 'c', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "thevalentineconstitution.com", true */ 't', 'h', 'e', 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'c', 'o', 'n', 's', 't', 'i', 't', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "thevgg.com", false */ 't', 'h', 'e', 'v', 'g', 'g', '.', 'c', 'o', 'm', '\0', + /* "thevoid.one", true */ 't', 'h', 'e', 'v', 'o', 'i', 'd', '.', 'o', 'n', 'e', '\0', + /* "thewebdexter.com", true */ 't', 'h', 'e', 'w', 'e', 'b', 'd', 'e', 'x', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "thewebflash.com", true */ 't', 'h', 'e', 'w', 'e', 'b', 'f', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "thewebsitedoctors.co.uk", true */ 't', 'h', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 'd', 'o', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thewebsitemarketingagency.com", true */ 't', 'h', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "thewhitehat.club", true */ 't', 'h', 'e', 'w', 'h', 'i', 't', 'e', 'h', 'a', 't', '.', 'c', 'l', 'u', 'b', '\0', + /* "thewhiterabbit.space", true */ 't', 'h', 'e', 'w', 'h', 'i', 't', 'e', 'r', 'a', 'b', 'b', 'i', 't', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "thewhitneypaige.com", true */ 't', 'h', 'e', 'w', 'h', 'i', 't', 'n', 'e', 'y', 'p', 'a', 'i', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "thewindow.com", true */ 't', 'h', 'e', 'w', 'i', 'n', 'd', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "thewoodkid.com.au", true */ 't', 'h', 'e', 'w', 'o', 'o', 'd', 'k', 'i', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "theworldsend.eu", true */ 't', 'h', 'e', 'w', 'o', 'r', 'l', 'd', 's', 'e', 'n', 'd', '.', 'e', 'u', '\0', + /* "thexfactorgames.com", true */ 't', 'h', 'e', 'x', 'f', 'a', 'c', 't', 'o', 'r', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "thexme.de", true */ 't', 'h', 'e', 'x', 'm', 'e', '.', 'd', 'e', '\0', + /* "theyachtteam.com", true */ 't', 'h', 'e', 'y', 'a', 'c', 'h', 't', 't', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "theyarnhookup.com", false */ 't', 'h', 'e', 'y', 'a', 'r', 'n', 'h', 'o', 'o', 'k', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "theyear199x.org", true */ 't', 'h', 'e', 'y', 'e', 'a', 'r', '1', '9', '9', 'x', '.', 'o', 'r', 'g', '\0', + /* "theyearinpictures.co.uk", true */ 't', 'h', 'e', 'y', 'e', 'a', 'r', 'i', 'n', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "theyosh.nl", true */ 't', 'h', 'e', 'y', 'o', 's', 'h', '.', 'n', 'l', '\0', + /* "thezero.org", true */ 't', 'h', 'e', 'z', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0', + /* "thezillersathenshotel.com", true */ 't', 'h', 'e', 'z', 'i', 'l', 'l', 'e', 'r', 's', 'a', 't', 'h', 'e', 'n', 's', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "thibaultwalle.com", true */ 't', 'h', 'i', 'b', 'a', 'u', 'l', 't', 'w', 'a', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "thibautcharles.net", true */ 't', 'h', 'i', 'b', 'a', 'u', 't', 'c', 'h', 'a', 'r', 'l', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "thiepcuoidep.com", true */ 't', 'h', 'i', 'e', 'p', 'c', 'u', 'o', 'i', 'd', 'e', 'p', '.', 'c', 'o', 'm', '\0', + /* "thierry-daellenbach.com", true */ 't', 'h', 'i', 'e', 'r', 'r', 'y', '-', 'd', 'a', 'e', 'l', 'l', 'e', 'n', 'b', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "thierrybasset.ch", true */ 't', 'h', 'i', 'e', 'r', 'r', 'y', 'b', 'a', 's', 's', 'e', 't', '.', 'c', 'h', '\0', + /* "thijsslop.nl", true */ 't', 'h', 'i', 'j', 's', 's', 'l', 'o', 'p', '.', 'n', 'l', '\0', + /* "thijsvanderveen.net", true */ 't', 'h', 'i', 'j', 's', 'v', 'a', 'n', 'd', 'e', 'r', 'v', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "thingies.site", true */ 't', 'h', 'i', 'n', 'g', 'i', 'e', 's', '.', 's', 'i', 't', 'e', '\0', + /* "thinkindifferent.net", true */ 't', 'h', 'i', 'n', 'k', 'i', 'n', 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "thinkingandcomputing.com", true */ 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', 'a', 'n', 'd', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "thinkingplanet.net", true */ 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', 'p', 'l', 'a', 'n', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "thinklikeanentrepreneur.com", true */ 't', 'h', 'i', 'n', 'k', 'l', 'i', 'k', 'e', 'a', 'n', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "thinkmarketing.ca", true */ 't', 'h', 'i', 'n', 'k', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'a', '\0', + /* "thinkquality.nl", true */ 't', 'h', 'i', 'n', 'k', 'q', 'u', 'a', 'l', 'i', 't', 'y', '.', 'n', 'l', '\0', + /* "thinkrealty.com", true */ 't', 'h', 'i', 'n', 'k', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "thinkswap.com", true */ 't', 'h', 'i', 'n', 'k', 's', 'w', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "thinktux.net", true */ 't', 'h', 'i', 'n', 'k', 't', 'u', 'x', '.', 'n', 'e', 't', '\0', + /* "thirdworld.moe", true */ 't', 'h', 'i', 'r', 'd', 'w', 'o', 'r', 'l', 'd', '.', 'm', 'o', 'e', '\0', + /* "thiry-automobiles.net", true */ 't', 'h', 'i', 'r', 'y', '-', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "thisbrownman.com", true */ 't', 'h', 'i', 's', 'b', 'r', 'o', 'w', 'n', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "thiscloudiscrap.com", false */ 't', 'h', 'i', 's', 'c', 'l', 'o', 'u', 'd', 'i', 's', 'c', 'r', 'a', 'p', '.', 'c', 'o', 'm', '\0', + /* "thiscode.works", true */ 't', 'h', 'i', 's', 'c', 'o', 'd', 'e', '.', 'w', 'o', 'r', 'k', 's', '\0', + /* "thisfreelife.gov", true */ 't', 'h', 'i', 's', 'f', 'r', 'e', 'e', 'l', 'i', 'f', 'e', '.', 'g', 'o', 'v', '\0', + /* "thisishugo.com", false */ 't', 'h', 'i', 's', 'i', 's', 'h', 'u', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "thisistheserver.com", true */ 't', 'h', 'i', 's', 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "thisiswhywemom.com", true */ 't', 'h', 'i', 's', 'i', 's', 'w', 'h', 'y', 'w', 'e', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "thismumdoesntknowbest.com", true */ 't', 'h', 'i', 's', 'm', 'u', 'm', 'd', 'o', 'e', 's', 'n', 't', 'k', 'n', 'o', 'w', 'b', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "thisoldearth.com", true */ 't', 'h', 'i', 's', 'o', 'l', 'd', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "thisserver.dontexist.net", true */ 't', 'h', 'i', 's', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'o', 'n', 't', 'e', 'x', 'i', 's', 't', '.', 'n', 'e', 't', '\0', + /* "thistleandleaves.com", true */ 't', 'h', 'i', 's', 't', 'l', 'e', 'a', 'n', 'd', 'l', 'e', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "thm.vn", true */ 't', 'h', 'm', '.', 'v', 'n', '\0', + /* "thole.org", true */ 't', 'h', 'o', 'l', 'e', '.', 'o', 'r', 'g', '\0', + /* "thom4s.info", true */ 't', 'h', 'o', 'm', '4', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "thomalaudan.de", true */ 't', 'h', 'o', 'm', 'a', 'l', 'a', 'u', 'd', 'a', 'n', '.', 'd', 'e', '\0', + /* "thomas-bertran.com", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 'b', 'e', 'r', 't', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "thomas-fahle.de", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 'f', 'a', 'h', 'l', 'e', '.', 'd', 'e', '\0', + /* "thomas-grobelny.de", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 'g', 'r', 'o', 'b', 'e', 'l', 'n', 'y', '.', 'd', 'e', '\0', + /* "thomas-suchon.fr", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 's', 'u', 'c', 'h', 'o', 'n', '.', 'f', 'r', '\0', + /* "thomasbeckers.be", true */ 't', 'h', 'o', 'm', 'a', 's', 'b', 'e', 'c', 'k', 'e', 'r', 's', '.', 'b', 'e', '\0', + /* "thomasetsophie.fr", true */ 't', 'h', 'o', 'm', 'a', 's', 'e', 't', 's', 'o', 'p', 'h', 'i', 'e', '.', 'f', 'r', '\0', + /* "thomasfoster.co", true */ 't', 'h', 'o', 'm', 'a', 's', 'f', 'o', 's', 't', 'e', 'r', '.', 'c', 'o', '\0', + /* "thomasgriffin.io", true */ 't', 'h', 'o', 'm', 'a', 's', 'g', 'r', 'i', 'f', 'f', 'i', 'n', '.', 'i', 'o', '\0', + /* "thomashunter.name", false */ 't', 'h', 'o', 'm', 'a', 's', 'h', 'u', 'n', 't', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0', + /* "thomasmcfly.com", true */ 't', 'h', 'o', 'm', 'a', 's', 'm', 'c', 'f', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "thomassen.sh", true */ 't', 'h', 'o', 'm', 'a', 's', 's', 'e', 'n', '.', 's', 'h', '\0', + /* "thomasstevensmusic.com", true */ 't', 'h', 'o', 'm', 'a', 's', 's', 't', 'e', 'v', 'e', 'n', 's', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "thomastimepieces.com.au", true */ 't', 'h', 'o', 'm', 'a', 's', 't', 'i', 'm', 'e', 'p', 'i', 'e', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "thomasvochten.com", true */ 't', 'h', 'o', 'm', 'a', 's', 'v', 'o', 'c', 'h', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "thomasvt.xyz", true */ 't', 'h', 'o', 'm', 'a', 's', 'v', 't', '.', 'x', 'y', 'z', '\0', + /* "thomaswoo.com", true */ 't', 'h', 'o', 'm', 'a', 's', 'w', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "thomsonscleaning.co.uk", true */ 't', 'h', 'o', 'm', 's', 'o', 'n', 's', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thomspooren.nl", true */ 't', 'h', 'o', 'm', 's', 'p', 'o', 'o', 'r', 'e', 'n', '.', 'n', 'l', '\0', + /* "thomwiggers.nl", true */ 't', 'h', 'o', 'm', 'w', 'i', 'g', 'g', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "thor.edu", true */ 't', 'h', 'o', 'r', '.', 'e', 'd', 'u', '\0', + /* "thorbis.com", true */ 't', 'h', 'o', 'r', 'b', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "thorbiswebsitedesign.com", true */ 't', 'h', 'o', 'r', 'b', 'i', 's', 'w', 'e', 'b', 's', 'i', 't', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "thorgames.nl", true */ 't', 'h', 'o', 'r', 'g', 'a', 'm', 'e', 's', '.', 'n', 'l', '\0', + /* "thoroquel.org", true */ 't', 'h', 'o', 'r', 'o', 'q', 'u', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "thorsten-schaefer.com", true */ 't', 'h', 'o', 'r', 's', 't', 'e', 'n', '-', 's', 'c', 'h', 'a', 'e', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "thorstenschaefer.name", true */ 't', 'h', 'o', 'r', 's', 't', 'e', 'n', 's', 'c', 'h', 'a', 'e', 'f', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0', + /* "thosci.com", true */ 't', 'h', 'o', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0', + /* "thot.space", true */ 't', 'h', 'o', 't', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "thotpublicidad.com", true */ 't', 'h', 'o', 't', 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'd', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "thoughtlessleaders.online", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 'l', 'e', 's', 's', 'l', 'e', 'a', 'd', 'e', 'r', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "thoughtsynth.com", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 's', 'y', 'n', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "thoughtsynth.net", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 's', 'y', 'n', 't', 'h', '.', 'n', 'e', 't', '\0', + /* "thoughtsynth.org", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 's', 'y', 'n', 't', 'h', '.', 'o', 'r', 'g', '\0', + /* "thouni.de", true */ 't', 'h', 'o', 'u', 'n', 'i', '.', 'd', 'e', '\0', + /* "thousandoakselectrical.com", true */ 't', 'h', 'o', 'u', 's', 'a', 'n', 'd', 'o', 'a', 'k', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "threatcentral.io", true */ 't', 'h', 'r', 'e', 'a', 't', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'i', 'o', '\0', + /* "threebrothersbrewing.com", true */ 't', 'h', 'r', 'e', 'e', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', 'b', 'r', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "threecrownsllp.com", true */ 't', 'h', 'r', 'e', 'e', 'c', 'r', 'o', 'w', 'n', 's', 'l', 'l', 'p', '.', 'c', 'o', 'm', '\0', + /* "threedpro.me", true */ 't', 'h', 'r', 'e', 'e', 'd', 'p', 'r', 'o', '.', 'm', 'e', '\0', + /* "threefours.net", true */ 't', 'h', 'r', 'e', 'e', 'f', 'o', 'u', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "threelions.ch", true */ 't', 'h', 'r', 'e', 'e', 'l', 'i', 'o', 'n', 's', '.', 'c', 'h', '\0', + /* "thriftdiving.com", true */ 't', 'h', 'r', 'i', 'f', 't', 'd', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "thrivesummit.com", true */ 't', 'h', 'r', 'i', 'v', 'e', 's', 'u', 'm', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "thriveta.com", true */ 't', 'h', 'r', 'i', 'v', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "throttlerz.in", true */ 't', 'h', 'r', 'o', 't', 't', 'l', 'e', 'r', 'z', '.', 'i', 'n', '\0', + /* "throughtheglass.photo", true */ 't', 'h', 'r', 'o', 'u', 'g', 'h', 't', 'h', 'e', 'g', 'l', 'a', 's', 's', '.', 'p', 'h', 'o', 't', 'o', '\0', + /* "throwaway.link", true */ 't', 'h', 'r', 'o', 'w', 'a', 'w', 'a', 'y', '.', 'l', 'i', 'n', 'k', '\0', + /* "throwpass.com", true */ 't', 'h', 'r', 'o', 'w', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "thrx.net", true */ 't', 'h', 'r', 'x', '.', 'n', 'e', 't', '\0', + /* "thues.eu", true */ 't', 'h', 'u', 'e', 's', '.', 'e', 'u', '\0', + /* "thuisverpleging-meerdael.be", true */ 't', 'h', 'u', 'i', 's', 'v', 'e', 'r', 'p', 'l', 'e', 'g', 'i', 'n', 'g', '-', 'm', 'e', 'e', 'r', 'd', 'a', 'e', 'l', '.', 'b', 'e', '\0', + /* "thullbery.com", true */ 't', 'h', 'u', 'l', 'l', 'b', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "thunderfield-boat.co.uk", true */ 't', 'h', 'u', 'n', 'd', 'e', 'r', 'f', 'i', 'e', 'l', 'd', '-', 'b', 'o', 'a', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "thunderfox.nl", true */ 't', 'h', 'u', 'n', 'd', 'e', 'r', 'f', 'o', 'x', '.', 'n', 'l', '\0', + /* "thunderkeys.net", true */ 't', 'h', 'u', 'n', 'd', 'e', 'r', 'k', 'e', 'y', 's', '.', 'n', 'e', 't', '\0', + /* "thundr.eu", true */ 't', 'h', 'u', 'n', 'd', 'r', '.', 'e', 'u', '\0', + /* "thunraz.com", true */ 't', 'h', 'u', 'n', 'r', 'a', 'z', '.', 'c', 'o', 'm', '\0', + /* "thusoy.com", false */ 't', 'h', 'u', 's', 'o', 'y', '.', 'c', 'o', 'm', '\0', + /* "thuthuatios.com", true */ 't', 'h', 'u', 't', 'h', 'u', 'a', 't', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "thuviensoft.com", true */ 't', 'h', 'u', 'v', 'i', 'e', 'n', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "thuviensoft.net", true */ 't', 'h', 'u', 'v', 'i', 'e', 'n', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0', + /* "thw-bernburg.de", true */ 't', 'h', 'w', '-', 'b', 'e', 'r', 'n', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0', + /* "thxandbye.de", true */ 't', 'h', 'x', 'a', 'n', 'd', 'b', 'y', 'e', '.', 'd', 'e', '\0', + /* "thyngster.com", true */ 't', 'h', 'y', 'n', 'g', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "thynx.io", true */ 't', 'h', 'y', 'n', 'x', '.', 'i', 'o', '\0', + /* "ti-js.com", true */ 't', 'i', '-', 'j', 's', '.', 'c', 'o', 'm', '\0', + /* "ti-pla.net", true */ 't', 'i', '-', 'p', 'l', 'a', '.', 'n', 'e', 't', '\0', + /* "ti-planet.org", true */ 't', 'i', '-', 'p', 'l', 'a', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "tiacollection.com", true */ 't', 'i', 'a', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "tiagonunes.pt", true */ 't', 'i', 'a', 'g', 'o', 'n', 'u', 'n', 'e', 's', '.', 'p', 't', '\0', + /* "tiaki.org", true */ 't', 'i', 'a', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "tianeptine.com", true */ 't', 'i', 'a', 'n', 'e', 'p', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "tianshili.me", true */ 't', 'i', 'a', 'n', 's', 'h', 'i', 'l', 'i', '.', 'm', 'e', '\0', + /* "tianxicaipiao.com", true */ 't', 'i', 'a', 'n', 'x', 'i', 'c', 'a', 'i', 'p', 'i', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "tibbitshall.ca", true */ 't', 'i', 'b', 'b', 'i', 't', 's', 'h', 'a', 'l', 'l', '.', 'c', 'a', '\0', + /* "tibipg.com", true */ 't', 'i', 'b', 'i', 'p', 'g', '.', 'c', 'o', 'm', '\0', + /* "tibovanheule.site", true */ 't', 'i', 'b', 'o', 'v', 'a', 'n', 'h', 'e', 'u', 'l', 'e', '.', 's', 'i', 't', 'e', '\0', + /* "ticfleet.com", true */ 't', 'i', 'c', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "ticketluck.com", true */ 't', 'i', 'c', 'k', 'e', 't', 'l', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "ticketmates.com.au", true */ 't', 'i', 'c', 'k', 'e', 't', 'm', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "ticketpro.ca", true */ 't', 'i', 'c', 'k', 'e', 't', 'p', 'r', 'o', '.', 'c', 'a', '\0', + /* "ticketslover.com", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'l', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ticketsmate.com", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "ticketsource.co.uk", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ticketsource.eu", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', '.', 'e', 'u', '\0', + /* "ticketsource.us", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', '.', 'u', 's', '\0', + /* "ticketsourcebeta.co.uk", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', 'b', 'e', 't', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ticketsvergleichen.de", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "tickit.ca", true */ 't', 'i', 'c', 'k', 'i', 't', '.', 'c', 'a', '\0', + /* "tid.jp", true */ 't', 'i', 'd', '.', 'j', 'p', '\0', + /* "tie-online.org", true */ 't', 'i', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "tielectric.ch", true */ 't', 'i', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'h', '\0', + /* "tiendafetichista.com", true */ 't', 'i', 'e', 'n', 'd', 'a', 'f', 'e', 't', 'i', 'c', 'h', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "tiendavertigo.com", true */ 't', 'i', 'e', 'n', 'd', 'a', 'v', 'e', 'r', 't', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "tiens-ib.cz", true */ 't', 'i', 'e', 'n', 's', '-', 'i', 'b', '.', 'c', 'z', '\0', + /* "tier-1-entrepreneur.com", true */ 't', 'i', 'e', 'r', '-', '1', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "tierarztpraxis-bogenhausen.de", true */ 't', 'i', 'e', 'r', 'a', 'r', 'z', 't', 'p', 'r', 'a', 'x', 'i', 's', '-', 'b', 'o', 'g', 'e', 'n', 'h', 'a', 'u', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "tierarztpraxis-weinert.de", true */ 't', 'i', 'e', 'r', 'a', 'r', 'z', 't', 'p', 'r', 'a', 'x', 'i', 's', '-', 'w', 'e', 'i', 'n', 'e', 'r', 't', '.', 'd', 'e', '\0', + /* "tiernanx.com", true */ 't', 'i', 'e', 'r', 'n', 'a', 'n', 'x', '.', 'c', 'o', 'm', '\0', + /* "ties.com", true */ 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tiew.pl", true */ 't', 'i', 'e', 'w', '.', 'p', 'l', '\0', + /* "tifan.net", true */ 't', 'i', 'f', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "tiffanytravels.com", true */ 't', 'i', 'f', 'f', 'a', 'n', 'y', 't', 'r', 'a', 'v', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "tigerchef.com", true */ 't', 'i', 'g', 'e', 'r', 'c', 'h', 'e', 'f', '.', 'c', 'o', 'm', '\0', + /* "tigerdile.com", true */ 't', 'i', 'g', 'e', 'r', 'd', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "tiggeriffic.com", true */ 't', 'i', 'g', 'g', 'e', 'r', 'i', 'f', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "tiihosen.fi", true */ 't', 'i', 'i', 'h', 'o', 's', 'e', 'n', '.', 'f', 'i', '\0', + /* "tijden.nu", true */ 't', 'i', 'j', 'd', 'e', 'n', '.', 'n', 'u', '\0', + /* "tijo.ch", true */ 't', 'i', 'j', 'o', '.', 'c', 'h', '\0', + /* "tik.edu.ee", true */ 't', 'i', 'k', '.', 'e', 'd', 'u', '.', 'e', 'e', '\0', + /* "tik.help", true */ 't', 'i', 'k', '.', 'h', 'e', 'l', 'p', '\0', + /* "tiki-god.co.uk", true */ 't', 'i', 'k', 'i', '-', 'g', 'o', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tiledailyshop.com", true */ 't', 'i', 'l', 'e', 'd', 'a', 'i', 'l', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "tilesbay.com", true */ 't', 'i', 'l', 'e', 's', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "tileyourvisit.pt", true */ 't', 'i', 'l', 'e', 'y', 'o', 'u', 'r', 'v', 'i', 's', 'i', 't', '.', 'p', 't', '\0', + /* "tiliaze.be", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'b', 'e', '\0', + /* "tiliaze.biz", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'b', 'i', 'z', '\0', + /* "tiliaze.eu", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'e', 'u', '\0', + /* "tiliaze.info", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "tiliaze.net", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'n', 'e', 't', '\0', + /* "till.im", true */ 't', 'i', 'l', 'l', '.', 'i', 'm', '\0', + /* "tillberg.us", true */ 't', 'i', 'l', 'l', 'b', 'e', 'r', 'g', '.', 'u', 's', '\0', + /* "tilleysbouncycastles.co.uk", true */ 't', 'i', 'l', 'l', 'e', 'y', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tillseasyscore.com", true */ 't', 'i', 'l', 'l', 's', 'e', 'a', 's', 'y', 's', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "tiltedwindmillcrafts.com", true */ 't', 'i', 'l', 't', 'e', 'd', 'w', 'i', 'n', 'd', 'm', 'i', 'l', 'l', 'c', 'r', 'a', 'f', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "timbarlotta.com", true */ 't', 'i', 'm', 'b', 'a', 'r', 'l', 'o', 't', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "timberkel.com", true */ 't', 'i', 'm', 'b', 'e', 'r', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "timbishopartist.com", true */ 't', 'i', 'm', 'b', 'i', 's', 'h', 'o', 'p', 'a', 'r', 't', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "timco.cloud", true */ 't', 'i', 'm', 'c', 'o', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "timdebruijn.nl", true */ 't', 'i', 'm', 'd', 'e', 'b', 'r', 'u', 'i', 'j', 'n', '.', 'n', 'l', '\0', + /* "timdeneau.com", true */ 't', 'i', 'm', 'd', 'e', 'n', 'e', 'a', 'u', '.', 'c', 'o', 'm', '\0', + /* "timdoug.com", true */ 't', 'i', 'm', 'd', 'o', 'u', 'g', '.', 'c', 'o', 'm', '\0', + /* "time2060.ru", true */ 't', 'i', 'm', 'e', '2', '0', '6', '0', '.', 'r', 'u', '\0', + /* "time22.com", true */ 't', 'i', 'm', 'e', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "timeauction.hk", true */ 't', 'i', 'm', 'e', 'a', 'u', 'c', 't', 'i', 'o', 'n', '.', 'h', 'k', '\0', + /* "timebox.tk", true */ 't', 'i', 'm', 'e', 'b', 'o', 'x', '.', 't', 'k', '\0', + /* "timeglass.de", true */ 't', 'i', 'm', 'e', 'g', 'l', 'a', 's', 's', '.', 'd', 'e', '\0', + /* "timer.fit", true */ 't', 'i', 'm', 'e', 'r', '.', 'f', 'i', 't', '\0', + /* "timersuite.com", true */ 't', 'i', 'm', 'e', 'r', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "timetab.org", true */ 't', 'i', 'm', 'e', 't', 'a', 'b', '.', 'o', 'r', 'g', '\0', + /* "timetotrade.com", true */ 't', 'i', 'm', 'e', 't', 'o', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "timewasters.nl", true */ 't', 'i', 'm', 'e', 'w', 'a', 's', 't', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "timfiedler.net", true */ 't', 'i', 'm', 'f', 'i', 'e', 'd', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "timing.com.br", true */ 't', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "timmersgems.com", true */ 't', 'i', 'm', 'm', 'e', 'r', 's', 'g', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "timmy.im", true */ 't', 'i', 'm', 'm', 'y', '.', 'i', 'm', '\0', + /* "timmy.ws", true */ 't', 'i', 'm', 'm', 'y', '.', 'w', 's', '\0', + /* "timmyrs.de", true */ 't', 'i', 'm', 'm', 'y', 'r', 's', '.', 'd', 'e', '\0', + /* "timoxbrow.com", true */ 't', 'i', 'm', 'o', 'x', 'b', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "timroes.de", true */ 't', 'i', 'm', 'r', 'o', 'e', 's', '.', 'd', 'e', '\0', + /* "timstoffel.net", false */ 't', 'i', 'm', 's', 't', 'o', 'f', 'f', 'e', 'l', '.', 'n', 'e', 't', '\0', + /* "timtaubert.de", true */ 't', 'i', 'm', 't', 'a', 'u', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0', + /* "timtelfer.com", true */ 't', 'i', 'm', 't', 'e', 'l', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "timtj.ca", true */ 't', 'i', 'm', 't', 'j', '.', 'c', 'a', '\0', + /* "timvivian.ca", true */ 't', 'i', 'm', 'v', 'i', 'v', 'i', 'a', 'n', '.', 'c', 'a', '\0', + /* "timweb.ca", true */ 't', 'i', 'm', 'w', 'e', 'b', '.', 'c', 'a', '\0', + /* "timysewyn.be", true */ 't', 'i', 'm', 'y', 's', 'e', 'w', 'y', 'n', '.', 'b', 'e', '\0', + /* "tinastahlschmidt.de", true */ 't', 'i', 'n', 'a', 's', 't', 'a', 'h', 'l', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 'd', 'e', '\0', + /* "tinf15b4.de", true */ 't', 'i', 'n', 'f', '1', '5', 'b', '4', '.', 'd', 'e', '\0', + /* "tinfoilsecurity.com", false */ 't', 'i', 'n', 'f', 'o', 'i', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "tinfoleak.com", true */ 't', 'i', 'n', 'f', 'o', 'l', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "tinker.career", true */ 't', 'i', 'n', 'k', 'e', 'r', '.', 'c', 'a', 'r', 'e', 'e', 'r', '\0', + /* "tinkerboard.org", true */ 't', 'i', 'n', 'k', 'e', 'r', 'b', 'o', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0', + /* "tinkertry.com", true */ 't', 'i', 'n', 'k', 'e', 'r', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "tinte24.de", true */ 't', 'i', 'n', 't', 'e', '2', '4', '.', 'd', 'e', '\0', + /* "tintencenter.com", true */ 't', 'i', 'n', 't', 'e', 'n', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "tintenfix.net", true */ 't', 'i', 'n', 't', 'e', 'n', 'f', 'i', 'x', '.', 'n', 'e', 't', '\0', + /* "tintenfux.de", true */ 't', 'i', 'n', 't', 'e', 'n', 'f', 'u', 'x', '.', 'd', 'e', '\0', + /* "tintenland.de", true */ 't', 'i', 'n', 't', 'e', 'n', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0', + /* "tinyhousefinance.com.au", true */ 't', 'i', 'n', 'y', 'h', 'o', 'u', 's', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "tinylan.com", true */ 't', 'i', 'n', 'y', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "tinyspeck.com", true */ 't', 'i', 'n', 'y', 's', 'p', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "tinyssh.com", true */ 't', 'i', 'n', 'y', 's', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "tinyssh.org", true */ 't', 'i', 'n', 'y', 's', 's', 'h', '.', 'o', 'r', 'g', '\0', + /* "tinytownsoftplay.co.uk", true */ 't', 'i', 'n', 'y', 't', 'o', 'w', 'n', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tinyvpn.net", true */ 't', 'i', 'n', 'y', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0', + /* "tinyvpn.org", true */ 't', 'i', 'n', 'y', 'v', 'p', 'n', '.', 'o', 'r', 'g', '\0', + /* "tioat.net", true */ 't', 'i', 'o', 'a', 't', '.', 'n', 'e', 't', '\0', + /* "tipaki.gr", true */ 't', 'i', 'p', 'a', 'k', 'i', '.', 'g', 'r', '\0', + /* "tipbox.is", true */ 't', 'i', 'p', 'b', 'o', 'x', '.', 'i', 's', '\0', + /* "tipiakers.club", true */ 't', 'i', 'p', 'i', 'a', 'k', 'e', 'r', 's', '.', 'c', 'l', 'u', 'b', '\0', + /* "tiplanet.org", true */ 't', 'i', 'p', 'l', 'a', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "tipoftheday.tips", true */ 't', 'i', 'p', 'o', 'f', 't', 'h', 'e', 'd', 'a', 'y', '.', 't', 'i', 'p', 's', '\0', + /* "tipps-fuer-den-haushalt.de", true */ 't', 'i', 'p', 'p', 's', '-', 'f', 'u', 'e', 'r', '-', 'd', 'e', 'n', '-', 'h', 'a', 'u', 's', 'h', 'a', 'l', 't', '.', 'd', 'e', '\0', + /* "tippspiel.cc", true */ 't', 'i', 'p', 'p', 's', 'p', 'i', 'e', 'l', '.', 'c', 'c', '\0', + /* "tippytoad.com", true */ 't', 'i', 'p', 'p', 'y', 't', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "tipsacademicos.com", true */ 't', 'i', 'p', 's', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "tir-pistolet-chexbres.ch", true */ 't', 'i', 'r', '-', 'p', 'i', 's', 't', 'o', 'l', 'e', 't', '-', 'c', 'h', 'e', 'x', 'b', 'r', 'e', 's', '.', 'c', 'h', '\0', + /* "tircentrale.net", true */ 't', 'i', 'r', 'c', 'e', 'n', 't', 'r', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "tirionnetwork.de", true */ 't', 'i', 'r', 'i', 'o', 'n', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0', + /* "tiroler-kupferschmiede.com", true */ 't', 'i', 'r', 'o', 'l', 'e', 'r', '-', 'k', 'u', 'p', 'f', 'e', 'r', 's', 'c', 'h', 'm', 'i', 'e', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "tirs4ne.ch", true */ 't', 'i', 'r', 's', '4', 'n', 'e', '.', 'c', 'h', '\0', + /* "tism.in", true */ 't', 'i', 's', 'm', '.', 'i', 'n', '\0', + /* "tissot-mayenfisch.com", true */ 't', 'i', 's', 's', 'o', 't', '-', 'm', 'a', 'y', 'e', 'n', 'f', 'i', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "tiste.org", true */ 't', 'i', 's', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "tit.systems", true */ 't', 'i', 't', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0', + /* "titanous.com", true */ 't', 'i', 't', 'a', 'n', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "titelseite.ch", true */ 't', 'i', 't', 'e', 'l', 's', 'e', 'i', 't', 'e', '.', 'c', 'h', '\0', + /* "titiansgirlphotography.com", true */ 't', 'i', 't', 'i', 'a', 'n', 's', 'g', 'i', 'r', 'l', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "tittelbach.at", false */ 't', 'i', 't', 't', 'e', 'l', 'b', 'a', 'c', 'h', '.', 'a', 't', '\0', + /* "titusetcompagnies.net", true */ 't', 'i', 't', 'u', 's', 'e', 't', 'c', 'o', 'm', 'p', 'a', 'g', 'n', 'i', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "tivido.nl", true */ 't', 'i', 'v', 'i', 'd', 'o', '.', 'n', 'l', '\0', + /* "tjandpals.com", true */ 't', 'j', 'a', 'n', 'd', 'p', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "tjenestetorvet.dk", true */ 't', 'j', 'e', 'n', 'e', 's', 't', 'e', 't', 'o', 'r', 'v', 'e', 't', '.', 'd', 'k', '\0', + /* "tjkcastles.uk", true */ 't', 'j', 'k', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'u', 'k', '\0', + /* "tjl.rocks", true */ 't', 'j', 'l', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "tjp.ch", true */ 't', 'j', 'p', '.', 'c', 'h', '\0', + /* "tjs.me", true */ 't', 'j', 's', '.', 'm', 'e', '\0', + /* "tjsbouncycastles.co.uk", true */ 't', 'j', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tjullrich.de", true */ 't', 'j', 'u', 'l', 'l', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "tkacz.pro", true */ 't', 'k', 'a', 'c', 'z', '.', 'p', 'r', 'o', '\0', + /* "tkanemoto.com", true */ 't', 'k', 'a', 'n', 'e', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "tkat.ch", true */ 't', 'k', 'a', 't', '.', 'c', 'h', '\0', + /* "tkgpm.com", true */ 't', 'k', 'g', 'p', 'm', '.', 'c', 'o', 'm', '\0', + /* "tkjg.fi", true */ 't', 'k', 'j', 'g', '.', 'f', 'i', '\0', + /* "tkn.me", true */ 't', 'k', 'n', '.', 'm', 'e', '\0', + /* "tkts.cl", true */ 't', 'k', 't', 's', '.', 'c', 'l', '\0', + /* "tkusano.jp", true */ 't', 'k', 'u', 's', 'a', 'n', 'o', '.', 'j', 'p', '\0', + /* "tkw01536.de", true */ 't', 'k', 'w', '0', '1', '5', '3', '6', '.', 'd', 'e', '\0', + /* "tlach.cz", true */ 't', 'l', 'a', 'c', 'h', '.', 'c', 'z', '\0', + /* "tlca.org", true */ 't', 'l', 'c', 'a', '.', 'o', 'r', 'g', '\0', + /* "tlcnet.info", true */ 't', 'l', 'c', 'n', 'e', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "tlehseasyads.com", true */ 't', 'l', 'e', 'h', 's', 'e', 'a', 's', 'y', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "tlo.xyz", true */ 't', 'l', 'o', '.', 'x', 'y', 'z', '\0', + /* "tloxygen.com", true */ 't', 'l', 'o', 'x', 'y', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "tls-proxy.de", true */ 't', 'l', 's', '-', 'p', 'r', 'o', 'x', 'y', '.', 'd', 'e', '\0', + /* "tls.builders", true */ 't', 'l', 's', '.', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '\0', + /* "tls.care", true */ 't', 'l', 's', '.', 'c', 'a', 'r', 'e', '\0', + /* "tls1914.org", true */ 't', 'l', 's', '1', '9', '1', '4', '.', 'o', 'r', 'g', '\0', + /* "tlsrobot.se", true */ 't', 'l', 's', 'r', 'o', 'b', 'o', 't', '.', 's', 'e', '\0', + /* "tlthings.net", true */ 't', 'l', 't', 'h', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0', + /* "tlys.de", true */ 't', 'l', 'y', 's', '.', 'd', 'e', '\0', + /* "tm.id.au", true */ 't', 'm', '.', 'i', 'd', '.', 'a', 'u', '\0', + /* "tmberg.cf", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'c', 'f', '\0', + /* "tmberg.ga", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'g', 'a', '\0', + /* "tmberg.gq", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'g', 'q', '\0', + /* "tmberg.ml", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'm', 'l', '\0', + /* "tmberg.tk", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 't', 'k', '\0', + /* "tmc.com.mt", true */ 't', 'm', 'c', '.', 'c', 'o', 'm', '.', 'm', 't', '\0', + /* "tmconnects.com", true */ 't', 'm', 'c', 'o', 'n', 'n', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "tmcpromotions.co.uk", true */ 't', 'm', 'c', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tmcreationweb.com", true */ 't', 'm', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "tmdb.biz", true */ 't', 'm', 'd', 'b', '.', 'b', 'i', 'z', '\0', + /* "tmf.ru", true */ 't', 'm', 'f', '.', 'r', 'u', '\0', + /* "tmhr.moe", true */ 't', 'm', 'h', 'r', '.', 'm', 'o', 'e', '\0', + /* "tmi-products.eu", true */ 't', 'm', 'i', '-', 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', '.', 'e', 'u', '\0', + /* "tmi-produkter.se", true */ 't', 'm', 'i', '-', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', 'r', '.', 's', 'e', '\0', + /* "tmi.news", true */ 't', 'm', 'i', '.', 'n', 'e', 'w', 's', '\0', + /* "tmin.cf", true */ 't', 'm', 'i', 'n', '.', 'c', 'f', '\0', + /* "tmm.cx", true */ 't', 'm', 'm', '.', 'c', 'x', '\0', + /* "tmonitoring.com", true */ 't', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "tmpraider.net", true */ 't', 'm', 'p', 'r', 'a', 'i', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "tmpsantos.com.br", true */ 't', 'm', 'p', 's', 'a', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "tmtopup.com", true */ 't', 'm', 't', 'o', 'p', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "tn0.club", true */ 't', 'n', '0', '.', 'c', 'l', 'u', 'b', '\0', + /* "tnes.dk", true */ 't', 'n', 'e', 's', '.', 'd', 'k', '\0', + /* "tniad.mil.id", false */ 't', 'n', 'i', 'a', 'd', '.', 'm', 'i', 'l', '.', 'i', 'd', '\0', + /* "tntmobi.com", true */ 't', 'n', 't', 'm', 'o', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "tny.link", true */ 't', 'n', 'y', '.', 'l', 'i', 'n', 'k', '\0', + /* "toad.ga", true */ 't', 'o', 'a', 'd', '.', 'g', 'a', '\0', + /* "toast.al", false */ 't', 'o', 'a', 's', 't', '.', 'a', 'l', '\0', + /* "tob-rulez.de", true */ 't', 'o', 'b', '-', 'r', 'u', 'l', 'e', 'z', '.', 'd', 'e', '\0', + /* "tobacco.gov", true */ 't', 'o', 'b', 'a', 'c', 'c', 'o', '.', 'g', 'o', 'v', '\0', + /* "tobedo.net", true */ 't', 'o', 'b', 'e', 'd', 'o', '.', 'n', 'e', 't', '\0', + /* "tobi-mayer.de", true */ 't', 'o', 'b', 'i', '-', 'm', 'a', 'y', 'e', 'r', '.', 'd', 'e', '\0', + /* "tobias-bauer.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'b', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0', + /* "tobias-haenel.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'h', 'a', 'e', 'n', 'e', 'l', '.', 'd', 'e', '\0', + /* "tobias-kluge.com", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'k', 'l', 'u', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "tobias-kluge.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'k', 'l', 'u', 'g', 'e', '.', 'd', 'e', '\0', + /* "tobias-picha.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'p', 'i', 'c', 'h', 'a', '.', 'd', 'e', '\0', + /* "tobias-weidhase.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'w', 'e', 'i', 'd', 'h', 'a', 's', 'e', '.', 'd', 'e', '\0', + /* "tobias.gr", true */ 't', 'o', 'b', 'i', 'a', 's', '.', 'g', 'r', '\0', + /* "tobiasbergius.se", true */ 't', 'o', 'b', 'i', 'a', 's', 'b', 'e', 'r', 'g', 'i', 'u', 's', '.', 's', 'e', '\0', + /* "tobiasbrunner.net", true */ 't', 'o', 'b', 'i', 'a', 's', 'b', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "tobiasconradi.com", true */ 't', 'o', 'b', 'i', 'a', 's', 'c', 'o', 'n', 'r', 'a', 'd', 'i', '.', 'c', 'o', 'm', '\0', + /* "tobiashorvath.com", true */ 't', 'o', 'b', 'i', 'a', 's', 'h', 'o', 'r', 'v', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "tobiashorvath.de", true */ 't', 'o', 'b', 'i', 'a', 's', 'h', 'o', 'r', 'v', 'a', 't', 'h', '.', 'd', 'e', '\0', + /* "tobiaskorf.de", true */ 't', 'o', 'b', 'i', 'a', 's', 'k', 'o', 'r', 'f', '.', 'd', 'e', '\0', + /* "tobiassachs.de", true */ 't', 'o', 'b', 'i', 'a', 's', 's', 'a', 'c', 'h', 's', '.', 'd', 'e', '\0', + /* "tobiassattler.com", true */ 't', 'o', 'b', 'i', 'a', 's', 's', 'a', 't', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "tobiemilford.com", true */ 't', 'o', 'b', 'i', 'e', 'm', 'i', 'l', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "tobis-rundfluege.de", true */ 't', 'o', 'b', 'i', 's', '-', 'r', 'u', 'n', 'd', 'f', 'l', 'u', 'e', 'g', 'e', '.', 'd', 'e', '\0', + /* "tobis-webservice.de", true */ 't', 'o', 'b', 'i', 's', '-', 'w', 'e', 'b', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'd', 'e', '\0', + /* "tobischo.de", true */ 't', 'o', 'b', 'i', 's', 'c', 'h', 'o', '.', 'd', 'e', '\0', + /* "tobisworld.ch", true */ 't', 'o', 'b', 'i', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'h', '\0', + /* "tobyschrapel.com", true */ 't', 'o', 'b', 'y', 's', 'c', 'h', 'r', 'a', 'p', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "tobyx.com", true */ 't', 'o', 'b', 'y', 'x', '.', 'c', 'o', 'm', '\0', + /* "tobyx.de", true */ 't', 'o', 'b', 'y', 'x', '.', 'd', 'e', '\0', + /* "tobyx.eu", true */ 't', 'o', 'b', 'y', 'x', '.', 'e', 'u', '\0', + /* "tobyx.net", true */ 't', 'o', 'b', 'y', 'x', '.', 'n', 'e', 't', '\0', + /* "tobyx.org", true */ 't', 'o', 'b', 'y', 'x', '.', 'o', 'r', 'g', '\0', + /* "tocaro.im", true */ 't', 'o', 'c', 'a', 'r', 'o', '.', 'i', 'm', '\0', + /* "toccoig.com", true */ 't', 'o', 'c', 'c', 'o', 'i', 'g', '.', 'c', 'o', 'm', '\0', + /* "tochi-urikata.net", true */ 't', 'o', 'c', 'h', 'i', '-', 'u', 'r', 'i', 'k', 'a', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "todaciencia.com", true */ 't', 'o', 'd', 'a', 'c', 'i', 'e', 'n', 'c', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "todamateria.com.br", true */ 't', 'o', 'd', 'a', 'm', 'a', 't', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "todaymeow.com", true */ 't', 'o', 'd', 'a', 'y', 'm', 'e', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "todocracy.com", true */ 't', 'o', 'd', 'o', 'c', 'r', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0', + /* "todoescine.com", true */ 't', 'o', 'd', 'o', 'e', 's', 'c', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "todoist.com", true */ 't', 'o', 'd', 'o', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "todon.fr", true */ 't', 'o', 'd', 'o', 'n', '.', 'f', 'r', '\0', + /* "toeglhofer.at", true */ 't', 'o', 'e', 'g', 'l', 'h', 'o', 'f', 'e', 'r', '.', 'a', 't', '\0', + /* "toeightycountries.com", true */ 't', 'o', 'e', 'i', 'g', 'h', 't', 'y', 'c', 'o', 'u', 'n', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tofa-koeln.de", true */ 't', 'o', 'f', 'a', '-', 'k', 'o', 'e', 'l', 'n', '.', 'd', 'e', '\0', + /* "tofe.io", true */ 't', 'o', 'f', 'e', '.', 'i', 'o', '\0', + /* "tofilmhub.com", true */ 't', 'o', 'f', 'i', 'l', 'm', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "togech.jp", true */ 't', 'o', 'g', 'e', 'c', 'h', '.', 'j', 'p', '\0', + /* "togetter.com", true */ 't', 'o', 'g', 'e', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "toheb.de", true */ 't', 'o', 'h', 'e', 'b', '.', 'd', 'e', '\0', + /* "tohokinemakan.tk", true */ 't', 'o', 'h', 'o', 'k', 'i', 'n', 'e', 'm', 'a', 'k', 'a', 'n', '.', 't', 'k', '\0', + /* "tojeto.eu", true */ 't', 'o', 'j', 'e', 't', 'o', '.', 'e', 'u', '\0', + /* "tokage.me", true */ 't', 'o', 'k', 'a', 'g', 'e', '.', 'm', 'e', '\0', + /* "tokaido-kun.jp", true */ 't', 'o', 'k', 'a', 'i', 'd', 'o', '-', 'k', 'u', 'n', '.', 'j', 'p', '\0', + /* "tokaido.com", true */ 't', 'o', 'k', 'a', 'i', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "tokainafb.net", true */ 't', 'o', 'k', 'a', 'i', 'n', 'a', 'f', 'b', '.', 'n', 'e', 't', '\0', + /* "tokainakurasi.net", true */ 't', 'o', 'k', 'a', 'i', 'n', 'a', 'k', 'u', 'r', 'a', 's', 'i', '.', 'n', 'e', 't', '\0', + /* "tokbijouxs.com.br", true */ 't', 'o', 'k', 'b', 'i', 'j', 'o', 'u', 'x', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "tokic.hr", true */ 't', 'o', 'k', 'i', 'c', '.', 'h', 'r', '\0', + /* "tokio.fi", true */ 't', 'o', 'k', 'i', 'o', '.', 'f', 'i', '\0', + /* "tokke.dk", true */ 't', 'o', 'k', 'k', 'e', '.', 'd', 'k', '\0', + /* "tokobungaasryflorist.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'a', 's', 'r', 'y', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "tokobungadijambi.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'd', 'i', 'j', 'a', 'm', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "tokobungadilampung.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'd', 'i', 'l', 'a', 'm', 'p', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "tokobungadipadangflorist.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'd', 'i', 'p', 'a', 'd', 'a', 'n', 'g', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "tokototech.com", true */ 't', 'o', 'k', 'o', 't', 'o', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "tokumei.co", true */ 't', 'o', 'k', 'u', 'm', 'e', 'i', '.', 'c', 'o', '\0', + /* "tokyo-onkyo.jp", true */ 't', 'o', 'k', 'y', 'o', '-', 'o', 'n', 'k', 'y', 'o', '.', 'j', 'p', '\0', + /* "tokyo-powerstation.com", true */ 't', 'o', 'k', 'y', 'o', '-', 'p', 'o', 'w', 'e', 'r', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "tokyo.dating", true */ 't', 'o', 'k', 'y', 'o', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "tokyomakino.com", true */ 't', 'o', 'k', 'y', 'o', 'm', 'a', 'k', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "tokyovipper.com", true */ 't', 'o', 'k', 'y', 'o', 'v', 'i', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "tolboe.com", true */ 't', 'o', 'l', 'b', 'o', 'e', '.', 'c', 'o', 'm', '\0', + /* "toleressea.fr", true */ 't', 'o', 'l', 'e', 'r', 'e', 's', 's', 'e', 'a', '.', 'f', 'r', '\0', + /* "toles-sur-mesure.fr", true */ 't', 'o', 'l', 'e', 's', '-', 's', 'u', 'r', '-', 'm', 'e', 's', 'u', 'r', 'e', '.', 'f', 'r', '\0', + /* "tolle-wolke.de", true */ 't', 'o', 'l', 'l', 'e', '-', 'w', 'o', 'l', 'k', 'e', '.', 'd', 'e', '\0', + /* "tollfreeproxy.com", true */ 't', 'o', 'l', 'l', 'f', 'r', 'e', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0', + /* "tom-geiger.de", true */ 't', 'o', 'm', '-', 'g', 'e', 'i', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "tom-kunze.de", true */ 't', 'o', 'm', '-', 'k', 'u', 'n', 'z', 'e', '.', 'd', 'e', '\0', + /* "tom-maxwell.com", true */ 't', 'o', 'm', '-', 'm', 'a', 'x', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "tom.horse", true */ 't', 'o', 'm', '.', 'h', 'o', 'r', 's', 'e', '\0', + /* "tomabrafix.de", true */ 't', 'o', 'm', 'a', 'b', 'r', 'a', 'f', 'i', 'x', '.', 'd', 'e', '\0', + /* "tomandshirley.com", true */ 't', 'o', 'm', 'a', 'n', 'd', 's', 'h', 'i', 'r', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "tomasjacik.cz", true */ 't', 'o', 'm', 'a', 's', 'j', 'a', 'c', 'i', 'k', '.', 'c', 'z', '\0', + /* "tomaskavalek.cz", true */ 't', 'o', 'm', 'a', 's', 'k', 'a', 'v', 'a', 'l', 'e', 'k', '.', 'c', 'z', '\0', + /* "tomaspialek.cz", true */ 't', 'o', 'm', 'a', 's', 'p', 'i', 'a', 'l', 'e', 'k', '.', 'c', 'z', '\0', + /* "tomatenaufdenaugen.de", true */ 't', 'o', 'm', 'a', 't', 'e', 'n', 'a', 'u', 'f', 'd', 'e', 'n', 'a', 'u', 'g', 'e', 'n', '.', 'd', 'e', '\0', + /* "tomatis-nantes.com", true */ 't', 'o', 'm', 'a', 't', 'i', 's', '-', 'n', 'a', 'n', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tomaw.net", true */ 't', 'o', 'm', 'a', 'w', '.', 'n', 'e', 't', '\0', + /* "tomaz.eu", true */ 't', 'o', 'm', 'a', 'z', '.', 'e', 'u', '\0', + /* "tombaker.me", true */ 't', 'o', 'm', 'b', 'a', 'k', 'e', 'r', '.', 'm', 'e', '\0', + /* "tomberek.info", true */ 't', 'o', 'm', 'b', 'e', 'r', 'e', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "tombrossman.com", true */ 't', 'o', 'm', 'b', 'r', 'o', 's', 's', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "tomcort.com", true */ 't', 'o', 'm', 'c', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "tomdudfield.com", true */ 't', 'o', 'm', 'd', 'u', 'd', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "tomend.es", true */ 't', 'o', 'm', 'e', 'n', 'd', '.', 'e', 's', '\0', + /* "tomershemesh.me", true */ 't', 'o', 'm', 'e', 'r', 's', 'h', 'e', 'm', 'e', 's', 'h', '.', 'm', 'e', '\0', + /* "tomfisher.eu", true */ 't', 'o', 'm', 'f', 'i', 's', 'h', 'e', 'r', '.', 'e', 'u', '\0', + /* "tomharling.co.uk", true */ 't', 'o', 'm', 'h', 'a', 'r', 'l', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tomharling.uk", true */ 't', 'o', 'm', 'h', 'a', 'r', 'l', 'i', 'n', 'g', '.', 'u', 'k', '\0', + /* "tomharris.tech", true */ 't', 'o', 'm', 'h', 'a', 'r', 'r', 'i', 's', '.', 't', 'e', 'c', 'h', '\0', + /* "tomi.cc", true */ 't', 'o', 'm', 'i', '.', 'c', 'c', '\0', + /* "tomica.me", true */ 't', 'o', 'm', 'i', 'c', 'a', '.', 'm', 'e', '\0', + /* "tomiler.com", true */ 't', 'o', 'm', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "tomjans.nl", true */ 't', 'o', 'm', 'j', 'a', 'n', 's', '.', 'n', 'l', '\0', + /* "tomjonsson.se", true */ 't', 'o', 'm', 'j', 'o', 'n', 's', 's', 'o', 'n', '.', 's', 'e', '\0', + /* "tomkunze.de", true */ 't', 'o', 'm', 'k', 'u', 'n', 'z', 'e', '.', 'd', 'e', '\0', + /* "tomli.blog", true */ 't', 'o', 'm', 'l', 'i', '.', 'b', 'l', 'o', 'g', '\0', + /* "tommic.eu", true */ 't', 'o', 'm', 'm', 'i', 'c', '.', 'e', 'u', '\0', + /* "tommy-bordas.fr", true */ 't', 'o', 'm', 'm', 'y', '-', 'b', 'o', 'r', 'd', 'a', 's', '.', 'f', 'r', '\0', + /* "tomnatt.com", true */ 't', 'o', 'm', 'n', 'a', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "tomo.gr", false */ 't', 'o', 'm', 'o', '.', 'g', 'r', '\0', + /* "tomochun.net", true */ 't', 'o', 'm', 'o', 'c', 'h', 'u', 'n', '.', 'n', 'e', 't', '\0', + /* "tomravinmd.com", true */ 't', 'o', 'm', 'r', 'a', 'v', 'i', 'n', 'm', 'd', '.', 'c', 'o', 'm', '\0', + /* "tomrei.com", true */ 't', 'o', 'm', 'r', 'e', 'i', '.', 'c', 'o', 'm', '\0', + /* "tomrichards.net", true */ 't', 'o', 'm', 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', '.', 'n', 'e', 't', '\0', + /* "tomschlick.com", true */ 't', 'o', 'm', 's', 'c', 'h', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "tomssl.com", true */ 't', 'o', 'm', 's', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "tomticket.com", true */ 't', 'o', 'm', 't', 'i', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "tomudding.com", true */ 't', 'o', 'm', 'u', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "tomudding.nl", true */ 't', 'o', 'm', 'u', 'd', 'd', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "tomvote.com", true */ 't', 'o', 'm', 'v', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "tomwassenberg.com", true */ 't', 'o', 'm', 'w', 'a', 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "tomwassenberg.nl", true */ 't', 'o', 'm', 'w', 'a', 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0', + /* "tomwiggers.nl", false */ 't', 'o', 'm', 'w', 'i', 'g', 'g', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "tomwilson.io", true */ 't', 'o', 'm', 'w', 'i', 'l', 's', 'o', 'n', '.', 'i', 'o', '\0', + /* "tomyork.net", true */ 't', 'o', 'm', 'y', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "tonabor.ru", true */ 't', 'o', 'n', 'a', 'b', 'o', 'r', '.', 'r', 'u', '\0', + /* "tonage.de", true */ 't', 'o', 'n', 'a', 'g', 'e', '.', 'd', 'e', '\0', + /* "tondles.com", true */ 't', 'o', 'n', 'd', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tonegidoarchief.nl", true */ 't', 'o', 'n', 'e', 'g', 'i', 'd', 'o', 'a', 'r', 'c', 'h', 'i', 'e', 'f', '.', 'n', 'l', '\0', + /* "toner24.at", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'a', 't', '\0', + /* "toner24.co.uk", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "toner24.es", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'e', 's', '\0', + /* "toner24.fr", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'f', 'r', '\0', + /* "toner24.it", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'i', 't', '\0', + /* "toner24.nl", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'n', 'l', '\0', + /* "toner24.pl", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'p', 'l', '\0', + /* "tonerdepot.de", true */ 't', 'o', 'n', 'e', 'r', 'd', 'e', 'p', 'o', 't', '.', 'd', 'e', '\0', + /* "tonerjet.at", true */ 't', 'o', 'n', 'e', 'r', 'j', 'e', 't', '.', 'a', 't', '\0', + /* "tonerjet.co.uk", true */ 't', 'o', 'n', 'e', 'r', 'j', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tonerklick.de", true */ 't', 'o', 'n', 'e', 'r', 'k', 'l', 'i', 'c', 'k', '.', 'd', 'e', '\0', + /* "tonerkurier.de", true */ 't', 'o', 'n', 'e', 'r', 'k', 'u', 'r', 'i', 'e', 'r', '.', 'd', 'e', '\0', + /* "tonermaus.de", true */ 't', 'o', 'n', 'e', 'r', 'm', 'a', 'u', 's', '.', 'd', 'e', '\0', + /* "tonermonster.de", true */ 't', 'o', 'n', 'e', 'r', 'm', 'o', 'n', 's', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "tonex.de", true */ 't', 'o', 'n', 'e', 'x', '.', 'd', 'e', '\0', + /* "tonex.nl", true */ 't', 'o', 'n', 'e', 'x', '.', 'n', 'l', '\0', + /* "tonkinson.com", true */ 't', 'o', 'n', 'k', 'i', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "tonkinwilsonvillenissanparts.com", true */ 't', 'o', 'n', 'k', 'i', 'n', 'w', 'i', 'l', 's', 'o', 'n', 'v', 'i', 'l', 'l', 'e', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "tonsit.com", true */ 't', 'o', 'n', 's', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "tonsit.org", true */ 't', 'o', 'n', 's', 'i', 't', '.', 'o', 'r', 'g', '\0', + /* "tonyarcieri.com", true */ 't', 'o', 'n', 'y', 'a', 'r', 'c', 'i', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "tonymanning.com", false */ 't', 'o', 'n', 'y', 'm', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "tonytan.cn", true */ 't', 'o', 'n', 'y', 't', 'a', 'n', '.', 'c', 'n', '\0', + /* "tonytan.io", true */ 't', 'o', 'n', 'y', 't', 'a', 'n', '.', 'i', 'o', '\0', + /* "tonytron.com.br", true */ 't', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "tonyw.xyz", true */ 't', 'o', 'n', 'y', 'w', '.', 'x', 'y', 'z', '\0', + /* "tonywebster.com", true */ 't', 'o', 'n', 'y', 'w', 'e', 'b', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "too.gy", true */ 't', 'o', 'o', '.', 'g', 'y', '\0', + /* "toobug.net", true */ 't', 'o', 'o', 'b', 'u', 'g', '.', 'n', 'e', 't', '\0', + /* "toolbox.ninja", false */ 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "toom.io", true */ 't', 'o', 'o', 'm', '.', 'i', 'o', '\0', + /* "toonpool.com", true */ 't', 'o', 'o', 'n', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "toool.nl", true */ 't', 'o', 'o', 'o', 'l', '.', 'n', 'l', '\0', + /* "toool.org", true */ 't', 'o', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0', + /* "tooti.biz", true */ 't', 'o', 'o', 't', 'i', '.', 'b', 'i', 'z', '\0', + /* "top-obaly.cz", true */ 't', 'o', 'p', '-', 'o', 'b', 'a', 'l', 'y', '.', 'c', 'z', '\0', + /* "top-opakowania.pl", true */ 't', 'o', 'p', '-', 'o', 'p', 'a', 'k', 'o', 'w', 'a', 'n', 'i', 'a', '.', 'p', 'l', '\0', + /* "top-solar-info.de", true */ 't', 'o', 'p', '-', 's', 'o', 'l', 'a', 'r', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0', + /* "top10mountainbikes.info", true */ 't', 'o', 'p', '1', '0', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'b', 'i', 'k', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "top9.fr", true */ 't', 'o', 'p', '9', '.', 'f', 'r', '\0', + /* "topanlage.de", true */ 't', 'o', 'p', 'a', 'n', 'l', 'a', 'g', 'e', '.', 'd', 'e', '\0', + /* "topaxi.ch", true */ 't', 'o', 'p', 'a', 'x', 'i', '.', 'c', 'h', '\0', + /* "topaxi.codes", true */ 't', 'o', 'p', 'a', 'x', 'i', '.', 'c', 'o', 'd', 'e', 's', '\0', + /* "topbargains.com.au", false */ 't', 'o', 'p', 'b', 'a', 'r', 'g', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "topbounce.com", true */ 't', 'o', 'p', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "topbouncycastles.co.uk", true */ 't', 'o', 'p', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "topbrakes.com", true */ 't', 'o', 'p', 'b', 'r', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "topclassfun.ie", true */ 't', 'o', 'p', 'c', 'l', 'a', 's', 's', 'f', 'u', 'n', '.', 'i', 'e', '\0', + /* "topdesk.net", true */ 't', 'o', 'p', 'd', 'e', 's', 'k', '.', 'n', 'e', 't', '\0', + /* "topdevbox.net", true */ 't', 'o', 'p', 'd', 'e', 'v', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "topdogsinflatables.co.uk", true */ 't', 'o', 'p', 'd', 'o', 'g', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "topeng-emas.com", true */ 't', 'o', 'p', 'e', 'n', 'g', '-', 'e', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "topfivepercent.co.uk", true */ 't', 'o', 'p', 'f', 'i', 'v', 'e', 'p', 'e', 'r', 'c', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "topicit.net", true */ 't', 'o', 'p', 'i', 'c', 'i', 't', '.', 'n', 'e', 't', '\0', + /* "topirishcasinos.com", true */ 't', 'o', 'p', 'i', 'r', 'i', 's', 'h', 'c', 'a', 's', 'i', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "topjobs.ch", true */ 't', 'o', 'p', 'j', 'o', 'b', 's', '.', 'c', 'h', '\0', + /* "toplist.eu", true */ 't', 'o', 'p', 'l', 'i', 's', 't', '.', 'e', 'u', '\0', + /* "topnotepad.com", true */ 't', 'o', 'p', 'n', 'o', 't', 'e', 'p', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "topodin.com", true */ 't', 'o', 'p', 'o', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "topprice.ua", true */ 't', 'o', 'p', 'p', 'r', 'i', 'c', 'e', '.', 'u', 'a', '\0', + /* "topshelfcommercial.com", true */ 't', 'o', 'p', 's', 'h', 'e', 'l', 'f', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "topspeedgolf.com", false */ 't', 'o', 'p', 's', 'p', 'e', 'e', 'd', 'g', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0', + /* "toptec.net.br", true */ 't', 'o', 'p', 't', 'e', 'c', '.', 'n', 'e', 't', '.', 'b', 'r', '\0', + /* "toptexture.com", true */ 't', 'o', 'p', 't', 'e', 'x', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "toptheto.com", true */ 't', 'o', 'p', 't', 'h', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "topwin.la", true */ 't', 'o', 'p', 'w', 'i', 'n', '.', 'l', 'a', '\0', + /* "toracon.org", true */ 't', 'o', 'r', 'a', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "torbay.ga", true */ 't', 'o', 'r', 'b', 'a', 'y', '.', 'g', 'a', '\0', + /* "torbe.es", true */ 't', 'o', 'r', 'b', 'e', '.', 'e', 's', '\0', + /* "torchantifa.org", true */ 't', 'o', 'r', 'c', 'h', 'a', 'n', 't', 'i', 'f', 'a', '.', 'o', 'r', 'g', '\0', + /* "toretame.jp", true */ 't', 'o', 'r', 'e', 't', 'a', 'm', 'e', '.', 'j', 'p', '\0', + /* "toretfaction.net", true */ 't', 'o', 'r', 'e', 't', 'f', 'a', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "tormentedradio.com", true */ 't', 'o', 'r', 'm', 'e', 'n', 't', 'e', 'd', 'r', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "torn1.se", true */ 't', 'o', 'r', 'n', '1', '.', 's', 'e', '\0', + /* "torontocorporatelimo.services", true */ 't', 'o', 'r', 'o', 'n', 't', 'o', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'l', 'i', 'm', 'o', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0', + /* "torproject.org", false */ 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "torprojects.com", true */ 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "torquato.de", false */ 't', 'o', 'r', 'q', 'u', 'a', 't', 'o', '.', 'd', 'e', '\0', + /* "torrent.fedoraproject.org", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "torrent.is", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'i', 's', '\0', + /* "torrentgamesps2.info", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', 'g', 'a', 'm', 'e', 's', 'p', 's', '2', '.', 'i', 'n', 'f', 'o', '\0', + /* "torrentpier.me", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', 'p', 'i', 'e', 'r', '.', 'm', 'e', '\0', + /* "torrentz2.eu", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', 'z', '2', '.', 'e', 'u', '\0', + /* "torresygutierrez.com", true */ 't', 'o', 'r', 'r', 'e', 's', 'y', 'g', 'u', 't', 'i', 'e', 'r', 'r', 'e', 'z', '.', 'c', 'o', 'm', '\0', + /* "torretzalam.com", true */ 't', 'o', 'r', 'r', 'e', 't', 'z', 'a', 'l', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "torservers.net", true */ 't', 'o', 'r', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "torsten-schmitz.net", true */ 't', 'o', 'r', 's', 't', 'e', 'n', '-', 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'n', 'e', 't', '\0', + /* "torstensenf.de", true */ 't', 'o', 'r', 's', 't', 'e', 'n', 's', 'e', 'n', 'f', '.', 'd', 'e', '\0', + /* "tortoises-turtles.com", true */ 't', 'o', 'r', 't', 'o', 'i', 's', 'e', 's', '-', 't', 'u', 'r', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tortugan.com.br", true */ 't', 'o', 'r', 't', 'u', 'g', 'a', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "tosainu.com.br", true */ 't', 'o', 's', 'a', 'i', 'n', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "toscer.me", true */ 't', 'o', 's', 'c', 'e', 'r', '.', 'm', 'e', '\0', + /* "toschool.com.br", true */ 't', 'o', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "toshkov.com", true */ 't', 'o', 's', 'h', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "tosteberg.se", true */ 't', 'o', 's', 't', 'e', 'b', 'e', 'r', 'g', '.', 's', 'e', '\0', + /* "tostu.de", true */ 't', 'o', 's', 't', 'u', '.', 'd', 'e', '\0', + /* "totaku.ru", true */ 't', 'o', 't', 'a', 'k', 'u', '.', 'r', 'u', '\0', + /* "totalbeauty.co.uk", true */ 't', 'o', 't', 'a', 'l', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "totalbike.com.br", true */ 't', 'o', 't', 'a', 'l', 'b', 'i', 'k', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "totalcarcheck.co.uk", true */ 't', 'o', 't', 'a', 'l', 'c', 'a', 'r', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "totalchecklist.com", true */ 't', 'o', 't', 'a', 'l', 'c', 'h', 'e', 'c', 'k', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "totalforcegym.com", true */ 't', 'o', 't', 'a', 'l', 'f', 'o', 'r', 'c', 'e', 'g', 'y', 'm', '.', 'c', 'o', 'm', '\0', + /* "totalhomecareinc.com", true */ 't', 'o', 't', 'a', 'l', 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "totallylegitimatehosting.ru", true */ 't', 'o', 't', 'a', 'l', 'l', 'y', 'l', 'e', 'g', 'i', 't', 'i', 'm', 'a', 't', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'r', 'u', '\0', + /* "totalpahire.com", true */ 't', 'o', 't', 'a', 'l', 'p', 'a', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "totalparts.com.au", true */ 't', 'o', 't', 'a', 'l', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "totalprint.hu", true */ 't', 'o', 't', 'a', 'l', 'p', 'r', 'i', 'n', 't', '.', 'h', 'u', '\0', + /* "totaltriathlon.com", true */ 't', 'o', 't', 'a', 'l', 't', 'r', 'i', 'a', 't', 'h', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "totem-international.com", true */ 't', 'o', 't', 'e', 'm', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "totobetty.com", true */ 't', 'o', 't', 'o', 'b', 'e', 't', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "touch.facebook.com", false */ 't', 'o', 'u', 'c', 'h', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "touch.mail.ru", true */ 't', 'o', 'u', 'c', 'h', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0', + /* "touchoflife.in", true */ 't', 'o', 'u', 'c', 'h', 'o', 'f', 'l', 'i', 'f', 'e', '.', 'i', 'n', '\0', + /* "touchscreentills.com", true */ 't', 'o', 'u', 'c', 'h', 's', 'c', 'r', 'e', 'e', 'n', 't', 'i', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "tougetu.com", true */ 't', 'o', 'u', 'g', 'e', 't', 'u', '.', 'c', 'o', 'm', '\0', + /* "touhou.cc", true */ 't', 'o', 'u', 'h', 'o', 'u', '.', 'c', 'c', '\0', + /* "toujours-actif.com", true */ 't', 'o', 'u', 'j', 'o', 'u', 'r', 's', '-', 'a', 'c', 't', 'i', 'f', '.', 'c', 'o', 'm', '\0', + /* "tounyou-raku.com", true */ 't', 'o', 'u', 'n', 'y', 'o', 'u', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "touray-enterprise.ch", true */ 't', 'o', 'u', 'r', 'a', 'y', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', '.', 'c', 'h', '\0', + /* "tourismwithme.com", true */ 't', 'o', 'u', 'r', 'i', 's', 'm', 'w', 'i', 't', 'h', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "tourispo.com", true */ 't', 'o', 'u', 'r', 'i', 's', 'p', 'o', '.', 'c', 'o', 'm', '\0', + /* "tournevis.ch", true */ 't', 'o', 'u', 'r', 'n', 'e', 'v', 'i', 's', '.', 'c', 'h', '\0', + /* "tourtransferitaly.it", true */ 't', 'o', 'u', 'r', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 'i', 't', 'a', 'l', 'y', '.', 'i', 't', '\0', + /* "tous-travaux.ch", true */ 't', 'o', 'u', 's', '-', 't', 'r', 'a', 'v', 'a', 'u', 'x', '.', 'c', 'h', '\0', + /* "toushi-exe.com", true */ 't', 'o', 'u', 's', 'h', 'i', '-', 'e', 'x', 'e', '.', 'c', 'o', 'm', '\0', + /* "toushi-return.xyz", true */ 't', 'o', 'u', 's', 'h', 'i', '-', 'r', 'e', 't', 'u', 'r', 'n', '.', 'x', 'y', 'z', '\0', + /* "touslesdrivers.com", true */ 't', 'o', 'u', 's', 'l', 'e', 's', 'd', 'r', 'i', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "tousproducteurs.fr", true */ 't', 'o', 'u', 's', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0', + /* "tout-art.ch", true */ 't', 'o', 'u', 't', '-', 'a', 'r', 't', '.', 'c', 'h', '\0', + /* "toutart.ch", true */ 't', 'o', 'u', 't', 'a', 'r', 't', '.', 'c', 'h', '\0', + /* "toutenmusic.fr", true */ 't', 'o', 'u', 't', 'e', 'n', 'm', 'u', 's', 'i', 'c', '.', 'f', 'r', '\0', + /* "toutmonexam.fr", true */ 't', 'o', 'u', 't', 'm', 'o', 'n', 'e', 'x', 'a', 'm', '.', 'f', 'r', '\0', + /* "tovare.com", true */ 't', 'o', 'v', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "toverland-tickets.nl", true */ 't', 'o', 'v', 'e', 'r', 'l', 'a', 'n', 'd', '-', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'n', 'l', '\0', + /* "towandalibrary.org", true */ 't', 'o', 'w', 'a', 'n', 'd', 'a', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "towaway.ru", true */ 't', 'o', 'w', 'a', 'w', 'a', 'y', '.', 'r', 'u', '\0', + /* "townandcountryus.com", true */ 't', 'o', 'w', 'n', 'a', 'n', 'd', 'c', 'o', 'u', 'n', 't', 'r', 'y', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "townhousedevelopments.com.au", true */ 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "townhouseregister.com.au", true */ 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "townofbridgewater.ca", true */ 't', 'o', 'w', 'n', 'o', 'f', 'b', 'r', 'i', 'd', 'g', 'e', 'w', 'a', 't', 'e', 'r', '.', 'c', 'a', '\0', + /* "towywebdesigns.uk", true */ 't', 'o', 'w', 'y', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'u', 'k', '\0', + /* "tox.im", true */ 't', 'o', 'x', '.', 'i', 'm', '\0', + /* "toxicboot.com", true */ 't', 'o', 'x', 'i', 'c', 'b', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "toymania.de", true */ 't', 'o', 'y', 'm', 'a', 'n', 'i', 'a', '.', 'd', 'e', '\0', + /* "toysperiod.com", true */ 't', 'o', 'y', 's', 'p', 'e', 'r', 'i', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "tp-iryuubun.com", true */ 't', 'p', '-', 'i', 'r', 'y', 'u', 'u', 'b', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "tp-kabushiki.com", true */ 't', 'p', '-', 'k', 'a', 'b', 'u', 's', 'h', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "tp-kyouyufudousan.com", true */ 't', 'p', '-', 'k', 'y', 'o', 'u', 'y', 'u', 'f', 'u', 'd', 'o', 'u', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "tp-law.jp", true */ 't', 'p', '-', 'l', 'a', 'w', '.', 'j', 'p', '\0', + /* "tpansino.com", true */ 't', 'p', 'a', 'n', 's', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "tpbproxy.co", true */ 't', 'p', 'b', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'o', '\0', + /* "tpbunblocked.org", true */ 't', 'p', 'b', 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'o', 'r', 'g', '\0', + /* "tpidg.us", true */ 't', 'p', 'i', 'd', 'g', '.', 'u', 's', '\0', + /* "tpolemis.com", true */ 't', 'p', 'o', 'l', 'e', 'm', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "tpp.chat", true */ 't', 'p', 'p', '.', 'c', 'h', 'a', 't', '\0', + /* "tppleague.me", false */ 't', 'p', 'p', 'l', 'e', 'a', 'g', 'u', 'e', '.', 'm', 'e', '\0', + /* "tqdev.com", true */ 't', 'q', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "tr.search.yahoo.com", false */ 't', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "tr0n.net", true */ 't', 'r', '0', 'n', '.', 'n', 'e', 't', '\0', + /* "traas.org", true */ 't', 'r', 'a', 'a', 's', '.', 'o', 'r', 'g', '\0', + /* "trabajarenperu.com", true */ 't', 'r', 'a', 'b', 'a', 'j', 'a', 'r', 'e', 'n', 'p', 'e', 'r', 'u', '.', 'c', 'o', 'm', '\0', + /* "trabajarenremoto.com", true */ 't', 'r', 'a', 'b', 'a', 'j', 'a', 'r', 'e', 'n', 'r', 'e', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "trabbel.org", true */ 't', 'r', 'a', 'b', 'b', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "tracalada.cl", true */ 't', 'r', 'a', 'c', 'a', 'l', 'a', 'd', 'a', '.', 'c', 'l', '\0', + /* "trace.guru", true */ 't', 'r', 'a', 'c', 'e', '.', 'g', 'u', 'r', 'u', '\0', + /* "tracelight.io", true */ 't', 'r', 'a', 'c', 'e', 'l', 'i', 'g', 'h', 't', '.', 'i', 'o', '\0', + /* "traceroute.guru", true */ 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'g', 'u', 'r', 'u', '\0', + /* "traceroute.link", true */ 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'l', 'i', 'n', 'k', '\0', + /* "traceroute.network", true */ 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0', + /* "traces.ml", true */ 't', 'r', 'a', 'c', 'e', 's', '.', 'm', 'l', '\0', + /* "tracetracker.no", true */ 't', 'r', 'a', 'c', 'e', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'n', 'o', '\0', + /* "tracfinancialservices.com", true */ 't', 'r', 'a', 'c', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tracinsurance.com", true */ 't', 'r', 'a', 'c', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "trackchair.com", true */ 't', 'r', 'a', 'c', 'k', 'c', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "trackdomains.com", true */ 't', 'r', 'a', 'c', 'k', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "trackersimulator.org", true */ 't', 'r', 'a', 'c', 'k', 'e', 'r', 's', 'i', 'm', 'u', 'l', 'a', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0', + /* "trackeye.dk", true */ 't', 'r', 'a', 'c', 'k', 'e', 'y', 'e', '.', 'd', 'k', '\0', + /* "trackmeet.io", true */ 't', 'r', 'a', 'c', 'k', 'm', 'e', 'e', 't', '.', 'i', 'o', '\0', + /* "trackrecordpro.co.uk", true */ 't', 'r', 'a', 'c', 'k', 'r', 'e', 'c', 'o', 'r', 'd', 'p', 'r', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tractorpumps.com", true */ 't', 'r', 'a', 'c', 't', 'o', 'r', 'p', 'u', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "trade.gov.uk", true */ 't', 'r', 'a', 'd', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0', + /* "tradedesk.co.za", true */ 't', 'r', 'a', 'd', 'e', 'd', 'e', 's', 'k', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "tradeinvent.co.uk", true */ 't', 'r', 'a', 'd', 'e', 'i', 'n', 'v', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "trademan.ky", true */ 't', 'r', 'a', 'd', 'e', 'm', 'a', 'n', '.', 'k', 'y', '\0', + /* "traderjoe-cloud.de", true */ 't', 'r', 'a', 'd', 'e', 'r', 'j', 'o', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "tradietrove.com.au", true */ 't', 'r', 'a', 'd', 'i', 'e', 't', 'r', 'o', 'v', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "tradinews.com", true */ 't', 'r', 'a', 'd', 'i', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "tradinews.fr", true */ 't', 'r', 'a', 'd', 'i', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0', + /* "tradingbhavishya.com", true */ 't', 'r', 'a', 'd', 'i', 'n', 'g', 'b', 'h', 'a', 'v', 'i', 's', 'h', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "tradingrooms.com", false */ 't', 'r', 'a', 'd', 'i', 'n', 'g', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "traditionsvivantesenimages.ch", true */ 't', 'r', 'a', 'd', 'i', 't', 'i', 'o', 'n', 's', 'v', 'i', 'v', 'a', 'n', 't', 'e', 's', 'e', 'n', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'h', '\0', + /* "tradiz.org", true */ 't', 'r', 'a', 'd', 'i', 'z', '.', 'o', 'r', 'g', '\0', + /* "traeningsprojekt.dk", false */ 't', 'r', 'a', 'e', 'n', 'i', 'n', 'g', 's', 'p', 'r', 'o', 'j', 'e', 'k', 't', '.', 'd', 'k', '\0', + /* "trafarm.ro", true */ 't', 'r', 'a', 'f', 'a', 'r', 'm', '.', 'r', 'o', '\0', + /* "traffic.az", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'a', 'z', '\0', + /* "trafficmanager.xxx", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'x', 'x', 'x', '\0', + /* "trafficologyblueprint.com", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', 'o', 'l', 'o', 'g', 'y', 'b', 'l', 'u', 'e', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "trafficpixel.tk", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', 'p', 'i', 'x', 'e', 'l', '.', 't', 'k', '\0', + /* "traffixdevices.com", true */ 't', 'r', 'a', 'f', 'f', 'i', 'x', 'd', 'e', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "tragmi.ch", true */ 't', 'r', 'a', 'g', 'm', 'i', '.', 'c', 'h', '\0', + /* "trailerparty.com", true */ 't', 'r', 'a', 'i', 'l', 'e', 'r', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "trailforks.com", true */ 't', 'r', 'a', 'i', 'l', 'f', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "train-track.co.uk", true */ 't', 'r', 'a', 'i', 'n', '-', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "trainex.org", true */ 't', 'r', 'a', 'i', 'n', 'e', 'x', '.', 'o', 'r', 'g', '\0', + /* "trainhornforums.com", true */ 't', 'r', 'a', 'i', 'n', 'h', 'o', 'r', 'n', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "trainiac.com.au", true */ 't', 'r', 'a', 'i', 'n', 'i', 'a', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "trainings-handschuhe-test.de", true */ 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', 's', '-', 'h', 'a', 'n', 'd', 's', 'c', 'h', 'u', 'h', 'e', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "trainline.at", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'a', 't', '\0', + /* "trainline.cn", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'n', '\0', + /* "trainline.com.br", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "trainline.com.pt", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'p', 't', '\0', + /* "trainline.cz", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'z', '\0', + /* "trainline.de", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "trainline.dk", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'k', '\0', + /* "trainline.es", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'e', 's', '\0', + /* "trainline.eu", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0', + /* "trainline.fr", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'f', 'r', '\0', + /* "trainline.io", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'i', 'o', '\0', + /* "trainline.it", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'i', 't', '\0', + /* "trainline.nl", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0', + /* "trainline.no", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'o', '\0', + /* "trainline.pl", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'l', '\0', + /* "trainline.se", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 's', 'e', '\0', + /* "trainsgoodplanesbad.com", true */ 't', 'r', 'a', 'i', 'n', 's', 'g', 'o', 'o', 'd', 'p', 'l', 'a', 'n', 'e', 's', 'b', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "traista.ru", true */ 't', 'r', 'a', 'i', 's', 't', 'a', '.', 'r', 'u', '\0', + /* "trajano.net", true */ 't', 'r', 'a', 'j', 'a', 'n', 'o', '.', 'n', 'e', 't', '\0', + /* "tran.pw", true */ 't', 'r', 'a', 'n', '.', 'p', 'w', '\0', + /* "trancendances.fr", true */ 't', 'r', 'a', 'n', 'c', 'e', 'n', 'd', 'a', 'n', 'c', 'e', 's', '.', 'f', 'r', '\0', + /* "trangcongnghe.com", true */ 't', 'r', 'a', 'n', 'g', 'c', 'o', 'n', 'g', 'n', 'g', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "trangell.com", true */ 't', 'r', 'a', 'n', 'g', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "tranglenull.xyz", true */ 't', 'r', 'a', 'n', 'g', 'l', 'e', 'n', 'u', 'l', 'l', '.', 'x', 'y', 'z', '\0', + /* "transacid.de", true */ 't', 'r', 'a', 'n', 's', 'a', 'c', 'i', 'd', '.', 'd', 'e', '\0', + /* "transappealrights.com", true */ 't', 'r', 'a', 'n', 's', 'a', 'p', 'p', 'e', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "transcend.org", true */ 't', 'r', 'a', 'n', 's', 'c', 'e', 'n', 'd', '.', 'o', 'r', 'g', '\0', + /* "transcricentro.pt", true */ 't', 'r', 'a', 'n', 's', 'c', 'r', 'i', 'c', 'e', 'n', 't', 'r', 'o', '.', 'p', 't', '\0', + /* "transfer.pw", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', '.', 'p', 'w', '\0', + /* "transferio.nl", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 'i', 'o', '.', 'n', 'l', '\0', + /* "transfers.do", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', '.', 'd', 'o', '\0', + /* "transferserver.at", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', 'e', 'r', 'v', 'e', 'r', '.', 'a', 't', '\0', + /* "transfersummit.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', 'u', 'm', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "transfigurewizard.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'i', 'g', 'u', 'r', 'e', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "transfile.fr", true */ 't', 'r', 'a', 'n', 's', 'f', 'i', 'l', 'e', '.', 'f', 'r', '\0', + /* "transformaniatime.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'o', 'r', 'm', 'a', 'n', 'i', 'a', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "transformations-magazin.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 's', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "transhumanism.co.uk", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "transhumanist.co.uk", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "transhumanist.com", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "transhumanist.net", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'n', 'e', 't', '\0', + /* "transhumanist.org", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "transhumanist.uk", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'u', 'k', '\0', + /* "transitownplaza.com", true */ 't', 'r', 'a', 'n', 's', 'i', 't', 'o', 'w', 'n', 'p', 'l', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "transitpoint.us", true */ 't', 'r', 'a', 'n', 's', 'i', 't', 'p', 'o', 'i', 'n', 't', '.', 'u', 's', '\0', + /* "translate.fedoraproject.org", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "translate.googleapis.com", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "translate.stg.fedoraproject.org", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "translateblender.ru", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', 'b', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'r', 'u', '\0', + /* "translatoruk.co.uk", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'o', 'r', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "transmarttouring.com", true */ 't', 'r', 'a', 'n', 's', 'm', 'a', 'r', 't', 't', 'o', 'u', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "transmisjeonline.pl", true */ 't', 'r', 'a', 'n', 's', 'm', 'i', 's', 'j', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'l', '\0', + /* "transmithe.net", true */ 't', 'r', 'a', 'n', 's', 'm', 'i', 't', 'h', 'e', '.', 'n', 'e', 't', '\0', + /* "transnexus.com", true */ 't', 'r', 'a', 'n', 's', 'n', 'e', 'x', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "transparentcorp.com", true */ 't', 'r', 'a', 'n', 's', 'p', 'a', 'r', 'e', 'n', 't', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "transport.eu", true */ 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'e', 'u', '\0', + /* "transporterlock.com", true */ 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 'e', 'r', 'l', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "transsexualpantyhose.com", true */ 't', 'r', 'a', 'n', 's', 's', 'e', 'x', 'u', 'a', 'l', 'p', 'a', 'n', 't', 'y', 'h', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "transverify.com", true */ 't', 'r', 'a', 'n', 's', 'v', 'e', 'r', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "trashnothing.com", true */ 't', 'r', 'a', 's', 'h', 'n', 'o', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "trask.no", true */ 't', 'r', 'a', 's', 'k', '.', 'n', 'o', '\0', + /* "traslocare.roma.it", true */ 't', 'r', 'a', 's', 'l', 'o', 'c', 'a', 'r', 'e', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "trauertexte.info", true */ 't', 'r', 'a', 'u', 'e', 'r', 't', 'e', 'x', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "traut.cloud", true */ 't', 'r', 'a', 'u', 't', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "travador.com", true */ 't', 'r', 'a', 'v', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "travaux-toiture-idf.fr", true */ 't', 'r', 'a', 'v', 'a', 'u', 'x', '-', 't', 'o', 'i', 't', 'u', 'r', 'e', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0', + /* "travel-dealz.de", true */ 't', 'r', 'a', 'v', 'e', 'l', '-', 'd', 'e', 'a', 'l', 'z', '.', 'd', 'e', '\0', + /* "travel-to-nature.ch", true */ 't', 'r', 'a', 'v', 'e', 'l', '-', 't', 'o', '-', 'n', 'a', 't', 'u', 'r', 'e', '.', 'c', 'h', '\0', + /* "travel365.it", true */ 't', 'r', 'a', 'v', 'e', 'l', '3', '6', '5', '.', 'i', 't', '\0', + /* "travelarmenia.org", true */ 't', 'r', 'a', 'v', 'e', 'l', 'a', 'r', 'm', 'e', 'n', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "traveling-thailand.info", true */ 't', 'r', 'a', 'v', 'e', 'l', 'i', 'n', 'g', '-', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'i', 'n', 'f', 'o', '\0', + /* "travellers.dating", true */ 't', 'r', 'a', 'v', 'e', 'l', 'l', 'e', 'r', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "travelling.expert", true */ 't', 'r', 'a', 'v', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'e', 'x', 'p', 'e', 'r', 't', '\0', + /* "travelmyth.ie", true */ 't', 'r', 'a', 'v', 'e', 'l', 'm', 'y', 't', 'h', '.', 'i', 'e', '\0', + /* "travelogue.jp", true */ 't', 'r', 'a', 'v', 'e', 'l', 'o', 'g', 'u', 'e', '.', 'j', 'p', '\0', + /* "travelpricecheck.com", true */ 't', 'r', 'a', 'v', 'e', 'l', 'p', 'r', 'i', 'c', 'e', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "travi.org", true */ 't', 'r', 'a', 'v', 'i', '.', 'o', 'r', 'g', '\0', + /* "travisf.net", true */ 't', 'r', 'a', 'v', 'i', 's', 'f', '.', 'n', 'e', 't', '\0', + /* "travisforte.io", true */ 't', 'r', 'a', 'v', 'i', 's', 'f', 'o', 'r', 't', 'e', '.', 'i', 'o', '\0', + /* "travisfranck.com", true */ 't', 'r', 'a', 'v', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "travler.net", true */ 't', 'r', 'a', 'v', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "trbanka.com", true */ 't', 'r', 'b', 'a', 'n', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "treasurydirect.gov", true */ 't', 'r', 'e', 'a', 's', 'u', 'r', 'y', 'd', 'i', 'r', 'e', 'c', 't', '.', 'g', 'o', 'v', '\0', + /* "treasuryhunt.gov", true */ 't', 'r', 'e', 'a', 's', 'u', 'r', 'y', 'h', 'u', 'n', 't', '.', 'g', 'o', 'v', '\0', + /* "treasuryscams.gov", true */ 't', 'r', 'e', 'a', 's', 'u', 'r', 'y', 's', 'c', 'a', 'm', 's', '.', 'g', 'o', 'v', '\0', + /* "treebaglia.xyz", true */ 't', 'r', 'e', 'e', 'b', 'a', 'g', 'l', 'i', 'a', '.', 'x', 'y', 'z', '\0', + /* "treehousebydesign.com", true */ 't', 'r', 'e', 'e', 'h', 'o', 'u', 's', 'e', 'b', 'y', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "treehouseresort.nl", true */ 't', 'r', 'e', 'e', 'h', 'o', 'u', 's', 'e', 'r', 'e', 's', 'o', 'r', 't', '.', 'n', 'l', '\0', + /* "trees.chat", true */ 't', 'r', 'e', 'e', 's', '.', 'c', 'h', 'a', 't', '\0', + /* "treeschat.com", true */ 't', 'r', 'e', 'e', 's', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "trefcon.cz", true */ 't', 'r', 'e', 'f', 'c', 'o', 'n', '.', 'c', 'z', '\0', + /* "trefpuntdemeent.nl", true */ 't', 'r', 'e', 'f', 'p', 'u', 'n', 't', 'd', 'e', 'm', 'e', 'e', 'n', 't', '.', 'n', 'l', '\0', + /* "treinaweb.com.br", false */ 't', 'r', 'e', 'i', 'n', 'a', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "treinonerd.com", true */ 't', 'r', 'e', 'i', 'n', 'o', 'n', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "trek-planet.ru", true */ 't', 'r', 'e', 'k', '-', 'p', 'l', 'a', 'n', 'e', 't', '.', 'r', 'u', '\0', + /* "trekfriend.com", true */ 't', 'r', 'e', 'k', 'f', 'r', 'i', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "tremlor.com", true */ 't', 'r', 'e', 'm', 'l', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "tremolosoftware.com", true */ 't', 'r', 'e', 'm', 'o', 'l', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "tremoureux.fr", true */ 't', 'r', 'e', 'm', 'o', 'u', 'r', 'e', 'u', 'x', '.', 'f', 'r', '\0', + /* "trendingpulse.com", true */ 't', 'r', 'e', 'n', 'd', 'i', 'n', 'g', 'p', 'u', 'l', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "trendisland.de", true */ 't', 'r', 'e', 'n', 'd', 'i', 's', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0', + /* "trendkraft.de", true */ 't', 'r', 'e', 'n', 'd', 'k', 'r', 'a', 'f', 't', '.', 'd', 'e', '\0', + /* "trendydips.com", true */ 't', 'r', 'e', 'n', 'd', 'y', 'd', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "trendykids.cz", true */ 't', 'r', 'e', 'n', 'd', 'y', 'k', 'i', 'd', 's', '.', 'c', 'z', '\0', + /* "trenta.io", true */ 't', 'r', 'e', 'n', 't', 'a', '.', 'i', 'o', '\0', + /* "trentmaydew.com", true */ 't', 'r', 'e', 'n', 't', 'm', 'a', 'y', 'd', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "tresorit.com", true */ 't', 'r', 'e', 's', 'o', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "tresorsecurity.com", true */ 't', 'r', 'e', 's', 'o', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "tretail.net", true */ 't', 'r', 'e', 't', 'a', 'i', 'l', '.', 'n', 'e', 't', '\0', + /* "tretkowski.de", true */ 't', 'r', 'e', 't', 'k', 'o', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0', + /* "trewe.eu", true */ 't', 'r', 'e', 'w', 'e', '.', 'e', 'u', '\0', + /* "trhastane.com", true */ 't', 'r', 'h', 'a', 's', 't', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "triage.com", true */ 't', 'r', 'i', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "triageo.com.au", true */ 't', 'r', 'i', 'a', 'g', 'e', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "trialcentralnet.com", true */ 't', 'r', 'i', 'a', 'l', 'c', 'e', 'n', 't', 'r', 'a', 'l', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "trianglecastles.co.uk", true */ 't', 'r', 'i', 'a', 'n', 'g', 'l', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tribac.de", true */ 't', 'r', 'i', 'b', 'a', 'c', '.', 'd', 'e', '\0', + /* "tribaldos.com", true */ 't', 'r', 'i', 'b', 'a', 'l', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "tribut.de", true */ 't', 'r', 'i', 'b', 'u', 't', '.', 'd', 'e', '\0', + /* "tributh.net", true */ 't', 'r', 'i', 'b', 'u', 't', 'h', '.', 'n', 'e', 't', '\0', + /* "trickedguys.com", true */ 't', 'r', 'i', 'c', 'k', 'e', 'd', 'g', 'u', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "triddi.com", true */ 't', 'r', 'i', 'd', 'd', 'i', '.', 'c', 'o', 'm', '\0', + /* "trident-online.de", true */ 't', 'r', 'i', 'd', 'e', 'n', 't', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "tridentflood.com", true */ 't', 'r', 'i', 'd', 'e', 'n', 't', 'f', 'l', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "trietment.com", true */ 't', 'r', 'i', 'e', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "trigardon-rg.de", true */ 't', 'r', 'i', 'g', 'a', 'r', 'd', 'o', 'n', '-', 'r', 'g', '.', 'd', 'e', '\0', + /* "trigular.de", true */ 't', 'r', 'i', 'g', 'u', 'l', 'a', 'r', '.', 'd', 'e', '\0', + /* "trik.es", false */ 't', 'r', 'i', 'k', '.', 'e', 's', '\0', + /* "trim-a-slab.com", true */ 't', 'r', 'i', 'm', '-', 'a', '-', 's', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "trimage.org", true */ 't', 'r', 'i', 'm', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "trimarchimanuele.it", true */ 't', 'r', 'i', 'm', 'a', 'r', 'c', 'h', 'i', 'm', 'a', 'n', 'u', 'e', 'l', 'e', '.', 'i', 't', '\0', + /* "trinary.ca", true */ 't', 'r', 'i', 'n', 'a', 'r', 'y', '.', 'c', 'a', '\0', + /* "trineco.com", true */ 't', 'r', 'i', 'n', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "trineco.fi", true */ 't', 'r', 'i', 'n', 'e', 'c', 'o', '.', 'f', 'i', '\0', + /* "trinitytechdev.com", true */ 't', 'r', 'i', 'n', 'i', 't', 'y', 't', 'e', 'c', 'h', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "trink-und-partyspiele.de", true */ 't', 'r', 'i', 'n', 'k', '-', 'u', 'n', 'd', '-', 'p', 'a', 'r', 't', 'y', 's', 'p', 'i', 'e', 'l', 'e', '.', 'd', 'e', '\0', + /* "trinnes.net", true */ 't', 'r', 'i', 'n', 'n', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "trio.online", true */ 't', 'r', 'i', 'o', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "triop.se", true */ 't', 'r', 'i', 'o', 'p', '.', 's', 'e', '\0', + /* "trior.net", true */ 't', 'r', 'i', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "tripcombi.com", true */ 't', 'r', 'i', 'p', 'c', 'o', 'm', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "triple-mmm.de", true */ 't', 'r', 'i', 'p', 'l', 'e', '-', 'm', 'm', 'm', '.', 'd', 'e', '\0', + /* "tripseats.com", true */ 't', 'r', 'i', 'p', 's', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "tripsinc.com", true */ 't', 'r', 'i', 'p', 's', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "trisportas.lt", true */ 't', 'r', 'i', 's', 'p', 'o', 'r', 't', 'a', 's', '.', 'l', 't', '\0', + /* "trixati.org.ua", true */ 't', 'r', 'i', 'x', 'a', 't', 'i', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0', + /* "trixexpressweb.nl", true */ 't', 'r', 'i', 'x', 'e', 'x', 'p', 'r', 'e', 's', 's', 'w', 'e', 'b', '.', 'n', 'l', '\0', + /* "triz.co.uk", true */ 't', 'r', 'i', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "trizone.com.au", true */ 't', 'r', 'i', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "trkpuls.tk", true */ 't', 'r', 'k', 'p', 'u', 'l', 's', '.', 't', 'k', '\0', + /* "trockendock.ch", true */ 't', 'r', 'o', 'c', 'k', 'e', 'n', 'd', 'o', 'c', 'k', '.', 'c', 'h', '\0', + /* "troedel-trolle.de", true */ 't', 'r', 'o', 'e', 'd', 'e', 'l', '-', 't', 'r', 'o', 'l', 'l', 'e', '.', 'd', 'e', '\0', + /* "troedelhannes.at", true */ 't', 'r', 'o', 'e', 'd', 'e', 'l', 'h', 'a', 'n', 'n', 'e', 's', '.', 'a', 't', '\0', + /* "troianet.com.br", true */ 't', 'r', 'o', 'i', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "troisdorf-gestalten.de", true */ 't', 'r', 'o', 'i', 's', 'd', 'o', 'r', 'f', '-', 'g', 'e', 's', 't', 'a', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "trollingeffects.org", true */ 't', 'r', 'o', 'l', 'l', 'i', 'n', 'g', 'e', 'f', 'f', 'e', 'c', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "trollmoa.se", true */ 't', 'r', 'o', 'l', 'l', 'm', 'o', 'a', '.', 's', 'e', '\0', + /* "trommelwirbel.com", true */ 't', 'r', 'o', 'm', 'm', 'e', 'l', 'w', 'i', 'r', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "tronatic-studio.com", true */ 't', 'r', 'o', 'n', 'a', 't', 'i', 'c', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "trondelan.no", true */ 't', 'r', 'o', 'n', 'd', 'e', 'l', 'a', 'n', '.', 'n', 'o', '\0', + /* "tronflix.com", true */ 't', 'r', 'o', 'n', 'f', 'l', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "trophee-discount.com", true */ 't', 'r', 'o', 'p', 'h', 'e', 'e', '-', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "tropicalserver.com", true */ 't', 'r', 'o', 'p', 'i', 'c', 'a', 'l', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "trotec.com", true */ 't', 'r', 'o', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "trouweninoverijssel.nl", true */ 't', 'r', 'o', 'u', 'w', 'e', 'n', 'i', 'n', 'o', 'v', 'e', 'r', 'i', 'j', 's', 's', 'e', 'l', '.', 'n', 'l', '\0', + /* "trovaprezzi.it", true */ 't', 'r', 'o', 'v', 'a', 'p', 'r', 'e', 'z', 'z', 'i', '.', 'i', 't', '\0', + /* "troyfawkes.com", true */ 't', 'r', 'o', 'y', 'f', 'a', 'w', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "troyhuntsucks.com", true */ 't', 'r', 'o', 'y', 'h', 'u', 'n', 't', 's', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "trs.tn", true */ 't', 'r', 's', '.', 't', 'n', '\0', + /* "trtltravel.com", true */ 't', 'r', 't', 'l', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "tru.ltd", true */ 't', 'r', 'u', '.', 'l', 't', 'd', '\0', + /* "truckersmp.com", true */ 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', 'm', 'p', '.', 'c', 'o', 'm', '\0', + /* "truckerswereld.nl", false */ 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', 'w', 'e', 'r', 'e', 'l', 'd', '.', 'n', 'l', '\0', + /* "truckstop-magazin.de", false */ 't', 'r', 'u', 'c', 'k', 's', 't', 'o', 'p', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0', + /* "true-itk.de", true */ 't', 'r', 'u', 'e', '-', 'i', 't', 'k', '.', 'd', 'e', '\0', + /* "trueblueessentials.com", true */ 't', 'r', 'u', 'e', 'b', 'l', 'u', 'e', 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "trueinstincts.ca", true */ 't', 'r', 'u', 'e', 'i', 'n', 's', 't', 'i', 'n', 'c', 't', 's', '.', 'c', 'a', '\0', + /* "truejob.com", true */ 't', 'r', 'u', 'e', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0', + /* "truekey.com", true */ 't', 'r', 'u', 'e', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "truerizm.ru", true */ 't', 'r', 'u', 'e', 'r', 'i', 'z', 'm', '.', 'r', 'u', '\0', + /* "truestaradvisors.com", true */ 't', 'r', 'u', 'e', 's', 't', 'a', 'r', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "truesteamachievements.com", true */ 't', 'r', 'u', 'e', 's', 't', 'e', 'a', 'm', 'a', 'c', 'h', 'i', 'e', 'v', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "truestor.com", true */ 't', 'r', 'u', 'e', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "trueteaching.com", true */ 't', 'r', 'u', 'e', 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "truetrophies.com", true */ 't', 'r', 'u', 'e', 't', 'r', 'o', 'p', 'h', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "trufflemonkey.co.uk", true */ 't', 'r', 'u', 'f', 'f', 'l', 'e', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "trulance.com", true */ 't', 'r', 'u', 'l', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "trumanlibrary.org", true */ 't', 'r', 'u', 'm', 'a', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "trumeet.top", true */ 't', 'r', 'u', 'm', 'e', 'e', 't', '.', 't', 'o', 'p', '\0', + /* "trunk-show.net", true */ 't', 'r', 'u', 'n', 'k', '-', 's', 'h', 'o', 'w', '.', 'n', 'e', 't', '\0', + /* "truserve.org", true */ 't', 'r', 'u', 's', 'e', 'r', 'v', 'e', '.', 'o', 'r', 'g', '\0', + /* "trush.in", true */ 't', 'r', 'u', 's', 'h', '.', 'i', 'n', '\0', + /* "trusitio.com", true */ 't', 'r', 'u', 's', 'i', 't', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "trustcase.com", true */ 't', 'r', 'u', 's', 't', 'c', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "trustfield.ch", true */ 't', 'r', 'u', 's', 't', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'h', '\0', + /* "truthmessages.pw", true */ 't', 'r', 'u', 't', 'h', 'm', 'e', 's', 's', 'a', 'g', 'e', 's', '.', 'p', 'w', '\0', + /* "trw-reseller.com", true */ 't', 'r', 'w', '-', 'r', 'e', 's', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "trybabyschoice.com", true */ 't', 'r', 'y', 'b', 'a', 'b', 'y', 's', 'c', 'h', 'o', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "tryfabulousdiet.com", true */ 't', 'r', 'y', 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 'd', 'i', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "tryfabulousskincream.com", true */ 't', 'r', 'y', 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 's', 'k', 'i', 'n', 'c', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "tryfabulousskinserum.com", true */ 't', 'r', 'y', 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 's', 'k', 'i', 'n', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "tryhard.cz", true */ 't', 'r', 'y', 'h', 'a', 'r', 'd', '.', 'c', 'z', '\0', + /* "trymegadrol.com", true */ 't', 'r', 'y', 'm', 'e', 'g', 'a', 'd', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "trynta.com", true */ 't', 'r', 'y', 'n', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "trynta.net", true */ 't', 'r', 'y', 'n', 't', 'a', '.', 'n', 'e', 't', '\0', + /* "tryupdates.com", true */ 't', 'r', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "trywesayyes.com", true */ 't', 'r', 'y', 'w', 'e', 's', 'a', 'y', 'y', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "trzepak.pl", true */ 't', 'r', 'z', 'e', 'p', 'a', 'k', '.', 'p', 'l', '\0', + /* "ts-publishers.com", true */ 't', 's', '-', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "tsa-sucks.com", true */ 't', 's', 'a', '-', 's', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "tschuermans.be", true */ 't', 's', 'c', 'h', 'u', 'e', 'r', 'm', 'a', 'n', 's', '.', 'b', 'e', '\0', + /* "tsedryk.ca", true */ 't', 's', 'e', 'd', 'r', 'y', 'k', '.', 'c', 'a', '\0', + /* "tsgbit.net", true */ 't', 's', 'g', 'b', 'i', 't', '.', 'n', 'e', 't', '\0', + /* "tsicons.com", true */ 't', 's', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "tsigaradiko.com", true */ 't', 's', 'i', 'g', 'a', 'r', 'a', 'd', 'i', 'k', 'o', '.', 'c', 'o', 'm', '\0', + /* "tsironis-olivenoel.de", true */ 't', 's', 'i', 'r', 'o', 'n', 'i', 's', '-', 'o', 'l', 'i', 'v', 'e', 'n', 'o', 'e', 'l', '.', 'd', 'e', '\0', + /* "tsng-stg.tk", true */ 't', 's', 'n', 'g', '-', 's', 't', 'g', '.', 't', 'k', '\0', + /* "tsng.co.jp", true */ 't', 's', 'n', 'g', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "tstrubberstamp.com", true */ 't', 's', 't', 'r', 'u', 'b', 'b', 'e', 'r', 's', 't', 'a', 'm', 'p', '.', 'c', 'o', 'm', '\0', + /* "tsugi.fr", true */ 't', 's', 'u', 'g', 'i', '.', 'f', 'r', '\0', + /* "tsukhani.com", true */ 't', 's', 'u', 'k', 'h', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "tsuki.moe", true */ 't', 's', 'u', 'k', 'i', '.', 'm', 'o', 'e', '\0', + /* "tsukuba.style", true */ 't', 's', 'u', 'k', 'u', 'b', 'a', '.', 's', 't', 'y', 'l', 'e', '\0', + /* "tsumegumi.com", true */ 't', 's', 'u', 'm', 'e', 'g', 'u', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "tsumi.it", true */ 't', 's', 'u', 'm', 'i', '.', 'i', 't', '\0', + /* "tsumi.moe", true */ 't', 's', 'u', 'm', 'i', '.', 'm', 'o', 'e', '\0', + /* "tsundere.moe", true */ 't', 's', 'u', 'n', 'd', 'e', 'r', 'e', '.', 'm', 'o', 'e', '\0', + /* "tsura.org", true */ 't', 's', 'u', 'r', 'a', '.', 'o', 'r', 'g', '\0', + /* "tsuyuzakihiroyuki.com", true */ 't', 's', 'u', 'y', 'u', 'z', 'a', 'k', 'i', 'h', 'i', 'r', 'o', 'y', 'u', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "tsv-1894.de", true */ 't', 's', 'v', '-', '1', '8', '9', '4', '.', 'd', 'e', '\0', + /* "ttb.gov", true */ 't', 't', 'b', '.', 'g', 'o', 'v', '\0', + /* "ttbonline.gov", true */ 't', 't', 'b', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0', + /* "ttcaarberg.ch", true */ 't', 't', 'c', 'a', 'a', 'r', 'b', 'e', 'r', 'g', '.', 'c', 'h', '\0', + /* "ttcf.ca", true */ 't', 't', 'c', 'f', '.', 'c', 'a', '\0', + /* "ttchan.org", true */ 't', 't', 'c', 'h', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "ttdsevaonline.com", true */ 't', 't', 'd', 's', 'e', 'v', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "ttll.de", true */ 't', 't', 'l', 'l', '.', 'd', 'e', '\0', + /* "ttsoft.pl", true */ 't', 't', 's', 'o', 'f', 't', '.', 'p', 'l', '\0', + /* "ttsweb.org", true */ 't', 't', 's', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0', + /* "ttt.tt", true */ 't', 't', 't', '.', 't', 't', '\0', + /* "ttuwiki.ee", true */ 't', 't', 'u', 'w', 'i', 'k', 'i', '.', 'e', 'e', '\0', + /* "ttuwiki.org", true */ 't', 't', 'u', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "tty.space", true */ 't', 't', 'y', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "ttz.im", true */ 't', 't', 'z', '.', 'i', 'm', '\0', + /* "tu6.pm", true */ 't', 'u', '6', '.', 'p', 'm', '\0', + /* "tubanten.nl", true */ 't', 'u', 'b', 'a', 'n', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "tube.tools", true */ 't', 'u', 'b', 'e', '.', 't', 'o', 'o', 'l', 's', '\0', + /* "tubejack.nl", true */ 't', 'u', 'b', 'e', 'j', 'a', 'c', 'k', '.', 'n', 'l', '\0', + /* "tubeju.com", true */ 't', 'u', 'b', 'e', 'j', 'u', '.', 'c', 'o', 'm', '\0', + /* "tuberecht.de", true */ 't', 'u', 'b', 'e', 'r', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0', + /* "tubs4fun.co.uk", true */ 't', 'u', 'b', 's', '4', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tubul.net", true */ 't', 'u', 'b', 'u', 'l', '.', 'n', 'e', 't', '\0', + /* "tucny.com", true */ 't', 'u', 'c', 'n', 'y', '.', 'c', 'o', 'm', '\0', + /* "tucsonfcu.com", true */ 't', 'u', 'c', 's', 'o', 'n', 'f', 'c', 'u', '.', 'c', 'o', 'm', '\0', + /* "tucuxi.org", true */ 't', 'u', 'c', 'u', 'x', 'i', '.', 'o', 'r', 'g', '\0', + /* "tudiennhakhoa.com", true */ 't', 'u', 'd', 'i', 'e', 'n', 'n', 'h', 'a', 'k', 'h', 'o', 'a', '.', 'c', 'o', 'm', '\0', + /* "tudorproject.org", true */ 't', 'u', 'd', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "tueche.com.ar", true */ 't', 'u', 'e', 'c', 'h', 'e', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "tufilo.com", true */ 't', 'u', 'f', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0', + /* "tuincentersnaet.be", true */ 't', 'u', 'i', 'n', 'c', 'e', 'n', 't', 'e', 'r', 's', 'n', 'a', 'e', 't', '.', 'b', 'e', '\0', + /* "tuingereedschappen.net", false */ 't', 'u', 'i', 'n', 'g', 'e', 'r', 'e', 'e', 'd', 's', 'c', 'h', 'a', 'p', 'p', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "tuitle.com", true */ 't', 'u', 'i', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "tuja.hu", true */ 't', 'u', 'j', 'a', '.', 'h', 'u', '\0', + /* "tulsameetingroom.com", true */ 't', 'u', 'l', 's', 'a', 'm', 'e', 'e', 't', 'i', 'n', 'g', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "tumagiri.net", true */ 't', 'u', 'm', 'a', 'g', 'i', 'r', 'i', '.', 'n', 'e', 't', '\0', + /* "tumblenfun.com", true */ 't', 'u', 'm', 'b', 'l', 'e', 'n', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "tumedico.es", true */ 't', 'u', 'm', 'e', 'd', 'i', 'c', 'o', '.', 'e', 's', '\0', + /* "tumelum.de", true */ 't', 'u', 'm', 'e', 'l', 'u', 'm', '.', 'd', 'e', '\0', + /* "tuminauskas.lt", true */ 't', 'u', 'm', 'i', 'n', 'a', 'u', 's', 'k', 'a', 's', '.', 'l', 't', '\0', + /* "tumutanzi.com", true */ 't', 'u', 'm', 'u', 't', 'a', 'n', 'z', 'i', '.', 'c', 'o', 'm', '\0', + /* "tune-web.de", true */ 't', 'u', 'n', 'e', '-', 'w', 'e', 'b', '.', 'd', 'e', '\0', + /* "tunefish-entertainment.de", true */ 't', 'u', 'n', 'e', 'f', 'i', 's', 'h', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'd', 'e', '\0', + /* "tuner.cloud", true */ 't', 'u', 'n', 'e', 'r', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "tuning-werkstatt-nuernberg.de", true */ 't', 'u', 'n', 'i', 'n', 'g', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '-', 'n', 'u', 'e', 'r', 'n', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0', + /* "tuningblog.eu", false */ 't', 'u', 'n', 'i', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'e', 'u', '\0', + /* "tunnelblick.net", true */ 't', 'u', 'n', 'n', 'e', 'l', 'b', 'l', 'i', 'c', 'k', '.', 'n', 'e', 't', '\0', + /* "tunnelwatch.com", true */ 't', 'u', 'n', 'n', 'e', 'l', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "tuntitili.fi", true */ 't', 'u', 'n', 't', 'i', 't', 'i', 'l', 'i', '.', 'f', 'i', '\0', + /* "tupa-germania.ru", true */ 't', 'u', 'p', 'a', '-', 'g', 'e', 'r', 'm', 'a', 'n', 'i', 'a', '.', 'r', 'u', '\0', + /* "tupeuxpastest.ch", true */ 't', 'u', 'p', 'e', 'u', 'x', 'p', 'a', 's', 't', 'e', 's', 't', '.', 'c', 'h', '\0', + /* "tuppenceworth.ie", true */ 't', 'u', 'p', 'p', 'e', 'n', 'c', 'e', 'w', 'o', 'r', 't', 'h', '.', 'i', 'e', '\0', + /* "turbobit.ch", true */ 't', 'u', 'r', 'b', 'o', 'b', 'i', 't', '.', 'c', 'h', '\0', + /* "turigum.com", true */ 't', 'u', 'r', 'i', 'g', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "turismo.cl", true */ 't', 'u', 'r', 'i', 's', 'm', 'o', '.', 'c', 'l', '\0', + /* "turkish.dating", true */ 't', 'u', 'r', 'k', 'i', 's', 'h', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "turncircles.com", true */ 't', 'u', 'r', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "turnoffthelights.com", true */ 't', 'u', 'r', 'n', 'o', 'f', 'f', 't', 'h', 'e', 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "turnonsocial.com", true */ 't', 'u', 'r', 'n', 'o', 'n', 's', 'o', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "turpinpesage.fr", true */ 't', 'u', 'r', 'p', 'i', 'n', 'p', 'e', 's', 'a', 'g', 'e', '.', 'f', 'r', '\0', + /* "tursiae.org", true */ 't', 'u', 'r', 's', 'i', 'a', 'e', '.', 'o', 'r', 'g', '\0', + /* "turtle.ai", true */ 't', 'u', 'r', 't', 'l', 'e', '.', 'a', 'i', '\0', + /* "turtleduckstudios.com", true */ 't', 'u', 'r', 't', 'l', 'e', 'd', 'u', 'c', 'k', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "turtlepwr.com", true */ 't', 'u', 'r', 't', 'l', 'e', 'p', 'w', 'r', '.', 'c', 'o', 'm', '\0', + /* "turtles.ga", true */ 't', 'u', 'r', 't', 'l', 'e', 's', '.', 'g', 'a', '\0', + /* "tutanota.com", true */ 't', 'u', 't', 'a', 'n', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "tuto-craft.com", true */ 't', 'u', 't', 'o', '-', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "tutoragency.org", true */ 't', 'u', 't', 'o', 'r', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'o', 'r', 'g', '\0', + /* "tutorialinux.com", true */ 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0', + /* "tutorio.ga", true */ 't', 'u', 't', 'o', 'r', 'i', 'o', '.', 'g', 'a', '\0', + /* "tuts4you.com", true */ 't', 'u', 't', 's', '4', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "tuttimundi.org", true */ 't', 'u', 't', 't', 'i', 'm', 'u', 'n', 'd', 'i', '.', 'o', 'r', 'g', '\0', + /* "tuttoandroid.net", true */ 't', 'u', 't', 't', 'o', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'n', 'e', 't', '\0', + /* "tuvangoicuoc.com", true */ 't', 'u', 'v', 'a', 'n', 'g', 'o', 'i', 'c', 'u', 'o', 'c', '.', 'c', 'o', 'm', '\0', + /* "tuxcloud.net", true */ 't', 'u', 'x', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0', + /* "tuxflow.de", true */ 't', 'u', 'x', 'f', 'l', 'o', 'w', '.', 'd', 'e', '\0', + /* "tuxgeo.com", false */ 't', 'u', 'x', 'g', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "tuxie.com", true */ 't', 'u', 'x', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "tuxlife.net", true */ 't', 'u', 'x', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0', + /* "tuxpeliculas.com", true */ 't', 'u', 'x', 'p', 'e', 'l', 'i', 'c', 'u', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "tuxplace.nl", true */ 't', 'u', 'x', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'l', '\0', + /* "tuxtimo.me", true */ 't', 'u', 'x', 't', 'i', 'm', 'o', '.', 'm', 'e', '\0', + /* "tuzaijidi.com", true */ 't', 'u', 'z', 'a', 'i', 'j', 'i', 'd', 'i', '.', 'c', 'o', 'm', '\0', + /* "tv2vie.org", false */ 't', 'v', '2', 'v', 'i', 'e', '.', 'o', 'r', 'g', '\0', + /* "tvbeugels.nl", false */ 't', 'v', 'b', 'e', 'u', 'g', 'e', 'l', 's', '.', 'n', 'l', '\0', + /* "tvc.red", true */ 't', 'v', 'c', '.', 'r', 'e', 'd', '\0', + /* "tvcal.net", true */ 't', 'v', 'c', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "tvcmarketing.com", true */ 't', 'v', 'c', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "tver-msk.ru", true */ 't', 'v', 'e', 'r', '-', 'm', 's', 'k', '.', 'r', 'u', '\0', + /* "tverskaya-outlet.ru", true */ 't', 'v', 'e', 'r', 's', 'k', 'a', 'y', 'a', '-', 'o', 'u', 't', 'l', 'e', 't', '.', 'r', 'u', '\0', + /* "tvoru.com.ua", true */ 't', 'v', 'o', 'r', 'u', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "tvs-virtual.cz", true */ 't', 'v', 's', '-', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'z', '\0', + /* "tvsheerenhoek.nl", true */ 't', 'v', 's', 'h', 'e', 'e', 'r', 'e', 'n', 'h', 'o', 'e', 'k', '.', 'n', 'l', '\0', + /* "tw.search.yahoo.com", false */ 't', 'w', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "twaka.com", true */ 't', 'w', 'a', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "twb.berlin", true */ 't', 'w', 'b', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0', + /* "twd2.me", true */ 't', 'w', 'd', '2', '.', 'm', 'e', '\0', + /* "twd2.net", false */ 't', 'w', 'd', '2', '.', 'n', 'e', 't', '\0', + /* "tweakers.net", true */ 't', 'w', 'e', 'a', 'k', 'e', 'r', 's', '.', 'n', 'e', 't', '\0', + /* "tweakersbadge.nl", true */ 't', 'w', 'e', 'a', 'k', 'e', 'r', 's', 'b', 'a', 'd', 'g', 'e', '.', 'n', 'l', '\0', + /* "tweaktown.com", true */ 't', 'w', 'e', 'a', 'k', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "twelve.rocks", true */ 't', 'w', 'e', 'l', 'v', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "twelve.today", true */ 't', 'w', 'e', 'l', 'v', 'e', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "twem.ddns.net", true */ 't', 'w', 'e', 'm', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "twenty71.com", true */ 't', 'w', 'e', 'n', 't', 'y', '7', '1', '.', 'c', 'o', 'm', '\0', + /* "twentymilliseconds.com", true */ 't', 'w', 'e', 'n', 't', 'y', 'm', 'i', 'l', 'l', 'i', 's', 'e', 'c', 'o', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "twilleys.com", true */ 't', 'w', 'i', 'l', 'l', 'e', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "twincitynissantxparts.com", true */ 't', 'w', 'i', 'n', 'c', 'i', 't', 'y', 'n', 'i', 's', 's', 'a', 'n', 't', 'x', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "twinkseason.com", true */ 't', 'w', 'i', 'n', 'k', 's', 'e', 'a', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "twisata.com", true */ 't', 'w', 'i', 's', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "twistapp.com", true */ 't', 'w', 'i', 's', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "twisted-brains.org", true */ 't', 'w', 'i', 's', 't', 'e', 'd', '-', 'b', 'r', 'a', 'i', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "twistedwave.com", true */ 't', 'w', 'i', 's', 't', 'e', 'd', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "twisto.cz", true */ 't', 'w', 'i', 's', 't', 'o', '.', 'c', 'z', '\0', + /* "twit-guide.com", true */ 't', 'w', 'i', 't', '-', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "twitter.com", false */ 't', 'w', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "twitteroauth.com", true */ 't', 'w', 'i', 't', 't', 'e', 'r', 'o', 'a', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "twizzkidzinflatables.co.uk", true */ 't', 'w', 'i', 'z', 'z', 'k', 'i', 'd', 'z', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "twlan.org", true */ 't', 'w', 'l', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "twodadsgames.com", true */ 't', 'w', 'o', 'd', 'a', 'd', 's', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "twofactorauth.org", true */ 't', 'w', 'o', 'f', 'a', 'c', 't', 'o', 'r', 'a', 'u', 't', 'h', '.', 'o', 'r', 'g', '\0', + /* "twohuo.com", true */ 't', 'w', 'o', 'h', 'u', 'o', '.', 'c', 'o', 'm', '\0', + /* "twojfaktum.pl", true */ 't', 'w', 'o', 'j', 'f', 'a', 'k', 't', 'u', 'm', '.', 'p', 'l', '\0', + /* "twolanedesign.com", true */ 't', 'w', 'o', 'l', 'a', 'n', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "twoo.com", true */ 't', 'w', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "twopif.net", true */ 't', 'w', 'o', 'p', 'i', 'f', '.', 'n', 'e', 't', '\0', + /* "tworaz.net", true */ 't', 'w', 'o', 'r', 'a', 'z', '.', 'n', 'e', 't', '\0', + /* "twun.io", true */ 't', 'w', 'u', 'n', '.', 'i', 'o', '\0', + /* "twuni.org", true */ 't', 'w', 'u', 'n', 'i', '.', 'o', 'r', 'g', '\0', + /* "txcap.org", true */ 't', 'x', 'c', 'a', 'p', '.', 'o', 'r', 'g', '\0', + /* "txdivorce.org", true */ 't', 'x', 'd', 'i', 'v', 'o', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "txi.su", true */ 't', 'x', 'i', '.', 's', 'u', '\0', + /* "txlrs.org", true */ 't', 'x', 'l', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "txm.pl", true */ 't', 'x', 'm', '.', 'p', 'l', '\0', + /* "tyche.io", true */ 't', 'y', 'c', 'h', 'e', '.', 'i', 'o', '\0', + /* "tycjt.vip", true */ 't', 'y', 'c', 'j', 't', '.', 'v', 'i', 'p', '\0', + /* "tyil.nl", true */ 't', 'y', 'i', 'l', '.', 'n', 'l', '\0', + /* "tyil.work", true */ 't', 'y', 'i', 'l', '.', 'w', 'o', 'r', 'k', '\0', + /* "tyl.io", true */ 't', 'y', 'l', '.', 'i', 'o', '\0', + /* "tyler.rs", true */ 't', 'y', 'l', 'e', 'r', '.', 'r', 's', '\0', + /* "tylerdavies.net", true */ 't', 'y', 'l', 'e', 'r', 'd', 'a', 'v', 'i', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "tylerfreedman.com", true */ 't', 'y', 'l', 'e', 'r', 'f', 'r', 'e', 'e', 'd', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "tylerharcourt.ca", true */ 't', 'y', 'l', 'e', 'r', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'c', 'a', '\0', + /* "tylerharcourt.net", true */ 't', 'y', 'l', 'e', 'r', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'n', 'e', 't', '\0', + /* "tylerharcourt.org", true */ 't', 'y', 'l', 'e', 'r', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'o', 'r', 'g', '\0', + /* "tyleromeara.com", true */ 't', 'y', 'l', 'e', 'r', 'o', 'm', 'e', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "tylerschmidtke.com", true */ 't', 'y', 'l', 'e', 'r', 's', 'c', 'h', 'm', 'i', 'd', 't', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "type1joe.com", true */ 't', 'y', 'p', 'e', '1', 'j', 'o', 'e', '.', 'c', 'o', 'm', '\0', + /* "type1joe.net", true */ 't', 'y', 'p', 'e', '1', 'j', 'o', 'e', '.', 'n', 'e', 't', '\0', + /* "type1joe.org", true */ 't', 'y', 'p', 'e', '1', 'j', 'o', 'e', '.', 'o', 'r', 'g', '\0', + /* "typeblog.net", true */ 't', 'y', 'p', 'e', 'b', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0', + /* "typecodes.com", true */ 't', 'y', 'p', 'e', 'c', 'o', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "typehub.net", true */ 't', 'y', 'p', 'e', 'h', 'u', 'b', '.', 'n', 'e', 't', '\0', + /* "typeonejoe.com", true */ 't', 'y', 'p', 'e', 'o', 'n', 'e', 'j', 'o', 'e', '.', 'c', 'o', 'm', '\0', + /* "typeonejoe.net", true */ 't', 'y', 'p', 'e', 'o', 'n', 'e', 'j', 'o', 'e', '.', 'n', 'e', 't', '\0', + /* "typeonejoe.org", true */ 't', 'y', 'p', 'e', 'o', 'n', 'e', 'j', 'o', 'e', '.', 'o', 'r', 'g', '\0', + /* "typeria.net", true */ 't', 'y', 'p', 'e', 'r', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "typewolf.com", true */ 't', 'y', 'p', 'e', 'w', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0', + /* "typing.com", true */ 't', 'y', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "typist.tech", true */ 't', 'y', 'p', 'i', 's', 't', '.', 't', 'e', 'c', 'h', '\0', + /* "typo3.com", true */ 't', 'y', 'p', 'o', '3', '.', 'c', 'o', 'm', '\0', + /* "tyroremotes.co.uk", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "tyroremotes.es", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'e', 's', '\0', + /* "tyroremotes.fr", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'f', 'r', '\0', + /* "tyroremotes.nl", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'n', 'l', '\0', + /* "tysox.de", true */ 't', 'y', 's', 'o', 'x', '.', 'd', 'e', '\0', + /* "tyuo-keibi.co.jp", true */ 't', 'y', 'u', 'o', '-', 'k', 'e', 'i', 'b', 'i', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "tzifas.com", true */ 't', 'z', 'i', 'f', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "u-master.net", true */ 'u', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "u-tokyo.club", true */ 'u', '-', 't', 'o', 'k', 'y', 'o', '.', 'c', 'l', 'u', 'b', '\0', + /* "u.nu", true */ 'u', '.', 'n', 'u', '\0', + /* "u03.fr", true */ 'u', '0', '3', '.', 'f', 'r', '\0', + /* "u1100.com", true */ 'u', '1', '1', '0', '0', '.', 'c', 'o', 'm', '\0', + /* "u1144.com", true */ 'u', '1', '1', '4', '4', '.', 'c', 'o', 'm', '\0', + /* "u2fanlife.com", true */ 'u', '2', 'f', 'a', 'n', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "u2fsecuritykeys.com", true */ 'u', '2', 'f', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'k', 'e', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "u4mh-dev-accesscontroller.azurewebsites.net", true */ 'u', '4', 'm', 'h', '-', 'd', 'e', 'v', '-', 'a', 'c', 'c', 'e', 's', 's', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'l', 'e', 'r', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "u4mh-dev-portal.azurewebsites.net", true */ 'u', '4', 'm', 'h', '-', 'd', 'e', 'v', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "u5b.de", false */ 'u', '5', 'b', '.', 'd', 'e', '\0', + /* "u5r.nl", true */ 'u', '5', 'r', '.', 'n', 'l', '\0', + /* "ua.search.yahoo.com", false */ 'u', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "uae-company-service.com", true */ 'u', 'a', 'e', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "uangteman.com", true */ 'u', 'a', 'n', 'g', 't', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "uasmi.com", false */ 'u', 'a', 's', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "uat-activesg.com", true */ 'u', 'a', 't', '-', 'a', 'c', 't', 'i', 'v', 'e', 's', 'g', '.', 'c', 'o', 'm', '\0', + /* "uatgootax.ru", true */ 'u', 'a', 't', 'g', 'o', 'o', 't', 'a', 'x', '.', 'r', 'u', '\0', + /* "ub3rk1tten.com", false */ 'u', 'b', '3', 'r', 'k', '1', 't', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "ubalert.com", true */ 'u', 'b', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "ubanquity.com", true */ 'u', 'b', 'a', 'n', 'q', 'u', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "uberboxen.net", true */ 'u', 'b', 'e', 'r', 'b', 'o', 'x', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "ubermail.me", true */ 'u', 'b', 'e', 'r', 'm', 'a', 'i', 'l', '.', 'm', 'e', '\0', + /* "ubertt.org", true */ 'u', 'b', 'e', 'r', 't', 't', '.', 'o', 'r', 'g', '\0', + /* "uberwald.de", true */ 'u', 'b', 'e', 'r', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0', + /* "uberwald.ws", true */ 'u', 'b', 'e', 'r', 'w', 'a', 'l', 'd', '.', 'w', 's', '\0', + /* "ubineering.de", true */ 'u', 'b', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "ublaboo.org", true */ 'u', 'b', 'l', 'a', 'b', 'o', 'o', '.', 'o', 'r', 'g', '\0', + /* "ubtce.com", true */ 'u', 'b', 't', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "ucac.nz", false */ 'u', 'c', 'a', 'c', '.', 'n', 'z', '\0', + /* "ucangiller.com", true */ 'u', 'c', 'a', 'n', 'g', 'i', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "ucch.be", true */ 'u', 'c', 'c', 'h', '.', 'b', 'e', '\0', + /* "ucfirst.nl", true */ 'u', 'c', 'f', 'i', 'r', 's', 't', '.', 'n', 'l', '\0', + /* "uchargeapp.com", true */ 'u', 'c', 'h', 'a', 'r', 'g', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "uclanmasterplan.co.uk", true */ 'u', 'c', 'l', 'a', 'n', 'm', 'a', 's', 't', 'e', 'r', 'p', 'l', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ucppe.org", true */ 'u', 'c', 'p', 'p', 'e', '.', 'o', 'r', 'g', '\0', + /* "ucrdatatool.gov", true */ 'u', 'c', 'r', 'd', 'a', 't', 'a', 't', 'o', 'o', 'l', '.', 'g', 'o', 'v', '\0', + /* "uctarna.online", true */ 'u', 'c', 't', 'a', 'r', 'n', 'a', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "udbhav.me", true */ 'u', 'd', 'b', 'h', 'a', 'v', '.', 'm', 'e', '\0', + /* "udo-luetkemeier.de", true */ 'u', 'd', 'o', '-', 'l', 'u', 'e', 't', 'k', 'e', 'm', 'e', 'i', 'e', 'r', '.', 'd', 'e', '\0', + /* "udomain.net", true */ 'u', 'd', 'o', 'm', 'a', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "udp.sh", false */ 'u', 'd', 'p', '.', 's', 'h', '\0', + /* "udruga-point.hr", true */ 'u', 'd', 'r', 'u', 'g', 'a', '-', 'p', 'o', 'i', 'n', 't', '.', 'h', 'r', '\0', + /* "ueba1085.jp", true */ 'u', 'e', 'b', 'a', '1', '0', '8', '5', '.', 'j', 'p', '\0', + /* "ueberwachungspaket.at", true */ 'u', 'e', 'b', 'e', 'r', 'w', 'a', 'c', 'h', 'u', 'n', 'g', 's', 'p', 'a', 'k', 'e', 't', '.', 'a', 't', '\0', + /* "uedaviolin.com", true */ 'u', 'e', 'd', 'a', 'v', 'i', 'o', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "uel-thompson-okanagan.ca", true */ 'u', 'e', 'l', '-', 't', 'h', 'o', 'm', 'p', 's', 'o', 'n', '-', 'o', 'k', 'a', 'n', 'a', 'g', 'a', 'n', '.', 'c', 'a', '\0', + /* "ueni.com", true */ 'u', 'e', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "uerdingen.info", true */ 'u', 'e', 'r', 'd', 'i', 'n', 'g', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "uesociedadlimitada.com", true */ 'u', 'e', 's', 'o', 'c', 'i', 'e', 'd', 'a', 'd', 'l', 'i', 'm', 'i', 't', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "uevan.com", true */ 'u', 'e', 'v', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "uex.im", true */ 'u', 'e', 'x', '.', 'i', 'm', '\0', + /* "ufanisi.mx", true */ 'u', 'f', 'a', 'n', 'i', 's', 'i', '.', 'm', 'x', '\0', + /* "ufindme.at", true */ 'u', 'f', 'i', 'n', 'd', 'm', 'e', '.', 'a', 't', '\0', + /* "uflixit.com", true */ 'u', 'f', 'l', 'i', 'x', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "ufo.moe", true */ 'u', 'f', 'o', '.', 'm', 'o', 'e', '\0', + /* "ufplanets.com", true */ 'u', 'f', 'p', 'l', 'a', 'n', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "ugcdn.com", true */ 'u', 'g', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0', + /* "uggedal.com", true */ 'u', 'g', 'g', 'e', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "uhc.gg", true */ 'u', 'h', 'c', '.', 'g', 'g', '\0', + /* "uhrenlux.de", true */ 'u', 'h', 'r', 'e', 'n', 'l', 'u', 'x', '.', 'd', 'e', '\0', + /* "uhuru-market.com", true */ 'u', 'h', 'u', 'r', 'u', '-', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "ui8.net", true */ 'u', 'i', '8', '.', 'n', 'e', 't', '\0', + /* "uicchy.com", true */ 'u', 'i', 'c', 'c', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "uiop.link", true */ 'u', 'i', 'o', 'p', '.', 'l', 'i', 'n', 'k', '\0', + /* "uitgeverij-deviant.nl", true */ 'u', 'i', 't', 'g', 'e', 'v', 'e', 'r', 'i', 'j', '-', 'd', 'e', 'v', 'i', 'a', 'n', 't', '.', 'n', 'l', '\0', + /* "ujob.com.cn", true */ 'u', 'j', 'o', 'b', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0', + /* "uk.dating", true */ 'u', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "uk.search.yahoo.com", false */ 'u', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "ukchemicalresearch.org", false */ 'u', 'k', 'c', 'h', 'e', 'm', 'i', 'c', 'a', 'l', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "ukclimbing.com", true */ 'u', 'k', 'c', 'l', 'i', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "ukdefencejournal.org.uk", true */ 'u', 'k', 'd', 'e', 'f', 'e', 'n', 'c', 'e', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "ukhas.net", true */ 'u', 'k', 'h', 'a', 's', '.', 'n', 'e', 't', '\0', + /* "ukhillwalking.com", true */ 'u', 'k', 'h', 'i', 'l', 'l', 'w', 'a', 'l', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "ukkeyholdingcompany.co.uk", true */ 'u', 'k', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ukmeetandgreet.com", true */ 'u', 'k', 'm', 'e', 'e', 't', 'a', 'n', 'd', 'g', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "ukmortgagecompare.co.uk", true */ 'u', 'k', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 'c', 'o', 'm', 'p', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ukooku.com", true */ 'u', 'k', 'o', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "ukozliku.cz", true */ 'u', 'k', 'o', 'z', 'l', 'i', 'k', 'u', '.', 'c', 'z', '\0', + /* "ukpirate.org", true */ 'u', 'k', 'p', 'i', 'r', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "ukrainians.ch", true */ 'u', 'k', 'r', 'a', 'i', 'n', 'i', 'a', 'n', 's', '.', 'c', 'h', '\0', + /* "ukrigging.net", true */ 'u', 'k', 'r', 'i', 'g', 'g', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "ukrnet.co.uk", true */ 'u', 'k', 'r', 'n', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "ukwct.org.uk", true */ 'u', 'k', 'w', 'c', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "ulabox.com", true */ 'u', 'l', 'a', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "ulalau.com", true */ 'u', 'l', 'a', 'l', 'a', 'u', '.', 'c', 'o', 'm', '\0', + /* "uli-eckhardt.de", true */ 'u', 'l', 'i', '-', 'e', 'c', 'k', 'h', 'a', 'r', 'd', 't', '.', 'd', 'e', '\0', + /* "ullah.se", true */ 'u', 'l', 'l', 'a', 'h', '.', 's', 'e', '\0', + /* "ulrik.moe", true */ 'u', 'l', 'r', 'i', 'k', '.', 'm', 'o', 'e', '\0', + /* "ultieme.be", false */ 'u', 'l', 't', 'i', 'e', 'm', 'e', '.', 'b', 'e', '\0', + /* "ultima-ratio.at", true */ 'u', 'l', 't', 'i', 'm', 'a', '-', 'r', 'a', 't', 'i', 'o', '.', 'a', 't', '\0', + /* "ultimateanu.com", true */ 'u', 'l', 't', 'i', 'm', 'a', 't', 'e', 'a', 'n', 'u', '.', 'c', 'o', 'm', '\0', + /* "ultimatemafia.net", true */ 'u', 'l', 't', 'i', 'm', 'a', 't', 'e', 'm', 'a', 'f', 'i', 'a', '.', 'n', 'e', 't', '\0', + /* "ultratechlp.com", true */ 'u', 'l', 't', 'r', 'a', 't', 'e', 'c', 'h', 'l', 'p', '.', 'c', 'o', 'm', '\0', + /* "umassfive.coop", true */ 'u', 'm', 'a', 's', 's', 'f', 'i', 'v', 'e', '.', 'c', 'o', 'o', 'p', '\0', + /* "umbricht.li", true */ 'u', 'm', 'b', 'r', 'i', 'c', 'h', 't', '.', 'l', 'i', '\0', + /* "umenlisam.com", true */ 'u', 'm', 'e', 'n', 'l', 'i', 's', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "umisonoda.com", true */ 'u', 'm', 'i', 's', 'o', 'n', 'o', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "umkmjogja.com", true */ 'u', 'm', 'k', 'm', 'j', 'o', 'g', 'j', 'a', '.', 'c', 'o', 'm', '\0', + /* "ump45.moe", true */ 'u', 'm', 'p', '4', '5', '.', 'm', 'o', 'e', '\0', + /* "un-zero-un.fr", true */ 'u', 'n', '-', 'z', 'e', 'r', 'o', '-', 'u', 'n', '.', 'f', 'r', '\0', + /* "unapp.me", true */ 'u', 'n', 'a', 'p', 'p', '.', 'm', 'e', '\0', + /* "unbelievableplaces.de", true */ 'u', 'n', 'b', 'e', 'l', 'i', 'e', 'v', 'a', 'b', 'l', 'e', 'p', 'l', 'a', 'c', 'e', 's', '.', 'd', 'e', '\0', + /* "unblockall.xyz", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'a', 'l', 'l', '.', 'x', 'y', 'z', '\0', + /* "unblocked.at", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'a', 't', '\0', + /* "unblocked.bet", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'b', 'e', 't', '\0', + /* "unblocked.bid", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'b', 'i', 'd', '\0', + /* "unblocked.blue", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'b', 'l', 'u', 'e', '\0', + /* "unblocked.cam", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'c', 'a', 'm', '\0', + /* "unblocked.ink", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'i', 'n', 'k', '\0', + /* "unblocked.live", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'l', 'i', 'v', 'e', '\0', + /* "unblocked.one", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'o', 'n', 'e', '\0', + /* "unblocked.pl", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'p', 'l', '\0', + /* "unblocked.pro", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'p', 'r', 'o', '\0', + /* "unblocked.pub", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'p', 'u', 'b', '\0', + /* "unblocked.uno", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'u', 'n', 'o', '\0', + /* "unblocked.vc", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'v', 'c', '\0', + /* "unblocked.vip", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'v', 'i', 'p', '\0', + /* "unblockedbay.info", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', 'b', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "unblockweb.co", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'w', 'e', 'b', '.', 'c', 'o', '\0', + /* "uncensoreddns.dk", true */ 'u', 'n', 'c', 'e', 'n', 's', 'o', 'r', 'e', 'd', 'd', 'n', 's', '.', 'd', 'k', '\0', + /* "uncensoreddns.org", true */ 'u', 'n', 'c', 'e', 'n', 's', 'o', 'r', 'e', 'd', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "undeadbrains.de", true */ 'u', 'n', 'd', 'e', 'a', 'd', 'b', 'r', 'a', 'i', 'n', 's', '.', 'd', 'e', '\0', + /* "undecidable.de", true */ 'u', 'n', 'd', 'e', 'c', 'i', 'd', 'a', 'b', 'l', 'e', '.', 'd', 'e', '\0', + /* "underbridgeleisure.co.uk", true */ 'u', 'n', 'd', 'e', 'r', 'b', 'r', 'i', 'd', 'g', 'e', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "undercovercondoms.co.uk", true */ 'u', 'n', 'd', 'e', 'r', 'c', 'o', 'v', 'e', 'r', 'c', 'o', 'n', 'd', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "undercovercondoms.com", true */ 'u', 'n', 'd', 'e', 'r', 'c', 'o', 'v', 'e', 'r', 'c', 'o', 'n', 'd', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "underlined.fr", true */ 'u', 'n', 'd', 'e', 'r', 'l', 'i', 'n', 'e', 'd', '.', 'f', 'r', '\0', + /* "undernet.uy", false */ 'u', 'n', 'd', 'e', 'r', 'n', 'e', 't', '.', 'u', 'y', '\0', + /* "underskatten.tk", true */ 'u', 'n', 'd', 'e', 'r', 's', 'k', 'a', 't', 't', 'e', 'n', '.', 't', 'k', '\0', + /* "undo.co.il", true */ 'u', 'n', 'd', 'o', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "undone.me", true */ 'u', 'n', 'd', 'o', 'n', 'e', '.', 'm', 'e', '\0', + /* "unearaigneeauplafond.fr", false */ 'u', 'n', 'e', 'a', 'r', 'a', 'i', 'g', 'n', 'e', 'e', 'a', 'u', 'p', 'l', 'a', 'f', 'o', 'n', 'd', '.', 'f', 'r', '\0', + /* "unerosesurlalune.fr", true */ 'u', 'n', 'e', 'r', 'o', 's', 'e', 's', 'u', 'r', 'l', 'a', 'l', 'u', 'n', 'e', '.', 'f', 'r', '\0', + /* "unfettered.net", false */ 'u', 'n', 'f', 'e', 't', 't', 'e', 'r', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "unfuddle.cn", true */ 'u', 'n', 'f', 'u', 'd', 'd', 'l', 'e', '.', 'c', 'n', '\0', + /* "unga.dk", true */ 'u', 'n', 'g', 'a', '.', 'd', 'k', '\0', + /* "ungegamere.dk", true */ 'u', 'n', 'g', 'e', 'g', 'a', 'm', 'e', 'r', 'e', '.', 'd', 'k', '\0', + /* "unicef-karten.at", true */ 'u', 'n', 'i', 'c', 'e', 'f', '-', 'k', 'a', 'r', 't', 'e', 'n', '.', 'a', 't', '\0', + /* "unicef.pl", true */ 'u', 'n', 'i', 'c', 'e', 'f', '.', 'p', 'l', '\0', + /* "unicefcards.at", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'a', 't', '\0', + /* "unicefcards.cz", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'c', 'z', '\0', + /* "unicefcards.gr", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'g', 'r', '\0', + /* "unicefcards.it", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'i', 't', '\0', + /* "unicefcards.nl", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'n', 'l', '\0', + /* "unicefcards.sk", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 's', 'k', '\0', + /* "unicefcestitke.rs", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'e', 's', 't', 'i', 't', 'k', 'e', '.', 'r', 's', '\0', + /* "unicefkaarten.nl", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'n', 'l', '\0', + /* "unicefkartkidlafirm.pl", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'a', 'r', 't', 'k', 'i', 'd', 'l', 'a', 'f', 'i', 'r', 'm', '.', 'p', 'l', '\0', + /* "unicefkepeslapok.hu", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'e', 'p', 'e', 's', 'l', 'a', 'p', 'o', 'k', '.', 'h', 'u', '\0', + /* "unicefkort.dk", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'o', 'r', 't', '.', 'd', 'k', '\0', + /* "unicefvoscilnice.si", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'v', 'o', 's', 'c', 'i', 'l', 'n', 'i', 'c', 'e', '.', 's', 'i', '\0', + /* "unicorn.melbourne", true */ 'u', 'n', 'i', 'c', 'o', 'r', 'n', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0', + /* "unicorncloud.org", true */ 'u', 'n', 'i', 'c', 'o', 'r', 'n', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'r', 'g', '\0', + /* "unicredit.ba", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', '.', 'b', 'a', '\0', + /* "unicredit.ro", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', '.', 'r', 'o', '\0', + /* "unicreditbank.hu", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', 'b', 'a', 'n', 'k', '.', 'h', 'u', '\0', + /* "unicreditbank.rs", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', 'b', 'a', 'n', 'k', '.', 'r', 's', '\0', + /* "unicreditbank.ru", false */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', 'b', 'a', 'n', 'k', '.', 'r', 'u', '\0', + /* "unieducar.org.br", true */ 'u', 'n', 'i', 'e', 'd', 'u', 'c', 'a', 'r', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0', + /* "uniekglas.nl", true */ 'u', 'n', 'i', 'e', 'k', 'g', 'l', 'a', 's', '.', 'n', 'l', '\0', + /* "uniform-agri.com", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', '-', 'a', 'g', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "uniformebateriasheliar.com.br", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 'b', 'a', 't', 'e', 'r', 'i', 'a', 's', 'h', 'e', 'l', 'i', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "uniformehope.com.br", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 'h', 'o', 'p', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "uniformespousoalegre.com.br", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 's', 'p', 'o', 'u', 's', 'o', 'a', 'l', 'e', 'g', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "unikoingold.com", true */ 'u', 'n', 'i', 'k', 'o', 'i', 'n', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "unikrn.com", true */ 'u', 'n', 'i', 'k', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "unila.edu.br", true */ 'u', 'n', 'i', 'l', 'a', '.', 'e', 'd', 'u', '.', 'b', 'r', '\0', + /* "unionplat.ru", true */ 'u', 'n', 'i', 'o', 'n', 'p', 'l', 'a', 't', '.', 'r', 'u', '\0', + /* "unipig.de", true */ 'u', 'n', 'i', 'p', 'i', 'g', '.', 'd', 'e', '\0', + /* "uniprimebr.com.br", true */ 'u', 'n', 'i', 'p', 'r', 'i', 'm', 'e', 'b', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "uniq.site", true */ 'u', 'n', 'i', 'q', '.', 's', 'i', 't', 'e', '\0', + /* "unique-bouncy-castles.co.uk", true */ 'u', 'n', 'i', 'q', 'u', 'e', '-', 'b', 'o', 'u', 'n', 'c', 'y', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "unique-pathways.ch", true */ 'u', 'n', 'i', 'q', 'u', 'e', '-', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'c', 'h', '\0', + /* "unique-pathways.com", true */ 'u', 'n', 'i', 'q', 'u', 'e', '-', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "uniquepathways.ch", true */ 'u', 'n', 'i', 'q', 'u', 'e', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'c', 'h', '\0', + /* "unirenter.ru", true */ 'u', 'n', 'i', 'r', 'e', 'n', 't', 'e', 'r', '.', 'r', 'u', '\0', + /* "unit7jazz.com", true */ 'u', 'n', 'i', 't', '7', 'j', 'a', 'z', 'z', '.', 'c', 'o', 'm', '\0', + /* "unit7jazz.org", true */ 'u', 'n', 'i', 't', '7', 'j', 'a', 'z', 'z', '.', 'o', 'r', 'g', '\0', + /* "unite-ka.de", true */ 'u', 'n', 'i', 't', 'e', '-', 'k', 'a', '.', 'd', 'e', '\0', + /* "united-schools.net", true */ 'u', 'n', 'i', 't', 'e', 'd', '-', 's', 'c', 'h', 'o', 'o', 'l', 's', '.', 'n', 'e', 't', '\0', + /* "united.com", false */ 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "unitedadmins.com", true */ 'u', 'n', 'i', 't', 'e', 'd', 'a', 'd', 'm', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "unitedpsychological.com", true */ 'u', 'n', 'i', 't', 'e', 'd', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "unitel2000.de", true */ 'u', 'n', 'i', 't', 'e', 'l', '2', '0', '0', '0', '.', 'd', 'e', '\0', + /* "univercite.ch", true */ 'u', 'n', 'i', 'v', 'e', 'r', 'c', 'i', 't', 'e', '.', 'c', 'h', '\0', + /* "universal-happiness.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', '-', 'h', 'a', 'p', 'p', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "universalcarremote.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', 'c', 'a', 'r', 'r', 'e', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "universalpaymentgateway.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', 'p', 'a', 'y', 'm', 'e', 'n', 't', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "universeinform.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'e', 'i', 'n', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "universogay.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'o', 'g', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "univitale.fr", true */ 'u', 'n', 'i', 'v', 'i', 't', 'a', 'l', 'e', '.', 'f', 'r', '\0', + /* "unix.se", true */ 'u', 'n', 'i', 'x', '.', 's', 'e', '\0', + /* "unixadm.org", true */ 'u', 'n', 'i', 'x', 'a', 'd', 'm', '.', 'o', 'r', 'g', '\0', + /* "unixattic.com", true */ 'u', 'n', 'i', 'x', 'a', 't', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "unixcorn.org", false */ 'u', 'n', 'i', 'x', 'c', 'o', 'r', 'n', '.', 'o', 'r', 'g', '\0', + /* "unixforum.org", true */ 'u', 'n', 'i', 'x', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "unixtime.date", true */ 'u', 'n', 'i', 'x', 't', 'i', 'm', 'e', '.', 'd', 'a', 't', 'e', '\0', + /* "unlax.com", true */ 'u', 'n', 'l', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "unleash.pw", true */ 'u', 'n', 'l', 'e', 'a', 's', 'h', '.', 'p', 'w', '\0', + /* "unli.xyz", true */ 'u', 'n', 'l', 'i', '.', 'x', 'y', 'z', '\0', + /* "unlockboot.com", false */ 'u', 'n', 'l', 'o', 'c', 'k', 'b', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "unlocken.nl", true */ 'u', 'n', 'l', 'o', 'c', 'k', 'e', 'n', '.', 'n', 'l', '\0', + /* "unmanaged.space", true */ 'u', 'n', 'm', 'a', 'n', 'a', 'g', 'e', 'd', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "unmonito.red", true */ 'u', 'n', 'm', 'o', 'n', 'i', 't', 'o', '.', 'r', 'e', 'd', '\0', + /* "uno-pizza.ru", true */ 'u', 'n', 'o', '-', 'p', 'i', 'z', 'z', 'a', '.', 'r', 'u', '\0', + /* "unobrindes.com.br", true */ 'u', 'n', 'o', 'b', 'r', 'i', 'n', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "unoccupyabq.org", true */ 'u', 'n', 'o', 'c', 'c', 'u', 'p', 'y', 'a', 'b', 'q', '.', 'o', 'r', 'g', '\0', + /* "unpkg.com", true */ 'u', 'n', 'p', 'k', 'g', '.', 'c', 'o', 'm', '\0', + /* "unpossible.xyz", true */ 'u', 'n', 'p', 'o', 's', 's', 'i', 'b', 'l', 'e', '.', 'x', 'y', 'z', '\0', + /* "unpr.dk", true */ 'u', 'n', 'p', 'r', '.', 'd', 'k', '\0', + /* "unquote.li", true */ 'u', 'n', 'q', 'u', 'o', 't', 'e', '.', 'l', 'i', '\0', + /* "unrealircd.org", true */ 'u', 'n', 'r', 'e', 'a', 'l', 'i', 'r', 'c', 'd', '.', 'o', 'r', 'g', '\0', + /* "unrelated.net.au", true */ 'u', 'n', 'r', 'e', 'l', 'a', 't', 'e', 'd', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "unripple.com", true */ 'u', 'n', 'r', 'i', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "unruh.fr", true */ 'u', 'n', 'r', 'u', 'h', '.', 'f', 'r', '\0', + /* "uns.vn", true */ 'u', 'n', 's', '.', 'v', 'n', '\0', + /* "unsacsurledos.com", true */ 'u', 'n', 's', 'a', 'c', 's', 'u', 'r', 'l', 'e', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "unschoolrules.com", true */ 'u', 'n', 's', 'c', 'h', 'o', 'o', 'l', 'r', 'u', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "unsee.cc", true */ 'u', 'n', 's', 'e', 'e', '.', 'c', 'c', '\0', + /* "unseen.is", true */ 'u', 'n', 's', 'e', 'e', 'n', '.', 'i', 's', '\0', + /* "unseen.tw", true */ 'u', 'n', 's', 'e', 'e', 'n', '.', 't', 'w', '\0', + /* "unser-gartenforum.de", true */ 'u', 'n', 's', 'e', 'r', '-', 'g', 'a', 'r', 't', 'e', 'n', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "unsuspicious.click", true */ 'u', 'n', 's', 'u', 's', 'p', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'l', 'i', 'c', 'k', '\0', + /* "unterfrankenclan.de", true */ 'u', 'n', 't', 'e', 'r', 'f', 'r', 'a', 'n', 'k', 'e', 'n', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0', + /* "unterkunft.guru", true */ 'u', 'n', 't', 'e', 'r', 'k', 'u', 'n', 'f', 't', '.', 'g', 'u', 'r', 'u', '\0', + /* "unterschicht.tv", true */ 'u', 'n', 't', 'e', 'r', 's', 'c', 'h', 'i', 'c', 'h', 't', '.', 't', 'v', '\0', + /* "untethereddog.com", true */ 'u', 'n', 't', 'e', 't', 'h', 'e', 'r', 'e', 'd', 'd', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "untoldstory.eu", true */ 'u', 'n', 't', 'o', 'l', 'd', 's', 't', 'o', 'r', 'y', '.', 'e', 'u', '\0', + /* "unun.fi", true */ 'u', 'n', 'u', 'n', '.', 'f', 'i', '\0', + /* "unusualhatclub.com", true */ 'u', 'n', 'u', 's', 'u', 'a', 'l', 'h', 'a', 't', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "unveiledgnosis.com", true */ 'u', 'n', 'v', 'e', 'i', 'l', 'e', 'd', 'g', 'n', 'o', 's', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "unworthy.ml", true */ 'u', 'n', 'w', 'o', 'r', 't', 'h', 'y', '.', 'm', 'l', '\0', + /* "unx.dk", true */ 'u', 'n', 'x', '.', 'd', 'k', '\0', + /* "unxicdellum.cat", true */ 'u', 'n', 'x', 'i', 'c', 'd', 'e', 'l', 'l', 'u', 'm', '.', 'c', 'a', 't', '\0', + /* "upandclear.org", true */ 'u', 'p', 'a', 'n', 'd', 'c', 'l', 'e', 'a', 'r', '.', 'o', 'r', 'g', '\0', + /* "upani.net", true */ 'u', 'p', 'a', 'n', 'i', '.', 'n', 'e', 't', '\0', + /* "upay.ru", true */ 'u', 'p', 'a', 'y', '.', 'r', 'u', '\0', + /* "upbad.com", true */ 'u', 'p', 'b', 'a', 'd', '.', 'c', 'o', 'm', '\0', + /* "upbeatrobot.com", true */ 'u', 'p', 'b', 'e', 'a', 't', 'r', 'o', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "upbeatrobot.eu", true */ 'u', 'p', 'b', 'e', 'a', 't', 'r', 'o', 'b', 'o', 't', '.', 'e', 'u', '\0', + /* "upd.jp", true */ 'u', 'p', 'd', '.', 'j', 'p', '\0', + /* "upgamerengine.com", true */ 'u', 'p', 'g', 'a', 'm', 'e', 'r', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "upgamerengine.com.br", true */ 'u', 'p', 'g', 'a', 'm', 'e', 'r', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "upgamerengine.net", true */ 'u', 'p', 'g', 'a', 'm', 'e', 'r', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "upgauged.com", true */ 'u', 'p', 'g', 'a', 'u', 'g', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "upitnik.rs", true */ 'u', 'p', 'i', 't', 'n', 'i', 'k', '.', 'r', 's', '\0', + /* "uplaqui.com.br", true */ 'u', 'p', 'l', 'a', 'q', 'u', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "uplinklabs.net", true */ 'u', 'p', 'l', 'i', 'n', 'k', 'l', 'a', 'b', 's', '.', 'n', 'e', 't', '\0', + /* "upload.cat", true */ 'u', 'p', 'l', 'o', 'a', 'd', '.', 'c', 'a', 't', '\0', + /* "upload.facebook.com", false */ 'u', 'p', 'l', 'o', 'a', 'd', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "uploadbeta.com", true */ 'u', 'p', 'l', 'o', 'a', 'd', 'b', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "upmchealthsecurity.us", true */ 'u', 'p', 'm', 'c', 'h', 'e', 'a', 'l', 't', 'h', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'u', 's', '\0', + /* "upnext.io", true */ 'u', 'p', 'n', 'e', 'x', 't', '.', 'i', 'o', '\0', + /* "upperbeaconsfield.org.au", true */ 'u', 'p', 'p', 'e', 'r', 'b', 'e', 'a', 'c', 'o', 'n', 's', 'f', 'i', 'e', 'l', 'd', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "upplevelse.com", true */ 'u', 'p', 'p', 'l', 'e', 'v', 'e', 'l', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "upr-info.org", true */ 'u', 'p', 'r', '-', 'i', 'n', 'f', 'o', '.', 'o', 'r', 'g', '\0', + /* "upr.com.ua", true */ 'u', 'p', 'r', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "upsiteseo.com", true */ 'u', 'p', 's', 'i', 't', 'e', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "uptimed.com", true */ 'u', 'p', 't', 'i', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "uptimenotguaranteed.com", true */ 'u', 'p', 't', 'i', 'm', 'e', 'n', 'o', 't', 'g', 'u', 'a', 'r', 'a', 'n', 't', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "uptodateinteriors.com", true */ 'u', 'p', 't', 'o', 'd', 'a', 't', 'e', 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "uptogood.org", true */ 'u', 'p', 't', 'o', 'g', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0', + /* "uptoon.jp", true */ 'u', 'p', 't', 'o', 'o', 'n', '.', 'j', 'p', '\0', + /* "uptownlocators.com", true */ 'u', 'p', 't', 'o', 'w', 'n', 'l', 'o', 'c', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "uptrends.com", true */ 'u', 'p', 't', 'r', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "uptrends.de", true */ 'u', 'p', 't', 'r', 'e', 'n', 'd', 's', '.', 'd', 'e', '\0', + /* "upundit.com", true */ 'u', 'p', 'u', 'n', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "upwork.com", true */ 'u', 'p', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "ur.nl", true */ 'u', 'r', '.', 'n', 'l', '\0', + /* "ur2.pw", true */ 'u', 'r', '2', '.', 'p', 'w', '\0', + /* "urbackups.com", true */ 'u', 'r', 'b', 'a', 'c', 'k', 'u', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "urbalex.ch", true */ 'u', 'r', 'b', 'a', 'l', 'e', 'x', '.', 'c', 'h', '\0', + /* "urban-culture.fr", true */ 'u', 'r', 'b', 'a', 'n', '-', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'f', 'r', '\0', + /* "urban-karuizawa.co.jp", true */ 'u', 'r', 'b', 'a', 'n', '-', 'k', 'a', 'r', 'u', 'i', 'z', 'a', 'w', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "urban.melbourne", true */ 'u', 'r', 'b', 'a', 'n', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0', + /* "urbanesecurity.com", true */ 'u', 'r', 'b', 'a', 'n', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "urbanfi.sh", true */ 'u', 'r', 'b', 'a', 'n', 'f', 'i', '.', 's', 'h', '\0', + /* "urbanguerillas.de", true */ 'u', 'r', 'b', 'a', 'n', 'g', 'u', 'e', 'r', 'i', 'l', 'l', 'a', 's', '.', 'd', 'e', '\0', + /* "urbanietz-immobilien.de", true */ 'u', 'r', 'b', 'a', 'n', 'i', 'e', 't', 'z', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '.', 'd', 'e', '\0', + /* "urbanmelbourne.info", true */ 'u', 'r', 'b', 'a', 'n', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "urbannewsservice.com", true */ 'u', 'r', 'b', 'a', 'n', 'n', 'e', 'w', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "urbansparrow.in", true */ 'u', 'r', 'b', 'a', 'n', 's', 'p', 'a', 'r', 'r', 'o', 'w', '.', 'i', 'n', '\0', + /* "urbanwildlifealliance.org", true */ 'u', 'r', 'b', 'a', 'n', 'w', 'i', 'l', 'd', 'l', 'i', 'f', 'e', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "urbexdk.nl", true */ 'u', 'r', 'b', 'e', 'x', 'd', 'k', '.', 'n', 'l', '\0', + /* "urcentral.com", true */ 'u', 'r', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "urcentral.net", true */ 'u', 'r', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "ureka.org", true */ 'u', 'r', 'e', 'k', 'a', '.', 'o', 'r', 'g', '\0', + /* "urgences-valais.ch", true */ 'u', 'r', 'g', 'e', 'n', 'c', 'e', 's', '-', 'v', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0', + /* "uripura.de", true */ 'u', 'r', 'i', 'p', 'u', 'r', 'a', '.', 'd', 'e', '\0', + /* "urist1011.ru", true */ 'u', 'r', 'i', 's', 't', '1', '0', '1', '1', '.', 'r', 'u', '\0', + /* "url.cab", true */ 'u', 'r', 'l', '.', 'c', 'a', 'b', '\0', + /* "url.fi", true */ 'u', 'r', 'l', '.', 'f', 'i', '\0', + /* "url.fm", true */ 'u', 'r', 'l', '.', 'f', 'm', '\0', + /* "url.rw", true */ 'u', 'r', 'l', '.', 'r', 'w', '\0', + /* "url0.eu", true */ 'u', 'r', 'l', '0', '.', 'e', 'u', '\0', + /* "urlachershop.com.br", true */ 'u', 'r', 'l', 'a', 'c', 'h', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "urlaub-leitner.at", true */ 'u', 'r', 'l', 'a', 'u', 'b', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'a', 't', '\0', + /* "urlscan.io", true */ 'u', 'r', 'l', 's', 'c', 'a', 'n', '.', 'i', 'o', '\0', + /* "urology.wiki", true */ 'u', 'r', 'o', 'l', 'o', 'g', 'y', '.', 'w', 'i', 'k', 'i', '\0', + /* "ursa-minor-beta.org", true */ 'u', 'r', 's', 'a', '-', 'm', 'i', 'n', 'o', 'r', '-', 'b', 'e', 't', 'a', '.', 'o', 'r', 'g', '\0', + /* "ursae.co", true */ 'u', 'r', 's', 'a', 'e', '.', 'c', 'o', '\0', + /* "urspringer.de", true */ 'u', 'r', 's', 'p', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "ursuslibris.hu", true */ 'u', 'r', 's', 'u', 's', 'l', 'i', 'b', 'r', 'i', 's', '.', 'h', 'u', '\0', + /* "urukproject.org", true */ 'u', 'r', 'u', 'k', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "usaa.com", false */ 'u', 's', 'a', 'a', '.', 'c', 'o', 'm', '\0', + /* "usabackground.com", true */ 'u', 's', 'a', 'b', 'a', 'c', 'k', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "usability.gov", true */ 'u', 's', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0', + /* "usaestaonline.com", true */ 'u', 's', 'a', 'e', 's', 't', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "usafuelservice.com", true */ 'u', 's', 'a', 'f', 'u', 'e', 'l', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "usajobs.com", true */ 'u', 's', 'a', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "usajobs.gov", true */ 'u', 's', 'a', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0', + /* "usakitchensandflooring.com", true */ 'u', 's', 'a', 'k', 'i', 't', 'c', 'h', 'e', 'n', 's', 'a', 'n', 'd', 'f', 'l', 'o', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "usap.gov", false */ 'u', 's', 'a', 'p', '.', 'g', 'o', 'v', '\0', + /* "usbcraft.com", true */ 'u', 's', 'b', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "usbevents.co.uk", true */ 'u', 's', 'b', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "uscloud.nl", true */ 'u', 's', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'l', '\0', + /* "usd.de", true */ 'u', 's', 'd', '.', 'd', 'e', '\0', + /* "usds.gov", true */ 'u', 's', 'd', 's', '.', 'g', 'o', 'v', '\0', + /* "use.be", true */ 'u', 's', 'e', '.', 'b', 'e', '\0', + /* "usebean.com", true */ 'u', 's', 'e', 'b', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "usedesk.ru", true */ 'u', 's', 'e', 'd', 'e', 's', 'k', '.', 'r', 'u', '\0', + /* "usedu.us", true */ 'u', 's', 'e', 'd', 'u', '.', 'u', 's', '\0', + /* "useresponse.com", true */ 'u', 's', 'e', 'r', 'e', 's', 'p', 'o', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "usetypo3.com", true */ 'u', 's', 'e', 't', 'y', 'p', 'o', '3', '.', 'c', 'o', 'm', '\0', + /* "useyourloaf.com", true */ 'u', 's', 'e', 'y', 'o', 'u', 'r', 'l', 'o', 'a', 'f', '.', 'c', 'o', 'm', '\0', + /* "usgande.com", true */ 'u', 's', 'g', 'a', 'n', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "ushandbookapp.com", true */ 'u', 's', 'h', 'a', 'n', 'd', 'b', 'o', 'o', 'k', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "ushare.ch", true */ 'u', 's', 'h', 'a', 'r', 'e', '.', 'c', 'h', '\0', + /* "usimmigration.us", true */ 'u', 's', 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '.', 'u', 's', '\0', + /* "usipvd.ch", true */ 'u', 's', 'i', 'p', 'v', 'd', '.', 'c', 'h', '\0', + /* "usitcolours.bg", true */ 'u', 's', 'i', 't', 'c', 'o', 'l', 'o', 'u', 'r', 's', '.', 'b', 'g', '\0', + /* "usleep.net", true */ 'u', 's', 'l', 'e', 'e', 'p', '.', 'n', 'e', 't', '\0', + /* "usmint.gov", true */ 'u', 's', 'm', 'i', 'n', 't', '.', 'g', 'o', 'v', '\0', + /* "usparklodging.com", true */ 'u', 's', 'p', 'a', 'r', 'k', 'l', 'o', 'd', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "uspsoig.gov", true */ 'u', 's', 'p', 's', 'o', 'i', 'g', '.', 'g', 'o', 'v', '\0', + /* "ussm.gov", true */ 'u', 's', 's', 'm', '.', 'g', 'o', 'v', '\0', + /* "ussuka.com", true */ 'u', 's', 's', 'u', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "ust.space", true */ 'u', 's', 't', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "usualbeings.com", true */ 'u', 's', 'u', 'a', 'l', 'b', 'e', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "uswitch.com", true */ 'u', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "ut-addicted.com", true */ 'u', 't', '-', 'a', 'd', 'd', 'i', 'c', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "utahfireinfo.gov", true */ 'u', 't', 'a', 'h', 'f', 'i', 'r', 'e', 'i', 'n', 'f', 'o', '.', 'g', 'o', 'v', '\0', + /* "utahlocal.net", true */ 'u', 't', 'a', 'h', 'l', 'o', 'c', 'a', 'l', '.', 'n', 'e', 't', '\0', + /* "utdsgda.com", true */ 'u', 't', 'd', 's', 'g', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "utepils.de", true */ 'u', 't', 'e', 'p', 'i', 'l', 's', '.', 'd', 'e', '\0', + /* "utilia.tools", true */ 'u', 't', 'i', 'l', 'i', 'a', '.', 't', 'o', 'o', 'l', 's', '\0', + /* "utilitarian.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "utilitarian.net", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "utilitarian.org", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "utilitarianism.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "utilitarianism.org", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0', + /* "utilitarismo.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 's', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "utilitronium.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'r', 'o', 'n', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "utilityapi.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'y', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0', + /* "utitreatment.com", true */ 'u', 't', 'i', 't', 'r', 'e', 'a', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "utonia.ch", true */ 'u', 't', 'o', 'n', 'i', 'a', '.', 'c', 'h', '\0', + /* "utopialgb.org.uk", true */ 'u', 't', 'o', 'p', 'i', 'a', 'l', 'g', 'b', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "utopicestudios.com", true */ 'u', 't', 'o', 'p', 'i', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "utox.io", true */ 'u', 't', 'o', 'x', '.', 'i', 'o', '\0', + /* "utugnn.ru", true */ 'u', 't', 'u', 'g', 'n', 'n', '.', 'r', 'u', '\0', + /* "utw.me", true */ 'u', 't', 'w', '.', 'm', 'e', '\0', + /* "utzon.net", true */ 'u', 't', 'z', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "uuit.nl", true */ 'u', 'u', 'i', 't', '.', 'n', 'l', '\0', + /* "uvocorp.com", true */ 'u', 'v', 'o', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "uwac.co.uk", true */ 'u', 'w', 'a', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "uwfreelanceopticien.nl", true */ 'u', 'w', 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 'o', 'p', 't', 'i', 'c', 'i', 'e', 'n', '.', 'n', 'l', '\0', + /* "uwimonacs.org.jm", true */ 'u', 'w', 'i', 'm', 'o', 'n', 'a', 'c', 's', '.', 'o', 'r', 'g', '.', 'j', 'm', '\0', + /* "uxtechnologist.com", true */ 'u', 'x', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "uy.search.yahoo.com", false */ 'u', 'y', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "uz.search.yahoo.com", false */ 'u', 'z', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "uzaymedya.com.tr", true */ 'u', 'z', 'a', 'y', 'm', 'e', 'd', 'y', 'a', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "v-d-p.net", true */ 'v', '-', 'd', '-', 'p', '.', 'n', 'e', 't', '\0', + /* "v-tek.fi", true */ 'v', '-', 't', 'e', 'k', '.', 'f', 'i', '\0', + /* "v-u-z.ru", true */ 'v', '-', 'u', '-', 'z', '.', 'r', 'u', '\0', + /* "v1sit0r.ru", true */ 'v', '1', 's', 'i', 't', '0', 'r', '.', 'r', 'u', '\0', + /* "v2bv.net", true */ 'v', '2', 'b', 'v', '.', 'n', 'e', 't', '\0', + /* "v2bv.win", true */ 'v', '2', 'b', 'v', '.', 'w', 'i', 'n', '\0', + /* "v2ex.com", true */ 'v', '2', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "va-reitartikel.com", true */ 'v', 'a', '-', 'r', 'e', 'i', 't', 'a', 'r', 't', 'i', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "vacationscostarica.com", true */ 'v', 'a', 'c', 'a', 't', 'i', 'o', 'n', 's', 'c', 'o', 's', 't', 'a', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "vaccines.gov", true */ 'v', 'a', 'c', 'c', 'i', 'n', 'e', 's', '.', 'g', 'o', 'v', '\0', + /* "vaclavambroz.cz", true */ 'v', 'a', 'c', 'l', 'a', 'v', 'a', 'm', 'b', 'r', 'o', 'z', '.', 'c', 'z', '\0', + /* "vacuumpump.co.id", true */ 'v', 'a', 'c', 'u', 'u', 'm', 'p', 'u', 'm', 'p', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "vadennissanofhiltonheadparts.com", true */ 'v', 'a', 'd', 'e', 'n', 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'h', 'i', 'l', 't', 'o', 'n', 'h', 'e', 'a', 'd', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "vadennissanofhinesvilleparts.com", true */ 'v', 'a', 'd', 'e', 'n', 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'h', 'i', 'n', 'e', 's', 'v', 'i', 'l', 'l', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "vaew.com", true */ 'v', 'a', 'e', 'w', '.', 'c', 'o', 'm', '\0', + /* "vagabond.fr", true */ 'v', 'a', 'g', 'a', 'b', 'o', 'n', 'd', '.', 'f', 'r', '\0', + /* "vagabondgal.com", true */ 'v', 'a', 'g', 'a', 'b', 'o', 'n', 'd', 'g', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "vagaerg.com", true */ 'v', 'a', 'g', 'a', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0', + /* "vagaerg.net", true */ 'v', 'a', 'g', 'a', 'e', 'r', 'g', '.', 'n', 'e', 't', '\0', + /* "vagmour.eu", true */ 'v', 'a', 'g', 'm', 'o', 'u', 'r', '.', 'e', 'u', '\0', + /* "vagpartsdb.com", true */ 'v', 'a', 'g', 'p', 'a', 'r', 't', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "vagrantcloud.com", true */ 'v', 'a', 'g', 'r', 'a', 'n', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "vagrantup.com", true */ 'v', 'a', 'g', 'r', 'a', 'n', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "vaindil.com", true */ 'v', 'a', 'i', 'n', 'd', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "vakantiedetective.nl", true */ 'v', 'a', 'k', 'a', 'n', 't', 'i', 'e', 'd', 'e', 't', 'e', 'c', 't', 'i', 'v', 'e', '.', 'n', 'l', '\0', + /* "vakantienet.nl", true */ 'v', 'a', 'k', 'a', 'n', 't', 'i', 'e', 'n', 'e', 't', '.', 'n', 'l', '\0', + /* "vakuutuskanava.fi", true */ 'v', 'a', 'k', 'u', 'u', 't', 'u', 's', 'k', 'a', 'n', 'a', 'v', 'a', '.', 'f', 'i', '\0', + /* "val-sec.com", true */ 'v', 'a', 'l', '-', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "valasi.eu", true */ 'v', 'a', 'l', 'a', 's', 'i', '.', 'e', 'u', '\0', + /* "valbonne-consulting.com", true */ 'v', 'a', 'l', 'b', 'o', 'n', 'n', 'e', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "valenciadevops.me", true */ 'v', 'a', 'l', 'e', 'n', 'c', 'i', 'a', 'd', 'e', 'v', 'o', 'p', 's', '.', 'm', 'e', '\0', + /* "valentin-sundermann.de", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', '-', 's', 'u', 'n', 'd', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "valentinberclaz.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'b', 'e', 'r', 'c', 'l', 'a', 'z', '.', 'c', 'o', 'm', '\0', + /* "valentineapparel.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'a', 'p', 'p', 'a', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "valentineforpresident.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'f', 'o', 'r', 'p', 'r', 'e', 's', 'i', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "valentinera.in", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'r', 'a', '.', 'i', 'n', '\0', + /* "valentinesongs.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 's', 'o', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "valentinritz.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'r', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0', + /* "valeriansaliou.name", true */ 'v', 'a', 'l', 'e', 'r', 'i', 'a', 'n', 's', 'a', 'l', 'i', 'o', 'u', '.', 'n', 'a', 'm', 'e', '\0', + /* "vales.io", true */ 'v', 'a', 'l', 'e', 's', '.', 'i', 'o', '\0', + /* "valesdev.com", true */ 'v', 'a', 'l', 'e', 's', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0', + /* "valesdigital.com", true */ 'v', 'a', 'l', 'e', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "validatis.com", true */ 'v', 'a', 'l', 'i', 'd', 'a', 't', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "validator.nu", true */ 'v', 'a', 'l', 'i', 'd', 'a', 't', 'o', 'r', '.', 'n', 'u', '\0', + /* "validbrands.com", true */ 'v', 'a', 'l', 'i', 'd', 'b', 'r', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "valika.ee", true */ 'v', 'a', 'l', 'i', 'k', 'a', '.', 'e', 'e', '\0', + /* "valis.sx", true */ 'v', 'a', 'l', 'i', 's', '.', 's', 'x', '\0', + /* "valkohattu.fi", true */ 'v', 'a', 'l', 'k', 'o', 'h', 'a', 't', 't', 'u', '.', 'f', 'i', '\0', + /* "valkor.pro", true */ 'v', 'a', 'l', 'k', 'o', 'r', '.', 'p', 'r', 'o', '\0', + /* "vallei-veluwe.nl", true */ 'v', 'a', 'l', 'l', 'e', 'i', '-', 'v', 'e', 'l', 'u', 'w', 'e', '.', 'n', 'l', '\0', + /* "valleyautofair.com", true */ 'v', 'a', 'l', 'l', 'e', 'y', 'a', 'u', 't', 'o', 'f', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "valleycode.net", true */ 'v', 'a', 'l', 'l', 'e', 'y', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "vallutaja.eu", true */ 'v', 'a', 'l', 'l', 'u', 't', 'a', 'j', 'a', '.', 'e', 'u', '\0', + /* "valokuva-albumi.fi", true */ 'v', 'a', 'l', 'o', 'k', 'u', 'v', 'a', '-', 'a', 'l', 'b', 'u', 'm', 'i', '.', 'f', 'i', '\0', + /* "valopv.be", true */ 'v', 'a', 'l', 'o', 'p', 'v', '.', 'b', 'e', '\0', + /* "valordolarblue.com.ar", true */ 'v', 'a', 'l', 'o', 'r', 'd', 'o', 'l', 'a', 'r', 'b', 'l', 'u', 'e', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "valorem-tax.ch", true */ 'v', 'a', 'l', 'o', 'r', 'e', 'm', '-', 't', 'a', 'x', '.', 'c', 'h', '\0', + /* "valoremtax.ch", true */ 'v', 'a', 'l', 'o', 'r', 'e', 'm', 't', 'a', 'x', '.', 'c', 'h', '\0', + /* "valoremtax.com", true */ 'v', 'a', 'l', 'o', 'r', 'e', 'm', 't', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "valshamar.is", true */ 'v', 'a', 'l', 's', 'h', 'a', 'm', 'a', 'r', '.', 'i', 's', '\0', + /* "valsk.is", true */ 'v', 'a', 'l', 's', 'k', '.', 'i', 's', '\0', + /* "valskis.lt", true */ 'v', 'a', 'l', 's', 'k', 'i', 's', '.', 'l', 't', '\0', + /* "valtoaho.com", true */ 'v', 'a', 'l', 't', 'o', 'a', 'h', 'o', '.', 'c', 'o', 'm', '\0', + /* "valueng.com", true */ 'v', 'a', 'l', 'u', 'e', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "valueseed.net", true */ 'v', 'a', 'l', 'u', 'e', 's', 'e', 'e', 'd', '.', 'n', 'e', 't', '\0', + /* "vamosfalardesaude.pt", true */ 'v', 'a', 'm', 'o', 's', 'f', 'a', 'l', 'a', 'r', 'd', 'e', 's', 'a', 'u', 'd', 'e', '.', 'p', 't', '\0', + /* "vampyrium.com", false */ 'v', 'a', 'm', 'p', 'y', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "vampyrium.net", false */ 'v', 'a', 'm', 'p', 'y', 'r', 'i', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "van11y.net", true */ 'v', 'a', 'n', '1', '1', 'y', '.', 'n', 'e', 't', '\0', + /* "vanbinnenuit.nl", true */ 'v', 'a', 'n', 'b', 'i', 'n', 'n', 'e', 'n', 'u', 'i', 't', '.', 'n', 'l', '\0', + /* "vancouvercosmeticsurgery.ca", true */ 'v', 'a', 'n', 'c', 'o', 'u', 'v', 'e', 'r', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'a', '\0', + /* "vandalfsen.me", true */ 'v', 'a', 'n', 'd', 'a', 'l', 'f', 's', 'e', 'n', '.', 'm', 'e', '\0', + /* "vandam.io", true */ 'v', 'a', 'n', 'd', 'a', 'm', '.', 'i', 'o', '\0', + /* "vandenbroeck-usedcars.be", true */ 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'r', 'o', 'e', 'c', 'k', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "vandeput.be", true */ 'v', 'a', 'n', 'd', 'e', 'p', 'u', 't', '.', 'b', 'e', '\0', + /* "vanderkrieken.org", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'r', 'i', 'e', 'k', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "vanderkroon.nl", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'r', 'o', 'o', 'n', '.', 'n', 'l', '\0', + /* "vandermeer.frl", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'm', 'e', 'e', 'r', '.', 'f', 'r', 'l', '\0', + /* "vanderrijt.nl", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'r', 'i', 'j', 't', '.', 'n', 'l', '\0', + /* "vanderziel.org", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'z', 'i', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "vaneigenkweek.be", true */ 'v', 'a', 'n', 'e', 'i', 'g', 'e', 'n', 'k', 'w', 'e', 'e', 'k', '.', 'b', 'e', '\0', + /* "vanessabalibridal.com", true */ 'v', 'a', 'n', 'e', 's', 's', 'a', 'b', 'a', 'l', 'i', 'b', 'r', 'i', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "vanetv.com", true */ 'v', 'a', 'n', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0', + /* "vangeluwedeberlaere.be", true */ 'v', 'a', 'n', 'g', 'e', 'l', 'u', 'w', 'e', 'd', 'e', 'b', 'e', 'r', 'l', 'a', 'e', 'r', 'e', '.', 'b', 'e', '\0', + /* "vanhoudt-usedcars.be", true */ 'v', 'a', 'n', 'h', 'o', 'u', 'd', 't', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "vanhoutte.be", false */ 'v', 'a', 'n', 'h', 'o', 'u', 't', 't', 'e', '.', 'b', 'e', '\0', + /* "vanhove.biz", true */ 'v', 'a', 'n', 'h', 'o', 'v', 'e', '.', 'b', 'i', 'z', '\0', + /* "vanlaanen.com", true */ 'v', 'a', 'n', 'l', 'a', 'a', 'n', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "vanmalland.com", true */ 'v', 'a', 'n', 'm', 'a', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "vannaos.com", true */ 'v', 'a', 'n', 'n', 'a', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "vannaos.net", true */ 'v', 'a', 'n', 'n', 'a', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "vanohaker.ru", true */ 'v', 'a', 'n', 'o', 'h', 'a', 'k', 'e', 'r', '.', 'r', 'u', '\0', + /* "vanouwerkerk.net", true */ 'v', 'a', 'n', 'o', 'u', 'w', 'e', 'r', 'k', 'e', 'r', 'k', '.', 'n', 'e', 't', '\0', + /* "vante.me", true */ 'v', 'a', 'n', 't', 'e', '.', 'm', 'e', '\0', + /* "vantien.com", true */ 'v', 'a', 'n', 't', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "vantru.is", true */ 'v', 'a', 'n', 't', 'r', 'u', '.', 'i', 's', '\0', + /* "vanvoro.us", false */ 'v', 'a', 'n', 'v', 'o', 'r', 'o', '.', 'u', 's', '\0', + /* "vanwunnik.com", true */ 'v', 'a', 'n', 'w', 'u', 'n', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0', + /* "vapecom-shop.com", true */ 'v', 'a', 'p', 'e', 'c', 'o', 'm', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "vapehour.com", true */ 'v', 'a', 'p', 'e', 'h', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "vapemania.eu", true */ 'v', 'a', 'p', 'e', 'm', 'a', 'n', 'i', 'a', '.', 'e', 'u', '\0', + /* "vaperolles.ch", true */ 'v', 'a', 'p', 'e', 'r', 'o', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0', + /* "vapesense.co.uk", true */ 'v', 'a', 'p', 'e', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "vaphone.co", true */ 'v', 'a', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', '\0', + /* "vapor.cloud", false */ 'v', 'a', 'p', 'o', 'r', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "vapordepot.jp", true */ 'v', 'a', 'p', 'o', 'r', 'd', 'e', 'p', 'o', 't', '.', 'j', 'p', '\0', + /* "varcare.jp", true */ 'v', 'a', 'r', 'c', 'a', 'r', 'e', '.', 'j', 'p', '\0', + /* "varden.info", true */ 'v', 'a', 'r', 'd', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "vareillefoundation.fr", true */ 'v', 'a', 'r', 'e', 'i', 'l', 'l', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0', + /* "vareillefoundation.org", true */ 'v', 'a', 'r', 'e', 'i', 'l', 'l', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "varghese.de", true */ 'v', 'a', 'r', 'g', 'h', 'e', 's', 'e', '.', 'd', 'e', '\0', + /* "variable.agency", true */ 'v', 'a', 'r', 'i', 'a', 'b', 'l', 'e', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0', + /* "variablyconstant.com", true */ 'v', 'a', 'r', 'i', 'a', 'b', 'l', 'y', 'c', 'o', 'n', 's', 't', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "variag-group.ru", true */ 'v', 'a', 'r', 'i', 'a', 'g', '-', 'g', 'r', 'o', 'u', 'p', '.', 'r', 'u', '\0', + /* "variag-montazh.ru", true */ 'v', 'a', 'r', 'i', 'a', 'g', '-', 'm', 'o', 'n', 't', 'a', 'z', 'h', '.', 'r', 'u', '\0', + /* "varicoseveinssolution.com", true */ 'v', 'a', 'r', 'i', 'c', 'o', 's', 'e', 'v', 'e', 'i', 'n', 's', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "varimedoma.com", true */ 'v', 'a', 'r', 'i', 'm', 'e', 'd', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "varshathacker.com", true */ 'v', 'a', 'r', 's', 'h', 'a', 't', 'h', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "varta.io", true */ 'v', 'a', 'r', 't', 'a', '.', 'i', 'o', '\0', + /* "varunagw.com", false */ 'v', 'a', 'r', 'u', 'n', 'a', 'g', 'w', '.', 'c', 'o', 'm', '\0', + /* "varunpriolkar.com", true */ 'v', 'a', 'r', 'u', 'n', 'p', 'r', 'i', 'o', 'l', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "varvy.com", true */ 'v', 'a', 'r', 'v', 'y', '.', 'c', 'o', 'm', '\0', + /* "vascomm.co.id", true */ 'v', 'a', 's', 'c', 'o', 'm', 'm', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "vashel.us", true */ 'v', 'a', 's', 'h', 'e', 'l', '.', 'u', 's', '\0', + /* "vasileruscior.ro", true */ 'v', 'a', 's', 'i', 'l', 'e', 'r', 'u', 's', 'c', 'i', 'o', 'r', '.', 'r', 'o', '\0', + /* "vaskulitis-info.de", true */ 'v', 'a', 's', 'k', 'u', 'l', 'i', 't', 'i', 's', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0', + /* "vasports.com.au", true */ 'v', 'a', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "vastgoedcultuurfonds.nl", true */ 'v', 'a', 's', 't', 'g', 'o', 'e', 'd', 'c', 'u', 'l', 't', 'u', 'u', 'r', 'f', 'o', 'n', 'd', 's', '.', 'n', 'l', '\0', + /* "vasyharan.com", true */ 'v', 'a', 's', 'y', 'h', 'a', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "vat-eu.com", true */ 'v', 'a', 't', '-', 'e', 'u', '.', 'c', 'o', 'm', '\0', + /* "vatelecom.dk", true */ 'v', 'a', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'd', 'k', '\0', + /* "vattulainen.fi", true */ 'v', 'a', 't', 't', 'u', 'l', 'a', 'i', 'n', 'e', 'n', '.', 'f', 'i', '\0', + /* "vaud-fleurs.ch", true */ 'v', 'a', 'u', 'd', '-', 'f', 'l', 'e', 'u', 'r', 's', '.', 'c', 'h', '\0', + /* "vault21.net", true */ 'v', 'a', 'u', 'l', 't', '2', '1', '.', 'n', 'e', 't', '\0', + /* "vaultproject.io", true */ 'v', 'a', 'u', 'l', 't', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0', + /* "vaur.fr", true */ 'v', 'a', 'u', 'r', '.', 'f', 'r', '\0', + /* "vavai.net", true */ 'v', 'a', 'v', 'a', 'i', '.', 'n', 'e', 't', '\0', + /* "vavel.com", true */ 'v', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "vavouchers.com", true */ 'v', 'a', 'v', 'o', 'u', 'c', 'h', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "vawebsite.co", true */ 'v', 'a', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'c', 'o', '\0', + /* "vaygren.com", true */ 'v', 'a', 'y', 'g', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "vazue.com", true */ 'v', 'a', 'z', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "vbazile.com", true */ 'v', 'b', 'a', 'z', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "vbcdn.com", true */ 'v', 'b', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0', + /* "vbestreviews.com", true */ 'v', 'b', 'e', 's', 't', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "vbh2o.com", true */ 'v', 'b', 'h', '2', 'o', '.', 'c', 'o', 'm', '\0', + /* "vc.gg", true */ 'v', 'c', '.', 'g', 'g', '\0', + /* "vcam.org", true */ 'v', 'c', 'a', 'm', '.', 'o', 'r', 'g', '\0', + /* "vccmurah.net", true */ 'v', 'c', 'c', 'm', 'u', 'r', 'a', 'h', '.', 'n', 'e', 't', '\0', + /* "vcdn.xyz", true */ 'v', 'c', 'd', 'n', '.', 'x', 'y', 'z', '\0', + /* "vcelin-na-doliku.cz", true */ 'v', 'c', 'e', 'l', 'i', 'n', '-', 'n', 'a', '-', 'd', 'o', 'l', 'i', 'k', 'u', '.', 'c', 'z', '\0', + /* "vcf.gov", true */ 'v', 'c', 'f', '.', 'g', 'o', 'v', '\0', + /* "vcientertainment.com", false */ 'v', 'c', 'i', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "vcmi.download", true */ 'v', 'c', 'm', 'i', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0', + /* "vconcept.ch", true */ 'v', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'h', '\0', + /* "vconcept.me", true */ 'v', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'm', 'e', '\0', + /* "vcsjones.codes", true */ 'v', 'c', 's', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', 'd', 'e', 's', '\0', + /* "vcsjones.com", true */ 'v', 'c', 's', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "vcti.cloud", true */ 'v', 'c', 't', 'i', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "vd42.net", true */ 'v', 'd', '4', '2', '.', 'n', 'e', 't', '\0', + /* "vdbongard.com", true */ 'v', 'd', 'b', 'o', 'n', 'g', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "vdcomp.cz", true */ 'v', 'd', 'c', 'o', 'm', 'p', '.', 'c', 'z', '\0', + /* "vdemuzere.be", true */ 'v', 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'b', 'e', '\0', + /* "vdesc.com", true */ 'v', 'd', 'e', 's', 'c', '.', 'c', 'o', 'm', '\0', + /* "vdisk24.de", true */ 'v', 'd', 'i', 's', 'k', '2', '4', '.', 'd', 'e', '\0', + /* "vdownloader.com", true */ 'v', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "vdrpro.com", true */ 'v', 'd', 'r', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "ve.search.yahoo.com", false */ 'v', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "ve3oat.ca", true */ 'v', 'e', '3', 'o', 'a', 't', '.', 'c', 'a', '\0', + /* "vea.re", true */ 'v', 'e', 'a', '.', 'r', 'e', '\0', + /* "veblr.com", false */ 'v', 'e', 'b', 'l', 'r', '.', 'c', 'o', 'm', '\0', + /* "vecerkaracing.cz", true */ 'v', 'e', 'c', 'e', 'r', 'k', 'a', 'r', 'a', 'c', 'i', 'n', 'g', '.', 'c', 'z', '\0', + /* "vecozo.nl", true */ 'v', 'e', 'c', 'o', 'z', 'o', '.', 'n', 'l', '\0', + /* "vectorwish.com", true */ 'v', 'e', 'c', 't', 'o', 'r', 'w', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "vectro.me", true */ 'v', 'e', 'c', 't', 'r', 'o', '.', 'm', 'e', '\0', + /* "veg-leiden.nl", true */ 'v', 'e', 'g', '-', 'l', 'e', 'i', 'd', 'e', 'n', '.', 'n', 'l', '\0', + /* "vegalitarian.org", true */ 'v', 'e', 'g', 'a', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "vegane-proteine.com", true */ 'v', 'e', 'g', 'a', 'n', 'e', '-', 'p', 'r', 'o', 't', 'e', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "veganforum.org", true */ 'v', 'e', 'g', 'a', 'n', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "veganism.co.uk", true */ 'v', 'e', 'g', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "veganism.com", true */ 'v', 'e', 'g', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "vegepa.com", true */ 'v', 'e', 'g', 'e', 'p', 'a', '.', 'c', 'o', 'm', '\0', + /* "veglog.com", true */ 'v', 'e', 'g', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "vehicleenquiry.service.gov.uk", true */ 'v', 'e', 'h', 'i', 'c', 'l', 'e', 'e', 'n', 'q', 'u', 'i', 'r', 'y', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0', + /* "vehicletax.service.gov.uk", true */ 'v', 'e', 'h', 'i', 'c', 'l', 'e', 't', 'a', 'x', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0', + /* "veii.de", true */ 'v', 'e', 'i', 'i', '.', 'd', 'e', '\0', + /* "veil-framework.com", true */ 'v', 'e', 'i', 'l', '-', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "veke.fi", true */ 'v', 'e', 'k', 'e', '.', 'f', 'i', '\0', + /* "vekenz.com", true */ 'v', 'e', 'k', 'e', 'n', 'z', '.', 'c', 'o', 'm', '\0', + /* "velasense.com", true */ 'v', 'e', 'l', 'a', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "velonustraduction.com", true */ 'v', 'e', 'l', 'o', 'n', 'u', 's', 't', 'r', 'a', 'd', 'u', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "velotyretz.fr", true */ 'v', 'e', 'l', 'o', 't', 'y', 'r', 'e', 't', 'z', '.', 'f', 'r', '\0', + /* "venalytics.com", true */ 'v', 'e', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "vendigital.com", true */ 'v', 'e', 'n', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "vendorconnect.nyc", true */ 'v', 'e', 'n', 'd', 'o', 'r', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'n', 'y', 'c', '\0', + /* "vendserve.eu", true */ 'v', 'e', 'n', 'd', 's', 'e', 'r', 'v', 'e', '.', 'e', 'u', '\0', + /* "venicecomputerrepair.com", true */ 'v', 'e', 'n', 'i', 'c', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "venicefloridawebsitedesign.com", true */ 'v', 'e', 'n', 'i', 'c', 'e', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'w', 'e', 'b', 's', 'i', 't', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "venicerealdeal.com", true */ 'v', 'e', 'n', 'i', 'c', 'e', 'r', 'e', 'a', 'l', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "venirextra.com", true */ 'v', 'e', 'n', 'i', 'r', 'e', 'x', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "venirideal.com", true */ 'v', 'e', 'n', 'i', 'r', 'i', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "venninvestorplatform.com", true */ 'v', 'e', 'n', 'n', 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "ventesprivees-fr.com", true */ 'v', 'e', 'n', 't', 'e', 's', 'p', 'r', 'i', 'v', 'e', 'e', 's', '-', 'f', 'r', '.', 'c', 'o', 'm', '\0', + /* "ventizo.com", true */ 'v', 'e', 'n', 't', 'i', 'z', 'o', '.', 'c', 'o', 'm', '\0', + /* "venturum.com", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "venturum.de", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'd', 'e', '\0', + /* "venturum.eu", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'e', 'u', '\0', + /* "venturum.net", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "vera.bg", true */ 'v', 'e', 'r', 'a', '.', 'b', 'g', '\0', + /* "veramagazine.jp", true */ 'v', 'e', 'r', 'a', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 'j', 'p', '\0', + /* "verberne.nu", true */ 'v', 'e', 'r', 'b', 'e', 'r', 'n', 'e', '.', 'n', 'u', '\0', + /* "verbierfestival.com", true */ 'v', 'e', 'r', 'b', 'i', 'e', 'r', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "verdict.gg", true */ 'v', 'e', 'r', 'd', 'i', 'c', 't', '.', 'g', 'g', '\0', + /* "verduccies.com", true */ 'v', 'e', 'r', 'd', 'u', 'c', 'c', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "verein-kiekin.de", true */ 'v', 'e', 'r', 'e', 'i', 'n', '-', 'k', 'i', 'e', 'k', 'i', 'n', '.', 'd', 'e', '\0', + /* "vereinlandwege.de", true */ 'v', 'e', 'r', 'e', 'i', 'n', 'l', 'a', 'n', 'd', 'w', 'e', 'g', 'e', '.', 'd', 'e', '\0', + /* "vereinscheck.de", true */ 'v', 'e', 'r', 'e', 'i', 'n', 's', 'c', 'h', 'e', 'c', 'k', '.', 'd', 'e', '\0', + /* "verfassungsklage.at", true */ 'v', 'e', 'r', 'f', 'a', 's', 's', 'u', 'n', 'g', 's', 'k', 'l', 'a', 'g', 'e', '.', 'a', 't', '\0', + /* "vergeaccessories.com", true */ 'v', 'e', 'r', 'g', 'e', 'a', 'c', 'c', 'e', 's', 's', 'o', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "verhovs.ky", true */ 'v', 'e', 'r', 'h', 'o', 'v', 's', '.', 'k', 'y', '\0', + /* "verifyos.com", true */ 'v', 'e', 'r', 'i', 'f', 'y', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "veriny.tf", true */ 'v', 'e', 'r', 'i', 'n', 'y', '.', 't', 'f', '\0', + /* "veriomed.com", true */ 'v', 'e', 'r', 'i', 'o', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "veritafineviolins.com", true */ 'v', 'e', 'r', 'i', 't', 'a', 'f', 'i', 'n', 'e', 'v', 'i', 'o', 'l', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "verizonguidelines.com", true */ 'v', 'e', 'r', 'i', 'z', 'o', 'n', 'g', 'u', 'i', 'd', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "verliebt-in-bw.de", true */ 'v', 'e', 'r', 'l', 'i', 'e', 'b', 't', '-', 'i', 'n', '-', 'b', 'w', '.', 'd', 'e', '\0', + /* "verliebt-in-niedersachsen.de", true */ 'v', 'e', 'r', 'l', 'i', 'e', 'b', 't', '-', 'i', 'n', '-', 'n', 'i', 'e', 'd', 'e', 'r', 's', 'a', 'c', 'h', 's', 'e', 'n', '.', 'd', 'e', '\0', + /* "verliefde-jongens.nl", true */ 'v', 'e', 'r', 'l', 'i', 'e', 'f', 'd', 'e', '-', 'j', 'o', 'n', 'g', 'e', 'n', 's', '.', 'n', 'l', '\0', + /* "vermeerdealers.com", true */ 'v', 'e', 'r', 'm', 'e', 'e', 'r', 'd', 'e', 'a', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "vermogeninkaart.nl", true */ 'v', 'e', 'r', 'm', 'o', 'g', 'e', 'n', 'i', 'n', 'k', 'a', 'a', 'r', 't', '.', 'n', 'l', '\0', + /* "vermuetje.nl", true */ 'v', 'e', 'r', 'm', 'u', 'e', 't', 'j', 'e', '.', 'n', 'l', '\0', + /* "vernaeve-usedcars.be", true */ 'v', 'e', 'r', 'n', 'a', 'e', 'v', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "vernonatvclub.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'a', 't', 'v', 'c', 'l', 'u', 'b', '.', 'c', 'a', '\0', + /* "vernonchan.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'c', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "vernonfilmsociety.bc.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'f', 'i', 'l', 'm', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'b', 'c', '.', 'c', 'a', '\0', + /* "vernonfishandgame.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'f', 'i', 's', 'h', 'a', 'n', 'd', 'g', 'a', 'm', 'e', '.', 'c', 'a', '\0', + /* "vernonhouseofhope.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'h', 'o', 'u', 's', 'e', 'o', 'f', 'h', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0', + /* "vernonsecureselfstorage.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'e', 's', 'e', 'l', 'f', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'a', '\0', + /* "vernonspeedskatingclub.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 's', 'p', 'e', 'e', 'd', 's', 'k', 'a', 't', 'i', 'n', 'g', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "vernonwintercarnival.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'w', 'i', 'n', 't', 'e', 'r', 'c', 'a', 'r', 'n', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "veronique-schmitz.de", true */ 'v', 'e', 'r', 'o', 'n', 'i', 'q', 'u', 'e', '-', 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'd', 'e', '\0', + /* "verrerie-mousseline.org", true */ 'v', 'e', 'r', 'r', 'e', 'r', 'i', 'e', '-', 'm', 'o', 'u', 's', 's', 'e', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "vers.one", true */ 'v', 'e', 'r', 's', '.', 'o', 'n', 'e', '\0', + /* "versagercloud.de", true */ 'v', 'e', 'r', 's', 'a', 'g', 'e', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0', + /* "versbeton.nl", true */ 'v', 'e', 'r', 's', 'b', 'e', 't', 'o', 'n', '.', 'n', 'l', '\0', + /* "versicherungskontor.net", true */ 'v', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', 'u', 'n', 'g', 's', 'k', 'o', 'n', 't', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "verspai.de", true */ 'v', 'e', 'r', 's', 'p', 'a', 'i', '.', 'd', 'e', '\0', + /* "verstraetenusedcars.be", true */ 'v', 'e', 'r', 's', 't', 'r', 'a', 'e', 't', 'e', 'n', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0', + /* "vertebrates.com", true */ 'v', 'e', 'r', 't', 'e', 'b', 'r', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "verteilergetriebe.info", true */ 'v', 'e', 'r', 't', 'e', 'i', 'l', 'e', 'r', 'g', 'e', 't', 'r', 'i', 'e', 'b', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "vertikar.net", true */ 'v', 'e', 'r', 't', 'i', 'k', 'a', 'r', '.', 'n', 'e', 't', '\0', + /* "vertner.net", true */ 'v', 'e', 'r', 't', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "veryapt.com", true */ 'v', 'e', 'r', 'y', 'a', 'p', 't', '.', 'c', 'o', 'm', '\0', + /* "verymelon.de", true */ 'v', 'e', 'r', 'y', 'm', 'e', 'l', 'o', 'n', '.', 'd', 'e', '\0', + /* "verzick.com", true */ 'v', 'e', 'r', 'z', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "ves.vn.ua", true */ 'v', 'e', 's', '.', 'v', 'n', '.', 'u', 'a', '\0', + /* "vescudero.net", true */ 'v', 'e', 's', 'c', 'u', 'd', 'e', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "veslosada.com", true */ 'v', 'e', 's', 'l', 'o', 's', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "vespacascadia.com", true */ 'v', 'e', 's', 'p', 'a', 'c', 'a', 's', 'c', 'a', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "veterinario.roma.it", true */ 'v', 'e', 't', 'e', 'r', 'i', 'n', 'a', 'r', 'i', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0', + /* "vetforum.co", true */ 'v', 'e', 't', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', '\0', + /* "vetinte.eu", true */ 'v', 'e', 't', 'i', 'n', 't', 'e', '.', 'e', 'u', '\0', + /* "vetofish.com", true */ 'v', 'e', 't', 'o', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "vets.gov", true */ 'v', 'e', 't', 's', '.', 'g', 'o', 'v', '\0', + /* "veverusak.cz", true */ 'v', 'e', 'v', 'e', 'r', 'u', 's', 'a', 'k', '.', 'c', 'z', '\0', + /* "vfdworld.com", true */ 'v', 'f', 'd', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "vfn-nrw.de", true */ 'v', 'f', 'n', '-', 'n', 'r', 'w', '.', 'd', 'e', '\0', + /* "vgerak.com", true */ 'v', 'g', 'e', 'r', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "vgolos.zt.ua", true */ 'v', 'g', 'o', 'l', 'o', 's', '.', 'z', 't', '.', 'u', 'a', '\0', + /* "vgropp.de", true */ 'v', 'g', 'r', 'o', 'p', 'p', '.', 'd', 'e', '\0', + /* "vhummel.nl", true */ 'v', 'h', 'u', 'm', 'm', 'e', 'l', '.', 'n', 'l', '\0', + /* "viacdn.org", true */ 'v', 'i', 'a', 'c', 'd', 'n', '.', 'o', 'r', 'g', '\0', + /* "viafinance.cz", true */ 'v', 'i', 'a', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'z', '\0', + /* "viaggio-in-cina.it", true */ 'v', 'i', 'a', 'g', 'g', 'i', 'o', '-', 'i', 'n', '-', 'c', 'i', 'n', 'a', '.', 'i', 't', '\0', + /* "viaje-a-china.com", true */ 'v', 'i', 'a', 'j', 'e', '-', 'a', '-', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "vialibido.com.br", true */ 'v', 'i', 'a', 'l', 'i', 'b', 'i', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "vialorran.com", true */ 'v', 'i', 'a', 'l', 'o', 'r', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "viaprinto.de", true */ 'v', 'i', 'a', 'p', 'r', 'i', 'n', 't', 'o', '.', 'd', 'e', '\0', + /* "vibrant-america.com", true */ 'v', 'i', 'b', 'r', 'a', 'n', 't', '-', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0', + /* "vibrashop.com.br", true */ 'v', 'i', 'b', 'r', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "vichiya.com", true */ 'v', 'i', 'c', 'h', 'i', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "vician.cz", false */ 'v', 'i', 'c', 'i', 'a', 'n', '.', 'c', 'z', '\0', + /* "viciousflora.com", true */ 'v', 'i', 'c', 'i', 'o', 'u', 's', 'f', 'l', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "viciousviscosity.xyz", true */ 'v', 'i', 'c', 'i', 'o', 'u', 's', 'v', 'i', 's', 'c', 'o', 's', 'i', 't', 'y', '.', 'x', 'y', 'z', '\0', + /* "viclab.se", true */ 'v', 'i', 'c', 'l', 'a', 'b', '.', 's', 'e', '\0', + /* "victorcanera.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'c', 'a', 'n', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "victordiaz.me", true */ 'v', 'i', 'c', 't', 'o', 'r', 'd', 'i', 'a', 'z', '.', 'm', 'e', '\0', + /* "victoreriksson.se", true */ 'v', 'i', 'c', 't', 'o', 'r', 'e', 'r', 'i', 'k', 's', 's', 'o', 'n', '.', 's', 'e', '\0', + /* "victorgbustamante.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'g', 'b', 'u', 's', 't', 'a', 'm', 'a', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "victorhawk.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'h', 'a', 'w', 'k', '.', 'c', 'o', 'm', '\0', + /* "victoriaartist.ru", true */ 'v', 'i', 'c', 't', 'o', 'r', 'i', 'a', 'a', 'r', 't', 'i', 's', 't', '.', 'r', 'u', '\0', + /* "victoriastudio.ru", true */ 'v', 'i', 'c', 't', 'o', 'r', 'i', 'a', 's', 't', 'u', 'd', 'i', 'o', '.', 'r', 'u', '\0', + /* "victoriaville.ca", true */ 'v', 'i', 'c', 't', 'o', 'r', 'i', 'a', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'a', '\0', + /* "victorjacobs.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'j', 'a', 'c', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "victornet.de", true */ 'v', 'i', 'c', 't', 'o', 'r', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "victornilsson.pw", true */ 'v', 'i', 'c', 't', 'o', 'r', 'n', 'i', 'l', 's', 's', 'o', 'n', '.', 'p', 'w', '\0', + /* "vicyu.com", true */ 'v', 'i', 'c', 'y', 'u', '.', 'c', 'o', 'm', '\0', + /* "vid-immobilien.de", true */ 'v', 'i', 'd', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '.', 'd', 'e', '\0', + /* "vida-it.com", true */ 'v', 'i', 'd', 'a', '-', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "vida.es", true */ 'v', 'i', 'd', 'a', '.', 'e', 's', '\0', + /* "vidbooster.com", true */ 'v', 'i', 'd', 'b', 'o', 'o', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "vide-dressing.org", false */ 'v', 'i', 'd', 'e', '-', 'd', 'r', 'e', 's', 's', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "vide-greniers.org", false */ 'v', 'i', 'd', 'e', '-', 'g', 'r', 'e', 'n', 'i', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "vide-maisons.org", false */ 'v', 'i', 'd', 'e', '-', 'm', 'a', 'i', 's', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "videnskabsklubben.dk", true */ 'v', 'i', 'd', 'e', 'n', 's', 'k', 'a', 'b', 's', 'k', 'l', 'u', 'b', 'b', 'e', 'n', '.', 'd', 'k', '\0', + /* "videogamesartwork.com", true */ 'v', 'i', 'd', 'e', 'o', 'g', 'a', 'm', 'e', 's', 'a', 'r', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0', + /* "videoseyredin.net", true */ 'v', 'i', 'd', 'e', 'o', 's', 'e', 'y', 'r', 'e', 'd', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "videosqr.com", true */ 'v', 'i', 'd', 'e', 'o', 's', 'q', 'r', '.', 'c', 'o', 'm', '\0', + /* "videov.tk", true */ 'v', 'i', 'd', 'e', 'o', 'v', '.', 't', 'k', '\0', + /* "vidiproject.com", true */ 'v', 'i', 'd', 'i', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "vidister.de", true */ 'v', 'i', 'd', 'i', 's', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "viditut.com", true */ 'v', 'i', 'd', 'i', 't', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "vidkovaomara.si", true */ 'v', 'i', 'd', 'k', 'o', 'v', 'a', 'o', 'm', 'a', 'r', 'a', '.', 's', 'i', '\0', + /* "vidlyoficial.com", true */ 'v', 'i', 'd', 'l', 'y', 'o', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "vieaw.com", true */ 'v', 'i', 'e', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "vieclam24h.vn", false */ 'v', 'i', 'e', 'c', 'l', 'a', 'm', '2', '4', 'h', '.', 'v', 'n', '\0', + /* "viekelis.lt", false */ 'v', 'i', 'e', 'k', 'e', 'l', 'i', 's', '.', 'l', 't', '\0', + /* "viemeister.com", true */ 'v', 'i', 'e', 'm', 'e', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "viemontante.be", true */ 'v', 'i', 'e', 'm', 'o', 'n', 't', 'a', 'n', 't', 'e', '.', 'b', 'e', '\0', + /* "viennan.net", true */ 'v', 'i', 'e', 'n', 'n', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "vientos.coop", true */ 'v', 'i', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'o', 'p', '\0', + /* "viepixel.at", true */ 'v', 'i', 'e', 'p', 'i', 'x', 'e', 'l', '.', 'a', 't', '\0', + /* "vierdaagsehotel.nl", true */ 'v', 'i', 'e', 'r', 'd', 'a', 'a', 'g', 's', 'e', 'h', 'o', 't', 'e', 'l', '.', 'n', 'l', '\0', + /* "vierpfeile.de", true */ 'v', 'i', 'e', 'r', 'p', 'f', 'e', 'i', 'l', 'e', '.', 'd', 'e', '\0', + /* "vierpluseins.wtf", true */ 'v', 'i', 'e', 'r', 'p', 'l', 'u', 's', 'e', 'i', 'n', 's', '.', 'w', 't', 'f', '\0', + /* "vietnam-lifer.com", true */ 'v', 'i', 'e', 't', 'n', 'a', 'm', '-', 'l', 'i', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "vietnamese.dating", true */ 'v', 'i', 'e', 't', 'n', 'a', 'm', 'e', 's', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0', + /* "vietnamhost.vn", false */ 'v', 'i', 'e', 't', 'n', 'a', 'm', 'h', 'o', 's', 't', '.', 'v', 'n', '\0', + /* "vietnamwomenveterans.org", true */ 'v', 'i', 'e', 't', 'n', 'a', 'm', 'w', 'o', 'm', 'e', 'n', 'v', 'e', 't', 'e', 'r', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "vieux.pro", true */ 'v', 'i', 'e', 'u', 'x', '.', 'p', 'r', 'o', '\0', + /* "viewbook.com", true */ 'v', 'i', 'e', 'w', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "viewmyrecords.com", true */ 'v', 'i', 'e', 'w', 'm', 'y', 'r', 'e', 'c', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "viewsea.com", true */ 'v', 'i', 'e', 'w', 's', 'e', 'a', '.', 'c', 'o', 'm', '\0', + /* "viga.me", true */ 'v', 'i', 'g', 'a', '.', 'm', 'e', '\0', + /* "vigenebio.com", true */ 'v', 'i', 'g', 'e', 'n', 'e', 'b', 'i', 'o', '.', 'c', 'o', 'm', '\0', + /* "vigilantnow.com", true */ 'v', 'i', 'g', 'i', 'l', 'a', 'n', 't', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "vigliano.ovh", true */ 'v', 'i', 'g', 'l', 'i', 'a', 'n', 'o', '.', 'o', 'v', 'h', '\0', + /* "vigo-krankenversicherung.de", true */ 'v', 'i', 'g', 'o', '-', 'k', 'r', 'a', 'n', 'k', 'e', 'n', 'v', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "vigo-tarife.de", true */ 'v', 'i', 'g', 'o', '-', 't', 'a', 'r', 'i', 'f', 'e', '.', 'd', 'e', '\0', + /* "vigour.us", true */ 'v', 'i', 'g', 'o', 'u', 'r', '.', 'u', 's', '\0', + /* "vigoxatelier.tech", true */ 'v', 'i', 'g', 'o', 'x', 'a', 't', 'e', 'l', 'i', 'e', 'r', '.', 't', 'e', 'c', 'h', '\0', + /* "vigrey.com", true */ 'v', 'i', 'g', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "viikko.eu", true */ 'v', 'i', 'i', 'k', 'k', 'o', '.', 'e', 'u', '\0', + /* "vijay-international.com", true */ 'v', 'i', 'j', 'a', 'y', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "vijverbenodigdheden.nl", true */ 'v', 'i', 'j', 'v', 'e', 'r', 'b', 'e', 'n', 'o', 'd', 'i', 'g', 'd', 'h', 'e', 'd', 'e', 'n', '.', 'n', 'l', '\0', + /* "vik.im", true */ 'v', 'i', 'k', '.', 'i', 'm', '\0', + /* "vikashkumar.me", true */ 'v', 'i', 'k', 'a', 's', 'h', 'k', 'u', 'm', 'a', 'r', '.', 'm', 'e', '\0', + /* "viking-style.ru", true */ 'v', 'i', 'k', 'i', 'n', 'g', '-', 's', 't', 'y', 'l', 'e', '.', 'r', 'u', '\0', + /* "vikings.net", true */ 'v', 'i', 'k', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0', + /* "vikodek.com", true */ 'v', 'i', 'k', 'o', 'd', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "viktorprevaric.eu", true */ 'v', 'i', 'k', 't', 'o', 'r', 'p', 'r', 'e', 'v', 'a', 'r', 'i', 'c', '.', 'e', 'u', '\0', + /* "viladochurrasco.com.br", true */ 'v', 'i', 'l', 'a', 'd', 'o', 'c', 'h', 'u', 'r', 'r', 'a', 's', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "villa-gockel.de", true */ 'v', 'i', 'l', 'l', 'a', '-', 'g', 'o', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0', + /* "villa-romantica-zillertal.at", true */ 'v', 'i', 'l', 'l', 'a', '-', 'r', 'o', 'm', 'a', 'n', 't', 'i', 'c', 'a', '-', 'z', 'i', 'l', 'l', 'e', 'r', 't', 'a', 'l', '.', 'a', 't', '\0', + /* "villafiore.com.br", true */ 'v', 'i', 'l', 'l', 'a', 'f', 'i', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "villageunique.com.br", true */ 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'u', 'n', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "villagockel.de", true */ 'v', 'i', 'l', 'l', 'a', 'g', 'o', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0', + /* "villainsclothing.com.au", true */ 'v', 'i', 'l', 'l', 'a', 'i', 'n', 's', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "villasenor.online", true */ 'v', 'i', 'l', 'l', 'a', 's', 'e', 'n', 'o', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "villasfinistere.fr", true */ 'v', 'i', 'l', 'l', 'a', 's', 'f', 'i', 'n', 'i', 's', 't', 'e', 'r', 'e', '.', 'f', 'r', '\0', + /* "villasforsale-bali.com", true */ 'v', 'i', 'l', 'l', 'a', 's', 'f', 'o', 'r', 's', 'a', 'l', 'e', '-', 'b', 'a', 'l', 'i', '.', 'c', 'o', 'm', '\0', + /* "villek.fi", true */ 'v', 'i', 'l', 'l', 'e', 'k', '.', 'f', 'i', '\0', + /* "villenavedornon.fr", true */ 'v', 'i', 'l', 'l', 'e', 'n', 'a', 'v', 'e', 'd', 'o', 'r', 'n', 'o', 'n', '.', 'f', 'r', '\0', + /* "vilog.me", true */ 'v', 'i', 'l', 'o', 'g', '.', 'm', 'e', '\0', + /* "viltsu.net", true */ 'v', 'i', 'l', 't', 's', 'u', '.', 'n', 'e', 't', '\0', + /* "vima.ch", true */ 'v', 'i', 'm', 'a', '.', 'c', 'h', '\0', + /* "vimeo.com", true */ 'v', 'i', 'm', 'e', 'o', '.', 'c', 'o', 'm', '\0', + /* "vinagro.sk", true */ 'v', 'i', 'n', 'a', 'g', 'r', 'o', '.', 's', 'k', '\0', + /* "vinarstvimodryhrozen.cz", true */ 'v', 'i', 'n', 'a', 'r', 's', 't', 'v', 'i', 'm', 'o', 'd', 'r', 'y', 'h', 'r', 'o', 'z', 'e', 'n', '.', 'c', 'z', '\0', + /* "vincentcox.com", false */ 'v', 'i', 'n', 'c', 'e', 'n', 't', 'c', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "vincentpancol.com", true */ 'v', 'i', 'n', 'c', 'e', 'n', 't', 'p', 'a', 'n', 'c', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "vincitraining.com", true */ 'v', 'i', 'n', 'c', 'i', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "vineright.com", true */ 'v', 'i', 'n', 'e', 'r', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0', + /* "vinicius.sl", true */ 'v', 'i', 'n', 'i', 'c', 'i', 'u', 's', '.', 's', 'l', '\0', + /* "vinilosdecorativos.net", true */ 'v', 'i', 'n', 'i', 'l', 'o', 's', 'd', 'e', 'c', 'o', 'r', 'a', 't', 'i', 'v', 'o', 's', '.', 'n', 'e', 't', '\0', + /* "vinner.com.au", true */ 'v', 'i', 'n', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "vinolli.de", true */ 'v', 'i', 'n', 'o', 'l', 'l', 'i', '.', 'd', 'e', '\0', + /* "vinovum.net", true */ 'v', 'i', 'n', 'o', 'v', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "vintagecaskandbarrel.com", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 'c', 'a', 's', 'k', 'a', 'n', 'd', 'b', 'a', 'r', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "vintagejeeps.net", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 'j', 'e', 'e', 'p', 's', '.', 'n', 'e', 't', '\0', + /* "vintageportgifts.co.uk", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 'p', 'o', 'r', 't', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "vintagetrailerbuyers.com", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 't', 'r', 'a', 'i', 'l', 'e', 'r', 'b', 'u', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "vintazh.net", true */ 'v', 'i', 'n', 't', 'a', 'z', 'h', '.', 'n', 'e', 't', '\0', + /* "vinticom.ch", true */ 'v', 'i', 'n', 't', 'i', 'c', 'o', 'm', '.', 'c', 'h', '\0', + /* "vintock.com", true */ 'v', 'i', 'n', 't', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "vinyculture.com", true */ 'v', 'i', 'n', 'y', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "vinzite.com", true */ 'v', 'i', 'n', 'z', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "violet-letter.delivery", true */ 'v', 'i', 'o', 'l', 'e', 't', '-', 'l', 'e', 't', 't', 'e', 'r', '.', 'd', 'e', 'l', 'i', 'v', 'e', 'r', 'y', '\0', + /* "violetraven.co.uk", true */ 'v', 'i', 'o', 'l', 'e', 't', 'r', 'a', 'v', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "violin4fun.nl", true */ 'v', 'i', 'o', 'l', 'i', 'n', '4', 'f', 'u', 'n', '.', 'n', 'l', '\0', + /* "vionicbeach.com", true */ 'v', 'i', 'o', 'n', 'i', 'c', 'b', 'e', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "vip8522.com", true */ 'v', 'i', 'p', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "vipi.es", true */ 'v', 'i', 'p', 'i', '.', 'e', 's', '\0', + /* "vipnettikasinoklubi.com", true */ 'v', 'i', 'p', 'n', 'e', 't', 't', 'i', 'k', 'a', 's', 'i', 'n', 'o', 'k', 'l', 'u', 'b', 'i', '.', 'c', 'o', 'm', '\0', + /* "viptamin.eu", true */ 'v', 'i', 'p', 't', 'a', 'm', 'i', 'n', '.', 'e', 'u', '\0', + /* "viptamol.com", true */ 'v', 'i', 'p', 't', 'a', 'm', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "vir-tec.eu", true */ 'v', 'i', 'r', '-', 't', 'e', 'c', '.', 'e', 'u', '\0', + /* "viralboombox.xyz", true */ 'v', 'i', 'r', 'a', 'l', 'b', 'o', 'o', 'm', 'b', 'o', 'x', '.', 'x', 'y', 'z', '\0', + /* "viralpop.it", true */ 'v', 'i', 'r', 'a', 'l', 'p', 'o', 'p', '.', 'i', 't', '\0', + /* "virgopolymer.com", true */ 'v', 'i', 'r', 'g', 'o', 'p', 'o', 'l', 'y', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "virial.de", true */ 'v', 'i', 'r', 'i', 'a', 'l', '.', 'd', 'e', '\0', + /* "viridis-milites.cz", true */ 'v', 'i', 'r', 'i', 'd', 'i', 's', '-', 'm', 'i', 'l', 'i', 't', 'e', 's', '.', 'c', 'z', '\0', + /* "virtualcustoms.tech", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'c', 'u', 's', 't', 'o', 'm', 's', '.', 't', 'e', 'c', 'h', '\0', + /* "virtualdesignmedia.com", false */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'd', 'e', 's', 'i', 'g', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "virtuallifestyle.nl", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'l', 'i', 'f', 'e', 's', 't', 'y', 'l', 'e', '.', 'n', 'l', '\0', + /* "virtualmt2.pl", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'm', 't', '2', '.', 'p', 'l', '\0', + /* "virtualsanity.com", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 's', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "virtualvaults.com", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'v', 'a', 'u', 'l', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "virtubox.net", true */ 'v', 'i', 'r', 't', 'u', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0', + /* "virtusaero.com", true */ 'v', 'i', 'r', 't', 'u', 's', 'a', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "virvum.ch", true */ 'v', 'i', 'r', 'v', 'u', 'm', '.', 'c', 'h', '\0', + /* "visa-shinsei.com", true */ 'v', 'i', 's', 'a', '-', 's', 'h', 'i', 'n', 's', 'e', 'i', '.', 'c', 'o', 'm', '\0', + /* "visaexpert.co.za", true */ 'v', 'i', 's', 'a', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "visalogy.com", true */ 'v', 'i', 's', 'a', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "visaop.com", true */ 'v', 'i', 's', 'a', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "visapourailleurs.fr", true */ 'v', 'i', 's', 'a', 'p', 'o', 'u', 'r', 'a', 'i', 'l', 'l', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0', + /* "visaya.com.co", true */ 'v', 'i', 's', 'a', 'y', 'a', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0', + /* "viscoelastico.com.br", true */ 'v', 'i', 's', 'c', 'o', 'e', 'l', 'a', 's', 't', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "viscopic.com", true */ 'v', 'i', 's', 'c', 'o', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "vishwashantiyoga.com", true */ 'v', 'i', 's', 'h', 'w', 'a', 's', 'h', 'a', 'n', 't', 'i', 'y', 'o', 'g', 'a', '.', 'c', 'o', 'm', '\0', + /* "visibox.nl", true */ 'v', 'i', 's', 'i', 'b', 'o', 'x', '.', 'n', 'l', '\0', + /* "visikom.de", true */ 'v', 'i', 's', 'i', 'k', 'o', 'm', '.', 'd', 'e', '\0', + /* "visioflux-premium.com", true */ 'v', 'i', 's', 'i', 'o', 'f', 'l', 'u', 'x', '-', 'p', 'r', 'e', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "visionarymedia.nl", true */ 'v', 'i', 's', 'i', 'o', 'n', 'a', 'r', 'y', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0', + /* "visionless.me", false */ 'v', 'i', 's', 'i', 'o', 'n', 'l', 'e', 's', 's', '.', 'm', 'e', '\0', + /* "visiontree-beta.eu", true */ 'v', 'i', 's', 'i', 'o', 'n', 't', 'r', 'e', 'e', '-', 'b', 'e', 't', 'a', '.', 'e', 'u', '\0', + /* "visistruct.com", true */ 'v', 'i', 's', 'i', 's', 't', 'r', 'u', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "visitkangaroovalley.com.au", true */ 'v', 'i', 's', 'i', 't', 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "visor.ph", true */ 'v', 'i', 's', 'o', 'r', '.', 'p', 'h', '\0', + /* "vispaleistexel.nl", true */ 'v', 'i', 's', 'p', 'a', 'l', 'e', 'i', 's', 't', 'e', 'x', 'e', 'l', '.', 'n', 'l', '\0', + /* "vistaalmar.es", true */ 'v', 'i', 's', 't', 'a', 'a', 'l', 'm', 'a', 'r', '.', 'e', 's', '\0', + /* "vistastylebuilder.com", false */ 'v', 'i', 's', 't', 'a', 's', 't', 'y', 'l', 'e', 'b', 'u', 'i', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "vistb.me", true */ 'v', 'i', 's', 't', 'b', '.', 'm', 'e', '\0', + /* "visual-cockpit.com", true */ 'v', 'i', 's', 'u', 'a', 'l', '-', 'c', 'o', 'c', 'k', 'p', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "visualideas.org", true */ 'v', 'i', 's', 'u', 'a', 'l', 'i', 'd', 'e', 'a', 's', '.', 'o', 'r', 'g', '\0', + /* "visudira.com", true */ 'v', 'i', 's', 'u', 'd', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "vitahook.pw", true */ 'v', 'i', 't', 'a', 'h', 'o', 'o', 'k', '.', 'p', 'w', '\0', + /* "vital-tel.co.uk", true */ 'v', 'i', 't', 'a', 'l', '-', 't', 'e', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "vitalamin.at", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'a', 't', '\0', + /* "vitalamin.ch", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'c', 'h', '\0', + /* "vitalamin.com", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "vitalamin.de", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'd', 'e', '\0', + /* "vitalismaatjes.nl", true */ 'v', 'i', 't', 'a', 'l', 'i', 's', 'm', 'a', 'a', 't', 'j', 'e', 's', '.', 'n', 'l', '\0', + /* "vitalthings.de", true */ 'v', 'i', 't', 'a', 'l', 't', 'h', 'i', 'n', 'g', 's', '.', 'd', 'e', '\0', + /* "vitalyzhukphoto.com", true */ 'v', 'i', 't', 'a', 'l', 'y', 'z', 'h', 'u', 'k', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "vitaminler.com", true */ 'v', 'i', 't', 'a', 'm', 'i', 'n', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "vitapingu.de", true */ 'v', 'i', 't', 'a', 'p', 'i', 'n', 'g', 'u', '.', 'd', 'e', '\0', + /* "vitastic.nl", true */ 'v', 'i', 't', 'a', 's', 't', 'i', 'c', '.', 'n', 'l', '\0', + /* "viteoscrm.ch", true */ 'v', 'i', 't', 'e', 'o', 's', 'c', 'r', 'm', '.', 'c', 'h', '\0', + /* "vitkausk.as", true */ 'v', 'i', 't', 'k', 'a', 'u', 's', 'k', '.', 'a', 's', '\0', + /* "vitkutny.cz", true */ 'v', 'i', 't', 'k', 'u', 't', 'n', 'y', '.', 'c', 'z', '\0', + /* "vitoye.com", true */ 'v', 'i', 't', 'o', 'y', 'e', '.', 'c', 'o', 'm', '\0', + /* "vitra-vcare.co.uk", true */ 'v', 'i', 't', 'r', 'a', '-', 'v', 'c', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "vitrado.de", true */ 'v', 'i', 't', 'r', 'a', 'd', 'o', '.', 'd', 'e', '\0', + /* "vitsoft.by", true */ 'v', 'i', 't', 's', 'o', 'f', 't', '.', 'b', 'y', '\0', + /* "vivaldi.club", true */ 'v', 'i', 'v', 'a', 'l', 'd', 'i', '.', 'c', 'l', 'u', 'b', '\0', + /* "vivamusic.es", true */ 'v', 'i', 'v', 'a', 'm', 'u', 's', 'i', 'c', '.', 'e', 's', '\0', + /* "vivanosports.com.br", true */ 'v', 'i', 'v', 'a', 'n', 'o', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "vivatv.com.tw", true */ 'v', 'i', 'v', 'a', 't', 'v', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "vivendi.de", true */ 'v', 'i', 'v', 'e', 'n', 'd', 'i', '.', 'd', 'e', '\0', + /* "vivianmaier.cn", true */ 'v', 'i', 'v', 'i', 'a', 'n', 'm', 'a', 'i', 'e', 'r', '.', 'c', 'n', '\0', + /* "vivid-academy.com", true */ 'v', 'i', 'v', 'i', 'd', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0', + /* "vividinflatables.co.uk", true */ 'v', 'i', 'v', 'i', 'd', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "vividlumen.com", true */ 'v', 'i', 'v', 'i', 'd', 'l', 'u', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "viviennevandenbos.nl", true */ 'v', 'i', 'v', 'i', 'e', 'n', 'n', 'e', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0', + /* "vivirenelmundo.com", true */ 'v', 'i', 'v', 'i', 'r', 'e', 'n', 'e', 'l', 'm', 'u', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0', + /* "vivo.sx", true */ 'v', 'i', 'v', 'o', '.', 's', 'x', '\0', + /* "vizards.cc", true */ 'v', 'i', 'z', 'a', 'r', 'd', 's', '.', 'c', 'c', '\0', + /* "vize.ai", true */ 'v', 'i', 'z', 'e', '.', 'a', 'i', '\0', + /* "vizional.com", true */ 'v', 'i', 'z', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "vizzboard.com", true */ 'v', 'i', 'z', 'z', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "vjeff.com", true */ 'v', 'j', 'e', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "vjeff.net", true */ 'v', 'j', 'e', 'f', 'f', '.', 'n', 'e', 't', '\0', + /* "vk4wip.org.au", true */ 'v', 'k', '4', 'w', 'i', 'p', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "vkennke.org", true */ 'v', 'k', 'e', 'n', 'n', 'k', 'e', '.', 'o', 'r', 'g', '\0', + /* "vkino.com", false */ 'v', 'k', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "vkirichenko.name", true */ 'v', 'k', 'i', 'r', 'i', 'c', 'h', 'e', 'n', 'k', 'o', '.', 'n', 'a', 'm', 'e', '\0', + /* "vkox.com", true */ 'v', 'k', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "vksportphoto.com", true */ 'v', 'k', 's', 'p', 'o', 'r', 't', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "vladimiroff.org", true */ 'v', 'l', 'a', 'd', 'i', 'm', 'i', 'r', 'o', 'f', 'f', '.', 'o', 'r', 'g', '\0', + /* "vladislavstoyanov.com", true */ 'v', 'l', 'a', 'd', 'i', 's', 'l', 'a', 'v', 's', 't', 'o', 'y', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "vldkn.net", true */ 'v', 'l', 'd', 'k', 'n', '.', 'n', 'e', 't', '\0', + /* "vleij.com", true */ 'v', 'l', 'e', 'i', 'j', '.', 'c', 'o', 'm', '\0', + /* "vleij.family", true */ 'v', 'l', 'e', 'i', 'j', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0', + /* "vleij.se", true */ 'v', 'l', 'e', 'i', 'j', '.', 's', 'e', '\0', + /* "vliegensvlug.services", true */ 'v', 'l', 'i', 'e', 'g', 'e', 'n', 's', 'v', 'l', 'u', 'g', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0', + /* "vloeck.de", true */ 'v', 'l', 'o', 'e', 'c', 'k', '.', 'd', 'e', '\0', + /* "vlovgr.se", true */ 'v', 'l', 'o', 'v', 'g', 'r', '.', 's', 'e', '\0', + /* "vlsk.eu", true */ 'v', 'l', 's', 'k', '.', 'e', 'u', '\0', + /* "vlsm.se", true */ 'v', 'l', 's', 'm', '.', 's', 'e', '\0', + /* "vlvvl.com", true */ 'v', 'l', 'v', 'v', 'l', '.', 'c', 'o', 'm', '\0', + /* "vm-0.com", true */ 'v', 'm', '-', '0', '.', 'c', 'o', 'm', '\0', + /* "vm-co.ch", true */ 'v', 'm', '-', 'c', 'o', '.', 'c', 'h', '\0', + /* "vmc.co.id", true */ 'v', 'm', 'c', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "vmem.jp", false */ 'v', 'm', 'e', 'm', '.', 'j', 'p', '\0', + /* "vmgirls.com", true */ 'v', 'm', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "vmhydro.ru", false */ 'v', 'm', 'h', 'y', 'd', 'r', 'o', '.', 'r', 'u', '\0', + /* "vmis.nl", true */ 'v', 'm', 'i', 's', '.', 'n', 'l', '\0', + /* "vmoagents.com", false */ 'v', 'm', 'o', 'a', 'g', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "vmoe.info", true */ 'v', 'm', 'o', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "vmug.pl", true */ 'v', 'm', 'u', 'g', '.', 'p', 'l', '\0', + /* "vn.search.yahoo.com", false */ 'v', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "vnd.cloud", true */ 'v', 'n', 'd', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "vnvisa.center", true */ 'v', 'n', 'v', 'i', 's', 'a', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0', + /* "vnvisa.ru", true */ 'v', 'n', 'v', 'i', 's', 'a', '.', 'r', 'u', '\0', + /* "vocab.guru", true */ 'v', 'o', 'c', 'a', 'b', '.', 'g', 'u', 'r', 'u', '\0', + /* "vocaloid.my", true */ 'v', 'o', 'c', 'a', 'l', 'o', 'i', 'd', '.', 'm', 'y', '\0', + /* "vocalviews.com", true */ 'v', 'o', 'c', 'a', 'l', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "vodpay.com", true */ 'v', 'o', 'd', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "vodpay.net", true */ 'v', 'o', 'd', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "vodpay.org", true */ 'v', 'o', 'd', 'p', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "vogler.name", true */ 'v', 'o', 'g', 'l', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0', + /* "voice-of-design.com", true */ 'v', 'o', 'i', 'c', 'e', '-', 'o', 'f', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "voicu.ch", true */ 'v', 'o', 'i', 'c', 'u', '.', 'c', 'h', '\0', + /* "void-it.nl", true */ 'v', 'o', 'i', 'd', '-', 'i', 't', '.', 'n', 'l', '\0', + /* "void-zero.com", true */ 'v', 'o', 'i', 'd', '-', 'z', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "voidpay.com", true */ 'v', 'o', 'i', 'd', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "voidpay.net", true */ 'v', 'o', 'i', 'd', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0', + /* "voidpay.org", true */ 'v', 'o', 'i', 'd', 'p', 'a', 'y', '.', 'o', 'r', 'g', '\0', + /* "voidptr.eu", true */ 'v', 'o', 'i', 'd', 'p', 't', 'r', '.', 'e', 'u', '\0', + /* "voids.org", true */ 'v', 'o', 'i', 'd', 's', '.', 'o', 'r', 'g', '\0', + /* "voidshift.com", true */ 'v', 'o', 'i', 'd', 's', 'h', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0', + /* "voipkb.com", true */ 'v', 'o', 'i', 'p', 'k', 'b', '.', 'c', 'o', 'm', '\0', + /* "voipsun.com", true */ 'v', 'o', 'i', 'p', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "vokativy.cz", false */ 'v', 'o', 'k', 'a', 't', 'i', 'v', 'y', '.', 'c', 'z', '\0', + /* "vokeapp.com", true */ 'v', 'o', 'k', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "volcanconcretos.com", true */ 'v', 'o', 'l', 'c', 'a', 'n', 'c', 'o', 'n', 'c', 'r', 'e', 't', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "volga.us", true */ 'v', 'o', 'l', 'g', 'a', '.', 'u', 's', '\0', + /* "volgavibes.ru", false */ 'v', 'o', 'l', 'g', 'a', 'v', 'i', 'b', 'e', 's', '.', 'r', 'u', '\0', + /* "voliere-info.nl", false */ 'v', 'o', 'l', 'i', 'e', 'r', 'e', '-', 'i', 'n', 'f', 'o', '.', 'n', 'l', '\0', + /* "volker-gropp.de", true */ 'v', 'o', 'l', 'k', 'e', 'r', '-', 'g', 'r', 'o', 'p', 'p', '.', 'd', 'e', '\0', + /* "volkergropp.de", true */ 'v', 'o', 'l', 'k', 'e', 'r', 'g', 'r', 'o', 'p', 'p', '.', 'd', 'e', '\0', + /* "volkerwesselstransfer.nl", true */ 'v', 'o', 'l', 'k', 'e', 'r', 'w', 'e', 's', 's', 'e', 'l', 's', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', '.', 'n', 'l', '\0', + /* "volkerwesselswave.nl", true */ 'v', 'o', 'l', 'k', 'e', 'r', 'w', 'e', 's', 's', 'e', 'l', 's', 'w', 'a', 'v', 'e', '.', 'n', 'l', '\0', + /* "volkswurst.de", true */ 'v', 'o', 'l', 'k', 's', 'w', 'u', 'r', 's', 't', '.', 'd', 'e', '\0', + /* "vollans.id.au", true */ 'v', 'o', 'l', 'l', 'a', 'n', 's', '.', 'i', 'd', '.', 'a', 'u', '\0', + /* "voloevents.com", true */ 'v', 'o', 'l', 'o', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "volta.io", true */ 'v', 'o', 'l', 't', 'a', '.', 'i', 'o', '\0', + /* "voltimax.com", true */ 'v', 'o', 'l', 't', 'i', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0', + /* "volto.io", true */ 'v', 'o', 'l', 't', 'o', '.', 'i', 'o', '\0', + /* "voltotc.com", true */ 'v', 'o', 'l', 't', 'o', 't', 'c', '.', 'c', 'o', 'm', '\0', + /* "vonauw.com", true */ 'v', 'o', 'n', 'a', 'u', 'w', '.', 'c', 'o', 'm', '\0', + /* "vonborstelboerner.de", true */ 'v', 'o', 'n', 'b', 'o', 'r', 's', 't', 'e', 'l', 'b', 'o', 'e', 'r', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "vonedelmann.de", false */ 'v', 'o', 'n', 'e', 'd', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "vongerlach.at", true */ 'v', 'o', 'n', 'g', 'e', 'r', 'l', 'a', 'c', 'h', '.', 'a', 't', '\0', + /* "vonniehudson.com", true */ 'v', 'o', 'n', 'n', 'i', 'e', 'h', 'u', 'd', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "vonski.pl", true */ 'v', 'o', 'n', 's', 'k', 'i', '.', 'p', 'l', '\0', + /* "voodoochile.at", true */ 'v', 'o', 'o', 'd', 'o', 'o', 'c', 'h', 'i', 'l', 'e', '.', 'a', 't', '\0', + /* "vop.li", true */ 'v', 'o', 'p', '.', 'l', 'i', '\0', + /* "vorkbaard.nl", true */ 'v', 'o', 'r', 'k', 'b', 'a', 'a', 'r', 'd', '.', 'n', 'l', '\0', + /* "vorlicek.de", true */ 'v', 'o', 'r', 'l', 'i', 'c', 'e', 'k', '.', 'd', 'e', '\0', + /* "vorm2.com", true */ 'v', 'o', 'r', 'm', '2', '.', 'c', 'o', 'm', '\0', + /* "vos-fleurs.ch", true */ 'v', 'o', 's', '-', 'f', 'l', 'e', 'u', 'r', 's', '.', 'c', 'h', '\0', + /* "vos-fleurs.com", true */ 'v', 'o', 's', '-', 'f', 'l', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "vosgym.jp", true */ 'v', 'o', 's', 'g', 'y', 'm', '.', 'j', 'p', '\0', + /* "vosky.fr", true */ 'v', 'o', 's', 'k', 'y', '.', 'f', 'r', '\0', + /* "vostronet.com", true */ 'v', 'o', 's', 't', 'r', 'o', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "voter-info.uk", true */ 'v', 'o', 't', 'e', 'r', '-', 'i', 'n', 'f', 'o', '.', 'u', 'k', '\0', + /* "votercircle.com", true */ 'v', 'o', 't', 'e', 'r', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "voterstartingpoint.uk", true */ 'v', 'o', 't', 'e', 'r', 's', 't', 'a', 'r', 't', 'i', 'n', 'g', 'p', 'o', 'i', 'n', 't', '.', 'u', 'k', '\0', + /* "votocek.cz", true */ 'v', 'o', 't', 'o', 'c', 'e', 'k', '.', 'c', 'z', '\0', + /* "votockova.cz", true */ 'v', 'o', 't', 'o', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0', + /* "votoot.com", true */ 'v', 'o', 't', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "votre-site-internet.ch", true */ 'v', 'o', 't', 'r', 'e', '-', 's', 'i', 't', 'e', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'c', 'h', '\0', + /* "vow.vn", true */ 'v', 'o', 'w', '.', 'v', 'n', '\0', + /* "voxfilmeonline.net", true */ 'v', 'o', 'x', 'f', 'i', 'l', 'm', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0', + /* "voxml.com", true */ 'v', 'o', 'x', 'm', 'l', '.', 'c', 'o', 'm', '\0', + /* "voxographe.com", false */ 'v', 'o', 'x', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'c', 'o', 'm', '\0', + /* "voyage-martinique.fr", true */ 'v', 'o', 'y', 'a', 'g', 'e', '-', 'm', 'a', 'r', 't', 'i', 'n', 'i', 'q', 'u', 'e', '.', 'f', 'r', '\0', + /* "voyageforum.com", true */ 'v', 'o', 'y', 'a', 'g', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "voyagesaufildespages.be", true */ 'v', 'o', 'y', 'a', 'g', 'e', 's', 'a', 'u', 'f', 'i', 'l', 'd', 'e', 's', 'p', 'a', 'g', 'e', 's', '.', 'b', 'e', '\0', + /* "voyageschine.com", true */ 'v', 'o', 'y', 'a', 'g', 'e', 's', 'c', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "voyagesdetective.fr", true */ 'v', 'o', 'y', 'a', 'g', 'e', 's', 'd', 'e', 't', 'e', 'c', 't', 'i', 'v', 'e', '.', 'f', 'r', '\0', + /* "vozami.com", true */ 'v', 'o', 'z', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0', + /* "vpc-display.com", true */ 'v', 'p', 'c', '-', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "vpn.black", true */ 'v', 'p', 'n', '.', 'b', 'l', 'a', 'c', 'k', '\0', + /* "vpn.ht", true */ 'v', 'p', 'n', '.', 'h', 't', '\0', + /* "vpnservice.nl", true */ 'v', 'p', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'n', 'l', '\0', + /* "vpnzoom.com", true */ 'v', 'p', 'n', 'z', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "vpsboard.com", true */ 'v', 'p', 's', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "vpsdream.dk", true */ 'v', 'p', 's', 'd', 'r', 'e', 'a', 'm', '.', 'd', 'k', '\0', + /* "vrandopulo.ru", true */ 'v', 'r', 'a', 'n', 'd', 'o', 'p', 'u', 'l', 'o', '.', 'r', 'u', '\0', + /* "vranjske.co.rs", true */ 'v', 'r', 'a', 'n', 'j', 's', 'k', 'e', '.', 'c', 'o', '.', 'r', 's', '\0', + /* "vreeman.com", true */ 'v', 'r', 'e', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "vriesdonkow.be", true */ 'v', 'r', 'i', 'e', 's', 'd', 'o', 'n', 'k', 'o', 'w', '.', 'b', 'e', '\0', + /* "vrijgezellen-feest.com", true */ 'v', 'r', 'i', 'j', 'g', 'e', 'z', 'e', 'l', 'l', 'e', 'n', '-', 'f', 'e', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "vrlaid.com", false */ 'v', 'r', 'l', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "vroedvrouwella.be", true */ 'v', 'r', 'o', 'e', 'd', 'v', 'r', 'o', 'u', 'w', 'e', 'l', 'l', 'a', '.', 'b', 'e', '\0', + /* "vrsgames.com.mx", true */ 'v', 'r', 's', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "vrsystem.com.br", true */ 'v', 'r', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "vrtak-cz.net", true */ 'v', 'r', 't', 'a', 'k', '-', 'c', 'z', '.', 'n', 'e', 't', '\0', + /* "vrzl.pro", true */ 'v', 'r', 'z', 'l', '.', 'p', 'r', 'o', '\0', + /* "vsamsonov.com", true */ 'v', 's', 'a', 'm', 's', 'o', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0', + /* "vscale.io", true */ 'v', 's', 'c', 'a', 'l', 'e', '.', 'i', 'o', '\0', + /* "vsean.net", true */ 'v', 's', 'e', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "vserver-preis-vergleich.de", true */ 'v', 's', 'e', 'r', 'v', 'e', 'r', '-', 'p', 'r', 'e', 'i', 's', '-', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "vsesrazu-raiffeisen.ru", true */ 'v', 's', 'e', 's', 'r', 'a', 'z', 'u', '-', 'r', 'a', 'i', 'f', 'f', 'e', 'i', 's', 'e', 'n', '.', 'r', 'u', '\0', + /* "vsl-defi.ch", true */ 'v', 's', 'l', '-', 'd', 'e', 'f', 'i', '.', 'c', 'h', '\0', + /* "vssnederland.nl", true */ 'v', 's', 's', 'n', 'e', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "vstehn.ru", true */ 'v', 's', 't', 'e', 'h', 'n', '.', 'r', 'u', '\0', + /* "vsund.de", true */ 'v', 's', 'u', 'n', 'd', '.', 'd', 'e', '\0', + /* "vsx.ch", true */ 'v', 's', 'x', '.', 'c', 'h', '\0', + /* "vuakhuyenmai.vn", true */ 'v', 'u', 'a', 'k', 'h', 'u', 'y', 'e', 'n', 'm', 'a', 'i', '.', 'v', 'n', '\0', + /* "vubey.yt", true */ 'v', 'u', 'b', 'e', 'y', '.', 'y', 't', '\0', + /* "vuljespaarpot.nl", true */ 'v', 'u', 'l', 'j', 'e', 's', 'p', 'a', 'a', 'r', 'p', 'o', 't', '.', 'n', 'l', '\0', + /* "vulnerability.ch", true */ 'v', 'u', 'l', 'n', 'e', 'r', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'h', '\0', + /* "vulners.com", true */ 'v', 'u', 'l', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "vulnscan.org", true */ 'v', 'u', 'l', 'n', 's', 'c', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "vulpine.club", true */ 'v', 'u', 'l', 'p', 'i', 'n', 'e', '.', 'c', 'l', 'u', 'b', '\0', + /* "vumetric.com", true */ 'v', 'u', 'm', 'e', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "vuojolahti.fi", true */ 'v', 'u', 'o', 'j', 'o', 'l', 'a', 'h', 't', 'i', '.', 'f', 'i', '\0', + /* "vuosaarenmontessoritalo.fi", true */ 'v', 'u', 'o', 's', 'a', 'a', 'r', 'e', 'n', 'm', 'o', 'n', 't', 'e', 's', 's', 'o', 'r', 'i', 't', 'a', 'l', 'o', '.', 'f', 'i', '\0', + /* "vuvanhon.com", true */ 'v', 'u', 'v', 'a', 'n', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "vux.li", true */ 'v', 'u', 'x', '.', 'l', 'i', '\0', + /* "vuzi.fr", true */ 'v', 'u', 'z', 'i', '.', 'f', 'r', '\0', + /* "vvdbronckhorst.nl", true */ 'v', 'v', 'd', 'b', 'r', 'o', 'n', 'c', 'k', 'h', 'o', 'r', 's', 't', '.', 'n', 'l', '\0', + /* "vw-touranclub.cz", true */ 'v', 'w', '-', 't', 'o', 'u', 'r', 'a', 'n', 'c', 'l', 'u', 'b', '.', 'c', 'z', '\0', + /* "vwbusje.com", true */ 'v', 'w', 'b', 'u', 's', 'j', 'e', '.', 'c', 'o', 'm', '\0', + /* "vwittich.de", true */ 'v', 'w', 'i', 't', 't', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "vwoforangeparts.com", true */ 'v', 'w', 'o', 'f', 'o', 'r', 'a', 'n', 'g', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "vwsoft.de", true */ 'v', 'w', 's', 'o', 'f', 't', '.', 'd', 'e', '\0', + /* "vww-8522.com", true */ 'v', 'w', 'w', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "vxst.org", true */ 'v', 'x', 's', 't', '.', 'o', 'r', 'g', '\0', + /* "vybeministry.org", true */ 'v', 'y', 'b', 'e', 'm', 'i', 'n', 'i', 's', 't', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "vyber-odhadce.cz", true */ 'v', 'y', 'b', 'e', 'r', '-', 'o', 'd', 'h', 'a', 'd', 'c', 'e', '.', 'c', 'z', '\0', + /* "vyberodhadce.cz", true */ 'v', 'y', 'b', 'e', 'r', 'o', 'd', 'h', 'a', 'd', 'c', 'e', '.', 'c', 'z', '\0', + /* "vyplnto.cz", true */ 'v', 'y', 'p', 'l', 'n', 't', 'o', '.', 'c', 'z', '\0', + /* "vyshivanochka.in.ua", true */ 'v', 'y', 's', 'h', 'i', 'v', 'a', 'n', 'o', 'c', 'h', 'k', 'a', '.', 'i', 'n', '.', 'u', 'a', '\0', + /* "vysko.cz", true */ 'v', 'y', 's', 'k', 'o', '.', 'c', 'z', '\0', + /* "vyskocil.eu", true */ 'v', 'y', 's', 'k', 'o', 'c', 'i', 'l', '.', 'e', 'u', '\0', + /* "vyvygen.org", true */ 'v', 'y', 'v', 'y', 'g', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "vyzner.cz", true */ 'v', 'y', 'z', 'n', 'e', 'r', '.', 'c', 'z', '\0', + /* "vzis.org", true */ 'v', 'z', 'i', 's', '.', 'o', 'r', 'g', '\0', + /* "vztekloun.cz", true */ 'v', 'z', 't', 'e', 'k', 'l', 'o', 'u', 'n', '.', 'c', 'z', '\0', + /* "w-p-k.de", true */ 'w', '-', 'p', '-', 'k', '.', 'd', 'e', '\0', + /* "w-spotlight.appspot.com", true */ 'w', '-', 's', 'p', 'o', 't', 'l', 'i', 'g', 'h', 't', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "w-w-auto.de", true */ 'w', '-', 'w', '-', 'a', 'u', 't', 'o', '.', 'd', 'e', '\0', + /* "w.wiki", true */ 'w', '.', 'w', 'i', 'k', 'i', '\0', + /* "w10club.com", true */ 'w', '1', '0', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "w3ctag.org", true */ 'w', '3', 'c', 't', 'a', 'g', '.', 'o', 'r', 'g', '\0', + /* "w3n.org", true */ 'w', '3', 'n', '.', 'o', 'r', 'g', '\0', + /* "w4.no", true */ 'w', '4', '.', 'n', 'o', '\0', + /* "w4b.in", true */ 'w', '4', 'b', '.', 'i', 'n', '\0', + /* "w4eg.de", true */ 'w', '4', 'e', 'g', '.', 'd', 'e', '\0', + /* "w5gfe.org", true */ 'w', '5', 'g', 'f', 'e', '.', 'o', 'r', 'g', '\0', + /* "w7k.de", true */ 'w', '7', 'k', '.', 'd', 'e', '\0', + /* "w9rld.com", true */ 'w', '9', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "wa-stromerzeuger.de", true */ 'w', 'a', '-', 's', 't', 'r', 'o', 'm', 'e', 'r', 'z', 'e', 'u', 'g', 'e', 'r', '.', 'd', 'e', '\0', + /* "waaw.tv", true */ 'w', 'a', 'a', 'w', '.', 't', 'v', '\0', + /* "wabatam.com", true */ 'w', 'a', 'b', 'a', 't', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "wachter.biz", true */ 'w', 'a', 'c', 'h', 't', 'e', 'r', '.', 'b', 'i', 'z', '\0', + /* "wacky.one", true */ 'w', 'a', 'c', 'k', 'y', '.', 'o', 'n', 'e', '\0', + /* "wadidi.com", true */ 'w', 'a', 'd', 'i', 'd', 'i', '.', 'c', 'o', 'm', '\0', + /* "wadsworth.gallery", true */ 'w', 'a', 'd', 's', 'w', 'o', 'r', 't', 'h', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0', + /* "wadvisor.com", true */ 'w', 'a', 'd', 'v', 'i', 's', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "waelisch.de", true */ 'w', 'a', 'e', 'l', 'i', 's', 'c', 'h', '.', 'd', 'e', '\0', + /* "waelti.xxx", true */ 'w', 'a', 'e', 'l', 't', 'i', '.', 'x', 'x', 'x', '\0', + /* "waf.ninja", true */ 'w', 'a', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "wafa4hw.com", true */ 'w', 'a', 'f', 'a', '4', 'h', 'w', '.', 'c', 'o', 'm', '\0', + /* "wafairhaven.com.au", true */ 'w', 'a', 'f', 'a', 'i', 'r', 'h', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "waffle.at", true */ 'w', 'a', 'f', 'f', 'l', 'e', '.', 'a', 't', '\0', + /* "wafni.com", true */ 'w', 'a', 'f', 'n', 'i', '.', 'c', 'o', 'm', '\0', + /* "wahidhasan.com", true */ 'w', 'a', 'h', 'i', 'd', 'h', 'a', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "wahlman.org", true */ 'w', 'a', 'h', 'l', 'm', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "wahrnehmungswelt.de", true */ 'w', 'a', 'h', 'r', 'n', 'e', 'h', 'm', 'u', 'n', 'g', 's', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0', + /* "wahrnehmungswelten.de", true */ 'w', 'a', 'h', 'r', 'n', 'e', 'h', 'm', 'u', 'n', 'g', 's', 'w', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "wai-in.com", true */ 'w', 'a', 'i', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "waigel.org", true */ 'w', 'a', 'i', 'g', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "wail.net", true */ 'w', 'a', 'i', 'l', '.', 'n', 'e', 't', '\0', + /* "wait.jp", true */ 'w', 'a', 'i', 't', '.', 'j', 'p', '\0', + /* "waiterwheels.com", true */ 'w', 'a', 'i', 't', 'e', 'r', 'w', 'h', 'e', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "waits.io", true */ 'w', 'a', 'i', 't', 's', '.', 'i', 'o', '\0', + /* "waixingrenfuli.vip", true */ 'w', 'a', 'i', 'x', 'i', 'n', 'g', 'r', 'e', 'n', 'f', 'u', 'l', 'i', '.', 'v', 'i', 'p', '\0', + /* "wak.io", true */ 'w', 'a', 'k', '.', 'i', 'o', '\0', + /* "waka-mono.com", true */ 'w', 'a', 'k', 'a', '-', 'm', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "waka88.com", true */ 'w', 'a', 'k', 'a', '8', '8', '.', 'c', 'o', 'm', '\0', + /* "wakamiyasumiyosi.com", true */ 'w', 'a', 'k', 'a', 'm', 'i', 'y', 'a', 's', 'u', 'm', 'i', 'y', 'o', 's', 'i', '.', 'c', 'o', 'm', '\0', + /* "wakatime.com", true */ 'w', 'a', 'k', 'a', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "walk.onl", true */ 'w', 'a', 'l', 'k', '.', 'o', 'n', 'l', '\0', + /* "walkhighlandsandislands.com", true */ 'w', 'a', 'l', 'k', 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', 's', 'a', 'n', 'd', 'i', 's', 'l', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "walkingforhealth.org.uk", true */ 'w', 'a', 'l', 'k', 'i', 'n', 'g', 'f', 'o', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "walksedona.com", true */ 'w', 'a', 'l', 'k', 's', 'e', 'd', 'o', 'n', 'a', '.', 'c', 'o', 'm', '\0', + /* "wallabies.org", true */ 'w', 'a', 'l', 'l', 'a', 'b', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "wallace-group.net", true */ 'w', 'a', 'l', 'l', 'a', 'c', 'e', '-', 'g', 'r', 'o', 'u', 'p', '.', 'n', 'e', 't', '\0', + /* "wallet.google.com", true */ 'w', 'a', 'l', 'l', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "wallet.pp.ua", true */ 'w', 'a', 'l', 'l', 'e', 't', '.', 'p', 'p', '.', 'u', 'a', '\0', + /* "wallethub.com", false */ 'w', 'a', 'l', 'l', 'e', 't', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "walletnames.com", true */ 'w', 'a', 'l', 'l', 'e', 't', 'n', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "wallingford.cc", true */ 'w', 'a', 'l', 'l', 'i', 'n', 'g', 'f', 'o', 'r', 'd', '.', 'c', 'c', '\0', + /* "wallpaperup.com", true */ 'w', 'a', 'l', 'l', 'p', 'a', 'p', 'e', 'r', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "walls.de", true */ 'w', 'a', 'l', 'l', 's', '.', 'd', 'e', '\0', + /* "walls.io", true */ 'w', 'a', 'l', 'l', 's', '.', 'i', 'o', '\0', + /* "wallysmasterblaster.com.au", true */ 'w', 'a', 'l', 'l', 'y', 's', 'm', 'a', 's', 't', 'e', 'r', 'b', 'l', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "walnutgaming.com", true */ 'w', 'a', 'l', 'n', 'u', 't', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "walnutis.net", true */ 'w', 'a', 'l', 'n', 'u', 't', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "walravensax.nl", true */ 'w', 'a', 'l', 'r', 'a', 'v', 'e', 'n', 's', 'a', 'x', '.', 'n', 'l', '\0', + /* "walruses.org", true */ 'w', 'a', 'l', 'r', 'u', 's', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "waltellis.com", true */ 'w', 'a', 'l', 't', 'e', 'l', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "wan.pp.ua", false */ 'w', 'a', 'n', '.', 'p', 'p', '.', 'u', 'a', '\0', + /* "wander.al", true */ 'w', 'a', 'n', 'd', 'e', 'r', '.', 'a', 'l', '\0', + /* "wandercue.com", true */ 'w', 'a', 'n', 'd', 'e', 'r', 'c', 'u', 'e', '.', 'c', 'o', 'm', '\0', + /* "wandervoll.ch", true */ 'w', 'a', 'n', 'd', 'e', 'r', 'v', 'o', 'l', 'l', '.', 'c', 'h', '\0', + /* "wane.co", true */ 'w', 'a', 'n', 'e', '.', 'c', 'o', '\0', + /* "wangjiatun.com.tw", true */ 'w', 'a', 'n', 'g', 'j', 'i', 'a', 't', 'u', 'n', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "wangqiliang.com", true */ 'w', 'a', 'n', 'g', 'q', 'i', 'l', 'i', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "wangql.cn", true */ 'w', 'a', 'n', 'g', 'q', 'l', '.', 'c', 'n', '\0', + /* "wangql.net", true */ 'w', 'a', 'n', 'g', 'q', 'l', '.', 'n', 'e', 't', '\0', + /* "wangqr.tk", true */ 'w', 'a', 'n', 'g', 'q', 'r', '.', 't', 'k', '\0', + /* "wangyue.blog", true */ 'w', 'a', 'n', 'g', 'y', 'u', 'e', '.', 'b', 'l', 'o', 'g', '\0', + /* "wantshow.com.br", true */ 'w', 'a', 'n', 't', 's', 'h', 'o', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "wanybug.cn", true */ 'w', 'a', 'n', 'y', 'b', 'u', 'g', '.', 'c', 'n', '\0', + /* "waonui.io", true */ 'w', 'a', 'o', 'n', 'u', 'i', '.', 'i', 'o', '\0', + /* "wapking.live", true */ 'w', 'a', 'p', 'k', 'i', 'n', 'g', '.', 'l', 'i', 'v', 'e', '\0', + /* "wardow.com", true */ 'w', 'a', 'r', 'd', 'o', 'w', '.', 'c', 'o', 'm', '\0', + /* "warebouncycastles.co.uk", true */ 'w', 'a', 'r', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "warekon.com", true */ 'w', 'a', 'r', 'e', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "warekon.dk", true */ 'w', 'a', 'r', 'e', 'k', 'o', 'n', '.', 'd', 'k', '\0', + /* "warenits.at", true */ 'w', 'a', 'r', 'e', 'n', 'i', 't', 's', '.', 'a', 't', '\0', + /* "warezaddict.com", true */ 'w', 'a', 'r', 'e', 'z', 'a', 'd', 'd', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "wargameexclusive.com", true */ 'w', 'a', 'r', 'g', 'a', 'm', 'e', 'e', 'x', 'c', 'l', 'u', 's', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "warhaggis.com", true */ 'w', 'a', 'r', 'h', 'a', 'g', 'g', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "warmestwishes.ca", true */ 'w', 'a', 'r', 'm', 'e', 's', 't', 'w', 'i', 's', 'h', 'e', 's', '.', 'c', 'a', '\0', + /* "warmlyyours.com", false */ 'w', 'a', 'r', 'm', 'l', 'y', 'y', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "warmservers.com", true */ 'w', 'a', 'r', 'm', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "warr.ath.cx", true */ 'w', 'a', 'r', 'r', '.', 'a', 't', 'h', '.', 'c', 'x', '\0', + /* "warringtonkidsbouncycastles.co.uk", true */ 'w', 'a', 'r', 'r', 'i', 'n', 'g', 't', 'o', 'n', 'k', 'i', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "warschild.org", true */ 'w', 'a', 'r', 's', 'c', 'h', 'i', 'l', 'd', '.', 'o', 'r', 'g', '\0', + /* "wartorngalaxy.com", true */ 'w', 'a', 'r', 't', 'o', 'r', 'n', 'g', 'a', 'l', 'a', 'x', 'y', '.', 'c', 'o', 'm', '\0', + /* "wasatchconstables.com", true */ 'w', 'a', 's', 'a', 't', 'c', 'h', 'c', 'o', 'n', 's', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "waschpark-hantschel.de", true */ 'w', 'a', 's', 'c', 'h', 'p', 'a', 'r', 'k', '-', 'h', 'a', 'n', 't', 's', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0', + /* "wasema.com", true */ 'w', 'a', 's', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "wasfestes.de", true */ 'w', 'a', 's', 'f', 'e', 's', 't', 'e', 's', '.', 'd', 'e', '\0', + /* "washingtonregisteredagent.io", true */ 'w', 'a', 's', 'h', 'i', 'n', 'g', 't', 'o', 'n', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'e', 'd', 'a', 'g', 'e', 'n', 't', '.', 'i', 'o', '\0', + /* "washingtonviews.com", true */ 'w', 'a', 's', 'h', 'i', 'n', 'g', 't', 'o', 'n', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "wasi-net.de", true */ 'w', 'a', 's', 'i', '-', 'n', 'e', 't', '.', 'd', 'e', '\0', + /* "wasielewski.com.de", true */ 'w', 'a', 's', 'i', 'e', 'l', 'e', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '.', 'd', 'e', '\0', + /* "wasil.org", true */ 'w', 'a', 's', 'i', 'l', '.', 'o', 'r', 'g', '\0', + /* "waslh.com", true */ 'w', 'a', 's', 'l', 'h', '.', 'c', 'o', 'm', '\0', + /* "wasserspucker.de", true */ 'w', 'a', 's', 's', 'e', 'r', 's', 'p', 'u', 'c', 'k', 'e', 'r', '.', 'd', 'e', '\0', + /* "wassibauer.com", true */ 'w', 'a', 's', 's', 'i', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "wassim.is", true */ 'w', 'a', 's', 's', 'i', 'm', '.', 'i', 's', '\0', + /* "wastrel.ch", true */ 'w', 'a', 's', 't', 'r', 'e', 'l', '.', 'c', 'h', '\0', + /* "watashi.bid", true */ 'w', 'a', 't', 'a', 's', 'h', 'i', '.', 'b', 'i', 'd', '\0', + /* "watch-wiki.org", true */ 'w', 'a', 't', 'c', 'h', '-', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0', + /* "watchface.watch", true */ 'w', 'a', 't', 'c', 'h', 'f', 'a', 'c', 'e', '.', 'w', 'a', 't', 'c', 'h', '\0', + /* "watchfreeonline.co.uk", true */ 'w', 'a', 't', 'c', 'h', 'f', 'r', 'e', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "watchinventory.com", true */ 'w', 'a', 't', 'c', 'h', 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "watchparts-and-tools-okayama.co.jp", true */ 'w', 'a', 't', 'c', 'h', 'p', 'a', 'r', 't', 's', '-', 'a', 'n', 'd', '-', 't', 'o', 'o', 'l', 's', '-', 'o', 'k', 'a', 'y', 'a', 'm', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "watchstyle.com", true */ 'w', 'a', 't', 'c', 'h', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "watchtv-online.pw", true */ 'w', 'a', 't', 'c', 'h', 't', 'v', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'w', '\0', + /* "waterfedpole.com", true */ 'w', 'a', 't', 'e', 'r', 'f', 'e', 'd', 'p', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "waterleeftinbeek.nl", true */ 'w', 'a', 't', 'e', 'r', 'l', 'e', 'e', 'f', 't', 'i', 'n', 'b', 'e', 'e', 'k', '.', 'n', 'l', '\0', + /* "watermonitor.gov", true */ 'w', 'a', 't', 'e', 'r', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'g', 'o', 'v', '\0', + /* "watersb.org", true */ 'w', 'a', 't', 'e', 'r', 's', 'b', '.', 'o', 'r', 'g', '\0', + /* "waterschaplimburg.nl", true */ 'w', 'a', 't', 'e', 'r', 's', 'c', 'h', 'a', 'p', 'l', 'i', 'm', 'b', 'u', 'r', 'g', '.', 'n', 'l', '\0', + /* "watertrails.io", true */ 'w', 'a', 't', 'e', 'r', 't', 'r', 'a', 'i', 'l', 's', '.', 'i', 'o', '\0', + /* "waterworkscondos.com", true */ 'w', 'a', 't', 'e', 'r', 'w', 'o', 'r', 'k', 's', 'c', 'o', 'n', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "watsonwork.me", true */ 'w', 'a', 't', 's', 'o', 'n', 'w', 'o', 'r', 'k', '.', 'm', 'e', '\0', + /* "wattechweb.com", true */ 'w', 'a', 't', 't', 'e', 'c', 'h', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "wave-ola.es", true */ 'w', 'a', 'v', 'e', '-', 'o', 'l', 'a', '.', 'e', 's', '\0', + /* "wavesoftime.com", true */ 'w', 'a', 'v', 'e', 's', 'o', 'f', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "waveum.com", true */ 'w', 'a', 'v', 'e', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "wawak.pl", true */ 'w', 'a', 'w', 'a', 'k', '.', 'p', 'l', '\0', + /* "waylaydesign.com", true */ 'w', 'a', 'y', 'l', 'a', 'y', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0', + /* "wayne.cloud", false */ 'w', 'a', 'y', 'n', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "wayohoo.com", true */ 'w', 'a', 'y', 'o', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "wayohoo.net", true */ 'w', 'a', 'y', 'o', 'h', 'o', 'o', '.', 'n', 'e', 't', '\0', + /* "waytt.cf", true */ 'w', 'a', 'y', 't', 't', '.', 'c', 'f', '\0', + /* "waze.com", true */ 'w', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0', + /* "wbci.us", true */ 'w', 'b', 'c', 'i', '.', 'u', 's', '\0', + /* "wbg-vs.de", true */ 'w', 'b', 'g', '-', 'v', 's', '.', 'd', 'e', '\0', + /* "wbit.co.il", true */ 'w', 'b', 'i', 't', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "wbt-solutions.ch", true */ 'w', 'b', 't', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'h', '\0', + /* "wbt-solutions.net", true */ 'w', 'b', 't', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "wbuntu.com", true */ 'w', 'b', 'u', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0', + /* "wbvb.nl", true */ 'w', 'b', 'v', 'b', '.', 'n', 'l', '\0', + /* "wbx.support", true */ 'w', 'b', 'x', '.', 's', 'u', 'p', 'p', 'o', 'r', 't', '\0', + /* "wcbook.ru", true */ 'w', 'c', 'b', 'o', 'o', 'k', '.', 'r', 'u', '\0', + /* "wcn.life", true */ 'w', 'c', 'n', '.', 'l', 'i', 'f', 'e', '\0', + /* "wd627.com", true */ 'w', 'd', '6', '2', '7', '.', 'c', 'o', 'm', '\0', + /* "wd976.com", true */ 'w', 'd', '9', '7', '6', '.', 'c', 'o', 'm', '\0', + /* "wdbflowersevents.co.uk", true */ 'w', 'd', 'b', 'f', 'l', 'o', 'w', 'e', 'r', 's', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wdbgroup.co.uk", true */ 'w', 'd', 'b', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wdesk.com", true */ 'w', 'd', 'e', 's', 'k', '.', 'c', 'o', 'm', '\0', + /* "wdmg.com.ua", true */ 'w', 'd', 'm', 'g', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0', + /* "wdodelta.nl", true */ 'w', 'd', 'o', 'd', 'e', 'l', 't', 'a', '.', 'n', 'l', '\0', + /* "wdrl.info", true */ 'w', 'd', 'r', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "wdt.cz", false */ 'w', 'd', 't', '.', 'c', 'z', '\0', + /* "wdt.io", true */ 'w', 'd', 't', '.', 'i', 'o', '\0', + /* "we-bb.com", true */ 'w', 'e', '-', 'b', 'b', '.', 'c', 'o', 'm', '\0', + /* "we-run-linux.de", true */ 'w', 'e', '-', 'r', 'u', 'n', '-', 'l', 'i', 'n', 'u', 'x', '.', 'd', 'e', '\0', + /* "we-use-linux.de", true */ 'w', 'e', '-', 'u', 's', 'e', '-', 'l', 'i', 'n', 'u', 'x', '.', 'd', 'e', '\0', + /* "weacceptbitcoin.gr", true */ 'w', 'e', 'a', 'c', 'c', 'e', 'p', 't', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'g', 'r', '\0', + /* "wealthcentral.com.au", true */ 'w', 'e', 'a', 'l', 't', 'h', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "wealthfactory.com", false */ 'w', 'e', 'a', 'l', 't', 'h', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "wealthprojector.com", true */ 'w', 'e', 'a', 'l', 't', 'h', 'p', 'r', 'o', 'j', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "wealthprojector.com.au", true */ 'w', 'e', 'a', 'l', 't', 'h', 'p', 'r', 'o', 'j', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "wealthreport.com.au", true */ 'w', 'e', 'a', 'l', 't', 'h', 'r', 'e', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "wearandcare.net", true */ 'w', 'e', 'a', 'r', 'a', 'n', 'd', 'c', 'a', 'r', 'e', '.', 'n', 'e', 't', '\0', + /* "weare1inspirit.com", true */ 'w', 'e', 'a', 'r', 'e', '1', 'i', 'n', 's', 'p', 'i', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "wearedisneyland.com", true */ 'w', 'e', 'a', 'r', 'e', 'd', 'i', 's', 'n', 'e', 'y', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "wearegenki.com", true */ 'w', 'e', 'a', 'r', 'e', 'g', 'e', 'n', 'k', 'i', '.', 'c', 'o', 'm', '\0', + /* "wearepapermill.co", true */ 'w', 'e', 'a', 'r', 'e', 'p', 'a', 'p', 'e', 'r', 'm', 'i', 'l', 'l', '.', 'c', 'o', '\0', + /* "wearesouthafricans.com", true */ 'w', 'e', 'a', 'r', 'e', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "wearewithyou.org", true */ 'w', 'e', 'a', 'r', 'e', 'w', 'i', 't', 'h', 'y', 'o', 'u', '.', 'o', 'r', 'g', '\0', + /* "wearvr.com", true */ 'w', 'e', 'a', 'r', 'v', 'r', '.', 'c', 'o', 'm', '\0', + /* "weather-and-climate.com", false */ 'w', 'e', 'a', 't', 'h', 'e', 'r', '-', 'a', 'n', 'd', '-', 'c', 'l', 'i', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "weathermyway.rocks", true */ 'w', 'e', 'a', 't', 'h', 'e', 'r', 'm', 'y', 'w', 'a', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "web-adminy.co.uk", true */ 'w', 'e', 'b', '-', 'a', 'd', 'm', 'i', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "web-advisor.co.uk", true */ 'w', 'e', 'b', '-', 'a', 'd', 'v', 'i', 's', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "web-design.co.il", true */ 'w', 'e', 'b', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "web-hotel.gr", true */ 'w', 'e', 'b', '-', 'h', 'o', 't', 'e', 'l', '.', 'g', 'r', '\0', + /* "web-kouza.com", true */ 'w', 'e', 'b', '-', 'k', 'o', 'u', 'z', 'a', '.', 'c', 'o', 'm', '\0', + /* "web-mail.info", true */ 'w', 'e', 'b', '-', 'm', 'a', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "web-redacteuren.nl", true */ 'w', 'e', 'b', '-', 'r', 'e', 'd', 'a', 'c', 't', 'e', 'u', 'r', 'e', 'n', '.', 'n', 'l', '\0', + /* "web-wave.jp", true */ 'w', 'e', 'b', '-', 'w', 'a', 'v', 'e', '.', 'j', 'p', '\0', + /* "web.bzh", true */ 'w', 'e', 'b', '.', 'b', 'z', 'h', '\0', + /* "web.cc", false */ 'w', 'e', 'b', '.', 'c', 'c', '\0', + /* "web.de", true */ 'w', 'e', 'b', '.', 'd', 'e', '\0', + /* "web2033.com", true */ 'w', 'e', 'b', '2', '0', '3', '3', '.', 'c', 'o', 'm', '\0', + /* "web2ldap.de", true */ 'w', 'e', 'b', '2', 'l', 'd', 'a', 'p', '.', 'd', 'e', '\0', + /* "web2screen.tv", true */ 'w', 'e', 'b', '2', 's', 'c', 'r', 'e', 'e', 'n', '.', 't', 'v', '\0', + /* "web404.net", true */ 'w', 'e', 'b', '4', '0', '4', '.', 'n', 'e', 't', '\0', + /* "webaeon.org", true */ 'w', 'e', 'b', 'a', 'e', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "webaholic.co.in", true */ 'w', 'e', 'b', 'a', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'o', '.', 'i', 'n', '\0', + /* "webais.ru", true */ 'w', 'e', 'b', 'a', 'i', 's', '.', 'r', 'u', '\0', + /* "webambacht.nl", true */ 'w', 'e', 'b', 'a', 'm', 'b', 'a', 'c', 'h', 't', '.', 'n', 'l', '\0', + /* "webandmore.de", false */ 'w', 'e', 'b', 'a', 'n', 'd', 'm', 'o', 'r', 'e', '.', 'd', 'e', '\0', + /* "webapky.cz", true */ 'w', 'e', 'b', 'a', 'p', 'k', 'y', '.', 'c', 'z', '\0', + /* "webappky.cz", true */ 'w', 'e', 'b', 'a', 'p', 'p', 'k', 'y', '.', 'c', 'z', '\0', + /* "webartex.ru", true */ 'w', 'e', 'b', 'a', 'r', 't', 'e', 'x', '.', 'r', 'u', '\0', + /* "webbhuset.se", false */ 'w', 'e', 'b', 'b', 'h', 'u', 's', 'e', 't', '.', 's', 'e', '\0', + /* "webbiz.co.uk", true */ 'w', 'e', 'b', 'b', 'i', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "webbuzz.com.au", true */ 'w', 'e', 'b', 'b', 'u', 'z', 'z', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "webcamtoy.com", true */ 'w', 'e', 'b', 'c', 'a', 'm', 't', 'o', 'y', '.', 'c', 'o', 'm', '\0', + /* "webcatchers.nl", true */ 'w', 'e', 'b', 'c', 'a', 't', 'c', 'h', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "webclimbers.ch", true */ 'w', 'e', 'b', 'c', 'l', 'i', 'm', 'b', 'e', 'r', 's', '.', 'c', 'h', '\0', + /* "webcollect.org.uk", true */ 'w', 'e', 'b', 'c', 'o', 'l', 'l', 'e', 'c', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "webcontentspinning.com", true */ 'w', 'e', 'b', 'c', 'o', 'n', 't', 'e', 'n', 't', 's', 'p', 'i', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "webcookies.org", true */ 'w', 'e', 'b', 'c', 'o', 'o', 'k', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0', + /* "webcrm.com", true */ 'w', 'e', 'b', 'c', 'r', 'm', '.', 'c', 'o', 'm', '\0', + /* "webdesign-st.de", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '-', 's', 't', '.', 'd', 'e', '\0', + /* "webdesigneauclaire.com", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'a', 'u', 'c', 'l', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "webdesignerinwarwickshire.co.uk", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', 'i', 'n', 'w', 'a', 'r', 'w', 'i', 'c', 'k', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "webdesignplay.com", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "webdesignplayground.io", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'p', 'l', 'a', 'y', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'i', 'o', '\0', + /* "webdesignssussex.co.uk", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', 's', 'u', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "webdev-quiz.de", true */ 'w', 'e', 'b', 'd', 'e', 'v', '-', 'q', 'u', 'i', 'z', '.', 'd', 'e', '\0', + /* "webdevops.io", true */ 'w', 'e', 'b', 'd', 'e', 'v', 'o', 'p', 's', '.', 'i', 'o', '\0', + /* "webdosh.com", true */ 'w', 'e', 'b', 'd', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "webduck.nl", true */ 'w', 'e', 'b', 'd', 'u', 'c', 'k', '.', 'n', 'l', '\0', + /* "webergrillrestaurant.com", true */ 'w', 'e', 'b', 'e', 'r', 'g', 'r', 'i', 'l', 'l', 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "webexp.biz", true */ 'w', 'e', 'b', 'e', 'x', 'p', '.', 'b', 'i', 'z', '\0', + /* "webfilings-eu-mirror.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '-', 'e', 'u', '-', 'm', 'i', 'r', 'r', 'o', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "webfilings-eu.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '-', 'e', 'u', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "webfilings-mirror-hrd.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '-', 'm', 'i', 'r', 'r', 'o', 'r', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "webfilings.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "webfox.com.br", true */ 'w', 'e', 'b', 'f', 'o', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "webgarten.ch", true */ 'w', 'e', 'b', 'g', 'a', 'r', 't', 'e', 'n', '.', 'c', 'h', '\0', + /* "webgears.com", true */ 'w', 'e', 'b', 'g', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "webhelyesarcu.hu", true */ 'w', 'e', 'b', 'h', 'e', 'l', 'y', 'e', 's', 'a', 'r', 'c', 'u', '.', 'h', 'u', '\0', + /* "webhostplan.info", true */ 'w', 'e', 'b', 'h', 'o', 's', 't', 'p', 'l', 'a', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "webinnovation.ie", true */ 'w', 'e', 'b', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'i', 'e', '\0', + /* "webjobposting.com", true */ 'w', 'e', 'b', 'j', 'o', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "webkeks.org", true */ 'w', 'e', 'b', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "weblagring.se", true */ 'w', 'e', 'b', 'l', 'a', 'g', 'r', 'i', 'n', 'g', '.', 's', 'e', '\0', + /* "weblate.org", true */ 'w', 'e', 'b', 'l', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "webless.com", true */ 'w', 'e', 'b', 'l', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "webliberty.ru", true */ 'w', 'e', 'b', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'r', 'u', '\0', + /* "weblogic.pl", true */ 'w', 'e', 'b', 'l', 'o', 'g', 'i', 'c', '.', 'p', 'l', '\0', + /* "weblogzwolle.nl", true */ 'w', 'e', 'b', 'l', 'o', 'g', 'z', 'w', 'o', 'l', 'l', 'e', '.', 'n', 'l', '\0', + /* "webmail.gigahost.dk", false */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'g', 'i', 'g', 'a', 'h', 'o', 's', 't', '.', 'd', 'k', '\0', + /* "webmail.info", true */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0', + /* "webmail.onlime.ch", false */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'o', 'n', 'l', 'i', 'm', 'e', '.', 'c', 'h', '\0', + /* "webmail.schokokeks.org", false */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 's', 'c', 'h', 'o', 'k', 'o', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "webmail.xalqbank.az", true */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'x', 'a', 'l', 'q', 'b', 'a', 'n', 'k', '.', 'a', 'z', '\0', + /* "webmandesign.eu", true */ 'w', 'e', 'b', 'm', 'a', 'n', 'd', 'e', 's', 'i', 'g', 'n', '.', 'e', 'u', '\0', + /* "webmax.com.tr", true */ 'w', 'e', 'b', 'm', 'a', 'x', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "webmedpharmacy.co.uk", true */ 'w', 'e', 'b', 'm', 'e', 'd', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "webmel.com", true */ 'w', 'e', 'b', 'm', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "webmetering.at", true */ 'w', 'e', 'b', 'm', 'e', 't', 'e', 'r', 'i', 'n', 'g', '.', 'a', 't', '\0', + /* "webmotelli.fi", true */ 'w', 'e', 'b', 'm', 'o', 't', 'e', 'l', 'l', 'i', '.', 'f', 'i', '\0', + /* "webnetmail4u.com", true */ 'w', 'e', 'b', 'n', 'e', 't', 'm', 'a', 'i', 'l', '4', 'u', '.', 'c', 'o', 'm', '\0', + /* "webneuch.ch", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'c', 'h', '\0', + /* "webneuch.com", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "webneuch.eu", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'e', 'u', '\0', + /* "webneuch.fr", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'f', 'r', '\0', + /* "webneuch.info", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'i', 'n', 'f', 'o', '\0', + /* "webneuch.swiss", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 's', 'w', 'i', 's', 's', '\0', + /* "webnoob.net", true */ 'w', 'e', 'b', 'n', 'o', 'o', 'b', '.', 'n', 'e', 't', '\0', + /* "webogram.org", false */ 'w', 'e', 'b', 'o', 'g', 'r', 'a', 'm', '.', 'o', 'r', 'g', '\0', + /* "webpostingmart.com", true */ 'w', 'e', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "webpostingpro.com", true */ 'w', 'e', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "webpostingreviews.com", true */ 'w', 'e', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "webproguru.com", true */ 'w', 'e', 'b', 'p', 'r', 'o', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0', + /* "webproxy.pw", true */ 'w', 'e', 'b', 'p', 'r', 'o', 'x', 'y', '.', 'p', 'w', '\0', + /* "webpubsub.com", true */ 'w', 'e', 'b', 'p', 'u', 'b', 's', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "webqueens.com", true */ 'w', 'e', 'b', 'q', 'u', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "webrentcars.com", true */ 'w', 'e', 'b', 'r', 'e', 'n', 't', 'c', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "webreport.fr", true */ 'w', 'e', 'b', 'r', 'e', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0', + /* "webreslist.com", true */ 'w', 'e', 'b', 'r', 'e', 's', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "webs4all.ro", false */ 'w', 'e', 'b', 's', '4', 'a', 'l', 'l', '.', 'r', 'o', '\0', + /* "websectools.com", true */ 'w', 'e', 'b', 's', 'e', 'c', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "websecurity.is", true */ 'w', 'e', 'b', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'i', 's', '\0', + /* "webseitendesigner.com", false */ 'w', 'e', 'b', 's', 'e', 'i', 't', 'e', 'n', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "webseitenserver.com", true */ 'w', 'e', 'b', 's', 'e', 'i', 't', 'e', 'n', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "websenat.de", true */ 'w', 'e', 'b', 's', 'e', 'n', 'a', 't', '.', 'd', 'e', '\0', + /* "websharks.org", true */ 'w', 'e', 'b', 's', 'h', 'a', 'r', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "websiteadvice.com.au", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "websiteforlease.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'f', 'o', 'r', 'l', 'e', 'a', 's', 'e', '.', 'c', 'a', '\0', + /* "websiteout.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'o', 'u', 't', '.', 'c', 'a', '\0', + /* "websiteout.net", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'o', 'u', 't', '.', 'n', 'e', 't', '\0', + /* "websiterent.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'r', 'e', 'n', 't', '.', 'c', 'a', '\0', + /* "websites4business.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '4', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'a', '\0', + /* "websitesdallas.com", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 's', 'd', 'a', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "websiteservice.pro", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'p', 'r', 'o', '\0', + /* "webslake.com", true */ 'w', 'e', 'b', 's', 'l', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "webspiral.jp", true */ 'w', 'e', 'b', 's', 'p', 'i', 'r', 'a', 'l', '.', 'j', 'p', '\0', + /* "webspire.tech", true */ 'w', 'e', 'b', 's', 'p', 'i', 'r', 'e', '.', 't', 'e', 'c', 'h', '\0', + /* "webstore.be", false */ 'w', 'e', 'b', 's', 't', 'o', 'r', 'e', '.', 'b', 'e', '\0', + /* "webstu.be", true */ 'w', 'e', 'b', 's', 't', 'u', '.', 'b', 'e', '\0', + /* "webstudio-n.com", true */ 'w', 'e', 'b', 's', 't', 'u', 'd', 'i', 'o', '-', 'n', '.', 'c', 'o', 'm', '\0', + /* "webstylemedia.com", true */ 'w', 'e', 'b', 's', 't', 'y', 'l', 'e', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "websvetaines.lt", true */ 'w', 'e', 'b', 's', 'v', 'e', 't', 'a', 'i', 'n', 'e', 's', '.', 'l', 't', '\0', + /* "webtalis.nl", true */ 'w', 'e', 'b', 't', 'a', 'l', 'i', 's', '.', 'n', 'l', '\0', + /* "webtasarim.pw", true */ 'w', 'e', 'b', 't', 'a', 's', 'a', 'r', 'i', 'm', '.', 'p', 'w', '\0', + /* "webtek.nu", true */ 'w', 'e', 'b', 't', 'e', 'k', '.', 'n', 'u', '\0', + /* "webtheapp.com", true */ 'w', 'e', 'b', 't', 'h', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "webtobesocial.de", true */ 'w', 'e', 'b', 't', 'o', 'b', 'e', 's', 'o', 'c', 'i', 'a', 'l', '.', 'd', 'e', '\0', + /* "webtorrent.io", true */ 'w', 'e', 'b', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'i', 'o', '\0', + /* "webtrh.cz", true */ 'w', 'e', 'b', 't', 'r', 'h', '.', 'c', 'z', '\0', + /* "webtropia.com", false */ 'w', 'e', 'b', 't', 'r', 'o', 'p', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "webukhost.com", true */ 'w', 'e', 'b', 'u', 'k', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "webwinkelwestland.nl", true */ 'w', 'e', 'b', 'w', 'i', 'n', 'k', 'e', 'l', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "webwit.nl", true */ 'w', 'e', 'b', 'w', 'i', 't', '.', 'n', 'l', '\0', + /* "webwolf.co.za", true */ 'w', 'e', 'b', 'w', 'o', 'l', 'f', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "webyazilimankara.com", true */ 'w', 'e', 'b', 'y', 'a', 'z', 'i', 'l', 'i', 'm', 'a', 'n', 'k', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "webzanem.com", true */ 'w', 'e', 'b', 'z', 'a', 'n', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "wecleanbins.com", true */ 'w', 'e', 'c', 'l', 'e', 'a', 'n', 'b', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "wecobble.com", true */ 'w', 'e', 'c', 'o', 'b', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "wedding-m.jp", true */ 'w', 'e', 'd', 'd', 'i', 'n', 'g', '-', 'm', '.', 'j', 'p', '\0', + /* "weddingfantasy.ru", true */ 'w', 'e', 'd', 'd', 'i', 'n', 'g', 'f', 'a', 'n', 't', 'a', 's', 'y', '.', 'r', 'u', '\0', + /* "weddingsbynoon.co.uk", true */ 'w', 'e', 'd', 'd', 'i', 'n', 'g', 's', 'b', 'y', 'n', 'o', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "weddywood.ru", true */ 'w', 'e', 'd', 'd', 'y', 'w', 'o', 'o', 'd', '.', 'r', 'u', '\0', + /* "wedos.com", true */ 'w', 'e', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "weeblr.com", true */ 'w', 'e', 'e', 'b', 'l', 'r', '.', 'c', 'o', 'm', '\0', + /* "weeblrpress.com", true */ 'w', 'e', 'e', 'b', 'l', 'r', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "weedypedia.de", true */ 'w', 'e', 'e', 'd', 'y', 'p', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0', + /* "week.report", true */ 'w', 'e', 'e', 'k', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0', + /* "weekdone.com", true */ 'w', 'e', 'e', 'k', 'd', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "weekly-residence.com", true */ 'w', 'e', 'e', 'k', 'l', 'y', '-', 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "weeknummers.be", true */ 'w', 'e', 'e', 'k', 'n', 'u', 'm', 'm', 'e', 'r', 's', '.', 'b', 'e', '\0', + /* "weeknummers.nl", true */ 'w', 'e', 'e', 'k', 'n', 'u', 'm', 'm', 'e', 'r', 's', '.', 'n', 'l', '\0', + /* "weemake.fr", true */ 'w', 'e', 'e', 'm', 'a', 'k', 'e', '.', 'f', 'r', '\0', + /* "weemakers.fr", true */ 'w', 'e', 'e', 'm', 'a', 'k', 'e', 'r', 's', '.', 'f', 'r', '\0', + /* "weepycat.com", true */ 'w', 'e', 'e', 'p', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "weerda.fr", true */ 'w', 'e', 'e', 'r', 'd', 'a', '.', 'f', 'r', '\0', + /* "weerstationgiethoorn.nl", true */ 'w', 'e', 'e', 'r', 's', 't', 'a', 't', 'i', 'o', 'n', 'g', 'i', 'e', 't', 'h', 'o', 'o', 'r', 'n', '.', 'n', 'l', '\0', + /* "weerstatistieken.nl", true */ 'w', 'e', 'e', 'r', 's', 't', 'a', 't', 'i', 's', 't', 'i', 'e', 'k', 'e', 'n', '.', 'n', 'l', '\0', + /* "wefinanceinc.com", true */ 'w', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "wefitboilers.com", true */ 'w', 'e', 'f', 'i', 't', 'b', 'o', 'i', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "weggeweest.nl", true */ 'w', 'e', 'g', 'g', 'e', 'w', 'e', 'e', 's', 't', '.', 'n', 'l', '\0', + /* "wegner.no", true */ 'w', 'e', 'g', 'n', 'e', 'r', '.', 'n', 'o', '\0', + /* "wegotcookies.com", true */ 'w', 'e', 'g', 'o', 't', 'c', 'o', 'o', 'k', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "wegvielfalt.de", true */ 'w', 'e', 'g', 'v', 'i', 'e', 'l', 'f', 'a', 'l', 't', '.', 'd', 'e', '\0', + /* "wehostdnn.com", true */ 'w', 'e', 'h', 'o', 's', 't', 'd', 'n', 'n', '.', 'c', 'o', 'm', '\0', + /* "weibomiaopai.com", true */ 'w', 'e', 'i', 'b', 'o', 'm', 'i', 'a', 'o', 'p', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "weicn.org", true */ 'w', 'e', 'i', 'c', 'n', '.', 'o', 'r', 'g', '\0', + /* "weideheuvel.org", true */ 'w', 'e', 'i', 'd', 'e', 'h', 'e', 'u', 'v', 'e', 'l', '.', 'o', 'r', 'g', '\0', + /* "weidmannfibertechnology.com", true */ 'w', 'e', 'i', 'd', 'm', 'a', 'n', 'n', 'f', 'i', 'b', 'e', 'r', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0', + /* "weigelia.nl", true */ 'w', 'e', 'i', 'g', 'e', 'l', 'i', 'a', '.', 'n', 'l', '\0', + /* "weightreviews.com", true */ 'w', 'e', 'i', 'g', 'h', 't', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "weils.net", true */ 'w', 'e', 'i', 'l', 's', '.', 'n', 'e', 't', '\0', + /* "weimaraner.com.br", true */ 'w', 'e', 'i', 'm', 'a', 'r', 'a', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "weimz.com", true */ 'w', 'e', 'i', 'm', 'z', '.', 'c', 'o', 'm', '\0', + /* "wein.cc", true */ 'w', 'e', 'i', 'n', '.', 'c', 'c', '\0', + /* "wein.co.kr", true */ 'w', 'e', 'i', 'n', '.', 'c', 'o', '.', 'k', 'r', '\0', + /* "weinbergerlawgroup.com", true */ 'w', 'e', 'i', 'n', 'b', 'e', 'r', 'g', 'e', 'r', 'l', 'a', 'w', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0', + /* "weinhandel-preissler.de", true */ 'w', 'e', 'i', 'n', 'h', 'a', 'n', 'd', 'e', 'l', '-', 'p', 'r', 'e', 'i', 's', 's', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "weirdesigns.com", true */ 'w', 'e', 'i', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "weirdserver.com", true */ 'w', 'e', 'i', 'r', 'd', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "weisse-liste.de", true */ 'w', 'e', 'i', 's', 's', 'e', '-', 'l', 'i', 's', 't', 'e', '.', 'd', 'e', '\0', + /* "weissman.agency", true */ 'w', 'e', 'i', 's', 's', 'm', 'a', 'n', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0', + /* "weiterbildung-vdz.de", true */ 'w', 'e', 'i', 't', 'e', 'r', 'b', 'i', 'l', 'd', 'u', 'n', 'g', '-', 'v', 'd', 'z', '.', 'd', 'e', '\0', + /* "weizenke.im", true */ 'w', 'e', 'i', 'z', 'e', 'n', 'k', 'e', '.', 'i', 'm', '\0', + /* "weizenspr.eu", true */ 'w', 'e', 'i', 'z', 'e', 'n', 's', 'p', 'r', '.', 'e', 'u', '\0', + /* "welches-kinderfahrrad.de", true */ 'w', 'e', 'l', 'c', 'h', 'e', 's', '-', 'k', 'i', 'n', 'd', 'e', 'r', 'f', 'a', 'h', 'r', 'r', 'a', 'd', '.', 'd', 'e', '\0', + /* "welcome-tahiti.com", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '-', 't', 'a', 'h', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0', + /* "welcome-werkstatt.com", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "welcome-werkstatt.de", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'd', 'e', '\0', + /* "welcome26.ch", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '2', '6', '.', 'c', 'h', '\0', + /* "welcomehelp.de", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', 'h', 'e', 'l', 'p', '.', 'd', 'e', '\0', + /* "weldwp.com", true */ 'w', 'e', 'l', 'd', 'w', 'p', '.', 'c', 'o', 'm', '\0', + /* "wellacapability.com", true */ 'w', 'e', 'l', 'l', 'a', 'c', 'a', 'p', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "wellbeing360.com.au", true */ 'w', 'e', 'l', 'l', 'b', 'e', 'i', 'n', 'g', '3', '6', '0', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "wellcom.co.il", true */ 'w', 'e', 'l', 'l', 'c', 'o', 'm', '.', 'c', 'o', '.', 'i', 'l', '\0', + /* "welldrake.com", true */ 'w', 'e', 'l', 'l', 'd', 'r', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "wellensteyn.ru", true */ 'w', 'e', 'l', 'l', 'e', 'n', 's', 't', 'e', 'y', 'n', '.', 'r', 'u', '\0', + /* "weller.pm", true */ 'w', 'e', 'l', 'l', 'e', 'r', '.', 'p', 'm', '\0', + /* "wellist.com", true */ 'w', 'e', 'l', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "wellness-gutschein.de", true */ 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '-', 'g', 'u', 't', 's', 'c', 'h', 'e', 'i', 'n', '.', 'd', 'e', '\0', + /* "wellnesscheck.net", true */ 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', 'c', 'h', 'e', 'c', 'k', '.', 'n', 'e', 't', '\0', + /* "wellopp.com", true */ 'w', 'e', 'l', 'l', 'o', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "wellsplasticsurgery.com", true */ 'w', 'e', 'l', 'l', 's', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "wellspringcamps.com", true */ 'w', 'e', 'l', 'l', 's', 'p', 'r', 'i', 'n', 'g', 'c', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "welovejobs.com", true */ 'w', 'e', 'l', 'o', 'v', 'e', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "welovemail.com", true */ 'w', 'e', 'l', 'o', 'v', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "welsh.com.br", true */ 'w', 'e', 'l', 's', 'h', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "welteneroberer.de", true */ 'w', 'e', 'l', 't', 'e', 'n', 'e', 'r', 'o', 'b', 'e', 'r', 'e', 'r', '.', 'd', 'e', '\0', + /* "weltengilde.de", true */ 'w', 'e', 'l', 't', 'e', 'n', 'g', 'i', 'l', 'd', 'e', '.', 'd', 'e', '\0', + /* "weltenhueter.de", true */ 'w', 'e', 'l', 't', 'e', 'n', 'h', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "weltverschwoerung.de", true */ 'w', 'e', 'l', 't', 'v', 'e', 'r', 's', 'c', 'h', 'w', 'o', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0', + /* "welzijnkoggenland.nl", true */ 'w', 'e', 'l', 'z', 'i', 'j', 'n', 'k', 'o', 'g', 'g', 'e', 'n', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "wemakemenus.com", true */ 'w', 'e', 'm', 'a', 'k', 'e', 'm', 'e', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "wemakeonlinereviews.com", true */ 'w', 'e', 'm', 'a', 'k', 'e', 'o', 'n', 'l', 'i', 'n', 'e', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "wendigo.pl", true */ 'w', 'e', 'n', 'd', 'i', 'g', 'o', '.', 'p', 'l', '\0', + /* "wendu.me", true */ 'w', 'e', 'n', 'd', 'u', '.', 'm', 'e', '\0', + /* "wenger-shop.ch", true */ 'w', 'e', 'n', 'g', 'e', 'r', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0', + /* "wenjs.me", true */ 'w', 'e', 'n', 'j', 's', '.', 'm', 'e', '\0', + /* "wenode.net", true */ 'w', 'e', 'n', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "wepay.com", false */ 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "wepay.in.th", true */ 'w', 'e', 'p', 'a', 'y', '.', 'i', 'n', '.', 't', 'h', '\0', + /* "weplaynaked.dk", true */ 'w', 'e', 'p', 'l', 'a', 'y', 'n', 'a', 'k', 'e', 'd', '.', 'd', 'k', '\0', + /* "wer-kommt-her.de", true */ 'w', 'e', 'r', '-', 'k', 'o', 'm', 'm', 't', '-', 'h', 'e', 'r', '.', 'd', 'e', '\0', + /* "werally.com", true */ 'w', 'e', 'r', 'a', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "werbefotograf-leitner.de", true */ 'w', 'e', 'r', 'b', 'e', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "werbefotografie-leitner.de", true */ 'w', 'e', 'r', 'b', 'e', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0', + /* "werbewelt-tv.de", true */ 'w', 'e', 'r', 'b', 'e', 'w', 'e', 'l', 't', '-', 't', 'v', '.', 'd', 'e', '\0', + /* "werbik.at", true */ 'w', 'e', 'r', 'b', 'i', 'k', '.', 'a', 't', '\0', + /* "werehub.org", true */ 'w', 'e', 'r', 'e', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0', + /* "wereldkoffie.eu", true */ 'w', 'e', 'r', 'e', 'l', 'd', 'k', 'o', 'f', 'f', 'i', 'e', '.', 'e', 'u', '\0', + /* "werk-34.de", true */ 'w', 'e', 'r', 'k', '-', '3', '4', '.', 'd', 'e', '\0', + /* "werkemotion.com", true */ 'w', 'e', 'r', 'k', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "werken-bij-inwork.nl", true */ 'w', 'e', 'r', 'k', 'e', 'n', '-', 'b', 'i', 'j', '-', 'i', 'n', 'w', 'o', 'r', 'k', '.', 'n', 'l', '\0', + /* "werkenbijdfzs.nl", true */ 'w', 'e', 'r', 'k', 'e', 'n', 'b', 'i', 'j', 'd', 'f', 'z', 's', '.', 'n', 'l', '\0', + /* "werkgroepderdewereld.nl", true */ 'w', 'e', 'r', 'k', 'g', 'r', 'o', 'e', 'p', 'd', 'e', 'r', 'd', 'e', 'w', 'e', 'r', 'e', 'l', 'd', '.', 'n', 'l', '\0', + /* "werkinc.de", true */ 'w', 'e', 'r', 'k', 'i', 'n', 'c', '.', 'd', 'e', '\0', + /* "werkkrew.xyz", true */ 'w', 'e', 'r', 'k', 'k', 'r', 'e', 'w', '.', 'x', 'y', 'z', '\0', + /* "werkstattkinder.de", true */ 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', 'k', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0', + /* "werktor.com", true */ 'w', 'e', 'r', 'k', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "werktor.net", true */ 'w', 'e', 'r', 'k', 't', 'o', 'r', '.', 'n', 'e', 't', '\0', + /* "werner-ema.de", true */ 'w', 'e', 'r', 'n', 'e', 'r', '-', 'e', 'm', 'a', '.', 'd', 'e', '\0', + /* "werner-schaeffer.de", true */ 'w', 'e', 'r', 'n', 'e', 'r', '-', 's', 'c', 'h', 'a', 'e', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0', + /* "wernerschaeffer.de", true */ 'w', 'e', 'r', 'n', 'e', 'r', 's', 'c', 'h', 'a', 'e', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0', + /* "wertheimer-burgrock.de", true */ 'w', 'e', 'r', 't', 'h', 'e', 'i', 'm', 'e', 'r', '-', 'b', 'u', 'r', 'g', 'r', 'o', 'c', 'k', '.', 'd', 'e', '\0', + /* "werwolf-live.de", true */ 'w', 'e', 'r', 'w', 'o', 'l', 'f', '-', 'l', 'i', 'v', 'e', '.', 'd', 'e', '\0', + /* "wesayyesprogram.com", true */ 'w', 'e', 's', 'a', 'y', 'y', 'e', 's', 'p', 'r', 'o', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "wesecom.com", true */ 'w', 'e', 's', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "wesell.asia", true */ 'w', 'e', 's', 'e', 'l', 'l', '.', 'a', 's', 'i', 'a', '\0', + /* "weserv.nl", true */ 'w', 'e', 's', 'e', 'r', 'v', '.', 'n', 'l', '\0', + /* "wesleycabus.be", true */ 'w', 'e', 's', 'l', 'e', 'y', 'c', 'a', 'b', 'u', 's', '.', 'b', 'e', '\0', + /* "wesreportportal.com", true */ 'w', 'e', 's', 'r', 'e', 'p', 'o', 'r', 't', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "wessner.co", true */ 'w', 'e', 's', 's', 'n', 'e', 'r', '.', 'c', 'o', '\0', + /* "wessner.org", true */ 'w', 'e', 's', 's', 'n', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "west-wind.net", true */ 'w', 'e', 's', 't', '-', 'w', 'i', 'n', 'd', '.', 'n', 'e', 't', '\0', + /* "westcarrollton.org", true */ 'w', 'e', 's', 't', 'c', 'a', 'r', 'r', 'o', 'l', 'l', 't', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "westcentenaryscouts.org.au", true */ 'w', 'e', 's', 't', 'c', 'e', 'n', 't', 'e', 'n', 'a', 'r', 'y', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0', + /* "westcoastcastles.com", true */ 'w', 'e', 's', 't', 'c', 'o', 'a', 's', 't', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "westcountrystalking.com", true */ 'w', 'e', 's', 't', 'c', 'o', 'u', 'n', 't', 'r', 'y', 's', 't', 'a', 'l', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "westendwifi.net", true */ 'w', 'e', 's', 't', 'e', 'n', 'd', 'w', 'i', 'f', 'i', '.', 'n', 'e', 't', '\0', + /* "westeros.hu", true */ 'w', 'e', 's', 't', 'e', 'r', 'o', 's', '.', 'h', 'u', '\0', + /* "westhighlandwhiteterrier.com.br", true */ 'w', 'e', 's', 't', 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', 'w', 'h', 'i', 't', 'e', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "westhillselectrical.com", true */ 'w', 'e', 's', 't', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "westlakevillageelectrical.com", true */ 'w', 'e', 's', 't', 'l', 'a', 'k', 'e', 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "westlights.net", true */ 'w', 'e', 's', 't', 'l', 'i', 'g', 'h', 't', 's', '.', 'n', 'e', 't', '\0', + /* "westmead.org", true */ 'w', 'e', 's', 't', 'm', 'e', 'a', 'd', '.', 'o', 'r', 'g', '\0', + /* "westmeadapartments.com.au", true */ 'w', 'e', 's', 't', 'm', 'e', 'a', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "westmidlandsbouncycastlehire.co.uk", true */ 'w', 'e', 's', 't', 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "westmidlandsinflatables.co.uk", true */ 'w', 'e', 's', 't', 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "westsuburbanbank.com", true */ 'w', 'e', 's', 't', 's', 'u', 'b', 'u', 'r', 'b', 'a', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "westtulsa.com", true */ 'w', 'e', 's', 't', 't', 'u', 'l', 's', 'a', '.', 'c', 'o', 'm', '\0', + /* "westwood.no", true */ 'w', 'e', 's', 't', 'w', 'o', 'o', 'd', '.', 'n', 'o', '\0', + /* "wetherbymethodist.org.uk", true */ 'w', 'e', 't', 'h', 'e', 'r', 'b', 'y', 'm', 'e', 't', 'h', 'o', 'd', 'i', 's', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "wetherbyweather.org.uk", true */ 'w', 'e', 't', 'h', 'e', 'r', 'b', 'y', 'w', 'e', 'a', 't', 'h', 'e', 'r', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "wetofu.top", true */ 'w', 'e', 't', 'o', 'f', 'u', '.', 't', 'o', 'p', '\0', + /* "wevenues.com", true */ 'w', 'e', 'v', 'e', 'n', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "wexfordbouncycastles.ie", true */ 'w', 'e', 'x', 'f', 'o', 'r', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0', + /* "weyland-yutani.org", true */ 'w', 'e', 'y', 'l', 'a', 'n', 'd', '-', 'y', 'u', 't', 'a', 'n', 'i', '.', 'o', 'r', 'g', '\0', + /* "weyland.tech", true */ 'w', 'e', 'y', 'l', 'a', 'n', 'd', '.', 't', 'e', 'c', 'h', '\0', + /* "wf-bigsky-master.appspot.com", true */ 'w', 'f', '-', 'b', 'i', 'g', 's', 'k', 'y', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "wf-demo-eu.appspot.com", true */ 'w', 'f', '-', 'd', 'e', 'm', 'o', '-', 'e', 'u', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "wf-demo-hrd.appspot.com", true */ 'w', 'f', '-', 'd', 'e', 'm', 'o', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "wf-dogfood-hrd.appspot.com", true */ 'w', 'f', '-', 'd', 'o', 'g', 'f', 'o', 'o', 'd', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "wf-hosting.de", true */ 'w', 'f', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "wf-pentest.appspot.com", true */ 'w', 'f', '-', 'p', 'e', 'n', 't', 'e', 's', 't', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "wf-staging-hr.appspot.com", true */ 'w', 'f', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '-', 'h', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "wf-training-hrd.appspot.com", true */ 'w', 'f', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "wf-training-master.appspot.com", true */ 'w', 'f', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "wf-trial-hrd.appspot.com", true */ 'w', 'f', '-', 't', 'r', 'i', 'a', 'l', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "wfh.ovh", true */ 'w', 'f', 'h', '.', 'o', 'v', 'h', '\0', + /* "wfh.se", true */ 'w', 'f', 'h', '.', 's', 'e', '\0', + /* "wg3k.us", true */ 'w', 'g', '3', 'k', '.', 'u', 's', '\0', + /* "wgom.org", true */ 'w', 'g', 'o', 'm', '.', 'o', 'r', 'g', '\0', + /* "wgraphics.ru", true */ 'w', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '.', 'r', 'u', '\0', + /* "wh-guide.de", true */ 'w', 'h', '-', 'g', 'u', 'i', 'd', 'e', '.', 'd', 'e', '\0', + /* "whanau.org", true */ 'w', 'h', 'a', 'n', 'a', 'u', '.', 'o', 'r', 'g', '\0', + /* "whatagreatwebsite.net", true */ 'w', 'h', 'a', 't', 'a', 'g', 'r', 'e', 'a', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'n', 'e', 't', '\0', + /* "whatanime.ga", true */ 'w', 'h', 'a', 't', 'a', 'n', 'i', 'm', 'e', '.', 'g', 'a', '\0', + /* "whatarepatentsfor.com", true */ 'w', 'h', 'a', 't', 'a', 'r', 'e', 'p', 'a', 't', 'e', 'n', 't', 's', 'f', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "whatisl.ovh", true */ 'w', 'h', 'a', 't', 'i', 's', 'l', '.', 'o', 'v', 'h', '\0', + /* "whatismyipaddress.ca", true */ 'w', 'h', 'a', 't', 'i', 's', 'm', 'y', 'i', 'p', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'c', 'a', '\0', + /* "whatsahoy.com", true */ 'w', 'h', 'a', 't', 's', 'a', 'h', 'o', 'y', '.', 'c', 'o', 'm', '\0', + /* "whatsapp.com", true */ 'w', 'h', 'a', 't', 's', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "whatsmychaincert.com", true */ 'w', 'h', 'a', 't', 's', 'm', 'y', 'c', 'h', 'a', 'i', 'n', 'c', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "whatsupgold.com.tw", true */ 'w', 'h', 'a', 't', 's', 'u', 'p', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "whatsupoutdoor.com", true */ 'w', 'h', 'a', 't', 's', 'u', 'p', 'o', 'u', 't', 'd', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "whatwebcando.today", true */ 'w', 'h', 'a', 't', 'w', 'e', 'b', 'c', 'a', 'n', 'd', 'o', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "whatwg.org", true */ 'w', 'h', 'a', 't', 'w', 'g', '.', 'o', 'r', 'g', '\0', + /* "whd-guide.de", true */ 'w', 'h', 'd', '-', 'g', 'u', 'i', 'd', 'e', '.', 'd', 'e', '\0', + /* "wheatgra.in", true */ 'w', 'h', 'e', 'a', 't', 'g', 'r', 'a', '.', 'i', 'n', '\0', + /* "wheatley.nl", true */ 'w', 'h', 'e', 'a', 't', 'l', 'e', 'y', '.', 'n', 'l', '\0', + /* "wheeler.kiwi.nz", true */ 'w', 'h', 'e', 'e', 'l', 'e', 'r', '.', 'k', 'i', 'w', 'i', '.', 'n', 'z', '\0', + /* "wheelwide.co.uk", true */ 'w', 'h', 'e', 'e', 'l', 'w', 'i', 'd', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wheelwork.org", true */ 'w', 'h', 'e', 'e', 'l', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0', + /* "wheelwright.org", true */ 'w', 'h', 'e', 'e', 'l', 'w', 'r', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0', + /* "when-release.com", true */ 'w', 'h', 'e', 'n', '-', 'r', 'e', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0', + /* "when.fm", true */ 'w', 'h', 'e', 'n', '.', 'f', 'm', '\0', + /* "where2trip.com", true */ 'w', 'h', 'e', 'r', 'e', '2', 't', 'r', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "whereiszakir.com", true */ 'w', 'h', 'e', 'r', 'e', 'i', 's', 'z', 'a', 'k', 'i', 'r', '.', 'c', 'o', 'm', '\0', + /* "wherephoto.com", false */ 'w', 'h', 'e', 'r', 'e', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "whey-protein.ch", true */ 'w', 'h', 'e', 'y', '-', 'p', 'r', 'o', 't', 'e', 'i', 'n', '.', 'c', 'h', '\0', + /* "whiletrue.run", true */ 'w', 'h', 'i', 'l', 'e', 't', 'r', 'u', 'e', '.', 'r', 'u', 'n', '\0', + /* "whing.org", true */ 'w', 'h', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "whipnic.com", true */ 'w', 'h', 'i', 'p', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "whisky-circle.info", true */ 'w', 'h', 'i', 's', 'k', 'y', '-', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "whiskynerd.ca", true */ 'w', 'h', 'i', 's', 'k', 'y', 'n', 'e', 'r', 'd', '.', 'c', 'a', '\0', + /* "whisp.ly", false */ 'w', 'h', 'i', 's', 'p', '.', 'l', 'y', '\0', + /* "whispeer.de", true */ 'w', 'h', 'i', 's', 'p', 'e', 'e', 'r', '.', 'd', 'e', '\0', + /* "whisperinghoperanch.org", true */ 'w', 'h', 'i', 's', 'p', 'e', 'r', 'i', 'n', 'g', 'h', 'o', 'p', 'e', 'r', 'a', 'n', 'c', 'h', '.', 'o', 'r', 'g', '\0', + /* "whisperlab.org", true */ 'w', 'h', 'i', 's', 'p', 'e', 'r', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0', + /* "whistleb.com", true */ 'w', 'h', 'i', 's', 't', 'l', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "whistleblower.gov", true */ 'w', 'h', 'i', 's', 't', 'l', 'e', 'b', 'l', 'o', 'w', 'e', 'r', '.', 'g', 'o', 'v', '\0', + /* "whitby-brewery.com", true */ 'w', 'h', 'i', 't', 'b', 'y', '-', 'b', 'r', 'e', 'w', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "whitealps.at", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'a', 't', '\0', + /* "whitealps.be", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'b', 'e', '\0', + /* "whitealps.ch", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'c', 'h', '\0', + /* "whitealps.de", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'd', 'e', '\0', + /* "whitealps.fr", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'f', 'r', '\0', + /* "whitealps.net", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'n', 'e', 't', '\0', + /* "whitefm.ch", true */ 'w', 'h', 'i', 't', 'e', 'f', 'm', '.', 'c', 'h', '\0', + /* "whitehathackers.com.br", true */ 'w', 'h', 'i', 't', 'e', 'h', 'a', 't', 'h', 'a', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "whitehouse.gov", true */ 'w', 'h', 'i', 't', 'e', 'h', 'o', 'u', 's', 'e', '.', 'g', 'o', 'v', '\0', + /* "whiteink.com", true */ 'w', 'h', 'i', 't', 'e', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "whitejaguars.com", true */ 'w', 'h', 'i', 't', 'e', 'j', 'a', 'g', 'u', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "whitelabelcashback.nl", true */ 'w', 'h', 'i', 't', 'e', 'l', 'a', 'b', 'e', 'l', 'c', 'a', 's', 'h', 'b', 'a', 'c', 'k', '.', 'n', 'l', '\0', + /* "whitelabeltickets.com", true */ 'w', 'h', 'i', 't', 'e', 'l', 'a', 'b', 'e', 'l', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "whitepharmacy.co.uk", true */ 'w', 'h', 'i', 't', 'e', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "whiteroom.agency", true */ 'w', 'h', 'i', 't', 'e', 'r', 'o', 'o', 'm', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0', + /* "whiteshadowimperium.com", true */ 'w', 'h', 'i', 't', 'e', 's', 'h', 'a', 'd', 'o', 'w', 'i', 'm', 'p', 'e', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0', + /* "whitkirkartsguild.com", true */ 'w', 'h', 'i', 't', 'k', 'i', 'r', 'k', 'a', 'r', 't', 's', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "whitkirkchurch.org.uk", true */ 'w', 'h', 'i', 't', 'k', 'i', 'r', 'k', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "whizzzbang.co.uk", true */ 'w', 'h', 'i', 'z', 'z', 'z', 'b', 'a', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "whmcs.hosting", true */ 'w', 'h', 'm', 'c', 's', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0', + /* "who-calledme.com", true */ 'w', 'h', 'o', '-', 'c', 'a', 'l', 'l', 'e', 'd', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "who.pm", true */ 'w', 'h', 'o', '.', 'p', 'm', '\0', + /* "whocalld.com", true */ 'w', 'h', 'o', 'c', 'a', 'l', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "whocalled.us", true */ 'w', 'h', 'o', 'c', 'a', 'l', 'l', 'e', 'd', '.', 'u', 's', '\0', + /* "whoimg.com", true */ 'w', 'h', 'o', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0', + /* "whoisthenightking.com", true */ 'w', 'h', 'o', 'i', 's', 't', 'h', 'e', 'n', 'i', 'g', 'h', 't', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "whoiswp.com", true */ 'w', 'h', 'o', 'i', 's', 'w', 'p', '.', 'c', 'o', 'm', '\0', + /* "wholelotofbounce.co.uk", false */ 'w', 'h', 'o', 'l', 'e', 'l', 'o', 't', 'o', 'f', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wholesalecbd.com", true */ 'w', 'h', 'o', 'l', 'e', 's', 'a', 'l', 'e', 'c', 'b', 'd', '.', 'c', 'o', 'm', '\0', + /* "wholikes.us", true */ 'w', 'h', 'o', 'l', 'i', 'k', 'e', 's', '.', 'u', 's', '\0', + /* "whoneedstobeprimaried.today", true */ 'w', 'h', 'o', 'n', 'e', 'e', 'd', 's', 't', 'o', 'b', 'e', 'p', 'r', 'i', 'm', 'a', 'r', 'i', 'e', 'd', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "whonix.org", true */ 'w', 'h', 'o', 'n', 'i', 'x', '.', 'o', 'r', 'g', '\0', + /* "whoownsmyavailability.com", true */ 'w', 'h', 'o', 'o', 'w', 'n', 's', 'm', 'y', 'a', 'v', 'a', 'i', 'l', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "whoturgled.com", true */ 'w', 'h', 'o', 't', 'u', 'r', 'g', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "why-brexit.uk", true */ 'w', 'h', 'y', '-', 'b', 'r', 'e', 'x', 'i', 't', '.', 'u', 'k', '\0', + /* "whyopencomputing.ch", true */ 'w', 'h', 'y', 'o', 'p', 'e', 'n', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'c', 'h', '\0', + /* "whyopencomputing.com", true */ 'w', 'h', 'y', 'o', 'p', 'e', 'n', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "whyworldhot.com", true */ 'w', 'h', 'y', 'w', 'o', 'r', 'l', 'd', 'h', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "wiapply.com", true */ 'w', 'i', 'a', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "wibbe.link", true */ 'w', 'i', 'b', 'b', 'e', '.', 'l', 'i', 'n', 'k', '\0', + /* "wiberg.nu", true */ 'w', 'i', 'b', 'e', 'r', 'g', '.', 'n', 'u', '\0', + /* "wickrath.net", true */ 'w', 'i', 'c', 'k', 'r', 'a', 't', 'h', '.', 'n', 'e', 't', '\0', + /* "widdleguy.com", true */ 'w', 'i', 'd', 'd', 'l', 'e', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0', + /* "wideboxmacau.com", false */ 'w', 'i', 'd', 'e', 'b', 'o', 'x', 'm', 'a', 'c', 'a', 'u', '.', 'c', 'o', 'm', '\0', + /* "widegab.com", true */ 'w', 'i', 'd', 'e', 'g', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "wideinfo.org", true */ 'w', 'i', 'd', 'e', 'i', 'n', 'f', 'o', '.', 'o', 'r', 'g', '\0', + /* "widemann.de", true */ 'w', 'i', 'd', 'e', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0', + /* "widememory.com", true */ 'w', 'i', 'd', 'e', 'm', 'e', 'm', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "widenews.org", true */ 'w', 'i', 'd', 'e', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0', + /* "widmer.bz", true */ 'w', 'i', 'd', 'm', 'e', 'r', '.', 'b', 'z', '\0', + /* "widsl.de", true */ 'w', 'i', 'd', 's', 'l', '.', 'd', 'e', '\0', + /* "wiebetaaltdat.nl", true */ 'w', 'i', 'e', 'b', 'e', 't', 'a', 'a', 'l', 't', 'd', 'a', 't', '.', 'n', 'l', '\0', + /* "wieckiewicz.org", true */ 'w', 'i', 'e', 'c', 'k', 'i', 'e', 'w', 'i', 'c', 'z', '.', 'o', 'r', 'g', '\0', + /* "wiedmeyer.de", true */ 'w', 'i', 'e', 'd', 'm', 'e', 'y', 'e', 'r', '.', 'd', 'e', '\0', + /* "wiedu.net", true */ 'w', 'i', 'e', 'd', 'u', '.', 'n', 'e', 't', '\0', + /* "wiegedaten.de", true */ 'w', 'i', 'e', 'g', 'e', 'd', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "wien52.at", true */ 'w', 'i', 'e', 'n', '5', '2', '.', 'a', 't', '\0', + /* "wieneck-bauelemente.de", true */ 'w', 'i', 'e', 'n', 'e', 'c', 'k', '-', 'b', 'a', 'u', 'e', 'l', 'e', 'm', 'e', 'n', 't', 'e', '.', 'd', 'e', '\0', + /* "wienergyjobs.com", true */ 'w', 'i', 'e', 'n', 'e', 'r', 'g', 'y', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "wienerwichtelchallenge.at", true */ 'w', 'i', 'e', 'n', 'e', 'r', 'w', 'i', 'c', 'h', 't', 'e', 'l', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'a', 't', '\0', + /* "wieobensounten.de", true */ 'w', 'i', 'e', 'o', 'b', 'e', 'n', 's', 'o', 'u', 'n', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "wifi-hack.com", true */ 'w', 'i', 'f', 'i', '-', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "wifi-names.com", true */ 'w', 'i', 'f', 'i', '-', 'n', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "wifimask.com", true */ 'w', 'i', 'f', 'i', 'm', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0', + /* "wifipineapple.com", true */ 'w', 'i', 'f', 'i', 'p', 'i', 'n', 'e', 'a', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "wifirst.net", true */ 'w', 'i', 'f', 'i', 'r', 's', 't', '.', 'n', 'e', 't', '\0', + /* "wifree.lv", true */ 'w', 'i', 'f', 'r', 'e', 'e', '.', 'l', 'v', '\0', + /* "wigggle.it", true */ 'w', 'i', 'g', 'g', 'g', 'l', 'e', '.', 'i', 't', '\0', + /* "wigle.net", true */ 'w', 'i', 'g', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "wiiaam.com", true */ 'w', 'i', 'i', 'a', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "wiimotion.de", true */ 'w', 'i', 'i', 'm', 'o', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "wijnservices.nl", false */ 'w', 'i', 'j', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'l', '\0', + /* "wiki-play.ru", true */ 'w', 'i', 'k', 'i', '-', 'p', 'l', 'a', 'y', '.', 'r', 'u', '\0', + /* "wiki.python.org", true */ 'w', 'i', 'k', 'i', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "wikibooks.org", true */ 'w', 'i', 'k', 'i', 'b', 'o', 'o', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "wikibulz.com", true */ 'w', 'i', 'k', 'i', 'b', 'u', 'l', 'z', '.', 'c', 'o', 'm', '\0', + /* "wikidata.org", true */ 'w', 'i', 'k', 'i', 'd', 'a', 't', 'a', '.', 'o', 'r', 'g', '\0', + /* "wikidsystems.com", false */ 'w', 'i', 'k', 'i', 'd', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "wikileaks.com", true */ 'w', 'i', 'k', 'i', 'l', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "wikileaks.org", true */ 'w', 'i', 'k', 'i', 'l', 'e', 'a', 'k', 's', '.', 'o', 'r', 'g', '\0', + /* "wikimedia.org", true */ 'w', 'i', 'k', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "wikimediafoundation.org", true */ 'w', 'i', 'k', 'i', 'm', 'e', 'd', 'i', 'a', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "wikimilk.org", true */ 'w', 'i', 'k', 'i', 'm', 'i', 'l', 'k', '.', 'o', 'r', 'g', '\0', + /* "wikinews.org", true */ 'w', 'i', 'k', 'i', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0', + /* "wikipedia.org", true */ 'w', 'i', 'k', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0', + /* "wikiquote.org", true */ 'w', 'i', 'k', 'i', 'q', 'u', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "wikisource.org", true */ 'w', 'i', 'k', 'i', 's', 'o', 'u', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "wikiversity.org", true */ 'w', 'i', 'k', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "wikivisually.com", true */ 'w', 'i', 'k', 'i', 'v', 'i', 's', 'u', 'a', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "wikivoyage.org", true */ 'w', 'i', 'k', 'i', 'v', 'o', 'y', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0', + /* "wiktionary.org", true */ 'w', 'i', 'k', 't', 'i', 'o', 'n', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0', + /* "wiktoriaslife.com", true */ 'w', 'i', 'k', 't', 'o', 'r', 'i', 'a', 's', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0', + /* "wilane.org", true */ 'w', 'i', 'l', 'a', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "wilcodeboer.me", true */ 'w', 'i', 'l', 'c', 'o', 'd', 'e', 'b', 'o', 'e', 'r', '.', 'm', 'e', '\0', + /* "wild-emotion-events.de", true */ 'w', 'i', 'l', 'd', '-', 'e', 'm', 'o', 't', 'i', 'o', 'n', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'd', 'e', '\0', + /* "wild-turtles.com", true */ 'w', 'i', 'l', 'd', '-', 't', 'u', 'r', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "wildbirds.dk", true */ 'w', 'i', 'l', 'd', 'b', 'i', 'r', 'd', 's', '.', 'd', 'k', '\0', + /* "wildboaratvparts.com", true */ 'w', 'i', 'l', 'd', 'b', 'o', 'a', 'r', 'a', 't', 'v', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "wildcard.hu", true */ 'w', 'i', 'l', 'd', 'c', 'a', 'r', 'd', '.', 'h', 'u', '\0', + /* "wilddogdesign.co.uk", true */ 'w', 'i', 'l', 'd', 'd', 'o', 'g', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wildlifeadaptationstrategy.gov", true */ 'w', 'i', 'l', 'd', 'l', 'i', 'f', 'e', 'a', 'd', 'a', 'p', 't', 'a', 't', 'i', 'o', 'n', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'g', 'o', 'v', '\0', + /* "wildnisfamilie.net", true */ 'w', 'i', 'l', 'd', 'n', 'i', 's', 'f', 'a', 'm', 'i', 'l', 'i', 'e', '.', 'n', 'e', 't', '\0', + /* "wildtrip.blog", true */ 'w', 'i', 'l', 'd', 't', 'r', 'i', 'p', '.', 'b', 'l', 'o', 'g', '\0', + /* "wildwildtravel.com", true */ 'w', 'i', 'l', 'd', 'w', 'i', 'l', 'd', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "wilfrid-calixte.fr", true */ 'w', 'i', 'l', 'f', 'r', 'i', 'd', '-', 'c', 'a', 'l', 'i', 'x', 't', 'e', '.', 'f', 'r', '\0', + /* "wili.li", true */ 'w', 'i', 'l', 'i', '.', 'l', 'i', '\0', + /* "wiliquet.net", true */ 'w', 'i', 'l', 'i', 'q', 'u', 'e', 't', '.', 'n', 'e', 't', '\0', + /* "willbarnesphotography.co.uk", true */ 'w', 'i', 'l', 'l', 'b', 'a', 'r', 'n', 'e', 's', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "willberg.bayern", true */ 'w', 'i', 'l', 'l', 'b', 'e', 'r', 'g', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0', + /* "willekeinden.nl", true */ 'w', 'i', 'l', 'l', 'e', 'k', 'e', 'i', 'n', 'd', 'e', 'n', '.', 'n', 'l', '\0', + /* "willeminfo.ch", true */ 'w', 'i', 'l', 'l', 'e', 'm', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0', + /* "willems-kristiansen.dk", true */ 'w', 'i', 'l', 'l', 'e', 'm', 's', '-', 'k', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'e', 'n', '.', 'd', 'k', '\0', + /* "willemsjort.be", true */ 'w', 'i', 'l', 'l', 'e', 'm', 's', 'j', 'o', 'r', 't', '.', 'b', 'e', '\0', + /* "willfarrell.ca", true */ 'w', 'i', 'l', 'l', 'f', 'a', 'r', 'r', 'e', 'l', 'l', '.', 'c', 'a', '\0', + /* "willi-graf-gymnasium.de", true */ 'w', 'i', 'l', 'l', 'i', '-', 'g', 'r', 'a', 'f', '-', 'g', 'y', 'm', 'n', 'a', 's', 'i', 'u', 'm', '.', 'd', 'e', '\0', + /* "willi-graf-os.de", true */ 'w', 'i', 'l', 'l', 'i', '-', 'g', 'r', 'a', 'f', '-', 'o', 's', '.', 'd', 'e', '\0', + /* "williamboundsltd.com", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 'b', 'o', 'u', 'n', 'd', 's', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0', + /* "williamfeely.info", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 'f', 'e', 'e', 'l', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "williamjohngauthier.net", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 'j', 'o', 'h', 'n', 'g', 'a', 'u', 't', 'h', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "williamsonshore.com", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', 'o', 'n', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "williamsportmortgages.com", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', 'p', 'o', 'r', 't', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "willnorris.com", true */ 'w', 'i', 'l', 'l', 'n', 'o', 'r', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0', + /* "willow.technology", true */ 'w', 'i', 'l', 'l', 'o', 'w', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0', + /* "willowdalechurch.ca", true */ 'w', 'i', 'l', 'l', 'o', 'w', 'd', 'a', 'l', 'e', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'a', '\0', + /* "wills.co.tt", true */ 'w', 'i', 'l', 'l', 's', '.', 'c', 'o', '.', 't', 't', '\0', + /* "willstamper.name", true */ 'w', 'i', 'l', 'l', 's', 't', 'a', 'm', 'p', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0', + /* "willywangstory.com", true */ 'w', 'i', 'l', 'l', 'y', 'w', 'a', 'n', 'g', 's', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0', + /* "wilseyrealty.com", true */ 'w', 'i', 'l', 's', 'e', 'y', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "wilsonovi.com", true */ 'w', 'i', 'l', 's', 'o', 'n', 'o', 'v', 'i', '.', 'c', 'o', 'm', '\0', + /* "wimachtendienk.com", true */ 'w', 'i', 'm', 'a', 'c', 'h', 't', 'e', 'n', 'd', 'i', 'e', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "wimbo.nl", true */ 'w', 'i', 'm', 'b', 'o', '.', 'n', 'l', '\0', + /* "wimpernforyou.de", true */ 'w', 'i', 'm', 'p', 'e', 'r', 'n', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'd', 'e', '\0', + /* "win7stylebuilder.com", false */ 'w', 'i', 'n', '7', 's', 't', 'y', 'l', 'e', 'b', 'u', 'i', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "winbuzzer.com", true */ 'w', 'i', 'n', 'b', 'u', 'z', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "wind.moe", true */ 'w', 'i', 'n', 'd', '.', 'm', 'o', 'e', '\0', + /* "windelnkaufen24.de", true */ 'w', 'i', 'n', 'd', 'e', 'l', 'n', 'k', 'a', 'u', 'f', 'e', 'n', '2', '4', '.', 'd', 'e', '\0', + /* "windhaven.nl", false */ 'w', 'i', 'n', 'd', 'h', 'a', 'v', 'e', 'n', '.', 'n', 'l', '\0', + /* "windholz.us", true */ 'w', 'i', 'n', 'd', 'h', 'o', 'l', 'z', '.', 'u', 's', '\0', + /* "windowcleaningexperts.net", true */ 'w', 'i', 'n', 'd', 'o', 'w', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'n', 'e', 't', '\0', + /* "windows10insider.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 's', '1', '0', 'i', 'n', 's', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "windowsnerd.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 's', 'n', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0', + /* "windowstech.it", true */ 'w', 'i', 'n', 'd', 'o', 'w', 's', 't', 'e', 'c', 'h', '.', 'i', 't', '\0', + /* "windowwellcovers.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 'w', 'e', 'l', 'l', 'c', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "windowwellexperts.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 'w', 'e', 'l', 'l', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "windrunner.se", true */ 'w', 'i', 'n', 'd', 'r', 'u', 'n', 'n', 'e', 'r', '.', 's', 'e', '\0', + /* "windscribe.com", true */ 'w', 'i', 'n', 'd', 's', 'c', 'r', 'i', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "windsock-app.com", true */ 'w', 'i', 'n', 'd', 's', 'o', 'c', 'k', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "windwoodmedia.com", true */ 'w', 'i', 'n', 'd', 'w', 'o', 'o', 'd', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "windwoodweb.com", true */ 'w', 'i', 'n', 'd', 'w', 'o', 'o', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "windycitydubfest.com", true */ 'w', 'i', 'n', 'd', 'y', 'c', 'i', 't', 'y', 'd', 'u', 'b', 'f', 'e', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "wine-importer.ru", true */ 'w', 'i', 'n', 'e', '-', 'i', 'm', 'p', 'o', 'r', 't', 'e', 'r', '.', 'r', 'u', '\0', + /* "winebid.com", true */ 'w', 'i', 'n', 'e', 'b', 'i', 'd', '.', 'c', 'o', 'm', '\0', + /* "wineworksonline.com", true */ 'w', 'i', 'n', 'e', 'w', 'o', 'r', 'k', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "winfieldchen.me", true */ 'w', 'i', 'n', 'f', 'i', 'e', 'l', 'd', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0', + /* "winghill.com", false */ 'w', 'i', 'n', 'g', 'h', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "winhistory-forum.net", true */ 'w', 'i', 'n', 'h', 'i', 's', 't', 'o', 'r', 'y', '-', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0', + /* "winmodels.org", true */ 'w', 'i', 'n', 'm', 'o', 'd', 'e', 'l', 's', '.', 'o', 'r', 'g', '\0', + /* "winmodels.ru", true */ 'w', 'i', 'n', 'm', 'o', 'd', 'e', 'l', 's', '.', 'r', 'u', '\0', + /* "winphonemetro.com", true */ 'w', 'i', 'n', 'p', 'h', 'o', 'n', 'e', 'm', 'e', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0', + /* "winsome.world", true */ 'w', 'i', 'n', 's', 'o', 'm', 'e', '.', 'w', 'o', 'r', 'l', 'd', '\0', + /* "wint.global", true */ 'w', 'i', 'n', 't', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0', + /* "winter-elektro.de", true */ 'w', 'i', 'n', 't', 'e', 'r', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0', + /* "winter.engineering", false */ 'w', 'i', 'n', 't', 'e', 'r', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0', + /* "winterbergwebcams.com", true */ 'w', 'i', 'n', 't', 'e', 'r', 'b', 'e', 'r', 'g', 'w', 'e', 'b', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "winterfeldt.de", true */ 'w', 'i', 'n', 't', 'e', 'r', 'f', 'e', 'l', 'd', 't', '.', 'd', 'e', '\0', + /* "winterhillbank.com", true */ 'w', 'i', 'n', 't', 'e', 'r', 'h', 'i', 'l', 'l', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0', + /* "wintermeyer-consulting.de", true */ 'w', 'i', 'n', 't', 'e', 'r', 'm', 'e', 'y', 'e', 'r', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0', + /* "wintermeyer.de", true */ 'w', 'i', 'n', 't', 'e', 'r', 'm', 'e', 'y', 'e', 'r', '.', 'd', 'e', '\0', + /* "winterschoen.nl", true */ 'w', 'i', 'n', 't', 'e', 'r', 's', 'c', 'h', 'o', 'e', 'n', '.', 'n', 'l', '\0', + /* "wintodoor.com", true */ 'w', 'i', 'n', 't', 'o', 'd', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "wipswiss.ch", true */ 'w', 'i', 'p', 's', 'w', 'i', 's', 's', '.', 'c', 'h', '\0', + /* "wir-bewegen.sh", true */ 'w', 'i', 'r', '-', 'b', 'e', 'w', 'e', 'g', 'e', 'n', '.', 's', 'h', '\0', + /* "wirbatz.org", true */ 'w', 'i', 'r', 'b', 'a', 't', 'z', '.', 'o', 'r', 'g', '\0', + /* "wircon-int.net", true */ 'w', 'i', 'r', 'c', 'o', 'n', '-', 'i', 'n', 't', '.', 'n', 'e', 't', '\0', + /* "wiredcut.com", true */ 'w', 'i', 'r', 'e', 'd', 'c', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "wireheading.com", true */ 'w', 'i', 'r', 'e', 'h', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "wireless-emergency-stop.com", true */ 'w', 'i', 'r', 'e', 'l', 'e', 's', 's', '-', 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', '-', 's', 't', 'o', 'p', '.', 'c', 'o', 'm', '\0', + /* "wirelesswatch.com.au", true */ 'w', 'i', 'r', 'e', 'l', 'e', 's', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "wireshark.org", true */ 'w', 'i', 'r', 'e', 's', 'h', 'a', 'r', 'k', '.', 'o', 'r', 'g', '\0', + /* "wiretime.de", true */ 'w', 'i', 'r', 'e', 't', 'i', 'm', 'e', '.', 'd', 'e', '\0', + /* "wiretrip.io", true */ 'w', 'i', 'r', 'e', 't', 'r', 'i', 'p', '.', 'i', 'o', '\0', + /* "wirhabenspass.de", true */ 'w', 'i', 'r', 'h', 'a', 'b', 'e', 'n', 's', 'p', 'a', 's', 's', '.', 'd', 'e', '\0', + /* "wirkstoffreich.de", true */ 'w', 'i', 'r', 'k', 's', 't', 'o', 'f', 'f', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0', + /* "wirralbouncycastles.co.uk", true */ 'w', 'i', 'r', 'r', 'a', 'l', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wirsol.com", true */ 'w', 'i', 'r', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0', + /* "wis.no", true */ 'w', 'i', 's', '.', 'n', 'o', '\0', + /* "wisdomize.me", true */ 'w', 'i', 's', 'd', 'o', 'm', 'i', 'z', 'e', '.', 'm', 'e', '\0', + /* "wiseflat.com", true */ 'w', 'i', 's', 'e', 'f', 'l', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "wisper.net.au", true */ 'w', 'i', 's', 'p', 'e', 'r', '.', 'n', 'e', 't', '.', 'a', 'u', '\0', + /* "wispsuperfoods.com", true */ 'w', 'i', 's', 'p', 's', 'u', 'p', 'e', 'r', 'f', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "wisv.ch", true */ 'w', 'i', 's', 'v', '.', 'c', 'h', '\0', + /* "wisweb.no", true */ 'w', 'i', 's', 'w', 'e', 'b', '.', 'n', 'o', '\0', + /* "wit.ai", true */ 'w', 'i', 't', '.', 'a', 'i', '\0', + /* "witae.com", true */ 'w', 'i', 't', 'a', 'e', '.', 'c', 'o', 'm', '\0', + /* "withgoogle.com", true */ 'w', 'i', 't', 'h', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "withinsecurity.com", true */ 'w', 'i', 't', 'h', 'i', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "withlocals.com", true */ 'w', 'i', 't', 'h', 'l', 'o', 'c', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0', + /* "withoutacrystalball.com", true */ 'w', 'i', 't', 'h', 'o', 'u', 't', 'a', 'c', 'r', 'y', 's', 't', 'a', 'l', 'b', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "withyoutube.com", true */ 'w', 'i', 't', 'h', 'y', 'o', 'u', 't', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "witneywaterpolo.org.uk", true */ 'w', 'i', 't', 'n', 'e', 'y', 'w', 'a', 't', 'e', 'r', 'p', 'o', 'l', 'o', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0', + /* "witt-international.co.uk", true */ 'w', 'i', 't', 't', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wittepapaver.nl", true */ 'w', 'i', 't', 't', 'e', 'p', 'a', 'p', 'a', 'v', 'e', 'r', '.', 'n', 'l', '\0', + /* "witting.co", true */ 'w', 'i', 't', 't', 'i', 'n', 'g', '.', 'c', 'o', '\0', + /* "witway.nl", false */ 'w', 'i', 't', 'w', 'a', 'y', '.', 'n', 'l', '\0', + /* "wivoc.nl", true */ 'w', 'i', 'v', 'o', 'c', '.', 'n', 'l', '\0', + /* "wiz.at", true */ 'w', 'i', 'z', '.', 'a', 't', '\0', + /* "wiz.farm", true */ 'w', 'i', 'z', '.', 'f', 'a', 'r', 'm', '\0', + /* "wizard.gov", true */ 'w', 'i', 'z', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0', + /* "wizardbouncycastles.co.uk", true */ 'w', 'i', 'z', 'a', 'r', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wizardspire.com", true */ 'w', 'i', 'z', 'a', 'r', 'd', 's', 'p', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "wizzley.com", false */ 'w', 'i', 'z', 'z', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "wizzr.nl", true */ 'w', 'i', 'z', 'z', 'r', '.', 'n', 'l', '\0', + /* "wj0666.com", true */ 'w', 'j', '0', '6', '6', '6', '.', 'c', 'o', 'm', '\0', + /* "wjbolles.com", true */ 'w', 'j', 'b', 'o', 'l', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "wje-online.de", true */ 'w', 'j', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0', + /* "wjg.ca", true */ 'w', 'j', 'g', '.', 'c', 'a', '\0', + /* "wjg.dk", true */ 'w', 'j', 'g', '.', 'd', 'k', '\0', + /* "wjglerum.nl", true */ 'w', 'j', 'g', 'l', 'e', 'r', 'u', 'm', '.', 'n', 'l', '\0', + /* "wjm2038.me", true */ 'w', 'j', 'm', '2', '0', '3', '8', '.', 'm', 'e', '\0', + /* "wk577.com", true */ 'w', 'k', '5', '7', '7', '.', 'c', 'o', 'm', '\0', + /* "wkennington.com", true */ 'w', 'k', 'e', 'n', 'n', 'i', 'n', 'g', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "wkv.com", true */ 'w', 'k', 'v', '.', 'c', 'o', 'm', '\0', + /* "wkz.io", true */ 'w', 'k', 'z', '.', 'i', 'o', '\0', + /* "wlaws.com", true */ 'w', 'l', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "wlci.gov", true */ 'w', 'l', 'c', 'i', '.', 'g', 'o', 'v', '\0', + /* "wlog.it", true */ 'w', 'l', 'o', 'g', '.', 'i', 't', '\0', + /* "wlsme.org", true */ 'w', 'l', 's', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "wlt.ca", true */ 'w', 'l', 't', '.', 'c', 'a', '\0', + /* "wltix.com", true */ 'w', 'l', 't', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "wm-talk.net", true */ 'w', 'm', '-', 't', 'a', 'l', 'k', '.', 'n', 'e', 't', '\0', + /* "wmaccess.com", true */ 'w', 'm', 'a', 'c', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "wmfusercontent.org", true */ 'w', 'm', 'f', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0', + /* "wmkowa.de", true */ 'w', 'm', 'k', 'o', 'w', 'a', '.', 'd', 'e', '\0', + /* "wmustore.com", true */ 'w', 'm', 'u', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "wnmed.com.au", true */ 'w', 'n', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "wnu.com", true */ 'w', 'n', 'u', '.', 'c', 'o', 'm', '\0', + /* "wo-ist-elvira.net", true */ 'w', 'o', '-', 'i', 's', 't', '-', 'e', 'l', 'v', 'i', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "wo2forum.nl", true */ 'w', 'o', '2', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'l', '\0', + /* "wobble.ninja", true */ 'w', 'o', 'b', 'b', 'l', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "wobblywotnotz.co.uk", true */ 'w', 'o', 'b', 'b', 'l', 'y', 'w', 'o', 't', 'n', 'o', 't', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wochennummern.de", true */ 'w', 'o', 'c', 'h', 'e', 'n', 'n', 'u', 'm', 'm', 'e', 'r', 'n', '.', 'd', 'e', '\0', + /* "wod-stavby.cz", true */ 'w', 'o', 'd', '-', 's', 't', 'a', 'v', 'b', 'y', '.', 'c', 'z', '\0', + /* "wodboss.com", true */ 'w', 'o', 'd', 'b', 'o', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "wodinaz.com", true */ 'w', 'o', 'd', 'i', 'n', 'a', 'z', '.', 'c', 'o', 'm', '\0', + /* "wodka-division.de", true */ 'w', 'o', 'd', 'k', 'a', '-', 'd', 'i', 'v', 'i', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "woelkchen.me", true */ 'w', 'o', 'e', 'l', 'k', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0', + /* "wofford-ecs.org", true */ 'w', 'o', 'f', 'f', 'o', 'r', 'd', '-', 'e', 'c', 's', '.', 'o', 'r', 'g', '\0', + /* "woffs.de", true */ 'w', 'o', 'f', 'f', 's', '.', 'd', 'e', '\0', + /* "wogo.org", true */ 'w', 'o', 'g', 'o', '.', 'o', 'r', 'g', '\0', + /* "woheni.de", true */ 'w', 'o', 'h', 'e', 'n', 'i', '.', 'd', 'e', '\0', + /* "wohlgemuth.rocks", true */ 'w', 'o', 'h', 'l', 'g', 'e', 'm', 'u', 't', 'h', '.', 'r', 'o', 'c', 'k', 's', '\0', + /* "wohnbegleitung.ch", true */ 'w', 'o', 'h', 'n', 'b', 'e', 'g', 'l', 'e', 'i', 't', 'u', 'n', 'g', '.', 'c', 'h', '\0', + /* "wohnsitz-ausland.com", true */ 'w', 'o', 'h', 'n', 's', 'i', 't', 'z', '-', 'a', 'u', 's', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "woi.vision", true */ 'w', 'o', 'i', '.', 'v', 'i', 's', 'i', 'o', 'n', '\0', + /* "wokeai.net", true */ 'w', 'o', 'k', 'e', 'a', 'i', '.', 'n', 'e', 't', '\0', + /* "wolf-squad.de", false */ 'w', 'o', 'l', 'f', '-', 's', 'q', 'u', 'a', 'd', '.', 'd', 'e', '\0', + /* "wolfachtal-alpaka.de", true */ 'w', 'o', 'l', 'f', 'a', 'c', 'h', 't', 'a', 'l', '-', 'a', 'l', 'p', 'a', 'k', 'a', '.', 'd', 'e', '\0', + /* "wolferstetterkeller.de", true */ 'w', 'o', 'l', 'f', 'e', 'r', 's', 't', 'e', 't', 't', 'e', 'r', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0', + /* "wolfgang-braun.info", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'b', 'r', 'a', 'u', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "wolfgang-kerschbaumer.at", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'k', 'e', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'a', 't', '\0', + /* "wolfgang-kerschbaumer.com", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'k', 'e', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "wolfgang-kerschbaumer.net", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'k', 'e', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "wolfgang-ziegler.com", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'z', 'i', 'e', 'g', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "wolfie.ovh", true */ 'w', 'o', 'l', 'f', 'i', 'e', '.', 'o', 'v', 'h', '\0', + /* "wolfpa.ws", true */ 'w', 'o', 'l', 'f', 'p', 'a', '.', 'w', 's', '\0', + /* "wolfram.io", true */ 'w', 'o', 'l', 'f', 'r', 'a', 'm', '.', 'i', 'o', '\0', + /* "wolfsden.cz", true */ 'w', 'o', 'l', 'f', 's', 'd', 'e', 'n', '.', 'c', 'z', '\0', + /* "wolfy1339.com", true */ 'w', 'o', 'l', 'f', 'y', '1', '3', '3', '9', '.', 'c', 'o', 'm', '\0', + /* "wolkenspeicher.org", true */ 'w', 'o', 'l', 'k', 'e', 'n', 's', 'p', 'e', 'i', 'c', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "wollekorb.de", true */ 'w', 'o', 'l', 'l', 'e', 'k', 'o', 'r', 'b', '.', 'd', 'e', '\0', + /* "wollongongbaptist.hopto.org", true */ 'w', 'o', 'l', 'l', 'o', 'n', 'g', 'o', 'n', 'g', 'b', 'a', 'p', 't', 'i', 's', 't', '.', 'h', 'o', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0', + /* "wollwerk.org", true */ 'w', 'o', 'l', 'l', 'w', 'e', 'r', 'k', '.', 'o', 'r', 'g', '\0', + /* "wolszon.me", true */ 'w', 'o', 'l', 's', 'z', 'o', 'n', '.', 'm', 'e', '\0', + /* "womb.city", true */ 'w', 'o', 'm', 'b', '.', 'c', 'i', 't', 'y', '\0', + /* "wombatalla.com.au", true */ 'w', 'o', 'm', 'b', 'a', 't', 'a', 'l', 'l', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "wombats.net", true */ 'w', 'o', 'm', 'b', 'a', 't', 's', '.', 'n', 'e', 't', '\0', + /* "women-only.net", true */ 'w', 'o', 'm', 'e', 'n', '-', 'o', 'n', 'l', 'y', '.', 'n', 'e', 't', '\0', + /* "womenshairlossproject.com", true */ 'w', 'o', 'm', 'e', 'n', 's', 'h', 'a', 'i', 'r', 'l', 'o', 's', 's', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "wonabo.com", true */ 'w', 'o', 'n', 'a', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "wonderbill.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "wondergorilla.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'g', 'o', 'r', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0', + /* "wonderhost.info", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'h', 'o', 's', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "wonderhowto.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'h', 'o', 'w', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "wonderlandmovies.de", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', 'm', 'o', 'v', 'i', 'e', 's', '.', 'd', 'e', '\0', + /* "wondermags.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'm', 'a', 'g', 's', '.', 'c', 'o', 'm', '\0', + /* "wondershift.biz", true */ 'w', 'o', 'n', 'd', 'e', 'r', 's', 'h', 'i', 'f', 't', '.', 'b', 'i', 'z', '\0', + /* "woodbury.io", true */ 'w', 'o', 'o', 'd', 'b', 'u', 'r', 'y', '.', 'i', 'o', '\0', + /* "woodev.us", true */ 'w', 'o', 'o', 'd', 'e', 'v', '.', 'u', 's', '\0', + /* "woodlandhillselectrical.com", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "woodlandsmetro.church", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 's', 'm', 'e', 't', 'r', 'o', '.', 'c', 'h', 'u', 'r', 'c', 'h', '\0', + /* "woodlandsvale.uk", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 's', 'v', 'a', 'l', 'e', '.', 'u', 'k', '\0', + /* "woodlandwindows.com", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0', + /* "woodomat.com", true */ 'w', 'o', 'o', 'd', 'o', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "woodsidepottery.ca", true */ 'w', 'o', 'o', 'd', 's', 'i', 'd', 'e', 'p', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'a', '\0', + /* "woof.gq", true */ 'w', 'o', 'o', 'f', '.', 'g', 'q', '\0', + /* "woohooyeah.nl", true */ 'w', 'o', 'o', 'h', 'o', 'o', 'y', 'e', 'a', 'h', '.', 'n', 'l', '\0', + /* "woontegelwinkel.nl", true */ 'w', 'o', 'o', 'n', 't', 'e', 'g', 'e', 'l', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0', + /* "wooplagaming.com", true */ 'w', 'o', 'o', 'p', 'l', 'a', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "wootware.co.za", true */ 'w', 'o', 'o', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0', + /* "worcade.net", true */ 'w', 'o', 'r', 'c', 'a', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "worcesterbouncycastlehire.co.uk", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "worcesterbouncycastles.co.uk", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "worcesterdance.org", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'd', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0', + /* "worcesterfestival.co.uk", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "word-grabber.com", true */ 'w', 'o', 'r', 'd', '-', 'g', 'r', 'a', 'b', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "wordbits.net", true */ 'w', 'o', 'r', 'd', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0', + /* "wordcounter.net", true */ 'w', 'o', 'r', 'd', 'c', 'o', 'u', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "wordher.com", true */ 'w', 'o', 'r', 'd', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "wordplay.one", true */ 'w', 'o', 'r', 'd', 'p', 'l', 'a', 'y', '.', 'o', 'n', 'e', '\0', + /* "wordpress.com", false */ 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "wordpresspro.cl", true */ 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', 'p', 'r', 'o', '.', 'c', 'l', '\0', + /* "wordsmart.it", true */ 'w', 'o', 'r', 'd', 's', 'm', 'a', 'r', 't', '.', 'i', 't', '\0', + /* "wordsofamaster.com", true */ 'w', 'o', 'r', 'd', 's', 'o', 'f', 'a', 'm', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "wordspy.com", true */ 'w', 'o', 'r', 'd', 's', 'p', 'y', '.', 'c', 'o', 'm', '\0', + /* "wordxtra.net", true */ 'w', 'o', 'r', 'd', 'x', 't', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "work-in-progress.website", true */ 'w', 'o', 'r', 'k', '-', 'i', 'n', '-', 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0', + /* "workcelerator.com", true */ 'w', 'o', 'r', 'k', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "workcloud.jp", true */ 'w', 'o', 'r', 'k', 'c', 'l', 'o', 'u', 'd', '.', 'j', 'p', '\0', + /* "workingmachine.info", true */ 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'm', 'a', 'c', 'h', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0', + /* "workplaces.online", true */ 'w', 'o', 'r', 'k', 'p', 'l', 'a', 'c', 'e', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "workraw.com", true */ 'w', 'o', 'r', 'k', 'r', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "workray.com", true */ 'w', 'o', 'r', 'k', 'r', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "works-ginan.jp", true */ 'w', 'o', 'r', 'k', 's', '-', 'g', 'i', 'n', 'a', 'n', '.', 'j', 'p', '\0', + /* "worksofwyoming.org", true */ 'w', 'o', 'r', 'k', 's', 'o', 'f', 'w', 'y', 'o', 'm', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0', + /* "workwithgo.com", true */ 'w', 'o', 'r', 'k', 'w', 'i', 't', 'h', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "world-education-association.org", true */ 'w', 'o', 'r', 'l', 'd', '-', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '-', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "world-in-my-eyes.com", true */ 'w', 'o', 'r', 'l', 'd', '-', 'i', 'n', '-', 'm', 'y', '-', 'e', 'y', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "worldchess.london", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'h', 'e', 's', 's', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0', + /* "worldcigars.com.br", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'i', 'g', 'a', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "worldcrafts.org", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'r', 'a', 'f', 't', 's', '.', 'o', 'r', 'g', '\0', + /* "worldcubeassociation.org", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'u', 'b', 'e', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "worldessays.com", true */ 'w', 'o', 'r', 'l', 'd', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "worldeventscalendars.com", true */ 'w', 'o', 'r', 'l', 'd', 'e', 'v', 'e', 'n', 't', 's', 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "worldnettps.com", true */ 'w', 'o', 'r', 'l', 'd', 'n', 'e', 't', 't', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "worldofbelia.de", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'b', 'e', 'l', 'i', 'a', '.', 'd', 'e', '\0', + /* "worldofparties.co.uk", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "worldofterra.net", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 't', 'e', 'r', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "worldofvnc.net", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'v', 'n', 'c', '.', 'n', 'e', 't', '\0', + /* "worldofwobble.co.uk", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'w', 'o', 'b', 'b', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "worldpovertysolutions.org", true */ 'w', 'o', 'r', 'l', 'd', 'p', 'o', 'v', 'e', 'r', 't', 'y', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "worldsgreatestazuredemo.com", true */ 'w', 'o', 'r', 'l', 'd', 's', 'g', 'r', 'e', 'a', 't', 'e', 's', 't', 'a', 'z', 'u', 'r', 'e', 'd', 'e', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "worldsoccerclips.com", true */ 'w', 'o', 'r', 'l', 'd', 's', 'o', 'c', 'c', 'e', 'r', 'c', 'l', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "worldstone777.com", true */ 'w', 'o', 'r', 'l', 'd', 's', 't', 'o', 'n', 'e', '7', '7', '7', '.', 'c', 'o', 'm', '\0', + /* "wormbytes.ca", true */ 'w', 'o', 'r', 'm', 'b', 'y', 't', 'e', 's', '.', 'c', 'a', '\0', + /* "wormdisk.net", true */ 'w', 'o', 'r', 'm', 'd', 'i', 's', 'k', '.', 'n', 'e', 't', '\0', + /* "wormholevpn.net", true */ 'w', 'o', 'r', 'm', 'h', 'o', 'l', 'e', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0', + /* "worst.horse", false */ 'w', 'o', 'r', 's', 't', '.', 'h', 'o', 'r', 's', 'e', '\0', + /* "wort-suchen.de", true */ 'w', 'o', 'r', 't', '-', 's', 'u', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0', + /* "woshiluo.site", true */ 'w', 'o', 's', 'h', 'i', 'l', 'u', 'o', '.', 's', 'i', 't', 'e', '\0', + /* "wot-tudasbazis.hu", true */ 'w', 'o', 't', '-', 't', 'u', 'd', 'a', 's', 'b', 'a', 'z', 'i', 's', '.', 'h', 'u', '\0', + /* "wotra-register.com", true */ 'w', 'o', 't', 'r', 'a', '-', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "woudenberg.nl", true */ 'w', 'o', 'u', 'd', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0', + /* "woufbox.com", true */ 'w', 'o', 'u', 'f', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "woutergeraedts.nl", true */ 'w', 'o', 'u', 't', 'e', 'r', 'g', 'e', 'r', 'a', 'e', 'd', 't', 's', '.', 'n', 'l', '\0', + /* "woutervdb.com", true */ 'w', 'o', 'u', 't', 'e', 'r', 'v', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "wow-travel.eu", true */ 'w', 'o', 'w', '-', 't', 'r', 'a', 'v', 'e', 'l', '.', 'e', 'u', '\0', + /* "wowaffixes.info", true */ 'w', 'o', 'w', 'a', 'f', 'f', 'i', 'x', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "wowbouncycastles.co.uk", true */ 'w', 'o', 'w', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wowhelp.it", true */ 'w', 'o', 'w', 'h', 'e', 'l', 'p', '.', 'i', 't', '\0', + /* "wowjs.co.uk", true */ 'w', 'o', 'w', 'j', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wowjs.org", true */ 'w', 'o', 'w', 'j', 's', '.', 'o', 'r', 'g', '\0', + /* "wowjs.uk", true */ 'w', 'o', 'w', 'j', 's', '.', 'u', 'k', '\0', + /* "wownmedia.com", true */ 'w', 'o', 'w', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "wozalapha.com", true */ 'w', 'o', 'z', 'a', 'l', 'a', 'p', 'h', 'a', '.', 'c', 'o', 'm', '\0', + /* "wp-bullet.com", true */ 'w', 'p', '-', 'b', 'u', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "wp-master.org", true */ 'w', 'p', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0', + /* "wp-mix.com", true */ 'w', 'p', '-', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "wp-securehosting.com", true */ 'w', 'p', '-', 's', 'e', 'c', 'u', 'r', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "wp-site1.com", true */ 'w', 'p', '-', 's', 'i', 't', 'e', '1', '.', 'c', 'o', 'm', '\0', + /* "wp-site2.com", true */ 'w', 'p', '-', 's', 'i', 't', 'e', '2', '.', 'c', 'o', 'm', '\0', + /* "wp-tao.com", true */ 'w', 'p', '-', 't', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "wpac.de", true */ 'w', 'p', 'a', 'c', '.', 'd', 'e', '\0', + /* "wpandup.org", true */ 'w', 'p', 'a', 'n', 'd', 'u', 'p', '.', 'o', 'r', 'g', '\0', + /* "wpcharged.nz", true */ 'w', 'p', 'c', 'h', 'a', 'r', 'g', 'e', 'd', '.', 'n', 'z', '\0', + /* "wpdesigner.ir", true */ 'w', 'p', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '.', 'i', 'r', '\0', + /* "wpdirecto.com", true */ 'w', 'p', 'd', 'i', 'r', 'e', 'c', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "wpenhance.com", true */ 'w', 'p', 'e', 'n', 'h', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "wpg-inc.com", true */ 'w', 'p', 'g', '-', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0', + /* "wphostingblog.nl", true */ 'w', 'p', 'h', 'o', 's', 't', 'i', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'n', 'l', '\0', + /* "wpinfos.de", true */ 'w', 'p', 'i', 'n', 'f', 'o', 's', '.', 'd', 'e', '\0', + /* "wpinter.com", true */ 'w', 'p', 'i', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "wpldn.uk", true */ 'w', 'p', 'l', 'd', 'n', '.', 'u', 'k', '\0', + /* "wpletter.de", false */ 'w', 'p', 'l', 'e', 't', 't', 'e', 'r', '.', 'd', 'e', '\0', + /* "wpmeetup-berlin.de", true */ 'w', 'p', 'm', 'e', 'e', 't', 'u', 'p', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0', + /* "wpostats.com", true */ 'w', 'p', 'o', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "wprevs.com", true */ 'w', 'p', 'r', 'e', 'v', 's', '.', 'c', 'o', 'm', '\0', + /* "wpscans.com", true */ 'w', 'p', 's', 'c', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "wpserp.com", true */ 'w', 'p', 's', 'e', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "wpsharks.com", true */ 'w', 'p', 's', 'h', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "wpsnelheid.nl", true */ 'w', 'p', 's', 'n', 'e', 'l', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0', + /* "wpsono.com", true */ 'w', 'p', 's', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0', + /* "wptotal.com", true */ 'w', 'p', 't', 'o', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "wpvulndb.com", true */ 'w', 'p', 'v', 'u', 'l', 'n', 'd', 'b', '.', 'c', 'o', 'm', '\0', + /* "wr.su", true */ 'w', 'r', '.', 's', 'u', '\0', + /* "wrapitup.co.uk", true */ 'w', 'r', 'a', 'p', 'i', 't', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wrara.org", true */ 'w', 'r', 'a', 'r', 'a', '.', 'o', 'r', 'g', '\0', + /* "wrc-results.com", true */ 'w', 'r', 'c', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "wrdcfiles.ca", true */ 'w', 'r', 'd', 'c', 'f', 'i', 'l', 'e', 's', '.', 'c', 'a', '\0', + /* "wrenwrites.com", true */ 'w', 'r', 'e', 'n', 'w', 'r', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "wrfu.co.nz", true */ 'w', 'r', 'f', 'u', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "wrgms.com", true */ 'w', 'r', 'g', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "wriedts.de", true */ 'w', 'r', 'i', 'e', 'd', 't', 's', '.', 'd', 'e', '\0', + /* "write-right.net", true */ 'w', 'r', 'i', 't', 'e', '-', 'r', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0', + /* "writeandedit-for-you.com", true */ 'w', 'r', 'i', 't', 'e', 'a', 'n', 'd', 'e', 'd', 'i', 't', '-', 'f', 'o', 'r', '-', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "writecustomessay.com", true */ 'w', 'r', 'i', 't', 'e', 'c', 'u', 's', 't', 'o', 'm', 'e', 's', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "writemyessay.info", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 'e', 's', 's', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "writemyessays.com", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "writemypaperhub.com", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 'p', 'a', 'p', 'e', 'r', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "writemytermpapers.com", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 't', 'e', 'r', 'm', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "writeoff.me", true */ 'w', 'r', 'i', 't', 'e', 'o', 'f', 'f', '.', 'm', 'e', '\0', + /* "writepride.com", true */ 'w', 'r', 'i', 't', 'e', 'p', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "writepro.net", true */ 'w', 'r', 'i', 't', 'e', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "writereditor.com", true */ 'w', 'r', 'i', 't', 'e', 'r', 'e', 'd', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "writing-expert.com", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', '-', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "writing-job-online.com", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', '-', 'j', 'o', 'b', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0', + /* "writingcities.net", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', 'c', 'i', 't', 'i', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "writingtoserve.net", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', 't', 'o', 's', 'e', 'r', 'v', 'e', '.', 'n', 'e', 't', '\0', + /* "wrksheet.com", true */ 'w', 'r', 'k', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "wroffle.com", true */ 'w', 'r', 'o', 'f', 'f', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "wromeapp.com", true */ 'w', 'r', 'o', 'm', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "wrongware.cz", true */ 'w', 'r', 'o', 'n', 'g', 'w', 'a', 'r', 'e', '.', 'c', 'z', '\0', + /* "wrp.gov", true */ 'w', 'r', 'p', '.', 'g', 'o', 'v', '\0', + /* "wsa.poznan.pl", true */ 'w', 's', 'a', '.', 'p', 'o', 'z', 'n', 'a', 'n', '.', 'p', 'l', '\0', + /* "wsb-immo.at", true */ 'w', 's', 'b', '-', 'i', 'm', 'm', 'o', '.', 'a', 't', '\0', + /* "wscales.com", true */ 'w', 's', 'c', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "wsdcapital.com", true */ 'w', 's', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "wselektro.de", true */ 'w', 's', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0', + /* "wsgvet.com", true */ 'w', 's', 'g', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "wss.com.ve", true */ 'w', 's', 's', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0', + /* "wsspalluto.de", true */ 'w', 's', 's', 'p', 'a', 'l', 'l', 'u', 't', 'o', '.', 'd', 'e', '\0', + /* "wssv.ch", true */ 'w', 's', 's', 'v', '.', 'c', 'h', '\0', + /* "wstudio.ch", true */ 'w', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'h', '\0', + /* "wstx.com", true */ 'w', 's', 't', 'x', '.', 'c', 'o', 'm', '\0', + /* "wsv-grafenau.de", true */ 'w', 's', 'v', '-', 'g', 'r', 'a', 'f', 'e', 'n', 'a', 'u', '.', 'd', 'e', '\0', + /* "wsyy.info", true */ 'w', 's', 'y', 'y', '.', 'i', 'n', 'f', 'o', '\0', + /* "wt-server3.de", true */ 'w', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '3', '.', 'd', 'e', '\0', + /* "wtf.ninja", true */ 'w', 't', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "wtfismyip.com", true */ 'w', 't', 'f', 'i', 's', 'm', 'y', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "wth.in", true */ 'w', 't', 'h', '.', 'i', 'n', '\0', + /* "wtpmj.com", true */ 'w', 't', 'p', 'm', 'j', '.', 'c', 'o', 'm', '\0', + /* "wtw.io", true */ 'w', 't', 'w', '.', 'i', 'o', '\0', + /* "wubify.com", true */ 'w', 'u', 'b', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "wuerfel.wf", true */ 'w', 'u', 'e', 'r', 'f', 'e', 'l', '.', 'w', 'f', '\0', + /* "wuerfelmail.de", true */ 'w', 'u', 'e', 'r', 'f', 'e', 'l', 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0', + /* "wufu.org", false */ 'w', 'u', 'f', 'u', '.', 'o', 'r', 'g', '\0', + /* "wufupay.com", true */ 'w', 'u', 'f', 'u', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "wug.jp", true */ 'w', 'u', 'g', '.', 'j', 'p', '\0', + /* "wug.news", true */ 'w', 'u', 'g', '.', 'n', 'e', 'w', 's', '\0', + /* "wuji.cz", true */ 'w', 'u', 'j', 'i', '.', 'c', 'z', '\0', + /* "wukongmusic.us", false */ 'w', 'u', 'k', 'o', 'n', 'g', 'm', 'u', 's', 'i', 'c', '.', 'u', 's', '\0', + /* "wumbo.cf", true */ 'w', 'u', 'm', 'b', 'o', '.', 'c', 'f', '\0', + /* "wumbo.co.nz", true */ 'w', 'u', 'm', 'b', 'o', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "wumbo.ga", true */ 'w', 'u', 'm', 'b', 'o', '.', 'g', 'a', '\0', + /* "wumbo.gq", true */ 'w', 'u', 'm', 'b', 'o', '.', 'g', 'q', '\0', + /* "wumbo.kiwi", true */ 'w', 'u', 'm', 'b', 'o', '.', 'k', 'i', 'w', 'i', '\0', + /* "wumbo.ml", true */ 'w', 'u', 'm', 'b', 'o', '.', 'm', 'l', '\0', + /* "wumbo.tk", true */ 'w', 'u', 'm', 'b', 'o', '.', 't', 'k', '\0', + /* "wunderkarten.de", true */ 'w', 'u', 'n', 'd', 'e', 'r', 'k', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0', + /* "wunderlist.com", true */ 'w', 'u', 'n', 'd', 'e', 'r', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "wundi.net", true */ 'w', 'u', 'n', 'd', 'i', '.', 'n', 'e', 't', '\0', + /* "wutianyi.com", true */ 'w', 'u', 't', 'i', 'a', 'n', 'y', 'i', '.', 'c', 'o', 'm', '\0', + /* "wuyue.photo", true */ 'w', 'u', 'y', 'u', 'e', '.', 'p', 'h', 'o', 't', 'o', '\0', + /* "wv-n.de", true */ 'w', 'v', '-', 'n', '.', 'd', 'e', '\0', + /* "wvg.myds.me", true */ 'w', 'v', 'g', '.', 'm', 'y', 'd', 's', '.', 'm', 'e', '\0', + /* "wvw-8522.com", true */ 'w', 'v', 'w', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "wvw698.com", true */ 'w', 'v', 'w', '6', '9', '8', '.', 'c', 'o', 'm', '\0', + /* "wweforums.net", true */ 'w', 'w', 'e', 'f', 'o', 'r', 'u', 'm', 's', '.', 'n', 'e', 't', '\0', + /* "wweichen.com.cn", true */ 'w', 'w', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0', + /* "wwgc2011.se", true */ 'w', 'w', 'g', 'c', '2', '0', '1', '1', '.', 's', 'e', '\0', + /* "wwv-8522.com", true */ 'w', 'w', 'v', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "www-33445.com", true */ 'w', 'w', 'w', '-', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0', + /* "www-49889.com", true */ 'w', 'w', 'w', '-', '4', '9', '8', '8', '9', '.', 'c', 'o', 'm', '\0', + /* "www-62755.com", true */ 'w', 'w', 'w', '-', '6', '2', '7', '5', '5', '.', 'c', 'o', 'm', '\0', + /* "www-8522.am", true */ 'w', 'w', 'w', '-', '8', '5', '2', '2', '.', 'a', 'm', '\0', + /* "www-8522.com", true */ 'w', 'w', 'w', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0', + /* "www.aclu.org", false */ 'w', 'w', 'w', '.', 'a', 'c', 'l', 'u', '.', 'o', 'r', 'g', '\0', + /* "www.airbnb.com", true */ 'w', 'w', 'w', '.', 'a', 'i', 'r', 'b', 'n', 'b', '.', 'c', 'o', 'm', '\0', + /* "www.amazon.ca", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'a', '\0', + /* "www.amazon.cn", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'n', '\0', + /* "www.amazon.co.jp", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "www.amazon.co.uk", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "www.amazon.com", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "www.amazon.com.au", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "www.amazon.com.br", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "www.amazon.com.mx", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "www.amazon.de", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'd', 'e', '\0', + /* "www.amazon.es", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'e', 's', '\0', + /* "www.amazon.fr", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'f', 'r', '\0', + /* "www.amazon.it", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'i', 't', '\0', + /* "www.amazon.nl", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'n', 'l', '\0', + /* "www.apollo-auto.com", false */ 'w', 'w', 'w', '.', 'a', 'p', 'o', 'l', 'l', 'o', '-', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0', + /* "www.banking.co.at", false */ 'w', 'w', 'w', '.', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'c', 'o', '.', 'a', 't', '\0', + /* "www.braintreepayments.com", false */ 'w', 'w', 'w', '.', 'b', 'r', 'a', 'i', 'n', 't', 'r', 'e', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "www.calyxinstitute.org", false */ 'w', 'w', 'w', '.', 'c', 'a', 'l', 'y', 'x', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "www.capitainetrain.com", false */ 'w', 'w', 'w', '.', 'c', 'a', 'p', 'i', 't', 'a', 'i', 'n', 'e', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "www.captaintrain.com", false */ 'w', 'w', 'w', '.', 'c', 'a', 'p', 't', 'a', 'i', 'n', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "www.cnet.com", true */ 'w', 'w', 'w', '.', 'c', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "www.dropbox.com", true */ 'w', 'w', 'w', '.', 'd', 'r', 'o', 'p', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "www.dropcam.com", false */ 'w', 'w', 'w', '.', 'd', 'r', 'o', 'p', 'c', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "www.entropia.de", false */ 'w', 'w', 'w', '.', 'e', 'n', 't', 'r', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0', + /* "www.eternalgoth.co.uk", true */ 'w', 'w', 'w', '.', 'e', 't', 'e', 'r', 'n', 'a', 'l', 'g', 'o', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "www.etsy.com", true */ 'w', 'w', 'w', '.', 'e', 't', 's', 'y', '.', 'c', 'o', 'm', '\0', + /* "www.evernote.com", false */ 'w', 'w', 'w', '.', 'e', 'v', 'e', 'r', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "www.facebook.com", false */ 'w', 'w', 'w', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "www.fastmail.com", true */ 'w', 'w', 'w', '.', 'f', 'a', 's', 't', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "www.getcloak.com", false */ 'w', 'w', 'w', '.', 'g', 'e', 't', 'c', 'l', 'o', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "www.gmail.com", false */ 'w', 'w', 'w', '.', 'g', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "www.googlemail.com", false */ 'w', 'w', 'w', '.', 'g', 'o', 'o', 'g', 'l', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0', + /* "www.gov.uk", false */ 'w', 'w', 'w', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0', + /* "www.grc.com", false */ 'w', 'w', 'w', '.', 'g', 'r', 'c', '.', 'c', 'o', 'm', '\0', + /* "www.healthcare.gov", false */ 'w', 'w', 'w', '.', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'a', 'r', 'e', '.', 'g', 'o', 'v', '\0', + /* "www.heliosnet.com", true */ 'w', 'w', 'w', '.', 'h', 'e', 'l', 'i', 'o', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0', + /* "www.history.pe", true */ 'w', 'w', 'w', '.', 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'p', 'e', '\0', + /* "www.hyatt.com", false */ 'w', 'w', 'w', '.', 'h', 'y', 'a', 't', 't', '.', 'c', 'o', 'm', '\0', + /* "www.icann.org", false */ 'w', 'w', 'w', '.', 'i', 'c', 'a', 'n', 'n', '.', 'o', 'r', 'g', '\0', + /* "www.intercom.io", true */ 'w', 'w', 'w', '.', 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'i', 'o', '\0', + /* "www.irccloud.com", false */ 'w', 'w', 'w', '.', 'i', 'r', 'c', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "www.lastpass.com", false */ 'w', 'w', 'w', '.', 'l', 'a', 's', 't', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "www.linode.com", false */ 'w', 'w', 'w', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "www.lookout.com", false */ 'w', 'w', 'w', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "www.makeyourlaws.org", true */ 'w', 'w', 'w', '.', 'm', 'a', 'k', 'e', 'y', 'o', 'u', 'r', 'l', 'a', 'w', 's', '.', 'o', 'r', 'g', '\0', + /* "www.messenger.com", true */ 'w', 'w', 'w', '.', 'm', 'e', 's', 's', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "www.mydigipass.com", false */ 'w', 'w', 'w', '.', 'm', 'y', 'd', 'i', 'g', 'i', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "www.mylookout.com", false */ 'w', 'w', 'w', '.', 'm', 'y', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "www.noisebridge.net", true */ 'w', 'w', 'w', '.', 'n', 'o', 'i', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0', + /* "www.opsmate.com", true */ 'w', 'w', 'w', '.', 'o', 'p', 's', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "www.paypal.com", false */ 'w', 'w', 'w', '.', 'p', 'a', 'y', 'p', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "www.python.org", true */ 'w', 'w', 'w', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0', + /* "www.rememberthemilk.com", true */ 'w', 'w', 'w', '.', 'r', 'e', 'm', 'e', 'm', 'b', 'e', 'r', 't', 'h', 'e', 'm', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0', + /* "www.simbolo.co.uk", false */ 'w', 'w', 'w', '.', 's', 'i', 'm', 'b', 'o', 'l', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "www.simple.com", false */ 'w', 'w', 'w', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "www.theguardian.com", true */ 'w', 'w', 'w', '.', 't', 'h', 'e', 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "www.therapynotes.com", true */ 'w', 'w', 'w', '.', 't', 'h', 'e', 'r', 'a', 'p', 'y', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "www.tinfoilsecurity.com", false */ 'w', 'w', 'w', '.', 't', 'i', 'n', 'f', 'o', 'i', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "www.torproject.org", false */ 'w', 'w', 'w', '.', 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0', + /* "www.tumblr.com", false */ 'w', 'w', 'w', '.', 't', 'u', 'm', 'b', 'l', 'r', '.', 'c', 'o', 'm', '\0', + /* "www.twitter.com", false */ 'w', 'w', 'w', '.', 't', 'w', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "www.united.com", true */ 'w', 'w', 'w', '.', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "www.usaa.com", false */ 'w', 'w', 'w', '.', 'u', 's', 'a', 'a', '.', 'c', 'o', 'm', '\0', + /* "www.vino75.com", false */ 'w', 'w', 'w', '.', 'v', 'i', 'n', 'o', '7', '5', '.', 'c', 'o', 'm', '\0', + /* "www.wepay.com", false */ 'w', 'w', 'w', '.', 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "www.wordpress.com", false */ 'w', 'w', 'w', '.', 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0', + /* "www68277.com", true */ 'w', 'w', 'w', '6', '8', '2', '7', '7', '.', 'c', 'o', 'm', '\0', + /* "wxcafe.net", true */ 'w', 'x', 'c', 'a', 'f', 'e', '.', 'n', 'e', 't', '\0', + /* "wxh.jp", true */ 'w', 'x', 'h', '.', 'j', 'p', '\0', + /* "wxrlab.com", true */ 'w', 'x', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "wxster.com", true */ 'w', 'x', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "wy6.org", true */ 'w', 'y', '6', '.', 'o', 'r', 'g', '\0', + /* "wyam.io", true */ 'w', 'y', 'a', 'm', '.', 'i', 'o', '\0', + /* "wyday.com", true */ 'w', 'y', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "wyeworks.com", true */ 'w', 'y', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "wygibanki.pl", true */ 'w', 'y', 'g', 'i', 'b', 'a', 'n', 'k', 'i', '.', 'p', 'l', '\0', + /* "wygodnie.pl", true */ 'w', 'y', 'g', 'o', 'd', 'n', 'i', 'e', '.', 'p', 'l', '\0', + /* "wynterhill.co.uk", true */ 'w', 'y', 'n', 't', 'e', 'r', 'h', 'i', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "wypemagazine.se", true */ 'w', 'y', 'p', 'e', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 's', 'e', '\0', + /* "wyssmuller.ch", true */ 'w', 'y', 's', 's', 'm', 'u', 'l', 'l', 'e', 'r', '.', 'c', 'h', '\0', + /* "wyu.cc", true */ 'w', 'y', 'u', '.', 'c', 'c', '\0', + /* "wyzwaniemilosci.com", true */ 'w', 'y', 'z', 'w', 'a', 'n', 'i', 'e', 'm', 'i', 'l', 'o', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0', + /* "wzrd.in", true */ 'w', 'z', 'r', 'd', '.', 'i', 'n', '\0', + /* "wzyboy.org", true */ 'w', 'z', 'y', 'b', 'o', 'y', '.', 'o', 'r', 'g', '\0', + /* "x-iweb.ru", true */ 'x', '-', 'i', 'w', 'e', 'b', '.', 'r', 'u', '\0', + /* "x-lan.be", true */ 'x', '-', 'l', 'a', 'n', '.', 'b', 'e', '\0', + /* "x-pertservice.com", true */ 'x', '-', 'p', 'e', 'r', 't', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "x.io", true */ 'x', '.', 'i', 'o', '\0', + /* "x.st", true */ 'x', '.', 's', 't', '\0', + /* "x0r.be", true */ 'x', '0', 'r', '.', 'b', 'e', '\0', + /* "x13.com", true */ 'x', '1', '3', '.', 'c', 'o', 'm', '\0', + /* "x1616.tk", true */ 'x', '1', '6', '1', '6', '.', 't', 'k', '\0', + /* "x2d2.de", true */ 'x', '2', 'd', '2', '.', 'd', 'e', '\0', + /* "x378.ch", true */ 'x', '3', '7', '8', '.', 'c', 'h', '\0', + /* "x509.io", true */ 'x', '5', '0', '9', '.', 'i', 'o', '\0', + /* "x64architecture.com", true */ 'x', '6', '4', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "x69.biz", true */ 'x', '6', '9', '.', 'b', 'i', 'z', '\0', + /* "x69x.net", true */ 'x', '6', '9', 'x', '.', 'n', 'e', 't', '\0', + /* "x7plus.com", true */ 'x', '7', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "xa.search.yahoo.com", false */ 'x', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "xa1.uk", true */ 'x', 'a', '1', '.', 'u', 'k', '\0', + /* "xalqbank-online.az", true */ 'x', 'a', 'l', 'q', 'b', 'a', 'n', 'k', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'a', 'z', '\0', + /* "xatr0z.org", false */ 'x', 'a', 't', 'r', '0', 'z', '.', 'o', 'r', 'g', '\0', + /* "xawen.net", true */ 'x', 'a', 'w', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "xbb.hk", true */ 'x', 'b', 'b', '.', 'h', 'k', '\0', + /* "xbb.li", true */ 'x', 'b', 'b', '.', 'l', 'i', '\0', + /* "xblau.com", true */ 'x', 'b', 'l', 'a', 'u', '.', 'c', 'o', 'm', '\0', + /* "xboxdownloadthat.com", true */ 'x', 'b', 'o', 'x', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 't', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0', + /* "xboxlivegoldshop.nl", true */ 'x', 'b', 'o', 'x', 'l', 'i', 'v', 'e', 'g', 'o', 'l', 'd', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0', + /* "xboxonex.shop", true */ 'x', 'b', 'o', 'x', 'o', 'n', 'e', 'x', '.', 's', 'h', 'o', 'p', '\0', + /* "xbrlsuccess.appspot.com", true */ 'x', 'b', 'r', 'l', 's', 'u', 'c', 'c', 'e', 's', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "xbt.co", true */ 'x', 'b', 't', '.', 'c', 'o', '\0', + /* "xbtce.com", true */ 'x', 'b', 't', 'c', 'e', '.', 'c', 'o', 'm', '\0', + /* "xbtmusic.org", false */ 'x', 'b', 't', 'm', 'u', 's', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "xcelerator.ninja", true */ 'x', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'o', 'r', '.', 'n', 'i', 'n', 'j', 'a', '\0', + /* "xcentricmold.com", true */ 'x', 'c', 'e', 'n', 't', 'r', 'i', 'c', 'm', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "xclirion-support.de", true */ 'x', 'c', 'l', 'i', 'r', 'i', 'o', 'n', '-', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'd', 'e', '\0', + /* "xcorpsolutions.com", true */ 'x', 'c', 'o', 'r', 'p', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "xd.cm", true */ 'x', 'd', '.', 'c', 'm', '\0', + /* "xd.fi", true */ 'x', 'd', '.', 'f', 'i', '\0', + /* "xdavidhu.me", true */ 'x', 'd', 'a', 'v', 'i', 'd', 'h', 'u', '.', 'm', 'e', '\0', + /* "xdeftor.com", true */ 'x', 'd', 'e', 'f', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "xdty.org", true */ 'x', 'd', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "xecure.zone", true */ 'x', 'e', 'c', 'u', 'r', 'e', '.', 'z', 'o', 'n', 'e', '\0', + /* "xecureit.com", true */ 'x', 'e', 'c', 'u', 'r', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "xeedbeam.me", true */ 'x', 'e', 'e', 'd', 'b', 'e', 'a', 'm', '.', 'm', 'e', '\0', + /* "xega.org", true */ 'x', 'e', 'g', 'a', '.', 'o', 'r', 'g', '\0', + /* "xehost.com", true */ 'x', 'e', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0', + /* "xenomedia.nl", true */ 'x', 'e', 'n', 'o', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0', + /* "xenophile.name", true */ 'x', 'e', 'n', 'o', 'p', 'h', 'i', 'l', 'e', '.', 'n', 'a', 'm', 'e', '\0', + /* "xenosphere.tk", true */ 'x', 'e', 'n', 'o', 's', 'p', 'h', 'e', 'r', 'e', '.', 't', 'k', '\0', + /* "xenotropegames.com", true */ 'x', 'e', 'n', 'o', 't', 'r', 'o', 'p', 'e', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "xenoworld.de", true */ 'x', 'e', 'n', 'o', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0', + /* "xerblade.com", true */ 'x', 'e', 'r', 'b', 'l', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "xerhost.de", true */ 'x', 'e', 'r', 'h', 'o', 's', 't', '.', 'd', 'e', '\0', + /* "xetown.com", true */ 'x', 'e', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0', + /* "xfce.space", true */ 'x', 'f', 'c', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0', + /* "xferion.com", true */ 'x', 'f', 'e', 'r', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "xfix.pw", true */ 'x', 'f', 'i', 'x', '.', 'p', 'w', '\0', + /* "xfrag-networks.com", false */ 'x', 'f', 'r', 'a', 'g', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "xg3n1us.de", false */ 'x', 'g', '3', 'n', '1', 'u', 's', '.', 'd', 'e', '\0', + /* "xgame.com.tr", true */ 'x', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "xgclan.com", true */ 'x', 'g', 'c', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "xgn.es", true */ 'x', 'g', 'n', '.', 'e', 's', '\0', + /* "xhadius.de", true */ 'x', 'h', 'a', 'd', 'i', 'u', 's', '.', 'd', 'e', '\0', + /* "xho.me", true */ 'x', 'h', 'o', '.', 'm', 'e', '\0', + /* "xiamenshipbuilding.com", true */ 'x', 'i', 'a', 'm', 'e', 'n', 's', 'h', 'i', 'p', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "xiamuzi.com", true */ 'x', 'i', 'a', 'm', 'u', 'z', 'i', '.', 'c', 'o', 'm', '\0', + /* "xiangblog.com", true */ 'x', 'i', 'a', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "xiangweiqing.co.uk", true */ 'x', 'i', 'a', 'n', 'g', 'w', 'e', 'i', 'q', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "xiangwenquan.me", true */ 'x', 'i', 'a', 'n', 'g', 'w', 'e', 'n', 'q', 'u', 'a', 'n', '.', 'm', 'e', '\0', + /* "xiaofengsky.com", true */ 'x', 'i', 'a', 'o', 'f', 'e', 'n', 'g', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0', + /* "xiaoguo.net", false */ 'x', 'i', 'a', 'o', 'g', 'u', 'o', '.', 'n', 'e', 't', '\0', + /* "xiaolan.me", true */ 'x', 'i', 'a', 'o', 'l', 'a', 'n', '.', 'm', 'e', '\0', + /* "xiaolanglang.net", true */ 'x', 'i', 'a', 'o', 'l', 'a', 'n', 'g', 'l', 'a', 'n', 'g', '.', 'n', 'e', 't', '\0', + /* "xiaomi.eu", true */ 'x', 'i', 'a', 'o', 'm', 'i', '.', 'e', 'u', '\0', + /* "xiaoniaoyou.com", true */ 'x', 'i', 'a', 'o', 'n', 'i', 'a', 'o', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "xiaowutou.com", true */ 'x', 'i', 'a', 'o', 'w', 'u', 't', 'o', 'u', '.', 'c', 'o', 'm', '\0', + /* "xiaoyu.net", true */ 'x', 'i', 'a', 'o', 'y', 'u', '.', 'n', 'e', 't', '\0', + /* "xiazhanjian.com", true */ 'x', 'i', 'a', 'z', 'h', 'a', 'n', 'j', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "xichtsbuch.de", true */ 'x', 'i', 'c', 'h', 't', 's', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0', + /* "xichuangke.com", false */ 'x', 'i', 'c', 'h', 'u', 'a', 'n', 'g', 'k', 'e', '.', 'c', 'o', 'm', '\0', + /* "xicreative.net", true */ 'x', 'i', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'n', 'e', 't', '\0', + /* "xight.org", true */ 'x', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0', + /* "xilef.org", true */ 'x', 'i', 'l', 'e', 'f', '.', 'o', 'r', 'g', '\0', + /* "xiliant.com", true */ 'x', 'i', 'l', 'i', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0', + /* "xilkoi.net", true */ 'x', 'i', 'l', 'k', 'o', 'i', '.', 'n', 'e', 't', '\0', + /* "ximage.me", false */ 'x', 'i', 'm', 'a', 'g', 'e', '.', 'm', 'e', '\0', + /* "ximbo.net", true */ 'x', 'i', 'm', 'b', 'o', '.', 'n', 'e', 't', '\0', + /* "xingiahanvisa.net", true */ 'x', 'i', 'n', 'g', 'i', 'a', 'h', 'a', 'n', 'v', 'i', 's', 'a', '.', 'n', 'e', 't', '\0', + /* "xiqi.us", true */ 'x', 'i', 'q', 'i', '.', 'u', 's', '\0', + /* "xirion.net", true */ 'x', 'i', 'r', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0', + /* "xiyu.it", false */ 'x', 'i', 'y', 'u', '.', 'i', 't', '\0', + /* "xj8876.com", true */ 'x', 'j', '8', '8', '7', '6', '.', 'c', 'o', 'm', '\0', + /* "xjd.vision", true */ 'x', 'j', 'd', '.', 'v', 'i', 's', 'i', 'o', 'n', '\0', + /* "xjjeeps.com", true */ 'x', 'j', 'j', 'e', 'e', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "xjoin.de", true */ 'x', 'j', 'o', 'i', 'n', '.', 'd', 'e', '\0', + /* "xjpvictor.info", true */ 'x', 'j', 'p', 'v', 'i', 'c', 't', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0', + /* "xkblog.xyz", true */ 'x', 'k', 'b', 'l', 'o', 'g', '.', 'x', 'y', 'z', '\0', + /* "xkcd.pw", true */ 'x', 'k', 'c', 'd', '.', 'p', 'w', '\0', + /* "xkviz.net", true */ 'x', 'k', 'v', 'i', 'z', '.', 'n', 'e', 't', '\0', + /* "xlaff.com", true */ 'x', 'l', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0', + /* "xlan.be", true */ 'x', 'l', 'a', 'n', '.', 'b', 'e', '\0', + /* "xlange.com", true */ 'x', 'l', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0', + /* "xlboo.com", true */ 'x', 'l', 'b', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "xlfblog.com", true */ 'x', 'l', 'f', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0', + /* "xlinar.com", true */ 'x', 'l', 'i', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0', + /* "xmedius.ca", true */ 'x', 'm', 'e', 'd', 'i', 'u', 's', '.', 'c', 'a', '\0', + /* "xmedius.com", false */ 'x', 'm', 'e', 'd', 'i', 'u', 's', '.', 'c', 'o', 'm', '\0', + /* "xmedius.eu", true */ 'x', 'm', 'e', 'd', 'i', 'u', 's', '.', 'e', 'u', '\0', + /* "xmenrevolution.com", true */ 'x', 'm', 'e', 'n', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "xmerak.com", true */ 'x', 'm', 'e', 'r', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "xmiui.com", true */ 'x', 'm', 'i', 'u', 'i', '.', 'c', 'o', 'm', '\0', + /* "xmlbeam.org", true */ 'x', 'm', 'l', 'b', 'e', 'a', 'm', '.', 'o', 'r', 'g', '\0', + /* "xmonk.org", false */ 'x', 'm', 'o', 'n', 'k', '.', 'o', 'r', 'g', '\0', + /* "xmpp.dk", true */ 'x', 'm', 'p', 'p', '.', 'd', 'k', '\0', + /* "xmppwocky.net", true */ 'x', 'm', 'p', 'p', 'w', 'o', 'c', 'k', 'y', '.', 'n', 'e', 't', '\0', + /* "xmr.to", true */ 'x', 'm', 'r', '.', 't', 'o', '\0', + /* "xn----7sbmucgqdbgwwc5e9b.xn--p1ai", true */ 'x', 'n', '-', '-', '-', '-', '7', 's', 'b', 'm', 'u', 'c', 'g', 'q', 'd', 'b', 'g', 'w', 'w', 'c', '5', 'e', '9', 'b', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0', + /* "xn----8hcdn2ankm1bfq.com", true */ 'x', 'n', '-', '-', '-', '-', '8', 'h', 'c', 'd', 'n', '2', 'a', 'n', 'k', 'm', '1', 'b', 'f', 'q', '.', 'c', 'o', 'm', '\0', + /* "xn--0kq33cz5c8wmwrqqw1d.com", true */ 'x', 'n', '-', '-', '0', 'k', 'q', '3', '3', 'c', 'z', '5', 'c', '8', 'w', 'm', 'w', 'r', 'q', 'q', 'w', '1', 'd', '.', 'c', 'o', 'm', '\0', + /* "xn--3lqp21gwna.cn", true */ 'x', 'n', '-', '-', '3', 'l', 'q', 'p', '2', '1', 'g', 'w', 'n', 'a', '.', 'c', 'n', '\0', + /* "xn--6x6a.life", true */ 'x', 'n', '-', '-', '6', 'x', '6', 'a', '.', 'l', 'i', 'f', 'e', '\0', + /* "xn--79q87uvkclvgd56ahq5a.net", true */ 'x', 'n', '-', '-', '7', '9', 'q', '8', '7', 'u', 'v', 'k', 'c', 'l', 'v', 'g', 'd', '5', '6', 'a', 'h', 'q', '5', 'a', '.', 'n', 'e', 't', '\0', + /* "xn--7ca.co", true */ 'x', 'n', '-', '-', '7', 'c', 'a', '.', 'c', 'o', '\0', + /* "xn--7xa.google.com", true */ 'x', 'n', '-', '-', '7', 'x', 'a', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0', + /* "xn--80aaagmgvmvmcuoq7r.xn--p1ai", true */ 'x', 'n', '-', '-', '8', '0', 'a', 'a', 'a', 'g', 'm', 'g', 'v', 'm', 'v', 'm', 'c', 'u', 'o', 'q', '7', 'r', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0', + /* "xn--80anogxed.xn--p1ai", true */ 'x', 'n', '-', '-', '8', '0', 'a', 'n', 'o', 'g', 'x', 'e', 'd', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0', + /* "xn--80azelb.xn--p1ai", true */ 'x', 'n', '-', '-', '8', '0', 'a', 'z', 'e', 'l', 'b', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0', + /* "xn--88j2fy28hbxmnnf9zlw5buzd.com", true */ 'x', 'n', '-', '-', '8', '8', 'j', '2', 'f', 'y', '2', '8', 'h', 'b', 'x', 'm', 'n', 'n', 'f', '9', 'z', 'l', 'w', '5', 'b', 'u', 'z', 'd', '.', 'c', 'o', 'm', '\0', + /* "xn--8dry00a7se89ay98epsgxxq.com", true */ 'x', 'n', '-', '-', '8', 'd', 'r', 'y', '0', '0', 'a', '7', 's', 'e', '8', '9', 'a', 'y', '9', '8', 'e', 'p', 's', 'g', 'x', 'x', 'q', '.', 'c', 'o', 'm', '\0', + /* "xn--8mr166hf6s.xn--fiqs8s", true */ 'x', 'n', '-', '-', '8', 'm', 'r', '1', '6', '6', 'h', 'f', '6', 's', '.', 'x', 'n', '-', '-', 'f', 'i', 'q', 's', '8', 's', '\0', + /* "xn--90accgba6bldkcbb7a.xn--p1acf", true */ 'x', 'n', '-', '-', '9', '0', 'a', 'c', 'c', 'g', 'b', 'a', '6', 'b', 'l', 'd', 'k', 'c', 'b', 'b', '7', 'a', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'c', 'f', '\0', + /* "xn--allgu-biker-o8a.de", true */ 'x', 'n', '-', '-', 'a', 'l', 'l', 'g', 'u', '-', 'b', 'i', 'k', 'e', 'r', '-', 'o', '8', 'a', '.', 'd', 'e', '\0', + /* "xn--aviao-dra1a.pt", true */ 'x', 'n', '-', '-', 'a', 'v', 'i', 'a', 'o', '-', 'd', 'r', 'a', '1', 'a', '.', 'p', 't', '\0', + /* "xn--baron-bonzenbru-elb.com", true */ 'x', 'n', '-', '-', 'b', 'a', 'r', 'o', 'n', '-', 'b', 'o', 'n', 'z', 'e', 'n', 'b', 'r', 'u', '-', 'e', 'l', 'b', '.', 'c', 'o', 'm', '\0', + /* "xn--berwachungspaket-izb.at", true */ 'x', 'n', '-', '-', 'b', 'e', 'r', 'w', 'a', 'c', 'h', 'u', 'n', 'g', 's', 'p', 'a', 'k', 'e', 't', '-', 'i', 'z', 'b', '.', 'a', 't', '\0', + /* "xn--brneruhr-0za.ch", true */ 'x', 'n', '-', '-', 'b', 'r', 'n', 'e', 'r', 'u', 'h', 'r', '-', '0', 'z', 'a', '.', 'c', 'h', '\0', + /* "xn--cck4ax91r.com", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', '4', 'a', 'x', '9', '1', 'r', '.', 'c', 'o', 'm', '\0', + /* "xn--cck7f515h.com", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', '7', 'f', '5', '1', '5', 'h', '.', 'c', 'o', 'm', '\0', + /* "xn--cckdrt0kwb4g3cnh.com", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', 'd', 'r', 't', '0', 'k', 'w', 'b', '4', 'g', '3', 'c', 'n', 'h', '.', 'c', 'o', 'm', '\0', + /* "xn--cckvb1cwa0c5br5e2d2711k.net", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', 'v', 'b', '1', 'c', 'w', 'a', '0', 'c', '5', 'b', 'r', '5', 'e', '2', 'd', '2', '7', '1', '1', 'k', '.', 'n', 'e', 't', '\0', + /* "xn--cctsgy36bnvprwpekc.com", true */ 'x', 'n', '-', '-', 'c', 'c', 't', 's', 'g', 'y', '3', '6', 'b', 'n', 'v', 'p', 'r', 'w', 'p', 'e', 'k', 'c', '.', 'c', 'o', 'm', '\0', + /* "xn--d1acj9c.xn--90ais", true */ 'x', 'n', '-', '-', 'd', '1', 'a', 'c', 'j', '9', 'c', '.', 'x', 'n', '-', '-', '9', '0', 'a', 'i', 's', '\0', + /* "xn--dcko6fsa5b1a8gyicbc.biz", true */ 'x', 'n', '-', '-', 'd', 'c', 'k', 'o', '6', 'f', 's', 'a', '5', 'b', '1', 'a', '8', 'g', 'y', 'i', 'c', 'b', 'c', '.', 'b', 'i', 'z', '\0', + /* "xn--dckya4a0bya6x.com", true */ 'x', 'n', '-', '-', 'd', 'c', 'k', 'y', 'a', '4', 'a', '0', 'b', 'y', 'a', '6', 'x', '.', 'c', 'o', 'm', '\0', + /* "xn--dckya4a0bya6x.jp", true */ 'x', 'n', '-', '-', 'd', 'c', 'k', 'y', 'a', '4', 'a', '0', 'b', 'y', 'a', '6', 'x', '.', 'j', 'p', '\0', + /* "xn--detrkl13b9sbv53j.com", true */ 'x', 'n', '-', '-', 'd', 'e', 't', 'r', 'k', 'l', '1', '3', 'b', '9', 's', 'b', 'v', '5', '3', 'j', '.', 'c', 'o', 'm', '\0', + /* "xn--detrkl13b9sbv53j.org", true */ 'x', 'n', '-', '-', 'd', 'e', 't', 'r', 'k', 'l', '1', '3', 'b', '9', 's', 'b', 'v', '5', '3', 'j', '.', 'o', 'r', 'g', '\0', + /* "xn--dmonenjger-q5ag.net", true */ 'x', 'n', '-', '-', 'd', 'm', 'o', 'n', 'e', 'n', 'j', 'g', 'e', 'r', '-', 'q', '5', 'a', 'g', '.', 'n', 'e', 't', '\0', + /* "xn--dragni-g1a.de", true */ 'x', 'n', '-', '-', 'd', 'r', 'a', 'g', 'n', 'i', '-', 'g', '1', 'a', '.', 'd', 'e', '\0', + /* "xn--e--0g4aiy1b8rmfg3o.jp", true */ 'x', 'n', '-', '-', 'e', '-', '-', '0', 'g', '4', 'a', 'i', 'y', '1', 'b', '8', 'r', 'm', 'f', 'g', '3', 'o', '.', 'j', 'p', '\0', + /* "xn--e--4h4axau6ld4lna0g.com", true */ 'x', 'n', '-', '-', 'e', '-', '-', '4', 'h', '4', 'a', 'x', 'a', 'u', '6', 'l', 'd', '4', 'l', 'n', 'a', '0', 'g', '.', 'c', 'o', 'm', '\0', + /* "xn--e--ig4a4c3f6bvc5et632i.com", true */ 'x', 'n', '-', '-', 'e', '-', '-', 'i', 'g', '4', 'a', '4', 'c', '3', 'f', '6', 'b', 'v', 'c', '5', 'e', 't', '6', '3', '2', 'i', '.', 'c', 'o', 'm', '\0', + /* "xn--e--k83a5h244w54gttk.xyz", true */ 'x', 'n', '-', '-', 'e', '-', '-', 'k', '8', '3', 'a', '5', 'h', '2', '4', '4', 'w', '5', '4', 'g', 't', 't', 'k', '.', 'x', 'y', 'z', '\0', + /* "xn--ecki0cd0bu9a4nsjb.com", true */ 'x', 'n', '-', '-', 'e', 'c', 'k', 'i', '0', 'c', 'd', '0', 'b', 'u', '9', 'a', '4', 'n', 's', 'j', 'b', '.', 'c', 'o', 'm', '\0', + /* "xn--erklderbarenben-slbh.dk", true */ 'x', 'n', '-', '-', 'e', 'r', 'k', 'l', 'd', 'e', 'r', 'b', 'a', 'r', 'e', 'n', 'b', 'e', 'n', '-', 's', 'l', 'b', 'h', '.', 'd', 'k', '\0', + /* "xn--f9jh4f4b4993b66s.tokyo", true */ 'x', 'n', '-', '-', 'f', '9', 'j', 'h', '4', 'f', '4', 'b', '4', '9', '9', '3', 'b', '6', '6', 's', '.', 't', 'o', 'k', 'y', 'o', '\0', + /* "xn--fischereiverein-mnsterhausen-i7c.de", true */ 'x', 'n', '-', '-', 'f', 'i', 's', 'c', 'h', 'e', 'r', 'e', 'i', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'm', 'n', 's', 't', 'e', 'r', 'h', 'a', 'u', 's', 'e', 'n', '-', 'i', '7', 'c', '.', 'd', 'e', '\0', + /* "xn--grnderlehrstuhl-0vb.de", true */ 'x', 'n', '-', '-', 'g', 'r', 'n', 'd', 'e', 'r', 'l', 'e', 'h', 'r', 's', 't', 'u', 'h', 'l', '-', '0', 'v', 'b', '.', 'd', 'e', '\0', + /* "xn--hfk-allgu-schwaben-stb.de", true */ 'x', 'n', '-', '-', 'h', 'f', 'k', '-', 'a', 'l', 'l', 'g', 'u', '-', 's', 'c', 'h', 'w', 'a', 'b', 'e', 'n', '-', 's', 't', 'b', '.', 'd', 'e', '\0', + /* "xn--hllrigl-90a.at", true */ 'x', 'n', '-', '-', 'h', 'l', 'l', 'r', 'i', 'g', 'l', '-', '9', '0', 'a', '.', 'a', 't', '\0', + /* "xn--i2ru8q2qg.com", true */ 'x', 'n', '-', '-', 'i', '2', 'r', 'u', '8', 'q', '2', 'q', 'g', '.', 'c', 'o', 'm', '\0', + /* "xn--internetlnen-1cb.com", true */ 'x', 'n', '-', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'l', 'n', 'e', 'n', '-', '1', 'c', 'b', '.', 'c', 'o', 'm', '\0', + /* "xn--jbs-tna.de", true */ 'x', 'n', '-', '-', 'j', 'b', 's', '-', 't', 'n', 'a', '.', 'd', 'e', '\0', + /* "xn--jda.tk", true */ 'x', 'n', '-', '-', 'j', 'd', 'a', '.', 't', 'k', '\0', + /* "xn--jp8hx8f.ws", true */ 'x', 'n', '-', '-', 'j', 'p', '8', 'h', 'x', '8', 'f', '.', 'w', 's', '\0', + /* "xn--jywq5uqwqxhd2onsij.jp", true */ 'x', 'n', '-', '-', 'j', 'y', 'w', 'q', '5', 'u', 'q', 'w', 'q', 'x', 'h', 'd', '2', 'o', 'n', 's', 'i', 'j', '.', 'j', 'p', '\0', + /* "xn--kda.tk", true */ 'x', 'n', '-', '-', 'k', 'd', 'a', '.', 't', 'k', '\0', + /* "xn--knstler-n2a.tips", false */ 'x', 'n', '-', '-', 'k', 'n', 's', 't', 'l', 'e', 'r', '-', 'n', '2', 'a', '.', 't', 'i', 'p', 's', '\0', + /* "xn--ktha-kamrater-pfba.se", true */ 'x', 'n', '-', '-', 'k', 't', 'h', 'a', '-', 'k', 'a', 'm', 'r', 'a', 't', 'e', 'r', '-', 'p', 'f', 'b', 'a', '.', 's', 'e', '\0', + /* "xn--lna-2000-9za.nu", true */ 'x', 'n', '-', '-', 'l', 'n', 'a', '-', '2', '0', '0', '0', '-', '9', 'z', 'a', '.', 'n', 'u', '\0', + /* "xn--lna-4000-9za.nu", true */ 'x', 'n', '-', '-', 'l', 'n', 'a', '-', '4', '0', '0', '0', '-', '9', 'z', 'a', '.', 'n', 'u', '\0', + /* "xn--love-un4c7e0d4a.com", true */ 'x', 'n', '-', '-', 'l', 'o', 'v', 'e', '-', 'u', 'n', '4', 'c', '7', 'e', '0', 'd', '4', 'a', '.', 'c', 'o', 'm', '\0', + /* "xn--lsaupp-iua.se", true */ 'x', 'n', '-', '-', 'l', 's', 'a', 'u', 'p', 'p', '-', 'i', 'u', 'a', '.', 's', 'e', '\0', + /* "xn--lsupp-mra.net", true */ 'x', 'n', '-', '-', 'l', 's', 'u', 'p', 'p', '-', 'm', 'r', 'a', '.', 'n', 'e', 't', '\0', + /* "xn--manuela-stsser-psb.de", true */ 'x', 'n', '-', '-', 'm', 'a', 'n', 'u', 'e', 'l', 'a', '-', 's', 't', 's', 's', 'e', 'r', '-', 'p', 's', 'b', '.', 'd', 'e', '\0', + /* "xn--maraa-rta.org", true */ 'x', 'n', '-', '-', 'm', 'a', 'r', 'a', 'a', '-', 'r', 't', 'a', '.', 'o', 'r', 'g', '\0', + /* "xn--mentaltraining-fr-musiker-uwc.ch", true */ 'x', 'n', '-', '-', 'm', 'e', 'n', 't', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'f', 'r', '-', 'm', 'u', 's', 'i', 'k', 'e', 'r', '-', 'u', 'w', 'c', '.', 'c', 'h', '\0', + /* "xn--mgbbh2a9fub.xn--ngbc5azd", false */ 'x', 'n', '-', '-', 'm', 'g', 'b', 'b', 'h', '2', 'a', '9', 'f', 'u', 'b', '.', 'x', 'n', '-', '-', 'n', 'g', 'b', 'c', '5', 'a', 'z', 'd', '\0', + /* "xn--mgbmmp7eub.com", true */ 'x', 'n', '-', '-', 'm', 'g', 'b', 'm', 'm', 'p', '7', 'e', 'u', 'b', '.', 'c', 'o', 'm', '\0', + /* "xn--mllers-wxa.info", true */ 'x', 'n', '-', '-', 'm', 'l', 'l', 'e', 'r', 's', '-', 'w', 'x', 'a', '.', 'i', 'n', 'f', 'o', '\0', + /* "xn--n8j7dygrbu0c31a5861bq8qb.com", true */ 'x', 'n', '-', '-', 'n', '8', 'j', '7', 'd', 'y', 'g', 'r', 'b', 'u', '0', 'c', '3', '1', 'a', '5', '8', '6', '1', 'b', 'q', '8', 'q', 'b', '.', 'c', 'o', 'm', '\0', + /* "xn--n8jp5083dnzs.net", true */ 'x', 'n', '-', '-', 'n', '8', 'j', 'p', '5', '0', '8', '3', 'd', 'n', 'z', 's', '.', 'n', 'e', 't', '\0', + /* "xn--n8jtcugp92n4wc738f.net", true */ 'x', 'n', '-', '-', 'n', '8', 'j', 't', 'c', 'u', 'g', 'p', '9', '2', 'n', '4', 'w', 'c', '7', '3', '8', 'f', '.', 'n', 'e', 't', '\0', + /* "xn--o77hka.ga", true */ 'x', 'n', '-', '-', 'o', '7', '7', 'h', 'k', 'a', '.', 'g', 'a', '\0', + /* "xn--pbt947am3ab71g.com", true */ 'x', 'n', '-', '-', 'p', 'b', 't', '9', '4', '7', 'a', 'm', '3', 'a', 'b', '7', '1', 'g', '.', 'c', 'o', 'm', '\0', + /* "xn--pe-bka.ee", true */ 'x', 'n', '-', '-', 'p', 'e', '-', 'b', 'k', 'a', '.', 'e', 'e', '\0', + /* "xn--pq1a637b.xn--6qq986b3xl", true */ 'x', 'n', '-', '-', 'p', 'q', '1', 'a', '6', '3', '7', 'b', '.', 'x', 'n', '-', '-', '6', 'q', 'q', '9', '8', '6', 'b', '3', 'x', 'l', '\0', + /* "xn--q9jb1h5dvcspke3218b9mn4p0c.com", true */ 'x', 'n', '-', '-', 'q', '9', 'j', 'b', '1', 'h', '5', 'd', 'v', 'c', 's', 'p', 'k', 'e', '3', '2', '1', '8', 'b', '9', 'm', 'n', '4', 'p', '0', 'c', '.', 'c', 'o', 'm', '\0', + /* "xn--qckss0j.tk", true */ 'x', 'n', '-', '-', 'q', 'c', 'k', 's', 's', '0', 'j', '.', 't', 'k', '\0', + /* "xn--r77hya.ga", true */ 'x', 'n', '-', '-', 'r', '7', '7', 'h', 'y', 'a', '.', 'g', 'a', '\0', + /* "xn--r8jzaf7977b09e.com", true */ 'x', 'n', '-', '-', 'r', '8', 'j', 'z', 'a', 'f', '7', '9', '7', '7', 'b', '0', '9', 'e', '.', 'c', 'o', 'm', '\0', + /* "xn--rdiger-kuhlmann-zvb.de", true */ 'x', 'n', '-', '-', 'r', 'd', 'i', 'g', 'e', 'r', '-', 'k', 'u', 'h', 'l', 'm', 'a', 'n', 'n', '-', 'z', 'v', 'b', '.', 'd', 'e', '\0', + /* "xn--rlcus7b3d.xn--xkc2dl3a5ee0h", true */ 'x', 'n', '-', '-', 'r', 'l', 'c', 'u', 's', '7', 'b', '3', 'd', '.', 'x', 'n', '-', '-', 'x', 'k', 'c', '2', 'd', 'l', '3', 'a', '5', 'e', 'e', '0', 'h', '\0', + /* "xn--roselire-60a.ch", true */ 'x', 'n', '-', '-', 'r', 'o', 's', 'e', 'l', 'i', 'r', 'e', '-', '6', '0', 'a', '.', 'c', 'h', '\0', + /* "xn--roselire-60a.com", true */ 'x', 'n', '-', '-', 'r', 'o', 's', 'e', 'l', 'i', 'r', 'e', '-', '6', '0', 'a', '.', 'c', 'o', 'm', '\0', + /* "xn--rt-cja.eu", true */ 'x', 'n', '-', '-', 'r', 't', '-', 'c', 'j', 'a', '.', 'e', 'u', '\0', + /* "xn--rt-cja.ie", true */ 'x', 'n', '-', '-', 'r', 't', '-', 'c', 'j', 'a', '.', 'i', 'e', '\0', + /* "xn--rtter-kva.eu", true */ 'x', 'n', '-', '-', 'r', 't', 't', 'e', 'r', '-', 'k', 'v', 'a', '.', 'e', 'u', '\0', + /* "xn--ruanmller-u9a.com", true */ 'x', 'n', '-', '-', 'r', 'u', 'a', 'n', 'm', 'l', 'l', 'e', 'r', '-', 'u', '9', 'a', '.', 'c', 'o', 'm', '\0', + /* "xn--sdkwa9azd389v01ya.com", true */ 'x', 'n', '-', '-', 's', 'd', 'k', 'w', 'a', '9', 'a', 'z', 'd', '3', '8', '9', 'v', '0', '1', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "xn--seelenwchter-mcb.eu", true */ 'x', 'n', '-', '-', 's', 'e', 'e', 'l', 'e', 'n', 'w', 'c', 'h', 't', 'e', 'r', '-', 'm', 'c', 'b', '.', 'e', 'u', '\0', + /* "xn--spenijmazania-yhc.pl", true */ 'x', 'n', '-', '-', 's', 'p', 'e', 'n', 'i', 'j', 'm', 'a', 'z', 'a', 'n', 'i', 'a', '-', 'y', 'h', 'c', '.', 'p', 'l', '\0', + /* "xn--t-oha.lv", true */ 'x', 'n', '-', '-', 't', '-', 'o', 'h', 'a', '.', 'l', 'v', '\0', + /* "xn--t8j4aa4nkg1h9bwcvud.com", true */ 'x', 'n', '-', '-', 't', '8', 'j', '4', 'a', 'a', '4', 'n', 'k', 'g', '1', 'h', '9', 'b', 'w', 'c', 'v', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "xn--t8j4aa4nyhxa7duezbl49aqg5546e264d.net", true */ 'x', 'n', '-', '-', 't', '8', 'j', '4', 'a', 'a', '4', 'n', 'y', 'h', 'x', 'a', '7', 'd', 'u', 'e', 'z', 'b', 'l', '4', '9', 'a', 'q', 'g', '5', '5', '4', '6', 'e', '2', '6', '4', 'd', '.', 'n', 'e', 't', '\0', + /* "xn--t8j4aa4nzg3a5euoxcwee.xyz", true */ 'x', 'n', '-', '-', 't', '8', 'j', '4', 'a', 'a', '4', 'n', 'z', 'g', '3', 'a', '5', 'e', 'u', 'o', 'x', 'c', 'w', 'e', 'e', '.', 'x', 'y', 'z', '\0', + /* "xn--tda.ml", true */ 'x', 'n', '-', '-', 't', 'd', 'a', '.', 'm', 'l', '\0', + /* "xn--thorme-6uaf.ca", true */ 'x', 'n', '-', '-', 't', 'h', 'o', 'r', 'm', 'e', '-', '6', 'u', 'a', 'f', '.', 'c', 'a', '\0', + /* "xn--tigreray-i1a.org", true */ 'x', 'n', '-', '-', 't', 'i', 'g', 'r', 'e', 'r', 'a', 'y', '-', 'i', '1', 'a', '.', 'o', 'r', 'g', '\0', + /* "xn--u9j0ia6hb7347cg8wavz0avb0e.com", true */ 'x', 'n', '-', '-', 'u', '9', 'j', '0', 'i', 'a', '6', 'h', 'b', '7', '3', '4', '7', 'c', 'g', '8', 'w', 'a', 'v', 'z', '0', 'a', 'v', 'b', '0', 'e', '.', 'c', 'o', 'm', '\0', + /* "xn--u9jv84l7ea468b.com", true */ 'x', 'n', '-', '-', 'u', '9', 'j', 'v', '8', '4', 'l', '7', 'e', 'a', '4', '6', '8', 'b', '.', 'c', 'o', 'm', '\0', + /* "xn--uort9oqoaj00bv04d.biz", true */ 'x', 'n', '-', '-', 'u', 'o', 'r', 't', '9', 'o', 'q', 'o', 'a', 'j', '0', '0', 'b', 'v', '0', '4', 'd', '.', 'b', 'i', 'z', '\0', + /* "xn--uorz58b8p0bpwa.biz", true */ 'x', 'n', '-', '-', 'u', 'o', 'r', 'z', '5', '8', 'b', '8', 'p', '0', 'b', 'p', 'w', 'a', '.', 'b', 'i', 'z', '\0', + /* "xn--v-wfa35g.ro", true */ 'x', 'n', '-', '-', 'v', '-', 'w', 'f', 'a', '3', '5', 'g', '.', 'r', 'o', '\0', + /* "xn--v6q426ishax2a.xyz", true */ 'x', 'n', '-', '-', 'v', '6', 'q', '4', '2', '6', 'i', 's', 'h', 'a', 'x', '2', 'a', '.', 'x', 'y', 'z', '\0', + /* "xn--vck8crc010pu14e.biz", true */ 'x', 'n', '-', '-', 'v', 'c', 'k', '8', 'c', 'r', 'c', '0', '1', '0', 'p', 'u', '1', '4', 'e', '.', 'b', 'i', 'z', '\0', + /* "xn--vck8crc655y34ioha.net", true */ 'x', 'n', '-', '-', 'v', 'c', 'k', '8', 'c', 'r', 'c', '6', '5', '5', 'y', '3', '4', 'i', 'o', 'h', 'a', '.', 'n', 'e', 't', '\0', + /* "xn--vck8crcu789ajtaj92eura.xyz", true */ 'x', 'n', '-', '-', 'v', 'c', 'k', '8', 'c', 'r', 'c', 'u', '7', '8', '9', 'a', 'j', 't', 'a', 'j', '9', '2', 'e', 'u', 'r', 'a', '.', 'x', 'y', 'z', '\0', + /* "xn--werner-schffer-fib.de", true */ 'x', 'n', '-', '-', 'w', 'e', 'r', 'n', 'e', 'r', '-', 's', 'c', 'h', 'f', 'f', 'e', 'r', '-', 'f', 'i', 'b', '.', 'd', 'e', '\0', + /* "xn--xz1a.jp", true */ 'x', 'n', '-', '-', 'x', 'z', '1', 'a', '.', 'j', 'p', '\0', + /* "xn--y8j148r.xn--q9jyb4c", true */ 'x', 'n', '-', '-', 'y', '8', 'j', '1', '4', '8', 'r', '.', 'x', 'n', '-', '-', 'q', '9', 'j', 'y', 'b', '4', 'c', '\0', + /* "xn--y8j2eb5631a4qf5n0h.com", true */ 'x', 'n', '-', '-', 'y', '8', 'j', '2', 'e', 'b', '5', '6', '3', '1', 'a', '4', 'q', 'f', '5', 'n', '0', 'h', '.', 'c', 'o', 'm', '\0', + /* "xn--y8j5gq14rbdd.net", true */ 'x', 'n', '-', '-', 'y', '8', 'j', '5', 'g', 'q', '1', '4', 'r', 'b', 'd', 'd', '.', 'n', 'e', 't', '\0', + /* "xn--zettlmeil-n1a.de", true */ 'x', 'n', '-', '-', 'z', 'e', 't', 't', 'l', 'm', 'e', 'i', 'l', '-', 'n', '1', 'a', '.', 'd', 'e', '\0', + /* "xn5.de", true */ 'x', 'n', '5', '.', 'd', 'e', '\0', + /* "xnaas.info", true */ 'x', 'n', 'a', 'a', 's', '.', 'i', 'n', 'f', 'o', '\0', + /* "xnet-x.net", true */ 'x', 'n', 'e', 't', '-', 'x', '.', 'n', 'e', 't', '\0', + /* "xng.io", true */ 'x', 'n', 'g', '.', 'i', 'o', '\0', + /* "xninja.xyz", true */ 'x', 'n', 'i', 'n', 'j', 'a', '.', 'x', 'y', 'z', '\0', + /* "xnode.org", true */ 'x', 'n', 'o', 'd', 'e', '.', 'o', 'r', 'g', '\0', + /* "xntrik.wtf", true */ 'x', 'n', 't', 'r', 'i', 'k', '.', 'w', 't', 'f', '\0', + /* "xo.tc", true */ 'x', 'o', '.', 't', 'c', '\0', + /* "xolphin.nl", true */ 'x', 'o', 'l', 'p', 'h', 'i', 'n', '.', 'n', 'l', '\0', + /* "xombitgames.com", true */ 'x', 'o', 'm', 'b', 'i', 't', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "xombitmusic.com", true */ 'x', 'o', 'm', 'b', 'i', 't', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "xonn.de", true */ 'x', 'o', 'n', 'n', '.', 'd', 'e', '\0', + /* "xotika.tv", true */ 'x', 'o', 't', 'i', 'k', 'a', '.', 't', 'v', '\0', + /* "xp2.de", true */ 'x', 'p', '2', '.', 'd', 'e', '\0', + /* "xpd.se", true */ 'x', 'p', 'd', '.', 's', 'e', '\0', + /* "xpenology-fr.net", true */ 'x', 'p', 'e', 'n', 'o', 'l', 'o', 'g', 'y', '-', 'f', 'r', '.', 'n', 'e', 't', '\0', + /* "xperidia.com", true */ 'x', 'p', 'e', 'r', 'i', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0', + /* "xpj.bet", true */ 'x', 'p', 'j', '.', 'b', 'e', 't', '\0', + /* "xpjcunkuan.com", true */ 'x', 'p', 'j', 'c', 'u', 'n', 'k', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "xpletus.nl", true */ 'x', 'p', 'l', 'e', 't', 'u', 's', '.', 'n', 'l', '\0', + /* "xplore-dna.net", true */ 'x', 'p', 'l', 'o', 'r', 'e', '-', 'd', 'n', 'a', '.', 'n', 'e', 't', '\0', + /* "xpressprint.com.br", true */ 'x', 'p', 'r', 'e', 's', 's', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "xps2pdf.co.uk", true */ 'x', 'p', 's', '2', 'p', 'd', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "xqin.net", true */ 'x', 'q', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "xr.cx", true */ 'x', 'r', '.', 'c', 'x', '\0', + /* "xrippedhd.com", true */ 'x', 'r', 'i', 'p', 'p', 'e', 'd', 'h', 'd', '.', 'c', 'o', 'm', '\0', + /* "xrockx.de", true */ 'x', 'r', 'o', 'c', 'k', 'x', '.', 'd', 'e', '\0', + /* "xroot.org", true */ 'x', 'r', 'o', 'o', 't', '.', 'o', 'r', 'g', '\0', + /* "xs2a.no", true */ 'x', 's', '2', 'a', '.', 'n', 'o', '\0', + /* "xscancun.com", true */ 'x', 's', 'c', 'a', 'n', 'c', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "xscapers.com", true */ 'x', 's', 'c', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "xsmobile.de", true */ 'x', 's', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'd', 'e', '\0', + /* "xss.ht", true */ 'x', 's', 's', '.', 'h', 't', '\0', + /* "xss.sk", true */ 'x', 's', 's', '.', 's', 'k', '\0', + /* "xsstime.nl", true */ 'x', 's', 's', 't', 'i', 'm', 'e', '.', 'n', 'l', '\0', + /* "xsyds.cn", true */ 'x', 's', 'y', 'd', 's', '.', 'c', 'n', '\0', + /* "xsz.jp", true */ 'x', 's', 'z', '.', 'j', 'p', '\0', + /* "xt.om", true */ 'x', 't', '.', 'o', 'm', '\0', + /* "xtarget.ru", true */ 'x', 't', 'a', 'r', 'g', 'e', 't', '.', 'r', 'u', '\0', + /* "xtom.chat", true */ 'x', 't', 'o', 'm', '.', 'c', 'h', 'a', 't', '\0', + /* "xtom.com", true */ 'x', 't', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "xtom.com.hk", true */ 'x', 't', 'o', 'm', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0', + /* "xtom.io", true */ 'x', 't', 'o', 'm', '.', 'i', 'o', '\0', + /* "xtreme-servers.eu", true */ 'x', 't', 'r', 'e', 'm', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'e', 'u', '\0', + /* "xtremebouncepartyhire.com.au", true */ 'x', 't', 'r', 'e', 'm', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "xtremegaming.it", true */ 'x', 't', 'r', 'e', 'm', 'e', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'i', 't', '\0', + /* "xtronics.com", true */ 'x', 't', 'r', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "xts.bike", true */ 'x', 't', 's', '.', 'b', 'i', 'k', 'e', '\0', + /* "xts3636.net", true */ 'x', 't', 's', '3', '6', '3', '6', '.', 'n', 'e', 't', '\0', + /* "xtu2.com", true */ 'x', 't', 'u', '2', '.', 'c', 'o', 'm', '\0', + /* "xtzone.be", true */ 'x', 't', 'z', 'o', 'n', 'e', '.', 'b', 'e', '\0', + /* "xuab.net", true */ 'x', 'u', 'a', 'b', '.', 'n', 'e', 't', '\0', + /* "xubo666.com", true */ 'x', 'u', 'b', 'o', '6', '6', '6', '.', 'c', 'o', 'm', '\0', + /* "xuc.me", true */ 'x', 'u', 'c', '.', 'm', 'e', '\0', + /* "xuming.studio", true */ 'x', 'u', 'm', 'i', 'n', 'g', '.', 's', 't', 'u', 'd', 'i', 'o', '\0', + /* "xuntier.ch", true */ 'x', 'u', 'n', 't', 'i', 'e', 'r', '.', 'c', 'h', '\0', + /* "xupeng.me", true */ 'x', 'u', 'p', 'e', 'n', 'g', '.', 'm', 'e', '\0', + /* "xuri.me", false */ 'x', 'u', 'r', 'i', '.', 'm', 'e', '\0', + /* "xvt-blog.tk", true */ 'x', 'v', 't', '-', 'b', 'l', 'o', 'g', '.', 't', 'k', '\0', + /* "xwalck.se", true */ 'x', 'w', 'a', 'l', 'c', 'k', '.', 's', 'e', '\0', + /* "xx0r.eu", true */ 'x', 'x', '0', 'r', '.', 'e', 'u', '\0', + /* "xxffo.com", true */ 'x', 'x', 'f', 'f', 'o', '.', 'c', 'o', 'm', '\0', + /* "xxiz.com", true */ 'x', 'x', 'i', 'z', '.', 'c', 'o', 'm', '\0', + /* "xxx3dbdsm.com", true */ 'x', 'x', 'x', '3', 'd', 'b', 'd', 's', 'm', '.', 'c', 'o', 'm', '\0', + /* "xxxladyboysporn.com", true */ 'x', 'x', 'x', 'l', 'a', 'd', 'y', 'b', 'o', 'y', 's', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "xyfun.net", true */ 'x', 'y', 'f', 'u', 'n', '.', 'n', 'e', 't', '\0', + /* "xyndrac.net", true */ 'x', 'y', 'n', 'd', 'r', 'a', 'c', '.', 'n', 'e', 't', '\0', + /* "xyngular-health.com", true */ 'x', 'y', 'n', 'g', 'u', 'l', 'a', 'r', '-', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "xynta.ch", true */ 'x', 'y', 'n', 't', 'a', '.', 'c', 'h', '\0', + /* "xyyp.mn", true */ 'x', 'y', 'y', 'p', '.', 'm', 'n', '\0', + /* "xyzulu.hosting", true */ 'x', 'y', 'z', 'u', 'l', 'u', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0', + /* "xzclip.cn", true */ 'x', 'z', 'c', 'l', 'i', 'p', '.', 'c', 'n', '\0', + /* "y11n.net", true */ 'y', '1', '1', 'n', '.', 'n', 'e', 't', '\0', + /* "yaay.com.br", true */ 'y', 'a', 'a', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "yabuisha.jp", true */ 'y', 'a', 'b', 'u', 'i', 's', 'h', 'a', '.', 'j', 'p', '\0', + /* "yaccin.com", true */ 'y', 'a', 'c', 'c', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "yachigoya.com", true */ 'y', 'a', 'c', 'h', 'i', 'g', 'o', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "yacobo.com", true */ 'y', 'a', 'c', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "yado-furu.com", true */ 'y', 'a', 'd', 'o', '-', 'f', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0', + /* "yafuoku.ru", true */ 'y', 'a', 'f', 'u', 'o', 'k', 'u', '.', 'r', 'u', '\0', + /* "yagihiro.tech", true */ 'y', 'a', 'g', 'i', 'h', 'i', 'r', 'o', '.', 't', 'e', 'c', 'h', '\0', + /* "yaharu.ru", true */ 'y', 'a', 'h', 'a', 'r', 'u', '.', 'r', 'u', '\0', + /* "yahvehyireh.com", true */ 'y', 'a', 'h', 'v', 'e', 'h', 'y', 'i', 'r', 'e', 'h', '.', 'c', 'o', 'm', '\0', + /* "yak.is", true */ 'y', 'a', 'k', '.', 'i', 's', '\0', + /* "yakaz.com", true */ 'y', 'a', 'k', 'a', 'z', '.', 'c', 'o', 'm', '\0', + /* "yakmade.com", true */ 'y', 'a', 'k', 'm', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "yakmoo.se", true */ 'y', 'a', 'k', 'm', 'o', 'o', '.', 's', 'e', '\0', + /* "yal.sh", true */ 'y', 'a', 'l', '.', 's', 'h', '\0', + /* "yalla.jp", true */ 'y', 'a', 'l', 'l', 'a', '.', 'j', 'p', '\0', + /* "yallamotor.com", true */ 'y', 'a', 'l', 'l', 'a', 'm', 'o', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "yalook.com", true */ 'y', 'a', 'l', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "yama.su", true */ 'y', 'a', 'm', 'a', '.', 's', 'u', '\0', + /* "yamadaya.tv", true */ 'y', 'a', 'm', 'a', 'd', 'a', 'y', 'a', '.', 't', 'v', '\0', + /* "yamaken.jp", true */ 'y', 'a', 'm', 'a', 'k', 'e', 'n', '.', 'j', 'p', '\0', + /* "yamashita-clinic.org", true */ 'y', 'a', 'm', 'a', 's', 'h', 'i', 't', 'a', '-', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0', + /* "yame2.com", true */ 'y', 'a', 'm', 'e', '2', '.', 'c', 'o', 'm', '\0', + /* "yamm.io", true */ 'y', 'a', 'm', 'm', '.', 'i', 'o', '\0', + /* "yanaduday.com", true */ 'y', 'a', 'n', 'a', 'd', 'u', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "yandere.moe", true */ 'y', 'a', 'n', 'd', 'e', 'r', 'e', '.', 'm', 'o', 'e', '\0', + /* "yangjingwen.cn", true */ 'y', 'a', 'n', 'g', 'j', 'i', 'n', 'g', 'w', 'e', 'n', '.', 'c', 'n', '\0', + /* "yanngraf.ch", true */ 'y', 'a', 'n', 'n', 'g', 'r', 'a', 'f', '.', 'c', 'h', '\0', + /* "yanngraf.com", true */ 'y', 'a', 'n', 'n', 'g', 'r', 'a', 'f', '.', 'c', 'o', 'm', '\0', + /* "yanovich.net", true */ 'y', 'a', 'n', 'o', 'v', 'i', 'c', 'h', '.', 'n', 'e', 't', '\0', + /* "yanqiyu.info", true */ 'y', 'a', 'n', 'q', 'i', 'y', 'u', '.', 'i', 'n', 'f', 'o', '\0', + /* "yantrasthal.com", true */ 'y', 'a', 'n', 't', 'r', 'a', 's', 't', 'h', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "yaoidreams.com", true */ 'y', 'a', 'o', 'i', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0', + /* "yapbreak.fr", true */ 'y', 'a', 'p', 'b', 'r', 'e', 'a', 'k', '.', 'f', 'r', '\0', + /* "yarcom.ru", false */ 'y', 'a', 'r', 'c', 'o', 'm', '.', 'r', 'u', '\0', + /* "yarogneva.ru", true */ 'y', 'a', 'r', 'o', 'g', 'n', 'e', 'v', 'a', '.', 'r', 'u', '\0', + /* "yarravilletownhouses.com.au", true */ 'y', 'a', 'r', 'r', 'a', 'v', 'i', 'l', 'l', 'e', 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "yaru.one", true */ 'y', 'a', 'r', 'u', '.', 'o', 'n', 'e', '\0', + /* "yatesun.com", true */ 'y', 'a', 't', 'e', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "yatorie.net", true */ 'y', 'a', 't', 'o', 'r', 'i', 'e', '.', 'n', 'e', 't', '\0', + /* "yatsuenpoon.com", true */ 'y', 'a', 't', 's', 'u', 'e', 'n', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "yaup.tk", true */ 'y', 'a', 'u', 'p', '.', 't', 'k', '\0', + /* "yawen.tw", true */ 'y', 'a', 'w', 'e', 'n', '.', 't', 'w', '\0', + /* "yawnbox.com", true */ 'y', 'a', 'w', 'n', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0', + /* "yaxim.org", true */ 'y', 'a', 'x', 'i', 'm', '.', 'o', 'r', 'g', '\0', + /* "ybin.me", true */ 'y', 'b', 'i', 'n', '.', 'm', 'e', '\0', + /* "ybresson.com", true */ 'y', 'b', 'r', 'e', 's', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "ybsul.com", true */ 'y', 'b', 's', 'u', 'l', '.', 'c', 'o', 'm', '\0', + /* "ybti.net", true */ 'y', 'b', 't', 'i', '.', 'n', 'e', 't', '\0', + /* "ycaaz.com", true */ 'y', 'c', 'a', 'a', 'z', '.', 'c', 'o', 'm', '\0', + /* "ych.art", true */ 'y', 'c', 'h', '.', 'a', 'r', 't', '\0', + /* "ychon.com", true */ 'y', 'c', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "ychong.com", true */ 'y', 'c', 'h', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "yclan.net", true */ 'y', 'c', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0', + /* "yeapdata.com", true */ 'y', 'e', 'a', 'p', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "yeesker.com", true */ 'y', 'e', 'e', 's', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "yellowpages.ee", true */ 'y', 'e', 'l', 'l', 'o', 'w', 'p', 'a', 'g', 'e', 's', '.', 'e', 'e', '\0', + /* "yelp.at", true */ 'y', 'e', 'l', 'p', '.', 'a', 't', '\0', + /* "yelp.be", true */ 'y', 'e', 'l', 'p', '.', 'b', 'e', '\0', + /* "yelp.ca", true */ 'y', 'e', 'l', 'p', '.', 'c', 'a', '\0', + /* "yelp.ch", true */ 'y', 'e', 'l', 'p', '.', 'c', 'h', '\0', + /* "yelp.cl", true */ 'y', 'e', 'l', 'p', '.', 'c', 'l', '\0', + /* "yelp.co.jp", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0', + /* "yelp.co.nz", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "yelp.co.uk", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "yelp.com", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0', + /* "yelp.com.ar", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "yelp.com.au", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "yelp.com.br", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "yelp.com.hk", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0', + /* "yelp.com.mx", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0', + /* "yelp.com.ph", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0', + /* "yelp.com.sg", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 's', 'g', '\0', + /* "yelp.com.tr", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "yelp.com.tw", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 't', 'w', '\0', + /* "yelp.cz", true */ 'y', 'e', 'l', 'p', '.', 'c', 'z', '\0', + /* "yelp.de", true */ 'y', 'e', 'l', 'p', '.', 'd', 'e', '\0', + /* "yelp.dk", true */ 'y', 'e', 'l', 'p', '.', 'd', 'k', '\0', + /* "yelp.es", true */ 'y', 'e', 'l', 'p', '.', 'e', 's', '\0', + /* "yelp.fi", true */ 'y', 'e', 'l', 'p', '.', 'f', 'i', '\0', + /* "yelp.fr", true */ 'y', 'e', 'l', 'p', '.', 'f', 'r', '\0', + /* "yelp.ie", true */ 'y', 'e', 'l', 'p', '.', 'i', 'e', '\0', + /* "yelp.it", true */ 'y', 'e', 'l', 'p', '.', 'i', 't', '\0', + /* "yelp.my", true */ 'y', 'e', 'l', 'p', '.', 'm', 'y', '\0', + /* "yelp.nl", true */ 'y', 'e', 'l', 'p', '.', 'n', 'l', '\0', + /* "yelp.no", true */ 'y', 'e', 'l', 'p', '.', 'n', 'o', '\0', + /* "yelp.pl", true */ 'y', 'e', 'l', 'p', '.', 'p', 'l', '\0', + /* "yelp.pt", true */ 'y', 'e', 'l', 'p', '.', 'p', 't', '\0', + /* "yelp.se", true */ 'y', 'e', 'l', 'p', '.', 's', 'e', '\0', + /* "yemalu.com", true */ 'y', 'e', 'm', 'a', 'l', 'u', '.', 'c', 'o', 'm', '\0', + /* "yemektarifleri.com", true */ 'y', 'e', 'm', 'e', 'k', 't', 'a', 'r', 'i', 'f', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0', + /* "yennhi.co", true */ 'y', 'e', 'n', 'n', 'h', 'i', '.', 'c', 'o', '\0', + /* "yep-pro.ch", true */ 'y', 'e', 'p', '-', 'p', 'r', 'o', '.', 'c', 'h', '\0', + /* "yepbitcoin.com", true */ 'y', 'e', 'p', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "yephy.com", true */ 'y', 'e', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0', + /* "yesiammaisey.me", true */ 'y', 'e', 's', 'i', 'a', 'm', 'm', 'a', 'i', 's', 'e', 'y', '.', 'm', 'e', '\0', + /* "yeswehack.com", true */ 'y', 'e', 's', 'w', 'e', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0', + /* "yetii.net", true */ 'y', 'e', 't', 'i', 'i', '.', 'n', 'e', 't', '\0', + /* "yetzt.me", false */ 'y', 'e', 't', 'z', 't', '.', 'm', 'e', '\0', + /* "yeu.io", true */ 'y', 'e', 'u', '.', 'i', 'o', '\0', + /* "yfengs.moe", true */ 'y', 'f', 'e', 'n', 'g', 's', '.', 'm', 'o', 'e', '\0', + /* "yhaupenthal.org", true */ 'y', 'h', 'a', 'u', 'p', 'e', 'n', 't', 'h', 'a', 'l', '.', 'o', 'r', 'g', '\0', + /* "yhb.io", true */ 'y', 'h', 'b', '.', 'i', 'o', '\0', + /* "yhong.me", true */ 'y', 'h', 'o', 'n', 'g', '.', 'm', 'e', '\0', + /* "yhwj.top", true */ 'y', 'h', 'w', 'j', '.', 't', 'o', 'p', '\0', + /* "yibaoweilong.top", true */ 'y', 'i', 'b', 'a', 'o', 'w', 'e', 'i', 'l', 'o', 'n', 'g', '.', 't', 'o', 'p', '\0', + /* "yicknam.my", true */ 'y', 'i', 'c', 'k', 'n', 'a', 'm', '.', 'm', 'y', '\0', + /* "yii2.cc", true */ 'y', 'i', 'i', '2', '.', 'c', 'c', '\0', + /* "yikeyong.com", true */ 'y', 'i', 'k', 'e', 'y', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "yin8888.tv", true */ 'y', 'i', 'n', '8', '8', '8', '8', '.', 't', 'v', '\0', + /* "yinfor.com", true */ 'y', 'i', 'n', 'f', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "yinga.ga", true */ 'y', 'i', 'n', 'g', 'a', '.', 'g', 'a', '\0', + /* "yingatech.com", true */ 'y', 'i', 'n', 'g', 'a', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0', + /* "yinglinda.love", true */ 'y', 'i', 'n', 'g', 'l', 'i', 'n', 'd', 'a', '.', 'l', 'o', 'v', 'e', '\0', + /* "yinlei.org", true */ 'y', 'i', 'n', 'l', 'e', 'i', '.', 'o', 'r', 'g', '\0', + /* "yiyuanzhong.com", true */ 'y', 'i', 'y', 'u', 'a', 'n', 'z', 'h', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "yiz96.com", true */ 'y', 'i', 'z', '9', '6', '.', 'c', 'o', 'm', '\0', + /* "yjsoft.me", true */ 'y', 'j', 's', 'o', 'f', 't', '.', 'm', 'e', '\0', + /* "yjsw.sh.cn", true */ 'y', 'j', 's', 'w', '.', 's', 'h', '.', 'c', 'n', '\0', + /* "yksityisyydensuoja.fi", true */ 'y', 'k', 's', 'i', 't', 'y', 'i', 's', 'y', 'y', 'd', 'e', 'n', 's', 'u', 'o', 'j', 'a', '.', 'f', 'i', '\0', + /* "ylilauta.org", true */ 'y', 'l', 'i', 'l', 'a', 'u', 't', 'a', '.', 'o', 'r', 'g', '\0', + /* "ylinternal.com", true */ 'y', 'l', 'i', 'n', 't', 'e', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "ymarion.de", true */ 'y', 'm', 'a', 'r', 'i', 'o', 'n', '.', 'd', 'e', '\0', + /* "ymblaw.com", true */ 'y', 'm', 'b', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0', + /* "ympl.de", true */ 'y', 'm', 'p', 'l', '.', 'd', 'e', '\0', + /* "ymtsonline.org", true */ 'y', 'm', 't', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0', + /* "ynode.com", true */ 'y', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "yobai-grouprec.jp", true */ 'y', 'o', 'b', 'a', 'i', '-', 'g', 'r', 'o', 'u', 'p', 'r', 'e', 'c', '.', 'j', 'p', '\0', + /* "yobai28.com", true */ 'y', 'o', 'b', 'a', 'i', '2', '8', '.', 'c', 'o', 'm', '\0', + /* "yobbelwobbel.de", true */ 'y', 'o', 'b', 'b', 'e', 'l', 'w', 'o', 'b', 'b', 'e', 'l', '.', 'd', 'e', '\0', + /* "yobify.com", true */ 'y', 'o', 'b', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0', + /* "yoga-prive.de", true */ 'y', 'o', 'g', 'a', '-', 'p', 'r', 'i', 'v', 'e', '.', 'd', 'e', '\0', + /* "yoga-school.xyz", true */ 'y', 'o', 'g', 'a', '-', 's', 'c', 'h', 'o', 'o', 'l', '.', 'x', 'y', 'z', '\0', + /* "yoga-schwerin.de", true */ 'y', 'o', 'g', 'a', '-', 's', 'c', 'h', 'w', 'e', 'r', 'i', 'n', '.', 'd', 'e', '\0', + /* "yoga-sky.de", true */ 'y', 'o', 'g', 'a', '-', 's', 'k', 'y', '.', 'd', 'e', '\0', + /* "yoga-zentrum-narayani.de", true */ 'y', 'o', 'g', 'a', '-', 'z', 'e', 'n', 't', 'r', 'u', 'm', '-', 'n', 'a', 'r', 'a', 'y', 'a', 'n', 'i', '.', 'd', 'e', '\0', + /* "yogabhawnamission.com", true */ 'y', 'o', 'g', 'a', 'b', 'h', 'a', 'w', 'n', 'a', 'm', 'i', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "yogananda-roma.org", true */ 'y', 'o', 'g', 'a', 'n', 'a', 'n', 'd', 'a', '-', 'r', 'o', 'm', 'a', '.', 'o', 'r', 'g', '\0', + /* "yogaschoolrishikesh.com", true */ 'y', 'o', 'g', 'a', 's', 'c', 'h', 'o', 'o', 'l', 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "yogoeasy.com", true */ 'y', 'o', 'g', 'o', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '\0', + /* "yoibyoin.info", true */ 'y', 'o', 'i', 'b', 'y', 'o', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0', + /* "yoimise.net", true */ 'y', 'o', 'i', 'm', 'i', 's', 'e', '.', 'n', 'e', 't', '\0', + /* "yoitoko.city", true */ 'y', 'o', 'i', 't', 'o', 'k', 'o', '.', 'c', 'i', 't', 'y', '\0', + /* "yoitsu.moe", true */ 'y', 'o', 'i', 't', 's', 'u', '.', 'm', 'o', 'e', '\0', + /* "yokohama-legaloffice.jp", true */ 'y', 'o', 'k', 'o', 'h', 'a', 'm', 'a', '-', 'l', 'e', 'g', 'a', 'l', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'j', 'p', '\0', + /* "yolo.jetzt", true */ 'y', 'o', 'l', 'o', '.', 'j', 'e', 't', 'z', 't', '\0', + /* "yolobert.de", true */ 'y', 'o', 'l', 'o', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0', + /* "yolocelebs.com", false */ 'y', 'o', 'l', 'o', 'c', 'e', 'l', 'e', 'b', 's', '.', 'c', 'o', 'm', '\0', + /* "yolops.net", true */ 'y', 'o', 'l', 'o', 'p', 's', '.', 'n', 'e', 't', '\0', + /* "yombo.net", true */ 'y', 'o', 'm', 'b', 'o', '.', 'n', 'e', 't', '\0', + /* "yomena.in", true */ 'y', 'o', 'm', 'e', 'n', 'a', '.', 'i', 'n', '\0', + /* "yoonas.com", true */ 'y', 'o', 'o', 'n', 'a', 's', '.', 'c', 'o', 'm', '\0', + /* "yooooex.com", true */ 'y', 'o', 'o', 'o', 'o', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "yoramvandevelde.net", true */ 'y', 'o', 'r', 'a', 'm', 'v', 'a', 'n', 'd', 'e', 'v', 'e', 'l', 'd', 'e', '.', 'n', 'e', 't', '\0', + /* "yorcom.nl", false */ 'y', 'o', 'r', 'c', 'o', 'm', '.', 'n', 'l', '\0', + /* "yorcool.nl", true */ 'y', 'o', 'r', 'c', 'o', 'o', 'l', '.', 'n', 'l', '\0', + /* "yorkshiredalesinflatables.co.uk", true */ 'y', 'o', 'r', 'k', 's', 'h', 'i', 'r', 'e', 'd', 'a', 'l', 'e', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "yorkshireinflatables.co.uk", true */ 'y', 'o', 'r', 'k', 's', 'h', 'i', 'r', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "yorkshireterrier.com.br", true */ 'y', 'o', 'r', 'k', 's', 'h', 'i', 'r', 'e', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "yorname.ml", true */ 'y', 'o', 'r', 'n', 'a', 'm', 'e', '.', 'm', 'l', '\0', + /* "yosbeda.com", true */ 'y', 'o', 's', 'b', 'e', 'd', 'a', '.', 'c', 'o', 'm', '\0', + /* "yosemo.de", true */ 'y', 'o', 's', 'e', 'm', 'o', '.', 'd', 'e', '\0', + /* "yosheenetwork.fr", true */ 'y', 'o', 's', 'h', 'e', 'e', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'f', 'r', '\0', + /* "yoshibaworks.com", true */ 'y', 'o', 's', 'h', 'i', 'b', 'a', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0', + /* "yoshitsugu.net", true */ 'y', 'o', 's', 'h', 'i', 't', 's', 'u', 'g', 'u', '.', 'n', 'e', 't', '\0', + /* "yospos.org", true */ 'y', 'o', 's', 'p', 'o', 's', '.', 'o', 'r', 'g', '\0', + /* "yoticonnections.com", true */ 'y', 'o', 't', 'i', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0', + /* "yotilab.com", true */ 'y', 'o', 't', 'i', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0', + /* "yotta-zetta.com", true */ 'y', 'o', 't', 't', 'a', '-', 'z', 'e', 't', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "yotubaiotona.net", true */ 'y', 'o', 't', 'u', 'b', 'a', 'i', 'o', 't', 'o', 'n', 'a', '.', 'n', 'e', 't', '\0', + /* "youcancraft.de", true */ 'y', 'o', 'u', 'c', 'a', 'n', 'c', 'r', 'a', 'f', 't', '.', 'd', 'e', '\0', + /* "youcanfuckoff.xyz", true */ 'y', 'o', 'u', 'c', 'a', 'n', 'f', 'u', 'c', 'k', 'o', 'f', 'f', '.', 'x', 'y', 'z', '\0', + /* "youcanmakeit.at", true */ 'y', 'o', 'u', 'c', 'a', 'n', 'm', 'a', 'k', 'e', 'i', 't', '.', 'a', 't', '\0', + /* "youcruit.com", true */ 'y', 'o', 'u', 'c', 'r', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "youdamom.com", false */ 'y', 'o', 'u', 'd', 'a', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0', + /* "youdowell.com", true */ 'y', 'o', 'u', 'd', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "youdungoofd.com", true */ 'y', 'o', 'u', 'd', 'u', 'n', 'g', 'o', 'o', 'f', 'd', '.', 'c', 'o', 'm', '\0', + /* "youftp.tk", true */ 'y', 'o', 'u', 'f', 't', 'p', '.', 't', 'k', '\0', + /* "yougee.ml", true */ 'y', 'o', 'u', 'g', 'e', 'e', '.', 'm', 'l', '\0', + /* "youhacked.me", true */ 'y', 'o', 'u', 'h', 'a', 'c', 'k', 'e', 'd', '.', 'm', 'e', '\0', + /* "youhavewords.com", true */ 'y', 'o', 'u', 'h', 'a', 'v', 'e', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0', + /* "youhua.ru", true */ 'y', 'o', 'u', 'h', 'u', 'a', '.', 'r', 'u', '\0', + /* "youkaryote.com", true */ 'y', 'o', 'u', 'k', 'a', 'r', 'y', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0', + /* "youkaryote.org", true */ 'y', 'o', 'u', 'k', 'a', 'r', 'y', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0', + /* "youkok2.com", true */ 'y', 'o', 'u', 'k', 'o', 'k', '2', '.', 'c', 'o', 'm', '\0', + /* "youlend.com", true */ 'y', 'o', 'u', 'l', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0', + /* "youmonit.me", true */ 'y', 'o', 'u', 'm', 'o', 'n', 'i', 't', '.', 'm', 'e', '\0', + /* "youms.de", true */ 'y', 'o', 'u', 'm', 's', '.', 'd', 'e', '\0', + /* "young-sheldon.com", true */ 'y', 'o', 'u', 'n', 'g', '-', 's', 'h', 'e', 'l', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0', + /* "youngdogs.org", true */ 'y', 'o', 'u', 'n', 'g', 'd', 'o', 'g', 's', '.', 'o', 'r', 'g', '\0', + /* "youngfree.cn", true */ 'y', 'o', 'u', 'n', 'g', 'f', 'r', 'e', 'e', '.', 'c', 'n', '\0', + /* "youngsook.com", true */ 'y', 'o', 'u', 'n', 'g', 's', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0', + /* "youngsook.org", true */ 'y', 'o', 'u', 'n', 'g', 's', 'o', 'o', 'k', '.', 'o', 'r', 'g', '\0', + /* "youpark.no", true */ 'y', 'o', 'u', 'p', 'a', 'r', 'k', '.', 'n', 'o', '\0', + /* "youran.me", true */ 'y', 'o', 'u', 'r', 'a', 'n', '.', 'm', 'e', '\0', + /* "yourciso.com", true */ 'y', 'o', 'u', 'r', 'c', 'i', 's', 'o', '.', 'c', 'o', 'm', '\0', + /* "yourcopywriter.it", true */ 'y', 'o', 'u', 'r', 'c', 'o', 'p', 'y', 'w', 'r', 'i', 't', 'e', 'r', '.', 'i', 't', '\0', + /* "yourdaddy.dk", true */ 'y', 'o', 'u', 'r', 'd', 'a', 'd', 'd', 'y', '.', 'd', 'k', '\0', + /* "yourforex.org", true */ 'y', 'o', 'u', 'r', 'f', 'o', 'r', 'e', 'x', '.', 'o', 'r', 'g', '\0', + /* "yourgames.tv", true */ 'y', 'o', 'u', 'r', 'g', 'a', 'm', 'e', 's', '.', 't', 'v', '\0', + /* "yoursbookstore.jp", true */ 'y', 'o', 'u', 'r', 's', 'b', 'o', 'o', 'k', 's', 't', 'o', 'r', 'e', '.', 'j', 'p', '\0', + /* "yourself.today", true */ 'y', 'o', 'u', 'r', 's', 'e', 'l', 'f', '.', 't', 'o', 'd', 'a', 'y', '\0', + /* "yourticketbooking.com", true */ 'y', 'o', 'u', 'r', 't', 'i', 'c', 'k', 'e', 't', 'b', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "youruseragent.info", true */ 'y', 'o', 'u', 'r', 'u', 's', 'e', 'r', 'a', 'g', 'e', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0', + /* "yout.com", true */ 'y', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0', + /* "youth2009.org", true */ 'y', 'o', 'u', 't', 'h', '2', '0', '0', '9', '.', 'o', 'r', 'g', '\0', + /* "youtous.me", true */ 'y', 'o', 'u', 't', 'o', 'u', 's', '.', 'm', 'e', '\0', + /* "youtsuu-raku.com", true */ 'y', 'o', 'u', 't', 's', 'u', 'u', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "youtube.com", true */ 'y', 'o', 'u', 't', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0', + /* "youtubedownloader.com", true */ 'y', 'o', 'u', 't', 'u', 'b', 'e', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "youwatchporn.com", true */ 'y', 'o', 'u', 'w', 'a', 't', 'c', 'h', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0', + /* "yoxall.me.uk", true */ 'y', 'o', 'x', 'a', 'l', 'l', '.', 'm', 'e', '.', 'u', 'k', '\0', + /* "yoyoost.duckdns.org", true */ 'y', 'o', 'y', 'o', 'o', 's', 't', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "ypart.eu", true */ 'y', 'p', 'a', 'r', 't', '.', 'e', 'u', '\0', + /* "ypcs.fi", true */ 'y', 'p', 'c', 's', '.', 'f', 'i', '\0', + /* "ypid.de", true */ 'y', 'p', 'i', 'd', '.', 'd', 'e', '\0', + /* "yplanapp.com", true */ 'y', 'p', 'l', 'a', 'n', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "yqjf68.com", true */ 'y', 'q', 'j', 'f', '6', '8', '.', 'c', 'o', 'm', '\0', + /* "yr166166.com", true */ 'y', 'r', '1', '6', '6', '1', '6', '6', '.', 'c', 'o', 'm', '\0', + /* "yryz.net", true */ 'y', 'r', 'y', 'z', '.', 'n', 'e', 't', '\0', + /* "ys-shop.biz", true */ 'y', 's', '-', 's', 'h', 'o', 'p', '.', 'b', 'i', 'z', '\0', + /* "ysicorp.com", true */ 'y', 's', 'i', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0', + /* "yslbeauty.com", true */ 'y', 's', 'l', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "ytb.zone", true */ 'y', 't', 'b', '.', 'z', 'o', 'n', 'e', '\0', + /* "ytbmp3.com", true */ 'y', 't', 'b', 'm', 'p', '3', '.', 'c', 'o', 'm', '\0', + /* "ytbmp4.com", true */ 'y', 't', 'b', 'm', 'p', '4', '.', 'c', 'o', 'm', '\0', + /* "ytec.ca", true */ 'y', 't', 'e', 'c', '.', 'c', 'a', '\0', + /* "ythyth.com", true */ 'y', 't', 'h', 'y', 't', 'h', '.', 'c', 'o', 'm', '\0', + /* "ytpak.com", true */ 'y', 't', 'p', 'a', 'k', '.', 'c', 'o', 'm', '\0', + /* "ytpak.pk", true */ 'y', 't', 'p', 'a', 'k', '.', 'p', 'k', '\0', + /* "ytreza.fr", true */ 'y', 't', 'r', 'e', 'z', 'a', '.', 'f', 'r', '\0', + /* "ytuquelees.net", true */ 'y', 't', 'u', 'q', 'u', 'e', 'l', 'e', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "yu.gg", false */ 'y', 'u', '.', 'g', 'g', '\0', + /* "yu.vc", true */ 'y', 'u', '.', 'v', 'c', '\0', + /* "yuan.ga", true */ 'y', 'u', 'a', 'n', '.', 'g', 'a', '\0', + /* "yuanben.io", true */ 'y', 'u', 'a', 'n', 'b', 'e', 'n', '.', 'i', 'o', '\0', + /* "yuanbenlian.com", true */ 'y', 'u', 'a', 'n', 'b', 'e', 'n', 'l', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "yubi.co", true */ 'y', 'u', 'b', 'i', '.', 'c', 'o', '\0', + /* "yubicloud.io", true */ 'y', 'u', 'b', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'i', 'o', '\0', + /* "yubico.ae", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'a', 'e', '\0', + /* "yubico.at", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'a', 't', '\0', + /* "yubico.be", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'b', 'e', '\0', + /* "yubico.biz", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'b', 'i', 'z', '\0', + /* "yubico.cloud", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'l', 'o', 'u', 'd', '\0', + /* "yubico.co.in", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'o', '.', 'i', 'n', '\0', + /* "yubico.co.uk", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "yubico.com", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0', + /* "yubico.dk", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'd', 'k', '\0', + /* "yubico.es", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'e', 's', '\0', + /* "yubico.fi", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'f', 'i', '\0', + /* "yubico.in", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'i', 'n', '\0', + /* "yubico.info", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'i', 'n', 'f', 'o', '\0', + /* "yubico.io", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'i', 'o', '\0', + /* "yubico.mobi", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'm', 'o', 'b', 'i', '\0', + /* "yubico.net", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'n', 'e', 't', '\0', + /* "yubico.online", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0', + /* "yubico.org", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'o', 'r', 'g', '\0', + /* "yubico.sg", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 's', 'g', '\0', + /* "yubico.uk", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'u', 'k', '\0', + /* "yubico.us", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'u', 's', '\0', + /* "yubicodemo.com", true */ 'y', 'u', 'b', 'i', 'c', 'o', 'd', 'e', 'm', 'o', '.', 'c', 'o', 'm', '\0', + /* "yubikey.ae", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'a', 'e', '\0', + /* "yubikey.asia", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'a', 's', 'i', 'a', '\0', + /* "yubikey.at", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'a', 't', '\0', + /* "yubikey.com", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0', + /* "yubikey.dk", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'd', 'k', '\0', + /* "yubikey.fi", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'f', 'i', '\0', + /* "yubikey.io", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'i', 'o', '\0', + /* "yubikey.org", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'o', 'r', 'g', '\0', + /* "yubikey.sg", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 's', 'g', '\0', + /* "yubikey.us", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'u', 's', '\0', + /* "yubiking.com", true */ 'y', 'u', 'b', 'i', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "yue.la", true */ 'y', 'u', 'e', '.', 'l', 'a', '\0', + /* "yue2.net", true */ 'y', 'u', 'e', '2', '.', 'n', 'e', 't', '\0', + /* "yugege.cf", true */ 'y', 'u', 'g', 'e', 'g', 'e', '.', 'c', 'f', '\0', + /* "yuhuo.org", true */ 'y', 'u', 'h', 'u', 'o', '.', 'o', 'r', 'g', '\0', + /* "yuka.one", true */ 'y', 'u', 'k', 'a', '.', 'o', 'n', 'e', '\0', + /* "yuki.xyz", true */ 'y', 'u', 'k', 'i', '.', 'x', 'y', 'z', '\0', + /* "yukonconnector.com", true */ 'y', 'u', 'k', 'o', 'n', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "yukonlip.com", true */ 'y', 'u', 'k', 'o', 'n', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0', + /* "yukontec.com", true */ 'y', 'u', 'k', 'o', 'n', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0', + /* "yumeconcert.com", true */ 'y', 'u', 'm', 'e', 'c', 'o', 'n', 'c', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "yuna.love", true */ 'y', 'u', 'n', 'a', '.', 'l', 'o', 'v', 'e', '\0', + /* "yuna.tg", true */ 'y', 'u', 'n', 'a', '.', 't', 'g', '\0', + /* "yunity.org", true */ 'y', 'u', 'n', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "yunjishou.pro", true */ 'y', 'u', 'n', 'j', 'i', 's', 'h', 'o', 'u', '.', 'p', 'r', 'o', '\0', + /* "yuricarlenzoli.it", true */ 'y', 'u', 'r', 'i', 'c', 'a', 'r', 'l', 'e', 'n', 'z', 'o', 'l', 'i', '.', 'i', 't', '\0', + /* "yurikirin.me", true */ 'y', 'u', 'r', 'i', 'k', 'i', 'r', 'i', 'n', '.', 'm', 'e', '\0', + /* "yurimoens.be", true */ 'y', 'u', 'r', 'i', 'm', 'o', 'e', 'n', 's', '.', 'b', 'e', '\0', + /* "yurinet.org", true */ 'y', 'u', 'r', 'i', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "yusa.me", true */ 'y', 'u', 's', 'a', '.', 'm', 'e', '\0', + /* "yutakato.net", true */ 'y', 'u', 't', 'a', 'k', 'a', 't', 'o', '.', 'n', 'e', 't', '\0', + /* "yutangyun.com", true */ 'y', 'u', 't', 'a', 'n', 'g', 'y', 'u', 'n', '.', 'c', 'o', 'm', '\0', + /* "yutuo.net", true */ 'y', 'u', 't', 'u', 'o', '.', 'n', 'e', 't', '\0', + /* "yuwei.org", true */ 'y', 'u', 'w', 'e', 'i', '.', 'o', 'r', 'g', '\0', + /* "yuxingxin.com", true */ 'y', 'u', 'x', 'i', 'n', 'g', 'x', 'i', 'n', '.', 'c', 'o', 'm', '\0', + /* "yuxuan.org", true */ 'y', 'u', 'x', 'u', 'a', 'n', '.', 'o', 'r', 'g', '\0', + /* "yuyu.io", true */ 'y', 'u', 'y', 'u', '.', 'i', 'o', '\0', + /* "yuzu.tk", true */ 'y', 'u', 'z', 'u', '.', 't', 'k', '\0', + /* "yveshield.com", true */ 'y', 'v', 'e', 's', 'h', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0', + /* "yveslegendre.fr", true */ 'y', 'v', 'e', 's', 'l', 'e', 'g', 'e', 'n', 'd', 'r', 'e', '.', 'f', 'r', '\0', + /* "yvesx.com", true */ 'y', 'v', 'e', 's', 'x', '.', 'c', 'o', 'm', '\0', + /* "yvonnehaeusser.de", true */ 'y', 'v', 'o', 'n', 'n', 'e', 'h', 'a', 'e', 'u', 's', 's', 'e', 'r', '.', 'd', 'e', '\0', + /* "yyc.city", true */ 'y', 'y', 'c', '.', 'c', 'i', 't', 'y', '\0', + /* "yyyy.xyz", true */ 'y', 'y', 'y', 'y', '.', 'x', 'y', 'z', '\0', + /* "yzimroni.net", true */ 'y', 'z', 'i', 'm', 'r', 'o', 'n', 'i', '.', 'n', 'e', 't', '\0', + /* "z-coder.com", true */ 'z', '-', 'c', 'o', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "z-konzept-nutrition.ru", true */ 'z', '-', 'k', 'o', 'n', 'z', 'e', 'p', 't', '-', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'r', 'u', '\0', + /* "z-vector.com", true */ 'z', '-', 'v', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "z.ai", true */ 'z', '.', 'a', 'i', '\0', + /* "z0rro.net", true */ 'z', '0', 'r', 'r', 'o', '.', 'n', 'e', 't', '\0', + /* "z1h.de", true */ 'z', '1', 'h', '.', 'd', 'e', '\0', + /* "z33.ch", true */ 'z', '3', '3', '.', 'c', 'h', '\0', + /* "z4k.de", true */ 'z', '4', 'k', '.', 'd', 'e', '\0', + /* "z99944x.xyz", true */ 'z', '9', '9', '9', '4', '4', 'x', '.', 'x', 'y', 'z', '\0', + /* "za.search.yahoo.com", false */ 'z', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "zaalleatherwear.nl", false */ 'z', 'a', 'a', 'l', 'l', 'e', 'a', 't', 'h', 'e', 'r', 'w', 'e', 'a', 'r', '.', 'n', 'l', '\0', + /* "zabszk.net", true */ 'z', 'a', 'b', 's', 'z', 'k', '.', 'n', 'e', 't', '\0', + /* "zabukovnik.net", true */ 'z', 'a', 'b', 'u', 'k', 'o', 'v', 'n', 'i', 'k', '.', 'n', 'e', 't', '\0', + /* "zacarias.com.ar", true */ 'z', 'a', 'c', 'a', 'r', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0', + /* "zacavi.com.br", true */ 'z', 'a', 'c', 'a', 'v', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "zach.codes", true */ 'z', 'a', 'c', 'h', '.', 'c', 'o', 'd', 'e', 's', '\0', + /* "zacharopoulos.eu", false */ 'z', 'a', 'c', 'h', 'a', 'r', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'e', 'u', '\0', + /* "zacharopoulos.me", false */ 'z', 'a', 'c', 'h', 'a', 'r', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'm', 'e', '\0', + /* "zacharopoulos.org", false */ 'z', 'a', 'c', 'h', 'a', 'r', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'o', 'r', 'g', '\0', + /* "zachaysan.com", true */ 'z', 'a', 'c', 'h', 'a', 'y', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "zachborboa.com", true */ 'z', 'a', 'c', 'h', 'b', 'o', 'r', 'b', 'o', 'a', '.', 'c', 'o', 'm', '\0', + /* "zachgibbens.org", true */ 'z', 'a', 'c', 'h', 'g', 'i', 'b', 'b', 'e', 'n', 's', '.', 'o', 'r', 'g', '\0', + /* "zachpeters.org", true */ 'z', 'a', 'c', 'h', 'p', 'e', 't', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0', + /* "zaclys.com", true */ 'z', 'a', 'c', 'l', 'y', 's', '.', 'c', 'o', 'm', '\0', + /* "zadarkside.ro", true */ 'z', 'a', 'd', 'a', 'r', 'k', 's', 'i', 'd', 'e', '.', 'r', 'o', '\0', + /* "zadroweb.com", true */ 'z', 'a', 'd', 'r', 'o', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0', + /* "zafirus.name", true */ 'z', 'a', 'f', 'i', 'r', 'u', 's', '.', 'n', 'a', 'm', 'e', '\0', + /* "zahe.me", true */ 'z', 'a', 'h', 'e', '.', 'm', 'e', '\0', + /* "zahyantechnologies.com", false */ 'z', 'a', 'h', 'y', 'a', 'n', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "zaidan.de", true */ 'z', 'a', 'i', 'd', 'a', 'n', '.', 'd', 'e', '\0', + /* "zaidan.eu", true */ 'z', 'a', 'i', 'd', 'a', 'n', '.', 'e', 'u', '\0', + /* "zaidanfood.com", true */ 'z', 'a', 'i', 'd', 'a', 'n', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0', + /* "zaidanfood.eu", true */ 'z', 'a', 'i', 'd', 'a', 'n', 'f', 'o', 'o', 'd', '.', 'e', 'u', '\0', + /* "zaidanlebensmittelhandel.de", true */ 'z', 'a', 'i', 'd', 'a', 'n', 'l', 'e', 'b', 'e', 'n', 's', 'm', 'i', 't', 't', 'e', 'l', 'h', 'a', 'n', 'd', 'e', 'l', '.', 'd', 'e', '\0', + /* "zajazd.biz", true */ 'z', 'a', 'j', 'a', 'z', 'd', '.', 'b', 'i', 'z', '\0', + /* "zakcutner.uk", true */ 'z', 'a', 'k', 'c', 'u', 't', 'n', 'e', 'r', '.', 'u', 'k', '\0', + /* "zakladam.cz", true */ 'z', 'a', 'k', 'l', 'a', 'd', 'a', 'm', '.', 'c', 'z', '\0', + /* "zakmccrac.de", true */ 'z', 'a', 'k', 'm', 'c', 'c', 'r', 'a', 'c', '.', 'd', 'e', '\0', + /* "zakr.es", true */ 'z', 'a', 'k', 'r', '.', 'e', 's', '\0', + /* "zakspartiesandevents.com", true */ 'z', 'a', 'k', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', 'a', 'n', 'd', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0', + /* "zalamea.ph", true */ 'z', 'a', 'l', 'a', 'm', 'e', 'a', '.', 'p', 'h', '\0', + /* "zalan.do", true */ 'z', 'a', 'l', 'a', 'n', '.', 'd', 'o', '\0', + /* "zamis.net", true */ 'z', 'a', 'm', 'i', 's', '.', 'n', 'e', 't', '\0', + /* "zamocosmeticos.com.br", true */ 'z', 'a', 'm', 'o', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "zamow.co", true */ 'z', 'a', 'm', 'o', 'w', '.', 'c', 'o', '\0', + /* "zandcell.com", true */ 'z', 'a', 'n', 'd', 'c', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0', + /* "zanthra.com", true */ 'z', 'a', 'n', 't', 'h', 'r', 'a', '.', 'c', 'o', 'm', '\0', + /* "zapier.com", true */ 'z', 'a', 'p', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "zappbuildapps.com", false */ 'z', 'a', 'p', 'p', 'b', 'u', 'i', 'l', 'd', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "zaratan.fr", true */ 'z', 'a', 'r', 'a', 't', 'a', 'n', '.', 'f', 'r', '\0', + /* "zargaripour.com", true */ 'z', 'a', 'r', 'g', 'a', 'r', 'i', 'p', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0', + /* "zarmarket.org", true */ 'z', 'a', 'r', 'm', 'a', 'r', 'k', 'e', 't', '.', 'o', 'r', 'g', '\0', + /* "zarpo.com.br", true */ 'z', 'a', 'r', 'p', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "zary.me", true */ 'z', 'a', 'r', 'y', '.', 'm', 'e', '\0', + /* "zaufanatrzeciastrona.pl", true */ 'z', 'a', 'u', 'f', 'a', 'n', 'a', 't', 'r', 'z', 'e', 'c', 'i', 'a', 's', 't', 'r', 'o', 'n', 'a', '.', 'p', 'l', '\0', + /* "zavec.com.ec", true */ 'z', 'a', 'v', 'e', 'c', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0', + /* "zavetaji.lv", true */ 'z', 'a', 'v', 'e', 't', 'a', 'j', 'i', '.', 'l', 'v', '\0', + /* "zawo-electric.de", true */ 'z', 'a', 'w', 'o', '-', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'd', 'e', '\0', + /* "zberger.com", true */ 'z', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "zbetcheck.in", true */ 'z', 'b', 'e', 't', 'c', 'h', 'e', 'c', 'k', '.', 'i', 'n', '\0', + /* "zbp.at", false */ 'z', 'b', 'p', '.', 'a', 't', '\0', + /* "zbrane-doplnky.cz", true */ 'z', 'b', 'r', 'a', 'n', 'e', '-', 'd', 'o', 'p', 'l', 'n', 'k', 'y', '.', 'c', 'z', '\0', + /* "zby.io", true */ 'z', 'b', 'y', '.', 'i', 'o', '\0', + /* "zbyga.cz", true */ 'z', 'b', 'y', 'g', 'a', '.', 'c', 'z', '\0', + /* "zbyte.it", false */ 'z', 'b', 'y', 't', 'e', '.', 'i', 't', '\0', + /* "zcarot.com", true */ 'z', 'c', 'a', 'r', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "zcarrot.com", true */ 'z', 'c', 'a', 'r', 'r', 'o', 't', '.', 'c', 'o', 'm', '\0', + /* "zcgram.com", true */ 'z', 'c', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0', + /* "zcon.nl", true */ 'z', 'c', 'o', 'n', '.', 'n', 'l', '\0', + /* "zcr.ca", true */ 'z', 'c', 'r', '.', 'c', 'a', '\0', + /* "zdbl.de", true */ 'z', 'd', 'b', 'l', '.', 'd', 'e', '\0', + /* "zdenekspacek.cz", true */ 'z', 'd', 'e', 'n', 'e', 'k', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'z', '\0', + /* "zdorovayasimya.com", true */ 'z', 'd', 'o', 'r', 'o', 'v', 'a', 'y', 'a', 's', 'i', 'm', 'y', 'a', '.', 'c', 'o', 'm', '\0', + /* "zdravesteny.cz", true */ 'z', 'd', 'r', 'a', 'v', 'e', 's', 't', 'e', 'n', 'y', '.', 'c', 'z', '\0', + /* "zdrojak.cz", true */ 'z', 'd', 'r', 'o', 'j', 'a', 'k', '.', 'c', 'z', '\0', + /* "zdx.ch", true */ 'z', 'd', 'x', '.', 'c', 'h', '\0', + /* "ze3kr.com", true */ 'z', 'e', '3', 'k', 'r', '.', 'c', 'o', 'm', '\0', + /* "zeb.fun", true */ 'z', 'e', 'b', '.', 'f', 'u', 'n', '\0', + /* "zebedeescastles.co.uk", true */ 'z', 'e', 'b', 'e', 'd', 'e', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "zeds-official.com", true */ 'z', 'e', 'd', 's', '-', 'o', 'f', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0', + /* "zeebrieshoekvanholland.nl", true */ 'z', 'e', 'e', 'b', 'r', 'i', 'e', 's', 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0', + /* "zeel.com", true */ 'z', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0', + /* "zeguigui.com", true */ 'z', 'e', 'g', 'u', 'i', 'g', 'u', 'i', '.', 'c', 'o', 'm', '\0', + /* "zehdenick-bleibt-bunt.de", true */ 'z', 'e', 'h', 'd', 'e', 'n', 'i', 'c', 'k', '-', 'b', 'l', 'e', 'i', 'b', 't', '-', 'b', 'u', 'n', 't', '.', 'd', 'e', '\0', + /* "zeilenmethans.nl", true */ 'z', 'e', 'i', 'l', 'e', 'n', 'm', 'e', 't', 'h', 'a', 'n', 's', '.', 'n', 'l', '\0', + /* "zeilles.nu", true */ 'z', 'e', 'i', 'l', 'l', 'e', 's', '.', 'n', 'u', '\0', + /* "zeitoununiversity.org", true */ 'z', 'e', 'i', 't', 'o', 'u', 'n', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0', + /* "zeitpunkt-kulturmagazin.de", true */ 'z', 'e', 'i', 't', 'p', 'u', 'n', 'k', 't', '-', 'k', 'u', 'l', 't', 'u', 'r', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0', + /* "zekinteractive.com", true */ 'z', 'e', 'k', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0', + /* "zelezny.uk", false */ 'z', 'e', 'l', 'e', 'z', 'n', 'y', '.', 'u', 'k', '\0', + /* "zelfrijdendeautos.com", true */ 'z', 'e', 'l', 'f', 'r', 'i', 'j', 'd', 'e', 'n', 'd', 'e', 'a', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '\0', + /* "zellari.ru", true */ 'z', 'e', 'l', 'l', 'a', 'r', 'i', '.', 'r', 'u', '\0', + /* "zeloz.xyz", true */ 'z', 'e', 'l', 'o', 'z', '.', 'x', 'y', 'z', '\0', + /* "zemlova.cz", true */ 'z', 'e', 'm', 'l', 'o', 'v', 'a', '.', 'c', 'z', '\0', + /* "zen-diez.de", true */ 'z', 'e', 'n', '-', 'd', 'i', 'e', 'z', '.', 'd', 'e', '\0', + /* "zen-ume.com", true */ 'z', 'e', 'n', '-', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0', + /* "zenfusion.fr", true */ 'z', 'e', 'n', 'f', 'u', 's', 'i', 'o', 'n', '.', 'f', 'r', '\0', + /* "zenics.co.uk", true */ 'z', 'e', 'n', 'i', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "zenithmedia.ca", true */ 'z', 'e', 'n', 'i', 't', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'a', '\0', + /* "zenk-security.com", true */ 'z', 'e', 'n', 'k', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0', + /* "zenlogic.com", true */ 'z', 'e', 'n', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0', + /* "zenmate.com.tr", true */ 'z', 'e', 'n', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 't', 'r', '\0', + /* "zeno-system.com", true */ 'z', 'e', 'n', 'o', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0', + /* "zenofa.co.id", true */ 'z', 'e', 'n', 'o', 'f', 'a', '.', 'c', 'o', '.', 'i', 'd', '\0', + /* "zentask.io", true */ 'z', 'e', 'n', 't', 'a', 's', 'k', '.', 'i', 'o', '\0', + /* "zenvideocloud.com", true */ 'z', 'e', 'n', 'v', 'i', 'd', 'e', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0', + /* "zenycosta.com", true */ 'z', 'e', 'n', 'y', 'c', 'o', 's', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "zepect.com", true */ 'z', 'e', 'p', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0', + /* "zeplin.io", true */ 'z', 'e', 'p', 'l', 'i', 'n', '.', 'i', 'o', '\0', + /* "zer0-day.pw", true */ 'z', 'e', 'r', '0', '-', 'd', 'a', 'y', '.', 'p', 'w', '\0', + /* "zer0.de", true */ 'z', 'e', 'r', '0', '.', 'd', 'e', '\0', + /* "zero-sum.xyz", true */ 'z', 'e', 'r', 'o', '-', 's', 'u', 'm', '.', 'x', 'y', 'z', '\0', + /* "zerobounce.net", true */ 'z', 'e', 'r', 'o', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0', + /* "zerocool.io", true */ 'z', 'e', 'r', 'o', 'c', 'o', 'o', 'l', '.', 'i', 'o', '\0', + /* "zerofy.de", true */ 'z', 'e', 'r', 'o', 'f', 'y', '.', 'd', 'e', '\0', + /* "zeroling.com", true */ 'z', 'e', 'r', 'o', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "zeronet.io", true */ 'z', 'e', 'r', 'o', 'n', 'e', 't', '.', 'i', 'o', '\0', + /* "zeropush.com", true */ 'z', 'e', 'r', 'o', 'p', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0', + /* "zerossl.com", true */ 'z', 'e', 'r', 'o', 's', 's', 'l', '.', 'c', 'o', 'm', '\0', + /* "zertif.info", true */ 'z', 'e', 'r', 't', 'i', 'f', '.', 'i', 'n', 'f', 'o', '\0', + /* "zertitude.com", true */ 'z', 'e', 'r', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "zeryn.net", true */ 'z', 'e', 'r', 'y', 'n', '.', 'n', 'e', 't', '\0', + /* "zespia.tw", false */ 'z', 'e', 's', 'p', 'i', 'a', '.', 't', 'w', '\0', + /* "zestylemon.co.uk", true */ 'z', 'e', 's', 't', 'y', 'l', 'e', 'm', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "zetamode.com", true */ 'z', 'e', 't', 'a', 'm', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "zetorzeszow.pl", false */ 'z', 'e', 't', 'o', 'r', 'z', 'e', 's', 'z', 'o', 'w', '.', 'p', 'l', '\0', + /* "zetrov.pl", true */ 'z', 'e', 't', 'r', 'o', 'v', '.', 'p', 'l', '\0', + /* "zettaplan.ru", true */ 'z', 'e', 't', 't', 'a', 'p', 'l', 'a', 'n', '.', 'r', 'u', '\0', + /* "zettlmeissl.de", true */ 'z', 'e', 't', 't', 'l', 'm', 'e', 'i', 's', 's', 'l', '.', 'd', 'e', '\0', + /* "zeug.co", true */ 'z', 'e', 'u', 'g', '.', 'c', 'o', '\0', + /* "zevelev.net", true */ 'z', 'e', 'v', 'e', 'l', 'e', 'v', '.', 'n', 'e', 't', '\0', + /* "zewtie.com", true */ 'z', 'e', 'w', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "zfast.com.br", true */ 'z', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "zfly.me", true */ 'z', 'f', 'l', 'y', '.', 'm', 'e', '\0', + /* "zfo.gg", true */ 'z', 'f', 'o', '.', 'g', 'g', '\0', + /* "zfree.co.nz", true */ 'z', 'f', 'r', 'e', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0', + /* "zgrep.org", true */ 'z', 'g', 'r', 'e', 'p', '.', 'o', 'r', 'g', '\0', + /* "zh.search.yahoo.com", false */ 'z', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0', + /* "zhang-hao.com", true */ 'z', 'h', 'a', 'n', 'g', '-', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "zhang.nz", true */ 'z', 'h', 'a', 'n', 'g', '.', 'n', 'z', '\0', + /* "zhanghao.me", true */ 'z', 'h', 'a', 'n', 'g', 'h', 'a', 'o', '.', 'm', 'e', '\0', + /* "zhangsidan.com", true */ 'z', 'h', 'a', 'n', 'g', 's', 'i', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "zhangyuhao.com", true */ 'z', 'h', 'a', 'n', 'g', 'y', 'u', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0', + /* "zhangzifan.com", true */ 'z', 'h', 'a', 'n', 'g', 'z', 'i', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0', + /* "zhaofeng.li", true */ 'z', 'h', 'a', 'o', 'f', 'e', 'n', 'g', '.', 'l', 'i', '\0', + /* "zhaoxixiangban.cc", true */ 'z', 'h', 'a', 'o', 'x', 'i', 'x', 'i', 'a', 'n', 'g', 'b', 'a', 'n', '.', 'c', 'c', '\0', + /* "zhen-chen.com", true */ 'z', 'h', 'e', 'n', '-', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "zhengjie.com", true */ 'z', 'h', 'e', 'n', 'g', 'j', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "zhiku8.com", true */ 'z', 'h', 'i', 'k', 'u', '8', '.', 'c', 'o', 'm', '\0', + /* "zhima.io", true */ 'z', 'h', 'i', 'm', 'a', '.', 'i', 'o', '\0', + /* "zhitanska.com", true */ 'z', 'h', 'i', 't', 'a', 'n', 's', 'k', 'a', '.', 'c', 'o', 'm', '\0', + /* "zhovner.com", true */ 'z', 'h', 'o', 'v', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "zhuji.com", true */ 'z', 'h', 'u', 'j', 'i', '.', 'c', 'o', 'm', '\0', + /* "zhujicaihong.com", true */ 'z', 'h', 'u', 'j', 'i', 'c', 'a', 'i', 'h', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0', + /* "zi.is", true */ 'z', 'i', '.', 'i', 's', '\0', + /* "ziegler-family.com", true */ 'z', 'i', 'e', 'g', 'l', 'e', 'r', '-', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0', + /* "ziegler-heizung-frankfurt.de", true */ 'z', 'i', 'e', 'g', 'l', 'e', 'r', '-', 'h', 'e', 'i', 'z', 'u', 'n', 'g', '-', 'f', 'r', 'a', 'n', 'k', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0', + /* "ziemlich-zackig.de", true */ 'z', 'i', 'e', 'm', 'l', 'i', 'c', 'h', '-', 'z', 'a', 'c', 'k', 'i', 'g', '.', 'd', 'e', '\0', + /* "ziemlichzackig.de", true */ 'z', 'i', 'e', 'm', 'l', 'i', 'c', 'h', 'z', 'a', 'c', 'k', 'i', 'g', '.', 'd', 'e', '\0', + /* "zigi.io", true */ 'z', 'i', 'g', 'i', '.', 'i', 'o', '\0', + /* "zigzagmart.com", true */ 'z', 'i', 'g', 'z', 'a', 'g', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0', + /* "ziin.de", false */ 'z', 'i', 'i', 'n', '.', 'd', 'e', '\0', + /* "zijung.me", true */ 'z', 'i', 'j', 'u', 'n', 'g', '.', 'm', 'e', '\0', + /* "zillertaleralpen.net", true */ 'z', 'i', 'l', 'l', 'e', 'r', 't', 'a', 'l', 'e', 'r', 'a', 'l', 'p', 'e', 'n', '.', 'n', 'e', 't', '\0', + /* "zilon.com.co", true */ 'z', 'i', 'l', 'o', 'n', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0', + /* "zilore.com", true */ 'z', 'i', 'l', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "zilsen.com", true */ 'z', 'i', 'l', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0', + /* "zima.io", true */ 'z', 'i', 'm', 'a', '.', 'i', 'o', '\0', + /* "zimiao.moe", true */ 'z', 'i', 'm', 'i', 'a', 'o', '.', 'm', 'o', 'e', '\0', + /* "zingarastore.com", true */ 'z', 'i', 'n', 'g', 'a', 'r', 'a', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0', + /* "zingjerijk.nl", true */ 'z', 'i', 'n', 'g', 'j', 'e', 'r', 'i', 'j', 'k', '.', 'n', 'l', '\0', + /* "zinniamay.com", true */ 'z', 'i', 'n', 'n', 'i', 'a', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0', + /* "zinoui.com", true */ 'z', 'i', 'n', 'o', 'u', 'i', '.', 'c', 'o', 'm', '\0', + /* "ziondrive.com.br", true */ 'z', 'i', 'o', 'n', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "zionvps.com", false */ 'z', 'i', 'o', 'n', 'v', 'p', 's', '.', 'c', 'o', 'm', '\0', + /* "zip.ch", true */ 'z', 'i', 'p', '.', 'c', 'h', '\0', + /* "ziptie.com", true */ 'z', 'i', 'p', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0', + /* "zircode.com", true */ 'z', 'i', 'r', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "ziroh.be", true */ 'z', 'i', 'r', 'o', 'h', '.', 'b', 'e', '\0', + /* "zittingskalender.be", true */ 'z', 'i', 't', 't', 'i', 'n', 'g', 's', 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'b', 'e', '\0', + /* "zivava.ge", true */ 'z', 'i', 'v', 'a', 'v', 'a', '.', 'g', 'e', '\0', + /* "zivmergers.com", true */ 'z', 'i', 'v', 'm', 'e', 'r', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0', + /* "zivver.com", true */ 'z', 'i', 'v', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0', + /* "zivyruzenec.cz", false */ 'z', 'i', 'v', 'y', 'r', 'u', 'z', 'e', 'n', 'e', 'c', '.', 'c', 'z', '\0', + /* "zixiao.wang", true */ 'z', 'i', 'x', 'i', 'a', 'o', '.', 'w', 'a', 'n', 'g', '\0', + /* "zixo.sk", true */ 'z', 'i', 'x', 'o', '.', 's', 'k', '\0', + /* "zk.gd", true */ 'z', 'k', '.', 'g', 'd', '\0', + /* "zk9.nl", true */ 'z', 'k', '9', '.', 'n', 'l', '\0', + /* "zkrypt.cc", true */ 'z', 'k', 'r', 'y', 'p', 't', '.', 'c', 'c', '\0', + /* "zlatakus.cz", true */ 'z', 'l', 'a', 't', 'a', 'k', 'u', 's', '.', 'c', 'z', '\0', + /* "zlatosnadno.cz", true */ 'z', 'l', 'a', 't', 'o', 's', 'n', 'a', 'd', 'n', 'o', '.', 'c', 'z', '\0', + /* "zlavomat.sk", true */ 'z', 'l', 'a', 'v', 'o', 'm', 'a', 't', '.', 's', 'k', '\0', + /* "zlc1994.com", true */ 'z', 'l', 'c', '1', '9', '9', '4', '.', 'c', 'o', 'm', '\0', + /* "zlima12.com", true */ 'z', 'l', 'i', 'm', 'a', '1', '2', '.', 'c', 'o', 'm', '\0', + /* "znation.nl", true */ 'z', 'n', 'a', 't', 'i', 'o', 'n', '.', 'n', 'l', '\0', + /* "zning.net.cn", true */ 'z', 'n', 'i', 'n', 'g', '.', 'n', 'e', 't', '.', 'c', 'n', '\0', + /* "zockenbiszumumfallen.de", true */ 'z', 'o', 'c', 'k', 'e', 'n', 'b', 'i', 's', 'z', 'u', 'm', 'u', 'm', 'f', 'a', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0', + /* "zodiacohouses.com", true */ 'z', 'o', 'd', 'i', 'a', 'c', 'o', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "zoeller.me", true */ 'z', 'o', 'e', 'l', 'l', 'e', 'r', '.', 'm', 'e', '\0', + /* "zohar.shop", true */ 'z', 'o', 'h', 'a', 'r', '.', 's', 'h', 'o', 'p', '\0', + /* "zohar.wang", true */ 'z', 'o', 'h', 'a', 'r', '.', 'w', 'a', 'n', 'g', '\0', + /* "zoigl.club", true */ 'z', 'o', 'i', 'g', 'l', '.', 'c', 'l', 'u', 'b', '\0', + /* "zojadravai.com", true */ 'z', 'o', 'j', 'a', 'd', 'r', 'a', 'v', 'a', 'i', '.', 'c', 'o', 'm', '\0', + /* "zoki.art", true */ 'z', 'o', 'k', 'i', '.', 'a', 'r', 't', '\0', + /* "zollihood.ch", true */ 'z', 'o', 'l', 'l', 'i', 'h', 'o', 'o', 'd', '.', 'c', 'h', '\0', + /* "zolokar.xyz", true */ 'z', 'o', 'l', 'o', 'k', 'a', 'r', '.', 'x', 'y', 'z', '\0', + /* "zombiesecured.com", true */ 'z', 'o', 'm', 'b', 'i', 'e', 's', 'e', 'c', 'u', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0', + /* "zomerschoen.nl", true */ 'z', 'o', 'm', 'e', 'r', 's', 'c', 'h', 'o', 'e', 'n', '.', 'n', 'l', '\0', + /* "zonadebolsa.es", true */ 'z', 'o', 'n', 'a', 'd', 'e', 'b', 'o', 'l', 's', 'a', '.', 'e', 's', '\0', + /* "zone-produkte.de", false */ 'z', 'o', 'n', 'e', '-', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', '.', 'd', 'e', '\0', + /* "zone39.com", true */ 'z', 'o', 'n', 'e', '3', '9', '.', 'c', 'o', 'm', '\0', + /* "zonecb.com", true */ 'z', 'o', 'n', 'e', 'c', 'b', '.', 'c', 'o', 'm', '\0', + /* "zonemaster.fr", true */ 'z', 'o', 'n', 'e', 'm', 'a', 's', 't', 'e', 'r', '.', 'f', 'r', '\0', + /* "zonemaster.net", true */ 'z', 'o', 'n', 'e', 'm', 'a', 's', 't', 'e', 'r', '.', 'n', 'e', 't', '\0', + /* "zonesec.org", true */ 'z', 'o', 'n', 'e', 's', 'e', 'c', '.', 'o', 'r', 'g', '\0', + /* "zonglovani.info", true */ 'z', 'o', 'n', 'g', 'l', 'o', 'v', 'a', 'n', 'i', '.', 'i', 'n', 'f', 'o', '\0', + /* "zoo.city", true */ 'z', 'o', 'o', '.', 'c', 'i', 't', 'y', '\0', + /* "zoofit.com.au", true */ 'z', 'o', 'o', 'f', 'i', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0', + /* "zooish.net", true */ 'z', 'o', 'o', 'i', 's', 'h', '.', 'n', 'e', 't', '\0', + /* "zoola.io", true */ 'z', 'o', 'o', 'l', 'a', '.', 'i', 'o', '\0', + /* "zoological-gardens.eu", true */ 'z', 'o', 'o', 'l', 'o', 'g', 'i', 'c', 'a', 'l', '-', 'g', 'a', 'r', 'd', 'e', 'n', 's', '.', 'e', 'u', '\0', + /* "zoom.earth", true */ 'z', 'o', 'o', 'm', '.', 'e', 'a', 'r', 't', 'h', '\0', + /* "zoomek.com", true */ 'z', 'o', 'o', 'm', 'e', 'k', '.', 'c', 'o', 'm', '\0', + /* "zoomseoservices.com", true */ 'z', 'o', 'o', 'm', 's', 'e', 'o', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "zooom.azurewebsites.net", true */ 'z', 'o', 'o', 'o', 'm', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "zooom2.azurewebsites.net", true */ 'z', 'o', 'o', 'o', 'm', '2', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0', + /* "zooparadies.eu", true */ 'z', 'o', 'o', 'p', 'a', 'r', 'a', 'd', 'i', 'e', 's', '.', 'e', 'u', '\0', + /* "zootime.net", true */ 'z', 'o', 'o', 't', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0', + /* "zootime.org", true */ 'z', 'o', 'o', 't', 'i', 'm', 'e', '.', 'o', 'r', 'g', '\0', + /* "zoowiki.us", true */ 'z', 'o', 'o', 'w', 'i', 'k', 'i', '.', 'u', 's', '\0', + /* "zooxdata.com", true */ 'z', 'o', 'o', 'x', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0', + /* "zopy.com.br", true */ 'z', 'o', 'p', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "zopyx.com", true */ 'z', 'o', 'p', 'y', 'x', '.', 'c', 'o', 'm', '\0', + /* "zor.com", true */ 'z', 'o', 'r', '.', 'c', 'o', 'm', '\0', + /* "zorgclustertool.nl", true */ 'z', 'o', 'r', 'g', 'c', 'l', 'u', 's', 't', 'e', 'r', 't', 'o', 'o', 'l', '.', 'n', 'l', '\0', + /* "zorium.org", true */ 'z', 'o', 'r', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0', + /* "zorntt.fr", true */ 'z', 'o', 'r', 'n', 't', 't', '.', 'f', 'r', '\0', + /* "zorz.info", true */ 'z', 'o', 'r', 'z', '.', 'i', 'n', 'f', 'o', '\0', + /* "zotero.org", true */ 'z', 'o', 't', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0', + /* "zouk.info", true */ 'z', 'o', 'u', 'k', '.', 'i', 'n', 'f', 'o', '\0', + /* "zravypapir.cz", true */ 'z', 'r', 'a', 'v', 'y', 'p', 'a', 'p', 'i', 'r', '.', 'c', 'z', '\0', + /* "zrn.in", false */ 'z', 'r', 'n', '.', 'i', 'n', '\0', + /* "zrniecka-pre-sny.sk", true */ 'z', 'r', 'n', 'i', 'e', 'c', 'k', 'a', '-', 'p', 'r', 'e', '-', 's', 'n', 'y', '.', 's', 'k', '\0', + /* "zscales.com", true */ 'z', 's', 'c', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0', + /* "zserver.fr", true */ 'z', 's', 'e', 'r', 'v', 'e', 'r', '.', 'f', 'r', '\0', + /* "zskomenskeho.cz", true */ 'z', 's', 'k', 'o', 'm', 'e', 'n', 's', 'k', 'e', 'h', 'o', '.', 'c', 'z', '\0', + /* "zsoltsandor.me", true */ 'z', 's', 'o', 'l', 't', 's', 'a', 'n', 'd', 'o', 'r', '.', 'm', 'e', '\0', + /* "zsrbcs.com", true */ 'z', 's', 'r', 'b', 'c', 's', '.', 'c', 'o', 'm', '\0', + /* "zten.org", true */ 'z', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0', + /* "ztjuh.tk", true */ 'z', 't', 'j', 'u', 'h', '.', 't', 'k', '\0', + /* "zuan-in.net", true */ 'z', 'u', 'a', 'n', '-', 'i', 'n', '.', 'n', 'e', 't', '\0', + /* "zuckerfloh.de", true */ 'z', 'u', 'c', 'k', 'e', 'r', 'f', 'l', 'o', 'h', '.', 'd', 'e', '\0', + /* "zuefle.net", true */ 'z', 'u', 'e', 'f', 'l', 'e', '.', 'n', 'e', 't', '\0', + /* "zug-anwalt.de", true */ 'z', 'u', 'g', '-', 'a', 'n', 'w', 'a', 'l', 't', '.', 'd', 'e', '\0', + /* "zug.fr", true */ 'z', 'u', 'g', '.', 'f', 'r', '\0', + /* "zug.io", true */ 'z', 'u', 'g', '.', 'i', 'o', '\0', + /* "zughilfen-test.de", true */ 'z', 'u', 'g', 'h', 'i', 'l', 'f', 'e', 'n', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0', + /* "zuiacg.com", true */ 'z', 'u', 'i', 'a', 'c', 'g', '.', 'c', 'o', 'm', '\0', + /* "zukix.com", true */ 'z', 'u', 'k', 'i', 'x', '.', 'c', 'o', 'm', '\0', + /* "zulu.ro", true */ 'z', 'u', 'l', 'u', '.', 'r', 'o', '\0', + /* "zulu7.com", true */ 'z', 'u', 'l', 'u', '7', '.', 'c', 'o', 'm', '\0', + /* "zund-app.com", true */ 'z', 'u', 'n', 'd', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0', + /* "zundapp529.nl", true */ 'z', 'u', 'n', 'd', 'a', 'p', 'p', '5', '2', '9', '.', 'n', 'l', '\0', + /* "zundappachterhoek.nl", true */ 'z', 'u', 'n', 'd', 'a', 'p', 'p', 'a', 'c', 'h', 't', 'e', 'r', 'h', 'o', 'e', 'k', '.', 'n', 'l', '\0', + /* "zuolan.me", true */ 'z', 'u', 'o', 'l', 'a', 'n', '.', 'm', 'e', '\0', + /* "zup.me", true */ 'z', 'u', 'p', '.', 'm', 'e', '\0', + /* "zupago.com", true */ 'z', 'u', 'p', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0', + /* "zupago.pe", true */ 'z', 'u', 'p', 'a', 'g', 'o', '.', 'p', 'e', '\0', + /* "zuppy.pm", true */ 'z', 'u', 'p', 'p', 'y', '.', 'p', 'm', '\0', + /* "zuralski.net", true */ 'z', 'u', 'r', 'a', 'l', 's', 'k', 'i', '.', 'n', 'e', 't', '\0', + /* "zurgl.com", true */ 'z', 'u', 'r', 'g', 'l', '.', 'c', 'o', 'm', '\0', + /* "zurickrelogios.com.br", true */ 'z', 'u', 'r', 'i', 'c', 'k', 'r', 'e', 'l', 'o', 'g', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0', + /* "zurret.de", true */ 'z', 'u', 'r', 'r', 'e', 't', '.', 'd', 'e', '\0', + /* "zusjesvandenbos.nl", true */ 'z', 'u', 's', 'j', 'e', 's', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0', + /* "zutsu-raku.com", true */ 'z', 'u', 't', 's', 'u', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0', + /* "zuzumba.es", true */ 'z', 'u', 'z', 'u', 'm', 'b', 'a', '.', 'e', 's', '\0', + /* "zvps.uk", true */ 'z', 'v', 'p', 's', '.', 'u', 'k', '\0', + /* "zvxr.net", true */ 'z', 'v', 'x', 'r', '.', 'n', 'e', 't', '\0', + /* "zvz.im", true */ 'z', 'v', 'z', '.', 'i', 'm', '\0', + /* "zwalcz-cellulit.com", true */ 'z', 'w', 'a', 'l', 'c', 'z', '-', 'c', 'e', 'l', 'l', 'u', 'l', 'i', 't', '.', 'c', 'o', 'm', '\0', + /* "zwartendijkstalling.nl", true */ 'z', 'w', 'a', 'r', 't', 'e', 'n', 'd', 'i', 'j', 'k', 's', 't', 'a', 'l', 'l', 'i', 'n', 'g', '.', 'n', 'l', '\0', + /* "zwb3.de", true */ 'z', 'w', 'b', '3', '.', 'd', 'e', '\0', + /* "zwerimex.com", true */ 'z', 'w', 'e', 'r', 'i', 'm', 'e', 'x', '.', 'c', 'o', 'm', '\0', + /* "zwollemag.nl", true */ 'z', 'w', 'o', 'l', 'l', 'e', 'm', 'a', 'g', '.', 'n', 'l', '\0', + /* "zwy.ch", true */ 'z', 'w', 'y', '.', 'c', 'h', '\0', + /* "zx6rninja.de", true */ 'z', 'x', '6', 'r', 'n', 'i', 'n', 'j', 'a', '.', 'd', 'e', '\0', + /* "zx7r.de", true */ 'z', 'x', '7', 'r', '.', 'd', 'e', '\0', + /* "zxity.co.uk", true */ 'z', 'x', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0', + /* "zxity.ltd", true */ 'z', 'x', 'i', 't', 'y', '.', 'l', 't', 'd', '\0', + /* "zxity.uk", true */ 'z', 'x', 'i', 't', 'y', '.', 'u', 'k', '\0', + /* "zxtcode.com", true */ 'z', 'x', 't', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0', + /* "zybbo.com", true */ 'z', 'y', 'b', 'b', 'o', '.', 'c', 'o', 'm', '\0', + /* "zyciedlazwierzat.pl", true */ 'z', 'y', 'c', 'i', 'e', 'd', 'l', 'a', 'z', 'w', 'i', 'e', 'r', 'z', 'a', 't', '.', 'p', 'l', '\0', + /* "zymmm.com", true */ 'z', 'y', 'm', 'm', 'm', '.', 'c', 'o', 'm', '\0', + /* "zypern-firma.com", true */ 'z', 'y', 'p', 'e', 'r', 'n', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0', + /* "zypr.pw", true */ 'z', 'y', 'p', 'r', '.', 'p', 'w', '\0', + /* "zyria.de", true */ 'z', 'y', 'r', 'i', 'a', '.', 'd', 'e', '\0', + /* "zyul.ddns.net", true */ 'z', 'y', 'u', 'l', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0', + /* "zyzardx.com", true */ 'z', 'y', 'z', 'a', 'r', 'd', 'x', '.', 'c', 'o', 'm', '\0', + /* "zzsec.org", true */ 'z', 'z', 's', 'e', 'c', '.', 'o', 'r', 'g', '\0', +}; + +struct nsSTSPreload +{ + const uint32_t mHostIndex : 31; + const uint32_t mIncludeSubdomains : 1; +}; + +static const nsSTSPreload kSTSPreloadList[] = { + { 0, true }, + { 8, true }, + { 20, true }, + { 32, true }, + { 54, true }, + { 67, true }, + { 75, true }, + { 85, true }, + { 97, true }, + { 108, true }, + { 129, true }, + { 148, true }, + { 156, true }, + { 167, true }, + { 178, true }, + { 197, true }, + { 215, true }, + { 226, true }, + { 236, true }, + { 248, true }, + { 258, true }, + { 269, true }, + { 278, true }, + { 285, true }, + { 291, true }, + { 298, true }, + { 306, true }, + { 318, true }, + { 325, true }, + { 333, true }, + { 347, true }, + { 358, true }, + { 366, true }, + { 373, true }, + { 380, true }, + { 388, true }, + { 394, true }, + { 400, true }, + { 415, true }, + { 423, true }, + { 432, true }, + { 441, true }, + { 450, true }, + { 459, true }, + { 474, true }, + { 482, true }, + { 490, true }, + { 500, true }, + { 509, true }, + { 520, true }, + { 532, true }, + { 540, false }, + { 548, true }, + { 561, true }, + { 569, true }, + { 578, true }, + { 586, true }, + { 593, true }, + { 602, true }, + { 620, true }, + { 638, true }, + { 648, true }, + { 661, true }, + { 675, true }, + { 690, true }, + { 700, false }, + { 723, true }, + { 734, true }, + { 748, true }, + { 759, true }, + { 779, true }, + { 795, true }, + { 811, true }, + { 823, true }, + { 835, true }, + { 847, true }, + { 872, true }, + { 880, true }, + { 891, true }, + { 899, true }, + { 907, true }, + { 915, true }, + { 923, true }, + { 935, true }, + { 945, true }, + { 955, true }, + { 964, true }, + { 974, true }, + { 995, true }, + { 1006, true }, + { 1031, true }, + { 1056, true }, + { 1071, true }, + { 1085, true }, + { 1100, true }, + { 1114, true }, + { 1124, true }, + { 1136, true }, + { 1154, true }, + { 1166, true }, + { 1177, true }, + { 1188, true }, + { 1198, true }, + { 1205, true }, + { 1214, true }, + { 1227, true }, + { 1252, true }, + { 1263, true }, + { 1272, true }, + { 1286, true }, + { 1311, true }, + { 1336, true }, + { 1344, true }, + { 1352, true }, + { 1362, true }, + { 1387, true }, + { 1412, true }, + { 1430, true }, + { 1441, true }, + { 1466, true }, + { 1477, false }, + { 1493, true }, + { 1504, true }, + { 1529, false }, + { 1540, true }, + { 1553, true }, + { 1564, true }, + { 1574, true }, + { 1584, true }, + { 1592, false }, + { 1604, true }, + { 1614, true }, + { 1630, true }, + { 1655, true }, + { 1680, true }, + { 1705, true }, + { 1720, true }, + { 1742, true }, + { 1759, true }, + { 1782, true }, + { 1795, true }, + { 1809, true }, + { 1816, true }, + { 1831, true }, + { 1842, true }, + { 1864, true }, + { 1874, true }, + { 1886, true }, + { 1893, false }, + { 1904, true }, + { 1911, true }, + { 1919, true }, + { 1937, false }, + { 1946, true }, + { 1955, true }, + { 1966, true }, + { 1977, false }, + { 1983, true }, + { 1996, true }, + { 2006, true }, + { 2020, true }, + { 2027, true }, + { 2034, true }, + { 2041, true }, + { 2052, true }, + { 2064, true }, + { 2081, true }, + { 2098, true }, + { 2116, true }, + { 2135, true }, + { 2163, true }, + { 2179, true }, + { 2206, true }, + { 2220, true }, + { 2231, true }, + { 2243, true }, + { 2250, true }, + { 2256, true }, + { 2270, true }, + { 2285, true }, + { 2292, true }, + { 2305, true }, + { 2314, true }, + { 2325, true }, + { 2334, true }, + { 2344, true }, + { 2355, true }, + { 2367, true }, + { 2378, true }, + { 2390, true }, + { 2398, true }, + { 2408, true }, + { 2419, true }, + { 2437, true }, + { 2452, true }, + { 2461, true }, + { 2469, true }, + { 2477, true }, + { 2488, true }, + { 2496, true }, + { 2509, true }, + { 2525, true }, + { 2543, true }, + { 2554, true }, + { 2563, true }, + { 2576, true }, + { 2586, true }, + { 2596, true }, + { 2605, true }, + { 2613, true }, + { 2626, true }, + { 2636, true }, + { 2648, true }, + { 2660, true }, + { 2669, true }, + { 2678, true }, + { 2687, true }, + { 2698, true }, + { 2709, true }, + { 2720, true }, + { 2729, true }, + { 2743, true }, + { 2750, true }, + { 2761, true }, + { 2770, true }, + { 2792, true }, + { 2813, true }, + { 2822, true }, + { 2834, true }, + { 2848, true }, + { 2858, true }, + { 2873, true }, + { 2881, true }, + { 2898, true }, + { 2907, true }, + { 2920, false }, + { 2929, true }, + { 2948, true }, + { 2961, true }, + { 2973, true }, + { 2981, true }, + { 2992, true }, + { 2999, true }, + { 3008, true }, + { 3016, true }, + { 3026, true }, + { 3036, true }, + { 3049, true }, + { 3060, true }, + { 3079, true }, + { 3090, true }, + { 3109, true }, + { 3127, true }, + { 3146, true }, + { 3158, true }, + { 3172, true }, + { 3184, true }, + { 3195, true }, + { 3208, true }, + { 3219, true }, + { 3229, true }, + { 3238, true }, + { 3246, true }, + { 3261, true }, + { 3269, true }, + { 3279, true }, + { 3297, true }, + { 3323, true }, + { 3330, true }, + { 3340, true }, + { 3352, true }, + { 3366, true }, + { 3379, true }, + { 3399, true }, + { 3414, true }, + { 3434, true }, + { 3454, true }, + { 3463, true }, + { 3474, true }, + { 3484, true }, + { 3492, true }, + { 3502, true }, + { 3517, true }, + { 3528, true }, + { 3539, true }, + { 3549, true }, + { 3563, true }, + { 3577, true }, + { 3587, true }, + { 3596, true }, + { 3615, true }, + { 3624, true }, + { 3638, true }, + { 3646, true }, + { 3653, true }, + { 3667, true }, + { 3686, true }, + { 3697, true }, + { 3710, true }, + { 3720, true }, + { 3733, true }, + { 3745, true }, + { 3757, true }, + { 3768, true }, + { 3787, true }, + { 3794, false }, + { 3804, true }, + { 3814, true }, + { 3825, true }, + { 3836, true }, + { 3846, true }, + { 3859, true }, + { 3892, true }, + { 3905, true }, + { 3914, true }, + { 3924, true }, + { 3935, true }, + { 3949, true }, + { 3964, false }, + { 3977, true }, + { 3992, true }, + { 4001, true }, + { 4011, true }, + { 4019, true }, + { 4030, true }, + { 4045, true }, + { 4055, true }, + { 4064, true }, + { 4083, true }, + { 4095, true }, + { 4106, true }, + { 4118, true }, + { 4125, true }, + { 4135, true }, + { 4141, true }, + { 4151, true }, + { 4159, true }, + { 4168, true }, + { 4179, true }, + { 4195, true }, + { 4204, true }, + { 4215, true }, + { 4228, true }, + { 4237, true }, + { 4249, true }, + { 4260, true }, + { 4268, true }, + { 4280, true }, + { 4292, true }, + { 4302, true }, + { 4312, true }, + { 4325, true }, + { 4335, true }, + { 4374, true }, + { 4383, true }, + { 4394, true }, + { 4406, true }, + { 4416, true }, + { 4426, true }, + { 4443, true }, + { 4471, true }, + { 4478, true }, + { 4484, true }, + { 4494, false }, + { 4501, true }, + { 4516, true }, + { 4528, true }, + { 4540, true }, + { 4552, true }, + { 4564, true }, + { 4576, true }, + { 4588, true }, + { 4599, true }, + { 4610, true }, + { 4622, true }, + { 4630, true }, + { 4646, true }, + { 4659, true }, + { 4675, true }, + { 4682, true }, + { 4689, true }, + { 4698, true }, + { 4708, true }, + { 4715, true }, + { 4725, true }, + { 4737, true }, + { 4748, true }, + { 4760, true }, + { 4777, true }, + { 4791, true }, + { 4804, true }, + { 4815, true }, + { 4829, false }, + { 4836, true }, + { 4845, true }, + { 4866, true }, + { 4881, true }, + { 4893, true }, + { 4902, true }, + { 4915, true }, + { 4927, true }, + { 4938, true }, + { 4950, true }, + { 4961, true }, + { 4969, true }, + { 4985, true }, + { 4998, true }, + { 5015, true }, + { 5024, true }, + { 5031, true }, + { 5044, true }, + { 5065, true }, + { 5080, true }, + { 5089, true }, + { 5097, true }, + { 5107, false }, + { 5120, true }, + { 5134, true }, + { 5144, true }, + { 5197, false }, + { 5205, true }, + { 5219, true }, + { 5230, true }, + { 5241, true }, + { 5252, true }, + { 5264, true }, + { 5276, true }, + { 5285, true }, + { 5295, true }, + { 5308, true }, + { 5322, true }, + { 5332, true }, + { 5342, true }, + { 5350, true }, + { 5357, true }, + { 5385, true }, + { 5397, true }, + { 5422, true }, + { 5434, true }, + { 5443, true }, + { 5465, true }, + { 5476, true }, + { 5502, true }, + { 5512, true }, + { 5535, true }, + { 5557, true }, + { 5569, true }, + { 5586, true }, + { 5594, true }, + { 5605, true }, + { 5613, true }, + { 5632, true }, + { 5640, true }, + { 5651, true }, + { 5661, true }, + { 5676, true }, + { 5693, true }, + { 5707, true }, + { 5721, true }, + { 5745, true }, + { 5762, true }, + { 5772, true }, + { 5790, true }, + { 5808, true }, + { 5819, true }, + { 5831, true }, + { 5844, true }, + { 5868, true }, + { 5885, true }, + { 5895, true }, + { 5905, true }, + { 5921, false }, + { 5937, true }, + { 5952, true }, + { 5967, true }, + { 5975, false }, + { 5985, true }, + { 6009, true }, + { 6029, true }, + { 6054, true }, + { 6071, true }, + { 6086, true }, + { 6101, true }, + { 6120, true }, + { 6131, true }, + { 6160, true }, + { 6169, true }, + { 6181, true }, + { 6201, true }, + { 6222, true }, + { 6235, true }, + { 6251, true }, + { 6261, true }, + { 6268, true }, + { 6297, true }, + { 6320, true }, + { 6330, true }, + { 6344, true }, + { 6355, true }, + { 6372, true }, + { 6384, true }, + { 6399, false }, + { 6409, true }, + { 6422, false }, + { 6437, true }, + { 6455, true }, + { 6483, true }, + { 6497, true }, + { 6519, true }, + { 6538, true }, + { 6548, true }, + { 6562, true }, + { 6574, true }, + { 6585, true }, + { 6596, true }, + { 6611, true }, + { 6630, true }, + { 6642, true }, + { 6666, true }, + { 6684, true }, + { 6695, true }, + { 6709, true }, + { 6722, true }, + { 6734, true }, + { 6746, true }, + { 6768, true }, + { 6777, false }, + { 6789, true }, + { 6802, true }, + { 6812, true }, + { 6831, true }, + { 6844, true }, + { 6857, true }, + { 6868, true }, + { 6879, true }, + { 6901, true }, + { 6920, true }, + { 6934, true }, + { 6950, true }, + { 6969, true }, + { 6986, true }, + { 7002, true }, + { 7019, true }, + { 7035, true }, + { 7060, true }, + { 7085, true }, + { 7101, true }, + { 7120, true }, + { 7137, true }, + { 7153, true }, + { 7170, true }, + { 7186, true }, + { 7208, true }, + { 7232, true }, + { 7256, true }, + { 7275, true }, + { 7293, true }, + { 7304, false }, + { 7312, true }, + { 7335, true }, + { 7359, true }, + { 7371, true }, + { 7383, true }, + { 7397, true }, + { 7411, true }, + { 7426, true }, + { 7438, true }, + { 7457, true }, + { 7470, true }, + { 7482, true }, + { 7493, true }, + { 7521, true }, + { 7538, true }, + { 7573, true }, + { 7596, true }, + { 7614, true }, + { 7638, true }, + { 7651, true }, + { 7664, true }, + { 7677, true }, + { 7686, true }, + { 7695, true }, + { 7706, true }, + { 7729, true }, + { 7744, true }, + { 7756, true }, + { 7775, true }, + { 7787, true }, + { 7799, true }, + { 7818, true }, + { 7840, true }, + { 7853, true }, + { 7870, true }, + { 7889, true }, + { 7904, true }, + { 7924, true }, + { 7938, true }, + { 7946, true }, + { 7965, true }, + { 7976, true }, + { 7990, true }, + { 8009, true }, + { 8032, true }, + { 8056, true }, + { 8075, true }, + { 8090, true }, + { 8107, true }, + { 8131, true }, + { 8144, true }, + { 8170, true }, + { 8186, true }, + { 8204, true }, + { 8222, true }, + { 8243, true }, + { 8263, true }, + { 8288, true }, + { 8310, true }, + { 8326, true }, + { 8341, true }, + { 8360, true }, + { 8379, true }, + { 8402, true }, + { 8413, true }, + { 8432, true }, + { 8447, true }, + { 8465, true }, + { 8479, true }, + { 8498, true }, + { 8508, true }, + { 8515, false }, + { 8524, true }, + { 8536, true }, + { 8557, true }, + { 8569, true }, + { 8582, true }, + { 8598, true }, + { 8612, true }, + { 8633, true }, + { 8645, true }, + { 8666, true }, + { 8677, true }, + { 8688, true }, + { 8701, true }, + { 8719, true }, + { 8730, true }, + { 8745, false }, + { 8754, false }, + { 8765, true }, + { 8775, true }, + { 8791, true }, + { 8806, true }, + { 8818, true }, + { 8833, true }, + { 8852, true }, + { 8863, true }, + { 8874, true }, + { 8891, true }, + { 8912, true }, + { 8922, true }, + { 8936, true }, + { 8946, true }, + { 8962, true }, + { 8978, true }, + { 8990, true }, + { 9001, true }, + { 9026, true }, + { 9038, true }, + { 9048, true }, + { 9061, true }, + { 9073, true }, + { 9088, true }, + { 9108, true }, + { 9123, true }, + { 9149, true }, + { 9170, true }, + { 9187, false }, + { 9197, true }, + { 9214, true }, + { 9231, true }, + { 9247, true }, + { 9272, true }, + { 9296, true }, + { 9311, true }, + { 9325, true }, + { 9339, false }, + { 9352, true }, + { 9360, true }, + { 9369, true }, + { 9384, true }, + { 9393, false }, + { 9409, true }, + { 9423, true }, + { 9435, true }, + { 9450, true }, + { 9463, true }, + { 9475, true }, + { 9487, true }, + { 9499, true }, + { 9511, true }, + { 9523, true }, + { 9531, true }, + { 9542, true }, + { 9559, true }, + { 9574, true }, + { 9592, true }, + { 9607, true }, + { 9621, true }, + { 9635, true }, + { 9652, true }, + { 9661, true }, + { 9678, true }, + { 9694, true }, + { 9709, true }, + { 9724, true }, + { 9733, true }, + { 9758, true }, + { 9771, true }, + { 9792, true }, + { 9807, true }, + { 9828, true }, + { 9837, true }, + { 9847, true }, + { 9872, true }, + { 9884, true }, + { 9903, true }, + { 9915, true }, + { 9934, true }, + { 9953, true }, + { 9972, true }, + { 9985, true }, + { 9997, true }, + { 10012, true }, + { 10027, true }, + { 10043, true }, + { 10054, true }, + { 10066, false }, + { 10077, true }, + { 10090, true }, + { 10102, true }, + { 10116, true }, + { 10131, true }, + { 10151, true }, + { 10164, true }, + { 10184, true }, + { 10194, true }, + { 10216, true }, + { 10233, true }, + { 10242, true }, + { 10256, true }, + { 10268, true }, + { 10294, true }, + { 10321, true }, + { 10347, true }, + { 10358, true }, + { 10371, true }, + { 10385, true }, + { 10398, true }, + { 10409, true }, + { 10424, true }, + { 10448, true }, + { 10465, true }, + { 10493, false }, + { 10507, true }, + { 10531, true }, + { 10541, true }, + { 10553, true }, + { 10565, true }, + { 10576, true }, + { 10588, true }, + { 10597, true }, + { 10611, true }, + { 10621, true }, + { 10635, true }, + { 10654, true }, + { 10677, true }, + { 10688, true }, + { 10698, true }, + { 10715, true }, + { 10727, false }, + { 10742, true }, + { 10755, true }, + { 10772, true }, + { 10786, true }, + { 10800, true }, + { 10814, true }, + { 10822, true }, + { 10837, true }, + { 10858, true }, + { 10876, true }, + { 10894, true }, + { 10909, true }, + { 10925, true }, + { 10942, true }, + { 10959, true }, + { 10980, true }, + { 10991, true }, + { 11014, true }, + { 11027, true }, + { 11038, true }, + { 11047, true }, + { 11063, true }, + { 11079, true }, + { 11098, true }, + { 11119, true }, + { 11133, true }, + { 11156, true }, + { 11189, true }, + { 11215, true }, + { 11249, true }, + { 11268, true }, + { 11288, true }, + { 11301, true }, + { 11328, true }, + { 11339, true }, + { 11350, true }, + { 11370, true }, + { 11381, true }, + { 11399, true }, + { 11417, true }, + { 11439, false }, + { 11458, true }, + { 11478, true }, + { 11492, true }, + { 11516, true }, + { 11535, true }, + { 11556, true }, + { 11577, true }, + { 11597, true }, + { 11607, true }, + { 11615, true }, + { 11631, true }, + { 11641, true }, + { 11651, true }, + { 11661, true }, + { 11674, true }, + { 11687, true }, + { 11698, true }, + { 11712, true }, + { 11726, true }, + { 11736, true }, + { 11746, true }, + { 11756, true }, + { 11766, true }, + { 11776, true }, + { 11786, true }, + { 11796, true }, + { 11806, true }, + { 11817, true }, + { 11834, true }, + { 11851, true }, + { 11866, true }, + { 11884, true }, + { 11900, true }, + { 11910, true }, + { 11918, true }, + { 11930, true }, + { 11938, true }, + { 11948, true }, + { 11963, true }, + { 11975, false }, + { 11986, true }, + { 11996, true }, + { 12013, true }, + { 12030, true }, + { 12043, true }, + { 12053, true }, + { 12070, true }, + { 12086, true }, + { 12106, true }, + { 12117, true }, + { 12126, true }, + { 12140, true }, + { 12152, true }, + { 12167, true }, + { 12179, true }, + { 12190, true }, + { 12202, true }, + { 12217, true }, + { 12227, true }, + { 12236, true }, + { 12250, true }, + { 12272, true }, + { 12290, true }, + { 12310, true }, + { 12342, true }, + { 12353, true }, + { 12365, true }, + { 12382, true }, + { 12406, true }, + { 12435, true }, + { 12460, true }, + { 12481, true }, + { 12510, true }, + { 12524, true }, + { 12552, true }, + { 12571, true }, + { 12593, true }, + { 12610, true }, + { 12626, true }, + { 12641, true }, + { 12649, true }, + { 12664, true }, + { 12674, true }, + { 12685, true }, + { 12693, true }, + { 12707, true }, + { 12727, true }, + { 12745, true }, + { 12761, true }, + { 12773, true }, + { 12788, true }, + { 12802, true }, + { 12815, true }, + { 12823, true }, + { 12832, true }, + { 12851, true }, + { 12865, true }, + { 12881, true }, + { 12890, true }, + { 12907, true }, + { 12915, true }, + { 12948, true }, + { 12965, true }, + { 12982, true }, + { 12999, false }, + { 13015, true }, + { 13033, true }, + { 13048, true }, + { 13062, true }, + { 13082, true }, + { 13095, true }, + { 13109, true }, + { 13117, true }, + { 13125, true }, + { 13138, true }, + { 13152, false }, + { 13166, true }, + { 13188, true }, + { 13200, true }, + { 13210, true }, + { 13221, true }, + { 13231, true }, + { 13245, true }, + { 13259, true }, + { 13271, true }, + { 13283, true }, + { 13295, true }, + { 13307, true }, + { 13328, true }, + { 13354, true }, + { 13363, true }, + { 13375, true }, + { 13384, true }, + { 13398, true }, + { 13411, true }, + { 13426, true }, + { 13437, true }, + { 13448, true }, + { 13460, true }, + { 13473, true }, + { 13492, true }, + { 13506, true }, + { 13516, true }, + { 13533, true }, + { 13545, true }, + { 13561, true }, + { 13569, true }, + { 13589, true }, + { 13599, false }, + { 13609, false }, + { 13617, true }, + { 13627, true }, + { 13636, true }, + { 13650, true }, + { 13661, true }, + { 13674, true }, + { 13688, true }, + { 13696, true }, + { 13708, true }, + { 13720, true }, + { 13744, true }, + { 13761, true }, + { 13780, true }, + { 13790, true }, + { 13802, true }, + { 13821, false }, + { 13830, true }, + { 13844, true }, + { 13854, true }, + { 13868, true }, + { 13875, true }, + { 13887, true }, + { 13900, true }, + { 13911, true }, + { 13922, true }, + { 13937, true }, + { 13948, true }, + { 13959, true }, + { 13966, true }, + { 13980, true }, + { 14001, true }, + { 14012, true }, + { 14024, true }, + { 14033, true }, + { 14043, true }, + { 14061, true }, + { 14081, true }, + { 14104, true }, + { 14119, true }, + { 14134, true }, + { 14151, true }, + { 14166, true }, + { 14179, true }, + { 14194, true }, + { 14206, true }, + { 14216, true }, + { 14229, true }, + { 14248, true }, + { 14261, true }, + { 14277, true }, + { 14288, true }, + { 14299, true }, + { 14314, true }, + { 14341, true }, + { 14354, true }, + { 14367, false }, + { 14384, true }, + { 14394, true }, + { 14417, true }, + { 14430, true }, + { 14440, true }, + { 14451, true }, + { 14463, true }, + { 14474, true }, + { 14485, true }, + { 14507, true }, + { 14518, true }, + { 14529, true }, + { 14559, true }, + { 14575, true }, + { 14600, true }, + { 14630, true }, + { 14641, true }, + { 14662, true }, + { 14673, true }, + { 14684, true }, + { 14711, true }, + { 14723, true }, + { 14741, true }, + { 14752, true }, + { 14764, true }, + { 14781, true }, + { 14799, true }, + { 14808, true }, + { 14822, true }, + { 14832, true }, + { 14843, true }, + { 14855, true }, + { 14877, true }, + { 14887, true }, + { 14897, true }, + { 14908, true }, + { 14926, true }, + { 14937, true }, + { 14947, true }, + { 14962, true }, + { 14979, true }, + { 14995, true }, + { 15008, true }, + { 15019, true }, + { 15033, false }, + { 15059, false }, + { 15070, false }, + { 15087, true }, + { 15097, true }, + { 15109, true }, + { 15118, true }, + { 15137, true }, + { 15160, true }, + { 15170, true }, + { 15183, true }, + { 15195, true }, + { 15204, true }, + { 15221, true }, + { 15228, true }, + { 15243, true }, + { 15267, true }, + { 15283, true }, + { 15308, true }, + { 15333, true }, + { 15358, true }, + { 15370, true }, + { 15392, true }, + { 15402, true }, + { 15414, true }, + { 15426, true }, + { 15439, true }, + { 15466, true }, + { 15494, true }, + { 15509, true }, + { 15522, true }, + { 15536, true }, + { 15550, true }, + { 15565, true }, + { 15581, false }, + { 15597, true }, + { 15617, true }, + { 15637, true }, + { 15651, true }, + { 15672, true }, + { 15685, true }, + { 15701, true }, + { 15716, true }, + { 15733, true }, + { 15747, true }, + { 15759, true }, + { 15770, true }, + { 15780, true }, + { 15791, true }, + { 15810, true }, + { 15825, true }, + { 15837, true }, + { 15849, true }, + { 15861, true }, + { 15875, true }, + { 15893, true }, + { 15902, true }, + { 15914, true }, + { 15933, true }, + { 15946, true }, + { 15962, true }, + { 15973, true }, + { 15982, true }, + { 15993, true }, + { 16011, true }, + { 16025, true }, + { 16040, true }, + { 16050, true }, + { 16064, true }, + { 16088, true }, + { 16097, true }, + { 16113, true }, + { 16126, true }, + { 16144, true }, + { 16164, true }, + { 16184, true }, + { 16205, true }, + { 16224, true }, + { 16238, true }, + { 16252, true }, + { 16265, true }, + { 16279, true }, + { 16294, true }, + { 16309, true }, + { 16327, true }, + { 16345, true }, + { 16369, true }, + { 16384, true }, + { 16402, true }, + { 16412, true }, + { 16429, true }, + { 16447, true }, + { 16462, true }, + { 16480, true }, + { 16494, true }, + { 16508, true }, + { 16522, true }, + { 16535, true }, + { 16547, true }, + { 16562, true }, + { 16576, true }, + { 16591, true }, + { 16601, true }, + { 16615, false }, + { 16630, true }, + { 16639, true }, + { 16656, true }, + { 16671, true }, + { 16685, true }, + { 16699, true }, + { 16713, true }, + { 16727, true }, + { 16743, true }, + { 16755, true }, + { 16768, true }, + { 16788, true }, + { 16801, true }, + { 16814, true }, + { 16841, true }, + { 16856, true }, + { 16877, true }, + { 16896, true }, + { 16908, true }, + { 16922, true }, + { 16936, true }, + { 16948, true }, + { 16963, true }, + { 16973, true }, + { 16991, true }, + { 17000, true }, + { 17015, true }, + { 17029, true }, + { 17043, true }, + { 17052, true }, + { 17067, true }, + { 17081, true }, + { 17093, true }, + { 17115, true }, + { 17127, true }, + { 17150, true }, + { 17171, true }, + { 17191, true }, + { 17203, true }, + { 17219, true }, + { 17233, true }, + { 17250, true }, + { 17268, true }, + { 17281, true }, + { 17293, true }, + { 17304, true }, + { 17315, false }, + { 17331, true }, + { 17351, true }, + { 17369, true }, + { 17389, true }, + { 17407, true }, + { 17432, true }, + { 17454, true }, + { 17474, true }, + { 17490, true }, + { 17503, true }, + { 17526, true }, + { 17548, true }, + { 17564, true }, + { 17576, true }, + { 17596, true }, + { 17609, true }, + { 17623, true }, + { 17636, true }, + { 17644, true }, + { 17668, true }, + { 17681, true }, + { 17698, true }, + { 17716, true }, + { 17734, true }, + { 17747, true }, + { 17765, true }, + { 17787, true }, + { 17804, true }, + { 17834, true }, + { 17858, true }, + { 17874, true }, + { 17898, true }, + { 17917, true }, + { 17930, true }, + { 17946, true }, + { 17958, true }, + { 17972, true }, + { 17981, true }, + { 17996, true }, + { 18010, true }, + { 18024, true }, + { 18037, true }, + { 18055, true }, + { 18074, true }, + { 18090, true }, + { 18103, true }, + { 18124, true }, + { 18148, true }, + { 18178, true }, + { 18194, true }, + { 18213, true }, + { 18226, true }, + { 18248, true }, + { 18265, true }, + { 18286, true }, + { 18306, true }, + { 18326, true }, + { 18344, true }, + { 18360, true }, + { 18378, true }, + { 18392, true }, + { 18405, true }, + { 18418, false }, + { 18431, true }, + { 18443, true }, + { 18466, true }, + { 18476, true }, + { 18501, true }, + { 18514, true }, + { 18528, true }, + { 18542, true }, + { 18557, true }, + { 18574, true }, + { 18594, false }, + { 18610, true }, + { 18619, true }, + { 18634, true }, + { 18652, true }, + { 18677, true }, + { 18691, true }, + { 18705, true }, + { 18731, true }, + { 18746, true }, + { 18770, true }, + { 18784, true }, + { 18800, true }, + { 18812, true }, + { 18826, true }, + { 18837, true }, + { 18847, true }, + { 18861, true }, + { 18878, true }, + { 18902, true }, + { 18924, true }, + { 18937, true }, + { 18948, true }, + { 18961, true }, + { 18975, true }, + { 18992, true }, + { 19006, true }, + { 19014, true }, + { 19026, true }, + { 19042, true }, + { 19057, true }, + { 19071, true }, + { 19085, true }, + { 19097, true }, + { 19115, true }, + { 19132, true }, + { 19150, true }, + { 19168, true }, + { 19187, true }, + { 19203, true }, + { 19215, true }, + { 19229, true }, + { 19251, true }, + { 19265, true }, + { 19282, true }, + { 19294, true }, + { 19306, true }, + { 19325, true }, + { 19339, true }, + { 19353, true }, + { 19368, true }, + { 19389, true }, + { 19401, true }, + { 19412, true }, + { 19422, true }, + { 19434, true }, + { 19445, true }, + { 19457, true }, + { 19474, true }, + { 19500, true }, + { 19514, true }, + { 19526, true }, + { 19534, true }, + { 19545, true }, + { 19553, true }, + { 19561, true }, + { 19569, true }, + { 19577, true }, + { 19590, true }, + { 19598, true }, + { 19605, true }, + { 19615, true }, + { 19626, true }, + { 19645, true }, + { 19658, true }, + { 19671, true }, + { 19685, true }, + { 19697, true }, + { 19710, true }, + { 19724, true }, + { 19738, true }, + { 19758, true }, + { 19776, true }, + { 19788, true }, + { 19800, true }, + { 19809, true }, + { 19835, true }, + { 19857, true }, + { 19884, true }, + { 19912, true }, + { 19937, true }, + { 19944, true }, + { 19959, true }, + { 19982, true }, + { 20004, true }, + { 20027, true }, + { 20045, true }, + { 20058, true }, + { 20067, true }, + { 20084, true }, + { 20097, true }, + { 20113, true }, + { 20126, true }, + { 20140, true }, + { 20151, true }, + { 20161, true }, + { 20172, true }, + { 20182, true }, + { 20193, true }, + { 20202, true }, + { 20222, true }, + { 20249, true }, + { 20265, true }, + { 20281, true }, + { 20306, true }, + { 20333, true }, + { 20361, true }, + { 20398, true }, + { 20429, true }, + { 20448, true }, + { 20463, true }, + { 20483, true }, + { 20495, true }, + { 20516, true }, + { 20536, true }, + { 20562, true }, + { 20574, true }, + { 20587, true }, + { 20596, true }, + { 20605, true }, + { 20615, true }, + { 20622, true }, + { 20640, true }, + { 20665, true }, + { 20684, true }, + { 20701, true }, + { 20724, true }, + { 20740, true }, + { 20751, true }, + { 20762, true }, + { 20771, true }, + { 20787, true }, + { 20802, true }, + { 20822, true }, + { 20841, true }, + { 20874, true }, + { 20884, true }, + { 20899, true }, + { 20913, true }, + { 20934, true }, + { 20944, true }, + { 20971, true }, + { 20988, true }, + { 20999, true }, + { 21018, true }, + { 21040, true }, + { 21050, true }, + { 21064, true }, + { 21081, true }, + { 21105, true }, + { 21114, true }, + { 21125, true }, + { 21145, true }, + { 21164, true }, + { 21177, true }, + { 21188, true }, + { 21200, true }, + { 21218, true }, + { 21233, true }, + { 21255, true }, + { 21272, true }, + { 21284, false }, + { 21295, true }, + { 21314, true }, + { 21328, true }, + { 21346, true }, + { 21364, true }, + { 21383, true }, + { 21405, true }, + { 21419, true }, + { 21434, true }, + { 21448, true }, + { 21462, true }, + { 21477, true }, + { 21487, true }, + { 21507, true }, + { 21522, false }, + { 21553, true }, + { 21564, false }, + { 21588, true }, + { 21609, true }, + { 21627, true }, + { 21642, true }, + { 21653, true }, + { 21671, true }, + { 21693, false }, + { 21704, true }, + { 21721, true }, + { 21740, true }, + { 21756, true }, + { 21769, true }, + { 21777, true }, + { 21794, true }, + { 21807, true }, + { 21818, true }, + { 21833, true }, + { 21845, true }, + { 21864, true }, + { 21882, true }, + { 21893, true }, + { 21903, true }, + { 21918, true }, + { 21935, true }, + { 21947, true }, + { 21969, true }, + { 21984, true }, + { 22001, true }, + { 22022, true }, + { 22038, true }, + { 22055, true }, + { 22072, true }, + { 22086, true }, + { 22101, true }, + { 22116, true }, + { 22130, true }, + { 22146, true }, + { 22166, true }, + { 22180, true }, + { 22197, true }, + { 22214, true }, + { 22231, true }, + { 22243, true }, + { 22261, true }, + { 22278, true }, + { 22293, true }, + { 22310, true }, + { 22326, true }, + { 22341, true }, + { 22355, true }, + { 22372, true }, + { 22390, true }, + { 22406, true }, + { 22419, true }, + { 22433, true }, + { 22444, true }, + { 22457, true }, + { 22471, true }, + { 22489, true }, + { 22507, true }, + { 22524, true }, + { 22543, true }, + { 22558, true }, + { 22578, true }, + { 22592, true }, + { 22612, true }, + { 22627, true }, + { 22638, true }, + { 22651, true }, + { 22665, true }, + { 22681, true }, + { 22696, true }, + { 22705, true }, + { 22719, true }, + { 22736, true }, + { 22752, true }, + { 22771, true }, + { 22782, true }, + { 22795, true }, + { 22806, true }, + { 22820, true }, + { 22842, true }, + { 22854, true }, + { 22877, true }, + { 22892, true }, + { 22907, true }, + { 22921, true }, + { 22938, true }, + { 22956, true }, + { 22966, true }, + { 22981, true }, + { 23002, true }, + { 23022, true }, + { 23042, true }, + { 23053, true }, + { 23066, true }, + { 23077, true }, + { 23086, true }, + { 23101, true }, + { 23116, true }, + { 23130, true }, + { 23143, true }, + { 23155, true }, + { 23163, true }, + { 23178, true }, + { 23193, true }, + { 23215, true }, + { 23233, true }, + { 23248, false }, + { 23261, true }, + { 23279, true }, + { 23296, true }, + { 23319, true }, + { 23337, false }, + { 23346, true }, + { 23356, true }, + { 23367, true }, + { 23377, true }, + { 23388, true }, + { 23400, true }, + { 23416, true }, + { 23431, true }, + { 23453, true }, + { 23468, true }, + { 23485, true }, + { 23502, true }, + { 23522, true }, + { 23533, true }, + { 23544, true }, + { 23562, true }, + { 23594, true }, + { 23621, true }, + { 23635, true }, + { 23646, true }, + { 23659, true }, + { 23671, true }, + { 23685, true }, + { 23695, true }, + { 23709, true }, + { 23723, true }, + { 23738, true }, + { 23752, true }, + { 23770, true }, + { 23782, true }, + { 23811, true }, + { 23823, true }, + { 23841, true }, + { 23861, true }, + { 23880, true }, + { 23900, true }, + { 23916, true }, + { 23939, true }, + { 23957, true }, + { 23975, true }, + { 23989, true }, + { 24011, true }, + { 24028, false }, + { 24052, true }, + { 24064, true }, + { 24075, true }, + { 24088, true }, + { 24103, true }, + { 24115, true }, + { 24127, true }, + { 24139, true }, + { 24150, true }, + { 24159, true }, + { 24175, true }, + { 24192, true }, + { 24211, true }, + { 24222, true }, + { 24238, true }, + { 24257, true }, + { 24278, true }, + { 24295, true }, + { 24307, true }, + { 24320, true }, + { 24330, true }, + { 24339, true }, + { 24349, true }, + { 24361, true }, + { 24373, true }, + { 24386, true }, + { 24404, true }, + { 24421, true }, + { 24440, true }, + { 24457, true }, + { 24473, true }, + { 24490, true }, + { 24500, true }, + { 24510, true }, + { 24522, true }, + { 24533, true }, + { 24544, true }, + { 24567, true }, + { 24588, true }, + { 24608, true }, + { 24623, true }, + { 24643, true }, + { 24660, true }, + { 24681, true }, + { 24698, true }, + { 24708, true }, + { 24722, true }, + { 24737, true }, + { 24752, true }, + { 24770, true }, + { 24785, true }, + { 24800, true }, + { 24811, true }, + { 24823, true }, + { 24833, true }, + { 24851, true }, + { 24872, true }, + { 24898, true }, + { 24917, true }, + { 24936, true }, + { 24964, true }, + { 24976, true }, + { 24992, true }, + { 25013, true }, + { 25029, true }, + { 25043, true }, + { 25058, true }, + { 25068, true }, + { 25084, true }, + { 25097, true }, + { 25110, true }, + { 25127, true }, + { 25144, true }, + { 25160, false }, + { 25167, true }, + { 25178, true }, + { 25190, true }, + { 25200, true }, + { 25212, true }, + { 25225, true }, + { 25238, true }, + { 25254, true }, + { 25266, true }, + { 25277, true }, + { 25284, true }, + { 25295, true }, + { 25305, true }, + { 25317, true }, + { 25328, true }, + { 25339, false }, + { 25347, true }, + { 25357, true }, + { 25375, true }, + { 25389, true }, + { 25401, true }, + { 25415, false }, + { 25429, true }, + { 25445, true }, + { 25459, true }, + { 25474, true }, + { 25493, true }, + { 25514, true }, + { 25539, true }, + { 25548, true }, + { 25566, true }, + { 25577, true }, + { 25585, true }, + { 25597, true }, + { 25620, true }, + { 25633, true }, + { 25652, true }, + { 25678, true }, + { 25690, true }, + { 25706, true }, + { 25719, true }, + { 25735, false }, + { 25751, true }, + { 25767, false }, + { 25782, false }, + { 25795, true }, + { 25807, true }, + { 25823, true }, + { 25835, true }, + { 25848, true }, + { 25864, true }, + { 25878, true }, + { 25890, true }, + { 25901, true }, + { 25910, true }, + { 25920, true }, + { 25933, true }, + { 25943, true }, + { 25959, true }, + { 25968, true }, + { 25988, true }, + { 25995, true }, + { 26007, true }, + { 26020, true }, + { 26042, false }, + { 26058, true }, + { 26077, true }, + { 26085, true }, + { 26101, true }, + { 26112, true }, + { 26133, true }, + { 26143, true }, + { 26157, true }, + { 26166, true }, + { 26176, true }, + { 26187, true }, + { 26198, true }, + { 26209, true }, + { 26220, true }, + { 26232, true }, + { 26248, true }, + { 26265, false }, + { 26282, true }, + { 26304, true }, + { 26328, true }, + { 26354, true }, + { 26375, true }, + { 26388, true }, + { 26400, true }, + { 26414, true }, + { 26433, true }, + { 26454, true }, + { 26466, true }, + { 26480, true }, + { 26504, true }, + { 26536, true }, + { 26549, true }, + { 26562, true }, + { 26576, true }, + { 26591, true }, + { 26604, true }, + { 26620, true }, + { 26637, true }, + { 26648, true }, + { 26657, true }, + { 26671, true }, + { 26684, true }, + { 26698, true }, + { 26711, true }, + { 26723, true }, + { 26737, true }, + { 26749, true }, + { 26770, true }, + { 26778, false }, + { 26796, true }, + { 26819, true }, + { 26846, true }, + { 26861, true }, + { 26879, false }, + { 26900, false }, + { 26913, true }, + { 26921, true }, + { 26935, true }, + { 26949, true }, + { 26961, true }, + { 26981, true }, + { 26994, true }, + { 27007, true }, + { 27019, true }, + { 27036, true }, + { 27048, true }, + { 27075, true }, + { 27084, true }, + { 27098, true }, + { 27106, true }, + { 27123, true }, + { 27136, true }, + { 27149, true }, + { 27162, true }, + { 27181, true }, + { 27193, true }, + { 27203, true }, + { 27225, true }, + { 27242, true }, + { 27256, true }, + { 27267, true }, + { 27280, true }, + { 27293, true }, + { 27309, true }, + { 27330, true }, + { 27354, true }, + { 27366, true }, + { 27380, true }, + { 27404, true }, + { 27419, true }, + { 27442, true }, + { 27455, false }, + { 27471, true }, + { 27488, true }, + { 27514, true }, + { 27527, true }, + { 27546, true }, + { 27552, true }, + { 27564, true }, + { 27578, true }, + { 27591, true }, + { 27601, true }, + { 27612, true }, + { 27628, true }, + { 27640, true }, + { 27651, true }, + { 27661, true }, + { 27678, true }, + { 27692, true }, + { 27701, true }, + { 27720, true }, + { 27732, false }, + { 27744, true }, + { 27757, true }, + { 27768, true }, + { 27797, true }, + { 27823, true }, + { 27839, true }, + { 27852, true }, + { 27866, true }, + { 27881, true }, + { 27892, true }, + { 27902, true }, + { 27925, true }, + { 27941, true }, + { 27951, true }, + { 27967, true }, + { 27979, false }, + { 27998, true }, + { 28022, true }, + { 28050, true }, + { 28063, true }, + { 28077, false }, + { 28089, true }, + { 28102, true }, + { 28112, true }, + { 28126, true }, + { 28137, true }, + { 28155, true }, + { 28168, true }, + { 28182, true }, + { 28194, true }, + { 28206, true }, + { 28222, true }, + { 28238, true }, + { 28261, true }, + { 28275, true }, + { 28291, true }, + { 28315, false }, + { 28331, true }, + { 28342, true }, + { 28351, true }, + { 28360, true }, + { 28374, true }, + { 28382, true }, + { 28396, true }, + { 28406, true }, + { 28419, true }, + { 28428, true }, + { 28439, true }, + { 28459, true }, + { 28472, true }, + { 28481, true }, + { 28503, true }, + { 28516, true }, + { 28526, true }, + { 28538, true }, + { 28560, true }, + { 28575, true }, + { 28591, true }, + { 28608, true }, + { 28622, true }, + { 28634, true }, + { 28647, true }, + { 28673, true }, + { 28688, true }, + { 28706, true }, + { 28726, true }, + { 28739, true }, + { 28752, true }, + { 28770, true }, + { 28782, true }, + { 28796, true }, + { 28810, true }, + { 28819, true }, + { 28839, true }, + { 28851, true }, + { 28869, true }, + { 28889, true }, + { 28913, true }, + { 28939, true }, + { 28959, true }, + { 28968, true }, + { 28978, true }, + { 28991, true }, + { 29004, true }, + { 29016, true }, + { 29042, true }, + { 29052, true }, + { 29067, true }, + { 29081, true }, + { 29093, true }, + { 29107, true }, + { 29125, true }, + { 29143, true }, + { 29163, true }, + { 29188, true }, + { 29198, true }, + { 29214, true }, + { 29232, true }, + { 29243, true }, + { 29259, true }, + { 29279, true }, + { 29287, true }, + { 29309, true }, + { 29324, true }, + { 29335, true }, + { 29345, true }, + { 29367, true }, + { 29382, true }, + { 29401, true }, + { 29414, false }, + { 29429, true }, + { 29449, true }, + { 29460, true }, + { 29470, true }, + { 29488, true }, + { 29502, true }, + { 29514, true }, + { 29532, true }, + { 29541, true }, + { 29552, true }, + { 29572, true }, + { 29583, true }, + { 29603, true }, + { 29623, true }, + { 29635, true }, + { 29647, false }, + { 29661, true }, + { 29673, true }, + { 29690, true }, + { 29700, true }, + { 29713, false }, + { 29728, true }, + { 29740, true }, + { 29753, true }, + { 29765, true }, + { 29777, true }, + { 29797, true }, + { 29811, true }, + { 29824, true }, + { 29838, true }, + { 29850, true }, + { 29868, true }, + { 29880, true }, + { 29891, true }, + { 29902, true }, + { 29913, true }, + { 29926, true }, + { 29939, true }, + { 29954, true }, + { 29967, true }, + { 29978, true }, + { 30000, true }, + { 30023, true }, + { 30034, true }, + { 30049, true }, + { 30063, true }, + { 30079, true }, + { 30090, true }, + { 30100, true }, + { 30121, true }, + { 30132, true }, + { 30141, true }, + { 30161, true }, + { 30180, true }, + { 30194, true }, + { 30201, true }, + { 30212, true }, + { 30229, true }, + { 30243, true }, + { 30253, true }, + { 30266, true }, + { 30279, true }, + { 30291, true }, + { 30303, true }, + { 30320, true }, + { 30331, true }, + { 30344, true }, + { 30357, true }, + { 30367, true }, + { 30379, true }, + { 30397, true }, + { 30407, true }, + { 30421, true }, + { 30438, true }, + { 30448, true }, + { 30464, true }, + { 30475, true }, + { 30484, true }, + { 30495, true }, + { 30506, true }, + { 30517, true }, + { 30528, true }, + { 30542, true }, + { 30557, true }, + { 30576, true }, + { 30600, true }, + { 30618, true }, + { 30637, true }, + { 30654, true }, + { 30666, true }, + { 30682, true }, + { 30697, true }, + { 30712, true }, + { 30731, true }, + { 30747, true }, + { 30760, true }, + { 30779, true }, + { 30801, true }, + { 30827, true }, + { 30842, true }, + { 30855, true }, + { 30866, true }, + { 30876, true }, + { 30886, true }, + { 30896, false }, + { 30906, true }, + { 30921, true }, + { 30931, true }, + { 30940, true }, + { 30959, true }, + { 30976, true }, + { 30988, true }, + { 31000, true }, + { 31018, true }, + { 31032, true }, + { 31046, true }, + { 31056, true }, + { 31063, true }, + { 31073, true }, + { 31083, true }, + { 31091, false }, + { 31100, true }, + { 31116, true }, + { 31140, true }, + { 31165, true }, + { 31187, true }, + { 31205, true }, + { 31218, true }, + { 31238, true }, + { 31251, true }, + { 31272, true }, + { 31289, true }, + { 31312, true }, + { 31342, true }, + { 31357, true }, + { 31381, true }, + { 31397, true }, + { 31414, true }, + { 31432, true }, + { 31446, true }, + { 31471, true }, + { 31496, true }, + { 31518, true }, + { 31531, true }, + { 31551, true }, + { 31567, true }, + { 31587, true }, + { 31599, true }, + { 31619, true }, + { 31633, true }, + { 31654, true }, + { 31666, true }, + { 31683, true }, + { 31693, true }, + { 31706, true }, + { 31715, true }, + { 31725, true }, + { 31734, true }, + { 31742, true }, + { 31754, true }, + { 31769, true }, + { 31778, false }, + { 31787, false }, + { 31807, true }, + { 31828, true }, + { 31838, true }, + { 31845, true }, + { 31861, true }, + { 31877, true }, + { 31892, true }, + { 31901, true }, + { 31909, true }, + { 31925, true }, + { 31935, true }, + { 31955, true }, + { 31973, true }, + { 32000, true }, + { 32020, true }, + { 32034, true }, + { 32055, true }, + { 32082, true }, + { 32101, true }, + { 32118, true }, + { 32136, true }, + { 32164, true }, + { 32187, true }, + { 32202, true }, + { 32220, true }, + { 32228, true }, + { 32243, true }, + { 32257, true }, + { 32268, true }, + { 32277, true }, + { 32298, true }, + { 32318, true }, + { 32338, true }, + { 32348, true }, + { 32364, true }, + { 32376, true }, + { 32391, true }, + { 32403, true }, + { 32418, true }, + { 32433, true }, + { 32445, true }, + { 32468, true }, + { 32475, true }, + { 32488, true }, + { 32501, true }, + { 32524, true }, + { 32542, true }, + { 32564, true }, + { 32585, true }, + { 32605, true }, + { 32622, true }, + { 32648, true }, + { 32661, true }, + { 32678, true }, + { 32687, true }, + { 32709, true }, + { 32727, true }, + { 32739, true }, + { 32752, true }, + { 32766, true }, + { 32778, true }, + { 32790, true }, + { 32800, true }, + { 32814, true }, + { 32824, true }, + { 32839, true }, + { 32854, true }, + { 32865, true }, + { 32878, true }, + { 32896, true }, + { 32915, true }, + { 32927, true }, + { 32953, true }, + { 32967, true }, + { 32989, true }, + { 33002, true }, + { 33018, true }, + { 33033, true }, + { 33045, true }, + { 33053, true }, + { 33073, true }, + { 33091, true }, + { 33112, true }, + { 33133, true }, + { 33147, true }, + { 33163, true }, + { 33175, true }, + { 33188, false }, + { 33199, true }, + { 33213, true }, + { 33225, true }, + { 33237, true }, + { 33249, true }, + { 33261, true }, + { 33276, true }, + { 33286, true }, + { 33296, true }, + { 33312, true }, + { 33321, true }, + { 33331, true }, + { 33346, true }, + { 33368, true }, + { 33379, true }, + { 33404, true }, + { 33419, true }, + { 33432, true }, + { 33451, true }, + { 33466, true }, + { 33480, true }, + { 33496, true }, + { 33508, true }, + { 33520, true }, + { 33536, true }, + { 33555, true }, + { 33574, true }, + { 33586, true }, + { 33599, true }, + { 33614, true }, + { 33634, true }, + { 33645, true }, + { 33660, true }, + { 33673, true }, + { 33691, true }, + { 33721, true }, + { 33744, true }, + { 33757, true }, + { 33772, false }, + { 33780, true }, + { 33792, true }, + { 33814, true }, + { 33831, true }, + { 33841, true }, + { 33851, true }, + { 33859, true }, + { 33873, true }, + { 33889, true }, + { 33913, true }, + { 33945, true }, + { 33966, true }, + { 33976, true }, + { 33993, true }, + { 34014, false }, + { 34034, true }, + { 34063, true }, + { 34079, true }, + { 34101, true }, + { 34119, true }, + { 34134, true }, + { 34160, true }, + { 34179, true }, + { 34197, true }, + { 34223, true }, + { 34245, true }, + { 34263, true }, + { 34285, true }, + { 34297, true }, + { 34308, true }, + { 34330, true }, + { 34343, true }, + { 34359, true }, + { 34377, true }, + { 34394, true }, + { 34412, true }, + { 34425, true }, + { 34446, true }, + { 34471, true }, + { 34496, true }, + { 34514, true }, + { 34528, true }, + { 34543, true }, + { 34561, true }, + { 34586, true }, + { 34611, true }, + { 34635, true }, + { 34648, true }, + { 34663, true }, + { 34683, true }, + { 34697, true }, + { 34714, true }, + { 34742, true }, + { 34765, true }, + { 34780, true }, + { 34793, true }, + { 34806, true }, + { 34819, true }, + { 34843, true }, + { 34862, true }, + { 34878, true }, + { 34891, true }, + { 34904, true }, + { 34920, true }, + { 34939, true }, + { 34960, true }, + { 34989, true }, + { 34999, true }, + { 35012, true }, + { 35025, true }, + { 35037, true }, + { 35055, true }, + { 35063, true }, + { 35072, false }, + { 35088, true }, + { 35104, true }, + { 35114, true }, + { 35134, true }, + { 35146, true }, + { 35167, true }, + { 35184, true }, + { 35202, true }, + { 35212, true }, + { 35224, true }, + { 35232, true }, + { 35243, true }, + { 35254, true }, + { 35272, true }, + { 35280, true }, + { 35292, true }, + { 35301, true }, + { 35310, false }, + { 35322, false }, + { 35334, true }, + { 35358, true }, + { 35376, true }, + { 35396, true }, + { 35407, true }, + { 35420, true }, + { 35429, true }, + { 35443, true }, + { 35465, true }, + { 35475, true }, + { 35484, true }, + { 35495, true }, + { 35503, true }, + { 35513, true }, + { 35522, true }, + { 35534, true }, + { 35546, true }, + { 35555, true }, + { 35566, true }, + { 35574, true }, + { 35584, true }, + { 35595, false }, + { 35607, true }, + { 35620, true }, + { 35641, true }, + { 35653, true }, + { 35668, true }, + { 35681, true }, + { 35689, true }, + { 35705, false }, + { 35715, true }, + { 35738, true }, + { 35762, true }, + { 35771, true }, + { 35779, true }, + { 35806, true }, + { 35814, true }, + { 35821, true }, + { 35838, true }, + { 35857, true }, + { 35878, true }, + { 35889, true }, + { 35898, true }, + { 35907, true }, + { 35924, true }, + { 35942, true }, + { 35953, true }, + { 35969, true }, + { 35981, true }, + { 35992, true }, + { 36003, true }, + { 36014, true }, + { 36026, true }, + { 36038, false }, + { 36047, true }, + { 36063, true }, + { 36072, true }, + { 36081, true }, + { 36091, true }, + { 36101, true }, + { 36112, true }, + { 36121, true }, + { 36131, true }, + { 36146, true }, + { 36156, true }, + { 36182, true }, + { 36194, true }, + { 36212, true }, + { 36226, true }, + { 36237, true }, + { 36268, true }, + { 36288, false }, + { 36304, true }, + { 36322, false }, + { 36342, true }, + { 36354, true }, + { 36364, true }, + { 36374, true }, + { 36386, true }, + { 36399, true }, + { 36409, true }, + { 36423, true }, + { 36432, true }, + { 36442, true }, + { 36452, true }, + { 36461, true }, + { 36469, true }, + { 36479, true }, + { 36491, true }, + { 36503, true }, + { 36515, true }, + { 36525, true }, + { 36541, true }, + { 36555, true }, + { 36572, true }, + { 36588, true }, + { 36603, true }, + { 36615, true }, + { 36623, true }, + { 36634, false }, + { 36644, true }, + { 36661, true }, + { 36673, true }, + { 36695, true }, + { 36702, true }, + { 36711, true }, + { 36719, true }, + { 36729, true }, + { 36743, true }, + { 36773, true }, + { 36788, true }, + { 36797, true }, + { 36811, true }, + { 36823, true }, + { 36844, true }, + { 36859, true }, + { 36871, true }, + { 36886, true }, + { 36910, true }, + { 36927, true }, + { 36944, true }, + { 36962, true }, + { 36975, true }, + { 36987, true }, + { 37010, true }, + { 37021, true }, + { 37030, true }, + { 37041, true }, + { 37066, true }, + { 37082, true }, + { 37096, true }, + { 37116, true }, + { 37131, true }, + { 37149, true }, + { 37167, true }, + { 37182, true }, + { 37196, true }, + { 37211, true }, + { 37230, true }, + { 37245, true }, + { 37266, true }, + { 37279, true }, + { 37295, true }, + { 37319, true }, + { 37329, true }, + { 37339, true }, + { 37348, true }, + { 37357, true }, + { 37367, true }, + { 37378, true }, + { 37403, true }, + { 37432, true }, + { 37445, true }, + { 37455, true }, + { 37470, true }, + { 37484, true }, + { 37501, false }, + { 37509, false }, + { 37518, true }, + { 37532, true }, + { 37539, false }, + { 37556, true }, + { 37571, true }, + { 37583, true }, + { 37598, true }, + { 37608, true }, + { 37627, true }, + { 37644, true }, + { 37656, false }, + { 37663, true }, + { 37689, true }, + { 37702, true }, + { 37714, true }, + { 37733, true }, + { 37760, true }, + { 37781, true }, + { 37795, true }, + { 37810, true }, + { 37834, true }, + { 37843, true }, + { 37855, true }, + { 37867, true }, + { 37881, true }, + { 37896, true }, + { 37908, true }, + { 37917, true }, + { 37936, true }, + { 37952, true }, + { 37970, true }, + { 37987, true }, + { 38006, true }, + { 38036, true }, + { 38046, true }, + { 38063, true }, + { 38076, true }, + { 38094, true }, + { 38104, true }, + { 38121, true }, + { 38143, true }, + { 38156, true }, + { 38172, true }, + { 38182, true }, + { 38195, true }, + { 38209, true }, + { 38223, true }, + { 38235, true }, + { 38255, true }, + { 38270, true }, + { 38286, true }, + { 38314, true }, + { 38328, true }, + { 38343, true }, + { 38357, true }, + { 38366, true }, + { 38377, true }, + { 38395, true }, + { 38409, true }, + { 38424, true }, + { 38436, true }, + { 38448, true }, + { 38462, true }, + { 38479, true }, + { 38490, true }, + { 38501, true }, + { 38512, true }, + { 38525, true }, + { 38548, true }, + { 38563, true }, + { 38578, false }, + { 38594, true }, + { 38616, true }, + { 38634, true }, + { 38651, true }, + { 38669, true }, + { 38688, true }, + { 38699, true }, + { 38712, true }, + { 38729, true }, + { 38749, true }, + { 38776, true }, + { 38803, true }, + { 38821, true }, + { 38839, true }, + { 38851, true }, + { 38860, true }, + { 38873, true }, + { 38889, true }, + { 38911, true }, + { 38928, true }, + { 38950, true }, + { 38970, true }, + { 38987, true }, + { 39002, true }, + { 39021, true }, + { 39036, true }, + { 39050, true }, + { 39061, true }, + { 39084, true }, + { 39096, true }, + { 39109, true }, + { 39122, true }, + { 39135, true }, + { 39153, true }, + { 39171, true }, + { 39189, true }, + { 39206, true }, + { 39231, true }, + { 39243, true }, + { 39257, true }, + { 39274, true }, + { 39294, true }, + { 39304, true }, + { 39320, true }, + { 39333, true }, + { 39346, true }, + { 39362, true }, + { 39375, true }, + { 39388, true }, + { 39401, true }, + { 39410, true }, + { 39427, true }, + { 39438, true }, + { 39449, true }, + { 39463, true }, + { 39474, true }, + { 39491, true }, + { 39501, true }, + { 39515, true }, + { 39528, true }, + { 39537, true }, + { 39546, true }, + { 39556, true }, + { 39569, true }, + { 39580, true }, + { 39594, true }, + { 39604, true }, + { 39614, true }, + { 39625, true }, + { 39648, true }, + { 39674, true }, + { 39694, true }, + { 39714, true }, + { 39736, true }, + { 39751, true }, + { 39764, true }, + { 39783, true }, + { 39811, true }, + { 39820, true }, + { 39841, true }, + { 39861, true }, + { 39871, true }, + { 39897, true }, + { 39918, true }, + { 39935, true }, + { 39955, true }, + { 39974, true }, + { 39989, true }, + { 40001, true }, + { 40014, true }, + { 40026, true }, + { 40046, true }, + { 40064, true }, + { 40075, true }, + { 40092, true }, + { 40105, true }, + { 40118, true }, + { 40129, true }, + { 40142, true }, + { 40154, true }, + { 40171, true }, + { 40185, true }, + { 40216, true }, + { 40226, true }, + { 40238, true }, + { 40251, true }, + { 40262, true }, + { 40273, true }, + { 40287, false }, + { 40305, true }, + { 40322, true }, + { 40338, true }, + { 40353, true }, + { 40377, true }, + { 40393, true }, + { 40421, true }, + { 40440, true }, + { 40450, true }, + { 40463, true }, + { 40485, true }, + { 40496, true }, + { 40519, true }, + { 40543, true }, + { 40556, true }, + { 40567, true }, + { 40584, true }, + { 40600, true }, + { 40616, true }, + { 40631, true }, + { 40647, true }, + { 40662, true }, + { 40677, true }, + { 40694, true }, + { 40713, true }, + { 40725, true }, + { 40752, true }, + { 40764, true }, + { 40782, false }, + { 40794, true }, + { 40803, true }, + { 40812, true }, + { 40821, true }, + { 40840, true }, + { 40852, true }, + { 40866, true }, + { 40881, true }, + { 40898, true }, + { 40914, true }, + { 40924, true }, + { 40933, true }, + { 40951, true }, + { 40962, true }, + { 40974, true }, + { 40982, true }, + { 41000, true }, + { 41010, true }, + { 41027, true }, + { 41038, true }, + { 41052, true }, + { 41070, true }, + { 41080, true }, + { 41087, true }, + { 41114, true }, + { 41123, true }, + { 41137, true }, + { 41150, true }, + { 41164, true }, + { 41174, true }, + { 41187, true }, + { 41211, false }, + { 41222, true }, + { 41240, true }, + { 41265, true }, + { 41272, true }, + { 41284, true }, + { 41296, true }, + { 41317, true }, + { 41330, true }, + { 41347, false }, + { 41367, true }, + { 41379, true }, + { 41395, true }, + { 41407, true }, + { 41426, true }, + { 41439, false }, + { 41453, true }, + { 41466, true }, + { 41486, true }, + { 41499, true }, + { 41516, true }, + { 41530, true }, + { 41548, true }, + { 41568, true }, + { 41588, true }, + { 41604, true }, + { 41616, true }, + { 41630, true }, + { 41645, true }, + { 41658, true }, + { 41667, true }, + { 41685, true }, + { 41695, true }, + { 41712, true }, + { 41733, true }, + { 41756, false }, + { 41775, true }, + { 41786, true }, + { 41794, true }, + { 41805, true }, + { 41819, true }, + { 41838, true }, + { 41864, true }, + { 41887, true }, + { 41912, true }, + { 41926, true }, + { 41943, true }, + { 41959, true }, + { 41972, true }, + { 41983, true }, + { 41993, true }, + { 42009, true }, + { 42023, true }, + { 42036, true }, + { 42050, true }, + { 42063, true }, + { 42077, true }, + { 42092, true }, + { 42104, true }, + { 42119, true }, + { 42138, true }, + { 42157, true }, + { 42174, true }, + { 42190, true }, + { 42210, true }, + { 42227, true }, + { 42243, true }, + { 42253, true }, + { 42268, true }, + { 42286, true }, + { 42299, true }, + { 42314, true }, + { 42327, true }, + { 42343, true }, + { 42357, true }, + { 42371, true }, + { 42390, true }, + { 42403, true }, + { 42423, true }, + { 42435, true }, + { 42458, true }, + { 42470, true }, + { 42493, true }, + { 42506, true }, + { 42521, true }, + { 42538, true }, + { 42550, true }, + { 42566, true }, + { 42591, true }, + { 42602, true }, + { 42614, true }, + { 42629, true }, + { 42657, false }, + { 42676, true }, + { 42691, true }, + { 42707, true }, + { 42718, true }, + { 42728, true }, + { 42741, true }, + { 42757, true }, + { 42770, true }, + { 42780, true }, + { 42791, true }, + { 42802, true }, + { 42813, true }, + { 42824, true }, + { 42835, true }, + { 42846, true }, + { 42857, true }, + { 42885, true }, + { 42907, false }, + { 42921, true }, + { 42933, true }, + { 42953, true }, + { 42970, true }, + { 42996, true }, + { 43005, true }, + { 43017, true }, + { 43029, true }, + { 43040, true }, + { 43068, false }, + { 43087, true }, + { 43101, true }, + { 43111, true }, + { 43122, true }, + { 43149, true }, + { 43170, true }, + { 43181, true }, + { 43191, true }, + { 43218, true }, + { 43233, true }, + { 43245, true }, + { 43256, true }, + { 43277, false }, + { 43292, true }, + { 43305, true }, + { 43315, true }, + { 43326, true }, + { 43339, true }, + { 43350, true }, + { 43362, true }, + { 43377, true }, + { 43391, true }, + { 43405, true }, + { 43427, true }, + { 43440, true }, + { 43455, true }, + { 43474, true }, + { 43495, true }, + { 43505, true }, + { 43519, true }, + { 43539, true }, + { 43559, true }, + { 43569, true }, + { 43582, true }, + { 43596, true }, + { 43610, true }, + { 43627, true }, + { 43645, true }, + { 43664, true }, + { 43677, true }, + { 43692, true }, + { 43713, true }, + { 43725, true }, + { 43743, true }, + { 43764, true }, + { 43784, true }, + { 43802, true }, + { 43820, true }, + { 43838, true }, + { 43852, true }, + { 43865, true }, + { 43884, false }, + { 43898, true }, + { 43929, true }, + { 43948, true }, + { 43958, true }, + { 43977, true }, + { 43988, true }, + { 43998, true }, + { 44014, true }, + { 44029, true }, + { 44053, true }, + { 44068, true }, + { 44082, true }, + { 44104, true }, + { 44118, true }, + { 44131, true }, + { 44144, true }, + { 44157, true }, + { 44174, true }, + { 44187, true }, + { 44204, true }, + { 44234, true }, + { 44253, true }, + { 44262, true }, + { 44276, true }, + { 44292, true }, + { 44303, true }, + { 44321, true }, + { 44337, true }, + { 44357, true }, + { 44371, true }, + { 44387, true }, + { 44396, true }, + { 44417, true }, + { 44438, true }, + { 44456, true }, + { 44466, true }, + { 44495, true }, + { 44523, true }, + { 44540, true }, + { 44566, true }, + { 44581, true }, + { 44603, true }, + { 44626, true }, + { 44634, true }, + { 44643, true }, + { 44654, true }, + { 44664, true }, + { 44677, true }, + { 44687, true }, + { 44706, true }, + { 44723, true }, + { 44732, true }, + { 44749, true }, + { 44766, true }, + { 44791, true }, + { 44804, true }, + { 44824, true }, + { 44845, true }, + { 44855, true }, + { 44867, true }, + { 44878, true }, + { 44888, true }, + { 44901, true }, + { 44914, true }, + { 44924, true }, + { 44945, true }, + { 44958, true }, + { 44976, true }, + { 44997, true }, + { 45016, true }, + { 45040, true }, + { 45066, true }, + { 45086, true }, + { 45104, true }, + { 45119, true }, + { 45134, true }, + { 45150, true }, + { 45169, true }, + { 45187, true }, + { 45203, true }, + { 45221, true }, + { 45244, true }, + { 45266, true }, + { 45283, true }, + { 45297, true }, + { 45323, true }, + { 45341, true }, + { 45359, true }, + { 45381, true }, + { 45397, true }, + { 45411, true }, + { 45428, true }, + { 45448, true }, + { 45459, true }, + { 45472, true }, + { 45484, true }, + { 45496, true }, + { 45508, true }, + { 45524, true }, + { 45535, true }, + { 45550, true }, + { 45562, true }, + { 45570, true }, + { 45589, true }, + { 45602, true }, + { 45624, true }, + { 45642, true }, + { 45651, true }, + { 45671, true }, + { 45682, true }, + { 45704, true }, + { 45721, true }, + { 45736, true }, + { 45748, true }, + { 45766, true }, + { 45780, true }, + { 45809, true }, + { 45825, true }, + { 45844, true }, + { 45865, true }, + { 45882, true }, + { 45896, true }, + { 45910, true }, + { 45923, true }, + { 45935, true }, + { 45946, true }, + { 45956, true }, + { 45986, false }, + { 46011, true }, + { 46027, true }, + { 46040, true }, + { 46051, true }, + { 46070, true }, + { 46097, true }, + { 46109, true }, + { 46124, true }, + { 46141, true }, + { 46159, true }, + { 46177, true }, + { 46186, true }, + { 46202, true }, + { 46222, true }, + { 46233, true }, + { 46253, true }, + { 46273, true }, + { 46292, true }, + { 46311, true }, + { 46329, true }, + { 46346, true }, + { 46372, true }, + { 46388, true }, + { 46402, true }, + { 46414, true }, + { 46425, true }, + { 46440, true }, + { 46453, true }, + { 46471, true }, + { 46489, true }, + { 46497, false }, + { 46506, true }, + { 46520, true }, + { 46534, true }, + { 46548, true }, + { 46565, true }, + { 46577, true }, + { 46592, true }, + { 46600, true }, + { 46614, true }, + { 46625, true }, + { 46637, true }, + { 46651, true }, + { 46666, true }, + { 46676, true }, + { 46685, true }, + { 46698, true }, + { 46711, true }, + { 46725, true }, + { 46735, true }, + { 46748, true }, + { 46759, false }, + { 46779, true }, + { 46791, true }, + { 46814, true }, + { 46832, true }, + { 46850, true }, + { 46862, true }, + { 46877, true }, + { 46886, true }, + { 46901, true }, + { 46914, true }, + { 46926, true }, + { 46940, true }, + { 46955, true }, + { 46970, true }, + { 46988, true }, + { 47001, true }, + { 47012, true }, + { 47022, true }, + { 47034, true }, + { 47053, true }, + { 47073, true }, + { 47086, true }, + { 47105, true }, + { 47115, true }, + { 47130, true }, + { 47149, true }, + { 47170, true }, + { 47182, true }, + { 47197, true }, + { 47212, true }, + { 47220, true }, + { 47235, true }, + { 47250, true }, + { 47263, true }, + { 47273, true }, + { 47285, true }, + { 47300, true }, + { 47317, true }, + { 47342, true }, + { 47358, true }, + { 47387, true }, + { 47409, true }, + { 47425, true }, + { 47444, true }, + { 47467, true }, + { 47483, true }, + { 47507, true }, + { 47528, true }, + { 47537, true }, + { 47550, true }, + { 47571, true }, + { 47592, true }, + { 47621, true }, + { 47631, true }, + { 47645, true }, + { 47665, true }, + { 47685, true }, + { 47702, true }, + { 47716, true }, + { 47731, true }, + { 47742, true }, + { 47758, true }, + { 47784, true }, + { 47797, true }, + { 47811, true }, + { 47830, true }, + { 47845, false }, + { 47864, false }, + { 47882, true }, + { 47894, true }, + { 47908, true }, + { 47920, true }, + { 47938, true }, + { 47953, true }, + { 47975, true }, + { 47987, true }, + { 47997, true }, + { 48009, true }, + { 48019, true }, + { 48034, true }, + { 48050, true }, + { 48069, true }, + { 48091, true }, + { 48109, true }, + { 48124, true }, + { 48137, true }, + { 48164, true }, + { 48184, true }, + { 48198, false }, + { 48210, true }, + { 48225, true }, + { 48246, true }, + { 48262, true }, + { 48277, true }, + { 48289, true }, + { 48318, true }, + { 48329, true }, + { 48343, true }, + { 48358, true }, + { 48368, true }, + { 48376, true }, + { 48393, true }, + { 48415, true }, + { 48435, true }, + { 48452, true }, + { 48470, true }, + { 48484, true }, + { 48504, true }, + { 48516, true }, + { 48525, true }, + { 48540, true }, + { 48555, true }, + { 48569, true }, + { 48586, true }, + { 48601, true }, + { 48612, true }, + { 48630, true }, + { 48640, true }, + { 48663, true }, + { 48677, true }, + { 48693, true }, + { 48715, true }, + { 48733, true }, + { 48745, true }, + { 48756, true }, + { 48768, true }, + { 48783, true }, + { 48795, true }, + { 48812, true }, + { 48826, true }, + { 48856, true }, + { 48867, false }, + { 48880, true }, + { 48892, true }, + { 48910, true }, + { 48924, true }, + { 48936, true }, + { 48953, true }, + { 48971, true }, + { 48982, true }, + { 48995, true }, + { 49011, true }, + { 49023, true }, + { 49046, true }, + { 49065, true }, + { 49078, true }, + { 49094, true }, + { 49102, true }, + { 49114, true }, + { 49124, true }, + { 49137, true }, + { 49159, true }, + { 49182, true }, + { 49204, true }, + { 49220, true }, + { 49238, true }, + { 49255, true }, + { 49279, true }, + { 49299, true }, + { 49315, true }, + { 49327, true }, + { 49354, true }, + { 49370, true }, + { 49386, true }, + { 49397, true }, + { 49409, true }, + { 49424, true }, + { 49433, true }, + { 49447, true }, + { 49462, true }, + { 49472, true }, + { 49485, true }, + { 49499, true }, + { 49516, true }, + { 49527, true }, + { 49536, true }, + { 49547, true }, + { 49559, true }, + { 49573, true }, + { 49586, true }, + { 49600, true }, + { 49613, true }, + { 49631, true }, + { 49649, true }, + { 49662, true }, + { 49673, true }, + { 49687, true }, + { 49699, true }, + { 49710, true }, + { 49721, true }, + { 49734, true }, + { 49746, true }, + { 49757, true }, + { 49776, true }, + { 49797, true }, + { 49813, true }, + { 49828, true }, + { 49842, true }, + { 49859, true }, + { 49879, true }, + { 49904, true }, + { 49922, true }, + { 49934, true }, + { 49946, true }, + { 49958, true }, + { 49971, true }, + { 49980, true }, + { 49995, true }, + { 50009, true }, + { 50022, true }, + { 50034, true }, + { 50044, true }, + { 50058, true }, + { 50073, true }, + { 50093, true }, + { 50116, true }, + { 50135, true }, + { 50149, true }, + { 50160, true }, + { 50174, true }, + { 50185, true }, + { 50196, true }, + { 50206, true }, + { 50220, true }, + { 50230, true }, + { 50241, true }, + { 50253, true }, + { 50266, true }, + { 50277, true }, + { 50289, true }, + { 50300, true }, + { 50315, true }, + { 50327, true }, + { 50340, true }, + { 50354, true }, + { 50366, true }, + { 50380, true }, + { 50392, true }, + { 50405, true }, + { 50416, true }, + { 50427, true }, + { 50452, true }, + { 50468, false }, + { 50480, true }, + { 50497, true }, + { 50511, true }, + { 50524, true }, + { 50535, true }, + { 50546, true }, + { 50565, true }, + { 50580, true }, + { 50591, true }, + { 50607, true }, + { 50617, true }, + { 50627, true }, + { 50641, true }, + { 50658, true }, + { 50669, true }, + { 50683, true }, + { 50695, true }, + { 50705, true }, + { 50714, true }, + { 50728, true }, + { 50747, true }, + { 50764, true }, + { 50785, true }, + { 50808, true }, + { 50825, true }, + { 50848, true }, + { 50861, true }, + { 50874, true }, + { 50886, true }, + { 50898, true }, + { 50912, true }, + { 50925, true }, + { 50938, true }, + { 50954, true }, + { 50968, true }, + { 50985, true }, + { 51002, true }, + { 51015, true }, + { 51028, true }, + { 51041, true }, + { 51054, true }, + { 51067, true }, + { 51080, true }, + { 51093, true }, + { 51106, true }, + { 51119, true }, + { 51132, true }, + { 51145, true }, + { 51158, true }, + { 51171, true }, + { 51184, true }, + { 51203, true }, + { 51218, true }, + { 51232, true }, + { 51245, true }, + { 51256, true }, + { 51272, true }, + { 51290, true }, + { 51302, true }, + { 51315, true }, + { 51337, true }, + { 51357, true }, + { 51369, true }, + { 51392, true }, + { 51416, true }, + { 51434, true }, + { 51454, true }, + { 51467, true }, + { 51486, true }, + { 51502, true }, + { 51516, true }, + { 51531, true }, + { 51552, true }, + { 51574, true }, + { 51586, true }, + { 51597, true }, + { 51616, true }, + { 51635, true }, + { 51650, true }, + { 51666, true }, + { 51679, true }, + { 51694, true }, + { 51712, true }, + { 51728, true }, + { 51744, true }, + { 51770, true }, + { 51785, true }, + { 51804, true }, + { 51814, true }, + { 51828, true }, + { 51842, true }, + { 51857, true }, + { 51876, true }, + { 51885, true }, + { 51911, true }, + { 51928, true }, + { 51958, true }, + { 51969, true }, + { 51985, true }, + { 51995, true }, + { 52011, true }, + { 52030, true }, + { 52051, true }, + { 52065, true }, + { 52081, true }, + { 52103, true }, + { 52114, true }, + { 52139, true }, + { 52151, true }, + { 52162, true }, + { 52173, true }, + { 52187, true }, + { 52207, true }, + { 52222, true }, + { 52237, true }, + { 52256, true }, + { 52269, true }, + { 52279, true }, + { 52293, true }, + { 52313, true }, + { 52335, true }, + { 52354, true }, + { 52368, true }, + { 52382, true }, + { 52390, true }, + { 52403, true }, + { 52417, true }, + { 52432, true }, + { 52446, true }, + { 52459, true }, + { 52475, true }, + { 52486, true }, + { 52495, true }, + { 52503, true }, + { 52518, true }, + { 52530, true }, + { 52546, true }, + { 52568, true }, + { 52582, true }, + { 52597, true }, + { 52613, true }, + { 52625, true }, + { 52639, true }, + { 52655, true }, + { 52667, false }, + { 52683, false }, + { 52700, true }, + { 52713, true }, + { 52725, true }, + { 52738, true }, + { 52753, true }, + { 52770, true }, + { 52786, true }, + { 52804, true }, + { 52819, true }, + { 52835, true }, + { 52849, true }, + { 52867, true }, + { 52892, true }, + { 52908, true }, + { 52923, true }, + { 52933, true }, + { 52953, true }, + { 52966, true }, + { 52982, true }, + { 52998, true }, + { 53018, true }, + { 53035, true }, + { 53053, true }, + { 53064, true }, + { 53073, true }, + { 53082, true }, + { 53091, true }, + { 53103, true }, + { 53119, true }, + { 53135, true }, + { 53146, true }, + { 53159, true }, + { 53174, true }, + { 53188, true }, + { 53198, true }, + { 53212, true }, + { 53226, true }, + { 53238, true }, + { 53250, true }, + { 53275, true }, + { 53291, true }, + { 53315, true }, + { 53328, true }, + { 53342, true }, + { 53355, true }, + { 53376, true }, + { 53396, true }, + { 53410, true }, + { 53425, true }, + { 53448, true }, + { 53466, true }, + { 53475, true }, + { 53486, true }, + { 53496, true }, + { 53506, true }, + { 53517, true }, + { 53538, true }, + { 53555, true }, + { 53573, true }, + { 53589, true }, + { 53614, true }, + { 53636, true }, + { 53649, true }, + { 53662, true }, + { 53673, true }, + { 53684, true }, + { 53692, true }, + { 53711, true }, + { 53721, true }, + { 53734, true }, + { 53762, true }, + { 53779, true }, + { 53792, true }, + { 53817, true }, + { 53825, true }, + { 53834, true }, + { 53852, true }, + { 53864, true }, + { 53873, true }, + { 53891, true }, + { 53901, true }, + { 53918, true }, + { 53931, true }, + { 53944, true }, + { 53956, true }, + { 53972, true }, + { 53981, true }, + { 53992, true }, + { 54003, true }, + { 54018, true }, + { 54038, true }, + { 54051, true }, + { 54063, true }, + { 54075, true }, + { 54091, true }, + { 54101, true }, + { 54112, true }, + { 54126, true }, + { 54140, true }, + { 54164, true }, + { 54177, true }, + { 54188, true }, + { 54208, true }, + { 54230, true }, + { 54246, true }, + { 54264, true }, + { 54286, true }, + { 54308, true }, + { 54323, true }, + { 54339, true }, + { 54350, true }, + { 54372, true }, + { 54390, true }, + { 54400, true }, + { 54414, true }, + { 54423, true }, + { 54432, true }, + { 54445, true }, + { 54461, true }, + { 54476, true }, + { 54496, true }, + { 54513, true }, + { 54524, true }, + { 54543, true }, + { 54562, true }, + { 54574, true }, + { 54591, true }, + { 54605, true }, + { 54632, true }, + { 54645, false }, + { 54653, true }, + { 54663, true }, + { 54674, true }, + { 54691, true }, + { 54705, true }, + { 54715, true }, + { 54725, true }, + { 54735, true }, + { 54745, true }, + { 54759, true }, + { 54775, true }, + { 54798, true }, + { 54815, true }, + { 54826, true }, + { 54838, true }, + { 54857, true }, + { 54873, true }, + { 54883, true }, + { 54897, true }, + { 54907, true }, + { 54921, true }, + { 54941, true }, + { 54961, true }, + { 54976, true }, + { 54996, true }, + { 55006, true }, + { 55034, true }, + { 55049, true }, + { 55064, true }, + { 55079, true }, + { 55094, true }, + { 55108, true }, + { 55120, true }, + { 55136, true }, + { 55147, true }, + { 55159, true }, + { 55170, true }, + { 55196, true }, + { 55214, true }, + { 55228, true }, + { 55242, true }, + { 55262, true }, + { 55279, true }, + { 55291, true }, + { 55317, true }, + { 55329, true }, + { 55344, true }, + { 55358, true }, + { 55386, true }, + { 55403, true }, + { 55411, true }, + { 55426, true }, + { 55439, true }, + { 55453, true }, + { 55467, true }, + { 55481, true }, + { 55493, true }, + { 55503, true }, + { 55512, true }, + { 55523, true }, + { 55533, true }, + { 55543, true }, + { 55552, true }, + { 55561, true }, + { 55573, true }, + { 55599, true }, + { 55609, true }, + { 55619, false }, + { 55629, true }, + { 55642, true }, + { 55651, true }, + { 55663, true }, + { 55674, true }, + { 55690, true }, + { 55710, true }, + { 55728, true }, + { 55746, true }, + { 55764, true }, + { 55782, true }, + { 55795, true }, + { 55807, true }, + { 55819, true }, + { 55837, true }, + { 55849, true }, + { 55863, true }, + { 55877, true }, + { 55885, true }, + { 55902, true }, + { 55917, true }, + { 55926, true }, + { 55947, true }, + { 55957, true }, + { 55971, true }, + { 55984, true }, + { 56003, true }, + { 56029, true }, + { 56043, true }, + { 56050, true }, + { 56060, true }, + { 56082, true }, + { 56110, true }, + { 56132, true }, + { 56142, true }, + { 56152, true }, + { 56163, true }, + { 56175, true }, + { 56183, true }, + { 56199, true }, + { 56214, true }, + { 56235, true }, + { 56254, true }, + { 56272, true }, + { 56290, true }, + { 56306, true }, + { 56324, true }, + { 56344, true }, + { 56361, true }, + { 56375, true }, + { 56391, true }, + { 56406, true }, + { 56423, true }, + { 56448, true }, + { 56472, true }, + { 56496, true }, + { 56523, true }, + { 56549, true }, + { 56571, true }, + { 56585, true }, + { 56610, true }, + { 56638, true }, + { 56660, true }, + { 56684, true }, + { 56710, true }, + { 56732, true }, + { 56747, true }, + { 56768, true }, + { 56791, true }, + { 56811, true }, + { 56827, true }, + { 56851, true }, + { 56880, true }, + { 56900, true }, + { 56920, true }, + { 56942, true }, + { 56961, true }, + { 56989, true }, + { 57012, true }, + { 57035, true }, + { 57067, true }, + { 57090, true }, + { 57108, true }, + { 57129, true }, + { 57150, true }, + { 57172, true }, + { 57194, true }, + { 57220, true }, + { 57241, true }, + { 57260, true }, + { 57292, true }, + { 57323, true }, + { 57353, true }, + { 57384, true }, + { 57408, true }, + { 57429, true }, + { 57450, true }, + { 57472, true }, + { 57500, true }, + { 57518, true }, + { 57538, true }, + { 57552, true }, + { 57568, true }, + { 57593, true }, + { 57625, true }, + { 57645, true }, + { 57672, true }, + { 57701, true }, + { 57734, true }, + { 57765, true }, + { 57798, true }, + { 57827, true }, + { 57861, true }, + { 57888, true }, + { 57920, true }, + { 57948, true }, + { 57978, true }, + { 58005, true }, + { 58034, true }, + { 58063, true }, + { 58092, true }, + { 58123, true }, + { 58156, true }, + { 58178, true }, + { 58215, true }, + { 58238, true }, + { 58255, true }, + { 58279, true }, + { 58303, true }, + { 58332, true }, + { 58354, true }, + { 58381, true }, + { 58408, true }, + { 58439, true }, + { 58465, true }, + { 58488, true }, + { 58517, true }, + { 58534, true }, + { 58551, true }, + { 58572, true }, + { 58591, true }, + { 58619, true }, + { 58638, true }, + { 58658, true }, + { 58676, true }, + { 58703, true }, + { 58720, true }, + { 58738, true }, + { 58759, true }, + { 58776, true }, + { 58793, true }, + { 58812, true }, + { 58831, true }, + { 58848, true }, + { 58860, true }, + { 58878, true }, + { 58891, true }, + { 58907, true }, + { 58917, false }, + { 58939, false }, + { 58964, false }, + { 58988, true }, + { 59013, true }, + { 59036, true }, + { 59064, true }, + { 59074, true }, + { 59087, true }, + { 59112, true }, + { 59130, true }, + { 59142, false }, + { 59156, true }, + { 59166, true }, + { 59179, true }, + { 59189, true }, + { 59199, true }, + { 59209, true }, + { 59219, true }, + { 59229, true }, + { 59239, true }, + { 59249, true }, + { 59263, true }, + { 59280, true }, + { 59289, true }, + { 59303, true }, + { 59321, true }, + { 59333, true }, + { 59344, true }, + { 59356, true }, + { 59363, true }, + { 59397, true }, + { 59422, true }, + { 59436, true }, + { 59447, true }, + { 59462, true }, + { 59470, true }, + { 59484, true }, + { 59491, true }, + { 59498, false }, + { 59518, false }, + { 59527, true }, + { 59537, true }, + { 59548, true }, + { 59569, true }, + { 59588, true }, + { 59613, true }, + { 59635, true }, + { 59650, true }, + { 59662, true }, + { 59677, true }, + { 59696, true }, + { 59721, true }, + { 59741, true }, + { 59757, true }, + { 59770, true }, + { 59785, true }, + { 59803, true }, + { 59818, true }, + { 59829, true }, + { 59844, true }, + { 59857, true }, + { 59871, true }, + { 59883, true }, + { 59896, true }, + { 59910, true }, + { 59925, true }, + { 59942, true }, + { 59955, true }, + { 59977, true }, + { 59993, true }, + { 60009, true }, + { 60022, true }, + { 60034, true }, + { 60058, true }, + { 60073, true }, + { 60088, true }, + { 60098, true }, + { 60107, true }, + { 60129, true }, + { 60141, true }, + { 60166, true }, + { 60190, true }, + { 60209, true }, + { 60223, true }, + { 60239, true }, + { 60258, true }, + { 60275, true }, + { 60290, true }, + { 60309, true }, + { 60332, true }, + { 60353, true }, + { 60363, true }, + { 60373, true }, + { 60393, true }, + { 60405, true }, + { 60425, true }, + { 60443, true }, + { 60463, true }, + { 60491, false }, + { 60504, true }, + { 60518, true }, + { 60536, true }, + { 60550, true }, + { 60567, true }, + { 60584, true }, + { 60600, true }, + { 60609, true }, + { 60624, true }, + { 60640, true }, + { 60650, true }, + { 60669, true }, + { 60690, true }, + { 60710, true }, + { 60727, true }, + { 60742, true }, + { 60751, true }, + { 60759, true }, + { 60766, true }, + { 60783, true }, + { 60799, true }, + { 60818, true }, + { 60828, true }, + { 60843, true }, + { 60857, true }, + { 60871, true }, + { 60886, true }, + { 60901, true }, + { 60915, true }, + { 60929, true }, + { 60944, true }, + { 60955, false }, + { 60971, false }, + { 60988, true }, + { 60999, true }, + { 61013, true }, + { 61024, true }, + { 61034, true }, + { 61044, true }, + { 61064, true }, + { 61084, true }, + { 61095, true }, + { 61110, true }, + { 61129, true }, + { 61148, true }, + { 61165, true }, + { 61177, true }, + { 61196, true }, + { 61210, true }, + { 61228, true }, + { 61244, true }, + { 61259, true }, + { 61271, true }, + { 61284, true }, + { 61298, true }, + { 61313, true }, + { 61324, true }, + { 61335, true }, + { 61351, true }, + { 61377, true }, + { 61393, true }, + { 61409, true }, + { 61426, true }, + { 61444, true }, + { 61459, true }, + { 61475, true }, + { 61492, true }, + { 61505, true }, + { 61521, true }, + { 61537, true }, + { 61551, true }, + { 61566, false }, + { 61574, true }, + { 61597, true }, + { 61623, true }, + { 61637, true }, + { 61652, true }, + { 61674, true }, + { 61684, true }, + { 61698, true }, + { 61722, true }, + { 61735, true }, + { 61760, true }, + { 61777, true }, + { 61803, true }, + { 61819, true }, + { 61844, true }, + { 61872, true }, + { 61899, true }, + { 61910, true }, + { 61924, true }, + { 61952, true }, + { 61965, true }, + { 61990, true }, + { 62005, true }, + { 62037, true }, + { 62053, true }, + { 62069, true }, + { 62093, true }, + { 62112, true }, + { 62128, true }, + { 62155, true }, + { 62178, true }, + { 62196, true }, + { 62220, true }, + { 62234, true }, + { 62248, true }, + { 62270, true }, + { 62277, true }, + { 62284, true }, + { 62302, true }, + { 62317, true }, + { 62332, true }, + { 62345, true }, + { 62358, true }, + { 62370, true }, + { 62383, true }, + { 62398, true }, + { 62418, true }, + { 62435, true }, + { 62457, true }, + { 62474, true }, + { 62489, false }, + { 62506, true }, + { 62521, true }, + { 62538, true }, + { 62565, true }, + { 62577, true }, + { 62592, true }, + { 62614, true }, + { 62628, true }, + { 62647, true }, + { 62665, true }, + { 62679, true }, + { 62687, true }, + { 62703, true }, + { 62718, true }, + { 62727, true }, + { 62739, true }, + { 62752, true }, + { 62764, true }, + { 62778, true }, + { 62793, true }, + { 62808, true }, + { 62823, true }, + { 62832, true }, + { 62848, true }, + { 62865, true }, + { 62889, true }, + { 62904, true }, + { 62920, true }, + { 62926, true }, + { 62932, true }, + { 62942, true }, + { 62955, true }, + { 62972, true }, + { 62984, true }, + { 62997, true }, + { 63007, true }, + { 63019, true }, + { 63039, true }, + { 63051, true }, + { 63063, true }, + { 63076, true }, + { 63089, true }, + { 63110, true }, + { 63123, true }, + { 63135, true }, + { 63151, true }, + { 63161, false }, + { 63168, true }, + { 63183, true }, + { 63197, true }, + { 63206, true }, + { 63221, true }, + { 63231, true }, + { 63243, true }, + { 63251, true }, + { 63260, true }, + { 63278, true }, + { 63291, true }, + { 63299, true }, + { 63309, true }, + { 63319, true }, + { 63329, true }, + { 63337, true }, + { 63345, true }, + { 63354, true }, + { 63363, true }, + { 63381, true }, + { 63399, true }, + { 63421, true }, + { 63442, true }, + { 63452, true }, + { 63469, true }, + { 63478, true }, + { 63496, true }, + { 63511, true }, + { 63526, true }, + { 63555, true }, + { 63567, true }, + { 63584, true }, + { 63599, true }, + { 63611, true }, + { 63629, true }, + { 63639, true }, + { 63653, true }, + { 63676, true }, + { 63709, true }, + { 63723, true }, + { 63739, true }, + { 63759, true }, + { 63771, true }, + { 63782, false }, + { 63798, true }, + { 63809, true }, + { 63822, true }, + { 63840, true }, + { 63860, true }, + { 63874, true }, + { 63896, true }, + { 63921, false }, + { 63934, true }, + { 63943, true }, + { 63956, true }, + { 63974, true }, + { 63989, true }, + { 64000, true }, + { 64010, true }, + { 64031, true }, + { 64041, true }, + { 64060, true }, + { 64072, true }, + { 64087, true }, + { 64116, true }, + { 64145, true }, + { 64166, true }, + { 64180, true }, + { 64196, true }, + { 64232, true }, + { 64249, true }, + { 64263, true }, + { 64271, true }, + { 64284, true }, + { 64296, true }, + { 64308, true }, + { 64324, true }, + { 64338, true }, + { 64360, true }, + { 64379, true }, + { 64395, true }, + { 64408, true }, + { 64434, true }, + { 64453, true }, + { 64471, true }, + { 64491, true }, + { 64506, true }, + { 64521, true }, + { 64539, true }, + { 64555, true }, + { 64566, true }, + { 64584, false }, + { 64594, true }, + { 64616, true }, + { 64630, true }, + { 64653, true }, + { 64669, true }, + { 64687, true }, + { 64703, true }, + { 64712, true }, + { 64728, true }, + { 64742, true }, + { 64755, true }, + { 64771, true }, + { 64782, true }, + { 64795, false }, + { 64803, true }, + { 64816, true }, + { 64831, true }, + { 64844, true }, + { 64862, true }, + { 64894, true }, + { 64910, false }, + { 64930, true }, + { 64944, true }, + { 64958, true }, + { 64973, true }, + { 64981, true }, + { 64997, true }, + { 65025, true }, + { 65040, true }, + { 65051, true }, + { 65064, true }, + { 65076, true }, + { 65089, true }, + { 65101, true }, + { 65114, true }, + { 65135, true }, + { 65148, true }, + { 65168, false }, + { 65190, true }, + { 65217, true }, + { 65237, true }, + { 65260, true }, + { 65283, true }, + { 65307, true }, + { 65334, true }, + { 65360, true }, + { 65374, true }, + { 65387, true }, + { 65403, true }, + { 65415, true }, + { 65443, true }, + { 65455, true }, + { 65467, true }, + { 65492, true }, + { 65506, true }, + { 65520, true }, + { 65532, true }, + { 65544, true }, + { 65567, true }, + { 65581, true }, + { 65599, true }, + { 65614, true }, + { 65635, true }, + { 65649, true }, + { 65662, true }, + { 65676, true }, + { 65695, true }, + { 65710, true }, + { 65739, true }, + { 65755, true }, + { 65773, true }, + { 65786, true }, + { 65802, true }, + { 65813, true }, + { 65825, true }, + { 65838, true }, + { 65851, true }, + { 65862, true }, + { 65875, true }, + { 65884, true }, + { 65898, true }, + { 65907, true }, + { 65924, true }, + { 65933, true }, + { 65950, true }, + { 65959, true }, + { 65967, true }, + { 65975, true }, + { 65984, true }, + { 65993, true }, + { 66004, true }, + { 66015, true }, + { 66024, true }, + { 66034, true }, + { 66045, true }, + { 66058, true }, + { 66082, true }, + { 66092, true }, + { 66101, true }, + { 66111, true }, + { 66121, true }, + { 66132, true }, + { 66142, true }, + { 66151, true }, + { 66160, true }, + { 66171, true }, + { 66185, true }, + { 66194, true }, + { 66208, true }, + { 66221, true }, + { 66236, true }, + { 66248, true }, + { 66261, true }, + { 66271, true }, + { 66281, false }, + { 66294, true }, + { 66304, true }, + { 66319, true }, + { 66333, true }, + { 66351, true }, + { 66366, true }, + { 66385, true }, + { 66401, true }, + { 66415, true }, + { 66431, true }, + { 66443, true }, + { 66454, true }, + { 66467, true }, + { 66481, true }, + { 66491, true }, + { 66509, true }, + { 66520, true }, + { 66529, true }, + { 66539, true }, + { 66551, true }, + { 66567, true }, + { 66581, true }, + { 66586, true }, + { 66598, true }, + { 66614, true }, + { 66623, true }, + { 66632, true }, + { 66640, true }, + { 66647, true }, + { 66653, true }, + { 66663, true }, + { 66672, true }, + { 66681, true }, + { 66691, true }, + { 66720, true }, + { 66735, false }, + { 66755, true }, + { 66762, true }, + { 66772, true }, + { 66787, true }, + { 66800, true }, + { 66813, true }, + { 66826, true }, + { 66844, true }, + { 66865, true }, + { 66885, true }, + { 66898, true }, + { 66914, true }, + { 66933, true }, + { 66945, true }, + { 66963, true }, + { 66975, true }, + { 66988, true }, + { 67000, true }, + { 67012, true }, + { 67023, true }, + { 67033, true }, + { 67044, true }, + { 67056, true }, + { 67067, true }, + { 67078, true }, + { 67092, true }, + { 67107, true }, + { 67125, true }, + { 67144, true }, + { 67158, true }, + { 67173, true }, + { 67188, true }, + { 67203, true }, + { 67223, false }, + { 67239, true }, + { 67259, true }, + { 67267, true }, + { 67278, false }, + { 67288, true }, + { 67300, true }, + { 67314, true }, + { 67330, true }, + { 67344, true }, + { 67360, true }, + { 67380, true }, + { 67392, true }, + { 67404, true }, + { 67415, true }, + { 67439, true }, + { 67458, true }, + { 67471, true }, + { 67479, true }, + { 67498, true }, + { 67512, true }, + { 67529, true }, + { 67556, false }, + { 67572, true }, + { 67586, true }, + { 67603, true }, + { 67614, true }, + { 67626, true }, + { 67641, true }, + { 67653, true }, + { 67669, true }, + { 67688, true }, + { 67707, true }, + { 67715, true }, + { 67727, true }, + { 67744, true }, + { 67755, true }, + { 67769, true }, + { 67781, true }, + { 67794, true }, + { 67807, true }, + { 67827, true }, + { 67837, true }, + { 67854, true }, + { 67873, false }, + { 67892, true }, + { 67910, true }, + { 67922, true }, + { 67946, true }, + { 67957, true }, + { 67969, true }, + { 67984, true }, + { 68001, true }, + { 68025, true }, + { 68036, true }, + { 68050, true }, + { 68068, true }, + { 68080, true }, + { 68096, true }, + { 68116, true }, + { 68127, true }, + { 68143, true }, + { 68159, true }, + { 68179, true }, + { 68196, true }, + { 68211, true }, + { 68235, true }, + { 68249, true }, + { 68264, true }, + { 68287, true }, + { 68315, true }, + { 68334, true }, + { 68352, true }, + { 68369, true }, + { 68387, true }, + { 68401, true }, + { 68412, true }, + { 68438, true }, + { 68457, true }, + { 68472, true }, + { 68488, true }, + { 68498, true }, + { 68517, true }, + { 68531, true }, + { 68552, true }, + { 68568, false }, + { 68593, true }, + { 68618, true }, + { 68636, true }, + { 68655, true }, + { 68681, false }, + { 68695, true }, + { 68713, true }, + { 68729, true }, + { 68743, true }, + { 68762, true }, + { 68771, true }, + { 68783, true }, + { 68812, true }, + { 68828, true }, + { 68841, true }, + { 68858, true }, + { 68871, true }, + { 68883, true }, + { 68903, true }, + { 68918, true }, + { 68931, true }, + { 68954, true }, + { 68972, true }, + { 68985, true }, + { 68997, true }, + { 69009, true }, + { 69024, true }, + { 69057, true }, + { 69070, true }, + { 69084, true }, + { 69094, true }, + { 69107, true }, + { 69115, true }, + { 69122, true }, + { 69147, true }, + { 69173, true }, + { 69184, true }, + { 69196, true }, + { 69210, true }, + { 69238, true }, + { 69251, true }, + { 69272, true }, + { 69284, true }, + { 69308, true }, + { 69326, true }, + { 69344, true }, + { 69359, true }, + { 69385, true }, + { 69401, true }, + { 69418, true }, + { 69444, true }, + { 69456, true }, + { 69478, true }, + { 69492, true }, + { 69512, true }, + { 69538, true }, + { 69548, true }, + { 69561, true }, + { 69582, true }, + { 69604, true }, + { 69624, true }, + { 69638, false }, + { 69652, true }, + { 69668, true }, + { 69692, true }, + { 69707, true }, + { 69718, true }, + { 69735, true }, + { 69748, true }, + { 69757, true }, + { 69766, true }, + { 69781, true }, + { 69803, true }, + { 69826, true }, + { 69850, true }, + { 69873, true }, + { 69897, true }, + { 69916, true }, + { 69929, true }, + { 69947, false }, + { 69962, true }, + { 69973, true }, + { 69985, true }, + { 69994, true }, + { 70011, true }, + { 70025, true }, + { 70039, true }, + { 70053, true }, + { 70067, true }, + { 70081, true }, + { 70094, true }, + { 70107, true }, + { 70122, true }, + { 70138, true }, + { 70148, true }, + { 70158, true }, + { 70168, true }, + { 70178, true }, + { 70191, true }, + { 70204, true }, + { 70227, true }, + { 70239, true }, + { 70250, true }, + { 70273, true }, + { 70287, true }, + { 70297, true }, + { 70306, true }, + { 70319, false }, + { 70332, true }, + { 70345, true }, + { 70362, true }, + { 70395, true }, + { 70414, true }, + { 70428, true }, + { 70442, true }, + { 70454, true }, + { 70470, true }, + { 70489, true }, + { 70503, true }, + { 70520, true }, + { 70533, true }, + { 70547, true }, + { 70558, true }, + { 70587, true }, + { 70604, true }, + { 70618, true }, + { 70638, true }, + { 70673, true }, + { 70695, true }, + { 70718, true }, + { 70731, true }, + { 70741, true }, + { 70759, true }, + { 70780, true }, + { 70796, true }, + { 70807, true }, + { 70818, true }, + { 70830, true }, + { 70842, true }, + { 70853, true }, + { 70873, true }, + { 70886, true }, + { 70898, true }, + { 70913, true }, + { 70931, true }, + { 70945, true }, + { 70965, true }, + { 70991, true }, + { 71022, true }, + { 71033, true }, + { 71062, true }, + { 71080, true }, + { 71097, true }, + { 71120, true }, + { 71148, true }, + { 71163, true }, + { 71172, true }, + { 71190, true }, + { 71205, true }, + { 71219, true }, + { 71240, true }, + { 71257, true }, + { 71273, true }, + { 71286, true }, + { 71310, true }, + { 71323, true }, + { 71344, true }, + { 71362, true }, + { 71389, true }, + { 71406, true }, + { 71426, true }, + { 71445, true }, + { 71462, true }, + { 71476, true }, + { 71507, true }, + { 71519, true }, + { 71531, true }, + { 71548, true }, + { 71563, true }, + { 71576, true }, + { 71588, true }, + { 71601, true }, + { 71624, true }, + { 71636, true }, + { 71648, true }, + { 71660, true }, + { 71673, true }, + { 71690, true }, + { 71702, true }, + { 71717, true }, + { 71736, true }, + { 71749, true }, + { 71760, true }, + { 71772, true }, + { 71782, true }, + { 71798, true }, + { 71814, true }, + { 71829, true }, + { 71841, true }, + { 71853, true }, + { 71873, true }, + { 71886, true }, + { 71904, true }, + { 71919, true }, + { 71948, true }, + { 71969, true }, + { 71987, true }, + { 72012, true }, + { 72029, true }, + { 72054, true }, + { 72074, true }, + { 72091, true }, + { 72104, true }, + { 72115, true }, + { 72123, true }, + { 72136, true }, + { 72154, true }, + { 72168, true }, + { 72180, true }, + { 72196, true }, + { 72213, true }, + { 72232, true }, + { 72245, true }, + { 72262, true }, + { 72274, true }, + { 72291, true }, + { 72302, true }, + { 72315, true }, + { 72339, true }, + { 72353, true }, + { 72368, true }, + { 72383, true }, + { 72403, true }, + { 72427, true }, + { 72444, true }, + { 72455, true }, + { 72466, true }, + { 72478, false }, + { 72488, true }, + { 72501, false }, + { 72512, true }, + { 72528, true }, + { 72543, true }, + { 72574, true }, + { 72611, true }, + { 72626, true }, + { 72643, true }, + { 72653, true }, + { 72660, true }, + { 72669, true }, + { 72703, true }, + { 72719, true }, + { 72739, true }, + { 72757, true }, + { 72775, true }, + { 72789, true }, + { 72800, true }, + { 72810, true }, + { 72821, true }, + { 72836, true }, + { 72847, true }, + { 72856, true }, + { 72868, true }, + { 72894, true }, + { 72911, true }, + { 72918, true }, + { 72935, true }, + { 72944, true }, + { 72960, true }, + { 72968, true }, + { 72976, false }, + { 72984, true }, + { 72995, true }, + { 73009, true }, + { 73016, true }, + { 73025, true }, + { 73044, true }, + { 73051, true }, + { 73058, true }, + { 73065, true }, + { 73078, false }, + { 73098, true }, + { 73111, true }, + { 73124, true }, + { 73141, true }, + { 73149, true }, + { 73163, true }, + { 73171, true }, + { 73181, true }, + { 73196, true }, + { 73210, true }, + { 73224, true }, + { 73237, true }, + { 73248, true }, + { 73256, true }, + { 73266, true }, + { 73277, true }, + { 73296, true }, + { 73309, true }, + { 73318, true }, + { 73339, true }, + { 73358, true }, + { 73372, true }, + { 73388, true }, + { 73405, true }, + { 73423, true }, + { 73434, true }, + { 73447, true }, + { 73462, false }, + { 73472, true }, + { 73483, true }, + { 73502, false }, + { 73515, true }, + { 73528, true }, + { 73539, true }, + { 73557, true }, + { 73573, true }, + { 73584, true }, + { 73602, true }, + { 73610, true }, + { 73624, true }, + { 73640, true }, + { 73656, true }, + { 73666, true }, + { 73677, true }, + { 73697, true }, + { 73717, false }, + { 73734, true }, + { 73750, false }, + { 73765, true }, + { 73775, true }, + { 73787, true }, + { 73799, true }, + { 73827, true }, + { 73841, true }, + { 73860, true }, + { 73877, true }, + { 73896, true }, + { 73914, true }, + { 73928, true }, + { 73943, true }, + { 73958, true }, + { 73979, true }, + { 73996, true }, + { 74014, true }, + { 74031, true }, + { 74051, true }, + { 74076, true }, + { 74088, true }, + { 74101, true }, + { 74114, true }, + { 74127, true }, + { 74137, true }, + { 74151, true }, + { 74166, true }, + { 74179, true }, + { 74193, true }, + { 74206, true }, + { 74224, true }, + { 74243, true }, + { 74261, true }, + { 74272, true }, + { 74286, true }, + { 74303, true }, + { 74318, true }, + { 74332, true }, + { 74346, true }, + { 74359, true }, + { 74382, true }, + { 74403, true }, + { 74413, true }, + { 74432, true }, + { 74448, true }, + { 74465, true }, + { 74481, true }, + { 74497, true }, + { 74522, true }, + { 74537, true }, + { 74547, true }, + { 74562, true }, + { 74576, true }, + { 74588, true }, + { 74611, true }, + { 74622, true }, + { 74638, true }, + { 74650, false }, + { 74658, true }, + { 74670, true }, + { 74691, true }, + { 74701, true }, + { 74709, true }, + { 74720, true }, + { 74728, true }, + { 74739, true }, + { 74748, true }, + { 74756, true }, + { 74764, true }, + { 74779, true }, + { 74793, true }, + { 74807, false }, + { 74827, true }, + { 74835, true }, + { 74843, true }, + { 74860, true }, + { 74874, true }, + { 74894, true }, + { 74906, true }, + { 74920, true }, + { 74929, false }, + { 74949, true }, + { 74963, true }, + { 74981, true }, + { 75001, true }, + { 75009, true }, + { 75036, true }, + { 75049, true }, + { 75067, true }, + { 75086, true }, + { 75102, true }, + { 75115, true }, + { 75136, true }, + { 75154, true }, + { 75171, true }, + { 75183, true }, + { 75194, false }, + { 75212, true }, + { 75230, true }, + { 75250, true }, + { 75262, true }, + { 75283, true }, + { 75295, true }, + { 75307, true }, + { 75323, true }, + { 75337, true }, + { 75353, true }, + { 75372, true }, + { 75385, true }, + { 75404, true }, + { 75419, false }, + { 75432, true }, + { 75446, true }, + { 75465, true }, + { 75481, true }, + { 75501, false }, + { 75515, true }, + { 75531, true }, + { 75548, true }, + { 75566, true }, + { 75585, true }, + { 75597, true }, + { 75615, true }, + { 75636, true }, + { 75646, true }, + { 75659, true }, + { 75669, true }, + { 75688, true }, + { 75705, true }, + { 75718, true }, + { 75732, true }, + { 75745, true }, + { 75758, true }, + { 75774, true }, + { 75789, true }, + { 75814, true }, + { 75835, true }, + { 75847, true }, + { 75861, true }, + { 75880, true }, + { 75890, true }, + { 75907, true }, + { 75916, true }, + { 75935, true }, + { 75952, true }, + { 75967, true }, + { 75987, true }, + { 76015, true }, + { 76033, true }, + { 76047, true }, + { 76067, true }, + { 76085, true }, + { 76101, true }, + { 76121, true }, + { 76156, true }, + { 76170, true }, + { 76187, true }, + { 76205, true }, + { 76215, true }, + { 76245, true }, + { 76260, true }, + { 76273, true }, + { 76284, true }, + { 76296, true }, + { 76310, true }, + { 76326, true }, + { 76341, true }, + { 76359, true }, + { 76375, true }, + { 76404, true }, + { 76412, true }, + { 76423, true }, + { 76437, true }, + { 76453, true }, + { 76470, true }, + { 76485, true }, + { 76502, true }, + { 76517, true }, + { 76537, true }, + { 76557, true }, + { 76583, true }, + { 76598, true }, + { 76610, true }, + { 76624, false }, + { 76634, true }, + { 76648, true }, + { 76665, true }, + { 76690, true }, + { 76707, true }, + { 76724, true }, + { 76742, true }, + { 76761, true }, + { 76770, true }, + { 76779, true }, + { 76798, true }, + { 76809, true }, + { 76825, true }, + { 76840, true }, + { 76857, true }, + { 76871, true }, + { 76884, true }, + { 76894, true }, + { 76906, false }, + { 76917, true }, + { 76928, true }, + { 76936, true }, + { 76944, true }, + { 76955, true }, + { 76969, true }, + { 76979, true }, + { 77002, true }, + { 77017, true }, + { 77038, true }, + { 77059, true }, + { 77083, true }, + { 77105, true }, + { 77126, true }, + { 77147, true }, + { 77168, true }, + { 77189, true }, + { 77210, true }, + { 77231, false }, + { 77247, true }, + { 77260, true }, + { 77279, true }, + { 77295, true }, + { 77310, true }, + { 77331, true }, + { 77344, false }, + { 77365, true }, + { 77379, true }, + { 77398, true }, + { 77424, true }, + { 77444, true }, + { 77466, true }, + { 77480, true }, + { 77492, true }, + { 77510, true }, + { 77528, true }, + { 77551, true }, + { 77564, true }, + { 77584, true }, + { 77613, true }, + { 77639, true }, + { 77670, true }, + { 77692, true }, + { 77715, true }, + { 77731, true }, + { 77745, true }, + { 77763, true }, + { 77776, true }, + { 77788, true }, + { 77804, true }, + { 77827, true }, + { 77857, true }, + { 77868, true }, + { 77893, true }, + { 77911, true }, + { 77922, true }, + { 77939, true }, + { 77950, true }, + { 77963, true }, + { 77977, true }, + { 77990, true }, + { 78007, true }, + { 78024, true }, + { 78052, true }, + { 78067, true }, + { 78086, true }, + { 78114, true }, + { 78128, true }, + { 78145, true }, + { 78157, true }, + { 78169, true }, + { 78193, true }, + { 78203, true }, + { 78214, true }, + { 78229, true }, + { 78242, true }, + { 78251, false }, + { 78273, true }, + { 78284, true }, + { 78292, false }, + { 78308, true }, + { 78323, true }, + { 78339, true }, + { 78356, true }, + { 78370, true }, + { 78387, true }, + { 78402, true }, + { 78419, true }, + { 78437, true }, + { 78449, true }, + { 78469, true }, + { 78494, true }, + { 78505, true }, + { 78529, true }, + { 78553, true }, + { 78577, true }, + { 78615, true }, + { 78639, true }, + { 78669, true }, + { 78685, true }, + { 78700, true }, + { 78710, true }, + { 78719, true }, + { 78735, true }, + { 78750, true }, + { 78763, true }, + { 78782, true }, + { 78803, true }, + { 78828, true }, + { 78843, true }, + { 78852, true }, + { 78863, true }, + { 78876, false }, + { 78886, true }, + { 78905, true }, + { 78919, true }, + { 78938, true }, + { 78966, true }, + { 78993, true }, + { 79008, true }, + { 79023, true }, + { 79032, true }, + { 79054, false }, + { 79076, true }, + { 79088, true }, + { 79107, true }, + { 79123, true }, + { 79143, true }, + { 79158, true }, + { 79169, true }, + { 79185, true }, + { 79203, true }, + { 79221, false }, + { 79237, true }, + { 79256, true }, + { 79281, true }, + { 79305, true }, + { 79328, false }, + { 79342, true }, + { 79355, true }, + { 79367, true }, + { 79375, true }, + { 79393, true }, + { 79412, true }, + { 79420, true }, + { 79432, true }, + { 79441, true }, + { 79456, true }, + { 79474, true }, + { 79489, true }, + { 79502, true }, + { 79514, true }, + { 79526, true }, + { 79547, true }, + { 79565, true }, + { 79585, true }, + { 79607, true }, + { 79618, true }, + { 79636, true }, + { 79646, true }, + { 79657, true }, + { 79674, true }, + { 79689, true }, + { 79707, true }, + { 79724, true }, + { 79739, true }, + { 79756, true }, + { 79770, true }, + { 79784, true }, + { 79800, true }, + { 79819, true }, + { 79836, true }, + { 79853, true }, + { 79870, true }, + { 79887, false }, + { 79902, true }, + { 79929, true }, + { 79949, true }, + { 79981, true }, + { 80001, true }, + { 80023, true }, + { 80043, true }, + { 80062, true }, + { 80083, false }, + { 80102, true }, + { 80121, true }, + { 80138, true }, + { 80158, true }, + { 80179, true }, + { 80205, true }, + { 80225, true }, + { 80243, true }, + { 80261, true }, + { 80284, true }, + { 80303, true }, + { 80322, true }, + { 80344, true }, + { 80361, true }, + { 80386, true }, + { 80409, true }, + { 80432, true }, + { 80454, true }, + { 80475, true }, + { 80495, true }, + { 80512, true }, + { 80539, true }, + { 80562, true }, + { 80585, true }, + { 80603, true }, + { 80619, true }, + { 80636, true }, + { 80652, true }, + { 80666, true }, + { 80679, true }, + { 80716, false }, + { 80727, true }, + { 80745, true }, + { 80765, true }, + { 80788, true }, + { 80813, false }, + { 80844, true }, + { 80859, true }, + { 80882, true }, + { 80896, true }, + { 80910, true }, + { 80928, true }, + { 80942, true }, + { 80953, true }, + { 80963, true }, + { 80972, true }, + { 80983, true }, + { 80995, true }, + { 81011, true }, + { 81021, true }, + { 81030, true }, + { 81042, true }, + { 81056, true }, + { 81075, true }, + { 81093, true }, + { 81110, true }, + { 81129, true }, + { 81150, true }, + { 81160, true }, + { 81174, true }, + { 81184, true }, + { 81191, true }, + { 81204, true }, + { 81221, true }, + { 81239, true }, + { 81250, false }, + { 81258, true }, + { 81279, true }, + { 81290, true }, + { 81304, true }, + { 81330, true }, + { 81343, true }, + { 81354, true }, + { 81373, true }, + { 81385, true }, + { 81402, false }, + { 81420, true }, + { 81433, true }, + { 81445, true }, + { 81458, true }, + { 81469, true }, + { 81482, true }, + { 81496, true }, + { 81504, true }, + { 81517, true }, + { 81533, false }, + { 81544, true }, + { 81558, true }, + { 81576, true }, + { 81585, true }, + { 81601, true }, + { 81614, true }, + { 81632, true }, + { 81649, true }, + { 81667, true }, + { 81679, true }, + { 81690, true }, + { 81699, true }, + { 81707, true }, + { 81721, true }, + { 81728, true }, + { 81746, true }, + { 81759, true }, + { 81773, true }, + { 81785, true }, + { 81802, true }, + { 81814, true }, + { 81824, true }, + { 81831, true }, + { 81842, true }, + { 81854, true }, + { 81870, true }, + { 81879, true }, + { 81889, true }, + { 81901, true }, + { 81912, true }, + { 81926, true }, + { 81937, true }, + { 81962, true }, + { 81979, true }, + { 82004, true }, + { 82027, true }, + { 82041, true }, + { 82053, true }, + { 82062, true }, + { 82070, true }, + { 82088, true }, + { 82099, true }, + { 82114, true }, + { 82133, true }, + { 82152, true }, + { 82171, true }, + { 82187, true }, + { 82200, true }, + { 82214, true }, + { 82226, false }, + { 82242, true }, + { 82256, true }, + { 82266, true }, + { 82285, true }, + { 82299, true }, + { 82313, true }, + { 82330, true }, + { 82350, true }, + { 82367, true }, + { 82387, true }, + { 82400, true }, + { 82415, true }, + { 82429, true }, + { 82442, true }, + { 82456, true }, + { 82474, true }, + { 82489, true }, + { 82509, true }, + { 82532, true }, + { 82545, true }, + { 82553, true }, + { 82559, true }, + { 82573, true }, + { 82587, true }, + { 82600, true }, + { 82609, true }, + { 82623, true }, + { 82637, true }, + { 82650, true }, + { 82663, false }, + { 82683, true }, + { 82700, true }, + { 82716, true }, + { 82730, true }, + { 82745, true }, + { 82760, true }, + { 82781, true }, + { 82804, true }, + { 82820, true }, + { 82833, true }, + { 82846, true }, + { 82866, true }, + { 82885, true }, + { 82901, true }, + { 82928, true }, + { 82948, true }, + { 82969, true }, + { 82982, true }, + { 82996, true }, + { 83016, true }, + { 83028, true }, + { 83042, true }, + { 83063, true }, + { 83074, true }, + { 83091, true }, + { 83104, true }, + { 83121, true }, + { 83130, true }, + { 83156, true }, + { 83174, true }, + { 83196, true }, + { 83206, true }, + { 83231, true }, + { 83249, true }, + { 83264, true }, + { 83278, true }, + { 83287, true }, + { 83306, true }, + { 83325, true }, + { 83337, true }, + { 83353, true }, + { 83375, true }, + { 83393, true }, + { 83412, true }, + { 83425, true }, + { 83433, true }, + { 83451, true }, + { 83467, true }, + { 83488, true }, + { 83508, true }, + { 83521, true }, + { 83535, true }, + { 83550, true }, + { 83569, true }, + { 83594, true }, + { 83609, true }, + { 83623, true }, + { 83642, true }, + { 83661, true }, + { 83678, true }, + { 83693, true }, + { 83706, true }, + { 83730, true }, + { 83743, true }, + { 83758, true }, + { 83774, true }, + { 83786, true }, + { 83803, true }, + { 83818, true }, + { 83841, true }, + { 83857, true }, + { 83879, true }, + { 83892, true }, + { 83902, true }, + { 83917, true }, + { 83940, true }, + { 83959, true }, + { 83971, true }, + { 83989, true }, + { 84008, true }, + { 84034, false }, + { 84042, true }, + { 84055, true }, + { 84064, true }, + { 84077, true }, + { 84087, true }, + { 84099, true }, + { 84115, true }, + { 84132, true }, + { 84153, true }, + { 84170, true }, + { 84195, true }, + { 84221, true }, + { 84232, false }, + { 84242, true }, + { 84253, false }, + { 84265, true }, + { 84289, true }, + { 84311, true }, + { 84327, true }, + { 84346, true }, + { 84358, true }, + { 84375, true }, + { 84389, true }, + { 84400, true }, + { 84417, true }, + { 84427, false }, + { 84439, true }, + { 84466, true }, + { 84484, true }, + { 84500, true }, + { 84520, true }, + { 84534, true }, + { 84550, true }, + { 84567, true }, + { 84589, true }, + { 84604, true }, + { 84626, true }, + { 84638, true }, + { 84651, true }, + { 84664, true }, + { 84679, true }, + { 84700, true }, + { 84713, true }, + { 84735, true }, + { 84752, true }, + { 84774, true }, + { 84790, true }, + { 84804, true }, + { 84819, true }, + { 84845, true }, + { 84861, true }, + { 84876, true }, + { 84901, true }, + { 84917, true }, + { 84932, true }, + { 84945, true }, + { 84960, true }, + { 84974, true }, + { 84986, true }, + { 85001, true }, + { 85010, true }, + { 85022, true }, + { 85039, true }, + { 85049, true }, + { 85058, true }, + { 85071, true }, + { 85085, true }, + { 85096, true }, + { 85107, true }, + { 85122, true }, + { 85133, true }, + { 85153, true }, + { 85173, true }, + { 85189, true }, + { 85204, true }, + { 85218, true }, + { 85233, true }, + { 85245, true }, + { 85258, true }, + { 85273, true }, + { 85284, true }, + { 85298, true }, + { 85312, true }, + { 85326, true }, + { 85342, true }, + { 85361, true }, + { 85376, true }, + { 85392, true }, + { 85402, true }, + { 85415, true }, + { 85424, true }, + { 85436, true }, + { 85448, true }, + { 85460, true }, + { 85478, true }, + { 85489, true }, + { 85505, true }, + { 85516, true }, + { 85528, true }, + { 85542, true }, + { 85557, true }, + { 85570, true }, + { 85584, true }, + { 85601, true }, + { 85609, true }, + { 85629, true }, + { 85647, true }, + { 85659, true }, + { 85671, true }, + { 85684, true }, + { 85695, false }, + { 85715, true }, + { 85727, true }, + { 85736, true }, + { 85744, true }, + { 85760, true }, + { 85776, true }, + { 85790, true }, + { 85801, true }, + { 85811, true }, + { 85826, true }, + { 85834, true }, + { 85847, false }, + { 85867, true }, + { 85876, true }, + { 85890, true }, + { 85910, true }, + { 85934, true }, + { 85958, true }, + { 85979, true }, + { 85987, true }, + { 86004, true }, + { 86025, true }, + { 86035, true }, + { 86048, true }, + { 86067, true }, + { 86089, true }, + { 86103, true }, + { 86114, true }, + { 86137, true }, + { 86159, true }, + { 86181, true }, + { 86194, true }, + { 86202, false }, + { 86212, true }, + { 86242, true }, + { 86269, true }, + { 86282, true }, + { 86295, false }, + { 86309, true }, + { 86325, true }, + { 86338, true }, + { 86355, true }, + { 86374, true }, + { 86394, true }, + { 86403, true }, + { 86414, true }, + { 86425, true }, + { 86438, true }, + { 86455, true }, + { 86469, false }, + { 86487, true }, + { 86495, true }, + { 86511, true }, + { 86521, true }, + { 86532, false }, + { 86547, true }, + { 86560, true }, + { 86576, true }, + { 86589, true }, + { 86603, true }, + { 86618, false }, + { 86633, true }, + { 86647, true }, + { 86659, true }, + { 86669, true }, + { 86681, true }, + { 86694, true }, + { 86709, true }, + { 86722, true }, + { 86735, true }, + { 86748, true }, + { 86760, false }, + { 86783, false }, + { 86807, true }, + { 86824, true }, + { 86836, true }, + { 86850, true }, + { 86863, true }, + { 86877, true }, + { 86893, true }, + { 86908, true }, + { 86925, true }, + { 86936, true }, + { 86948, true }, + { 86959, true }, + { 86974, true }, + { 86992, true }, + { 87004, true }, + { 87018, true }, + { 87029, true }, + { 87039, true }, + { 87050, true }, + { 87069, true }, + { 87088, true }, + { 87105, true }, + { 87115, true }, + { 87137, true }, + { 87151, true }, + { 87170, true }, + { 87185, true }, + { 87201, true }, + { 87211, true }, + { 87221, true }, + { 87233, true }, + { 87247, true }, + { 87280, true }, + { 87295, true }, + { 87320, true }, + { 87339, true }, + { 87353, true }, + { 87367, true }, + { 87380, true }, + { 87395, true }, + { 87412, true }, + { 87428, true }, + { 87442, true }, + { 87459, true }, + { 87472, true }, + { 87485, true }, + { 87498, true }, + { 87518, false }, + { 87530, true }, + { 87542, true }, + { 87559, true }, + { 87570, true }, + { 87588, true }, + { 87607, true }, + { 87615, true }, + { 87622, true }, + { 87638, true }, + { 87651, true }, + { 87664, true }, + { 87676, false }, + { 87688, true }, + { 87699, true }, + { 87721, true }, + { 87741, true }, + { 87753, true }, + { 87765, true }, + { 87778, true }, + { 87795, true }, + { 87813, true }, + { 87827, false }, + { 87842, true }, + { 87857, true }, + { 87878, true }, + { 87891, true }, + { 87907, true }, + { 87923, true }, + { 87937, true }, + { 87950, true }, + { 87966, true }, + { 87983, true }, + { 87996, true }, + { 88020, true }, + { 88042, true }, + { 88062, true }, + { 88081, true }, + { 88095, true }, + { 88107, true }, + { 88118, true }, + { 88134, true }, + { 88150, true }, + { 88171, true }, + { 88193, true }, + { 88214, true }, + { 88234, true }, + { 88261, true }, + { 88280, true }, + { 88294, true }, + { 88311, true }, + { 88323, true }, + { 88343, true }, + { 88356, true }, + { 88382, true }, + { 88396, true }, + { 88420, true }, + { 88441, true }, + { 88467, true }, + { 88488, true }, + { 88505, true }, + { 88526, true }, + { 88544, true }, + { 88566, true }, + { 88589, true }, + { 88609, true }, + { 88627, true }, + { 88644, true }, + { 88654, true }, + { 88661, true }, + { 88683, true }, + { 88694, true }, + { 88710, true }, + { 88720, true }, + { 88735, true }, + { 88748, true }, + { 88769, true }, + { 88789, true }, + { 88803, true }, + { 88819, true }, + { 88831, true }, + { 88846, true }, + { 88866, true }, + { 88876, true }, + { 88892, true }, + { 88909, true }, + { 88921, true }, + { 88933, true }, + { 88949, true }, + { 88966, true }, + { 88979, true }, + { 88988, true }, + { 89010, true }, + { 89018, true }, + { 89033, true }, + { 89050, true }, + { 89071, true }, + { 89093, true }, + { 89103, true }, + { 89121, true }, + { 89135, true }, + { 89155, true }, + { 89178, true }, + { 89210, true }, + { 89237, true }, + { 89256, true }, + { 89270, true }, + { 89304, true }, + { 89314, true }, + { 89338, true }, + { 89351, true }, + { 89383, true }, + { 89409, true }, + { 89445, true }, + { 89474, true }, + { 89489, true }, + { 89508, true }, + { 89528, true }, + { 89547, false }, + { 89569, true }, + { 89593, true }, + { 89609, true }, + { 89633, true }, + { 89649, true }, + { 89673, true }, + { 89690, true }, + { 89702, true }, + { 89714, true }, + { 89729, true }, + { 89756, true }, + { 89784, true }, + { 89810, true }, + { 89827, true }, + { 89852, true }, + { 89866, true }, + { 89886, true }, + { 89911, true }, + { 89933, true }, + { 89958, true }, + { 89987, true }, + { 90009, false }, + { 90024, true }, + { 90047, true }, + { 90070, true }, + { 90094, true }, + { 90109, true }, + { 90125, true }, + { 90140, true }, + { 90154, true }, + { 90172, true }, + { 90194, true }, + { 90216, true }, + { 90241, true }, + { 90257, false }, + { 90282, true }, + { 90306, true }, + { 90333, true }, + { 90357, false }, + { 90378, true }, + { 90392, true }, + { 90415, true }, + { 90423, true }, + { 90437, false }, + { 90451, true }, + { 90466, true }, + { 90484, true }, + { 90502, true }, + { 90521, true }, + { 90541, true }, + { 90557, true }, + { 90576, true }, + { 90599, true }, + { 90616, true }, + { 90640, true }, + { 90656, false }, + { 90673, true }, + { 90696, true }, + { 90714, true }, + { 90732, true }, + { 90750, true }, + { 90777, true }, + { 90801, true }, + { 90822, false }, + { 90844, true }, + { 90857, true }, + { 90874, true }, + { 90888, true }, + { 90910, true }, + { 90920, true }, + { 90934, true }, + { 90953, true }, + { 90964, true }, + { 90978, true }, + { 90989, true }, + { 91000, true }, + { 91011, true }, + { 91024, true }, + { 91039, true }, + { 91058, true }, + { 91073, true }, + { 91088, true }, + { 91109, true }, + { 91126, true }, + { 91142, true }, + { 91156, true }, + { 91169, true }, + { 91180, true }, + { 91195, true }, + { 91208, true }, + { 91219, true }, + { 91238, true }, + { 91256, true }, + { 91274, true }, + { 91294, true }, + { 91318, true }, + { 91337, true }, + { 91366, true }, + { 91386, true }, + { 91405, true }, + { 91423, true }, + { 91435, true }, + { 91449, true }, + { 91462, true }, + { 91485, true }, + { 91498, true }, + { 91515, true }, + { 91533, true }, + { 91554, true }, + { 91571, true }, + { 91581, true }, + { 91597, true }, + { 91615, true }, + { 91628, true }, + { 91655, true }, + { 91673, true }, + { 91694, true }, + { 91709, true }, + { 91724, false }, + { 91758, true }, + { 91776, true }, + { 91792, true }, + { 91817, true }, + { 91837, true }, + { 91853, true }, + { 91868, true }, + { 91891, true }, + { 91908, true }, + { 91929, false }, + { 91952, true }, + { 91976, true }, + { 91998, true }, + { 92015, true }, + { 92028, true }, + { 92050, true }, + { 92068, true }, + { 92081, true }, + { 92102, true }, + { 92117, true }, + { 92132, true }, + { 92149, true }, + { 92160, true }, + { 92173, true }, + { 92187, false }, + { 92226, true }, + { 92236, true }, + { 92256, true }, + { 92269, true }, + { 92281, true }, + { 92299, true }, + { 92315, true }, + { 92329, true }, + { 92346, true }, + { 92364, true }, + { 92383, false }, + { 92398, true }, + { 92418, false }, + { 92434, true }, + { 92443, true }, + { 92462, true }, + { 92481, true }, + { 92492, true }, + { 92504, true }, + { 92526, true }, + { 92538, true }, + { 92552, true }, + { 92568, true }, + { 92580, true }, + { 92608, true }, + { 92631, true }, + { 92645, true }, + { 92657, true }, + { 92666, true }, + { 92683, true }, + { 92697, true }, + { 92714, true }, + { 92735, true }, + { 92745, true }, + { 92761, true }, + { 92776, true }, + { 92796, true }, + { 92810, true }, + { 92826, true }, + { 92842, true }, + { 92852, true }, + { 92868, true }, + { 92885, true }, + { 92902, false }, + { 92914, true }, + { 92926, true }, + { 92938, true }, + { 92952, true }, + { 92964, true }, + { 92987, true }, + { 93012, true }, + { 93032, true }, + { 93049, true }, + { 93061, true }, + { 93071, true }, + { 93088, true }, + { 93100, true }, + { 93111, true }, + { 93121, true }, + { 93141, true }, + { 93153, true }, + { 93165, true }, + { 93181, true }, + { 93200, true }, + { 93213, true }, + { 93227, true }, + { 93239, true }, + { 93258, true }, + { 93270, true }, + { 93280, true }, + { 93294, true }, + { 93326, true }, + { 93351, true }, + { 93368, true }, + { 93388, true }, + { 93405, true }, + { 93425, true }, + { 93446, true }, + { 93459, true }, + { 93470, true }, + { 93494, true }, + { 93515, true }, + { 93538, true }, + { 93552, true }, + { 93565, true }, + { 93582, true }, + { 93594, true }, + { 93606, true }, + { 93620, true }, + { 93642, true }, + { 93662, true }, + { 93687, true }, + { 93708, true }, + { 93722, true }, + { 93744, true }, + { 93760, true }, + { 93784, true }, + { 93796, true }, + { 93805, true }, + { 93815, true }, + { 93836, true }, + { 93857, true }, + { 93880, true }, + { 93896, false }, + { 93915, true }, + { 93935, true }, + { 93948, true }, + { 93959, true }, + { 93973, true }, + { 93982, true }, + { 93994, true }, + { 94008, true }, + { 94028, true }, + { 94044, true }, + { 94060, true }, + { 94078, true }, + { 94094, true }, + { 94109, true }, + { 94127, true }, + { 94148, true }, + { 94171, true }, + { 94189, true }, + { 94207, true }, + { 94234, true }, + { 94251, true }, + { 94269, true }, + { 94287, true }, + { 94298, true }, + { 94315, true }, + { 94344, true }, + { 94357, true }, + { 94370, true }, + { 94381, true }, + { 94401, true }, + { 94419, true }, + { 94437, true }, + { 94453, true }, + { 94461, true }, + { 94484, true }, + { 94503, true }, + { 94520, true }, + { 94530, false }, + { 94545, true }, + { 94555, true }, + { 94567, true }, + { 94579, true }, + { 94592, true }, + { 94601, true }, + { 94624, true }, + { 94639, true }, + { 94647, true }, + { 94660, true }, + { 94679, true }, + { 94690, true }, + { 94715, true }, + { 94727, true }, + { 94738, true }, + { 94751, true }, + { 94761, true }, + { 94776, true }, + { 94790, true }, + { 94804, true }, + { 94815, true }, + { 94827, true }, + { 94834, true }, + { 94846, true }, + { 94853, false }, + { 94873, true }, + { 94885, true }, + { 94899, true }, + { 94910, true }, + { 94926, true }, + { 94943, true }, + { 94962, true }, + { 94979, false }, + { 94992, true }, + { 95010, true }, + { 95027, true }, + { 95053, true }, + { 95066, true }, + { 95080, true }, + { 95094, true }, + { 95112, true }, + { 95124, true }, + { 95141, true }, + { 95160, true }, + { 95175, true }, + { 95189, true }, + { 95200, true }, + { 95212, true }, + { 95226, true }, + { 95245, true }, + { 95258, true }, + { 95271, true }, + { 95283, true }, + { 95305, true }, + { 95318, true }, + { 95345, true }, + { 95361, true }, + { 95377, true }, + { 95396, true }, + { 95415, true }, + { 95435, true }, + { 95451, true }, + { 95467, true }, + { 95481, true }, + { 95491, true }, + { 95506, true }, + { 95519, true }, + { 95533, true }, + { 95541, true }, + { 95549, true }, + { 95564, true }, + { 95583, true }, + { 95596, true }, + { 95615, true }, + { 95636, true }, + { 95663, true }, + { 95683, false }, + { 95701, true }, + { 95718, true }, + { 95736, true }, + { 95755, true }, + { 95774, true }, + { 95794, true }, + { 95816, true }, + { 95835, true }, + { 95850, true }, + { 95868, true }, + { 95883, true }, + { 95902, true }, + { 95921, true }, + { 95940, true }, + { 95956, true }, + { 95973, true }, + { 95989, true }, + { 96009, true }, + { 96021, true }, + { 96037, true }, + { 96051, true }, + { 96061, true }, + { 96073, true }, + { 96089, true }, + { 96110, false }, + { 96129, true }, + { 96150, true }, + { 96159, true }, + { 96174, true }, + { 96191, true }, + { 96208, true }, + { 96227, true }, + { 96241, true }, + { 96249, true }, + { 96258, true }, + { 96267, true }, + { 96282, true }, + { 96297, true }, + { 96314, true }, + { 96328, true }, + { 96340, true }, + { 96355, true }, + { 96363, true }, + { 96372, true }, + { 96392, true }, + { 96403, true }, + { 96414, true }, + { 96435, true }, + { 96456, true }, + { 96467, true }, + { 96479, true }, + { 96496, true }, + { 96507, true }, + { 96516, true }, + { 96530, true }, + { 96542, true }, + { 96555, false }, + { 96570, true }, + { 96592, true }, + { 96602, true }, + { 96616, false }, + { 96630, true }, + { 96655, true }, + { 96665, true }, + { 96680, true }, + { 96695, true }, + { 96709, true }, + { 96721, true }, + { 96740, true }, + { 96754, true }, + { 96769, true }, + { 96781, true }, + { 96804, true }, + { 96816, true }, + { 96839, true }, + { 96859, true }, + { 96872, true }, + { 96889, true }, + { 96908, true }, + { 96916, true }, + { 96929, true }, + { 96946, true }, + { 96962, true }, + { 96990, true }, + { 97009, true }, + { 97032, true }, + { 97057, true }, + { 97084, true }, + { 97094, true }, + { 97104, true }, + { 97111, true }, + { 97134, true }, + { 97151, true }, + { 97165, true }, + { 97179, true }, + { 97200, true }, + { 97209, true }, + { 97227, true }, + { 97235, false }, + { 97242, true }, + { 97253, true }, + { 97270, true }, + { 97278, true }, + { 97292, true }, + { 97307, true }, + { 97321, true }, + { 97334, true }, + { 97352, false }, + { 97363, true }, + { 97379, false }, + { 97389, false }, + { 97405, true }, + { 97418, true }, + { 97432, true }, + { 97446, true }, + { 97462, true }, + { 97478, true }, + { 97500, true }, + { 97518, true }, + { 97532, true }, + { 97549, true }, + { 97567, true }, + { 97581, true }, + { 97595, true }, + { 97610, true }, + { 97625, true }, + { 97645, false }, + { 97661, true }, + { 97677, true }, + { 97690, true }, + { 97704, true }, + { 97717, true }, + { 97747, true }, + { 97759, true }, + { 97788, true }, + { 97798, true }, + { 97808, true }, + { 97824, true }, + { 97832, true }, + { 97842, true }, + { 97853, true }, + { 97861, true }, + { 97876, true }, + { 97885, true }, + { 97895, true }, + { 97903, false }, + { 97918, true }, + { 97935, true }, + { 97951, true }, + { 97966, true }, + { 97979, true }, + { 97990, true }, + { 98011, true }, + { 98034, true }, + { 98050, true }, + { 98063, true }, + { 98070, true }, + { 98087, true }, + { 98096, true }, + { 98104, true }, + { 98113, true }, + { 98127, true }, + { 98135, true }, + { 98154, false }, + { 98174, true }, + { 98187, true }, + { 98197, true }, + { 98209, true }, + { 98222, true }, + { 98230, true }, + { 98248, true }, + { 98257, true }, + { 98266, true }, + { 98275, true }, + { 98283, true }, + { 98309, true }, + { 98324, true }, + { 98332, true }, + { 98346, true }, + { 98365, true }, + { 98384, true }, + { 98398, true }, + { 98410, true }, + { 98419, true }, + { 98430, true }, + { 98441, true }, + { 98452, true }, + { 98464, false }, + { 98473, false }, + { 98493, false }, + { 98516, true }, + { 98526, true }, + { 98542, true }, + { 98560, true }, + { 98577, true }, + { 98597, true }, + { 98621, true }, + { 98634, true }, + { 98648, true }, + { 98664, true }, + { 98674, true }, + { 98686, true }, + { 98700, true }, + { 98718, true }, + { 98737, true }, + { 98754, true }, + { 98770, true }, + { 98784, true }, + { 98803, true }, + { 98816, true }, + { 98828, true }, + { 98843, true }, + { 98850, true }, + { 98861, true }, + { 98872, true }, + { 98880, true }, + { 98890, true }, + { 98904, true }, + { 98922, true }, + { 98937, true }, + { 98953, true }, + { 98969, true }, + { 98990, true }, + { 99004, true }, + { 99023, true }, + { 99045, true }, + { 99057, true }, + { 99080, true }, + { 99103, true }, + { 99114, true }, + { 99136, false }, + { 99158, true }, + { 99177, true }, + { 99193, true }, + { 99211, true }, + { 99226, true }, + { 99243, true }, + { 99259, true }, + { 99276, true }, + { 99293, true }, + { 99312, true }, + { 99327, true }, + { 99346, true }, + { 99358, true }, + { 99373, true }, + { 99396, true }, + { 99414, true }, + { 99438, true }, + { 99460, true }, + { 99478, true }, + { 99495, true }, + { 99514, true }, + { 99539, true }, + { 99568, true }, + { 99581, true }, + { 99593, true }, + { 99603, true }, + { 99612, true }, + { 99624, true }, + { 99634, true }, + { 99643, true }, + { 99652, true }, + { 99661, true }, + { 99670, true }, + { 99680, true }, + { 99690, true }, + { 99699, true }, + { 99708, true }, + { 99721, true }, + { 99741, true }, + { 99750, true }, + { 99760, true }, + { 99768, true }, + { 99775, true }, + { 99791, true }, + { 99799, true }, + { 99810, true }, + { 99817, true }, + { 99830, true }, + { 99844, true }, + { 99851, true }, + { 99861, true }, + { 99872, true }, + { 99882, false }, + { 99897, true }, + { 99911, true }, + { 99925, true }, + { 99937, true }, + { 99954, true }, + { 99972, true }, + { 99983, true }, + { 99997, true }, + { 100009, true }, + { 100022, true }, + { 100035, true }, + { 100055, true }, + { 100074, true }, + { 100092, true }, + { 100105, true }, + { 100123, true }, + { 100137, true }, + { 100152, true }, + { 100166, true }, + { 100183, true }, + { 100209, true }, + { 100223, true }, + { 100245, true }, + { 100266, true }, + { 100283, true }, + { 100298, true }, + { 100312, true }, + { 100327, true }, + { 100338, true }, + { 100351, true }, + { 100364, true }, + { 100378, true }, + { 100388, true }, + { 100399, true }, + { 100418, true }, + { 100433, true }, + { 100448, true }, + { 100475, true }, + { 100496, true }, + { 100516, true }, + { 100528, true }, + { 100538, true }, + { 100551, true }, + { 100563, true }, + { 100574, true }, + { 100591, true }, + { 100599, true }, + { 100613, true }, + { 100624, true }, + { 100633, true }, + { 100649, true }, + { 100657, true }, + { 100665, true }, + { 100673, true }, + { 100684, true }, + { 100692, true }, + { 100706, true }, + { 100721, true }, + { 100748, true }, + { 100766, true }, + { 100793, true }, + { 100803, true }, + { 100812, true }, + { 100826, true }, + { 100854, true }, + { 100865, true }, + { 100876, true }, + { 100885, true }, + { 100895, true }, + { 100902, true }, + { 100916, true }, + { 100930, true }, + { 100941, true }, + { 100954, true }, + { 100961, true }, + { 100969, true }, + { 100984, true }, + { 101000, true }, + { 101010, true }, + { 101023, true }, + { 101037, true }, + { 101051, true }, + { 101065, true }, + { 101070, true }, + { 101075, true }, + { 101083, true }, + { 101090, true }, + { 101099, true }, + { 101106, true }, + { 101136, true }, + { 101143, true }, + { 101155, true }, + { 101162, true }, + { 101173, true }, + { 101180, true }, + { 101187, true }, + { 101193, true }, + { 101209, true }, + { 101216, true }, + { 101228, true }, + { 101242, true }, + { 101269, true }, + { 101301, true }, + { 101315, true }, + { 101332, true }, + { 101340, true }, + { 101348, true }, + { 101368, true }, + { 101390, true }, + { 101401, true }, + { 101412, true }, + { 101423, true }, + { 101434, true }, + { 101445, true }, + { 101457, true }, + { 101467, true }, + { 101486, true }, + { 101502, true }, + { 101519, true }, + { 101527, true }, + { 101544, true }, + { 101559, true }, + { 101585, true }, + { 101606, true }, + { 101619, true }, + { 101634, true }, + { 101649, true }, + { 101665, true }, + { 101684, true }, + { 101701, true }, + { 101717, false }, + { 101727, true }, + { 101740, true }, + { 101750, true }, + { 101761, true }, + { 101780, true }, + { 101795, true }, + { 101810, true }, + { 101823, true }, + { 101831, true }, + { 101849, true }, + { 101861, false }, + { 101873, true }, + { 101887, true }, + { 101899, true }, + { 101912, true }, + { 101928, true }, + { 101942, true }, + { 101963, true }, + { 101975, true }, + { 101992, true }, + { 102005, true }, + { 102017, true }, + { 102035, true }, + { 102045, true }, + { 102058, true }, + { 102077, true }, + { 102107, true }, + { 102117, true }, + { 102128, true }, + { 102141, true }, + { 102153, true }, + { 102167, true }, + { 102184, true }, + { 102196, true }, + { 102214, true }, + { 102245, true }, + { 102259, true }, + { 102278, true }, + { 102287, true }, + { 102305, true }, + { 102319, true }, + { 102335, true }, + { 102349, true }, + { 102368, true }, + { 102386, true }, + { 102404, true }, + { 102420, true }, + { 102440, true }, + { 102461, true }, + { 102482, true }, + { 102498, true }, + { 102514, true }, + { 102530, true }, + { 102549, true }, + { 102564, false }, + { 102585, false }, + { 102605, true }, + { 102625, true }, + { 102641, true }, + { 102660, true }, + { 102675, true }, + { 102693, true }, + { 102709, true }, + { 102726, true }, + { 102745, true }, + { 102764, true }, + { 102782, true }, + { 102798, true }, + { 102809, false }, + { 102819, true }, + { 102834, true }, + { 102843, true }, + { 102855, true }, + { 102883, true }, + { 102901, true }, + { 102918, true }, + { 102927, true }, + { 102941, true }, + { 102960, true }, + { 102978, true }, + { 102990, true }, + { 103000, true }, + { 103010, true }, + { 103023, true }, + { 103038, true }, + { 103053, true }, + { 103068, true }, + { 103083, true }, + { 103102, true }, + { 103119, true }, + { 103127, true }, + { 103141, true }, + { 103156, true }, + { 103167, true }, + { 103177, true }, + { 103211, true }, + { 103223, true }, + { 103234, true }, + { 103251, true }, + { 103261, true }, + { 103271, true }, + { 103284, true }, + { 103296, false }, + { 103310, true }, + { 103328, true }, + { 103341, true }, + { 103352, true }, + { 103368, true }, + { 103386, true }, + { 103404, true }, + { 103415, true }, + { 103433, true }, + { 103448, true }, + { 103462, true }, + { 103477, true }, + { 103491, true }, + { 103506, true }, + { 103522, true }, + { 103534, true }, + { 103551, true }, + { 103563, true }, + { 103592, true }, + { 103625, true }, + { 103637, true }, + { 103649, true }, + { 103666, true }, + { 103678, true }, + { 103693, true }, + { 103702, true }, + { 103720, true }, + { 103729, true }, + { 103742, true }, + { 103754, true }, + { 103766, true }, + { 103783, true }, + { 103796, true }, + { 103811, true }, + { 103825, true }, + { 103840, true }, + { 103852, false }, + { 103866, true }, + { 103876, true }, + { 103891, true }, + { 103911, true }, + { 103929, true }, + { 103942, true }, + { 103956, true }, + { 103970, true }, + { 103983, true }, + { 103996, true }, + { 104011, true }, + { 104031, true }, + { 104045, true }, + { 104054, true }, + { 104067, true }, + { 104078, true }, + { 104090, true }, + { 104105, true }, + { 104119, true }, + { 104133, true }, + { 104147, true }, + { 104161, true }, + { 104181, true }, + { 104202, true }, + { 104220, true }, + { 104234, true }, + { 104245, true }, + { 104265, true }, + { 104280, false }, + { 104292, true }, + { 104305, true }, + { 104321, true }, + { 104334, true }, + { 104347, true }, + { 104360, true }, + { 104387, true }, + { 104398, true }, + { 104413, true }, + { 104439, true }, + { 104459, true }, + { 104473, true }, + { 104486, false }, + { 104500, true }, + { 104514, false }, + { 104531, true }, + { 104556, true }, + { 104568, true }, + { 104585, true }, + { 104602, true }, + { 104615, true }, + { 104629, true }, + { 104642, true }, + { 104654, true }, + { 104670, true }, + { 104697, true }, + { 104727, true }, + { 104749, true }, + { 104768, true }, + { 104787, false }, + { 104799, true }, + { 104813, true }, + { 104829, true }, + { 104844, true }, + { 104856, true }, + { 104871, true }, + { 104891, true }, + { 104910, true }, + { 104926, true }, + { 104942, true }, + { 104957, true }, + { 104974, true }, + { 104988, true }, + { 105003, true }, + { 105018, true }, + { 105033, true }, + { 105055, true }, + { 105075, true }, + { 105093, true }, + { 105111, true }, + { 105126, true }, + { 105142, true }, + { 105159, true }, + { 105179, true }, + { 105193, true }, + { 105209, true }, + { 105227, true }, + { 105240, true }, + { 105255, true }, + { 105274, true }, + { 105291, true }, + { 105304, true }, + { 105318, true }, + { 105333, true }, + { 105349, true }, + { 105368, true }, + { 105389, true }, + { 105406, true }, + { 105422, true }, + { 105438, true }, + { 105457, true }, + { 105477, true }, + { 105488, true }, + { 105500, true }, + { 105513, true }, + { 105530, true }, + { 105546, true }, + { 105553, true }, + { 105568, true }, + { 105584, true }, + { 105610, true }, + { 105623, true }, + { 105643, true }, + { 105654, true }, + { 105672, true }, + { 105686, true }, + { 105698, true }, + { 105711, true }, + { 105722, true }, + { 105730, true }, + { 105738, true }, + { 105760, true }, + { 105777, true }, + { 105794, true }, + { 105805, true }, + { 105813, true }, + { 105825, true }, + { 105838, true }, + { 105848, true }, + { 105860, true }, + { 105868, true }, + { 105877, true }, + { 105888, true }, + { 105899, true }, + { 105914, true }, + { 105924, true }, + { 105935, true }, + { 105948, true }, + { 105967, true }, + { 105989, true }, + { 105997, true }, + { 106009, true }, + { 106023, true }, + { 106034, true }, + { 106042, true }, + { 106054, true }, + { 106062, true }, + { 106073, true }, + { 106083, true }, + { 106091, false }, + { 106099, false }, + { 106115, true }, + { 106128, true }, + { 106143, true }, + { 106160, true }, + { 106169, true }, + { 106191, true }, + { 106212, true }, + { 106226, true }, + { 106234, true }, + { 106247, true }, + { 106260, true }, + { 106270, true }, + { 106281, false }, + { 106301, true }, + { 106316, true }, + { 106328, true }, + { 106341, true }, + { 106353, true }, + { 106365, true }, + { 106379, false }, + { 106400, true }, + { 106411, true }, + { 106425, true }, + { 106439, true }, + { 106453, true }, + { 106470, true }, + { 106485, true }, + { 106499, true }, + { 106513, true }, + { 106527, true }, + { 106541, true }, + { 106555, true }, + { 106570, true }, + { 106592, true }, + { 106604, true }, + { 106618, true }, + { 106631, true }, + { 106649, true }, + { 106664, true }, + { 106678, true }, + { 106694, true }, + { 106709, true }, + { 106721, true }, + { 106733, true }, + { 106745, true }, + { 106777, true }, + { 106787, true }, + { 106805, true }, + { 106818, true }, + { 106833, true }, + { 106847, true }, + { 106867, true }, + { 106880, true }, + { 106893, true }, + { 106902, true }, + { 106923, true }, + { 106936, true }, + { 106946, true }, + { 106959, true }, + { 106980, true }, + { 106990, true }, + { 107010, true }, + { 107029, true }, + { 107050, true }, + { 107063, true }, + { 107078, true }, + { 107090, true }, + { 107103, true }, + { 107118, true }, + { 107133, true }, + { 107152, true }, + { 107171, true }, + { 107196, true }, + { 107213, true }, + { 107236, true }, + { 107248, true }, + { 107256, true }, + { 107268, true }, + { 107279, true }, + { 107294, true }, + { 107310, true }, + { 107317, true }, + { 107324, true }, + { 107348, true }, + { 107358, true }, + { 107375, true }, + { 107398, true }, + { 107411, true }, + { 107426, true }, + { 107446, true }, + { 107462, true }, + { 107473, true }, + { 107483, true }, + { 107495, true }, + { 107506, true }, + { 107517, true }, + { 107530, true }, + { 107547, true }, + { 107568, true }, + { 107578, true }, + { 107594, true }, + { 107609, true }, + { 107625, true }, + { 107642, true }, + { 107658, true }, + { 107675, true }, + { 107689, true }, + { 107704, true }, + { 107720, true }, + { 107735, true }, + { 107746, true }, + { 107756, true }, + { 107765, true }, + { 107775, true }, + { 107786, true }, + { 107796, true }, + { 107807, true }, + { 107820, true }, + { 107830, true }, + { 107842, true }, + { 107853, true }, + { 107866, true }, + { 107878, true }, + { 107902, true }, + { 107915, true }, + { 107943, true }, + { 107966, true }, + { 107978, true }, + { 107992, true }, + { 108002, true }, + { 108016, true }, + { 108032, true }, + { 108044, true }, + { 108055, true }, + { 108067, true }, + { 108083, true }, + { 108094, true }, + { 108102, true }, + { 108115, true }, + { 108131, true }, + { 108144, true }, + { 108157, true }, + { 108177, true }, + { 108188, true }, + { 108209, true }, + { 108225, true }, + { 108247, true }, + { 108267, true }, + { 108288, true }, + { 108307, true }, + { 108319, true }, + { 108331, true }, + { 108346, true }, + { 108361, true }, + { 108371, true }, + { 108386, true }, + { 108400, true }, + { 108415, true }, + { 108424, true }, + { 108435, true }, + { 108452, true }, + { 108465, true }, + { 108479, true }, + { 108491, true }, + { 108506, true }, + { 108528, true }, + { 108539, true }, + { 108558, true }, + { 108579, true }, + { 108591, true }, + { 108601, true }, + { 108617, true }, + { 108625, true }, + { 108642, true }, + { 108652, true }, + { 108665, true }, + { 108689, true }, + { 108710, true }, + { 108735, true }, + { 108757, true }, + { 108769, true }, + { 108782, true }, + { 108799, true }, + { 108816, true }, + { 108828, true }, + { 108841, true }, + { 108853, true }, + { 108866, true }, + { 108879, true }, + { 108890, true }, + { 108904, true }, + { 108922, true }, + { 108940, true }, + { 108951, true }, + { 108963, true }, + { 108978, true }, + { 109000, true }, + { 109018, true }, + { 109035, true }, + { 109049, true }, + { 109063, false }, + { 109078, true }, + { 109092, true }, + { 109108, true }, + { 109127, true }, + { 109141, true }, + { 109151, true }, + { 109159, true }, + { 109177, true }, + { 109206, true }, + { 109217, true }, + { 109236, true }, + { 109249, true }, + { 109274, true }, + { 109297, true }, + { 109312, true }, + { 109332, true }, + { 109353, true }, + { 109366, true }, + { 109378, true }, + { 109389, true }, + { 109414, true }, + { 109435, true }, + { 109448, true }, + { 109460, true }, + { 109472, true }, + { 109482, true }, + { 109499, true }, + { 109519, true }, + { 109531, true }, + { 109555, true }, + { 109576, true }, + { 109596, true }, + { 109616, true }, + { 109639, true }, + { 109672, true }, + { 109698, true }, + { 109720, true }, + { 109737, true }, + { 109758, true }, + { 109772, true }, + { 109788, true }, + { 109807, true }, + { 109833, true }, + { 109843, true }, + { 109853, true }, + { 109866, true }, + { 109889, true }, + { 109901, true }, + { 109915, true }, + { 109925, true }, + { 109935, true }, + { 109944, true }, + { 109962, true }, + { 109973, true }, + { 109991, true }, + { 110004, true }, + { 110032, true }, + { 110044, true }, + { 110061, true }, + { 110083, true }, + { 110092, true }, + { 110109, true }, + { 110121, true }, + { 110135, true }, + { 110153, true }, + { 110174, true }, + { 110188, true }, + { 110215, true }, + { 110241, true }, + { 110259, true }, + { 110276, true }, + { 110301, true }, + { 110321, true }, + { 110346, true }, + { 110360, true }, + { 110375, true }, + { 110390, true }, + { 110400, false }, + { 110414, true }, + { 110427, true }, + { 110448, true }, + { 110457, true }, + { 110482, true }, + { 110498, true }, + { 110511, true }, + { 110537, true }, + { 110550, true }, + { 110568, true }, + { 110599, true }, + { 110628, true }, + { 110639, true }, + { 110649, true }, + { 110672, true }, + { 110695, true }, + { 110722, false }, + { 110736, true }, + { 110751, true }, + { 110765, true }, + { 110782, true }, + { 110797, true }, + { 110816, true }, + { 110835, true }, + { 110857, true }, + { 110872, true }, + { 110886, true }, + { 110900, true }, + { 110910, true }, + { 110919, true }, + { 110936, true }, + { 110945, true }, + { 110955, true }, + { 110993, true }, + { 111012, true }, + { 111027, true }, + { 111038, true }, + { 111050, true }, + { 111068, true }, + { 111093, true }, + { 111123, true }, + { 111136, true }, + { 111153, true }, + { 111164, true }, + { 111172, true }, + { 111183, false }, + { 111192, true }, + { 111202, true }, + { 111215, true }, + { 111225, true }, + { 111239, true }, + { 111248, true }, + { 111261, true }, + { 111283, false }, + { 111308, true }, + { 111326, true }, + { 111343, false }, + { 111367, true }, + { 111381, true }, + { 111400, true }, + { 111427, true }, + { 111439, true }, + { 111451, true }, + { 111463, true }, + { 111471, true }, + { 111480, true }, + { 111494, true }, + { 111517, true }, + { 111534, true }, + { 111550, false }, + { 111562, true }, + { 111574, true }, + { 111585, true }, + { 111595, true }, + { 111607, true }, + { 111621, true }, + { 111635, true }, + { 111647, true }, + { 111657, true }, + { 111671, true }, + { 111688, true }, + { 111706, true }, + { 111718, true }, + { 111730, true }, + { 111742, true }, + { 111751, true }, + { 111762, true }, + { 111774, true }, + { 111788, true }, + { 111798, true }, + { 111811, true }, + { 111823, true }, + { 111839, true }, + { 111861, true }, + { 111874, true }, + { 111884, true }, + { 111898, true }, + { 111907, true }, + { 111919, true }, + { 111930, true }, + { 111937, true }, + { 111950, true }, + { 111962, true }, + { 111974, true }, + { 111997, true }, + { 112006, true }, + { 112015, true }, + { 112026, true }, + { 112042, true }, + { 112052, true }, + { 112066, true }, + { 112073, true }, + { 112090, true }, + { 112101, true }, + { 112114, true }, + { 112125, true }, + { 112139, true }, + { 112148, true }, + { 112168, true }, + { 112206, true }, + { 112218, true }, + { 112227, true }, + { 112238, true }, + { 112249, true }, + { 112259, true }, + { 112273, true }, + { 112291, true }, + { 112309, true }, + { 112325, true }, + { 112340, true }, + { 112354, true }, + { 112366, true }, + { 112381, true }, + { 112395, true }, + { 112411, true }, + { 112425, true }, + { 112441, true }, + { 112454, true }, + { 112471, true }, + { 112489, true }, + { 112506, true }, + { 112516, true }, + { 112538, true }, + { 112547, true }, + { 112559, true }, + { 112582, true }, + { 112605, true }, + { 112616, true }, + { 112637, true }, + { 112662, true }, + { 112677, true }, + { 112703, true }, + { 112728, true }, + { 112761, true }, + { 112789, true }, + { 112818, true }, + { 112834, true }, + { 112846, true }, + { 112859, true }, + { 112871, true }, + { 112882, true }, + { 112893, true }, + { 112910, true }, + { 112935, true }, + { 112950, true }, + { 112963, true }, + { 112985, true }, + { 113010, true }, + { 113026, true }, + { 113057, false }, + { 113069, true }, + { 113081, true }, + { 113093, true }, + { 113109, true }, + { 113123, true }, + { 113138, true }, + { 113156, true }, + { 113165, true }, + { 113179, true }, + { 113201, true }, + { 113215, true }, + { 113230, true }, + { 113247, true }, + { 113270, true }, + { 113287, true }, + { 113305, true }, + { 113324, true }, + { 113337, true }, + { 113347, true }, + { 113359, true }, + { 113371, true }, + { 113386, true }, + { 113400, false }, + { 113413, false }, + { 113427, true }, + { 113439, true }, + { 113453, true }, + { 113464, true }, + { 113475, true }, + { 113487, true }, + { 113499, true }, + { 113511, true }, + { 113526, true }, + { 113540, true }, + { 113561, true }, + { 113573, true }, + { 113586, true }, + { 113598, true }, + { 113614, true }, + { 113630, false }, + { 113643, true }, + { 113654, false }, + { 113671, true }, + { 113693, true }, + { 113713, false }, + { 113725, true }, + { 113742, true }, + { 113758, true }, + { 113782, true }, + { 113800, true }, + { 113814, true }, + { 113829, true }, + { 113846, true }, + { 113874, true }, + { 113899, true }, + { 113915, true }, + { 113936, true }, + { 113958, true }, + { 113974, true }, + { 113990, true }, + { 114005, true }, + { 114020, true }, + { 114043, true }, + { 114057, true }, + { 114083, true }, + { 114103, true }, + { 114121, true }, + { 114136, true }, + { 114158, true }, + { 114187, true }, + { 114208, true }, + { 114227, true }, + { 114246, true }, + { 114262, true }, + { 114289, true }, + { 114305, true }, + { 114326, true }, + { 114339, true }, + { 114352, true }, + { 114369, true }, + { 114379, true }, + { 114391, false }, + { 114408, true }, + { 114427, true }, + { 114435, true }, + { 114447, true }, + { 114457, true }, + { 114476, true }, + { 114493, true }, + { 114510, true }, + { 114520, true }, + { 114534, true }, + { 114548, true }, + { 114565, true }, + { 114573, true }, + { 114592, true }, + { 114605, true }, + { 114614, true }, + { 114625, true }, + { 114643, true }, + { 114655, true }, + { 114666, true }, + { 114676, true }, + { 114687, true }, + { 114697, true }, + { 114705, true }, + { 114722, true }, + { 114732, true }, + { 114745, true }, + { 114759, true }, + { 114770, true }, + { 114783, true }, + { 114792, true }, + { 114804, false }, + { 114812, true }, + { 114823, true }, + { 114834, true }, + { 114847, true }, + { 114860, true }, + { 114874, true }, + { 114893, true }, + { 114909, true }, + { 114933, true }, + { 114945, true }, + { 114959, true }, + { 114975, true }, + { 114989, true }, + { 115009, true }, + { 115032, true }, + { 115052, true }, + { 115063, true }, + { 115079, true }, + { 115089, true }, + { 115101, true }, + { 115114, true }, + { 115128, true }, + { 115144, true }, + { 115164, true }, + { 115178, true }, + { 115186, true }, + { 115204, true }, + { 115215, true }, + { 115228, true }, + { 115240, true }, + { 115255, true }, + { 115273, true }, + { 115290, true }, + { 115305, true }, + { 115324, false }, + { 115338, true }, + { 115352, true }, + { 115369, true }, + { 115387, true }, + { 115405, true }, + { 115426, false }, + { 115448, true }, + { 115470, true }, + { 115486, true }, + { 115510, true }, + { 115527, true }, + { 115548, true }, + { 115564, true }, + { 115578, true }, + { 115597, true }, + { 115616, true }, + { 115643, true }, + { 115670, true }, + { 115691, true }, + { 115717, true }, + { 115738, true }, + { 115758, true }, + { 115784, true }, + { 115802, true }, + { 115814, true }, + { 115825, true }, + { 115836, true }, + { 115852, true }, + { 115864, true }, + { 115878, true }, + { 115895, true }, + { 115916, true }, + { 115931, false }, + { 115951, true }, + { 115977, true }, + { 116004, true }, + { 116032, true }, + { 116059, true }, + { 116081, true }, + { 116091, true }, + { 116104, true }, + { 116112, true }, + { 116124, true }, + { 116132, true }, + { 116145, true }, + { 116162, true }, + { 116182, true }, + { 116205, true }, + { 116217, true }, + { 116229, true }, + { 116242, true }, + { 116256, true }, + { 116279, true }, + { 116298, true }, + { 116320, true }, + { 116338, true }, + { 116357, true }, + { 116376, true }, + { 116394, true }, + { 116404, true }, + { 116415, true }, + { 116425, true }, + { 116442, true }, + { 116454, true }, + { 116464, true }, + { 116485, true }, + { 116495, true }, + { 116506, true }, + { 116525, true }, + { 116540, true }, + { 116558, true }, + { 116577, true }, + { 116600, true }, + { 116607, true }, + { 116620, true }, + { 116633, true }, + { 116643, true }, + { 116661, true }, + { 116685, true }, + { 116709, true }, + { 116718, true }, + { 116735, false }, + { 116755, true }, + { 116774, true }, + { 116782, false }, + { 116792, true }, + { 116806, true }, + { 116832, true }, + { 116845, true }, + { 116862, true }, + { 116870, true }, + { 116878, true }, + { 116894, true }, + { 116901, true }, + { 116914, true }, + { 116923, true }, + { 116933, true }, + { 116953, true }, + { 116964, true }, + { 116973, false }, + { 116988, true }, + { 117007, true }, + { 117016, true }, + { 117025, true }, + { 117039, true }, + { 117053, true }, + { 117063, true }, + { 117080, true }, + { 117092, true }, + { 117101, true }, + { 117108, true }, + { 117120, true }, + { 117137, true }, + { 117145, false }, + { 117153, true }, + { 117161, true }, + { 117168, true }, + { 117179, true }, + { 117192, true }, + { 117199, true }, + { 117210, true }, + { 117221, true }, + { 117231, true }, + { 117244, true }, + { 117259, true }, + { 117276, true }, + { 117291, true }, + { 117303, true }, + { 117315, true }, + { 117327, true }, + { 117342, true }, + { 117353, true }, + { 117363, true }, + { 117381, true }, + { 117390, true }, + { 117402, true }, + { 117408, false }, + { 117428, true }, + { 117437, true }, + { 117445, true }, + { 117454, true }, + { 117468, true }, + { 117480, true }, + { 117495, true }, + { 117502, true }, + { 117514, true }, + { 117524, true }, + { 117534, true }, + { 117551, true }, + { 117569, true }, + { 117581, true }, + { 117598, true }, + { 117610, true }, + { 117620, true }, + { 117634, true }, + { 117647, false }, + { 117663, true }, + { 117679, true }, + { 117687, true }, + { 117695, true }, + { 117709, true }, + { 117722, true }, + { 117741, true }, + { 117755, true }, + { 117771, true }, + { 117789, true }, + { 117802, true }, + { 117815, true }, + { 117830, true }, + { 117846, true }, + { 117874, true }, + { 117886, true }, + { 117902, true }, + { 117911, true }, + { 117936, false }, + { 117953, true }, + { 117966, true }, + { 117979, false }, + { 117988, true }, + { 117998, true }, + { 118008, true }, + { 118030, true }, + { 118040, true }, + { 118050, true }, + { 118066, true }, + { 118082, true }, + { 118094, true }, + { 118106, true }, + { 118121, true }, + { 118135, true }, + { 118149, true }, + { 118161, true }, + { 118183, true }, + { 118207, true }, + { 118224, true }, + { 118232, true }, + { 118243, true }, + { 118257, true }, + { 118270, true }, + { 118290, true }, + { 118304, true }, + { 118320, true }, + { 118328, true }, + { 118342, true }, + { 118363, true }, + { 118378, true }, + { 118397, false }, + { 118414, true }, + { 118428, true }, + { 118447, true }, + { 118462, true }, + { 118478, true }, + { 118493, true }, + { 118504, true }, + { 118527, true }, + { 118539, true }, + { 118549, true }, + { 118570, true }, + { 118588, true }, + { 118609, true }, + { 118626, true }, + { 118647, true }, + { 118662, true }, + { 118679, true }, + { 118697, true }, + { 118709, true }, + { 118727, true }, + { 118743, true }, + { 118760, true }, + { 118780, true }, + { 118798, true }, + { 118817, true }, + { 118842, true }, + { 118864, true }, + { 118878, true }, + { 118893, true }, + { 118911, true }, + { 118927, true }, + { 118942, true }, + { 118964, true }, + { 118979, true }, + { 118994, true }, + { 119012, true }, + { 119027, true }, + { 119041, true }, + { 119055, true }, + { 119070, true }, + { 119084, false }, + { 119097, true }, + { 119111, true }, + { 119125, true }, + { 119153, true }, + { 119172, true }, + { 119186, true }, + { 119205, false }, + { 119217, true }, + { 119229, true }, + { 119243, true }, + { 119256, true }, + { 119275, true }, + { 119293, true }, + { 119309, true }, + { 119317, true }, + { 119328, true }, + { 119342, true }, + { 119357, true }, + { 119380, true }, + { 119396, true }, + { 119409, true }, + { 119428, true }, + { 119439, true }, + { 119448, true }, + { 119464, true }, + { 119479, true }, + { 119500, true }, + { 119511, true }, + { 119526, true }, + { 119537, true }, + { 119550, true }, + { 119563, true }, + { 119575, true }, + { 119600, true }, + { 119614, true }, + { 119625, true }, + { 119644, true }, + { 119653, true }, + { 119662, true }, + { 119675, true }, + { 119690, true }, + { 119705, true }, + { 119722, true }, + { 119739, true }, + { 119756, true }, + { 119767, true }, + { 119781, true }, + { 119795, true }, + { 119822, true }, + { 119831, true }, + { 119844, true }, + { 119855, true }, + { 119864, true }, + { 119873, true }, + { 119882, true }, + { 119898, true }, + { 119917, true }, + { 119942, true }, + { 119960, true }, + { 119967, true }, + { 119986, false }, + { 119997, true }, + { 120012, true }, + { 120023, true }, + { 120038, true }, + { 120052, true }, + { 120063, true }, + { 120087, true }, + { 120099, true }, + { 120119, true }, + { 120130, true }, + { 120140, true }, + { 120152, true }, + { 120169, true }, + { 120182, true }, + { 120194, true }, + { 120205, true }, + { 120216, true }, + { 120228, true }, + { 120237, true }, + { 120258, true }, + { 120272, true }, + { 120288, false }, + { 120300, true }, + { 120317, true }, + { 120332, true }, + { 120344, true }, + { 120354, true }, + { 120373, true }, + { 120382, true }, + { 120391, true }, + { 120407, true }, + { 120428, true }, + { 120445, true }, + { 120474, true }, + { 120492, true }, + { 120509, true }, + { 120528, false }, + { 120543, true }, + { 120556, true }, + { 120569, true }, + { 120581, true }, + { 120592, true }, + { 120604, true }, + { 120623, true }, + { 120630, true }, + { 120649, true }, + { 120658, false }, + { 120681, true }, + { 120697, true }, + { 120714, true }, + { 120724, true }, + { 120737, true }, + { 120748, true }, + { 120760, true }, + { 120771, true }, + { 120784, true }, + { 120794, true }, + { 120805, true }, + { 120822, true }, + { 120834, true }, + { 120852, true }, + { 120866, true }, + { 120884, true }, + { 120899, true }, + { 120919, true }, + { 120933, true }, + { 120953, true }, + { 120969, true }, + { 120989, true }, + { 121003, true }, + { 121024, true }, + { 121041, true }, + { 121058, true }, + { 121075, true }, + { 121092, true }, + { 121109, true }, + { 121128, true }, + { 121146, true }, + { 121164, true }, + { 121178, true }, + { 121189, true }, + { 121203, false }, + { 121222, true }, + { 121233, true }, + { 121252, true }, + { 121266, true }, + { 121277, true }, + { 121287, true }, + { 121295, true }, + { 121308, true }, + { 121324, true }, + { 121344, true }, + { 121367, true }, + { 121392, true }, + { 121410, true }, + { 121419, true }, + { 121433, true }, + { 121450, true }, + { 121470, true }, + { 121484, true }, + { 121505, true }, + { 121524, true }, + { 121543, false }, + { 121561, true }, + { 121573, true }, + { 121585, true }, + { 121600, true }, + { 121616, true }, + { 121626, true }, + { 121636, true }, + { 121650, true }, + { 121666, true }, + { 121681, true }, + { 121695, true }, + { 121705, true }, + { 121714, true }, + { 121729, true }, + { 121747, true }, + { 121774, true }, + { 121784, true }, + { 121794, true }, + { 121802, true }, + { 121815, true }, + { 121828, true }, + { 121840, true }, + { 121853, true }, + { 121872, true }, + { 121887, false }, + { 121897, false }, + { 121914, true }, + { 121924, true }, + { 121940, true }, + { 121953, true }, + { 121963, true }, + { 121976, true }, + { 121990, true }, + { 122011, true }, + { 122033, true }, + { 122062, true }, + { 122081, true }, + { 122091, true }, + { 122110, true }, + { 122130, true }, + { 122139, true }, + { 122160, true }, + { 122170, true }, + { 122182, true }, + { 122197, true }, + { 122212, true }, + { 122220, false }, + { 122233, true }, + { 122254, true }, + { 122266, true }, + { 122280, true }, + { 122294, true }, + { 122306, true }, + { 122320, true }, + { 122333, true }, + { 122346, true }, + { 122359, true }, + { 122380, true }, + { 122392, true }, + { 122401, true }, + { 122416, true }, + { 122428, true }, + { 122442, true }, + { 122458, true }, + { 122467, true }, + { 122485, true }, + { 122501, true }, + { 122515, true }, + { 122525, true }, + { 122535, true }, + { 122550, true }, + { 122572, true }, + { 122588, false }, + { 122597, true }, + { 122611, true }, + { 122621, true }, + { 122641, true }, + { 122658, true }, + { 122669, true }, + { 122683, true }, + { 122699, true }, + { 122715, true }, + { 122737, true }, + { 122749, true }, + { 122771, true }, + { 122789, true }, + { 122797, true }, + { 122812, true }, + { 122823, true }, + { 122837, true }, + { 122852, true }, + { 122866, true }, + { 122875, true }, + { 122883, true }, + { 122894, true }, + { 122905, true }, + { 122914, true }, + { 122936, true }, + { 122946, true }, + { 122964, true }, + { 122978, true }, + { 122991, true }, + { 123005, true }, + { 123029, true }, + { 123037, true }, + { 123046, true }, + { 123055, true }, + { 123068, true }, + { 123083, true }, + { 123090, true }, + { 123105, false }, + { 123117, true }, + { 123125, true }, + { 123148, true }, + { 123170, true }, + { 123194, true }, + { 123210, true }, + { 123225, true }, + { 123238, true }, + { 123256, true }, + { 123268, true }, + { 123283, true }, + { 123296, true }, + { 123307, true }, + { 123318, false }, + { 123329, false }, + { 123339, false }, + { 123350, false }, + { 123361, false }, + { 123373, true }, + { 123389, true }, + { 123396, true }, + { 123407, true }, + { 123422, true }, + { 123434, true }, + { 123444, true }, + { 123454, true }, + { 123471, true }, + { 123483, true }, + { 123494, true }, + { 123512, true }, + { 123521, true }, + { 123530, true }, + { 123542, true }, + { 123552, true }, + { 123568, true }, + { 123585, true }, + { 123595, true }, + { 123609, false }, + { 123628, true }, + { 123642, true }, + { 123656, true }, + { 123678, true }, + { 123696, true }, + { 123714, true }, + { 123729, true }, + { 123748, true }, + { 123756, true }, + { 123771, true }, + { 123787, true }, + { 123797, true }, + { 123808, true }, + { 123821, true }, + { 123836, true }, + { 123845, true }, + { 123865, true }, + { 123874, true }, + { 123889, true }, + { 123900, true }, + { 123915, true }, + { 123931, true }, + { 123949, true }, + { 123960, true }, + { 123970, true }, + { 123983, true }, + { 124003, true }, + { 124023, false }, + { 124032, true }, + { 124042, true }, + { 124055, true }, + { 124066, true }, + { 124081, true }, + { 124094, true }, + { 124106, true }, + { 124124, true }, + { 124134, true }, + { 124143, true }, + { 124153, true }, + { 124162, true }, + { 124173, true }, + { 124185, true }, + { 124193, true }, + { 124207, false }, + { 124214, true }, + { 124224, true }, + { 124238, true }, + { 124250, true }, + { 124260, true }, + { 124270, true }, + { 124286, true }, + { 124300, true }, + { 124314, true }, + { 124329, true }, + { 124336, true }, + { 124349, true }, + { 124369, false }, + { 124384, true }, + { 124400, true }, + { 124415, true }, + { 124435, true }, + { 124455, true }, + { 124472, true }, + { 124484, true }, + { 124492, true }, + { 124506, true }, + { 124521, false }, + { 124531, true }, + { 124539, true }, + { 124556, true }, + { 124567, true }, + { 124581, true }, + { 124589, true }, + { 124596, true }, + { 124606, true }, + { 124614, true }, + { 124629, true }, + { 124642, true }, + { 124652, true }, + { 124662, true }, + { 124672, true }, + { 124682, true }, + { 124692, true }, + { 124708, true }, + { 124723, true }, + { 124738, true }, + { 124755, true }, + { 124766, true }, + { 124774, true }, + { 124788, true }, + { 124801, true }, + { 124818, true }, + { 124839, true }, + { 124854, true }, + { 124874, true }, + { 124891, true }, + { 124904, true }, + { 124924, true }, + { 124934, true }, + { 124946, true }, + { 124960, true }, + { 124969, true }, + { 124978, true }, + { 124995, true }, + { 125005, true }, + { 125014, false }, + { 125025, true }, + { 125034, true }, + { 125045, true }, + { 125052, true }, + { 125063, true }, + { 125070, true }, + { 125079, true }, + { 125087, true }, + { 125095, true }, + { 125102, true }, + { 125109, true }, + { 125123, true }, + { 125137, true }, + { 125151, true }, + { 125174, true }, + { 125199, true }, + { 125217, true }, + { 125235, true }, + { 125249, true }, + { 125260, true }, + { 125269, true }, + { 125286, true }, + { 125304, true }, + { 125316, true }, + { 125334, true }, + { 125347, true }, + { 125356, true }, + { 125373, true }, + { 125390, true }, + { 125408, true }, + { 125424, true }, + { 125436, true }, + { 125451, true }, + { 125464, true }, + { 125476, true }, + { 125507, true }, + { 125534, true }, + { 125565, true }, + { 125594, true }, + { 125612, true }, + { 125629, false }, + { 125642, false }, + { 125661, true }, + { 125676, true }, + { 125692, true }, + { 125708, true }, + { 125720, true }, + { 125733, true }, + { 125746, false }, + { 125758, true }, + { 125769, true }, + { 125786, true }, + { 125796, false }, + { 125814, true }, + { 125827, true }, + { 125846, true }, + { 125863, true }, + { 125876, false }, + { 125890, true }, + { 125906, true }, + { 125925, true }, + { 125936, true }, + { 125950, true }, + { 125959, true }, + { 125978, true }, + { 125988, true }, + { 125995, true }, + { 126024, true }, + { 126046, true }, + { 126067, true }, + { 126094, true }, + { 126114, true }, + { 126122, true }, + { 126133, true }, + { 126145, true }, + { 126165, false }, + { 126182, true }, + { 126193, true }, + { 126207, true }, + { 126215, true }, + { 126226, true }, + { 126235, true }, + { 126246, true }, + { 126258, true }, + { 126274, false }, + { 126289, true }, + { 126310, true }, + { 126320, true }, + { 126335, true }, + { 126351, true }, + { 126363, true }, + { 126375, true }, + { 126392, true }, + { 126407, true }, + { 126425, true }, + { 126437, true }, + { 126452, true }, + { 126471, true }, + { 126485, true }, + { 126496, true }, + { 126514, true }, + { 126528, true }, + { 126541, true }, + { 126553, true }, + { 126562, true }, + { 126573, true }, + { 126589, true }, + { 126612, true }, + { 126624, true }, + { 126640, true }, + { 126657, true }, + { 126669, true }, + { 126687, true }, + { 126701, true }, + { 126715, true }, + { 126733, true }, + { 126755, true }, + { 126766, true }, + { 126784, true }, + { 126797, true }, + { 126815, true }, + { 126840, true }, + { 126853, true }, + { 126868, true }, + { 126882, true }, + { 126895, true }, + { 126908, true }, + { 126930, true }, + { 126946, true }, + { 126959, true }, + { 126970, true }, + { 126984, true }, + { 126993, true }, + { 127004, true }, + { 127018, true }, + { 127029, true }, + { 127048, true }, + { 127060, true }, + { 127084, true }, + { 127102, true }, + { 127123, true }, + { 127140, true }, + { 127155, false }, + { 127168, true }, + { 127174, true }, + { 127184, true }, + { 127198, true }, + { 127210, true }, + { 127220, true }, + { 127230, true }, + { 127242, true }, + { 127271, true }, + { 127287, true }, + { 127302, true }, + { 127321, true }, + { 127334, true }, + { 127347, true }, + { 127358, true }, + { 127373, true }, + { 127384, true }, + { 127399, true }, + { 127415, true }, + { 127430, true }, + { 127452, false }, + { 127467, true }, + { 127486, true }, + { 127505, true }, + { 127534, true }, + { 127545, true }, + { 127561, true }, + { 127573, true }, + { 127595, true }, + { 127604, true }, + { 127615, true }, + { 127630, true }, + { 127645, true }, + { 127656, true }, + { 127673, true }, + { 127688, true }, + { 127699, true }, + { 127721, true }, + { 127744, true }, + { 127761, true }, + { 127777, true }, + { 127794, true }, + { 127807, true }, + { 127818, true }, + { 127831, true }, + { 127840, true }, + { 127852, true }, + { 127863, true }, + { 127877, true }, + { 127887, true }, + { 127900, true }, + { 127916, true }, + { 127930, true }, + { 127939, true }, + { 127953, true }, + { 127971, true }, + { 127988, false }, + { 127996, true }, + { 128005, true }, + { 128018, true }, + { 128035, true }, + { 128048, true }, + { 128058, true }, + { 128070, true }, + { 128080, true }, + { 128089, true }, + { 128096, true }, + { 128116, true }, + { 128138, true }, + { 128146, true }, + { 128156, true }, + { 128163, true }, + { 128178, true }, + { 128184, true }, + { 128201, true }, + { 128210, true }, + { 128219, true }, + { 128228, true }, + { 128243, true }, + { 128251, true }, + { 128263, true }, + { 128271, true }, + { 128294, true }, + { 128314, true }, + { 128332, true }, + { 128352, true }, + { 128363, true }, + { 128372, true }, + { 128388, true }, + { 128402, true }, + { 128413, true }, + { 128426, true }, + { 128439, true }, + { 128448, true }, + { 128470, true }, + { 128481, false }, + { 128488, true }, + { 128499, true }, + { 128512, true }, + { 128524, true }, + { 128537, true }, + { 128550, true }, + { 128561, true }, + { 128576, true }, + { 128590, true }, + { 128600, true }, + { 128610, true }, + { 128619, true }, + { 128630, true }, + { 128639, false }, + { 128651, true }, + { 128664, true }, + { 128675, true }, + { 128691, true }, + { 128700, true }, + { 128710, true }, + { 128722, true }, + { 128731, true }, + { 128741, true }, + { 128752, true }, + { 128767, true }, + { 128784, true }, + { 128801, true }, + { 128811, true }, + { 128834, true }, + { 128848, true }, + { 128859, true }, + { 128870, true }, + { 128892, true }, + { 128905, true }, + { 128920, true }, + { 128933, true }, + { 128948, true }, + { 128962, true }, + { 128988, true }, + { 128999, true }, + { 129010, true }, + { 129026, true }, + { 129035, true }, + { 129046, true }, + { 129061, true }, + { 129090, true }, + { 129103, true }, + { 129119, true }, + { 129133, true }, + { 129161, true }, + { 129180, true }, + { 129196, true }, + { 129217, true }, + { 129229, false }, + { 129247, true }, + { 129257, false }, + { 129268, true }, + { 129278, true }, + { 129299, true }, + { 129317, true }, + { 129327, true }, + { 129348, true }, + { 129364, true }, + { 129374, true }, + { 129393, true }, + { 129400, true }, + { 129410, true }, + { 129420, true }, + { 129432, true }, + { 129447, true }, + { 129461, true }, + { 129478, true }, + { 129491, true }, + { 129504, true }, + { 129523, true }, + { 129538, true }, + { 129553, true }, + { 129564, true }, + { 129576, true }, + { 129591, true }, + { 129605, true }, + { 129618, true }, + { 129627, true }, + { 129636, true }, + { 129648, true }, + { 129664, true }, + { 129678, true }, + { 129694, true }, + { 129710, true }, + { 129726, true }, + { 129736, true }, + { 129756, true }, + { 129775, true }, + { 129797, true }, + { 129814, true }, + { 129830, true }, + { 129851, true }, + { 129881, true }, + { 129913, true }, + { 129946, true }, + { 129977, true }, + { 129998, true }, + { 130022, true }, + { 130030, true }, + { 130049, true }, + { 130069, true }, + { 130085, true }, + { 130103, true }, + { 130120, true }, + { 130139, true }, + { 130163, true }, + { 130182, true }, + { 130200, true }, + { 130217, true }, + { 130239, true }, + { 130255, true }, + { 130275, true }, + { 130295, true }, + { 130311, true }, + { 130328, true }, + { 130350, true }, + { 130367, true }, + { 130383, true }, + { 130400, true }, + { 130415, true }, + { 130431, true }, + { 130450, true }, + { 130467, true }, + { 130489, true }, + { 130511, true }, + { 130533, true }, + { 130552, true }, + { 130567, true }, + { 130584, true }, + { 130598, true }, + { 130611, true }, + { 130624, true }, + { 130640, true }, + { 130672, true }, + { 130694, true }, + { 130704, true }, + { 130721, false }, + { 130736, true }, + { 130751, true }, + { 130762, true }, + { 130772, true }, + { 130787, true }, + { 130801, true }, + { 130819, true }, + { 130837, true }, + { 130850, true }, + { 130866, true }, + { 130878, true }, + { 130893, true }, + { 130912, true }, + { 130928, false }, + { 130938, false }, + { 130947, true }, + { 130969, true }, + { 130989, true }, + { 131010, true }, + { 131026, true }, + { 131040, true }, + { 131054, true }, + { 131065, true }, + { 131086, true }, + { 131107, true }, + { 131123, true }, + { 131143, true }, + { 131154, true }, + { 131167, true }, + { 131189, true }, + { 131213, true }, + { 131222, false }, + { 131239, true }, + { 131248, true }, + { 131261, true }, + { 131275, true }, + { 131286, true }, + { 131307, true }, + { 131318, true }, + { 131329, true }, + { 131345, true }, + { 131358, true }, + { 131371, true }, + { 131393, true }, + { 131412, true }, + { 131425, true }, + { 131436, true }, + { 131456, true }, + { 131465, true }, + { 131480, true }, + { 131489, true }, + { 131501, true }, + { 131514, true }, + { 131524, true }, + { 131533, true }, + { 131556, true }, + { 131569, true }, + { 131586, true }, + { 131602, true }, + { 131613, true }, + { 131630, true }, + { 131655, true }, + { 131682, true }, + { 131709, true }, + { 131721, true }, + { 131732, true }, + { 131749, true }, + { 131765, true }, + { 131776, true }, + { 131785, true }, + { 131798, true }, + { 131811, true }, + { 131831, true }, + { 131844, true }, + { 131867, true }, + { 131884, true }, + { 131899, true }, + { 131922, true }, + { 131936, true }, + { 131946, true }, + { 131961, true }, + { 131982, true }, + { 131992, true }, + { 132008, true }, + { 132018, true }, + { 132032, true }, + { 132056, true }, + { 132073, true }, + { 132087, true }, + { 132113, true }, + { 132130, true }, + { 132149, true }, + { 132182, true }, + { 132204, true }, + { 132224, true }, + { 132233, true }, + { 132241, true }, + { 132262, true }, + { 132269, true }, + { 132289, true }, + { 132300, true }, + { 132312, true }, + { 132325, true }, + { 132339, true }, + { 132356, true }, + { 132373, false }, + { 132386, true }, + { 132404, true }, + { 132419, true }, + { 132436, true }, + { 132447, true }, + { 132465, true }, + { 132481, true }, + { 132505, true }, + { 132515, true }, + { 132528, true }, + { 132538, true }, + { 132554, true }, + { 132568, true }, + { 132587, true }, + { 132611, true }, + { 132623, true }, + { 132638, true }, + { 132654, true }, + { 132665, true }, + { 132685, true }, + { 132706, true }, + { 132719, true }, + { 132730, true }, + { 132742, true }, + { 132762, true }, + { 132776, true }, + { 132792, true }, + { 132819, true }, + { 132845, true }, + { 132869, true }, + { 132892, true }, + { 132915, true }, + { 132927, true }, + { 132941, true }, + { 132952, true }, + { 132967, true }, + { 132982, true }, + { 132995, true }, + { 133004, true }, + { 133013, true }, + { 133027, true }, + { 133039, false }, + { 133067, true }, + { 133080, true }, + { 133089, true }, + { 133100, true }, + { 133124, true }, + { 133134, true }, + { 133150, true }, + { 133160, true }, + { 133172, true }, + { 133184, true }, + { 133207, false }, + { 133221, false }, + { 133236, true }, + { 133251, true }, + { 133275, true }, + { 133296, true }, + { 133318, true }, + { 133338, true }, + { 133358, true }, + { 133368, true }, + { 133380, true }, + { 133406, true }, + { 133420, true }, + { 133437, true }, + { 133450, true }, + { 133478, true }, + { 133490, true }, + { 133506, false }, + { 133530, true }, + { 133548, true }, + { 133565, true }, + { 133584, true }, + { 133610, true }, + { 133634, true }, + { 133655, true }, + { 133671, true }, + { 133681, true }, + { 133697, true }, + { 133713, true }, + { 133732, true }, + { 133751, true }, + { 133768, true }, + { 133784, true }, + { 133798, true }, + { 133816, true }, + { 133834, true }, + { 133857, true }, + { 133867, true }, + { 133885, true }, + { 133893, true }, + { 133905, true }, + { 133922, true }, + { 133939, true }, + { 133947, true }, + { 133964, true }, + { 133978, true }, + { 133989, true }, + { 134001, true }, + { 134021, true }, + { 134040, true }, + { 134056, true }, + { 134076, true }, + { 134094, true }, + { 134109, true }, + { 134127, true }, + { 134138, true }, + { 134151, true }, + { 134162, true }, + { 134177, true }, + { 134195, true }, + { 134210, true }, + { 134222, true }, + { 134240, true }, + { 134256, true }, + { 134271, true }, + { 134289, true }, + { 134307, true }, + { 134326, true }, + { 134345, true }, + { 134358, true }, + { 134368, true }, + { 134378, true }, + { 134392, true }, + { 134402, true }, + { 134418, true }, + { 134429, true }, + { 134448, true }, + { 134462, true }, + { 134472, true }, + { 134488, true }, + { 134507, true }, + { 134517, true }, + { 134536, true }, + { 134548, true }, + { 134558, true }, + { 134570, true }, + { 134581, true }, + { 134591, true }, + { 134606, true }, + { 134622, true }, + { 134635, true }, + { 134648, true }, + { 134671, true }, + { 134695, true }, + { 134712, true }, + { 134727, true }, + { 134740, true }, + { 134763, true }, + { 134793, false }, + { 134805, true }, + { 134818, true }, + { 134832, true }, + { 134842, true }, + { 134855, true }, + { 134870, true }, + { 134890, true }, + { 134904, true }, + { 134914, true }, + { 134929, true }, + { 134944, true }, + { 134968, true }, + { 134991, true }, + { 135007, true }, + { 135025, true }, + { 135036, true }, + { 135045, true }, + { 135054, true }, + { 135066, true }, + { 135089, false }, + { 135106, true }, + { 135119, true }, + { 135131, true }, + { 135139, true }, + { 135155, true }, + { 135163, true }, + { 135179, true }, + { 135194, true }, + { 135228, true }, + { 135252, true }, + { 135267, true }, + { 135283, true }, + { 135299, true }, + { 135313, true }, + { 135335, true }, + { 135351, true }, + { 135365, true }, + { 135379, true }, + { 135391, true }, + { 135406, true }, + { 135420, true }, + { 135440, true }, + { 135450, true }, + { 135467, true }, + { 135479, true }, + { 135490, true }, + { 135501, true }, + { 135515, true }, + { 135531, true }, + { 135548, true }, + { 135567, true }, + { 135577, true }, + { 135592, true }, + { 135615, true }, + { 135636, true }, + { 135655, true }, + { 135673, true }, + { 135691, true }, + { 135705, true }, + { 135720, true }, + { 135736, true }, + { 135756, true }, + { 135776, true }, + { 135793, true }, + { 135812, true }, + { 135830, true }, + { 135851, true }, + { 135869, true }, + { 135886, true }, + { 135906, true }, + { 135923, true }, + { 135940, true }, + { 135958, true }, + { 135976, true }, + { 135989, true }, + { 136005, true }, + { 136020, true }, + { 136033, true }, + { 136047, true }, + { 136066, true }, + { 136077, true }, + { 136090, true }, + { 136104, true }, + { 136115, true }, + { 136128, true }, + { 136138, true }, + { 136153, true }, + { 136167, true }, + { 136179, true }, + { 136197, true }, + { 136208, true }, + { 136229, true }, + { 136247, true }, + { 136272, true }, + { 136285, true }, + { 136301, true }, + { 136307, true }, + { 136315, true }, + { 136336, true }, + { 136345, true }, + { 136355, true }, + { 136379, true }, + { 136391, true }, + { 136414, true }, + { 136439, true }, + { 136451, true }, + { 136467, true }, + { 136480, true }, + { 136492, true }, + { 136504, true }, + { 136520, true }, + { 136539, true }, + { 136550, true }, + { 136569, true }, + { 136584, true }, + { 136597, true }, + { 136617, true }, + { 136632, true }, + { 136648, true }, + { 136659, true }, + { 136677, true }, + { 136686, true }, + { 136697, true }, + { 136708, true }, + { 136719, true }, + { 136729, true }, + { 136746, true }, + { 136760, true }, + { 136772, true }, + { 136788, true }, + { 136798, true }, + { 136807, true }, + { 136821, true }, + { 136844, true }, + { 136854, true }, + { 136864, true }, + { 136877, true }, + { 136887, true }, + { 136899, true }, + { 136908, true }, + { 136919, false }, + { 136932, true }, + { 136944, true }, + { 136958, true }, + { 136970, true }, + { 136980, true }, + { 136994, true }, + { 137006, true }, + { 137028, true }, + { 137035, true }, + { 137048, true }, + { 137060, true }, + { 137072, true }, + { 137084, true }, + { 137096, true }, + { 137108, true }, + { 137120, true }, + { 137132, true }, + { 137144, true }, + { 137158, true }, + { 137174, true }, + { 137189, true }, + { 137205, true }, + { 137227, true }, + { 137240, false }, + { 137260, true }, + { 137278, true }, + { 137288, true }, + { 137301, true }, + { 137318, true }, + { 137333, true }, + { 137346, true }, + { 137357, true }, + { 137368, true }, + { 137379, true }, + { 137389, true }, + { 137403, true }, + { 137412, true }, + { 137423, true }, + { 137436, true }, + { 137451, true }, + { 137465, true }, + { 137484, true }, + { 137498, true }, + { 137509, true }, + { 137522, true }, + { 137540, true }, + { 137557, true }, + { 137576, true }, + { 137597, true }, + { 137620, true }, + { 137632, true }, + { 137642, true }, + { 137655, true }, + { 137669, true }, + { 137678, true }, + { 137693, true }, + { 137701, true }, + { 137715, true }, + { 137732, true }, + { 137745, true }, + { 137756, true }, + { 137767, true }, + { 137787, true }, + { 137796, true }, + { 137808, true }, + { 137821, true }, + { 137830, true }, + { 137839, true }, + { 137855, true }, + { 137864, true }, + { 137878, true }, + { 137897, true }, + { 137911, true }, + { 137925, true }, + { 137940, true }, + { 137955, true }, + { 137970, true }, + { 137990, true }, + { 138011, false }, + { 138036, true }, + { 138049, true }, + { 138058, true }, + { 138079, true }, + { 138096, true }, + { 138106, true }, + { 138121, true }, + { 138133, true }, + { 138152, true }, + { 138170, true }, + { 138188, true }, + { 138203, true }, + { 138223, true }, + { 138235, true }, + { 138247, true }, + { 138264, true }, + { 138278, true }, + { 138291, true }, + { 138304, true }, + { 138321, true }, + { 138348, true }, + { 138368, true }, + { 138384, true }, + { 138409, true }, + { 138432, true }, + { 138448, false }, + { 138476, true }, + { 138487, true }, + { 138496, true }, + { 138509, true }, + { 138524, true }, + { 138537, true }, + { 138553, true }, + { 138569, true }, + { 138583, true }, + { 138592, true }, + { 138610, true }, + { 138633, true }, + { 138667, true }, + { 138677, true }, + { 138689, true }, + { 138710, true }, + { 138733, true }, + { 138744, true }, + { 138761, true }, + { 138787, true }, + { 138813, false }, + { 138828, true }, + { 138837, true }, + { 138846, true }, + { 138858, true }, + { 138871, true }, + { 138881, true }, + { 138890, true }, + { 138909, true }, + { 138924, true }, + { 138938, false }, + { 138949, true }, + { 138966, true }, + { 138990, true }, + { 139009, true }, + { 139025, true }, + { 139040, true }, + { 139048, true }, + { 139056, true }, + { 139067, true }, + { 139080, true }, + { 139089, true }, + { 139104, true }, + { 139116, true }, + { 139130, true }, + { 139144, true }, + { 139156, true }, + { 139174, true }, + { 139189, true }, + { 139204, true }, + { 139215, true }, + { 139232, true }, + { 139245, true }, + { 139259, true }, + { 139271, true }, + { 139282, true }, + { 139295, true }, + { 139316, true }, + { 139330, true }, + { 139350, true }, + { 139362, true }, + { 139377, true }, + { 139396, true }, + { 139416, true }, + { 139436, true }, + { 139443, true }, + { 139452, true }, + { 139460, true }, + { 139473, true }, + { 139483, true }, + { 139497, true }, + { 139512, true }, + { 139525, true }, + { 139539, true }, + { 139556, true }, + { 139573, true }, + { 139590, true }, + { 139603, true }, + { 139616, true }, + { 139629, true }, + { 139642, true }, + { 139655, true }, + { 139668, true }, + { 139681, true }, + { 139694, true }, + { 139707, true }, + { 139720, true }, + { 139733, true }, + { 139746, true }, + { 139759, true }, + { 139773, true }, + { 139781, true }, + { 139790, true }, + { 139798, true }, + { 139819, true }, + { 139832, true }, + { 139848, true }, + { 139871, true }, + { 139885, true }, + { 139903, true }, + { 139917, true }, + { 139931, true }, + { 139945, true }, + { 139960, true }, + { 139974, true }, + { 139988, true }, + { 140002, true }, + { 140017, true }, + { 140031, true }, + { 140045, true }, + { 140059, true }, + { 140073, true }, + { 140090, true }, + { 140110, true }, + { 140142, true }, + { 140167, true }, + { 140179, true }, + { 140189, true }, + { 140201, true }, + { 140216, true }, + { 140228, true }, + { 140242, true }, + { 140256, true }, + { 140267, true }, + { 140274, true }, + { 140289, true }, + { 140299, true }, + { 140311, true }, + { 140323, true }, + { 140338, true }, + { 140353, true }, + { 140366, true }, + { 140385, true }, + { 140395, true }, + { 140415, true }, + { 140433, true }, + { 140446, true }, + { 140456, true }, + { 140470, true }, + { 140486, true }, + { 140503, true }, + { 140516, true }, + { 140529, true }, + { 140542, true }, + { 140555, true }, + { 140579, true }, + { 140597, true }, + { 140607, true }, + { 140618, true }, + { 140634, true }, + { 140660, true }, + { 140672, true }, + { 140684, true }, + { 140697, true }, + { 140716, false }, + { 140731, true }, + { 140744, true }, + { 140765, true }, + { 140781, true }, + { 140797, true }, + { 140809, true }, + { 140826, true }, + { 140840, true }, + { 140858, true }, + { 140875, true }, + { 140894, true }, + { 140905, true }, + { 140927, true }, + { 140945, true }, + { 140964, true }, + { 140977, true }, + { 140989, true }, + { 141010, true }, + { 141019, true }, + { 141028, true }, + { 141039, true }, + { 141053, true }, + { 141067, false }, + { 141079, true }, + { 141104, true }, + { 141131, true }, + { 141154, true }, + { 141172, true }, + { 141184, true }, + { 141193, true }, + { 141204, true }, + { 141214, true }, + { 141225, true }, + { 141236, true }, + { 141246, true }, + { 141259, true }, + { 141274, true }, + { 141288, true }, + { 141300, true }, + { 141311, true }, + { 141322, true }, + { 141332, true }, + { 141343, true }, + { 141359, true }, + { 141368, true }, + { 141380, true }, + { 141393, true }, + { 141401, true }, + { 141412, true }, + { 141432, true }, + { 141452, true }, + { 141463, true }, + { 141474, true }, + { 141492, true }, + { 141504, true }, + { 141518, true }, + { 141537, true }, + { 141550, true }, + { 141573, true }, + { 141591, true }, + { 141615, true }, + { 141632, true }, + { 141661, true }, + { 141671, true }, + { 141685, true }, + { 141708, true }, + { 141720, true }, + { 141733, true }, + { 141747, true }, + { 141759, true }, + { 141782, true }, + { 141792, true }, + { 141807, true }, + { 141816, true }, + { 141830, true }, + { 141846, true }, + { 141859, true }, + { 141882, true }, + { 141892, true }, + { 141900, true }, + { 141912, true }, + { 141926, true }, + { 141947, true }, + { 141954, true }, + { 141967, true }, + { 141981, true }, + { 141994, true }, + { 142011, true }, + { 142025, true }, + { 142042, true }, + { 142062, true }, + { 142080, true }, + { 142090, true }, + { 142108, true }, + { 142123, true }, + { 142145, true }, + { 142162, true }, + { 142175, true }, + { 142195, true }, + { 142212, false }, + { 142223, true }, + { 142237, true }, + { 142248, true }, + { 142261, true }, + { 142276, true }, + { 142296, true }, + { 142312, true }, + { 142325, true }, + { 142340, true }, + { 142355, true }, + { 142375, true }, + { 142386, true }, + { 142401, true }, + { 142416, true }, + { 142433, true }, + { 142449, true }, + { 142468, true }, + { 142487, true }, + { 142504, true }, + { 142520, true }, + { 142535, true }, + { 142553, true }, + { 142565, true }, + { 142572, true }, + { 142583, true }, + { 142595, true }, + { 142611, true }, + { 142638, true }, + { 142666, true }, + { 142690, true }, + { 142708, false }, + { 142726, true }, + { 142742, true }, + { 142761, true }, + { 142778, true }, + { 142796, true }, + { 142813, true }, + { 142830, true }, + { 142849, true }, + { 142867, true }, + { 142885, true }, + { 142905, true }, + { 142924, true }, + { 142942, true }, + { 142951, true }, + { 142963, true }, + { 142986, true }, + { 142998, false }, + { 143013, true }, + { 143032, true }, + { 143044, true }, + { 143052, true }, + { 143065, true }, + { 143079, true }, + { 143089, true }, + { 143098, true }, + { 143106, true }, + { 143122, true }, + { 143134, true }, + { 143154, true }, + { 143164, true }, + { 143177, true }, + { 143187, true }, + { 143203, true }, + { 143224, true }, + { 143233, true }, + { 143245, true }, + { 143254, true }, + { 143264, true }, + { 143271, true }, + { 143288, true }, + { 143305, true }, + { 143319, true }, + { 143331, true }, + { 143344, true }, + { 143352, true }, + { 143359, true }, + { 143372, true }, + { 143381, true }, + { 143388, true }, + { 143402, true }, + { 143415, true }, + { 143428, true }, + { 143441, true }, + { 143460, true }, + { 143478, true }, + { 143493, true }, + { 143513, true }, + { 143529, true }, + { 143545, true }, + { 143563, true }, + { 143577, true }, + { 143591, true }, + { 143609, true }, + { 143626, true }, + { 143643, true }, + { 143653, true }, + { 143680, true }, + { 143715, true }, + { 143730, true }, + { 143748, true }, + { 143765, true }, + { 143781, true }, + { 143796, true }, + { 143822, false }, + { 143835, true }, + { 143858, true }, + { 143877, true }, + { 143898, true }, + { 143912, true }, + { 143925, true }, + { 143937, true }, + { 143956, true }, + { 143981, true }, + { 144002, true }, + { 144024, true }, + { 144045, true }, + { 144065, true }, + { 144086, true }, + { 144106, false }, + { 144116, true }, + { 144139, true }, + { 144156, true }, + { 144173, true }, + { 144183, true }, + { 144193, false }, + { 144206, true }, + { 144218, true }, + { 144237, true }, + { 144248, true }, + { 144263, true }, + { 144271, true }, + { 144284, true }, + { 144299, true }, + { 144310, true }, + { 144322, true }, + { 144334, true }, + { 144347, true }, + { 144370, true }, + { 144388, true }, + { 144400, true }, + { 144425, true }, + { 144441, true }, + { 144461, true }, + { 144483, true }, + { 144497, true }, + { 144508, true }, + { 144521, true }, + { 144533, true }, + { 144542, true }, + { 144554, true }, + { 144567, true }, + { 144581, true }, + { 144593, true }, + { 144613, true }, + { 144632, true }, + { 144642, true }, + { 144654, true }, + { 144678, true }, + { 144700, true }, + { 144725, true }, + { 144748, true }, + { 144768, true }, + { 144779, true }, + { 144795, false }, + { 144810, true }, + { 144822, true }, + { 144834, true }, + { 144844, true }, + { 144861, true }, + { 144881, true }, + { 144896, true }, + { 144913, true }, + { 144930, true }, + { 144953, true }, + { 144969, true }, + { 144989, true }, + { 145002, true }, + { 145019, true }, + { 145040, true }, + { 145060, true }, + { 145074, true }, + { 145091, true }, + { 145108, true }, + { 145128, true }, + { 145146, true }, + { 145162, true }, + { 145177, true }, + { 145187, true }, + { 145197, true }, + { 145208, true }, + { 145227, true }, + { 145243, true }, + { 145253, true }, + { 145263, true }, + { 145283, true }, + { 145308, true }, + { 145342, true }, + { 145379, true }, + { 145400, true }, + { 145431, true }, + { 145455, true }, + { 145475, true }, + { 145489, true }, + { 145502, true }, + { 145515, true }, + { 145524, true }, + { 145537, true }, + { 145544, true }, + { 145551, false }, + { 145567, true }, + { 145576, true }, + { 145590, true }, + { 145604, true }, + { 145617, true }, + { 145637, true }, + { 145652, true }, + { 145666, true }, + { 145685, true }, + { 145697, true }, + { 145706, true }, + { 145716, true }, + { 145728, true }, + { 145751, true }, + { 145765, true }, + { 145780, true }, + { 145791, true }, + { 145802, true }, + { 145814, true }, + { 145824, true }, + { 145835, true }, + { 145851, true }, + { 145864, true }, + { 145880, false }, + { 145895, true }, + { 145912, true }, + { 145929, true }, + { 145947, true }, + { 145968, true }, + { 145985, true }, + { 146002, true }, + { 146019, true }, + { 146036, true }, + { 146053, true }, + { 146070, true }, + { 146087, true }, + { 146104, true }, + { 146121, true }, + { 146138, true }, + { 146155, true }, + { 146172, true }, + { 146191, true }, + { 146207, true }, + { 146221, true }, + { 146246, true }, + { 146261, true }, + { 146276, true }, + { 146293, true }, + { 146309, true }, + { 146331, false }, + { 146344, true }, + { 146358, true }, + { 146375, true }, + { 146392, true }, + { 146412, false }, + { 146434, true }, + { 146447, true }, + { 146471, true }, + { 146485, true }, + { 146505, true }, + { 146520, true }, + { 146529, false }, + { 146543, true }, + { 146560, true }, + { 146573, true }, + { 146586, true }, + { 146596, true }, + { 146607, true }, + { 146618, true }, + { 146624, true }, + { 146634, true }, + { 146650, true }, + { 146661, true }, + { 146668, true }, + { 146680, true }, + { 146690, true }, + { 146700, true }, + { 146709, true }, + { 146723, true }, + { 146738, true }, + { 146748, true }, + { 146760, true }, + { 146772, true }, + { 146781, true }, + { 146796, true }, + { 146805, true }, + { 146816, false }, + { 146826, true }, + { 146834, true }, + { 146844, true }, + { 146857, true }, + { 146876, true }, + { 146890, true }, + { 146900, true }, + { 146910, true }, + { 146932, true }, + { 146948, true }, + { 146957, true }, + { 146980, true }, + { 146996, true }, + { 147015, true }, + { 147038, true }, + { 147052, true }, + { 147064, true }, + { 147081, true }, + { 147100, true }, + { 147117, true }, + { 147129, true }, + { 147140, true }, + { 147153, false }, + { 147165, true }, + { 147176, true }, + { 147190, true }, + { 147203, true }, + { 147213, true }, + { 147234, true }, + { 147249, true }, + { 147257, true }, + { 147272, true }, + { 147286, true }, + { 147299, true }, + { 147312, true }, + { 147322, true }, + { 147334, true }, + { 147345, true }, + { 147356, true }, + { 147371, true }, + { 147400, true }, + { 147412, true }, + { 147424, true }, + { 147438, true }, + { 147453, true }, + { 147469, true }, + { 147483, true }, + { 147500, true }, + { 147514, true }, + { 147528, true }, + { 147543, true }, + { 147557, true }, + { 147569, true }, + { 147583, true }, + { 147597, true }, + { 147609, true }, + { 147621, true }, + { 147635, true }, + { 147647, true }, + { 147659, true }, + { 147673, true }, + { 147691, true }, + { 147699, true }, + { 147710, true }, + { 147726, true }, + { 147742, true }, + { 147756, true }, + { 147775, true }, + { 147794, true }, + { 147817, false }, + { 147846, true }, + { 147876, true }, + { 147892, true }, + { 147906, true }, + { 147920, true }, + { 147938, true }, + { 147959, true }, + { 147978, true }, + { 147990, true }, + { 148010, true }, + { 148025, true }, + { 148038, true }, + { 148049, true }, + { 148064, true }, + { 148083, true }, + { 148098, true }, + { 148116, true }, + { 148136, true }, + { 148148, true }, + { 148160, true }, + { 148175, true }, + { 148202, true }, + { 148225, true }, + { 148249, true }, + { 148273, true }, + { 148289, true }, + { 148313, true }, + { 148323, true }, + { 148337, true }, + { 148359, true }, + { 148369, true }, + { 148401, true }, + { 148416, true }, + { 148427, true }, + { 148435, true }, + { 148452, true }, + { 148463, true }, + { 148475, true }, + { 148489, true }, + { 148497, true }, + { 148519, true }, + { 148529, true }, + { 148542, false }, + { 148553, false }, + { 148565, true }, + { 148577, true }, + { 148587, true }, + { 148606, true }, + { 148621, true }, + { 148635, false }, + { 148655, true }, + { 148665, true }, + { 148673, false }, + { 148686, true }, + { 148714, true }, + { 148728, true }, + { 148739, true }, + { 148748, true }, + { 148761, true }, + { 148768, true }, + { 148779, true }, + { 148788, true }, + { 148801, true }, + { 148815, true }, + { 148830, true }, + { 148844, true }, + { 148864, true }, + { 148882, false }, + { 148898, true }, + { 148920, true }, + { 148935, true }, + { 148954, true }, + { 148968, true }, + { 148985, true }, + { 148994, true }, + { 149007, true }, + { 149020, true }, + { 149037, true }, + { 149050, true }, + { 149060, true }, + { 149070, true }, + { 149096, true }, + { 149106, true }, + { 149114, true }, + { 149123, true }, + { 149137, true }, + { 149149, true }, + { 149163, true }, + { 149176, false }, + { 149188, true }, + { 149202, true }, + { 149214, true }, + { 149226, true }, + { 149236, true }, + { 149253, true }, + { 149265, true }, + { 149274, true }, + { 149294, true }, + { 149314, true }, + { 149325, true }, + { 149342, true }, + { 149363, true }, + { 149384, true }, + { 149400, true }, + { 149409, true }, + { 149427, true }, + { 149444, true }, + { 149456, true }, + { 149473, true }, + { 149493, true }, + { 149511, true }, + { 149532, true }, + { 149546, true }, + { 149555, true }, + { 149579, true }, + { 149595, false }, + { 149605, true }, + { 149620, true }, + { 149633, true }, + { 149652, true }, + { 149661, true }, + { 149677, true }, + { 149690, true }, + { 149716, true }, + { 149733, true }, + { 149746, true }, + { 149763, true }, + { 149777, true }, + { 149791, true }, + { 149808, true }, + { 149828, true }, + { 149846, true }, + { 149861, true }, + { 149872, true }, + { 149891, true }, + { 149901, true }, + { 149913, true }, + { 149924, true }, + { 149941, true }, + { 149953, true }, + { 149968, false }, + { 149985, true }, + { 149993, true }, + { 150006, true }, + { 150018, true }, + { 150033, true }, + { 150052, true }, + { 150067, true }, + { 150084, true }, + { 150094, true }, + { 150109, true }, + { 150123, true }, + { 150147, true }, + { 150162, true }, + { 150187, true }, + { 150202, true }, + { 150218, true }, + { 150235, true }, + { 150248, true }, + { 150260, true }, + { 150272, true }, + { 150292, true }, + { 150304, true }, + { 150317, true }, + { 150331, true }, + { 150349, true }, + { 150370, true }, + { 150382, true }, + { 150406, true }, + { 150426, true }, + { 150441, true }, + { 150460, true }, + { 150472, true }, + { 150484, true }, + { 150499, true }, + { 150523, true }, + { 150533, true }, + { 150546, true }, + { 150580, true }, + { 150601, true }, + { 150621, true }, + { 150643, true }, + { 150667, true }, + { 150681, true }, + { 150695, true }, + { 150708, true }, + { 150719, false }, + { 150735, true }, + { 150759, true }, + { 150771, true }, + { 150786, true }, + { 150799, true }, + { 150808, true }, + { 150822, true }, + { 150837, true }, + { 150855, true }, + { 150881, true }, + { 150914, true }, + { 150946, true }, + { 150961, true }, + { 150976, true }, + { 150985, true }, + { 150995, true }, + { 151005, true }, + { 151020, true }, + { 151031, true }, + { 151055, true }, + { 151067, true }, + { 151079, true }, + { 151090, true }, + { 151102, true }, + { 151111, true }, + { 151120, true }, + { 151129, true }, + { 151139, true }, + { 151151, true }, + { 151164, true }, + { 151178, true }, + { 151192, true }, + { 151204, true }, + { 151220, true }, + { 151242, true }, + { 151264, true }, + { 151278, false }, + { 151288, false }, + { 151308, false }, + { 151322, true }, + { 151334, true }, + { 151347, true }, + { 151356, true }, + { 151365, true }, + { 151374, true }, + { 151387, true }, + { 151408, true }, + { 151420, true }, + { 151432, false }, + { 151445, true }, + { 151454, true }, + { 151462, false }, + { 151479, true }, + { 151493, true }, + { 151509, true }, + { 151528, true }, + { 151538, true }, + { 151548, true }, + { 151566, true }, + { 151587, true }, + { 151601, true }, + { 151614, true }, + { 151622, true }, + { 151641, true }, + { 151661, true }, + { 151675, true }, + { 151684, true }, + { 151703, true }, + { 151723, true }, + { 151732, true }, + { 151745, true }, + { 151754, true }, + { 151767, true }, + { 151791, true }, + { 151806, true }, + { 151819, true }, + { 151832, true }, + { 151850, true }, + { 151870, true }, + { 151885, false }, + { 151898, true }, + { 151915, true }, + { 151928, true }, + { 151941, true }, + { 151954, true }, + { 151972, true }, + { 151993, true }, + { 152008, true }, + { 152032, true }, + { 152059, true }, + { 152073, true }, + { 152084, true }, + { 152095, true }, + { 152105, true }, + { 152118, false }, + { 152132, true }, + { 152145, true }, + { 152159, true }, + { 152175, true }, + { 152189, true }, + { 152204, true }, + { 152222, true }, + { 152235, true }, + { 152247, true }, + { 152260, true }, + { 152269, true }, + { 152292, false }, + { 152303, false }, + { 152314, true }, + { 152325, true }, + { 152341, true }, + { 152359, true }, + { 152380, true }, + { 152400, true }, + { 152422, true }, + { 152438, true }, + { 152456, true }, + { 152473, true }, + { 152490, true }, + { 152508, true }, + { 152525, true }, + { 152542, true }, + { 152557, true }, + { 152575, true }, + { 152598, true }, + { 152612, true }, + { 152627, true }, + { 152640, false }, + { 152657, true }, + { 152672, true }, + { 152686, true }, + { 152705, false }, + { 152715, true }, + { 152726, true }, + { 152742, true }, + { 152751, true }, + { 152762, true }, + { 152781, true }, + { 152801, true }, + { 152816, true }, + { 152824, true }, + { 152835, true }, + { 152844, true }, + { 152855, true }, + { 152866, true }, + { 152885, true }, + { 152900, true }, + { 152918, true }, + { 152929, true }, + { 152946, true }, + { 152961, true }, + { 152989, true }, + { 152997, false }, + { 153008, true }, + { 153024, true }, + { 153038, true }, + { 153050, true }, + { 153064, true }, + { 153084, true }, + { 153098, true }, + { 153113, true }, + { 153125, false }, + { 153146, true }, + { 153164, true }, + { 153177, true }, + { 153187, true }, + { 153196, true }, + { 153204, true }, + { 153220, true }, + { 153232, true }, + { 153244, true }, + { 153254, true }, + { 153265, true }, + { 153277, true }, + { 153297, true }, + { 153307, true }, + { 153313, true }, + { 153331, true }, + { 153343, true }, + { 153354, true }, + { 153362, true }, + { 153376, true }, + { 153388, true }, + { 153400, true }, + { 153413, true }, + { 153435, true }, + { 153446, false }, + { 153460, true }, + { 153468, true }, + { 153483, true }, + { 153494, true }, + { 153506, true }, + { 153521, true }, + { 153539, false }, + { 153552, true }, + { 153573, true }, + { 153587, true }, + { 153596, true }, + { 153619, true }, + { 153638, true }, + { 153647, true }, + { 153658, true }, + { 153667, true }, + { 153678, true }, + { 153685, true }, + { 153705, true }, + { 153717, true }, + { 153731, true }, + { 153745, true }, + { 153764, true }, + { 153783, true }, + { 153799, true }, + { 153818, true }, + { 153826, true }, + { 153843, true }, + { 153862, true }, + { 153871, true }, + { 153880, true }, + { 153889, true }, + { 153899, true }, + { 153908, true }, + { 153919, true }, + { 153932, true }, + { 153951, true }, + { 153967, true }, + { 153985, true }, + { 153996, true }, + { 154012, true }, + { 154019, true }, + { 154031, true }, + { 154052, true }, + { 154068, true }, + { 154085, true }, + { 154095, true }, + { 154110, true }, + { 154129, true }, + { 154142, true }, + { 154159, true }, + { 154178, true }, + { 154189, true }, + { 154204, true }, + { 154216, true }, + { 154227, true }, + { 154235, true }, + { 154252, true }, + { 154261, true }, + { 154275, true }, + { 154297, true }, + { 154312, true }, + { 154324, true }, + { 154338, true }, + { 154351, true }, + { 154367, true }, + { 154398, true }, + { 154416, true }, + { 154433, true }, + { 154444, true }, + { 154460, true }, + { 154475, true }, + { 154497, true }, + { 154506, true }, + { 154519, true }, + { 154531, false }, + { 154545, true }, + { 154562, true }, + { 154579, true }, + { 154601, true }, + { 154615, true }, + { 154630, true }, + { 154643, true }, + { 154654, true }, + { 154672, true }, + { 154695, true }, + { 154712, true }, + { 154732, true }, + { 154747, true }, + { 154758, true }, + { 154770, true }, + { 154784, true }, + { 154803, false }, + { 154811, true }, + { 154829, true }, + { 154853, true }, + { 154870, true }, + { 154888, true }, + { 154899, true }, + { 154921, true }, + { 154931, true }, + { 154956, true }, + { 154973, true }, + { 154985, true }, + { 155001, true }, + { 155013, true }, + { 155024, true }, + { 155036, true }, + { 155048, true }, + { 155061, true }, + { 155075, true }, + { 155088, true }, + { 155101, true }, + { 155119, true }, + { 155134, true }, + { 155148, true }, + { 155177, true }, + { 155203, false }, + { 155220, true }, + { 155230, true }, + { 155253, true }, + { 155273, true }, + { 155296, true }, + { 155323, true }, + { 155347, true }, + { 155370, true }, + { 155387, true }, + { 155398, true }, + { 155413, true }, + { 155432, true }, + { 155444, true }, + { 155456, true }, + { 155476, true }, + { 155493, true }, + { 155509, true }, + { 155526, true }, + { 155539, true }, + { 155547, true }, + { 155564, true }, + { 155593, true }, + { 155605, true }, + { 155621, true }, + { 155636, true }, + { 155657, true }, + { 155680, true }, + { 155702, true }, + { 155724, true }, + { 155742, true }, + { 155756, true }, + { 155767, true }, + { 155781, true }, + { 155796, true }, + { 155817, true }, + { 155835, true }, + { 155848, true }, + { 155858, true }, + { 155867, true }, + { 155883, true }, + { 155895, true }, + { 155908, true }, + { 155926, true }, + { 155944, true }, + { 155957, true }, + { 155975, true }, + { 155983, true }, + { 155996, true }, + { 156004, true }, + { 156021, true }, + { 156028, false }, + { 156048, true }, + { 156062, true }, + { 156074, true }, + { 156083, true }, + { 156098, true }, + { 156116, true }, + { 156130, true }, + { 156139, true }, + { 156153, true }, + { 156168, true }, + { 156176, true }, + { 156200, true }, + { 156221, true }, + { 156237, true }, + { 156256, true }, + { 156270, true }, + { 156287, true }, + { 156309, true }, + { 156329, true }, + { 156348, true }, + { 156359, true }, + { 156373, true }, + { 156383, true }, + { 156400, true }, + { 156422, true }, + { 156443, true }, + { 156458, true }, + { 156468, true }, + { 156484, true }, + { 156500, true }, + { 156515, true }, + { 156528, true }, + { 156541, true }, + { 156557, true }, + { 156575, false }, + { 156587, true }, + { 156599, true }, + { 156625, true }, + { 156641, true }, + { 156663, true }, + { 156683, true }, + { 156696, true }, + { 156707, true }, + { 156722, true }, + { 156735, true }, + { 156755, true }, + { 156769, true }, + { 156789, true }, + { 156805, true }, + { 156821, true }, + { 156831, true }, + { 156843, true }, + { 156851, true }, + { 156865, true }, + { 156875, true }, + { 156899, true }, + { 156917, true }, + { 156936, false }, + { 156955, true }, + { 156968, true }, + { 156985, true }, + { 156999, true }, + { 157016, true }, + { 157028, true }, + { 157038, true }, + { 157057, true }, + { 157076, true }, + { 157092, true }, + { 157113, true }, + { 157127, true }, + { 157147, true }, + { 157159, true }, + { 157184, true }, + { 157220, true }, + { 157232, true }, + { 157249, true }, + { 157262, true }, + { 157273, true }, + { 157287, true }, + { 157307, true }, + { 157326, true }, + { 157346, true }, + { 157363, true }, + { 157388, true }, + { 157403, true }, + { 157422, true }, + { 157445, true }, + { 157459, true }, + { 157477, true }, + { 157493, true }, + { 157512, true }, + { 157534, true }, + { 157549, true }, + { 157559, true }, + { 157578, true }, + { 157594, true }, + { 157607, true }, + { 157625, true }, + { 157647, true }, + { 157670, true }, + { 157684, true }, + { 157697, true }, + { 157712, true }, + { 157725, true }, + { 157742, true }, + { 157757, false }, + { 157767, true }, + { 157786, true }, + { 157802, true }, + { 157817, true }, + { 157830, true }, + { 157855, true }, + { 157870, true }, + { 157888, true }, + { 157903, true }, + { 157921, true }, + { 157938, true }, + { 157954, true }, + { 157972, true }, + { 157987, true }, + { 158000, true }, + { 158012, true }, + { 158023, true }, + { 158037, true }, + { 158055, true }, + { 158068, true }, + { 158081, true }, + { 158095, true }, + { 158121, true }, + { 158139, true }, + { 158163, true }, + { 158184, true }, + { 158203, true }, + { 158219, true }, + { 158241, true }, + { 158258, true }, + { 158268, true }, + { 158282, true }, + { 158299, true }, + { 158318, true }, + { 158329, true }, + { 158348, true }, + { 158364, true }, + { 158383, true }, + { 158395, true }, + { 158411, true }, + { 158423, true }, + { 158439, true }, + { 158453, true }, + { 158467, true }, + { 158480, true }, + { 158495, true }, + { 158511, true }, + { 158530, true }, + { 158545, true }, + { 158563, true }, + { 158580, true }, + { 158593, true }, + { 158615, true }, + { 158639, true }, + { 158659, true }, + { 158678, true }, + { 158691, true }, + { 158715, true }, + { 158725, true }, + { 158735, true }, + { 158744, true }, + { 158757, true }, + { 158772, true }, + { 158784, true }, + { 158797, true }, + { 158806, true }, + { 158816, true }, + { 158828, true }, + { 158844, true }, + { 158854, true }, + { 158862, true }, + { 158870, true }, + { 158883, true }, + { 158896, true }, + { 158907, true }, + { 158920, true }, + { 158939, true }, + { 158950, true }, + { 158966, true }, + { 158978, true }, + { 158988, true }, + { 159006, false }, + { 159019, true }, + { 159035, true }, + { 159050, true }, + { 159061, true }, + { 159076, true }, + { 159093, true }, + { 159107, true }, + { 159118, true }, + { 159134, true }, + { 159151, true }, + { 159160, true }, + { 159169, true }, + { 159182, true }, + { 159197, true }, + { 159212, true }, + { 159233, true }, + { 159252, false }, + { 159262, true }, + { 159277, true }, + { 159287, true }, + { 159301, true }, + { 159315, true }, + { 159330, true }, + { 159341, true }, + { 159358, true }, + { 159372, true }, + { 159380, true }, + { 159388, true }, + { 159398, true }, + { 159408, true }, + { 159416, true }, + { 159423, true }, + { 159433, true }, + { 159445, true }, + { 159453, true }, + { 159464, true }, + { 159472, true }, + { 159481, false }, + { 159489, true }, + { 159515, true }, + { 159528, true }, + { 159538, true }, + { 159546, true }, + { 159560, true }, + { 159571, true }, + { 159581, true }, + { 159593, true }, + { 159605, true }, + { 159622, true }, + { 159635, true }, + { 159650, true }, + { 159672, true }, + { 159682, true }, + { 159693, true }, + { 159702, true }, + { 159712, true }, + { 159735, true }, + { 159751, true }, + { 159767, true }, + { 159788, true }, + { 159808, true }, + { 159822, true }, + { 159836, true }, + { 159848, true }, + { 159870, true }, + { 159885, true }, + { 159896, true }, + { 159910, true }, + { 159929, true }, + { 159941, true }, + { 159955, true }, + { 159972, true }, + { 159988, true }, + { 160016, true }, + { 160041, true }, + { 160058, true }, + { 160074, true }, + { 160085, true }, + { 160106, false }, + { 160120, true }, + { 160134, true }, + { 160155, true }, + { 160184, true }, + { 160198, true }, + { 160209, true }, + { 160222, true }, + { 160235, true }, + { 160249, true }, + { 160267, true }, + { 160278, true }, + { 160299, true }, + { 160315, true }, + { 160333, true }, + { 160360, true }, + { 160371, true }, + { 160384, true }, + { 160401, true }, + { 160420, true }, + { 160434, true }, + { 160448, true }, + { 160465, true }, + { 160489, true }, + { 160505, true }, + { 160519, true }, + { 160532, true }, + { 160565, true }, + { 160591, true }, + { 160607, true }, + { 160627, true }, + { 160654, true }, + { 160682, true }, + { 160693, true }, + { 160707, true }, + { 160726, true }, + { 160737, true }, + { 160747, true }, + { 160757, true }, + { 160767, true }, + { 160777, true }, + { 160787, true }, + { 160797, true }, + { 160810, true }, + { 160833, true }, + { 160846, true }, + { 160855, true }, + { 160871, true }, + { 160888, true }, + { 160899, true }, + { 160910, true }, + { 160923, true }, + { 160939, true }, + { 160950, true }, + { 160964, true }, + { 160975, true }, + { 160989, true }, + { 161003, true }, + { 161020, true }, + { 161038, true }, + { 161052, true }, + { 161077, true }, + { 161090, true }, + { 161103, true }, + { 161114, true }, + { 161123, true }, + { 161133, true }, + { 161153, true }, + { 161167, true }, + { 161176, true }, + { 161184, true }, + { 161194, true }, + { 161206, true }, + { 161216, true }, + { 161224, true }, + { 161231, true }, + { 161245, true }, + { 161259, true }, + { 161272, true }, + { 161283, true }, + { 161297, true }, + { 161311, true }, + { 161325, true }, + { 161335, true }, + { 161345, false }, + { 161355, true }, + { 161368, true }, + { 161378, true }, + { 161389, true }, + { 161405, true }, + { 161412, true }, + { 161426, true }, + { 161454, true }, + { 161477, true }, + { 161492, true }, + { 161504, true }, + { 161515, true }, + { 161525, true }, + { 161534, true }, + { 161541, true }, + { 161551, true }, + { 161561, true }, + { 161567, true }, + { 161575, false }, + { 161586, true }, + { 161598, true }, + { 161608, true }, + { 161619, true }, + { 161628, true }, + { 161638, true }, + { 161645, true }, + { 161663, true }, + { 161676, true }, + { 161694, true }, + { 161712, true }, + { 161725, true }, + { 161736, true }, + { 161752, true }, + { 161774, true }, + { 161789, true }, + { 161801, true }, + { 161823, true }, + { 161832, true }, + { 161855, true }, + { 161868, true }, + { 161877, true }, + { 161890, true }, + { 161903, true }, + { 161915, true }, + { 161934, true }, + { 161954, true }, + { 161964, true }, + { 161976, true }, + { 161998, true }, + { 162013, true }, + { 162028, true }, + { 162047, true }, + { 162065, true }, + { 162074, true }, + { 162096, true }, + { 162111, true }, + { 162130, true }, + { 162149, true }, + { 162167, true }, + { 162184, true }, + { 162199, true }, + { 162215, true }, + { 162226, true }, + { 162239, true }, + { 162257, true }, + { 162273, true }, + { 162289, true }, + { 162300, true }, + { 162318, true }, + { 162330, true }, + { 162341, true }, + { 162357, true }, + { 162374, true }, + { 162389, true }, + { 162405, true }, + { 162423, false }, + { 162438, true }, + { 162447, true }, + { 162460, true }, + { 162474, true }, + { 162491, true }, + { 162503, true }, + { 162520, true }, + { 162544, true }, + { 162562, true }, + { 162574, true }, + { 162591, true }, + { 162605, true }, + { 162620, true }, + { 162636, true }, + { 162649, true }, + { 162663, true }, + { 162678, true }, + { 162693, true }, + { 162710, true }, + { 162725, true }, + { 162740, true }, + { 162753, true }, + { 162772, true }, + { 162794, true }, + { 162815, true }, + { 162831, true }, + { 162844, true }, + { 162858, true }, + { 162875, true }, + { 162892, true }, + { 162913, true }, + { 162937, true }, + { 162959, true }, + { 162971, true }, + { 162984, true }, + { 162995, true }, + { 163010, true }, + { 163029, true }, + { 163050, true }, + { 163067, true }, + { 163083, true }, + { 163098, true }, + { 163112, true }, + { 163122, false }, + { 163132, false }, + { 163145, true }, + { 163161, true }, + { 163178, true }, + { 163197, true }, + { 163217, true }, + { 163235, true }, + { 163256, true }, + { 163279, true }, + { 163294, false }, + { 163315, true }, + { 163333, true }, + { 163361, true }, + { 163376, true }, + { 163392, true }, + { 163411, true }, + { 163433, true }, + { 163448, true }, + { 163465, false }, + { 163479, true }, + { 163494, true }, + { 163515, true }, + { 163528, true }, + { 163539, true }, + { 163564, true }, + { 163580, true }, + { 163595, true }, + { 163611, true }, + { 163628, true }, + { 163648, true }, + { 163665, true }, + { 163684, true }, + { 163698, true }, + { 163716, true }, + { 163730, true }, + { 163748, true }, + { 163766, true }, + { 163779, true }, + { 163797, true }, + { 163809, true }, + { 163820, true }, + { 163838, true }, + { 163850, true }, + { 163862, false }, + { 163873, true }, + { 163887, true }, + { 163903, true }, + { 163912, true }, + { 163928, true }, + { 163944, true }, + { 163958, true }, + { 163971, true }, + { 163981, false }, + { 163998, true }, + { 164014, true }, + { 164027, true }, + { 164040, true }, + { 164059, true }, + { 164068, true }, + { 164083, true }, + { 164093, true }, + { 164102, true }, + { 164108, true }, + { 164117, true }, + { 164125, true }, + { 164134, true }, + { 164151, true }, + { 164163, true }, + { 164172, true }, + { 164189, true }, + { 164203, true }, + { 164214, false }, + { 164223, true }, + { 164235, true }, + { 164242, true }, + { 164257, true }, + { 164264, false }, + { 164273, true }, + { 164309, true }, + { 164320, true }, + { 164334, true }, + { 164346, true }, + { 164356, true }, + { 164366, true }, + { 164378, true }, + { 164399, true }, + { 164419, true }, + { 164445, true }, + { 164455, true }, + { 164464, true }, + { 164482, true }, + { 164491, true }, + { 164515, true }, + { 164522, true }, + { 164534, true }, + { 164542, true }, + { 164554, true }, + { 164567, true }, + { 164581, false }, + { 164596, true }, + { 164610, true }, + { 164628, true }, + { 164641, true }, + { 164655, true }, + { 164667, true }, + { 164679, true }, + { 164691, true }, + { 164701, true }, + { 164715, true }, + { 164728, true }, + { 164742, true }, + { 164762, true }, + { 164773, true }, + { 164782, true }, + { 164797, true }, + { 164809, true }, + { 164817, true }, + { 164830, true }, + { 164846, true }, + { 164859, true }, + { 164869, true }, + { 164876, true }, + { 164888, true }, + { 164899, true }, + { 164913, true }, + { 164923, true }, + { 164935, true }, + { 164952, true }, + { 164962, true }, + { 164979, true }, + { 164996, true }, + { 165006, true }, + { 165021, true }, + { 165035, true }, + { 165052, true }, + { 165068, true }, + { 165077, true }, + { 165094, false }, + { 165112, true }, + { 165134, true }, + { 165152, false }, + { 165170, true }, + { 165182, true }, + { 165204, true }, + { 165226, true }, + { 165237, true }, + { 165250, true }, + { 165264, true }, + { 165276, true }, + { 165291, true }, + { 165306, true }, + { 165322, true }, + { 165338, true }, + { 165349, true }, + { 165367, true }, + { 165383, true }, + { 165405, true }, + { 165429, true }, + { 165454, true }, + { 165477, true }, + { 165500, true }, + { 165520, true }, + { 165539, true }, + { 165550, true }, + { 165568, true }, + { 165586, true }, + { 165605, true }, + { 165632, true }, + { 165647, true }, + { 165667, true }, + { 165690, true }, + { 165702, true }, + { 165716, true }, + { 165743, true }, + { 165760, true }, + { 165775, true }, + { 165787, true }, + { 165807, true }, + { 165818, true }, + { 165837, true }, + { 165849, true }, + { 165866, true }, + { 165884, true }, + { 165900, true }, + { 165916, true }, + { 165930, true }, + { 165943, true }, + { 165958, true }, + { 165985, true }, + { 165998, true }, + { 166012, true }, + { 166026, true }, + { 166046, true }, + { 166068, false }, + { 166083, true }, + { 166094, true }, + { 166118, true }, + { 166146, false }, + { 166157, true }, + { 166174, true }, + { 166185, true }, + { 166203, true }, + { 166222, true }, + { 166240, true }, + { 166258, true }, + { 166281, true }, + { 166305, true }, + { 166326, true }, + { 166347, true }, + { 166368, true }, + { 166382, true }, + { 166395, true }, + { 166407, true }, + { 166429, true }, + { 166440, true }, + { 166459, true }, + { 166476, true }, + { 166496, true }, + { 166511, true }, + { 166529, true }, + { 166547, true }, + { 166566, true }, + { 166580, true }, + { 166594, true }, + { 166612, true }, + { 166620, true }, + { 166641, true }, + { 166662, true }, + { 166678, true }, + { 166698, true }, + { 166708, true }, + { 166730, true }, + { 166751, true }, + { 166767, true }, + { 166788, true }, + { 166804, true }, + { 166815, true }, + { 166831, true }, + { 166846, true }, + { 166860, true }, + { 166871, true }, + { 166885, true }, + { 166895, true }, + { 166905, true }, + { 166922, false }, + { 166935, true }, + { 166947, true }, + { 166958, true }, + { 166975, true }, + { 166988, true }, + { 166998, true }, + { 167012, true }, + { 167030, true }, + { 167049, true }, + { 167067, true }, + { 167083, true }, + { 167094, true }, + { 167114, true }, + { 167125, true }, + { 167138, true }, + { 167151, true }, + { 167167, true }, + { 167180, true }, + { 167190, true }, + { 167202, true }, + { 167213, true }, + { 167227, true }, + { 167235, true }, + { 167252, true }, + { 167267, true }, + { 167279, true }, + { 167295, true }, + { 167313, true }, + { 167326, true }, + { 167343, true }, + { 167362, true }, + { 167379, true }, + { 167393, true }, + { 167408, true }, + { 167421, true }, + { 167435, true }, + { 167447, true }, + { 167463, true }, + { 167477, true }, + { 167486, true }, + { 167507, true }, + { 167526, true }, + { 167539, false }, + { 167550, true }, + { 167565, true }, + { 167576, true }, + { 167600, true }, + { 167615, true }, + { 167629, true }, + { 167638, true }, + { 167655, true }, + { 167681, true }, + { 167691, true }, + { 167702, true }, + { 167715, true }, + { 167724, true }, + { 167737, true }, + { 167750, true }, + { 167761, true }, + { 167774, true }, + { 167788, true }, + { 167799, true }, + { 167816, true }, + { 167825, true }, + { 167849, true }, + { 167856, true }, + { 167870, true }, + { 167877, true }, + { 167889, true }, + { 167896, true }, + { 167908, true }, + { 167917, true }, + { 167932, true }, + { 167947, true }, + { 167960, true }, + { 167980, true }, + { 167999, true }, + { 168016, true }, + { 168032, true }, + { 168052, true }, + { 168071, true }, + { 168087, true }, + { 168108, true }, + { 168127, true }, + { 168140, true }, + { 168163, true }, + { 168186, true }, + { 168199, true }, + { 168218, true }, + { 168232, true }, + { 168242, true }, + { 168252, true }, + { 168273, false }, + { 168285, true }, + { 168309, true }, + { 168324, false }, + { 168338, false }, + { 168345, true }, + { 168353, true }, + { 168367, true }, + { 168377, true }, + { 168391, true }, + { 168408, true }, + { 168433, true }, + { 168446, true }, + { 168461, true }, + { 168473, true }, + { 168488, true }, + { 168515, true }, + { 168528, true }, + { 168542, true }, + { 168555, true }, + { 168575, true }, + { 168593, true }, + { 168615, true }, + { 168635, true }, + { 168652, true }, + { 168662, true }, + { 168671, true }, + { 168689, true }, + { 168701, true }, + { 168712, true }, + { 168727, true }, + { 168741, true }, + { 168757, true }, + { 168774, true }, + { 168791, true }, + { 168805, true }, + { 168827, true }, + { 168845, true }, + { 168863, true }, + { 168888, true }, + { 168901, true }, + { 168909, true }, + { 168920, true }, + { 168935, true }, + { 168960, true }, + { 168980, true }, + { 168994, true }, + { 169004, true }, + { 169014, true }, + { 169024, true }, + { 169033, true }, + { 169044, true }, + { 169057, true }, + { 169085, true }, + { 169096, false }, + { 169109, true }, + { 169118, true }, + { 169130, true }, + { 169147, true }, + { 169156, true }, + { 169168, true }, + { 169188, true }, + { 169201, false }, + { 169221, true }, + { 169235, true }, + { 169246, true }, + { 169259, true }, + { 169272, true }, + { 169289, false }, + { 169305, true }, + { 169316, true }, + { 169331, true }, + { 169344, true }, + { 169357, true }, + { 169369, true }, + { 169379, true }, + { 169392, true }, + { 169409, true }, + { 169422, false }, + { 169433, false }, + { 169443, true }, + { 169454, false }, + { 169474, true }, + { 169503, true }, + { 169515, true }, + { 169530, true }, + { 169545, true }, + { 169560, true }, + { 169576, true }, + { 169605, true }, + { 169624, true }, + { 169641, true }, + { 169667, true }, + { 169687, true }, + { 169700, true }, + { 169720, true }, + { 169734, true }, + { 169750, true }, + { 169781, true }, + { 169809, true }, + { 169824, true }, + { 169839, true }, + { 169854, true }, + { 169868, true }, + { 169878, true }, + { 169892, true }, + { 169909, true }, + { 169927, true }, + { 169948, true }, + { 169958, true }, + { 169980, true }, + { 169998, true }, + { 170019, true }, + { 170036, true }, + { 170052, true }, + { 170086, true }, + { 170111, true }, + { 170130, true }, + { 170153, true }, + { 170177, true }, + { 170206, true }, + { 170230, true }, + { 170256, true }, + { 170288, true }, + { 170304, true }, + { 170321, true }, + { 170345, true }, + { 170370, true }, + { 170386, true }, + { 170402, true }, + { 170413, false }, + { 170425, true }, + { 170441, true }, + { 170461, true }, + { 170486, true }, + { 170506, true }, + { 170530, true }, + { 170548, true }, + { 170557, true }, + { 170569, false }, + { 170589, false }, + { 170599, true }, + { 170614, true }, + { 170621, true }, + { 170629, true }, + { 170638, true }, + { 170648, true }, + { 170656, true }, + { 170666, true }, + { 170680, true }, + { 170688, true }, + { 170704, true }, + { 170726, true }, + { 170733, true }, + { 170740, true }, + { 170750, true }, + { 170758, true }, + { 170765, true }, + { 170772, true }, + { 170779, true }, + { 170787, true }, + { 170796, true }, + { 170804, true }, + { 170816, true }, + { 170828, true }, + { 170838, true }, + { 170851, true }, + { 170867, true }, + { 170878, true }, + { 170886, true }, + { 170896, true }, + { 170911, true }, + { 170921, false }, + { 170933, true }, + { 170949, true }, + { 170968, true }, + { 170984, true }, + { 170997, true }, + { 171011, true }, + { 171028, true }, + { 171046, true }, + { 171061, true }, + { 171074, true }, + { 171089, true }, + { 171098, true }, + { 171121, true }, + { 171135, true }, + { 171146, true }, + { 171161, true }, + { 171175, true }, + { 171200, true }, + { 171218, true }, + { 171229, true }, + { 171244, true }, + { 171255, true }, + { 171267, false }, + { 171279, true }, + { 171298, true }, + { 171318, true }, + { 171332, true }, + { 171346, true }, + { 171357, true }, + { 171368, true }, + { 171379, true }, + { 171389, true }, + { 171410, true }, + { 171427, true }, + { 171444, true }, + { 171462, true }, + { 171472, true }, + { 171509, true }, + { 171535, true }, + { 171551, true }, + { 171581, true }, + { 171604, true }, + { 171618, true }, + { 171637, true }, + { 171650, true }, + { 171666, true }, + { 171685, true }, + { 171702, true }, + { 171717, true }, + { 171735, true }, + { 171748, true }, + { 171769, true }, + { 171783, true }, + { 171796, true }, + { 171808, true }, + { 171821, true }, + { 171838, true }, + { 171850, true }, + { 171866, true }, + { 171877, true }, + { 171885, true }, + { 171892, true }, + { 171906, true }, + { 171918, true }, + { 171934, false }, + { 171948, true }, + { 171962, true }, + { 171978, true }, + { 171993, true }, + { 172012, true }, + { 172030, true }, + { 172049, true }, + { 172056, true }, + { 172077, true }, + { 172094, false }, + { 172109, true }, + { 172124, true }, + { 172141, true }, + { 172151, true }, + { 172170, true }, + { 172181, true }, + { 172191, true }, + { 172210, true }, + { 172223, true }, + { 172241, true }, + { 172261, true }, + { 172271, true }, + { 172281, true }, + { 172293, true }, + { 172301, false }, + { 172312, true }, + { 172327, true }, + { 172338, true }, + { 172357, true }, + { 172370, true }, + { 172389, true }, + { 172408, true }, + { 172424, true }, + { 172446, true }, + { 172458, true }, + { 172471, false }, + { 172485, true }, + { 172500, true }, + { 172514, false }, + { 172529, true }, + { 172545, true }, + { 172556, true }, + { 172568, true }, + { 172578, true }, + { 172587, true }, + { 172604, true }, + { 172617, true }, + { 172627, true }, + { 172644, true }, + { 172652, true }, + { 172664, true }, + { 172676, true }, + { 172695, true }, + { 172715, true }, + { 172722, true }, + { 172741, true }, + { 172757, true }, + { 172771, true }, + { 172783, false }, + { 172793, true }, + { 172811, true }, + { 172823, true }, + { 172839, true }, + { 172864, true }, + { 172875, true }, + { 172883, true }, + { 172903, true }, + { 172915, true }, + { 172926, true }, + { 172938, true }, + { 172948, true }, + { 172966, true }, + { 172985, true }, + { 172994, false }, + { 173014, true }, + { 173023, false }, + { 173034, true }, + { 173043, true }, + { 173057, true }, + { 173071, true }, + { 173091, true }, + { 173110, true }, + { 173124, true }, + { 173140, true }, + { 173155, true }, + { 173169, true }, + { 173191, true }, + { 173205, true }, + { 173221, true }, + { 173233, true }, + { 173246, true }, + { 173254, true }, + { 173267, true }, + { 173278, true }, + { 173290, true }, + { 173312, true }, + { 173326, true }, + { 173342, false }, + { 173353, true }, + { 173368, true }, + { 173384, false }, + { 173409, true }, + { 173425, true }, + { 173441, true }, + { 173457, true }, + { 173476, true }, + { 173498, true }, + { 173512, true }, + { 173526, true }, + { 173549, true }, + { 173562, true }, + { 173587, true }, + { 173606, true }, + { 173630, true }, + { 173646, true }, + { 173664, true }, + { 173680, true }, + { 173696, true }, + { 173707, true }, + { 173725, true }, + { 173737, true }, + { 173756, true }, + { 173766, true }, + { 173786, true }, + { 173803, true }, + { 173821, true }, + { 173835, true }, + { 173848, true }, + { 173863, true }, + { 173883, true }, + { 173903, true }, + { 173933, true }, + { 173947, true }, + { 173960, true }, + { 173981, true }, + { 173999, true }, + { 174014, true }, + { 174030, true }, + { 174058, true }, + { 174073, true }, + { 174087, true }, + { 174102, true }, + { 174117, true }, + { 174129, true }, + { 174146, true }, + { 174159, true }, + { 174170, true }, + { 174189, false }, + { 174197, true }, + { 174211, true }, + { 174230, true }, + { 174247, true }, + { 174261, true }, + { 174273, true }, + { 174288, true }, + { 174302, true }, + { 174315, true }, + { 174333, true }, + { 174347, true }, + { 174362, true }, + { 174380, true }, + { 174395, true }, + { 174410, true }, + { 174425, true }, + { 174441, true }, + { 174472, true }, + { 174503, true }, + { 174517, true }, + { 174536, true }, + { 174558, true }, + { 174585, true }, + { 174607, true }, + { 174625, true }, + { 174639, true }, + { 174661, true }, + { 174676, true }, + { 174695, true }, + { 174709, true }, + { 174728, true }, + { 174737, true }, + { 174747, true }, + { 174762, true }, + { 174775, true }, + { 174790, true }, + { 174807, true }, + { 174827, true }, + { 174854, true }, + { 174871, true }, + { 174896, true }, + { 174917, true }, + { 174942, true }, + { 174960, true }, + { 174971, true }, + { 174984, true }, + { 174997, true }, + { 175007, true }, + { 175022, true }, + { 175032, true }, + { 175043, true }, + { 175055, true }, + { 175067, true }, + { 175078, true }, + { 175095, true }, + { 175112, true }, + { 175127, true }, + { 175134, true }, + { 175147, true }, + { 175157, true }, + { 175174, true }, + { 175184, true }, + { 175194, true }, + { 175203, true }, + { 175213, true }, + { 175232, true }, + { 175250, true }, + { 175271, true }, + { 175291, true }, + { 175304, true }, + { 175321, true }, + { 175334, true }, + { 175356, true }, + { 175368, true }, + { 175386, true }, + { 175403, true }, + { 175413, true }, + { 175426, true }, + { 175434, true }, + { 175456, true }, + { 175470, true }, + { 175492, true }, + { 175513, true }, + { 175533, true }, + { 175554, true }, + { 175562, true }, + { 175574, true }, + { 175591, true }, + { 175603, true }, + { 175632, true }, + { 175645, true }, + { 175662, true }, + { 175677, true }, + { 175696, true }, + { 175706, true }, + { 175725, true }, + { 175736, true }, + { 175745, true }, + { 175755, true }, + { 175768, true }, + { 175788, true }, + { 175805, true }, + { 175833, true }, + { 175855, true }, + { 175880, false }, + { 175898, true }, + { 175910, true }, + { 175928, true }, + { 175947, true }, + { 175956, true }, + { 175971, true }, + { 175986, true }, + { 175999, true }, + { 176020, true }, + { 176037, true }, + { 176060, true }, + { 176074, true }, + { 176088, true }, + { 176098, true }, + { 176112, true }, + { 176128, true }, + { 176143, true }, + { 176158, true }, + { 176173, true }, + { 176183, true }, + { 176195, true }, + { 176205, true }, + { 176213, true }, + { 176225, true }, + { 176233, true }, + { 176249, true }, + { 176267, true }, + { 176277, true }, + { 176291, true }, + { 176307, true }, + { 176315, true }, + { 176323, true }, + { 176332, true }, + { 176344, true }, + { 176354, true }, + { 176368, true }, + { 176382, true }, + { 176396, true }, + { 176408, true }, + { 176420, true }, + { 176433, true }, + { 176449, true }, + { 176459, false }, + { 176475, true }, + { 176488, true }, + { 176500, true }, + { 176511, true }, + { 176538, true }, + { 176549, true }, + { 176564, true }, + { 176585, true }, + { 176609, true }, + { 176620, true }, + { 176629, true }, + { 176649, true }, + { 176665, true }, + { 176686, true }, + { 176709, true }, + { 176721, true }, + { 176738, true }, + { 176751, true }, + { 176760, true }, + { 176769, true }, + { 176777, true }, + { 176788, true }, + { 176798, true }, + { 176810, true }, + { 176833, true }, + { 176859, true }, + { 176876, true }, + { 176892, true }, + { 176915, true }, + { 176933, true }, + { 176951, true }, + { 176961, true }, + { 176980, false }, + { 176998, false }, + { 177016, true }, + { 177046, true }, + { 177066, true }, + { 177083, true }, + { 177102, false }, + { 177116, true }, + { 177147, true }, + { 177158, true }, + { 177178, true }, + { 177190, true }, + { 177203, true }, + { 177217, true }, + { 177245, true }, + { 177262, true }, + { 177275, true }, + { 177283, true }, + { 177302, true }, + { 177316, true }, + { 177328, true }, + { 177343, true }, + { 177356, true }, + { 177366, true }, + { 177378, false }, + { 177388, true }, + { 177398, true }, + { 177408, true }, + { 177420, true }, + { 177435, true }, + { 177450, true }, + { 177459, true }, + { 177470, true }, + { 177483, true }, + { 177510, true }, + { 177518, true }, + { 177535, true }, + { 177547, true }, + { 177564, true }, + { 177580, true }, + { 177601, true }, + { 177616, true }, + { 177630, true }, + { 177640, true }, + { 177648, true }, + { 177662, true }, + { 177673, true }, + { 177686, true }, + { 177697, true }, + { 177706, true }, + { 177715, true }, + { 177732, true }, + { 177750, true }, + { 177762, true }, + { 177773, true }, + { 177785, true }, + { 177797, true }, + { 177806, true }, + { 177814, true }, + { 177826, true }, + { 177837, true }, + { 177855, true }, + { 177872, true }, + { 177893, true }, + { 177903, true }, + { 177918, false }, + { 177929, true }, + { 177948, true }, + { 177962, true }, + { 177970, true }, + { 177982, true }, + { 177994, true }, + { 178012, true }, + { 178024, true }, + { 178035, true }, + { 178042, true }, + { 178054, true }, + { 178066, true }, + { 178074, true }, + { 178086, true }, + { 178095, true }, + { 178107, true }, + { 178115, true }, + { 178122, true }, + { 178129, true }, + { 178137, true }, + { 178145, true }, + { 178159, true }, + { 178166, true }, + { 178173, true }, + { 178180, false }, + { 178191, true }, + { 178198, true }, + { 178205, true }, + { 178232, true }, + { 178243, true }, + { 178254, true }, + { 178269, true }, + { 178279, true }, + { 178291, true }, + { 178302, true }, + { 178316, true }, + { 178342, true }, + { 178352, true }, + { 178362, true }, + { 178377, true }, + { 178392, true }, + { 178407, true }, + { 178421, true }, + { 178435, true }, + { 178449, true }, + { 178469, true }, + { 178484, true }, + { 178496, true }, + { 178509, true }, + { 178519, true }, + { 178530, true }, + { 178543, true }, + { 178555, true }, + { 178569, true }, + { 178584, true }, + { 178597, true }, + { 178615, true }, + { 178628, true }, + { 178654, true }, + { 178681, true }, + { 178695, true }, + { 178709, true }, + { 178726, true }, + { 178741, true }, + { 178754, true }, + { 178772, true }, + { 178786, true }, + { 178802, true }, + { 178812, true }, + { 178826, true }, + { 178840, true }, + { 178857, true }, + { 178870, true }, + { 178890, true }, + { 178900, true }, + { 178927, true }, + { 178937, true }, + { 178949, true }, + { 178967, true }, + { 178980, true }, + { 178989, true }, + { 179000, true }, + { 179016, true }, + { 179031, true }, + { 179053, true }, + { 179067, true }, + { 179079, true }, + { 179090, true }, + { 179101, true }, + { 179115, true }, + { 179144, true }, + { 179162, true }, + { 179173, true }, + { 179182, true }, + { 179192, true }, + { 179213, true }, + { 179221, true }, + { 179231, true }, + { 179243, true }, + { 179253, true }, + { 179271, true }, + { 179281, true }, + { 179297, true }, + { 179323, true }, + { 179350, true }, + { 179373, true }, + { 179387, true }, + { 179402, true }, + { 179421, true }, + { 179438, true }, + { 179456, true }, + { 179464, true }, + { 179492, true }, + { 179507, true }, + { 179518, true }, + { 179536, true }, + { 179546, true }, + { 179556, true }, + { 179567, true }, + { 179583, true }, + { 179599, true }, + { 179618, true }, + { 179633, true }, + { 179642, true }, + { 179670, true }, + { 179686, true }, + { 179704, true }, + { 179719, true }, + { 179730, true }, + { 179744, true }, + { 179757, true }, + { 179774, true }, + { 179800, true }, + { 179828, true }, + { 179843, true }, + { 179864, true }, + { 179884, true }, + { 179905, true }, + { 179922, true }, + { 179936, true }, + { 179963, true }, + { 179982, true }, + { 179996, true }, + { 180011, false }, + { 180024, true }, + { 180039, true }, + { 180055, true }, + { 180075, true }, + { 180090, true }, + { 180107, true }, + { 180119, true }, + { 180151, false }, + { 180163, true }, + { 180173, true }, + { 180186, true }, + { 180202, true }, + { 180221, true }, + { 180239, true }, + { 180250, true }, + { 180258, true }, + { 180267, true }, + { 180277, true }, + { 180289, true }, + { 180303, true }, + { 180317, true }, + { 180330, true }, + { 180339, true }, + { 180351, true }, + { 180362, true }, + { 180376, true }, + { 180390, false }, + { 180413, true }, + { 180431, true }, + { 180444, false }, + { 180459, true }, + { 180471, true }, + { 180486, true }, + { 180509, true }, + { 180528, true }, + { 180547, true }, + { 180565, true }, + { 180579, true }, + { 180593, true }, + { 180612, true }, + { 180622, true }, + { 180636, true }, + { 180649, true }, + { 180669, true }, + { 180688, true }, + { 180705, true }, + { 180722, true }, + { 180734, true }, + { 180748, true }, + { 180766, true }, + { 180782, true }, + { 180795, true }, + { 180810, true }, + { 180824, true }, + { 180833, true }, + { 180849, true }, + { 180865, true }, + { 180877, true }, + { 180895, true }, + { 180911, true }, + { 180923, true }, + { 180935, true }, + { 180949, true }, + { 180966, true }, + { 180978, true }, + { 180993, true }, + { 181006, true }, + { 181022, true }, + { 181039, true }, + { 181056, false }, + { 181073, true }, + { 181095, true }, + { 181117, true }, + { 181134, true }, + { 181153, true }, + { 181167, true }, + { 181189, true }, + { 181216, true }, + { 181238, true }, + { 181254, true }, + { 181268, true }, + { 181280, true }, + { 181294, true }, + { 181312, true }, + { 181323, true }, + { 181338, true }, + { 181351, true }, + { 181369, true }, + { 181386, true }, + { 181403, true }, + { 181412, true }, + { 181428, true }, + { 181445, true }, + { 181456, true }, + { 181468, true }, + { 181479, true }, + { 181488, true }, + { 181502, true }, + { 181515, true }, + { 181529, true }, + { 181541, true }, + { 181561, true }, + { 181573, true }, + { 181585, true }, + { 181595, true }, + { 181609, true }, + { 181622, true }, + { 181644, true }, + { 181665, true }, + { 181687, true }, + { 181698, false }, + { 181713, true }, + { 181724, true }, + { 181735, false }, + { 181755, true }, + { 181781, true }, + { 181801, true }, + { 181815, true }, + { 181828, true }, + { 181843, true }, + { 181860, true }, + { 181879, true }, + { 181899, true }, + { 181918, true }, + { 181938, true }, + { 181961, true }, + { 181979, true }, + { 182006, true }, + { 182024, true }, + { 182043, true }, + { 182055, true }, + { 182076, true }, + { 182091, true }, + { 182111, true }, + { 182123, true }, + { 182134, true }, + { 182146, true }, + { 182165, true }, + { 182187, true }, + { 182205, true }, + { 182220, true }, + { 182233, false }, + { 182241, true }, + { 182253, true }, + { 182269, true }, + { 182280, true }, + { 182295, true }, + { 182313, true }, + { 182330, true }, + { 182338, true }, + { 182355, true }, + { 182368, true }, + { 182379, true }, + { 182393, true }, + { 182407, true }, + { 182417, true }, + { 182430, true }, + { 182438, true }, + { 182456, true }, + { 182464, true }, + { 182478, false }, + { 182494, true }, + { 182506, true }, + { 182523, true }, + { 182533, true }, + { 182540, true }, + { 182547, true }, + { 182559, true }, + { 182570, true }, + { 182580, true }, + { 182593, true }, + { 182604, true }, + { 182618, true }, + { 182632, true }, + { 182648, true }, + { 182659, true }, + { 182666, true }, + { 182675, true }, + { 182683, true }, + { 182697, true }, + { 182719, true }, + { 182735, true }, + { 182755, true }, + { 182776, true }, + { 182792, false }, + { 182807, true }, + { 182822, true }, + { 182850, true }, + { 182864, true }, + { 182879, true }, + { 182900, true }, + { 182915, true }, + { 182934, true }, + { 182957, true }, + { 182973, true }, + { 182992, true }, + { 183002, true }, + { 183015, true }, + { 183026, true }, + { 183041, true }, + { 183055, true }, + { 183076, true }, + { 183092, true }, + { 183107, true }, + { 183124, true }, + { 183141, true }, + { 183153, true }, + { 183163, true }, + { 183173, true }, + { 183183, true }, + { 183197, true }, + { 183209, true }, + { 183219, true }, + { 183233, true }, + { 183249, true }, + { 183267, true }, + { 183286, true }, + { 183305, true }, + { 183325, true }, + { 183342, true }, + { 183354, true }, + { 183366, true }, + { 183391, true }, + { 183402, true }, + { 183415, true }, + { 183430, true }, + { 183448, true }, + { 183465, true }, + { 183477, true }, + { 183492, true }, + { 183505, true }, + { 183531, true }, + { 183546, true }, + { 183559, true }, + { 183572, true }, + { 183583, true }, + { 183594, true }, + { 183605, true }, + { 183617, true }, + { 183628, true }, + { 183638, true }, + { 183658, true }, + { 183672, true }, + { 183685, true }, + { 183694, true }, + { 183703, true }, + { 183716, true }, + { 183723, false }, + { 183731, true }, + { 183744, true }, + { 183752, true }, + { 183769, true }, + { 183787, true }, + { 183798, true }, + { 183817, true }, + { 183835, true }, + { 183862, true }, + { 183874, true }, + { 183888, false }, + { 183900, true }, + { 183915, true }, + { 183939, true }, + { 183954, true }, + { 183965, true }, + { 183987, true }, + { 184005, true }, + { 184020, true }, + { 184038, true }, + { 184046, true }, + { 184066, true }, + { 184089, true }, + { 184114, true }, + { 184126, true }, + { 184137, true }, + { 184153, true }, + { 184165, true }, + { 184179, true }, + { 184196, true }, + { 184205, true }, + { 184221, true }, + { 184229, true }, + { 184247, true }, + { 184262, true }, + { 184282, true }, + { 184299, true }, + { 184312, true }, + { 184328, true }, + { 184342, true }, + { 184358, true }, + { 184375, true }, + { 184393, true }, + { 184412, true }, + { 184426, true }, + { 184441, true }, + { 184454, true }, + { 184467, true }, + { 184481, true }, + { 184498, true }, + { 184509, true }, + { 184524, true }, + { 184544, true }, + { 184560, true }, + { 184570, true }, + { 184582, true }, + { 184601, true }, + { 184611, true }, + { 184621, true }, + { 184631, true }, + { 184642, true }, + { 184659, true }, + { 184674, true }, + { 184694, true }, + { 184710, true }, + { 184723, true }, + { 184737, true }, + { 184748, false }, + { 184765, true }, + { 184791, true }, + { 184808, true }, + { 184833, true }, + { 184844, true }, + { 184860, true }, + { 184869, true }, + { 184882, true }, + { 184896, true }, + { 184908, true }, + { 184917, false }, + { 184931, true }, + { 184948, true }, + { 184981, true }, + { 185001, true }, + { 185013, true }, + { 185027, true }, + { 185040, true }, + { 185053, true }, + { 185063, true }, + { 185077, true }, + { 185097, true }, + { 185108, true }, + { 185120, true }, + { 185132, true }, + { 185144, true }, + { 185153, true }, + { 185165, true }, + { 185182, true }, + { 185196, true }, + { 185225, true }, + { 185242, true }, + { 185256, true }, + { 185274, true }, + { 185285, true }, + { 185301, true }, + { 185316, true }, + { 185333, true }, + { 185349, true }, + { 185360, true }, + { 185378, true }, + { 185393, true }, + { 185414, true }, + { 185428, true }, + { 185451, true }, + { 185460, true }, + { 185470, true }, + { 185484, true }, + { 185500, true }, + { 185510, true }, + { 185521, true }, + { 185537, true }, + { 185554, true }, + { 185577, true }, + { 185584, true }, + { 185595, true }, + { 185609, true }, + { 185620, true }, + { 185629, true }, + { 185638, true }, + { 185653, true }, + { 185662, true }, + { 185675, true }, + { 185683, true }, + { 185694, true }, + { 185703, true }, + { 185716, false }, + { 185727, true }, + { 185735, true }, + { 185749, true }, + { 185760, true }, + { 185770, true }, + { 185782, true }, + { 185794, true }, + { 185806, true }, + { 185818, true }, + { 185830, true }, + { 185842, true }, + { 185854, true }, + { 185866, true }, + { 185878, true }, + { 185890, true }, + { 185902, true }, + { 185914, true }, + { 185926, true }, + { 185938, true }, + { 185950, true }, + { 185962, true }, + { 185974, true }, + { 185986, true }, + { 185998, true }, + { 186010, true }, + { 186022, true }, + { 186034, true }, + { 186046, true }, + { 186058, true }, + { 186070, true }, + { 186082, true }, + { 186094, true }, + { 186106, true }, + { 186118, true }, + { 186130, true }, + { 186142, true }, + { 186154, true }, + { 186166, true }, + { 186178, true }, + { 186188, true }, + { 186196, true }, + { 186207, true }, + { 186220, true }, + { 186229, true }, + { 186239, true }, + { 186249, true }, + { 186259, true }, + { 186267, true }, + { 186279, true }, + { 186301, true }, + { 186323, true }, + { 186332, true }, + { 186344, true }, + { 186353, true }, + { 186379, true }, + { 186395, true }, + { 186413, true }, + { 186427, true }, + { 186438, true }, + { 186457, true }, + { 186474, true }, + { 186486, true }, + { 186501, true }, + { 186522, true }, + { 186542, true }, + { 186566, true }, + { 186582, true }, + { 186605, true }, + { 186617, true }, + { 186639, true }, + { 186667, true }, + { 186681, true }, + { 186699, true }, + { 186714, true }, + { 186722, true }, + { 186733, true }, + { 186747, true }, + { 186765, true }, + { 186775, true }, + { 186793, true }, + { 186807, true }, + { 186819, true }, + { 186831, true }, + { 186846, true }, + { 186859, true }, + { 186882, true }, + { 186913, true }, + { 186927, true }, + { 186945, true }, + { 186955, false }, + { 186964, false }, + { 186973, false }, + { 186982, true }, + { 187011, true }, + { 187028, false }, + { 187039, true }, + { 187063, true }, + { 187073, true }, + { 187084, true }, + { 187107, true }, + { 187122, true }, + { 187142, true }, + { 187152, true }, + { 187163, true }, + { 187171, true }, + { 187186, true }, + { 187195, true }, + { 187211, true }, + { 187230, true }, + { 187239, true }, + { 187253, true }, + { 187268, true }, + { 187287, true }, + { 187303, true }, + { 187316, false }, + { 187326, true }, + { 187339, true }, + { 187355, true }, + { 187377, true }, + { 187390, true }, + { 187414, true }, + { 187427, true }, + { 187444, true }, + { 187457, true }, + { 187473, true }, + { 187488, true }, + { 187498, true }, + { 187514, true }, + { 187531, true }, + { 187552, true }, + { 187570, true }, + { 187589, true }, + { 187600, true }, + { 187611, true }, + { 187625, true }, + { 187636, true }, + { 187651, true }, + { 187669, true }, + { 187683, true }, + { 187700, true }, + { 187716, true }, + { 187732, true }, + { 187747, true }, + { 187761, true }, + { 187771, true }, + { 187785, true }, + { 187800, true }, + { 187814, true }, + { 187820, true }, + { 187836, true }, + { 187848, true }, + { 187866, true }, + { 187880, true }, + { 187897, false }, + { 187917, true }, + { 187930, true }, + { 187939, true }, + { 187954, true }, + { 187965, true }, + { 187981, true }, + { 187993, true }, + { 188008, true }, + { 188026, true }, + { 188037, true }, + { 188049, true }, + { 188071, true }, + { 188081, true }, + { 188091, true }, + { 188101, false }, + { 188115, true }, + { 188128, true }, + { 188144, false }, + { 188164, true }, + { 188175, true }, + { 188195, true }, + { 188221, true }, + { 188236, true }, + { 188248, true }, + { 188269, true }, + { 188294, true }, + { 188324, true }, + { 188347, true }, + { 188360, true }, + { 188376, true }, + { 188397, true }, + { 188404, true }, + { 188428, true }, + { 188446, true }, + { 188461, true }, + { 188477, true }, + { 188488, true }, + { 188498, true }, + { 188509, true }, + { 188527, true }, + { 188535, true }, + { 188546, true }, + { 188557, true }, + { 188573, true }, + { 188590, true }, + { 188606, true }, + { 188623, true }, + { 188633, true }, + { 188643, true }, + { 188653, true }, + { 188672, true }, + { 188681, true }, + { 188707, true }, + { 188723, true }, + { 188743, true }, + { 188770, true }, + { 188788, true }, + { 188802, true }, + { 188818, true }, + { 188832, true }, + { 188841, true }, + { 188855, true }, + { 188871, true }, + { 188898, true }, + { 188912, true }, + { 188921, true }, + { 188933, true }, + { 188946, true }, + { 188958, true }, + { 188974, true }, + { 188987, true }, + { 188999, true }, + { 189014, true }, + { 189030, true }, + { 189053, true }, + { 189073, true }, + { 189093, true }, + { 189107, true }, + { 189115, true }, + { 189135, true }, + { 189154, true }, + { 189176, true }, + { 189198, true }, + { 189211, true }, + { 189229, true }, + { 189246, true }, + { 189260, true }, + { 189279, true }, + { 189297, true }, + { 189320, true }, + { 189340, true }, + { 189365, true }, + { 189390, true }, + { 189406, true }, + { 189424, true }, + { 189447, true }, + { 189467, true }, + { 189489, true }, + { 189504, true }, + { 189522, true }, + { 189538, true }, + { 189554, true }, + { 189584, true }, + { 189610, true }, + { 189625, true }, + { 189657, true }, + { 189672, true }, + { 189687, true }, + { 189705, true }, + { 189723, true }, + { 189738, true }, + { 189750, true }, + { 189765, true }, + { 189784, true }, + { 189798, false }, + { 189808, true }, + { 189825, true }, + { 189836, true }, + { 189859, false }, + { 189874, true }, + { 189891, true }, + { 189905, true }, + { 189918, true }, + { 189931, true }, + { 189939, true }, + { 189952, true }, + { 189964, true }, + { 189976, true }, + { 189987, true }, + { 190002, true }, + { 190024, true }, + { 190036, true }, + { 190047, true }, + { 190076, true }, + { 190088, true }, + { 190102, true }, + { 190113, true }, + { 190128, true }, + { 190144, true }, + { 190169, true }, + { 190181, true }, + { 190194, true }, + { 190210, true }, + { 190219, true }, + { 190230, true }, + { 190240, true }, + { 190253, true }, + { 190268, true }, + { 190276, true }, + { 190289, true }, + { 190308, true }, + { 190331, true }, + { 190341, true }, + { 190359, true }, + { 190372, true }, + { 190383, true }, + { 190406, true }, + { 190422, true }, + { 190440, true }, + { 190456, true }, + { 190464, true }, + { 190474, true }, + { 190490, true }, + { 190511, true }, + { 190526, true }, + { 190540, true }, + { 190550, false }, + { 190568, true }, + { 190592, true }, + { 190607, true }, + { 190619, true }, + { 190634, true }, + { 190648, true }, + { 190667, true }, + { 190695, true }, + { 190711, true }, + { 190724, true }, + { 190741, true }, + { 190757, true }, + { 190774, true }, + { 190796, true }, + { 190813, true }, + { 190828, true }, + { 190848, true }, + { 190858, true }, + { 190868, false }, + { 190881, true }, + { 190899, true }, + { 190917, true }, + { 190926, true }, + { 190939, true }, + { 190953, true }, + { 190964, true }, + { 190983, true }, + { 191002, true }, + { 191019, true }, + { 191037, true }, + { 191056, true }, + { 191077, true }, + { 191102, true }, + { 191118, true }, + { 191135, true }, + { 191149, true }, + { 191162, true }, + { 191181, true }, + { 191197, true }, + { 191212, true }, + { 191229, true }, + { 191237, true }, + { 191246, true }, + { 191259, true }, + { 191274, true }, + { 191285, true }, + { 191307, true }, + { 191319, true }, + { 191342, true }, + { 191355, true }, + { 191366, true }, + { 191392, true }, + { 191418, true }, + { 191447, true }, + { 191466, true }, + { 191487, true }, + { 191505, true }, + { 191525, true }, + { 191543, true }, + { 191553, true }, + { 191566, true }, + { 191595, true }, + { 191616, true }, + { 191629, true }, + { 191642, true }, + { 191654, true }, + { 191665, true }, + { 191683, true }, + { 191700, true }, + { 191723, true }, + { 191746, true }, + { 191767, true }, + { 191793, true }, + { 191807, true }, + { 191821, true }, + { 191840, true }, + { 191859, true }, + { 191873, true }, + { 191890, true }, + { 191907, true }, + { 191922, false }, + { 191932, true }, + { 191940, true }, + { 191956, true }, + { 191964, true }, + { 191983, true }, + { 191995, true }, + { 192014, true }, + { 192026, true }, + { 192039, true }, + { 192046, false }, + { 192062, true }, + { 192071, true }, + { 192086, true }, + { 192100, true }, + { 192112, true }, + { 192125, false }, + { 192134, true }, + { 192143, true }, + { 192157, true }, + { 192176, true }, + { 192193, true }, + { 192210, true }, + { 192219, true }, + { 192230, true }, + { 192241, true }, + { 192253, true }, + { 192271, true }, + { 192291, true }, + { 192304, true }, + { 192314, true }, + { 192327, true }, + { 192339, true }, + { 192355, true }, + { 192363, false }, + { 192371, true }, + { 192393, true }, + { 192401, true }, + { 192422, true }, + { 192446, true }, + { 192462, true }, + { 192478, true }, + { 192488, true }, + { 192505, true }, + { 192515, true }, + { 192523, true }, + { 192534, true }, + { 192544, true }, + { 192560, true }, + { 192575, true }, + { 192593, true }, + { 192605, true }, + { 192615, true }, + { 192625, true }, + { 192635, true }, + { 192644, true }, + { 192654, true }, + { 192666, true }, + { 192680, true }, + { 192696, true }, + { 192719, true }, + { 192732, true }, + { 192745, true }, + { 192759, true }, + { 192774, true }, + { 192787, false }, + { 192807, true }, + { 192818, true }, + { 192830, true }, + { 192856, true }, + { 192865, true }, + { 192881, true }, + { 192899, true }, + { 192915, true }, + { 192932, true }, + { 192945, true }, + { 192956, true }, + { 192971, true }, + { 192981, true }, + { 192991, true }, + { 193011, true }, + { 193025, true }, + { 193037, true }, + { 193049, true }, + { 193072, true }, + { 193084, true }, + { 193099, true }, + { 193112, true }, + { 193120, true }, + { 193132, true }, + { 193143, true }, + { 193155, true }, + { 193177, true }, + { 193196, true }, + { 193207, true }, + { 193220, true }, + { 193232, true }, + { 193252, true }, + { 193267, true }, + { 193279, true }, + { 193291, true }, + { 193302, true }, + { 193315, true }, + { 193335, true }, + { 193349, true }, + { 193365, true }, + { 193381, true }, + { 193399, true }, + { 193420, true }, + { 193433, true }, + { 193443, true }, + { 193456, true }, + { 193469, true }, + { 193482, true }, + { 193498, true }, + { 193515, true }, + { 193528, true }, + { 193541, true }, + { 193554, true }, + { 193567, true }, + { 193588, true }, + { 193601, true }, + { 193614, true }, + { 193627, true }, + { 193640, true }, + { 193656, true }, + { 193669, true }, + { 193682, true }, + { 193695, true }, + { 193712, true }, + { 193733, true }, + { 193742, true }, + { 193752, true }, + { 193760, true }, + { 193775, true }, + { 193787, true }, + { 193797, true }, + { 193822, true }, + { 193849, true }, + { 193864, true }, + { 193871, true }, + { 193879, true }, + { 193887, true }, + { 193896, true }, + { 193907, false }, + { 193925, true }, + { 193937, true }, + { 193949, true }, + { 193959, true }, + { 193969, true }, + { 193988, true }, + { 194000, true }, + { 194014, true }, + { 194029, true }, + { 194044, true }, + { 194052, true }, + { 194067, true }, + { 194084, true }, + { 194098, true }, + { 194109, true }, + { 194119, true }, + { 194136, true }, + { 194143, true }, + { 194157, true }, + { 194171, true }, + { 194182, true }, + { 194193, true }, + { 194204, true }, + { 194216, true }, + { 194224, true }, + { 194235, true }, + { 194254, true }, + { 194271, true }, + { 194286, true }, + { 194300, true }, + { 194314, true }, + { 194329, true }, + { 194344, true }, + { 194355, true }, + { 194370, true }, + { 194395, true }, + { 194406, true }, + { 194424, true }, + { 194437, true }, + { 194452, true }, + { 194464, true }, + { 194482, true }, + { 194495, true }, + { 194505, true }, + { 194514, true }, + { 194521, true }, + { 194533, true }, + { 194553, true }, + { 194562, true }, + { 194570, true }, + { 194583, true }, + { 194600, true }, + { 194615, true }, + { 194632, true }, + { 194670, true }, + { 194682, true }, + { 194696, true }, + { 194711, true }, + { 194727, true }, + { 194743, true }, + { 194756, true }, + { 194772, true }, + { 194792, true }, + { 194815, true }, + { 194832, true }, + { 194844, true }, + { 194863, true }, + { 194885, true }, + { 194894, true }, + { 194904, true }, + { 194916, true }, + { 194927, true }, + { 194942, true }, + { 194953, true }, + { 194965, true }, + { 194978, true }, + { 194989, true }, + { 194999, true }, + { 195011, true }, + { 195020, true }, + { 195028, true }, + { 195041, true }, + { 195051, true }, + { 195060, false }, + { 195067, true }, + { 195075, true }, + { 195086, true }, + { 195096, true }, + { 195109, true }, + { 195122, true }, + { 195131, true }, + { 195146, true }, + { 195161, true }, + { 195173, true }, + { 195194, true }, + { 195211, true }, + { 195218, true }, + { 195238, true }, + { 195248, true }, + { 195259, false }, + { 195272, true }, + { 195286, true }, + { 195301, true }, + { 195312, true }, + { 195337, true }, + { 195350, true }, + { 195358, true }, + { 195366, true }, + { 195386, true }, + { 195394, true }, + { 195403, true }, + { 195413, true }, + { 195435, true }, + { 195454, true }, + { 195463, false }, + { 195472, true }, + { 195488, true }, + { 195504, true }, + { 195513, true }, + { 195532, true }, + { 195540, true }, + { 195554, true }, + { 195567, true }, + { 195579, true }, + { 195595, true }, + { 195606, true }, + { 195623, true }, + { 195641, true }, + { 195657, true }, + { 195670, true }, + { 195682, true }, + { 195695, true }, + { 195707, true }, + { 195724, true }, + { 195739, true }, + { 195752, true }, + { 195763, true }, + { 195772, true }, + { 195785, true }, + { 195802, true }, + { 195814, true }, + { 195826, true }, + { 195837, true }, + { 195852, true }, + { 195868, true }, + { 195884, true }, + { 195907, true }, + { 195926, false }, + { 195941, true }, + { 195953, true }, + { 195967, true }, + { 195980, true }, + { 195993, true }, + { 196012, true }, + { 196020, true }, + { 196033, true }, + { 196046, true }, + { 196057, true }, + { 196070, true }, + { 196078, true }, + { 196089, true }, + { 196106, false }, + { 196122, false }, + { 196142, true }, + { 196154, true }, + { 196161, true }, + { 196171, true }, + { 196194, true }, + { 196206, true }, + { 196216, true }, + { 196232, true }, + { 196245, true }, + { 196260, true }, + { 196275, true }, + { 196301, true }, + { 196316, true }, + { 196334, true }, + { 196351, true }, + { 196364, true }, + { 196375, false }, + { 196390, true }, + { 196401, true }, + { 196416, true }, + { 196437, true }, + { 196455, true }, + { 196482, true }, + { 196492, true }, + { 196508, true }, + { 196522, true }, + { 196530, true }, + { 196544, true }, + { 196561, true }, + { 196578, true }, + { 196593, true }, + { 196603, true }, + { 196614, true }, + { 196623, true }, + { 196636, true }, + { 196648, true }, + { 196667, true }, + { 196688, true }, + { 196706, true }, + { 196727, true }, + { 196745, true }, + { 196758, true }, + { 196771, true }, + { 196783, true }, + { 196793, true }, + { 196804, true }, + { 196812, false }, + { 196832, true }, + { 196848, true }, + { 196855, true }, + { 196865, true }, + { 196876, true }, + { 196889, false }, + { 196897, true }, + { 196921, false }, + { 196936, true }, + { 196945, true }, + { 196955, true }, + { 196968, false }, + { 196980, true }, + { 196988, false }, + { 196998, true }, + { 197007, true }, + { 197019, true }, + { 197029, true }, + { 197040, true }, + { 197063, true }, + { 197086, true }, + { 197109, true }, + { 197118, true }, + { 197128, false }, + { 197145, true }, + { 197154, true }, + { 197164, true }, + { 197174, true }, + { 197187, true }, + { 197195, true }, + { 197205, true }, + { 197215, true }, + { 197226, true }, + { 197238, true }, + { 197256, true }, + { 197265, true }, + { 197277, true }, + { 197292, true }, + { 197304, true }, + { 197320, true }, + { 197334, true }, + { 197347, true }, + { 197354, true }, + { 197364, true }, + { 197374, true }, + { 197386, true }, + { 197395, true }, + { 197409, true }, + { 197423, true }, + { 197433, true }, + { 197449, true }, + { 197459, false }, + { 197473, true }, + { 197484, true }, + { 197496, false }, + { 197510, true }, + { 197522, true }, + { 197536, true }, + { 197551, true }, + { 197558, true }, + { 197567, true }, + { 197582, true }, + { 197596, true }, + { 197608, true }, + { 197620, true }, + { 197631, false }, + { 197641, false }, + { 197651, true }, + { 197661, true }, + { 197668, true }, + { 197678, true }, + { 197696, true }, + { 197709, true }, + { 197721, true }, + { 197736, true }, + { 197747, true }, + { 197754, true }, + { 197772, true }, + { 197785, true }, + { 197796, true }, + { 197820, true }, + { 197827, true }, + { 197844, true }, + { 197854, false }, + { 197865, true }, + { 197876, true }, + { 197885, true }, + { 197907, true }, + { 197914, true }, + { 197927, true }, + { 197943, true }, + { 197957, true }, + { 197974, true }, + { 197991, true }, + { 198004, true }, + { 198013, true }, + { 198026, true }, + { 198038, true }, + { 198053, true }, + { 198068, true }, + { 198100, true }, + { 198111, true }, + { 198122, true }, + { 198135, true }, + { 198145, true }, + { 198159, true }, + { 198172, true }, + { 198186, true }, + { 198198, true }, + { 198217, true }, + { 198238, true }, + { 198250, true }, + { 198262, true }, + { 198285, true }, + { 198295, true }, + { 198304, true }, + { 198318, true }, + { 198327, true }, + { 198338, true }, + { 198347, true }, + { 198358, true }, + { 198372, true }, + { 198389, true }, + { 198400, false }, + { 198409, true }, + { 198426, true }, + { 198436, true }, + { 198448, true }, + { 198463, true }, + { 198472, true }, + { 198484, true }, + { 198496, true }, + { 198512, true }, + { 198525, true }, + { 198544, true }, + { 198557, true }, + { 198570, true }, + { 198590, true }, + { 198614, true }, + { 198632, true }, + { 198641, true }, + { 198660, true }, + { 198678, true }, + { 198693, true }, + { 198709, true }, + { 198722, true }, + { 198740, true }, + { 198753, true }, + { 198773, true }, + { 198785, true }, + { 198798, true }, + { 198807, true }, + { 198819, true }, + { 198828, true }, + { 198843, true }, + { 198852, true }, + { 198874, true }, + { 198887, true }, + { 198899, true }, + { 198907, true }, + { 198917, true }, + { 198925, true }, + { 198935, true }, + { 198948, true }, + { 198963, true }, + { 198979, true }, + { 198990, true }, + { 199001, true }, + { 199010, true }, + { 199029, true }, + { 199051, true }, + { 199078, true }, + { 199090, true }, + { 199104, true }, + { 199118, true }, + { 199141, true }, + { 199166, true }, + { 199183, true }, + { 199194, true }, + { 199223, true }, + { 199244, true }, + { 199263, true }, + { 199280, false }, + { 199293, true }, + { 199306, true }, + { 199321, true }, + { 199332, true }, + { 199342, true }, + { 199355, true }, + { 199372, true }, + { 199384, true }, + { 199402, true }, + { 199415, true }, + { 199427, true }, + { 199436, true }, + { 199449, true }, + { 199470, true }, + { 199488, true }, + { 199512, true }, + { 199530, true }, + { 199543, true }, + { 199561, true }, + { 199576, true }, + { 199586, true }, + { 199598, true }, + { 199611, true }, + { 199630, true }, + { 199648, true }, + { 199664, true }, + { 199680, true }, + { 199696, true }, + { 199707, true }, + { 199718, true }, + { 199728, false }, + { 199740, true }, + { 199753, true }, + { 199765, true }, + { 199780, true }, + { 199801, true }, + { 199815, false }, + { 199835, false }, + { 199847, false }, + { 199860, true }, + { 199870, true }, + { 199879, true }, + { 199893, true }, + { 199911, true }, + { 199922, true }, + { 199935, true }, + { 199948, true }, + { 199964, true }, + { 199981, true }, + { 199993, true }, + { 200019, true }, + { 200048, true }, + { 200081, true }, + { 200115, true }, + { 200127, true }, + { 200141, true }, + { 200161, true }, + { 200175, true }, + { 200191, true }, + { 200203, true }, + { 200210, false }, + { 200223, true }, + { 200243, true }, + { 200268, true }, + { 200294, true }, + { 200311, true }, + { 200332, true }, + { 200348, true }, + { 200362, true }, + { 200382, true }, + { 200402, true }, + { 200426, true }, + { 200442, true }, + { 200457, true }, + { 200473, true }, + { 200491, true }, + { 200513, true }, + { 200530, true }, + { 200543, true }, + { 200555, false }, + { 200569, true }, + { 200591, true }, + { 200610, true }, + { 200633, true }, + { 200649, true }, + { 200669, true }, + { 200681, true }, + { 200703, true }, + { 200725, true }, + { 200744, true }, + { 200754, true }, + { 200776, true }, + { 200788, true }, + { 200805, true }, + { 200816, true }, + { 200829, true }, + { 200849, true }, + { 200859, true }, + { 200867, true }, + { 200878, true }, + { 200892, true }, + { 200903, true }, + { 200915, true }, + { 200930, true }, + { 200949, true }, + { 200978, true }, + { 201005, true }, + { 201033, true }, + { 201058, true }, + { 201070, true }, + { 201086, true }, + { 201105, true }, + { 201124, true }, + { 201143, true }, + { 201173, true }, + { 201191, true }, + { 201208, true }, + { 201222, true }, + { 201246, true }, + { 201257, false }, + { 201270, true }, + { 201281, true }, + { 201294, true }, + { 201310, true }, + { 201324, true }, + { 201339, true }, + { 201354, true }, + { 201371, true }, + { 201391, true }, + { 201409, true }, + { 201423, true }, + { 201437, true }, + { 201449, true }, + { 201463, true }, + { 201480, true }, + { 201505, true }, + { 201528, true }, + { 201546, true }, + { 201563, true }, + { 201574, true }, + { 201591, true }, + { 201605, true }, + { 201623, true }, + { 201638, true }, + { 201650, true }, + { 201666, true }, + { 201688, true }, + { 201699, false }, + { 201712, true }, + { 201727, true }, + { 201739, true }, + { 201751, true }, + { 201762, true }, + { 201772, true }, + { 201786, true }, + { 201798, true }, + { 201810, true }, + { 201822, true }, + { 201833, true }, + { 201853, true }, + { 201871, true }, + { 201888, true }, + { 201903, true }, + { 201920, true }, + { 201938, true }, + { 201951, true }, + { 201969, true }, + { 201981, true }, + { 201991, false }, + { 202000, true }, + { 202014, true }, + { 202024, true }, + { 202037, true }, + { 202048, true }, + { 202059, true }, + { 202073, true }, + { 202083, true }, + { 202098, false }, + { 202111, true }, + { 202121, true }, + { 202139, true }, + { 202150, true }, + { 202164, true }, + { 202180, true }, + { 202190, true }, + { 202201, true }, + { 202218, true }, + { 202226, true }, + { 202241, true }, + { 202252, true }, + { 202267, true }, + { 202281, true }, + { 202300, true }, + { 202309, true }, + { 202322, true }, + { 202345, true }, + { 202358, true }, + { 202371, true }, + { 202385, true }, + { 202400, true }, + { 202423, false }, + { 202438, true }, + { 202472, true }, + { 202492, true }, + { 202507, true }, + { 202528, true }, + { 202539, true }, + { 202549, true }, + { 202559, true }, + { 202575, true }, + { 202585, true }, + { 202598, true }, + { 202608, true }, + { 202620, true }, + { 202633, true }, + { 202645, true }, + { 202663, true }, + { 202686, true }, + { 202702, true }, + { 202716, true }, + { 202740, false }, + { 202754, true }, + { 202770, true }, + { 202791, true }, + { 202808, true }, + { 202821, true }, + { 202833, true }, + { 202846, true }, + { 202858, true }, + { 202873, true }, + { 202885, true }, + { 202897, true }, + { 202925, true }, + { 202942, true }, + { 202954, true }, + { 202964, true }, + { 202977, true }, + { 203004, true }, + { 203025, true }, + { 203044, true }, + { 203062, true }, + { 203078, true }, + { 203089, true }, + { 203107, true }, + { 203122, true }, + { 203133, true }, + { 203145, true }, + { 203157, true }, + { 203175, true }, + { 203187, true }, + { 203202, true }, + { 203221, true }, + { 203256, true }, + { 203285, true }, + { 203307, false }, + { 203321, true }, + { 203331, true }, + { 203349, true }, + { 203359, true }, + { 203372, true }, + { 203384, true }, + { 203401, true }, + { 203418, true }, + { 203433, true }, + { 203461, false }, + { 203480, true }, + { 203498, true }, + { 203512, true }, + { 203543, true }, + { 203565, true }, + { 203582, true }, + { 203597, true }, + { 203609, true }, + { 203621, true }, + { 203634, true }, + { 203656, true }, + { 203683, true }, + { 203709, true }, + { 203721, true }, + { 203742, true }, + { 203762, true }, + { 203783, true }, + { 203800, true }, + { 203817, true }, + { 203839, true }, + { 203855, true }, + { 203868, true }, + { 203880, true }, + { 203901, true }, + { 203916, true }, + { 203941, true }, + { 203960, true }, + { 203972, true }, + { 203987, true }, + { 204006, true }, + { 204033, true }, + { 204050, true }, + { 204066, true }, + { 204078, true }, + { 204094, true }, + { 204110, true }, + { 204149, true }, + { 204178, true }, + { 204194, true }, + { 204210, true }, + { 204232, true }, + { 204257, true }, + { 204279, true }, + { 204301, true }, + { 204316, true }, + { 204341, true }, + { 204359, true }, + { 204388, true }, + { 204408, true }, + { 204425, true }, + { 204448, true }, + { 204474, true }, + { 204492, true }, + { 204513, true }, + { 204541, true }, + { 204560, true }, + { 204575, true }, + { 204594, true }, + { 204614, true }, + { 204627, true }, + { 204640, true }, + { 204657, true }, + { 204672, true }, + { 204698, true }, + { 204712, true }, + { 204733, true }, + { 204749, true }, + { 204759, false }, + { 204775, true }, + { 204788, true }, + { 204810, true }, + { 204829, true }, + { 204845, true }, + { 204869, true }, + { 204883, true }, + { 204900, true }, + { 204913, true }, + { 204937, true }, + { 204949, false }, + { 204958, true }, + { 204973, true }, + { 204983, true }, + { 204995, true }, + { 205016, true }, + { 205029, true }, + { 205046, true }, + { 205060, true }, + { 205082, true }, + { 205094, true }, + { 205116, true }, + { 205136, true }, + { 205158, true }, + { 205177, true }, + { 205195, true }, + { 205220, true }, + { 205238, true }, + { 205258, true }, + { 205270, true }, + { 205288, true }, + { 205301, true }, + { 205314, true }, + { 205327, true }, + { 205337, true }, + { 205359, true }, + { 205373, true }, + { 205389, true }, + { 205405, true }, + { 205421, true }, + { 205434, true }, + { 205453, true }, + { 205471, true }, + { 205485, true }, + { 205495, true }, + { 205506, false }, + { 205518, true }, + { 205529, true }, + { 205537, true }, + { 205547, true }, + { 205556, true }, + { 205568, true }, + { 205582, true }, + { 205590, true }, + { 205601, true }, + { 205612, true }, + { 205623, true }, + { 205633, true }, + { 205646, true }, + { 205662, true }, + { 205674, true }, + { 205684, true }, + { 205701, true }, + { 205712, true }, + { 205724, true }, + { 205730, true }, + { 205746, true }, + { 205760, true }, + { 205767, true }, + { 205775, true }, + { 205785, true }, + { 205793, true }, + { 205802, true }, + { 205814, true }, + { 205828, true }, + { 205837, true }, + { 205853, true }, + { 205866, true }, + { 205874, true }, + { 205883, true }, + { 205891, true }, + { 205907, true }, + { 205920, true }, + { 205931, true }, + { 205941, true }, + { 205954, true }, + { 205965, false }, + { 205983, true }, + { 205994, true }, + { 206010, true }, + { 206022, true }, + { 206036, true }, + { 206048, false }, + { 206059, true }, + { 206067, true }, + { 206076, true }, + { 206085, true }, + { 206105, true }, + { 206117, true }, + { 206133, true }, + { 206141, true }, + { 206150, true }, + { 206158, true }, + { 206166, true }, + { 206182, true }, + { 206199, true }, + { 206207, true }, + { 206219, true }, + { 206230, true }, + { 206240, true }, + { 206249, true }, + { 206268, true }, + { 206278, true }, + { 206294, true }, + { 206305, true }, + { 206315, true }, + { 206324, true }, + { 206339, true }, + { 206347, true }, + { 206356, true }, + { 206365, true }, + { 206383, true }, + { 206399, true }, + { 206412, true }, + { 206429, true }, + { 206443, true }, + { 206471, true }, + { 206483, true }, + { 206496, true }, + { 206510, true }, + { 206524, true }, + { 206541, true }, + { 206550, true }, + { 206569, true }, + { 206585, true }, + { 206600, true }, + { 206610, true }, + { 206625, true }, + { 206642, true }, + { 206665, true }, + { 206684, true }, + { 206697, true }, + { 206720, true }, + { 206731, true }, + { 206740, true }, + { 206750, true }, + { 206764, true }, + { 206778, true }, + { 206792, true }, + { 206806, true }, + { 206820, true }, + { 206834, true }, + { 206848, true }, + { 206871, true }, + { 206892, true }, + { 206909, true }, + { 206930, true }, + { 206940, true }, + { 206956, true }, + { 206972, true }, + { 206983, true }, + { 206991, true }, + { 207001, true }, + { 207013, true }, + { 207022, true }, + { 207035, true }, + { 207048, true }, + { 207065, true }, + { 207076, true }, + { 207092, true }, + { 207103, true }, + { 207113, true }, + { 207121, true }, + { 207139, true }, + { 207153, true }, + { 207171, true }, + { 207185, true }, + { 207203, true }, + { 207222, true }, + { 207238, true }, + { 207260, true }, + { 207271, true }, + { 207282, true }, + { 207293, true }, + { 207302, true }, + { 207320, true }, + { 207339, true }, + { 207361, true }, + { 207372, true }, + { 207385, true }, + { 207397, true }, + { 207407, true }, + { 207414, true }, + { 207425, true }, + { 207435, true }, + { 207451, true }, + { 207462, true }, + { 207472, true }, + { 207482, true }, + { 207492, true }, + { 207502, true }, + { 207513, true }, + { 207523, true }, + { 207534, true }, + { 207552, true }, + { 207564, true }, + { 207577, true }, + { 207589, true }, + { 207601, true }, + { 207617, true }, + { 207629, true }, + { 207639, true }, + { 207648, true }, + { 207665, true }, + { 207680, true }, + { 207699, true }, + { 207714, true }, + { 207729, true }, + { 207742, true }, + { 207752, true }, + { 207765, true }, + { 207777, true }, + { 207796, true }, + { 207809, true }, + { 207841, true }, + { 207855, true }, + { 207867, true }, + { 207891, true }, + { 207914, true }, + { 207946, true }, + { 207968, true }, + { 207993, true }, + { 208016, true }, + { 208037, true }, + { 208064, true }, + { 208076, true }, + { 208086, true }, + { 208099, true }, + { 208125, true }, + { 208135, true }, + { 208156, true }, + { 208167, true }, + { 208186, true }, + { 208195, true }, + { 208209, true }, + { 208223, true }, + { 208237, true }, + { 208248, true }, + { 208262, true }, + { 208275, true }, + { 208290, true }, + { 208306, true }, + { 208322, true }, + { 208336, true }, + { 208350, true }, + { 208364, true }, + { 208376, false }, + { 208396, true }, + { 208408, true }, + { 208421, true }, + { 208435, true }, + { 208452, true }, + { 208471, true }, + { 208486, true }, + { 208515, true }, + { 208533, true }, + { 208549, true }, + { 208566, true }, + { 208580, true }, + { 208595, true }, + { 208608, true }, + { 208617, true }, + { 208626, true }, + { 208642, true }, + { 208662, true }, + { 208681, true }, + { 208700, true }, + { 208711, true }, + { 208723, true }, + { 208732, true }, + { 208741, true }, + { 208750, true }, + { 208759, true }, + { 208772, true }, + { 208783, true }, + { 208795, true }, + { 208803, true }, + { 208812, true }, + { 208823, true }, + { 208836, true }, + { 208845, true }, + { 208865, true }, + { 208874, true }, + { 208884, true }, + { 208897, true }, + { 208908, true }, + { 208921, true }, + { 208935, true }, + { 208946, true }, + { 208957, true }, + { 208968, true }, + { 208977, true }, + { 208991, false }, + { 209001, true }, + { 209015, true }, + { 209030, true }, + { 209047, true }, + { 209056, true }, + { 209071, true }, + { 209091, true }, + { 209110, true }, + { 209123, true }, + { 209135, true }, + { 209148, false }, + { 209161, true }, + { 209176, true }, + { 209193, true }, + { 209206, true }, + { 209219, true }, + { 209233, true }, + { 209247, true }, + { 209272, true }, + { 209281, true }, + { 209306, true }, + { 209338, true }, + { 209361, true }, + { 209373, true }, + { 209386, true }, + { 209400, true }, + { 209420, true }, + { 209434, true }, + { 209450, true }, + { 209463, true }, + { 209478, false }, + { 209492, true }, + { 209506, true }, + { 209517, true }, + { 209531, true }, + { 209543, true }, + { 209560, true }, + { 209581, true }, + { 209592, true }, + { 209603, true }, + { 209610, true }, + { 209621, true }, + { 209628, true }, + { 209638, true }, + { 209650, true }, + { 209660, true }, + { 209668, true }, + { 209676, true }, + { 209692, true }, + { 209707, true }, + { 209716, true }, + { 209724, true }, + { 209732, true }, + { 209747, true }, + { 209760, true }, + { 209773, true }, + { 209785, true }, + { 209794, true }, + { 209805, true }, + { 209819, true }, + { 209827, true }, + { 209834, true }, + { 209841, true }, + { 209850, true }, + { 209858, true }, + { 209868, true }, + { 209886, true }, + { 209900, true }, + { 209912, true }, + { 209923, true }, + { 209934, true }, + { 209945, true }, + { 209958, true }, + { 209969, true }, + { 209987, true }, + { 209998, true }, + { 210007, true }, + { 210024, true }, + { 210035, true }, + { 210044, true }, + { 210053, true }, + { 210069, true }, + { 210080, true }, + { 210087, true }, + { 210094, true }, + { 210101, true }, + { 210115, true }, + { 210123, true }, + { 210130, true }, + { 210137, true }, + { 210148, true }, + { 210154, true }, + { 210175, true }, + { 210187, true }, + { 210200, true }, + { 210213, true }, + { 210223, true }, + { 210234, true }, + { 210244, true }, + { 210254, true }, + { 210267, true }, + { 210281, true }, + { 210299, true }, + { 210316, true }, + { 210329, true }, + { 210339, true }, + { 210352, true }, + { 210367, true }, + { 210386, true }, + { 210399, true }, + { 210408, true }, + { 210434, true }, + { 210451, true }, + { 210476, true }, + { 210492, false }, + { 210504, true }, + { 210512, true }, + { 210526, true }, + { 210543, true }, + { 210556, true }, + { 210571, true }, + { 210590, true }, + { 210603, true }, + { 210618, true }, + { 210641, true }, + { 210654, true }, + { 210678, true }, + { 210707, true }, + { 210722, true }, + { 210738, true }, + { 210749, true }, + { 210762, true }, + { 210790, false }, + { 210804, false }, + { 210823, true }, + { 210838, true }, + { 210850, true }, + { 210858, true }, + { 210870, true }, + { 210884, true }, + { 210898, true }, + { 210912, true }, + { 210928, true }, + { 210944, true }, + { 210959, true }, + { 210979, true }, + { 210998, true }, + { 211016, true }, + { 211032, true }, + { 211043, true }, + { 211052, true }, + { 211068, true }, + { 211083, true }, + { 211097, true }, + { 211110, true }, + { 211120, true }, + { 211140, true }, + { 211157, true }, + { 211174, true }, + { 211193, true }, + { 211212, true }, + { 211232, false }, + { 211249, true }, + { 211263, true }, + { 211277, true }, + { 211297, true }, + { 211317, true }, + { 211331, false }, + { 211344, true }, + { 211354, true }, + { 211369, false }, + { 211387, true }, + { 211404, true }, + { 211421, true }, + { 211436, true }, + { 211459, true }, + { 211476, true }, + { 211490, true }, + { 211502, true }, + { 211517, true }, + { 211534, true }, + { 211548, true }, + { 211563, true }, + { 211576, true }, + { 211590, true }, + { 211611, true }, + { 211620, true }, + { 211635, false }, + { 211648, true }, + { 211663, true }, + { 211677, true }, + { 211691, true }, + { 211702, true }, + { 211712, true }, + { 211735, true }, + { 211749, true }, + { 211777, true }, + { 211791, true }, + { 211812, true }, + { 211823, true }, + { 211834, false }, + { 211844, true }, + { 211856, true }, + { 211871, true }, + { 211886, true }, + { 211894, true }, + { 211908, false }, + { 211922, true }, + { 211935, true }, + { 211946, true }, + { 211962, true }, + { 211979, true }, + { 211993, true }, + { 212003, true }, + { 212015, true }, + { 212029, true }, + { 212051, true }, + { 212069, false }, + { 212081, true }, + { 212101, true }, + { 212118, true }, + { 212144, true }, + { 212161, true }, + { 212186, false }, + { 212202, true }, + { 212221, true }, + { 212232, true }, + { 212246, true }, + { 212257, true }, + { 212269, true }, + { 212287, true }, + { 212299, true }, + { 212312, true }, + { 212323, true }, + { 212342, true }, + { 212359, true }, + { 212374, true }, + { 212393, true }, + { 212410, true }, + { 212425, true }, + { 212442, true }, + { 212460, true }, + { 212478, true }, + { 212500, true }, + { 212516, true }, + { 212529, true }, + { 212540, true }, + { 212548, true }, + { 212568, true }, + { 212580, true }, + { 212595, true }, + { 212603, true }, + { 212620, true }, + { 212633, true }, + { 212647, true }, + { 212657, true }, + { 212668, true }, + { 212678, true }, + { 212696, true }, + { 212714, true }, + { 212727, true }, + { 212746, true }, + { 212762, true }, + { 212774, true }, + { 212784, true }, + { 212798, true }, + { 212806, true }, + { 212819, true }, + { 212834, true }, + { 212855, true }, + { 212867, true }, + { 212880, true }, + { 212892, true }, + { 212903, true }, + { 212911, true }, + { 212926, true }, + { 212933, true }, + { 212946, true }, + { 212953, true }, + { 212972, true }, + { 212994, true }, + { 213010, true }, + { 213019, true }, + { 213039, true }, + { 213058, true }, + { 213068, true }, + { 213076, true }, + { 213087, true }, + { 213104, true }, + { 213124, true }, + { 213132, true }, + { 213142, true }, + { 213154, true }, + { 213166, true }, + { 213176, true }, + { 213189, true }, + { 213205, true }, + { 213227, true }, + { 213245, true }, + { 213262, true }, + { 213280, true }, + { 213298, true }, + { 213324, true }, + { 213339, true }, + { 213359, true }, + { 213371, true }, + { 213385, true }, + { 213400, true }, + { 213419, true }, + { 213428, true }, + { 213442, true }, + { 213455, true }, + { 213463, true }, + { 213479, false }, + { 213496, true }, + { 213517, true }, + { 213536, true }, + { 213555, true }, + { 213570, true }, + { 213586, true }, + { 213596, true }, + { 213612, true }, + { 213627, true }, + { 213639, true }, + { 213650, true }, + { 213660, true }, + { 213677, true }, + { 213687, true }, + { 213695, true }, + { 213713, true }, + { 213722, true }, + { 213744, true }, + { 213757, true }, + { 213767, true }, + { 213787, true }, + { 213805, true }, + { 213820, true }, + { 213831, false }, + { 213849, true }, + { 213866, true }, + { 213882, true }, + { 213900, true }, + { 213913, true }, + { 213925, true }, + { 213936, true }, + { 213964, true }, + { 213980, true }, + { 213998, true }, + { 214014, true }, + { 214024, true }, + { 214042, true }, + { 214058, true }, + { 214074, true }, + { 214089, true }, + { 214101, false }, + { 214115, true }, + { 214132, true }, + { 214154, true }, + { 214173, true }, + { 214185, true }, + { 214196, true }, + { 214217, true }, + { 214242, true }, + { 214260, true }, + { 214271, true }, + { 214287, true }, + { 214304, true }, + { 214331, true }, + { 214348, true }, + { 214364, true }, + { 214382, true }, + { 214397, true }, + { 214412, true }, + { 214426, true }, + { 214437, true }, + { 214454, true }, + { 214471, true }, + { 214486, true }, + { 214502, true }, + { 214514, true }, + { 214536, true }, + { 214549, true }, + { 214564, true }, + { 214572, true }, + { 214584, true }, + { 214595, true }, + { 214615, true }, + { 214622, false }, + { 214637, true }, + { 214648, true }, + { 214655, true }, + { 214667, true }, + { 214675, true }, + { 214683, true }, + { 214691, true }, + { 214699, true }, + { 214712, true }, + { 214724, true }, + { 214748, true }, + { 214755, true }, + { 214770, true }, + { 214795, true }, + { 214805, true }, + { 214820, false }, + { 214831, true }, + { 214844, true }, + { 214853, true }, + { 214863, true }, + { 214886, true }, + { 214901, true }, + { 214923, true }, + { 214935, true }, + { 214948, true }, + { 214960, true }, + { 214976, true }, + { 214990, true }, + { 215004, true }, + { 215015, true }, + { 215026, true }, + { 215040, false }, + { 215053, true }, + { 215067, true }, + { 215075, true }, + { 215089, true }, + { 215098, true }, + { 215110, true }, + { 215123, true }, + { 215146, true }, + { 215159, true }, + { 215169, true }, + { 215178, true }, + { 215188, true }, + { 215201, true }, + { 215217, true }, + { 215227, true }, + { 215238, true }, + { 215251, true }, + { 215264, true }, + { 215273, true }, + { 215292, true }, + { 215311, true }, + { 215328, true }, + { 215349, true }, + { 215365, true }, + { 215374, true }, + { 215392, true }, + { 215405, true }, + { 215413, true }, + { 215426, true }, + { 215439, true }, + { 215454, true }, + { 215469, true }, + { 215488, true }, + { 215501, true }, + { 215512, true }, + { 215525, true }, + { 215539, true }, + { 215546, true }, + { 215565, true }, + { 215585, true }, + { 215597, true }, + { 215619, true }, + { 215626, true }, + { 215640, true }, + { 215648, true }, + { 215668, true }, + { 215686, true }, + { 215695, true }, + { 215705, true }, + { 215720, true }, + { 215729, true }, + { 215738, true }, + { 215747, true }, + { 215756, true }, + { 215766, true }, + { 215778, true }, + { 215792, true }, + { 215811, true }, + { 215831, true }, + { 215844, true }, + { 215855, true }, + { 215869, true }, + { 215883, true }, + { 215895, true }, + { 215909, true }, + { 215922, true }, + { 215939, true }, + { 215947, true }, + { 215955, true }, + { 215969, true }, + { 215988, true }, + { 216007, true }, + { 216022, true }, + { 216037, true }, + { 216052, true }, + { 216067, true }, + { 216082, true }, + { 216097, true }, + { 216110, true }, + { 216124, true }, + { 216136, true }, + { 216150, true }, + { 216161, true }, + { 216177, true }, + { 216191, true }, + { 216202, true }, + { 216220, true }, + { 216234, true }, + { 216249, true }, + { 216261, true }, + { 216274, true }, + { 216289, true }, + { 216307, true }, + { 216323, true }, + { 216337, true }, + { 216347, true }, + { 216357, true }, + { 216378, true }, + { 216394, true }, + { 216411, true }, + { 216441, true }, + { 216455, false }, + { 216469, true }, + { 216487, true }, + { 216497, true }, + { 216517, true }, + { 216532, true }, + { 216544, true }, + { 216558, true }, + { 216573, false }, + { 216589, false }, + { 216611, true }, + { 216621, true }, + { 216633, true }, + { 216651, true }, + { 216670, true }, + { 216688, true }, + { 216700, true }, + { 216713, true }, + { 216733, true }, + { 216746, true }, + { 216765, true }, + { 216779, true }, + { 216796, true }, + { 216812, true }, + { 216826, true }, + { 216842, false }, + { 216861, true }, + { 216878, true }, + { 216888, true }, + { 216903, true }, + { 216931, true }, + { 216945, true }, + { 216963, true }, + { 216976, true }, + { 216991, true }, + { 217011, true }, + { 217027, true }, + { 217039, true }, + { 217056, true }, + { 217071, true }, + { 217082, true }, + { 217116, true }, + { 217132, true }, + { 217143, true }, + { 217158, true }, + { 217172, true }, + { 217187, true }, + { 217202, true }, + { 217216, true }, + { 217243, true }, + { 217251, true }, + { 217261, true }, + { 217284, true }, + { 217299, true }, + { 217318, true }, + { 217332, true }, + { 217347, true }, + { 217362, true }, + { 217380, true }, + { 217399, true }, + { 217418, true }, + { 217437, true }, + { 217458, true }, + { 217475, true }, + { 217494, true }, + { 217507, true }, + { 217520, false }, + { 217543, true }, + { 217559, true }, + { 217570, true }, + { 217583, true }, + { 217594, true }, + { 217606, true }, + { 217621, true }, + { 217636, true }, + { 217651, true }, + { 217666, true }, + { 217682, true }, + { 217699, true }, + { 217711, true }, + { 217727, true }, + { 217736, true }, + { 217750, true }, + { 217765, true }, + { 217778, true }, + { 217796, true }, + { 217815, true }, + { 217824, true }, + { 217835, true }, + { 217845, true }, + { 217864, true }, + { 217878, true }, + { 217902, true }, + { 217926, true }, + { 217943, true }, + { 217971, true }, + { 217991, true }, + { 218003, true }, + { 218015, true }, + { 218027, true }, + { 218040, true }, + { 218052, true }, + { 218067, true }, + { 218081, true }, + { 218098, true }, + { 218115, true }, + { 218129, true }, + { 218144, true }, + { 218157, true }, + { 218169, true }, + { 218189, true }, + { 218209, true }, + { 218229, true }, + { 218245, true }, + { 218262, true }, + { 218279, true }, + { 218295, true }, + { 218309, true }, + { 218335, true }, + { 218350, true }, + { 218366, true }, + { 218384, true }, + { 218401, true }, + { 218419, true }, + { 218436, true }, + { 218453, true }, + { 218465, true }, + { 218473, true }, + { 218497, true }, + { 218517, true }, + { 218538, false }, + { 218549, true }, + { 218560, true }, + { 218574, true }, + { 218586, true }, + { 218599, true }, + { 218625, true }, + { 218651, true }, + { 218672, true }, + { 218687, true }, + { 218695, true }, + { 218710, true }, + { 218724, true }, + { 218738, true }, + { 218750, true }, + { 218765, true }, + { 218773, true }, + { 218784, true }, + { 218804, true }, + { 218822, true }, + { 218839, true }, + { 218849, true }, + { 218870, true }, + { 218888, true }, + { 218903, true }, + { 218921, true }, + { 218937, true }, + { 218945, true }, + { 218953, true }, + { 218966, true }, + { 218975, true }, + { 218991, true }, + { 219004, false }, + { 219018, true }, + { 219029, true }, + { 219046, true }, + { 219058, true }, + { 219070, true }, + { 219085, false }, + { 219096, true }, + { 219111, true }, + { 219124, true }, + { 219140, true }, + { 219156, true }, + { 219173, true }, + { 219186, true }, + { 219196, true }, + { 219204, true }, + { 219214, false }, + { 219228, true }, + { 219246, true }, + { 219257, false }, + { 219269, true }, + { 219278, true }, + { 219292, true }, + { 219304, true }, + { 219321, true }, + { 219337, true }, + { 219353, true }, + { 219361, true }, + { 219381, true }, + { 219391, true }, + { 219402, true }, + { 219417, true }, + { 219435, true }, + { 219453, true }, + { 219471, true }, + { 219487, true }, + { 219505, true }, + { 219522, true }, + { 219541, true }, + { 219549, true }, + { 219562, true }, + { 219574, true }, + { 219584, true }, + { 219598, true }, + { 219611, true }, + { 219625, true }, + { 219640, true }, + { 219657, true }, + { 219677, true }, + { 219692, true }, + { 219707, true }, + { 219725, true }, + { 219743, true }, + { 219762, true }, + { 219782, true }, + { 219798, true }, + { 219818, true }, + { 219831, true }, + { 219841, true }, + { 219871, true }, + { 219889, true }, + { 219906, true }, + { 219921, true }, + { 219932, true }, + { 219950, true }, + { 219969, true }, + { 219988, true }, + { 219999, true }, + { 220010, true }, + { 220023, true }, + { 220039, true }, + { 220055, false }, + { 220063, true }, + { 220072, true }, + { 220098, true }, + { 220118, true }, + { 220152, true }, + { 220182, true }, + { 220206, true }, + { 220221, true }, + { 220237, true }, + { 220253, true }, + { 220270, true }, + { 220285, true }, + { 220302, true }, + { 220330, true }, + { 220362, true }, + { 220379, true }, + { 220399, true }, + { 220424, true }, + { 220440, true }, + { 220454, true }, + { 220468, true }, + { 220478, true }, + { 220501, true }, + { 220521, true }, + { 220536, true }, + { 220561, true }, + { 220574, true }, + { 220582, true }, + { 220598, true }, + { 220610, true }, + { 220624, true }, + { 220643, true }, + { 220671, true }, + { 220687, true }, + { 220702, true }, + { 220715, true }, + { 220725, true }, + { 220734, true }, + { 220749, true }, + { 220768, true }, + { 220783, true }, + { 220807, true }, + { 220831, true }, + { 220854, true }, + { 220873, true }, + { 220895, true }, + { 220907, true }, + { 220931, true }, + { 220946, true }, + { 220960, true }, + { 220974, false }, + { 220986, true }, + { 221006, true }, + { 221027, true }, + { 221040, true }, + { 221060, false }, + { 221070, true }, + { 221083, true }, + { 221097, true }, + { 221108, true }, + { 221127, true }, + { 221148, true }, + { 221161, true }, + { 221183, true }, + { 221203, true }, + { 221215, true }, + { 221232, true }, + { 221243, true }, + { 221268, false }, + { 221276, true }, + { 221299, true }, + { 221309, true }, + { 221319, true }, + { 221326, true }, + { 221339, true }, + { 221350, true }, + { 221365, true }, + { 221378, true }, + { 221395, true }, + { 221403, true }, + { 221414, true }, + { 221434, true }, + { 221443, true }, + { 221455, true }, + { 221465, true }, + { 221475, true }, + { 221487, true }, + { 221496, true }, + { 221507, true }, + { 221519, true }, + { 221529, true }, + { 221537, true }, + { 221544, true }, + { 221554, true }, + { 221574, true }, + { 221588, true }, + { 221600, true }, + { 221619, true }, + { 221628, true }, + { 221644, false }, + { 221658, true }, + { 221672, true }, + { 221685, true }, + { 221695, true }, + { 221708, true }, + { 221718, true }, + { 221733, true }, + { 221746, true }, + { 221759, true }, + { 221770, true }, + { 221785, true }, + { 221795, false }, + { 221805, true }, + { 221822, true }, + { 221834, true }, + { 221847, true }, + { 221866, true }, + { 221881, true }, + { 221894, true }, + { 221903, true }, + { 221914, true }, + { 221928, true }, + { 221939, true }, + { 221953, true }, + { 221973, true }, + { 221989, true }, + { 222000, true }, + { 222011, true }, + { 222021, true }, + { 222037, true }, + { 222054, true }, + { 222069, true }, + { 222086, true }, + { 222102, true }, + { 222127, true }, + { 222142, true }, + { 222151, true }, + { 222165, true }, + { 222178, true }, + { 222197, true }, + { 222210, true }, + { 222227, true }, + { 222244, true }, + { 222254, true }, + { 222264, true }, + { 222289, true }, + { 222297, true }, + { 222312, true }, + { 222323, true }, + { 222340, true }, + { 222357, true }, + { 222372, true }, + { 222384, true }, + { 222403, true }, + { 222417, true }, + { 222427, true }, + { 222435, true }, + { 222454, true }, + { 222479, true }, + { 222497, true }, + { 222517, true }, + { 222526, true }, + { 222538, true }, + { 222552, true }, + { 222565, true }, + { 222581, true }, + { 222595, true }, + { 222623, true }, + { 222665, true }, + { 222685, true }, + { 222699, true }, + { 222727, true }, + { 222752, true }, + { 222780, true }, + { 222806, true }, + { 222838, true }, + { 222849, true }, + { 222864, true }, + { 222873, true }, + { 222887, true }, + { 222900, true }, + { 222909, true }, + { 222921, true }, + { 222933, true }, + { 222951, true }, + { 222964, true }, + { 222977, true }, + { 222989, true }, + { 223004, true }, + { 223022, true }, + { 223032, true }, + { 223045, true }, + { 223061, true }, + { 223074, true }, + { 223087, true }, + { 223101, true }, + { 223121, true }, + { 223131, true }, + { 223143, true }, + { 223157, true }, + { 223172, true }, + { 223188, true }, + { 223200, false }, + { 223217, true }, + { 223232, true }, + { 223245, true }, + { 223263, true }, + { 223274, true }, + { 223287, true }, + { 223299, true }, + { 223314, true }, + { 223327, true }, + { 223339, true }, + { 223349, true }, + { 223365, true }, + { 223375, true }, + { 223384, true }, + { 223399, true }, + { 223414, true }, + { 223435, true }, + { 223451, true }, + { 223464, true }, + { 223479, true }, + { 223497, true }, + { 223512, true }, + { 223526, true }, + { 223544, true }, + { 223562, true }, + { 223574, true }, + { 223585, true }, + { 223593, true }, + { 223606, false }, + { 223623, true }, + { 223636, true }, + { 223647, true }, + { 223667, true }, + { 223680, true }, + { 223689, true }, + { 223703, true }, + { 223723, false }, + { 223734, true }, + { 223743, true }, + { 223765, true }, + { 223774, true }, + { 223792, true }, + { 223807, true }, + { 223814, true }, + { 223833, true }, + { 223852, true }, + { 223863, true }, + { 223878, true }, + { 223896, true }, + { 223911, true }, + { 223925, true }, + { 223939, true }, + { 223951, true }, + { 223968, true }, + { 223987, true }, + { 224001, true }, + { 224019, true }, + { 224039, true }, + { 224063, true }, + { 224074, true }, + { 224088, true }, + { 224102, true }, + { 224120, true }, + { 224133, true }, + { 224146, true }, + { 224159, false }, + { 224170, true }, + { 224185, true }, + { 224198, true }, + { 224210, true }, + { 224233, true }, + { 224248, true }, + { 224258, true }, + { 224267, true }, + { 224284, true }, + { 224297, true }, + { 224307, true }, + { 224341, true }, + { 224351, true }, + { 224369, true }, + { 224381, false }, + { 224392, true }, + { 224401, true }, + { 224412, true }, + { 224426, true }, + { 224441, true }, + { 224456, true }, + { 224470, true }, + { 224481, true }, + { 224501, true }, + { 224511, true }, + { 224524, true }, + { 224532, true }, + { 224546, true }, + { 224556, true }, + { 224581, true }, + { 224595, true }, + { 224604, true }, + { 224612, true }, + { 224625, true }, + { 224644, true }, + { 224662, true }, + { 224673, true }, + { 224686, true }, + { 224696, true }, + { 224707, true }, + { 224731, true }, + { 224741, true }, + { 224749, true }, + { 224759, true }, + { 224769, true }, + { 224779, true }, + { 224790, true }, + { 224807, true }, + { 224818, true }, + { 224837, true }, + { 224855, true }, + { 224866, true }, + { 224877, true }, + { 224895, true }, + { 224911, true }, + { 224923, true }, + { 224937, true }, + { 224947, true }, + { 224961, false }, + { 224976, true }, + { 224995, true }, + { 225009, true }, + { 225021, true }, + { 225031, true }, + { 225048, true }, + { 225063, true }, + { 225073, true }, + { 225088, true }, + { 225118, true }, + { 225131, true }, + { 225151, true }, + { 225163, true }, + { 225178, true }, + { 225190, true }, + { 225203, true }, + { 225212, true }, + { 225221, true }, + { 225230, true }, + { 225238, true }, + { 225248, true }, + { 225272, true }, + { 225291, true }, + { 225308, true }, + { 225328, true }, + { 225345, true }, + { 225357, true }, + { 225372, true }, + { 225385, true }, + { 225398, true }, + { 225418, true }, + { 225425, true }, + { 225441, true }, + { 225469, true }, + { 225496, true }, + { 225522, true }, + { 225547, true }, + { 225557, true }, + { 225566, true }, + { 225581, true }, + { 225596, true }, + { 225607, true }, + { 225619, true }, + { 225635, true }, + { 225655, true }, + { 225669, true }, + { 225682, true }, + { 225697, true }, + { 225705, true }, + { 225721, false }, + { 225734, true }, + { 225744, true }, + { 225768, true }, + { 225779, true }, + { 225792, true }, + { 225807, true }, + { 225822, true }, + { 225840, true }, + { 225852, true }, + { 225862, true }, + { 225877, true }, + { 225892, true }, + { 225905, true }, + { 225921, true }, + { 225937, true }, + { 225960, true }, + { 225974, true }, + { 225984, true }, + { 226006, true }, + { 226025, true }, + { 226041, true }, + { 226054, true }, + { 226067, true }, + { 226082, true }, + { 226101, true }, + { 226113, true }, + { 226131, true }, + { 226147, true }, + { 226161, false }, + { 226173, true }, + { 226187, true }, + { 226202, true }, + { 226215, true }, + { 226227, true }, + { 226243, true }, + { 226258, true }, + { 226275, true }, + { 226291, true }, + { 226309, true }, + { 226325, true }, + { 226335, true }, + { 226344, true }, + { 226357, true }, + { 226368, true }, + { 226380, true }, + { 226391, true }, + { 226408, true }, + { 226428, true }, + { 226441, true }, + { 226466, true }, + { 226477, true }, + { 226488, true }, + { 226505, true }, + { 226528, true }, + { 226543, true }, + { 226558, true }, + { 226569, false }, + { 226581, true }, + { 226598, true }, + { 226606, true }, + { 226622, true }, + { 226633, true }, + { 226652, true }, + { 226664, true }, + { 226677, true }, + { 226687, true }, + { 226697, true }, + { 226708, true }, + { 226716, true }, + { 226732, true }, + { 226744, true }, + { 226761, true }, + { 226776, true }, + { 226786, true }, + { 226805, true }, + { 226828, true }, + { 226839, true }, + { 226851, true }, + { 226867, true }, + { 226878, true }, + { 226898, true }, + { 226914, true }, + { 226929, true }, + { 226942, true }, + { 226958, true }, + { 226975, true }, + { 226998, true }, + { 227029, true }, + { 227042, true }, + { 227061, true }, + { 227085, true }, + { 227113, true }, + { 227137, true }, + { 227151, true }, + { 227172, true }, + { 227188, true }, + { 227198, true }, + { 227217, true }, + { 227227, true }, + { 227238, true }, + { 227249, true }, + { 227262, true }, + { 227284, true }, + { 227296, true }, + { 227316, true }, + { 227330, true }, + { 227341, true }, + { 227351, true }, + { 227365, true }, + { 227373, true }, + { 227386, true }, + { 227396, true }, + { 227414, true }, + { 227428, true }, + { 227453, true }, + { 227465, true }, + { 227482, true }, + { 227509, true }, + { 227523, true }, + { 227535, true }, + { 227551, true }, + { 227564, true }, + { 227576, true }, + { 227588, true }, + { 227599, true }, + { 227609, false }, + { 227621, true }, + { 227638, true }, + { 227662, true }, + { 227679, true }, + { 227687, true }, + { 227707, true }, + { 227734, true }, + { 227759, true }, + { 227775, true }, + { 227795, true }, + { 227807, true }, + { 227820, true }, + { 227846, true }, + { 227870, true }, + { 227882, true }, + { 227898, true }, + { 227913, true }, + { 227934, false }, + { 227948, true }, + { 227967, true }, + { 227997, true }, + { 228034, true }, + { 228066, true }, + { 228093, true }, + { 228110, true }, + { 228127, true }, + { 228144, true }, + { 228164, true }, + { 228174, true }, + { 228191, true }, + { 228205, true }, + { 228222, true }, + { 228235, true }, + { 228247, true }, + { 228259, true }, + { 228272, true }, + { 228282, true }, + { 228305, false }, + { 228319, true }, + { 228342, false }, + { 228356, true }, + { 228368, true }, + { 228379, true }, + { 228397, true }, + { 228410, true }, + { 228425, true }, + { 228439, true }, + { 228455, true }, + { 228469, true }, + { 228487, true }, + { 228497, true }, + { 228509, true }, + { 228532, true }, + { 228550, true }, + { 228583, true }, + { 228593, true }, + { 228602, false }, + { 228611, true }, + { 228630, true }, + { 228642, true }, + { 228656, true }, + { 228669, true }, + { 228690, true }, + { 228704, true }, + { 228718, true }, + { 228736, true }, + { 228754, true }, + { 228771, true }, + { 228787, true }, + { 228800, true }, + { 228813, true }, + { 228825, true }, + { 228837, true }, + { 228851, true }, + { 228868, true }, + { 228889, true }, + { 228906, true }, + { 228920, true }, + { 228943, true }, + { 228961, true }, + { 228983, true }, + { 229004, true }, + { 229027, true }, + { 229054, true }, + { 229078, true }, + { 229101, true }, + { 229115, true }, + { 229129, true }, + { 229147, true }, + { 229160, true }, + { 229172, true }, + { 229183, true }, + { 229199, true }, + { 229216, true }, + { 229230, true }, + { 229244, true }, + { 229253, true }, + { 229263, true }, + { 229275, true }, + { 229288, true }, + { 229300, false }, + { 229323, true }, + { 229335, false }, + { 229348, true }, + { 229356, true }, + { 229367, true }, + { 229384, true }, + { 229393, true }, + { 229401, true }, + { 229414, true }, + { 229429, true }, + { 229438, true }, + { 229461, true }, + { 229473, true }, + { 229489, true }, + { 229501, true }, + { 229524, true }, + { 229540, true }, + { 229556, true }, + { 229571, true }, + { 229584, true }, + { 229594, true }, + { 229603, true }, + { 229610, true }, + { 229622, true }, + { 229638, true }, + { 229651, true }, + { 229668, true }, + { 229691, true }, + { 229708, true }, + { 229726, true }, + { 229739, true }, + { 229756, true }, + { 229770, true }, + { 229796, true }, + { 229809, true }, + { 229823, true }, + { 229837, true }, + { 229849, true }, + { 229858, true }, + { 229872, true }, + { 229888, true }, + { 229905, true }, + { 229917, true }, + { 229930, false }, + { 229945, true }, + { 229966, true }, + { 229979, true }, + { 229994, true }, + { 230008, true }, + { 230034, true }, + { 230044, true }, + { 230055, true }, + { 230070, true }, + { 230088, true }, + { 230098, true }, + { 230107, true }, + { 230121, true }, + { 230139, true }, + { 230156, true }, + { 230164, true }, + { 230174, true }, + { 230191, true }, + { 230199, true }, + { 230212, true }, + { 230222, true }, + { 230233, true }, + { 230251, true }, + { 230265, true }, + { 230279, true }, + { 230287, true }, + { 230305, true }, + { 230324, true }, + { 230332, true }, + { 230344, true }, + { 230358, true }, + { 230376, true }, + { 230385, true }, + { 230396, true }, + { 230409, true }, + { 230431, true }, + { 230446, true }, + { 230464, true }, + { 230472, true }, + { 230486, true }, + { 230495, true }, + { 230510, true }, + { 230528, true }, + { 230550, true }, + { 230562, true }, + { 230572, true }, + { 230582, true }, + { 230592, true }, + { 230603, true }, + { 230609, true }, + { 230623, true }, + { 230634, true }, + { 230646, true }, + { 230659, true }, + { 230672, true }, + { 230687, true }, + { 230698, true }, + { 230712, true }, + { 230726, true }, + { 230737, true }, + { 230745, true }, + { 230756, true }, + { 230767, true }, + { 230781, true }, + { 230795, true }, + { 230819, false }, + { 230840, true }, + { 230858, true }, + { 230875, true }, + { 230892, true }, + { 230911, true }, + { 230923, true }, + { 230935, true }, + { 230943, true }, + { 230952, true }, + { 230965, true }, + { 230973, true }, + { 230988, true }, + { 230996, true }, + { 231010, true }, + { 231023, true }, + { 231035, true }, + { 231052, true }, + { 231067, true }, + { 231080, true }, + { 231094, true }, + { 231104, true }, + { 231119, true }, + { 231138, true }, + { 231160, true }, + { 231171, true }, + { 231182, true }, + { 231193, true }, + { 231204, true }, + { 231214, true }, + { 231225, false }, + { 231246, true }, + { 231260, true }, + { 231272, true }, + { 231286, true }, + { 231298, true }, + { 231315, true }, + { 231327, true }, + { 231345, true }, + { 231359, true }, + { 231370, true }, + { 231382, true }, + { 231399, true }, + { 231410, true }, + { 231420, true }, + { 231440, true }, + { 231451, true }, + { 231465, true }, + { 231479, true }, + { 231490, true }, + { 231512, true }, + { 231525, true }, + { 231536, true }, + { 231549, true }, + { 231561, true }, + { 231580, true }, + { 231589, true }, + { 231605, true }, + { 231618, true }, + { 231642, true }, + { 231656, true }, + { 231671, true }, + { 231685, true }, + { 231700, true }, + { 231714, true }, + { 231722, true }, + { 231736, true }, + { 231746, true }, + { 231757, true }, + { 231769, false }, + { 231782, true }, + { 231795, true }, + { 231808, true }, + { 231820, true }, + { 231832, true }, + { 231842, true }, + { 231857, true }, + { 231867, true }, + { 231884, true }, + { 231892, true }, + { 231906, true }, + { 231919, true }, + { 231930, true }, + { 231941, true }, + { 231970, true }, + { 231980, true }, + { 231999, true }, + { 232012, true }, + { 232025, true }, + { 232038, false }, + { 232049, true }, + { 232059, true }, + { 232073, true }, + { 232095, true }, + { 232109, true }, + { 232122, true }, + { 232134, true }, + { 232146, true }, + { 232156, true }, + { 232169, true }, + { 232183, true }, + { 232193, true }, + { 232204, true }, + { 232214, true }, + { 232225, true }, + { 232238, true }, + { 232250, true }, + { 232265, true }, + { 232289, true }, + { 232302, true }, + { 232313, true }, + { 232326, true }, + { 232341, true }, + { 232353, true }, + { 232373, true }, + { 232384, true }, + { 232404, true }, + { 232419, true }, + { 232427, true }, + { 232439, true }, + { 232449, true }, + { 232457, false }, + { 232477, true }, + { 232499, true }, + { 232511, true }, + { 232522, true }, + { 232531, true }, + { 232539, true }, + { 232548, true }, + { 232560, true }, + { 232572, true }, + { 232582, true }, + { 232592, true }, + { 232609, true }, + { 232617, true }, + { 232631, true }, + { 232641, true }, + { 232654, true }, + { 232668, false }, + { 232679, true }, + { 232692, true }, + { 232706, true }, + { 232718, true }, + { 232737, true }, + { 232758, true }, + { 232781, true }, + { 232790, true }, + { 232807, true }, + { 232823, true }, + { 232841, true }, + { 232860, true }, + { 232873, true }, + { 232887, true }, + { 232897, true }, + { 232914, true }, + { 232937, true }, + { 232956, true }, + { 232965, true }, + { 232977, true }, + { 233001, true }, + { 233014, true }, + { 233032, true }, + { 233049, true }, + { 233067, true }, + { 233078, true }, + { 233092, true }, + { 233110, true }, + { 233123, true }, + { 233133, true }, + { 233147, true }, + { 233157, true }, + { 233169, true }, + { 233182, true }, + { 233201, true }, + { 233214, true }, + { 233224, true }, + { 233233, true }, + { 233245, true }, + { 233257, true }, + { 233265, true }, + { 233284, true }, + { 233296, true }, + { 233306, true }, + { 233324, true }, + { 233332, true }, + { 233354, false }, + { 233367, true }, + { 233377, true }, + { 233385, true }, + { 233392, true }, + { 233399, true }, + { 233411, true }, + { 233423, true }, + { 233433, true }, + { 233445, true }, + { 233453, true }, + { 233465, true }, + { 233480, true }, + { 233489, true }, + { 233497, true }, + { 233514, true }, + { 233529, true }, + { 233542, true }, + { 233560, true }, + { 233573, true }, + { 233580, true }, + { 233586, true }, + { 233598, true }, + { 233608, true }, + { 233617, true }, + { 233627, true }, + { 233634, false }, + { 233649, true }, + { 233660, true }, + { 233671, true }, + { 233687, true }, + { 233702, true }, + { 233721, true }, + { 233737, true }, + { 233750, true }, + { 233772, true }, + { 233785, true }, + { 233799, true }, + { 233817, true }, + { 233829, true }, + { 233843, true }, + { 233856, true }, + { 233879, true }, + { 233890, true }, + { 233899, true }, + { 233914, true }, + { 233933, true }, + { 233943, true }, + { 233955, true }, + { 233963, true }, + { 233976, true }, + { 233988, true }, + { 234001, true }, + { 234021, true }, + { 234040, true }, + { 234049, true }, + { 234065, true }, + { 234082, true }, + { 234094, true }, + { 234114, true }, + { 234124, true }, + { 234138, true }, + { 234150, true }, + { 234165, true }, + { 234180, true }, + { 234193, true }, + { 234212, true }, + { 234224, false }, + { 234239, true }, + { 234249, true }, + { 234266, true }, + { 234278, true }, + { 234291, true }, + { 234310, true }, + { 234329, true }, + { 234347, true }, + { 234359, true }, + { 234370, true }, + { 234389, true }, + { 234413, true }, + { 234424, true }, + { 234438, true }, + { 234447, true }, + { 234464, true }, + { 234479, true }, + { 234488, true }, + { 234498, true }, + { 234513, true }, + { 234527, true }, + { 234546, true }, + { 234558, true }, + { 234573, true }, + { 234584, true }, + { 234593, true }, + { 234600, true }, + { 234612, true }, + { 234622, true }, + { 234641, true }, + { 234656, true }, + { 234666, true }, + { 234675, true }, + { 234685, true }, + { 234693, true }, + { 234701, true }, + { 234711, true }, + { 234722, true }, + { 234732, true }, + { 234744, true }, + { 234752, true }, + { 234763, true }, + { 234775, true }, + { 234789, true }, + { 234804, true }, + { 234818, true }, + { 234832, true }, + { 234851, true }, + { 234865, false }, + { 234876, true }, + { 234885, true }, + { 234901, true }, + { 234923, true }, + { 234933, true }, + { 234950, true }, + { 234962, true }, + { 234975, true }, + { 234989, true }, + { 235007, true }, + { 235026, true }, + { 235046, true }, + { 235059, true }, + { 235070, true }, + { 235077, false }, + { 235097, true }, + { 235109, true }, + { 235119, true }, + { 235128, true }, + { 235140, true }, + { 235158, true }, + { 235170, true }, + { 235184, true }, + { 235202, true }, + { 235217, true }, + { 235230, true }, + { 235243, true }, + { 235268, true }, + { 235285, true }, + { 235297, true }, + { 235309, true }, + { 235328, true }, + { 235339, true }, + { 235356, true }, + { 235366, true }, + { 235393, true }, + { 235407, true }, + { 235422, true }, + { 235447, true }, + { 235470, true }, + { 235493, false }, + { 235548, true }, + { 235575, true }, + { 235590, true }, + { 235618, true }, + { 235630, true }, + { 235642, true }, + { 235656, true }, + { 235667, true }, + { 235679, true }, + { 235701, false }, + { 235717, true }, + { 235729, true }, + { 235742, true }, + { 235767, true }, + { 235788, true }, + { 235798, true }, + { 235811, true }, + { 235821, true }, + { 235836, true }, + { 235847, true }, + { 235870, true }, + { 235882, true }, + { 235892, true }, + { 235914, true }, + { 235937, true }, + { 235947, true }, + { 235957, true }, + { 235969, true }, + { 235989, true }, + { 236012, true }, + { 236025, true }, + { 236036, false }, + { 236050, true }, + { 236072, true }, + { 236090, true }, + { 236101, true }, + { 236120, true }, + { 236136, true }, + { 236150, true }, + { 236171, true }, + { 236196, true }, + { 236210, true }, + { 236223, true }, + { 236240, true }, + { 236263, true }, + { 236298, true }, + { 236321, true }, + { 236351, true }, + { 236378, true }, + { 236399, true }, + { 236422, true }, + { 236449, true }, + { 236462, true }, + { 236477, true }, + { 236487, true }, + { 236496, true }, + { 236509, true }, + { 236529, true }, + { 236540, true }, + { 236552, true }, + { 236574, true }, + { 236587, false }, + { 236604, true }, + { 236618, true }, + { 236635, true }, + { 236652, true }, + { 236664, true }, + { 236678, true }, + { 236692, true }, + { 236702, true }, + { 236719, true }, + { 236730, true }, + { 236741, true }, + { 236756, true }, + { 236776, true }, + { 236789, true }, + { 236801, true }, + { 236813, false }, + { 236822, true }, + { 236843, true }, + { 236866, true }, + { 236878, true }, + { 236894, true }, + { 236908, true }, + { 236920, true }, + { 236933, true }, + { 236947, true }, + { 236960, true }, + { 236972, true }, + { 236989, false }, + { 236999, true }, + { 237020, true }, + { 237034, true }, + { 237043, true }, + { 237063, true }, + { 237073, true }, + { 237086, true }, + { 237104, true }, + { 237122, true }, + { 237134, true }, + { 237148, true }, + { 237166, true }, + { 237177, true }, + { 237199, true }, + { 237221, true }, + { 237233, true }, + { 237246, true }, + { 237256, true }, + { 237279, true }, + { 237293, true }, + { 237305, true }, + { 237324, true }, + { 237336, true }, + { 237350, true }, + { 237369, true }, + { 237381, true }, + { 237393, true }, + { 237413, true }, + { 237425, true }, + { 237446, true }, + { 237459, true }, + { 237482, true }, + { 237503, true }, + { 237519, true }, + { 237531, true }, + { 237560, true }, + { 237573, true }, + { 237583, true }, + { 237600, true }, + { 237615, true }, + { 237629, true }, + { 237640, true }, + { 237654, true }, + { 237667, true }, + { 237681, true }, + { 237694, true }, + { 237707, true }, + { 237725, true }, + { 237738, true }, + { 237752, true }, + { 237767, true }, + { 237779, true }, + { 237793, true }, + { 237808, true }, + { 237831, true }, + { 237839, true }, + { 237849, true }, + { 237862, true }, + { 237886, true }, + { 237908, true }, + { 237920, true }, + { 237938, true }, + { 237955, true }, + { 237973, true }, + { 237991, true }, + { 238010, true }, + { 238033, true }, + { 238046, false }, + { 238059, true }, + { 238078, true }, + { 238096, true }, + { 238108, true }, + { 238115, true }, + { 238131, true }, + { 238155, true }, + { 238173, true }, + { 238181, true }, + { 238198, true }, + { 238220, true }, + { 238235, false }, + { 238253, true }, + { 238273, true }, + { 238291, true }, + { 238304, true }, + { 238319, true }, + { 238333, true }, + { 238348, true }, + { 238373, true }, + { 238390, true }, + { 238412, true }, + { 238429, true }, + { 238440, true }, + { 238459, true }, + { 238475, true }, + { 238489, true }, + { 238502, true }, + { 238516, true }, + { 238531, true }, + { 238542, true }, + { 238570, true }, + { 238597, true }, + { 238622, true }, + { 238650, true }, + { 238664, true }, + { 238683, true }, + { 238704, true }, + { 238723, true }, + { 238755, true }, + { 238771, true }, + { 238792, true }, + { 238808, true }, + { 238827, true }, + { 238838, true }, + { 238858, true }, + { 238876, true }, + { 238887, true }, + { 238905, true }, + { 238916, true }, + { 238928, true }, + { 238940, true }, + { 238950, true }, + { 238964, true }, + { 238979, true }, + { 238989, true }, + { 239017, true }, + { 239029, false }, + { 239040, true }, + { 239054, true }, + { 239067, true }, + { 239082, true }, + { 239093, true }, + { 239116, true }, + { 239132, true }, + { 239155, true }, + { 239164, true }, + { 239180, true }, + { 239202, true }, + { 239214, true }, + { 239225, true }, + { 239237, true }, + { 239252, true }, + { 239266, true }, + { 239280, true }, + { 239291, true }, + { 239303, true }, + { 239315, true }, + { 239326, true }, + { 239333, true }, + { 239352, true }, + { 239370, true }, + { 239378, true }, + { 239391, true }, + { 239400, true }, + { 239409, true }, + { 239424, true }, + { 239434, true }, + { 239449, false }, + { 239457, true }, + { 239471, true }, + { 239489, false }, + { 239500, true }, + { 239511, true }, + { 239522, true }, + { 239546, true }, + { 239565, false }, + { 239575, true }, + { 239583, true }, + { 239597, true }, + { 239610, true }, + { 239626, true }, + { 239650, true }, + { 239657, true }, + { 239669, true }, + { 239677, true }, + { 239689, true }, + { 239700, true }, + { 239713, true }, + { 239731, true }, + { 239749, true }, + { 239760, true }, + { 239774, true }, + { 239794, true }, + { 239809, true }, + { 239826, true }, + { 239842, true }, + { 239855, true }, + { 239866, true }, + { 239881, true }, + { 239902, true }, + { 239913, true }, + { 239931, true }, + { 239946, true }, + { 239964, false }, + { 239983, true }, + { 239999, true }, + { 240014, true }, + { 240030, true }, + { 240051, true }, + { 240071, true }, + { 240084, true }, + { 240098, true }, + { 240111, true }, + { 240121, true }, + { 240131, true }, + { 240156, true }, + { 240171, true }, + { 240196, true }, + { 240216, true }, + { 240232, true }, + { 240247, true }, + { 240263, true }, + { 240274, true }, + { 240285, true }, + { 240296, true }, + { 240309, true }, + { 240332, true }, + { 240348, true }, + { 240364, true }, + { 240383, true }, + { 240401, true }, + { 240413, false }, + { 240423, true }, + { 240440, true }, + { 240466, true }, + { 240490, true }, + { 240516, true }, + { 240540, true }, + { 240553, true }, + { 240568, true }, + { 240579, true }, + { 240594, true }, + { 240603, true }, + { 240616, true }, + { 240628, true }, + { 240640, true }, + { 240654, true }, + { 240664, true }, + { 240677, true }, + { 240690, true }, + { 240706, true }, + { 240720, true }, + { 240734, true }, + { 240751, true }, + { 240767, true }, + { 240783, true }, + { 240801, true }, + { 240817, true }, + { 240830, true }, + { 240846, true }, + { 240861, true }, + { 240879, true }, + { 240898, true }, + { 240913, true }, + { 240925, true }, + { 240939, true }, + { 240956, true }, + { 240975, true }, + { 240995, false }, + { 241011, true }, + { 241022, true }, + { 241048, true }, + { 241057, true }, + { 241072, true }, + { 241083, true }, + { 241103, true }, + { 241124, true }, + { 241139, true }, + { 241160, false }, + { 241181, true }, + { 241211, false }, + { 241228, true }, + { 241239, true }, + { 241258, true }, + { 241273, true }, + { 241284, true }, + { 241298, true }, + { 241312, true }, + { 241335, true }, + { 241352, true }, + { 241380, true }, + { 241392, true }, + { 241415, true }, + { 241438, true }, + { 241446, true }, + { 241458, true }, + { 241471, true }, + { 241498, true }, + { 241508, true }, + { 241519, true }, + { 241528, true }, + { 241543, true }, + { 241555, true }, + { 241578, true }, + { 241595, true }, + { 241609, true }, + { 241619, true }, + { 241646, true }, + { 241658, true }, + { 241668, true }, + { 241689, true }, + { 241700, true }, + { 241713, true }, + { 241728, true }, + { 241741, true }, + { 241756, true }, + { 241771, true }, + { 241789, true }, + { 241803, true }, + { 241821, true }, + { 241832, true }, + { 241842, true }, + { 241855, true }, + { 241864, true }, + { 241879, true }, + { 241894, true }, + { 241903, true }, + { 241912, false }, + { 241929, true }, + { 241943, true }, + { 241952, false }, + { 241963, true }, + { 241974, true }, + { 241989, true }, + { 242005, true }, + { 242020, true }, + { 242035, true }, + { 242043, true }, + { 242060, true }, + { 242074, true }, + { 242094, true }, + { 242106, true }, + { 242117, true }, + { 242131, true }, + { 242143, true }, + { 242153, true }, + { 242168, true }, + { 242193, true }, + { 242211, true }, + { 242228, true }, + { 242245, true }, + { 242271, true }, + { 242279, true }, + { 242306, true }, + { 242324, true }, + { 242343, true }, + { 242355, true }, + { 242368, true }, + { 242387, true }, + { 242402, true }, + { 242426, true }, + { 242444, true }, + { 242459, true }, + { 242477, true }, + { 242500, true }, + { 242511, true }, + { 242527, true }, + { 242540, true }, + { 242555, true }, + { 242590, true }, + { 242605, true }, + { 242626, true }, + { 242640, true }, + { 242659, true }, + { 242670, true }, + { 242694, true }, + { 242710, true }, + { 242720, true }, + { 242731, true }, + { 242747, true }, + { 242767, true }, + { 242780, true }, + { 242791, true }, + { 242799, true }, + { 242816, true }, + { 242843, true }, + { 242855, true }, + { 242874, true }, + { 242893, true }, + { 242918, true }, + { 242939, true }, + { 242962, true }, + { 242982, true }, + { 242997, true }, + { 243020, true }, + { 243041, true }, + { 243060, true }, + { 243073, true }, + { 243088, true }, + { 243108, true }, + { 243118, true }, + { 243137, true }, + { 243154, true }, + { 243170, true }, + { 243186, true }, + { 243200, true }, + { 243210, true }, + { 243223, false }, + { 243240, true }, + { 243251, true }, + { 243258, true }, + { 243272, true }, + { 243281, true }, + { 243303, true }, + { 243316, true }, + { 243334, true }, + { 243349, true }, + { 243359, true }, + { 243379, true }, + { 243396, true }, + { 243413, true }, + { 243423, true }, + { 243433, true }, + { 243447, true }, + { 243459, true }, + { 243469, true }, + { 243484, true }, + { 243492, true }, + { 243516, true }, + { 243540, true }, + { 243548, true }, + { 243561, true }, + { 243578, false }, + { 243591, true }, + { 243605, true }, + { 243618, true }, + { 243627, true }, + { 243639, false }, + { 243659, true }, + { 243671, true }, + { 243683, true }, + { 243694, true }, + { 243705, true }, + { 243716, true }, + { 243727, true }, + { 243738, true }, + { 243749, true }, + { 243762, true }, + { 243775, true }, + { 243785, true }, + { 243800, true }, + { 243810, true }, + { 243821, true }, + { 243835, true }, + { 243846, true }, + { 243865, true }, + { 243883, true }, + { 243904, false }, + { 243930, true }, + { 243942, true }, + { 243959, true }, + { 243973, true }, + { 243985, true }, + { 243999, true }, + { 244012, true }, + { 244025, true }, + { 244056, true }, + { 244085, true }, + { 244099, true }, + { 244115, false }, + { 244128, true }, + { 244139, true }, + { 244153, true }, + { 244165, true }, + { 244186, true }, + { 244199, true }, + { 244211, true }, + { 244224, true }, + { 244241, true }, + { 244256, true }, + { 244272, true }, + { 244284, true }, + { 244294, false }, + { 244308, true }, + { 244328, true }, + { 244346, true }, + { 244362, true }, + { 244380, true }, + { 244393, true }, + { 244406, true }, + { 244419, true }, + { 244432, true }, + { 244452, true }, + { 244463, true }, + { 244473, true }, + { 244482, true }, + { 244493, true }, + { 244504, true }, + { 244515, true }, + { 244524, true }, + { 244538, true }, + { 244550, true }, + { 244574, true }, + { 244587, true }, + { 244601, true }, + { 244613, true }, + { 244630, true }, + { 244652, true }, + { 244667, true }, + { 244681, true }, + { 244692, true }, + { 244712, true }, + { 244730, true }, + { 244752, true }, + { 244774, true }, + { 244792, true }, + { 244805, true }, + { 244813, true }, + { 244825, true }, + { 244839, true }, + { 244854, true }, + { 244877, true }, + { 244888, true }, + { 244902, true }, + { 244915, false }, + { 244930, true }, + { 244942, true }, + { 244966, true }, + { 244981, true }, + { 244994, true }, + { 245006, true }, + { 245019, true }, + { 245039, true }, + { 245049, true }, + { 245057, true }, + { 245073, true }, + { 245085, false }, + { 245099, true }, + { 245113, true }, + { 245125, true }, + { 245139, true }, + { 245161, true }, + { 245183, true }, + { 245198, true }, + { 245212, true }, + { 245230, true }, + { 245247, true }, + { 245260, true }, + { 245286, true }, + { 245302, true }, + { 245325, true }, + { 245335, true }, + { 245346, true }, + { 245360, true }, + { 245372, true }, + { 245387, true }, + { 245415, true }, + { 245443, false }, + { 245453, true }, + { 245476, true }, + { 245503, true }, + { 245513, true }, + { 245524, true }, + { 245537, true }, + { 245544, true }, + { 245555, true }, + { 245569, true }, + { 245597, true }, + { 245607, true }, + { 245620, true }, + { 245629, true }, + { 245639, true }, + { 245659, true }, + { 245673, true }, + { 245682, true }, + { 245693, true }, + { 245709, true }, + { 245724, true }, + { 245746, true }, + { 245764, true }, + { 245780, true }, + { 245802, true }, + { 245825, true }, + { 245839, true }, + { 245852, true }, + { 245868, true }, + { 245886, true }, + { 245905, true }, + { 245928, true }, + { 245943, true }, + { 245957, true }, + { 245973, true }, + { 245986, true }, + { 246000, true }, + { 246009, true }, + { 246022, false }, + { 246033, true }, + { 246044, true }, + { 246059, true }, + { 246069, true }, + { 246081, true }, + { 246091, true }, + { 246102, true }, + { 246120, true }, + { 246140, true }, + { 246154, true }, + { 246165, true }, + { 246174, true }, + { 246188, true }, + { 246197, true }, + { 246208, false }, + { 246222, true }, + { 246245, true }, + { 246259, true }, + { 246275, true }, + { 246288, true }, + { 246302, true }, + { 246323, true }, + { 246337, true }, + { 246353, true }, + { 246373, true }, + { 246383, true }, + { 246391, true }, + { 246400, true }, + { 246412, true }, + { 246423, true }, + { 246438, true }, + { 246452, true }, + { 246469, true }, + { 246479, true }, + { 246488, true }, + { 246507, true }, + { 246516, true }, + { 246526, true }, + { 246540, true }, + { 246558, true }, + { 246574, true }, + { 246584, true }, + { 246604, true }, + { 246618, true }, + { 246633, true }, + { 246650, true }, + { 246668, true }, + { 246695, true }, + { 246707, true }, + { 246721, true }, + { 246746, true }, + { 246771, true }, + { 246783, true }, + { 246793, true }, + { 246812, true }, + { 246825, true }, + { 246849, false }, + { 246868, true }, + { 246896, true }, + { 246910, true }, + { 246928, true }, + { 246941, true }, + { 246954, true }, + { 246968, true }, + { 246980, true }, + { 246991, true }, + { 247005, true }, + { 247033, true }, + { 247046, true }, + { 247062, true }, + { 247078, true }, + { 247093, true }, + { 247119, true }, + { 247139, true }, + { 247156, false }, + { 247170, true }, + { 247192, true }, + { 247208, true }, + { 247245, true }, + { 247272, true }, + { 247291, true }, + { 247309, true }, + { 247327, true }, + { 247335, true }, + { 247351, true }, + { 247366, true }, + { 247374, true }, + { 247385, true }, + { 247393, true }, + { 247405, true }, + { 247416, true }, + { 247435, true }, + { 247451, true }, + { 247464, true }, + { 247477, true }, + { 247490, true }, + { 247504, true }, + { 247520, true }, + { 247538, true }, + { 247554, true }, + { 247568, true }, + { 247583, true }, + { 247598, true }, + { 247612, true }, + { 247626, true }, + { 247639, true }, + { 247651, true }, + { 247663, true }, + { 247675, true }, + { 247690, true }, + { 247704, true }, + { 247717, true }, + { 247735, true }, + { 247747, true }, + { 247773, true }, + { 247792, true }, + { 247815, true }, + { 247828, true }, + { 247836, true }, + { 247855, true }, + { 247867, true }, + { 247885, true }, + { 247902, true }, + { 247912, true }, + { 247923, true }, + { 247935, true }, + { 247955, true }, + { 247979, true }, + { 247991, true }, + { 248002, true }, + { 248015, true }, + { 248033, true }, + { 248042, true }, + { 248060, true }, + { 248070, true }, + { 248077, true }, + { 248085, true }, + { 248096, true }, + { 248110, true }, + { 248124, true }, + { 248137, true }, + { 248147, false }, + { 248160, true }, + { 248168, true }, + { 248181, true }, + { 248192, true }, + { 248205, true }, + { 248215, true }, + { 248227, true }, + { 248235, true }, + { 248241, true }, + { 248261, true }, + { 248273, true }, + { 248282, true }, + { 248289, true }, + { 248300, true }, + { 248311, true }, + { 248326, true }, + { 248338, true }, + { 248356, true }, + { 248375, true }, + { 248388, true }, + { 248402, true }, + { 248414, true }, + { 248425, true }, + { 248443, true }, + { 248454, true }, + { 248467, true }, + { 248482, true }, + { 248500, true }, + { 248517, true }, + { 248539, true }, + { 248557, true }, + { 248572, true }, + { 248585, true }, + { 248597, true }, + { 248613, true }, + { 248627, true }, + { 248639, true }, + { 248652, true }, + { 248664, true }, + { 248676, true }, + { 248689, true }, + { 248698, true }, + { 248715, true }, + { 248728, false }, + { 248739, true }, + { 248757, true }, + { 248777, true }, + { 248791, true }, + { 248799, true }, + { 248814, false }, + { 248821, true }, + { 248840, true }, + { 248859, true }, + { 248885, true }, + { 248896, true }, + { 248908, true }, + { 248932, true }, + { 248945, false }, + { 248960, true }, + { 248971, true }, + { 248982, true }, + { 248996, true }, + { 249027, false }, + { 249038, false }, + { 249049, false }, + { 249061, true }, + { 249075, true }, + { 249088, true }, + { 249101, true }, + { 249114, true }, + { 249136, false }, + { 249146, true }, + { 249166, true }, + { 249180, true }, + { 249197, false }, + { 249212, false }, + { 249228, true }, + { 249241, true }, + { 249252, true }, + { 249265, true }, + { 249287, true }, + { 249307, true }, + { 249327, true }, + { 249341, true }, + { 249354, true }, + { 249374, true }, + { 249385, true }, + { 249403, true }, + { 249423, true }, + { 249443, true }, + { 249469, true }, + { 249489, true }, + { 249512, true }, + { 249533, true }, + { 249550, true }, + { 249569, true }, + { 249587, true }, + { 249611, true }, + { 249631, true }, + { 249654, true }, + { 249674, true }, + { 249696, true }, + { 249715, true }, + { 249725, true }, + { 249733, true }, + { 249744, true }, + { 249755, true }, + { 249767, true }, + { 249778, true }, + { 249787, true }, + { 249796, true }, + { 249807, true }, + { 249821, true }, + { 249832, true }, + { 249845, true }, + { 249858, true }, + { 249868, true }, + { 249888, true }, + { 249900, true }, + { 249913, true }, + { 249927, true }, + { 249935, true }, + { 249950, true }, + { 249961, true }, + { 249969, true }, + { 249979, true }, + { 249996, true }, + { 250008, true }, + { 250022, true }, + { 250045, true }, + { 250058, true }, + { 250088, true }, + { 250111, true }, + { 250126, true }, + { 250143, true }, + { 250165, true }, + { 250187, true }, + { 250208, true }, + { 250223, true }, + { 250238, true }, + { 250250, true }, + { 250261, true }, + { 250270, true }, + { 250282, true }, + { 250298, true }, + { 250309, true }, + { 250321, true }, + { 250337, true }, + { 250351, true }, + { 250364, true }, + { 250377, true }, + { 250390, true }, + { 250403, true }, + { 250416, true }, + { 250440, true }, + { 250453, true }, + { 250461, true }, + { 250478, true }, + { 250489, false }, + { 250505, true }, + { 250518, true }, + { 250532, true }, + { 250543, true }, + { 250556, true }, + { 250566, true }, + { 250578, true }, + { 250597, true }, + { 250620, true }, + { 250640, true }, + { 250655, true }, + { 250666, true }, + { 250674, true }, + { 250684, true }, + { 250700, true }, + { 250712, true }, + { 250727, true }, + { 250742, true }, + { 250757, true }, + { 250773, true }, + { 250783, true }, + { 250797, true }, + { 250814, false }, + { 250833, true }, + { 250847, true }, + { 250855, true }, + { 250863, true }, + { 250870, true }, + { 250893, true }, + { 250909, true }, + { 250931, true }, + { 250951, true }, + { 250961, true }, + { 250975, true }, + { 250994, true }, + { 251009, true }, + { 251034, true }, + { 251054, false }, + { 251068, false }, + { 251082, false }, + { 251096, false }, + { 251110, false }, + { 251124, false }, + { 251139, false }, + { 251153, false }, + { 251167, false }, + { 251181, true }, + { 251201, true }, + { 251213, true }, + { 251225, true }, + { 251243, true }, + { 251255, true }, + { 251270, true }, + { 251290, true }, + { 251306, true }, + { 251317, true }, + { 251330, true }, + { 251354, true }, + { 251370, true }, + { 251387, true }, + { 251411, true }, + { 251429, true }, + { 251447, true }, + { 251458, true }, + { 251467, true }, + { 251482, true }, + { 251494, true }, + { 251508, true }, + { 251527, true }, + { 251544, true }, + { 251557, true }, + { 251572, true }, + { 251582, true }, + { 251594, true }, + { 251608, true }, + { 251625, false }, + { 251640, true }, + { 251651, true }, + { 251668, true }, + { 251681, true }, + { 251696, true }, + { 251708, true }, + { 251717, true }, + { 251734, true }, + { 251742, true }, + { 251752, true }, + { 251762, true }, + { 251772, true }, + { 251780, true }, + { 251789, false }, + { 251809, true }, + { 251818, true }, + { 251830, true }, + { 251839, true }, + { 251856, false }, + { 251876, true }, + { 251885, true }, + { 251894, true }, + { 251918, true }, + { 251937, false }, + { 251947, true }, + { 251962, true }, + { 251973, true }, + { 251986, true }, + { 252005, true }, + { 252021, true }, + { 252033, true }, + { 252049, true }, + { 252069, true }, + { 252087, true }, + { 252097, false }, + { 252113, true }, + { 252128, true }, + { 252148, true }, + { 252162, true }, + { 252176, true }, + { 252192, true }, + { 252211, true }, + { 252230, true }, + { 252243, true }, + { 252264, true }, + { 252277, true }, + { 252289, true }, + { 252305, true }, + { 252315, true }, + { 252330, true }, + { 252344, true }, + { 252354, true }, + { 252368, true }, + { 252384, true }, + { 252398, true }, + { 252421, true }, + { 252438, true }, + { 252457, true }, + { 252467, true }, + { 252481, true }, + { 252495, true }, + { 252504, true }, + { 252520, true }, + { 252530, true }, + { 252543, true }, + { 252552, true }, + { 252563, true }, + { 252580, true }, + { 252590, true }, + { 252600, true }, + { 252619, true }, + { 252636, true }, + { 252645, true }, + { 252658, true }, + { 252673, true }, + { 252687, true }, + { 252701, true }, + { 252720, true }, + { 252738, true }, + { 252754, false }, + { 252769, true }, + { 252782, true }, + { 252792, true }, + { 252800, true }, + { 252817, true }, + { 252828, true }, + { 252854, true }, + { 252871, true }, + { 252888, true }, + { 252904, true }, + { 252915, true }, + { 252927, true }, + { 252941, true }, + { 252952, true }, + { 252964, true }, + { 252976, true }, + { 252986, true }, + { 253001, true }, + { 253015, true }, + { 253028, true }, + { 253039, true }, + { 253053, true }, + { 253068, false }, + { 253079, true }, + { 253090, true }, + { 253102, true }, + { 253113, true }, + { 253123, true }, + { 253132, true }, + { 253144, true }, + { 253152, true }, + { 253160, true }, + { 253168, true }, + { 253178, true }, + { 253192, true }, + { 253204, true }, + { 253226, true }, + { 253242, false }, + { 253255, true }, + { 253274, true }, + { 253284, true }, + { 253295, true }, + { 253307, false }, + { 253318, true }, + { 253329, true }, + { 253346, true }, + { 253359, true }, + { 253369, true }, + { 253380, true }, + { 253397, true }, + { 253413, true }, + { 253427, true }, + { 253450, true }, + { 253461, true }, + { 253489, true }, + { 253507, true }, + { 253525, true }, + { 253539, true }, + { 253552, true }, + { 253562, false }, + { 253582, true }, + { 253589, true }, + { 253597, true }, + { 253612, true }, + { 253620, true }, + { 253630, true }, + { 253661, true }, + { 253678, true }, + { 253690, true }, + { 253702, true }, + { 253712, true }, + { 253722, true }, + { 253734, true }, + { 253745, true }, + { 253771, true }, + { 253786, true }, + { 253799, true }, + { 253807, true }, + { 253821, true }, + { 253832, true }, + { 253853, true }, + { 253871, true }, + { 253887, true }, + { 253897, true }, + { 253908, true }, + { 253915, true }, + { 253929, true }, + { 253940, true }, + { 253947, true }, + { 253953, true }, + { 253962, true }, + { 253980, true }, + { 253996, true }, + { 254006, false }, + { 254020, true }, + { 254030, true }, + { 254048, true }, + { 254059, true }, + { 254068, true }, + { 254083, true }, + { 254093, true }, + { 254098, true }, + { 254112, true }, + { 254120, true }, + { 254131, true }, + { 254140, true }, + { 254150, true }, + { 254160, true }, + { 254174, true }, + { 254183, true }, + { 254207, true }, + { 254223, true }, + { 254243, true }, + { 254252, true }, + { 254269, true }, + { 254283, true }, + { 254296, true }, + { 254309, true }, + { 254318, true }, + { 254334, false }, + { 254345, true }, + { 254354, true }, + { 254365, true }, + { 254384, true }, + { 254397, true }, + { 254413, true }, + { 254425, true }, + { 254438, true }, + { 254451, true }, + { 254465, false }, + { 254478, false }, + { 254500, true }, + { 254517, true }, + { 254529, true }, + { 254551, true }, + { 254561, true }, + { 254573, true }, + { 254585, true }, + { 254596, true }, + { 254607, true }, + { 254621, true }, + { 254635, true }, + { 254650, true }, + { 254662, true }, + { 254680, true }, + { 254703, true }, + { 254713, true }, + { 254725, true }, + { 254741, true }, + { 254750, true }, + { 254761, true }, + { 254784, true }, + { 254800, true }, + { 254810, true }, + { 254830, true }, + { 254846, true }, + { 254861, true }, + { 254879, true }, + { 254897, true }, + { 254910, true }, + { 254936, true }, + { 254945, true }, + { 254965, true }, + { 254974, true }, + { 254985, true }, + { 254995, true }, + { 255010, true }, + { 255020, true }, + { 255033, true }, + { 255046, true }, + { 255061, true }, + { 255071, true }, + { 255094, true }, + { 255115, true }, + { 255136, true }, + { 255152, true }, + { 255174, true }, + { 255188, true }, + { 255199, false }, + { 255209, true }, + { 255223, true }, + { 255237, true }, + { 255255, true }, + { 255266, true }, + { 255286, true }, + { 255308, true }, + { 255330, true }, + { 255353, true }, + { 255376, true }, + { 255397, true }, + { 255421, true }, + { 255431, true }, + { 255446, false }, + { 255460, true }, + { 255471, true }, + { 255486, true }, + { 255513, true }, + { 255526, true }, + { 255539, true }, + { 255560, true }, + { 255580, true }, + { 255593, true }, + { 255619, true }, + { 255634, true }, + { 255646, true }, + { 255665, true }, + { 255691, true }, + { 255702, true }, + { 255720, true }, + { 255740, true }, + { 255759, true }, + { 255778, true }, + { 255791, true }, + { 255800, true }, + { 255821, true }, + { 255837, true }, + { 255850, true }, + { 255862, true }, + { 255873, true }, + { 255891, true }, + { 255914, true }, + { 255929, true }, + { 255954, true }, + { 255963, true }, + { 255971, true }, + { 255987, false }, + { 256002, true }, + { 256016, true }, + { 256028, true }, + { 256039, true }, + { 256051, true }, + { 256065, true }, + { 256079, true }, + { 256093, true }, + { 256110, true }, + { 256123, true }, + { 256143, true }, + { 256155, true }, + { 256169, true }, + { 256182, true }, + { 256196, true }, + { 256211, true }, + { 256233, true }, + { 256247, true }, + { 256260, true }, + { 256281, true }, + { 256298, true }, + { 256309, true }, + { 256325, true }, + { 256346, true }, + { 256362, true }, + { 256388, true }, + { 256402, true }, + { 256413, true }, + { 256427, true }, + { 256438, true }, + { 256449, true }, + { 256462, true }, + { 256480, true }, + { 256492, false }, + { 256505, true }, + { 256524, true }, + { 256538, true }, + { 256555, true }, + { 256569, true }, + { 256586, true }, + { 256597, true }, + { 256610, true }, + { 256624, true }, + { 256636, false }, + { 256661, true }, + { 256673, true }, + { 256691, true }, + { 256715, true }, + { 256725, true }, + { 256737, false }, + { 256763, true }, + { 256780, true }, + { 256792, true }, + { 256813, true }, + { 256823, true }, + { 256844, true }, + { 256853, true }, + { 256866, true }, + { 256882, false }, + { 256896, true }, + { 256913, true }, + { 256927, true }, + { 256950, true }, + { 256965, true }, + { 256973, true }, + { 256981, true }, + { 256989, true }, + { 256997, true }, + { 257005, true }, + { 257017, true }, + { 257031, true }, + { 257042, true }, + { 257060, true }, + { 257075, true }, + { 257085, true }, + { 257101, true }, + { 257117, true }, + { 257131, true }, + { 257145, true }, + { 257164, true }, + { 257172, true }, + { 257180, true }, + { 257194, true }, + { 257207, true }, + { 257222, true }, + { 257233, true }, + { 257249, true }, + { 257276, true }, + { 257289, true }, + { 257307, true }, + { 257319, true }, + { 257330, true }, + { 257355, true }, + { 257367, true }, + { 257382, false }, + { 257391, true }, + { 257402, true }, + { 257411, true }, + { 257421, true }, + { 257435, true }, + { 257458, true }, + { 257480, true }, + { 257498, true }, + { 257521, false }, + { 257540, true }, + { 257565, false }, + { 257584, true }, + { 257597, true }, + { 257607, true }, + { 257620, true }, + { 257632, true }, + { 257651, true }, + { 257663, true }, + { 257687, true }, + { 257715, true }, + { 257735, true }, + { 257746, true }, + { 257764, true }, + { 257783, true }, + { 257800, true }, + { 257828, true }, + { 257841, true }, + { 257866, true }, + { 257879, true }, + { 257894, true }, + { 257909, true }, + { 257920, true }, + { 257940, true }, + { 257951, true }, + { 257963, true }, + { 257978, true }, + { 257991, true }, + { 258009, true }, + { 258031, true }, + { 258046, true }, + { 258066, true }, + { 258081, true }, + { 258091, true }, + { 258105, true }, + { 258118, false }, + { 258129, true }, + { 258151, true }, + { 258170, true }, + { 258190, true }, + { 258209, true }, + { 258220, true }, + { 258236, true }, + { 258254, true }, + { 258269, true }, + { 258283, true }, + { 258295, true }, + { 258311, true }, + { 258329, true }, + { 258346, true }, + { 258357, true }, + { 258368, true }, + { 258380, true }, + { 258390, true }, + { 258402, true }, + { 258432, true }, + { 258443, true }, + { 258457, true }, + { 258471, true }, + { 258483, true }, + { 258501, true }, + { 258516, true }, + { 258535, true }, + { 258549, true }, + { 258563, true }, + { 258578, true }, + { 258609, true }, + { 258632, false }, + { 258649, true }, + { 258664, true }, + { 258675, true }, + { 258699, true }, + { 258720, true }, + { 258737, true }, + { 258755, true }, + { 258768, true }, + { 258780, true }, + { 258797, true }, + { 258820, true }, + { 258836, true }, + { 258854, true }, + { 258868, true }, + { 258894, true }, + { 258918, true }, + { 258941, true }, + { 258956, true }, + { 258978, true }, + { 258994, true }, + { 259008, true }, + { 259024, true }, + { 259040, true }, + { 259054, true }, + { 259073, true }, + { 259082, true }, + { 259097, true }, + { 259114, true }, + { 259124, true }, + { 259147, true }, + { 259159, true }, + { 259178, true }, + { 259204, true }, + { 259221, true }, + { 259240, true }, + { 259260, true }, + { 259275, true }, + { 259291, true }, + { 259306, true }, + { 259317, true }, + { 259331, true }, + { 259348, true }, + { 259364, true }, + { 259385, true }, + { 259404, true }, + { 259429, true }, + { 259446, true }, + { 259461, true }, + { 259484, true }, + { 259495, true }, + { 259513, true }, + { 259530, false }, + { 259542, true }, + { 259557, true }, + { 259573, true }, + { 259586, true }, + { 259602, false }, + { 259616, true }, + { 259636, true }, + { 259653, true }, + { 259668, true }, + { 259677, true }, + { 259694, true }, + { 259713, true }, + { 259729, true }, + { 259742, true }, + { 259761, true }, + { 259775, true }, + { 259800, true }, + { 259818, true }, + { 259841, true }, + { 259853, true }, + { 259868, true }, + { 259885, true }, + { 259900, true }, + { 259912, true }, + { 259930, true }, + { 259943, true }, + { 259953, true }, + { 259963, true }, + { 259975, true }, + { 259988, false }, + { 259998, true }, + { 260015, true }, + { 260043, true }, + { 260062, true }, + { 260079, true }, + { 260093, false }, + { 260116, true }, + { 260133, true }, + { 260148, true }, + { 260162, true }, + { 260177, true }, + { 260195, true }, + { 260209, true }, + { 260228, true }, + { 260242, true }, + { 260267, true }, + { 260300, true }, + { 260328, true }, + { 260336, true }, + { 260346, true }, + { 260372, true }, + { 260389, true }, + { 260403, true }, + { 260422, true }, + { 260436, true }, + { 260454, true }, + { 260469, true }, + { 260482, true }, + { 260495, true }, + { 260516, true }, + { 260535, true }, + { 260545, true }, + { 260564, true }, + { 260594, true }, + { 260608, true }, + { 260622, true }, + { 260634, true }, + { 260655, true }, + { 260670, true }, + { 260685, true }, + { 260700, true }, + { 260720, true }, + { 260732, true }, + { 260744, true }, + { 260764, true }, + { 260777, true }, + { 260793, true }, + { 260811, true }, + { 260829, true }, + { 260840, true }, + { 260857, true }, + { 260870, true }, + { 260883, true }, + { 260896, true }, + { 260907, true }, + { 260934, true }, + { 260950, true }, + { 260964, true }, + { 260976, true }, + { 260992, true }, + { 261007, true }, + { 261024, true }, + { 261051, true }, + { 261064, true }, + { 261083, true }, + { 261097, true }, + { 261110, true }, + { 261123, true }, + { 261134, true }, + { 261156, true }, + { 261166, true }, + { 261183, true }, + { 261198, true }, + { 261218, true }, + { 261232, true }, + { 261251, true }, + { 261264, true }, + { 261274, true }, + { 261287, true }, + { 261301, true }, + { 261312, true }, + { 261335, true }, + { 261344, true }, + { 261354, true }, + { 261363, false }, + { 261372, true }, + { 261382, true }, + { 261396, true }, + { 261411, true }, + { 261429, true }, + { 261453, true }, + { 261472, true }, + { 261486, true }, + { 261507, true }, + { 261530, true }, + { 261545, true }, + { 261559, true }, + { 261573, true }, + { 261598, true }, + { 261613, true }, + { 261634, true }, + { 261643, true }, + { 261655, false }, + { 261669, true }, + { 261684, true }, + { 261697, true }, + { 261711, true }, + { 261727, true }, + { 261742, true }, + { 261755, true }, + { 261764, true }, + { 261774, true }, + { 261790, true }, + { 261802, true }, + { 261816, true }, + { 261832, true }, + { 261856, true }, + { 261866, true }, + { 261892, true }, + { 261920, true }, + { 261936, true }, + { 261961, true }, + { 261974, true }, + { 261995, true }, + { 262012, true }, + { 262032, true }, + { 262045, true }, + { 262056, true }, + { 262073, true }, + { 262089, true }, + { 262108, true }, + { 262121, true }, + { 262135, true }, + { 262148, true }, + { 262172, true }, + { 262182, true }, + { 262194, true }, + { 262205, true }, + { 262222, true }, + { 262248, true }, + { 262266, false }, + { 262276, true }, + { 262291, true }, + { 262305, true }, + { 262320, true }, + { 262336, true }, + { 262348, false }, + { 262361, true }, + { 262374, true }, + { 262394, true }, + { 262411, true }, + { 262422, true }, + { 262437, true }, + { 262451, true }, + { 262471, true }, + { 262487, true }, + { 262504, true }, + { 262527, true }, + { 262546, true }, + { 262563, true }, + { 262574, true }, + { 262588, true }, + { 262609, true }, + { 262628, true }, + { 262644, true }, + { 262662, true }, + { 262683, true }, + { 262700, true }, + { 262713, true }, + { 262731, true }, + { 262745, true }, + { 262765, true }, + { 262776, true }, + { 262785, true }, + { 262806, false }, + { 262823, false }, + { 262846, true }, + { 262864, true }, + { 262880, true }, + { 262898, true }, + { 262910, true }, + { 262923, true }, + { 262936, true }, + { 262952, true }, + { 262964, true }, + { 262972, true }, + { 262987, true }, + { 263003, false }, + { 263015, true }, + { 263028, true }, + { 263050, true }, + { 263060, true }, + { 263073, true }, + { 263087, true }, + { 263102, true }, + { 263116, true }, + { 263131, true }, + { 263141, true }, + { 263160, true }, + { 263173, true }, + { 263188, true }, + { 263203, true }, + { 263222, true }, + { 263244, true }, + { 263262, true }, + { 263281, true }, + { 263299, true }, + { 263314, true }, + { 263326, true }, + { 263337, true }, + { 263351, true }, + { 263367, true }, + { 263380, true }, + { 263399, false }, + { 263421, true }, + { 263438, true }, + { 263457, true }, + { 263466, true }, + { 263479, true }, + { 263491, true }, + { 263503, true }, + { 263521, true }, + { 263538, true }, + { 263556, true }, + { 263578, true }, + { 263597, true }, + { 263614, true }, + { 263627, true }, + { 263646, true }, + { 263659, true }, + { 263667, true }, + { 263680, true }, + { 263692, true }, + { 263706, true }, + { 263727, true }, + { 263739, false }, + { 263759, true }, + { 263769, true }, + { 263777, true }, + { 263788, false }, + { 263797, false }, + { 263813, true }, + { 263829, true }, + { 263844, true }, + { 263852, false }, + { 263870, true }, + { 263881, true }, + { 263894, true }, + { 263910, true }, + { 263929, true }, + { 263940, false }, + { 263955, true }, + { 263967, true }, + { 263980, true }, + { 263996, true }, + { 264010, true }, + { 264034, true }, + { 264046, true }, + { 264059, true }, + { 264076, false }, + { 264093, true }, + { 264100, true }, + { 264108, true }, + { 264117, true }, + { 264129, true }, + { 264152, true }, + { 264166, true }, + { 264180, true }, + { 264211, true }, + { 264228, true }, + { 264242, true }, + { 264259, true }, + { 264270, true }, + { 264284, true }, + { 264296, true }, + { 264308, true }, + { 264324, true }, + { 264339, true }, + { 264346, true }, + { 264367, true }, + { 264390, true }, + { 264401, true }, + { 264412, true }, + { 264424, true }, + { 264432, true }, + { 264453, true }, + { 264465, false }, + { 264475, true }, + { 264487, true }, + { 264499, true }, + { 264511, true }, + { 264526, true }, + { 264557, true }, + { 264586, true }, + { 264600, true }, + { 264608, true }, + { 264620, true }, + { 264632, true }, + { 264640, true }, + { 264649, true }, + { 264662, true }, + { 264674, true }, + { 264684, true }, + { 264695, true }, + { 264706, true }, + { 264717, true }, + { 264724, true }, + { 264735, true }, + { 264744, true }, + { 264758, true }, + { 264772, true }, + { 264782, true }, + { 264802, true }, + { 264814, false }, + { 264824, true }, + { 264834, true }, + { 264843, true }, + { 264860, true }, + { 264883, true }, + { 264895, true }, + { 264918, false }, + { 264939, true }, + { 264951, true }, + { 264964, true }, + { 264973, true }, + { 264987, true }, + { 265000, true }, + { 265014, true }, + { 265029, true }, + { 265041, true }, + { 265058, true }, + { 265074, true }, + { 265094, true }, + { 265112, true }, + { 265128, true }, + { 265146, true }, + { 265159, true }, + { 265173, true }, + { 265190, true }, + { 265207, true }, + { 265219, true }, + { 265234, true }, + { 265249, true }, + { 265263, true }, + { 265278, true }, + { 265294, true }, + { 265307, true }, + { 265321, true }, + { 265334, true }, + { 265352, true }, + { 265366, true }, + { 265392, true }, + { 265410, true }, + { 265424, true }, + { 265436, true }, + { 265452, true }, + { 265479, false }, + { 265497, true }, + { 265514, true }, + { 265534, true }, + { 265556, true }, + { 265571, true }, + { 265582, true }, + { 265596, true }, + { 265607, true }, + { 265621, true }, + { 265637, true }, + { 265648, true }, + { 265659, true }, + { 265671, true }, + { 265688, true }, + { 265702, true }, + { 265724, true }, + { 265738, true }, + { 265749, true }, + { 265759, true }, + { 265788, true }, + { 265800, true }, + { 265829, true }, + { 265840, true }, + { 265855, true }, + { 265871, true }, + { 265897, true }, + { 265915, true }, + { 265932, true }, + { 265951, true }, + { 265965, true }, + { 265982, true }, + { 265998, true }, + { 266018, true }, + { 266032, true }, + { 266051, true }, + { 266067, true }, + { 266078, true }, + { 266086, true }, + { 266098, true }, + { 266115, true }, + { 266132, true }, + { 266151, true }, + { 266175, true }, + { 266188, true }, + { 266200, true }, + { 266212, true }, + { 266234, true }, + { 266248, true }, + { 266261, true }, + { 266277, true }, + { 266291, true }, + { 266304, true }, + { 266316, true }, + { 266328, true }, + { 266342, true }, + { 266359, true }, + { 266375, true }, + { 266388, true }, + { 266401, true }, + { 266411, true }, + { 266429, true }, + { 266444, false }, + { 266457, true }, + { 266477, true }, + { 266490, true }, + { 266502, true }, + { 266517, true }, + { 266529, true }, + { 266540, true }, + { 266563, true }, + { 266577, true }, + { 266601, true }, + { 266619, true }, + { 266640, true }, + { 266667, true }, + { 266680, true }, + { 266699, true }, + { 266725, true }, + { 266742, true }, + { 266770, true }, + { 266792, true }, + { 266813, true }, + { 266824, true }, + { 266834, true }, + { 266845, true }, + { 266862, true }, + { 266875, true }, + { 266889, true }, + { 266908, true }, + { 266929, true }, + { 266946, true }, + { 266963, true }, + { 266991, true }, + { 267012, true }, + { 267034, false }, + { 267056, false }, + { 267068, true }, + { 267093, true }, + { 267108, true }, + { 267116, true }, + { 267137, true }, + { 267169, true }, + { 267181, true }, + { 267201, true }, + { 267219, false }, + { 267235, true }, + { 267252, true }, + { 267264, true }, + { 267279, true }, + { 267297, true }, + { 267309, true }, + { 267327, true }, + { 267337, true }, + { 267349, true }, + { 267367, true }, + { 267393, false }, + { 267422, true }, + { 267433, true }, + { 267457, true }, + { 267465, true }, + { 267480, true }, + { 267495, true }, + { 267510, true }, + { 267526, true }, + { 267538, true }, + { 267549, true }, + { 267564, true }, + { 267593, true }, + { 267608, true }, + { 267621, true }, + { 267635, true }, + { 267647, true }, + { 267666, true }, + { 267677, true }, + { 267703, true }, + { 267712, true }, + { 267726, true }, + { 267737, true }, + { 267747, true }, + { 267758, true }, + { 267781, true }, + { 267808, true }, + { 267826, true }, + { 267854, true }, + { 267881, true }, + { 267907, true }, + { 267923, true }, + { 267940, true }, + { 267959, true }, + { 267990, true }, + { 268000, true }, + { 268015, true }, + { 268026, true }, + { 268049, true }, + { 268067, true }, + { 268080, true }, + { 268095, true }, + { 268114, true }, + { 268136, true }, + { 268155, true }, + { 268174, true }, + { 268190, true }, + { 268204, true }, + { 268221, true }, + { 268236, true }, + { 268255, false }, + { 268275, true }, + { 268294, true }, + { 268315, true }, + { 268328, true }, + { 268338, true }, + { 268348, true }, + { 268360, true }, + { 268374, true }, + { 268384, true }, + { 268398, true }, + { 268416, true }, + { 268427, true }, + { 268443, true }, + { 268459, true }, + { 268473, true }, + { 268487, true }, + { 268496, false }, + { 268506, true }, + { 268519, true }, + { 268531, true }, + { 268560, true }, + { 268580, false }, + { 268594, true }, + { 268606, true }, + { 268619, true }, + { 268634, true }, + { 268643, true }, + { 268653, true }, + { 268665, true }, + { 268673, true }, + { 268687, true }, + { 268700, true }, + { 268713, true }, + { 268730, true }, + { 268744, true }, + { 268765, true }, + { 268775, true }, + { 268787, true }, + { 268805, true }, + { 268820, true }, + { 268836, true }, + { 268851, true }, + { 268863, true }, + { 268875, true }, + { 268887, true }, + { 268899, true }, + { 268911, true }, + { 268923, true }, + { 268935, true }, + { 268947, true }, + { 268963, true }, + { 268976, true }, + { 268990, true }, + { 269012, true }, + { 269026, true }, + { 269037, true }, + { 269054, true }, + { 269074, true }, + { 269090, true }, + { 269104, true }, + { 269117, true }, + { 269129, true }, + { 269142, true }, + { 269161, true }, + { 269179, true }, + { 269190, true }, + { 269207, true }, + { 269220, true }, + { 269229, true }, + { 269237, true }, + { 269252, true }, + { 269269, true }, + { 269281, true }, + { 269295, false }, + { 269305, true }, + { 269316, true }, + { 269329, true }, + { 269340, true }, + { 269349, false }, + { 269365, true }, + { 269376, true }, + { 269388, true }, + { 269403, true }, + { 269412, true }, + { 269423, true }, + { 269435, true }, + { 269447, true }, + { 269463, true }, + { 269475, true }, + { 269486, true }, + { 269510, true }, + { 269525, true }, + { 269538, true }, + { 269547, true }, + { 269554, true }, + { 269561, true }, + { 269576, true }, + { 269596, true }, + { 269609, true }, + { 269620, true }, + { 269635, true }, + { 269648, true }, + { 269668, true }, + { 269686, true }, + { 269700, false }, + { 269715, true }, + { 269727, true }, + { 269745, true }, + { 269766, true }, + { 269787, true }, + { 269809, true }, + { 269828, true }, + { 269847, true }, + { 269866, true }, + { 269887, true }, + { 269906, true }, + { 269923, true }, + { 269945, true }, + { 269964, true }, + { 269984, true }, + { 270001, true }, + { 270021, true }, + { 270040, true }, + { 270058, true }, + { 270076, true }, + { 270098, true }, + { 270115, true }, + { 270133, true }, + { 270150, true }, + { 270164, true }, + { 270181, true }, + { 270197, true }, + { 270214, true }, + { 270231, true }, + { 270252, true }, + { 270267, true }, + { 270277, true }, + { 270299, true }, + { 270323, true }, + { 270344, true }, + { 270353, true }, + { 270364, true }, + { 270381, true }, + { 270389, true }, + { 270402, true }, + { 270437, true }, + { 270453, true }, + { 270464, true }, + { 270485, true }, + { 270500, true }, + { 270513, true }, + { 270528, true }, + { 270541, true }, + { 270554, true }, + { 270592, true }, + { 270604, true }, + { 270614, true }, + { 270629, true }, + { 270655, true }, + { 270677, true }, + { 270703, true }, + { 270714, true }, + { 270734, true }, + { 270756, true }, + { 270767, true }, + { 270788, true }, + { 270808, true }, + { 270836, true }, + { 270858, true }, + { 270874, true }, + { 270883, true }, + { 270892, true }, + { 270902, true }, + { 270927, true }, + { 270937, true }, + { 270955, true }, + { 270974, true }, + { 270992, true }, + { 271010, true }, + { 271029, true }, + { 271045, true }, + { 271055, true }, + { 271066, true }, + { 271084, true }, + { 271104, true }, + { 271125, true }, + { 271138, true }, + { 271156, true }, + { 271175, true }, + { 271184, true }, + { 271193, true }, + { 271204, true }, + { 271217, true }, + { 271232, true }, + { 271246, true }, + { 271261, true }, + { 271271, true }, + { 271287, true }, + { 271298, true }, + { 271316, true }, + { 271332, true }, + { 271348, true }, + { 271373, true }, + { 271382, true }, + { 271396, true }, + { 271411, true }, + { 271425, true }, + { 271438, true }, + { 271452, true }, + { 271468, true }, + { 271482, true }, + { 271490, true }, + { 271503, true }, + { 271515, true }, + { 271528, true }, + { 271540, true }, + { 271550, true }, + { 271573, false }, + { 271583, true }, + { 271597, true }, + { 271611, true }, + { 271623, true }, + { 271632, true }, + { 271647, true }, + { 271666, true }, + { 271677, true }, + { 271690, true }, + { 271708, true }, + { 271725, true }, + { 271739, true }, + { 271760, true }, + { 271776, true }, + { 271789, false }, + { 271807, true }, + { 271820, true }, + { 271832, true }, + { 271847, true }, + { 271868, true }, + { 271892, true }, + { 271908, true }, + { 271920, true }, + { 271933, true }, + { 271948, true }, + { 271960, true }, + { 271970, true }, + { 271984, true }, + { 271999, true }, + { 272016, true }, + { 272027, true }, + { 272041, true }, + { 272052, true }, + { 272066, true }, + { 272078, true }, + { 272089, true }, + { 272099, true }, + { 272113, true }, + { 272127, true }, + { 272139, true }, + { 272166, true }, + { 272180, true }, + { 272202, true }, + { 272224, true }, + { 272238, true }, + { 272253, true }, + { 272269, false }, + { 272282, true }, + { 272295, true }, + { 272309, true }, + { 272323, true }, + { 272338, true }, + { 272352, true }, + { 272364, true }, + { 272383, true }, + { 272403, true }, + { 272421, true }, + { 272440, true }, + { 272454, true }, + { 272463, true }, + { 272476, true }, + { 272488, true }, + { 272500, true }, + { 272511, true }, + { 272525, true }, + { 272538, false }, + { 272560, true }, + { 272575, true }, + { 272587, true }, + { 272598, true }, + { 272623, true }, + { 272632, true }, + { 272646, true }, + { 272669, true }, + { 272692, true }, + { 272704, true }, + { 272718, true }, + { 272731, true }, + { 272748, true }, + { 272773, true }, + { 272789, true }, + { 272801, true }, + { 272818, true }, + { 272833, true }, + { 272851, true }, + { 272864, true }, + { 272888, true }, + { 272911, true }, + { 272937, true }, + { 272949, true }, + { 272960, true }, + { 272977, true }, + { 272991, true }, + { 273004, true }, + { 273018, true }, + { 273027, true }, + { 273043, true }, + { 273056, true }, + { 273069, true }, + { 273080, true }, + { 273090, false }, + { 273104, false }, + { 273119, true }, + { 273128, true }, + { 273147, true }, + { 273154, true }, + { 273167, true }, + { 273183, true }, + { 273193, true }, + { 273208, true }, + { 273224, true }, + { 273248, true }, + { 273267, true }, + { 273281, true }, + { 273296, true }, + { 273307, true }, + { 273319, true }, + { 273329, true }, + { 273340, true }, + { 273349, true }, + { 273361, true }, + { 273376, true }, + { 273388, true }, + { 273405, true }, + { 273418, true }, + { 273442, true }, + { 273458, true }, + { 273473, true }, + { 273491, true }, + { 273501, true }, + { 273522, true }, + { 273540, true }, + { 273552, true }, + { 273566, true }, + { 273578, true }, + { 273595, true }, + { 273613, true }, + { 273633, true }, + { 273643, true }, + { 273660, true }, + { 273672, true }, + { 273682, true }, + { 273693, true }, + { 273710, true }, + { 273733, true }, + { 273746, true }, + { 273762, true }, + { 273777, true }, + { 273790, true }, + { 273803, true }, + { 273813, true }, + { 273824, true }, + { 273836, true }, + { 273844, true }, + { 273856, true }, + { 273887, true }, + { 273903, true }, + { 273914, true }, + { 273929, true }, + { 273946, true }, + { 273960, true }, + { 273975, true }, + { 273988, true }, + { 274005, true }, + { 274017, true }, + { 274032, true }, + { 274048, true }, + { 274077, true }, + { 274103, true }, + { 274123, true }, + { 274147, true }, + { 274162, true }, + { 274178, true }, + { 274200, true }, + { 274213, true }, + { 274227, true }, + { 274241, true }, + { 274253, true }, + { 274261, true }, + { 274277, true }, + { 274290, true }, + { 274311, true }, + { 274330, true }, + { 274344, true }, + { 274357, true }, + { 274367, true }, + { 274378, true }, + { 274388, true }, + { 274402, true }, + { 274412, true }, + { 274422, true }, + { 274431, true }, + { 274445, true }, + { 274458, true }, + { 274466, true }, + { 274476, true }, + { 274489, true }, + { 274499, true }, + { 274509, true }, + { 274519, true }, + { 274541, true }, + { 274560, true }, + { 274571, true }, + { 274578, true }, + { 274587, true }, + { 274598, true }, + { 274610, true }, + { 274622, true }, + { 274635, true }, + { 274654, true }, + { 274664, true }, + { 274674, true }, + { 274686, true }, + { 274695, true }, + { 274704, true }, + { 274720, true }, + { 274731, true }, + { 274744, true }, + { 274751, true }, + { 274771, true }, + { 274787, true }, + { 274798, true }, + { 274821, true }, + { 274830, true }, + { 274843, true }, + { 274863, true }, + { 274871, true }, + { 274881, true }, + { 274902, true }, + { 274914, true }, + { 274923, true }, + { 274931, true }, + { 274941, false }, + { 274949, true }, + { 274961, true }, + { 274972, true }, + { 274983, true }, + { 274990, true }, + { 275000, true }, + { 275011, true }, + { 275019, true }, + { 275026, true }, + { 275034, true }, + { 275042, true }, + { 275052, true }, + { 275061, true }, + { 275072, true }, + { 275083, true }, + { 275092, true }, + { 275103, true }, + { 275115, true }, + { 275123, true }, + { 275129, true }, + { 275137, true }, + { 275147, true }, + { 275163, true }, + { 275175, true }, + { 275189, true }, + { 275206, true }, + { 275236, true }, + { 275256, false }, + { 275274, false }, + { 275290, true }, + { 275305, true }, + { 275325, true }, + { 275341, true }, + { 275356, true }, + { 275377, true }, + { 275391, true }, + { 275417, true }, + { 275436, true }, + { 275447, true }, + { 275457, true }, + { 275475, true }, + { 275486, true }, + { 275500, true }, + { 275515, true }, + { 275526, true }, + { 275542, true }, + { 275554, true }, + { 275575, true }, + { 275589, true }, + { 275604, true }, + { 275615, true }, + { 275628, true }, + { 275643, true }, + { 275657, true }, + { 275673, true }, + { 275693, true }, + { 275706, true }, + { 275726, false }, + { 275742, true }, + { 275756, true }, + { 275771, true }, + { 275786, true }, + { 275801, true }, + { 275817, true }, + { 275837, true }, + { 275863, true }, + { 275886, true }, + { 275903, true }, + { 275916, true }, + { 275940, true }, + { 275956, true }, + { 275970, true }, + { 275977, true }, + { 275989, true }, + { 276004, true }, + { 276014, true }, + { 276025, true }, + { 276042, true }, + { 276055, true }, + { 276075, true }, + { 276090, true }, + { 276105, true }, + { 276117, true }, + { 276125, true }, + { 276140, true }, + { 276156, true }, + { 276172, false }, + { 276190, true }, + { 276203, true }, + { 276234, true }, + { 276245, true }, + { 276259, true }, + { 276273, true }, + { 276291, true }, + { 276301, true }, + { 276312, true }, + { 276325, true }, + { 276336, true }, + { 276346, true }, + { 276360, true }, + { 276372, true }, + { 276388, false }, + { 276404, true }, + { 276415, true }, + { 276434, true }, + { 276443, true }, + { 276467, true }, + { 276480, true }, + { 276489, true }, + { 276505, true }, + { 276517, true }, + { 276534, true }, + { 276550, true }, + { 276562, true }, + { 276582, true }, + { 276592, false }, + { 276607, true }, + { 276622, true }, + { 276637, true }, + { 276646, true }, + { 276663, true }, + { 276678, true }, + { 276695, true }, + { 276708, true }, + { 276722, true }, + { 276734, true }, + { 276753, true }, + { 276765, true }, + { 276783, true }, + { 276795, true }, + { 276820, true }, + { 276831, true }, + { 276845, true }, + { 276859, true }, + { 276870, true }, + { 276892, true }, + { 276913, true }, + { 276932, true }, + { 276953, true }, + { 276966, true }, + { 276975, true }, + { 276990, true }, + { 277004, true }, + { 277017, true }, + { 277033, true }, + { 277046, true }, + { 277058, true }, + { 277077, true }, + { 277092, true }, + { 277104, true }, + { 277121, true }, + { 277144, true }, + { 277168, true }, + { 277189, true }, + { 277204, true }, + { 277218, true }, + { 277231, true }, + { 277249, true }, + { 277270, true }, + { 277290, true }, + { 277309, true }, + { 277328, true }, + { 277345, true }, + { 277377, true }, + { 277394, true }, + { 277415, true }, + { 277429, true }, + { 277441, true }, + { 277459, true }, + { 277469, true }, + { 277482, true }, + { 277495, true }, + { 277516, true }, + { 277531, true }, + { 277548, true }, + { 277567, true }, + { 277585, true }, + { 277592, true }, + { 277604, true }, + { 277618, true }, + { 277633, true }, + { 277647, true }, + { 277659, true }, + { 277672, true }, + { 277688, true }, + { 277701, true }, + { 277712, true }, + { 277725, true }, + { 277742, true }, + { 277757, true }, + { 277773, true }, + { 277787, true }, + { 277801, true }, + { 277813, true }, + { 277831, true }, + { 277851, true }, + { 277874, true }, + { 277887, true }, + { 277907, true }, + { 277922, true }, + { 277941, true }, + { 277960, true }, + { 277979, true }, + { 277994, true }, + { 278009, true }, + { 278020, true }, + { 278037, true }, + { 278047, true }, + { 278060, false }, + { 278073, true }, + { 278087, true }, + { 278099, true }, + { 278114, false }, + { 278124, true }, + { 278138, true }, + { 278149, true }, + { 278160, true }, + { 278181, true }, + { 278205, true }, + { 278216, true }, + { 278229, true }, + { 278242, true }, + { 278263, true }, + { 278283, true }, + { 278300, true }, + { 278309, true }, + { 278319, true }, + { 278331, true }, + { 278346, true }, + { 278369, true }, + { 278379, true }, + { 278396, true }, + { 278415, true }, + { 278429, true }, + { 278439, true }, + { 278452, true }, + { 278462, true }, + { 278478, true }, + { 278486, true }, + { 278495, true }, + { 278508, true }, + { 278521, true }, + { 278539, true }, + { 278558, true }, + { 278577, true }, + { 278585, true }, + { 278602, true }, + { 278615, true }, + { 278636, false }, + { 278649, true }, + { 278663, true }, + { 278676, true }, + { 278692, true }, + { 278713, true }, + { 278727, true }, + { 278744, true }, + { 278773, true }, + { 278786, true }, + { 278801, true }, + { 278830, true }, + { 278848, false }, + { 278864, true }, + { 278884, true }, + { 278902, true }, + { 278911, true }, + { 278929, true }, + { 278947, true }, + { 278964, true }, + { 278995, true }, + { 279017, true }, + { 279032, true }, + { 279043, true }, + { 279060, true }, + { 279073, false }, + { 279086, true }, + { 279098, true }, + { 279114, true }, + { 279130, true }, + { 279142, true }, + { 279155, true }, + { 279170, true }, + { 279187, true }, + { 279204, true }, + { 279220, true }, + { 279234, true }, + { 279248, true }, + { 279263, true }, + { 279273, false }, + { 279292, true }, + { 279311, true }, + { 279329, true }, + { 279340, true }, + { 279350, true }, + { 279360, true }, + { 279370, true }, + { 279381, true }, + { 279396, true }, + { 279406, true }, + { 279422, true }, + { 279433, true }, + { 279450, true }, + { 279458, true }, + { 279471, true }, + { 279489, true }, + { 279497, true }, + { 279507, true }, + { 279527, true }, + { 279541, true }, + { 279551, true }, + { 279562, true }, + { 279572, true }, + { 279582, true }, + { 279599, true }, + { 279611, true }, + { 279626, true }, + { 279643, true }, + { 279660, true }, + { 279668, true }, + { 279684, true }, + { 279695, true }, + { 279711, true }, + { 279722, true }, + { 279737, true }, + { 279750, true }, + { 279778, true }, + { 279797, true }, + { 279812, true }, + { 279829, true }, + { 279839, true }, + { 279852, true }, + { 279869, true }, + { 279884, true }, + { 279901, true }, + { 279916, true }, + { 279936, true }, + { 279951, true }, + { 279965, true }, + { 279973, true }, + { 279981, true }, + { 279994, true }, + { 280006, true }, + { 280017, true }, + { 280025, true }, + { 280038, true }, + { 280046, true }, + { 280063, true }, + { 280074, true }, + { 280087, true }, + { 280095, true }, + { 280104, true }, + { 280116, true }, + { 280124, true }, + { 280140, true }, + { 280151, true }, + { 280161, true }, + { 280185, true }, + { 280197, true }, + { 280211, true }, + { 280222, true }, + { 280231, true }, + { 280240, true }, + { 280258, true }, + { 280271, true }, + { 280280, true }, + { 280291, true }, + { 280302, true }, + { 280311, true }, + { 280320, true }, + { 280329, true }, + { 280339, true }, + { 280353, true }, + { 280363, true }, + { 280373, true }, + { 280389, true }, + { 280397, true }, + { 280415, true }, + { 280431, false }, + { 280451, true }, + { 280462, true }, + { 280472, true }, + { 280481, true }, + { 280489, true }, + { 280497, true }, + { 280505, true }, + { 280522, true }, + { 280535, true }, + { 280546, false }, + { 280554, true }, + { 280572, true }, + { 280581, true }, + { 280592, false }, + { 280612, true }, + { 280619, true }, + { 280629, true }, + { 280644, true }, + { 280659, true }, + { 280670, false }, + { 280690, false }, + { 280706, true }, + { 280724, true }, + { 280736, true }, + { 280752, true }, + { 280768, true }, + { 280779, false }, + { 280790, true }, + { 280805, true }, + { 280818, true }, + { 280835, true }, + { 280847, true }, + { 280857, true }, + { 280868, true }, + { 280882, true }, + { 280889, true }, + { 280905, true }, + { 280914, true }, + { 280933, true }, + { 280948, true }, + { 280958, true }, + { 280973, true }, + { 280994, true }, + { 281004, true }, + { 281024, true }, + { 281038, true }, + { 281051, true }, + { 281064, true }, + { 281083, true }, + { 281100, true }, + { 281118, true }, + { 281132, false }, + { 281149, true }, + { 281164, true }, + { 281184, true }, + { 281203, true }, + { 281223, true }, + { 281239, true }, + { 281251, true }, + { 281263, true }, + { 281282, true }, + { 281298, true }, + { 281314, true }, + { 281330, true }, + { 281342, true }, + { 281365, true }, + { 281377, true }, + { 281399, true }, + { 281411, true }, + { 281424, true }, + { 281438, true }, + { 281457, true }, + { 281475, true }, + { 281493, true }, + { 281515, true }, + { 281538, true }, + { 281553, true }, + { 281567, true }, + { 281582, true }, + { 281597, true }, + { 281607, true }, + { 281623, true }, + { 281636, true }, + { 281648, true }, + { 281656, true }, + { 281681, true }, + { 281698, true }, + { 281713, true }, + { 281724, true }, + { 281733, true }, + { 281742, false }, + { 281752, true }, + { 281765, true }, + { 281780, true }, + { 281796, true }, + { 281810, true }, + { 281827, true }, + { 281849, true }, + { 281868, true }, + { 281887, true }, + { 281901, true }, + { 281920, true }, + { 281937, true }, + { 281953, true }, + { 281967, true }, + { 281987, true }, + { 282004, true }, + { 282021, true }, + { 282035, true }, + { 282048, true }, + { 282072, true }, + { 282086, true }, + { 282105, true }, + { 282121, true }, + { 282145, true }, + { 282167, false }, + { 282181, true }, + { 282194, true }, + { 282218, true }, + { 282239, false }, + { 282256, true }, + { 282271, true }, + { 282282, true }, + { 282293, true }, + { 282307, true }, + { 282323, true }, + { 282337, true }, + { 282348, true }, + { 282369, true }, + { 282385, true }, + { 282403, true }, + { 282421, true }, + { 282434, true }, + { 282446, true }, + { 282458, true }, + { 282474, true }, + { 282492, true }, + { 282500, true }, + { 282513, true }, + { 282524, true }, + { 282535, true }, + { 282543, true }, + { 282557, false }, + { 282577, true }, + { 282588, true }, + { 282620, true }, + { 282634, true }, + { 282643, true }, + { 282650, true }, + { 282660, true }, + { 282668, true }, + { 282678, false }, + { 282698, true }, + { 282719, true }, + { 282729, true }, + { 282740, true }, + { 282751, true }, + { 282758, true }, + { 282768, true }, + { 282783, true }, + { 282800, true }, + { 282816, true }, + { 282827, true }, + { 282840, true }, + { 282852, true }, + { 282865, true }, + { 282877, true }, + { 282887, true }, + { 282898, false }, + { 282917, true }, + { 282931, true }, + { 282965, true }, + { 282999, false }, + { 283011, false }, + { 283024, false }, + { 283035, false }, + { 283047, false }, + { 283068, true }, + { 283090, true }, + { 283103, true }, + { 283115, true }, + { 283136, true }, + { 283148, true }, + { 283161, true }, + { 283177, true }, + { 283192, true }, + { 283210, true }, + { 283219, true }, + { 283227, true }, + { 283239, true }, + { 283250, true }, + { 283269, true }, + { 283287, false }, + { 283296, true }, + { 283307, false }, + { 283323, true }, + { 283341, true }, + { 283366, true }, + { 283385, true }, + { 283403, true }, + { 283418, true }, + { 283430, true }, + { 283446, true }, + { 283467, true }, + { 283475, true }, + { 283504, true }, + { 283527, true }, + { 283540, true }, + { 283559, true }, + { 283579, true }, + { 283594, true }, + { 283607, true }, + { 283623, true }, + { 283638, true }, + { 283651, true }, + { 283663, true }, + { 283681, true }, + { 283698, true }, + { 283713, true }, + { 283732, true }, + { 283751, true }, + { 283766, true }, + { 283777, true }, + { 283788, true }, + { 283812, true }, + { 283826, true }, + { 283840, true }, + { 283866, true }, + { 283886, true }, + { 283902, true }, + { 283920, true }, + { 283934, true }, + { 283944, false }, + { 283973, true }, + { 283987, true }, + { 284011, true }, + { 284027, true }, + { 284041, true }, + { 284055, true }, + { 284075, true }, + { 284088, true }, + { 284102, true }, + { 284117, true }, + { 284131, true }, + { 284144, true }, + { 284155, true }, + { 284169, true }, + { 284189, true }, + { 284204, true }, + { 284215, true }, + { 284233, true }, + { 284250, true }, + { 284258, true }, + { 284271, true }, + { 284288, true }, + { 284300, true }, + { 284317, true }, + { 284338, true }, + { 284357, true }, + { 284373, true }, + { 284391, true }, + { 284411, false }, + { 284425, true }, + { 284438, true }, + { 284446, true }, + { 284455, true }, + { 284464, true }, + { 284481, true }, + { 284492, true }, + { 284507, true }, + { 284523, true }, + { 284531, true }, + { 284540, true }, + { 284550, true }, + { 284558, true }, + { 284569, true }, + { 284591, true }, + { 284605, true }, + { 284613, true }, + { 284625, true }, + { 284646, true }, + { 284656, true }, + { 284668, true }, + { 284688, true }, + { 284720, true }, + { 284749, true }, + { 284759, true }, + { 284774, true }, + { 284794, true }, + { 284817, true }, + { 284836, true }, + { 284855, true }, + { 284874, true }, + { 284893, true }, + { 284912, true }, + { 284931, true }, + { 284950, true }, + { 284969, true }, + { 284983, true }, + { 284997, true }, + { 285014, true }, + { 285027, true }, + { 285045, true }, + { 285062, true }, + { 285086, true }, + { 285101, true }, + { 285119, true }, + { 285130, true }, + { 285145, true }, + { 285159, true }, + { 285172, true }, + { 285181, true }, + { 285198, true }, + { 285212, true }, + { 285236, true }, + { 285251, true }, + { 285265, true }, + { 285283, true }, + { 285296, true }, + { 285306, true }, + { 285319, true }, + { 285328, true }, + { 285337, true }, + { 285356, true }, + { 285372, true }, + { 285390, true }, + { 285404, true }, + { 285415, true }, + { 285428, true }, + { 285447, true }, + { 285460, true }, + { 285477, true }, + { 285490, false }, + { 285507, true }, + { 285520, true }, + { 285541, true }, + { 285551, true }, + { 285566, true }, + { 285584, true }, + { 285599, true }, + { 285614, true }, + { 285631, true }, + { 285650, true }, + { 285667, true }, + { 285686, true }, + { 285698, true }, + { 285709, true }, + { 285725, true }, + { 285739, true }, + { 285762, true }, + { 285770, true }, + { 285783, true }, + { 285802, true }, + { 285818, true }, + { 285834, true }, + { 285848, true }, + { 285861, true }, + { 285874, true }, + { 285887, true }, + { 285902, true }, + { 285912, true }, + { 285923, true }, + { 285940, true }, + { 285959, true }, + { 285979, true }, + { 285999, true }, + { 286015, true }, + { 286035, true }, + { 286050, true }, + { 286060, true }, + { 286071, true }, + { 286084, false }, + { 286099, true }, + { 286114, false }, + { 286124, true }, + { 286134, true }, + { 286141, false }, + { 286151, true }, + { 286169, true }, + { 286181, true }, + { 286195, true }, + { 286202, false }, + { 286212, true }, + { 286224, true }, + { 286232, false }, + { 286243, true }, + { 286251, true }, + { 286265, true }, + { 286277, true }, + { 286284, true }, + { 286292, true }, + { 286298, true }, + { 286306, true }, + { 286319, true }, + { 286332, true }, + { 286353, true }, + { 286369, true }, + { 286386, true }, + { 286396, true }, + { 286418, true }, + { 286429, true }, + { 286448, true }, + { 286465, true }, + { 286486, true }, + { 286506, true }, + { 286520, true }, + { 286530, true }, + { 286544, true }, + { 286561, true }, + { 286572, true }, + { 286583, true }, + { 286592, true }, + { 286601, true }, + { 286624, true }, + { 286637, true }, + { 286648, true }, + { 286655, true }, + { 286662, true }, + { 286673, true }, + { 286684, true }, + { 286700, true }, + { 286715, true }, + { 286737, true }, + { 286763, true }, + { 286773, true }, + { 286786, true }, + { 286806, true }, + { 286825, false }, + { 286842, true }, + { 286863, true }, + { 286877, true }, + { 286900, true }, + { 286908, true }, + { 286926, true }, + { 286944, true }, + { 286955, true }, + { 286970, true }, + { 286990, false }, + { 287004, true }, + { 287026, true }, + { 287039, true }, + { 287050, true }, + { 287063, true }, + { 287076, true }, + { 287093, true }, + { 287106, true }, + { 287125, true }, + { 287136, true }, + { 287146, true }, + { 287155, true }, + { 287165, true }, + { 287176, true }, + { 287188, true }, + { 287198, true }, + { 287211, true }, + { 287228, true }, + { 287236, true }, + { 287257, true }, + { 287267, true }, + { 287288, true }, + { 287300, true }, + { 287313, true }, + { 287324, true }, + { 287334, true }, + { 287344, true }, + { 287356, true }, + { 287366, true }, + { 287385, true }, + { 287409, true }, + { 287420, true }, + { 287434, true }, + { 287449, true }, + { 287462, true }, + { 287476, true }, + { 287487, true }, + { 287499, true }, + { 287511, true }, + { 287523, true }, + { 287533, true }, + { 287541, true }, + { 287554, true }, + { 287576, false }, + { 287591, true }, + { 287614, true }, + { 287623, true }, + { 287638, false }, + { 287650, true }, + { 287666, true }, + { 287680, true }, + { 287689, true }, + { 287703, true }, + { 287718, true }, + { 287735, true }, + { 287757, true }, + { 287776, false }, + { 287791, true }, + { 287808, true }, + { 287823, true }, + { 287838, true }, + { 287846, true }, + { 287860, true }, + { 287872, true }, + { 287883, true }, + { 287896, true }, + { 287913, true }, + { 287938, true }, + { 287948, true }, + { 287969, true }, + { 287987, true }, + { 288006, true }, + { 288027, true }, + { 288053, true }, + { 288079, true }, + { 288095, true }, + { 288118, true }, + { 288138, true }, + { 288154, true }, + { 288164, true }, + { 288175, true }, + { 288194, true }, + { 288209, true }, + { 288231, true }, + { 288252, true }, + { 288275, true }, + { 288287, true }, + { 288301, true }, + { 288325, true }, + { 288353, true }, + { 288380, true }, + { 288394, true }, + { 288410, true }, + { 288427, true }, + { 288444, false }, + { 288453, true }, + { 288467, true }, + { 288481, true }, + { 288492, true }, + { 288503, false }, + { 288516, false }, + { 288531, false }, + { 288555, true }, + { 288566, true }, + { 288578, true }, + { 288592, true }, + { 288603, true }, + { 288612, true }, + { 288625, true }, + { 288635, true }, + { 288648, true }, + { 288662, true }, + { 288670, true }, + { 288677, true }, + { 288688, true }, + { 288702, true }, + { 288713, true }, + { 288724, true }, + { 288737, true }, + { 288744, true }, + { 288751, true }, + { 288758, true }, + { 288770, true }, + { 288777, true }, + { 288786, true }, + { 288793, true }, + { 288801, true }, + { 288811, true }, + { 288818, true }, + { 288825, true }, + { 288834, true }, + { 288845, true }, + { 288854, true }, + { 288863, true }, + { 288872, true }, + { 288885, true }, + { 288900, true }, + { 288911, true }, + { 288921, true }, + { 288934, true }, + { 288943, true }, + { 288955, true }, + { 288969, true }, + { 288981, true }, + { 288994, true }, + { 289006, true }, + { 289022, true }, + { 289039, true }, + { 289051, true }, + { 289062, true }, + { 289077, true }, + { 289087, true }, + { 289099, true }, + { 289112, true }, + { 289122, true }, + { 289133, true }, + { 289144, true }, + { 289158, true }, + { 289171, true }, + { 289181, true }, + { 289191, true }, + { 289202, true }, + { 289214, true }, + { 289224, true }, + { 289234, true }, + { 289247, true }, + { 289258, true }, + { 289269, true }, + { 289279, true }, + { 289296, true }, + { 289306, true }, + { 289319, true }, + { 289330, true }, + { 289338, true }, + { 289355, true }, + { 289366, true }, + { 289375, true }, + { 289400, true }, + { 289415, true }, + { 289427, true }, + { 289442, true }, + { 289455, true }, + { 289468, true }, + { 289477, true }, + { 289488, true }, + { 289499, true }, + { 289510, true }, + { 289524, true }, + { 289533, true }, + { 289548, true }, + { 289564, true }, + { 289572, true }, + { 289584, true }, + { 289604, true }, + { 289616, true }, + { 289624, true }, + { 289634, true }, + { 289653, true }, + { 289661, true }, + { 289674, true }, + { 289691, true }, + { 289702, true }, + { 289714, true }, + { 289723, true }, + { 289731, true }, + { 289744, true }, + { 289753, true }, + { 289762, true }, + { 289773, true }, + { 289792, true }, + { 289811, true }, + { 289841, true }, + { 289871, true }, + { 289887, true }, + { 289902, true }, + { 289915, true }, + { 289932, true }, + { 289944, true }, + { 289957, true }, + { 289973, true }, + { 289985, true }, + { 289999, true }, + { 290009, true }, + { 290022, true }, + { 290033, true }, + { 290041, true }, + { 290052, true }, + { 290070, true }, + { 290084, true }, + { 290103, false }, + { 290112, true }, + { 290122, true }, + { 290144, true }, + { 290160, true }, + { 290172, true }, + { 290187, true }, + { 290200, true }, + { 290214, true }, + { 290222, true }, + { 290241, true }, + { 290255, true }, + { 290263, true }, + { 290271, true }, + { 290283, true }, + { 290293, true }, + { 290305, true }, + { 290317, true }, + { 290328, true }, + { 290339, true }, + { 290351, true }, + { 290369, true }, + { 290378, true }, + { 290391, true }, + { 290404, true }, + { 290416, true }, + { 290426, true }, + { 290436, true }, + { 290446, true }, + { 290456, true }, + { 290465, true }, + { 290477, true }, + { 290488, true }, + { 290499, false }, + { 290515, true }, + { 290526, true }, + { 290540, true }, + { 290552, true }, + { 290562, true }, + { 290575, true }, + { 290588, true }, + { 290598, true }, + { 290612, true }, + { 290635, true }, + { 290650, true }, + { 290662, true }, + { 290674, true }, + { 290686, true }, + { 290706, true }, + { 290720, true }, + { 290731, true }, + { 290767, true }, + { 290780, true }, + { 290793, true }, + { 290805, true }, + { 290823, true }, + { 290834, true }, + { 290857, false }, + { 290871, true }, + { 290883, true }, + { 290896, true }, + { 290905, true }, + { 290918, false }, + { 290928, true }, + { 290942, true }, + { 290955, true }, + { 290967, true }, + { 290979, true }, + { 290989, true }, + { 291003, true }, + { 291017, true }, + { 291032, true }, + { 291047, true }, + { 291059, true }, + { 291070, true }, + { 291080, true }, + { 291095, true }, + { 291108, true }, + { 291120, true }, + { 291132, true }, + { 291143, true }, + { 291155, true }, + { 291166, true }, + { 291180, true }, + { 291197, true }, + { 291206, true }, + { 291217, true }, + { 291227, true }, + { 291240, true }, + { 291255, true }, + { 291265, true }, + { 291277, false }, + { 291286, true }, + { 291305, true }, + { 291320, true }, + { 291336, true }, + { 291351, true }, + { 291365, true }, + { 291375, true }, + { 291392, true }, + { 291404, true }, + { 291422, true }, + { 291437, true }, + { 291447, true }, + { 291460, true }, + { 291475, false }, + { 291491, true }, + { 291503, true }, + { 291520, true }, + { 291533, true }, + { 291545, true }, + { 291556, true }, + { 291569, false }, + { 291584, true }, + { 291599, true }, + { 291609, true }, + { 291619, true }, + { 291636, true }, + { 291650, true }, + { 291664, true }, + { 291687, true }, + { 291699, true }, + { 291710, true }, + { 291726, true }, + { 291737, true }, + { 291748, true }, + { 291761, false }, + { 291779, true }, + { 291797, true }, + { 291810, true }, + { 291830, false }, + { 291849, true }, + { 291869, true }, + { 291891, true }, + { 291915, true }, + { 291934, true }, + { 291946, true }, + { 291961, true }, + { 291979, true }, + { 291995, true }, + { 292006, true }, + { 292022, true }, + { 292038, true }, + { 292052, true }, + { 292071, true }, + { 292088, true }, + { 292102, true }, + { 292117, true }, + { 292133, true }, + { 292150, true }, + { 292172, true }, + { 292194, true }, + { 292215, false }, + { 292229, true }, + { 292248, true }, + { 292259, true }, + { 292278, true }, + { 292291, true }, + { 292305, true }, + { 292316, true }, + { 292336, true }, + { 292347, true }, + { 292362, true }, + { 292378, true }, + { 292393, true }, + { 292408, true }, + { 292422, true }, + { 292435, true }, + { 292458, true }, + { 292472, true }, + { 292489, true }, + { 292516, true }, + { 292542, true }, + { 292556, true }, + { 292571, true }, + { 292588, true }, + { 292608, true }, + { 292620, true }, + { 292645, true }, + { 292660, true }, + { 292676, true }, + { 292691, true }, + { 292703, true }, + { 292713, true }, + { 292728, true }, + { 292739, true }, + { 292754, true }, + { 292786, true }, + { 292800, true }, + { 292816, true }, + { 292833, true }, + { 292848, true }, + { 292877, true }, + { 292891, true }, + { 292902, true }, + { 292922, true }, + { 292937, true }, + { 292956, true }, + { 292975, true }, + { 292993, true }, + { 293007, true }, + { 293020, true }, + { 293035, true }, + { 293050, true }, + { 293057, true }, + { 293073, true }, + { 293084, true }, + { 293097, true }, + { 293107, true }, + { 293118, true }, + { 293132, true }, + { 293146, true }, + { 293159, true }, + { 293171, true }, + { 293183, true }, + { 293194, true }, + { 293209, true }, + { 293223, true }, + { 293234, true }, + { 293247, true }, + { 293265, true }, + { 293281, true }, + { 293297, true }, + { 293311, true }, + { 293327, true }, + { 293356, true }, + { 293379, true }, + { 293395, true }, + { 293419, true }, + { 293438, true }, + { 293447, true }, + { 293462, true }, + { 293472, true }, + { 293480, true }, + { 293493, true }, + { 293509, true }, + { 293517, true }, + { 293527, true }, + { 293537, true }, + { 293546, true }, + { 293554, true }, + { 293570, true }, + { 293585, true }, + { 293594, true }, + { 293608, true }, + { 293620, true }, + { 293629, true }, + { 293642, true }, + { 293650, true }, + { 293661, true }, + { 293674, true }, + { 293684, true }, + { 293698, true }, + { 293707, true }, + { 293715, true }, + { 293727, false }, + { 293747, true }, + { 293757, false }, + { 293768, true }, + { 293784, true }, + { 293807, true }, + { 293826, true }, + { 293838, true }, + { 293846, false }, + { 293858, true }, + { 293872, false }, + { 293889, true }, + { 293902, true }, + { 293920, true }, + { 293940, false }, + { 293960, true }, + { 293975, true }, + { 293985, true }, + { 294002, true }, + { 294017, true }, + { 294033, true }, + { 294048, true }, + { 294061, true }, + { 294075, true }, + { 294093, true }, + { 294107, true }, + { 294122, true }, + { 294137, true }, + { 294145, true }, + { 294160, true }, + { 294174, true }, + { 294190, true }, + { 294205, true }, + { 294229, true }, + { 294251, true }, + { 294272, true }, + { 294291, true }, + { 294306, true }, + { 294322, true }, + { 294341, true }, + { 294352, true }, + { 294370, true }, + { 294379, true }, + { 294388, true }, + { 294400, true }, + { 294415, true }, + { 294429, true }, + { 294442, true }, + { 294461, true }, + { 294480, true }, + { 294499, true }, + { 294507, true }, + { 294515, true }, + { 294524, true }, + { 294536, true }, + { 294548, true }, + { 294556, true }, + { 294565, true }, + { 294577, true }, + { 294585, true }, + { 294599, true }, + { 294625, true }, + { 294648, false }, + { 294664, true }, + { 294676, true }, + { 294689, true }, + { 294703, true }, + { 294723, true }, + { 294744, true }, + { 294755, true }, + { 294774, true }, + { 294789, true }, + { 294803, true }, + { 294817, true }, + { 294831, true }, + { 294846, true }, + { 294860, true }, + { 294874, true }, + { 294888, true }, + { 294909, true }, + { 294923, true }, + { 294940, true }, + { 294955, true }, + { 294969, true }, + { 294987, false }, + { 295007, false }, + { 295022, true }, + { 295035, true }, + { 295043, true }, + { 295058, true }, + { 295073, true }, + { 295090, true }, + { 295102, true }, + { 295113, true }, + { 295123, true }, + { 295139, true }, + { 295156, true }, + { 295180, false }, + { 295190, true }, + { 295198, true }, + { 295205, true }, + { 295216, true }, + { 295229, true }, + { 295245, true }, + { 295264, true }, + { 295280, true }, + { 295292, true }, + { 295308, true }, + { 295322, true }, + { 295335, true }, + { 295352, true }, + { 295369, true }, + { 295381, true }, + { 295389, true }, + { 295406, true }, + { 295419, true }, + { 295436, true }, + { 295451, false }, + { 295460, true }, + { 295469, true }, + { 295485, true }, + { 295500, true }, + { 295510, true }, + { 295519, true }, + { 295529, true }, + { 295545, true }, + { 295565, true }, + { 295585, true }, + { 295599, true }, + { 295625, true }, + { 295640, true }, + { 295655, true }, + { 295665, true }, + { 295678, true }, + { 295693, true }, + { 295706, true }, + { 295718, true }, + { 295739, true }, + { 295747, true }, + { 295755, true }, + { 295765, false }, + { 295776, true }, + { 295793, true }, + { 295803, true }, + { 295813, true }, + { 295833, true }, + { 295847, true }, + { 295857, true }, + { 295870, true }, + { 295880, false }, + { 295900, true }, + { 295908, true }, + { 295926, true }, + { 295937, true }, + { 295947, true }, + { 295955, true }, + { 295964, false }, + { 295971, true }, + { 295978, true }, + { 295986, true }, + { 295996, true }, + { 296002, true }, + { 296013, true }, + { 296021, true }, + { 296033, false }, + { 296053, true }, + { 296068, true }, + { 296095, true }, + { 296104, true }, + { 296112, true }, + { 296121, true }, + { 296130, true }, + { 296138, true }, + { 296152, true }, + { 296169, true }, + { 296184, true }, + { 296198, true }, + { 296210, true }, + { 296220, true }, + { 296232, true }, + { 296254, true }, + { 296268, true }, + { 296277, true }, + { 296293, true }, + { 296311, true }, + { 296323, true }, + { 296335, true }, + { 296350, true }, + { 296361, true }, + { 296383, true }, + { 296394, true }, + { 296402, true }, + { 296418, true }, + { 296439, true }, + { 296449, true }, + { 296459, true }, + { 296467, true }, + { 296479, true }, + { 296488, true }, + { 296498, false }, + { 296533, true }, + { 296552, true }, + { 296565, true }, + { 296575, true }, + { 296587, true }, + { 296602, true }, + { 296611, true }, + { 296622, true }, + { 296634, true }, + { 296648, true }, + { 296664, true }, + { 296682, true }, + { 296695, true }, + { 296711, true }, + { 296721, true }, + { 296734, true }, + { 296751, true }, + { 296764, true }, + { 296778, true }, + { 296793, true }, + { 296807, true }, + { 296819, true }, + { 296843, true }, + { 296851, true }, + { 296863, true }, + { 296882, true }, + { 296896, true }, + { 296908, true }, + { 296920, true }, + { 296936, true }, + { 296948, true }, + { 296964, true }, + { 296983, true }, + { 297009, true }, + { 297021, true }, + { 297046, true }, + { 297066, true }, + { 297084, true }, + { 297101, true }, + { 297110, true }, + { 297121, true }, + { 297139, true }, + { 297153, true }, + { 297177, true }, + { 297193, true }, + { 297211, true }, + { 297228, true }, + { 297240, true }, + { 297253, true }, + { 297269, true }, + { 297282, true }, + { 297302, true }, + { 297333, true }, + { 297352, true }, + { 297376, true }, + { 297406, true }, + { 297423, true }, + { 297444, true }, + { 297463, true }, + { 297487, true }, + { 297505, true }, + { 297531, true }, + { 297550, true }, + { 297571, true }, + { 297587, true }, + { 297612, true }, + { 297635, true }, + { 297654, true }, + { 297668, true }, + { 297684, true }, + { 297697, true }, + { 297713, true }, + { 297724, true }, + { 297736, true }, + { 297753, true }, + { 297784, true }, + { 297814, false }, + { 297830, true }, + { 297841, true }, + { 297853, true }, + { 297864, true }, + { 297877, true }, + { 297886, true }, + { 297899, true }, + { 297911, true }, + { 297922, true }, + { 297935, true }, + { 297948, true }, + { 297968, true }, + { 297987, true }, + { 298005, true }, + { 298022, true }, + { 298036, true }, + { 298052, true }, + { 298077, true }, + { 298106, true }, + { 298126, true }, + { 298141, true }, + { 298152, true }, + { 298167, true }, + { 298183, true }, + { 298195, true }, + { 298205, true }, + { 298222, true }, + { 298240, true }, + { 298252, false }, + { 298266, true }, + { 298280, true }, + { 298289, true }, + { 298302, true }, + { 298317, true }, + { 298327, true }, + { 298341, false }, + { 298355, true }, + { 298369, true }, + { 298383, true }, + { 298406, true }, + { 298418, true }, + { 298428, true }, + { 298441, true }, + { 298456, true }, + { 298469, true }, + { 298483, true }, + { 298495, true }, + { 298508, true }, + { 298525, true }, + { 298539, true }, + { 298556, true }, + { 298575, true }, + { 298589, true }, + { 298601, true }, + { 298621, false }, + { 298636, true }, + { 298648, true }, + { 298659, true }, + { 298670, true }, + { 298684, true }, + { 298696, true }, + { 298711, false }, + { 298731, true }, + { 298740, true }, + { 298747, true }, + { 298758, true }, + { 298766, true }, + { 298776, true }, + { 298783, true }, + { 298793, true }, + { 298801, true }, + { 298809, true }, + { 298825, true }, + { 298839, true }, + { 298847, true }, + { 298855, true }, + { 298868, true }, + { 298883, true }, + { 298893, true }, + { 298905, true }, + { 298920, true }, + { 298930, true }, + { 298937, true }, + { 298949, true }, + { 298956, true }, + { 298963, true }, + { 298975, true }, + { 298989, true }, + { 298998, true }, + { 299017, true }, + { 299026, true }, + { 299038, true }, + { 299050, true }, + { 299062, true }, + { 299085, true }, + { 299096, true }, + { 299110, true }, + { 299122, true }, + { 299133, true }, + { 299143, true }, + { 299166, true }, + { 299181, true }, + { 299189, true }, + { 299208, true }, + { 299223, true }, + { 299241, true }, + { 299260, true }, + { 299276, true }, + { 299291, true }, + { 299299, true }, + { 299324, true }, + { 299338, true }, + { 299349, true }, + { 299364, true }, + { 299378, true }, + { 299391, true }, + { 299411, true }, + { 299425, true }, + { 299435, true }, + { 299450, false }, + { 299471, true }, + { 299486, true }, + { 299503, true }, + { 299524, true }, + { 299535, true }, + { 299555, true }, + { 299566, true }, + { 299574, true }, + { 299585, true }, + { 299602, true }, + { 299616, true }, + { 299625, true }, + { 299638, true }, + { 299650, true }, + { 299662, true }, + { 299676, true }, + { 299692, true }, + { 299702, true }, + { 299718, true }, + { 299731, true }, + { 299763, true }, + { 299776, true }, + { 299795, true }, + { 299809, false }, + { 299822, true }, + { 299842, true }, + { 299856, true }, + { 299873, true }, + { 299887, true }, + { 299898, true }, + { 299907, true }, + { 299917, true }, + { 299924, true }, + { 299931, true }, + { 299943, false }, + { 299952, true }, + { 299961, true }, + { 299970, true }, + { 299978, true }, + { 299993, true }, + { 300003, true }, + { 300011, true }, + { 300024, true }, + { 300036, true }, + { 300049, true }, + { 300060, true }, + { 300070, true }, + { 300080, true }, + { 300091, true }, + { 300100, true }, + { 300109, true }, + { 300127, true }, + { 300145, true }, + { 300155, true }, + { 300166, false }, + { 300177, true }, + { 300188, true }, + { 300204, true }, + { 300212, false }, + { 300220, true }, + { 300234, true }, + { 300245, true }, + { 300254, true }, + { 300270, true }, + { 300276, true }, + { 300289, true }, + { 300300, true }, + { 300312, true }, + { 300327, true }, + { 300349, true }, + { 300363, true }, + { 300382, true }, + { 300406, true }, + { 300427, false }, + { 300439, false }, + { 300465, true }, + { 300482, true }, + { 300500, true }, + { 300517, true }, + { 300531, true }, + { 300541, true }, + { 300555, true }, + { 300570, true }, + { 300583, true }, + { 300601, true }, + { 300618, false }, + { 300630, true }, + { 300643, true }, + { 300655, true }, + { 300668, true }, + { 300682, true }, + { 300692, true }, + { 300707, true }, + { 300723, true }, + { 300738, true }, + { 300749, true }, + { 300757, true }, + { 300775, true }, + { 300792, true }, + { 300801, true }, + { 300813, true }, + { 300824, true }, + { 300843, true }, + { 300856, true }, + { 300867, true }, + { 300879, true }, + { 300891, true }, + { 300904, true }, + { 300916, true }, + { 300933, true }, + { 300945, true }, + { 300967, true }, + { 300974, true }, + { 300987, true }, + { 301004, true }, + { 301012, true }, + { 301034, true }, + { 301044, true }, + { 301055, true }, + { 301065, true }, + { 301073, true }, + { 301086, true }, + { 301094, true }, + { 301103, true }, + { 301115, false }, + { 301126, true }, + { 301135, true }, + { 301146, true }, + { 301163, true }, + { 301181, true }, + { 301200, true }, + { 301214, true }, + { 301226, true }, + { 301238, true }, + { 301249, true }, + { 301265, true }, + { 301282, true }, + { 301295, true }, + { 301311, true }, + { 301338, true }, + { 301350, true }, + { 301360, true }, + { 301370, false }, + { 301381, true }, + { 301389, true }, + { 301399, true }, + { 301428, true }, + { 301448, true }, + { 301468, true }, + { 301482, true }, + { 301492, true }, + { 301528, true }, + { 301561, true }, + { 301584, true }, + { 301597, true }, + { 301609, true }, + { 301621, true }, + { 301641, true }, + { 301651, true }, + { 301660, true }, + { 301678, true }, + { 301695, true }, + { 301710, true }, + { 301722, false }, + { 301745, true }, + { 301765, true }, + { 301785, true }, + { 301803, true }, + { 301821, false }, + { 301840, true }, + { 301854, true }, + { 301868, true }, + { 301885, true }, + { 301900, true }, + { 301912, true }, + { 301921, true }, + { 301935, true }, + { 301944, true }, + { 301951, true }, + { 301959, true }, + { 301968, true }, + { 301976, true }, + { 301985, true }, + { 301997, true }, + { 302017, true }, + { 302026, true }, + { 302034, true }, + { 302047, true }, + { 302055, true }, + { 302068, true }, + { 302083, true }, + { 302090, true }, + { 302101, true }, + { 302118, true }, + { 302143, true }, + { 302154, true }, + { 302162, true }, + { 302176, true }, + { 302188, true }, + { 302204, true }, + { 302225, true }, + { 302240, true }, + { 302257, true }, + { 302267, true }, + { 302281, true }, + { 302289, true }, + { 302304, true }, + { 302312, true }, + { 302320, true }, + { 302332, true }, + { 302353, true }, + { 302361, true }, + { 302373, true }, + { 302381, true }, + { 302395, true }, + { 302408, true }, + { 302426, true }, + { 302441, true }, + { 302456, true }, + { 302464, true }, + { 302476, true }, + { 302506, true }, + { 302526, false }, + { 302534, true }, + { 302552, true }, + { 302562, true }, + { 302582, true }, + { 302594, true }, + { 302614, true }, + { 302628, true }, + { 302639, true }, + { 302662, true }, + { 302688, true }, + { 302714, true }, + { 302729, true }, + { 302755, true }, + { 302767, true }, + { 302796, true }, + { 302806, true }, + { 302815, true }, + { 302828, true }, + { 302849, true }, + { 302861, true }, + { 302877, true }, + { 302892, true }, + { 302902, true }, + { 302919, true }, + { 302937, true }, + { 302968, true }, + { 302988, true }, + { 303005, true }, + { 303022, true }, + { 303051, true }, + { 303068, true }, + { 303086, true }, + { 303099, true }, + { 303111, true }, + { 303120, true }, + { 303133, true }, + { 303148, true }, + { 303163, true }, + { 303177, true }, + { 303189, true }, + { 303199, true }, + { 303210, true }, + { 303223, true }, + { 303240, true }, + { 303260, true }, + { 303273, true }, + { 303294, true }, + { 303302, true }, + { 303314, true }, + { 303324, true }, + { 303341, true }, + { 303358, true }, + { 303375, true }, + { 303397, true }, + { 303406, true }, + { 303432, true }, + { 303444, true }, + { 303456, true }, + { 303465, true }, + { 303479, true }, + { 303493, true }, + { 303505, true }, + { 303517, false }, + { 303532, false }, + { 303550, false }, + { 303565, true }, + { 303578, true }, + { 303592, true }, + { 303605, true }, + { 303618, true }, + { 303631, true }, + { 303643, true }, + { 303661, true }, + { 303674, true }, + { 303694, true }, + { 303703, true }, + { 303717, true }, + { 303724, true }, + { 303735, true }, + { 303746, true }, + { 303769, true }, + { 303782, true }, + { 303799, true }, + { 303811, true }, + { 303822, true }, + { 303839, true }, + { 303851, true }, + { 303863, true }, + { 303876, false }, + { 303888, true }, + { 303902, true }, + { 303913, true }, + { 303932, true }, + { 303942, true }, + { 303961, true }, + { 303978, true }, + { 303991, false }, + { 304009, true }, + { 304019, false }, + { 304030, true }, + { 304045, true }, + { 304056, true }, + { 304072, true }, + { 304089, true }, + { 304106, true }, + { 304123, true }, + { 304143, true }, + { 304164, true }, + { 304175, true }, + { 304188, true }, + { 304198, true }, + { 304213, true }, + { 304223, true }, + { 304234, true }, + { 304252, true }, + { 304263, true }, + { 304277, true }, + { 304287, true }, + { 304299, true }, + { 304314, true }, + { 304325, true }, + { 304350, true }, + { 304377, true }, + { 304403, true }, + { 304428, true }, + { 304446, true }, + { 304463, true }, + { 304480, true }, + { 304499, true }, + { 304511, false }, + { 304531, true }, + { 304555, true }, + { 304580, true }, + { 304601, true }, + { 304624, true }, + { 304641, true }, + { 304666, true }, + { 304687, true }, + { 304709, true }, + { 304739, true }, + { 304760, true }, + { 304777, true }, + { 304799, false }, + { 304812, true }, + { 304836, true }, + { 304858, true }, + { 304874, true }, + { 304884, true }, + { 304907, true }, + { 304919, true }, + { 304928, true }, + { 304935, true }, + { 304947, true }, + { 304956, true }, + { 304975, true }, + { 304984, true }, + { 304991, true }, + { 305004, true }, + { 305023, true }, + { 305035, true }, + { 305052, true }, + { 305066, true }, + { 305081, true }, + { 305100, true }, + { 305117, true }, + { 305130, true }, + { 305139, true }, + { 305149, true }, + { 305159, true }, + { 305170, true }, + { 305180, true }, + { 305190, true }, + { 305201, true }, + { 305217, true }, + { 305238, true }, + { 305254, true }, + { 305274, true }, + { 305284, true }, + { 305295, true }, + { 305303, true }, + { 305314, true }, + { 305324, true }, + { 305334, true }, + { 305353, true }, + { 305365, true }, + { 305372, true }, + { 305384, true }, + { 305395, true }, + { 305409, true }, + { 305423, true }, + { 305438, true }, + { 305462, true }, + { 305478, true }, + { 305492, true }, + { 305517, true }, + { 305532, true }, + { 305540, true }, + { 305558, true }, + { 305570, true }, + { 305583, true }, + { 305594, true }, + { 305605, true }, + { 305620, true }, + { 305635, true }, + { 305654, true }, + { 305675, true }, + { 305690, true }, + { 305704, true }, + { 305715, true }, + { 305750, true }, + { 305760, true }, + { 305775, true }, + { 305795, true }, + { 305809, true }, + { 305824, true }, + { 305836, true }, + { 305847, true }, + { 305862, true }, + { 305877, true }, + { 305891, true }, + { 305907, true }, + { 305924, true }, + { 305940, true }, + { 305956, true }, + { 305972, true }, + { 305990, true }, + { 306004, true }, + { 306016, true }, + { 306034, true }, + { 306053, true }, + { 306073, true }, + { 306085, true }, + { 306101, true }, + { 306118, true }, + { 306132, true }, + { 306147, true }, + { 306161, true }, + { 306175, true }, + { 306186, true }, + { 306203, true }, + { 306215, true }, + { 306232, true }, + { 306242, true }, + { 306252, true }, + { 306263, true }, + { 306275, true }, + { 306284, true }, + { 306292, true }, + { 306307, true }, + { 306329, true }, + { 306350, true }, + { 306364, true }, + { 306376, true }, + { 306394, true }, + { 306409, true }, + { 306416, true }, + { 306427, true }, + { 306439, true }, + { 306453, true }, + { 306474, true }, + { 306485, true }, + { 306492, true }, + { 306503, true }, + { 306520, true }, + { 306533, false }, + { 306545, true }, + { 306560, true }, + { 306576, true }, + { 306590, true }, + { 306609, true }, + { 306626, true }, + { 306644, true }, + { 306656, true }, + { 306678, true }, + { 306689, true }, + { 306706, true }, + { 306718, true }, + { 306728, true }, + { 306741, true }, + { 306752, true }, + { 306767, true }, + { 306783, true }, + { 306803, true }, + { 306824, true }, + { 306842, true }, + { 306857, true }, + { 306871, true }, + { 306887, true }, + { 306911, true }, + { 306922, true }, + { 306933, true }, + { 306947, true }, + { 306969, true }, + { 306984, true }, + { 307001, true }, + { 307018, true }, + { 307030, true }, + { 307045, true }, + { 307057, true }, + { 307072, true }, + { 307082, true }, + { 307095, true }, + { 307108, true }, + { 307121, true }, + { 307134, true }, + { 307148, true }, + { 307157, false }, + { 307180, false }, + { 307200, true }, + { 307221, true }, + { 307236, true }, + { 307250, true }, + { 307269, true }, + { 307280, true }, + { 307294, true }, + { 307309, true }, + { 307319, true }, + { 307330, false }, + { 307343, true }, + { 307358, true }, + { 307369, true }, + { 307383, true }, + { 307402, true }, + { 307418, true }, + { 307437, true }, + { 307451, true }, + { 307472, true }, + { 307492, true }, + { 307503, false }, + { 307514, true }, + { 307523, true }, + { 307539, true }, + { 307547, true }, + { 307555, true }, + { 307569, true }, + { 307608, true }, + { 307630, true }, + { 307641, true }, + { 307653, true }, + { 307670, true }, + { 307678, true }, + { 307691, true }, + { 307700, true }, + { 307708, true }, + { 307724, true }, + { 307741, true }, + { 307755, true }, + { 307764, true }, + { 307772, true }, + { 307787, true }, + { 307798, true }, + { 307808, true }, + { 307819, true }, + { 307830, true }, + { 307840, true }, + { 307854, true }, + { 307865, true }, + { 307876, true }, + { 307886, true }, + { 307900, true }, + { 307910, true }, + { 307921, true }, + { 307932, true }, + { 307944, true }, + { 307951, true }, + { 307963, true }, + { 307973, true }, + { 307984, true }, + { 308006, true }, + { 308025, true }, + { 308033, true }, + { 308045, true }, + { 308064, true }, + { 308078, true }, + { 308099, true }, + { 308122, true }, + { 308137, true }, + { 308159, true }, + { 308168, true }, + { 308177, true }, + { 308189, true }, + { 308207, true }, + { 308220, true }, + { 308234, true }, + { 308246, true }, + { 308257, true }, + { 308268, true }, + { 308289, true }, + { 308308, true }, + { 308318, true }, + { 308330, true }, + { 308339, true }, + { 308351, true }, + { 308367, true }, + { 308374, true }, + { 308382, true }, + { 308397, true }, + { 308417, true }, + { 308425, true }, + { 308438, true }, + { 308457, true }, + { 308470, true }, + { 308487, true }, + { 308496, true }, + { 308508, true }, + { 308527, true }, + { 308541, true }, + { 308556, true }, + { 308576, true }, + { 308601, true }, + { 308624, true }, + { 308637, true }, + { 308647, true }, + { 308659, true }, + { 308683, true }, + { 308699, true }, + { 308715, true }, + { 308738, true }, + { 308752, true }, + { 308768, true }, + { 308790, true }, + { 308807, true }, + { 308823, true }, + { 308840, true }, + { 308854, true }, + { 308869, true }, + { 308884, true }, + { 308899, true }, + { 308920, true }, + { 308936, true }, + { 308955, true }, + { 308971, true }, + { 308983, true }, + { 308991, true }, + { 309001, true }, + { 309018, true }, + { 309036, true }, + { 309048, true }, + { 309056, true }, + { 309072, true }, + { 309081, true }, + { 309089, true }, + { 309101, false }, + { 309110, true }, + { 309121, true }, + { 309133, true }, + { 309147, true }, + { 309159, true }, + { 309170, true }, + { 309183, true }, + { 309195, true }, + { 309205, true }, + { 309216, true }, + { 309225, true }, + { 309248, true }, + { 309262, true }, + { 309275, true }, + { 309288, true }, + { 309302, true }, + { 309315, true }, + { 309328, true }, + { 309340, true }, + { 309348, true }, + { 309358, false }, + { 309367, true }, + { 309383, true }, + { 309390, true }, + { 309399, true }, + { 309413, true }, + { 309421, false }, + { 309441, true }, + { 309460, true }, + { 309472, true }, + { 309486, true }, + { 309505, true }, + { 309522, true }, + { 309538, true }, + { 309554, true }, + { 309571, true }, + { 309589, true }, + { 309605, true }, + { 309615, true }, + { 309628, true }, + { 309637, true }, + { 309649, true }, + { 309680, true }, + { 309707, true }, + { 309735, false }, + { 309749, true }, + { 309763, true }, + { 309773, true }, + { 309786, true }, + { 309802, true }, + { 309818, false }, + { 309828, true }, + { 309864, true }, + { 309874, true }, + { 309886, true }, + { 309899, true }, + { 309911, true }, + { 309923, true }, + { 309938, true }, + { 309951, true }, + { 309963, true }, + { 309977, true }, + { 309991, true }, + { 310005, true }, + { 310023, false }, + { 310040, true }, + { 310058, true }, + { 310076, true }, + { 310095, true }, + { 310113, true }, + { 310131, true }, + { 310149, false }, + { 310162, true }, + { 310177, true }, + { 310191, true }, + { 310209, true }, + { 310219, true }, + { 310230, true }, + { 310239, true }, + { 310259, true }, + { 310271, true }, + { 310289, true }, + { 310312, true }, + { 310325, true }, + { 310339, true }, + { 310351, true }, + { 310371, true }, + { 310382, true }, + { 310393, true }, + { 310415, true }, + { 310429, true }, + { 310446, true }, + { 310457, true }, + { 310466, true }, + { 310479, true }, + { 310492, true }, + { 310502, true }, + { 310516, true }, + { 310527, true }, + { 310545, true }, + { 310555, true }, + { 310568, true }, + { 310584, true }, + { 310599, true }, + { 310608, true }, + { 310621, true }, + { 310636, true }, + { 310648, true }, + { 310658, true }, + { 310670, true }, + { 310681, true }, + { 310701, true }, + { 310710, true }, + { 310726, true }, + { 310743, true }, + { 310756, true }, + { 310775, true }, + { 310784, true }, + { 310803, true }, + { 310811, true }, + { 310824, false }, + { 310835, true }, + { 310853, true }, + { 310869, true }, + { 310885, true }, + { 310905, true }, + { 310921, false }, + { 310936, true }, + { 310953, false }, + { 310964, true }, + { 310976, false }, + { 310983, true }, + { 310999, true }, + { 311015, true }, + { 311034, true }, + { 311048, true }, + { 311061, true }, + { 311079, true }, + { 311098, true }, + { 311116, true }, + { 311130, true }, + { 311147, true }, + { 311162, true }, + { 311179, true }, + { 311193, true }, + { 311209, true }, + { 311230, true }, + { 311242, true }, + { 311256, true }, + { 311272, true }, + { 311289, true }, + { 311305, true }, + { 311327, true }, + { 311352, true }, + { 311375, true }, + { 311392, true }, + { 311413, true }, + { 311432, true }, + { 311444, false }, + { 311458, true }, + { 311472, true }, + { 311486, true }, + { 311503, true }, + { 311523, true }, + { 311536, true }, + { 311557, true }, + { 311569, true }, + { 311581, true }, + { 311600, true }, + { 311624, true }, + { 311637, true }, + { 311647, true }, + { 311668, true }, + { 311688, true }, + { 311709, true }, + { 311722, true }, + { 311743, true }, + { 311766, true }, + { 311788, true }, + { 311810, true }, + { 311832, true }, + { 311845, true }, + { 311864, true }, + { 311887, true }, + { 311912, true }, + { 311930, true }, + { 311948, true }, + { 311964, true }, + { 311978, true }, + { 311988, true }, + { 312009, true }, + { 312023, true }, + { 312033, true }, + { 312056, true }, + { 312072, true }, + { 312088, true }, + { 312114, true }, + { 312142, false }, + { 312169, true }, + { 312180, true }, + { 312196, true }, + { 312206, true }, + { 312221, true }, + { 312237, true }, + { 312253, true }, + { 312274, true }, + { 312293, true }, + { 312314, true }, + { 312350, true }, + { 312372, true }, + { 312399, true }, + { 312423, true }, + { 312450, true }, + { 312475, true }, + { 312498, true }, + { 312515, true }, + { 312533, true }, + { 312552, true }, + { 312568, true }, + { 312591, true }, + { 312615, true }, + { 312627, true }, + { 312640, true }, + { 312652, true }, + { 312670, true }, + { 312698, true }, + { 312711, true }, + { 312730, true }, + { 312749, true }, + { 312768, true }, + { 312787, true }, + { 312806, true }, + { 312824, true }, + { 312841, true }, + { 312857, true }, + { 312874, false }, + { 312891, true }, + { 312903, true }, + { 312924, true }, + { 312939, true }, + { 312962, true }, + { 312989, true }, + { 313008, true }, + { 313025, true }, + { 313042, true }, + { 313058, true }, + { 313077, true }, + { 313097, true }, + { 313120, true }, + { 313139, true }, + { 313158, true }, + { 313177, true }, + { 313195, true }, + { 313213, true }, + { 313224, true }, + { 313235, true }, + { 313246, true }, + { 313266, true }, + { 313281, true }, + { 313301, true }, + { 313315, true }, + { 313335, true }, + { 313359, false }, + { 313380, true }, + { 313397, true }, + { 313414, true }, + { 313436, true }, + { 313449, true }, + { 313469, true }, + { 313488, true }, + { 313512, true }, + { 313527, true }, + { 313541, true }, + { 313553, true }, + { 313573, true }, + { 313603, true }, + { 313626, true }, + { 313649, true }, + { 313678, true }, + { 313697, true }, + { 313708, true }, + { 313725, true }, + { 313747, false }, + { 313770, true }, + { 313782, true }, + { 313800, true }, + { 313816, true }, + { 313835, true }, + { 313850, true }, + { 313875, true }, + { 313894, true }, + { 313914, true }, + { 313941, false }, + { 313953, true }, + { 313966, true }, + { 313984, true }, + { 314002, true }, + { 314022, true }, + { 314040, true }, + { 314057, true }, + { 314075, true }, + { 314091, true }, + { 314111, true }, + { 314125, true }, + { 314140, true }, + { 314149, true }, + { 314164, true }, + { 314181, true }, + { 314193, true }, + { 314207, true }, + { 314218, true }, + { 314230, true }, + { 314242, true }, + { 314258, true }, + { 314271, true }, + { 314289, true }, + { 314304, true }, + { 314319, true }, + { 314331, true }, + { 314344, true }, + { 314358, true }, + { 314378, true }, + { 314395, true }, + { 314406, true }, + { 314418, true }, + { 314428, true }, + { 314444, true }, + { 314464, true }, + { 314478, true }, + { 314496, true }, + { 314516, true }, + { 314531, true }, + { 314547, true }, + { 314562, true }, + { 314575, true }, + { 314590, true }, + { 314602, true }, + { 314618, true }, + { 314630, true }, + { 314645, true }, + { 314661, true }, + { 314671, true }, + { 314678, true }, + { 314702, true }, + { 314719, true }, + { 314736, true }, + { 314745, true }, + { 314760, true }, + { 314772, true }, + { 314783, true }, + { 314796, true }, + { 314806, true }, + { 314826, true }, + { 314838, true }, + { 314849, true }, + { 314862, true }, + { 314872, true }, + { 314881, true }, + { 314901, true }, + { 314921, true }, + { 314941, true }, + { 314955, true }, + { 314967, true }, + { 314978, true }, + { 314989, false }, + { 315000, true }, + { 315011, false }, + { 315021, false }, + { 315038, true }, + { 315054, false }, + { 315066, true }, + { 315082, true }, + { 315101, true }, + { 315114, true }, + { 315123, true }, + { 315134, true }, + { 315146, true }, + { 315155, true }, + { 315165, true }, + { 315178, true }, + { 315190, true }, + { 315200, true }, + { 315218, true }, + { 315231, true }, + { 315243, true }, + { 315257, true }, + { 315268, true }, + { 315275, true }, + { 315288, true }, + { 315300, true }, + { 315313, true }, + { 315326, true }, + { 315335, true }, + { 315344, true }, + { 315359, true }, + { 315370, true }, + { 315388, true }, + { 315404, true }, + { 315424, true }, + { 315435, true }, + { 315447, false }, + { 315457, true }, + { 315468, true }, + { 315488, true }, + { 315521, true }, + { 315532, true }, + { 315544, true }, + { 315558, false }, + { 315572, true }, + { 315586, true }, + { 315598, true }, + { 315613, true }, + { 315622, true }, + { 315635, false }, + { 315655, true }, + { 315672, true }, + { 315686, true }, + { 315701, true }, + { 315726, true }, + { 315740, true }, + { 315755, true }, + { 315774, true }, + { 315783, true }, + { 315797, true }, + { 315815, true }, + { 315837, true }, + { 315853, true }, + { 315869, true }, + { 315885, false }, + { 315902, true }, + { 315919, true }, + { 315931, true }, + { 315939, true }, + { 315952, true }, + { 315965, true }, + { 315979, true }, + { 315992, true }, + { 316005, true }, + { 316021, true }, + { 316035, true }, + { 316048, true }, + { 316061, true }, + { 316074, true }, + { 316087, true }, + { 316100, true }, + { 316115, true }, + { 316128, true }, + { 316142, true }, + { 316155, true }, + { 316169, true }, + { 316182, true }, + { 316195, true }, + { 316208, true }, + { 316221, true }, + { 316233, true }, + { 316246, true }, + { 316258, true }, + { 316269, true }, + { 316280, true }, + { 316287, true }, + { 316304, true }, + { 316317, false }, + { 316326, true }, + { 316336, true }, + { 316354, true }, + { 316363, true }, + { 316376, true }, + { 316387, true }, + { 316404, true }, + { 316420, true }, + { 316435, true }, + { 316448, true }, + { 316464, true }, + { 316477, true }, + { 316490, true }, + { 316510, true }, + { 316521, true }, + { 316530, true }, + { 316545, true }, + { 316557, true }, + { 316578, true }, + { 316603, true }, + { 316627, true }, + { 316640, true }, + { 316654, true }, + { 316674, true }, + { 316694, true }, + { 316715, true }, + { 316732, true }, + { 316746, true }, + { 316759, true }, + { 316770, true }, + { 316787, true }, + { 316809, true }, + { 316820, true }, + { 316840, true }, + { 316858, true }, + { 316879, true }, + { 316889, true }, + { 316910, true }, + { 316923, true }, + { 316931, true }, + { 316945, true }, + { 316959, true }, + { 316972, true }, + { 316981, true }, + { 316989, true }, + { 317003, true }, + { 317015, true }, + { 317033, true }, + { 317047, true }, + { 317067, true }, + { 317084, true }, + { 317104, true }, + { 317124, true }, + { 317142, true }, + { 317163, true }, + { 317183, true }, + { 317206, true }, + { 317226, true }, + { 317243, true }, + { 317257, true }, + { 317273, true }, + { 317294, true }, + { 317307, true }, + { 317327, true }, + { 317339, true }, + { 317357, true }, + { 317367, true }, + { 317392, true }, + { 317418, true }, + { 317442, true }, + { 317462, true }, + { 317475, true }, + { 317484, true }, + { 317505, true }, + { 317515, true }, + { 317526, true }, + { 317547, true }, + { 317567, true }, + { 317584, true }, + { 317604, true }, + { 317621, true }, + { 317651, true }, + { 317662, true }, + { 317673, true }, + { 317695, true }, + { 317707, true }, + { 317719, true }, + { 317730, true }, + { 317749, true }, + { 317762, true }, + { 317774, true }, + { 317786, true }, + { 317801, true }, + { 317812, true }, + { 317825, true }, + { 317846, true }, + { 317862, true }, + { 317881, true }, + { 317896, true }, + { 317910, true }, + { 317925, true }, + { 317941, true }, + { 317953, true }, + { 317966, true }, + { 317986, true }, + { 318001, true }, + { 318018, true }, + { 318038, false }, + { 318047, true }, + { 318056, true }, + { 318068, true }, + { 318079, true }, + { 318096, true }, + { 318108, false }, + { 318122, true }, + { 318135, true }, + { 318153, true }, + { 318167, true }, + { 318179, true }, + { 318194, true }, + { 318207, true }, + { 318240, true }, + { 318252, true }, + { 318263, true }, + { 318274, true }, + { 318284, true }, + { 318305, true }, + { 318331, true }, + { 318359, false }, + { 318370, true }, + { 318396, true }, + { 318416, true }, + { 318425, true }, + { 318439, true }, + { 318446, true }, + { 318457, true }, + { 318467, true }, + { 318479, true }, + { 318489, true }, + { 318503, true }, + { 318514, false }, + { 318525, true }, + { 318536, false }, + { 318556, true }, + { 318569, true }, + { 318585, true }, + { 318604, true }, + { 318626, true }, + { 318641, true }, + { 318657, true }, + { 318676, true }, + { 318690, true }, + { 318705, true }, + { 318724, true }, + { 318737, true }, + { 318753, true }, + { 318767, true }, + { 318782, true }, + { 318798, true }, + { 318811, true }, + { 318821, true }, + { 318830, true }, + { 318850, true }, + { 318863, true }, + { 318882, true }, + { 318900, true }, + { 318910, true }, + { 318924, true }, + { 318934, true }, + { 318952, true }, + { 318972, true }, + { 319004, true }, + { 319018, true }, + { 319031, true }, + { 319046, true }, + { 319065, true }, + { 319085, true }, + { 319104, true }, + { 319125, true }, + { 319144, true }, + { 319161, true }, + { 319178, true }, + { 319195, true }, + { 319215, true }, + { 319228, true }, + { 319243, true }, + { 319256, true }, + { 319277, true }, + { 319298, true }, + { 319319, true }, + { 319333, true }, + { 319349, true }, + { 319359, true }, + { 319379, true }, + { 319404, true }, + { 319416, true }, + { 319427, true }, + { 319444, true }, + { 319468, true }, + { 319477, true }, + { 319491, true }, + { 319504, true }, + { 319517, true }, + { 319529, true }, + { 319543, true }, + { 319564, true }, + { 319582, true }, + { 319595, true }, + { 319613, true }, + { 319630, true }, + { 319643, true }, + { 319665, true }, + { 319690, true }, + { 319715, true }, + { 319729, true }, + { 319751, true }, + { 319761, true }, + { 319776, true }, + { 319790, true }, + { 319802, true }, + { 319816, true }, + { 319830, true }, + { 319845, true }, + { 319862, true }, + { 319882, true }, + { 319898, true }, + { 319909, true }, + { 319926, true }, + { 319941, true }, + { 319954, true }, + { 319969, true }, + { 319977, true }, + { 319990, false }, + { 320003, true }, + { 320015, true }, + { 320030, true }, + { 320044, true }, + { 320058, true }, + { 320071, true }, + { 320080, true }, + { 320089, true }, + { 320097, true }, + { 320113, true }, + { 320129, true }, + { 320146, true }, + { 320160, true }, + { 320172, true }, + { 320186, true }, + { 320204, true }, + { 320223, true }, + { 320240, true }, + { 320259, true }, + { 320278, true }, + { 320291, true }, + { 320299, true }, + { 320306, true }, + { 320318, true }, + { 320333, true }, + { 320355, true }, + { 320365, true }, + { 320381, true }, + { 320394, true }, + { 320406, true }, + { 320419, true }, + { 320433, true }, + { 320449, true }, + { 320462, true }, + { 320476, true }, + { 320493, true }, + { 320504, true }, + { 320514, true }, + { 320523, true }, + { 320536, true }, + { 320556, true }, + { 320571, true }, + { 320583, false }, + { 320596, true }, + { 320609, true }, + { 320626, true }, + { 320640, true }, + { 320655, true }, + { 320667, true }, + { 320679, true }, + { 320688, true }, + { 320702, true }, + { 320710, true }, + { 320722, true }, + { 320733, true }, + { 320752, true }, + { 320766, true }, + { 320787, true }, + { 320806, true }, + { 320819, true }, + { 320838, true }, + { 320852, true }, + { 320865, true }, + { 320874, true }, + { 320886, true }, + { 320895, true }, + { 320907, true }, + { 320915, true }, + { 320937, true }, + { 320947, true }, + { 320957, true }, + { 320975, true }, + { 320988, true }, + { 320996, true }, + { 321010, true }, + { 321029, true }, + { 321043, true }, + { 321054, true }, + { 321067, false }, + { 321081, true }, + { 321095, false }, + { 321110, true }, + { 321137, true }, + { 321164, true }, + { 321184, true }, + { 321198, true }, + { 321211, true }, + { 321224, true }, + { 321238, true }, + { 321255, true }, + { 321266, true }, + { 321280, true }, + { 321293, true }, + { 321310, true }, + { 321321, true }, + { 321332, true }, + { 321346, true }, + { 321367, true }, + { 321383, true }, + { 321402, true }, + { 321418, true }, + { 321432, true }, + { 321450, true }, + { 321466, true }, + { 321489, true }, + { 321505, true }, + { 321518, true }, + { 321534, true }, + { 321548, true }, + { 321561, true }, + { 321583, true }, + { 321596, true }, + { 321611, true }, + { 321624, true }, + { 321636, true }, + { 321648, true }, + { 321661, true }, + { 321675, true }, + { 321693, true }, + { 321710, true }, + { 321729, true }, + { 321742, true }, + { 321755, true }, + { 321771, true }, + { 321787, true }, + { 321802, true }, + { 321818, true }, + { 321833, true }, + { 321849, true }, + { 321864, true }, + { 321879, true }, + { 321895, true }, + { 321910, true }, + { 321925, true }, + { 321942, true }, + { 321952, true }, + { 321966, true }, + { 321976, true }, + { 321989, true }, + { 322000, true }, + { 322013, true }, + { 322029, true }, + { 322039, true }, + { 322060, true }, + { 322071, true }, + { 322084, true }, + { 322096, true }, + { 322108, true }, + { 322129, true }, + { 322148, true }, + { 322167, true }, + { 322175, false }, + { 322194, true }, + { 322211, true }, + { 322224, true }, + { 322239, true }, + { 322253, true }, + { 322266, true }, + { 322282, true }, + { 322296, true }, + { 322311, true }, + { 322327, true }, + { 322342, true }, + { 322356, true }, + { 322366, true }, + { 322378, true }, + { 322390, true }, + { 322400, true }, + { 322416, true }, + { 322429, true }, + { 322448, true }, + { 322463, true }, + { 322484, true }, + { 322503, true }, + { 322516, true }, + { 322539, true }, + { 322549, true }, + { 322565, false }, + { 322574, false }, + { 322594, false }, + { 322602, true }, + { 322609, true }, + { 322617, true }, + { 322637, true }, + { 322649, false }, + { 322669, true }, + { 322689, true }, + { 322708, true }, + { 322722, true }, + { 322735, true }, + { 322753, false }, + { 322765, true }, + { 322777, false }, + { 322789, true }, + { 322803, true }, + { 322820, true }, + { 322834, true }, + { 322845, true }, + { 322864, true }, + { 322881, true }, + { 322897, true }, + { 322922, true }, + { 322936, true }, + { 322953, true }, + { 322969, false }, + { 322988, true }, + { 323004, true }, + { 323021, true }, + { 323040, true }, + { 323058, true }, + { 323075, true }, + { 323101, true }, + { 323112, true }, + { 323124, true }, + { 323136, true }, + { 323160, true }, + { 323180, true }, + { 323199, true }, + { 323211, true }, + { 323234, true }, + { 323260, true }, + { 323274, true }, + { 323291, true }, + { 323307, true }, + { 323324, true }, + { 323339, true }, + { 323353, true }, + { 323370, true }, + { 323390, true }, + { 323403, true }, + { 323417, true }, + { 323442, true }, + { 323460, true }, + { 323477, true }, + { 323491, true }, + { 323504, true }, + { 323525, true }, + { 323545, true }, + { 323559, true }, + { 323569, true }, + { 323585, true }, + { 323598, true }, + { 323620, true }, + { 323642, true }, + { 323664, true }, + { 323679, true }, + { 323708, true }, + { 323719, true }, + { 323731, true }, + { 323747, true }, + { 323761, true }, + { 323780, true }, + { 323794, false }, + { 323816, true }, + { 323834, true }, + { 323862, true }, + { 323877, true }, + { 323899, true }, + { 323923, true }, + { 323932, true }, + { 323947, true }, + { 323981, true }, + { 324002, true }, + { 324023, true }, + { 324031, true }, + { 324043, true }, + { 324063, true }, + { 324079, true }, + { 324097, true }, + { 324107, true }, + { 324120, true }, + { 324129, true }, + { 324142, true }, + { 324151, false }, + { 324162, true }, + { 324173, true }, + { 324192, true }, + { 324210, true }, + { 324222, true }, + { 324230, true }, + { 324241, true }, + { 324252, true }, + { 324261, true }, + { 324275, false }, + { 324289, true }, + { 324305, true }, + { 324323, true }, + { 324340, true }, + { 324358, true }, + { 324383, true }, + { 324404, true }, + { 324421, true }, + { 324432, false }, + { 324444, true }, + { 324455, false }, + { 324471, true }, + { 324495, true }, + { 324505, true }, + { 324517, true }, + { 324532, true }, + { 324559, true }, + { 324571, true }, + { 324581, true }, + { 324592, true }, + { 324607, true }, + { 324619, true }, + { 324647, true }, + { 324672, true }, + { 324686, true }, + { 324705, true }, + { 324715, true }, + { 324760, true }, + { 324805, true }, + { 324813, true }, + { 324822, true }, + { 324834, true }, + { 324848, true }, + { 324857, true }, + { 324873, true }, + { 324885, true }, + { 324897, true }, + { 324922, true }, + { 324939, true }, + { 324956, true }, + { 324971, true }, + { 324983, true }, + { 324995, true }, + { 325008, true }, + { 325021, true }, + { 325029, true }, + { 325047, true }, + { 325064, true }, + { 325086, true }, + { 325102, true }, + { 325121, true }, + { 325130, false }, + { 325138, true }, + { 325146, true }, + { 325171, false }, + { 325185, true }, + { 325202, true }, + { 325223, true }, + { 325240, true }, + { 325259, true }, + { 325272, true }, + { 325286, true }, + { 325299, true }, + { 325312, true }, + { 325324, true }, + { 325339, true }, + { 325352, true }, + { 325364, true }, + { 325376, true }, + { 325388, true }, + { 325401, true }, + { 325409, true }, + { 325423, true }, + { 325438, true }, + { 325451, true }, + { 325467, true }, + { 325480, true }, + { 325501, true }, + { 325522, true }, + { 325541, true }, + { 325553, true }, + { 325563, true }, + { 325588, true }, + { 325597, true }, + { 325612, true }, + { 325625, true }, + { 325638, true }, + { 325652, true }, + { 325682, true }, + { 325694, true }, + { 325709, true }, + { 325717, true }, + { 325729, true }, + { 325749, true }, + { 325765, true }, + { 325782, false }, + { 325800, true }, + { 325817, true }, + { 325834, true }, + { 325846, false }, + { 325855, true }, + { 325872, true }, + { 325890, true }, + { 325909, true }, + { 325926, false }, + { 325939, true }, + { 325955, true }, + { 325970, true }, + { 325985, true }, + { 326001, true }, + { 326015, true }, + { 326029, true }, + { 326043, true }, + { 326055, true }, + { 326069, true }, + { 326082, true }, + { 326104, true }, + { 326119, true }, + { 326134, true }, + { 326149, true }, + { 326164, true }, + { 326185, false }, + { 326196, true }, + { 326205, true }, + { 326220, true }, + { 326238, true }, + { 326259, true }, + { 326272, true }, + { 326284, true }, + { 326302, true }, + { 326319, true }, + { 326328, true }, + { 326340, true }, + { 326359, true }, + { 326373, true }, + { 326381, true }, + { 326394, true }, + { 326414, true }, + { 326426, true }, + { 326437, true }, + { 326447, true }, + { 326460, false }, + { 326484, true }, + { 326492, true }, + { 326510, true }, + { 326522, true }, + { 326551, true }, + { 326571, true }, + { 326582, true }, + { 326593, true }, + { 326604, true }, + { 326615, true }, + { 326626, true }, + { 326638, true }, + { 326652, true }, + { 326663, true }, + { 326679, true }, + { 326701, true }, + { 326719, true }, + { 326730, true }, + { 326738, true }, + { 326750, true }, + { 326762, true }, + { 326776, true }, + { 326788, true }, + { 326801, true }, + { 326815, true }, + { 326827, false }, + { 326852, true }, + { 326865, true }, + { 326877, true }, + { 326889, true }, + { 326905, true }, + { 326916, true }, + { 326927, true }, + { 326942, true }, + { 326964, true }, + { 326983, true }, + { 327002, true }, + { 327020, true }, + { 327037, true }, + { 327054, true }, + { 327078, true }, + { 327092, true }, + { 327118, true }, + { 327133, true }, + { 327153, true }, + { 327169, true }, + { 327188, true }, + { 327210, true }, + { 327240, true }, + { 327256, true }, + { 327276, true }, + { 327288, true }, + { 327300, true }, + { 327323, true }, + { 327337, true }, + { 327363, true }, + { 327381, true }, + { 327398, true }, + { 327412, true }, + { 327428, true }, + { 327458, true }, + { 327470, true }, + { 327489, true }, + { 327508, true }, + { 327520, true }, + { 327528, true }, + { 327539, true }, + { 327549, true }, + { 327560, true }, + { 327572, true }, + { 327586, true }, + { 327599, true }, + { 327619, true }, + { 327631, true }, + { 327649, true }, + { 327667, true }, + { 327685, true }, + { 327697, false }, + { 327707, true }, + { 327719, true }, + { 327733, true }, + { 327760, true }, + { 327775, true }, + { 327793, true }, + { 327802, true }, + { 327816, true }, + { 327829, true }, + { 327841, false }, + { 327858, true }, + { 327872, true }, + { 327883, true }, + { 327904, true }, + { 327914, true }, + { 327923, true }, + { 327934, true }, + { 327947, true }, + { 327968, true }, + { 327988, true }, + { 328010, true }, + { 328035, true }, + { 328051, true }, + { 328066, true }, + { 328075, true }, + { 328090, true }, + { 328110, true }, + { 328122, true }, + { 328137, true }, + { 328149, true }, + { 328164, true }, + { 328181, true }, + { 328195, true }, + { 328218, true }, + { 328236, true }, + { 328246, true }, + { 328268, true }, + { 328285, true }, + { 328302, true }, + { 328321, false }, + { 328338, true }, + { 328352, true }, + { 328377, true }, + { 328419, true }, + { 328439, true }, + { 328459, true }, + { 328484, true }, + { 328504, true }, + { 328529, true }, + { 328546, true }, + { 328563, true }, + { 328579, true }, + { 328589, true }, + { 328601, true }, + { 328614, true }, + { 328625, true }, + { 328636, true }, + { 328651, true }, + { 328658, false }, + { 328678, true }, + { 328688, true }, + { 328702, true }, + { 328710, true }, + { 328730, true }, + { 328750, true }, + { 328761, true }, + { 328770, true }, + { 328794, true }, + { 328814, true }, + { 328829, true }, + { 328850, true }, + { 328870, true }, + { 328884, true }, + { 328903, true }, + { 328914, true }, + { 328932, true }, + { 328943, true }, + { 328963, true }, + { 328988, true }, + { 329006, true }, + { 329028, true }, + { 329040, true }, + { 329057, true }, + { 329065, true }, + { 329087, true }, + { 329103, true }, + { 329116, true }, + { 329138, true }, + { 329149, true }, + { 329160, true }, + { 329174, true }, + { 329184, true }, + { 329205, true }, + { 329215, true }, + { 329232, true }, + { 329248, true }, + { 329263, true }, + { 329275, true }, + { 329292, true }, + { 329318, true }, + { 329331, true }, + { 329343, true }, + { 329354, true }, + { 329365, true }, + { 329376, true }, + { 329387, true }, + { 329398, true }, + { 329409, true }, + { 329420, true }, + { 329439, true }, + { 329466, true }, + { 329483, true }, + { 329500, true }, + { 329529, true }, + { 329546, true }, + { 329566, false }, + { 329584, true }, + { 329612, true }, + { 329623, true }, + { 329641, true }, + { 329657, true }, + { 329673, true }, + { 329696, true }, + { 329720, true }, + { 329740, false }, + { 329759, true }, + { 329771, true }, + { 329791, true }, + { 329811, true }, + { 329825, true }, + { 329849, true }, + { 329862, true }, + { 329875, true }, + { 329891, true }, + { 329906, true }, + { 329917, true }, + { 329934, true }, + { 329948, true }, + { 329966, true }, + { 329989, true }, + { 330014, true }, + { 330034, true }, + { 330062, true }, + { 330087, true }, + { 330110, true }, + { 330128, true }, + { 330150, true }, + { 330167, true }, + { 330186, true }, + { 330196, true }, + { 330217, true }, + { 330227, true }, + { 330246, true }, + { 330258, true }, + { 330271, true }, + { 330283, true }, + { 330298, true }, + { 330314, true }, + { 330336, true }, + { 330356, true }, + { 330375, true }, + { 330384, true }, + { 330404, true }, + { 330419, true }, + { 330432, true }, + { 330445, true }, + { 330466, true }, + { 330483, true }, + { 330512, true }, + { 330529, true }, + { 330548, true }, + { 330569, true }, + { 330595, true }, + { 330614, true }, + { 330635, true }, + { 330656, true }, + { 330677, true }, + { 330697, true }, + { 330709, true }, + { 330723, true }, + { 330735, true }, + { 330755, true }, + { 330773, true }, + { 330792, true }, + { 330802, true }, + { 330815, true }, + { 330828, true }, + { 330840, true }, + { 330863, true }, + { 330884, true }, + { 330919, true }, + { 330930, true }, + { 330951, true }, + { 330959, true }, + { 330968, true }, + { 330991, true }, + { 331007, true }, + { 331019, true }, + { 331037, true }, + { 331066, true }, + { 331091, true }, + { 331105, true }, + { 331122, true }, + { 331137, true }, + { 331152, true }, + { 331167, true }, + { 331188, true }, + { 331200, true }, + { 331216, true }, + { 331232, true }, + { 331248, true }, + { 331265, true }, + { 331281, true }, + { 331303, true }, + { 331324, true }, + { 331352, false }, + { 331369, false }, + { 331387, true }, + { 331404, true }, + { 331418, true }, + { 331428, true }, + { 331442, true }, + { 331451, true }, + { 331465, true }, + { 331476, true }, + { 331489, true }, + { 331499, true }, + { 331511, true }, + { 331523, true }, + { 331535, true }, + { 331547, true }, + { 331559, true }, + { 331572, true }, + { 331594, true }, + { 331605, true }, + { 331617, true }, + { 331628, true }, + { 331638, true }, + { 331649, true }, + { 331663, true }, + { 331674, true }, + { 331696, true }, + { 331711, true }, + { 331726, true }, + { 331738, true }, + { 331762, true }, + { 331776, true }, + { 331788, true }, + { 331801, true }, + { 331815, true }, + { 331829, true }, + { 331846, true }, + { 331866, true }, + { 331883, true }, + { 331912, true }, + { 331927, true }, + { 331943, true }, + { 331957, true }, + { 331974, false }, + { 331990, true }, + { 332016, true }, + { 332042, true }, + { 332050, true }, + { 332065, true }, + { 332092, true }, + { 332106, true }, + { 332118, true }, + { 332129, true }, + { 332149, true }, + { 332162, true }, + { 332188, true }, + { 332202, true }, + { 332211, true }, + { 332223, true }, + { 332234, true }, + { 332243, true }, + { 332262, true }, + { 332280, true }, + { 332294, true }, + { 332313, true }, + { 332342, true }, + { 332354, true }, + { 332373, true }, + { 332389, true }, + { 332406, true }, + { 332430, true }, + { 332445, true }, + { 332457, true }, + { 332475, true }, + { 332494, true }, + { 332512, true }, + { 332527, false }, + { 332543, false }, + { 332561, true }, + { 332581, true }, + { 332600, true }, + { 332617, true }, + { 332638, true }, + { 332653, true }, + { 332679, true }, + { 332705, true }, + { 332718, true }, + { 332734, true }, + { 332753, true }, + { 332773, true }, + { 332784, true }, + { 332792, true }, + { 332819, true }, + { 332838, true }, + { 332857, true }, + { 332871, true }, + { 332889, true }, + { 332904, true }, + { 332916, true }, + { 332929, true }, + { 332944, true }, + { 332958, true }, + { 332974, true }, + { 332992, false }, + { 333011, true }, + { 333033, true }, + { 333044, true }, + { 333058, true }, + { 333067, true }, + { 333078, true }, + { 333096, true }, + { 333113, true }, + { 333134, true }, + { 333148, true }, + { 333164, true }, + { 333181, true }, + { 333203, true }, + { 333220, true }, + { 333235, true }, + { 333253, true }, + { 333267, true }, + { 333286, true }, + { 333295, true }, + { 333310, true }, + { 333334, true }, + { 333349, true }, + { 333366, true }, + { 333388, true }, + { 333401, true }, + { 333411, true }, + { 333426, true }, + { 333446, true }, + { 333454, true }, + { 333472, true }, + { 333500, true }, + { 333522, true }, + { 333537, true }, + { 333552, true }, + { 333566, true }, + { 333584, true }, + { 333601, true }, + { 333617, true }, + { 333631, true }, + { 333646, true }, + { 333660, true }, + { 333677, false }, + { 333690, false }, + { 333700, false }, + { 333713, false }, + { 333728, true }, + { 333741, false }, + { 333753, true }, + { 333779, true }, + { 333797, true }, + { 333814, true }, + { 333831, true }, + { 333854, true }, + { 333867, true }, + { 333879, true }, + { 333896, true }, + { 333908, true }, + { 333920, true }, + { 333932, true }, + { 333950, true }, + { 333962, true }, + { 333978, true }, + { 333990, true }, + { 334003, true }, + { 334015, true }, + { 334030, true }, + { 334046, true }, + { 334062, true }, + { 334081, true }, + { 334094, true }, + { 334104, true }, + { 334116, true }, + { 334126, true }, + { 334139, true }, + { 334154, true }, + { 334166, true }, + { 334177, true }, + { 334195, true }, + { 334205, true }, + { 334213, true }, + { 334221, true }, + { 334231, true }, + { 334239, true }, + { 334249, true }, + { 334258, true }, + { 334270, true }, + { 334282, true }, + { 334296, true }, + { 334304, true }, + { 334317, true }, + { 334328, true }, + { 334337, true }, + { 334351, true }, + { 334372, true }, + { 334402, true }, + { 334429, true }, + { 334447, true }, + { 334458, true }, + { 334469, true }, + { 334478, true }, + { 334491, true }, + { 334499, true }, + { 334514, true }, + { 334521, true }, + { 334539, true }, + { 334552, true }, + { 334560, true }, + { 334570, true }, + { 334579, true }, + { 334595, true }, + { 334612, true }, + { 334637, true }, + { 334698, true }, + { 334720, true }, + { 334737, true }, + { 334750, true }, + { 334767, true }, + { 334788, true }, + { 334799, true }, + { 334807, true }, + { 334817, true }, + { 334827, true }, + { 334838, true }, + { 334854, true }, + { 334867, true }, + { 334875, true }, + { 334887, true }, + { 334895, true }, + { 334912, true }, + { 334928, false }, + { 334935, true }, + { 334949, true }, + { 334959, true }, + { 334967, true }, + { 334977, true }, + { 334991, true }, + { 334999, true }, + { 335013, true }, + { 335021, true }, + { 335033, true }, + { 335045, true }, + { 335065, true }, + { 335084, true }, + { 335101, true }, + { 335133, true }, + { 335153, true }, + { 335176, true }, + { 335188, true }, + { 335205, true }, + { 335218, true }, + { 335233, true }, + { 335244, true }, + { 335259, true }, + { 335270, true }, + { 335280, true }, + { 335291, true }, + { 335304, true }, + { 335313, true }, + { 335325, true }, + { 335341, true }, + { 335353, true }, + { 335374, true }, + { 335393, true }, + { 335409, true }, + { 335428, true }, + { 335441, true }, + { 335456, true }, + { 335470, true }, + { 335482, true }, + { 335495, true }, + { 335507, true }, + { 335517, true }, + { 335539, true }, + { 335555, true }, + { 335576, true }, + { 335589, true }, + { 335607, true }, + { 335627, true }, + { 335641, true }, + { 335658, true }, + { 335670, true }, + { 335684, true }, + { 335699, true }, + { 335717, true }, + { 335728, true }, + { 335740, true }, + { 335759, true }, + { 335779, true }, + { 335796, true }, + { 335820, true }, + { 335841, true }, + { 335856, true }, + { 335879, true }, + { 335887, true }, + { 335894, true }, + { 335907, true }, + { 335917, false }, + { 335937, true }, + { 335948, true }, + { 335972, true }, + { 335986, true }, + { 335994, true }, + { 336002, true }, + { 336017, true }, + { 336032, true }, + { 336052, false }, + { 336067, true }, + { 336081, true }, + { 336093, true }, + { 336107, true }, + { 336119, true }, + { 336130, true }, + { 336143, true }, + { 336154, true }, + { 336164, true }, + { 336174, true }, + { 336184, true }, + { 336191, true }, + { 336202, false }, + { 336222, true }, + { 336235, true }, + { 336247, true }, + { 336261, true }, + { 336269, true }, + { 336277, true }, + { 336286, true }, + { 336302, true }, + { 336321, true }, + { 336333, true }, + { 336350, false }, + { 336361, true }, + { 336373, true }, + { 336383, true }, + { 336392, true }, + { 336416, true }, + { 336441, true }, + { 336462, true }, + { 336478, false }, + { 336494, true }, + { 336506, true }, + { 336518, true }, + { 336531, true }, + { 336539, true }, + { 336547, false }, + { 336567, false }, + { 336586, true }, + { 336605, false }, + { 336625, true }, + { 336635, true }, + { 336655, false }, + { 336675, false }, + { 336694, false }, + { 336713, true }, + { 336732, false }, + { 336743, true }, + { 336760, true }, + { 336770, true }, + { 336782, true }, + { 336791, true }, + { 336804, true }, + { 336826, true }, + { 336841, true }, + { 336849, true }, + { 336861, true }, + { 336871, true }, + { 336883, false }, + { 336894, true }, + { 336905, true }, + { 336917, true }, + { 336935, false }, + { 336943, true }, + { 336956, true }, + { 336964, true }, + { 336973, true }, + { 336982, true }, + { 336997, true }, + { 337020, true }, + { 337033, false }, + { 337044, true }, + { 337066, true }, + { 337080, true }, + { 337092, true }, + { 337101, true }, + { 337113, true }, + { 337121, false }, + { 337132, true }, + { 337148, true }, + { 337157, true }, + { 337164, true }, + { 337172, true }, + { 337183, true }, + { 337197, true }, + { 337209, true }, + { 337221, true }, + { 337230, true }, + { 337239, true }, + { 337265, true }, + { 337277, true }, + { 337288, false }, + { 337299, false }, + { 337312, true }, + { 337342, true }, + { 337358, true }, + { 337384, true }, + { 337407, false }, + { 337427, true }, + { 337453, true }, + { 337467, true }, + { 337480, true }, + { 337491, true }, + { 337505, true }, + { 337524, true }, + { 337546, true }, + { 337559, true }, + { 337578, true }, + { 337593, true }, + { 337608, true }, + { 337619, true }, + { 337641, true }, + { 337657, true }, + { 337681, true }, + { 337699, true }, + { 337717, true }, + { 337730, true }, + { 337743, true }, + { 337754, true }, + { 337770, true }, + { 337796, true }, + { 337808, true }, + { 337823, false }, + { 337839, true }, + { 337859, true }, + { 337879, true }, + { 337899, true }, + { 337914, true }, + { 337931, true }, + { 337940, true }, + { 337968, true }, + { 337986, true }, + { 337999, true }, + { 338017, true }, + { 338032, true }, + { 338053, true }, + { 338061, true }, + { 338082, true }, + { 338097, true }, + { 338112, true }, + { 338127, true }, + { 338142, true }, + { 338156, true }, + { 338169, true }, + { 338183, true }, + { 338192, true }, + { 338207, true }, + { 338216, false }, + { 338224, true }, + { 338238, true }, + { 338249, true }, + { 338259, true }, + { 338268, true }, + { 338281, true }, + { 338288, true }, + { 338299, true }, + { 338308, true }, + { 338318, true }, + { 338327, true }, + { 338337, true }, + { 338349, true }, + { 338359, true }, + { 338371, true }, + { 338383, true }, + { 338396, true }, + { 338403, true }, + { 338414, true }, + { 338423, true }, + { 338440, true }, + { 338447, true }, + { 338458, true }, + { 338469, true }, + { 338480, true }, + { 338494, true }, + { 338501, true }, + { 338512, true }, + { 338519, true }, + { 338527, true }, + { 338545, true }, + { 338554, true }, + { 338566, true }, + { 338574, false }, + { 338587, true }, + { 338604, true }, + { 338621, true }, + { 338633, true }, + { 338653, true }, + { 338673, true }, + { 338689, true }, + { 338708, true }, + { 338731, true }, + { 338750, true }, + { 338764, true }, + { 338781, true }, + { 338808, true }, + { 338824, true }, + { 338835, true }, + { 338849, true }, + { 338862, true }, + { 338884, true }, + { 338894, true }, + { 338917, true }, + { 338930, true }, + { 338939, true }, + { 338952, true }, + { 338963, true }, + { 338978, true }, + { 339001, true }, + { 339035, true }, + { 339047, true }, + { 339067, true }, + { 339085, true }, + { 339096, true }, + { 339112, true }, + { 339122, true }, + { 339138, true }, + { 339148, true }, + { 339162, true }, + { 339182, true }, + { 339198, true }, + { 339220, true }, + { 339233, true }, + { 339249, true }, + { 339278, true }, + { 339305, true }, + { 339319, true }, + { 339329, true }, + { 339337, true }, + { 339347, true }, + { 339370, true }, + { 339380, true }, + { 339398, true }, + { 339415, true }, + { 339424, true }, + { 339434, true }, + { 339447, true }, + { 339466, true }, + { 339479, true }, + { 339501, true }, + { 339512, true }, + { 339527, true }, + { 339538, true }, + { 339561, true }, + { 339576, true }, + { 339601, true }, + { 339621, true }, + { 339641, true }, + { 339664, true }, + { 339678, true }, + { 339691, true }, + { 339702, true }, + { 339720, true }, + { 339737, true }, + { 339747, true }, + { 339768, true }, + { 339793, true }, + { 339807, true }, + { 339825, true }, + { 339843, true }, + { 339858, true }, + { 339872, true }, + { 339886, true }, + { 339903, true }, + { 339921, true }, + { 339934, true }, + { 339947, true }, + { 339964, true }, + { 339975, true }, + { 339993, true }, + { 340003, true }, + { 340010, true }, + { 340022, true }, + { 340032, true }, + { 340048, true }, + { 340061, true }, + { 340071, true }, + { 340084, true }, + { 340101, true }, + { 340111, true }, + { 340132, true }, + { 340152, false }, + { 340165, true }, + { 340188, true }, + { 340209, true }, + { 340231, true }, + { 340251, true }, + { 340260, true }, + { 340271, true }, + { 340287, true }, + { 340301, true }, + { 340314, true }, + { 340325, true }, + { 340336, true }, + { 340350, true }, + { 340363, true }, + { 340374, true }, + { 340392, true }, + { 340404, true }, + { 340414, true }, + { 340428, true }, + { 340443, true }, + { 340460, true }, + { 340474, true }, + { 340487, true }, + { 340502, true }, + { 340524, true }, + { 340545, true }, + { 340575, true }, + { 340585, true }, + { 340596, true }, + { 340609, true }, + { 340633, true }, + { 340646, true }, + { 340655, true }, + { 340664, true }, + { 340679, true }, + { 340699, true }, + { 340711, true }, + { 340724, true }, + { 340745, true }, + { 340761, true }, + { 340777, true }, + { 340790, true }, + { 340804, false }, + { 340821, true }, + { 340832, true }, + { 340847, true }, + { 340859, true }, + { 340869, true }, + { 340882, true }, + { 340896, true }, + { 340914, true }, + { 340927, true }, + { 340937, true }, + { 340948, true }, + { 340958, true }, + { 340968, true }, + { 340980, true }, + { 340993, true }, + { 341005, true }, + { 341024, true }, + { 341039, true }, + { 341048, true }, + { 341059, true }, + { 341076, true }, + { 341088, true }, + { 341100, true }, + { 341113, true }, + { 341125, true }, + { 341136, true }, + { 341151, true }, + { 341167, true }, + { 341177, true }, + { 341187, true }, + { 341204, true }, + { 341218, true }, + { 341233, true }, + { 341245, true }, + { 341256, true }, + { 341263, true }, + { 341270, true }, + { 341286, true }, + { 341297, true }, + { 341307, true }, + { 341319, true }, + { 341332, true }, + { 341348, true }, + { 341365, true }, + { 341372, true }, + { 341381, false }, + { 341388, true }, + { 341396, true }, + { 341408, true }, + { 341423, true }, + { 341436, true }, + { 341453, true }, + { 341466, true }, + { 341481, true }, + { 341489, true }, + { 341502, true }, + { 341526, true }, + { 341545, true }, + { 341556, true }, + { 341568, false }, + { 341582, true }, + { 341595, true }, + { 341609, true }, + { 341625, true }, + { 341640, true }, + { 341658, true }, + { 341672, true }, + { 341691, true }, + { 341702, true }, + { 341718, true }, + { 341742, true }, + { 341766, true }, + { 341787, false }, + { 341806, true }, + { 341825, true }, + { 341839, true }, + { 341854, true }, + { 341867, false }, + { 341882, true }, + { 341899, true }, + { 341918, true }, + { 341929, true }, + { 341951, true }, + { 341961, true }, + { 341971, true }, + { 341987, true }, + { 342008, true }, + { 342025, true }, + { 342036, true }, + { 342046, true }, + { 342056, true }, + { 342067, true }, + { 342083, true }, + { 342099, true }, + { 342123, true }, + { 342138, true }, + { 342152, true }, + { 342161, true }, + { 342171, true }, + { 342186, true }, + { 342201, true }, + { 342211, true }, + { 342224, true }, + { 342239, true }, + { 342255, true }, + { 342271, true }, + { 342290, true }, + { 342300, true }, + { 342321, true }, + { 342343, true }, + { 342362, false }, + { 342373, true }, + { 342398, true }, + { 342424, true }, + { 342435, true }, + { 342452, true }, + { 342467, true }, + { 342487, true }, + { 342514, true }, + { 342541, true }, + { 342572, true }, + { 342598, true }, + { 342622, true }, + { 342638, true }, + { 342652, true }, + { 342662, true }, + { 342677, true }, + { 342689, true }, + { 342709, true }, + { 342724, true }, + { 342743, false }, + { 342760, true }, + { 342781, true }, + { 342796, true }, + { 342812, true }, + { 342827, true }, + { 342857, true }, + { 342885, true }, + { 342905, true }, + { 342923, true }, + { 342935, true }, + { 342958, true }, + { 342973, true }, + { 342989, true }, + { 342997, true }, + { 343020, true }, + { 343032, true }, + { 343045, true }, + { 343057, true }, + { 343070, true }, + { 343078, true }, + { 343090, true }, + { 343102, true }, + { 343114, true }, + { 343127, true }, + { 343143, true }, + { 343155, true }, + { 343167, true }, + { 343179, true }, + { 343191, true }, + { 343203, true }, + { 343215, true }, + { 343227, true }, + { 343239, true }, + { 343265, true }, + { 343283, true }, + { 343300, true }, + { 343313, true }, + { 343341, true }, + { 343364, true }, + { 343386, true }, + { 343403, true }, + { 343415, true }, + { 343424, true }, + { 343451, true }, + { 343482, true }, + { 343493, true }, + { 343503, true }, + { 343515, true }, + { 343527, true }, + { 343542, true }, + { 343553, true }, + { 343573, true }, + { 343588, true }, + { 343599, true }, + { 343616, true }, + { 343628, true }, + { 343641, true }, + { 343669, true }, + { 343689, true }, + { 343709, true }, + { 343722, true }, + { 343736, true }, + { 343758, true }, + { 343771, true }, + { 343788, true }, + { 343805, true }, + { 343817, true }, + { 343833, true }, + { 343847, true }, + { 343858, true }, + { 343868, true }, + { 343878, true }, + { 343890, true }, + { 343901, true }, + { 343912, true }, + { 343923, true }, + { 343934, true }, + { 343948, true }, + { 343964, true }, + { 343982, true }, + { 343996, true }, + { 344017, true }, + { 344039, true }, + { 344059, true }, + { 344076, true }, + { 344087, true }, + { 344098, true }, + { 344108, true }, + { 344127, true }, + { 344154, true }, + { 344175, true }, + { 344195, true }, + { 344213, true }, + { 344228, false }, + { 344239, true }, + { 344250, true }, + { 344274, true }, + { 344291, true }, + { 344331, true }, + { 344353, true }, + { 344369, false }, + { 344386, true }, + { 344402, true }, + { 344425, true }, + { 344438, true }, + { 344448, true }, + { 344459, true }, + { 344470, true }, + { 344488, true }, + { 344499, true }, + { 344510, true }, + { 344526, true }, + { 344540, true }, + { 344561, true }, + { 344582, true }, + { 344600, true }, + { 344618, true }, + { 344625, true }, + { 344646, true }, + { 344664, true }, + { 344682, true }, + { 344699, false }, + { 344717, true }, + { 344727, true }, + { 344749, true }, + { 344760, true }, + { 344771, false }, + { 344781, true }, + { 344789, false }, + { 344811, true }, + { 344827, true }, + { 344849, true }, + { 344864, true }, + { 344881, true }, + { 344892, true }, + { 344907, true }, + { 344927, true }, + { 344944, true }, + { 344963, true }, + { 344974, true }, + { 344993, true }, + { 345017, true }, + { 345031, true }, + { 345046, true }, + { 345065, true }, + { 345083, true }, + { 345096, false }, + { 345115, true }, + { 345127, true }, + { 345136, true }, + { 345149, true }, + { 345166, true }, + { 345187, true }, + { 345199, true }, + { 345222, true }, + { 345240, true }, + { 345260, true }, + { 345270, true }, + { 345281, true }, + { 345292, true }, + { 345314, true }, + { 345348, true }, + { 345364, true }, + { 345379, false }, + { 345399, true }, + { 345421, true }, + { 345434, true }, + { 345444, true }, + { 345464, true }, + { 345480, true }, + { 345497, true }, + { 345518, true }, + { 345533, true }, + { 345550, true }, + { 345564, true }, + { 345578, true }, + { 345589, false }, + { 345599, false }, + { 345614, true }, + { 345629, true }, + { 345650, true }, + { 345662, true }, + { 345676, true }, + { 345686, true }, + { 345699, true }, + { 345714, false }, + { 345728, true }, + { 345736, true }, + { 345752, true }, + { 345772, true }, + { 345789, true }, + { 345812, true }, + { 345838, false }, + { 345847, true }, + { 345857, false }, + { 345865, true }, + { 345876, true }, + { 345886, true }, + { 345898, true }, + { 345910, true }, + { 345922, true }, + { 345936, false }, + { 345958, true }, + { 345974, true }, + { 345989, false }, + { 346003, true }, + { 346017, true }, + { 346030, true }, + { 346048, true }, + { 346072, true }, + { 346100, true }, + { 346127, true }, + { 346155, true }, + { 346182, true }, + { 346195, true }, + { 346209, true }, + { 346221, true }, + { 346233, true }, + { 346248, true }, + { 346273, true }, + { 346297, true }, + { 346311, true }, + { 346332, true }, + { 346343, true }, + { 346361, true }, + { 346376, true }, + { 346386, true }, + { 346394, true }, + { 346412, false }, + { 346434, true }, + { 346451, true }, + { 346467, true }, + { 346489, true }, + { 346514, true }, + { 346524, true }, + { 346540, true }, + { 346554, true }, + { 346566, true }, + { 346584, true }, + { 346598, true }, + { 346618, true }, + { 346638, true }, + { 346663, true }, + { 346683, true }, + { 346704, true }, + { 346724, true }, + { 346734, true }, + { 346747, false }, + { 346772, true }, + { 346789, true }, + { 346810, true }, + { 346832, true }, + { 346858, true }, + { 346886, true }, + { 346906, true }, + { 346926, true }, + { 346947, true }, + { 346975, true }, + { 346988, true }, + { 347008, true }, + { 347033, true }, + { 347047, true }, + { 347061, false }, + { 347078, true }, + { 347091, true }, + { 347110, true }, + { 347121, true }, + { 347135, true }, + { 347143, true }, + { 347152, true }, + { 347160, true }, + { 347174, true }, + { 347188, true }, + { 347200, true }, + { 347209, true }, + { 347225, true }, + { 347238, true }, + { 347251, true }, + { 347268, true }, + { 347284, true }, + { 347297, true }, + { 347309, false }, + { 347320, true }, + { 347331, true }, + { 347349, true }, + { 347369, true }, + { 347385, true }, + { 347395, false }, + { 347407, true }, + { 347419, true }, + { 347430, true }, + { 347448, true }, + { 347469, true }, + { 347484, true }, + { 347505, true }, + { 347523, true }, + { 347548, true }, + { 347571, true }, + { 347581, true }, + { 347599, true }, + { 347629, true }, + { 347650, true }, + { 347674, true }, + { 347686, true }, + { 347696, true }, + { 347712, true }, + { 347736, true }, + { 347749, true }, + { 347756, true }, + { 347763, true }, + { 347777, true }, + { 347789, true }, + { 347801, true }, + { 347814, true }, + { 347826, true }, + { 347832, true }, + { 347842, true }, + { 347852, true }, + { 347870, true }, + { 347888, true }, + { 347902, true }, + { 347911, true }, + { 347926, true }, + { 347947, true }, + { 347960, true }, + { 347970, true }, + { 347987, true }, + { 348004, true }, + { 348019, true }, + { 348036, true }, + { 348052, true }, + { 348061, true }, + { 348086, true }, + { 348096, true }, + { 348122, true }, + { 348132, true }, + { 348152, true }, + { 348163, true }, + { 348172, true }, + { 348183, true }, + { 348192, true }, + { 348203, true }, + { 348218, true }, + { 348228, true }, + { 348238, true }, + { 348254, true }, + { 348266, true }, + { 348286, true }, + { 348303, true }, + { 348321, true }, + { 348342, true }, + { 348359, true }, + { 348379, true }, + { 348402, true }, + { 348422, true }, + { 348442, true }, + { 348461, true }, + { 348482, true }, + { 348494, true }, + { 348510, true }, + { 348527, true }, + { 348539, true }, + { 348556, true }, + { 348568, true }, + { 348582, true }, + { 348601, true }, + { 348616, true }, + { 348632, false }, + { 348646, true }, + { 348655, true }, + { 348667, true }, + { 348681, true }, + { 348692, true }, + { 348704, true }, + { 348722, true }, + { 348741, true }, + { 348758, true }, + { 348775, true }, + { 348793, true }, + { 348809, true }, + { 348819, true }, + { 348835, true }, + { 348849, true }, + { 348866, true }, + { 348882, true }, + { 348900, true }, + { 348917, true }, + { 348930, true }, + { 348941, true }, + { 348961, true }, + { 348978, true }, + { 349001, true }, + { 349017, true }, + { 349035, false }, + { 349052, false }, + { 349073, true }, + { 349088, true }, + { 349098, true }, + { 349115, true }, + { 349124, true }, + { 349145, true }, + { 349155, true }, + { 349165, true }, + { 349184, true }, + { 349192, true }, + { 349203, true }, + { 349217, true }, + { 349232, true }, + { 349245, true }, + { 349260, true }, + { 349271, true }, + { 349278, true }, + { 349288, true }, + { 349311, true }, + { 349326, true }, + { 349339, true }, + { 349361, true }, + { 349372, true }, + { 349389, true }, + { 349402, true }, + { 349416, true }, + { 349434, true }, + { 349451, true }, + { 349466, true }, + { 349478, true }, + { 349491, true }, + { 349515, true }, + { 349539, true }, + { 349550, true }, + { 349561, true }, + { 349576, true }, + { 349589, true }, + { 349603, true }, + { 349614, true }, + { 349629, true }, + { 349653, true }, + { 349669, true }, + { 349696, true }, + { 349713, true }, + { 349731, true }, + { 349749, true }, + { 349767, true }, + { 349779, true }, + { 349796, true }, + { 349805, true }, + { 349815, true }, + { 349826, true }, + { 349837, true }, + { 349852, true }, + { 349869, true }, + { 349892, true }, + { 349910, true }, + { 349923, true }, + { 349931, true }, + { 349939, true }, + { 349947, true }, + { 349957, false }, + { 349967, true }, + { 349976, true }, + { 349983, true }, + { 349992, true }, + { 350011, true }, + { 350018, true }, + { 350026, true }, + { 350033, true }, + { 350048, true }, + { 350063, true }, + { 350073, true }, + { 350082, true }, + { 350094, true }, + { 350106, true }, + { 350118, true }, + { 350126, true }, + { 350143, true }, + { 350155, true }, + { 350162, false }, + { 350182, true }, + { 350195, true }, + { 350209, true }, + { 350219, true }, + { 350230, true }, + { 350241, true }, + { 350258, true }, + { 350271, true }, + { 350287, true }, + { 350305, true }, + { 350324, true }, + { 350335, true }, + { 350353, true }, + { 350371, true }, + { 350388, true }, + { 350404, true }, + { 350426, true }, + { 350447, true }, + { 350460, true }, + { 350485, true }, + { 350503, true }, + { 350518, true }, + { 350537, true }, + { 350555, true }, + { 350567, true }, + { 350578, true }, + { 350591, true }, + { 350610, true }, + { 350627, true }, + { 350646, true }, + { 350661, true }, + { 350682, true }, + { 350697, true }, + { 350713, true }, + { 350729, true }, + { 350752, true }, + { 350763, true }, + { 350783, true }, + { 350796, true }, + { 350806, true }, + { 350822, true }, + { 350835, true }, + { 350849, true }, + { 350862, true }, + { 350875, true }, + { 350889, true }, + { 350904, true }, + { 350912, true }, + { 350923, true }, + { 350932, true }, + { 350946, true }, + { 350966, true }, + { 350985, true }, + { 350999, true }, + { 351025, true }, + { 351037, true }, + { 351049, true }, + { 351066, true }, + { 351093, true }, + { 351117, true }, + { 351135, true }, + { 351155, true }, + { 351170, true }, + { 351193, true }, + { 351205, true }, + { 351219, true }, + { 351233, true }, + { 351250, true }, + { 351265, true }, + { 351277, true }, + { 351288, true }, + { 351302, true }, + { 351326, true }, + { 351348, true }, + { 351358, true }, + { 351370, true }, + { 351385, true }, + { 351395, true }, + { 351412, true }, + { 351422, true }, + { 351436, true }, + { 351448, true }, + { 351464, false }, + { 351495, true }, + { 351504, true }, + { 351516, true }, + { 351530, true }, + { 351542, true }, + { 351554, true }, + { 351567, true }, + { 351580, true }, + { 351593, true }, + { 351610, true }, + { 351623, true }, + { 351644, true }, + { 351663, true }, + { 351677, true }, + { 351689, true }, + { 351708, true }, + { 351726, true }, + { 351742, true }, + { 351759, true }, + { 351772, true }, + { 351785, true }, + { 351799, true }, + { 351813, true }, + { 351822, true }, + { 351832, true }, + { 351847, true }, + { 351857, true }, + { 351877, true }, + { 351891, true }, + { 351907, true }, + { 351920, true }, + { 351933, true }, + { 351949, true }, + { 351959, true }, + { 351975, true }, + { 351996, true }, + { 352013, true }, + { 352031, true }, + { 352053, true }, + { 352078, true }, + { 352089, true }, + { 352101, true }, + { 352115, true }, + { 352128, true }, + { 352140, true }, + { 352160, true }, + { 352170, true }, + { 352182, true }, + { 352189, true }, + { 352206, true }, + { 352228, true }, + { 352236, true }, + { 352248, true }, + { 352259, true }, + { 352269, true }, + { 352281, true }, + { 352292, true }, + { 352305, true }, + { 352320, false }, + { 352333, true }, + { 352354, true }, + { 352371, true }, + { 352379, true }, + { 352391, true }, + { 352404, true }, + { 352420, true }, + { 352432, true }, + { 352457, true }, + { 352470, true }, + { 352489, true }, + { 352515, true }, + { 352524, true }, + { 352541, true }, + { 352553, true }, + { 352569, true }, + { 352584, true }, + { 352598, true }, + { 352614, true }, + { 352631, true }, + { 352642, true }, + { 352657, true }, + { 352677, true }, + { 352699, true }, + { 352718, true }, + { 352731, true }, + { 352745, true }, + { 352758, true }, + { 352783, true }, + { 352803, true }, + { 352819, true }, + { 352834, true }, + { 352856, true }, + { 352873, true }, + { 352907, true }, + { 352925, true }, + { 352940, true }, + { 352954, true }, + { 352964, true }, + { 352975, true }, + { 352990, true }, + { 353005, true }, + { 353015, true }, + { 353027, true }, + { 353041, true }, + { 353054, true }, + { 353063, true }, + { 353081, true }, + { 353097, true }, + { 353112, true }, + { 353129, true }, + { 353144, true }, + { 353156, true }, + { 353178, true }, + { 353188, false }, + { 353211, true }, + { 353222, true }, + { 353233, true }, + { 353250, true }, + { 353264, true }, + { 353280, true }, + { 353291, true }, + { 353307, true }, + { 353320, true }, + { 353331, true }, + { 353339, true }, + { 353368, true }, + { 353378, true }, + { 353394, true }, + { 353411, true }, + { 353431, true }, + { 353447, true }, + { 353464, true }, + { 353482, true }, + { 353513, true }, + { 353534, true }, + { 353555, true }, + { 353571, true }, + { 353590, true }, + { 353611, true }, + { 353623, true }, + { 353637, true }, + { 353649, true }, + { 353662, true }, + { 353672, true }, + { 353680, true }, + { 353691, true }, + { 353700, true }, + { 353717, true }, + { 353736, true }, + { 353751, true }, + { 353760, true }, + { 353767, true }, + { 353775, true }, + { 353787, true }, + { 353799, true }, + { 353807, true }, + { 353818, true }, + { 353830, false }, + { 353837, true }, + { 353851, true }, + { 353865, true }, + { 353872, true }, + { 353886, true }, + { 353898, false }, + { 353905, true }, + { 353913, true }, + { 353930, true }, + { 353953, true }, + { 353971, true }, + { 353984, false }, + { 353993, true }, + { 354002, true }, + { 354011, true }, + { 354020, true }, + { 354031, true }, + { 354038, true }, + { 354048, true }, + { 354061, true }, + { 354078, true }, + { 354098, true }, + { 354107, true }, + { 354115, true }, + { 354126, true }, + { 354136, true }, + { 354150, true }, + { 354162, true }, + { 354176, true }, + { 354184, true }, + { 354205, true }, + { 354213, true }, + { 354222, true }, + { 354236, true }, + { 354255, false }, + { 354275, true }, + { 354285, true }, + { 354300, true }, + { 354324, true }, + { 354345, true }, + { 354356, true }, + { 354383, true }, + { 354392, true }, + { 354409, true }, + { 354431, true }, + { 354447, true }, + { 354468, true }, + { 354482, true }, + { 354500, true }, + { 354517, true }, + { 354534, true }, + { 354547, true }, + { 354562, true }, + { 354576, true }, + { 354583, true }, + { 354594, true }, + { 354606, true }, + { 354635, false }, + { 354647, true }, + { 354660, true }, + { 354681, true }, + { 354695, true }, + { 354712, true }, + { 354720, true }, + { 354731, true }, + { 354756, true }, + { 354770, true }, + { 354782, true }, + { 354796, true }, + { 354808, true }, + { 354823, true }, + { 354837, true }, + { 354845, true }, + { 354857, false }, + { 354868, true }, + { 354876, true }, + { 354883, true }, + { 354897, true }, + { 354909, true }, + { 354917, true }, + { 354925, true }, + { 354936, true }, + { 354948, true }, + { 354964, true }, + { 354989, true }, + { 355002, true }, + { 355014, true }, + { 355030, true }, + { 355042, true }, + { 355054, true }, + { 355073, true }, + { 355091, true }, + { 355104, true }, + { 355121, true }, + { 355130, true }, + { 355142, true }, + { 355150, true }, + { 355162, true }, + { 355175, true }, + { 355188, true }, + { 355204, true }, + { 355225, true }, + { 355236, true }, + { 355247, true }, + { 355256, true }, + { 355279, true }, + { 355301, true }, + { 355315, true }, + { 355343, true }, + { 355352, true }, + { 355360, true }, + { 355373, true }, + { 355391, true }, + { 355408, true }, + { 355421, true }, + { 355439, true }, + { 355451, true }, + { 355467, true }, + { 355478, true }, + { 355492, true }, + { 355511, true }, + { 355520, true }, + { 355531, true }, + { 355542, true }, + { 355564, true }, + { 355586, true }, + { 355606, false }, + { 355626, false }, + { 355642, true }, + { 355651, true }, + { 355674, false }, + { 355689, true }, + { 355697, true }, + { 355712, true }, + { 355724, true }, + { 355743, true }, + { 355759, true }, + { 355773, false }, + { 355789, true }, + { 355809, true }, + { 355826, true }, + { 355837, true }, + { 355853, true }, + { 355872, true }, + { 355883, true }, + { 355901, false }, + { 355911, true }, + { 355922, true }, + { 355930, true }, + { 355940, true }, + { 355958, true }, + { 355965, true }, + { 355977, true }, + { 355991, true }, + { 356004, true }, + { 356014, true }, + { 356022, true }, + { 356030, true }, + { 356038, true }, + { 356046, true }, + { 356059, true }, + { 356069, true }, + { 356082, true }, + { 356090, true }, + { 356099, true }, + { 356110, true }, + { 356121, true }, + { 356128, true }, + { 356135, true }, + { 356147, true }, + { 356156, true }, + { 356182, false }, + { 356205, true }, + { 356224, true }, + { 356249, true }, + { 356260, true }, + { 356293, true }, + { 356310, true }, + { 356322, true }, + { 356334, true }, + { 356348, true }, + { 356359, true }, + { 356373, true }, + { 356392, true }, + { 356402, true }, + { 356413, true }, + { 356428, true }, + { 356441, true }, + { 356455, true }, + { 356468, true }, + { 356477, true }, + { 356491, true }, + { 356500, true }, + { 356511, true }, + { 356529, true }, + { 356558, true }, + { 356580, false }, + { 356592, true }, + { 356607, true }, + { 356619, true }, + { 356632, true }, + { 356645, true }, + { 356655, true }, + { 356676, false }, + { 356693, true }, + { 356711, true }, + { 356725, true }, + { 356738, true }, + { 356754, true }, + { 356766, true }, + { 356781, true }, + { 356793, true }, + { 356806, true }, + { 356830, true }, + { 356849, true }, + { 356861, true }, + { 356879, true }, + { 356888, true }, + { 356896, true }, + { 356909, true }, + { 356917, true }, + { 356928, true }, + { 356937, true }, + { 356954, true }, + { 356972, true }, + { 356985, true }, + { 356996, true }, + { 357018, false }, + { 357039, true }, + { 357050, true }, + { 357061, true }, + { 357077, true }, + { 357106, true }, + { 357130, true }, + { 357140, true }, + { 357159, true }, + { 357174, true }, + { 357187, true }, + { 357201, true }, + { 357220, true }, + { 357236, true }, + { 357256, true }, + { 357276, true }, + { 357286, true }, + { 357297, true }, + { 357309, true }, + { 357329, true }, + { 357354, true }, + { 357369, true }, + { 357385, true }, + { 357411, true }, + { 357425, true }, + { 357440, true }, + { 357456, true }, + { 357471, true }, + { 357486, true }, + { 357503, true }, + { 357522, true }, + { 357542, true }, + { 357555, true }, + { 357583, true }, + { 357600, true }, + { 357617, false }, + { 357626, true }, + { 357642, true }, + { 357664, true }, + { 357683, true }, + { 357700, false }, + { 357715, true }, + { 357725, true }, + { 357738, false }, + { 357748, true }, + { 357773, true }, + { 357789, true }, + { 357806, true }, + { 357822, true }, + { 357838, true }, + { 357866, true }, + { 357886, true }, + { 357902, true }, + { 357923, true }, + { 357941, true }, + { 357962, true }, + { 357972, true }, + { 357986, true }, + { 357999, true }, + { 358011, true }, + { 358024, true }, + { 358033, true }, + { 358057, true }, + { 358081, true }, + { 358095, true }, + { 358109, true }, + { 358120, true }, + { 358132, true }, + { 358148, true }, + { 358165, true }, + { 358177, false }, + { 358194, true }, + { 358211, true }, + { 358219, true }, + { 358232, true }, + { 358258, true }, + { 358273, true }, + { 358290, true }, + { 358307, true }, + { 358322, true }, + { 358343, true }, + { 358361, true }, + { 358380, false }, + { 358389, true }, + { 358403, true }, + { 358418, true }, + { 358432, true }, + { 358446, true }, + { 358468, true }, + { 358481, true }, + { 358494, true }, + { 358528, true }, + { 358550, true }, + { 358565, true }, + { 358574, true }, + { 358589, true }, + { 358601, true }, + { 358620, false }, + { 358643, true }, + { 358658, true }, + { 358674, true }, + { 358690, true }, + { 358708, true }, + { 358726, false }, + { 358746, true }, + { 358760, true }, + { 358777, true }, + { 358789, true }, + { 358802, true }, + { 358818, true }, + { 358829, true }, + { 358844, true }, + { 358869, true }, + { 358885, true }, + { 358915, true }, + { 358934, false }, + { 358943, true }, + { 358962, true }, + { 358973, true }, + { 358987, true }, + { 359005, true }, + { 359024, true }, + { 359042, false }, + { 359057, true }, + { 359075, true }, + { 359087, true }, + { 359105, true }, + { 359123, true }, + { 359143, true }, + { 359162, true }, + { 359183, true }, + { 359195, true }, + { 359208, true }, + { 359220, true }, + { 359232, true }, + { 359246, true }, + { 359259, true }, + { 359272, true }, + { 359291, true }, + { 359308, true }, + { 359325, true }, + { 359346, true }, + { 359357, true }, + { 359369, true }, + { 359380, true }, + { 359393, true }, + { 359412, true }, + { 359433, true }, + { 359442, true }, + { 359460, true }, + { 359474, true }, + { 359487, true }, + { 359495, true }, + { 359509, true }, + { 359525, true }, + { 359539, true }, + { 359554, true }, + { 359562, true }, + { 359586, false }, + { 359604, true }, + { 359622, false }, + { 359642, true }, + { 359660, true }, + { 359674, true }, + { 359693, true }, + { 359713, true }, + { 359723, true }, + { 359739, true }, + { 359755, true }, + { 359763, true }, + { 359781, true }, + { 359792, true }, + { 359814, true }, + { 359834, true }, + { 359842, true }, + { 359856, true }, + { 359878, true }, + { 359894, true }, + { 359904, true }, + { 359918, true }, + { 359930, true }, + { 359939, true }, + { 359954, true }, + { 359973, true }, + { 359983, true }, + { 359992, true }, + { 360002, true }, + { 360018, true }, + { 360038, true }, + { 360065, true }, + { 360086, true }, + { 360098, true }, + { 360116, true }, + { 360142, true }, + { 360159, true }, + { 360180, true }, + { 360198, true }, + { 360208, true }, + { 360226, true }, + { 360242, true }, + { 360255, true }, + { 360265, true }, + { 360275, true }, + { 360289, true }, + { 360306, true }, + { 360334, true }, + { 360352, true }, + { 360369, true }, + { 360384, true }, + { 360398, true }, + { 360420, true }, + { 360432, true }, + { 360444, true }, + { 360457, true }, + { 360476, true }, + { 360486, true }, + { 360502, true }, + { 360520, true }, + { 360542, true }, + { 360562, true }, + { 360584, true }, + { 360606, true }, + { 360620, true }, + { 360638, true }, + { 360652, true }, + { 360663, true }, + { 360679, true }, + { 360697, true }, + { 360710, true }, + { 360724, true }, + { 360735, true }, + { 360742, true }, + { 360751, true }, + { 360763, true }, + { 360776, true }, + { 360782, true }, + { 360788, true }, + { 360795, true }, + { 360806, true }, + { 360814, true }, + { 360826, true }, + { 360837, true }, + { 360849, true }, + { 360870, true }, + { 360882, true }, + { 360891, true }, + { 360906, true }, + { 360914, true }, + { 360929, true }, + { 360946, true }, + { 360957, true }, + { 360969, true }, + { 360982, true }, + { 360994, true }, + { 361011, true }, + { 361029, true }, + { 361059, true }, + { 361077, true }, + { 361090, true }, + { 361109, true }, + { 361121, true }, + { 361137, true }, + { 361148, true }, + { 361172, true }, + { 361186, true }, + { 361198, false }, + { 361211, true }, + { 361229, true }, + { 361244, true }, + { 361257, true }, + { 361279, true }, + { 361295, true }, + { 361309, true }, + { 361328, true }, + { 361346, true }, + { 361362, true }, + { 361372, true }, + { 361380, true }, + { 361394, true }, + { 361413, true }, + { 361427, true }, + { 361440, true }, + { 361453, true }, + { 361467, true }, + { 361484, true }, + { 361501, true }, + { 361515, true }, + { 361530, true }, + { 361542, true }, + { 361554, true }, + { 361572, true }, + { 361584, true }, + { 361598, true }, + { 361614, true }, + { 361630, true }, + { 361644, false }, + { 361657, true }, + { 361671, true }, + { 361686, true }, + { 361704, true }, + { 361716, true }, + { 361728, true }, + { 361747, true }, + { 361766, true }, + { 361788, true }, + { 361808, true }, + { 361821, true }, + { 361842, true }, + { 361859, true }, + { 361885, true }, + { 361903, true }, + { 361919, true }, + { 361932, true }, + { 361945, true }, + { 361957, true }, + { 361970, true }, + { 361986, true }, + { 361999, true }, + { 362019, true }, + { 362038, true }, + { 362051, true }, + { 362066, true }, + { 362081, true }, + { 362096, true }, + { 362113, true }, + { 362126, true }, + { 362154, true }, + { 362165, true }, + { 362178, true }, + { 362189, true }, + { 362204, true }, + { 362217, true }, + { 362242, true }, + { 362254, true }, + { 362268, true }, + { 362287, true }, + { 362301, true }, + { 362316, true }, + { 362330, true }, + { 362344, true }, + { 362358, true }, + { 362375, true }, + { 362389, true }, + { 362405, true }, + { 362428, true }, + { 362452, true }, + { 362467, true }, + { 362482, true }, + { 362503, true }, + { 362524, true }, + { 362556, true }, + { 362569, true }, + { 362580, true }, + { 362592, true }, + { 362604, true }, + { 362626, true }, + { 362645, true }, + { 362671, true }, + { 362684, true }, + { 362702, true }, + { 362715, true }, + { 362732, true }, + { 362743, true }, + { 362769, true }, + { 362779, true }, + { 362791, true }, + { 362811, true }, + { 362823, true }, + { 362835, true }, + { 362853, true }, + { 362870, true }, + { 362885, true }, + { 362904, true }, + { 362916, true }, + { 362931, true }, + { 362944, true }, + { 362966, true }, + { 362982, true }, + { 362998, true }, + { 363019, true }, + { 363037, true }, + { 363053, true }, + { 363069, true }, + { 363082, true }, + { 363097, true }, + { 363117, true }, + { 363133, true }, + { 363152, true }, + { 363174, true }, + { 363191, true }, + { 363206, true }, + { 363227, true }, + { 363247, true }, + { 363260, true }, + { 363270, true }, + { 363282, true }, + { 363295, true }, + { 363316, true }, + { 363331, true }, + { 363343, true }, + { 363358, true }, + { 363370, true }, + { 363382, true }, + { 363395, true }, + { 363409, true }, + { 363427, true }, + { 363442, true }, + { 363452, true }, + { 363466, true }, + { 363479, true }, + { 363491, true }, + { 363506, true }, + { 363523, true }, + { 363535, true }, + { 363552, true }, + { 363567, true }, + { 363585, false }, + { 363605, true }, + { 363616, true }, + { 363638, true }, + { 363650, true }, + { 363672, true }, + { 363683, true }, + { 363710, true }, + { 363723, true }, + { 363736, true }, + { 363750, true }, + { 363759, true }, + { 363771, true }, + { 363785, true }, + { 363797, true }, + { 363812, true }, + { 363831, true }, + { 363846, true }, + { 363864, true }, + { 363879, true }, + { 363891, true }, + { 363910, true }, + { 363925, true }, + { 363942, true }, + { 363959, true }, + { 363972, true }, + { 363991, true }, + { 364002, true }, + { 364020, true }, + { 364043, true }, + { 364061, true }, + { 364080, true }, + { 364088, true }, + { 364095, true }, + { 364112, true }, + { 364126, true }, + { 364132, true }, + { 364150, true }, + { 364159, true }, + { 364167, true }, + { 364175, true }, + { 364192, true }, + { 364210, true }, + { 364225, true }, + { 364234, false }, + { 364254, true }, + { 364271, true }, + { 364288, true }, + { 364302, true }, + { 364319, true }, + { 364333, true }, + { 364354, true }, + { 364366, true }, + { 364385, true }, + { 364404, true }, + { 364419, true }, + { 364440, true }, + { 364457, true }, + { 364475, true }, + { 364489, true }, + { 364500, false }, + { 364517, true }, + { 364535, true }, + { 364553, true }, + { 364574, true }, + { 364593, true }, + { 364611, true }, + { 364629, true }, + { 364647, true }, + { 364665, true }, + { 364683, true }, + { 364701, true }, + { 364719, true }, + { 364737, true }, + { 364756, true }, + { 364773, true }, + { 364792, false }, + { 364803, true }, + { 364822, true }, + { 364839, true }, + { 364862, true }, + { 364878, true }, + { 364897, true }, + { 364923, true }, + { 364934, true }, + { 364949, true }, + { 364969, true }, + { 364989, true }, + { 365008, true }, + { 365028, true }, + { 365049, true }, + { 365066, true }, + { 365085, true }, + { 365103, true }, + { 365121, true }, + { 365129, true }, + { 365138, true }, + { 365151, true }, + { 365168, true }, + { 365181, true }, + { 365188, true }, + { 365195, true }, + { 365209, true }, + { 365220, true }, + { 365232, true }, + { 365242, true }, + { 365253, false }, + { 365273, true }, + { 365283, true }, + { 365291, true }, + { 365302, true }, + { 365313, true }, + { 365324, true }, + { 365335, true }, + { 365354, true }, + { 365367, true }, + { 365379, true }, + { 365396, true }, + { 365414, true }, + { 365429, true }, + { 365452, true }, + { 365466, true }, + { 365483, true }, + { 365500, true }, + { 365515, true }, + { 365526, true }, + { 365541, true }, + { 365556, true }, + { 365568, true }, + { 365580, true }, + { 365593, true }, + { 365604, true }, + { 365622, true }, + { 365635, true }, + { 365661, true }, + { 365690, true }, + { 365702, true }, + { 365715, false }, + { 365735, true }, + { 365750, true }, + { 365771, true }, + { 365789, false }, + { 365805, true }, + { 365821, true }, + { 365847, true }, + { 365863, true }, + { 365878, true }, + { 365896, true }, + { 365912, true }, + { 365929, true }, + { 365941, true }, + { 365955, true }, + { 365973, true }, + { 365994, true }, + { 366009, true }, + { 366029, true }, + { 366043, true }, + { 366061, true }, + { 366077, true }, + { 366096, true }, + { 366116, true }, + { 366137, true }, + { 366154, true }, + { 366171, true }, + { 366191, true }, + { 366210, false }, + { 366227, true }, + { 366242, true }, + { 366259, true }, + { 366279, true }, + { 366297, false }, + { 366315, true }, + { 366334, true }, + { 366353, true }, + { 366369, true }, + { 366389, true }, + { 366410, true }, + { 366437, true }, + { 366453, true }, + { 366467, true }, + { 366479, true }, + { 366490, true }, + { 366501, true }, + { 366518, true }, + { 366529, true }, + { 366540, true }, + { 366554, true }, + { 366565, true }, + { 366585, true }, + { 366596, true }, + { 366605, true }, + { 366617, true }, + { 366632, true }, + { 366651, true }, + { 366664, true }, + { 366684, true }, + { 366700, true }, + { 366709, true }, + { 366725, true }, + { 366735, true }, + { 366748, true }, + { 366761, false }, + { 366782, true }, + { 366799, true }, + { 366819, true }, + { 366833, true }, + { 366842, true }, + { 366855, true }, + { 366872, true }, + { 366890, true }, + { 366909, true }, + { 366927, true }, + { 366944, true }, + { 366957, true }, + { 366971, true }, + { 366994, true }, + { 367018, true }, + { 367031, true }, + { 367043, true }, + { 367060, true }, + { 367075, true }, + { 367085, true }, + { 367102, true }, + { 367118, true }, + { 367126, true }, + { 367145, true }, + { 367162, true }, + { 367178, true }, + { 367190, true }, + { 367201, true }, + { 367217, true }, + { 367230, true }, + { 367244, true }, + { 367264, true }, + { 367278, true }, + { 367291, true }, + { 367302, true }, + { 367316, true }, + { 367329, true }, + { 367341, true }, + { 367363, true }, + { 367379, true }, + { 367394, true }, + { 367410, true }, + { 367424, true }, + { 367436, true }, + { 367449, true }, + { 367458, true }, + { 367471, true }, + { 367488, true }, + { 367500, true }, + { 367512, true }, + { 367524, true }, + { 367543, true }, + { 367552, true }, + { 367564, true }, + { 367579, true }, + { 367591, true }, + { 367608, true }, + { 367620, true }, + { 367630, true }, + { 367646, true }, + { 367662, true }, + { 367683, true }, + { 367699, true }, + { 367717, true }, + { 367733, true }, + { 367749, true }, + { 367764, true }, + { 367776, true }, + { 367791, true }, + { 367804, true }, + { 367823, true }, + { 367833, true }, + { 367848, true }, + { 367864, true }, + { 367876, true }, + { 367888, true }, + { 367902, true }, + { 367917, true }, + { 367928, true }, + { 367935, true }, + { 367952, true }, + { 367967, true }, + { 367983, true }, + { 367994, true }, + { 368011, true }, + { 368022, true }, + { 368033, true }, + { 368044, true }, + { 368055, true }, + { 368066, true }, + { 368074, true }, + { 368089, true }, + { 368102, true }, + { 368113, true }, + { 368126, true }, + { 368144, true }, + { 368161, true }, + { 368171, true }, + { 368184, true }, + { 368197, true }, + { 368209, true }, + { 368226, true }, + { 368241, true }, + { 368255, true }, + { 368264, true }, + { 368279, true }, + { 368293, true }, + { 368301, true }, + { 368314, true }, + { 368327, true }, + { 368341, true }, + { 368353, true }, + { 368366, true }, + { 368374, true }, + { 368391, true }, + { 368410, true }, + { 368428, true }, + { 368445, true }, + { 368455, true }, + { 368471, true }, + { 368488, true }, + { 368508, true }, + { 368520, true }, + { 368534, true }, + { 368551, true }, + { 368568, true }, + { 368583, true }, + { 368597, true }, + { 368620, true }, + { 368635, true }, + { 368649, true }, + { 368667, true }, + { 368683, true }, + { 368699, true }, + { 368713, true }, + { 368729, true }, + { 368752, true }, + { 368766, true }, + { 368776, true }, + { 368793, true }, + { 368806, true }, + { 368817, true }, + { 368831, true }, + { 368845, false }, + { 368863, true }, + { 368881, true }, + { 368896, true }, + { 368913, true }, + { 368928, true }, + { 368945, true }, + { 368971, true }, + { 368983, true }, + { 368998, true }, + { 369013, true }, + { 369031, true }, + { 369047, true }, + { 369060, false }, + { 369073, true }, + { 369082, true }, + { 369093, true }, + { 369108, true }, + { 369118, true }, + { 369133, true }, + { 369147, true }, + { 369163, true }, + { 369174, true }, + { 369186, true }, + { 369208, true }, + { 369221, true }, + { 369232, true }, + { 369247, true }, + { 369264, true }, + { 369279, true }, + { 369290, true }, + { 369318, true }, + { 369335, true }, + { 369360, true }, + { 369391, true }, + { 369402, true }, + { 369412, true }, + { 369423, true }, + { 369440, true }, + { 369458, true }, + { 369470, true }, + { 369488, true }, + { 369499, true }, + { 369512, true }, + { 369524, true }, + { 369544, true }, + { 369555, true }, + { 369569, true }, + { 369589, true }, + { 369607, true }, + { 369623, true }, + { 369635, true }, + { 369649, true }, + { 369661, true }, + { 369669, true }, + { 369677, true }, + { 369690, true }, + { 369700, true }, + { 369716, true }, + { 369725, true }, + { 369743, true }, + { 369757, true }, + { 369768, true }, + { 369786, true }, + { 369797, true }, + { 369811, false }, + { 369831, true }, + { 369838, true }, + { 369858, true }, + { 369873, true }, + { 369888, true }, + { 369903, true }, + { 369919, true }, + { 369927, true }, + { 369944, false }, + { 369958, true }, + { 369967, true }, + { 369976, true }, + { 369996, true }, + { 370008, true }, + { 370028, true }, + { 370048, true }, + { 370061, true }, + { 370075, true }, + { 370090, true }, + { 370108, true }, + { 370128, true }, + { 370143, true }, + { 370159, true }, + { 370178, true }, + { 370197, true }, + { 370212, true }, + { 370233, true }, + { 370258, true }, + { 370271, true }, + { 370290, true }, + { 370306, true }, + { 370317, true }, + { 370327, true }, + { 370343, true }, + { 370357, false }, + { 370372, true }, + { 370385, false }, + { 370413, true }, + { 370432, true }, + { 370444, true }, + { 370457, true }, + { 370470, true }, + { 370480, false }, + { 370488, true }, + { 370498, true }, + { 370513, true }, + { 370531, true }, + { 370550, true }, + { 370562, true }, + { 370575, true }, + { 370588, true }, + { 370603, true }, + { 370621, true }, + { 370635, true }, + { 370648, true }, + { 370665, true }, + { 370680, true }, + { 370694, true }, + { 370714, false }, + { 370731, true }, + { 370752, true }, + { 370770, true }, + { 370784, true }, + { 370798, true }, + { 370819, true }, + { 370840, true }, + { 370860, true }, + { 370880, true }, + { 370895, true }, + { 370920, true }, + { 370929, true }, + { 370940, true }, + { 370951, true }, + { 370964, true }, + { 370974, true }, + { 370991, true }, + { 371007, true }, + { 371015, false }, + { 371030, true }, + { 371045, true }, + { 371071, true }, + { 371088, true }, + { 371101, true }, + { 371115, true }, + { 371130, true }, + { 371141, true }, + { 371158, true }, + { 371190, true }, + { 371207, true }, + { 371219, true }, + { 371244, true }, + { 371280, true }, + { 371292, true }, + { 371311, true }, + { 371324, true }, + { 371334, true }, + { 371348, true }, + { 371363, true }, + { 371376, true }, + { 371393, true }, + { 371415, true }, + { 371437, true }, + { 371455, false }, + { 371468, true }, + { 371480, true }, + { 371493, true }, + { 371511, true }, + { 371519, true }, + { 371527, true }, + { 371542, true }, + { 371549, true }, + { 371566, true }, + { 371582, true }, + { 371598, true }, + { 371617, true }, + { 371637, true }, + { 371654, true }, + { 371669, true }, + { 371686, true }, + { 371696, true }, + { 371710, true }, + { 371721, true }, + { 371735, true }, + { 371749, true }, + { 371763, true }, + { 371773, true }, + { 371782, true }, + { 371794, true }, + { 371807, true }, + { 371821, true }, + { 371837, false }, + { 371855, true }, + { 371873, true }, + { 371894, true }, + { 371908, true }, + { 371920, true }, + { 371932, true }, + { 371943, true }, + { 371956, true }, + { 371970, true }, + { 371984, true }, + { 372004, true }, + { 372016, true }, + { 372031, true }, + { 372045, true }, + { 372057, true }, + { 372070, true }, + { 372087, true }, + { 372107, true }, + { 372126, true }, + { 372139, true }, + { 372159, true }, + { 372170, true }, + { 372177, true }, + { 372191, true }, + { 372212, true }, + { 372221, true }, + { 372245, true }, + { 372255, true }, + { 372268, true }, + { 372293, true }, + { 372305, true }, + { 372314, true }, + { 372326, true }, + { 372348, true }, + { 372359, true }, + { 372370, true }, + { 372384, true }, + { 372403, true }, + { 372420, true }, + { 372438, true }, + { 372453, true }, + { 372468, true }, + { 372483, true }, + { 372503, true }, + { 372520, true }, + { 372533, true }, + { 372547, true }, + { 372558, true }, + { 372572, true }, + { 372582, true }, + { 372594, true }, + { 372615, true }, + { 372626, true }, + { 372649, true }, + { 372663, true }, + { 372677, true }, + { 372695, true }, + { 372705, true }, + { 372717, true }, + { 372732, true }, + { 372753, false }, + { 372769, true }, + { 372782, true }, + { 372804, true }, + { 372814, true }, + { 372826, true }, + { 372838, true }, + { 372852, false }, + { 372862, true }, + { 372881, true }, + { 372895, true }, + { 372904, true }, + { 372916, true }, + { 372927, true }, + { 372939, true }, + { 372950, true }, + { 372959, true }, + { 372972, true }, + { 372991, true }, + { 373000, true }, + { 373014, true }, + { 373020, true }, + { 373032, true }, + { 373045, true }, + { 373058, true }, + { 373068, true }, + { 373083, true }, + { 373109, true }, + { 373132, true }, + { 373149, true }, + { 373159, true }, + { 373173, true }, + { 373186, true }, + { 373202, true }, + { 373218, true }, + { 373239, true }, + { 373260, true }, + { 373279, true }, + { 373289, true }, + { 373301, true }, + { 373313, true }, + { 373327, true }, + { 373337, true }, + { 373360, true }, + { 373368, true }, + { 373389, true }, + { 373401, true }, + { 373416, true }, + { 373430, true }, + { 373439, true }, + { 373451, true }, + { 373474, true }, + { 373487, true }, + { 373497, true }, + { 373511, true }, + { 373535, true }, + { 373549, true }, + { 373557, true }, + { 373578, true }, + { 373590, true }, + { 373601, true }, + { 373618, true }, + { 373638, true }, + { 373660, true }, + { 373679, true }, + { 373690, false }, + { 373718, false }, + { 373730, true }, + { 373742, true }, + { 373753, true }, + { 373774, true }, + { 373790, true }, + { 373806, true }, + { 373817, true }, + { 373827, true }, + { 373840, true }, + { 373853, true }, + { 373865, true }, + { 373884, false }, + { 373900, true }, + { 373915, true }, + { 373930, true }, + { 373945, true }, + { 373961, true }, + { 373978, true }, + { 373995, true }, + { 374010, true }, + { 374033, true }, + { 374043, true }, + { 374051, true }, + { 374070, true }, + { 374084, true }, + { 374105, true }, + { 374125, true }, + { 374143, true }, + { 374161, true }, + { 374179, true }, + { 374197, true }, + { 374215, true }, + { 374233, true }, + { 374251, true }, + { 374272, true }, + { 374293, true }, + { 374314, true }, + { 374335, true }, + { 374354, true }, + { 374376, true }, + { 374398, true }, + { 374420, true }, + { 374438, true }, + { 374456, true }, + { 374474, true }, + { 374492, true }, + { 374510, true }, + { 374528, true }, + { 374546, true }, + { 374564, true }, + { 374582, true }, + { 374600, true }, + { 374618, true }, + { 374636, true }, + { 374654, true }, + { 374672, true }, + { 374690, true }, + { 374708, true }, + { 374726, true }, + { 374744, true }, + { 374762, true }, + { 374780, true }, + { 374798, true }, + { 374816, true }, + { 374834, true }, + { 374852, true }, + { 374870, true }, + { 374888, true }, + { 374906, true }, + { 374924, true }, + { 374942, true }, + { 374960, true }, + { 374978, true }, + { 374996, true }, + { 375014, true }, + { 375032, true }, + { 375050, true }, + { 375068, true }, + { 375086, true }, + { 375104, true }, + { 375122, true }, + { 375140, true }, + { 375158, true }, + { 375176, true }, + { 375194, true }, + { 375212, true }, + { 375230, true }, + { 375246, true }, + { 375261, true }, + { 375278, true }, + { 375292, true }, + { 375314, true }, + { 375326, true }, + { 375341, true }, + { 375361, true }, + { 375374, true }, + { 375383, true }, + { 375395, false }, + { 375409, true }, + { 375425, true }, + { 375436, true }, + { 375447, true }, + { 375472, true }, + { 375483, true }, + { 375493, true }, + { 375514, true }, + { 375532, true }, + { 375549, true }, + { 375558, true }, + { 375577, true }, + { 375591, true }, + { 375613, true }, + { 375627, true }, + { 375645, true }, + { 375662, true }, + { 375681, true }, + { 375699, true }, + { 375720, true }, + { 375739, true }, + { 375753, true }, + { 375769, true }, + { 375781, true }, + { 375796, true }, + { 375811, true }, + { 375826, true }, + { 375842, true }, + { 375860, true }, + { 375871, true }, + { 375881, true }, + { 375891, true }, + { 375902, true }, + { 375914, true }, + { 375925, false }, + { 375936, true }, + { 375955, true }, + { 375974, true }, + { 375998, true }, + { 376014, true }, + { 376032, true }, + { 376050, true }, + { 376063, true }, + { 376077, true }, + { 376093, true }, + { 376104, true }, + { 376122, true }, + { 376139, true }, + { 376160, true }, + { 376172, true }, + { 376197, true }, + { 376212, true }, + { 376230, true }, + { 376245, true }, + { 376265, true }, + { 376280, true }, + { 376297, true }, + { 376308, true }, + { 376318, true }, + { 376332, true }, + { 376344, true }, + { 376359, true }, + { 376368, true }, + { 376390, true }, + { 376400, true }, + { 376417, true }, + { 376435, true }, + { 376448, true }, + { 376459, false }, + { 376472, true }, + { 376490, true }, + { 376508, true }, + { 376520, true }, + { 376530, true }, + { 376545, true }, + { 376568, true }, + { 376591, true }, + { 376609, true }, + { 376624, false }, + { 376637, true }, + { 376648, true }, + { 376660, true }, + { 376679, true }, + { 376692, true }, + { 376704, true }, + { 376721, true }, + { 376741, true }, + { 376764, true }, + { 376783, true }, + { 376794, true }, + { 376808, true }, + { 376822, true }, + { 376841, true }, + { 376863, true }, + { 376872, true }, + { 376884, true }, + { 376911, true }, + { 376930, true }, + { 376944, true }, + { 376957, true }, + { 376972, true }, + { 376986, true }, + { 376996, true }, + { 377010, true }, + { 377023, true }, + { 377033, true }, + { 377053, true }, + { 377076, false }, + { 377089, true }, + { 377107, true }, + { 377133, true }, + { 377141, true }, + { 377152, true }, + { 377159, true }, + { 377167, true }, + { 377184, true }, + { 377199, true }, + { 377212, true }, + { 377227, true }, + { 377244, true }, + { 377261, true }, + { 377272, false }, + { 377281, true }, + { 377294, true }, + { 377313, true }, + { 377330, true }, + { 377345, true }, + { 377365, true }, + { 377372, true }, + { 377383, true }, + { 377399, true }, + { 377410, true }, + { 377418, true }, + { 377428, true }, + { 377443, true }, + { 377454, true }, + { 377464, true }, + { 377474, true }, + { 377485, true }, + { 377510, true }, + { 377522, true }, + { 377539, true }, + { 377548, true }, + { 377558, true }, + { 377568, true }, + { 377580, true }, + { 377589, true }, + { 377609, true }, + { 377626, true }, + { 377645, true }, + { 377658, true }, + { 377668, false }, + { 377677, true }, + { 377693, true }, + { 377706, true }, + { 377725, true }, + { 377734, true }, + { 377752, true }, + { 377768, true }, + { 377781, true }, + { 377801, true }, + { 377814, true }, + { 377827, true }, + { 377838, true }, + { 377851, true }, + { 377868, true }, + { 377877, true }, + { 377889, true }, + { 377902, true }, + { 377916, true }, + { 377929, true }, + { 377939, true }, + { 377953, true }, + { 377976, true }, + { 378000, true }, + { 378008, true }, + { 378024, true }, + { 378039, true }, + { 378050, true }, + { 378069, true }, + { 378084, true }, + { 378099, true }, + { 378108, true }, + { 378118, true }, + { 378132, true }, + { 378148, true }, + { 378160, true }, + { 378183, false }, + { 378197, true }, + { 378206, true }, + { 378214, true }, + { 378223, true }, + { 378237, true }, + { 378247, false }, + { 378263, true }, + { 378276, true }, + { 378292, true }, + { 378306, true }, + { 378320, true }, + { 378337, false }, + { 378355, true }, + { 378368, true }, + { 378392, true }, + { 378409, true }, + { 378428, true }, + { 378442, true }, + { 378455, true }, + { 378468, true }, + { 378489, true }, + { 378500, true }, + { 378510, true }, + { 378523, true }, + { 378537, true }, + { 378547, true }, + { 378570, true }, + { 378582, true }, + { 378594, true }, + { 378610, true }, + { 378617, true }, + { 378633, true }, + { 378643, false }, + { 378653, true }, + { 378666, true }, + { 378681, true }, + { 378691, true }, + { 378700, true }, + { 378716, true }, + { 378728, true }, + { 378742, true }, + { 378756, true }, + { 378768, true }, + { 378779, true }, + { 378792, true }, + { 378804, true }, + { 378815, true }, + { 378829, true }, + { 378847, true }, + { 378863, true }, + { 378872, true }, + { 378892, true }, + { 378904, true }, + { 378920, true }, + { 378933, true }, + { 378943, true }, + { 378953, true }, + { 378967, true }, + { 378979, true }, + { 378992, true }, + { 379009, true }, + { 379024, true }, + { 379036, true }, + { 379044, true }, + { 379056, true }, + { 379073, true }, + { 379087, true }, + { 379102, true }, + { 379113, true }, + { 379133, true }, + { 379147, true }, + { 379156, true }, + { 379171, true }, + { 379187, true }, + { 379199, true }, + { 379212, true }, + { 379225, true }, + { 379239, true }, + { 379254, false }, + { 379266, true }, + { 379279, true }, + { 379292, true }, + { 379303, true }, + { 379317, true }, + { 379340, true }, + { 379350, true }, + { 379359, true }, + { 379371, true }, + { 379385, true }, + { 379401, true }, + { 379413, true }, + { 379430, true }, + { 379438, true }, + { 379450, false }, + { 379468, true }, + { 379476, true }, + { 379487, true }, + { 379495, true }, + { 379503, true }, + { 379509, true }, + { 379519, true }, + { 379532, true }, + { 379547, true }, + { 379566, true }, + { 379590, true }, + { 379603, true }, + { 379618, true }, + { 379642, true }, + { 379666, true }, + { 379688, true }, + { 379717, true }, + { 379746, true }, + { 379756, true }, + { 379768, true }, + { 379790, true }, + { 379809, true }, + { 379826, true }, + { 379836, true }, + { 379852, true }, + { 379867, true }, + { 379889, true }, + { 379901, true }, + { 379916, true }, + { 379937, true }, + { 379949, true }, + { 379962, true }, + { 379975, true }, + { 379991, true }, + { 380005, true }, + { 380017, true }, + { 380033, true }, + { 380046, true }, + { 380065, true }, + { 380085, true }, + { 380103, true }, + { 380121, true }, + { 380134, true }, + { 380152, true }, + { 380175, true }, + { 380199, true }, + { 380225, true }, + { 380240, true }, + { 380257, true }, + { 380273, true }, + { 380290, true }, + { 380307, true }, + { 380321, true }, + { 380338, true }, + { 380353, true }, + { 380377, true }, + { 380390, true }, + { 380404, true }, + { 380415, true }, + { 380426, true }, + { 380437, true }, + { 380447, true }, + { 380460, true }, + { 380478, true }, + { 380487, true }, + { 380496, true }, + { 380509, true }, + { 380525, true }, + { 380546, true }, + { 380567, true }, + { 380576, true }, + { 380588, true }, + { 380598, true }, + { 380609, true }, + { 380621, false }, + { 380642, false }, + { 380651, true }, + { 380658, true }, + { 380666, true }, + { 380689, true }, + { 380702, true }, + { 380716, true }, + { 380729, true }, + { 380744, true }, + { 380758, true }, + { 380773, true }, + { 380782, true }, + { 380790, true }, + { 380803, true }, + { 380811, true }, + { 380830, true }, + { 380842, true }, + { 380860, true }, + { 380875, true }, + { 380892, true }, + { 380902, true }, + { 380913, true }, + { 380926, true }, + { 380935, true }, + { 380948, true }, + { 380958, true }, + { 380967, true }, + { 380988, true }, + { 381002, true }, + { 381018, true }, + { 381030, true }, + { 381043, true }, + { 381056, true }, + { 381065, true }, + { 381079, true }, + { 381092, true }, + { 381103, true }, + { 381113, true }, + { 381136, true }, + { 381149, true }, + { 381162, true }, + { 381174, true }, + { 381189, true }, + { 381203, false }, + { 381216, true }, + { 381230, true }, + { 381239, true }, + { 381251, true }, + { 381262, true }, + { 381279, true }, + { 381291, true }, + { 381301, true }, + { 381311, true }, + { 381324, true }, + { 381339, true }, + { 381359, true }, + { 381371, false }, + { 381383, true }, + { 381400, true }, + { 381414, true }, + { 381427, true }, + { 381441, true }, + { 381451, true }, + { 381461, true }, + { 381472, true }, + { 381481, true }, + { 381488, true }, + { 381498, true }, + { 381507, true }, + { 381519, true }, + { 381530, true }, + { 381546, true }, + { 381561, true }, + { 381570, true }, + { 381584, true }, + { 381598, true }, + { 381612, true }, + { 381632, true }, + { 381642, true }, + { 381654, true }, + { 381666, true }, + { 381679, true }, + { 381693, true }, + { 381706, true }, + { 381715, true }, + { 381726, true }, + { 381744, true }, + { 381751, true }, + { 381768, true }, + { 381784, true }, + { 381800, true }, + { 381817, true }, + { 381830, true }, + { 381839, true }, + { 381859, false }, + { 381871, true }, + { 381884, true }, + { 381892, true }, + { 381908, true }, + { 381926, true }, + { 381948, true }, + { 381964, true }, + { 381972, false }, + { 381990, true }, + { 382017, true }, + { 382029, true }, + { 382044, true }, + { 382059, true }, + { 382075, true }, + { 382089, true }, + { 382104, false }, + { 382123, true }, + { 382145, true }, + { 382166, true }, + { 382185, true }, + { 382202, true }, + { 382217, true }, + { 382228, true }, + { 382243, true }, + { 382257, true }, + { 382269, true }, + { 382281, true }, + { 382289, true }, + { 382299, true }, + { 382314, true }, + { 382331, true }, + { 382346, true }, + { 382366, true }, + { 382377, true }, + { 382399, true }, + { 382419, true }, + { 382432, true }, + { 382452, true }, + { 382465, true }, + { 382479, true }, + { 382499, true }, + { 382520, true }, + { 382534, true }, + { 382547, true }, + { 382568, true }, + { 382583, true }, + { 382602, true }, + { 382628, true }, + { 382655, true }, + { 382671, true }, + { 382682, true }, + { 382700, true }, + { 382715, true }, + { 382723, true }, + { 382736, true }, + { 382744, true }, + { 382755, true }, + { 382769, true }, + { 382783, true }, + { 382799, true }, + { 382816, true }, + { 382826, true }, + { 382838, true }, + { 382856, true }, + { 382877, true }, + { 382890, true }, + { 382908, true }, + { 382926, true }, + { 382946, true }, + { 382959, true }, + { 382975, true }, + { 383001, true }, + { 383020, true }, + { 383049, true }, + { 383060, true }, + { 383075, true }, + { 383085, true }, + { 383097, true }, + { 383115, true }, + { 383131, true }, + { 383154, true }, + { 383177, true }, + { 383201, true }, + { 383226, true }, + { 383238, true }, + { 383250, true }, + { 383264, true }, + { 383277, true }, + { 383288, true }, + { 383303, true }, + { 383313, true }, + { 383330, true }, + { 383339, true }, + { 383351, true }, + { 383364, true }, + { 383382, true }, + { 383407, true }, + { 383419, true }, + { 383431, true }, + { 383447, true }, + { 383459, true }, + { 383470, true }, + { 383486, true }, + { 383503, true }, + { 383515, true }, + { 383530, true }, + { 383548, true }, + { 383562, true }, + { 383583, true }, + { 383607, true }, + { 383618, true }, + { 383634, true }, + { 383650, false }, + { 383664, true }, + { 383679, true }, + { 383691, true }, + { 383718, true }, + { 383734, true }, + { 383752, true }, + { 383768, true }, + { 383786, true }, + { 383800, true }, + { 383820, true }, + { 383834, true }, + { 383848, true }, + { 383858, true }, + { 383869, false }, + { 383879, true }, + { 383890, true }, + { 383898, false }, + { 383910, true }, + { 383920, true }, + { 383940, true }, + { 383957, true }, + { 383975, true }, + { 383993, true }, + { 384000, true }, + { 384012, true }, + { 384023, true }, + { 384048, true }, + { 384065, true }, + { 384077, true }, + { 384094, true }, + { 384110, true }, + { 384130, true }, + { 384153, true }, + { 384164, true }, + { 384173, true }, + { 384190, false }, + { 384197, true }, + { 384208, true }, + { 384225, true }, + { 384246, true }, + { 384262, true }, + { 384274, true }, + { 384286, true }, + { 384295, true }, + { 384310, true }, + { 384322, true }, + { 384336, true }, + { 384346, true }, + { 384361, true }, + { 384379, true }, + { 384396, true }, + { 384405, true }, + { 384417, true }, + { 384435, true }, + { 384449, true }, + { 384465, false }, + { 384478, true }, + { 384494, true }, + { 384506, true }, + { 384520, true }, + { 384536, true }, + { 384548, true }, + { 384560, true }, + { 384574, false }, + { 384590, true }, + { 384607, true }, + { 384615, true }, + { 384630, true }, + { 384643, true }, + { 384659, true }, + { 384672, true }, + { 384685, true }, + { 384695, true }, + { 384717, true }, + { 384737, true }, + { 384763, true }, + { 384784, true }, + { 384809, true }, + { 384834, true }, + { 384850, true }, + { 384878, true }, + { 384903, true }, + { 384929, true }, + { 384958, true }, + { 384977, true }, + { 385001, true }, + { 385020, true }, + { 385040, true }, + { 385062, true }, + { 385071, true }, + { 385083, true }, + { 385098, true }, + { 385110, true }, + { 385119, true }, + { 385135, true }, + { 385145, true }, + { 385157, true }, + { 385174, true }, + { 385188, true }, + { 385207, true }, + { 385223, false }, + { 385236, true }, + { 385249, true }, + { 385262, true }, + { 385280, true }, + { 385301, true }, + { 385313, true }, + { 385332, true }, + { 385342, true }, + { 385351, true }, + { 385365, true }, + { 385375, true }, + { 385389, true }, + { 385402, true }, + { 385415, true }, + { 385434, true }, + { 385453, true }, + { 385467, true }, + { 385487, true }, + { 385507, true }, + { 385526, true }, + { 385540, true }, + { 385560, true }, + { 385569, true }, + { 385580, true }, + { 385603, true }, + { 385623, true }, + { 385646, true }, + { 385655, true }, + { 385674, true }, + { 385689, true }, + { 385708, false }, + { 385724, true }, + { 385743, true }, + { 385758, true }, + { 385774, false }, + { 385787, true }, + { 385801, true }, + { 385812, true }, + { 385835, true }, + { 385852, true }, + { 385873, true }, + { 385887, true }, + { 385902, true }, + { 385913, true }, + { 385923, true }, + { 385940, true }, + { 385957, true }, + { 385976, true }, + { 385989, true }, + { 386001, true }, + { 386014, true }, + { 386033, true }, + { 386048, true }, + { 386062, true }, + { 386075, false }, + { 386087, true }, + { 386102, true }, + { 386116, true }, + { 386129, true }, + { 386143, true }, + { 386158, true }, + { 386171, true }, + { 386184, true }, + { 386199, true }, + { 386208, true }, + { 386217, true }, + { 386226, true }, + { 386245, true }, + { 386260, true }, + { 386274, true }, + { 386288, true }, + { 386307, true }, + { 386331, true }, + { 386344, true }, + { 386369, true }, + { 386386, true }, + { 386402, true }, + { 386419, true }, + { 386436, true }, + { 386463, true }, + { 386478, true }, + { 386494, true }, + { 386506, true }, + { 386524, true }, + { 386543, true }, + { 386556, true }, + { 386569, true }, + { 386589, true }, + { 386600, true }, + { 386614, true }, + { 386629, true }, + { 386641, true }, + { 386650, true }, + { 386658, true }, + { 386667, true }, + { 386685, true }, + { 386701, true }, + { 386717, true }, + { 386729, true }, + { 386743, true }, + { 386757, true }, + { 386772, true }, + { 386784, true }, + { 386797, true }, + { 386812, true }, + { 386832, true }, + { 386849, true }, + { 386866, true }, + { 386883, true }, + { 386895, true }, + { 386911, true }, + { 386926, true }, + { 386942, true }, + { 386957, true }, + { 386972, true }, + { 386997, true }, + { 387011, true }, + { 387030, true }, + { 387055, true }, + { 387070, true }, + { 387081, true }, + { 387100, true }, + { 387115, true }, + { 387136, true }, + { 387160, true }, + { 387177, true }, + { 387189, true }, + { 387199, true }, + { 387212, true }, + { 387226, true }, + { 387248, true }, + { 387270, true }, + { 387292, false }, + { 387302, true }, + { 387313, true }, + { 387322, true }, + { 387343, true }, + { 387362, true }, + { 387391, true }, + { 387416, true }, + { 387441, true }, + { 387470, true }, + { 387486, true }, + { 387495, true }, + { 387507, true }, + { 387523, true }, + { 387533, true }, + { 387545, true }, + { 387561, true }, + { 387575, true }, + { 387589, true }, + { 387603, true }, + { 387620, true }, + { 387633, true }, + { 387644, true }, + { 387659, true }, + { 387672, true }, + { 387688, true }, + { 387705, true }, + { 387715, true }, + { 387724, true }, + { 387738, true }, + { 387756, false }, + { 387770, false }, + { 387781, true }, + { 387794, true }, + { 387814, false }, + { 387827, true }, + { 387837, true }, + { 387856, true }, + { 387866, true }, + { 387881, true }, + { 387894, true }, + { 387904, true }, + { 387913, true }, + { 387925, true }, + { 387947, true }, + { 387969, true }, + { 387980, true }, + { 387993, true }, + { 388007, true }, + { 388018, true }, + { 388029, true }, + { 388039, true }, + { 388051, true }, + { 388058, true }, + { 388066, true }, + { 388074, true }, + { 388081, true }, + { 388087, true }, + { 388093, true }, + { 388099, true }, + { 388108, true }, + { 388117, true }, + { 388125, false }, + { 388133, true }, + { 388142, true }, + { 388151, true }, + { 388159, false }, + { 388169, true }, + { 388181, true }, + { 388197, true }, + { 388211, true }, + { 388221, true }, + { 388229, true }, + { 388248, true }, + { 388255, true }, + { 388266, true }, + { 388291, true }, + { 388298, true }, + { 388311, true }, + { 388325, true }, + { 388335, true }, + { 388345, true }, + { 388356, true }, + { 388375, true }, + { 388387, true }, + { 388402, true }, + { 388413, true }, + { 388425, true }, + { 388435, true }, + { 388447, true }, + { 388460, true }, + { 388468, true }, + { 388481, true }, + { 388493, true }, + { 388503, true }, + { 388515, true }, + { 388525, true }, + { 388538, true }, + { 388557, true }, + { 388574, true }, + { 388589, true }, + { 388616, true }, + { 388627, true }, + { 388641, true }, + { 388656, true }, + { 388672, true }, + { 388694, true }, + { 388708, true }, + { 388727, true }, + { 388739, true }, + { 388752, false }, + { 388765, true }, + { 388784, true }, + { 388794, true }, + { 388809, true }, + { 388838, true }, + { 388861, true }, + { 388874, true }, + { 388895, false }, + { 388922, false }, + { 388938, true }, + { 388948, true }, + { 388964, true }, + { 388979, true }, + { 388995, true }, + { 389013, true }, + { 389032, true }, + { 389046, true }, + { 389066, true }, + { 389075, true }, + { 389094, true }, + { 389107, true }, + { 389120, true }, + { 389137, true }, + { 389148, true }, + { 389166, true }, + { 389187, true }, + { 389204, true }, + { 389217, true }, + { 389236, true }, + { 389254, true }, + { 389277, true }, + { 389299, true }, + { 389313, true }, + { 389331, true }, + { 389355, true }, + { 389373, true }, + { 389389, true }, + { 389403, true }, + { 389415, true }, + { 389431, true }, + { 389452, true }, + { 389466, true }, + { 389496, true }, + { 389506, true }, + { 389526, true }, + { 389539, true }, + { 389548, true }, + { 389559, true }, + { 389569, true }, + { 389582, true }, + { 389616, true }, + { 389630, true }, + { 389642, true }, + { 389655, true }, + { 389679, true }, + { 389695, true }, + { 389708, true }, + { 389722, true }, + { 389738, true }, + { 389753, true }, + { 389783, true }, + { 389795, true }, + { 389809, true }, + { 389824, true }, + { 389836, true }, + { 389853, true }, + { 389869, true }, + { 389887, true }, + { 389904, true }, + { 389924, true }, + { 389937, true }, + { 389952, true }, + { 389967, true }, + { 389977, true }, + { 389988, true }, + { 389997, true }, + { 390024, true }, + { 390050, true }, + { 390069, true }, + { 390102, true }, + { 390136, true }, + { 390170, false }, + { 390187, true }, + { 390199, true }, + { 390223, true }, + { 390244, true }, + { 390261, true }, + { 390274, true }, + { 390298, true }, + { 390311, true }, + { 390325, true }, + { 390333, true }, + { 390345, true }, + { 390357, true }, + { 390368, true }, + { 390378, true }, + { 390395, true }, + { 390414, true }, + { 390428, true }, + { 390437, true }, + { 390455, true }, + { 390465, true }, + { 390474, true }, + { 390494, true }, + { 390508, true }, + { 390521, true }, + { 390537, true }, + { 390552, true }, + { 390566, true }, + { 390582, true }, + { 390598, true }, + { 390610, true }, + { 390621, false }, + { 390641, true }, + { 390650, true }, + { 390661, true }, + { 390673, true }, + { 390691, true }, + { 390703, true }, + { 390718, true }, + { 390734, true }, + { 390754, true }, + { 390769, false }, + { 390784, true }, + { 390803, true }, + { 390814, true }, + { 390829, false }, + { 390846, true }, + { 390864, true }, + { 390877, true }, + { 390889, true }, + { 390914, false }, + { 390937, true }, + { 390962, true }, + { 390978, true }, + { 390989, true }, + { 391008, true }, + { 391025, true }, + { 391042, true }, + { 391050, true }, + { 391078, true }, + { 391091, true }, + { 391102, true }, + { 391121, true }, + { 391136, true }, + { 391147, true }, + { 391169, true }, + { 391186, true }, + { 391209, true }, + { 391227, true }, + { 391248, true }, + { 391263, true }, + { 391286, true }, + { 391306, true }, + { 391327, true }, + { 391349, true }, + { 391370, true }, + { 391391, true }, + { 391408, true }, + { 391422, true }, + { 391439, true }, + { 391456, true }, + { 391475, true }, + { 391490, true }, + { 391505, true }, + { 391525, true }, + { 391538, true }, + { 391551, true }, + { 391564, true }, + { 391584, true }, + { 391594, false }, + { 391608, true }, + { 391625, true }, + { 391637, true }, + { 391657, true }, + { 391674, true }, + { 391684, true }, + { 391695, true }, + { 391717, true }, + { 391740, true }, + { 391751, true }, + { 391766, true }, + { 391782, true }, + { 391799, true }, + { 391812, true }, + { 391827, true }, + { 391848, true }, + { 391866, true }, + { 391880, true }, + { 391891, false }, + { 391905, true }, + { 391921, true }, + { 391939, true }, + { 391955, true }, + { 391967, true }, + { 391999, true }, + { 392017, true }, + { 392029, false }, + { 392041, true }, + { 392053, true }, + { 392063, true }, + { 392080, true }, + { 392117, true }, + { 392136, true }, + { 392150, true }, + { 392167, true }, + { 392179, false }, + { 392200, true }, + { 392223, true }, + { 392238, true }, + { 392254, true }, + { 392268, true }, + { 392278, true }, + { 392289, false }, + { 392301, true }, + { 392318, false }, + { 392333, true }, + { 392346, true }, + { 392360, true }, + { 392368, true }, + { 392380, true }, + { 392391, true }, + { 392403, true }, + { 392420, true }, + { 392437, true }, + { 392454, true }, + { 392483, true }, + { 392496, true }, + { 392512, true }, + { 392525, true }, + { 392533, true }, + { 392551, true }, + { 392570, true }, + { 392581, true }, + { 392597, true }, + { 392613, true }, + { 392643, false }, + { 392651, true }, + { 392665, true }, + { 392678, true }, + { 392694, true }, + { 392707, true }, + { 392722, true }, + { 392735, true }, + { 392749, true }, + { 392767, false }, + { 392778, true }, + { 392797, true }, + { 392813, true }, + { 392829, true }, + { 392844, true }, + { 392863, true }, + { 392883, true }, + { 392896, true }, + { 392909, true }, + { 392919, true }, + { 392938, true }, + { 392963, true }, + { 392980, true }, + { 392994, true }, + { 393020, true }, + { 393035, false }, + { 393046, true }, + { 393061, false }, + { 393072, true }, + { 393082, true }, + { 393099, true }, + { 393112, true }, + { 393124, true }, + { 393145, true }, + { 393164, true }, + { 393177, true }, + { 393192, true }, + { 393205, true }, + { 393218, true }, + { 393238, true }, + { 393257, true }, + { 393279, true }, + { 393291, true }, + { 393311, true }, + { 393328, true }, + { 393338, true }, + { 393362, true }, + { 393380, true }, + { 393395, true }, + { 393410, true }, + { 393423, true }, + { 393436, true }, + { 393451, true }, + { 393466, true }, + { 393481, true }, + { 393495, true }, + { 393509, true }, + { 393533, true }, + { 393557, true }, + { 393573, true }, + { 393594, true }, + { 393610, true }, + { 393631, true }, + { 393653, true }, + { 393664, true }, + { 393680, true }, + { 393696, true }, + { 393709, true }, + { 393719, true }, + { 393732, true }, + { 393750, true }, + { 393774, true }, + { 393789, true }, + { 393803, true }, + { 393816, true }, + { 393835, true }, + { 393849, true }, + { 393867, true }, + { 393881, true }, + { 393892, true }, + { 393906, true }, + { 393914, true }, + { 393931, true }, + { 393943, true }, + { 393957, true }, + { 393973, true }, + { 393986, false }, + { 394003, true }, + { 394014, true }, + { 394031, true }, + { 394043, true }, + { 394054, true }, + { 394069, true }, + { 394083, true }, + { 394092, true }, + { 394109, true }, + { 394121, true }, + { 394130, true }, + { 394142, true }, + { 394162, true }, + { 394179, true }, + { 394196, true }, + { 394216, true }, + { 394234, false }, + { 394248, true }, + { 394265, true }, + { 394291, true }, + { 394309, true }, + { 394319, true }, + { 394334, true }, + { 394351, true }, + { 394369, true }, + { 394385, true }, + { 394407, true }, + { 394429, true }, + { 394457, true }, + { 394472, true }, + { 394494, true }, + { 394510, true }, + { 394526, true }, + { 394545, true }, + { 394563, true }, + { 394579, true }, + { 394596, true }, + { 394613, true }, + { 394636, true }, + { 394651, true }, + { 394662, true }, + { 394673, true }, + { 394688, true }, + { 394711, true }, + { 394729, true }, + { 394741, true }, + { 394756, true }, + { 394774, true }, + { 394784, true }, + { 394797, true }, + { 394807, true }, + { 394818, true }, + { 394833, true }, + { 394842, true }, + { 394855, true }, + { 394877, true }, + { 394887, true }, + { 394900, true }, + { 394914, true }, + { 394938, true }, + { 394951, true }, + { 394965, true }, + { 394978, false }, + { 394987, true }, + { 394997, true }, + { 395010, false }, + { 395022, true }, + { 395033, true }, + { 395052, true }, + { 395069, true }, + { 395079, true }, + { 395090, true }, + { 395103, true }, + { 395117, true }, + { 395127, true }, + { 395137, true }, + { 395148, true }, + { 395163, true }, + { 395172, true }, + { 395183, true }, + { 395193, true }, + { 395214, true }, + { 395225, false }, + { 395238, true }, + { 395254, true }, + { 395266, true }, + { 395280, true }, + { 395291, true }, + { 395305, true }, + { 395317, false }, + { 395328, false }, + { 395339, true }, + { 395359, true }, + { 395373, true }, + { 395396, true }, + { 395428, true }, + { 395450, true }, + { 395458, true }, + { 395468, true }, + { 395495, true }, + { 395514, false }, + { 395526, true }, + { 395539, true }, + { 395561, true }, + { 395569, true }, + { 395584, true }, + { 395601, true }, + { 395617, true }, + { 395630, true }, + { 395639, true }, + { 395657, true }, + { 395674, true }, + { 395691, true }, + { 395705, true }, + { 395716, true }, + { 395729, true }, + { 395743, true }, + { 395756, true }, + { 395765, true }, + { 395776, true }, + { 395787, true }, + { 395797, true }, + { 395809, true }, + { 395820, true }, + { 395837, false }, + { 395846, true }, + { 395869, true }, + { 395887, true }, + { 395900, true }, + { 395915, true }, + { 395930, true }, + { 395946, true }, + { 395962, true }, + { 395984, true }, + { 396000, true }, + { 396010, true }, + { 396023, true }, + { 396039, true }, + { 396047, true }, + { 396060, true }, + { 396075, true }, + { 396095, true }, + { 396106, true }, + { 396116, true }, + { 396130, true }, + { 396147, true }, + { 396176, true }, + { 396195, true }, + { 396211, true }, + { 396229, true }, + { 396257, true }, + { 396285, true }, + { 396314, true }, + { 396345, true }, + { 396378, true }, + { 396404, true }, + { 396425, true }, + { 396444, true }, + { 396462, true }, + { 396481, true }, + { 396498, true }, + { 396514, true }, + { 396527, true }, + { 396539, true }, + { 396553, true }, + { 396564, true }, + { 396584, true }, + { 396596, true }, + { 396610, true }, + { 396634, true }, + { 396657, true }, + { 396685, true }, + { 396696, true }, + { 396718, true }, + { 396734, true }, + { 396746, true }, + { 396764, true }, + { 396778, true }, + { 396792, false }, + { 396813, true }, + { 396828, true }, + { 396848, true }, + { 396865, true }, + { 396876, true }, + { 396886, true }, + { 396904, true }, + { 396914, true }, + { 396923, true }, + { 396934, true }, + { 396949, true }, + { 396961, true }, + { 396980, true }, + { 397006, true }, + { 397019, true }, + { 397032, true }, + { 397046, true }, + { 397063, true }, + { 397082, true }, + { 397096, true }, + { 397113, true }, + { 397131, true }, + { 397146, true }, + { 397167, true }, + { 397188, true }, + { 397200, true }, + { 397213, true }, + { 397221, true }, + { 397235, true }, + { 397249, true }, + { 397263, true }, + { 397277, true }, + { 397297, true }, + { 397320, true }, + { 397340, true }, + { 397373, true }, + { 397385, true }, + { 397398, true }, + { 397409, true }, + { 397435, true }, + { 397445, true }, + { 397461, true }, + { 397473, true }, + { 397484, true }, + { 397506, true }, + { 397527, true }, + { 397551, false }, + { 397571, true }, + { 397587, true }, + { 397597, true }, + { 397609, true }, + { 397624, true }, + { 397637, true }, + { 397651, true }, + { 397668, true }, + { 397681, true }, + { 397695, false }, + { 397703, true }, + { 397722, true }, + { 397737, true }, + { 397751, true }, + { 397766, true }, + { 397783, true }, + { 397805, true }, + { 397815, true }, + { 397831, true }, + { 397844, false }, + { 397858, true }, + { 397875, true }, + { 397884, true }, + { 397902, true }, + { 397911, true }, + { 397929, true }, + { 397939, true }, + { 397954, true }, + { 397967, true }, + { 397977, true }, + { 397991, true }, + { 398007, true }, + { 398020, true }, + { 398038, true }, + { 398053, true }, + { 398068, true }, + { 398085, true }, + { 398098, true }, + { 398107, true }, + { 398118, true }, + { 398134, true }, + { 398149, true }, + { 398162, true }, + { 398173, true }, + { 398186, true }, + { 398199, false }, + { 398210, true }, + { 398226, true }, + { 398238, true }, + { 398252, true }, + { 398273, true }, + { 398284, true }, + { 398301, true }, + { 398315, true }, + { 398330, true }, + { 398341, true }, + { 398352, true }, + { 398368, true }, + { 398386, true }, + { 398398, true }, + { 398414, true }, + { 398425, true }, + { 398446, true }, + { 398467, true }, + { 398490, true }, + { 398509, true }, + { 398522, true }, + { 398542, true }, + { 398562, true }, + { 398582, true }, + { 398603, true }, + { 398614, true }, + { 398629, true }, + { 398645, true }, + { 398660, true }, + { 398671, true }, + { 398701, true }, + { 398715, true }, + { 398726, true }, + { 398737, true }, + { 398746, true }, + { 398754, true }, + { 398767, true }, + { 398787, true }, + { 398798, true }, + { 398815, true }, + { 398829, true }, + { 398840, true }, + { 398853, true }, + { 398865, true }, + { 398875, true }, + { 398885, true }, + { 398895, false }, + { 398909, true }, + { 398920, true }, + { 398930, true }, + { 398942, true }, + { 398959, true }, + { 398977, true }, + { 398987, true }, + { 399004, true }, + { 399013, true }, + { 399021, true }, + { 399043, true }, + { 399059, true }, + { 399082, true }, + { 399095, true }, + { 399110, true }, + { 399120, true }, + { 399133, true }, + { 399154, true }, + { 399165, true }, + { 399179, true }, + { 399190, true }, + { 399201, true }, + { 399216, true }, + { 399232, false }, + { 399243, false }, + { 399258, true }, + { 399273, false }, + { 399292, true }, + { 399304, true }, + { 399317, true }, + { 399334, true }, + { 399360, true }, + { 399371, true }, + { 399381, true }, + { 399392, true }, + { 399412, true }, + { 399434, true }, + { 399448, true }, + { 399462, true }, + { 399476, true }, + { 399483, true }, + { 399495, false }, + { 399507, true }, + { 399520, true }, + { 399533, true }, + { 399543, false }, + { 399553, true }, + { 399564, true }, + { 399576, true }, + { 399586, true }, + { 399597, true }, + { 399609, true }, + { 399619, true }, + { 399629, true }, + { 399641, true }, + { 399654, true }, + { 399665, true }, + { 399680, true }, + { 399697, true }, + { 399710, true }, + { 399727, true }, + { 399744, true }, + { 399759, true }, + { 399772, true }, + { 399781, true }, + { 399788, true }, + { 399807, true }, + { 399818, true }, + { 399837, false }, + { 399848, true }, + { 399860, true }, + { 399877, true }, + { 399894, true }, + { 399908, true }, + { 399921, true }, + { 399932, true }, + { 399951, true }, + { 399963, true }, + { 399974, true }, + { 399987, true }, + { 399998, true }, + { 400015, true }, + { 400032, false }, + { 400047, false }, + { 400056, true }, + { 400065, true }, + { 400085, true }, + { 400108, false }, + { 400121, true }, + { 400128, true }, + { 400135, false }, + { 400142, true }, + { 400152, true }, + { 400166, true }, + { 400175, true }, + { 400185, true }, + { 400203, true }, + { 400213, true }, + { 400235, true }, + { 400256, true }, + { 400267, true }, + { 400285, true }, + { 400305, true }, + { 400319, true }, + { 400333, true }, + { 400349, false }, + { 400369, false }, + { 400381, true }, + { 400393, true }, + { 400408, true }, + { 400420, true }, + { 400437, false }, + { 400451, true }, + { 400463, true }, + { 400482, true }, + { 400492, true }, + { 400516, true }, + { 400529, true }, + { 400537, true }, + { 400556, true }, + { 400579, false }, + { 400593, true }, + { 400610, true }, + { 400626, true }, + { 400642, true }, + { 400651, true }, + { 400661, true }, + { 400677, true }, + { 400688, true }, + { 400703, true }, + { 400716, true }, + { 400731, true }, + { 400739, true }, + { 400754, true }, + { 400768, true }, + { 400784, true }, + { 400805, true }, + { 400815, false }, + { 400830, true }, + { 400844, true }, + { 400865, true }, + { 400885, true }, + { 400902, true }, + { 400911, true }, + { 400931, true }, + { 400942, true }, + { 400950, true }, + { 400964, true }, + { 400974, true }, + { 400991, false }, + { 401001, false }, + { 401015, true }, + { 401029, true }, + { 401041, true }, + { 401051, false }, + { 401064, true }, + { 401080, true }, + { 401089, true }, + { 401111, true }, + { 401124, true }, + { 401140, true }, + { 401161, true }, + { 401175, true }, + { 401188, true }, + { 401207, true }, + { 401217, true }, + { 401226, true }, + { 401235, true }, + { 401245, true }, + { 401260, true }, + { 401274, true }, + { 401287, true }, + { 401297, true }, + { 401326, true }, + { 401338, true }, + { 401350, true }, + { 401371, true }, + { 401392, true }, + { 401406, true }, + { 401422, true }, + { 401439, true }, + { 401450, true }, + { 401471, true }, + { 401485, true }, + { 401505, true }, + { 401517, true }, + { 401531, true }, + { 401545, true }, + { 401555, true }, + { 401569, true }, + { 401582, true }, + { 401596, true }, + { 401606, true }, + { 401619, true }, + { 401630, true }, + { 401641, true }, + { 401657, true }, + { 401676, true }, + { 401693, true }, + { 401707, false }, + { 401722, true }, + { 401732, true }, + { 401747, true }, + { 401758, true }, + { 401780, true }, + { 401789, true }, + { 401799, true }, + { 401823, true }, + { 401842, true }, + { 401865, true }, + { 401875, true }, + { 401903, true }, + { 401935, true }, + { 401950, true }, + { 401962, true }, + { 401971, true }, + { 401986, true }, + { 402000, true }, + { 402016, true }, + { 402030, true }, + { 402043, true }, + { 402055, true }, + { 402069, true }, + { 402087, true }, + { 402099, true }, + { 402113, true }, + { 402135, true }, + { 402146, true }, + { 402158, true }, + { 402171, true }, + { 402185, true }, + { 402202, true }, + { 402220, true }, + { 402237, true }, + { 402255, true }, + { 402275, true }, + { 402296, true }, + { 402315, true }, + { 402328, true }, + { 402342, true }, + { 402357, true }, + { 402373, false }, + { 402390, true }, + { 402412, true }, + { 402427, true }, + { 402440, true }, + { 402452, true }, + { 402462, false }, + { 402474, true }, + { 402483, true }, + { 402495, true }, + { 402507, true }, + { 402517, true }, + { 402540, true }, + { 402550, true }, + { 402562, true }, + { 402579, true }, + { 402585, true }, + { 402601, true }, + { 402611, true }, + { 402621, true }, + { 402629, true }, + { 402645, true }, + { 402655, true }, + { 402666, true }, + { 402680, true }, + { 402700, true }, + { 402711, true }, + { 402723, true }, + { 402742, true }, + { 402762, true }, + { 402772, true }, + { 402793, true }, + { 402802, true }, + { 402821, true }, + { 402849, true }, + { 402863, true }, + { 402877, true }, + { 402896, true }, + { 402918, true }, + { 402940, true }, + { 402962, true }, + { 402980, true }, + { 402997, true }, + { 403013, true }, + { 403035, true }, + { 403046, true }, + { 403062, true }, + { 403075, true }, + { 403091, true }, + { 403104, true }, + { 403120, true }, + { 403132, true }, + { 403144, true }, + { 403157, true }, + { 403169, true }, + { 403184, true }, + { 403199, true }, + { 403213, true }, + { 403231, true }, + { 403247, true }, + { 403262, true }, + { 403287, true }, + { 403307, true }, + { 403326, true }, + { 403345, true }, + { 403361, true }, + { 403374, true }, + { 403389, true }, + { 403404, true }, + { 403420, true }, + { 403432, true }, + { 403449, true }, + { 403468, true }, + { 403483, true }, + { 403494, true }, + { 403510, true }, + { 403527, true }, + { 403540, true }, + { 403557, true }, + { 403572, true }, + { 403589, true }, + { 403608, true }, + { 403621, true }, + { 403637, true }, + { 403651, true }, + { 403668, true }, + { 403679, true }, + { 403692, true }, + { 403704, true }, + { 403718, false }, + { 403734, true }, + { 403749, false }, + { 403768, false }, + { 403788, false }, + { 403808, true }, + { 403822, true }, + { 403834, true }, + { 403849, true }, + { 403860, true }, + { 403873, true }, + { 403891, true }, + { 403904, true }, + { 403916, true }, + { 403927, true }, + { 403943, true }, + { 403958, false }, + { 403975, true }, + { 403989, true }, + { 404011, true }, + { 404031, true }, + { 404053, true }, + { 404069, true }, + { 404084, true }, + { 404103, true }, + { 404129, true }, + { 404146, true }, + { 404163, true }, + { 404184, true }, + { 404201, true }, + { 404219, true }, + { 404237, true }, + { 404248, true }, + { 404264, true }, + { 404285, true }, + { 404299, true }, + { 404314, true }, + { 404327, true }, + { 404340, true }, + { 404353, true }, + { 404366, true }, + { 404380, true }, + { 404393, true }, + { 404406, true }, + { 404424, true }, + { 404437, true }, + { 404450, true }, + { 404459, true }, + { 404468, true }, + { 404485, true }, + { 404508, true }, + { 404523, true }, + { 404533, true }, + { 404541, true }, + { 404550, true }, + { 404568, true }, + { 404581, true }, + { 404591, true }, + { 404612, true }, + { 404624, true }, + { 404638, true }, + { 404647, true }, + { 404656, true }, + { 404669, true }, + { 404685, true }, + { 404704, true }, + { 404718, true }, + { 404739, true }, + { 404748, true }, + { 404767, true }, + { 404780, true }, + { 404794, false }, + { 404809, true }, + { 404827, true }, + { 404843, true }, + { 404857, true }, + { 404868, true }, + { 404886, true }, + { 404896, true }, + { 404909, true }, + { 404929, true }, + { 404941, true }, + { 404953, true }, + { 404968, true }, + { 404987, true }, + { 405003, true }, + { 405017, true }, + { 405037, false }, + { 405052, true }, + { 405080, true }, + { 405103, true }, + { 405122, true }, + { 405135, true }, + { 405150, true }, + { 405164, true }, + { 405184, true }, + { 405206, true }, + { 405236, true }, + { 405258, false }, + { 405281, true }, + { 405297, true }, + { 405309, true }, + { 405321, true }, + { 405332, true }, + { 405347, true }, + { 405356, true }, + { 405376, true }, + { 405389, true }, + { 405396, true }, + { 405410, true }, + { 405418, true }, + { 405432, true }, + { 405451, true }, + { 405472, false }, + { 405488, true }, + { 405506, true }, + { 405521, true }, + { 405533, true }, + { 405543, true }, + { 405563, true }, + { 405580, true }, + { 405593, true }, + { 405604, true }, + { 405616, true }, + { 405631, true }, + { 405643, true }, + { 405659, true }, + { 405678, true }, + { 405691, true }, + { 405703, true }, + { 405724, true }, + { 405732, true }, + { 405742, true }, + { 405759, false }, + { 405782, true }, + { 405805, true }, + { 405814, true }, + { 405824, true }, + { 405837, true }, + { 405847, true }, + { 405858, true }, + { 405873, true }, + { 405886, true }, + { 405905, true }, + { 405916, true }, + { 405937, true }, + { 405952, true }, + { 405975, true }, + { 405993, true }, + { 406010, false }, + { 406020, false }, + { 406034, true }, + { 406054, true }, + { 406069, true }, + { 406082, true }, + { 406102, true }, + { 406118, true }, + { 406133, true }, + { 406147, true }, + { 406163, false }, + { 406186, true }, + { 406199, true }, + { 406211, true }, + { 406230, true }, + { 406241, true }, + { 406249, true }, + { 406260, true }, + { 406278, true }, + { 406303, true }, + { 406316, true }, + { 406330, true }, + { 406344, true }, + { 406354, true }, + { 406364, true }, + { 406372, true }, + { 406386, true }, + { 406400, true }, + { 406414, true }, + { 406427, true }, + { 406440, true }, + { 406454, true }, + { 406465, false }, + { 406480, false }, + { 406493, true }, + { 406507, true }, + { 406532, true }, + { 406549, true }, + { 406563, true }, + { 406575, true }, + { 406593, true }, + { 406605, true }, + { 406625, true }, + { 406639, true }, + { 406649, true }, + { 406669, true }, + { 406681, true }, + { 406697, true }, + { 406727, true }, + { 406744, true }, + { 406772, true }, + { 406796, true }, + { 406824, true }, + { 406834, true }, + { 406849, true }, + { 406864, true }, + { 406878, true }, + { 406893, true }, + { 406906, true }, + { 406919, true }, + { 406933, true }, + { 406948, true }, + { 406963, true }, + { 406972, true }, + { 406982, true }, + { 406994, true }, + { 407007, true }, + { 407017, true }, + { 407031, true }, + { 407040, true }, + { 407058, true }, + { 407080, true }, + { 407089, true }, + { 407100, true }, + { 407111, true }, + { 407122, true }, + { 407129, true }, + { 407144, true }, + { 407162, true }, + { 407180, true }, + { 407191, true }, + { 407201, true }, + { 407213, true }, + { 407226, true }, + { 407234, true }, + { 407242, true }, + { 407250, true }, + { 407259, true }, + { 407267, false }, + { 407287, true }, + { 407299, true }, + { 407311, true }, + { 407323, false }, + { 407333, true }, + { 407348, true }, + { 407367, true }, + { 407381, true }, + { 407401, true }, + { 407422, true }, + { 407447, true }, + { 407462, true }, + { 407472, true }, + { 407485, true }, + { 407499, true }, + { 407514, true }, + { 407540, true }, + { 407551, true }, + { 407565, true }, + { 407583, true }, + { 407600, true }, + { 407615, true }, + { 407628, true }, + { 407636, true }, + { 407651, false }, + { 407668, false }, + { 407686, true }, + { 407708, true }, + { 407724, true }, + { 407739, true }, + { 407752, true }, + { 407770, true }, + { 407783, true }, + { 407792, true }, + { 407811, true }, + { 407827, true }, + { 407844, true }, + { 407858, true }, + { 407871, true }, + { 407882, true }, + { 407899, true }, + { 407922, true }, + { 407937, true }, + { 407959, true }, + { 407973, true }, + { 407994, true }, + { 408008, true }, + { 408020, true }, + { 408044, true }, + { 408065, true }, + { 408091, true }, + { 408110, true }, + { 408129, true }, + { 408147, true }, + { 408164, true }, + { 408175, true }, + { 408196, true }, + { 408215, true }, + { 408241, true }, + { 408258, true }, + { 408278, true }, + { 408294, true }, + { 408320, true }, + { 408340, true }, + { 408361, true }, + { 408384, true }, + { 408403, true }, + { 408427, true }, + { 408444, true }, + { 408463, true }, + { 408481, true }, + { 408500, true }, + { 408521, true }, + { 408543, true }, + { 408554, true }, + { 408565, true }, + { 408586, true }, + { 408604, true }, + { 408628, true }, + { 408647, true }, + { 408663, true }, + { 408684, true }, + { 408706, false }, + { 408732, true }, + { 408751, true }, + { 408762, true }, + { 408779, true }, + { 408803, true }, + { 408825, true }, + { 408851, true }, + { 408864, true }, + { 408882, true }, + { 408904, true }, + { 408926, true }, + { 408948, true }, + { 408973, true }, + { 408999, true }, + { 409015, true }, + { 409032, true }, + { 409050, true }, + { 409067, true }, + { 409085, true }, + { 409103, true }, + { 409122, true }, + { 409136, true }, + { 409146, true }, + { 409163, true }, + { 409184, true }, + { 409199, true }, + { 409216, true }, + { 409232, true }, + { 409255, true }, + { 409267, true }, + { 409286, true }, + { 409304, true }, + { 409327, true }, + { 409340, true }, + { 409356, true }, + { 409367, true }, + { 409385, true }, + { 409401, true }, + { 409417, true }, + { 409435, true }, + { 409453, true }, + { 409472, true }, + { 409485, true }, + { 409503, true }, + { 409527, true }, + { 409550, true }, + { 409565, true }, + { 409582, true }, + { 409616, true }, + { 409643, true }, + { 409653, true }, + { 409669, true }, + { 409687, true }, + { 409705, true }, + { 409721, true }, + { 409737, true }, + { 409757, true }, + { 409773, true }, + { 409791, true }, + { 409808, true }, + { 409827, true }, + { 409840, true }, + { 409860, true }, + { 409877, true }, + { 409900, true }, + { 409915, true }, + { 409933, true }, + { 409949, true }, + { 409966, true }, + { 409985, true }, + { 409996, true }, + { 410007, true }, + { 410029, true }, + { 410047, true }, + { 410077, true }, + { 410102, true }, + { 410122, true }, + { 410137, true }, + { 410161, true }, + { 410176, true }, + { 410187, true }, + { 410204, true }, + { 410218, true }, + { 410232, true }, + { 410247, true }, + { 410263, true }, + { 410283, true }, + { 410297, true }, + { 410312, true }, + { 410325, true }, + { 410342, true }, + { 410363, true }, + { 410382, true }, + { 410407, true }, + { 410418, true }, + { 410431, true }, + { 410454, true }, + { 410469, true }, + { 410483, true }, + { 410495, true }, + { 410512, true }, + { 410534, true }, + { 410547, true }, + { 410571, true }, + { 410592, true }, + { 410615, true }, + { 410624, true }, + { 410645, true }, + { 410667, true }, + { 410677, true }, + { 410690, true }, + { 410707, true }, + { 410728, true }, + { 410767, true }, + { 410788, true }, + { 410806, true }, + { 410830, true }, + { 410856, true }, + { 410873, true }, + { 410893, true }, + { 410909, true }, + { 410922, true }, + { 410933, true }, + { 410950, true }, + { 410968, true }, + { 410983, true }, + { 410999, true }, + { 411016, true }, + { 411030, true }, + { 411043, true }, + { 411056, true }, + { 411072, true }, + { 411084, true }, + { 411114, true }, + { 411128, true }, + { 411147, true }, + { 411169, false }, + { 411187, true }, + { 411211, true }, + { 411224, true }, + { 411244, true }, + { 411255, true }, + { 411270, true }, + { 411289, true }, + { 411309, true }, + { 411326, false }, + { 411341, true }, + { 411359, true }, + { 411377, true }, + { 411396, true }, + { 411418, true }, + { 411430, true }, + { 411449, true }, + { 411464, true }, + { 411479, true }, + { 411491, true }, + { 411517, true }, + { 411536, true }, + { 411548, true }, + { 411566, true }, + { 411591, true }, + { 411605, true }, + { 411625, true }, + { 411640, true }, + { 411659, true }, + { 411677, true }, + { 411695, true }, + { 411715, true }, + { 411735, false }, + { 411751, true }, + { 411770, true }, + { 411784, true }, + { 411813, false }, + { 411824, true }, + { 411836, true }, + { 411853, true }, + { 411869, true }, + { 411893, true }, + { 411923, true }, + { 411940, true }, + { 411961, true }, + { 411981, true }, + { 411995, true }, + { 412013, true }, + { 412029, true }, + { 412049, true }, + { 412059, true }, + { 412076, false }, + { 412094, true }, + { 412110, true }, + { 412134, true }, + { 412145, true }, + { 412157, true }, + { 412183, true }, + { 412201, true }, + { 412220, true }, + { 412237, true }, + { 412261, true }, + { 412278, true }, + { 412291, true }, + { 412311, true }, + { 412325, true }, + { 412346, true }, + { 412371, true }, + { 412390, true }, + { 412418, true }, + { 412436, true }, + { 412452, true }, + { 412468, true }, + { 412482, true }, + { 412495, true }, + { 412510, true }, + { 412532, true }, + { 412549, false }, + { 412569, true }, + { 412584, true }, + { 412601, false }, + { 412616, true }, + { 412636, true }, + { 412655, true }, + { 412681, true }, + { 412698, true }, + { 412723, true }, + { 412744, true }, + { 412751, true }, + { 412761, true }, + { 412773, true }, + { 412788, true }, + { 412807, true }, + { 412823, true }, + { 412842, true }, + { 412859, true }, + { 412876, true }, + { 412894, true }, + { 412910, true }, + { 412927, false }, + { 412945, true }, + { 412961, true }, + { 412974, true }, + { 412997, true }, + { 413021, true }, + { 413039, true }, + { 413052, true }, + { 413066, true }, + { 413089, true }, + { 413104, true }, + { 413119, true }, + { 413128, true }, + { 413140, true }, + { 413165, true }, + { 413178, true }, + { 413192, true }, + { 413214, true }, + { 413236, true }, + { 413247, true }, + { 413258, true }, + { 413277, true }, + { 413303, true }, + { 413320, true }, + { 413337, true }, + { 413354, true }, + { 413364, true }, + { 413391, true }, + { 413408, true }, + { 413433, true }, + { 413452, true }, + { 413465, true }, + { 413480, true }, + { 413494, true }, + { 413511, true }, + { 413528, true }, + { 413541, true }, + { 413555, true }, + { 413577, true }, + { 413592, true }, + { 413606, true }, + { 413615, true }, + { 413624, true }, + { 413652, true }, + { 413666, true }, + { 413690, true }, + { 413704, true }, + { 413720, true }, + { 413730, true }, + { 413742, false }, + { 413753, true }, + { 413769, true }, + { 413785, true }, + { 413801, true }, + { 413817, true }, + { 413830, true }, + { 413844, true }, + { 413853, true }, + { 413863, true }, + { 413874, true }, + { 413888, true }, + { 413906, true }, + { 413920, true }, + { 413930, true }, + { 413945, true }, + { 413958, true }, + { 413976, true }, + { 413991, true }, + { 414002, true }, + { 414020, true }, + { 414033, true }, + { 414048, true }, + { 414067, true }, + { 414080, true }, + { 414097, true }, + { 414113, true }, + { 414132, true }, + { 414148, true }, + { 414164, true }, + { 414187, true }, + { 414209, true }, + { 414219, true }, + { 414226, true }, + { 414241, true }, + { 414255, true }, + { 414276, true }, + { 414294, true }, + { 414306, true }, + { 414330, true }, + { 414360, true }, + { 414386, true }, + { 414399, true }, + { 414408, true }, + { 414416, true }, + { 414426, true }, + { 414445, true }, + { 414459, true }, + { 414473, true }, + { 414489, true }, + { 414501, true }, + { 414511, true }, + { 414519, true }, + { 414530, true }, + { 414539, true }, + { 414554, true }, + { 414572, true }, + { 414585, true }, + { 414602, true }, + { 414613, true }, + { 414625, true }, + { 414636, true }, + { 414649, true }, + { 414661, true }, + { 414669, true }, + { 414681, true }, + { 414708, true }, + { 414727, true }, + { 414752, true }, + { 414768, true }, + { 414782, true }, + { 414802, true }, + { 414814, true }, + { 414829, true }, + { 414843, true }, + { 414855, true }, + { 414867, true }, + { 414878, true }, + { 414893, true }, + { 414904, true }, + { 414917, true }, + { 414927, true }, + { 414942, true }, + { 414954, true }, + { 414970, true }, + { 414985, true }, + { 415000, true }, + { 415014, true }, + { 415030, true }, + { 415039, true }, + { 415048, true }, + { 415059, true }, + { 415073, true }, + { 415084, false }, + { 415099, true }, + { 415113, true }, + { 415127, true }, + { 415136, true }, + { 415149, true }, + { 415159, true }, + { 415172, true }, + { 415192, true }, + { 415204, false }, + { 415224, true }, + { 415238, true }, + { 415252, true }, + { 415268, true }, + { 415282, true }, + { 415293, true }, + { 415310, true }, + { 415324, true }, + { 415337, true }, + { 415351, true }, + { 415375, true }, + { 415387, true }, + { 415401, true }, + { 415413, true }, + { 415425, true }, + { 415448, true }, + { 415460, true }, + { 415472, true }, + { 415482, true }, + { 415492, true }, + { 415502, true }, + { 415517, true }, + { 415530, true }, + { 415547, true }, + { 415574, true }, + { 415587, true }, + { 415601, true }, + { 415620, true }, + { 415645, true }, + { 415661, true }, + { 415678, true }, + { 415705, true }, + { 415716, true }, + { 415724, true }, + { 415746, true }, + { 415756, true }, + { 415768, true }, + { 415781, true }, + { 415795, true }, + { 415822, false }, + { 415836, true }, + { 415858, true }, + { 415868, true }, + { 415882, true }, + { 415900, true }, + { 415914, true }, + { 415924, true }, + { 415931, true }, + { 415938, true }, + { 415961, true }, + { 415974, true }, + { 415984, true }, + { 415998, true }, + { 416006, true }, + { 416016, true }, + { 416024, true }, + { 416031, true }, + { 416039, true }, + { 416050, true }, + { 416062, true }, + { 416071, true }, + { 416080, true }, + { 416092, true }, + { 416109, true }, + { 416117, true }, + { 416130, true }, + { 416143, true }, + { 416156, true }, + { 416165, true }, + { 416177, true }, + { 416189, true }, + { 416202, true }, + { 416210, true }, + { 416219, true }, + { 416229, true }, + { 416239, true }, + { 416249, true }, + { 416259, true }, + { 416269, true }, + { 416280, true }, + { 416295, true }, + { 416315, true }, + { 416333, true }, + { 416342, true }, + { 416349, true }, + { 416358, true }, + { 416374, true }, + { 416391, true }, + { 416400, true }, + { 416408, true }, + { 416415, true }, + { 416431, true }, + { 416445, true }, + { 416462, true }, + { 416474, true }, + { 416483, true }, + { 416491, false }, + { 416504, true }, + { 416516, true }, + { 416525, true }, + { 416533, false }, + { 416542, true }, + { 416555, true }, + { 416567, true }, + { 416578, true }, + { 416592, true }, + { 416608, true }, + { 416625, true }, + { 416642, true }, + { 416658, true }, + { 416674, true }, + { 416693, true }, + { 416703, true }, + { 416720, true }, + { 416738, true }, + { 416756, true }, + { 416774, true }, + { 416791, true }, + { 416805, true }, + { 416820, true }, + { 416838, true }, + { 416855, true }, + { 416875, true }, + { 416895, true }, + { 416907, true }, + { 416921, true }, + { 416938, true }, + { 416948, true }, + { 416957, true }, + { 416966, true }, + { 416976, true }, + { 416986, true }, + { 416996, true }, + { 417008, true }, + { 417026, true }, + { 417042, true }, + { 417061, true }, + { 417075, true }, + { 417089, true }, + { 417104, true }, + { 417116, true }, + { 417125, true }, + { 417139, true }, + { 417161, true }, + { 417175, true }, + { 417183, true }, + { 417197, true }, + { 417207, true }, + { 417220, true }, + { 417229, true }, + { 417246, true }, + { 417256, true }, + { 417266, true }, + { 417281, true }, + { 417293, true }, + { 417307, true }, + { 417325, true }, + { 417343, true }, + { 417352, true }, + { 417361, true }, + { 417370, true }, + { 417395, true }, + { 417416, true }, + { 417439, true }, + { 417468, true }, + { 417483, true }, + { 417494, true }, + { 417509, true }, + { 417532, true }, + { 417545, true }, + { 417561, true }, + { 417577, true }, + { 417588, true }, + { 417602, true }, + { 417622, true }, + { 417637, true }, + { 417655, true }, + { 417669, true }, + { 417682, true }, + { 417698, true }, + { 417708, true }, + { 417722, true }, + { 417740, true }, + { 417754, true }, + { 417770, true }, + { 417785, true }, + { 417807, true }, + { 417826, true }, + { 417836, true }, + { 417845, true }, + { 417857, true }, + { 417871, true }, + { 417887, true }, + { 417899, true }, + { 417915, true }, + { 417925, true }, + { 417941, true }, + { 417954, true }, + { 417971, true }, + { 417985, true }, + { 418000, true }, + { 418008, true }, + { 418018, true }, + { 418030, true }, + { 418041, true }, + { 418055, true }, + { 418067, true }, + { 418078, true }, + { 418088, true }, + { 418104, true }, + { 418116, false }, + { 418124, true }, + { 418137, true }, + { 418152, true }, + { 418163, true }, + { 418179, true }, + { 418194, true }, + { 418205, true }, + { 418219, true }, + { 418233, true }, + { 418246, true }, + { 418258, true }, + { 418276, true }, + { 418293, false }, + { 418307, true }, + { 418320, true }, + { 418332, true }, + { 418343, true }, + { 418353, true }, + { 418365, true }, + { 418384, true }, + { 418395, true }, + { 418409, true }, + { 418420, true }, + { 418431, true }, + { 418442, true }, + { 418453, true }, + { 418464, true }, + { 418478, true }, + { 418490, true }, + { 418505, true }, + { 418519, true }, + { 418534, true }, + { 418547, true }, + { 418563, true }, + { 418572, true }, + { 418581, true }, + { 418595, true }, + { 418628, true }, + { 418639, true }, + { 418650, true }, + { 418666, false }, + { 418682, true }, + { 418693, true }, + { 418704, true }, + { 418720, true }, + { 418730, true }, + { 418746, true }, + { 418753, true }, + { 418764, false }, + { 418778, true }, + { 418786, true }, + { 418799, true }, + { 418808, true }, + { 418818, true }, + { 418828, true }, + { 418841, true }, + { 418859, true }, + { 418877, true }, + { 418901, true }, + { 418909, true }, + { 418922, true }, + { 418932, true }, + { 418945, false }, + { 418964, true }, + { 418978, true }, + { 419001, true }, + { 419015, true }, + { 419030, true }, + { 419042, true }, + { 419056, true }, + { 419081, true }, + { 419097, true }, + { 419118, true }, + { 419130, true }, + { 419150, true }, + { 419161, true }, + { 419172, true }, + { 419187, true }, + { 419199, true }, + { 419211, true }, + { 419234, false }, + { 419251, true }, + { 419265, true }, + { 419280, true }, + { 419293, true }, + { 419303, true }, + { 419315, true }, + { 419325, true }, + { 419334, true }, + { 419350, true }, + { 419362, true }, + { 419379, true }, + { 419398, true }, + { 419407, true }, + { 419437, false }, + { 419452, true }, + { 419468, false }, + { 419480, true }, + { 419506, true }, + { 419517, true }, + { 419538, true }, + { 419553, true }, + { 419566, true }, + { 419587, true }, + { 419603, true }, + { 419618, true }, + { 419638, true }, + { 419653, true }, + { 419675, true }, + { 419691, true }, + { 419706, true }, + { 419716, true }, + { 419732, true }, + { 419744, true }, + { 419757, true }, + { 419766, true }, + { 419776, true }, + { 419794, true }, + { 419811, true }, + { 419831, true }, + { 419850, true }, + { 419868, true }, + { 419889, true }, + { 419917, true }, + { 419933, true }, + { 419951, true }, + { 419965, true }, + { 419984, true }, + { 420008, true }, + { 420022, false }, + { 420041, true }, + { 420055, true }, + { 420070, true }, + { 420091, true }, + { 420103, true }, + { 420113, true }, + { 420132, true }, + { 420149, true }, + { 420170, true }, + { 420188, true }, + { 420201, true }, + { 420214, true }, + { 420235, true }, + { 420251, true }, + { 420266, true }, + { 420284, true }, + { 420303, true }, + { 420322, true }, + { 420334, true }, + { 420345, true }, + { 420360, true }, + { 420375, true }, + { 420386, true }, + { 420407, true }, + { 420426, true }, + { 420437, true }, + { 420458, true }, + { 420487, true }, + { 420512, true }, + { 420533, true }, + { 420551, true }, + { 420558, true }, + { 420572, true }, + { 420584, true }, + { 420599, true }, + { 420615, true }, + { 420632, true }, + { 420654, true }, + { 420664, true }, + { 420677, true }, + { 420689, true }, + { 420706, true }, + { 420715, true }, + { 420728, true }, + { 420737, false }, + { 420750, true }, + { 420760, false }, + { 420780, true }, + { 420789, true }, + { 420799, true }, + { 420818, true }, + { 420839, true }, + { 420851, true }, + { 420864, true }, + { 420875, true }, + { 420889, true }, + { 420905, true }, + { 420921, true }, + { 420940, true }, + { 420950, true }, + { 420966, true }, + { 420992, true }, + { 421010, true }, + { 421025, true }, + { 421042, true }, + { 421063, true }, + { 421075, true }, + { 421088, true }, + { 421109, true }, + { 421126, true }, + { 421139, true }, + { 421155, true }, + { 421173, true }, + { 421185, true }, + { 421204, true }, + { 421223, true }, + { 421237, true }, + { 421250, true }, + { 421271, false }, + { 421288, true }, + { 421318, true }, + { 421329, false }, + { 421349, true }, + { 421360, true }, + { 421371, true }, + { 421390, true }, + { 421416, true }, + { 421432, true }, + { 421451, true }, + { 421461, true }, + { 421478, true }, + { 421493, true }, + { 421511, true }, + { 421523, true }, + { 421543, true }, + { 421559, true }, + { 421588, true }, + { 421601, true }, + { 421614, true }, + { 421631, true }, + { 421648, true }, + { 421661, true }, + { 421674, true }, + { 421687, true }, + { 421700, true }, + { 421713, true }, + { 421726, true }, + { 421739, true }, + { 421752, true }, + { 421765, true }, + { 421778, true }, + { 421791, true }, + { 421804, true }, + { 421828, true }, + { 421839, true }, + { 421851, true }, + { 421859, true }, + { 421876, true }, + { 421894, true }, + { 421907, true }, + { 421923, true }, + { 421936, true }, + { 421958, true }, + { 421972, true }, + { 421990, true }, + { 422002, true }, + { 422016, true }, + { 422029, true }, + { 422047, true }, + { 422066, true }, + { 422088, true }, + { 422101, true }, + { 422123, true }, + { 422151, true }, + { 422171, true }, + { 422191, true }, + { 422209, true }, + { 422227, true }, + { 422245, true }, + { 422262, true }, + { 422282, true }, + { 422298, true }, + { 422326, true }, + { 422351, true }, + { 422383, true }, + { 422403, true }, + { 422422, true }, + { 422443, true }, + { 422463, true }, + { 422478, true }, + { 422493, true }, + { 422513, true }, + { 422526, true }, + { 422546, true }, + { 422571, true }, + { 422587, true }, + { 422604, true }, + { 422613, true }, + { 422632, true }, + { 422649, true }, + { 422661, true }, + { 422674, true }, + { 422697, true }, + { 422713, true }, + { 422733, true }, + { 422746, true }, + { 422764, true }, + { 422788, true }, + { 422806, true }, + { 422824, true }, + { 422838, true }, + { 422852, true }, + { 422873, true }, + { 422883, true }, + { 422895, true }, + { 422910, true }, + { 422927, true }, + { 422939, true }, + { 422951, true }, + { 422970, true }, + { 422987, true }, + { 423005, true }, + { 423020, true }, + { 423042, true }, + { 423061, true }, + { 423072, true }, + { 423086, true }, + { 423097, true }, + { 423116, false }, + { 423133, true }, + { 423148, true }, + { 423163, true }, + { 423178, true }, + { 423190, true }, + { 423210, true }, + { 423224, true }, + { 423242, true }, + { 423257, true }, + { 423271, true }, + { 423286, true }, + { 423300, true }, + { 423310, true }, + { 423326, true }, + { 423339, true }, + { 423358, true }, + { 423370, true }, + { 423384, true }, + { 423393, true }, + { 423407, true }, + { 423418, true }, + { 423433, true }, + { 423453, true }, + { 423475, true }, + { 423485, true }, + { 423499, true }, + { 423509, true }, + { 423521, true }, + { 423537, true }, + { 423548, true }, + { 423566, true }, + { 423583, true }, + { 423597, true }, + { 423613, true }, + { 423625, false }, + { 423633, true }, + { 423649, true }, + { 423661, true }, + { 423681, true }, + { 423692, true }, + { 423704, true }, + { 423715, true }, + { 423734, true }, + { 423759, true }, + { 423771, true }, + { 423783, true }, + { 423792, true }, + { 423802, true }, + { 423816, true }, + { 423830, true }, + { 423844, true }, + { 423857, true }, + { 423871, true }, + { 423886, true }, + { 423904, true }, + { 423915, true }, + { 423930, true }, + { 423941, true }, + { 423956, true }, + { 423974, true }, + { 423991, true }, + { 424007, true }, + { 424030, true }, + { 424050, true }, + { 424062, true }, + { 424080, true }, + { 424100, true }, + { 424113, true }, + { 424126, true }, + { 424147, true }, + { 424166, true }, + { 424177, true }, + { 424200, true }, + { 424215, true }, + { 424230, true }, + { 424248, true }, + { 424255, true }, + { 424270, true }, + { 424278, true }, + { 424293, false }, + { 424311, false }, + { 424332, true }, + { 424344, true }, + { 424367, true }, + { 424384, true }, + { 424396, true }, + { 424408, true }, + { 424420, true }, + { 424441, true }, + { 424467, true }, + { 424480, true }, + { 424497, true }, + { 424514, true }, + { 424534, true }, + { 424547, true }, + { 424565, true }, + { 424577, true }, + { 424592, true }, + { 424605, true }, + { 424614, true }, + { 424627, true }, + { 424641, true }, + { 424655, true }, + { 424672, true }, + { 424689, true }, + { 424708, true }, + { 424728, true }, + { 424753, true }, + { 424778, true }, + { 424789, true }, + { 424805, true }, + { 424816, true }, + { 424827, true }, + { 424842, true }, + { 424858, true }, + { 424869, true }, + { 424887, true }, + { 424901, true }, + { 424916, true }, + { 424927, true }, + { 424938, true }, + { 424950, true }, + { 424966, true }, + { 424988, true }, + { 425000, true }, + { 425011, true }, + { 425030, true }, + { 425039, true }, + { 425052, true }, + { 425062, true }, + { 425076, true }, + { 425090, true }, + { 425099, true }, + { 425109, true }, + { 425122, true }, + { 425132, true }, + { 425154, true }, + { 425166, true }, + { 425174, true }, + { 425188, true }, + { 425202, true }, + { 425210, true }, + { 425221, true }, + { 425239, true }, + { 425247, true }, + { 425257, true }, + { 425268, true }, + { 425275, true }, + { 425286, true }, + { 425298, true }, + { 425308, true }, + { 425315, true }, + { 425322, true }, + { 425334, true }, + { 425345, true }, + { 425357, true }, + { 425368, true }, + { 425381, true }, + { 425396, true }, + { 425406, true }, + { 425416, true }, + { 425430, true }, + { 425441, true }, + { 425459, true }, + { 425476, true }, + { 425490, true }, + { 425501, true }, + { 425520, false }, + { 425543, true }, + { 425554, true }, + { 425562, true }, + { 425583, true }, + { 425596, true }, + { 425611, true }, + { 425623, true }, + { 425634, true }, + { 425649, true }, + { 425663, true }, + { 425675, true }, + { 425701, true }, + { 425713, true }, + { 425743, false }, + { 425757, true }, + { 425773, true }, + { 425789, true }, + { 425802, true }, + { 425819, true }, + { 425836, true }, + { 425853, true }, + { 425865, true }, + { 425877, true }, + { 425888, true }, + { 425903, true }, + { 425919, true }, + { 425940, true }, + { 425957, true }, + { 425973, true }, + { 425985, true }, + { 425995, true }, + { 426017, true }, + { 426031, true }, + { 426042, true }, + { 426055, true }, + { 426070, true }, + { 426086, true }, + { 426103, true }, + { 426114, true }, + { 426127, true }, + { 426142, true }, + { 426159, true }, + { 426176, true }, + { 426189, true }, + { 426200, false }, + { 426211, true }, + { 426221, true }, + { 426233, true }, + { 426250, true }, + { 426262, true }, + { 426273, true }, + { 426287, false }, + { 426298, false }, + { 426311, true }, + { 426319, true }, + { 426329, true }, + { 426346, true }, + { 426358, true }, + { 426378, true }, + { 426391, true }, + { 426406, true }, + { 426423, false }, + { 426443, true }, + { 426453, true }, + { 426464, true }, + { 426472, false }, + { 426481, true }, + { 426494, true }, + { 426511, true }, + { 426525, true }, + { 426538, true }, + { 426551, true }, + { 426565, true }, + { 426578, true }, + { 426601, true }, + { 426614, true }, + { 426640, true }, + { 426656, true }, + { 426668, true }, + { 426681, true }, + { 426700, true }, + { 426716, true }, + { 426726, true }, + { 426741, false }, + { 426753, true }, + { 426770, true }, + { 426797, true }, + { 426807, true }, + { 426824, true }, + { 426842, true }, + { 426853, true }, + { 426867, true }, + { 426885, true }, + { 426894, true }, + { 426905, true }, + { 426916, true }, + { 426924, true }, + { 426934, true }, + { 426944, true }, + { 426958, true }, + { 426965, true }, + { 426975, true }, + { 426982, true }, + { 426991, true }, + { 427001, true }, + { 427009, true }, + { 427019, true }, + { 427026, true }, + { 427035, true }, + { 427051, true }, + { 427069, true }, + { 427086, true }, + { 427104, true }, + { 427122, true }, + { 427138, true }, + { 427157, true }, + { 427170, true }, + { 427183, true }, + { 427196, true }, + { 427209, true }, + { 427223, true }, + { 427235, true }, + { 427250, true }, + { 427265, true }, + { 427280, true }, + { 427292, true }, + { 427305, true }, + { 427316, true }, + { 427328, true }, + { 427338, true }, + { 427356, true }, + { 427371, true }, + { 427386, true }, + { 427401, true }, + { 427410, true }, + { 427427, true }, + { 427438, true }, + { 427451, true }, + { 427464, true }, + { 427469, true }, + { 427476, true }, + { 427486, true }, + { 427496, true }, + { 427510, true }, + { 427530, true }, + { 427574, true }, + { 427608, false }, + { 427615, true }, + { 427622, false }, + { 427642, true }, + { 427666, true }, + { 427680, false }, + { 427690, true }, + { 427707, true }, + { 427720, false }, + { 427735, true }, + { 427747, true }, + { 427761, true }, + { 427775, true }, + { 427787, true }, + { 427798, true }, + { 427810, true }, + { 427822, true }, + { 427836, true }, + { 427848, true }, + { 427858, false }, + { 427866, true }, + { 427881, true }, + { 427889, true }, + { 427900, true }, + { 427915, true }, + { 427937, true }, + { 427947, true }, + { 427963, true }, + { 427978, true }, + { 427988, true }, + { 428007, true }, + { 428019, false }, + { 428026, true }, + { 428042, true }, + { 428054, true }, + { 428076, true }, + { 428091, true }, + { 428116, true }, + { 428125, true }, + { 428140, true }, + { 428163, true }, + { 428173, true }, + { 428180, true }, + { 428191, true }, + { 428202, true }, + { 428214, true }, + { 428222, true }, + { 428236, true }, + { 428246, true }, + { 428258, true }, + { 428265, true }, + { 428277, true }, + { 428294, true }, + { 428302, true }, + { 428313, true }, + { 428323, true }, + { 428345, true }, + { 428357, true }, + { 428367, false }, + { 428387, false }, + { 428410, true }, + { 428425, true }, + { 428449, true }, + { 428459, true }, + { 428477, true }, + { 428503, true }, + { 428522, true }, + { 428546, true }, + { 428557, true }, + { 428569, true }, + { 428582, true }, + { 428596, true }, + { 428610, true }, + { 428623, true }, + { 428636, true }, + { 428647, true }, + { 428658, true }, + { 428674, true }, + { 428683, true }, + { 428693, false }, + { 428704, true }, + { 428720, true }, + { 428736, true }, + { 428754, true }, + { 428770, true }, + { 428785, true }, + { 428797, true }, + { 428811, true }, + { 428825, true }, + { 428839, true }, + { 428849, true }, + { 428863, true }, + { 428872, true }, + { 428894, true }, + { 428909, true }, + { 428922, true }, + { 428936, true }, + { 428950, true }, + { 428965, true }, + { 428979, true }, + { 428993, true }, + { 429008, true }, + { 429022, true }, + { 429035, true }, + { 429049, true }, + { 429063, true }, + { 429077, true }, + { 429090, true }, + { 429104, true }, + { 429122, true }, + { 429136, true }, + { 429153, true }, + { 429171, true }, + { 429187, true }, + { 429202, true }, + { 429227, true }, + { 429251, true }, + { 429273, true }, + { 429287, false }, + { 429299, true }, + { 429315, true }, + { 429326, true }, + { 429336, false }, + { 429360, true }, + { 429380, false }, + { 429395, true }, + { 429407, true }, + { 429415, true }, + { 429429, true }, + { 429446, true }, + { 429456, true }, + { 429471, true }, + { 429486, true }, + { 429501, true }, + { 429516, true }, + { 429531, true }, + { 429546, true }, + { 429564, true }, + { 429581, true }, + { 429604, true }, + { 429624, true }, + { 429638, true }, + { 429658, true }, + { 429676, true }, + { 429693, true }, + { 429706, true }, + { 429719, true }, + { 429736, true }, + { 429753, false }, + { 429770, true }, + { 429787, true }, + { 429800, true }, + { 429817, true }, + { 429847, true }, + { 429867, true }, + { 429895, true }, + { 429911, true }, + { 429922, true }, + { 429935, true }, + { 429948, true }, + { 429958, true }, + { 429976, true }, + { 429986, true }, + { 430014, true }, + { 430033, true }, + { 430053, true }, + { 430071, true }, + { 430084, true }, + { 430098, true }, + { 430112, true }, + { 430124, true }, + { 430143, false }, + { 430154, true }, + { 430171, true }, + { 430195, true }, + { 430209, true }, + { 430223, true }, + { 430247, true }, + { 430270, true }, + { 430298, true }, + { 430317, true }, + { 430333, true }, + { 430346, true }, + { 430354, true }, + { 430366, true }, + { 430380, false }, + { 430393, true }, + { 430407, true }, + { 430421, true }, + { 430431, true }, + { 430442, true }, + { 430451, false }, + { 430466, true }, + { 430478, true }, + { 430494, true }, + { 430507, true }, + { 430520, true }, + { 430538, true }, + { 430554, true }, + { 430564, true }, + { 430579, true }, + { 430587, true }, + { 430598, true }, + { 430613, true }, + { 430630, true }, + { 430643, true }, + { 430652, true }, + { 430659, true }, + { 430677, true }, + { 430695, true }, + { 430704, true }, + { 430714, true }, + { 430724, true }, + { 430745, true }, + { 430764, true }, + { 430784, true }, + { 430800, true }, + { 430816, true }, + { 430834, true }, + { 430849, true }, + { 430857, true }, + { 430876, true }, + { 430895, true }, + { 430907, true }, + { 430914, true }, + { 430930, true }, + { 430945, true }, + { 430955, true }, + { 430963, true }, + { 430973, true }, + { 430989, true }, + { 431004, true }, + { 431011, true }, + { 431029, true }, + { 431050, true }, + { 431068, true }, + { 431081, true }, + { 431092, true }, + { 431107, true }, + { 431122, true }, + { 431133, false }, + { 431153, true }, + { 431168, true }, + { 431190, true }, + { 431200, true }, + { 431225, true }, + { 431240, true }, + { 431253, true }, + { 431264, true }, + { 431278, true }, + { 431290, true }, + { 431314, true }, + { 431336, true }, + { 431349, true }, + { 431359, true }, + { 431378, true }, + { 431391, true }, + { 431403, true }, + { 431415, true }, + { 431426, true }, + { 431432, true }, + { 431439, true }, + { 431453, true }, + { 431464, true }, + { 431481, true }, + { 431503, true }, + { 431519, true }, + { 431538, true }, + { 431549, true }, + { 431567, true }, + { 431591, true }, + { 431611, true }, + { 431632, true }, + { 431648, true }, + { 431674, true }, + { 431685, true }, + { 431699, true }, + { 431713, true }, + { 431723, true }, + { 431742, true }, + { 431753, true }, + { 431766, true }, + { 431774, true }, + { 431781, true }, + { 431788, true }, + { 431795, true }, + { 431803, true }, + { 431823, true }, + { 431841, true }, + { 431852, true }, + { 431865, true }, + { 431885, true }, + { 431894, true }, + { 431908, true }, + { 431923, true }, + { 431939, false }, + { 431948, true }, + { 431966, true }, + { 431980, true }, + { 431998, true }, + { 432017, true }, + { 432029, true }, + { 432041, true }, + { 432068, false }, + { 432077, true }, + { 432090, true }, + { 432106, true }, + { 432117, true }, + { 432124, true }, + { 432133, true }, + { 432140, true }, + { 432152, true }, + { 432163, true }, + { 432172, true }, + { 432188, true }, + { 432201, true }, + { 432217, true }, + { 432229, true }, + { 432247, true }, + { 432257, true }, + { 432274, true }, + { 432284, true }, + { 432299, true }, + { 432310, true }, + { 432321, true }, + { 432339, true }, + { 432351, true }, + { 432360, true }, + { 432371, true }, + { 432381, true }, + { 432397, true }, + { 432409, true }, + { 432425, true }, + { 432442, true }, + { 432456, true }, + { 432468, true }, + { 432479, true }, + { 432492, true }, + { 432508, true }, + { 432524, true }, + { 432540, true }, + { 432559, true }, + { 432578, true }, + { 432595, true }, + { 432612, true }, + { 432627, true }, + { 432644, true }, + { 432654, true }, + { 432671, true }, + { 432690, true }, + { 432698, true }, + { 432708, true }, + { 432715, true }, + { 432725, true }, + { 432733, true }, + { 432745, true }, + { 432756, true }, + { 432779, true }, + { 432796, true }, + { 432815, false }, + { 432835, false }, + { 432855, true }, + { 432872, true }, + { 432882, true }, + { 432891, true }, + { 432900, true }, + { 432911, true }, + { 432920, true }, + { 432929, true }, + { 432938, true }, + { 432957, true }, + { 432980, true }, + { 432993, true }, + { 433009, true }, + { 433026, true }, + { 433059, true }, + { 433092, true }, + { 433101, true }, + { 433113, true }, + { 433129, true }, + { 433141, true }, + { 433153, true }, + { 433164, true }, + { 433179, true }, + { 433196, true }, + { 433210, true }, + { 433222, true }, + { 433243, true }, + { 433258, true }, + { 433276, true }, + { 433288, true }, + { 433298, true }, + { 433322, true }, + { 433340, true }, + { 433363, true }, + { 433383, true }, + { 433404, true }, + { 433430, true }, + { 433445, true }, + { 433464, true }, + { 433481, true }, + { 433501, true }, + { 433510, true }, + { 433523, true }, + { 433540, true }, + { 433554, true }, + { 433567, true }, + { 433583, true }, + { 433593, true }, + { 433602, true }, + { 433616, true }, + { 433627, true }, + { 433644, true }, + { 433663, true }, + { 433678, true }, + { 433691, true }, + { 433710, true }, + { 433720, true }, + { 433742, true }, + { 433757, true }, + { 433771, true }, + { 433786, true }, + { 433799, true }, + { 433808, true }, + { 433819, true }, + { 433832, true }, + { 433844, true }, + { 433858, true }, + { 433879, false }, + { 433893, false }, + { 433907, true }, + { 433918, true }, + { 433934, true }, + { 433962, true }, + { 433976, true }, + { 433986, true }, + { 434011, true }, + { 434023, true }, + { 434041, true }, + { 434056, true }, + { 434071, true }, + { 434085, true }, + { 434100, true }, + { 434117, true }, + { 434139, true }, + { 434150, true }, + { 434173, true }, + { 434194, false }, + { 434207, true }, + { 434219, true }, + { 434233, true }, + { 434248, true }, + { 434260, true }, + { 434272, true }, + { 434285, true }, + { 434302, true }, + { 434311, true }, + { 434323, true }, + { 434333, false }, + { 434344, true }, + { 434358, true }, + { 434375, true }, + { 434388, true }, + { 434401, true }, + { 434415, true }, + { 434431, true }, + { 434442, false }, + { 434454, true }, + { 434468, true }, + { 434479, true }, + { 434491, true }, + { 434513, true }, + { 434536, true }, + { 434548, true }, + { 434564, true }, + { 434585, true }, + { 434601, true }, + { 434619, true }, + { 434645, true }, + { 434660, true }, + { 434678, true }, + { 434687, false }, + { 434700, true }, + { 434718, true }, + { 434728, true }, + { 434742, true }, + { 434752, true }, + { 434769, true }, + { 434788, true }, + { 434804, true }, + { 434828, true }, + { 434842, true }, + { 434853, true }, + { 434866, true }, + { 434881, true }, + { 434896, true }, + { 434908, true }, + { 434924, true }, + { 434932, true }, + { 434942, true }, + { 434952, true }, + { 434967, true }, + { 434980, true }, + { 434992, true }, + { 435002, true }, + { 435014, true }, + { 435024, true }, + { 435041, true }, + { 435051, true }, + { 435057, true }, + { 435066, true }, + { 435079, true }, + { 435088, true }, + { 435108, true }, + { 435116, false }, + { 435137, true }, + { 435151, true }, + { 435163, true }, + { 435175, true }, + { 435190, true }, + { 435203, true }, + { 435214, true }, + { 435223, true }, + { 435237, true }, + { 435247, true }, + { 435260, true }, + { 435270, true }, + { 435281, true }, + { 435297, true }, + { 435308, false }, + { 435328, true }, + { 435338, true }, + { 435345, false }, + { 435355, true }, + { 435372, true }, + { 435382, true }, + { 435397, true }, + { 435407, true }, + { 435421, true }, + { 435438, true }, + { 435458, true }, + { 435473, true }, + { 435488, true }, + { 435501, true }, + { 435512, true }, + { 435523, true }, + { 435553, true }, + { 435579, true }, + { 435587, true }, + { 435606, true }, + { 435614, true }, + { 435625, true }, + { 435639, true }, + { 435661, true }, + { 435675, true }, + { 435690, true }, + { 435705, true }, + { 435723, true }, + { 435736, true }, + { 435761, true }, + { 435792, true }, + { 435811, true }, + { 435826, true }, + { 435841, true }, + { 435866, true }, + { 435887, true }, + { 435899, true }, + { 435912, true }, + { 435924, true }, + { 435936, true }, + { 435949, true }, + { 435957, true }, + { 435973, true }, + { 435985, true }, + { 436005, true }, + { 436016, true }, + { 436031, true }, + { 436048, true }, + { 436066, true }, + { 436082, true }, + { 436102, true }, + { 436123, true }, + { 436134, true }, + { 436147, true }, + { 436157, true }, + { 436170, true }, + { 436192, true }, + { 436214, true }, + { 436232, true }, + { 436261, true }, + { 436282, true }, + { 436301, true }, + { 436320, true }, + { 436333, true }, + { 436354, true }, + { 436371, true }, + { 436386, true }, + { 436410, true }, + { 436431, true }, + { 436453, true }, + { 436480, true }, + { 436507, true }, + { 436532, true }, + { 436553, true }, + { 436577, true }, + { 436586, true }, + { 436603, true }, + { 436616, true }, + { 436640, true }, + { 436651, true }, + { 436674, true }, + { 436690, true }, + { 436713, true }, + { 436726, true }, + { 436738, true }, + { 436750, true }, + { 436763, true }, + { 436775, true }, + { 436785, true }, + { 436799, true }, + { 436813, true }, + { 436831, true }, + { 436851, true }, + { 436863, true }, + { 436874, true }, + { 436887, true }, + { 436896, true }, + { 436909, true }, + { 436922, true }, + { 436933, true }, + { 436944, true }, + { 436957, true }, + { 436967, true }, + { 436978, true }, + { 436989, true }, + { 437003, true }, + { 437022, true }, + { 437040, true }, + { 437057, true }, + { 437071, true }, + { 437084, true }, + { 437104, true }, + { 437121, true }, + { 437133, false }, + { 437143, true }, + { 437160, true }, + { 437181, true }, + { 437191, true }, + { 437208, true }, + { 437222, true }, + { 437240, true }, + { 437262, true }, + { 437277, true }, + { 437295, true }, + { 437313, true }, + { 437330, true }, + { 437347, true }, + { 437360, true }, + { 437377, true }, + { 437387, true }, + { 437405, true }, + { 437417, true }, + { 437425, true }, + { 437440, false }, + { 437458, false }, + { 437476, false }, + { 437493, true }, + { 437514, true }, + { 437536, true }, + { 437554, true }, + { 437567, true }, + { 437577, true }, + { 437593, true }, + { 437605, true }, + { 437617, true }, + { 437633, true }, + { 437650, true }, + { 437660, false }, + { 437674, false }, + { 437686, true }, + { 437701, true }, + { 437716, true }, + { 437728, true }, + { 437741, true }, + { 437753, true }, + { 437772, true }, + { 437786, true }, + { 437803, true }, + { 437821, true }, + { 437839, false }, + { 437854, true }, + { 437879, true }, + { 437889, true }, + { 437902, true }, + { 437920, true }, + { 437932, true }, + { 437940, true }, + { 437954, true }, + { 437970, true }, + { 437983, true }, + { 438011, true }, + { 438026, true }, + { 438036, true }, + { 438054, true }, + { 438065, true }, + { 438075, true }, + { 438099, true }, + { 438122, true }, + { 438129, true }, + { 438144, true }, + { 438160, true }, + { 438172, true }, + { 438184, true }, + { 438202, true }, + { 438225, true }, + { 438241, true }, + { 438270, true }, + { 438288, true }, + { 438309, true }, + { 438324, true }, + { 438348, true }, + { 438366, true }, + { 438385, true }, + { 438408, true }, + { 438418, true }, + { 438437, true }, + { 438446, true }, + { 438457, true }, + { 438465, true }, + { 438475, true }, + { 438486, true }, + { 438510, false }, + { 438525, true }, + { 438543, true }, + { 438561, true }, + { 438575, true }, + { 438587, true }, + { 438610, true }, + { 438624, true }, + { 438635, true }, + { 438647, true }, + { 438672, true }, + { 438689, true }, + { 438712, true }, + { 438737, true }, + { 438749, true }, + { 438761, true }, + { 438773, true }, + { 438789, true }, + { 438801, true }, + { 438824, true }, + { 438842, true }, + { 438856, true }, + { 438872, true }, + { 438884, true }, + { 438892, true }, + { 438916, true }, + { 438928, true }, + { 438941, true }, + { 438952, true }, + { 438969, true }, + { 438981, true }, + { 438998, true }, + { 439008, true }, + { 439027, true }, + { 439047, false }, + { 439070, true }, + { 439090, true }, + { 439104, true }, + { 439122, true }, + { 439140, true }, + { 439153, true }, + { 439168, true }, + { 439178, true }, + { 439195, true }, + { 439212, true }, + { 439225, true }, + { 439236, true }, + { 439256, true }, + { 439270, true }, + { 439291, true }, + { 439304, true }, + { 439325, true }, + { 439336, true }, + { 439347, true }, + { 439369, true }, + { 439387, false }, + { 439401, true }, + { 439420, true }, + { 439435, true }, + { 439462, true }, + { 439471, true }, + { 439489, true }, + { 439503, false }, + { 439525, true }, + { 439534, true }, + { 439553, true }, + { 439569, true }, + { 439582, true }, + { 439594, true }, + { 439610, true }, + { 439623, true }, + { 439636, true }, + { 439650, true }, + { 439663, true }, + { 439681, true }, + { 439696, true }, + { 439716, true }, + { 439731, true }, + { 439744, true }, + { 439756, true }, + { 439769, true }, + { 439781, true }, + { 439793, true }, + { 439804, true }, + { 439822, true }, + { 439833, true }, + { 439844, true }, + { 439857, true }, + { 439870, true }, + { 439890, true }, + { 439904, true }, + { 439915, true }, + { 439930, true }, + { 439948, true }, + { 439971, true }, + { 439986, true }, + { 440007, true }, + { 440026, true }, + { 440034, true }, + { 440045, true }, + { 440053, true }, + { 440066, true }, + { 440080, true }, + { 440090, true }, + { 440100, true }, + { 440114, true }, + { 440126, false }, + { 440136, true }, + { 440153, true }, + { 440162, true }, + { 440179, true }, + { 440195, true }, + { 440217, true }, + { 440227, true }, + { 440237, true }, + { 440250, true }, + { 440259, true }, + { 440281, true }, + { 440291, true }, + { 440301, true }, + { 440309, true }, + { 440317, true }, + { 440327, true }, + { 440336, true }, + { 440345, true }, + { 440355, false }, + { 440363, true }, + { 440375, false }, + { 440386, true }, + { 440394, false }, + { 440408, true }, + { 440418, true }, + { 440426, false }, + { 440446, true }, + { 440456, true }, + { 440470, true }, + { 440480, true }, + { 440491, true }, + { 440503, true }, + { 440518, true }, + { 440529, true }, + { 440540, true }, + { 440551, true }, + { 440563, true }, + { 440583, true }, + { 440592, true }, + { 440603, true }, + { 440617, true }, + { 440629, true }, + { 440641, true }, + { 440653, true }, + { 440664, true }, + { 440674, true }, + { 440688, true }, + { 440699, true }, + { 440711, false }, + { 440723, true }, + { 440735, true }, + { 440755, true }, + { 440764, false }, + { 440778, false }, + { 440794, true }, + { 440810, true }, + { 440825, true }, + { 440850, true }, + { 440871, true }, + { 440885, true }, + { 440899, true }, + { 440914, true }, + { 440923, true }, + { 440936, true }, + { 440945, true }, + { 440957, true }, + { 440968, true }, + { 440989, false }, + { 441004, true }, + { 441018, true }, + { 441035, true }, + { 441045, true }, + { 441060, true }, + { 441067, true }, + { 441080, true }, + { 441092, true }, + { 441102, true }, + { 441116, true }, + { 441131, true }, + { 441141, true }, + { 441150, true }, + { 441164, true }, + { 441178, true }, + { 441194, true }, + { 441216, true }, + { 441227, true }, + { 441240, true }, + { 441251, true }, + { 441274, true }, + { 441281, true }, + { 441300, true }, + { 441310, false }, + { 441325, true }, + { 441346, true }, + { 441362, true }, + { 441386, true }, + { 441403, true }, + { 441423, true }, + { 441434, true }, + { 441450, true }, + { 441460, true }, + { 441467, true }, + { 441481, true }, + { 441493, true }, + { 441506, true }, + { 441518, true }, + { 441532, true }, + { 441547, true }, + { 441559, true }, + { 441574, true }, + { 441597, false }, + { 441608, true }, + { 441626, true }, + { 441642, true }, + { 441658, true }, + { 441671, true }, + { 441680, true }, + { 441694, true }, + { 441704, true }, + { 441714, true }, + { 441741, true }, + { 441764, true }, + { 441776, true }, + { 441792, true }, + { 441802, true }, + { 441811, true }, + { 441818, true }, + { 441834, true }, + { 441843, true }, + { 441860, true }, + { 441877, true }, + { 441889, true }, + { 441902, true }, + { 441915, true }, + { 441928, true }, + { 441942, true }, + { 441969, true }, + { 441982, true }, + { 441989, true }, + { 441997, true }, + { 442015, true }, + { 442032, true }, + { 442044, true }, + { 442056, true }, + { 442076, true }, + { 442086, true }, + { 442099, true }, + { 442108, true }, + { 442125, true }, + { 442142, true }, + { 442158, true }, + { 442169, true }, + { 442189, true }, + { 442198, true }, + { 442210, true }, + { 442222, true }, + { 442232, true }, + { 442241, true }, + { 442254, true }, + { 442263, true }, + { 442287, true }, + { 442299, true }, + { 442306, true }, + { 442318, true }, + { 442329, true }, + { 442337, true }, + { 442343, true }, + { 442350, true }, + { 442358, true }, + { 442368, true }, + { 442375, true }, + { 442385, true }, + { 442405, true }, + { 442413, true }, + { 442425, true }, + { 442437, true }, + { 442447, true }, + { 442458, true }, + { 442476, true }, + { 442489, true }, + { 442501, true }, + { 442512, true }, + { 442522, true }, + { 442534, true }, + { 442553, true }, + { 442563, true }, + { 442573, true }, + { 442588, true }, + { 442600, true }, + { 442620, true }, + { 442642, true }, + { 442653, true }, + { 442664, true }, + { 442673, true }, + { 442681, true }, + { 442698, true }, + { 442707, true }, + { 442726, true }, + { 442733, true }, + { 442747, true }, + { 442758, true }, + { 442779, true }, + { 442792, true }, + { 442801, true }, + { 442829, true }, + { 442853, true }, + { 442868, true }, + { 442882, true }, + { 442900, true }, + { 442918, true }, + { 442931, false }, + { 442945, true }, + { 442961, true }, + { 442976, true }, + { 442992, true }, + { 443001, true }, + { 443010, true }, + { 443037, true }, + { 443054, true }, + { 443067, true }, + { 443082, true }, + { 443095, true }, + { 443109, false }, + { 443119, true }, + { 443129, true }, + { 443143, true }, + { 443157, true }, + { 443165, true }, + { 443183, true }, + { 443199, true }, + { 443209, true }, + { 443220, true }, + { 443230, true }, + { 443243, true }, + { 443259, true }, + { 443270, true }, + { 443280, true }, + { 443293, true }, + { 443304, true }, + { 443328, true }, + { 443340, true }, + { 443351, true }, + { 443363, true }, + { 443379, true }, + { 443400, true }, + { 443414, true }, + { 443431, false }, + { 443447, true }, + { 443463, true }, + { 443475, true }, + { 443509, true }, + { 443523, true }, + { 443541, true }, + { 443563, true }, + { 443586, true }, + { 443597, true }, + { 443610, true }, + { 443639, true }, + { 443659, true }, + { 443671, true }, + { 443690, true }, + { 443700, true }, + { 443710, true }, + { 443727, true }, + { 443742, true }, + { 443752, true }, + { 443763, true }, + { 443775, true }, + { 443790, true }, + { 443806, true }, + { 443828, true }, + { 443847, true }, + { 443882, true }, + { 443897, true }, + { 443915, true }, + { 443932, true }, + { 443952, true }, + { 443969, true }, + { 443981, true }, + { 444002, true }, + { 444017, true }, + { 444038, true }, + { 444052, true }, + { 444067, true }, + { 444079, true }, + { 444095, true }, + { 444106, true }, + { 444115, true }, + { 444132, false }, + { 444144, true }, + { 444156, true }, + { 444168, true }, + { 444177, true }, + { 444186, true }, + { 444194, true }, + { 444204, true }, + { 444215, true }, + { 444232, true }, + { 444250, true }, + { 444261, true }, + { 444269, true }, + { 444281, true }, + { 444291, true }, + { 444300, true }, + { 444310, true }, + { 444320, true }, + { 444343, true }, + { 444358, true }, + { 444368, true }, + { 444380, true }, + { 444392, true }, + { 444402, false }, + { 444409, true }, + { 444416, true }, + { 444426, true }, + { 444442, true }, + { 444458, true }, + { 444477, true }, + { 444498, false }, + { 444516, true }, + { 444536, true }, + { 444559, true }, + { 444579, true }, + { 444595, true }, + { 444614, true }, + { 444634, true }, + { 444649, true }, + { 444667, true }, + { 444690, true }, + { 444707, true }, + { 444718, false }, + { 444742, true }, + { 444761, true }, + { 444778, true }, + { 444796, true }, + { 444813, true }, + { 444826, true }, + { 444840, true }, + { 444854, true }, + { 444873, true }, + { 444885, true }, + { 444893, false }, + { 444900, true }, + { 444907, true }, + { 444919, true }, + { 444931, true }, + { 444945, true }, + { 444956, true }, + { 444968, true }, + { 444984, true }, + { 444994, true }, + { 445008, false }, + { 445022, true }, + { 445033, true }, + { 445045, true }, + { 445057, false }, + { 445070, true }, + { 445083, true }, + { 445098, true }, + { 445112, true }, + { 445127, true }, + { 445142, true }, + { 445160, true }, + { 445183, true }, + { 445198, true }, + { 445209, true }, + { 445225, true }, + { 445248, true }, + { 445280, true }, + { 445298, true }, + { 445321, true }, + { 445344, true }, + { 445359, true }, + { 445372, true }, + { 445384, true }, + { 445395, true }, + { 445420, true }, + { 445431, true }, + { 445464, true }, + { 445490, true }, + { 445524, true }, + { 445547, true }, + { 445561, true }, + { 445574, true }, + { 445587, true }, + { 445604, true }, + { 445621, true }, + { 445638, true }, + { 445656, true }, + { 445668, true }, + { 445682, true }, + { 445694, true }, + { 445706, true }, + { 445720, true }, + { 445732, true }, + { 445748, false }, + { 445768, true }, + { 445781, false }, + { 445799, false }, + { 445822, true }, + { 445842, true }, + { 445858, true }, + { 445872, true }, + { 445893, true }, + { 445904, true }, + { 445919, true }, + { 445933, true }, + { 445950, true }, + { 445962, true }, + { 445975, true }, + { 445987, true }, + { 445999, true }, + { 446013, true }, + { 446028, true }, + { 446040, false }, + { 446053, true }, + { 446072, true }, + { 446090, true }, + { 446112, true }, + { 446127, true }, + { 446139, true }, + { 446153, true }, + { 446167, true }, + { 446183, true }, + { 446196, true }, + { 446211, false }, + { 446223, true }, + { 446239, true }, + { 446254, false }, + { 446276, true }, + { 446296, true }, + { 446308, true }, + { 446322, true }, + { 446343, true }, + { 446362, true }, + { 446376, true }, + { 446391, true }, + { 446406, true }, + { 446427, true }, + { 446446, true }, + { 446465, true }, + { 446478, true }, + { 446491, true }, + { 446505, false }, + { 446517, true }, + { 446527, true }, + { 446543, true }, + { 446561, true }, + { 446577, true }, + { 446589, true }, + { 446603, true }, + { 446613, true }, + { 446627, true }, + { 446644, true }, + { 446658, true }, + { 446668, false }, + { 446682, true }, + { 446696, true }, + { 446717, true }, + { 446727, true }, + { 446741, true }, + { 446762, true }, + { 446775, true }, + { 446791, true }, + { 446804, true }, + { 446817, true }, + { 446835, true }, + { 446856, true }, + { 446869, true }, + { 446879, true }, + { 446890, true }, + { 446906, true }, + { 446920, true }, + { 446932, true }, + { 446945, true }, + { 446966, true }, + { 446981, true }, + { 446996, true }, + { 447007, true }, + { 447020, true }, + { 447033, true }, + { 447043, true }, + { 447067, true }, + { 447087, true }, + { 447104, true }, + { 447121, true }, + { 447135, true }, + { 447145, true }, + { 447162, true }, + { 447177, true }, + { 447191, true }, + { 447208, true }, + { 447218, true }, + { 447234, true }, + { 447262, true }, + { 447274, true }, + { 447292, true }, + { 447302, true }, + { 447320, true }, + { 447330, true }, + { 447338, true }, + { 447349, true }, + { 447372, true }, + { 447396, true }, + { 447412, true }, + { 447428, true }, + { 447444, true }, + { 447460, true }, + { 447481, true }, + { 447493, true }, + { 447506, true }, + { 447531, true }, + { 447550, true }, + { 447572, true }, + { 447593, true }, + { 447606, true }, + { 447621, true }, + { 447632, true }, + { 447652, true }, + { 447672, true }, + { 447686, true }, + { 447700, true }, + { 447715, true }, + { 447725, true }, + { 447737, true }, + { 447759, true }, + { 447777, true }, + { 447789, true }, + { 447813, true }, + { 447833, true }, + { 447848, true }, + { 447863, true }, + { 447876, true }, + { 447894, true }, + { 447909, true }, + { 447925, true }, + { 447946, true }, + { 447967, true }, + { 447983, true }, + { 448007, true }, + { 448018, true }, + { 448027, true }, + { 448042, true }, + { 448051, true }, + { 448062, false }, + { 448072, true }, + { 448084, true }, + { 448099, true }, + { 448116, true }, + { 448128, true }, + { 448153, true }, + { 448180, true }, + { 448196, true }, + { 448206, true }, + { 448218, true }, + { 448234, true }, + { 448245, true }, + { 448261, true }, + { 448282, true }, + { 448299, true }, + { 448323, true }, + { 448334, true }, + { 448347, true }, + { 448366, true }, + { 448378, true }, + { 448390, true }, + { 448404, true }, + { 448424, true }, + { 448443, true }, + { 448466, true }, + { 448482, true }, + { 448502, true }, + { 448514, true }, + { 448526, true }, + { 448536, true }, + { 448551, true }, + { 448571, true }, + { 448582, true }, + { 448594, true }, + { 448608, true }, + { 448627, true }, + { 448654, true }, + { 448675, true }, + { 448699, true }, + { 448715, true }, + { 448727, true }, + { 448759, true }, + { 448783, true }, + { 448813, true }, + { 448828, true }, + { 448841, true }, + { 448867, true }, + { 448902, true }, + { 448932, true }, + { 448953, true }, + { 448967, true }, + { 448979, true }, + { 449004, true }, + { 449027, true }, + { 449038, true }, + { 449051, true }, + { 449075, true }, + { 449094, true }, + { 449107, true }, + { 449136, true }, + { 449159, true }, + { 449183, true }, + { 449210, true }, + { 449224, true }, + { 449247, true }, + { 449273, true }, + { 449301, true }, + { 449332, true }, + { 449357, true }, + { 449365, true }, + { 449372, true }, + { 449380, true }, + { 449389, true }, + { 449402, true }, + { 449414, true }, + { 449425, true }, + { 449447, true }, + { 449460, true }, + { 449482, true }, + { 449494, true }, + { 449515, true }, + { 449529, true }, + { 449542, true }, + { 449563, true }, + { 449582, true }, + { 449601, true }, + { 449620, true }, + { 449631, true }, + { 449644, true }, + { 449656, true }, + { 449668, true }, + { 449684, true }, + { 449700, true }, + { 449714, true }, + { 449730, true }, + { 449747, true }, + { 449755, true }, + { 449770, true }, + { 449787, false }, + { 449802, true }, + { 449818, true }, + { 449832, true }, + { 449842, true }, + { 449854, true }, + { 449873, true }, + { 449887, false }, + { 449896, true }, + { 449908, true }, + { 449932, true }, + { 449947, true }, + { 449960, true }, + { 449978, true }, + { 449997, true }, + { 450010, true }, + { 450023, true }, + { 450036, true }, + { 450049, true }, + { 450062, true }, + { 450076, true }, + { 450087, true }, + { 450110, true }, + { 450125, true }, + { 450138, true }, + { 450155, true }, + { 450177, true }, + { 450199, true }, + { 450219, true }, + { 450236, true }, + { 450260, true }, + { 450282, true }, + { 450304, true }, + { 450321, true }, + { 450335, true }, + { 450352, true }, + { 450359, true }, + { 450372, true }, + { 450385, true }, + { 450396, true }, + { 450418, true }, + { 450430, false }, + { 450453, true }, + { 450470, true }, + { 450482, true }, + { 450510, true }, + { 450521, true }, + { 450547, true }, + { 450562, true }, + { 450576, true }, + { 450596, true }, + { 450617, true }, + { 450633, true }, + { 450645, true }, + { 450656, true }, + { 450666, true }, + { 450679, true }, + { 450693, false }, + { 450710, true }, + { 450722, true }, + { 450735, true }, + { 450747, true }, + { 450762, true }, + { 450775, true }, + { 450785, true }, + { 450794, true }, + { 450811, true }, + { 450827, true }, + { 450840, true }, + { 450850, true }, + { 450864, true }, + { 450874, true }, + { 450897, true }, + { 450914, true }, + { 450940, true }, + { 450958, true }, + { 450972, true }, + { 450987, true }, + { 451000, true }, + { 451018, true }, + { 451030, true }, + { 451040, true }, + { 451051, true }, + { 451061, true }, + { 451072, true }, + { 451085, false }, + { 451101, true }, + { 451114, true }, + { 451130, true }, + { 451144, true }, + { 451157, true }, + { 451170, false }, + { 451187, true }, + { 451201, true }, + { 451215, true }, + { 451229, true }, + { 451253, true }, + { 451266, true }, + { 451279, true }, + { 451293, true }, + { 451307, true }, + { 451322, true }, + { 451338, true }, + { 451355, true }, + { 451370, true }, + { 451385, true }, + { 451403, true }, + { 451414, true }, + { 451429, true }, + { 451452, true }, + { 451469, true }, + { 451482, true }, + { 451503, true }, + { 451515, true }, + { 451535, true }, + { 451566, true }, + { 451585, true }, + { 451599, true }, + { 451618, true }, + { 451637, true }, + { 451645, true }, + { 451658, true }, + { 451686, true }, + { 451702, true }, + { 451718, true }, + { 451732, true }, + { 451755, true }, + { 451770, true }, + { 451785, true }, + { 451809, true }, + { 451826, true }, + { 451847, true }, + { 451865, true }, + { 451889, true }, + { 451909, true }, + { 451935, true }, + { 451950, true }, + { 451968, true }, + { 451988, true }, + { 452000, true }, + { 452017, true }, + { 452036, true }, + { 452053, true }, + { 452067, true }, + { 452086, true }, + { 452095, true }, + { 452112, false }, + { 452133, true }, + { 452147, true }, + { 452156, true }, + { 452175, false }, + { 452188, true }, + { 452200, true }, + { 452226, true }, + { 452247, true }, + { 452263, true }, + { 452278, true }, + { 452299, true }, + { 452321, true }, + { 452335, true }, + { 452350, true }, + { 452367, true }, + { 452385, true }, + { 452401, true }, + { 452422, true }, + { 452439, true }, + { 452451, true }, + { 452471, true }, + { 452487, false }, + { 452500, true }, + { 452521, true }, + { 452535, true }, + { 452548, true }, + { 452566, true }, + { 452580, true }, + { 452592, true }, + { 452610, false }, + { 452629, true }, + { 452651, true }, + { 452666, true }, + { 452685, true }, + { 452711, true }, + { 452726, true }, + { 452742, true }, + { 452756, true }, + { 452768, true }, + { 452783, true }, + { 452795, true }, + { 452810, true }, + { 452823, true }, + { 452839, true }, + { 452867, true }, + { 452888, true }, + { 452902, true }, + { 452914, true }, + { 452926, true }, + { 452943, true }, + { 452961, true }, + { 452987, true }, + { 452998, true }, + { 453005, true }, + { 453018, true }, + { 453031, true }, + { 453045, true }, + { 453064, true }, + { 453072, true }, + { 453082, true }, + { 453089, true }, + { 453099, true }, + { 453114, true }, + { 453133, true }, + { 453148, true }, + { 453172, true }, + { 453188, true }, + { 453211, true }, + { 453236, true }, + { 453252, true }, + { 453263, false }, + { 453273, true }, + { 453282, true }, + { 453289, true }, + { 453298, true }, + { 453309, true }, + { 453335, true }, + { 453351, false }, + { 453363, true }, + { 453372, true }, + { 453383, true }, + { 453396, true }, + { 453410, true }, + { 453417, true }, + { 453424, true }, + { 453436, true }, + { 453447, true }, + { 453457, true }, + { 453473, true }, + { 453481, true }, + { 453488, true }, + { 453498, true }, + { 453507, true }, + { 453515, true }, + { 453525, true }, + { 453532, true }, + { 453542, true }, + { 453554, true }, + { 453567, true }, + { 453586, true }, + { 453596, true }, + { 453609, true }, + { 453622, true }, + { 453630, true }, + { 453648, true }, + { 453660, true }, + { 453673, true }, + { 453693, true }, + { 453710, true }, + { 453724, true }, + { 453736, true }, + { 453748, true }, + { 453766, true }, + { 453779, true }, + { 453795, true }, + { 453804, true }, + { 453813, true }, + { 453823, true }, + { 453840, true }, + { 453858, true }, + { 453879, true }, + { 453890, true }, + { 453901, false }, + { 453915, true }, + { 453936, true }, + { 453959, true }, + { 453979, true }, + { 454004, true }, + { 454030, true }, + { 454056, true }, + { 454077, true }, + { 454088, true }, + { 454098, true }, + { 454109, true }, + { 454121, true }, + { 454135, true }, + { 454154, true }, + { 454167, true }, + { 454195, true }, + { 454208, true }, + { 454219, true }, + { 454229, true }, + { 454247, true }, + { 454259, true }, + { 454274, true }, + { 454300, true }, + { 454311, true }, + { 454326, true }, + { 454344, true }, + { 454360, true }, + { 454376, true }, + { 454396, true }, + { 454411, true }, + { 454427, true }, + { 454439, true }, + { 454449, true }, + { 454477, true }, + { 454499, true }, + { 454516, true }, + { 454536, true }, + { 454549, true }, + { 454568, true }, + { 454576, true }, + { 454590, true }, + { 454609, true }, + { 454626, true }, + { 454641, true }, + { 454653, true }, + { 454685, true }, + { 454714, true }, + { 454733, true }, + { 454757, true }, + { 454774, true }, + { 454787, true }, + { 454803, true }, + { 454815, true }, + { 454828, false }, + { 454842, true }, + { 454858, true }, + { 454871, true }, + { 454890, true }, + { 454902, true }, + { 454915, true }, + { 454940, true }, + { 454958, true }, + { 454971, true }, + { 454991, true }, + { 455009, true }, + { 455021, true }, + { 455033, true }, + { 455048, true }, + { 455067, true }, + { 455082, true }, + { 455114, true }, + { 455135, true }, + { 455153, true }, + { 455172, true }, + { 455188, true }, + { 455213, true }, + { 455229, true }, + { 455254, true }, + { 455270, true }, + { 455286, true }, + { 455307, true }, + { 455324, true }, + { 455339, true }, + { 455359, true }, + { 455385, true }, + { 455413, true }, + { 455434, true }, + { 455452, true }, + { 455465, true }, + { 455478, true }, + { 455494, false }, + { 455506, true }, + { 455521, true }, + { 455535, true }, + { 455553, true }, + { 455572, true }, + { 455586, true }, + { 455598, true }, + { 455616, true }, + { 455630, true }, + { 455644, true }, + { 455660, true }, + { 455683, true }, + { 455694, true }, + { 455706, true }, + { 455716, true }, + { 455725, true }, + { 455739, true }, + { 455753, true }, + { 455767, true }, + { 455781, true }, + { 455792, true }, + { 455813, true }, + { 455826, true }, + { 455839, true }, + { 455850, true }, + { 455858, true }, + { 455870, true }, + { 455883, true }, + { 455897, true }, + { 455911, true }, + { 455925, true }, + { 455937, true }, + { 455954, true }, + { 455965, true }, + { 455977, true }, + { 455986, false }, + { 455998, true }, + { 456017, true }, + { 456030, true }, + { 456041, true }, + { 456053, true }, + { 456064, true }, + { 456077, true }, + { 456091, true }, + { 456102, true }, + { 456114, true }, + { 456127, true }, + { 456133, true }, + { 456148, true }, + { 456158, true }, + { 456174, true }, + { 456187, true }, + { 456202, true }, + { 456213, true }, + { 456223, true }, + { 456234, true }, + { 456250, true }, + { 456275, true }, + { 456296, true }, + { 456314, true }, + { 456332, true }, + { 456352, true }, + { 456374, true }, + { 456386, true }, + { 456401, true }, + { 456414, true }, + { 456431, true }, + { 456450, true }, + { 456473, true }, + { 456491, true }, + { 456510, true }, + { 456523, true }, + { 456535, true }, + { 456548, true }, + { 456561, true }, + { 456569, true }, + { 456583, true }, + { 456595, true }, + { 456607, true }, + { 456622, true }, + { 456635, true }, + { 456646, true }, + { 456657, true }, + { 456671, true }, + { 456679, true }, + { 456690, true }, + { 456699, true }, + { 456715, true }, + { 456725, true }, + { 456739, true }, + { 456749, true }, + { 456763, true }, + { 456770, true }, + { 456780, true }, + { 456787, true }, + { 456798, true }, + { 456809, true }, + { 456824, false }, + { 456833, true }, + { 456845, true }, + { 456852, true }, + { 456861, true }, + { 456869, false }, + { 456884, true }, + { 456893, true }, + { 456905, true }, + { 456914, true }, + { 456923, true }, + { 456934, true }, + { 456943, true }, + { 456952, true }, + { 456968, true }, + { 456983, true }, + { 456993, true }, + { 457006, true }, + { 457018, true }, + { 457026, true }, + { 457038, true }, + { 457051, true }, + { 457062, true }, + { 457076, true }, + { 457092, true }, + { 457104, true }, + { 457117, true }, + { 457131, true }, + { 457145, true }, + { 457159, true }, + { 457171, true }, + { 457184, false }, + { 457197, true }, + { 457212, true }, + { 457226, true }, + { 457240, true }, + { 457257, true }, + { 457274, true }, + { 457289, true }, + { 457307, true }, + { 457325, true }, + { 457343, true }, + { 457357, true }, + { 457371, true }, + { 457385, true }, + { 457399, true }, + { 457413, false }, + { 457433, false }, + { 457451, false }, + { 457477, false }, + { 457500, false }, + { 457523, false }, + { 457544, true }, + { 457557, true }, + { 457573, false }, + { 457589, false }, + { 457605, true }, + { 457627, true }, + { 457640, false }, + { 457657, false }, + { 457674, true }, + { 457691, false }, + { 457708, false }, + { 457722, false }, + { 457741, false }, + { 457752, false }, + { 457764, false }, + { 457783, true }, + { 457801, true }, + { 457816, false }, + { 457830, false }, + { 457844, true }, + { 457860, false }, + { 457877, false }, + { 457894, false }, + { 457909, false }, + { 457925, true }, + { 457946, true }, + { 457964, false }, + { 457983, false }, + { 458001, true }, + { 458021, true }, + { 458037, false }, + { 458052, true }, + { 458067, true }, + { 458091, false }, + { 458109, false }, + { 458124, true }, + { 458144, true }, + { 458165, false }, + { 458189, false }, + { 458208, false }, + { 458223, false }, + { 458239, true }, + { 458254, false }, + { 458267, false }, + { 458282, false }, + { 458296, false }, + { 458314, true }, + { 458327, true }, + { 458338, true }, + { 458345, true }, + { 458356, true }, + { 458367, true }, + { 458375, true }, + { 458383, true }, + { 458393, true }, + { 458406, true }, + { 458419, true }, + { 458431, true }, + { 458448, true }, + { 458464, true }, + { 458478, true }, + { 458485, true }, + { 458505, true }, + { 458513, true }, + { 458524, true }, + { 458534, true }, + { 458543, true }, + { 458561, true }, + { 458566, true }, + { 458571, true }, + { 458578, true }, + { 458586, true }, + { 458595, true }, + { 458603, true }, + { 458611, true }, + { 458619, true }, + { 458639, true }, + { 458647, true }, + { 458656, true }, + { 458667, false }, + { 458687, true }, + { 458694, true }, + { 458713, false }, + { 458724, true }, + { 458734, true }, + { 458741, true }, + { 458748, true }, + { 458758, true }, + { 458779, true }, + { 458799, true }, + { 458813, true }, + { 458837, true }, + { 458844, true }, + { 458854, false }, + { 458867, true }, + { 458884, true }, + { 458901, true }, + { 458921, true }, + { 458940, true }, + { 458946, true }, + { 458952, true }, + { 458964, true }, + { 458976, true }, + { 458985, true }, + { 458997, true }, + { 459010, true }, + { 459022, true }, + { 459031, true }, + { 459042, true }, + { 459055, true }, + { 459070, true }, + { 459084, true }, + { 459103, true }, + { 459116, true }, + { 459129, true }, + { 459140, true }, + { 459151, true }, + { 459162, true }, + { 459174, true }, + { 459182, false }, + { 459201, false }, + { 459212, true }, + { 459225, true }, + { 459236, true }, + { 459243, true }, + { 459254, true }, + { 459261, true }, + { 459284, true }, + { 459296, true }, + { 459310, true }, + { 459329, true }, + { 459345, true }, + { 459361, false }, + { 459373, true }, + { 459384, true }, + { 459401, true }, + { 459411, true }, + { 459427, true }, + { 459441, true }, + { 459452, true }, + { 459468, true }, + { 459482, false }, + { 459497, true }, + { 459512, true }, + { 459522, true }, + { 459532, true }, + { 459544, true }, + { 459555, false }, + { 459565, true }, + { 459575, true }, + { 459593, true }, + { 459601, true }, + { 459612, false }, + { 459620, true }, + { 459631, true }, + { 459642, true }, + { 459654, true }, + { 459663, true }, + { 459678, true }, + { 459689, true }, + { 459697, true }, + { 459707, true }, + { 459717, true }, + { 459725, true }, + { 459736, true }, + { 459746, true }, + { 459758, true }, + { 459769, true }, + { 459780, false }, + { 459792, true }, + { 459803, true }, + { 459822, true }, + { 459833, true }, + { 459843, true }, + { 459855, false }, + { 459865, true }, + { 459873, true }, + { 459887, true }, + { 459894, true }, + { 459928, true }, + { 459953, true }, + { 459981, true }, + { 459999, true }, + { 460013, true }, + { 460042, true }, + { 460053, true }, + { 460072, true }, + { 460104, true }, + { 460127, true }, + { 460148, true }, + { 460181, true }, + { 460213, true }, + { 460239, true }, + { 460272, true }, + { 460295, true }, + { 460314, true }, + { 460342, true }, + { 460370, true }, + { 460390, true }, + { 460408, true }, + { 460426, true }, + { 460451, true }, + { 460483, true }, + { 460510, true }, + { 460532, true }, + { 460560, true }, + { 460582, true }, + { 460603, true }, + { 460628, true }, + { 460653, true }, + { 460677, true }, + { 460695, true }, + { 460721, true }, + { 460749, true }, + { 460780, true }, + { 460808, true }, + { 460834, true }, + { 460862, true }, + { 460889, true }, + { 460929, true }, + { 460956, true }, + { 460986, true }, + { 461005, true }, + { 461023, true }, + { 461048, true }, + { 461063, true }, + { 461074, true }, + { 461089, true }, + { 461115, true }, + { 461126, false }, + { 461147, true }, + { 461173, true }, + { 461193, true }, + { 461213, true }, + { 461237, true }, + { 461255, true }, + { 461273, true }, + { 461299, true }, + { 461317, true }, + { 461354, false }, + { 461383, true }, + { 461402, true }, + { 461422, true }, + { 461455, true }, + { 461476, true }, + { 461503, true }, + { 461517, true }, + { 461540, true }, + { 461554, true }, + { 461582, true }, + { 461617, true }, + { 461632, true }, + { 461646, true }, + { 461669, true }, + { 461696, true }, + { 461728, true }, + { 461748, true }, + { 461769, true }, + { 461783, true }, + { 461797, true }, + { 461814, true }, + { 461836, true }, + { 461862, true }, + { 461886, true }, + { 461911, true }, + { 461924, true }, + { 461952, true }, + { 461994, true }, + { 462024, true }, + { 462035, true }, + { 462054, true }, + { 462075, true }, + { 462110, true }, + { 462133, true }, + { 462159, true }, + { 462182, true }, + { 462198, true }, + { 462220, true }, + { 462244, true }, + { 462270, true }, + { 462301, true }, + { 462327, true }, + { 462339, true }, + { 462363, true }, + { 462390, true }, + { 462411, true }, + { 462432, true }, + { 462439, true }, + { 462450, true }, + { 462461, true }, + { 462468, true }, + { 462479, true }, + { 462489, true }, + { 462500, true }, + { 462506, true }, + { 462517, true }, + { 462533, true }, + { 462549, true }, + { 462557, true }, + { 462567, true }, + { 462574, true }, + { 462581, true }, + { 462598, true }, + { 462611, true }, + { 462619, true }, + { 462634, true }, + { 462645, true }, + { 462660, true }, + { 462679, true }, + { 462693, true }, + { 462702, true }, + { 462708, true }, + { 462722, true }, + { 462732, true }, + { 462742, true }, + { 462750, true }, + { 462763, true }, + { 462776, true }, + { 462788, true }, + { 462795, true }, + { 462802, true }, + { 462813, true }, + { 462822, true }, + { 462829, true }, + { 462835, true }, + { 462846, true }, + { 462856, true }, + { 462865, true }, + { 462877, true }, + { 462885, true }, + { 462903, true }, + { 462932, true }, + { 462948, true }, + { 462961, true }, + { 462970, true }, + { 462982, true }, + { 462991, true }, + { 463001, true }, + { 463010, true }, + { 463022, true }, + { 463029, true }, + { 463043, true }, + { 463054, true }, + { 463064, false }, + { 463072, true }, + { 463084, true }, + { 463094, true }, + { 463102, true }, + { 463112, true }, + { 463121, true }, + { 463135, true }, + { 463155, true }, + { 463165, true }, + { 463177, true }, + { 463197, true }, + { 463206, true }, + { 463214, true }, + { 463229, true }, + { 463239, true }, + { 463248, true }, + { 463260, true }, + { 463272, true }, + { 463283, true }, + { 463297, true }, + { 463308, true }, + { 463322, true }, + { 463333, true }, + { 463347, true }, + { 463357, true }, + { 463373, true }, + { 463380, true }, + { 463390, true }, + { 463402, true }, + { 463412, true }, + { 463419, true }, + { 463428, true }, + { 463443, true }, + { 463454, true }, + { 463462, true }, + { 463474, true }, + { 463485, true }, + { 463506, true }, + { 463516, true }, + { 463524, true }, + { 463538, true }, + { 463550, true }, + { 463565, true }, + { 463577, true }, + { 463590, true }, + { 463603, true }, + { 463616, true }, + { 463632, true }, + { 463647, true }, + { 463659, false }, + { 463669, true }, + { 463682, true }, + { 463710, true }, + { 463719, true }, + { 463731, true }, + { 463743, true }, + { 463759, true }, + { 463767, true }, + { 463776, true }, + { 463788, true }, + { 463798, true }, + { 463806, true }, + { 463819, true }, + { 463829, true }, + { 463838, true }, + { 463848, true }, + { 463856, true }, + { 463866, true }, + { 463877, true }, + { 463887, true }, + { 463900, true }, + { 463912, true }, + { 463927, true }, + { 463935, true }, + { 463943, true }, + { 463951, true }, + { 463959, true }, + { 463967, true }, + { 463978, true }, + { 463989, true }, + { 464000, true }, + { 464009, true }, + { 464021, true }, + { 464033, true }, + { 464045, true }, + { 464057, true }, + { 464069, true }, + { 464081, true }, + { 464093, true }, + { 464105, true }, + { 464117, true }, + { 464125, true }, + { 464133, true }, + { 464141, true }, + { 464149, true }, + { 464157, true }, + { 464165, true }, + { 464173, true }, + { 464181, true }, + { 464189, true }, + { 464197, true }, + { 464205, true }, + { 464213, true }, + { 464221, true }, + { 464229, true }, + { 464240, true }, + { 464259, true }, + { 464269, true }, + { 464280, true }, + { 464295, true }, + { 464305, true }, + { 464321, true }, + { 464335, true }, + { 464345, false }, + { 464354, true }, + { 464361, true }, + { 464372, true }, + { 464388, true }, + { 464395, true }, + { 464404, true }, + { 464413, true }, + { 464430, true }, + { 464441, true }, + { 464449, true }, + { 464462, true }, + { 464473, true }, + { 464484, true }, + { 464493, true }, + { 464507, true }, + { 464522, true }, + { 464533, true }, + { 464549, true }, + { 464559, true }, + { 464569, true }, + { 464580, true }, + { 464602, true }, + { 464615, true }, + { 464630, true }, + { 464641, true }, + { 464652, true }, + { 464660, true }, + { 464675, true }, + { 464685, true }, + { 464703, true }, + { 464715, true }, + { 464731, true }, + { 464742, true }, + { 464756, true }, + { 464772, true }, + { 464789, true }, + { 464801, true }, + { 464826, true }, + { 464848, true }, + { 464867, true }, + { 464891, true }, + { 464904, true }, + { 464918, true }, + { 464930, true }, + { 464943, true }, + { 464954, true }, + { 464978, true }, + { 464989, true }, + { 465001, false }, + { 465016, true }, + { 465027, true }, + { 465037, true }, + { 465047, true }, + { 465058, true }, + { 465070, true }, + { 465090, false }, + { 465100, true }, + { 465111, true }, + { 465143, true }, + { 465170, true }, + { 465194, true }, + { 465205, true }, + { 465217, true }, + { 465227, true }, + { 465244, true }, + { 465261, true }, + { 465276, true }, + { 465287, true }, + { 465307, true }, + { 465319, true }, + { 465335, true }, + { 465352, true }, + { 465367, true }, + { 465385, true }, + { 465401, true }, + { 465414, false }, + { 465427, true }, + { 465441, true }, + { 465457, true }, + { 465467, true }, + { 465477, true }, + { 465490, true }, + { 465507, true }, + { 465517, true }, + { 465532, true }, + { 465547, true }, + { 465559, true }, + { 465571, true }, + { 465583, true }, + { 465592, true }, + { 465610, true }, + { 465624, true }, + { 465637, true }, + { 465651, true }, + { 465665, true }, + { 465676, true }, + { 465686, true }, + { 465699, true }, + { 465717, true }, + { 465730, true }, + { 465744, true }, + { 465757, true }, + { 465775, true }, + { 465790, true }, + { 465812, true }, + { 465831, true }, + { 465840, true }, + { 465854, true }, + { 465865, true }, + { 465882, true }, + { 465894, true }, + { 465916, true }, + { 465933, true }, + { 465946, true }, + { 465966, true }, + { 465975, true }, + { 465983, true }, + { 465991, true }, + { 466004, true }, + { 466015, true }, + { 466028, true }, + { 466037, true }, + { 466049, true }, + { 466061, true }, + { 466075, true }, + { 466084, true }, + { 466095, true }, + { 466106, true }, + { 466114, true }, + { 466125, true }, + { 466135, true }, + { 466144, true }, + { 466154, true }, + { 466169, false }, + { 466175, true }, + { 466181, true }, + { 466189, true }, + { 466200, true }, + { 466216, true }, + { 466224, true }, + { 466237, true }, + { 466247, true }, + { 466257, true }, + { 466267, true }, + { 466278, true }, + { 466291, true }, + { 466304, true }, + { 466317, true }, + { 466328, true }, + { 466338, true }, + { 466348, true }, + { 466358, true }, + { 466368, true }, + { 466380, true }, + { 466390, true }, + { 466402, true }, + { 466413, true }, + { 466427, true }, + { 466438, true }, + { 466448, true }, + { 466458, true }, + { 466468, true }, + { 466483, true }, + { 466494, true }, + { 466507, true }, + { 466518, true }, + { 466530, true }, + { 466541, true }, + { 466552, true }, + { 466563, true }, + { 466575, true }, + { 466586, true }, + { 466597, true }, + { 466610, true }, + { 466617, true }, + { 466626, true }, + { 466636, true }, + { 466646, true }, + { 466655, true }, + { 466664, true }, + { 466683, true }, + { 466696, true }, + { 466709, true }, + { 466725, true }, + { 466735, true }, + { 466743, true }, + { 466754, true }, + { 466768, true }, + { 466786, true }, + { 466799, true }, + { 466812, true }, + { 466824, true }, + { 466832, true }, + { 466845, true }, + { 466859, true }, + { 466869, true }, + { 466879, true }, + { 466893, true }, + { 466904, true }, + { 466912, true }, + { 466920, true }, + { 466934, true }, + { 466950, true }, + { 466960, true }, + { 466978, true }, + { 466987, true }, + { 466996, true }, + { 467009, true }, + { 467021, true }, + { 467044, true }, + { 467057, true }, + { 467062, true }, + { 467072, true }, + { 467079, true }, + { 467086, true }, + { 467093, true }, + { 467105, false }, + { 467125, false }, + { 467144, true }, + { 467155, true }, + { 467170, true }, + { 467186, true }, + { 467200, true }, + { 467211, false }, + { 467228, false }, + { 467245, false }, + { 467263, true }, + { 467277, true }, + { 467292, true }, + { 467308, true }, + { 467323, true }, + { 467334, true }, + { 467348, true }, + { 467361, true }, + { 467374, true }, + { 467382, false }, + { 467405, true }, + { 467415, true }, + { 467425, true }, + { 467440, true }, + { 467454, true }, + { 467482, true }, + { 467493, true }, + { 467506, true }, + { 467518, true }, + { 467531, true }, + { 467539, true }, + { 467564, true }, + { 467575, true }, + { 467584, true }, + { 467594, true }, + { 467616, true }, + { 467625, true }, + { 467638, true }, + { 467650, true }, + { 467661, false }, + { 467679, true }, + { 467690, true }, + { 467706, true }, + { 467720, true }, + { 467733, true }, + { 467741, true }, + { 467765, true }, + { 467778, true }, + { 467790, true }, + { 467807, true }, + { 467819, true }, + { 467832, false }, + { 467839, true }, + { 467857, true }, + { 467864, true }, + { 467873, false }, + { 467882, true }, + { 467893, true }, + { 467905, true }, + { 467916, true }, + { 467924, true }, + { 467931, true }, + { 467939, true }, + { 467955, true }, + { 467974, true }, + { 467989, true }, + { 468000, true }, + { 468007, true }, + { 468017, true }, + { 468025, true }, + { 468047, true }, + { 468065, true }, + { 468091, true }, + { 468100, true }, + { 468113, true }, + { 468138, true }, + { 468155, true }, + { 468166, true }, + { 468188, true }, + { 468215, true }, + { 468234, false }, + { 468245, true }, + { 468267, true }, + { 468278, true }, + { 468288, true }, + { 468299, true }, + { 468311, true }, + { 468323, true }, + { 468336, true }, + { 468349, true }, + { 468364, true }, + { 468382, true }, + { 468395, true }, + { 468410, true }, + { 468426, true }, + { 468439, true }, + { 468450, true }, + { 468468, true }, + { 468482, true }, + { 468493, true }, + { 468503, true }, + { 468515, true }, + { 468523, true }, + { 468536, true }, + { 468551, true }, + { 468563, true }, + { 468573, true }, + { 468586, true }, + { 468597, true }, + { 468610, true }, + { 468622, true }, + { 468634, true }, + { 468648, true }, + { 468658, false }, + { 468668, true }, + { 468685, true }, + { 468698, false }, + { 468713, true }, + { 468723, true }, + { 468736, true }, + { 468751, true }, + { 468759, true }, + { 468771, true }, + { 468782, true }, + { 468795, true }, + { 468803, true }, + { 468810, true }, + { 468822, true }, + { 468832, false }, + { 468852, true }, + { 468866, true }, + { 468875, true }, + { 468887, true }, + { 468902, true }, + { 468917, true }, + { 468932, true }, + { 468944, true }, + { 468962, true }, + { 468976, true }, + { 468989, true }, + { 469000, true }, + { 469009, true }, + { 469023, true }, + { 469035, true }, + { 469045, true }, + { 469062, true }, + { 469068, true }, + { 469087, true }, + { 469116, true }, + { 469135, true }, + { 469153, true }, + { 469161, true }, + { 469176, false }, + { 469184, true }, + { 469194, true }, + { 469215, true }, + { 469228, true }, + { 469239, true }, + { 469250, true }, + { 469258, true }, + { 469269, true }, + { 469286, true }, + { 469300, true }, + { 469314, true }, + { 469325, true }, + { 469342, false }, + { 469354, true }, + { 469361, true }, + { 469372, true }, + { 469384, true }, + { 469393, true }, + { 469413, true }, + { 469423, true }, + { 469438, true }, + { 469449, false }, + { 469464, true }, + { 469476, true }, + { 469484, true }, + { 469490, true }, + { 469497, true }, + { 469507, true }, + { 469519, true }, + { 469534, true }, + { 469546, true }, + { 469558, true }, + { 469570, true }, + { 469581, true }, + { 469594, true }, + { 469618, true }, + { 469636, true }, + { 469647, true }, + { 469658, true }, + { 469669, true }, + { 469680, true }, + { 469695, true }, + { 469704, true }, + { 469717, true }, + { 469729, true }, + { 469747, true }, + { 469762, true }, + { 469777, false }, + { 469794, true }, + { 469805, true }, + { 469816, true }, + { 469830, true }, + { 469845, true }, + { 469857, true }, + { 469873, true }, + { 469882, true }, + { 469896, true }, + { 469907, true }, + { 469916, true }, + { 469938, true }, + { 469949, true }, + { 469960, true }, + { 469980, true }, + { 470004, true }, + { 470029, true }, + { 470044, true }, + { 470056, true }, + { 470068, true }, + { 470079, true }, + { 470092, true }, + { 470104, true }, + { 470114, true }, + { 470122, true }, + { 470141, true }, + { 470152, true }, + { 470162, true }, + { 470172, true }, + { 470183, true }, + { 470193, true }, + { 470207, false }, + { 470214, true }, + { 470234, true }, + { 470246, true }, + { 470257, true }, + { 470273, true }, + { 470288, true }, + { 470299, true }, + { 470308, true }, + { 470317, true }, + { 470329, true }, + { 470343, true }, + { 470354, true }, + { 470368, true }, + { 470375, true }, + { 470382, true }, + { 470400, true }, + { 470411, true }, + { 470421, true }, + { 470429, true }, + { 470439, true }, + { 470452, true }, + { 470466, true }, + { 470487, true }, + { 470497, true }, + { 470504, true }, + { 470515, true }, + { 470525, true }, + { 470534, true }, + { 470547, true }, + { 470557, true }, + { 470579, true }, + { 470589, true }, + { 470608, true }, + { 470623, true }, + { 470634, true }, + { 470642, true }, + { 470651, true }, + { 470658, true }, + { 470678, true }, + { 470701, true }, + { 470709, true }, + { 470722, true }, + { 470735, true }, + { 470742, true }, + { 470755, true }, + { 470763, true }, + { 470775, true }, + { 470785, true }, + { 470794, true }, + { 470806, true }, + { 470816, true }, + { 470836, true }, + { 470846, true }, + { 470863, true }, + { 470871, true }, + { 470880, true }, + { 470894, true }, + { 470906, true }, +}; diff --git a/security/manager/ssl/nsSecureBrowserUIImpl.cpp b/security/manager/ssl/nsSecureBrowserUIImpl.cpp new file mode 100644 index 000000000..4202a0142 --- /dev/null +++ b/security/manager/ssl/nsSecureBrowserUIImpl.cpp @@ -0,0 +1,1191 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsSecureBrowserUIImpl.h" + +#include "imgIRequest.h" +#include "mozilla/Logging.h" +#include "nsCURILoader.h" +#include "nsIAssociatedContentSecurity.h" +#include "nsIChannel.h" +#include "nsIDOMWindow.h" +#include "nsIDocShell.h" +#include "nsIDocShellTreeItem.h" +#include "nsIDocument.h" +#include "nsIFTPChannel.h" +#include "nsIFileChannel.h" +#include "nsIHttpChannel.h" +#include "nsIInterfaceRequestorUtils.h" +#include "nsIProtocolHandler.h" +#include "nsISSLStatus.h" +#include "nsISecurityInfoProvider.h" +#include "nsIServiceManager.h" +#include "nsITransportSecurityInfo.h" +#include "nsIWebProgress.h" +#include "nsIWyciwygChannel.h" +#include "nsNetCID.h" +#include "nsNetUtil.h" +#include "nsPIDOMWindow.h" +#include "nsThreadUtils.h" +#include "nspr.h" +#include "nsString.h" + +using namespace mozilla; + +LazyLogModule gSecureDocLog("nsSecureBrowserUI"); + +struct RequestHashEntry : PLDHashEntryHdr { + void *r; +}; + +static bool +RequestMapMatchEntry(const PLDHashEntryHdr *hdr, const void *key) +{ + const RequestHashEntry *entry = static_cast(hdr); + return entry->r == key; +} + +static void +RequestMapInitEntry(PLDHashEntryHdr *hdr, const void *key) +{ + RequestHashEntry *entry = static_cast(hdr); + entry->r = (void*)key; +} + +static const PLDHashTableOps gMapOps = { + PLDHashTable::HashVoidPtrKeyStub, + RequestMapMatchEntry, + PLDHashTable::MoveEntryStub, + PLDHashTable::ClearEntryStub, + RequestMapInitEntry +}; + +nsSecureBrowserUIImpl::nsSecureBrowserUIImpl() + : mNotifiedSecurityState(lis_no_security) + , mNotifiedToplevelIsEV(false) + , mNewToplevelSecurityState(STATE_IS_INSECURE) + , mNewToplevelIsEV(false) + , mNewToplevelSecurityStateKnown(true) + , mIsViewSource(false) + , mSubRequestsBrokenSecurity(0) + , mSubRequestsNoSecurity(0) + , mCertUserOverridden(false) + , mRestoreSubrequests(false) + , mOnLocationChangeSeen(false) +#ifdef DEBUG + , mEntered(false) +#endif + , mTransferringRequests(&gMapOps, sizeof(RequestHashEntry)) +{ + MOZ_ASSERT(NS_IsMainThread()); + + ResetStateTracking(); +} + +NS_IMPL_ISUPPORTS(nsSecureBrowserUIImpl, + nsISecureBrowserUI, + nsIWebProgressListener, + nsISupportsWeakReference, + nsISSLStatusProvider) + +NS_IMETHODIMP +nsSecureBrowserUIImpl::Init(mozIDOMWindowProxy* aWindow) +{ + MOZ_ASSERT(NS_IsMainThread()); + + if (MOZ_LOG_TEST(gSecureDocLog, LogLevel::Debug)) { + nsCOMPtr window(do_QueryReferent(mWindow)); + + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: Init: mWindow: %p, aWindow: %p\n", this, + window.get(), aWindow)); + } + + if (!aWindow) { + NS_WARNING("Null window passed to nsSecureBrowserUIImpl::Init()"); + return NS_ERROR_INVALID_ARG; + } + + if (mWindow) { + NS_WARNING("Trying to init an nsSecureBrowserUIImpl twice"); + return NS_ERROR_ALREADY_INITIALIZED; + } + + nsresult rv; + mWindow = do_GetWeakReference(aWindow, &rv); + NS_ENSURE_SUCCESS(rv, rv); + + auto* piwindow = nsPIDOMWindowOuter::From(aWindow); + nsIDocShell *docShell = piwindow->GetDocShell(); + + // The Docshell will own the SecureBrowserUI object + if (!docShell) + return NS_ERROR_FAILURE; + + docShell->SetSecurityUI(this); + + /* GetWebProgress(mWindow) */ + // hook up to the webprogress notifications. + nsCOMPtr wp(do_GetInterface(docShell)); + if (!wp) return NS_ERROR_FAILURE; + /* end GetWebProgress */ + + wp->AddProgressListener(static_cast(this), + nsIWebProgress::NOTIFY_STATE_ALL | + nsIWebProgress::NOTIFY_LOCATION | + nsIWebProgress::NOTIFY_SECURITY); + + + return NS_OK; +} + +NS_IMETHODIMP +nsSecureBrowserUIImpl::GetState(uint32_t* aState) +{ + MOZ_ASSERT(NS_IsMainThread()); + return MapInternalToExternalState(aState, mNotifiedSecurityState, + mNotifiedToplevelIsEV); +} + +// static +already_AddRefed +nsSecureBrowserUIImpl::ExtractSecurityInfo(nsIRequest* aRequest) +{ + nsCOMPtr retval; + nsCOMPtr channel(do_QueryInterface(aRequest)); + if (channel) + channel->GetSecurityInfo(getter_AddRefs(retval)); + + if (!retval) { + nsCOMPtr provider(do_QueryInterface(aRequest)); + if (provider) + provider->GetSecurityInfo(getter_AddRefs(retval)); + } + + return retval.forget(); +} + +nsresult +nsSecureBrowserUIImpl::MapInternalToExternalState(uint32_t* aState, lockIconState lock, bool ev) +{ + NS_ENSURE_ARG(aState); + + switch (lock) + { + case lis_broken_security: + *aState = STATE_IS_BROKEN; + break; + + case lis_mixed_security: + *aState = STATE_IS_BROKEN; + break; + + case lis_high_security: + *aState = STATE_IS_SECURE | STATE_SECURE_HIGH; + break; + + default: + case lis_no_security: + *aState = STATE_IS_INSECURE; + break; + } + + if (ev && (*aState & STATE_IS_SECURE)) + *aState |= nsIWebProgressListener::STATE_IDENTITY_EV_TOPLEVEL; + + if (mCertUserOverridden && (*aState & STATE_IS_SECURE)) { + *aState |= nsIWebProgressListener::STATE_CERT_USER_OVERRIDDEN; + } + + nsCOMPtr docShell = do_QueryReferent(mDocShell); + if (!docShell) + return NS_OK; + + // For content docShell's, the mixed content security state is set on the root docShell. + if (docShell->ItemType() == nsIDocShellTreeItem::typeContent) { + nsCOMPtr docShellTreeItem(do_QueryInterface(docShell)); + nsCOMPtr sameTypeRoot; + docShellTreeItem->GetSameTypeRootTreeItem(getter_AddRefs(sameTypeRoot)); + NS_ASSERTION(sameTypeRoot, "No document shell root tree item from document shell tree item!"); + docShell = do_QueryInterface(sameTypeRoot); + if (!docShell) + return NS_OK; + } + + // Has a Mixed Content Load initiated in nsMixedContentBlocker? + // * If not, the state should not be broken because of mixed content; + // overriding the previous state if it is inaccurately flagged as mixed. + if (lock == lis_mixed_security && + !docShell->GetHasMixedActiveContentLoaded() && + !docShell->GetHasMixedDisplayContentLoaded() && + !docShell->GetHasMixedActiveContentBlocked() && + !docShell->GetHasMixedDisplayContentBlocked()) { + *aState = STATE_IS_SECURE; + if (ev) { + *aState |= nsIWebProgressListener::STATE_IDENTITY_EV_TOPLEVEL; + } + } + // * If so, the state should be broken or insecure; overriding the previous + // state set by the lock parameter. + uint32_t tempState = STATE_IS_BROKEN; + if (lock == lis_no_security) { + // this is to ensure that http: pages with mixed content in nested + // iframes don't get marked as broken instead of insecure + tempState = STATE_IS_INSECURE; + } + if (docShell->GetHasMixedActiveContentLoaded() && + docShell->GetHasMixedDisplayContentLoaded()) { + *aState = tempState | + nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT | + nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT; + } else if (docShell->GetHasMixedActiveContentLoaded()) { + *aState = tempState | + nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT; + } else if (docShell->GetHasMixedDisplayContentLoaded()) { + *aState = tempState | + nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT; + } + + if (mCertUserOverridden) { + *aState |= nsIWebProgressListener::STATE_CERT_USER_OVERRIDDEN; + } + + // Has Mixed Content Been Blocked in nsMixedContentBlocker? + if (docShell->GetHasMixedActiveContentBlocked()) + *aState |= nsIWebProgressListener::STATE_BLOCKED_MIXED_ACTIVE_CONTENT; + + if (docShell->GetHasMixedDisplayContentBlocked()) + *aState |= nsIWebProgressListener::STATE_BLOCKED_MIXED_DISPLAY_CONTENT; + + // Has Tracking Content been Blocked? + if (docShell->GetHasTrackingContentBlocked()) + *aState |= nsIWebProgressListener::STATE_BLOCKED_TRACKING_CONTENT; + + if (docShell->GetHasTrackingContentLoaded()) + *aState |= nsIWebProgressListener::STATE_LOADED_TRACKING_CONTENT; + + return NS_OK; +} + +NS_IMETHODIMP +nsSecureBrowserUIImpl::SetDocShell(nsIDocShell* aDocShell) +{ + MOZ_ASSERT(NS_IsMainThread()); + nsresult rv; + mDocShell = do_GetWeakReference(aDocShell, &rv); + return rv; +} + +static uint32_t GetSecurityStateFromSecurityInfoAndRequest(nsISupports* info, + nsIRequest* request) +{ + nsresult res; + uint32_t securityState; + + nsCOMPtr psmInfo(do_QueryInterface(info)); + if (!psmInfo) { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - no nsITransportSecurityInfo for %p\n", + (nsISupports *)info)); + return nsIWebProgressListener::STATE_IS_INSECURE; + } + MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - info is %p\n", + (nsISupports *)info)); + + res = psmInfo->GetSecurityState(&securityState); + if (NS_FAILED(res)) { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - GetSecurityState failed: %d\n", + res)); + securityState = nsIWebProgressListener::STATE_IS_BROKEN; + } + + if (securityState != nsIWebProgressListener::STATE_IS_INSECURE) { + // A secure connection does not yield a secure per-uri channel if the + // scheme is plain http. + + nsCOMPtr uri; + nsCOMPtr channel(do_QueryInterface(request)); + if (channel) { + channel->GetURI(getter_AddRefs(uri)); + } else { + nsCOMPtr imgRequest(do_QueryInterface(request)); + if (imgRequest) { + imgRequest->GetURI(getter_AddRefs(uri)); + } + } + if (uri) { + bool isHttp, isFtp; + if ((NS_SUCCEEDED(uri->SchemeIs("http", &isHttp)) && isHttp) || + (NS_SUCCEEDED(uri->SchemeIs("ftp", &isFtp)) && isFtp)) { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - " + "channel scheme is insecure.\n")); + securityState = nsIWebProgressListener::STATE_IS_INSECURE; + } + } + } + + MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - Returning %d\n", + securityState)); + return securityState; +} + + +// nsIWebProgressListener +NS_IMETHODIMP +nsSecureBrowserUIImpl::OnProgressChange(nsIWebProgress* aWebProgress, + nsIRequest* aRequest, + int32_t aCurSelfProgress, + int32_t aMaxSelfProgress, + int32_t aCurTotalProgress, + int32_t aMaxTotalProgress) +{ + NS_NOTREACHED("notification excluded in AddProgressListener(...)"); + return NS_OK; +} + +void +nsSecureBrowserUIImpl::ResetStateTracking() +{ + mDocumentRequestsInProgress = 0; + mTransferringRequests.Clear(); +} + +void +nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest* aRequest, + nsISupports* info, + bool withNewLocation, + bool withNewSink) +{ + mNewToplevelIsEV = false; + + bool updateStatus = false; + nsCOMPtr temp_SSLStatus; + + mNewToplevelSecurityState = + GetSecurityStateFromSecurityInfoAndRequest(info, aRequest); + + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: remember mNewToplevelSecurityState => %x\n", + this, mNewToplevelSecurityState)); + + nsCOMPtr sp(do_QueryInterface(info)); + if (sp) { + // Ignore result + updateStatus = true; + (void) sp->GetSSLStatus(getter_AddRefs(temp_SSLStatus)); + if (temp_SSLStatus) { + bool aTemp; + if (NS_SUCCEEDED(temp_SSLStatus->GetIsExtendedValidation(&aTemp))) { + mNewToplevelIsEV = aTemp; + } + } + } + + mNewToplevelSecurityStateKnown = true; + if (updateStatus) { + mSSLStatus = temp_SSLStatus; + } + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: remember securityInfo %p\n", this, + info)); + nsCOMPtr associatedContentSecurityFromRequest( + do_QueryInterface(aRequest)); + if (associatedContentSecurityFromRequest) { + mCurrentToplevelSecurityInfo = aRequest; + } else { + mCurrentToplevelSecurityInfo = info; + } + + // The subrequest counters are now in sync with mCurrentToplevelSecurityInfo, + // don't restore after top level document load finishes. + mRestoreSubrequests = false; + + UpdateSecurityState(aRequest, withNewLocation, withNewSink || updateStatus); +} + +void +nsSecureBrowserUIImpl::UpdateSubrequestMembers(nsISupports* securityInfo, + nsIRequest* request) +{ + // For wyciwyg channels in subdocuments we only update our + // subrequest state members. + uint32_t reqState = GetSecurityStateFromSecurityInfoAndRequest(securityInfo, + request); + + if (reqState & STATE_IS_SECURE) { + // do nothing + } else if (reqState & STATE_IS_BROKEN) { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: subreq BROKEN\n", this)); + ++mSubRequestsBrokenSecurity; + } else { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: subreq INSECURE\n", this)); + ++mSubRequestsNoSecurity; + } +} + +NS_IMETHODIMP +nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress, + nsIRequest* aRequest, + uint32_t aProgressStateFlags, + nsresult aStatus) +{ + MOZ_ASSERT(NS_IsMainThread()); + ReentrancyGuard guard(*this); + /* + All discussion, unless otherwise mentioned, only refers to + http, https, file or wyciwig requests. + + + Redirects are evil, well, some of them. + There are multiple forms of redirects. + + Redirects caused by http refresh content are ok, because experiments show, + with those redirects, the old page contents and their requests will come to STOP + completely, before any progress from new refreshed page content is reported. + So we can safely treat them as separate page loading transactions. + + Evil are redirects at the http protocol level, like code 302. + + If the toplevel documents gets replaced, i.e. redirected with 302, we do not care for the + security state of the initial transaction, which has now been redirected, + we only care for the new page load. + + For the implementation of the security UI, we make an assumption, that is hopefully true. + + Imagine, the received page that was delivered with the 302 redirection answer, + also delivered html content. + + What happens if the parser starts to analyze the content and tries to load contained sub objects? + + In that case we would see start and stop requests for subdocuments, some for the previous document, + some for the new target document. And only those for the new toplevel document may be + taken into consideration, when deciding about the security state of the next toplevel document. + + Because security state is being looked at, when loading stops for (sub)documents, this + could cause real confusion, because we have to decide, whether an incoming progress + belongs to the new toplevel page, or the previous, already redirected page. + + Can we simplify here? + + If a redirect at the http protocol level is seen, can we safely assume, its html content + will not be parsed, anylzed, and no embedded objects will get loaded (css, js, images), + because the redirect is already happening? + + If we can assume that, this really simplify things. Because we will never see notification + for sub requests that need to get ignored. + + I would like to make this assumption for now, but please let me (kaie) know if I'm wrong. + + Excurse: + If my assumption is wrong, then we would require more tracking information. + We need to keep lists of all pointers to request object that had been seen since the + last toplevel start event. + If the start for a redirected page is seen, the list of releveant object must be cleared, + and only progress for requests which start after it must be analyzed. + All other events must be ignored, as they belong to now irrelevant previous top level documents. + + + Frames are also evil. + + First we need a decision. + kaie thinks: + Only if the toplevel frame is secure, we should try to display secure lock icons. + If some of the inner contents are insecure, we display mixed mode. + + But if the top level frame is not secure, why indicate a mixed lock icon at all? + I think we should always display an open lock icon, if the top level frameset is insecure. + + That's the way Netscape Communicator behaves, and I think we should do the same. + + The user will not know which parts are secure and which are not, + and any certificate information, displayed in the tooltip or in the "page info" + will only be relevant for some subframe(s), and the user will not know which ones, + so we shouldn't display it as a general attribute of the displayed page. + + Why are frames evil? + + Because the progress for the toplevel frame document is not easily distinguishable + from subframes. The same STATE bits are reported. + + While at first sight, when a new page load happens, + the toplevel frameset document has also the STATE_IS_NETWORK bit in it. + But this can't really be used. Because in case that document causes a http 302 redirect, + the real top level frameset will no longer have that bit. + + But we need some way to distinguish top level frames from inner frames. + + I saw that the web progress we get delivered has a reference to the toplevel DOM window. + + I suggest, we look at all incoming requests. + If a request is NOT for the toplevel DOM window, we will always treat it as a subdocument request, + regardless of whether the load flags indicate a top level document. + */ + + nsCOMPtr windowForProgress; + aWebProgress->GetDOMWindow(getter_AddRefs(windowForProgress)); + + nsCOMPtr window(do_QueryReferent(mWindow)); + NS_ASSERTION(window, "Window has gone away?!"); + + if (!mIOService) { + mIOService = do_GetService(NS_IOSERVICE_CONTRACTID); + } + + bool isNoContentResponse = false; + nsCOMPtr httpChannel = do_QueryInterface(aRequest); + if (httpChannel) + { + uint32_t response; + isNoContentResponse = NS_SUCCEEDED(httpChannel->GetResponseStatus(&response)) && + (response == 204 || response == 205); + } + const bool isToplevelProgress = (windowForProgress.get() == window.get()) && !isNoContentResponse; + + if (windowForProgress) + { + if (isToplevelProgress) + { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: progress: for toplevel\n", this)); + } + else + { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: progress: for something else\n", this)); + } + } + else + { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: progress: no window known\n", this)); + } + + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange\n", this)); + + if (mIsViewSource) { + return NS_OK; + } + + if (!aRequest) + { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange with null request\n", this)); + return NS_ERROR_NULL_POINTER; + } + + if (MOZ_LOG_TEST(gSecureDocLog, LogLevel::Debug)) { + nsXPIDLCString reqname; + aRequest->GetName(reqname); + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: %p %p OnStateChange %x %s\n", this, aWebProgress, + aRequest, aProgressStateFlags, reqname.get())); + } + + nsCOMPtr securityInfo(ExtractSecurityInfo(aRequest)); + + nsCOMPtr uri; + nsCOMPtr channel(do_QueryInterface(aRequest)); + if (channel) { + channel->GetURI(getter_AddRefs(uri)); + } + + nsCOMPtr imgRequest(do_QueryInterface(aRequest)); + if (imgRequest) { + NS_ASSERTION(!channel, "How did that happen, exactly?"); + // for image requests, we get the URI from here + imgRequest->GetURI(getter_AddRefs(uri)); + } + + if (uri) { + bool vs; + if (NS_SUCCEEDED(uri->SchemeIs("javascript", &vs)) && vs) { + // We ignore the progress events for javascript URLs. + // If a document loading gets triggered, we will see more events. + return NS_OK; + } + } + + uint32_t loadFlags = 0; + aRequest->GetLoadFlags(&loadFlags); + + if (aProgressStateFlags & STATE_START + && + aProgressStateFlags & STATE_IS_REQUEST + && + isToplevelProgress + && + loadFlags & nsIChannel::LOAD_DOCUMENT_URI) + { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: SOMETHING STARTS FOR TOPMOST DOCUMENT\n", this)); + } + + if (aProgressStateFlags & STATE_STOP + && + aProgressStateFlags & STATE_IS_REQUEST + && + isToplevelProgress + && + loadFlags & nsIChannel::LOAD_DOCUMENT_URI) + { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: SOMETHING STOPS FOR TOPMOST DOCUMENT\n", this)); + } + + bool isSubDocumentRelevant = true; + + // We are only interested in requests that load in the browser window... + if (!imgRequest) { // is not imgRequest + nsCOMPtr httpRequest(do_QueryInterface(aRequest)); + if (!httpRequest) { + nsCOMPtr fileRequest(do_QueryInterface(aRequest)); + if (!fileRequest) { + nsCOMPtr wyciwygRequest(do_QueryInterface(aRequest)); + if (!wyciwygRequest) { + nsCOMPtr ftpRequest(do_QueryInterface(aRequest)); + if (!ftpRequest) { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: not relevant for sub content\n", this)); + isSubDocumentRelevant = false; + } + } + } + } + } + + // This will ignore all resource, chrome, data, file, moz-icon, and anno + // protocols. Local resources are treated as trusted. + if (uri && mIOService) { + bool hasFlag; + nsresult rv = + mIOService->URIChainHasFlags(uri, + nsIProtocolHandler::URI_IS_LOCAL_RESOURCE, + &hasFlag); + if (NS_SUCCEEDED(rv) && hasFlag) { + isSubDocumentRelevant = false; + } + } + +#if defined(DEBUG) + if (aProgressStateFlags & STATE_STOP + && + channel) + { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: seeing STOP with security state: %d\n", this, + GetSecurityStateFromSecurityInfoAndRequest(securityInfo, aRequest) + )); + } +#endif + + if (aProgressStateFlags & STATE_TRANSFERRING + && + aProgressStateFlags & STATE_IS_REQUEST) + { + // The listing of a request in mTransferringRequests + // means, there has already been data transfered. + mTransferringRequests.Add(aRequest, fallible); + + return NS_OK; + } + + bool requestHasTransferedData = false; + + if (aProgressStateFlags & STATE_STOP + && + aProgressStateFlags & STATE_IS_REQUEST) + { + PLDHashEntryHdr* entry = mTransferringRequests.Search(aRequest); + if (entry) { + mTransferringRequests.RemoveEntry(entry); + requestHasTransferedData = true; + } + + if (!requestHasTransferedData) { + // Because image loads doesn't support any TRANSFERRING notifications but + // only START and STOP we must ask them directly whether content was + // transferred. See bug 432685 for details. + nsCOMPtr securityInfoProvider = + do_QueryInterface(aRequest); + // Guess true in all failure cases to be safe. But if we're not + // an nsISecurityInfoProvider, then we just haven't transferred + // any data. + bool hasTransferred; + requestHasTransferedData = + securityInfoProvider && + (NS_FAILED(securityInfoProvider->GetHasTransferredData(&hasTransferred)) || + hasTransferred); + } + } + + bool allowSecurityStateChange = true; + if (loadFlags & nsIChannel::LOAD_RETARGETED_DOCUMENT_URI) + { + // The original consumer (this) is no longer the target of the load. + // Ignore any events with this flag, do not allow them to update + // our secure UI state. + allowSecurityStateChange = false; + } + + if (aProgressStateFlags & STATE_START + && + aProgressStateFlags & STATE_IS_REQUEST + && + isToplevelProgress + && + loadFlags & nsIChannel::LOAD_DOCUMENT_URI) + { + int32_t saveSubBroken; + int32_t saveSubNo; + nsCOMPtr prevContentSecurity; + + int32_t newSubBroken = 0; + int32_t newSubNo = 0; + + bool inProgress = (mDocumentRequestsInProgress != 0); + + if (allowSecurityStateChange && !inProgress) { + saveSubBroken = mSubRequestsBrokenSecurity; + saveSubNo = mSubRequestsNoSecurity; + prevContentSecurity = do_QueryInterface(mCurrentToplevelSecurityInfo); + } + + if (allowSecurityStateChange && !inProgress) + { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: start for toplevel document\n", this + )); + + if (prevContentSecurity) + { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: start, saving current sub state\n", this + )); + + // before resetting our state, let's save information about + // sub element loads, so we can restore it later + prevContentSecurity->SetCountSubRequestsBrokenSecurity(saveSubBroken); + prevContentSecurity->SetCountSubRequestsNoSecurity(saveSubNo); + prevContentSecurity->Flush(); + MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI:%p: Saving subs in START to %p as %d,%d\n", + this, prevContentSecurity.get(), saveSubBroken, saveSubNo)); + } + + bool retrieveAssociatedState = false; + + if (securityInfo && + (aProgressStateFlags & nsIWebProgressListener::STATE_RESTORING) != 0) { + retrieveAssociatedState = true; + } else { + nsCOMPtr wyciwygRequest(do_QueryInterface(aRequest)); + if (wyciwygRequest) { + retrieveAssociatedState = true; + } + } + + if (retrieveAssociatedState) + { + // When restoring from bfcache, we will not get events for the + // page's sub elements, so let's load the state of sub elements + // from the cache. + + nsCOMPtr + newContentSecurity(do_QueryInterface(securityInfo)); + + if (newContentSecurity) + { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: start, loading old sub state\n", this + )); + + newContentSecurity->GetCountSubRequestsBrokenSecurity(&newSubBroken); + newContentSecurity->GetCountSubRequestsNoSecurity(&newSubNo); + MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI:%p: Restoring subs in START from %p to %d,%d\n", + this, newContentSecurity.get(), newSubBroken, newSubNo)); + } + } + else + { + // If we don't get OnLocationChange for this top level load later, + // it didn't get rendered. But we reset the state to unknown and + // mSubRequests* to zeros. If we would have left these values after + // this top level load stoped, we would override the original top level + // load with all zeros and break mixed content state on back and forward. + mRestoreSubrequests = true; + } + } + + if (allowSecurityStateChange && !inProgress) { + ResetStateTracking(); + mSubRequestsBrokenSecurity = newSubBroken; + mSubRequestsNoSecurity = newSubNo; + mNewToplevelSecurityStateKnown = false; + } + + // By using a counter, this code also works when the toplevel + // document get's redirected, but the STOP request for the + // previous toplevel document has not yet have been received. + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: ++mDocumentRequestsInProgress\n", this + )); + ++mDocumentRequestsInProgress; + + return NS_OK; + } + + if (aProgressStateFlags & STATE_STOP + && + aProgressStateFlags & STATE_IS_REQUEST + && + isToplevelProgress + && + loadFlags & nsIChannel::LOAD_DOCUMENT_URI) + { + nsCOMPtr temp_ToplevelEventSink; + + if (allowSecurityStateChange) { + temp_ToplevelEventSink = mToplevelEventSink; + } + + if (mDocumentRequestsInProgress <= 0) { + // Ignore stop requests unless a document load is in progress + // Unfortunately on application start, see some stops without having seen any starts... + return NS_OK; + } + + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnStateChange: --mDocumentRequestsInProgress\n", this + )); + + if (!temp_ToplevelEventSink && channel) + { + if (allowSecurityStateChange) + { + ObtainEventSink(channel, temp_ToplevelEventSink); + } + } + + bool sinkChanged = false; + bool inProgress; + if (allowSecurityStateChange) { + sinkChanged = (mToplevelEventSink != temp_ToplevelEventSink); + mToplevelEventSink = temp_ToplevelEventSink; + } + --mDocumentRequestsInProgress; + inProgress = mDocumentRequestsInProgress > 0; + + if (allowSecurityStateChange && requestHasTransferedData) { + // Data has been transferred for the single toplevel + // request. Evaluate the security state. + + // Do this only when the sink has changed. We update and notify + // the state from OnLacationChange, this is actually redundant. + // But when the target sink changes between OnLocationChange and + // OnStateChange, we have to fire the notification here (again). + + if (sinkChanged || mOnLocationChangeSeen) { + EvaluateAndUpdateSecurityState(aRequest, securityInfo, false, + sinkChanged); + return NS_OK; + } + } + mOnLocationChangeSeen = false; + + if (mRestoreSubrequests && !inProgress) + { + // We get here when there were no OnLocationChange between + // OnStateChange(START) and OnStateChange(STOP). Then the load has not + // been rendered but has been retargeted in some other way then by external + // app handler. Restore mSubRequests* members to what the current security + // state info holds (it was reset to all zero in OnStateChange(START) + // before). + nsCOMPtr currentContentSecurity( + do_QueryInterface(mCurrentToplevelSecurityInfo)); + + // Drop this indication flag, the restore operation is just being done. + mRestoreSubrequests = false; + + // We can do this since the state didn't actually change. + mNewToplevelSecurityStateKnown = true; + + int32_t subBroken = 0; + int32_t subNo = 0; + + if (currentContentSecurity) + { + currentContentSecurity->GetCountSubRequestsBrokenSecurity(&subBroken); + currentContentSecurity->GetCountSubRequestsNoSecurity(&subNo); + MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI:%p: Restoring subs in STOP from %p to %d,%d\n", + this, currentContentSecurity.get(), subBroken, subNo)); + } + + mSubRequestsBrokenSecurity = subBroken; + mSubRequestsNoSecurity = subNo; + } + + return NS_OK; + } + + if (aProgressStateFlags & STATE_STOP + && + aProgressStateFlags & STATE_IS_REQUEST) + { + if (!isSubDocumentRelevant) + return NS_OK; + + // if we arrive here, LOAD_DOCUMENT_URI is not set + + // We only care for the security state of sub requests which have actually transfered data. + + if (allowSecurityStateChange && requestHasTransferedData) + { + UpdateSubrequestMembers(securityInfo, aRequest); + + // Care for the following scenario: + // A new top level document load might have already started, + // but the security state of the new top level document might not yet been known. + // + // At this point, we are learning about the security state of a sub-document. + // We must not update the security state based on the sub content, + // if the new top level state is not yet known. + // + // We skip updating the security state in this case. + + if (mNewToplevelSecurityStateKnown) { + UpdateSecurityState(aRequest, false, false); + } + } + + return NS_OK; + } + + return NS_OK; +} + +// I'm keeping this as a separate function, in order to simplify the review +// for bug 412456. We should inline this in a follow up patch. +void nsSecureBrowserUIImpl::ObtainEventSink(nsIChannel *channel, + nsCOMPtr &sink) +{ + if (!sink) + NS_QueryNotificationCallbacks(channel, sink); +} + +void +nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest, + bool withNewLocation, + bool withUpdateStatus) +{ + lockIconState newSecurityState = lis_no_security; + if (mNewToplevelSecurityState & STATE_IS_SECURE) { + // If a subresoure/request was insecure, then we have mixed security. + if (mSubRequestsBrokenSecurity || mSubRequestsNoSecurity) { + newSecurityState = lis_mixed_security; + } else { + newSecurityState = lis_high_security; + } + } + + if (mNewToplevelSecurityState & STATE_IS_BROKEN) { + newSecurityState = lis_broken_security; + } + + mCertUserOverridden = + mNewToplevelSecurityState & STATE_CERT_USER_OVERRIDDEN; + + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: UpdateSecurityState: old-new %d - %d\n", this, + mNotifiedSecurityState, newSecurityState)); + + bool flagsChanged = false; + if (mNotifiedSecurityState != newSecurityState) { + // Something changed since the last time. + flagsChanged = true; + mNotifiedSecurityState = newSecurityState; + + // If we have no security, we also shouldn't have any SSL status. + if (newSecurityState == lis_no_security) { + mSSLStatus = nullptr; + } + } + + if (mNotifiedToplevelIsEV != mNewToplevelIsEV) { + flagsChanged = true; + mNotifiedToplevelIsEV = mNewToplevelIsEV; + } + + if (flagsChanged || withNewLocation || withUpdateStatus) { + TellTheWorld(aRequest); + } +} + +void +nsSecureBrowserUIImpl::TellTheWorld(nsIRequest* aRequest) +{ + uint32_t state = STATE_IS_INSECURE; + GetState(&state); + + if (mToplevelEventSink) { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: UpdateSecurityState: calling OnSecurityChange\n", + this)); + + mToplevelEventSink->OnSecurityChange(aRequest, state); + } else { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: UpdateSecurityState: NO mToplevelEventSink!\n", + this)); + + } +} + +NS_IMETHODIMP +nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress* aWebProgress, + nsIRequest* aRequest, + nsIURI* aLocation, + uint32_t aFlags) +{ + MOZ_ASSERT(NS_IsMainThread()); + ReentrancyGuard guard(*this); + + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnLocationChange\n", this)); + + bool updateIsViewSource = false; + bool temp_IsViewSource = false; + nsCOMPtr window; + + if (aLocation) + { + bool vs; + + nsresult rv = aLocation->SchemeIs("view-source", &vs); + NS_ENSURE_SUCCESS(rv, rv); + + if (vs) { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnLocationChange: view-source\n", this)); + } + + updateIsViewSource = true; + temp_IsViewSource = vs; + } + + if (updateIsViewSource) { + mIsViewSource = temp_IsViewSource; + } + mCurrentURI = aLocation; + window = do_QueryReferent(mWindow); + NS_ASSERTION(window, "Window has gone away?!"); + + // When |aRequest| is null, basically we don't trust that document. But if + // docshell insists that the document has not changed at all, we will reuse + // the previous security state, no matter what |aRequest| may be. + if (aFlags & LOCATION_CHANGE_SAME_DOCUMENT) + return NS_OK; + + // The location bar has changed, so we must update the security state. The + // only concern with doing this here is that a page may transition from being + // reported as completely secure to being reported as partially secure + // (mixed). This may be confusing for users, and it may bother users who + // like seeing security dialogs. However, it seems prudent given that page + // loading may never end in some edge cases (perhaps by a site with malicious + // intent). + + nsCOMPtr windowForProgress; + aWebProgress->GetDOMWindow(getter_AddRefs(windowForProgress)); + + nsCOMPtr securityInfo(ExtractSecurityInfo(aRequest)); + + if (windowForProgress.get() == window.get()) { + // For toplevel channels, update the security state right away. + mOnLocationChangeSeen = true; + EvaluateAndUpdateSecurityState(aRequest, securityInfo, true, false); + return NS_OK; + } + + // For channels in subdocuments we only update our subrequest state members. + UpdateSubrequestMembers(securityInfo, aRequest); + + // Care for the following scenario: + + // A new toplevel document load might have already started, but the security + // state of the new toplevel document might not yet be known. + // + // At this point, we are learning about the security state of a sub-document. + // We must not update the security state based on the sub content, if the new + // top level state is not yet known. + // + // We skip updating the security state in this case. + + if (mNewToplevelSecurityStateKnown) { + UpdateSecurityState(aRequest, true, false); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsSecureBrowserUIImpl::OnStatusChange(nsIWebProgress* aWebProgress, + nsIRequest* aRequest, + nsresult aStatus, + const char16_t* aMessage) +{ + NS_NOTREACHED("notification excluded in AddProgressListener(...)"); + return NS_OK; +} + +nsresult +nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress* aWebProgress, + nsIRequest* aRequest, + uint32_t state) +{ + MOZ_ASSERT(NS_IsMainThread()); +#if defined(DEBUG) + nsCOMPtr channel(do_QueryInterface(aRequest)); + if (!channel) + return NS_OK; + + nsCOMPtr aURI; + channel->GetURI(getter_AddRefs(aURI)); + + if (aURI) { + MOZ_LOG(gSecureDocLog, LogLevel::Debug, + ("SecureUI:%p: OnSecurityChange: (%x) %s\n", this, + state, aURI->GetSpecOrDefault().get())); + } +#endif + + return NS_OK; +} + +// nsISSLStatusProvider methods +NS_IMETHODIMP +nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result) +{ + NS_ENSURE_ARG_POINTER(_result); + MOZ_ASSERT(NS_IsMainThread()); + + switch (mNotifiedSecurityState) + { + case lis_broken_security: + case lis_mixed_security: + case lis_high_security: + break; + + default: + MOZ_FALLTHROUGH_ASSERT("if this is reached you must add more entries to the switch"); + case lis_no_security: + *_result = nullptr; + return NS_OK; + } + + *_result = mSSLStatus; + NS_IF_ADDREF(*_result); + + return NS_OK; +} diff --git a/security/manager/ssl/nsSecureBrowserUIImpl.h b/security/manager/ssl/nsSecureBrowserUIImpl.h new file mode 100644 index 000000000..905e89474 --- /dev/null +++ b/security/manager/ssl/nsSecureBrowserUIImpl.h @@ -0,0 +1,96 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsSecureBrowserUIImpl_h +#define nsSecureBrowserUIImpl_h + +#include "PLDHashTable.h" +#include "mozilla/ReentrancyGuard.h" +#include "nsCOMPtr.h" +#include "nsINetUtil.h" +#include "nsISSLStatusProvider.h" +#include "nsISecureBrowserUI.h" +#include "nsISecurityEventSink.h" +#include "nsIURI.h" +#include "nsIWebProgressListener.h" +#include "nsWeakReference.h" + +class nsISSLStatus; +class nsIChannel; + +#define NS_SECURE_BROWSER_UI_CID \ +{ 0xcc75499a, 0x1dd1, 0x11b2, {0x8a, 0x82, 0xca, 0x41, 0x0a, 0xc9, 0x07, 0xb8}} + + +class nsSecureBrowserUIImpl : public nsISecureBrowserUI, + public nsIWebProgressListener, + public nsSupportsWeakReference, + public nsISSLStatusProvider +{ + friend class mozilla::ReentrancyGuard; + +public: + nsSecureBrowserUIImpl(); + + NS_DECL_ISUPPORTS + NS_DECL_NSIWEBPROGRESSLISTENER + NS_DECL_NSISECUREBROWSERUI + NS_DECL_NSISSLSTATUSPROVIDER + +protected: + virtual ~nsSecureBrowserUIImpl() {}; + + nsWeakPtr mWindow; + nsWeakPtr mDocShell; + nsCOMPtr mIOService; + nsCOMPtr mCurrentURI; + nsCOMPtr mToplevelEventSink; + + enum lockIconState { + lis_no_security, + lis_broken_security, + lis_mixed_security, + lis_high_security + }; + + lockIconState mNotifiedSecurityState; + bool mNotifiedToplevelIsEV; + + void ResetStateTracking(); + uint32_t mNewToplevelSecurityState; + bool mNewToplevelIsEV; + bool mNewToplevelSecurityStateKnown; + bool mIsViewSource; + + int32_t mDocumentRequestsInProgress; + int32_t mSubRequestsBrokenSecurity; + int32_t mSubRequestsNoSecurity; + bool mCertUserOverridden; + bool mRestoreSubrequests; + bool mOnLocationChangeSeen; +#ifdef DEBUG + bool mEntered; // For ReentrancyGuard. +#endif + + static already_AddRefed ExtractSecurityInfo(nsIRequest* aRequest); + nsresult MapInternalToExternalState(uint32_t* aState, lockIconState lock, bool ev); + void UpdateSecurityState(nsIRequest* aRequest, bool withNewLocation, + bool withUpdateStatus); + void TellTheWorld(nsIRequest* aRequest); + + void EvaluateAndUpdateSecurityState(nsIRequest* aRequest, nsISupports *info, + bool withNewLocation, bool withNewSink); + void UpdateSubrequestMembers(nsISupports* securityInfo, nsIRequest* request); + + void ObtainEventSink(nsIChannel *channel, + nsCOMPtr &sink); + + nsCOMPtr mSSLStatus; + nsCOMPtr mCurrentToplevelSecurityInfo; + + PLDHashTable mTransferringRequests; +}; + +#endif // nsSecureBrowserUIImpl_h diff --git a/security/manager/ssl/nsSecurityHeaderParser.cpp b/security/manager/ssl/nsSecurityHeaderParser.cpp new file mode 100644 index 000000000..9fb9f0d6d --- /dev/null +++ b/security/manager/ssl/nsSecurityHeaderParser.cpp @@ -0,0 +1,244 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsSecurityHeaderParser.h" +#include "mozilla/Logging.h" + +// The character classes in this file are informed by [RFC2616], Section 2.2. +// signed char is a signed data type one byte (8 bits) wide, so its value can +// never be greater than 127. The following implicitly makes use of this. + +// A token is one or more CHAR except CTLs or separators. +// A CHAR is any US-ASCII character (octets 0 - 127). +// A CTL is any US-ASCII control character (octets 0 - 31) and DEL (127). +// A separator is one of ()<>@,;:\"/[]?={} as well as space and +// horizontal-tab (32 and 9, respectively). +// So, this returns true if chr is any octet 33-126 except ()<>@,;:\"/[]?={} +bool +IsTokenSymbol(signed char chr) { + if (chr < 33 || chr == 127 || + chr == '(' || chr == ')' || chr == '<' || chr == '>' || + chr == '@' || chr == ',' || chr == ';' || chr == ':' || + chr == '"' || chr == '/' || chr == '[' || chr == ']' || + chr == '?' || chr == '=' || chr == '{' || chr == '}' || chr == '\\') { + return false; + } + return true; +} + +// A quoted-string consists of a quote (") followed by any amount of +// qdtext or quoted-pair, followed by a quote. +// qdtext is any TEXT except a quote. +// TEXT is any 8-bit octet except CTLs, but including LWS. +// quoted-pair is a backslash (\) followed by a CHAR. +// So, it turns out, \ can't really be a qdtext symbol for our purposes. +// This returns true if chr is any octet 9,10,13,32-126 except <"> or "\" +bool +IsQuotedTextSymbol(signed char chr) { + return ((chr >= 32 && chr != '"' && chr != '\\' && chr != 127) || + chr == 0x9 || chr == 0xa || chr == 0xd); +} + +// The octet following the "\" in a quoted pair can be anything 0-127. +bool +IsQuotedPairSymbol(signed char chr) { + return (chr >= 0); +} + +static mozilla::LazyLogModule sSHParserLog("nsSecurityHeaderParser"); + +#define SHPARSERLOG(args) MOZ_LOG(sSHParserLog, mozilla::LogLevel::Debug, args) + +nsSecurityHeaderParser::nsSecurityHeaderParser(const char *aHeader) + : mCursor(aHeader) + , mError(false) +{ +} + +nsSecurityHeaderParser::~nsSecurityHeaderParser() { + nsSecurityHeaderDirective *directive; + while ((directive = mDirectives.popFirst())) { + delete directive; + } +} + +mozilla::LinkedList * +nsSecurityHeaderParser::GetDirectives() { + return &mDirectives; +} + +nsresult +nsSecurityHeaderParser::Parse() { + MOZ_ASSERT(mDirectives.isEmpty()); + SHPARSERLOG(("trying to parse '%s'", mCursor)); + + Header(); + + // if we didn't consume the entire input, we were unable to parse it => error + if (mError || *mCursor) { + return NS_ERROR_FAILURE; + } else { + return NS_OK; + } +} + +bool +nsSecurityHeaderParser::Accept(char aChr) +{ + if (*mCursor == aChr) { + Advance(); + return true; + } + + return false; +} + +bool +nsSecurityHeaderParser::Accept(bool (*aClassifier) (signed char)) +{ + if (aClassifier(*mCursor)) { + Advance(); + return true; + } + + return false; +} + +void +nsSecurityHeaderParser::Expect(char aChr) +{ + if (*mCursor != aChr) { + mError = true; + } else { + Advance(); + } +} + +void +nsSecurityHeaderParser::Advance() +{ + // Technically, 0 is valid in quoted-pair, but we were handed a + // null-terminated const char *, so this doesn't handle that. + if (*mCursor) { + mOutput.Append(*mCursor); + mCursor++; + } else { + mError = true; + } +} + +void +nsSecurityHeaderParser::Header() +{ + Directive(); + while (Accept(';')) { + Directive(); + } +} + +void +nsSecurityHeaderParser::Directive() +{ + mDirective = new nsSecurityHeaderDirective(); + LWSMultiple(); + DirectiveName(); + LWSMultiple(); + if (Accept('=')) { + LWSMultiple(); + DirectiveValue(); + LWSMultiple(); + } + mDirectives.insertBack(mDirective); + SHPARSERLOG(("read directive name '%s', value '%s'", + mDirective->mName.Data(), mDirective->mValue.Data())); +} + +void +nsSecurityHeaderParser::DirectiveName() +{ + mOutput.Truncate(0); + Token(); + mDirective->mName.Assign(mOutput); +} + +void +nsSecurityHeaderParser::DirectiveValue() +{ + mOutput.Truncate(0); + if (Accept(IsTokenSymbol)) { + Token(); + mDirective->mValue.Assign(mOutput); + } else if (Accept('"')) { + // Accept advances the cursor if successful, which appends a character to + // mOutput. The " is not part of what we want to capture, so truncate + // mOutput again. + mOutput.Truncate(0); + QuotedString(); + mDirective->mValue.Assign(mOutput); + Expect('"'); + } +} + +void +nsSecurityHeaderParser::Token() +{ + while (Accept(IsTokenSymbol)); +} + +void +nsSecurityHeaderParser::QuotedString() +{ + while (true) { + if (Accept(IsQuotedTextSymbol)) { + QuotedText(); + } else if (Accept('\\')) { + QuotedPair(); + } else { + break; + } + } +} + +void +nsSecurityHeaderParser::QuotedText() +{ + while (Accept(IsQuotedTextSymbol)); +} + +void +nsSecurityHeaderParser::QuotedPair() +{ + Accept(IsQuotedPairSymbol); +} + +void +nsSecurityHeaderParser::LWSMultiple() +{ + while (true) { + if (Accept('\r')) { + LWSCRLF(); + } else if (Accept(' ') || Accept('\t')) { + LWS(); + } else { + break; + } + } +} + +void +nsSecurityHeaderParser::LWSCRLF() { + Expect('\n'); + if (!(Accept(' ') || Accept('\t'))) { + mError = true; + } + LWS(); +} + +void +nsSecurityHeaderParser::LWS() +{ + // Note that becaue of how we're called, we don't have to check for + // the mandatory presense of at least one of SP or HT. + while (Accept(' ') || Accept('\t')); +} diff --git a/security/manager/ssl/nsSecurityHeaderParser.h b/security/manager/ssl/nsSecurityHeaderParser.h new file mode 100644 index 000000000..eee29127e --- /dev/null +++ b/security/manager/ssl/nsSecurityHeaderParser.h @@ -0,0 +1,74 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsSecurityHeaderParser_h__ +#define nsSecurityHeaderParser_h__ + +#include "nsString.h" +#include "mozilla/LinkedList.h" +#include "nsCOMPtr.h" + +// Utility class for handing back parsed directives and (optional) values +class nsSecurityHeaderDirective : public mozilla::LinkedListElement { +public: + nsCString mName; + nsCString mValue; +}; + +// This class parses security-related HTTP headers like +// Strict-Transport-Security. The Augmented Backus-Naur Form syntax for this +// header is reproduced below, for reference: +// +// Strict-Transport-Security = "Strict-Transport-Security" ":" +// [ directive ] *( ";" [ directive ] ) +// +// directive = directive-name [ "=" directive-value ] +// directive-name = token +// directive-value = token | quoted-string +// +// where: +// +// token = +// quoted-string = / +// +// For further reference, see [RFC6797], Section 6.1 + +class nsSecurityHeaderParser { +public: + explicit nsSecurityHeaderParser(const char *aHeader); + ~nsSecurityHeaderParser(); + + // Only call Parse once. + nsresult Parse(); + // The caller does not take ownership of the memory returned here. + mozilla::LinkedList *GetDirectives(); + +private: + bool Accept(char aChr); + bool Accept(bool (*aClassifier) (signed char)); + void Expect(char aChr); + void Advance(); + void Header(); // header = [ directive ] *( ";" [ directive ] ) + void Directive(); // directive = directive-name [ "=" directive-value ] + void DirectiveName(); // directive-name = token + void DirectiveValue(); // directive-value = token | quoted-string + void Token(); // token = 1* + void QuotedString(); // quoted-string = (<"> *( qdtext | quoted-pair ) <">) + void QuotedText(); // qdtext = and "\"> + void QuotedPair(); // quoted-pair = "\" CHAR + + // LWS = [CRLF] 1*( SP | HT ) + void LWSMultiple(); // Handles *( LWS ) + void LWSCRLF(); // Handles the [CRLF] part of LWS + void LWS(); // Handles the 1*( SP | HT ) part of LWS + + mozilla::LinkedList mDirectives; + const char *mCursor; + nsSecurityHeaderDirective *mDirective; + + nsCString mOutput; + bool mError; +}; + +#endif /* nsSecurityHeaderParser_h__ */ diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp new file mode 100644 index 000000000..322ef6570 --- /dev/null +++ b/security/manager/ssl/nsSiteSecurityService.cpp @@ -0,0 +1,1302 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsSiteSecurityService.h" + +#include "mozilla/LinkedList.h" +#include "mozilla/Preferences.h" +#include "mozilla/Base64.h" +#include "base64.h" +#include "CertVerifier.h" +#include "nsCRTGlue.h" +#include "nsISSLStatus.h" +#include "nsISocketProvider.h" +#include "nsIURI.h" +#include "nsIX509Cert.h" +#include "nsNetUtil.h" +#include "nsNSSComponent.h" +#include "nsSecurityHeaderParser.h" +#include "nsString.h" +#include "nsThreadUtils.h" +#include "nsXULAppAPI.h" +#include "pkix/pkixtypes.h" +#include "plstr.h" +#include "mozilla/Logging.h" +#include "prnetdb.h" +#include "prprf.h" +#include "PublicKeyPinningService.h" +#include "ScopedNSSTypes.h" +#include "SharedCertVerifier.h" + +// A note about the preload list: +// When a site specifically disables HSTS by sending a header with +// 'max-age: 0', we keep a "knockout" value that means "we have no information +// regarding the HSTS state of this host" (any ancestor of "this host" can still +// influence its HSTS status via include subdomains, however). +// This prevents the preload list from overriding the site's current +// desired HSTS status. +#include "nsSTSPreloadList.inc" + +using namespace mozilla; +using namespace mozilla::psm; + +static LazyLogModule gSSSLog("nsSSService"); + +#define SSSLOG(args) MOZ_LOG(gSSSLog, mozilla::LogLevel::Debug, args) + +//////////////////////////////////////////////////////////////////////////////// + +SiteHSTSState::SiteHSTSState(nsCString& aStateString) + : mHSTSExpireTime(0) + , mHSTSState(SecurityPropertyUnset) + , mHSTSIncludeSubdomains(false) +{ + uint32_t hstsState = 0; + uint32_t hstsIncludeSubdomains = 0; // PR_sscanf doesn't handle bools. + int32_t matches = PR_sscanf(aStateString.get(), "%lld,%lu,%lu", + &mHSTSExpireTime, &hstsState, + &hstsIncludeSubdomains); + bool valid = (matches == 3 && + (hstsIncludeSubdomains == 0 || hstsIncludeSubdomains == 1) && + ((SecurityPropertyState)hstsState == SecurityPropertyUnset || + (SecurityPropertyState)hstsState == SecurityPropertySet || + (SecurityPropertyState)hstsState == SecurityPropertyKnockout || + (SecurityPropertyState)hstsState == SecurityPropertyNegative)); + if (valid) { + mHSTSState = (SecurityPropertyState)hstsState; + mHSTSIncludeSubdomains = (hstsIncludeSubdomains == 1); + } else { + SSSLOG(("%s is not a valid SiteHSTSState", aStateString.get())); + mHSTSExpireTime = 0; + mHSTSState = SecurityPropertyUnset; + mHSTSIncludeSubdomains = false; + } +} + +SiteHSTSState::SiteHSTSState(PRTime aHSTSExpireTime, + SecurityPropertyState aHSTSState, + bool aHSTSIncludeSubdomains) + + : mHSTSExpireTime(aHSTSExpireTime) + , mHSTSState(aHSTSState) + , mHSTSIncludeSubdomains(aHSTSIncludeSubdomains) +{ +} + +void +SiteHSTSState::ToString(nsCString& aString) +{ + aString.Truncate(); + aString.AppendInt(mHSTSExpireTime); + aString.Append(','); + aString.AppendInt(mHSTSState); + aString.Append(','); + aString.AppendInt(static_cast(mHSTSIncludeSubdomains)); +} + +//////////////////////////////////////////////////////////////////////////////// +static bool +stringIsBase64EncodingOf256bitValue(nsCString& encodedString) { + nsAutoCString binaryValue; + nsresult rv = mozilla::Base64Decode(encodedString, binaryValue); + if (NS_FAILED(rv)) { + return false; + } + if (binaryValue.Length() != SHA256_LENGTH) { + return false; + } + return true; +} + +SiteHPKPState::SiteHPKPState() + : mExpireTime(0) + , mState(SecurityPropertyUnset) + , mIncludeSubdomains(false) +{ +} + +SiteHPKPState::SiteHPKPState(nsCString& aStateString) + : mExpireTime(0) + , mState(SecurityPropertyUnset) + , mIncludeSubdomains(false) +{ + uint32_t hpkpState = 0; + uint32_t hpkpIncludeSubdomains = 0; // PR_sscanf doesn't handle bools. + const uint32_t MaxMergedHPKPPinSize = 1024; + char mergedHPKPins[MaxMergedHPKPPinSize]; + memset(mergedHPKPins, 0, MaxMergedHPKPPinSize); + + if (aStateString.Length() >= MaxMergedHPKPPinSize) { + SSSLOG(("SSS: Cannot parse PKPState string, too large\n")); + return; + } + + int32_t matches = PR_sscanf(aStateString.get(), "%lld,%lu,%lu,%s", + &mExpireTime, &hpkpState, + &hpkpIncludeSubdomains, mergedHPKPins); + bool valid = (matches == 4 && + (hpkpIncludeSubdomains == 0 || hpkpIncludeSubdomains == 1) && + ((SecurityPropertyState)hpkpState == SecurityPropertyUnset || + (SecurityPropertyState)hpkpState == SecurityPropertySet || + (SecurityPropertyState)hpkpState == SecurityPropertyKnockout)); + + SSSLOG(("SSS: loading SiteHPKPState matches=%d\n", matches)); + const uint32_t SHA256Base64Len = 44; + + if (valid && (SecurityPropertyState)hpkpState == SecurityPropertySet) { + // try to expand the merged PKPins + const char* cur = mergedHPKPins; + nsAutoCString pin; + uint32_t collectedLen = 0; + mergedHPKPins[MaxMergedHPKPPinSize - 1] = 0; + size_t totalLen = strlen(mergedHPKPins); + while (collectedLen + SHA256Base64Len <= totalLen) { + pin.Assign(cur, SHA256Base64Len); + if (stringIsBase64EncodingOf256bitValue(pin)) { + mSHA256keys.AppendElement(pin); + } + cur += SHA256Base64Len; + collectedLen += SHA256Base64Len; + } + if (mSHA256keys.IsEmpty()) { + valid = false; + } + } + if (valid) { + mState = (SecurityPropertyState)hpkpState; + mIncludeSubdomains = (hpkpIncludeSubdomains == 1); + } else { + SSSLOG(("%s is not a valid SiteHPKPState", aStateString.get())); + mExpireTime = 0; + mState = SecurityPropertyUnset; + mIncludeSubdomains = false; + if (!mSHA256keys.IsEmpty()) { + mSHA256keys.Clear(); + } + } +} + +SiteHPKPState::SiteHPKPState(PRTime aExpireTime, + SecurityPropertyState aState, + bool aIncludeSubdomains, + nsTArray& aSHA256keys) + : mExpireTime(aExpireTime) + , mState(aState) + , mIncludeSubdomains(aIncludeSubdomains) + , mSHA256keys(aSHA256keys) +{ +} + +void +SiteHPKPState::ToString(nsCString& aString) +{ + aString.Truncate(); + aString.AppendInt(mExpireTime); + aString.Append(','); + aString.AppendInt(mState); + aString.Append(','); + aString.AppendInt(static_cast(mIncludeSubdomains)); + aString.Append(','); + for (unsigned int i = 0; i < mSHA256keys.Length(); i++) { + aString.Append(mSHA256keys[i]); + } +} + +//////////////////////////////////////////////////////////////////////////////// + +const uint64_t kSixtyDaysInSeconds = 60 * 24 * 60 * 60; + +nsSiteSecurityService::nsSiteSecurityService() + : mMaxMaxAge(kSixtyDaysInSeconds) + , mUsePreloadList(true) + , mPreloadListTimeOffset(0) +{ +} + +nsSiteSecurityService::~nsSiteSecurityService() +{ +} + +NS_IMPL_ISUPPORTS(nsSiteSecurityService, + nsIObserver, + nsISiteSecurityService) + +nsresult +nsSiteSecurityService::Init() +{ + // Don't access Preferences off the main thread. + if (!NS_IsMainThread()) { + NS_NOTREACHED("nsSiteSecurityService initialized off main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + mMaxMaxAge = mozilla::Preferences::GetInt( + "security.cert_pinning.max_max_age_seconds", kSixtyDaysInSeconds); + mozilla::Preferences::AddStrongObserver(this, + "security.cert_pinning.max_max_age_seconds"); + mUsePreloadList = mozilla::Preferences::GetBool( + "network.stricttransportsecurity.preloadlist", true); + mozilla::Preferences::AddStrongObserver(this, + "network.stricttransportsecurity.preloadlist"); + mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool( + "security.cert_pinning.process_headers_from_non_builtin_roots", false); + mozilla::Preferences::AddStrongObserver(this, + "security.cert_pinning.process_headers_from_non_builtin_roots"); + mPreloadListTimeOffset = mozilla::Preferences::GetInt( + "test.currentTimeOffsetSeconds", 0); + mozilla::Preferences::AddStrongObserver(this, + "test.currentTimeOffsetSeconds"); + mSiteStateStorage = + mozilla::DataStorage::Get(NS_LITERAL_STRING("SiteSecurityServiceState.txt")); + mPreloadStateStorage = + mozilla::DataStorage::Get(NS_LITERAL_STRING("SecurityPreloadState.txt")); + bool storageWillPersist = false; + bool preloadStorageWillPersist = false; + nsresult rv = mSiteStateStorage->Init(storageWillPersist); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + rv = mPreloadStateStorage->Init(preloadStorageWillPersist); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + // This is not fatal. There are some cases where there won't be a + // profile directory (e.g. running xpcshell). There isn't the + // expectation that site information will be presisted in those cases. + if (!storageWillPersist || !preloadStorageWillPersist) { + NS_WARNING("site security information will not be persisted"); + } + + return NS_OK; +} + +nsresult +nsSiteSecurityService::GetHost(nsIURI* aURI, nsACString& aResult) +{ + nsCOMPtr innerURI = NS_GetInnermostURI(aURI); + if (!innerURI) { + return NS_ERROR_FAILURE; + } + + nsAutoCString host; + nsresult rv = innerURI->GetAsciiHost(host); + if (NS_FAILED(rv)) { + return rv; + } + + aResult.Assign(PublicKeyPinningService::CanonicalizeHostname(host.get())); + if (aResult.IsEmpty()) { + return NS_ERROR_UNEXPECTED; + } + + return NS_OK; +} + +static void +SetStorageKey(nsAutoCString& storageKey, nsCString& hostname, uint32_t aType) +{ + storageKey = hostname; + switch (aType) { + case nsISiteSecurityService::HEADER_HSTS: + storageKey.AppendLiteral(":HSTS"); + break; + case nsISiteSecurityService::HEADER_HPKP: + storageKey.AppendLiteral(":HPKP"); + break; + default: + NS_ASSERTION(false, "SSS:SetStorageKey got invalid type"); + } +} + +// Expire times are in millis. Since Headers max-age is in seconds, and +// PR_Now() is in micros, normalize the units at milliseconds. +static int64_t +ExpireTimeFromMaxAge(uint64_t maxAge) +{ + return (PR_Now() / PR_USEC_PER_MSEC) + ((int64_t)maxAge * PR_MSEC_PER_SEC); +} + +nsresult +nsSiteSecurityService::SetHSTSState(uint32_t aType, + nsIURI* aSourceURI, + int64_t maxage, + bool includeSubdomains, + uint32_t flags, + SecurityPropertyState aHSTSState) +{ + // If max-age is zero, that's an indication to immediately remove the + // security state, so here's a shortcut. + if (!maxage) { + return RemoveState(aType, aSourceURI, flags); + } + + MOZ_ASSERT((aHSTSState == SecurityPropertySet || + aHSTSState == SecurityPropertyNegative), + "HSTS State must be SecurityPropertySet or SecurityPropertyNegative"); + + int64_t expiretime = ExpireTimeFromMaxAge(maxage); + SiteHSTSState siteState(expiretime, aHSTSState, includeSubdomains); + nsAutoCString stateString; + siteState.ToString(stateString); + nsAutoCString hostname; + nsresult rv = GetHost(aSourceURI, hostname); + NS_ENSURE_SUCCESS(rv, rv); + SSSLOG(("SSS: setting state for %s", hostname.get())); + bool isPrivate = flags & nsISocketProvider::NO_PERMANENT_STORAGE; + mozilla::DataStorageType storageType = isPrivate + ? mozilla::DataStorage_Private + : mozilla::DataStorage_Persistent; + nsAutoCString storageKey; + SetStorageKey(storageKey, hostname, aType); + rv = mSiteStateStorage->Put(storageKey, stateString, storageType); + NS_ENSURE_SUCCESS(rv, rv); + + return NS_OK; +} + +NS_IMETHODIMP +nsSiteSecurityService::CacheNegativeHSTSResult(nsIURI* aSourceURI, + uint64_t aMaxAge) +{ + return SetHSTSState(nsISiteSecurityService::HEADER_HSTS, aSourceURI, + aMaxAge, false, 0, SecurityPropertyNegative); +} + +NS_IMETHODIMP +nsSiteSecurityService::RemoveState(uint32_t aType, nsIURI* aURI, + uint32_t aFlags) +{ + // Child processes are not allowed direct access to this. + if (!XRE_IsParentProcess()) { + MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::RemoveState"); + } + + // Only HSTS is supported at the moment. + NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS || + aType == nsISiteSecurityService::HEADER_HPKP, + NS_ERROR_NOT_IMPLEMENTED); + + nsAutoCString hostname; + nsresult rv = GetHost(aURI, hostname); + NS_ENSURE_SUCCESS(rv, rv); + + bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE; + mozilla::DataStorageType storageType = isPrivate + ? mozilla::DataStorage_Private + : mozilla::DataStorage_Persistent; + // If this host is in the preload list, we have to store a knockout entry. + if (GetPreloadListEntry(hostname.get())) { + SSSLOG(("SSS: storing knockout entry for %s", hostname.get())); + SiteHSTSState siteState(0, SecurityPropertyKnockout, false); + nsAutoCString stateString; + siteState.ToString(stateString); + nsAutoCString storageKey; + SetStorageKey(storageKey, hostname, aType); + rv = mSiteStateStorage->Put(storageKey, stateString, storageType); + NS_ENSURE_SUCCESS(rv, rv); + } else { + SSSLOG(("SSS: removing entry for %s", hostname.get())); + nsAutoCString storageKey; + SetStorageKey(storageKey, hostname, aType); + mSiteStateStorage->Remove(storageKey, storageType); + } + + return NS_OK; +} + +static bool +HostIsIPAddress(const char *hostname) +{ + PRNetAddr hostAddr; + return (PR_StringToNetAddr(hostname, &hostAddr) == PR_SUCCESS); +} + +NS_IMETHODIMP +nsSiteSecurityService::ProcessHeader(uint32_t aType, + nsIURI* aSourceURI, + const char* aHeader, + nsISSLStatus* aSSLStatus, + uint32_t aFlags, + uint64_t* aMaxAge, + bool* aIncludeSubdomains, + uint32_t* aFailureResult) +{ + // Child processes are not allowed direct access to this. + if (!XRE_IsParentProcess()) { + MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::ProcessHeader"); + } + + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN; + } + NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS || + aType == nsISiteSecurityService::HEADER_HPKP, + NS_ERROR_NOT_IMPLEMENTED); + + NS_ENSURE_ARG(aSSLStatus); + return ProcessHeaderInternal(aType, aSourceURI, aHeader, aSSLStatus, aFlags, + aMaxAge, aIncludeSubdomains, aFailureResult); +} + +NS_IMETHODIMP +nsSiteSecurityService::UnsafeProcessHeader(uint32_t aType, + nsIURI* aSourceURI, + const char* aHeader, + uint32_t aFlags, + uint64_t* aMaxAge, + bool* aIncludeSubdomains, + uint32_t* aFailureResult) +{ + // Child processes are not allowed direct access to this. + if (!XRE_IsParentProcess()) { + MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::UnsafeProcessHeader"); + } + + return ProcessHeaderInternal(aType, aSourceURI, aHeader, nullptr, aFlags, + aMaxAge, aIncludeSubdomains, aFailureResult); +} + +nsresult +nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType, + nsIURI* aSourceURI, + const char* aHeader, + nsISSLStatus* aSSLStatus, + uint32_t aFlags, + uint64_t* aMaxAge, + bool* aIncludeSubdomains, + uint32_t* aFailureResult) +{ + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN; + } + // Only HSTS and HPKP are supported at the moment. + NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS || + aType == nsISiteSecurityService::HEADER_HPKP, + NS_ERROR_NOT_IMPLEMENTED); + + if (aMaxAge != nullptr) { + *aMaxAge = 0; + } + + if (aIncludeSubdomains != nullptr) { + *aIncludeSubdomains = false; + } + + if (aSSLStatus) { + bool tlsIsBroken = false; + bool trustcheck; + nsresult rv; + rv = aSSLStatus->GetIsDomainMismatch(&trustcheck); + NS_ENSURE_SUCCESS(rv, rv); + tlsIsBroken = tlsIsBroken || trustcheck; + + rv = aSSLStatus->GetIsNotValidAtThisTime(&trustcheck); + NS_ENSURE_SUCCESS(rv, rv); + tlsIsBroken = tlsIsBroken || trustcheck; + + rv = aSSLStatus->GetIsUntrusted(&trustcheck); + NS_ENSURE_SUCCESS(rv, rv); + tlsIsBroken = tlsIsBroken || trustcheck; + if (tlsIsBroken) { + SSSLOG(("SSS: discarding header from untrustworthy connection")); + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_UNTRUSTWORTHY_CONNECTION; + } + return NS_ERROR_FAILURE; + } + } + + nsAutoCString host; + nsresult rv = GetHost(aSourceURI, host); + NS_ENSURE_SUCCESS(rv, rv); + if (HostIsIPAddress(host.get())) { + /* Don't process headers if a site is accessed by IP address. */ + return NS_OK; + } + + switch (aType) { + case nsISiteSecurityService::HEADER_HSTS: + rv = ProcessSTSHeader(aSourceURI, aHeader, aFlags, aMaxAge, + aIncludeSubdomains, aFailureResult); + break; + case nsISiteSecurityService::HEADER_HPKP: + rv = ProcessPKPHeader(aSourceURI, aHeader, aSSLStatus, aFlags, aMaxAge, + aIncludeSubdomains, aFailureResult); + break; + default: + MOZ_CRASH("unexpected header type"); + } + return rv; +} + +static uint32_t +ParseSSSHeaders(uint32_t aType, + const char* aHeader, + bool& foundIncludeSubdomains, + bool& foundMaxAge, + bool& foundUnrecognizedDirective, + uint64_t& maxAge, + nsTArray& sha256keys) +{ + // Strict transport security and Public Key Pinning have very similar + // Header formats. + + // "Strict-Transport-Security" ":" OWS + // STS-d *( OWS ";" OWS STS-d OWS) + // + // ; STS directive + // STS-d = maxAge / includeSubDomains + // + // maxAge = "max-age" "=" delta-seconds v-ext + // + // includeSubDomains = [ "includeSubDomains" ] + // + + // "Public-Key-Pins ":" OWS + // PKP-d *( OWS ";" OWS PKP-d OWS) + // + // ; PKP directive + // PKP-d = maxAge / includeSubDomains / reportUri / pin-directive + // + // maxAge = "max-age" "=" delta-seconds v-ext + // + // includeSubDomains = [ "includeSubDomains" ] + // + // reportURi = "report-uri" "=" quoted-string + // + // pin-directive = "pin-" token "=" quoted-string + // + // the only valid token currently specified is sha256 + // the quoted string for a pin directive is the base64 encoding + // of the hash of the public key of the fingerprint + // + + // The order of the directives is not significant. + // All directives must appear only once. + // Directive names are case-insensitive. + // The entire header is invalid if a directive not conforming to the + // syntax is encountered. + // Unrecognized directives (that are otherwise syntactically valid) are + // ignored, and the rest of the header is parsed as normal. + + bool foundReportURI = false; + + NS_NAMED_LITERAL_CSTRING(max_age_var, "max-age"); + NS_NAMED_LITERAL_CSTRING(include_subd_var, "includesubdomains"); + NS_NAMED_LITERAL_CSTRING(pin_sha256_var, "pin-sha256"); + NS_NAMED_LITERAL_CSTRING(report_uri_var, "report-uri"); + + nsSecurityHeaderParser parser(aHeader); + nsresult rv = parser.Parse(); + if (NS_FAILED(rv)) { + SSSLOG(("SSS: could not parse header")); + return nsISiteSecurityService::ERROR_COULD_NOT_PARSE_HEADER; + } + mozilla::LinkedList* directives = parser.GetDirectives(); + + for (nsSecurityHeaderDirective* directive = directives->getFirst(); + directive != nullptr; directive = directive->getNext()) { + SSSLOG(("SSS: found directive %s\n", directive->mName.get())); + if (directive->mName.Length() == max_age_var.Length() && + directive->mName.EqualsIgnoreCase(max_age_var.get(), + max_age_var.Length())) { + if (foundMaxAge) { + SSSLOG(("SSS: found two max-age directives")); + return nsISiteSecurityService::ERROR_MULTIPLE_MAX_AGES; + } + + SSSLOG(("SSS: found max-age directive")); + foundMaxAge = true; + + size_t len = directive->mValue.Length(); + for (size_t i = 0; i < len; i++) { + char chr = directive->mValue.CharAt(i); + if (chr < '0' || chr > '9') { + SSSLOG(("SSS: invalid value for max-age directive")); + return nsISiteSecurityService::ERROR_INVALID_MAX_AGE; + } + } + + if (PR_sscanf(directive->mValue.get(), "%llu", &maxAge) != 1) { + SSSLOG(("SSS: could not parse delta-seconds")); + return nsISiteSecurityService::ERROR_INVALID_MAX_AGE; + } + + SSSLOG(("SSS: parsed delta-seconds: %llu", maxAge)); + } else if (directive->mName.Length() == include_subd_var.Length() && + directive->mName.EqualsIgnoreCase(include_subd_var.get(), + include_subd_var.Length())) { + if (foundIncludeSubdomains) { + SSSLOG(("SSS: found two includeSubdomains directives")); + return nsISiteSecurityService::ERROR_MULTIPLE_INCLUDE_SUBDOMAINS; + } + + SSSLOG(("SSS: found includeSubdomains directive")); + foundIncludeSubdomains = true; + + if (directive->mValue.Length() != 0) { + SSSLOG(("SSS: includeSubdomains directive unexpectedly had value '%s'", + directive->mValue.get())); + return nsISiteSecurityService::ERROR_INVALID_INCLUDE_SUBDOMAINS; + } + } else if (aType == nsISiteSecurityService::HEADER_HPKP && + directive->mName.Length() == pin_sha256_var.Length() && + directive->mName.EqualsIgnoreCase(pin_sha256_var.get(), + pin_sha256_var.Length())) { + SSSLOG(("SSS: found pinning entry '%s' length=%d", + directive->mValue.get(), directive->mValue.Length())); + if (!stringIsBase64EncodingOf256bitValue(directive->mValue)) { + return nsISiteSecurityService::ERROR_INVALID_PIN; + } + sha256keys.AppendElement(directive->mValue); + } else if (aType == nsISiteSecurityService::HEADER_HPKP && + directive->mName.Length() == report_uri_var.Length() && + directive->mName.EqualsIgnoreCase(report_uri_var.get(), + report_uri_var.Length())) { + // We don't support the report-uri yet, but to avoid unrecognized + // directive warnings, we still have to handle its presence + if (foundReportURI) { + SSSLOG(("SSS: found two report-uri directives")); + return nsISiteSecurityService::ERROR_MULTIPLE_REPORT_URIS; + } + SSSLOG(("SSS: found report-uri directive")); + foundReportURI = true; + } else { + SSSLOG(("SSS: ignoring unrecognized directive '%s'", + directive->mName.get())); + foundUnrecognizedDirective = true; + } + } + return nsISiteSecurityService::Success; +} + +nsresult +nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI, + const char* aHeader, + nsISSLStatus* aSSLStatus, + uint32_t aFlags, + uint64_t* aMaxAge, + bool* aIncludeSubdomains, + uint32_t* aFailureResult) +{ + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN; + } + SSSLOG(("SSS: processing HPKP header '%s'", aHeader)); + NS_ENSURE_ARG(aSSLStatus); + + const uint32_t aType = nsISiteSecurityService::HEADER_HPKP; + bool foundMaxAge = false; + bool foundIncludeSubdomains = false; + bool foundUnrecognizedDirective = false; + uint64_t maxAge = 0; + nsTArray sha256keys; + uint32_t sssrv = ParseSSSHeaders(aType, aHeader, foundIncludeSubdomains, + foundMaxAge, foundUnrecognizedDirective, + maxAge, sha256keys); + if (sssrv != nsISiteSecurityService::Success) { + if (aFailureResult) { + *aFailureResult = sssrv; + } + return NS_ERROR_FAILURE; + } + + // after processing all the directives, make sure we came across max-age + // somewhere. + if (!foundMaxAge) { + SSSLOG(("SSS: did not encounter required max-age directive")); + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_NO_MAX_AGE; + } + return NS_ERROR_FAILURE; + } + + // before we add the pin we need to ensure it will not break the site as + // currently visited so: + // 1. recompute a valid chain (no external ocsp) + // 2. use this chain to check if things would have broken! + nsAutoCString host; + nsresult rv = GetHost(aSourceURI, host); + NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr cert; + rv = aSSLStatus->GetServerCert(getter_AddRefs(cert)); + NS_ENSURE_SUCCESS(rv, rv); + NS_ENSURE_TRUE(cert, NS_ERROR_FAILURE); + UniqueCERTCertificate nssCert(cert->GetCert()); + NS_ENSURE_TRUE(nssCert, NS_ERROR_FAILURE); + + mozilla::pkix::Time now(mozilla::pkix::Now()); + UniqueCERTCertList certList; + RefPtr certVerifier(GetDefaultCertVerifier()); + NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED); + // We don't want this verification to cause any network traffic that would + // block execution. Also, since we don't have access to the original stapled + // OCSP response, we can't enforce this aspect of the TLS Feature extension. + // This is ok, because it will have been enforced when we originally connected + // to the site (or it's disabled, in which case we wouldn't want to enforce it + // anyway). + CertVerifier::Flags flags = CertVerifier::FLAG_LOCAL_ONLY | + CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST; + if (certVerifier->VerifySSLServerCert(nssCert, + nullptr, // stapledOCSPResponse + nullptr, // sctsFromTLSExtension + now, nullptr, // pinarg + host.get(), // hostname + certList, + false, // don't store intermediates + flags) + != mozilla::pkix::Success) { + return NS_ERROR_FAILURE; + } + + CERTCertListNode* rootNode = CERT_LIST_TAIL(certList); + if (CERT_LIST_END(rootNode, certList)) { + return NS_ERROR_FAILURE; + } + bool isBuiltIn = false; + mozilla::pkix::Result result = IsCertBuiltInRoot(rootNode->cert, isBuiltIn); + if (result != mozilla::pkix::Success) { + return NS_ERROR_FAILURE; + } + + if (!isBuiltIn && !mProcessPKPHeadersFromNonBuiltInRoots) { + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_ROOT_NOT_BUILT_IN; + } + return NS_ERROR_FAILURE; + } + + // if maxAge == 0 we must delete all state, for now no hole-punching + if (maxAge == 0) { + return RemoveState(aType, aSourceURI, aFlags); + } + + // clamp maxAge to the maximum set by pref + if (maxAge > mMaxMaxAge) { + maxAge = mMaxMaxAge; + } + + bool chainMatchesPinset; + rv = PublicKeyPinningService::ChainMatchesPinset(certList, sha256keys, + chainMatchesPinset); + if (NS_FAILED(rv)) { + return rv; + } + if (!chainMatchesPinset) { + // is invalid + SSSLOG(("SSS: Pins provided by %s are invalid no match with certList\n", host.get())); + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_PINSET_DOES_NOT_MATCH_CHAIN; + } + return NS_ERROR_FAILURE; + } + + // finally we need to ensure that there is a "backup pin" ie. There must be + // at least one fingerprint hash that does NOT validate against the verified + // chain (Section 2.5 of the spec) + bool hasBackupPin = false; + for (uint32_t i = 0; i < sha256keys.Length(); i++) { + nsTArray singlePin; + singlePin.AppendElement(sha256keys[i]); + rv = PublicKeyPinningService::ChainMatchesPinset(certList, singlePin, + chainMatchesPinset); + if (NS_FAILED(rv)) { + return rv; + } + if (!chainMatchesPinset) { + hasBackupPin = true; + } + } + if (!hasBackupPin) { + // is invalid + SSSLOG(("SSS: Pins provided by %s are invalid no backupPin\n", host.get())); + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_NO_BACKUP_PIN; + } + return NS_ERROR_FAILURE; + } + + int64_t expireTime = ExpireTimeFromMaxAge(maxAge); + SiteHPKPState dynamicEntry(expireTime, SecurityPropertySet, + foundIncludeSubdomains, sha256keys); + SSSLOG(("SSS: about to set pins for %s, expires=%ld now=%ld maxAge=%lu\n", + host.get(), expireTime, PR_Now() / PR_USEC_PER_MSEC, maxAge)); + + rv = SetHPKPState(host.get(), dynamicEntry, aFlags, false); + if (NS_FAILED(rv)) { + SSSLOG(("SSS: failed to set pins for %s\n", host.get())); + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE; + } + return rv; + } + + if (aMaxAge != nullptr) { + *aMaxAge = maxAge; + } + + if (aIncludeSubdomains != nullptr) { + *aIncludeSubdomains = foundIncludeSubdomains; + } + + return foundUnrecognizedDirective + ? NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA + : NS_OK; +} + +nsresult +nsSiteSecurityService::ProcessSTSHeader(nsIURI* aSourceURI, + const char* aHeader, + uint32_t aFlags, + uint64_t* aMaxAge, + bool* aIncludeSubdomains, + uint32_t* aFailureResult) +{ + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN; + } + SSSLOG(("SSS: processing HSTS header '%s'", aHeader)); + + const uint32_t aType = nsISiteSecurityService::HEADER_HSTS; + bool foundMaxAge = false; + bool foundIncludeSubdomains = false; + bool foundUnrecognizedDirective = false; + uint64_t maxAge = 0; + nsTArray unusedSHA256keys; // Required for sane internal interface + + uint32_t sssrv = ParseSSSHeaders(aType, aHeader, foundIncludeSubdomains, + foundMaxAge, foundUnrecognizedDirective, + maxAge, unusedSHA256keys); + if (sssrv != nsISiteSecurityService::Success) { + if (aFailureResult) { + *aFailureResult = sssrv; + } + return NS_ERROR_FAILURE; + } + + // after processing all the directives, make sure we came across max-age + // somewhere. + if (!foundMaxAge) { + SSSLOG(("SSS: did not encounter required max-age directive")); + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_NO_MAX_AGE; + } + return NS_ERROR_FAILURE; + } + + // record the successfully parsed header data. + nsresult rv = SetHSTSState(aType, aSourceURI, maxAge, foundIncludeSubdomains, + aFlags, SecurityPropertySet); + if (NS_FAILED(rv)) { + SSSLOG(("SSS: failed to set STS state")); + if (aFailureResult) { + *aFailureResult = nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE; + } + return rv; + } + + if (aMaxAge != nullptr) { + *aMaxAge = maxAge; + } + + if (aIncludeSubdomains != nullptr) { + *aIncludeSubdomains = foundIncludeSubdomains; + } + + return foundUnrecognizedDirective + ? NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA + : NS_OK; +} + +NS_IMETHODIMP +nsSiteSecurityService::IsSecureURI(uint32_t aType, nsIURI* aURI, + uint32_t aFlags, bool* aCached, + bool* aResult) +{ + // Child processes are not allowed direct access to this. + if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) { + MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::IsSecureURI for non-HSTS entries"); + } + + NS_ENSURE_ARG(aURI); + NS_ENSURE_ARG(aResult); + + // Only HSTS and HPKP are supported at the moment. + NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS || + aType == nsISiteSecurityService::HEADER_HPKP, + NS_ERROR_NOT_IMPLEMENTED); + + nsAutoCString hostname; + nsresult rv = GetHost(aURI, hostname); + NS_ENSURE_SUCCESS(rv, rv); + /* An IP address never qualifies as a secure URI. */ + if (HostIsIPAddress(hostname.get())) { + *aResult = false; + return NS_OK; + } + + return IsSecureHost(aType, hostname.get(), aFlags, aCached, aResult); +} + +int STSPreloadCompare(const void *key, const void *entry) +{ + const char *keyStr = (const char *)key; + const nsSTSPreload *preloadEntry = (const nsSTSPreload *)entry; + return strcmp(keyStr, &kSTSHostTable[preloadEntry->mHostIndex]); +} + +// Returns the preload list entry for the given host, if it exists. +// Only does exact host matching - the user must decide how to use the returned +// data. May return null. +const nsSTSPreload * +nsSiteSecurityService::GetPreloadListEntry(const char *aHost) +{ + PRTime currentTime = PR_Now() + (mPreloadListTimeOffset * PR_USEC_PER_SEC); + if (mUsePreloadList && currentTime < gPreloadListExpirationTime) { + return (const nsSTSPreload *) bsearch(aHost, + kSTSPreloadList, + mozilla::ArrayLength(kSTSPreloadList), + sizeof(nsSTSPreload), + STSPreloadCompare); + } + + return nullptr; +} + +NS_IMETHODIMP +nsSiteSecurityService::IsSecureHost(uint32_t aType, const char* aHost, + uint32_t aFlags, bool* aCached, + bool* aResult) +{ + // Child processes are not allowed direct access to this. + if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) { + MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::IsSecureHost for non-HSTS entries"); + } + + NS_ENSURE_ARG(aHost); + NS_ENSURE_ARG(aResult); + + // Only HSTS and HPKP are supported at the moment. + NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS || + aType == nsISiteSecurityService::HEADER_HPKP, + NS_ERROR_NOT_IMPLEMENTED); + + // set default in case if we can't find any STS information + *aResult = false; + if (aCached) { + *aCached = false; + } + + /* An IP address never qualifies as a secure URI. */ + if (HostIsIPAddress(aHost)) { + return NS_OK; + } + + if (aType == nsISiteSecurityService::HEADER_HPKP) { + RefPtr certVerifier(GetDefaultCertVerifier()); + if (!certVerifier) { + return NS_ERROR_FAILURE; + } + if (certVerifier->mPinningMode == + CertVerifier::PinningMode::pinningDisabled) { + return NS_OK; + } + bool enforceTestMode = certVerifier->mPinningMode == + CertVerifier::PinningMode::pinningEnforceTestMode; + return PublicKeyPinningService::HostHasPins(aHost, mozilla::pkix::Now(), + enforceTestMode, *aResult); + } + + // Holepunch chart.apis.google.com and subdomains. + nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHost)); + if (host.EqualsLiteral("chart.apis.google.com") || + StringEndsWith(host, NS_LITERAL_CSTRING(".chart.apis.google.com"))) { + if (aCached) { + *aCached = true; + } + return NS_OK; + } + + const nsSTSPreload *preload = nullptr; + + // First check the exact host. This involves first checking for an entry in + // site security storage. If that entry exists, we don't want to check + // in the preload list. We only want to use the stored value if it is not a + // knockout entry, however. + // Additionally, if it is a knockout entry, we want to stop looking for data + // on the host, because the knockout entry indicates "we have no information + // regarding the security status of this host". + bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE; + mozilla::DataStorageType storageType = isPrivate + ? mozilla::DataStorage_Private + : mozilla::DataStorage_Persistent; + nsAutoCString storageKey; + SetStorageKey(storageKey, host, aType); + nsCString value = mSiteStateStorage->Get(storageKey, storageType); + SiteHSTSState siteState(value); + if (siteState.mHSTSState != SecurityPropertyUnset) { + SSSLOG(("Found entry for %s", host.get())); + bool expired = siteState.IsExpired(aType); + if (!expired) { + if (aCached) { + *aCached = true; + } + if (siteState.mHSTSState == SecurityPropertySet) { + *aResult = true; + return NS_OK; + } else if (siteState.mHSTSState == SecurityPropertyNegative) { + *aResult = false; + return NS_OK; + } + } + + // If the entry is expired and not in the preload list, we can remove it. + if (expired && !GetPreloadListEntry(host.get())) { + mSiteStateStorage->Remove(storageKey, storageType); + } + } + // Finally look in the preloaded list. This is the exact host, + // so if an entry exists at all, this host is HSTS. + else if (GetPreloadListEntry(host.get())) { + SSSLOG(("%s is a preloaded STS host", host.get())); + *aResult = true; + if (aCached) { + *aCached = true; + } + return NS_OK; + } + + SSSLOG(("no HSTS data for %s found, walking up domain", host.get())); + const char *subdomain; + + uint32_t offset = 0; + for (offset = host.FindChar('.', offset) + 1; + offset > 0; + offset = host.FindChar('.', offset) + 1) { + + subdomain = host.get() + offset; + + // If we get an empty string, don't continue. + if (strlen(subdomain) < 1) { + break; + } + + // Do the same thing as with the exact host, except now we're looking at + // ancestor domains of the original host. So, we have to look at the + // include subdomains flag (although we still have to check for a + // SecurityPropertySet flag first to check that this is a secure host and + // not a knockout entry - and again, if it is a knockout entry, we stop + // looking for data on it and skip to the next higher up ancestor domain). + nsCString subdomainString(subdomain); + nsAutoCString storageKey; + SetStorageKey(storageKey, subdomainString, aType); + value = mSiteStateStorage->Get(storageKey, storageType); + SiteHSTSState siteState(value); + if (siteState.mHSTSState != SecurityPropertyUnset) { + SSSLOG(("Found entry for %s", subdomain)); + bool expired = siteState.IsExpired(aType); + if (!expired) { + if (aCached) { + *aCached = true; + } + if (siteState.mHSTSState == SecurityPropertySet) { + *aResult = siteState.mHSTSIncludeSubdomains; + break; + } else if (siteState.mHSTSState == SecurityPropertyNegative) { + *aResult = false; + break; + } + } + + // If the entry is expired and not in the preload list, we can remove it. + if (expired && !GetPreloadListEntry(subdomain)) { + mSiteStateStorage->Remove(storageKey, storageType); + } + } + // This is an ancestor, so if we get a match, we have to check if the + // preloaded entry includes subdomains. + else if ((preload = GetPreloadListEntry(subdomain)) != nullptr) { + if (preload->mIncludeSubdomains) { + SSSLOG(("%s is a preloaded STS host", subdomain)); + *aResult = true; + if (aCached) { + *aCached = true; + } + break; + } + } + + SSSLOG(("no HSTS data for %s found, walking up domain", subdomain)); + } + + // Use whatever we ended up with, which defaults to false. + return NS_OK; +} + +NS_IMETHODIMP +nsSiteSecurityService::ClearAll() +{ + // Child processes are not allowed direct access to this. + if (!XRE_IsParentProcess()) { + MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::ClearAll"); + } + + return mSiteStateStorage->Clear(); +} + +NS_IMETHODIMP +nsSiteSecurityService::ClearPreloads() +{ + // Child processes are not allowed direct access to this. + if (!XRE_IsParentProcess()) { + MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::ClearPreloads"); + } + + return mPreloadStateStorage->Clear(); +} + +bool entryStateNotOK(SiteHPKPState& state, mozilla::pkix::Time& aEvalTime) { + return state.mState != SecurityPropertySet || state.IsExpired(aEvalTime) || + state.mSHA256keys.Length() < 1; +} + +NS_IMETHODIMP +nsSiteSecurityService::GetKeyPinsForHostname(const char* aHostname, + mozilla::pkix::Time& aEvalTime, + /*out*/ nsTArray& pinArray, + /*out*/ bool* aIncludeSubdomains, + /*out*/ bool* afound) { + // Child processes are not allowed direct access to this. + if (!XRE_IsParentProcess()) { + MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::GetKeyPinsForHostname"); + } + + NS_ENSURE_ARG(afound); + NS_ENSURE_ARG(aHostname); + + SSSLOG(("Top of GetKeyPinsForHostname for %s", aHostname)); + *afound = false; + *aIncludeSubdomains = false; + pinArray.Clear(); + + nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHostname)); + nsAutoCString storageKey; + SetStorageKey(storageKey, host, nsISiteSecurityService::HEADER_HPKP); + + SSSLOG(("storagekey '%s'\n", storageKey.get())); + mozilla::DataStorageType storageType = mozilla::DataStorage_Persistent; + nsCString value = mSiteStateStorage->Get(storageKey, storageType); + + // decode now + SiteHPKPState foundEntry(value); + if (entryStateNotOK(foundEntry, aEvalTime)) { + // not in permanent storage, try now private + value = mSiteStateStorage->Get(storageKey, mozilla::DataStorage_Private); + SiteHPKPState privateEntry(value); + if (entryStateNotOK(privateEntry, aEvalTime)) { + // not in private storage, try dynamic preload + value = mPreloadStateStorage->Get(storageKey, + mozilla::DataStorage_Persistent); + SiteHPKPState preloadEntry(value); + if (entryStateNotOK(preloadEntry, aEvalTime)) { + return NS_OK; + } + foundEntry = preloadEntry; + } else { + foundEntry = privateEntry; + } + } + pinArray = foundEntry.mSHA256keys; + *aIncludeSubdomains = foundEntry.mIncludeSubdomains; + *afound = true; + return NS_OK; +} + +NS_IMETHODIMP +nsSiteSecurityService::SetKeyPins(const char* aHost, bool aIncludeSubdomains, + int64_t aExpires, uint32_t aPinCount, + const char** aSha256Pins, + bool aIsPreload, + /*out*/ bool* aResult) +{ + // Child processes are not allowed direct access to this. + if (!XRE_IsParentProcess()) { + MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::SetKeyPins"); + } + + NS_ENSURE_ARG_POINTER(aHost); + NS_ENSURE_ARG_POINTER(aResult); + NS_ENSURE_ARG_POINTER(aSha256Pins); + + SSSLOG(("Top of SetPins")); + + nsTArray sha256keys; + for (unsigned int i = 0; i < aPinCount; i++) { + nsAutoCString pin(aSha256Pins[i]); + SSSLOG(("SetPins pin=%s\n", pin.get())); + if (!stringIsBase64EncodingOf256bitValue(pin)) { + return NS_ERROR_INVALID_ARG; + } + sha256keys.AppendElement(pin); + } + SiteHPKPState dynamicEntry(aExpires, SecurityPropertySet, + aIncludeSubdomains, sha256keys); + // we always store data in permanent storage (ie no flags) + nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHost)); + return SetHPKPState(host.get(), dynamicEntry, 0, aIsPreload); +} + +nsresult +nsSiteSecurityService::SetHPKPState(const char* aHost, SiteHPKPState& entry, + uint32_t aFlags, bool aIsPreload) +{ + SSSLOG(("Top of SetPKPState")); + nsAutoCString host(aHost); + nsAutoCString storageKey; + SetStorageKey(storageKey, host, nsISiteSecurityService::HEADER_HPKP); + bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE; + mozilla::DataStorageType storageType = isPrivate + ? mozilla::DataStorage_Private + : mozilla::DataStorage_Persistent; + nsAutoCString stateString; + entry.ToString(stateString); + + nsresult rv; + if (aIsPreload) { + rv = mPreloadStateStorage->Put(storageKey, stateString, storageType); + } else { + rv = mSiteStateStorage->Put(storageKey, stateString, storageType); + } + NS_ENSURE_SUCCESS(rv, rv); + return NS_OK; +} + +//------------------------------------------------------------ +// nsSiteSecurityService::nsIObserver +//------------------------------------------------------------ + +NS_IMETHODIMP +nsSiteSecurityService::Observe(nsISupports *subject, + const char *topic, + const char16_t *data) +{ + // Don't access Preferences off the main thread. + if (!NS_IsMainThread()) { + NS_NOTREACHED("Preferences accessed off main thread"); + return NS_ERROR_NOT_SAME_THREAD; + } + + if (strcmp(topic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { + mUsePreloadList = mozilla::Preferences::GetBool( + "network.stricttransportsecurity.preloadlist", true); + mPreloadListTimeOffset = + mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0); + mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool( + "security.cert_pinning.process_headers_from_non_builtin_roots", false); + mMaxMaxAge = mozilla::Preferences::GetInt( + "security.cert_pinning.max_max_age_seconds", kSixtyDaysInSeconds); + } + + return NS_OK; +} diff --git a/security/manager/ssl/nsSiteSecurityService.h b/security/manager/ssl/nsSiteSecurityService.h new file mode 100644 index 000000000..f100a8f40 --- /dev/null +++ b/security/manager/ssl/nsSiteSecurityService.h @@ -0,0 +1,159 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef __nsSiteSecurityService_h__ +#define __nsSiteSecurityService_h__ + +#include "mozilla/DataStorage.h" +#include "nsCOMPtr.h" +#include "nsIObserver.h" +#include "nsISiteSecurityService.h" +#include "nsString.h" +#include "nsTArray.h" +#include "pkix/pkixtypes.h" +#include "prtime.h" + +class nsIURI; +class nsISSLStatus; + +// {16955eee-6c48-4152-9309-c42a465138a1} +#define NS_SITE_SECURITY_SERVICE_CID \ + {0x16955eee, 0x6c48, 0x4152, \ + {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} } + +/** + * SecurityPropertyState: A utility enum for representing the different states + * a security property can be in. + * SecurityPropertySet and SecurityPropertyUnset correspond to indicating + * a site has or does not have the security property in question, respectively. + * SecurityPropertyKnockout indicates a value on a preloaded list is being + * overridden, and the associated site does not have the security property + * in question. + */ +enum SecurityPropertyState { + SecurityPropertyUnset = 0, + SecurityPropertySet = 1, + SecurityPropertyKnockout = 2, + SecurityPropertyNegative = 3, +}; + +/** + * SiteHPKPState: A utility class that encodes/decodes a string describing + * the public key pins of a site. + * HPKP state consists of: + * - Expiry time (PRTime (aka int64_t) in milliseconds) + * - A state flag (SecurityPropertyState, default SecurityPropertyUnset) + * - An include subdomains flag (bool, default false) + * - An array of sha-256 hashed base 64 encoded fingerprints of required keys + */ +class SiteHPKPState +{ +public: + SiteHPKPState(); + explicit SiteHPKPState(nsCString& aStateString); + SiteHPKPState(PRTime aExpireTime, SecurityPropertyState aState, + bool aIncludeSubdomains, nsTArray& SHA256keys); + + PRTime mExpireTime; + SecurityPropertyState mState; + bool mIncludeSubdomains; + nsTArray mSHA256keys; + + bool IsExpired(mozilla::pkix::Time aTime) + { + if (aTime > mozilla::pkix::TimeFromEpochInSeconds(mExpireTime / + PR_MSEC_PER_SEC)) { + return true; + } + return false; + } + + void ToString(nsCString& aString); +}; + +/** + * SiteHSTSState: A utility class that encodes/decodes a string describing + * the security state of a site. Currently only handles HSTS. + * HSTS state consists of: + * - Expiry time (PRTime (aka int64_t) in milliseconds) + * - A state flag (SecurityPropertyState, default SecurityPropertyUnset) + * - An include subdomains flag (bool, default false) + */ +class SiteHSTSState +{ +public: + explicit SiteHSTSState(nsCString& aStateString); + SiteHSTSState(PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState, + bool aHSTSIncludeSubdomains); + + PRTime mHSTSExpireTime; + SecurityPropertyState mHSTSState; + bool mHSTSIncludeSubdomains; + + bool IsExpired(uint32_t aType) + { + // If mHSTSExpireTime is 0, this entry never expires (this is the case for + // knockout entries). + if (mHSTSExpireTime == 0) { + return false; + } + + PRTime now = PR_Now() / PR_USEC_PER_MSEC; + if (now > mHSTSExpireTime) { + return true; + } + + return false; + } + + void ToString(nsCString &aString); +}; + +struct nsSTSPreload; + +class nsSiteSecurityService : public nsISiteSecurityService + , public nsIObserver +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIOBSERVER + NS_DECL_NSISITESECURITYSERVICE + + nsSiteSecurityService(); + nsresult Init(); + +protected: + virtual ~nsSiteSecurityService(); + +private: + nsresult GetHost(nsIURI *aURI, nsACString &aResult); + nsresult SetHSTSState(uint32_t aType, nsIURI* aSourceURI, int64_t maxage, + bool includeSubdomains, uint32_t flags, + SecurityPropertyState aHSTSState); + nsresult ProcessHeaderInternal(uint32_t aType, nsIURI* aSourceURI, + const char* aHeader, nsISSLStatus* aSSLStatus, + uint32_t aFlags, uint64_t* aMaxAge, + bool* aIncludeSubdomains, + uint32_t* aFailureResult); + nsresult ProcessSTSHeader(nsIURI* aSourceURI, const char* aHeader, + uint32_t flags, uint64_t* aMaxAge, + bool* aIncludeSubdomains, uint32_t* aFailureResult); + nsresult ProcessPKPHeader(nsIURI* aSourceURI, const char* aHeader, + nsISSLStatus* aSSLStatus, uint32_t flags, + uint64_t* aMaxAge, bool* aIncludeSubdomains, + uint32_t* aFailureResult); + nsresult SetHPKPState(const char* aHost, SiteHPKPState& entry, uint32_t flags, + bool aIsPreload); + + const nsSTSPreload *GetPreloadListEntry(const char *aHost); + + uint64_t mMaxMaxAge; + bool mUsePreloadList; + int64_t mPreloadListTimeOffset; + bool mProcessPKPHeadersFromNonBuiltInRoots; + RefPtr mSiteStateStorage; + RefPtr mPreloadStateStorage; +}; + +#endif // __nsSiteSecurityService_h__ diff --git a/security/manager/ssl/nsSmartCardMonitor.cpp b/security/manager/ssl/nsSmartCardMonitor.cpp new file mode 100644 index 000000000..3423d4f5f --- /dev/null +++ b/security/manager/ssl/nsSmartCardMonitor.cpp @@ -0,0 +1,396 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsSmartCardMonitor.h" + +#include "ScopedNSSTypes.h" +#include "mozilla/Services.h" +#include "mozilla/Unused.h" +#include "nsIObserverService.h" +#include "nsServiceManagerUtils.h" +#include "nsThreadUtils.h" +#include "nspr.h" +#include "pk11func.h" + +using namespace mozilla; + +// +// The SmartCard monitoring thread should start up for each module we load +// that has removable tokens. This code calls an NSS function which waits +// until there is a change in the token state. NSS uses the +// C_WaitForSlotEvent() call in PKCS #11 if the module implements the call, +// otherwise NSS will poll the token in a loop with a delay of 'latency' +// between polls. Note that the C_WaitForSlotEvent() may wake up on any type +// of token event, so it's necessary to filter these events down to just the +// insertion and removal events we are looking for. +// +// Once the event is found, it is dispatched to the main thread to notify +// any window where window.crypto.enableSmartCardEvents is true. +// Additionally, all observers of the topics "smartcard-insert" and +// "smartcard-remove" are notified by the observer service of the appropriate +// event. +// + +class nsTokenEventRunnable : public nsIRunnable { +public: + nsTokenEventRunnable(const nsAString& aType, const nsAString& aTokenName) + : mType(aType) + , mTokenName(aTokenName) + { + } + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIRUNNABLE + +private: + virtual ~nsTokenEventRunnable() {} + + nsString mType; + nsString mTokenName; +}; + +NS_IMPL_ISUPPORTS(nsTokenEventRunnable, nsIRunnable) + +NS_IMETHODIMP +nsTokenEventRunnable::Run() +{ + MOZ_ASSERT(NS_IsMainThread()); + + nsCOMPtr observerService = + mozilla::services::GetObserverService(); + if (!observerService) { + return NS_ERROR_FAILURE; + } + // This conversion is safe because mType can only be "smartcard-insert" + // or "smartcard-remove". + NS_ConvertUTF16toUTF8 eventTypeUTF8(mType); + return observerService->NotifyObservers(nullptr, eventTypeUTF8.get(), + mTokenName.get()); +} + +// self linking and removing double linked entry +// adopts the thread it is passed. +class SmartCardThreadEntry +{ +public: + friend class SmartCardThreadList; + SmartCardThreadEntry(SmartCardMonitoringThread *thread, + SmartCardThreadEntry *next, + SmartCardThreadEntry *prev, + SmartCardThreadEntry **head) + : next(next) + , prev(prev) + , head(head) + , thread(thread) + { + if (prev) { + prev->next = this; + } else { + *head = this; + } + if (next) { + next->prev = this; + } + } + + ~SmartCardThreadEntry() + { + if (prev) { + prev->next = next; + } else { + *head = next; + } + if (next) { + next->prev = prev; + } + // NOTE: automatically stops the thread + delete thread; + } + +private: + SmartCardThreadEntry *next; + SmartCardThreadEntry *prev; + SmartCardThreadEntry **head; + SmartCardMonitoringThread *thread; +}; + +// +// SmartCardThreadList is a class to help manage the running threads. +// That way new threads could be started and old ones terminated as we +// load and unload modules. +// +SmartCardThreadList::SmartCardThreadList() : head(0) +{ +} + +SmartCardThreadList::~SmartCardThreadList() +{ + // the head is self linking and unlinking, the following + // loop removes all entries on the list. + // it will also stop the thread if it happens to be running + while (head) { + delete head; + } +} + +void +SmartCardThreadList::Remove(SECMODModule *aModule) +{ + for (SmartCardThreadEntry* current = head; current; + current = current->next) { + if (current->thread->GetModule() == aModule) { + // NOTE: automatically stops the thread and dequeues it from the list + delete current; + return; + } + } +} + +// adopts the thread passed to it. Starts the thread as well +nsresult +SmartCardThreadList::Add(SmartCardMonitoringThread* thread) +{ + SmartCardThreadEntry* current = new SmartCardThreadEntry(thread, head, + nullptr, &head); + // OK to forget current here, it's on the list. + Unused << current; + + return thread->Start(); +} + + +// We really should have a Unity PL Hash function... +static PLHashNumber +unity(const void* key) { return PLHashNumber(NS_PTR_TO_INT32(key)); } + +SmartCardMonitoringThread::SmartCardMonitoringThread(SECMODModule* module_) + : mThread(nullptr) +{ + mModule = SECMOD_ReferenceModule(module_); + // simple hash functions, most modules have less than 3 slots, so 10 buckets + // should be plenty + mHash = PL_NewHashTable(10, unity, PL_CompareValues, PL_CompareStrings, + nullptr, 0); +} + +// +// when we shutdown the thread, be sure to stop it first. If not, it just might +// crash when the mModule it is looking at disappears. +// +SmartCardMonitoringThread::~SmartCardMonitoringThread() +{ + Stop(); + SECMOD_DestroyModule(mModule); + if (mHash) { + PL_HashTableDestroy(mHash); + } +} + +nsresult +SmartCardMonitoringThread::Start() +{ + if (!mThread) { + mThread = PR_CreateThread(PR_SYSTEM_THREAD, LaunchExecute, this, + PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, + PR_JOINABLE_THREAD, 0); + } + return mThread ? NS_OK : NS_ERROR_OUT_OF_MEMORY; +} + +// +// Should only stop if we are through with the module. +// CancelWait has the side effect of losing all the keys and +// current operations on the module!. (See the comment in +// SECMOD_CancelWait for why this is so..). +// +void SmartCardMonitoringThread::Stop() +{ + SECStatus rv; + + rv = SECMOD_CancelWait(mModule); + if (rv != SECSuccess) { + // we didn't wake up the Wait, so don't try to join the thread + // otherwise we will hang forever... + return; + } + + // confused about the memory model here? NSPR owns the memory for + // threads. non-joinable threads are freed when the thread dies. + // joinable threads are freed after the call to PR_JoinThread. + // That means if SECMOD_CancelWait fails, we'll leak the mThread + // structure. this is considered preferable to hanging (which is + // what will happen if we try to join a thread that blocked). + if (mThread) { + PR_JoinThread(mThread); + mThread = 0; + } +} + +// +// remember the name and series of a token in a particular slot. +// This is important because the name is no longer available when +// the token is removed. If listeners depended on this information, +// They would be out of luck. It also is a handy way of making sure +// we don't generate spurious insertion and removal events as the slot +// cycles through various states. +// +void +SmartCardMonitoringThread::SetTokenName(CK_SLOT_ID slotid, + const char* tokenName, uint32_t series) +{ + if (mHash) { + if (tokenName) { + int len = strlen(tokenName) + 1; + /* this must match the allocator used in + * PLHashAllocOps.freeEntry DefaultFreeEntry */ + char* entry = (char*)PR_Malloc(len + sizeof(uint32_t)); + + if (entry) { + memcpy(entry, &series, sizeof(uint32_t)); + memcpy(&entry[sizeof(uint32_t)], tokenName, len); + + PL_HashTableAdd(mHash, (void*)(uintptr_t)slotid, entry); /* adopt */ + return; + } + } else { + // if tokenName was not provided, remove the old one (implicit delete) + PL_HashTableRemove(mHash, (void*)(uintptr_t)slotid); + } + } +} + +// retrieve the name saved above +const char* +SmartCardMonitoringThread::GetTokenName(CK_SLOT_ID slotid) +{ + const char* tokenName = nullptr; + const char* entry; + + if (mHash) { + entry = (const char*)PL_HashTableLookupConst(mHash, + (void*)(uintptr_t)slotid); + if (entry) { + tokenName = &entry[sizeof(uint32_t)]; + } + } + return tokenName; +} + +// retrieve the series saved in SetTokenName above +uint32_t +SmartCardMonitoringThread::GetTokenSeries(CK_SLOT_ID slotid) +{ + uint32_t series = 0; + const char* entry; + + if (mHash) { + entry = (const char*)PL_HashTableLookupConst(mHash, + (void*)(uintptr_t)slotid); + if (entry) { + memcpy(&series, entry, sizeof(uint32_t)); + } + } + return series; +} + +// +// helper function to pass the event off to nsNSSComponent. +// +void +SmartCardMonitoringThread::SendEvent(const nsAString& eventType, + const char* tokenName) +{ + // The token name should be UTF8, but it's not clear that this is enforced + // by NSS. To be safe, we explicitly check here before converting it to + // UTF16. If it isn't UTF8, we just use an empty string with the idea that + // consumers of these events should at least be notified that something + // happened. + nsAutoString tokenNameUTF16(NS_LITERAL_STRING("")); + if (IsUTF8(nsDependentCString(tokenName))) { + tokenNameUTF16.Assign(NS_ConvertUTF8toUTF16(tokenName)); + } + nsCOMPtr runnable(new nsTokenEventRunnable(eventType, + tokenNameUTF16)); + NS_DispatchToMainThread(runnable); +} + +// +// This is the main loop. +// +void SmartCardMonitoringThread::Execute() +{ + const char* tokenName; + + // + // populate token names for already inserted tokens. + // + PK11SlotList* sl = PK11_FindSlotsByNames(mModule->dllName, nullptr, nullptr, + true); + + PK11SlotListElement* sle; + if (sl) { + for (sle = PK11_GetFirstSafe(sl); sle; + sle = PK11_GetNextSafe(sl, sle, false)) { + SetTokenName(PK11_GetSlotID(sle->slot), PK11_GetTokenName(sle->slot), + PK11_GetSlotSeries(sle->slot)); + } + PK11_FreeSlotList(sl); + } + + // loop starts.. + do { + UniquePK11SlotInfo slot( + SECMOD_WaitForAnyTokenEvent(mModule, 0, PR_SecondsToInterval(1))); + if (!slot) { + break; + } + + // now we have a potential insertion or removal event, see if the slot + // is present to determine which it is... + if (PK11_IsPresent(slot.get())) { + // insertion + CK_SLOT_ID slotID = PK11_GetSlotID(slot.get()); + uint32_t series = PK11_GetSlotSeries(slot.get()); + + // skip spurious insertion events... + if (series != GetTokenSeries(slotID)) { + // if there's a token name, then we have not yet issued a remove + // event for the previous token, do so now... + tokenName = GetTokenName(slotID); + if (tokenName) { + SendEvent(NS_LITERAL_STRING("smartcard-remove"), tokenName); + } + tokenName = PK11_GetTokenName(slot.get()); + // save the token name and series + SetTokenName(slotID, tokenName, series); + SendEvent(NS_LITERAL_STRING("smartcard-insert"), tokenName); + } + } else { + // retrieve token name + CK_SLOT_ID slotID = PK11_GetSlotID(slot.get()); + tokenName = GetTokenName(slotID); + // if there's not a token name, then the software isn't expecting + // a (or another) remove event. + if (tokenName) { + SendEvent(NS_LITERAL_STRING("smartcard-remove"), tokenName); + // clear the token name (after we send it) + SetTokenName(slotID, nullptr, 0); + } + } + } while (1); +} + +// accessor to help searching active Monitoring threads +const SECMODModule* SmartCardMonitoringThread::GetModule() +{ + return mModule; +} + +// C-like calling sequence to glue into PR_CreateThread. +void SmartCardMonitoringThread::LaunchExecute(void* arg) +{ + PR_SetCurrentThreadName("SmartCard"); + + ((SmartCardMonitoringThread*)arg)->Execute(); +} diff --git a/security/manager/ssl/nsSmartCardMonitor.h b/security/manager/ssl/nsSmartCardMonitor.h new file mode 100644 index 000000000..bfadf31e8 --- /dev/null +++ b/security/manager/ssl/nsSmartCardMonitor.h @@ -0,0 +1,62 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsSmartCardMonitor_h +#define nsSmartCardMonitor_h + +#include "prthread.h" +#include "secmod.h" +#include "plhash.h" +#include "pkcs11t.h" + +class SmartCardThreadEntry; +class SmartCardMonitoringThread; + +// +// manage a group of SmartCardMonitoringThreads +// +class SmartCardThreadList { +public: + SmartCardThreadList(); + ~SmartCardThreadList(); + void Remove(SECMODModule* module); + nsresult Add(SmartCardMonitoringThread* thread); + +private: + SmartCardThreadEntry* head; +}; + +// +// monitor a Module for token insertion and removal +// +// NOTE: this provides the application the ability to dynamically add slots +// on the fly as necessary. +// +class SmartCardMonitoringThread +{ + public: + explicit SmartCardMonitoringThread(SECMODModule* module); + ~SmartCardMonitoringThread(); + + nsresult Start(); + void Stop(); + + void Execute(); + void Interrupt(); + + const SECMODModule* GetModule(); + + private: + static void LaunchExecute(void* arg); + void SetTokenName(CK_SLOT_ID slotid, const char* tokenName, uint32_t series); + const char* GetTokenName(CK_SLOT_ID slotid); + uint32_t GetTokenSeries(CK_SLOT_ID slotid); + void SendEvent(const nsAString& type, const char* tokenName); + + SECMODModule* mModule; + PLHashTable* mHash; + PRThread* mThread; +}; + +#endif // nsSmartCardMonitor_h diff --git a/security/manager/ssl/nsTLSSocketProvider.cpp b/security/manager/ssl/nsTLSSocketProvider.cpp new file mode 100644 index 000000000..190dd7769 --- /dev/null +++ b/security/manager/ssl/nsTLSSocketProvider.cpp @@ -0,0 +1,69 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/BasePrincipal.h" +#include "nsTLSSocketProvider.h" +#include "nsNSSIOLayer.h" +#include "nsError.h" + +using mozilla::NeckoOriginAttributes; + +nsTLSSocketProvider::nsTLSSocketProvider() +{ +} + +nsTLSSocketProvider::~nsTLSSocketProvider() +{ +} + +NS_IMPL_ISUPPORTS(nsTLSSocketProvider, nsISocketProvider) + +NS_IMETHODIMP +nsTLSSocketProvider::NewSocket(int32_t family, + const char *host, + int32_t port, + nsIProxyInfo *proxy, + const NeckoOriginAttributes &originAttributes, + uint32_t flags, + PRFileDesc **_result, + nsISupports **securityInfo) +{ + nsresult rv = nsSSLIOLayerNewSocket(family, + host, + port, + proxy, + originAttributes, + _result, + securityInfo, + true, + flags); + + return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK; +} + +// Add the SSL IO layer to an existing socket +NS_IMETHODIMP +nsTLSSocketProvider::AddToSocket(int32_t family, + const char *host, + int32_t port, + nsIProxyInfo *proxy, + const NeckoOriginAttributes &originAttributes, + uint32_t flags, + PRFileDesc *aSocket, + nsISupports **securityInfo) +{ + nsresult rv = nsSSLIOLayerAddToSocket(family, + host, + port, + proxy, + originAttributes, + aSocket, + securityInfo, + true, + flags); + + return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK; +} diff --git a/security/manager/ssl/nsTLSSocketProvider.h b/security/manager/ssl/nsTLSSocketProvider.h new file mode 100644 index 000000000..5fa6e670b --- /dev/null +++ b/security/manager/ssl/nsTLSSocketProvider.h @@ -0,0 +1,34 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _NSTLSSOCKETPROVIDER_H_ +#define _NSTLSSOCKETPROVIDER_H_ + +#include "nsISocketProvider.h" + + +#define NS_STARTTLSSOCKETPROVIDER_CID \ +{ /* b9507aec-1dd1-11b2-8cd5-c48ee0c50307 */ \ + 0xb9507aec, \ + 0x1dd1, \ + 0x11b2, \ + {0x8c, 0xd5, 0xc4, 0x8e, 0xe0, 0xc5, 0x03, 0x07} \ +} + +class nsTLSSocketProvider : public nsISocketProvider +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSISOCKETPROVIDER + + // nsTLSSocketProvider methods: + nsTLSSocketProvider(); + +protected: + virtual ~nsTLSSocketProvider(); +}; + +#endif /* _NSTLSSOCKETPROVIDER_H_ */ diff --git a/security/manager/ssl/nsVerificationJob.h b/security/manager/ssl/nsVerificationJob.h new file mode 100644 index 000000000..3bf4c6a5b --- /dev/null +++ b/security/manager/ssl/nsVerificationJob.h @@ -0,0 +1,51 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _INC_NSVERIFICATIONJOB_H +#define _INC_NSVERIFICATIONJOB_H + +#include "nspr.h" + +#include "nsIX509Cert.h" +#include "nsProxyRelease.h" + +class nsBaseVerificationJob +{ +public: + virtual ~nsBaseVerificationJob() {} + virtual void Run() = 0; +}; + +class nsCertVerificationJob : public nsBaseVerificationJob +{ +public: + nsCOMPtr mCert; + nsMainThreadPtrHandle mListener; + + void Run(); +}; + +class nsCertVerificationResult : public nsICertVerificationResult +{ +public: + nsCertVerificationResult(); + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSICERTVERIFICATIONRESULT + +protected: + virtual ~nsCertVerificationResult(); + +private: + nsresult mRV; + uint32_t mVerified; + uint32_t mCount; + char16_t **mUsages; + +friend class nsCertVerificationJob; +}; + +#endif diff --git a/security/manager/ssl/tests/.eslintrc.js b/security/manager/ssl/tests/.eslintrc.js new file mode 100644 index 000000000..a2a4eb389 --- /dev/null +++ b/security/manager/ssl/tests/.eslintrc.js @@ -0,0 +1,8 @@ +"use strict"; + +module.exports = { // eslint-disable-line no-undef + "rules": { + // Disallow non-top level |var| declarations. + "mozilla/var-only-at-top-level": "error" + } +}; diff --git a/security/manager/ssl/tests/gtest/CertDBTest.cpp b/security/manager/ssl/tests/gtest/CertDBTest.cpp new file mode 100644 index 000000000..e6b773cd6 --- /dev/null +++ b/security/manager/ssl/tests/gtest/CertDBTest.cpp @@ -0,0 +1,60 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" +#include "nsCOMPtr.h" +#include "nsIPrefService.h" +#include "nsISimpleEnumerator.h" +#include "nsIX509Cert.h" +#include "nsIX509CertDB.h" +#include "nsIX509CertList.h" +#include "nsServiceManagerUtils.h" + +TEST(psm_CertDB, Test) +{ + { + nsCOMPtr prefs(do_GetService(NS_PREFSERVICE_CONTRACTID)); + ASSERT_TRUE(prefs) << "couldn't get nsIPrefBranch"; + + // When PSM initializes, it attempts to get some localized strings. + // As a result, Android flips out if this isn't set. + nsresult rv = prefs->SetBoolPref("intl.locale.matchOS", true); + ASSERT_TRUE(NS_SUCCEEDED(rv)) << "couldn't set pref 'intl.locale.matchOS'"; + + nsCOMPtr certdb(do_GetService(NS_X509CERTDB_CONTRACTID)); + ASSERT_TRUE(certdb) << "couldn't get certdb"; + + nsCOMPtr certList; + rv = certdb->GetCerts(getter_AddRefs(certList)); + ASSERT_TRUE(NS_SUCCEEDED(rv)) << "couldn't get list of certificates"; + + nsCOMPtr enumerator; + rv = certList->GetEnumerator(getter_AddRefs(enumerator)); + ASSERT_TRUE(NS_SUCCEEDED(rv)) << "couldn't enumerate certificate list"; + + bool foundBuiltIn = false; + bool hasMore = false; + while (NS_SUCCEEDED(enumerator->HasMoreElements(&hasMore)) && hasMore) { + nsCOMPtr supports; + ASSERT_TRUE(NS_SUCCEEDED(enumerator->GetNext(getter_AddRefs(supports)))) + << "couldn't get next certificate"; + + nsCOMPtr cert(do_QueryInterface(supports)); + ASSERT_TRUE(cert) << "couldn't QI to nsIX509Cert"; + + ASSERT_TRUE(NS_SUCCEEDED(cert->GetIsBuiltInRoot(&foundBuiltIn))) << + "GetIsBuiltInRoot failed"; + + if (foundBuiltIn) { + break; + } + } + + ASSERT_TRUE(foundBuiltIn) << "didn't load any built-in certificates"; + + printf("successfully loaded at least one built-in certificate\n"); + + } // this scopes the nsCOMPtrs +} diff --git a/security/manager/ssl/tests/gtest/DataStorageTest.cpp b/security/manager/ssl/tests/gtest/DataStorageTest.cpp new file mode 100644 index 000000000..eaab50878 --- /dev/null +++ b/security/manager/ssl/tests/gtest/DataStorageTest.cpp @@ -0,0 +1,225 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" + +#include "mozilla/DataStorage.h" +#include "nsAppDirectoryServiceDefs.h" +#include "nsDirectoryServiceUtils.h" +#include "nsNetUtil.h" +#include "nsPrintfCString.h" +#include "nsStreamUtils.h" +#include "prtime.h" + +using namespace mozilla; + +class psm_DataStorageTest : public ::testing::Test +{ +protected: + virtual void SetUp() + { + const ::testing::TestInfo* const testInfo = + ::testing::UnitTest::GetInstance()->current_test_info(); + NS_ConvertUTF8toUTF16 testName(testInfo->name()); + storage = DataStorage::Get(testName); + storage->Init(dataWillPersist); + } + + RefPtr storage; + bool dataWillPersist; +}; + +NS_NAMED_LITERAL_CSTRING(testKey, "test"); +NS_NAMED_LITERAL_CSTRING(testValue, "value"); +NS_NAMED_LITERAL_CSTRING(privateTestValue, "private"); + +TEST_F(psm_DataStorageTest, GetPutRemove) +{ + EXPECT_TRUE(dataWillPersist); + + // Test Put/Get on Persistent data + EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent)); + // Don't re-use testKey / testValue here, to make sure that this works as + // expected with objects that have the same semantic value but are not + // literally the same object. + nsCString result = storage->Get(NS_LITERAL_CSTRING("test"), + DataStorage_Persistent); + EXPECT_STREQ("value", result.get()); + + // Get on Temporary/Private data with the same key should give nothing + result = storage->Get(testKey, DataStorage_Temporary); + EXPECT_TRUE(result.IsEmpty()); + result = storage->Get(testKey, DataStorage_Private); + EXPECT_TRUE(result.IsEmpty()); + + // Put with Temporary/Private data shouldn't affect Persistent data + NS_NAMED_LITERAL_CSTRING(temporaryTestValue, "temporary"); + EXPECT_EQ(NS_OK, storage->Put(testKey, temporaryTestValue, + DataStorage_Temporary)); + EXPECT_EQ(NS_OK, storage->Put(testKey, privateTestValue, + DataStorage_Private)); + result = storage->Get(testKey, DataStorage_Temporary); + EXPECT_STREQ("temporary", result.get()); + result = storage->Get(testKey, DataStorage_Private); + EXPECT_STREQ("private", result.get()); + result = storage->Get(testKey, DataStorage_Persistent); + EXPECT_STREQ("value", result.get()); + + // Put of a previously-present key overwrites it (if of the same type) + NS_NAMED_LITERAL_CSTRING(newValue, "new"); + EXPECT_EQ(NS_OK, storage->Put(testKey, newValue, DataStorage_Persistent)); + result = storage->Get(testKey, DataStorage_Persistent); + EXPECT_STREQ("new", result.get()); + + // Removal should work + storage->Remove(testKey, DataStorage_Temporary); + result = storage->Get(testKey, DataStorage_Temporary); + EXPECT_TRUE(result.IsEmpty()); + // But removing one type shouldn't affect the others + result = storage->Get(testKey, DataStorage_Private); + EXPECT_STREQ("private", result.get()); + result = storage->Get(testKey, DataStorage_Persistent); + EXPECT_STREQ("new", result.get()); + // Test removing the other types as well + storage->Remove(testKey, DataStorage_Private); + result = storage->Get(testKey, DataStorage_Private); + EXPECT_TRUE(result.IsEmpty()); + storage->Remove(testKey, DataStorage_Persistent); + result = storage->Get(testKey, DataStorage_Persistent); + EXPECT_TRUE(result.IsEmpty()); +} + +TEST_F(psm_DataStorageTest, InputValidation) +{ + EXPECT_TRUE(dataWillPersist); + + // Keys may not have tabs or newlines + EXPECT_EQ(NS_ERROR_INVALID_ARG, + storage->Put(NS_LITERAL_CSTRING("key\thas tab"), testValue, + DataStorage_Persistent)); + nsCString result = storage->Get(NS_LITERAL_CSTRING("key\thas tab"), + DataStorage_Persistent); + EXPECT_TRUE(result.IsEmpty()); + EXPECT_EQ(NS_ERROR_INVALID_ARG, + storage->Put(NS_LITERAL_CSTRING("key has\nnewline"), testValue, + DataStorage_Persistent)); + result = storage->Get(NS_LITERAL_CSTRING("keyhas\nnewline"), + DataStorage_Persistent); + EXPECT_TRUE(result.IsEmpty()); + // Values may not have newlines + EXPECT_EQ(NS_ERROR_INVALID_ARG, + storage->Put(testKey, NS_LITERAL_CSTRING("value\nhas newline"), + DataStorage_Persistent)); + result = storage->Get(testKey, DataStorage_Persistent); + // Values may have tabs + EXPECT_TRUE(result.IsEmpty()); + EXPECT_EQ(NS_OK, storage->Put(testKey, + NS_LITERAL_CSTRING("val\thas tab; this is ok"), + DataStorage_Persistent)); + result = storage->Get(testKey, DataStorage_Persistent); + EXPECT_STREQ("val\thas tab; this is ok", result.get()); + + nsCString longKey("a"); + for (int i = 0; i < 8; i++) { + longKey.Append(longKey); + } + // A key of length 256 will work + EXPECT_EQ(NS_OK, storage->Put(longKey, testValue, DataStorage_Persistent)); + result = storage->Get(longKey, DataStorage_Persistent); + EXPECT_STREQ("value", result.get()); + longKey.Append("a"); + // A key longer than that will not work + EXPECT_EQ(NS_ERROR_INVALID_ARG, + storage->Put(longKey, testValue, DataStorage_Persistent)); + result = storage->Get(longKey, DataStorage_Persistent); + EXPECT_TRUE(result.IsEmpty()); + + nsCString longValue("a"); + for (int i = 0; i < 10; i++) { + longValue.Append(longValue); + } + // A value of length 1024 will work + EXPECT_EQ(NS_OK, storage->Put(testKey, longValue, DataStorage_Persistent)); + result = storage->Get(testKey, DataStorage_Persistent); + EXPECT_STREQ(longValue.get(), result.get()); + longValue.Append("a"); + // A value longer than that will not work + storage->Remove(testKey, DataStorage_Persistent); + EXPECT_EQ(NS_ERROR_INVALID_ARG, + storage->Put(testKey, longValue, DataStorage_Persistent)); + result = storage->Get(testKey, DataStorage_Persistent); + EXPECT_TRUE(result.IsEmpty()); +} + +TEST_F(psm_DataStorageTest, Eviction) +{ + EXPECT_TRUE(dataWillPersist); + + // Eviction is on a per-table basis. Tables shouldn't affect each other. + EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent)); + for (int i = 0; i < 1025; i++) { + EXPECT_EQ(NS_OK, storage->Put(nsPrintfCString("%d", i), + nsPrintfCString("%d", i), + DataStorage_Temporary)); + nsCString result = storage->Get(nsPrintfCString("%d", i), + DataStorage_Temporary); + EXPECT_STREQ(nsPrintfCString("%d", i).get(), result.get()); + } + // We don't know which entry got evicted, but we can count them. + int entries = 0; + for (int i = 0; i < 1025; i++) { + nsCString result = storage->Get(nsPrintfCString("%d", i), + DataStorage_Temporary); + if (!result.IsEmpty()) { + entries++; + } + } + EXPECT_EQ(entries, 1024); + nsCString result = storage->Get(testKey, DataStorage_Persistent); + EXPECT_STREQ("value", result.get()); +} + +TEST_F(psm_DataStorageTest, ClearPrivateData) +{ + EXPECT_TRUE(dataWillPersist); + + EXPECT_EQ(NS_OK, storage->Put(testKey, privateTestValue, + DataStorage_Private)); + nsCString result = storage->Get(testKey, DataStorage_Private); + EXPECT_STREQ("private", result.get()); + storage->Observe(nullptr, "last-pb-context-exited", nullptr); + result = storage->Get(testKey, DataStorage_Private); + EXPECT_TRUE(result.IsEmpty()); +} + +TEST_F(psm_DataStorageTest, Shutdown) +{ + EXPECT_TRUE(dataWillPersist); + + EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent)); + nsCString result = storage->Get(testKey, DataStorage_Persistent); + EXPECT_STREQ("value", result.get()); + // Get "now" (in days) close to when the data was last touched, so we won't + // get intermittent failures with the day not matching. + int64_t microsecondsPerDay = 24 * 60 * 60 * int64_t(PR_USEC_PER_SEC); + int32_t nowInDays = int32_t(PR_Now() / microsecondsPerDay); + storage->Observe(nullptr, "profile-before-change", nullptr); + nsCOMPtr backingFile; + EXPECT_EQ(NS_OK, NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR, + getter_AddRefs(backingFile))); + const ::testing::TestInfo* const testInfo = + ::testing::UnitTest::GetInstance()->current_test_info(); + NS_ConvertUTF8toUTF16 testName(testInfo->name()); + EXPECT_EQ(NS_OK, backingFile->Append(testName)); + nsCOMPtr fileInputStream; + EXPECT_EQ(NS_OK, NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream), + backingFile)); + nsCString data; + EXPECT_EQ(NS_OK, NS_ConsumeStream(fileInputStream, UINT32_MAX, data)); + // The data will be of the form 'test\t0\t\tvalue' + EXPECT_STREQ(nsPrintfCString("test\t0\t%d\tvalue\n", nowInDays).get(), + data.get()); +} diff --git a/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp b/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp new file mode 100644 index 000000000..868ecdba6 --- /dev/null +++ b/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp @@ -0,0 +1,96 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" +#include "nsCOMPtr.h" +#include "nsString.h" +#include "nsSerializationHelper.h" + +// These tests verify that we can still deserialize old binary strings +// generated for security info. This is necessary because service workers +// stores these strings on disk. +// +// If you make a change and start breaking these tests, you will need to +// add a compat fix for loading the old versions. For things that affect +// the UUID, but do not break the rest of the format you can simply add +// another hack condition in nsBinaryInputStream::ReadObject(). If you +// change the overall format of the serialization then we will need more +// complex handling in the security info concrete classes. +// +// We would like to move away from this binary compatibility requirement +// in service workers. See bug 1248628. + +TEST(psm_DeserializeCert, gecko33) +{ + // Gecko 33+ vintage Security info serialized with UUIDs: + // - nsISupports 00000000-0000-0000-c000-000000000046 + // - nsISSLStatus fa9ba95b-ca3b-498a-b889-7c79cf28fee8 + // - nsIX509Cert f8ed8364-ced9-4c6e-86ba-48af53c393e6 + nsCString base64Serialization( + "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAQAAgAAAAAAAAAAAAAAAAAAAAA" + "B4vFIJp5wRkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8F+O2DZM7ZTG6GukivU8OT5gAAAAIAAAWpMII" + "FpTCCBI2gAwIBAgIQD4svsaKEC+QtqtsU2TF8ITANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUN" + "lcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFN" + "lcnZlciBDQTAeFw0xNTAyMjMwMDAwMDBaFw0xNjAzMDIxMjAwMDBaMGoxCzAJBgNVBAYTAlVTMRYwFAYDVQQHEw1TYW4gRnJhbmN" + "pc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3dy5naXRodWIuY29tMII" + "BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WUCgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJ" + "Avda8QHYujdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrtDGvN6MHqygGsdfkXKfBLUJ1BZEh" + "s9sBnfcjq3kh5gZdBArdG9l5NpdmQhtceaFGsPiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3B" + "A2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk43H9WufgfBKRen87dFwIDAQABo4ICPzCCAjs" + "wHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1UdEQR0MHK" + "CDnd3dy5naXRodWIuY29tggpnaXRodWIuY29tggwqLmdpdGh1Yi5jb22CCyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHV" + "idXNlcmNvbnRlbnQuY29tghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwM" + "BBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzMuY3J" + "sMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzMuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb" + "9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQc" + "wAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUN" + "lcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAc4dbVmuKvyI7" + "KZ4Txk+ZqcAYToJGKUIVaPL94e5SZGweUisjaCbplAOihnf6Mxt8n6vnuH2IsCaz2NRHqhdcosjT3CwAiJpJNkXPKWVL/txgdSTV" + "2cqB1GG4esFOalvI52dzn+J4fTIYZvNF+AtGyHSLm2XRXYZCw455laUKf6Sk9RDShDgUvzhOKL4GXfTwKXv12MyMknJybH8UCpjC" + "HZmFBVHMcUN/87HsQo20PdOekeEvkjrrMIxW+gxw22Yb67yF/qKgwrWr+43bLN709iyw+LWiU7sQcHL2xk9SYiWQDj2tYz2soObV" + "QYTJm0VUZMEVFhtALq46cx92Zu4vFwC8AAwAAAAABAQAA"); + + nsCOMPtr cert; + nsresult rv = NS_DeserializeObject(base64Serialization, getter_AddRefs(cert)); + ASSERT_EQ(NS_OK, rv); + ASSERT_TRUE(cert); +} + +TEST(psm_DeserializeCert, gecko46) +{ + // Gecko 46+ vintage Security info serialized with UUIDs: + // - nsISupports 00000000-0000-0000-c000-000000000046 + // - nsISSLStatus fa9ba95b-ca3b-498a-b889-7c79cf28fee8 + // - nsIX509Cert bdc3979a-5422-4cd5-8589-696b6e96ea83 + nsCString base64Serialization( + "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAQAAgAAAAAAAAAAAAAAAAAAAAA" + "B4vFIJp5wRkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAIAAAWzMII" + "FrzCCBJegAwIBAgIQB3pdwzYjAfmJ/lT3+G8+ZDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUN" + "lcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFN" + "lcnZlciBDQTAeFw0xNjAxMjAwMDAwMDBaFw0xNzA0MDYxMjAwMDBaMGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybml" + "hMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3dy5naXRodWIuY29tMII" + "BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WUCgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJ" + "Avda8QHYujdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrtDGvN6MHqygGsdfkXKfBLUJ1BZEh" + "s9sBnfcjq3kh5gZdBArdG9l5NpdmQhtceaFGsPiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3B" + "A2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk43H9WufgfBKRen87dFwIDAQABo4ICSTCCAkU" + "wHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1UdEQR0MHK" + "CDnd3dy5naXRodWIuY29tggwqLmdpdGh1Yi5jb22CCmdpdGh1Yi5jb22CCyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHV" + "idXNlcmNvbnRlbnQuY29tghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwM" + "BBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3J" + "sMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb" + "9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHU" + "wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQ" + "uY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQE" + "ATxbRdPg+o49+96/P+rbdp4ie+CGtfCgUubT/Z9C54k+BfQO0nbxVgCSM5WZQuLgo2Q+0lcxisod8zxZeU0j5wviQINwOln/iN89" + "Bx3VmDRynTe4CqhsAwOoO1ERmCAmsAJBwY/rNr4mK22p8erBrqMW0nYXYU5NFynI+pNTjojhKD4II8PNV8G2yMWwYOb/u4+WPzUA" + "HC9DpZdrWTEH/W69Cr/KxRqGsWPwpgMv2Wqav8jaT35JxqTXjOlhQqzo6fNn3eYOeCf4PkCxZKwckWjy10qDaRbjhwAMHAGj2TPr" + "idlvOj/7QyyX5m8up/1US8z1fRW4yoCSOt6V2bwuH6cAvAAMAAAAAAQEAAA=="); + + nsCOMPtr cert; + nsresult rv = NS_DeserializeObject(base64Serialization, getter_AddRefs(cert)); + ASSERT_EQ(NS_OK, rv); + ASSERT_TRUE(cert); +} diff --git a/security/manager/ssl/tests/gtest/MD4Test.cpp b/security/manager/ssl/tests/gtest/MD4Test.cpp new file mode 100644 index 000000000..1b635a757 --- /dev/null +++ b/security/manager/ssl/tests/gtest/MD4Test.cpp @@ -0,0 +1,76 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This file tests the md4.c implementation. + +#include "gtest/gtest.h" +#include "md4.h" +#include "mozilla/Casting.h" +#include "mozilla/PodOperations.h" + +struct RFC1320TestParams +{ + const char* data; + const uint8_t expectedHash[16]; +}; + +static const RFC1320TestParams RFC1320_TEST_PARAMS[] = +{ + { + "", + { 0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, + 0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0 } + }, + { + "a", + { 0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46, + 0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24 } + }, + { + "abc", + { 0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, + 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d } + }, + { + "message digest", + { 0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8, + 0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b } + }, + { + "abcdefghijklmnopqrstuvwxyz", + { 0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd, + 0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9 }, + }, + { + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + { 0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35, + 0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4 }, + }, + { + "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + { 0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19, + 0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36 }, + } +}; + +class psm_MD4 + : public ::testing::Test + , public ::testing::WithParamInterface +{ +}; + +TEST_P(psm_MD4, RFC1320TestValues) +{ + const RFC1320TestParams& params(GetParam()); + uint8_t actualHash[16]; + md4sum(mozilla::BitwiseCast(params.data), + strlen(params.data), actualHash); + EXPECT_TRUE(mozilla::PodEqual(actualHash, params.expectedHash)) + << "MD4 hashes aren't equal for input: '" << params.data << "'"; +} + +INSTANTIATE_TEST_CASE_P(psm_MD4, psm_MD4, + testing::ValuesIn(RFC1320_TEST_PARAMS)); diff --git a/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp new file mode 100644 index 000000000..2b7dc946c --- /dev/null +++ b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp @@ -0,0 +1,337 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "CertVerifier.h" +#include "OCSPCache.h" +#include "gtest/gtest.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/Casting.h" +#include "mozilla/Sprintf.h" +#include "nss.h" +#include "pkix/pkixtypes.h" +#include "pkixtestutil.h" +#include "prerr.h" +#include "secerr.h" + +using namespace mozilla::pkix; +using namespace mozilla::pkix::test; + +using mozilla::NeckoOriginAttributes; + +template +inline Input +LiteralInput(const char(&valueString)[N]) +{ + // Ideally we would use mozilla::BitwiseCast() here rather than + // reinterpret_cast for better type checking, but the |N - 1| part trips + // static asserts. + return Input(reinterpret_cast(valueString)); +} + +const int MaxCacheEntries = 1024; + +class psm_OCSPCacheTest : public ::testing::Test +{ +protected: + psm_OCSPCacheTest() : now(Now()) { } + + static void SetUpTestCase() + { + NSS_NoDB_Init(nullptr); + } + + const Time now; + mozilla::psm::OCSPCache cache; +}; + +static void +PutAndGet(mozilla::psm::OCSPCache& cache, const CertID& certID, Result result, + Time time, + const NeckoOriginAttributes& originAttributes = NeckoOriginAttributes()) +{ + // The first time is thisUpdate. The second is validUntil. + // The caller is expecting the validUntil returned with Get + // to be equal to the passed-in time. Since these values will + // be different in practice, make thisUpdate less than validUntil. + Time thisUpdate(time); + ASSERT_EQ(Success, thisUpdate.SubtractSeconds(10)); + Result rv = cache.Put(certID, originAttributes, result, thisUpdate, time); + ASSERT_TRUE(rv == Success); + Result resultOut; + Time timeOut(Time::uninitialized); + ASSERT_TRUE(cache.Get(certID, originAttributes, resultOut, timeOut)); + ASSERT_EQ(result, resultOut); + ASSERT_EQ(time, timeOut); +} + +Input fakeIssuer1(LiteralInput("CN=issuer1")); +Input fakeKey000(LiteralInput("key000")); +Input fakeKey001(LiteralInput("key001")); +Input fakeSerial0000(LiteralInput("0000")); + +TEST_F(psm_OCSPCacheTest, TestPutAndGet) +{ + Input fakeSerial000(LiteralInput("000")); + Input fakeSerial001(LiteralInput("001")); + + SCOPED_TRACE(""); + PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial001), + Success, now); + Result resultOut; + Time timeOut(Time::uninitialized); + ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial000), + NeckoOriginAttributes(), resultOut, timeOut)); +} + +TEST_F(psm_OCSPCacheTest, TestVariousGets) +{ + SCOPED_TRACE(""); + for (int i = 0; i < MaxCacheEntries; i++) { + uint8_t serialBuf[8]; + snprintf(mozilla::BitwiseCast(serialBuf), sizeof(serialBuf), + "%04d", i); + Input fakeSerial; + ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4)); + Time timeIn(now); + ASSERT_EQ(Success, timeIn.AddSeconds(i)); + PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial), + Success, timeIn); + } + + Time timeIn(now); + Result resultOut; + Time timeOut(Time::uninitialized); + + // This will be at the end of the list in the cache + CertID cert0000(fakeIssuer1, fakeKey000, fakeSerial0000); + ASSERT_TRUE(cache.Get(cert0000, NeckoOriginAttributes(), resultOut, timeOut)); + ASSERT_EQ(Success, resultOut); + ASSERT_EQ(timeIn, timeOut); + // Once we access it, it goes to the front + ASSERT_TRUE(cache.Get(cert0000, NeckoOriginAttributes(), resultOut, timeOut)); + ASSERT_EQ(Success, resultOut); + ASSERT_EQ(timeIn, timeOut); + + // This will be in the middle + Time timeInPlus512(now); + ASSERT_EQ(Success, timeInPlus512.AddSeconds(512)); + + static const Input fakeSerial0512(LiteralInput("0512")); + CertID cert0512(fakeIssuer1, fakeKey000, fakeSerial0512); + ASSERT_TRUE(cache.Get(cert0512, NeckoOriginAttributes(), resultOut, timeOut)); + ASSERT_EQ(Success, resultOut); + ASSERT_EQ(timeInPlus512, timeOut); + ASSERT_TRUE(cache.Get(cert0512, NeckoOriginAttributes(), resultOut, timeOut)); + ASSERT_EQ(Success, resultOut); + ASSERT_EQ(timeInPlus512, timeOut); + + // We've never seen this certificate + static const Input fakeSerial1111(LiteralInput("1111")); + ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey000, fakeSerial1111), + NeckoOriginAttributes(), resultOut, timeOut)); +} + +TEST_F(psm_OCSPCacheTest, TestEviction) +{ + SCOPED_TRACE(""); + // By putting more distinct entries in the cache than it can hold, + // we cause the least recently used entry to be evicted. + for (int i = 0; i < MaxCacheEntries + 1; i++) { + uint8_t serialBuf[8]; + snprintf(mozilla::BitwiseCast(serialBuf), sizeof(serialBuf), + "%04d", i); + Input fakeSerial; + ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4)); + Time timeIn(now); + ASSERT_EQ(Success, timeIn.AddSeconds(i)); + PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial), + Success, timeIn); + } + + Result resultOut; + Time timeOut(Time::uninitialized); + ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial0000), + NeckoOriginAttributes(), resultOut, timeOut)); +} + +TEST_F(psm_OCSPCacheTest, TestNoEvictionForRevokedResponses) +{ + SCOPED_TRACE(""); + CertID notEvicted(fakeIssuer1, fakeKey000, fakeSerial0000); + Time timeIn(now); + PutAndGet(cache, notEvicted, Result::ERROR_REVOKED_CERTIFICATE, timeIn); + // By putting more distinct entries in the cache than it can hold, + // we cause the least recently used entry that isn't revoked to be evicted. + for (int i = 1; i < MaxCacheEntries + 1; i++) { + uint8_t serialBuf[8]; + snprintf(mozilla::BitwiseCast(serialBuf), sizeof(serialBuf), + "%04d", i); + Input fakeSerial; + ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4)); + Time timeIn(now); + ASSERT_EQ(Success, timeIn.AddSeconds(i)); + PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial), + Success, timeIn); + } + Result resultOut; + Time timeOut(Time::uninitialized); + ASSERT_TRUE(cache.Get(notEvicted, NeckoOriginAttributes(), resultOut, timeOut)); + ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, resultOut); + ASSERT_EQ(timeIn, timeOut); + + Input fakeSerial0001(LiteralInput("0001")); + CertID evicted(fakeIssuer1, fakeKey000, fakeSerial0001); + ASSERT_FALSE(cache.Get(evicted, NeckoOriginAttributes(), resultOut, timeOut)); +} + +TEST_F(psm_OCSPCacheTest, TestEverythingIsRevoked) +{ + SCOPED_TRACE(""); + Time timeIn(now); + // Fill up the cache with revoked responses. + for (int i = 0; i < MaxCacheEntries; i++) { + uint8_t serialBuf[8]; + snprintf(mozilla::BitwiseCast(serialBuf), sizeof(serialBuf), + "%04d", i); + Input fakeSerial; + ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4)); + Time timeIn(now); + ASSERT_EQ(Success, timeIn.AddSeconds(i)); + PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial), + Result::ERROR_REVOKED_CERTIFICATE, timeIn); + } + static const Input fakeSerial1025(LiteralInput("1025")); + CertID good(fakeIssuer1, fakeKey000, fakeSerial1025); + // This will "succeed", allowing verification to continue. However, + // nothing was actually put in the cache. + Time timeInPlus1025(timeIn); + ASSERT_EQ(Success, timeInPlus1025.AddSeconds(1025)); + Time timeInPlus1025Minus50(timeInPlus1025); + ASSERT_EQ(Success, timeInPlus1025Minus50.SubtractSeconds(50)); + Result result = cache.Put(good, NeckoOriginAttributes(), Success, timeInPlus1025Minus50, + timeInPlus1025); + ASSERT_EQ(Success, result); + Result resultOut; + Time timeOut(Time::uninitialized); + ASSERT_FALSE(cache.Get(good, NeckoOriginAttributes(), resultOut, timeOut)); + + static const Input fakeSerial1026(LiteralInput("1026")); + CertID revoked(fakeIssuer1, fakeKey000, fakeSerial1026); + // This will fail, causing verification to fail. + Time timeInPlus1026(timeIn); + ASSERT_EQ(Success, timeInPlus1026.AddSeconds(1026)); + Time timeInPlus1026Minus50(timeInPlus1026); + ASSERT_EQ(Success, timeInPlus1026Minus50.SubtractSeconds(50)); + result = cache.Put(revoked, NeckoOriginAttributes(), Result::ERROR_REVOKED_CERTIFICATE, + timeInPlus1026Minus50, timeInPlus1026); + ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, result); +} + +TEST_F(psm_OCSPCacheTest, VariousIssuers) +{ + SCOPED_TRACE(""); + Time timeIn(now); + static const Input fakeIssuer2(LiteralInput("CN=issuer2")); + static const Input fakeSerial001(LiteralInput("001")); + CertID subject(fakeIssuer1, fakeKey000, fakeSerial001); + PutAndGet(cache, subject, Success, now); + Result resultOut; + Time timeOut(Time::uninitialized); + ASSERT_TRUE(cache.Get(subject, NeckoOriginAttributes(), resultOut, timeOut)); + ASSERT_EQ(Success, resultOut); + ASSERT_EQ(timeIn, timeOut); + // Test that we don't match a different issuer DN + ASSERT_FALSE(cache.Get(CertID(fakeIssuer2, fakeKey000, fakeSerial001), + NeckoOriginAttributes(), resultOut, timeOut)); + // Test that we don't match a different issuer key + ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial001), + NeckoOriginAttributes(), resultOut, timeOut)); +} + +TEST_F(psm_OCSPCacheTest, Times) +{ + SCOPED_TRACE(""); + CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000); + PutAndGet(cache, certID, Result::ERROR_OCSP_UNKNOWN_CERT, + TimeFromElapsedSecondsAD(100)); + PutAndGet(cache, certID, Success, TimeFromElapsedSecondsAD(200)); + // This should not override the more recent entry. + ASSERT_EQ(Success, + cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_OCSP_UNKNOWN_CERT, + TimeFromElapsedSecondsAD(100), + TimeFromElapsedSecondsAD(100))); + Result resultOut; + Time timeOut(Time::uninitialized); + ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut)); + // Here we see the more recent time. + ASSERT_EQ(Success, resultOut); + ASSERT_EQ(TimeFromElapsedSecondsAD(200), timeOut); + + // Result::ERROR_REVOKED_CERTIFICATE overrides everything + PutAndGet(cache, certID, Result::ERROR_REVOKED_CERTIFICATE, + TimeFromElapsedSecondsAD(50)); +} + +TEST_F(psm_OCSPCacheTest, NetworkFailure) +{ + SCOPED_TRACE(""); + CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000); + PutAndGet(cache, certID, Result::ERROR_CONNECT_REFUSED, + TimeFromElapsedSecondsAD(100)); + PutAndGet(cache, certID, Success, TimeFromElapsedSecondsAD(200)); + // This should not override the already present entry. + ASSERT_EQ(Success, + cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_CONNECT_REFUSED, + TimeFromElapsedSecondsAD(300), + TimeFromElapsedSecondsAD(350))); + Result resultOut; + Time timeOut(Time::uninitialized); + ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut)); + ASSERT_EQ(Success, resultOut); + ASSERT_EQ(TimeFromElapsedSecondsAD(200), timeOut); + + PutAndGet(cache, certID, Result::ERROR_OCSP_UNKNOWN_CERT, + TimeFromElapsedSecondsAD(400)); + // This should not override the already present entry. + ASSERT_EQ(Success, + cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_CONNECT_REFUSED, + TimeFromElapsedSecondsAD(500), + TimeFromElapsedSecondsAD(550))); + ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut)); + ASSERT_EQ(Result::ERROR_OCSP_UNKNOWN_CERT, resultOut); + ASSERT_EQ(TimeFromElapsedSecondsAD(400), timeOut); + + PutAndGet(cache, certID, Result::ERROR_REVOKED_CERTIFICATE, + TimeFromElapsedSecondsAD(600)); + // This should not override the already present entry. + ASSERT_EQ(Success, + cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_CONNECT_REFUSED, + TimeFromElapsedSecondsAD(700), + TimeFromElapsedSecondsAD(750))); + ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut)); + ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, resultOut); + ASSERT_EQ(TimeFromElapsedSecondsAD(600), timeOut); +} + +TEST_F(psm_OCSPCacheTest, TestOriginAttributes) +{ + CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000); + + SCOPED_TRACE(""); + NeckoOriginAttributes attrs; + attrs.mFirstPartyDomain.AssignLiteral("foo.com"); + PutAndGet(cache, certID, Success, now, attrs); + + Result resultOut; + Time timeOut(Time::uninitialized); + attrs.mFirstPartyDomain.AssignLiteral("bar.com"); + ASSERT_FALSE(cache.Get(certID, attrs, resultOut, timeOut)); + + // OCSP cache should not be isolated by containers. + attrs.mUserContextId = 1; + attrs.mFirstPartyDomain.AssignLiteral("foo.com"); + ASSERT_TRUE(cache.Get(certID, attrs, resultOut, timeOut)); +} diff --git a/security/manager/ssl/tests/gtest/README.txt b/security/manager/ssl/tests/gtest/README.txt new file mode 100644 index 000000000..0e5132269 --- /dev/null +++ b/security/manager/ssl/tests/gtest/README.txt @@ -0,0 +1,2 @@ +Please name all test cases in this directory with the prefix "psm". This makes +it easier to run all PSM related GTests at once. diff --git a/security/manager/ssl/tests/gtest/STSParserTest.cpp b/security/manager/ssl/tests/gtest/STSParserTest.cpp new file mode 100644 index 000000000..bedf57fea --- /dev/null +++ b/security/manager/ssl/tests/gtest/STSParserTest.cpp @@ -0,0 +1,144 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include + +#include "gtest/gtest.h" +#include "nsNetUtil.h" +#include "nsISiteSecurityService.h" +#include "nsIURI.h" + +void +TestSuccess(const char* hdr, bool extraTokens, + uint64_t expectedMaxAge, bool expectedIncludeSubdomains, + nsISiteSecurityService* sss) +{ + nsCOMPtr dummyUri; + nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html"); + ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI"; + + uint64_t maxAge = 0; + bool includeSubdomains = false; + rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri, + hdr, 0, &maxAge, &includeSubdomains, nullptr); + ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to process valid header: " << hdr; + + ASSERT_EQ(maxAge, expectedMaxAge) << "Did not correctly parse maxAge"; + EXPECT_EQ(includeSubdomains, expectedIncludeSubdomains) << + "Did not correctly parse presence/absence of includeSubdomains"; + + if (extraTokens) { + EXPECT_EQ(rv, NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA) << + "Extra tokens were expected when parsing, but were not encountered."; + } else { + EXPECT_EQ(rv, NS_OK) << "Unexpected tokens found during parsing."; + } + + printf("%s\n", hdr); +} + +void TestFailure(const char* hdr, + nsISiteSecurityService* sss) +{ + nsCOMPtr dummyUri; + nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html"); + ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI"; + + rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri, + hdr, 0, nullptr, nullptr, nullptr); + ASSERT_TRUE(NS_FAILED(rv)) << "Parsed invalid header: " << hdr; + + printf("%s\n", hdr); +} + +TEST(psm_STSParser, Test) +{ + nsresult rv; + + // grab handle to the service + nsCOMPtr sss; + sss = do_GetService("@mozilla.org/ssservice;1", &rv); + ASSERT_TRUE(NS_SUCCEEDED(rv)); + + // *** parsing tests + printf("*** Attempting to parse valid STS headers ...\n"); + + // SHOULD SUCCEED: + TestSuccess("max-age=100", false, 100, false, sss); + TestSuccess("max-age =100", false, 100, false, sss); + TestSuccess(" max-age=100", false, 100, false, sss); + TestSuccess("max-age = 100 ", false, 100, false, sss); + TestSuccess("max-age = \"100\" ", false, 100, false, sss); + TestSuccess("max-age=\"100\"", false, 100, false, sss); + TestSuccess(" max-age =\"100\" ", false, 100, false, sss); + TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, sss); + TestSuccess("max-age = 100 ", false, 100, false, sss); + + TestSuccess("maX-aGe=100", false, 100, false, sss); + TestSuccess("MAX-age =100", false, 100, false, sss); + TestSuccess("max-AGE=100", false, 100, false, sss); + TestSuccess("Max-Age = 100 ", false, 100, false, sss); + TestSuccess("MAX-AGE = 100 ", false, 100, false, sss); + + TestSuccess("max-age=100;includeSubdomains", false, 100, true, sss); + TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, sss); + TestSuccess(" max-age=100; includeSubdomains", false, 100, true, sss); + TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss); + TestSuccess("max-age = 100 ; includeSubdomains", + false, 100, true, sss); + + TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, sss); + TestSuccess("MAX-age =100; includeSubDomains", false, 100, true, sss); + TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, sss); + TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, sss); + TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, sss); + // Turns out, the actual directive is entirely optional (hence the + // trailing semicolon) + TestSuccess("max-age=100;includeSubdomains;", true, 100, true, sss); + + // these are weird tests, but are testing that some extended syntax is + // still allowed (but it is ignored) + TestSuccess("max-age=100 ; includesubdomainsSomeStuff", + true, 100, false, sss); + TestSuccess("\r\n\t\t \tcompletelyUnrelated = foobar; max-age= 34520103" + "\t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t", + true, 34520103, true, sss); + TestSuccess("max-age=100; unrelated=\"quoted \\\"thingy\\\"\"", + true, 100, false, sss); + + // SHOULD FAIL: + printf("* Attempting to parse invalid STS headers (should not parse)...\n"); + // invalid max-ages + TestFailure("max-age", sss); + TestFailure("max-age ", sss); + TestFailure("max-age=p", sss); + TestFailure("max-age=*1p2", sss); + TestFailure("max-age=.20032", sss); + TestFailure("max-age=!20032", sss); + TestFailure("max-age==20032", sss); + + // invalid headers + TestFailure("foobar", sss); + TestFailure("maxage=100", sss); + TestFailure("maxa-ge=100", sss); + TestFailure("max-ag=100", sss); + TestFailure("includesubdomains", sss); + TestFailure(";", sss); + TestFailure("max-age=\"100", sss); + // The max-age directive here doesn't conform to the spec, so it MUST + // be ignored. Consequently, the REQUIRED max-age directive is not + // present in this header, and so it is invalid. + TestFailure("max-age=100, max-age=200; includeSubdomains", sss); + TestFailure("max-age=100 includesubdomains", sss); + TestFailure("max-age=100 bar foo", sss); + TestFailure("max-age=100randomstuffhere", sss); + // All directives MUST appear only once in an STS header field. + TestFailure("max-age=100; max-age=200", sss); + TestFailure("includeSubdomains; max-age=200; includeSubdomains", sss); + TestFailure("max-age=200; includeSubdomains; includeSubdomains", sss); + // The includeSubdomains directive is valueless. + TestFailure("max-age=100; includeSubdomains=unexpected", sss); + // LWS must have at least one space or horizontal tab + TestFailure("\r\nmax-age=200", sss); +} diff --git a/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp b/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp new file mode 100644 index 000000000..65f5257fb --- /dev/null +++ b/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp @@ -0,0 +1,568 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNSSIOLayer.h" +#include "sslproto.h" +#include "sslerr.h" + +#include "gtest/gtest.h" + +NS_NAMED_LITERAL_CSTRING(HOST, "example.org"); +const int16_t PORT = 443; + +class psm_TLSIntoleranceTest : public ::testing::Test +{ +protected: + nsSSLIOLayerHelpers helpers; +}; + +TEST_F(psm_TLSIntoleranceTest, FullFallbackProcess) +{ + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, helpers.mVersionFallbackLimit); + + // No adjustment made when there is no entry for the site. + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus); + + ASSERT_TRUE( + helpers.rememberStrongCiphersFailed( + HOST, PORT, SSL_ERROR_NO_CYPHER_OVERLAP)); + ASSERT_EQ(SSL_ERROR_NO_CYPHER_OVERLAP, + helpers.getIntoleranceReason(HOST, PORT)); + } + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCiphersFailed, strongCipherStatus); + + ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0)); + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, + range.min, range.max, 0)); + } + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); + ASSERT_EQ(StrongCiphersFailed, strongCipherStatus); + + ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0)); + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, + range.min, range.max, 0)); + } + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max); + ASSERT_EQ(StrongCiphersFailed, strongCipherStatus); + + ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0)); + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, + range.min, range.max, 0)); + } + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + // When rememberIntolerantAtVersion returns false, it also resets the + // intolerance information for the server. + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus); + } +} + +TEST_F(psm_TLSIntoleranceTest, DisableFallbackWithHighLimit) +{ + // this value disables version fallback entirely: with this value, all efforts + // to mark an origin as version intolerant fail + helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2; + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2, + 0)); + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_1, + 0)); + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_0, + 0)); +} + +TEST_F(psm_TLSIntoleranceTest, FallbackLimitBelowMin) +{ + // check that we still respect the minimum version, + // when it is higher than the fallback limit + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_1, + SSL_LIBRARY_VERSION_TLS_1_2, + 0)); + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); + ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus); + } + + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_1, + SSL_LIBRARY_VERSION_TLS_1_1, + 0)); +} + +TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant1) +{ + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_1, + 0)); + helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1); + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); + ASSERT_EQ(StrongCiphersWorked, strongCipherStatus); +} + +TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant2) +{ + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_1, + 0)); + helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_2); + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCiphersWorked, strongCipherStatus); +} + +TEST_F(psm_TLSIntoleranceTest, IntolerantDoesNotOverrideTolerant) +{ + // No adjustment made when there is no entry for the site. + helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1); + // false because we reached the floor set by rememberTolerantAtVersion. + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_1, + 0)); + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCiphersWorked, strongCipherStatus); +} + +TEST_F(psm_TLSIntoleranceTest, PortIsRelevant) +{ + helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2); + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, 1, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2, + 0)); + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, 2, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2, + 0)); + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, 1, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + } + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, 2, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); + } +} + +TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonInitial) +{ + ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1)); + + helpers.rememberTolerantAtVersion(HOST, 2, SSL_LIBRARY_VERSION_TLS_1_2); + ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 2)); +} + +TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonStored) +{ + helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2, + SSL_ERROR_BAD_SERVER); + ASSERT_EQ(SSL_ERROR_BAD_SERVER, helpers.getIntoleranceReason(HOST, 1)); + + helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_1, + SSL_ERROR_BAD_MAC_READ); + ASSERT_EQ(SSL_ERROR_BAD_MAC_READ, helpers.getIntoleranceReason(HOST, 1)); +} + +TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonCleared) +{ + ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1)); + + helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2, + SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); + ASSERT_EQ(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT, + helpers.getIntoleranceReason(HOST, 1)); + + helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2); + ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1)); +} + +TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailed) +{ + helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_1; + + ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0)); + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCiphersFailed, strongCipherStatus); + + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, + range.min, range.max, 0)); + } + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); + ASSERT_EQ(StrongCiphersFailed, strongCipherStatus); + + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, + range.min, range.max, 0)); + } + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + // When rememberIntolerantAtVersion returns false, it also resets the + // intolerance information for the server. + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus); + } +} + +TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailedAt1_1) +{ + helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_0; + + // No adjustment made when there is no entry for the site. + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, + range.min, range.max, 0)); + } + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0)); + } + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); + ASSERT_EQ(StrongCiphersFailed, strongCipherStatus); + + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, + range.min, range.max, 0)); + } + + { + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max); + ASSERT_EQ(StrongCiphersFailed, strongCipherStatus); + } +} + +TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailedWithHighLimit) +{ + // this value disables version fallback entirely: with this value, all efforts + // to mark an origin as version intolerant fail + helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2; + // ...but weak ciphers fallback will not be disabled + ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0)); + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2, + 0)); + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_1, + 0)); + ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_0, + 0)); +} + +TEST_F(psm_TLSIntoleranceTest, TolerantDoesNotOverrideWeakCiphersFallback) +{ + ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0)); + // No adjustment made when intolerant is zero. + helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1); + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCiphersFailed, strongCipherStatus); +} + +TEST_F(psm_TLSIntoleranceTest, WeakCiphersFallbackDoesNotOverrideTolerant) +{ + // No adjustment made when there is no entry for the site. + helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1); + // false because strongCipherWorked is set by rememberTolerantAtVersion. + ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0)); + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCiphersWorked, strongCipherStatus); +} + +TEST_F(psm_TLSIntoleranceTest, TLSForgetIntolerance) +{ + { + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2, + 0)); + + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); + ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus); + } + + { + helpers.forgetIntolerance(HOST, PORT); + + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus); + } +} + +TEST_F(psm_TLSIntoleranceTest, TLSForgetStrongCipherFailed) +{ + { + ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0)); + + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(StrongCiphersFailed, strongCipherStatus); + } + + { + helpers.forgetIntolerance(HOST, PORT); + + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus); + } +} + +TEST_F(psm_TLSIntoleranceTest, TLSDontForgetTolerance) +{ + { + helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1); + + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCiphersWorked, strongCipherStatus); + } + + { + ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT, + SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2, + 0)); + + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max); + ASSERT_EQ(StrongCiphersWorked, strongCipherStatus); + } + + { + helpers.forgetIntolerance(HOST, PORT); + + SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2 }; + StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown; + helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min); + ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max); + ASSERT_EQ(StrongCiphersWorked, strongCipherStatus); + } +} + +TEST_F(psm_TLSIntoleranceTest, TLSPerSiteFallbackLimit) +{ + NS_NAMED_LITERAL_CSTRING(example_com, "example.com"); + NS_NAMED_LITERAL_CSTRING(example_net, "example.net"); + NS_NAMED_LITERAL_CSTRING(example_org, "example.org"); + + helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_0; + + ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); + + helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2; + + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); + + helpers.setInsecureFallbackSites(example_com); + + ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); + + helpers.setInsecureFallbackSites(NS_LITERAL_CSTRING("example.com,example.net")); + + ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); + + helpers.setInsecureFallbackSites(example_net); + + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); + + helpers.setInsecureFallbackSites(EmptyCString()); + + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1)); + ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0)); +} diff --git a/security/manager/ssl/tests/gtest/moz.build b/security/manager/ssl/tests/gtest/moz.build new file mode 100644 index 000000000..735ab2971 --- /dev/null +++ b/security/manager/ssl/tests/gtest/moz.build @@ -0,0 +1,29 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SOURCES += [ + 'CertDBTest.cpp', + 'DataStorageTest.cpp', + 'DeserializeCertTest.cpp', + 'MD4Test.cpp', + 'OCSPCacheTest.cpp', + 'STSParserTest.cpp', + 'TLSIntoleranceTest.cpp', +] + +LOCAL_INCLUDES += [ + '/security/certverifier', + '/security/manager/ssl', + '/security/pkix/include', + '/security/pkix/test/lib', +] + +include('/ipc/chromium/chromium-config.mozbuild') + +FINAL_LIBRARY = 'xul-gtest' + +if CONFIG['GNU_CXX']: + CXXFLAGS += ['-Wno-error=shadow'] diff --git a/security/manager/ssl/tests/mochitest/browser/.eslintrc.js b/security/manager/ssl/tests/mochitest/browser/.eslintrc.js new file mode 100644 index 000000000..c15988365 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/.eslintrc.js @@ -0,0 +1,5 @@ +"use strict"; + +module.exports = { // eslint-disable-line no-undef + "extends": "../../../../../../testing/mochitest/browser.eslintrc.js" +}; diff --git a/security/manager/ssl/tests/mochitest/browser/browser.ini b/security/manager/ssl/tests/mochitest/browser/browser.ini new file mode 100644 index 000000000..3c91ceb80 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser.ini @@ -0,0 +1,18 @@ +[DEFAULT] +tags = psm +support-files = + head.js + *.pem + +[browser_bug627234_perwindowpb.js] +[browser_certificateManagerLeak.js] +[browser_certViewer.js] +[browser_clientAuth_connection.js] +[browser_clientAuth_ui.js] +[browser_deleteCert_ui.js] +[browser_downloadCert_ui.js] +[browser_editCACertTrust.js] +# An earlier attempt at landing this test resulted in frequent intermittent +# failures, almost entirely on Linux. See Bug 1309519. +skip-if = os == "linux" +[browser_exportP12_passwordUI.js] diff --git a/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js new file mode 100644 index 000000000..081521ca9 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js @@ -0,0 +1,102 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +var FakeSSLStatus = function() { +}; + +FakeSSLStatus.prototype = { + serverCert: null, + cipherName: null, + keyLength: 2048, + isDomainMismatch: false, + isNotValidAtThisTime: false, + isUntrusted: false, + isExtendedValidation: false, + getInterface: function(aIID) { + return this.QueryInterface(aIID); + }, + QueryInterface: function(aIID) { + if (aIID.equals(Ci.nsISSLStatus) || + aIID.equals(Ci.nsISupports)) { + return this; + } + throw new Error(Cr.NS_ERROR_NO_INTERFACE); + }, +}; + +function whenNewWindowLoaded(aOptions, aCallback) { + let win = OpenBrowserWindow(aOptions); + win.addEventListener("load", function onLoad() { + win.removeEventListener("load", onLoad, false); + aCallback(win); + }, false); +} + +// This is a template to help porting global private browsing tests +// to per-window private browsing tests +function test() { + // initialization + waitForExplicitFinish(); + let windowsToClose = []; + let testURI = "about:blank"; + let uri; + let gSSService = Cc["@mozilla.org/ssservice;1"]. + getService(Ci.nsISiteSecurityService); + + function privacyFlags(aIsPrivateMode) { + return aIsPrivateMode ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0; + } + + function doTest(aIsPrivateMode, aWindow, aCallback) { + aWindow.gBrowser.selectedBrowser.addEventListener("load", function onLoad() { + aWindow.gBrowser.selectedBrowser.removeEventListener("load", onLoad, true); + let sslStatus = new FakeSSLStatus(); + uri = aWindow.Services.io.newURI("https://localhost/img.png", null, null); + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=1000", sslStatus, privacyFlags(aIsPrivateMode)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "localhost", privacyFlags(aIsPrivateMode)), "checking sts host"); + + aCallback(); + }, true); + + aWindow.gBrowser.selectedBrowser.loadURI(testURI); + } + + function testOnWindow(aOptions, aCallback) { + whenNewWindowLoaded(aOptions, function(aWin) { + windowsToClose.push(aWin); + // execute should only be called when need, like when you are opening + // web pages on the test. If calling executeSoon() is not necesary, then + // call whenNewWindowLoaded() instead of testOnWindow() on your test. + executeSoon(function() { aCallback(aWin); }); + }); + } + + // this function is called after calling finish() on the test. + registerCleanupFunction(function() { + windowsToClose.forEach(function(aWin) { + aWin.close(); + }); + uri = Services.io.newURI("http://localhost", null, null); + gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0); + }); + + // test first when on private mode + testOnWindow({private: true}, function(aWin) { + doTest(true, aWin, function() { + //test when not on private mode + testOnWindow({}, function(aWin) { + doTest(false, aWin, function() { + //test again when on private mode + testOnWindow({private: true}, function(aWin) { + doTest(true, aWin, function () { + finish(); + }); + }); + }); + }); + }); + }); +} diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js new file mode 100644 index 000000000..d75f9f207 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js @@ -0,0 +1,224 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// Repeatedly opens the certificate viewer dialog with various certificates and +// determines that the viewer correctly identifies either what usages those +// certificates are valid for or what errors prevented the certificates from +// being verified. + +var { OS } = Cu.import("resource://gre/modules/osfile.jsm", {}); + +add_task(function* testCAandTitle() { + let cert = yield readCertificate("ca.pem", "CTu,CTu,CTu"); + let win = yield displayCertificate(cert); + checkUsages(win, ["SSL Certificate Authority"]); + + // There's no real need to test the title for every cert, so we just test it + // once here. + Assert.equal(win.document.title, "Certificate Viewer: \u201Cca\u201D", + "Actual and expected title should match"); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testSSLEndEntity() { + let cert = yield readCertificate("ssl-ee.pem", ",,"); + let win = yield displayCertificate(cert); + checkUsages(win, ["SSL Server Certificate", "SSL Client Certificate"]); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testEmailEndEntity() { + let cert = yield readCertificate("email-ee.pem", ",,"); + let win = yield displayCertificate(cert); + checkUsages(win, ["Email Recipient Certificate", "Email Signer Certificate"]); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testCodeSignEndEntity() { + let cert = yield readCertificate("code-ee.pem", ",,"); + let win = yield displayCertificate(cert); + checkUsages(win, ["Object Signer"]); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testExpired() { + let cert = yield readCertificate("expired-ca.pem", ",,"); + let win = yield displayCertificate(cert); + checkError(win, "Could not verify this certificate because it has expired."); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testIssuerExpired() { + let cert = yield readCertificate("ee-from-expired-ca.pem", ",,"); + let win = yield displayCertificate(cert); + checkError(win, + "Could not verify this certificate because the CA certificate " + + "is invalid."); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testUnknownIssuer() { + let cert = yield readCertificate("unknown-issuer.pem", ",,"); + let win = yield displayCertificate(cert); + checkError(win, + "Could not verify this certificate because the issuer is " + + "unknown."); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testInsecureAlgo() { + let cert = yield readCertificate("md5-ee.pem", ",,"); + let win = yield displayCertificate(cert); + checkError(win, + "Could not verify this certificate because it was signed using " + + "a signature algorithm that was disabled because that algorithm " + + "is not secure."); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testUntrusted() { + let cert = yield readCertificate("untrusted-ca.pem", "p,p,p"); + let win = yield displayCertificate(cert); + checkError(win, + "Could not verify this certificate because it is not trusted."); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testUntrustedIssuer() { + let cert = yield readCertificate("ee-from-untrusted-ca.pem", ",,"); + let win = yield displayCertificate(cert); + checkError(win, + "Could not verify this certificate because the issuer is not " + + "trusted."); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testRevoked() { + // Note that there's currently no way to un-do this. This should only be a + // problem if another test re-uses a certificate with this same key (perhaps + // likely) and subject (less likely). + let certBlocklist = Cc["@mozilla.org/security/certblocklist;1"] + .getService(Ci.nsICertBlocklist); + certBlocklist.revokeCertBySubjectAndPubKey( + "MBIxEDAOBgNVBAMMB3Jldm9rZWQ=", // CN=revoked + "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="); // hash of the shared key + let cert = yield readCertificate("revoked.pem", ",,"); + let win = yield displayCertificate(cert); + // As of bug 1312827, OneCRL only applies to TLS web server certificates, so + // this certificate will actually verify successfully for every end-entity + // usage except TLS web server. + checkUsages(win, ["Email Recipient Certificate", "Email Signer Certificate", + "Object Signer", "SSL Client Certificate"]); + yield BrowserTestUtils.closeWindow(win); +}); + +add_task(function* testInvalid() { + // This certificate has a keyUsage extension asserting cRLSign and + // keyCertSign, but it doesn't have a basicConstraints extension. This + // shouldn't be valid for any usage. Sadly, we give a pretty lame error + // message in this case. + let cert = yield readCertificate("invalid.pem", ",,"); + let win = yield displayCertificate(cert); + checkError(win, "Could not verify this certificate for unknown reasons."); + yield BrowserTestUtils.closeWindow(win); +}); + +/** + * Given a certificate, returns a promise that will resolve when the certificate + * viewer has opened is displaying that certificate, and has finished + * determining its valid usages. + * + * @param {nsIX509Cert} certificate + * The certificate to view and determine usages for. + * @return {Promise} + * A promise that will resolve with a handle on the opened certificate + * viewer window when the usages have been determined. + */ +function displayCertificate(certificate) { + let win = window.openDialog("chrome://pippki/content/certViewer.xul", "", + "", certificate); + return TestUtils.topicObserved("ViewCertDetails:CertUsagesDone", + (subject, data) => subject == win) + .then(([subject, data]) => subject, error => { throw error; }); +} + +/** + * Given a certificate viewer window, finds the usages the certificate is valid + * for. + * + * @param {window} win + * The certificate viewer window. + * @return {String[]} + * An array of strings describing the usages the certificate is valid + * for. + */ +function getUsages(win) { + let determinedUsages = []; + let verifyInfoBox = win.document.getElementById("verify_info_box"); + Array.from(verifyInfoBox.children).forEach(child => { + if (child.getAttribute("hidden") != "true" && + child.getAttribute("id") != "verified") { + determinedUsages.push(child.getAttribute("value")); + } + }); + return determinedUsages.sort(); +} + +/** + * Given a certificate viewer window, returns the error string describing a + * failure encountered when determining the certificate's usages. It will be + * "This certificate has been verified for the following uses:" when the + * certificate has successfully verified for at least one usage. + * + * @param {window} win + * The certificate viewer window. + * @return {String} + * A string describing the error encountered, or the success message if + * the certificate is valid for at least one usage. + */ +function getError(win) { + return win.document.getElementById("verified").textContent; +} + +/** + * Given a certificate viewer window and an array of expected usage + * descriptions, verifies that the window is actually showing that the + * certificate has validated for those usages. + * + * @param {window} win + * The certificate viewer window. + * @param {String[]} usages + * An array of expected usage descriptions. + */ +function checkUsages(win, usages) { + Assert.equal(getError(win), + "This certificate has been verified for the following uses:", + "should have successful verification message"); + let determinedUsages = getUsages(win); + usages.sort(); + Assert.equal(determinedUsages.length, usages.length, + "number of usages as determined by cert viewer should be equal"); + while (usages.length > 0) { + Assert.equal(determinedUsages.pop(), usages.pop(), + "usages as determined by cert viewer should be equal"); + } +} + +/** + * Given a certificate viewer window and an expected error, verifies that the + * window is actually showing that error. + * + * @param {window} win + * The certificate viewer window. + * @param {String} error + * The expected error message. + */ +function checkError(win, error) { + let determinedUsages = getUsages(win); + Assert.equal(determinedUsages.length, 0, + "should not have any successful usages in error case"); + Assert.equal(getError(win), error, + "determined error should be the same as expected error"); +} diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js b/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js new file mode 100644 index 000000000..d1db319d0 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js @@ -0,0 +1,32 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +var gBugWindow; + +function onLoad() { + gBugWindow.removeEventListener("load", onLoad); + gBugWindow.addEventListener("unload", onUnload); + gBugWindow.close(); +} + +function onUnload() { + gBugWindow.removeEventListener("unload", onUnload); + window.focus(); + finish(); +} + +// This test opens and then closes the certificate manager to test that it +// does not leak. The test harness keeps track of and reports leaks, so +// there are no actual checks here. +function test() { + waitForExplicitFinish(); + + // This test relies on the test timing out in order to indicate failure so + // let's add a dummy pass. + ok(true, "Each test requires at least one pass, fail or todo so here is a pass."); + + gBugWindow = window.openDialog("chrome://pippki/content/certManager.xul"); + gBugWindow.addEventListener("load", onLoad); +} diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js new file mode 100644 index 000000000..6362fd34d --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js @@ -0,0 +1,135 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests various scenarios connecting to a server that requires client cert +// authentication. Also tests that nsIClientAuthDialogs.chooseCertificate +// is called at the appropriate times and with the correct arguments. + +const { MockRegistrar } = + Cu.import("resource://testing-common/MockRegistrar.jsm", {}); + +const DialogState = { + // Assert that chooseCertificate() is never called. + ASSERT_NOT_CALLED: "ASSERT_NOT_CALLED", + // Return that the user selected the first given cert. + RETURN_CERT_SELECTED: "RETURN_CERT_SELECTED", + // Return that the user canceled. + RETURN_CERT_NOT_SELECTED: "RETURN_CERT_NOT_SELECTED", +}; + +let sdr = Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing); + +// Mock implementation of nsIClientAuthDialogs. +const gClientAuthDialogs = { + _state: DialogState.ASSERT_NOT_CALLED, + + set state(newState) { + info(`old state: ${this._state}`); + this._state = newState; + info(`new state: ${this._state}`); + }, + + get state() { + return this._state; + }, + + chooseCertificate(ctx, hostname, port, organization, issuerOrg, certList, + selectedIndex) { + Assert.notEqual(this.state, DialogState.ASSERT_NOT_CALLED, + "chooseCertificate() should be called only when expected"); + + let caud = ctx.QueryInterface(Ci.nsIClientAuthUserDecision); + Assert.notEqual(caud, null, + "nsIClientAuthUserDecision should be queryable from the " + + "given context"); + caud.rememberClientAuthCertificate = false; + + Assert.equal(hostname, "requireclientcert.example.com", + "Hostname should be 'requireclientcert.example.com'"); + Assert.equal(port, 443, "Port should be 443"); + Assert.equal(organization, "", + "Server cert Organization should be empty/not present"); + Assert.equal(issuerOrg, "Mozilla Testing", + "Server cert issuer Organization should be 'Mozilla Testing'"); + + // For mochitests, only the cert at build/pgo/certs/mochitest.client should + // be selectable, so we do some brief checks to confirm this. + Assert.notEqual(certList, null, "Cert list should not be null"); + Assert.equal(certList.length, 1, "Only 1 certificate should be available"); + let cert = certList.queryElementAt(0, Ci.nsIX509Cert); + Assert.notEqual(cert, null, "Cert list should contain an nsIX509Cert"); + Assert.equal(cert.commonName, "Mochitest client", + "Cert CN should be 'Mochitest client'"); + + if (this.state == DialogState.RETURN_CERT_SELECTED) { + selectedIndex.value = 0; + return true; + } + return false; + }, + + QueryInterface: XPCOMUtils.generateQI([Ci.nsIClientAuthDialogs]) +}; + +add_task(function* setup() { + let clientAuthDialogsCID = + MockRegistrar.register("@mozilla.org/nsClientAuthDialogs;1", + gClientAuthDialogs); + registerCleanupFunction(() => { + MockRegistrar.unregister(clientAuthDialogsCID); + }); +}); + +/** + * Test helper for the tests below. + * + * @param {String} prefValue + * Value to set the "security.default_personal_cert" pref to. + * @param {String} expectedURL + * If the connection is expected to load successfully, the URL that + * should load. If the connection is expected to fail and result in an + * error page, |undefined|. + */ +function* testHelper(prefValue, expectedURL) { + yield SpecialPowers.pushPrefEnv({"set": [ + ["security.default_personal_cert", prefValue], + ]}); + + yield BrowserTestUtils.loadURI(gBrowser.selectedBrowser, + "https://requireclientcert.example.com:443"); + + // |loadedURL| will be a string URL if browserLoaded() wins the race, or + // |undefined| if waitForErrorPage() wins the race. + let loadedURL = yield Promise.race([ + BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser), + BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser), + ]); + Assert.equal(expectedURL, loadedURL, "Expected and actual URLs should match"); + + // Ensure previously successful connections don't influence future tests. + sdr.logoutAndTeardown(); +} + +// Test that if a certificate is chosen automatically the connection succeeds, +// and that nsIClientAuthDialogs.chooseCertificate() is never called. +add_task(function* testCertChosenAutomatically() { + gClientAuthDialogs.state = DialogState.ASSERT_NOT_CALLED; + yield* testHelper("Select Automatically", + "https://requireclientcert.example.com/"); +}); + +// Test that if the user doesn't choose a certificate, the connection fails and +// an error page is displayed. +add_task(function* testCertNotChosenByUser() { + gClientAuthDialogs.state = DialogState.RETURN_CERT_NOT_SELECTED; + yield* testHelper("Ask Every Time", undefined); +}); + +// Test that if the user chooses a certificate the connection suceeeds. +add_task(function* testCertChosenByUser() { + gClientAuthDialogs.state = DialogState.RETURN_CERT_SELECTED; + yield* testHelper("Ask Every Time", + "https://requireclientcert.example.com/"); +}); diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js new file mode 100644 index 000000000..bf4f179c0 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js @@ -0,0 +1,137 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests that the client authentication certificate chooser correctly displays +// provided information and correctly returns user input. + +const TEST_HOSTNAME = "Test Hostname"; +const TEST_ORG = "Test Org"; +const TEST_ISSUER_ORG = "Test Issuer Org"; +const TEST_PORT = 123; + +var certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); +/** + * Test certificate (i.e. build/pgo/certs/mochitest.client). + * @type nsIX509Cert + */ +var cert; + +/** + * Opens the client auth cert chooser dialog. + * + * @param {nsIX509Cert} cert The cert to pass to the dialog for display. + * @returns {Promise} + * A promise that resolves when the dialog has finished loading, with + * an array consisting of: + * 1. The window of the opened dialog. + * 2. The return value nsIWritablePropertyBag2 passed to the dialog. + */ +function openClientAuthDialog(cert) { + let certList = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray); + certList.appendElement(cert, false); + + let returnVals = Cc["@mozilla.org/hash-property-bag;1"] + .createInstance(Ci.nsIWritablePropertyBag2); + let win = window.openDialog("chrome://pippki/content/clientauthask.xul", "", + "", TEST_HOSTNAME, TEST_ORG, TEST_ISSUER_ORG, + TEST_PORT, certList, returnVals); + return new Promise((resolve, reject) => { + win.addEventListener("load", function onLoad() { + win.removeEventListener("load", onLoad); + resolve([win, returnVals]); + }); + }); +} + +/** + * Checks that the contents of the given cert chooser dialog match the details + * of build/pgo/certs/mochitest.client. + * + * @param {window} win The cert chooser window. + * @param {String} notBefore + * The notBeforeLocalTime attribute of mochitest.client. + * @param {String} notAfter + * The notAfterLocalTime attribute of mochitest.client. + */ +function checkDialogContents(win, notBefore, notAfter) { + Assert.equal(win.document.getElementById("hostname").textContent, + `${TEST_HOSTNAME}:${TEST_PORT}`, + "Actual and expected hostname and port should be equal"); + // “ and ” don't seem to work when embedded in the following literals, which + // is why escape codes are used instead. + Assert.equal(win.document.getElementById("organization").textContent, + `Organization: \u201C${TEST_ORG}\u201D`, + "Actual and expected organization should be equal"); + Assert.equal(win.document.getElementById("issuer").textContent, + `Issued Under: \u201C${TEST_ISSUER_ORG}\u201D`, + "Actual and expected issuer organization should be equal"); + + Assert.equal(win.document.getElementById("nicknames").label, + "test client certificate [03]", + "Actual and expected selected cert nickname and serial should " + + "be equal"); + + let [subject, serialNum, validity, issuer, tokenName] = + win.document.getElementById("details").value.split("\n"); + Assert.equal(subject, "Issued to: CN=Mochitest client", + "Actual and expected subject should be equal"); + Assert.equal(serialNum, "Serial number: 03", + "Actual and expected serial number should be equal"); + Assert.equal(validity, `Valid from ${notBefore} to ${notAfter}`, + "Actual and expected validity should be equal"); + Assert.equal(issuer, + "Issued by: CN=Temporary Certificate Authority,O=Mozilla " + + "Testing,OU=Profile Guided Optimization", + "Actual and expected issuer should be equal"); + Assert.equal(tokenName, "Stored on: Software Security Device", + "Actual and expected token name should be equal"); +} + +add_task(function* setup() { + cert = certDB.findCertByNickname("test client certificate"); + Assert.notEqual(cert, null, "Should be able to find the test client cert"); +}); + +// Test that the contents of the dialog correspond to the details of the +// provided cert. +add_task(function* testContents() { + let [win, retVals] = yield openClientAuthDialog(cert); + checkDialogContents(win, cert.validity.notBeforeLocalTime, + cert.validity.notAfterLocalTime); + yield BrowserTestUtils.closeWindow(win); +}); + +// Test that the right values are returned when the dialog is accepted. +add_task(function* testAcceptDialogReturnValues() { + let [win, retVals] = yield openClientAuthDialog(cert); + win.document.getElementById("rememberBox").checked = true; + info("Accepting dialog"); + win.document.getElementById("certAuthAsk").acceptDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(retVals.get("certChosen"), + "Return value should signal user chose a certificate"); + Assert.equal(retVals.get("selectedIndex"), 0, + "0 should be returned as the selected index"); + Assert.ok(retVals.get("rememberSelection"), + "Return value should signal 'Remember this decision' checkbox was" + + "checked"); +}); + +// Test that the right values are returned when the dialog is canceled. +add_task(function* testCancelDialogReturnValues() { + let [win, retVals] = yield openClientAuthDialog(cert); + win.document.getElementById("rememberBox").checked = false; + info("Canceling dialog"); + win.document.getElementById("certAuthAsk").cancelDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(!retVals.get("certChosen"), + "Return value should signal user did not choose a certificate"); + Assert.ok(!retVals.get("rememberSelection"), + "Return value should signal 'Remember this decision' checkbox was" + + "unchecked"); +}); diff --git a/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js new file mode 100644 index 000000000..b0ac8f95c --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js @@ -0,0 +1,215 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests various aspects of the cert delete confirmation dialog. +// Among other things, tests that for each type of cert that can be deleted: +// 1. The various lines of explanation text are correctly set. +// 2. The implementation correctly falls back through multiple cert attributes +// to determine what to display to represent a cert. + +/** + * An array of tree items corresponding to TEST_CASES. + * @type nsICertTreeItem[] + */ +var gCertArray = []; + +const FAKE_HOST_PORT = "Fake host and port"; + +/** + * @typedef {TestCase} + * @type Object + * @property {String} certFilename + * Filename of the cert, or null if we don't want to import a cert for + * this test case (i.e. we expect the hostPort attribute of + * nsICertTreeItem to be used). + * @property {String} expectedDisplayString + * The string we expect the UI to display to represent the given cert. + */ + +/** + * A list of test cases representing certs that get "deleted". + * @type TestCase[] + */ +const TEST_CASES = [ + { certFilename: null, + expectedDisplayString: FAKE_HOST_PORT }, + { certFilename: "has-cn.pem", + expectedDisplayString: "Foo" }, + { certFilename: "has-ou.pem", + expectedDisplayString: "Bar" }, + { certFilename: "has-o.pem", + expectedDisplayString: "Baz" }, + { certFilename: "has-non-empty-subject.pem", + expectedDisplayString: "C=US" }, + { certFilename: "has-empty-subject.pem", + expectedDisplayString: "Certificate with serial number: 0A" }, +]; + +/** + * Opens the cert delete confirmation dialog. + * + * @param {String} tabID + * The ID of the cert category tab the certs to delete belong to. + * @returns {Promise} + * A promise that resolves when the dialog has finished loading, with + * an array consisting of: + * 1. The window of the opened dialog. + * 2. The return value object passed to the dialog. + */ +function openDeleteCertConfirmDialog(tabID) { + let retVals = { + deleteConfirmed: false, + }; + let win = window.openDialog("chrome://pippki/content/deletecert.xul", "", "", + tabID, gCertArray, retVals); + return new Promise((resolve, reject) => { + win.addEventListener("load", function onLoad() { + win.removeEventListener("load", onLoad); + resolve([win, retVals]); + }); + }); +} + +add_task(function* setup() { + for (let testCase of TEST_CASES) { + let cert = null; + if (testCase.certFilename) { + cert = yield readCertificate(testCase.certFilename, ",,"); + } + let certTreeItem = { + hostPort: FAKE_HOST_PORT, + cert: cert, + QueryInterface(iid) { + if (iid.equals(Ci.nsICertTreeItem)) { + return this; + } + + throw new Error(Cr.NS_ERROR_NO_INTERFACE); + } + }; + gCertArray.push(certTreeItem); + } +}); + +/** + * Test helper for the below test cases. + * + * @param {String} tabID + * ID of the cert category tab the certs to delete belong to. + * @param {String} expectedTitle + * Title the dialog is expected to have. + * @param {String} expectedConfirmMsg + * Confirmation message the dialog is expected to show. + * @param {String} expectedImpact + * Impact the dialog is expected to show. + */ +function* testHelper(tabID, expectedTitle, expectedConfirmMsg, expectedImpact) { + let [win, retVals] = yield openDeleteCertConfirmDialog(tabID); + let certList = win.document.getElementById("certlist"); + + Assert.equal(win.document.title, expectedTitle, + `Actual and expected titles should match for ${tabID}`); + Assert.equal(win.document.getElementById("confirm").textContent, + expectedConfirmMsg, + `Actual and expected confirm message should match for ${tabID}`); + Assert.equal(win.document.getElementById("impact").textContent, + expectedImpact, + `Actual and expected impact should match for ${tabID}`); + + Assert.equal(certList.itemCount, TEST_CASES.length, + `No. of certs displayed should match for ${tabID}`); + for (let i = 0; i < certList.itemCount; i++) { + Assert.equal(certList.getItemAtIndex(i).label, + TEST_CASES[i].expectedDisplayString, + "Actual and expected display string should match for " + + `index ${i} for ${tabID}`); + } + + yield BrowserTestUtils.closeWindow(win); +} + +// Test deleting certs from the "Your Certificates" tab. +add_task(function* testDeletePersonalCerts() { + const expectedTitle = "Delete your Certificates"; + const expectedConfirmMsg = + "Are you sure you want to delete these certificates?"; + const expectedImpact = + "If you delete one of your own certificates, you can no longer use it to " + + "identify yourself."; + yield* testHelper("mine_tab", expectedTitle, expectedConfirmMsg, + expectedImpact); +}); + +// Test deleting certs from the "People" tab. +add_task(function* testDeleteOtherPeopleCerts() { + const expectedTitle = "Delete E-Mail Certificates"; + // ’ doesn't seem to work when embedded in the following literals, which is + // why escape codes are used instead. + const expectedConfirmMsg = + "Are you sure you want to delete these people\u2019s e-mail certificates?"; + const expectedImpact = + "If you delete a person\u2019s e-mail certificate, you will no longer be " + + "able to send encrypted e-mail to that person."; + yield* testHelper("others_tab", expectedTitle, expectedConfirmMsg, + expectedImpact); +}); + +// Test deleting certs from the "Servers" tab. +add_task(function* testDeleteServerCerts() { + const expectedTitle = "Delete Server Certificate Exceptions"; + const expectedConfirmMsg = + "Are you sure you want to delete these server exceptions?"; + const expectedImpact = + "If you delete a server exception, you restore the usual security checks " + + "for that server and require it uses a valid certificate."; + yield* testHelper("websites_tab", expectedTitle, expectedConfirmMsg, + expectedImpact); +}); + +// Test deleting certs from the "Authorities" tab. +add_task(function* testDeleteCACerts() { + const expectedTitle = "Delete or Distrust CA Certificates"; + const expectedConfirmMsg = + "You have requested to delete these CA certificates. For built-in " + + "certificates all trust will be removed, which has the same effect. Are " + + "you sure you want to delete or distrust?"; + const expectedImpact = + "If you delete or distrust a certificate authority (CA) certificate, " + + "this application will no longer trust any certificates issued by that CA."; + yield* testHelper("ca_tab", expectedTitle, expectedConfirmMsg, + expectedImpact); +}); + +// Test deleting certs from the "Other" tab. +add_task(function* testDeleteOtherCerts() { + const expectedTitle = "Delete Certificates"; + const expectedConfirmMsg = + "Are you sure you want to delete these certificates?"; + const expectedImpact = ""; + yield* testHelper("orphan_tab", expectedTitle, expectedConfirmMsg, + expectedImpact); +}); + +// Test that the right values are returned when the dialog is accepted. +add_task(function* testAcceptDialogReturnValues() { + let [win, retVals] = yield openDeleteCertConfirmDialog("ca_tab" /*arbitrary*/); + info("Accepting dialog"); + win.document.getElementById("deleteCertificate").acceptDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(retVals.deleteConfirmed, + "Return value should signal user accepted"); +}); + +// Test that the right values are returned when the dialog is canceled. +add_task(function* testCancelDialogReturnValues() { + let [win, retVals] = yield openDeleteCertConfirmDialog("ca_tab" /*arbitrary*/); + info("Canceling dialog"); + win.document.getElementById("deleteCertificate").cancelDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(!retVals.deleteConfirmed, + "Return value should signal user did not accept"); +}); diff --git a/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js new file mode 100644 index 000000000..cbd59f883 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js @@ -0,0 +1,150 @@ +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests that the cert download/import UI correctly identifies the cert being +// downloaded, and allows the trust of the cert to be specified. + +const { MockRegistrar } = + Cu.import("resource://testing-common/MockRegistrar.jsm", {}); + +/** + * @typedef {TestCase} + * @type Object + * @property {String} certFilename + * Filename of the cert for this test case. + * @property {String} expectedDisplayString + * The string we expect the UI to display to represent the given cert. + * @property {nsIX509Cert} cert + * Handle to the cert once read in setup(). + */ + +/** + * A list of test cases representing certs that get "downloaded". + * @type TestCase[] + */ +const TEST_CASES = [ + { certFilename: "has-cn.pem", + expectedDisplayString: "Foo", + cert: null }, + { certFilename: "has-empty-subject.pem", + expectedDisplayString: "Certificate Authority (unnamed)", + cert: null }, +]; + +/** + * Opens the cert download dialog. + * + * @param {nsIX509Cert} cert + * The cert to pass to the dialog for display. + * @returns {Promise} + * A promise that resolves when the dialog has finished loading, with + * an array consisting of: + * 1. The window of the opened dialog. + * 2. The return value nsIWritablePropertyBag2 passed to the dialog. + */ +function openCertDownloadDialog(cert) { + let returnVals = Cc["@mozilla.org/hash-property-bag;1"] + .createInstance(Ci.nsIWritablePropertyBag2); + let win = window.openDialog("chrome://pippki/content/downloadcert.xul", "", + "", cert, returnVals); + return new Promise((resolve, reject) => { + win.addEventListener("load", function onLoad() { + win.removeEventListener("load", onLoad); + resolve([win, returnVals]); + }); + }); +} + +// Mock implementation of nsICertificateDialogs. +const gCertificateDialogs = { + expectedCert: null, + viewCertCallCount: 0, + confirmDownloadCACert(ctx, cert, trust) { + Assert.ok(false, "confirmDownloadCACert() should not have been called"); + }, + setPKCS12FilePassword(ctx, password) { + Assert.ok(false, "setPKCS12FilePassword() should not have been called"); + }, + getPKCS12FilePassword(ctx, password) { + Assert.ok(false, "getPKCS12FilePassword() should not have been called"); + }, + viewCert(ctx, cert) { + this.viewCertCallCount++; + Assert.notEqual(cert, null, "Cert to view should not be null"); + Assert.equal(cert, this.expectedCert, + "Actual and expected cert should match"); + }, + + QueryInterface: XPCOMUtils.generateQI([Ci.nsICertificateDialogs]) +}; + +add_task(function* setup() { + for (let testCase of TEST_CASES) { + testCase.cert = yield readCertificate(testCase.certFilename, ",,"); + Assert.notEqual(testCase.cert, null, + `'${testCase.certFilename}' should have been read`); + } + + let certificateDialogsCID = + MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1", + gCertificateDialogs); + registerCleanupFunction(() => { + MockRegistrar.unregister(certificateDialogsCID); + }); +}); + +// Test that the trust header message corresponds to the provided cert, and that +// the View Cert button launches the cert viewer for the provided cert. +add_task(function* testTrustHeaderAndViewCertButton() { + for (let testCase of TEST_CASES) { + let [win, retVals] = yield openCertDownloadDialog(testCase.cert); + let expectedTrustHeaderString = + `Do you want to trust \u201C${testCase.expectedDisplayString}\u201D ` + + "for the following purposes?"; + Assert.equal(win.document.getElementById("trustHeader").textContent, + expectedTrustHeaderString, + "Actual and expected trust header text should match for " + + `${testCase.certFilename}`); + + gCertificateDialogs.viewCertCallCount = 0; + gCertificateDialogs.expectedCert = testCase.cert; + info("Pressing View Cert button"); + win.document.getElementById("viewC-button").doCommand(); + Assert.equal(gCertificateDialogs.viewCertCallCount, 1, + "viewCert() should've been called once"); + + yield BrowserTestUtils.closeWindow(win); + } +}); + +// Test that the right values are returned when the dialog is accepted. +add_task(function* testAcceptDialogReturnValues() { + let [win, retVals] = yield openCertDownloadDialog(TEST_CASES[0].cert); + win.document.getElementById("trustSSL").checked = true; + win.document.getElementById("trustEmail").checked = false; + win.document.getElementById("trustObjSign").checked = true; + info("Accepting dialog"); + win.document.getElementById("download_cert").acceptDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(retVals.get("importConfirmed"), + "Return value should signal user chose to import the cert"); + Assert.ok(retVals.get("trustForSSL"), + "Return value should signal SSL trust checkbox was checked"); + Assert.ok(!retVals.get("trustForEmail"), + "Return value should signal E-mail trust checkbox was unchecked"); + Assert.ok(retVals.get("trustForObjSign"), + "Return value should signal Obj Sign trust checkbox was checked"); +}); + +// Test that the right values are returned when the dialog is canceled. +add_task(function* testCancelDialogReturnValues() { + let [win, retVals] = yield openCertDownloadDialog(TEST_CASES[0].cert); + info("Canceling dialog"); + win.document.getElementById("download_cert").cancelDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(!retVals.get("importConfirmed"), + "Return value should signal user chose not to import the cert"); +}); diff --git a/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js new file mode 100644 index 000000000..bc87732a5 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js @@ -0,0 +1,119 @@ +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests that the UI for editing the trust of a CA certificate correctly +// reflects trust in the cert DB, and correctly updates trust in the cert DB +// when requested. + +var gCertDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +/** + * The cert we're editing the trust of. + * @type nsIX509Cert + */ +var gCert; + +/** + * Opens the cert trust editing dialog. + * + * @returns {Promise} + * A promise that resolves when the dialog has finished loading with + * the window of the opened dialog. + */ +function openEditCertTrustDialog() { + let win = window.openDialog("chrome://pippki/content/editcacert.xul", "", "", + gCert); + return new Promise((resolve, reject) => { + win.addEventListener("load", function onLoad() { + win.removeEventListener("load", onLoad); + resolve(win); + }); + }); +} + +add_task(function* setup() { + // Initially trust ca.pem for SSL, but not e-mail or object signing. + gCert = yield readCertificate("ca.pem", "CT,,"); + Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL), + "Sanity check: ca.pem should be trusted for SSL"); + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_EMAIL), + "Sanity check: ca.pem should not be trusted for e-mail"); + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_OBJSIGN), + "Sanity check: ca.pem should not be trusted for object signing"); +}); + +// Tests the following: +// 1. The checkboxes correctly reflect the trust set in setup(). +// 2. Accepting the dialog after flipping some of the checkboxes results in the +// correct trust being set in the cert DB. +add_task(function* testAcceptDialog() { + let win = yield openEditCertTrustDialog(); + + let sslCheckbox = win.document.getElementById("trustSSL"); + let emailCheckbox = win.document.getElementById("trustEmail"); + let objSignCheckbox = win.document.getElementById("trustObjSign"); + Assert.ok(sslCheckbox.checked, + "Cert should be trusted for SSL in UI"); + Assert.ok(!emailCheckbox.checked, + "Cert should not be trusted for e-mail in UI"); + Assert.ok(!objSignCheckbox.checked, + "Cert should not be trusted for object signing in UI"); + + sslCheckbox.checked = false; + emailCheckbox.checked = true; + + info("Accepting dialog"); + win.document.getElementById("editCaCert").acceptDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL), + "Cert should no longer be trusted for SSL"); + Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_EMAIL), + "Cert should now be trusted for e-mail"); + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_OBJSIGN), + "Cert should still not be trusted for object signing"); +}); + +// Tests the following: +// 1. The checkboxes correctly reflect the trust set in testAcceptDialog(). +// 2. Canceling the dialog even after flipping the checkboxes doesn't result in +// a change of trust in the cert DB. +add_task(function* testCancelDialog() { + let win = yield openEditCertTrustDialog(); + + let sslCheckbox = win.document.getElementById("trustSSL"); + let emailCheckbox = win.document.getElementById("trustEmail"); + let objSignCheckbox = win.document.getElementById("trustObjSign"); + Assert.ok(!sslCheckbox.checked, + "Cert should not be trusted for SSL in UI"); + Assert.ok(emailCheckbox.checked, + "Cert should be trusted for e-mail in UI"); + Assert.ok(!objSignCheckbox.checked, + "Cert should not be trusted for object signing in UI"); + + sslCheckbox.checked = true; + emailCheckbox.checked = false; + objSignCheckbox.checked = true; + + info("Canceling dialog"); + win.document.getElementById("editCaCert").cancelDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL), + "Cert should still not be trusted for SSL"); + Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_EMAIL), + "Cert should still be trusted for e-mail"); + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_OBJSIGN), + "Cert should still not be trusted for object signing"); +}); diff --git a/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js new file mode 100644 index 000000000..fc7591ece --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js @@ -0,0 +1,142 @@ +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests that the UI for setting the password on a to be exported PKCS #12 file: +// 1. Correctly requires the password to be typed in twice as confirmation. +// 2. Calculates and displays the strength of said password. + +/** + * @typedef {TestCase} + * @type Object + * @property {String} name + * The name of the test case for display purposes. + * @property {String} password1 + * The password to enter into the first password textbox. + * @property {String} password2 + * The password to enter into the second password textbox. + * @property {String} strength + * The expected strength of the password in the range [0, 100]. + */ + +/** + * A list of test cases representing various inputs to the password textboxes. + * @type TestCase[] + */ +const TEST_CASES = [ + { name: "empty", + password1: "", + password2: "", + strength: "0" }, + { name: "match-weak", + password1: "foo", + password2: "foo", + strength: "10" }, + { name: "match-medium", + password1: "foo123", + password2: "foo123", + strength: "60" }, + { name: "match-strong", + password1: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三", + password2: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三", + strength: "100" }, + { name: "mismatch-weak", + password1: "foo", + password2: "bar", + strength: "10" }, + { name: "mismatch-medium", + password1: "foo123", + password2: "bar", + strength: "60" }, + { name: "mismatch-strong", + password1: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三", + password2: "bar", + strength: "100" }, +]; + +/** + * Opens the dialog shown to set the password on a PKCS #12 file being exported. + * + * @returns {Promise} + * A promise that resolves when the dialog has finished loading, with + * an array consisting of: + * 1. The window of the opened dialog. + * 2. The return value nsIWritablePropertyBag2 passed to the dialog. + */ +function openSetP12PasswordDialog() { + let returnVals = Cc["@mozilla.org/hash-property-bag;1"] + .createInstance(Ci.nsIWritablePropertyBag2); + let win = window.openDialog("chrome://pippki/content/setp12password.xul", "", + "", returnVals); + return new Promise((resolve, reject) => { + win.addEventListener("load", function onLoad() { + win.removeEventListener("load", onLoad); + resolve([win, returnVals]); + }); + }); +} + +// Tests that the first password textbox is the element that is initially +// focused. +add_task(function* testFocus() { + let [win, retVals] = yield openSetP12PasswordDialog(); + Assert.equal(win.document.activeElement, + win.document.getElementById("pw1").inputField, + "First password textbox should have focus"); + yield BrowserTestUtils.closeWindow(win); +}); + +// Tests that the password strength algorithm used is reasonable, and that the +// Accept button is only enabled if the two passwords match. +add_task(function* testPasswordStrengthAndEquality() { + let [win, retVals] = yield openSetP12PasswordDialog(); + let password1Textbox = win.document.getElementById("pw1"); + let password2Textbox = win.document.getElementById("pw2"); + let strengthProgressBar = win.document.getElementById("pwmeter"); + + for (let testCase of TEST_CASES) { + password1Textbox.value = testCase.password1; + password2Textbox.value = testCase.password2; + // Setting the value of the password textboxes via |.value| apparently + // doesn't cause the oninput handlers to be called, so we do it here. + password1Textbox.oninput(); + password2Textbox.oninput(); + + Assert.equal(win.document.documentElement.getButton("accept").disabled, + password1Textbox.value != password2Textbox.value, + "Actual and expected accept button disable state should " + + `match for ${testCase.name}`); + Assert.equal(strengthProgressBar.value, testCase.strength, + "Actual and expected strength value should match for" + + `${testCase.name}`); + } + + yield BrowserTestUtils.closeWindow(win); +}); + +// Test that the right values are returned when the dialog is accepted. +add_task(function* testAcceptDialogReturnValues() { + let [win, retVals] = yield openSetP12PasswordDialog(); + const password = "fooBAR 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三"; + win.document.getElementById("pw1").value = password; + win.document.getElementById("pw2").value = password; + info("Accepting dialog"); + win.document.getElementById("setp12password").acceptDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(retVals.get("confirmedPassword"), + "Return value should signal user confirmed a password"); + Assert.equal(retVals.get("password"), password, + "Actual and expected password should match"); +}); + +// Test that the right values are returned when the dialog is canceled. +add_task(function* testCancelDialogReturnValues() { + let [win, retVals] = yield openSetP12PasswordDialog(); + info("Canceling dialog"); + win.document.getElementById("setp12password").cancelDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(!retVals.get("confirmedPassword"), + "Return value should signal user didn't confirm a password"); +}); diff --git a/security/manager/ssl/tests/mochitest/browser/ca.pem b/security/manager/ssl/tests/mochitest/browser/ca.pem new file mode 100644 index 000000000..1a18e2bf0 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud +DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL +/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q +vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz +GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G +dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH +H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec new file mode 100644 index 000000000..6660f5d47 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/mochitest/browser/code-ee.pem b/security/manager/ssl/tests/mochitest/browser/code-ee.pem new file mode 100644 index 000000000..a4fdfaed7 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/code-ee.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxDCCAa6gAwIBAgIUSbYQoLY1s6wWqgbKhxQZ3XME7ukwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBIxEDAOBgNVBAMMB2NvZGUtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9 +sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5 +TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7 +xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd +tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l +8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsG +AQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEAV69uBbyc/d1eBdZlT7eAw4onQzkdndd8 +kEXdmP3hd+jJm1+/F733IflLLqE5mmUL9l7q7EJ+TgdZa19T6JHEaVjdJcIuwJO/ +kKSJXXqADQXoxHOZADDWjAFStiR3xd78BzYfuUANgozG6hq7QuVh0cYBx/8Q9gx/ +pGtuCJiN0d2Mknu0SoQzIZlXTuqmnFj7G/88O5Yh5MaFZxbvIJJSIWQoS396GrI6 +yXAdqHNoVM9mwwaMcnG5QeeKSIPuvEkZncQsxFc0zqIjeOVx/zEx2Bocx71dLuVB +fqrIrAXLpwparoSxLzNqq8UgtXF8NQOuAcUu7ok0r1VbdMbSZHZ3Gg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec new file mode 100644 index 000000000..93f9a8426 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:code-ee +extension:extKeyUsage:codeSigning diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem new file mode 100644 index 000000000..5b2cfd940 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvjCCAaigAwIBAgIUGzSP8KEmmRm3sIPiyQW35sazlHEwCwYJKoZIhvcNAQEL +MBUxEzARBgNVBAMMCmV4cGlyZWQtY2EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4 +MDIwNTAwMDAwMFowHTEbMBkGA1UEAwwSZWUtZnJvbS1leHBpcmVkLWNhMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq +5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc +An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39 +ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk +zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u +JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB +MAsGCSqGSIb3DQEBCwOCAQEAZ6Nrb/1fit8cALMhcbmuZ5kd3J34d0o9p3g3E7m7 +8RsTbYLA4xp9UmSzpO/10x9q4TUZ8jxW1dotoCVf7OqYYxQewrU2x3qoxKvP/Fvf +8ssWSIang91w+app+fv7QYDySymT6DJMLWyCmxyhaFjYnmr67GKldcgK9hbyjfDB +Rj382czI/HMSvw/vCB6rRKchzr5hsDGl+YN0MMI4M7/3b5wvMUmxlXqKu1VlslDZ +8Ez6ONuMdPJD3aQZMxmEph05pEMvhjFhLh+0n7kfLR+9n0D7IR9paVc6LgHLLxsP +ENoZLGOwJYNdAwwkd6fIa9E6KCpaRgyvWslm+iFCg3XxoA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec new file mode 100644 index 000000000..3e280fc4f --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec @@ -0,0 +1,2 @@ +issuer:expired-ca +subject:ee-from-expired-ca diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem new file mode 100644 index 000000000..ad2d988e0 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwjCCAaygAwIBAgIUI/4Y+KSEZo8YGQK6Ptrdmev5FO0wCwYJKoZIhvcNAQEL +MBcxFTATBgNVBAMMDHVudHJ1c3RlZC1jYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw +MTgwMjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRlZS1mcm9tLXVudHJ1c3RlZC1jYTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9 +PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3 +HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg +Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7 +EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK +lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C +AwEAATALBgkqhkiG9w0BAQsDggEBAJqsDDoJqxrmV4Mlt815HmJwhr/SuYhPwhoQ +RyU56Ci5kY/8fYa3F1uxSrpzuiYBX4bq6g8keXmltPZGN9gexPP2QJDAecNt0NKW ++04ZKSiz6Tbu+MEyBaXCINDKaAHVPRnbMWR1eCyHzYpZRKZW2Sb2NinWGebzq0mI +wt5l7veMkL5ZbeYF8u8bNFsdvhl1PM7/AfAZLJL4+fncaqQeDRyVffxrl4mCooS9 +DYajnw7AhFvN0XtXb5vK3HYiz9mv/OnXeoeWxYcWI6aY6LR0OwHHQQptKQSIOP87 +2mo64IbAwzuBrhxNrdrQKCnf1mtyDZig+2r6R4TP3EM3sCNAoiU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec new file mode 100644 index 000000000..833e1a23a --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec @@ -0,0 +1,2 @@ +issuer:untrusted-ca +subject:ee-from-untrusted-ca diff --git a/security/manager/ssl/tests/mochitest/browser/email-ee.pem b/security/manager/ssl/tests/mochitest/browser/email-ee.pem new file mode 100644 index 000000000..4211ef27d --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/email-ee.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUJctkeS6qP+WqsgOLbjATJuPlN40wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBMxETAPBgNVBAMMCGVtYWlsLWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf +vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb +uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S +O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR +3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv +5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxcwFTATBgNVHSUEDDAKBggr +BgEFBQcDBDALBgkqhkiG9w0BAQsDggEBAIFmRk4ZfcxWjetAoyYp0bIFLr5AjGqv +ecmc0khsRkW7NR23ywJsRsCU1u82JIGrE0bpDu/KQPAMJsi6QMc9hZEOzO1t1QmG +OJFLhCNTe+wf+5X+UKHKo01lEp7vDcO7DjuZIgEZSyOp9qbV88AtEiqESIzRBWYp +dL15cS1PDH8fa5k7MHCAh0C/HeDRD5EP8derIWWrFIesEdJAhwzMRzJrCWIqzLPP +Lv2gsXhehXCN7U14zkoGU97sSE09k5BopHd4fgqZesSApJrd2OenQAzdRIs3+UQy +iCs7oLH16lOl/yeRxVjcHRWaSRM47eGpn5+YOnGkoE/lqfux+jjB3rc= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec new file mode 100644 index 000000000..82e329670 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:email-ee +extension:extKeyUsage:emailProtection diff --git a/security/manager/ssl/tests/mochitest/browser/expired-ca.pem b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem new file mode 100644 index 000000000..2da553a56 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbegAwIBAgIUAfElDw37NeFULPHd+G2eoaHpvEYwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjAxMTAxMDEwMDAw +MDBaMBUxEzARBgNVBAMMCmV4cGlyZWQtY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg +2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ +5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ +PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj +DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W +iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMB +Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAde8CQNB8dVo5ly7Lu8x9 +5yDz2hpzAqqPDxP3+UqxzEgXeA4vfv1Bzvmxx69XEd+884M9Lkt2WBTrc+OrAgqX +pCCt4X8bjV2t+mG1shtYEGKk5BtRVnorHhZyf6+5xtOfpV9DeWkf/aA1SJK1Kpt3 +cNSDW10PwaGuaNiUMEtIFLD/MYZCM98RFOSVDWjqafbfUBn4ZSeoyRi1C2d3lg0C +jRFmOc1I4DQOUezp3C0WyCumJ0SLTIoYJGdAshMbDWPr0OOaB4GmI8miKhS6LM59 +o6C3fU8MJrRYKctYj0k9gW0DI6KuEFZj2AY8brv6Ufx1TKy5Z2pqIPeUbuJInCXM +qA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec new file mode 100644 index 000000000..15bdcd7d7 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:expired-ca +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +validity:20100101-20110101 diff --git a/security/manager/ssl/tests/mochitest/browser/has-cn.pem b/security/manager/ssl/tests/mochitest/browser/has-cn.pem new file mode 100644 index 000000000..8e7c479ae --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/has-cn.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0DCCAbqgAwIBAgIUfQIwxuYCoWiJuu/qTiEf7fbljnswCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMDcxDDAKBgNVBAMMA0ZvbzEMMAoGA1UECwwDQmFyMQwwCgYDVQQKDANCYXox +CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR +qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv +WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+ +rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv +JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5 +Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6 +clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAJ2fIigbkc2Lh5Z/s +Y7s4o0D9UnzttXjjEqKYhttk6PJnmVYG3zn3MBmyWPhDcXYW9fJwx7IOcC0woVdJ +yjkVZUIlJY6xAqIC6kVNtbI3PJ+mji8qQk/ecXCwhTGk0H2lZXrUtc6WMmD3GUIP +yNQGN/qAniRLnXzzVY3MJPLKKSlWSJEJCY4F4uDwBtwudPc+1yRIR6XblEL3dazS +H2kuIzGwIu6/i3AN2WIFWFhcuRTfLZINlNeH9gYEaUrwI3MS0aMPqGXtOHz+imZl +RwNng0xaiDxZXcEPjrRw5HEZcIEGBc6X8WtSzbWufiWBqMue1ltEpc1AkvUamuB3 +KJxYPA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec new file mode 100644 index 000000000..a4a0fcb5f --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca +subject:/CN=Foo/OU=Bar/O=Baz/C=US diff --git a/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem new file mode 100644 index 000000000..8800bfb73 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIChjCCAXCgAwIBAgIBCjALBgkqhkiG9w0BAQswDTELMAkGA1UEAwwCY2EwIhgP +MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowADCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX +bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ +OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9 +uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb +t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO +NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG +9w0BAQsDggEBAF/OD4h9UNl2afVbw/Hv2dCV5uMyDV3T8iEUI9eiCvYDMAOElkAN +NZbDfGfQdg8rNLKG6r7Vz8VBu0T/Vn2lswtKYPll63ANv9qZVtKGsDTGzN8JSC0k +xgMbtVsj+OsJs81hmNnW6xw7wehpPw3l1UakAEb6dbYuYCanR/p/u/hvTz7phe9D +AsJyRAo4a+QDyeqgAPKrzTatawshNnz9O4QhNzUqj53fMkpUq2ebOyIGMOvbh/N5 +nT6AVT2wn95mWawnS5v2VTRPALyMkgbl+0bb/VzXHN6CjDHO+n239lL2uQlAZFHe +8pKr4lmb82dLU9qUFbY7exLyV1aUyYSXSNU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec new file mode 100644 index 000000000..6346f7b83 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject: +serialNumber:10 diff --git a/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem new file mode 100644 index 000000000..16964b1c0 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAZCgAwIBAgIUCwPRyN8HCSE5XEIq7e2eEEe1OdIwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAt2CF0E7d +QYnfn/kc8hb6GF6sYpCFA6egEzr6OsYMYE7jt5mKlMJdbIxw57L8jg8IZ1fjH5AQ +KA5cchGcgjCkHoJ7jOYfMZCubCBdrsNKx2YYWcna8WIAZjwOIfNC0Ajs3IDiRDWm +vlBrFP9Z6bGuzNrvLFAB0lU2dM2b99DqzaYNZeQP5DcP6ZjaPkSvqOWr3Lf6ZAvO +tU70OcTelx74Hj9bI75bxVYd71Vorv5qB77zrl7GHb36f2pkludDOKeZ6XhRgy9e +vN6DLctM0v6fJprG50xrILDhqsTydTdjhETLaIWhF9aUHzFybpFArp8TLoWbXiX1 +eAVaASutFVprhA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec new file mode 100644 index 000000000..cc1b668a6 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca +subject:/C=US diff --git a/security/manager/ssl/tests/mochitest/browser/has-o.pem b/security/manager/ssl/tests/mochitest/browser/has-o.pem new file mode 100644 index 000000000..755d3cdae --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/has-o.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtDCCAZ6gAwIBAgIUeXeYs5jw41bNt0btBeEFNbUQonAwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBsxDDAKBgNVBAoMA0JhejELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk +e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg +KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI +YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi +lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL +HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN +AQELA4IBAQAs60sU1VqjaVQbGBHvBNyiQn9oTugmuEx9ogwVKhnmgRK+hYw+wgBn +H4yYZF1gF4xG7Rt+ut+EruSd4ht8vY9ZMvKrbgMrZ6HbNIZg9oIX+u0i9Bba2lh7 +p87mCePS5L7U1gPbg/fZ8jd0FvW8EusC/TX5tOeeUnawXWE4ciqPZfIVriU0iCP1 +nKzvFtawYzWwgN+QZ1ruzBi7qqrHNDAhgLu9+3g+9QyBd40XV7/EhDQ18kViaTSj +WmaUX7jJD1FUkGBkxjqHfgGkaYnt7UXGMDTeQ8vFeja11PJJIdRT8hSu0oTMdE6M +WCEw02+Fc+qsYH5I6vp3MOV8wyBqIqYc +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec new file mode 100644 index 000000000..f7cc3ffc7 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca +subject:/O=Baz/C=US diff --git a/security/manager/ssl/tests/mochitest/browser/has-ou.pem b/security/manager/ssl/tests/mochitest/browser/has-ou.pem new file mode 100644 index 000000000..06f663b3f --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/has-ou.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwjCCAaygAwIBAgIUU/td7MxWYwvdFLfgNUraIpy3GP8wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMCkxDDAKBgNVBAsMA0JhcjEMMAoGA1UECgwDQmF6MQswCQYDVQQGEwJVUzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9 +PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3 +HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg +Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7 +EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK +lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C +AwEAATALBgkqhkiG9w0BAQsDggEBAGbVHQ19S6R62HovLt9Ltir1z9KJ4QXWNAEu +FKicntKaId+jJY42y1+iAqQHy3FpjfLfx5eVKPW8vHbyTQSL/y0jJ9bPKepYsSay +5McWggOxMxVFazUCOntZN282WYIg3H/OFaeRarjeHlraZjwmNxrfHKzyBJ6bBqBJ +2vtmDez/+h+f0reutgnY1v4bJ02x/5YuG39+i08uRI0Vc+lrDiqDPYMxlmzwVvJM +xqo9TZu9gU4XFbK8c8EUsPjMMO1gKyroiBhthtEZ8a9Q4jdeD92cOZRcPrHtYyvR +qw9VhFLJRgLJ0DVOWqCHqYXUFfYngFezem1eeNxrz2eAbaURdCs= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec new file mode 100644 index 000000000..8879dabf5 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca +subject:/OU=Bar/O=Baz/C=US diff --git a/security/manager/ssl/tests/mochitest/browser/head.js b/security/manager/ssl/tests/mochitest/browser/head.js new file mode 100644 index 000000000..d488e6eeb --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/head.js @@ -0,0 +1,59 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ +"use strict"; + +var gCertDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +/** + * List of certs imported via readCertificate(). Certs in this list are + * automatically deleted from the cert DB when a test including this head file + * finishes. + * @type nsIX509Cert[] + */ +var gImportedCerts = []; + +registerCleanupFunction(() => { + for (let cert of gImportedCerts) { + gCertDB.deleteCertificate(cert); + } +}); + +/** + * This function serves the same purpose as the one defined in head_psm.js. + */ +function pemToBase64(pem) { + return pem.replace(/-----BEGIN CERTIFICATE-----/, "") + .replace(/-----END CERTIFICATE-----/, "") + .replace(/[\r\n]/g, ""); +} + +/** + * Given the filename of a certificate, returns a promise that will resolve with + * a handle to the certificate when that certificate has been read and imported + * with the given trust settings. + * + * Certs imported via this function will automatically be deleted from the cert + * DB once the calling test finishes. + * + * @param {String} filename + * The filename of the certificate (assumed to be in the same directory). + * @param {String} trustString + * A string describing how the certificate should be trusted (see + * `certutil -A --help`). + * @return {Promise} + * A promise that will resolve with a handle to the certificate. + */ +function readCertificate(filename, trustString) { + return OS.File.read(getTestFilePath(filename)).then(data => { + let decoder = new TextDecoder(); + let pem = decoder.decode(data); + let certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + let base64 = pemToBase64(pem); + certdb.addCertFromBase64(base64, trustString, "unused"); + let cert = certdb.constructX509FromBase64(base64); + gImportedCerts.push(cert); + return cert; + }, error => { throw error; }); +} diff --git a/security/manager/ssl/tests/mochitest/browser/invalid.pem b/security/manager/ssl/tests/mochitest/browser/invalid.pem new file mode 100644 index 000000000..1911098ef --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/invalid.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvDCCAaagAwIBAgIUcy9NBl2j6kWrXfJ6Na36AnwN2Q8wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBIxEDAOBgNVBAMMB2ludmFsaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9 +sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5 +TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7 +xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd +tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l +8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQEAwIBBjAL +BgkqhkiG9w0BAQsDggEBAHw1PeRKbGVaiNBPlshPnuEjJ5XN+ls3Lv8CVplvuFgM +uvOAfuXNcLcQmqU4QZm9PvIboCAe2FTFMJ+szDbCIFaBzzJ4RnuJ0FnBZDf1fKJm +/Nj4XikPePo5DnsqSs53aNKM7Nf5dcdCCA8kfpMm50Nw6ufWrr8HAEqQbDixecv1 +6as6xc458UU8AXKZb30VfLFAm0uPz2Y/ZjROnSqrNSB5ZRx9m4MqS3/4H7fSnlFU +yMcetH5ovGk3xJg65qWhaRlaoeExco9E5x1nUr+eK4OmP3MXlGbxxMQx1R43Ea11 +zSyaqlhGUs06uDOl4rk4b2FmkPgGV+A26gtjMYD005k= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec b/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec new file mode 100644 index 000000000..71a1707c3 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:invalid +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/mochitest/browser/md5-ee.pem b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem new file mode 100644 index 000000000..27bf90085 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICqjCCAZSgAwIBAgIURZ4xXpmcV9oh3RekbTwkCGv62NowCwYJKoZIhvcNAQEE +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBExDzANBgNVBAMMBm1kNS1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQQDggEBAKs7 +7/g5m901xqDth2t0tDTFWlfh/h94KLk8d8JAAa8AMdVwpMUMc2IKPk+H+f7JkBeE +hhJ/r4ZEbQkjZuoLSkAR6aKRprE97Ddw1LJLVish39DitEXxpyDemCIl8V6E8FpW +CWqbOZtvUScOQOlJ2uJfPwHkh93RJbzP9EY8Hd2arFYKuExi5z8Z465feZ53mdOe +17WG9IKKIQirr4OAxD+ab1EdMuPuXKQ9qfg4fSW/LDsb97x0/ElRfHwFDxsbEiVi +zR/gGMW9AQhc+eW2qchjYkO0v/ps7dzjDQFDJzLAd/mlb90cK1cpUz6XVn/HagvZ +0MRczu3MnE6KRPVpW8Y= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec new file mode 100644 index 000000000..279c15802 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:md5-ee +signature:md5WithRSAEncryption diff --git a/security/manager/ssl/tests/mochitest/browser/moz.build b/security/manager/ssl/tests/mochitest/browser/moz.build new file mode 100644 index 000000000..49d7d5a11 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/moz.build @@ -0,0 +1,35 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +BROWSER_CHROME_MANIFESTS += ['browser.ini'] + +# Temporarily disabled. See bug 1256495. +# (Note that when this gets enabled, some extra work will have to happen so +# that the mochitest harness knows where to get the generated certificates - +# right now it assumes they're in the source directory, which isn't the case +# when they're automatically generated.) +#test_certificates = ( +# 'ca.pem', +# 'code-ee.pem', +# 'ee-from-expired-ca.pem', +# 'ee-from-untrusted-ca.pem', +# 'email-ee.pem', +# 'expired-ca.pem', +# 'has-cn.pem', +# 'has-empty-subject.pem', +# 'has-non-empty-subject.pem', +# 'has-o.pem', +# 'has-ou.pem', +# 'invalid.pem', +# 'md5-ee.pem', +# 'revoked.pem', +# 'ssl-ee.pem', +# 'unknown-issuer.pem', +# 'untrusted-ca.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/mochitest/browser/revoked.pem b/security/manager/ssl/tests/mochitest/browser/revoked.pem new file mode 100644 index 000000000..b212e8250 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/revoked.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICqzCCAZWgAwIBAgIUD1t15yWPBLIhosAm9w9++t/F/fkwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBIxEDAOBgNVBAMMB3Jldm9rZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9 +sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5 +TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7 +xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd +tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l +8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IBAQCy +eobd3+MhGhQvhKQax5XNBqAEmogtsv6G1ZCoAx0kKU83r3Oj9ha4VfGN0syP8NQV +nmkecZ630QXQcyCD3RRiiLqU07N3nC5djm8v+vM5RhuDADkIwddH3WNWB+8KUJEd +3Sym1EN6xAYdQEAwWdPno73sUsFebuoL/c4gpTjD7PF+/vPzN0c3KVanlrMhayKe +3PLq8jST2OSdLvooa8qMYsFFG2S4A+gmp9Cx30moMG2+w1GBKZdtY2tlFx5DppIU +AoQzUl9pvT6AFDcY2RO6UvsWF9Pzr4dTjjgk8SO05jKcmj2GnBm480ZezDx5N5zm ++XVGgonJZRAucaVuJY79 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec b/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec new file mode 100644 index 000000000..daf75c670 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca +subject:revoked diff --git a/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem new file mode 100644 index 000000000..76a688034 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbegAwIBAgIUYfe94xSwDUoffRodCo1TPdV/PaswCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBExDzANBgNVBAMMBnNzbC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMhMB8wHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMAsGCSqGSIb3DQEBCwOCAQEAprVI8tGWBHIN2SV66ZnC +vOfWcQguUQg8QO3Al+O4X5U18hzgsmCjqt99b+oJCJD0qWBnPPBgqY52pckCgmTY +w73TZ5w3Rnr3v+BlQ5xPTyAQoUeutm1LMxY/Ju7m1XV44tyDnq6GZbOZLVWtRLXe +W4UEqVex4qbCw3GOvFyHmubSNUk81v4Iexe1SmIJN8glZsVmWJdaC2Xo7qhz+vvq +HljfO+/ejiBtZOJSf9qG6HcGW/Rf15Io0e+IA6jbZWrlAzIjBcYKumZF8LjRONHZ +vwiCwWit/IP6KvmsHAb7wj5c0U/p1TuyGdvu/ccp6nCdx8Ya7/QKfAEQTZXnloBG +4w== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec new file mode 100644 index 000000000..c4037675f --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ssl-ee +extension:extKeyUsage:serverAuth,clientAuth diff --git a/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem new file mode 100644 index 000000000..d8e750551 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtzCCAaGgAwIBAgIUEfR3vHTQuzModYBSMepORIL++2gwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB3Vua25vd24wIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowGTEXMBUGA1UEAwwOdW5rbm93bi1pc3N1ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo +V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p +0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk +fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh +W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI +TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZI +hvcNAQELA4IBAQB4pRQvglUpzNZ2fH0oj5bcqfcTjE3dwEzGg7WaMD2t50zKgCRp +2sDObvEB1Nv5SHSkebxDeS9xQ6Dghf+TvuCnkapi/6q9etP51lkIOhl6okAGUwdZ +vO3duIvXCVUWbut3ATQghKovDYuJXKMx1OYapxyLKKCsdvTQ8LNQpPcwbpVtqWKC +jLYpa1i/vtn4Pv8xs/ceOf10z5AdydpFBgZ8JpY0CbRI73WHR5fr1yYI7tfzaAA8 +d+OBZ7nqlg81khD/Oepl/h6/IJ3L2eB+lUZx6+yWML9jRD0HX1xRje19u2vxCuQ+ +tNo6lQr9fTRG76Md1d4fdg9+F9LGqDd+yBBv +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec new file mode 100644 index 000000000..c76a4e2c7 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec @@ -0,0 +1,2 @@ +issuer:unknown +subject:unknown-issuer diff --git a/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem new file mode 100644 index 000000000..0f874d9a9 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbmgAwIBAgIUT/T//UMr8YnbQBWj+61OMGPKRC4wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBcxFTATBgNVBAMMDHVudHJ1c3RlZC1jYTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw +AwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCiDFgskGRygaarkruu +gTwsX59ULb7yhXyYKZLTdsUitHi8Zk4KUmsbkBHGaek30Ud9A1GyLzuP3hb1/M7M +FdARYO8qrl414tW3hiON36R47qtw5cO6a2YZfvxU79esuoa6uxChhHLUugqNotJb +bbGwSMszKzkGtOQ5ZTFNc8+t1kWeQfFoPMznjg5WC2oq9Pl45Rt9lFrU3SD8MkVA +8fLAGR5TEOY2ZvjDDMKg+ceJNIaA3SPXDTVSXWNIakJU2vsdUXThTyfnoCw0sMQG +ZwkmKbCXioYXDB/nrjoVBgJh85JSc4KX137y5m2FK+wHzkKMgf4yn6Ql2eg/yTen +CaeK +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec new file mode 100644 index 000000000..04f443057 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:untrusted-ca +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js b/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js new file mode 100644 index 000000000..d61bb2044 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js @@ -0,0 +1,5 @@ +"use strict"; + +module.exports = { // eslint-disable-line no-undef + "extends": "../../../../../../testing/mochitest/mochitest.eslintrc.js" +}; diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs new file mode 100644 index 000000000..8e9afb098 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs @@ -0,0 +1,6 @@ +function handleRequest(request, response) +{ + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Access-Control-Allow-Origin", "*"); + response.write("hello!"); +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/backward.html b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html new file mode 100644 index 000000000..825c2aa80 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html @@ -0,0 +1,18 @@ + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js new file mode 100644 index 000000000..fd888504a --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js @@ -0,0 +1,7 @@ +/* import-globals-from mixedContentTest.js */ +"use strict"; + +document.open(); +document.write("This is insecure XSS script " + document.cookie); +isSecurityState("broken", "security broken after document write from unsecure script"); +finish(); diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html new file mode 100644 index 000000000..c2ebce364 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html @@ -0,0 +1,29 @@ + + + + Bug 383369 test, step 2 + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html new file mode 100644 index 000000000..1acafcd2f --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html @@ -0,0 +1,30 @@ + + + + Bug 383369 test, final step + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto new file mode 100644 index 000000000..4d2fb7d5a --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto @@ -0,0 +1 @@ +Temporary file for security/mixedconent tests \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^ new file mode 100644 index 000000000..9c3159e15 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^ @@ -0,0 +1,2 @@ +Content-disposition: "attachment" +Content-type: application/x-auto-download diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs new file mode 100644 index 000000000..5cce2826f --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs @@ -0,0 +1,5 @@ +function handleRequest(request, response) +{ + response.setStatusLine(request.httpVersion, 200, "OK"); + //response.setHeader("Content-type", "image/gif"); +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs new file mode 100644 index 000000000..20d9dea82 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs @@ -0,0 +1,13 @@ +function handleRequest(request, response) +{ + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-type", "image/bitmap"); + + let bmpheader = "\x42\x4D\x36\x10\x0E\x00\x00\x00\x00\x00\x36\x00\x00\x00\x28\x00\x00\x00\x80\x02\x00\x00\xE0\x01\x00\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x10\x0E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + let bmpdatapiece = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + + response.bodyOutputStream.write(bmpheader, 54); + // Fill 640*480*3 nulls + for (let i = 0; i < (640 * 480 * 3) / 64; ++i) + response.bodyOutputStream.write(bmpdatapiece, 64); +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html new file mode 100644 index 000000000..d67eb6a7a --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html @@ -0,0 +1,13 @@ + + + + + + + This is frame 1: + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html new file mode 100644 index 000000000..048ed811b --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html @@ -0,0 +1,14 @@ + + + + + + + This is frame 2: + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html new file mode 100644 index 000000000..d033f5b00 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html @@ -0,0 +1,8 @@ + + + + + Redirecting by meta tag... + + \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs new file mode 100644 index 000000000..ea93b80b7 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs @@ -0,0 +1,5 @@ +function handleRequest(request, response) +{ + response.setStatusLine(request.httpVersion, 307, "Moved temporarly"); + response.setHeader("Location", "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"); +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs new file mode 100644 index 000000000..937e29954 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs @@ -0,0 +1,5 @@ +function handleRequest(request, response) +{ + response.setStatusLine(request.httpVersion, 307, "Moved temporarly"); + response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"); +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs new file mode 100644 index 000000000..7af6116e1 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs @@ -0,0 +1,5 @@ +function handleRequest(request, response) +{ + response.setStatusLine(request.httpVersion, 307, "Moved temporarly"); + response.setHeader("Location", "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg"); +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs new file mode 100644 index 000000000..a8eb26642 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs @@ -0,0 +1,5 @@ +function handleRequest(request, response) +{ + response.setStatusLine(request.httpVersion, 307, "Moved temporarly"); + response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg"); +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js new file mode 100644 index 000000000..74c592e59 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js @@ -0,0 +1,204 @@ +"use strict"; + +/** + * Helper script for mixed content testing. It opens a new top-level window + * from a secure origin and '?runtest' query. That tells us to run the test + * body, function runTest(). Then we wait for call of finish(). On its first + * call it loads helper page 'backward.html' that immediately navigates + * back to the test secure test. This checks the bfcache. We got second call + * to onload and this time we call afterNavigationTest() function to let the + * test check security state after re-navigation back. Then we again wait for + * finish() call, that this time finishes completelly the test. + */ + +// Tells the framework if to load the test in an insecure page (http://) +var loadAsInsecure = false; +// Set true to bypass the navigation forward/back test +var bypassNavigationTest = false; +// Set true to do forward/back navigation over an http:// page, test state leaks +var navigateToInsecure = false; +// Open the test in two separate windows, test requests sharing among windows +var openTwoWindows = false; +// Override the name of the test page to load, useful e.g. to prevent load +// of images or other content before the test starts; this is actually +// a 'redirect' to a different test page. +var testPage = ""; +// Assign a function to this variable to have a clean up at the end +var testCleanUp = null; +// Contains mixed active content that needs to load to run the test +var hasMixedActiveContent = false; + + +// Internal variables +var _windowCount = 0; + +window.onload = function onLoad() { + if (location.search == "?runtest") { + try { + if (history.length == 1) { + // Each test that includes this helper file is supposed to define + // runTest(). See the top level comment. + runTest(); // eslint-disable-line no-undef + } else { + // Each test that includes this helper file is supposed to define + // afterNavigationTest(). See the top level comment. + afterNavigationTest(); // eslint-disable-line no-undef + } + } catch (ex) { + ok(false, "Exception thrown during test: " + ex); + finish(); + } + } else { + window.addEventListener("message", onMessageReceived, false); + + let secureTestLocation = loadAsInsecure ? "http://example.com" + : "https://example.com"; + secureTestLocation += location.pathname; + if (testPage != "") { + let array = secureTestLocation.split("/"); + array.pop(); + array.push(testPage); + secureTestLocation = array.join("/"); + } + secureTestLocation += "?runtest"; + + if (hasMixedActiveContent) { + SpecialPowers.pushPrefEnv( + {"set": [["security.mixed_content.block_active_content", false]]}, + null); + } + if (openTwoWindows) { + _windowCount = 2; + window.open(secureTestLocation, "_new1", ""); + window.open(secureTestLocation, "_new2", ""); + } else { + _windowCount = 1; + window.open(secureTestLocation); + } + } +}; + +function onMessageReceived(event) +{ + switch (event.data) { + // Indication of all test parts finish (from any of the frames) + case "done": + if (--_windowCount == 0) { + if (testCleanUp) { + testCleanUp(); + } + if (hasMixedActiveContent) { + SpecialPowers.popPrefEnv(null); + } + + SimpleTest.finish(); + } + break; + + // Any other message is an error or success message of a test. + default: + SimpleTest.ok(!event.data.match(/^FAILURE/), event.data); + break; + } +} + +function postMsg(message) +{ + opener.postMessage(message, "http://mochi.test:8888"); +} + +function finish() +{ + if (history.length == 1 && !bypassNavigationTest) { + window.setTimeout(() => { + window.location.assign(navigateToInsecure ? + "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html" : + "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html"); + }, 0); + } else { + postMsg("done"); + window.close(); + } +} + +function ok(a, message) +{ + if (!a) { + postMsg("FAILURE: " + message); + } else { + postMsg(message); + } +} + +function is(a, b, message) +{ + if (a != b) { + postMsg(`FAILURE: ${message}, expected ${b} got ${a}`); + } else { + postMsg(`${message}, expected ${b} got ${a}`); + } +} + +function isSecurityState(expectedState, message, test) +{ + if (!test) { + test = ok; + } + + let ui = SpecialPowers.wrap(window) + .QueryInterface(SpecialPowers.Ci.nsIInterfaceRequestor) + .getInterface(SpecialPowers.Ci.nsIWebNavigation) + .QueryInterface(SpecialPowers.Ci.nsIDocShell) + .securityUI; + + let isInsecure = !ui || + (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_INSECURE); + let isBroken = ui && + (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_BROKEN); + let isEV = ui && + (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL); + + let gotState = "secure"; + if (isInsecure) { + gotState = "insecure"; + } else if (isBroken) { + gotState = "broken"; + } else if (isEV) { + gotState = "EV"; + } + + test(gotState == expectedState, (message || "") + ", " + "expected " + expectedState + " got " + gotState); + + switch (expectedState) { + case "insecure": + test(isInsecure && !isBroken && !isEV, "for 'insecure' excpected flags [1,0,0], " + (message || "")); + break; + case "broken": + test(ui && !isInsecure && isBroken && !isEV, "for 'broken' expected flags [0,1,0], " + (message || "")); + break; + case "secure": + test(ui && !isInsecure && !isBroken && !isEV, "for 'secure' expected flags [0,0,0], " + (message || "")); + break; + case "EV": + test(ui && !isInsecure && !isBroken && isEV, "for 'EV' expected flags [0,0,1], " + (message || "")); + break; + default: + throw new Error("Invalid isSecurityState state"); + } +} + +function waitForSecurityState(expectedState, callback) +{ + let roundsLeft = 200; // Wait for 20 seconds (=200*100ms) + let interval = window.setInterval(() => { + isSecurityState(expectedState, "", isok => { + if (isok) { + roundsLeft = 0; + } + }); + if (!roundsLeft--) { + window.clearInterval(interval); + callback(); + } + }, 100); +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini new file mode 100644 index 000000000..c7a352eb8 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini @@ -0,0 +1,62 @@ +[DEFAULT] +skip-if = toolkit == 'android' #TIMED_OUT +support-files = + alloworigin.sjs + backward.html + bug329869.js + bug383369step2.html + bug383369step3.html + download.auto + download.auto^headers^ + emptyimage.sjs + hugebmp.sjs + iframe.html + iframe2.html + iframeMetaRedirect.html + iframesecredirect.sjs + iframeunsecredirect.sjs + imgsecredirect.sjs + imgunsecredirect.sjs + mixedContentTest.js + moonsurface.jpg + nocontent.sjs + redirecttoemptyimage.sjs + somestyle.css + unsecureIframe.html + unsecurePictureDup.html + +[test_bug329869.html] +[test_bug383369.html] +[test_bug455367.html] +[test_bug472986.html] +[test_bug477118.html] +[test_bug521461.html] +[test_cssBefore1.html] +[test_cssContent1.html] +[test_cssContent2.html] +[test_documentWrite1.html] +[test_documentWrite2.html] +[test_dynDelayedUnsecurePicture.html] +[test_dynDelayedUnsecureXHR.html] +[test_dynUnsecureBackground.html] +[test_dynUnsecureIframeRedirect.html] +[test_dynUnsecurePicture.html] +[test_dynUnsecurePicturePreload.html] +# [test_dynUnsecureRedirect.html] +# intermitently fails, quite often, bug 487402 +[test_innerHtmlDelayedUnsecurePicture.html] +[test_innerHtmlUnsecurePicture.html] +[test_javascriptPicture.html] +[test_secureAll.html] +[test_securePicture.html] +[test_unsecureBackground.html] +[test_unsecureCSS.html] +[test_unsecureIframe.html] +[test_unsecureIframe2.html] +# [test_unsecureIframeMetaRedirect.html] +# intermittently fails, less often, bug 487632 +[test_unsecureIframeRedirect.html] +[test_unsecurePicture.html] +[test_unsecurePictureDup.html] +[test_unsecurePictureInIframe.html] +[test_unsecureRedirect.html] diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg new file mode 100644 index 000000000..c0ffca256 Binary files /dev/null and b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg differ diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moz.build b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build new file mode 100644 index 000000000..8e5cb5d71 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build @@ -0,0 +1,8 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +MOCHITEST_MANIFESTS += ['mochitest.ini'] + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs new file mode 100644 index 000000000..53fa4bc0c --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs @@ -0,0 +1,4 @@ +function handleRequest(request, response) +{ + response.setStatusLine(request.httpVersion, 204, "No Content"); +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs new file mode 100644 index 000000000..4d85e1658 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs @@ -0,0 +1,5 @@ +function handleRequest(request, response) +{ + response.setStatusLine(request.httpVersion, 307, "Moved temporarly"); + response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs"); +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css new file mode 100644 index 000000000..9867e3c41 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css @@ -0,0 +1,4 @@ +body +{ + background-color: lightBlue; +} diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html new file mode 100644 index 000000000..3b8fae25e --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html @@ -0,0 +1,37 @@ + + + + dymanic script load + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html new file mode 100644 index 000000000..b68546d0a --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html @@ -0,0 +1,102 @@ + + + + Bug 383369 test + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html new file mode 100644 index 000000000..ec2b8590a --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html @@ -0,0 +1,35 @@ + + + + No content image doesn't break security + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html new file mode 100644 index 000000000..b95cfcf65 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html @@ -0,0 +1,47 @@ + + + + img.src replace + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html new file mode 100644 index 000000000..51a13a4b8 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html @@ -0,0 +1,35 @@ + + + + Bug 477118 + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html new file mode 100644 index 000000000..523b97f59 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html @@ -0,0 +1,39 @@ + + + + Bug 521461 + + + + + + + + + + + +This is an unsecure page! \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html new file mode 100644 index 000000000..72046e032 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html @@ -0,0 +1,43 @@ + + + + CSS :before styling 1 + + + + + + + + + + + + + +

+ There is a moon surface left to this text +

+ + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html new file mode 100644 index 000000000..364d652f4 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html @@ -0,0 +1,42 @@ + + + + CSS conent styling 1 + + + + + + + + + + + + + + +

+ + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html new file mode 100644 index 000000000..c57410b74 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html @@ -0,0 +1,47 @@ + + + + CSS conent styling 2 + + + + + + + + + + + + +

+ + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html new file mode 100644 index 000000000..64eec0890 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html @@ -0,0 +1,38 @@ + + + + document.write('<img src="http://">') + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html new file mode 100644 index 000000000..41878d292 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html @@ -0,0 +1,40 @@ + + + + document.write('<iframe src="http://">') + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html new file mode 100644 index 000000000..4f7305f41 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html @@ -0,0 +1,48 @@ + + + + img.src changes to unsecure test + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html new file mode 100644 index 000000000..7dbfdf4da --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html @@ -0,0 +1,49 @@ + + + + unsecure XHR test + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html new file mode 100644 index 000000000..6d06f1a64 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html @@ -0,0 +1,45 @@ + + + + body.background changes to unsecure test + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html new file mode 100644 index 000000000..f846f8919 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html @@ -0,0 +1,45 @@ + + + + iframe.src changes to unsecure redirect test + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html new file mode 100644 index 000000000..cbb5dccf8 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html @@ -0,0 +1,46 @@ + + + + img.src changes to unsecure test + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html new file mode 100644 index 000000000..64a7a4abe --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html @@ -0,0 +1,37 @@ + + + + img.src changes to unsecure test + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html new file mode 100644 index 000000000..c1af7b29d --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html @@ -0,0 +1,40 @@ + + + + img.src changes to unsecure redirect test + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html new file mode 100644 index 000000000..5e408b2aa --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html @@ -0,0 +1,42 @@ + + + + innerHTML changes to unsecure test + + + + + + + + + + + + \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html new file mode 100644 index 000000000..ff3592542 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html @@ -0,0 +1,40 @@ + + + + innerHTML changes to unsecure test + + + + + + + + + + + + \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html new file mode 100644 index 000000000..1efbe4d73 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html @@ -0,0 +1,35 @@ + + + + Secure img load + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html new file mode 100644 index 000000000..cd9f1d0d7 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html @@ -0,0 +1,43 @@ + + + + All secure anti-regression check + + + + + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html new file mode 100644 index 000000000..cdd59ce15 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html @@ -0,0 +1,37 @@ + + + + Unsecure iframe load + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html new file mode 100644 index 000000000..288526437 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html @@ -0,0 +1,38 @@ + + + + Unsecure redirect iframe load + + + + + + + + + + + + \ No newline at end of file diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html new file mode 100644 index 000000000..1095c769f --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html @@ -0,0 +1,38 @@ + + + + Unsecure redirect iframe load + + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html new file mode 100644 index 000000000..dc18efa29 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html @@ -0,0 +1,35 @@ + + + + Unsecure img load + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html new file mode 100644 index 000000000..5d02de95c --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html @@ -0,0 +1,21 @@ + + + + Unsecure img load in two windows + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html new file mode 100644 index 000000000..2ece07342 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html @@ -0,0 +1,37 @@ + + + + Unsecure img in iframe load + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html new file mode 100644 index 000000000..a796b41b5 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html @@ -0,0 +1,37 @@ + + + + Redirect from secure to unsecure img + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html new file mode 100644 index 000000000..228267741 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html new file mode 100644 index 000000000..f53fb4830 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html @@ -0,0 +1,35 @@ + + + + Unsecure img load in two windows + + + + + + + + + + + + + + + diff --git a/security/manager/ssl/tests/mochitest/moz.build b/security/manager/ssl/tests/mochitest/moz.build new file mode 100644 index 000000000..05c6b7906 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/moz.build @@ -0,0 +1,11 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +TEST_DIRS += [ + 'browser', + 'mixedcontent', + 'stricttransportsecurity', +] diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/.eslintrc.js b/security/manager/ssl/tests/mochitest/stricttransportsecurity/.eslintrc.js new file mode 100644 index 000000000..74b7a1a07 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/.eslintrc.js @@ -0,0 +1,9 @@ +"use strict"; + +module.exports = { // eslint-disable-line no-undef + // mochitest-chrome tests also exist in this directory, but don't appear to + // use anything not also available to plain mochitests. Since plain mochitests + // are the majority, we take the safer option and only extend the + // mochitest-plain eslintrc file. + "extends": "../../../../../../testing/mochitest/mochitest.eslintrc.js" +}; diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/chrome.ini b/security/manager/ssl/tests/mochitest/stricttransportsecurity/chrome.ini new file mode 100644 index 000000000..b2ce8fef0 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/chrome.ini @@ -0,0 +1,6 @@ +[DEFAULT] +tags = psm +skip-if = os == 'android' +support-files = page_blank.html + +[test_sts_privatebrowsing_perwindowpb.html] diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/mochitest.ini b/security/manager/ssl/tests/mochitest/stricttransportsecurity/mochitest.ini new file mode 100644 index 000000000..100f45840 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/mochitest.ini @@ -0,0 +1,13 @@ +[DEFAULT] +tags = psm +support-files = + nosts_bootstrap.html + nosts_bootstrap.html^headers^ + plain_bootstrap.html + plain_bootstrap.html^headers^ + subdom_bootstrap.html + subdom_bootstrap.html^headers^ + verify.sjs + +[test_stricttransportsecurity.html] +skip-if = toolkit == 'android' #TIMED_OUT diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/moz.build b/security/manager/ssl/tests/mochitest/stricttransportsecurity/moz.build new file mode 100644 index 000000000..cd73f7716 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/moz.build @@ -0,0 +1,10 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +MOCHITEST_MANIFESTS += ['mochitest.ini'] + +MOCHITEST_CHROME_MANIFESTS += ['chrome.ini'] + diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html new file mode 100644 index 000000000..f9b0f9381 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html @@ -0,0 +1,26 @@ + + + + + + STS test iframe + + + + + This frame was loaded using + + and set the STS header to force this site and allow subdomain upgrading. + + diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html^headers^ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html^headers^ new file mode 100644 index 000000000..9e23c73b7 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html^headers^ @@ -0,0 +1 @@ +Cache-Control: no-cache diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html new file mode 100644 index 000000000..db5d31a96 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html @@ -0,0 +1,5 @@ + + + PAGE BLANK + + diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html new file mode 100644 index 000000000..f9b0f9381 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html @@ -0,0 +1,26 @@ + + + + + + STS test iframe + + + + + This frame was loaded using + + and set the STS header to force this site and allow subdomain upgrading. + + diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html^headers^ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html^headers^ new file mode 100644 index 000000000..a46bf65bd --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html^headers^ @@ -0,0 +1,2 @@ +Cache-Control: no-cache +Strict-Transport-Security: max-age=60 diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html new file mode 100644 index 000000000..24a364158 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html @@ -0,0 +1,26 @@ + + + + + + STS test iframe + + + + + This frame was loaded using + + and set the STS header to force this site and allow subdomain upgrading. + + diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html^headers^ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html^headers^ new file mode 100644 index 000000000..e54fc6a1d --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html^headers^ @@ -0,0 +1,2 @@ +Cache-Control: no-cache +Strict-Transport-Security: max-age=60; includeSubDomains diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html new file mode 100644 index 000000000..675688638 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html @@ -0,0 +1,120 @@ + + + + + + opens additional content that should be converted to https + + + + + + + + This test will load some iframes and do some tests. + + + diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html new file mode 100644 index 000000000..882030b67 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html @@ -0,0 +1,275 @@ + + + + + + opens additional content that should be converted to https + + + + + + + + This test will load some iframes and do some tests. + + diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs b/security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs new file mode 100644 index 000000000..e5e4eb5f6 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs @@ -0,0 +1,47 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// SJS file that serves un-cacheable responses for STS tests that postMessage +// to the parent saying whether or not they were loaded securely. + +function handleRequest(request, response) +{ + var query = {}; + request.queryString.split('&').forEach(function (val) { + var [name, value] = val.split('='); + query[name] = unescape(value); + }); + + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/html", false); + + if ('id' in query) { + var outstr = [ + " ", + " subframe for STS", + " ", + " ", + " ", + " STS state verification frame loaded via", + " ", + " ", + " "].join("\n"); + response.write(outstr); + } else { + response.write("ERROR: no id provided"); + } +} diff --git a/security/manager/ssl/tests/moz.build b/security/manager/ssl/tests/moz.build new file mode 100644 index 000000000..e7c06c21e --- /dev/null +++ b/security/manager/ssl/tests/moz.build @@ -0,0 +1,17 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +DIRS += ['unit'] + +TEST_DIRS += [ + 'gtest', + 'mochitest', +] + +XPCSHELL_TESTS_MANIFESTS += ['unit/xpcshell.ini'] + +if not CONFIG['MOZ_NO_SMART_CARDS']: + XPCSHELL_TESTS_MANIFESTS += ['unit/xpcshell-smartcards.ini'] diff --git a/security/manager/ssl/tests/unit/.eslintrc.js b/security/manager/ssl/tests/unit/.eslintrc.js new file mode 100644 index 000000000..1f96e7821 --- /dev/null +++ b/security/manager/ssl/tests/unit/.eslintrc.js @@ -0,0 +1,5 @@ +"use strict"; + +module.exports = { // eslint-disable-line no-undef + "extends": "../../../../../testing/xpcshell/xpcshell.eslintrc.js" +}; diff --git a/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem new file mode 100644 index 000000000..62406aaac --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAc6gAwIBAgIUaauScBIwFX7ueYmCXknl2gMYElAwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowJjEkMCIGA1UEAwwbRUUgd2l0aCBiYWQgc3ViamVjdEFsdE5hbWVz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2 +ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF +h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n +cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv +OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj +tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt +jQIDAQABox4wHDAaBgNVHREEEzARgg8qLiouZXhhbXBsZS5jb20wCwYJKoZIhvcN +AQELA4IBAQBQsZKhZe/1VkfifLqD4bni/7VY8xfXQO4DDu9HSkFmeJOhaIzfdQls +q4LN+HVuJcJQZD1ni24UbJib+Jh8cbuzRA8l6w+PUBB6XPeF8BfYDkSbDoIYxj6h +OclX4HInco4O4Ul+1K0u7qF9xtMYK+xaAZqiEzU638nW2n5EWV8v7y5dJsmx7rz3 +s7boQNkjgZo7R0Lw5Z8zzKYE0jVp+dRztP/f0X9uG6YW3thFIfHbewXBKP1kiIv6 +jymQMdcdnc+LhtM5/+KJcCstGA1YUaZ7pNkU7/KyB0Ch1m+b40EOSnZKelUFkmvp +yaMC1hUND9LZjKwnGKNwuF5HR4OX/w0g +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec new file mode 100644 index 000000000..1b368c26f --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec @@ -0,0 +1,3 @@ +issuer:Test CA +subject:EE with bad subjectAltNames +extension:subjectAlternativeName:*.*.example.com diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem new file mode 100644 index 000000000..ffb961c45 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJzCCAhGgAwIBAgIUdXLIuQ4fxP+03n9N/HH0ZlV0c7owCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMTk0NjAyMTQwMDAwMDBaGA8yMDMxMDEw +MTAwMDAwMFowLDEqMCgGA1UEAwwhQmVmb3JlIFVOSVggRXBvY2ggVGVzdCBFbmQt +ZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB +/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRx +CHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMC +OosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdm +Wqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGz +ey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUD +rNoYCjXtjQIDAQABo1swWTAjBgNVHREEHDAaghhiZWZvcmUtZXBvY2guZXhhbXBs +ZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxo +b3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEAgkj+Gwj2oJbjTvT8ivsSVfs1XHg6 +VOkPc8+DvFUY9l+lffyGUf8JQV0HuHHWOdPkSNAthqCYvsvzn1p21OFVo8EB7f5/ +mCz+u/YiWDDDjRfIYPUxvKIL4qqz+1dW3YcYOCG7luyNgajR9M9ivHGh7pX23Loa +726oYYXWaY0KU2/CkLWLSvrdbcEiw/mUMrpKa7H2Zh0OVg6pcL1LNlUTGOWoyl9X +u50M4iKLlb1wHiBTqXskKu6lM3yob6fVQ53S6Q6vKPsmD0hiKzGP5k8NLp5m0tHm +a18x76ggEprPxGI3XXOCejGBbBIdswEX+WA904jMRwrrbLXxXLKSG72UKg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec new file mode 100644 index 000000000..ac97b2231 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Before UNIX Epoch Test End-entity +validity:19460214-20310101 +extension:subjectAlternativeName:before-epoch.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem new file mode 100644 index 000000000..62ddea52a --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6zCCAdWgAwIBAgIUewecPPOfV1pIxDqNQZDAK7WnmikwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMTk0NjAyMTQwMDAwMDBaGA8yMDMxMDEw +MTAwMDAwMFowLjEsMCoGA1UEAwwjQmVmb3JlIFVOSVggRXBvY2ggVGVzdCBJbnRl +cm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W +1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq +ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx +0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV +t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo +4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx +1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsG +CSqGSIb3DQEBCwOCAQEAZOcbi3DKkzazT2A2ZlqHdeY7tgVL8fiQnPvzfYpNgB+R +pM3gkZRagkliv8o0ZKlkaoLDula6Q5Rhe2hY2+PSQNi/BkDdg/ituWOnH2ruX8Dm +cWFFWJfGehf12dpJWhW+lovgQvbUmAVeMKMDfNIHgGZmwdVarYTN4LV7uu1abtIP +mxFLc8x2CkGk9XQJXbts3cLwtZJiqAdMCuX5P4fmnLkaFAw+Vs+6aLBLOOD5WMF9 +vqwTRPDedtG+xmOhZ+J0YijRRfm4go5gCZj3XF3RgA35V7A/i3MCX2jPRfXDRywV +8bsqZlIgILgdm4YCHlXpF9aqHJxz9AMKZs3Wk8mu7Q== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec new file mode 100644 index 000000000..835e63f2b --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Before UNIX Epoch Test Intermediate +validity:19460214-20310101 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem new file mode 100644 index 000000000..c234f9365 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVjCCAkCgAwIBAgIUHY/2g5fyvV2MONrnjGi3fWc83j0wCwYJKoZIhvcNAQEL +MC4xLDAqBgNVBAMMI0JlZm9yZSBVTklYIEVwb2NoIFRlc3QgSW50ZXJtZWRpYXRl +MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDgxNjA0BgNVBAMM +LVRlc3QgRW5kLWVudGl0eSB3aXRoIEJlZm9yZSBVTklYIEVwb2NoIGlzc3VlcjCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9 +PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3 +HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg +Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7 +EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK +lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C +AwEAAaNiMGAwKgYDVR0RBCMwIYIfYmVmb3JlLWVwb2NoLWlzc3Vlci5leGFtcGxl +LmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhv +c3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQAAYmpIy15lrWSrorG+HfjZNckhAsCG +1BOVYRr+s1Zks4wj1aMXFSzblgNgdRuZA20TkRfJKw40cyuNLfm5DhKZUbo+0LAN +jthu2cHFBaQn+XV6xMb2tEKTU8rBqzAYIAnmEIlLukYQBVICL9tirC1JJhqe1/S8 +U139izFYNnSqNmss2cJOuI4VM7B951v1h4mQYfcX1Sv27qWaKBK7k9fKBWWE0DCX +YR1nB4RlI+92ncTOwbjtXR92gqR/z1wGDOPj/0VNNUn4SKo5Xif9TqXh4LhnY9fD +HgoZSMDxftXou1MjN0cWnIP6QMyLfg2kSN0vnQpVle6KgsxpfrgLiMoU +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec new file mode 100644 index 000000000..9aabe2162 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec @@ -0,0 +1,4 @@ +issuer:Before UNIX Epoch Test Intermediate +subject:Test End-entity with Before UNIX Epoch issuer +extension:subjectAlternativeName:before-epoch-issuer.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem new file mode 100644 index 000000000..ae40112c3 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAiugAwIBAgIUBUmy5jtGrDso26TeIelwmtF+KFAwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowLzEtMCsGA1UEAwwkVGVzdCBJbnRlcm1lZGlhdGUgdXNlZCBhcyBF +bmQtRW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO +FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr +amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka +sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY +VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n +aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE +MdUDrNoYCjXtjQIDAQABo3IwcDAMBgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYw +JDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzAsBgNVHREEJTAj +giFjYS11c2VkLWFzLWVuZC1lbnRpdHkuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQEL +A4IBAQApr3pPS4uWz6oPEhrTO73K+JTP2VRTKgtbooPhOZ6tCRz75P729RzVOEZF +Vf87VSFTTXUdG5Q6+SDNuCdDuyyPR4q38s+8jgv3OVfsEbhPuSx73pLAzYg727Ip +U2ROGoVysc3JrUfwPZSvQ/i4iqdb2sVwtqR5LM1nApy5+p6Ef8cwjfm9qsdrHlnx +3VdiioEOp+8SKH5rzfZe+1jepRODlqvFEO9gFbaqjHLzL005xAcfpsZPH5JzDhqD +g4QiIFlm+wwQ9pTBpk1ZmbgDyk4frrxughFsbR4zDDTfJCREa5RlwH34xOkx/cTu +ee/qZzerx61VI88GvLK87eX2ZiH1 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec new file mode 100644 index 000000000..8e16705b5 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Test Intermediate used as End-Entity +extension:basicConstraints:cA, +extension:authorityInformationAccess:http://localhost:8888/ +extension:subjectAlternativeName:ca-used-as-end-entity.example.com diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.key b/security/manager/ssl/tests/unit/bad_certs/default-ee.key new file mode 100644 index 000000000..8af23e068 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs +VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s +JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI +r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz +iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg +SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R +TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N +gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp +xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r +ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR +3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY +EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs +2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb +WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo +tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl +rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2 +TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit +tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m +ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1 +NBinA5ZsT8d0v3QCr2xDJH9D +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec new file mode 100644 index 000000000..4ad96d515 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec @@ -0,0 +1 @@ +default diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.pem b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem new file mode 100644 index 000000000..0a9eaebb5 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhTCCAm+gAwIBAgIUNRvpOhsDHEYbRf6bsiAPbvKe2VAwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1 +aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we +adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS +pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W +YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR +CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHH +MIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbYIVKi5waW5u +aW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4 +YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4YW1wbGUu +Y29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9z +dDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAH6+Qe/y1TTCx2w6f31VWp5lcizPkS8s +ODfbgT9pKYqqvYDeiDu3q8SLGHTTsHWWewBCu5Jd0mXPXfZ4FEHcwbVJZUZBvQVr +1aNBCriuzhNUyfjkvfCgM4OuxgNwjbihGDE8VzfxTiz8mDN0AgACCZaUTQnybQc0 +SW+ldxspBgQJom0tkZ+TGi80L3/5P5J2+7AchxhAZzQmebDnxNYDZXCJH8w15was +OzM5BrQzz3vuxupO7lsRzZIzAU+uQD4bjcMpz3oMdj3/0lb0HZGMdU22Ub36PvLC +6mYbTtf0IS5TVyLnbCNeliE6zoPnQPBzAUfoOeD1Tn6HQUQUT8oTf2E= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec new file mode 100644 index 000000000..554339ff5 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Test End-entity +extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem new file mode 100644 index 000000000..08c574fd1 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDITCCAgugAwIBAgIURex/TuOH9TNqma6czhjn0gJqzqwwCwYJKoZIhvcNAQEL +MBoxGDAWBgNVBAMMD1Rlc3QgRW5kLWVudGl0eTAiGA8yMDE1MTEyODAwMDAwMFoY +DzIwMTgwMjA1MDAwMDAwWjAeMRwwGgYDVQQDDBNFRSBJc3N1ZWQgYnkgbm9uLUNB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2 +ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF +h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n +cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv +OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj +tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt +jQIDAQABo1swWTAjBgNVHREEHDAagglsb2NhbGhvc3SCDSouZXhhbXBsZS5jb20w +MgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4 +ODgvMAsGCSqGSIb3DQEBCwOCAQEAnLI+egtdtaCj/pGgINrEi98m6gvK+wANDhDS +RhX2IztG/xuLCXIEcecjl2ifppklo6BnGqMebuLxndygkEGXiuvTvAbtd8Ac3s7O +Cln/JW3OOBs6a3UJJeo1rpADn5F7tSXJshnVFNshZlXACnb25JIvKKIZwEhNKCmz +whfX5xVW7RumZ5I4BYrE16YkQKQ9Fc7orioPbcTfH/zmoBBseMFi9UHCsI/u6P2/ +2DpdD2hlld/Cy0cEzb8IJFnx1CYIpfKCP2OZR+YEn8i1P6WwEyYy47YlFmZGkVmQ +t1zEXNWT6xdW9+jREoyvl2pb/4BzQDzUhUg6P1jbFqHKtBgFqg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec new file mode 100644 index 000000000..63c36d34b --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test End-entity +subject:EE Issued by non-CA +extension:subjectAlternativeName:localhost,*.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem new file mode 100644 index 000000000..e24448493 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5jCCAdCgAwIBAgIUWdJEDrMcdJcIJoGstXeNPWoUzCcwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1YxIENlcnQwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowHzEdMBsGA1UEAwwURUUgSXNzdWVkIGJ5IFYxIENlcnQwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk +NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC +fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m +CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM +HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m +1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj +JzAlMCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTALBgkqhkiG +9w0BAQsDggEBAFlYTwajTjFg0lvULVveYmWQWzPlRjdDi+TM/guuC13D9sDXN9vi +y5ofPdtqlGo2owjEe8XII/3enZHJqJAk/zDcjVg7ErXoui54K5q6eZGN+6hdhiGB +iT4TxrHAQXPfkXgLr6AQx0JkIO5G8l/PZDETLkxNMoFssQwb1x2D28LxYhqcGQJY +A7h8M8kMNZiltGqLUBXdYdmM1IljJb/BlqULV7QbCh8jXsvdP3leIQCRK+vUONcK +MjnLEzAYhNhRYWkjCBF/Q+qsPlL/aSbkupr6z4lXuCUIPF8TWs8q0V0uwGeOT0MZ +aWkw8tsi1UYRR9Z5WdTe8l0dYF0G/kpD44Q= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec new file mode 100644 index 000000000..9ed9b33db --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec @@ -0,0 +1,3 @@ +issuer:V1 Cert +subject:EE Issued by V1 Cert +extension:subjectAlternativeName:localhost,*.example.com diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem new file mode 100644 index 000000000..719f4e760 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAc+gAwIBAgIUWcXPQzwjDQvgxBhAb1cUwuJNgfswCwYJKoZIhvcNAQEL +MAAwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLTErMCkGA1UE +AwwiRW5kIGVudGl0eSBzaWduZWQgYnkgZW1wdHkgbmFtZSBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs +9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8 +HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak +kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet +lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r +kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMqMCgw +JgYDVR0RBB8wHYIbZW1wdHlpc3N1ZXJuYW1lLmV4YW1wbGUuY29tMAsGCSqGSIb3 +DQEBCwOCAQEAqbRuhfV+zSaD8FqWMaaX3Q0V08aazNE+xt/4z0E79Ap0LWUs8h2j +IVC61EsJKrgYMseNd6DqyzhucQYgH1yuyZjb9VC+BuEA/GvcbzxMKr9jf9hMFXvf +PtyrAPDKbkscfjF1Xpq0nfTld0zxDaa01lZEyY175Ga8OM0oUaOr9tsa/m6d4/qT +2J1qOus/doyoD8CJB5vOAFjK1C0u4EMmZoayjiOQori61wsmcn6I077Pdwbhi49d +iuZGc3UU9VBPyQ6CWN5tP2e2OSfT3p1ep/7gb7RJXQXEHksokq53Rg8HM97wQxLi +134jJOJFJmeq+8pZ9NSTwrA6mo1nLfiPwA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec new file mode 100644 index 000000000..a99d84b79 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec @@ -0,0 +1,3 @@ +issuer: +subject:End entity signed by empty name CA +extension:subjectAlternativeName:emptyissuername.example.com diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem new file mode 100644 index 000000000..1946feeb1 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvTCCAaegAwIBAgIUQYl3Nyjq38ZPBpJZBi8APD7LGXcwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE +jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1 +a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p +GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW +2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO +p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR +xDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYw +CwYJKoZIhvcNAQELA4IBAQAbXSUfUwpYXLieOce+6P1Sqtcg0nuDf46vmR+1vykN +sRZNnvsO32PNCh+WgsvJ/Yy6SPS3LKG/NwBK2yH0fiq/b+JPK15cvV/hRkb23ght +4D1+CZ6hMgirvMDFMk9wb24zUMn1MshHSfed5RM01GCnSTsBUldM93bFaMNlghyH +AIFz3aj2VTMZvL8XeoytDChfE/RYoI4eFD8O2MPyRCkJ1grN8PmpoU5xdiDIpKIp +4UK5/SnRnyci6oBpjJTECnboTv0qyfpODr/QBU5iO+8Yg02Uco27fiy5MmcejRg1 +7+pRFfrvBU7DP3uJhGOTKZzsrgsrYK6qSo7zbPyhD8oJ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec new file mode 100644 index 000000000..0a7cfdfd8 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject: +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem new file mode 100644 index 000000000..dc231eafb --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNzCCAiGgAwIBAgIUeWc23T2mQmvsb7b3an7jH8J3eAwwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAfMR0wGwYDVQQDDBRldi10ZXN0LWludGVybWVkaWF0ZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1 +SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+ +zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL +K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc +bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW +JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaN5 +MHcwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwRwYIKwYBBQUHAQEEOzA5MDcG +CCsGAQUFBzABhitodHRwOi8vbG9jYWxob3N0Ojg4ODgvZXYtdGVzdC1pbnRlcm1l +ZGlhdGUvMBEGA1UdIAQKMAgwBgYEVR0gADALBgkqhkiG9w0BAQsDggEBAHZl5S4d +aiBNutInbA5t4qjcyhimG10JI70r14ijN5RXNf0TjCJjE1GDCEz3/VGAH+TFMO+c +6jAKGro2hojGPwnth49D359dMMgppcpRGq+G4paB8PuXcmTlF3slFfDa8KIay4bB ++g2db724ctqtXEHE5/FcmpTNkZftO1lHCEw+O1Sle1Firulo75WivLWyNsOh2znO ++pBQ98oYqb3q+LmKnlFw61cFLcpJ6qOs9d0X0IvGHbh7KL9Hc97orLZ5qH3UsV7k +Ews3BJjSqjZj75nciNzQUfEAYCK+t/I/tDSgebn/Ka5bVAv0iuglYHQksc4oXVgB +WIn/SxQDsNphGGQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec new file mode 100644 index 000000000..d5b585967 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:ev-test-intermediate +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://localhost:8888/ev-test-intermediate/ +extension:certificatePolicies:any diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test.pem b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem new file mode 100644 index 000000000..7bdcf4d4d --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPjCCAiigAwIBAgIUJ/RiEbbZUXgHnSnds1C7ViloXtQwCwYJKoZIhvcNAQEL +MB8xHTAbBgNVBAMMFGV2LXRlc3QtaW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAw +MDAwWhgPMjAxODAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB2V2LXRlc3QwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk +NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC +fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m +CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM +HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m +1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj +fzB9MDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL2xvY2FsaG9z +dDo4ODg4L2V2LXRlc3QvMB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkB +MB4GA1UdEQQXMBWCE2V2LXRlc3QuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQELA4IB +AQBvoPaWE/YaF3sD+tYoAGdjNDbmQcP8QRhVG8wlIWSAfk9RRbvUbs8RNjdXntYV +8J4ikq9/ajwHN85rJsRq3054qbqjit2Cn73tVhTzhe/h8xnXjLA357w/jXXXx1lD +VZKxUvWqTvC9tHPjF3w17A2a1/3OltdLHPfzWF0Zf6Zo4uaaI8x+ayMMF6MCS3ZC +FM2fNvIW/euVhjtLC3b+++5lMq/ZZCuJGB1kANDsX5LpXSZ23AXNhPrPxvgkmfoB +TPoBoy2kD814qljp8G8RguNYpaz5wSYXZNROnVBCqafEbE8VlIAwAxWp5H5qN6Et +F3OoQMb5dBIffK3lNw6UjFaZ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec new file mode 100644 index 000000000..10f802258 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec @@ -0,0 +1,5 @@ +issuer:ev-test-intermediate +subject:ev-test +extension:authorityInformationAccess:http://localhost:8888/ev-test/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.key b/security/manager/ssl/tests/unit/bad_certs/evroot.key new file mode 100644 index 000000000..a756a0705 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/evroot.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh ++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU +dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H +cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y +1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t +oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ +5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB +0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+ ++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE +vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9 +HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE +MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V +vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV +7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH +lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V +jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv +nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui +p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ +zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v +4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA +hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C +pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV +bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3 +mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j +LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf +UVFRDKpassHG6z7+kpXRbowlyRY= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec new file mode 100644 index 000000000..1a3d76a55 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec @@ -0,0 +1 @@ +ev diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.pem b/security/manager/ssl/tests/unit/bad_certs/evroot.pem new file mode 100644 index 000000000..cd2fd7ed8 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/evroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx +MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ +OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh +uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94 +rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu +iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY +UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB +Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP +gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn +8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9 +I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3 +91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22 +fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+ +3g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec new file mode 100644 index 000000000..3121f3486 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:evroot +subjectKey:ev +issuerKey:ev +validity:20150101-20350101 +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem new file mode 100644 index 000000000..3c97dc9f3 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGDCCAgKgAwIBAgIUW6mdE/nOX+M5zMEeIHpOn0cOWLgwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMzAxMDEwMDAwMDBaGA8yMDE0MDEw +MTAwMDAwMFowIjEgMB4GA1UEAwwXRXhwaXJlZCBUZXN0IEVuZC1lbnRpdHkwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT +2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV +JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N +jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA +BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh +He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB +AAGjVjBUMB4GA1UdEQQXMBWCE2V4cGlyZWQuZXhhbXBsZS5jb20wMgYIKwYBBQUH +AQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqG +SIb3DQEBCwOCAQEAsojdWfBBJsaUmPKLdSCOn3/7PMoWE7m1mmKXf2dz+qW4SKWb +b2cVxoDMzU/AooTDRnrYveB1ir4Ej/e1a7Wjs8iZgHL9udIlQ7Yw7N7EB/Vt6dM8 +yEkwuiCd1XmiEEkUQtRk0DmJxCCyxrFNDGUDt7HOWX+jvbpnULKL9J26ax3exBpk +J6F7WlmxFynroxHdxFPzxRCC+oUYt1jfvGjASIBl7tMJ/z8wO2ISMLaHpRX8iOIz +e2bg02Z97zf63lTOtDa3034MUjBxcAuouHjgzKhyWQI0jZlWCeJSnM5MuhDbpiD+ +N3uDz6VBj13PpCGpA1esoM1ojrkQbmvHvWT+3A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec new file mode 100644 index 000000000..0a03bc36f --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Expired Test End-entity +validity:20130101-20140101 +extension:subjectAlternativeName:expired.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem new file mode 100644 index 000000000..c6e51c000 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4TCCAcugAwIBAgIUP/xjJPJw5E0F3vjDGmPIDtk82ggwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8yMDEzMDEw +MTAwMDAwMFowJDEiMCAGA1UEAwwZRXhwaXJlZCBUZXN0IEludGVybWVkaWF0ZTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9 +PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3 +HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg +Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7 +EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK +lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C +AwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQEL +A4IBAQAUWUmrK2X6alxQ6fWuj/3HNONQMipMDk7CQB/MhoWll+7tCHUMxck/QKaC +1cnI0EY/c/ibX0J/NBm4AO1u3+qHfo5heFana/ybSj1trGEYWXXnDnRFr8SSRSjx +VATBHBd1m9lckd+zDhLSk/lnYXyzJX8D39yYp2udP0cVGrbCT58aUXHwsEhfQpYY +LN6xNYLcDCLtkrtZs4uwzFteL4NE8WflIlOTe+2Y/s1RTEzhs0+8avkaLyMzM+MI +XDiVO3tFcX3ygsb+ndQaIL8vFUhLFEdr8xrjRuFuzbUu9EiR2oKiiNq1gZTyInqz +S57UfV5LyaUa8mv2qNF2b3/FySXR +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec new file mode 100644 index 000000000..38a0abd8a --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Expired Test Intermediate +validity:20110101-20130101 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem new file mode 100644 index 000000000..ff00cc00b --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPDCCAiagAwIBAgIUS9fUW0vPRYOaV8nstqC62Y6Qk08wCwYJKoZIhvcNAQEL +MCQxIjAgBgNVBAMMGUV4cGlyZWQgVGVzdCBJbnRlcm1lZGlhdGUwIhgPMjAxNTEx +MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLjEsMCoGA1UEAwwjVGVzdCBFbmQt +ZW50aXR5IHdpdGggZXhwaXJlZCBpc3N1ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg +2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ +5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ +PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj +DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W +iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjXDBaMCQGA1UdEQQdMBuC +GWV4cGlyZWRpc3N1ZXIuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEA +alq65e2NhGZhr/ph19pR7V6Tijqwd5ZubfMOQX/kVex5EerZGYWvc31+wBk6nf5r +0z6MscHAtu/M6kN/obrFoYYro7cWFCBd6GeaSG6aDBqrjT2nnBuZ2TGICRc4h8jM +274y1x9qzC3/kzXKS0XqeFQmbwJ9eEaqn3m9Kb8jQPbyC+hZyUFatGhcKYbFPaAo +fdgZL2FQpJ9uG1QsblYQ1ERBvbabN4Y0jg5XFza5nQftFkY6xevmYt7asc+npNkv +qh2aNL3pmG9E0hXZD5N3LMbndP8rzG6vnBq/6SO2eGtos2AjEVXGypJzFhBGNOfs +mwNzXXuiatkIHp2r5pyQuw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec new file mode 100644 index 000000000..855f45422 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec @@ -0,0 +1,4 @@ +issuer:Expired Test Intermediate +subject:Test End-entity with expired issuer +extension:subjectAlternativeName:expiredissuer.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem new file mode 100644 index 000000000..f8baeea9f --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+TCCAeOgAwIBAgIUPxkDf9AiLxVWjs21J/3by0oWUJcwCwYJKoZIhvcNAQEL +MBkxFzAVBgNVBAMMDlVua25vd24gSXNzdWVyMCIYDzIwMTUxMTI4MDAwMDAwWhgP +MjAxODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD0lETiBDZXJ0aWZpY2F0ZTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ +6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk +nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N +/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG +JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd +7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA +AaM4MDYwNAYDVR0RBC0wK4IpYnVnNDEzOTA5LnhuLS1oeGFqYmhlZzJhejNhbC54 +bi0tanhhbHBkbHAwCwYJKoZIhvcNAQELA4IBAQBOBtdU6gEu6bu2pVN4QobNL1eS +TFEGDazNKDq2s/90ddUz7DL029rhnzaIJib7dc4/dxgl5TgcL/8PwPUHRZXteRTX +3hAA+XCunBacQYfZDiG8Bpp1ClslU0FVOngivFHw/mseM7hxOCAJg++1oa1uCqBz +bcVvau/ISa/fApWBICmfRjaD7ztrdVyE5b2M90T7ywedBJHShk8gpJKp3s2/neQB +CcBp3LNoIb0JDMZCk4pVCNTRB9DOpa5zMTu/Emd3EpV9wISEGvDmNUGmuunrgr2h +xZ01TDSLknEJyZR7IbMjkhS4SFpIc6bK19h9yblzDUcCJj+ZH1Po23Fk6muT +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec new file mode 100644 index 000000000..b3d840fbd --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec @@ -0,0 +1,3 @@ +issuer:Unknown Issuer +subject:IDN Certificate +extension:subjectAlternativeName:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key new file mode 100644 index 000000000..d10324fb3 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICcAIBADANBgkqhkiG9w0BAQEFAASCAlowggJWAgEAAoGAANKbsS+4T93NKbOl +GctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZ +BX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbh +WvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAQJ/PEllBwvzkMJR1aLFJ3xbX9C97oXK +1/4rJ5grsoURSlBwBANq4c+K5Usl5Ns5IVq9fpA/YYwtiy8IzGzRLbzNciBeSUW2 +s984nl5D3goUi7LITiQx/b5ZILBEuycvRez/ByG337YDl/xhOp6jXCIwBTDK6PkV +nFNN878JEJUZAQJAD58XWXyFuAUbnGmvtV71dsmW29CQR9DM3ludYOpcZ/5PrGe+ +gD9LasWj8FD3a5ZvsU9c8QV2HlrebdlgsYO6VQJADXtjcRLOYaVRaMD5yThvsnmr +QMug1Ukza7plJ3JjqseCYRosgdm2Nc94xAAYhZ4BjF6QBtEuPS7m80bnn6QzaQJA +Cf1smj6m6RrjIHD5/BwhD/k1L5e+XR7rlRuzloHp3FtnKlMiIbPYkAyanZm50KTh +AtxFDKG4ewsTid5lFsCuDQJAAUG4MkkbfdSoMwiSACTHnK5kvUR9+IO7TFZyqWur +SLcSOzTyYyRFLNzrF/IeVw40fL4v1MLY+ZEOrCy22JW4yQJABFjdau4YyIsvm4Hx +vDB1riDcH5lz0gck8gsGBD1hR8h4nUoHroi8gshDjIk+AXsTlH9i4LGJWKMetmSx +nmTT4A== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec new file mode 100644 index 000000000..21ed73d60 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec @@ -0,0 +1 @@ +rsa1016 diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem new file mode 100644 index 000000000..2ad219824 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICszCCAZ2gAwIBAgIULXNWBRUzJ/V70VPd4+9U6rf/lYswCwYJKoZIhvcNAQEL +MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMCkxJzAlBgNVBAMMHkluYWRlcXVhdGUgS2V5IFNp +emUgRW5kLUVudGl0eTCBnjANBgkqhkiG9w0BAQEFAAOBjAAwgYgCgYAA0puxL7hP +3c0ps6UZy2bEO42Pi+VFunk4TOZj7QPfdZkWAOuSB5DSUwzs5UTbmacfBYlqPtIH +FlU0qpkFfkfEfjvIGtpvoeEuNyaLUEalUmj52tfMtIXYGi4Z1Q1PC2hUrK9te+ad +mggxNuFa+o9TwcjIT8YHcnndDlXXNppb3QIDAQABo2UwYzAtBgNVHREEJjAkgiJp +bmFkZXF1YXRlLWtleS1zaXplLWVlLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYw +JDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0B +AQsDggEBALhNoeoHzQoeaGR/5bxF8VGE2XrCPoDatHwanND8rp1esVsmkkOSLof1 +DXgjZpg9ZJWw1PnprkYkV3XU1PIZWfUh/B/ir7QnsjRrORfJ+BP3Az+Sf1vX8fTB +rfInVWtmRzTkzX/taouPBwJj+CN14hncbaT1FxX74XXmkZXHf2MfRjHjzuB1dNPP +dAu+YVJSxZMv7QD/6qYZoy81dfqcN31IjxoFO0039ZmKrLpUjOZzOnmqzy0+wJpc +Gz7lBvoHNv8SjVeUslb9IpP0uAqkpVYNZhWpPFpJ7xOdVKSWAUG1jDeMAD1tXC7R +N0iiOloMHZ70o84Z6b7IB10IpoymVt4= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec new file mode 100644 index 000000000..02b595dc9 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test Intermediate +subject:Inadequate Key Size End-Entity +subjectKey:rsa1016 +extension:subjectAlternativeName:inadequate-key-size-ee.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem new file mode 100644 index 000000000..7e73075c1 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPTCCAiegAwIBAgIUOTTgOhTYLxvzfXf1OSZs5pCrnTUwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowLzEtMCsGA1UEAwwkSW5hZGVxdWF0ZSBLZXkgVXNhZ2UgVGVzdCBF +bmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO +FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr +amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka +sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY +VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n +aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE +MdUDrNoYCjXtjQIDAQABo24wbDALBgNVHQ8EBAMCAQIwKQYDVR0RBCIwIIIeaW5h +ZGVxdWF0ZWtleXVzYWdlLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggr +BgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEB +ABOkyemfFGxIC9qMI5B7cYQJ7Mrc8qG1wlnc5aKFZ65wnBURgQUw2TtVwBOweLGz +82qR+MnDho8inUTyilydw7WwyLAi2A2jlqcgCaBcyRh8g7/BBJ9dEP2u1BNp2r9R +8VvTlUKj/4Ta8/GG2mEKqyhd8bpevZaaTyjQUGcFYr76/XZ0D6TxtOM0SBLrybNg +A/hbKste6MIXE0rJwUzN2+xWBvfeFqMwzRYZ3F/393qT3vWMgHZt4ZBo/RqQzEM4 +I8k6n3s7zssdPOXHy0lezYwkCtnya2OPdGEAyABviARZjIl9Hn+0nsymZmFUkV9A +vUw83907j7buWerBFwnAxuo= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec new file mode 100644 index 000000000..4d553890b --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Inadequate Key Usage Test End-entity +extension:keyUsage:cRLSign +extension:subjectAlternativeName:inadequatekeyusage.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem new file mode 100644 index 000000000..6b7c848a1 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICzDCCAbagAwIBAgIUaWHoyJhhB4GixK3MP8mpJLbOZYMwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowFDESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB +xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT +qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5 +kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS +wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk +BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxgwFjAUBgNVHREE +DTALggkxMjcuMC4wLjEwCwYJKoZIhvcNAQELA4IBAQCFFyBe938Z1/1WFILrNZ// +3YlpJW0ww46JXCD+RheG2IdI2zdnbNOr7hUnLt4KprntLwmzWFYJInj+sq886c6x +yKImpnVvjB0yDxJki85lNX6ARRHQrTNNf3wczSHdUmGlpzFUUuDkjYZS5Y6P//ms +wPBxppkYguZVvU1s6nvHnuG2wDPKogeD5wmBSfJf8oVo03M6TqNYRK5socyeQ740 +LxXjlLYqQaUI+FEQLrCfv4LLrWpoH6mKg3hyKWoG6bEcCyvMBBJ+vDxCCpGE7b2L +tMLn8BML+23CQ5SO53FR7dnWOuxSjnR+GRoFxw5E0qOZEGt+Fb9An5+R4xxRENfB +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec new file mode 100644 index 000000000..766233847 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec @@ -0,0 +1,3 @@ +issuer:Test CA +subject:127.0.0.1 +extension:subjectAlternativeName:127.0.0.1 diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem new file mode 100644 index 000000000..b81dbafa4 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMjCCAhygAwIBAgIUO/qAw3/gzbpGANaN0lKQaxLhTPwwCwYJKoZIhvcNAQEE +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8yMDEzMDEw +MTAwMDAwMFowLzEtMCsGA1UEAwwkVGVzdCBNRDVTaWduYXR1cmUtRXhwaXJlZCBF +bmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO +FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr +amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka +sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY +VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n +aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE +MdUDrNoYCjXtjQIDAQABo2MwYTArBgNVHREEJDAigiBtZDVzaWduYXR1cmUtZXhw +aXJlZC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0 +dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQEEA4IBAQCJtN322gHdXy56 +sBTdOg+d3AS8AlXpOkm1yDyhICQznqsjdCz5qIUZQI+qm8cHVlLUjioTHWLds1i3 +wCQy4+l4VFFdP3Y7I2V49l3U9FPCHuZY1j8fyGyczAgKv/OYA2aQbcOPt1iR1S3J +hji6e/bbxftBAXedt3QmvOmtqXRxuaiAaWgnL+nA2GfS3HQBaI0B13hxboPT9G8a +u70eMAkBvloAwyrS2O/1cAZUPzCrqHeTVMidziHOXHHh4vFxBFICXYxG9ocFcWOb +pA7E/QrHsTKI0OAr7336EWx1P5XITFZfe/SbBySCj088fMqW0yUuPN8+fvYMVoQr +ifC5kUCZ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec new file mode 100644 index 000000000..e4c2b7008 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec @@ -0,0 +1,6 @@ +issuer:Test CA +subject:Test MD5Signature-Expired End-entity +validity:20110101-20130101 +signature:md5WithRSAEncryption +extension:subjectAlternativeName:md5signature-expired.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature.pem b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem new file mode 100644 index 000000000..de1317577 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDKDCCAhKgAwIBAgIUCcBjO7AcpbQJxZbg9Jic6+Wjd88wCwYJKoZIhvcNAQEE +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowLTErMCkGA1UEAwwiVGVzdCBFbmQtZW50aXR5IHdpdGggTUQ1IHNp +Z25hdHVyZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW +Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk +cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT +AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3 +ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh +s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV +A6zaGAo17Y0CAwEAAaNbMFkwIwYDVR0RBBwwGoIYbWQ1c2lnbmF0dXJlLmV4YW1w +bGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2Fs +aG9zdDo4ODg4LzALBgkqhkiG9w0BAQQDggEBAGEUSKisSADWzD5jGCfvXOoUsYdh +AuGaJqbQFQ+D3hJlmuPXcqOFV8oZNAaaMt0tcyH6Ak4KjpLcitRLQE2W6ChF2nQK +qxz0OWYuFhtDg6c7JBXIT0c0/nM1NCoyDxZLK7oTpjAR5Ji6LIwuvj6uW0CLFZz2 +CqwlS+7RirFyzHr279ylFJxoGmApJjIG4Fds0BJoAdU8V4ZbDNE8LwcrYfI+h817 +y0IGGkrfpZ2eT94Ih+UfuYhKWyJ5pkxNtoG85It63MN+8i2flxSazuEk9sqRJznF +OTYfaktXXlgBTlvr9m7P8kg+JQbwf915GMN3cgHuN00NiRqsvOQxJQl1BHs= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec new file mode 100644 index 000000000..02742d910 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Test End-entity with MD5 signature +signature:md5WithRSAEncryption +extension:subjectAlternativeName:md5signature.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem new file mode 100644 index 000000000..9924dfb7e --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg+gAwIBAgIUE8pDZuVKk0GpcycnYoniDg5yXqwwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMzAxMDEwMDAwMDBaGA8yMDE0MDEw +MTAwMDAwMFowKzEpMCcGA1UEAwwgTWlzbWF0Y2gtRXhwaXJlZCBUZXN0IEVuZC1l +bnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAGjWjBYMCIGA1UdEQQbMBmCF2RvZXNudG1hdGNoLmV4YW1wbGUu +Y29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9z +dDo4ODg4LzALBgkqhkiG9w0BAQsDggEBACTILZlbbJ0JN8lnC7ckWE6+/l/y2WOl +uF23jWbhElQrqJS/YHLqeu1we1LJYQAdN+w/Ro2F6bpxmGea2kZV8jLWRVL1e8ek +b8+AwSMDmMLcWV6eS+3XLxCF9YPHNIIM3mrUAcI3Oc1Pmf9xWiNxrHukuAk8CJbp +6Q/Xrdtt4sgpYRDEsciB1Vn14NEDP1SoPi86dcFNpNfuheG/Bjdosi5CAxKfLakr +WWQbTmCR1m+1OyNsiGEsUisIOXyCTTehTuhcZp+EyR5SHy0cNg6tVStMU49k4XsC +jG+UmcQRsNHgNqJK+k2KM7yvGjuonokDfKUrQ6EtgWSvkqcFasmCPbQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec new file mode 100644 index 000000000..262f08d6b --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Mismatch-Expired Test End-entity +validity:20130101-20140101 +extension:subjectAlternativeName:doesntmatch.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem new file mode 100644 index 000000000..bfbb973c1 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDKzCCAhWgAwIBAgIUT/IgcHtYb6NXOgazofG+tsSh5RcwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAzMzAxMDEwMDAwMDBaGA8yMDM0MDEw +MTAwMDAwMFowMTEvMC0GA1UEAwwmTWlzbWF0Y2gtTm90IFlldCBWYWxpZCBUZXN0 +IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo +RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a +dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t +aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n +FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX +Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py +UcQx1QOs2hgKNe2NAgMBAAGjWjBYMCIGA1UdEQQbMBmCF2RvZXNudG1hdGNoLmV4 +YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xv +Y2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAE12bvoPuLY/rJGy1ijqXgTe +1JkVgsL9YxL3yqUsNwvLwdtOA9OtvUprqNaq90niYJ2P58c9ZrloGy5YSjl0cNDv +GbWiNJoxmY0jsR7Ql45t7uWOEArw81rMeqBjs0dNB99IoJ7xxSNWvmpOGprHw3An +nVTSmQF4L5qQVAgf1ki2Y43I1ahu04BTAWgzaTppwfX8tAJhZ62HQ+44FetYHnIa +FZMh/LLiuI0FadRLVaH6uxo7BcvrO8s5zDZ+9W08Fqv60Trl6k+y/N229g+txVhQ +LULSLizQNoJeSDBVcbq0uYTGvvr/VhPdFDLbR6KOtYGy6VtJgnziQFlL5JS7EGM= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec new file mode 100644 index 000000000..947eb7d67 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Mismatch-Not Yet Valid Test End-entity +validity:20330101-20340101 +extension:subjectAlternativeName:doesntmatch.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem new file mode 100644 index 000000000..47c8d4c3a --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh+gAwIBAgIUBRVeuOJA+GTXgxh+UUrNUeli1lowCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8y +MDEzMDEwMTAwMDAwMFowNTEzMDEGA1UEAwwqTWlzbWF0Y2gtVW50cnVzdGVkLUV4 +cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc +BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC +a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg +uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK +9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP +mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo1owWDAiBgNVHREEGzAZghdkb2Vz +bnRtYXRjaC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGG +Fmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQAP9DQC50r0 +B5xvOnkJxB+IFlr8dv2bLNg5Dm3ITmobaHvjEywXzP8RwYVwqgZsVG1Z6FyNBgey +qJXDXHbrPI81G6286p+rQgEeu7DcoFoHL2umpAXSEVzLw/MyIqbsD9tXKe7fYKvu +R7Vz/OhQsZMy+ShHGn0Ze6mRdFbdmUYzcrYuCyAKLfqsvpnQ9y7+bd0lgMSHxPG3 +kruIQs5MZ/VUraVtvdoLUxoUy3v7oaCyUJgCS6Wls3nlAECpDTEg986HOVaysKtH +hRG82KctN5RK40H6EuUGa83Yxp0zF6OnqiOVtm7vHmkk4WNIP2i+gG+/zex78/P6 +EhZHLdk5fS/M +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec new file mode 100644 index 000000000..adc8ebaf8 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec @@ -0,0 +1,5 @@ +issuer:Other test CA +subject:Mismatch-Untrusted-Expired Test End-entity +validity:20110101-20130101 +extension:subjectAlternativeName:doesntmatch.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem new file mode 100644 index 000000000..723ed4dae --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDLTCCAhegAwIBAgIUBUkHM4qYlHhlajaquYXsh/XJw+swCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowLTErMCkGA1UEAwwiTWlzbWF0Y2gtVW50cnVzdGVkIFRl +c3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI +UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi +r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x +fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD +7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv +uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj ++nJRxDHVA6zaGAo17Y0CAwEAAaNaMFgwIgYDVR0RBBswGYIXZG9lc250bWF0Y2gu +ZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8v +bG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEAstqHR4upkLa4tJcDD4vH +cUAJrMT+FzazHXIe4ukUiWG1HtyCjUiFI+NhS7YhCY2+rigO58UKgNkaG6BkrlJM +I81gnyfljMUmukNDmOmsOtXHhP8MXdEa6ye266M/CflTI1oAnLir/6ZJm8AwcLVW +vh4rhEjARMMPpmUC7vpf2aK4qTAcxuymei9Q7uy2tjJT4PExwa4aMBc195yXAyat +oMnVQWZqcQE1Gq/AUzQpHsZAvZOPzEQVLk1gAnZrDLZCQucEbd0P2cJ929cK5Zz0 +8t13hDTRa4NpHeaqCTz1l8tVf70FyeQn/tpRQT3uw6aUTbVpELONOFsgt/n/7RBb +Tg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec new file mode 100644 index 000000000..91c5f548b --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec @@ -0,0 +1,4 @@ +issuer:Other test CA +subject:Mismatch-Untrusted Test End-entity +extension:subjectAlternativeName:doesntmatch.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem new file mode 100644 index 000000000..205fa23b9 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPDCCAiagAwIBAgIUexDM8FvRSX/MKvVCro1JmGq023EwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowIzEhMB8GA1UEAwwYTWlzbWF0Y2ggVGVzdCBFbmQtZW50aXR5MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08 +E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc +1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP +DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ +gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV +YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID +AQABo3kwdzBBBgNVHREEOjA4ghdkb2VzbnRtYXRjaC5leGFtcGxlLmNvbYIdKi5h +bHNvZG9lc250bWF0Y2guZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEA +CGnfn+l13zgSEIzCmZL2JLUHCKH7OilQ0tE7QjGTXo12KXUML8uNhoxXgH/z7ZnG +0N2ya+Y1pGOyAFsj37nAipH5xsM2mP1aAlPEjgrmoskyhiMszKxr8OD8TFHOfvkS +BlRjnGVjWpwkc2sAbHneN/aitkWDoQ2nacipdQl0OuW4jEjNXa1GE60kCmlfI72b +aP0yN0NPnIcx8Q4M++tfQ7imJbnonxIdQGJdjHHjIRE2CNFyt2Qeb66IyK/pnEDm +oVjx5VZPLUr0g1Ubg6W65LbIuNzalpzPBP30CAEqLXNNZ6wqKTgEHB5UB8sQnFTS +2AZeBlTZ42e5UpU/+h8Mog== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec new file mode 100644 index 000000000..b93599fc8 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Mismatch Test End-entity +extension:subjectAlternativeName:doesntmatch.example.com,*.alsodoesntmatch.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem new file mode 100644 index 000000000..004ce48e6 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwDCCAaqgAwIBAgIUJzlO5E47g+NUJjL7EcrQMDmXq04wCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowIjEgMB4GA1UEAwwXZG9lc250bWF0Y2guZXhhbXBsZS5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT +2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV +JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N +jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA +BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh +He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB +AAEwCwYJKoZIhvcNAQELA4IBAQBy/KCwjrh0emnzBnuw+yEZElSD23wKKhAjUISO +27ndrI6Gmv/wKHdgUP2yBPZbTcUT7RrzamdkOrsVASL2vAFAI1r/wHp/PXEnuNY5 +mUWVZLH3kCzJjvZXvGbdQUJhNraNbvDgV+GI/AAo+67QnSmYM0bqhaMsgbGHILGl +qZNOE6GZdWDFBSdNIdKz3AXeKiTXduR7rb03CiuGkG+RmByPEARiUdt2xdZMxx+Q +nhOTnBEu3KsyvJ0Y79Z6T8s3qo2dUsjHF9Kn77CKNYQFTbyoDMsBnulZZuL3uL0A +Fn7CB+VWzVooOhq+BvbeynWGDj3rHsMQUPyP8DMKuwJZwSxa +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec new file mode 100644 index 000000000..86ef45b7c --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec @@ -0,0 +1,2 @@ +issuer:Test CA +subject:doesntmatch.example.com diff --git a/security/manager/ssl/tests/unit/bad_certs/moz.build b/security/manager/ssl/tests/unit/bad_certs/moz.build new file mode 100644 index 000000000..5402f3c21 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/moz.build @@ -0,0 +1,68 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'badSubjectAltNames.pem', +# 'beforeEpoch.pem', +# 'beforeEpochINT.pem', +# 'beforeEpochIssuer.pem', +# 'ca-used-as-end-entity.pem', +# 'default-ee.pem', +# 'eeIssuedByNonCA.pem', +# 'eeIssuedByV1Cert.pem', +# 'emptyIssuerName.pem', +# 'emptyNameCA.pem', +# 'ev-test-intermediate.pem', +# 'ev-test.pem', +# 'evroot.pem', +# 'expired-ee.pem', +# 'expiredINT.pem', +# 'expiredissuer.pem', +# 'idn-certificate.pem', +# 'inadequateKeySizeEE.pem', +# 'inadequatekeyusage-ee.pem', +# 'ipAddressAsDNSNameInSAN.pem', +# 'md5signature-expired.pem', +# 'md5signature.pem', +# 'mismatchCN.pem', +# 'mismatch-expired.pem', +# 'mismatch-notYetValid.pem', +# 'mismatch.pem', +# 'mismatch-untrusted-expired.pem', +# 'mismatch-untrusted.pem', +# 'notYetValidINT.pem', +# 'notYetValidIssuer.pem', +# 'notYetValid.pem', +# 'noValidNames.pem', +# 'nsCertTypeCritical.pem', +# 'nsCertTypeCriticalWithExtKeyUsage.pem', +# 'nsCertTypeNotCritical.pem', +# 'other-issuer-ee.pem', +# 'other-test-ca.pem', +# 'self-signed-EE-with-cA-true.pem', +# 'selfsigned-inadequateEKU.pem', +# 'selfsigned.pem', +# 'test-ca.pem', +# 'test-int.pem', +# 'unknownissuer.pem', +# 'untrusted-expired.pem', +# 'untrustedissuer.pem', +# 'v1Cert.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) +# +#test_keys = ( +# 'default-ee.key', +# 'evroot.key', +# 'inadequateKeySizeEE.key', +# 'other-test-ca.key', +#) +# +#for test_key in test_keys: +# GeneratedTestKey(test_key) diff --git a/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem new file mode 100644 index 000000000..36d258cb0 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/zCCAemgAwIBAgIUD8+FcBmecy2K1vllEQ2SgGucJCQwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowKTEnMCUGA1UEAwweRW5kLWVudGl0eSB3aXRoIG5vIHZhbGlkIG5h +bWVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62 +iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql +WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq +Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ +ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i +b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY +CjXtjQIDAQABozYwNDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6 +Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQBiwTfHRmir5VnSNxOs +S806Ao1xXqaz7ff/qi32Nnio855qHulmKjsRfmEv09N7/PNFkAa6yILe0/8YdroC +aOd1iOdawsNMoeud7mD0FjuOYcjSnCx0WTeW5LZ/yXkgKwA8+shZzhr9TYiXQtnt +TIgQma15CyjpFp9ztHj6MtInVFhjDxe9DzJsgLv8EAxbLacPN6ZFB6DevvI+NL6M +wsy27OMdFvW7M4AWlWIyCFJg1moxaw8Ht8vUooe3EWbRknuM5IasgwZDt5YUeXkO +0nQF4IKtLoASla3UOL7exkMLJA7kE4zTlOKADXi56lNZd/2ck/+wd9hrwo8aXLsO +T34M +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec new file mode 100644 index 000000000..87088e87e --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec @@ -0,0 +1,3 @@ +issuer:Test CA +subject:End-entity with no valid names +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem new file mode 100644 index 000000000..a380ffc9a --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIjCCAgygAwIBAgIUM4uC0JcSpF7UST7x6F6ZPc9KOrswCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAzMTAxMDEwMDAwMDBaGA8yMDMyMDEw +MTAwMDAwMFowKDEmMCQGA1UEAwwdTm90IFlldCBWYWxpZCBUZXN0IEVuZC1lbnRp +dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI +BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa +p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB +7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C +kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv +aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK +Ne2NAgMBAAGjWjBYMCIGA1UdEQQbMBmCF25vdHlldHZhbGlkLmV4YW1wbGUuY29t +MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4 +ODg4LzALBgkqhkiG9w0BAQsDggEBALSZFFaWXBJQZrEnbKcmqL4FKsB4/ZNK7fXd +KI0LpaFtOwjXV6HxmuoBQ3PH87XXF5wpbsibZd7Ua4ZnKV0w7aW7BJSphIfkFVzK +dJFAiMPKVTCGOQzRZeXPjSrGzExyVHq2IAvcWIogN5vXxR3icS6fb9WbJEtdmEdZ +LtS9FfFxTBQBVnJKldMqbotpKS7gUm4KHUF57Q6f9Az41PlUaSqpXbnqsQ5BTCzv +d3PjsYAwkdlN8TSUC6iDfQnEP6zo9L49jsUxAOoOEaIVP5SJEASYq4uvcl8Z7IoY +PXpypjIP56Q5FKA1hrU0KwjZYcR4KRIhvTHEybgxK/XUA1znaf0= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec new file mode 100644 index 000000000..5b60c29eb --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Not Yet Valid Test End-entity +validity:20310101-20320101 +extension:subjectAlternativeName:notyetvalid.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem new file mode 100644 index 000000000..aa4a031d3 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5zCCAdGgAwIBAgIULzhHWvpIqD6LDAt8W+Os9YEJmkwwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAzMTAxMDEwMDAwMDBaGA8yMDMzMDEw +MTAwMDAwMFowKjEoMCYGA1UEAwwfTm90IFlldCBWYWxpZCBUZXN0IEludGVybWVk +aWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1u +togGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6 +pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqL +KkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3Zlqq +fgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3sv +Im9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6za +GAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZI +hvcNAQELA4IBAQCkGkkzHDXywFs2/YUNbwEttgV//Rj74yqYZJeiAfUapIIMyocs +hgKqSWGhtSyDzBzZhoNE8hzFtJ7c7OxZynpDpS/fhjLqX/dCiA2BlPkeliewdiaT +lpH45OjdaU5u0s/p9qn5CZMe5OFKR7tIj+fDrz79sO3Z749WXdyyCd97wDc37BMo +uTHIs07D5cJmG5vLYQRPE+RU0YZgk4QW4gmKp2tlcpkardFv1nTuc9fYokU98+87 +woE1nAZRS6JPnYekwxz2ToOCXyh/CKhhrrnxvGCXvVcaoDg5okI2Ri75nqXL9770 +dTyzwv3wPEOcmcqX2vwN5RaNzUCMOY4x/qzU +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec new file mode 100644 index 000000000..8a00f2ee2 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Not Yet Valid Test Intermediate +validity:20310101-20330101 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem new file mode 100644 index 000000000..10e11c82c --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTDCCAjagAwIBAgIUd2Xdl3VR8l0IU2OPSgy6zPCjvaQwCwYJKoZIhvcNAQEL +MCoxKDAmBgNVBAMMH05vdCBZZXQgVmFsaWQgVGVzdCBJbnRlcm1lZGlhdGUwIhgP +MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowNDEyMDAGA1UEAwwpVGVz +dCBFbmQtZW50aXR5IHdpdGggbm90IHlldCB2YWxpZCBpc3N1ZXIwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0 +7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D +/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw +JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX +rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd +q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjYDBe +MCgGA1UdEQQhMB+CHW5vdHlldHZhbGlkaXNzdWVyLmV4YW1wbGUuY29tMDIGCCsG +AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzAL +BgkqhkiG9w0BAQsDggEBAEI5yQNpc3afAa4iN9uVBBDv9gT3X2FbhrWKCNYbLsRD +dtntFIuZMHJvH0IuKqgUoDnFMJciOkhY8GrJUi6bZIOd15YL/jsodJHxYO9g0vT0 +0E33/Ka+0DEy4g/skJTy7xQsF0OTw042Aoe23RFxwbAmzqQn0BDRzJ6Qhx4WLQ2f +QVhmDrvwF+VRshrp6bJKjcTZRmgIX3nVYAR0THuJu+zcB8de7G3lOH7YCl0rpboI +fFkQxnTSt/MtU3FEJaajmz3PvzLkCI4FHFv8SouQ3ZIp/XRHk6luW0QWO3z6cy5l +3V9BkhP0jkPpr9wfCZcmqu8EkCWZCfiu0Rf+k2uR2wo= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec new file mode 100644 index 000000000..d8420898e --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec @@ -0,0 +1,4 @@ +issuer:Not Yet Valid Test Intermediate +subject:Test End-entity with not yet valid issuer +extension:subjectAlternativeName:notyetvalidissuer.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem new file mode 100644 index 000000000..0602dbb8f --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+zCCAeWgAwIBAgIUQaNz+iusE21wkn6JJ/qLaB6Q8gEwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowHjEcMBoGA1UEAwwTbnNDZXJ0VHlwZSBDcml0aWNhbDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1 +SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+ +zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL +K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc +bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW +JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM9 +MDswIwYDVR0RBBwwGoIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tMBQGCWCGSAGG ++EIBAQEB/wQEAwIGQDALBgkqhkiG9w0BAQsDggEBAKWjJlobJfQhQxSNmvhokt1f +rSWbHFyePtawqHSBKIOG9RrNB9E+nbDsI/gVvgVwi1GVu7cmg5SJDAuK19dpWXTh +Pf4FPTm+FrLXwfPUOay5S3aGSwg29/PjnVayuBrJbMeYvtMJd7NGtadyv5wg3K3P +SSFqYjUKOeWewt2NrX07LII68uctBja3BVpAPVvcoYsnR30ozuuiZTy6rBu0n4g0 +KU2stuuOnVLf7A7C2clj/ls0uX0hbSAaFH2RNQPsu+TL2ziSEEV9DYUm4pPMnpuO +dhSDgTDkCTMqzS84FFTemzbkOUxBechMogtPkEhr157kbBXYzjytYgGLL7FGGRc= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec new file mode 100644 index 000000000..b236bdea4 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:nsCertType Critical +extension:subjectAlternativeName:localhost,*.example.com +extension:nsCertType[critical]:sslServer diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem new file mode 100644 index 000000000..24d6ba742 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDLzCCAhmgAwIBAgIUL0RNPgFGtsQZxanRCa2IGPqVWZIwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowLzEtMCsGA1UEAwwkbnNDZXJ0VHlwZSBDcml0aWNhbCBXaXRoIGV4 +dEtleVVzYWdlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO +FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr +amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka +sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY +VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n +aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE +MdUDrNoYCjXtjQIDAQABo2AwXjAjBgNVHREEHDAagglsb2NhbGhvc3SCDSouZXhh +bXBsZS5jb20wFAYJYIZIAYb4QgEBAQH/BAQDAgZAMAwGA1UdEwQFMAMBAQAwEwYD +VR0lBAwwCgYIKwYBBQUHAwEwCwYJKoZIhvcNAQELA4IBAQAO+rOEK3vhTmoLNg5w +upxSODlCFghBLZ1qui7RWJME62JG/1sxZw4rHa0Pl2NP1U/Wy0ErAT/QQLyIahBL +mjggdD3Vh9wfx4Qf4FwHGzJEopfsx6YQlHcXR1v5qb7lLeuywhA6m7agn9DWBGlg +lLFNqtHmofQFaileQOA50Uu9qOAdbea5+rjZn9rBBvUUVeSc9hNWjDRCMk/5PSm4 +6ONpFjal4npPA8V/U7LleJR+VNbiCWNHaQD/9H+xBoay81m8GL0CdM9udBjbyf9W +NlYtu87XanZn2//LghGGUW4HQn1YXWD6UeZngo91UdQeIOs+dCiTI8CldgpGafld +8UdC +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec new file mode 100644 index 000000000..0ae63e20f --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec @@ -0,0 +1,6 @@ +issuer:Test CA +subject:nsCertType Critical With extKeyUsage +extension:subjectAlternativeName:localhost,*.example.com +extension:nsCertType[critical]:sslServer +extension:basicConstraints:, +extension:extKeyUsage:serverAuth diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem new file mode 100644 index 000000000..b894c0bce --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC/DCCAeagAwIBAgIUSeaDecTuqo807NV7Z4OGuTUEoKowCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowIjEgMB4GA1UEAwwXbnNDZXJ0VHlwZSBOb3QgQ3JpdGljYWwwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT +2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV +JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N +jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA +BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh +He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB +AAGjOjA4MCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTARBglg +hkgBhvhCAQEEBAMCBkAwCwYJKoZIhvcNAQELA4IBAQBUkcVO1xXJv8/BR5tUyQDt +Y6gQMH9hfg2MZwR7mKj/ZdTEUMUqpOo4zfxRj8j3WNAF01g88D/oQw3IcDay9kpE +EZDSLLQpVYW6l9xEWuCl+p9jNbFDmNxyPe2KOD+Pmp0ggkyeKyfC2l1cZS9kuQjW +rIYgGdDVcXvBH/cfi8Dxl4IjWa/Fmkpw/W4uvcKcpLdtwZkGAa2CH1ymmeE3gtE8 ++uYJuWWP9RE1cwXtwoGTPoU2fxBP8V2gRgPrlHQlhlJzyWthJ30Cv+RBNU6IkzNT +ZO10f39iPQScLbrcaDULX44vhUGhXlaXsOBWZnyX7exBWdUxNNpIjReO1nrZxufi +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec new file mode 100644 index 000000000..a44a1feee --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:nsCertType Not Critical +extension:subjectAlternativeName:localhost,*.example.com +extension:nsCertType:sslServer diff --git a/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem new file mode 100644 index 000000000..13ba23a19 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDezCCAmWgAwIBAgIUNVbKGlj3T9hCc0QZzD1Zs4cFzeUwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowJzElMCMGA1UEAwwcV3JvbmcgQ0EgUGluIFRlc3QgRW5k +LUVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93 +CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8 +EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbL +PMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmV +hmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+ +8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8d +HhkdcSFo07sCAwEAAaOBrTCBqjB0BgNVHREEbTBrgigqLmluY2x1ZGUtc3ViZG9t +YWlucy5waW5uaW5nLmV4YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5w +aW5uaW5nLmV4YW1wbGUuY29tghUqLnBpbm5pbmcuZXhhbXBsZS5jb20wMgYIKwYB +BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsG +CSqGSIb3DQEBCwOCAQEArJqM6iooFNCAk11WMdPCxa4iGkG4V5zYuFjdd2K3LTLM +ai5SZS875tXNol+YZgUh6cdTbVARdsB4saYGH1v5pAmK+VJniYQHWYsSLofgBfFw +yAk1Ymj5pz8y6+ExYzWPBV5ihevtyCRPGG8xgZqRbERTdB2uBZGmQ441LLnZZZFX +BByEFQ4M7qYmOTZaIxncSGZbwVncBYkLbYmOIPdcahVtnK1mIm1q7ET0KeUEPTLB +5UEdNa7bd5ULWeCIVZxRWdawzktWdF7CfBVO2KeWiEE6wkL1Y3N29mUOynWKRs7w +wo5ETwxEw/6UqOaGCmbCTN5Xa+N+ZE5/4g0gEEcFUg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec new file mode 100644 index 000000000..a905a66ac --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec @@ -0,0 +1,6 @@ +issuer:Other test CA +subject:Wrong CA Pin Test End-Entity +issuerKey:alternate +subjectKey:alternate +extension:subjectAlternativeName:*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com,*.pinning.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key new file mode 100644 index 000000000..6db74b5c5 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBdcZSZgmfdwgq +Z5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBIC +RMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzH +BuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZm +JUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW +8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4Z +HXEhaNO7AgMBAAECggEAfj9tfLg572auXX3ZL/VBC7NB3BRyjTkDRXDho3B5DzDw +aBNV//QeKtTpqdn86/vRJ736uMAK/7Hzzqcyfq1HqhYh8qwe4UygLwSzsnhgF5gL +GBpEnQOwPmnRErg1ceVUNPASBWV10oMu1nMdznmeN8g/bVHFWrcetYAVrwXhrxXH +R2A+9/J9A6b/BJ2Wu/hUweTlDvWwWND7CBgOCsf3vo8v8Wc9l/yeVduoOAd7v4p8 +/ylihXeFJpzZ1brStXRp5K/NM8TKLS9pnxHnyPvc1ITwjY77ijy4qXLrJL7Zcu+q +5LtxIJPkj+lKRutimodQeMQCGposk8mnA5Dp0KVEAQKBgQDmP8clprp2klp/+MtZ +xPVt1+yD/oW/H1PhHKyagSWLz8CugZB3sPLRR3qvho3mqOy+r3uyKxlvKprYLTKG +8NDMKd5xnl8r6OUJtyhNWWPt02L5J4h6TEqJeZ00DVGzAax2AasnF5Ak/KrdOL9l +Iq9j6xZGHsAqfyewb+Cd3afAoQKBgQDXGLH+n4+Z8A6DKuH73G/iqyfzTgScSYAQ ++g63CEhSGCNGCDtclsPu5VksAUpBDGuTCxZcE7XCaqMurG58klqFUcJRNPL0pyxk +IfGacxSKDt+rpdOmiIs1y6GMAP047lqvC1RXMdcgdhu8ze50SlLKQV6Y5N4Bzf52 +TBlns+jK2wKBgAHlrKJmyUqI0i4TwrkuokcRbGV6B2gXvf0w20s6nTCVuaS2dJZH +4vhOenhPx4OLCMhZcc96A2+jDjuRw8TQ3yePgMG26FnYRWrbE33vqp8fCsW6yakY +T9TqJ51yLqYm8WDXiq17yDhFzLKd8RXIP2G3YiuZvUOcYJtXkKY8WVGBAoGBAIDM +RdENJITuDRKX/Ae/gLO+/0Yeon4fOPNxeJw69mtKDt0hksIneR208cd64ka/NC8x +hWsPVlgbWKlbETHAxTltsqjDxvOeouM2vCBa5qKgs2hp/KmMu6czzwExmm+bsmt8 +oj0wF/xVHNjaiv3Rf2+i4w00hoeYHNYjTVcekLffAoGAb3fAwfKuesFpVhzKSZxS +vfvgTN3M29wSrsWoVpHoWUt+4pkI8w57lqpiVLgO1K7sm5k3gr38ebadjVjGiHD6 +S+G8DDUnKIxcgrtK668V7f8RBAP8eOas5qgoJ79C8M+nUeUHZRxWONuTk90j3R9r +KVFR3kS3f+Vaew3yceGaZcA= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec new file mode 100644 index 000000000..cbd5f309c --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec @@ -0,0 +1 @@ +alternate diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem new file mode 100644 index 000000000..09bd4bb04 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2zCCAcWgAwIBAgIUexJUIJpq50jgqOwQluhVrAzTF74wCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8y +MDI1MDEwMTAwMDAwMFowGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK +zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG +zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX +KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp +mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6 +kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMd +MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCL +jKgNGmCVYhntJo024WL8bF6hekERMYQbu/CK9moz6wlOpRMOQX1x7U/ianPW9Whi +yoMAgAgNhLr2+t4ewqU2xRxMY0DvMSOuF9l08mptCW5sd/ocrRZuv/RcBmLcRnJm +Y+HuaVOvf1ac32pNN5HYagGQbvvpAaHB5/DyYcywqUM7SttK1QF+AOsGePZdYUK2 +Od5wJwB7yE1Fpgf6O4vZaE0JkTVh8GQipwoPms2GYk2E1sJXu9eUrLBfioVVN0TF +QF4xJxSwyxY8ys5E4+ftIVixVdetrcotUdYR64x9Hd5OPr5Q7VaAvd85ZvuB7xeK +eHxNGBjaJMf1tkamLr3p +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec new file mode 100644 index 000000000..3bc975aa2 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec @@ -0,0 +1,7 @@ +issuer:Other test CA +subject:Other test CA +issuerKey:alternate +subjectKey:alternate +validity:20150101-20250101 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem new file mode 100644 index 000000000..badc58376 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdTCCAl+gAwIBAgIUOZxBsWqmNkNX1bk4vwjN7oalyxcwCwYJKoZIhvcNAQEL +MDMxMTAvBgNVBAMMKFRlc3QgU2VsZi1zaWduZWQgRW5kLWVudGl0eSB3aXRoIENB +IHRydWUwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMzExMC8G +A1UEAwwoVGVzdCBTZWxmLXNpZ25lZCBFbmQtZW50aXR5IHdpdGggQ0EgdHJ1ZTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9 +PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3 +HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg +Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7 +EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK +lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C +AwEAAaOBgDB+MAwGA1UdEwQFMAMBAf8wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUF +BzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMDoGA1UdEQQzMDGCL3NlbGYtc2ln +bmVkLWVuZC1lbnRpdHktd2l0aC1jQS10cnVlLmV4YW1wbGUuY29tMAsGCSqGSIb3 +DQEBCwOCAQEAOOiI4FYCOj5N75+ix87qQQjtyG//CTUi8SMRAIG9sQId7fRtXAcl +qEtWKxdcNy4RYVoEQTNPrY6gr9amiPEpZ9IobtX1WW8gJiVj3EFLfXBKTE3B6Kxp +Qim7bJvrqoumLgXtH7eljHdfN86I6Xnyk7L4tl30UhlOSd24jiQ8T5FxF7lcmEnT +w+AthUUhOyKyDRXvV3jUpM3SKv6mz0rzm19A/qBOYM6Q+bAS5n47d/TPbmCff8T/ +zKU/Su7WYXsw7gU208DhWrqLjpUzPuGSRRTZgHCG35KpOlNcN81iZsvEYIyL+b68 +G2rlSZK2C3LaGi/0t7s3O8gUep20KSF7WA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec new file mode 100644 index 000000000..0ca92d7fd --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test Self-signed End-entity with CA true +subject:Test Self-signed End-entity with CA true +extension:basicConstraints:cA, +extension:authorityInformationAccess:http://localhost:8888/ +extension:subjectAlternativeName:self-signed-end-entity-with-cA-true.example.com diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem new file mode 100644 index 000000000..87b0ca2e7 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgzCCAm2gAwIBAgIUV9yIaHMDuAdDCVBEzuEE5tSGIncwCwYJKoZIhvcNAQEL +MDUxMzAxBgNVBAMMKlNlbGYtc2lnbmVkIEluYWRlcXVhdGUgRUtVIFRlc3QgRW5k +LWVudGl0eTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjA1MTMw +MQYDVQQDDCpTZWxmLXNpZ25lZCBJbmFkZXF1YXRlIEVLVSBUZXN0IEVuZC1lbnRp +dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI +BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa +p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB +7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C +kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv +aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK +Ne2NAgMBAAGjgYowgYcwCwYDVR0PBAQDAgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMB +MC8GA1UdEQQoMCaCJHNlbGZzaWduZWQtaW5hZGVxdWF0ZUVLVS5leGFtcGxlLmNv +bTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6 +ODg4OC8wCwYJKoZIhvcNAQELA4IBAQAhtt1BOrCjch5fzJ+OIvqSF2qERDB7CJDA +avhypMbCVCEabM1JBD8vtA5U7izjWpAJVlOwFBUPtGpeCtXkCZEyy6/JPOdc5hhJ +1h0+c9CeKkmjwyydqqz3v4quXAI0WX7ChuO5WfsVY1swFcp6TYtGYBsjMVpVQaTw +CGNFZ73EEksRWP0NH/SKABo+6dlvOghivAa3Wx1HEOVTFUo8u6odwZ596Xl/IhY4 +I0G/GuGCwMhBE/5GGpSI8qH8DxRXT7nrvdHZmuiRB2SJYeuF4Cs08KHO+ymiST/d +OLnAKR1WWgslQbxZu3zdBDqKuKf2vOKS9xo6sQXP3TsLsSPxY1v2 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec new file mode 100644 index 000000000..477b90ce1 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec @@ -0,0 +1,6 @@ +issuer:Self-signed Inadequate EKU Test End-entity +subject:Self-signed Inadequate EKU Test End-entity +extension:keyUsage:keyEncipherment,dataEncipherment +extension:extKeyUsage:serverAuth +extension:subjectAlternativeName:selfsigned-inadequateEKU.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem new file mode 100644 index 000000000..436f9ef8e --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMzCCAh2gAwIBAgIUFdYBQ3rk5hXCs0Bz6ERmayqrMTYwCwYJKoZIhvcNAQEL +MCYxJDAiBgNVBAMMG1NlbGYtc2lnbmVkIFRlc3QgRW5kLWVudGl0eTAiGA8yMDE1 +MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAmMSQwIgYDVQQDDBtTZWxmLXNp +Z25lZCBUZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG +m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr +bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4 +SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3 +/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z +FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjWTBXMCEGA1UdEQQaMBiCFnNlbGZz +aWduZWQuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZo +dHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEAiPY8Ka4thJkS +6HzgnIpJyd09rmAls/LwAPRwhk8s652FEEGpZzkreDjOJ9LGYx01JWGQPDxOgddt +ynYtbZVzwnSuJnISglU/mAsmgG47hSeBamOm9zg2KAC1+64nVgpkmYMEDGQC4h79 +cADh5g5ay0E47x/9u7F02z4ovXyJCDC/bOTFKv4WCkHEaIKhnbrv4EGT+lkfCFol +obLR6h4mwclIDycIR9D2hg4ZSrnace1JzF0OALMVshwtclmJMS4yH+yACSeovT6t +fN1CTvLAY8nYtyuxWc3D/gv0T5MWVvkSSfbrvt+nCUvrEsLFnDgKqMzh7S/iph3M +UyeHQjtRIQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec new file mode 100644 index 000000000..99a814be1 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec @@ -0,0 +1,4 @@ +issuer:Self-signed Test End-entity +subject:Self-signed Test End-entity +extension:subjectAlternativeName:selfsigned.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/test-ca.pem b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem new file mode 100644 index 000000000..1d50176e4 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbmgAwIBAgIUH9DaznYx1NE1Cu9I8cBqxV9VgF4wCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowEjEQMA4GA1UEAwwHVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw +AwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA1o3GayNFRlVTrsoj2 +Ag06YatbGe94M/FT0MXngjlmrMkGZqHaDlrii7Jz+JP16CBjaIZ0ZP7I56Nn/l8y +/kfe++zvr1uwRaKjtRGBiFpCjx10rI508wzSnOox3+bOtv9qjYaY7UjkBV3F40IS +P8qKMtNspsR4tjS/D1jbculhngkPqhskefZFQQvcgG54L5j921GFKNeeX6i9QAzV +jjM6i/iQYpAWCuh5+CetwUnfFuZCM80npp/qHMESkT3PyPpwqT9A5K+xQdVfpXq5 +SmVy5+QGWALuSV1sfIRXRwOh+2jCWwWPbyi9TlHrvlO5mL38qikdYBDPat3ve4cq +5viq +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec new file mode 100644 index 000000000..5d2435d7b --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Test CA +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/bad_certs/test-int.pem b/security/manager/ssl/tests/unit/bad_certs/test-int.pem new file mode 100644 index 000000000..df9ad3ddb --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/test-int.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2TCCAcOgAwIBAgIUBVio/iQ21GCi2iUven8oJ/gae74wCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8yMDI1MDEw +MTAwMDAwMFowHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0 +7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D +/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw +JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX +rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd +q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAb +MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAry6Z +DoUhexYUJTzWwN1ZIwWeXW/QxJR5u4DvK6pBPInDdyfv20EuxXKODYWXXPGbOY8X +5SEsUtS+1WUlMAXenmejPvDcjeEGLS8tfJQbgHtPrDhQR43fnYGZrA2pWVmxQ+TJ +Lrg18uGIuMcfAr3RwMzeK+uj81bybeYZN5haISWa6bF2a81vMx/WDgyFSYYBOYph +nCPWVSqPTK/6NwbyWZORs474Flx45uzo7g9mMCmbwz9IzdJYpVrViVAFTU1gSbNQ +ED3LzwGkS7eO8Lqzk9a94uIGqhxtGDvxFe+6Be/Il3M/5d2WC2Jmqzv8cU/u4GLb +dKrXnD3epofIjHnOUA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec new file mode 100644 index 000000000..33b42c2f4 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Test Intermediate +validity:20150101-20250101 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem new file mode 100644 index 000000000..d9ba29653 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDpTCCAo+gAwIBAgIUHccbzbbSEhGlmiWbLlfHcRQFD7MwCwYJKoZIhvcNAQEL +MCYxJDAiBgNVBAMMG1Rlc3QgSW50ZXJtZWRpYXRlIHRvIGRlbGV0ZTAiGA8yMDE1 +MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAuMSwwKgYDVQQDDCNUZXN0IEVu +ZC1lbnRpdHkgZnJvbSB1bmtub3duIGlzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBwjCBvzCBiAYDVR0R +BIGAMH6CGXVua25vd25pc3N1ZXIuZXhhbXBsZS5jb22CNHVua25vd25pc3N1ZXIu +aW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb22CK3Vua25vd25p +c3N1ZXIudGVzdC1tb2RlLnBpbm5pbmcuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEE +JjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3 +DQEBCwOCAQEAjvk1a9yDZSYDNilWlvRcUk6stPfmjG7p0Owu0a+Lh8JIxOZXflZ1 +/hpVp0L5ds6mc74Q5VBJgqpkrpYBIVDPa3LJzW4HX8y7FtDo71Ca/ob+Xyc4hFdg +3G2DqLePZXqkV+h6bsg/Rqv2FUt/GbUmv4sIkTwL5KgMEjLJGxwRTyrQZJlTMC5N +uSxtWiCv+wLnP9NbkMgBHE1NnBQjF5nR/mJC7HUGykGYe+oJHuozq+/VCn3bXFUm +kq9YXS0R84LcQH7gHtOlp5xwxiYXPH3C2cxobaJNdo5qsyOZYc5Diq/ukCN5rg0N +5IOg9SPThtEzlCjTFRVHKE7ncgo7JxJ3gw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec new file mode 100644 index 000000000..a735c730c --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test Intermediate to delete +subject:Test End-entity from unknown issuer +extension:subjectAlternativeName:unknownissuer.example.com,unknownissuer.include-subdomains.pinning.example.com,unknownissuer.test-mode.pinning.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem new file mode 100644 index 000000000..497b3472c --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMjCCAhygAwIBAgIUEb4CKRVPjI1eurD3IgLllUvomHgwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8y +MDEzMDEwMTAwMDAwMFowLDEqMCgGA1UEAwwhVW50cnVzdGVkLUV4cGlyZWQgVGVz +dCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR +qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv +WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+ +rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv +JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5 +Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6 +clHEMdUDrNoYCjXtjQIDAQABo2AwXjAoBgNVHREEITAfgh11bnRydXN0ZWQtZXhw +aXJlZC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0 +dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQB+nHMbzEEVQFPF +ahU0cR3xT8hyv0R0rNFTFQzGmAJpLz+xJN+GsOLuqGHqZ7Yc8lSOEQq4m/EDNncL +SWnNbQHZPb4BAgz6n84gKazPfvkQmzx2QFqJs8s/Nfj8kxygUbCF5h+R+KBQbQd3 +qjAEeJK7pUoJjBB236JwBlM0Rqbv7QgTibm5VnNcfkZcwlBpwfCXdc6jtG9hkyhD +h/8H0mZ+gvMpgnXx3TascLWJuPrYpDSgayRClfvs+FQtY8Lv5qkCR2TLLU779O8f +TNTZLWogZ/tlOy268M5iFaOS71g0dQM9sU++XpUjtQlf6T1a2HtyZ8CmiG+Ffsym +mAJNGYT8 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec new file mode 100644 index 000000000..3efd1ce67 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec @@ -0,0 +1,5 @@ +issuer:Other test CA +subject:Untrusted-Expired Test End-entity +validity:20110101-20130101 +extension:subjectAlternativeName:untrusted-expired.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem new file mode 100644 index 000000000..842e7e7bd --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNDCCAh6gAwIBAgIUC7+ekJBbfCa4+95t1Lc9QFnFM00wCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlVGVzdCBFbmQtZW50aXR5IHdpdGgg +dW50cnVzdGVkIGlzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG +8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V +gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3 +04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l +0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz +/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNeMFwwJgYDVR0RBB8wHYIbdW50cnVzdGVk +aXNzdWVyLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW +aHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEBADoMA0m+eXNs +tdp2WpRyK3F9+FXIYbZGdlQFi+G9Dku/8J/cysb3jnN7zdSiCwkSJ38XR/8z4M0O +x4i3/alFWP1HTvQmVOwP7U31u1h56QlS8ltFasZtd+lOELWvaj9WzG2glcFGTynT +iIIl3LCm47O6u501xZsp5XPRaeY9956vuP7TwVIx8v2JR5H3hFhk9fR/mhR8QCOB +HVu/iW9ux7g/9Up1Fi5mYAq6cmArpJ2LzEr57gdV1lfgKObTE++ZWtRa5N+zMZGX +TU6WARBPH+vVHC1VKxY2SYENxswFtkgCSVoRFzn7sj/8jQ6iaJ86sf9poK0NrHdg +P0ybC9Y8juA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec new file mode 100644 index 000000000..5ba0bc253 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec @@ -0,0 +1,4 @@ +issuer:Other test CA +subject:Test End-entity with untrusted issuer +extension:subjectAlternativeName:untrustedissuer.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem new file mode 100644 index 000000000..c6e59a7a8 --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICqzCCAZUCFDt6FYWPwMbZVlZa329PtAVVBtsnMAsGCSqGSIb3DQEBCzASMRAw +DgYDVQQDDAdUZXN0IENBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBIxEDAOBgNVBAMMB1YxIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9 +sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5 +TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7 +xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd +tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l +8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IBAQCW +fJUaT3AtmftAlBtS3e1hs6V1XoQNaeSiff8PR6ootvISg5MpU1b2whEvNalJCUMD +zBXkM7y3ERSgAvROu+CbBFOrOTPPStg88iZFm4WDrgotADxepbYd+x3IOL0vGq7F +vcqdiQCRuhVRoopipqmowWF4KZtm0SnXoce7GnDhIjLtGxwz+zq3ls/2MrdaxdpL +ggRkBUNfbTmDMvsjc3GxFHsXuX5cJUKVM2V8x5gNvtDBINiavy8HyQjhwSyTprRM +KBConOKsh/WntsiakcsefVpc9kAR6DJjVvhFmLqHBUMrpBtDf5pb2JVgp/qn0oCw +YqD30umtSUWyZaW1I1Nh +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec new file mode 100644 index 000000000..7824630bb --- /dev/null +++ b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec @@ -0,0 +1,3 @@ +issuer:Test CA +subject:V1 Cert +version:1 diff --git a/security/manager/ssl/tests/unit/head_psm.js b/security/manager/ssl/tests/unit/head_psm.js new file mode 100644 index 000000000..b6489d605 --- /dev/null +++ b/security/manager/ssl/tests/unit/head_psm.js @@ -0,0 +1,863 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ +"use strict"; + +const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components; + +const { AppConstants } = + Cu.import("resource://gre/modules/AppConstants.jsm", {}); +const { ctypes } = Cu.import("resource://gre/modules/ctypes.jsm", {}); +const { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {}); +const { HttpServer } = Cu.import("resource://testing-common/httpd.js", {}); +const { MockRegistrar } = + Cu.import("resource://testing-common/MockRegistrar.jsm", {}); +const { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {}); +const { Promise } = Cu.import("resource://gre/modules/Promise.jsm", {}); +const { Services } = Cu.import("resource://gre/modules/Services.jsm", {}); +const { XPCOMUtils } = Cu.import("resource://gre/modules/XPCOMUtils.jsm", {}); + +const isDebugBuild = Cc["@mozilla.org/xpcom/debug;1"] + .getService(Ci.nsIDebug2).isDebugBuild; + +// The test EV roots are only enabled in debug builds as a security measure. +// +// Bug 1008316: B2G doesn't have EV enabled, so EV is not expected even in debug +// builds. +const gEVExpected = isDebugBuild && !("@mozilla.org/b2g-process-global;1" in Cc); + +const SSS_STATE_FILE_NAME = "SiteSecurityServiceState.txt"; +const PRELOAD_STATE_FILE_NAME = "SecurityPreloadState.txt"; + +const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE; +const SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE; +const MOZILLA_PKIX_ERROR_BASE = Ci.nsINSSErrorsService.MOZILLA_PKIX_ERROR_BASE; + +// This isn't really a valid PRErrorCode, but is useful for signalling that +// a test is expected to succeed. +const PRErrorCodeSuccess = 0; + +// Sort in numerical order +const SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8; +const SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9; +const SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10; +const SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11; +const SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12; +const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13; +const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20; +const SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21; +const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30; +const SEC_ERROR_CA_CERT_INVALID = SEC_ERROR_BASE + 36; +const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = SEC_ERROR_BASE + 41; +const SEC_ERROR_INADEQUATE_KEY_USAGE = SEC_ERROR_BASE + 90; +const SEC_ERROR_INADEQUATE_CERT_TYPE = SEC_ERROR_BASE + 91; +const SEC_ERROR_CERT_NOT_IN_NAME_SPACE = SEC_ERROR_BASE + 112; +const SEC_ERROR_CERT_BAD_ACCESS_LOCATION = SEC_ERROR_BASE + 117; +const SEC_ERROR_OCSP_MALFORMED_REQUEST = SEC_ERROR_BASE + 120; +const SEC_ERROR_OCSP_SERVER_ERROR = SEC_ERROR_BASE + 121; +const SEC_ERROR_OCSP_TRY_SERVER_LATER = SEC_ERROR_BASE + 122; +const SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = SEC_ERROR_BASE + 123; +const SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = SEC_ERROR_BASE + 124; +const SEC_ERROR_OCSP_UNKNOWN_CERT = SEC_ERROR_BASE + 126; +const SEC_ERROR_OCSP_MALFORMED_RESPONSE = SEC_ERROR_BASE + 129; +const SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = SEC_ERROR_BASE + 130; +const SEC_ERROR_OCSP_OLD_RESPONSE = SEC_ERROR_BASE + 132; +const SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = SEC_ERROR_BASE + 141; +const SEC_ERROR_OCSP_INVALID_SIGNING_CERT = SEC_ERROR_BASE + 144; +const SEC_ERROR_POLICY_VALIDATION_FAILED = SEC_ERROR_BASE + 160; +const SEC_ERROR_OCSP_BAD_SIGNATURE = SEC_ERROR_BASE + 157; +const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = SEC_ERROR_BASE + 176; + +const SSL_ERROR_NO_CYPHER_OVERLAP = SSL_ERROR_BASE + 2; +const SSL_ERROR_BAD_CERT_DOMAIN = SSL_ERROR_BASE + 12; +const SSL_ERROR_BAD_CERT_ALERT = SSL_ERROR_BASE + 17; +const SSL_ERROR_WEAK_SERVER_CERT_KEY = SSL_ERROR_BASE + 132; + +const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE = MOZILLA_PKIX_ERROR_BASE + 0; +const MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY = MOZILLA_PKIX_ERROR_BASE + 1; +const MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE = MOZILLA_PKIX_ERROR_BASE + 2; +const MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA = MOZILLA_PKIX_ERROR_BASE + 3; +const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE = MOZILLA_PKIX_ERROR_BASE + 5; +const MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE = MOZILLA_PKIX_ERROR_BASE + 6; +const MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING = MOZILLA_PKIX_ERROR_BASE + 8; +const MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING = MOZILLA_PKIX_ERROR_BASE + 10; +const MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME = MOZILLA_PKIX_ERROR_BASE + 12; + +// Supported Certificate Usages +const certificateUsageSSLClient = 0x0001; +const certificateUsageSSLServer = 0x0002; +const certificateUsageSSLCA = 0x0008; +const certificateUsageEmailSigner = 0x0010; +const certificateUsageEmailRecipient = 0x0020; +const certificateUsageObjectSigner = 0x0040; +const certificateUsageVerifyCA = 0x0100; +const certificateUsageStatusResponder = 0x0400; + +// A map from the name of a certificate usage to the value of the usage. +// Useful for printing debugging information and for enumerating all supported +// usages. +const allCertificateUsages = { + certificateUsageSSLClient, + certificateUsageSSLServer, + certificateUsageSSLCA, + certificateUsageEmailSigner, + certificateUsageEmailRecipient, + certificateUsageObjectSigner, + certificateUsageVerifyCA, + certificateUsageStatusResponder +}; + +const NO_FLAGS = 0; + +// Commonly certificates are represented as PEM. The format is roughly as +// follows: +// +// -----BEGIN CERTIFICATE----- +// [some lines of base64, each typically 64 characters long] +// -----END CERTIFICATE----- +// +// However, nsIX509CertDB.constructX509FromBase64 and related functions do not +// handle input of this form. Instead, they require a single string of base64 +// with no newlines or BEGIN/END headers. This is a helper function to convert +// PEM to the format that nsIX509CertDB requires. +function pemToBase64(pem) { + return pem.replace(/-----BEGIN CERTIFICATE-----/, "") + .replace(/-----END CERTIFICATE-----/, "") + .replace(/[\r\n]/g, ""); +} + +function readFile(file) { + let fstream = Cc["@mozilla.org/network/file-input-stream;1"] + .createInstance(Ci.nsIFileInputStream); + fstream.init(file, -1, 0, 0); + let data = NetUtil.readInputStreamToString(fstream, fstream.available()); + fstream.close(); + return data; +} + +function addCertFromFile(certdb, filename, trustString) { + let certFile = do_get_file(filename, false); + let certBytes = readFile(certFile); + let successful = false; + try { + certdb.addCert(certBytes, trustString, null); + successful = true; + } catch (e) {} + if (!successful) { + // It might be PEM instead of DER. + certdb.addCertFromBase64(pemToBase64(certBytes), trustString, null); + } +} + +function constructCertFromFile(filename) { + let certFile = do_get_file(filename, false); + let certBytes = readFile(certFile); + let certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + try { + return certdb.constructX509(certBytes, certBytes.length); + } catch (e) {} + // It might be PEM instead of DER. + return certdb.constructX509FromBase64(pemToBase64(certBytes)); +} + +function setCertTrust(cert, trustString) { + let certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + certdb.setCertTrustFromString(cert, trustString); +} + +function getXPCOMStatusFromNSS(statusNSS) { + let nssErrorsService = Cc["@mozilla.org/nss_errors_service;1"] + .getService(Ci.nsINSSErrorsService); + return nssErrorsService.getXPCOMFromNSSError(statusNSS); +} + +// certdb implements nsIX509CertDB. See nsIX509CertDB.idl for documentation. +// In particular, hostname is optional. +function checkCertErrorGenericAtTime(certdb, cert, expectedError, usage, time, + /*optional*/ hasEVPolicy, + /*optional*/ hostname) { + do_print(`cert cn=${cert.commonName}`); + do_print(`cert issuer cn=${cert.issuerCommonName}`); + let verifiedChain = {}; + let error = certdb.verifyCertAtTime(cert, usage, NO_FLAGS, hostname, time, + verifiedChain, hasEVPolicy || {}); + Assert.equal(error, expectedError, + "Actual and expected error should match"); +} + +// certdb implements nsIX509CertDB. See nsIX509CertDB.idl for documentation. +// In particular, hostname is optional. +function checkCertErrorGeneric(certdb, cert, expectedError, usage, + /*optional*/ hasEVPolicy, + /*optional*/ hostname) { + do_print(`cert cn=${cert.commonName}`); + do_print(`cert issuer cn=${cert.issuerCommonName}`); + let verifiedChain = {}; + let error = certdb.verifyCertNow(cert, usage, NO_FLAGS, hostname, + verifiedChain, hasEVPolicy || {}); + Assert.equal(error, expectedError, + "Actual and expected error should match"); +} + +function checkEVStatus(certDB, cert, usage, isEVExpected) { + let hasEVPolicy = {}; + checkCertErrorGeneric(certDB, cert, PRErrorCodeSuccess, usage, hasEVPolicy); + Assert.equal(hasEVPolicy.value, isEVExpected, + "Actual and expected EV status should match"); +} + +function _getLibraryFunctionWithNoArguments(functionName, libraryName, + returnType) { + // Open the NSS library. copied from services/crypto/modules/WeaveCrypto.js + let path = ctypes.libraryName(libraryName); + + // XXX really want to be able to pass specific dlopen flags here. + let nsslib; + try { + nsslib = ctypes.open(path); + } catch (e) { + // In case opening the library without a full path fails, + // try again with a full path. + let file = Services.dirsvc.get("GreBinD", Ci.nsILocalFile); + file.append(path); + nsslib = ctypes.open(file.path); + } + + let SECStatus = ctypes.int; + let func = nsslib.declare(functionName, ctypes.default_abi, + returnType || SECStatus); + return func; +} + +function clearOCSPCache() { + let certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + certdb.clearOCSPCache(); +} + +function clearSessionCache() { + let SSL_ClearSessionCache = null; + try { + SSL_ClearSessionCache = + _getLibraryFunctionWithNoArguments("SSL_ClearSessionCache", "ssl3"); + } catch (e) { + // On Windows, this is actually in the nss3 library. + SSL_ClearSessionCache = + _getLibraryFunctionWithNoArguments("SSL_ClearSessionCache", "nss3"); + } + if (!SSL_ClearSessionCache || SSL_ClearSessionCache() != 0) { + throw new Error("Failed to clear SSL session cache"); + } +} + +function getSSLStatistics() { + let SSL3Statistics = new ctypes.StructType("SSL3Statistics", + [ { "sch_sid_cache_hits": ctypes.long }, + { "sch_sid_cache_misses": ctypes.long }, + { "sch_sid_cache_not_ok": ctypes.long }, + { "hsh_sid_cache_hits": ctypes.long }, + { "hsh_sid_cache_misses": ctypes.long }, + { "hsh_sid_cache_not_ok": ctypes.long }, + { "hch_sid_cache_hits": ctypes.long }, + { "hch_sid_cache_misses": ctypes.long }, + { "hch_sid_cache_not_ok": ctypes.long }, + { "sch_sid_stateless_resumes": ctypes.long }, + { "hsh_sid_stateless_resumes": ctypes.long }, + { "hch_sid_stateless_resumes": ctypes.long }, + { "hch_sid_ticket_parse_failures": ctypes.long }]); + let SSL3StatisticsPtr = new ctypes.PointerType(SSL3Statistics); + let SSL_GetStatistics = null; + try { + SSL_GetStatistics = _getLibraryFunctionWithNoArguments("SSL_GetStatistics", + "ssl3", + SSL3StatisticsPtr); + } catch (e) { + // On Windows, this is actually in the nss3 library. + SSL_GetStatistics = _getLibraryFunctionWithNoArguments("SSL_GetStatistics", + "nss3", + SSL3StatisticsPtr); + } + if (!SSL_GetStatistics) { + throw new Error("Failed to get SSL statistics"); + } + return SSL_GetStatistics(); +} + +// Set up a TLS testing environment that has a TLS server running and +// ready to accept connections. This async function starts the server and +// waits for the server to indicate that it is ready. +// +// Each test should have its own subdomain of example.com, for example +// my-first-connection-test.example.com. The server can use the server +// name (passed through the SNI TLS extension) to determine what behavior +// the server side of the text should exhibit. See TLSServer.h for more +// information on how to write the server side of tests. +// +// Create a new source file for your new server executable in +// security/manager/ssl/tests/unit/tlsserver/cmd similar to the other ones in +// that directory, and add a reference to it to the sources variable in that +// directory's moz.build. +// +// Modify TEST_HARNESS_BINS in +// testing/mochitest/Makefile.in and NO_PKG_FILES in +// toolkit/mozapps/installer/packager.mk to make sure the new executable +// gets included in the packages used for shipping the tests to the test +// runners in our build/test farm. (Things will work fine locally without +// these changes but will break on TBPL.) +// +// Your test script should look something like this: +/* + +// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// + +function run_test() { + do_get_profile(); + add_tls_server_setup("", ""); + + add_connection_test(".example.com", + SEC_ERROR_xxx, + function() { ... }, + function(aTransportSecurityInfo) { ... }, + function(aTransport) { ... }); + [...] + add_connection_test(".example.com", PRErrorCodeSuccess); + + run_next_test(); +} +*/ + +function add_tls_server_setup(serverBinName, certsPath) { + add_test(function() { + _setupTLSServerTest(serverBinName, certsPath); + }); +} + +/** + * Add a TLS connection test case. + * + * @param {String} aHost + * The hostname to pass in the SNI TLS extension; this should unambiguously + * identify which test is being run. + * @param {PRErrorCode} aExpectedResult + * The expected result of the connection. If an error is not expected, pass + * in PRErrorCodeSuccess. + * @param {Function} aBeforeConnect + * A callback function that takes no arguments that will be called before the + * connection is attempted. + * @param {Function} aWithSecurityInfo + * A callback function that takes an nsITransportSecurityInfo, which is called + * after the TLS handshake succeeds. + * @param {Function} aAfterStreamOpen + * A callback function that is called with the nsISocketTransport once the + * output stream is ready. + * @param {OriginAttributes} aOriginAttributes (optional) + * The origin attributes that the socket transport will have. This parameter + * affects OCSP because OCSP cache is double-keyed by origin attributes' first + * party domain. + */ +function add_connection_test(aHost, aExpectedResult, + aBeforeConnect, aWithSecurityInfo, + aAfterStreamOpen, + /*optional*/ aOriginAttributes) { + const REMOTE_PORT = 8443; + + function Connection(host) { + this.host = host; + let threadManager = Cc["@mozilla.org/thread-manager;1"] + .getService(Ci.nsIThreadManager); + this.thread = threadManager.currentThread; + this.defer = Promise.defer(); + let sts = Cc["@mozilla.org/network/socket-transport-service;1"] + .getService(Ci.nsISocketTransportService); + this.transport = sts.createTransport(["ssl"], 1, host, REMOTE_PORT, null); + // See bug 1129771 - attempting to connect to [::1] when the server is + // listening on 127.0.0.1 causes frequent failures on OS X 10.10. + this.transport.connectionFlags |= Ci.nsISocketTransport.DISABLE_IPV6; + this.transport.setEventSink(this, this.thread); + if (aOriginAttributes) { + this.transport.originAttributes = aOriginAttributes; + } + this.inputStream = null; + this.outputStream = null; + this.connected = false; + } + + Connection.prototype = { + // nsITransportEventSink + onTransportStatus: function(aTransport, aStatus, aProgress, aProgressMax) { + if (!this.connected && aStatus == Ci.nsISocketTransport.STATUS_CONNECTED_TO) { + this.connected = true; + this.outputStream.asyncWait(this, 0, 0, this.thread); + } + }, + + // nsIInputStreamCallback + onInputStreamReady: function(aStream) { + try { + // this will throw if the stream has been closed by an error + let str = NetUtil.readInputStreamToString(aStream, aStream.available()); + Assert.equal(str, "0", + "Should have received ASCII '0' from server"); + this.inputStream.close(); + this.outputStream.close(); + this.result = Cr.NS_OK; + } catch (e) { + this.result = e.result; + } + this.defer.resolve(this); + }, + + // nsIOutputStreamCallback + onOutputStreamReady: function(aStream) { + if (aAfterStreamOpen) { + aAfterStreamOpen(this.transport); + } + let sslSocketControl = this.transport.securityInfo + .QueryInterface(Ci.nsISSLSocketControl); + sslSocketControl.proxyStartSSL(); + this.outputStream.write("0", 1); + let inStream = this.transport.openInputStream(0, 0, 0) + .QueryInterface(Ci.nsIAsyncInputStream); + this.inputStream = inStream; + this.inputStream.asyncWait(this, 0, 0, this.thread); + }, + + go: function() { + this.outputStream = this.transport.openOutputStream(0, 0, 0) + .QueryInterface(Ci.nsIAsyncOutputStream); + return this.defer.promise; + } + }; + + /* Returns a promise to connect to host that resolves to the result of that + * connection */ + function connectTo(host) { + Services.prefs.setCharPref("network.dns.localDomains", host); + let connection = new Connection(host); + return connection.go(); + } + + add_test(function() { + if (aBeforeConnect) { + aBeforeConnect(); + } + connectTo(aHost).then(function(conn) { + do_print("handling " + aHost); + let expectedNSResult = aExpectedResult == PRErrorCodeSuccess + ? Cr.NS_OK + : getXPCOMStatusFromNSS(aExpectedResult); + Assert.equal(conn.result, expectedNSResult, + "Actual and expected connection result should match"); + if (aWithSecurityInfo) { + aWithSecurityInfo(conn.transport.securityInfo + .QueryInterface(Ci.nsITransportSecurityInfo)); + } + run_next_test(); + }); + }); +} + +function _getBinaryUtil(binaryUtilName) { + let directoryService = Cc["@mozilla.org/file/directory_service;1"] + .getService(Ci.nsIProperties); + + let utilBin = directoryService.get("CurProcD", Ci.nsILocalFile); + utilBin.append(binaryUtilName + mozinfo.bin_suffix); + // If we're testing locally, the above works. If not, the server executable + // is in another location. + if (!utilBin.exists()) { + utilBin = directoryService.get("CurWorkD", Ci.nsILocalFile); + while (utilBin.path.indexOf("xpcshell") != -1) { + utilBin = utilBin.parent; + } + utilBin.append("bin"); + utilBin.append(binaryUtilName + mozinfo.bin_suffix); + } + // But maybe we're on Android or B2G, where binaries are in /data/local/xpcb. + if (!utilBin.exists()) { + utilBin.initWithPath("/data/local/xpcb/"); + utilBin.append(binaryUtilName); + } + Assert.ok(utilBin.exists(), `Binary util ${binaryUtilName} should exist`); + return utilBin; +} + +// Do not call this directly; use add_tls_server_setup +function _setupTLSServerTest(serverBinName, certsPath) +{ + let certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + // The trusted CA that is typically used for "good" certificates. + addCertFromFile(certdb, `${certsPath}/test-ca.pem`, "CTu,u,u"); + + const CALLBACK_PORT = 8444; + + let directoryService = Cc["@mozilla.org/file/directory_service;1"] + .getService(Ci.nsIProperties); + let envSvc = Cc["@mozilla.org/process/environment;1"] + .getService(Ci.nsIEnvironment); + let greBinDir = directoryService.get("GreBinD", Ci.nsIFile); + envSvc.set("DYLD_LIBRARY_PATH", greBinDir.path); + // TODO(bug 1107794): Android libraries are in /data/local/xpcb, but "GreBinD" + // does not return this path on Android, so hard code it here. + envSvc.set("LD_LIBRARY_PATH", greBinDir.path + ":/data/local/xpcb"); + envSvc.set("MOZ_TLS_SERVER_DEBUG_LEVEL", "3"); + envSvc.set("MOZ_TLS_SERVER_CALLBACK_PORT", CALLBACK_PORT); + + let httpServer = new HttpServer(); + httpServer.registerPathHandler("/", + function handleServerCallback(aRequest, aResponse) { + aResponse.setStatusLine(aRequest.httpVersion, 200, "OK"); + aResponse.setHeader("Content-Type", "text/plain"); + let responseBody = "OK!"; + aResponse.bodyOutputStream.write(responseBody, responseBody.length); + do_execute_soon(function() { + httpServer.stop(run_next_test); + }); + }); + httpServer.start(CALLBACK_PORT); + + let serverBin = _getBinaryUtil(serverBinName); + let process = Cc["@mozilla.org/process/util;1"].createInstance(Ci.nsIProcess); + process.init(serverBin); + let certDir = directoryService.get("CurWorkD", Ci.nsILocalFile); + certDir.append(`${certsPath}`); + Assert.ok(certDir.exists(), `certificate folder (${certsPath}) should exist`); + // Using "sql:" causes the SQL DB to be used so we can run tests on Android. + process.run(false, [ "sql:" + certDir.path ], 1); + + do_register_cleanup(function() { + process.kill(); + }); +} + +// Returns an Array of OCSP responses for a given ocspRespArray and a location +// for a nssDB where the certs and public keys are prepopulated. +// ocspRespArray is an array of arrays like: +// [ [typeOfResponse, certnick, extracertnick]...] +function generateOCSPResponses(ocspRespArray, nssDBlocation) +{ + let utilBinName = "GenerateOCSPResponse"; + let ocspGenBin = _getBinaryUtil(utilBinName); + let retArray = []; + + for (let i = 0; i < ocspRespArray.length; i++) { + let argArray = []; + let ocspFilepre = do_get_file(i.toString() + ".ocsp", true); + let filename = ocspFilepre.path; + // Using "sql:" causes the SQL DB to be used so we can run tests on Android. + argArray.push("sql:" + nssDBlocation); + argArray.push(ocspRespArray[i][0]); // ocsRespType; + argArray.push(ocspRespArray[i][1]); // nick; + argArray.push(ocspRespArray[i][2]); // extranickname + argArray.push(filename); + do_print("argArray = " + argArray); + + let process = Cc["@mozilla.org/process/util;1"] + .createInstance(Ci.nsIProcess); + process.init(ocspGenBin); + process.run(true, argArray, 5); + Assert.equal(0, process.exitValue, "Process exit value should be 0"); + let ocspFile = do_get_file(i.toString() + ".ocsp", false); + retArray.push(readFile(ocspFile)); + ocspFile.remove(false); + } + return retArray; +} + +// Starts and returns an http responder that will cause a test failure if it is +// queried. The server identities are given by a non-empty array +// serverIdentities. +function getFailingHttpServer(serverPort, serverIdentities) { + let httpServer = new HttpServer(); + httpServer.registerPrefixHandler("/", function(request, response) { + Assert.ok(false, "HTTP responder should not have been queried"); + }); + httpServer.identity.setPrimary("http", serverIdentities.shift(), serverPort); + serverIdentities.forEach(function(identity) { + httpServer.identity.add("http", identity, serverPort); + }); + httpServer.start(serverPort); + return httpServer; +} + +// Starts an http OCSP responder that serves good OCSP responses and +// returns an object with a method stop that should be called to stop +// the http server. +// NB: Because generating OCSP responses inside the HTTP request +// handler can cause timeouts, the expected responses are pre-generated +// all at once before starting the server. This means that their producedAt +// times will all be the same. If a test depends on this not being the case, +// perhaps calling startOCSPResponder twice (at different times) will be +// necessary. +// +// serverPort is the port of the http OCSP responder +// identity is the http hostname that will answer the OCSP requests +// nssDBLocation is the location of the NSS database from where the OCSP +// responses will be generated (assumes appropiate keys are present) +// expectedCertNames is an array of nicks of the certs to be responsed +// expectedBasePaths is an optional array that is used to indicate +// what is the expected base path of the OCSP request. +// expectedMethods is an optional array of methods ("GET" or "POST") indicating +// by which HTTP method the server is expected to be queried. +// expectedResponseTypes is an optional array of OCSP response types to use (see +// GenerateOCSPResponse.cpp). +function startOCSPResponder(serverPort, identity, nssDBLocation, + expectedCertNames, expectedBasePaths, + expectedMethods, expectedResponseTypes) { + let ocspResponseGenerationArgs = expectedCertNames.map( + function(expectedNick) { + let responseType = "good"; + if (expectedResponseTypes && expectedResponseTypes.length >= 1) { + responseType = expectedResponseTypes.shift(); + } + return [responseType, expectedNick, "unused"]; + } + ); + let ocspResponses = generateOCSPResponses(ocspResponseGenerationArgs, + nssDBLocation); + let httpServer = new HttpServer(); + httpServer.registerPrefixHandler("/", + function handleServerCallback(aRequest, aResponse) { + do_print("got request for: " + aRequest.path); + let basePath = aRequest.path.slice(1).split("/")[0]; + if (expectedBasePaths.length >= 1) { + Assert.equal(basePath, expectedBasePaths.shift(), + "Actual and expected base path should match"); + } + Assert.ok(expectedCertNames.length >= 1, + "expectedCertNames should contain >= 1 entries"); + if (expectedMethods && expectedMethods.length >= 1) { + Assert.equal(aRequest.method, expectedMethods.shift(), + "Actual and expected fetch method should match"); + } + aResponse.setStatusLine(aRequest.httpVersion, 200, "OK"); + aResponse.setHeader("Content-Type", "application/ocsp-response"); + aResponse.write(ocspResponses.shift()); + }); + httpServer.identity.setPrimary("http", identity, serverPort); + httpServer.start(serverPort); + return { + stop: function(callback) { + // make sure we consumed each expected response + Assert.equal(ocspResponses.length, 0, + "Should have 0 remaining expected OCSP responses"); + if (expectedMethods) { + Assert.equal(expectedMethods.length, 0, + "Should have 0 remaining expected fetch methods"); + } + if (expectedBasePaths) { + Assert.equal(expectedBasePaths.length, 0, + "Should have 0 remaining expected base paths"); + } + if (expectedResponseTypes) { + Assert.equal(expectedResponseTypes.length, 0, + "Should have 0 remaining expected response types"); + } + httpServer.stop(callback); + } + }; +} + +// A prototype for a fake, error-free sslstatus +var FakeSSLStatus = function(certificate) { + this.serverCert = certificate; +}; + +FakeSSLStatus.prototype = { + serverCert: null, + cipherName: null, + keyLength: 2048, + isDomainMismatch: false, + isNotValidAtThisTime: false, + isUntrusted: false, + isExtendedValidation: false, + getInterface: function(aIID) { + return this.QueryInterface(aIID); + }, + QueryInterface: function(aIID) { + if (aIID.equals(Ci.nsISSLStatus) || + aIID.equals(Ci.nsISupports)) { + return this; + } + throw new Error(Cr.NS_ERROR_NO_INTERFACE); + }, +}; + +// Utility functions for adding tests relating to certificate error overrides + +// Helper function for add_cert_override_test. Probably doesn't need to be +// called directly. +function add_cert_override(aHost, aExpectedBits, aExpectedErrorRegexp, + aSecurityInfo) { + if (aExpectedErrorRegexp) { + do_print(aSecurityInfo.errorMessage); + Assert.ok(aExpectedErrorRegexp.test(aSecurityInfo.errorMessage), + "Actual error message should match expected error regexp"); + } + let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider) + .SSLStatus; + let bits = + (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) | + (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) | + (sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0); + Assert.equal(bits, aExpectedBits, + "Actual and expected override bits should match"); + let cert = sslstatus.serverCert; + let certOverrideService = Cc["@mozilla.org/security/certoverride;1"] + .getService(Ci.nsICertOverrideService); + certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits, + true); +} + +// Given a host, expected error bits (see nsICertOverrideService.idl), an +// expected error code, and optionally a regular expression that the resulting +// error message must match, tests that an initial connection to the host fails +// with the expected errors and that adding an override results in a subsequent +// connection succeeding. +function add_cert_override_test(aHost, aExpectedBits, aExpectedError, + aExpectedErrorRegexp = undefined) { + add_connection_test(aHost, aExpectedError, null, + add_cert_override.bind(this, aHost, aExpectedBits, + aExpectedErrorRegexp)); + add_connection_test(aHost, PRErrorCodeSuccess, null, aSecurityInfo => { + Assert.ok(aSecurityInfo.securityState & + Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN, + "Cert override flag should be set on the security state"); + }); +} + +// Helper function for add_prevented_cert_override_test. This is much like +// add_cert_override except it may not be the case that the connection has an +// SSLStatus set on it. In this case, the error was not overridable anyway, so +// we consider it a success. +function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) { + let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider) + .SSLStatus; + if (sslstatus) { + let bits = + (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) | + (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) | + (sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0); + Assert.equal(bits, aExpectedBits, + "Actual and expected override bits should match"); + let cert = sslstatus.serverCert; + let certOverrideService = Cc["@mozilla.org/security/certoverride;1"] + .getService(Ci.nsICertOverrideService); + certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits, + true); + } +} + +// Given a host, expected error bits (see nsICertOverrideService.idl), and +// an expected error code, tests that an initial connection to the host fails +// with the expected errors and that adding an override does not result in a +// subsequent connection succeeding (i.e. the same error code is encountered). +// The idea here is that for HSTS hosts or hosts with key pins, no error is +// overridable, even if an entry is added to the override service. +function add_prevented_cert_override_test(aHost, aExpectedBits, aExpectedError) { + add_connection_test(aHost, aExpectedError, null, + attempt_adding_cert_override.bind(this, aHost, aExpectedBits)); + add_connection_test(aHost, aExpectedError); +} + +function loginToDBWithDefaultPassword() { + let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"] + .getService(Ci.nsIPK11TokenDB); + let token = tokenDB.getInternalKeyToken(); + token.initPassword(""); + token.login(/*force*/ false); +} + +// Helper for asyncTestCertificateUsages. +class CertVerificationResult { + constructor(certName, usageString, successExpected, resolve) { + this.certName = certName; + this.usageString = usageString; + this.successExpected = successExpected; + this.resolve = resolve; + } + + verifyCertFinished(aPRErrorCode, aVerifiedChain, aHasEVPolicy) { + if (this.successExpected) { + equal(aPRErrorCode, PRErrorCodeSuccess, + `verifying ${this.certName} for ${this.usageString} should succeed`); + } else { + notEqual(aPRErrorCode, PRErrorCodeSuccess, + `verifying ${this.certName} for ${this.usageString} should fail`); + } + this.resolve(); + } +} + +/** + * Asynchronously attempts to verify the given certificate for all supported + * usages (see allCertificateUsages). Verifies that the results match the + * expected successful usages. Returns a promise that will resolve when all + * verifications have been performed. + * Verification happens "now" with no specified flags or hostname. + * + * @param {nsIX509CertDB} certdb + * The certificate database to use to verify the certificate. + * @param {nsIX509Cert} cert + * The certificate to be verified. + * @param {Number[]} expectedUsages + * A list of usages (as their integer values) that are expected to verify + * successfully. + * @return {Promise} + * A promise that will resolve with no value when all asynchronous operations + * have completed. + */ +function asyncTestCertificateUsages(certdb, cert, expectedUsages) { + let now = (new Date()).getTime() / 1000; + let promises = []; + Object.keys(allCertificateUsages).forEach(usageString => { + let promise = new Promise((resolve, reject) => { + let usage = allCertificateUsages[usageString]; + let successExpected = expectedUsages.includes(usage); + let result = new CertVerificationResult(cert.commonName, usageString, + successExpected, resolve); + certdb.asyncVerifyCertAtTime(cert, usage, 0, null, now, result); + }); + promises.push(promise); + }); + return Promise.all(promises); +} + +/** + * Loads the pkcs11testmodule.cpp test PKCS #11 module, and registers a cleanup + * function that unloads it once the calling test completes. + * + * @param {Boolean} expectModuleUnloadToFail + * Should be set to true for tests that manually unload the + * test module, so the attempt to auto unload the test module + * doesn't cause a test failure. Should be set to false + * otherwise, so failure to automatically unload the test + * module gets reported. + */ +function loadPKCS11TestModule(expectModuleUnloadToFail) { + let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile); + libraryFile.append("pkcs11testmodule"); + libraryFile.append(ctypes.libraryName("pkcs11testmodule")); + ok(libraryFile.exists(), "The pkcs11testmodule file should exist"); + + let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11); + do_register_cleanup(() => { + try { + pkcs11.deleteModule("PKCS11 Test Module"); + } catch (e) { + Assert.ok(expectModuleUnloadToFail, + `Module unload should suceed only when expected: ${e}`); + } + }); + pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0); +} diff --git a/security/manager/ssl/tests/unit/moz.build b/security/manager/ssl/tests/unit/moz.build new file mode 100644 index 000000000..8a97120c2 --- /dev/null +++ b/security/manager/ssl/tests/unit/moz.build @@ -0,0 +1,37 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +DIRS += ['tlsserver'] + +if not CONFIG['MOZ_NO_SMART_CARDS']: + DIRS += ['pkcs11testmodule'] + +TEST_DIRS += [ + 'bad_certs', + 'ocsp_certs', + 'test_baseline_requirements', + 'test_cert_eku', + 'test_cert_embedded_null', + 'test_cert_keyUsage', + 'test_cert_sha1', + 'test_cert_signatures', + 'test_cert_trust', + 'test_cert_version', + 'test_certDB_import', + 'test_content_signing', + 'test_ev_certs', + 'test_getchain', + 'test_intermediate_basic_usage_constraints', + 'test_keysize', + 'test_keysize_ev', + 'test_name_constraints', + 'test_ocsp_fetch_method', + 'test_ocsp_url', + 'test_onecrl', + 'test_pinning_dynamic', + 'test_startcom_wosign', + 'test_validity', +] diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem new file mode 100644 index 000000000..ae40112c3 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAiugAwIBAgIUBUmy5jtGrDso26TeIelwmtF+KFAwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowLzEtMCsGA1UEAwwkVGVzdCBJbnRlcm1lZGlhdGUgdXNlZCBhcyBF +bmQtRW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO +FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr +amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka +sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY +VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n +aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE +MdUDrNoYCjXtjQIDAQABo3IwcDAMBgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYw +JDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzAsBgNVHREEJTAj +giFjYS11c2VkLWFzLWVuZC1lbnRpdHkuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQEL +A4IBAQApr3pPS4uWz6oPEhrTO73K+JTP2VRTKgtbooPhOZ6tCRz75P729RzVOEZF +Vf87VSFTTXUdG5Q6+SDNuCdDuyyPR4q38s+8jgv3OVfsEbhPuSx73pLAzYg727Ip +U2ROGoVysc3JrUfwPZSvQ/i4iqdb2sVwtqR5LM1nApy5+p6Ef8cwjfm9qsdrHlnx +3VdiioEOp+8SKH5rzfZe+1jepRODlqvFEO9gFbaqjHLzL005xAcfpsZPH5JzDhqD +g4QiIFlm+wwQ9pTBpk1ZmbgDyk4frrxughFsbR4zDDTfJCREa5RlwH34xOkx/cTu +ee/qZzerx61VI88GvLK87eX2ZiH1 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec new file mode 100644 index 000000000..8e16705b5 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Test Intermediate used as End-Entity +extension:basicConstraints:cA, +extension:authorityInformationAccess:http://localhost:8888/ +extension:subjectAlternativeName:ca-used-as-end-entity.example.com diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key new file mode 100644 index 000000000..8af23e068 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs +VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s +JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI +r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz +iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg +SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R +TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N +gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp +xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r +ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR +3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY +EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs +2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb +WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo +tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl +rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2 +TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit +tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m +ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1 +NBinA5ZsT8d0v3QCr2xDJH9D +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec new file mode 100644 index 000000000..4ad96d515 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec @@ -0,0 +1 @@ +default diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem new file mode 100644 index 000000000..0a9eaebb5 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhTCCAm+gAwIBAgIUNRvpOhsDHEYbRf6bsiAPbvKe2VAwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1 +aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we +adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS +pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W +YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR +CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHH +MIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbYIVKi5waW5u +aW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4 +YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4YW1wbGUu +Y29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9z +dDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAH6+Qe/y1TTCx2w6f31VWp5lcizPkS8s +ODfbgT9pKYqqvYDeiDu3q8SLGHTTsHWWewBCu5Jd0mXPXfZ4FEHcwbVJZUZBvQVr +1aNBCriuzhNUyfjkvfCgM4OuxgNwjbihGDE8VzfxTiz8mDN0AgACCZaUTQnybQc0 +SW+ldxspBgQJom0tkZ+TGi80L3/5P5J2+7AchxhAZzQmebDnxNYDZXCJH8w15was +OzM5BrQzz3vuxupO7lsRzZIzAU+uQD4bjcMpz3oMdj3/0lb0HZGMdU22Ub36PvLC +6mYbTtf0IS5TVyLnbCNeliE6zoPnQPBzAUfoOeD1Tn6HQUQUT8oTf2E= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec new file mode 100644 index 000000000..554339ff5 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Test End-entity +extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem new file mode 100644 index 000000000..c002ab376 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3zCCAcmgAwIBAgIUIxRG1UWRha0HYTAhwhrKHkbqmyMwCwYJKoZIhvcNAQEF +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowKDEmMCQGA1UEAwwdVGVzdCBTSEExIERlbGVnYXRlZCBSZXNwb25k +ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBdcZSZgmfdwgqZ5Hx +uHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBICRMWE +pMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzHBuvN +MHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZmJUeX +7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW8YfN +1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4ZHXEh +aNO7AgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAsGCSqGSIb3DQEBBQOC +AQEANLgtJ15k2R80tTTbdC1m/ZASP24kA5t+lMUcZ2nBrIAKivNshI8oI3BVqq6a +/SP+0D1A0OGkOy8NwwlXhTb5ZAJj8SJyMrfanuGzZQhzFrQc55KeETCm8nPyzGQ9 +bqQs1LETdVsdYXIsY+ODCIHHc3GrC7M4AcfeWobi+fANOYiTkohu+xMrwkNk0cpC +7rGru+XJwmljnc0OwcMeClLOpqRGVXV7bVBQmM731dBSqQabDkOANqEzSD9R7cJN +I/UXxZ24i80bErMcgYQIKA6JwS9deLrx1PVc5s5rsZjMtDT8vuDiRXNbjtbINYFw +MncXL0zcoBe7IV3rdJwY+y3Snw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec new file mode 100644 index 000000000..bdf3e2ee4 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Test SHA1 Delegated Responder +subjectKey:alternate +signature:sha1WithRSAEncryption +extension:extKeyUsage:OCSPSigning diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem new file mode 100644 index 000000000..a89c8d2f7 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcSgAwIBAgIUQXEL+8VLzS0MV1fxD5oqP+1e6jMwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowIzEhMB8GA1UEAwwYVGVzdCBEZWxlZ2F0ZWQgUmVzcG9uZGVyMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c +5TiwbErNIrHL1G+mWtoq3UHIwkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF +5ROMAQbPCL6ahidguuai6PNvI8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM +5AqlkdcpWn9xxb5maR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiI +CBFCIGmYikP+5Izmh4HdIramnNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1 +uJMPdLqQqovHYWckKrH9bWIUDRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwID +AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTALBgkqhkiG9w0BAQsDggEBABNl +rZcaJMbZvRzFDOZ7ZFjf/hqf/VxFBwiP7JOY3ZpvUTkvZkHdEQIaps9Lg0PRWsVj +Q23PgVUJnsRL1qIFsYHDJ0NB3X+ly7IV2kjH0LBshN+8/xHgCzZy6FXtC5tNa3gT +7GFQONTVRoVnnI8JlGMgFFrgY4H/Eyz9YlD6Sgf/zmouPCftajAyKLIrn0wDZXLv +6Cla7n71vDVp8XsdyNZsDVa3x3eU83zzhvQkZz14ScoDzdC0S6Rk9fUTZIm4x/lJ +LV93G6M7AyfnK51EKJR2woG/shfpLXV7Wvc/1122vTQaBqvXwervYKfndf3IRx6U +JkHz9cSPh0zZyGpaY3Y= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec new file mode 100644 index 000000000..19971eeb4 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Test Delegated Responder +subjectKey:alternate +extension:extKeyUsage:OCSPSigning diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem new file mode 100644 index 000000000..ace363638 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/jCCAeigAwIBAgIUfRaj/hxb3Q6v50uP5RoPLfCSeqkwCwYJKoZIhvcNAQEL +MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMD0xOzA5BgNVBAMMMlRlc3QgSW52YWxpZCBEZWxl +Z2F0ZWQgUmVzcG9uZGVyIEZyb20gSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c5TiwbErNIrHL1G+m +Wtoq3UHIwkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF5ROMAQbPCL6ahidg +uuai6PNvI8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM5AqlkdcpWn9xxb5m +aR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiICBFCIGmYikP+5Izm +h4HdIramnNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1uJMPdLqQqovHYWck +KrH9bWIUDRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwIDAQABoxcwFTATBgNV +HSUEDDAKBggrBgEFBQcDCTALBgkqhkiG9w0BAQsDggEBAJqijOH0m68uOc5OkrTx +R4TW6UKEE4FluKJj4WmS5REzWs1IBn/9JYPJEVyvCfVAiEqlxJEaY0Rie+L57Sqt +l57QSIprq2oAqjMHgmNljA7oXumsuGtIMn3E504jCjnejpIXjrLZYcfFTEub8c/A +FF/6Vx7w3Lz9WUdSnC99k5Iu4sa/5OnwUP4/DqchHK3+hx3pOQCgRIBB0imcucjW +XVJnJhI2S1Dny9bNRXm3uj4wk4QgbZPHEyAbTbqSQzBCtA2oir5dODffciqVa12C +FfMjcYYGZI7gJ9BvT5zb2GFWIKOwcEBL/4lcm/NQToNF/0FFNAThlVLp6NEEYkIj +QbE= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec new file mode 100644 index 000000000..be0d3e9e5 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test Intermediate +subject:Test Invalid Delegated Responder From Intermediate +subjectKey:alternate +extension:extKeyUsage:OCSPSigning diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem new file mode 100644 index 000000000..e3ce67d25 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7jCCAdigAwIBAgIUe3gW1PDzhB2nX+14539sWNQNpuQwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowPzE9MDsGA1UEAww0VGVzdCBJbnZhbGlkIERlbGVnYXRlZCBSZXNw +b25kZXIga2V5VXNhZ2UgY3JsU2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJ +isSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF +2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElE +WQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzS +g3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0Y +xMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMPMA0wCwYDVR0PBAQDAgEC +MAsGCSqGSIb3DQEBCwOCAQEAO0hG0xJvxlFc9STPEUfmQezbGJt242zAUVyDT0ZS +K/gQhhWAjjnfVdUz0dWG/RyH9eaIg4SYc+8+igmKyZL+dvhiEgc0dEWk7nCj+G9/ +SomG+QanABPo7S63HnNjSHq0Z3+j1UNFi1Nu3Neeo3yRgwBwHUVerT/iEaKX6s6V +vYaDvPYDK3F5jxE3IUi2zwCMWssm77qOfAMoHx9DZ4Y0Hy5YeYS17mhRpUhYo8Qu +EoEnQVt5+bwBQOsHB86zpjN/8GX9iQGrh/F+31W3qgZYhNwT0dxBgZ8+1/hymzha +rudGgX7xhPC/qaui7LejAFoJZXz7t2s8QP4oqp/gOZ0oyA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec new file mode 100644 index 000000000..2833ed9b5 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Test Invalid Delegated Responder keyUsage crlSigning +subjectKey:alternate +extension:keyUsage:cRLSign diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem new file mode 100644 index 000000000..3f00a11b7 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2DCCAcKgAwIBAgIUeekP5v4eDV4Q3Mhxh7hyoRYhoYMwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowOjE4MDYGA1UEAwwvVGVzdCBJbnZhbGlkIERlbGVnYXRlZCBSZXNw +b25kZXIgTm8gZXh0S2V5VXNhZ2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDBdcZSZgmfdwgqZ5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB +9hSH9BtpiUG9gKUcPBICRMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nf +rzeDRdrOUdTW3NKmyzzHBuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPq +Sf2TsddTQF8Xc3aZlYZmJUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+T +KxKM4ob6fSUcBirSfvAW8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaP +w3SEVzJK196G5lUvHR4ZHXEhaNO7AgMBAAEwCwYJKoZIhvcNAQELA4IBAQBgElte ++KdSalMaq0BsyEkiYRwnsC+LlVJCHffa8RdLZ6av4/k6VFBhP/ssQZOjefG6GAB4 +bNvP/Cll878+fq9whu/3X9ZznL1TLZA1Ej7clSbiCP3TfmPmUeXu6/KMD22o/k/0 +L2cZjABi+Uctu2XxvAn9yN0+I/yulmrVUPcJJLhcMA/L3Drud+ePzjztXpn9DEuO +zJvbT69gWuj61XshHgolczSkALsavYOs9tF9XQYClOcNrr6SiiMBYcarHyB1H+6G +lyd+acDokI0uMuYu+25ucTf0HX8qG6K83Dr6sTCraIKnq59/zbplMsgtocklddJn +5sWaGwVtmt1twn2c +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec new file mode 100644 index 000000000..92444c94a --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec @@ -0,0 +1,3 @@ +issuer:Test CA +subject:Test Invalid Delegated Responder No extKeyUsage +subjectKey:alternate diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem new file mode 100644 index 000000000..b1a665aa9 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9DCCAd6gAwIBAgIUaaTPCaYAcxp4TZ4q8Wcjz6W7UW0wCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowPTE7MDkGA1UEAwwyVGVzdCBJbnZhbGlkIERlbGVnYXRlZCBSZXNw +b25kZXIgV3JvbmcgZXh0S2V5VXNhZ2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDBdcZSZgmfdwgqZ5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrE +o7PB9hSH9BtpiUG9gKUcPBICRMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmD +E7nfrzeDRdrOUdTW3NKmyzzHBuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkL +xaPqSf2TsddTQF8Xc3aZlYZmJUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1 +Ex+TKxKM4ob6fSUcBirSfvAW8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTA +uMaPw3SEVzJK196G5lUvHR4ZHXEhaNO7AgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsG +AQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEAq7dWVM5N/G6AfpGNEGjK0tGgCzZdcUtt +669gV+c45zUlmBFhoQ7P8i/491qaSH5LOOQFzkEzJ0hseylLKZraSC+dxIdc5CA1 +b53vBmjHxhba44C8eEEipG8K/7dljQGprF/0RMNlG9XLaukzVb/QeUK7hJ2EpKeB +rq49TBH0nOirVaPO3xSSwXxNxE0X25zgAl/7Qju2mjMAXzvayN3RYTo/OhAyKXr4 +y5SVoXgQ1ZtlArHFjGCD2vcwWSXJBrJCZaVV0x3EzwKRZA7lGm4F9q0ZGCrBwmBk +rXbL0JlESZPbMxHbE2rcQ6iI3u2mLUJ7qamLjs1Gc6YGnCOc7z2wCg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec new file mode 100644 index 000000000..bc704fbd4 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Test Invalid Delegated Responder Wrong extKeyUsage +subjectKey:alternate +extension:extKeyUsage:codeSigning diff --git a/security/manager/ssl/tests/unit/ocsp_certs/moz.build b/security/manager/ssl/tests/unit/ocsp_certs/moz.build new file mode 100644 index 000000000..187518829 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/moz.build @@ -0,0 +1,42 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca-used-as-end-entity.pem', +# 'default-ee.pem', +# 'delegatedSHA1Signer.pem', +# 'delegatedSigner.pem', +# 'invalidDelegatedSignerFromIntermediate.pem', +# 'invalidDelegatedSignerKeyUsageCrlSigning.pem', +# 'invalidDelegatedSignerNoExtKeyUsage.pem', +# 'invalidDelegatedSignerWrongExtKeyUsage.pem', +# 'multi-tls-feature-bad-ee.pem', +# 'multi-tls-feature-good-ee.pem', +# 'must-staple-ee.pem', +# 'must-staple-ee-with-must-staple-int.pem', +# 'must-staple-missing-ee.pem', +# 'ocspEEWithIntermediate.pem', +# 'ocspOtherEndEntity.pem', +# 'other-test-ca.pem', +# 'rsa-1016-keysizeDelegatedSigner.pem', +# 'test-ca.pem', +# 'test-int.pem', +# 'test-multi-tls-feature-int.pem', +# 'test-must-staple-int.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) +# +#test_keys = ( +# 'default-ee.key', +# 'other-test-ca.key', +# 'rsa-1016-keysizeDelegatedSigner.key', +#) +# +#for test_key in test_keys: +# GeneratedTestKey(test_key) diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem new file mode 100644 index 000000000..3590df90b --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIDCCAgqgAwIBAgIUAc3BKte7ynCOlcIdQ7skOfR97WUwCwYJKoZIhvcNAQEL +MDcxNTAzBgNVBAMMLFRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVsdGlwbGUgVExT +IEZlYXR1cmVzMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMCwx +KjAoBgNVBAMMIU11bHRpIFRMUyBGZWF0dXJlIFRlc3QgRW5kLUVudGl0eTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ +6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk +nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N +/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG +JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd +7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA +AaMvMC0wGAYDVR0RBBEwD4INKi5leGFtcGxlLmNvbTARBggrBgEFBQcBGAQFMAMC +AQUwCwYJKoZIhvcNAQELA4IBAQAcse6lHIyWBVFBP3H4s35RrYiYkmcOVHundfO8 +uvLU+eKh4fFHiBMIHgBrwMH5NWC+ahAe/rc5mcT4tCh95p9TOLYf4Hl7sAAQBBVY +eoReFpIor30mitKZ9XS/nBh2WtNCY7UN9oNdgo+MwW15OXSya0ayAZob/hdJqttR +6+8y63CzBDe/LnUzZcHn/ecQpzjfPAjeFdFrH1ubhSgO/z/E8XOWh0BzwB8dFIw8 +cKHXAFz8vpp/OI+4ZLsfd8edXaCfJ8ysyHhJn3hq8A0KJCxRxaaw4LV+SZlq8TDH +7Auel4lK2LVRLt9px+FoVOp2ySAHQ+ZJXVm9kGgKchFjFTpT +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec new file mode 100644 index 000000000..3fa2793b3 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test Intermediate With Multiple TLS Features +subject:Multi TLS Feature Test End-Entity +extension:subjectAlternativeName:*.example.com +extension:TLSFeature:OCSPMustStaple diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem new file mode 100644 index 000000000..9902cf34e --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIzCCAg2gAwIBAgIUTUm5ul0tN4EwdDlukUalvORwf9cwCwYJKoZIhvcNAQEL +MDcxNTAzBgNVBAMMLFRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVsdGlwbGUgVExT +IEZlYXR1cmVzMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMCwx +KjAoBgNVBAMMIU11bHRpIFRMUyBGZWF0dXJlIFRlc3QgRW5kLUVudGl0eTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ +6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk +nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N +/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG +JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd +7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA +AaMyMDAwGAYDVR0RBBEwD4INKi5leGFtcGxlLmNvbTAUBggrBgEFBQcBGAQIMAYC +AQUCAQYwCwYJKoZIhvcNAQELA4IBAQAQYR5dlm5vViftK6q+RRFU+SRr9UduirxU +Kykrf1IhrnhnGs+XSf6awTrSWvPRZgnLgGOK+X8VTjTTFNPEHDBfXgSydj5hEEk2 +aqZThJYrtObYTLIOaFsfn72mitEhojFg1mUq3TvAVNQZrh1SKKEAH6fFTyTh7MG7 +JVkt44aU0KVXlvqr6wZ+lZ/C1rvUaVVVwanyd0OodvSjNT/3o/Y3F5MxNVH1JwE/ +MgixwIqBkxHva07XmpSCD+GoF2jnBd0kTJOiDd+hVbIqkDN1/b00zI8l9Gu5JIoh +KDDIi2rkJ3khaGjHk934j8IHdGhq281/jTelNDak1FNcKZbhtIH6 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec new file mode 100644 index 000000000..7a8dd223d --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test Intermediate With Multiple TLS Features +subject:Multi TLS Feature Test End-Entity +extension:subjectAlternativeName:*.example.com +extension:TLSFeature:OCSPMustStaple,6 diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem new file mode 100644 index 000000000..f11b4b0cf --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBDCCAe6gAwIBAgIUI5EYmGMBogOQ/tZl8X6zfFiEEzgwCwYJKoZIhvcNAQEL +MC0xKzApBgNVBAMMIlRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVzdC1TdGFwbGUw +IhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwP +VGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby +a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC +D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT +iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT +Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+ +SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAYBgNVHREEETAPgg0qLmV4YW1wbGUu +Y29tMBEGCCsGAQUFBwEYBAUwAwIBBTALBgkqhkiG9w0BAQsDggEBADnrurEZfGFH +wRvnU4iAJf3JOdzUIAB2vPZh1dE7lI1/uqkdoVU7yJJ8ATfH1enD30S1mYOMJM7K +GpWZXRPMSu8VLTmSc5e55GIGXUw/TlNQQ9XL/P1DTFU73Q/AzbxNOR4KO1UOyZAk +EOFvYaDsMnx7WOlqKcg8ad5pi3UWqW97kAPNaGwnd6PVoeF+SZSoMgNJdNeupjYf +izckdD0iP7kFCjlJn+NJNkiwE1WNabqgiWAJUfgH7ck5CR98+1DlGqqZP4FuyQW3 +2AGZYrKC1LZR623le9TZjHsfAWFcBFhrf+QoqRVhBsBLKWWKrRqEo2Erpj8najTe +Q756exgcc5o= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec new file mode 100644 index 000000000..352a60675 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test Intermediate With Must-Staple +subject:Test End-entity +extension:subjectAlternativeName:*.example.com +extension:TLSFeature:OCSPMustStaple diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem new file mode 100644 index 000000000..9ad410a12 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6TCCAdOgAwIBAgIUV0syO5TM/Hi/n/3k2+YYxrJdoUkwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1 +aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we +adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS +pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W +YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR +CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAY +BgNVHREEETAPgg0qLmV4YW1wbGUuY29tMBEGCCsGAQUFBwEYBAUwAwIBBTALBgkq +hkiG9w0BAQsDggEBAIUrl9TwMdyfzqh7QH65lQ84r/+fdhYZmTAQC+Rb43aZBwCR +WlhmJdcNSq6vIGorap0dAPC9+COLcOA6L0YcqaGxIf1fJdiCPuOR1r6Gnns2DnLi +NkxEF8BfKi3POeGK5oEgAbvdvnZgL/GMMST9508WHMY6StjbyGZCE9nQh1dcVme1 +sJ6681Q3CnPYN6D2C/D5mJi8sgdjCPRvntHjfE8uHfvJ7r5/FjsXmY0r056QFPb6 +pi7YhaJP179c5jxQEfakz8zwu4vxkdCwyuj+WK0AjmVTp0vghiX9mHXyXvqTEQuz +tO9XdoIyDDbG7Ki0CFkAObPBnSyf1kWaAHrjmVs= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec new file mode 100644 index 000000000..2cda40dc0 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Test End-entity +extension:subjectAlternativeName:*.example.com +extension:TLSFeature:OCSPMustStaple diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem new file mode 100644 index 000000000..356235d2c --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8TCCAdugAwIBAgIUV9dOwBwg2FhF47/4B7qXwQrm1WowCwYJKoZIhvcNAQEL +MC0xKzApBgNVBAMMIlRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVzdC1TdGFwbGUw +IhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwP +VGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby +a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC +D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT +iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT +Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+ +SSP6clHEMdUDrNoYCjXtjQIDAQABoxwwGjAYBgNVHREEETAPgg0qLmV4YW1wbGUu +Y29tMAsGCSqGSIb3DQEBCwOCAQEAswPptGhoxspv+EZLQd99afqMGGOwoHVS3Chz +HWRXD0CA41nqI+qjr6dAHPsCETwdmV/Mt0Nrm67p/LMQFRrlI8uXLu/l5dtbh4NT +qBK3n8j/OTzdTxUh9YsXCa+k8sOQKTLnqgNQDJmrjQZ7L1i/N5xqc9LSG32e6wqr +6gU3IKv5jWp7lhalkDg+z3VNyvkrPzh9VVWn5IhiHLb88eIEO8XCZ+4CdPR+m+6N +x16VoWRDo0f2wp6vkQga/ow161mjNCXCaFrTOF7oR5qk+cJ6S46YFn3lS0qrmaee +9kTQpvhsNpso1Oat9xPaaW7VUmREO8/X5YcFUPBXnkK023s33g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec new file mode 100644 index 000000000..8e4a6ac0c --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec @@ -0,0 +1,3 @@ +issuer:Test Intermediate With Must-Staple +subject:Test End-entity +extension:subjectAlternativeName:*.example.com diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem new file mode 100644 index 000000000..af8f05578 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMTCCAhugAwIBAgIUC5PMK/apYIhhJmSJ5REzi1z8GkwwCwYJKoZIhvcNAQEL +MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMCwxKjAoBgNVBAMMIVRlc3QgRW5kLWVudGl0eSB3 +aXRoIEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG +8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V +gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3 +04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l +0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz +/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNbMFkwIwYDVR0RBBwwGoIJbG9jYWxob3N0 +gg0qLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0 +cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAKQk077vTRXtYJIB +DlyrzAF/hGVjs1dw5DHiExEBcNs5VRqhx419dX+UBbTOGVakWWNCY3JVkuEU19yf +W2iAAHLuwxmBs+bAJ9N2NvKg8cFH9NNtMfRc0V/9sFscOtRcws9EPHWK4KwQ/86F +EIsm/hkAysKMOaS7+hz/Wk8zS0hTMXQaAnUTGs680gD2SflZBjD17oHpYAJ98qsu +pUWHWRGM6aqb3nExTbwWW0KA6KV6LgpLnTuRzINLIICsShD+ILNGn3dmxL4XqlSq +Fyt1Z/xfs/bsdYnGT8Q/6+cBVEvUNhb2dL+ASVMHVC0eLlIzB/lqNt2T1X3J4jZE +AYgJ+oM= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec new file mode 100644 index 000000000..ae3a51565 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test Intermediate +subject:Test End-entity with Intermediate +extension:subjectAlternativeName:localhost,*.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem new file mode 100644 index 000000000..0e9090fec --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDEDCCAfqgAwIBAgIUFUjNmE1SFk2rDh8tqRDSpaELFlMwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowFTETMBEGA1UEAwwKT3RoZXIgQ2VydDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNbMFkwIwYDVR0R +BBwwGoIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAi +BggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsD +ggEBALNTenHEPdfs+i78r4CBw+GMnpFXBXnMp1nqVwnZfVTCz/XtWjwJr3Oxw1ws +aaypMgtUgkiXGzpdt+OxwdZqH+Z+uaO5EU1e3VzCYvWTUVJ9HLsL0VMsy4OQCX76 +QlvGNr4wIeXu4mOIQRkxPfQHs/SYNo21brxu4oTZ3XJELLvMxKNguX/+FtkzSl/o +jilWj9Pc6gKSiaAbgc3lowS7NvkpxCsz9wTsi/66UhqDg7/dqaQEktApAZEFO6w7 +Mhbm2FGb4d/2t24SlrtETt15MoyKd2vvySzsLcQtRRAug8w2PDqyL5i/EoJhWC5q +MziTfNeX4JKbaasP/25bscXYqng= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec new file mode 100644 index 000000000..5756f6ab5 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Other Cert +extension:subjectAlternativeName:localhost,*.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key new file mode 100644 index 000000000..6db74b5c5 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBdcZSZgmfdwgq +Z5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBIC +RMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzH +BuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZm +JUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW +8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4Z +HXEhaNO7AgMBAAECggEAfj9tfLg572auXX3ZL/VBC7NB3BRyjTkDRXDho3B5DzDw +aBNV//QeKtTpqdn86/vRJ736uMAK/7Hzzqcyfq1HqhYh8qwe4UygLwSzsnhgF5gL +GBpEnQOwPmnRErg1ceVUNPASBWV10oMu1nMdznmeN8g/bVHFWrcetYAVrwXhrxXH +R2A+9/J9A6b/BJ2Wu/hUweTlDvWwWND7CBgOCsf3vo8v8Wc9l/yeVduoOAd7v4p8 +/ylihXeFJpzZ1brStXRp5K/NM8TKLS9pnxHnyPvc1ITwjY77ijy4qXLrJL7Zcu+q +5LtxIJPkj+lKRutimodQeMQCGposk8mnA5Dp0KVEAQKBgQDmP8clprp2klp/+MtZ +xPVt1+yD/oW/H1PhHKyagSWLz8CugZB3sPLRR3qvho3mqOy+r3uyKxlvKprYLTKG +8NDMKd5xnl8r6OUJtyhNWWPt02L5J4h6TEqJeZ00DVGzAax2AasnF5Ak/KrdOL9l +Iq9j6xZGHsAqfyewb+Cd3afAoQKBgQDXGLH+n4+Z8A6DKuH73G/iqyfzTgScSYAQ ++g63CEhSGCNGCDtclsPu5VksAUpBDGuTCxZcE7XCaqMurG58klqFUcJRNPL0pyxk +IfGacxSKDt+rpdOmiIs1y6GMAP047lqvC1RXMdcgdhu8ze50SlLKQV6Y5N4Bzf52 +TBlns+jK2wKBgAHlrKJmyUqI0i4TwrkuokcRbGV6B2gXvf0w20s6nTCVuaS2dJZH +4vhOenhPx4OLCMhZcc96A2+jDjuRw8TQ3yePgMG26FnYRWrbE33vqp8fCsW6yakY +T9TqJ51yLqYm8WDXiq17yDhFzLKd8RXIP2G3YiuZvUOcYJtXkKY8WVGBAoGBAIDM +RdENJITuDRKX/Ae/gLO+/0Yeon4fOPNxeJw69mtKDt0hksIneR208cd64ka/NC8x +hWsPVlgbWKlbETHAxTltsqjDxvOeouM2vCBa5qKgs2hp/KmMu6czzwExmm+bsmt8 +oj0wF/xVHNjaiv3Rf2+i4w00hoeYHNYjTVcekLffAoGAb3fAwfKuesFpVhzKSZxS +vfvgTN3M29wSrsWoVpHoWUt+4pkI8w57lqpiVLgO1K7sm5k3gr38ebadjVjGiHD6 +S+G8DDUnKIxcgrtK668V7f8RBAP8eOas5qgoJ79C8M+nUeUHZRxWONuTk90j3R9r +KVFR3kS3f+Vaew3yceGaZcA= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec new file mode 100644 index 000000000..cbd5f309c --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec @@ -0,0 +1 @@ +alternate diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem new file mode 100644 index 000000000..09bd4bb04 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2zCCAcWgAwIBAgIUexJUIJpq50jgqOwQluhVrAzTF74wCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8y +MDI1MDEwMTAwMDAwMFowGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK +zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG +zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX +KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp +mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6 +kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMd +MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCL +jKgNGmCVYhntJo024WL8bF6hekERMYQbu/CK9moz6wlOpRMOQX1x7U/ianPW9Whi +yoMAgAgNhLr2+t4ewqU2xRxMY0DvMSOuF9l08mptCW5sd/ocrRZuv/RcBmLcRnJm +Y+HuaVOvf1ac32pNN5HYagGQbvvpAaHB5/DyYcywqUM7SttK1QF+AOsGePZdYUK2 +Od5wJwB7yE1Fpgf6O4vZaE0JkTVh8GQipwoPms2GYk2E1sJXu9eUrLBfioVVN0TF +QF4xJxSwyxY8ys5E4+ftIVixVdetrcotUdYR64x9Hd5OPr5Q7VaAvd85ZvuB7xeK +eHxNGBjaJMf1tkamLr3p +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec new file mode 100644 index 000000000..3bc975aa2 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec @@ -0,0 +1,7 @@ +issuer:Other test CA +subject:Other test CA +issuerKey:alternate +subjectKey:alternate +validity:20150101-20250101 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key new file mode 100644 index 000000000..d10324fb3 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICcAIBADANBgkqhkiG9w0BAQEFAASCAlowggJWAgEAAoGAANKbsS+4T93NKbOl +GctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZ +BX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbh +WvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAQJ/PEllBwvzkMJR1aLFJ3xbX9C97oXK +1/4rJ5grsoURSlBwBANq4c+K5Usl5Ns5IVq9fpA/YYwtiy8IzGzRLbzNciBeSUW2 +s984nl5D3goUi7LITiQx/b5ZILBEuycvRez/ByG337YDl/xhOp6jXCIwBTDK6PkV +nFNN878JEJUZAQJAD58XWXyFuAUbnGmvtV71dsmW29CQR9DM3ludYOpcZ/5PrGe+ +gD9LasWj8FD3a5ZvsU9c8QV2HlrebdlgsYO6VQJADXtjcRLOYaVRaMD5yThvsnmr +QMug1Ukza7plJ3JjqseCYRosgdm2Nc94xAAYhZ4BjF6QBtEuPS7m80bnn6QzaQJA +Cf1smj6m6RrjIHD5/BwhD/k1L5e+XR7rlRuzloHp3FtnKlMiIbPYkAyanZm50KTh +AtxFDKG4ewsTid5lFsCuDQJAAUG4MkkbfdSoMwiSACTHnK5kvUR9+IO7TFZyqWur +SLcSOzTyYyRFLNzrF/IeVw40fL4v1MLY+ZEOrCy22JW4yQJABFjdau4YyIsvm4Hx +vDB1riDcH5lz0gck8gsGBD1hR8h4nUoHroi8gshDjIk+AXsTlH9i4LGJWKMetmSx +nmTT4A== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec new file mode 100644 index 000000000..21ed73d60 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec @@ -0,0 +1 @@ +rsa1016 diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem new file mode 100644 index 000000000..a6951536f --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICZzCCAVGgAwIBAgIUSX19XEIdc7camdQ5y1SkxOjYv7kwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowNTEzMDEGA1UEAwwqUlNBIDEwMTYgS2V5IFNpemUgVGVzdCBEZWxl +Z2F0ZWQgUmVzcG9uZGVyMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgADSm7Ev +uE/dzSmzpRnLZsQ7jY+L5UW6eThM5mPtA991mRYA65IHkNJTDOzlRNuZpx8FiWo+ +0gcWVTSqmQV+R8R+O8ga2m+h4S43JotQRqVSaPna18y0hdgaLhnVDU8LaFSsr217 +5p2aCDE24Vr6j1PByMhPxgdyed0OVdc2mlvdAgMBAAGjFzAVMBMGA1UdJQQMMAoG +CCsGAQUFBwMJMAsGCSqGSIb3DQEBCwOCAQEAIsDgLYgpTge+vmb/dIvx4F+F5fZm +N+WmVDn+f4JMHBEOxzWp67x19WkAbvVgj661qo53XtOjjVX80gDfur2fXDdqHF8G +v2N+bKNxKJjxn8SojcXvy2unb3A7VbKcedMvwsesBHky/WPsBK9cQjNGxv4/jRfN +/5q7AQeUaRlN97iEU0JGjIIta6qs/FCLobg5+bhmGdsP2HRacfeCbCkjfdA0QToz +gyOM5g1rlDxXk8mdcnesQxLMi3cka/u8JqYiMjRb3khTjIlHtOcWuTFiPO8zKd/Y +wvJ17FlqgdSHoCCpVP7kQk245umgsJZivphQ2RWKh1X4lhLZhzFP/5+rxw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec new file mode 100644 index 000000000..05f73368a --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:RSA 1016 Key Size Test Delegated Responder +subjectKey:rsa1016 +extension:extKeyUsage:OCSPSigning diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem new file mode 100644 index 000000000..1d50176e4 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbmgAwIBAgIUH9DaznYx1NE1Cu9I8cBqxV9VgF4wCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowEjEQMA4GA1UEAwwHVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw +AwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA1o3GayNFRlVTrsoj2 +Ag06YatbGe94M/FT0MXngjlmrMkGZqHaDlrii7Jz+JP16CBjaIZ0ZP7I56Nn/l8y +/kfe++zvr1uwRaKjtRGBiFpCjx10rI508wzSnOox3+bOtv9qjYaY7UjkBV3F40IS +P8qKMtNspsR4tjS/D1jbculhngkPqhskefZFQQvcgG54L5j921GFKNeeX6i9QAzV +jjM6i/iQYpAWCuh5+CetwUnfFuZCM80npp/qHMESkT3PyPpwqT9A5K+xQdVfpXq5 +SmVy5+QGWALuSV1sfIRXRwOh+2jCWwWPbyi9TlHrvlO5mL38qikdYBDPat3ve4cq +5viq +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec new file mode 100644 index 000000000..5d2435d7b --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Test CA +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem new file mode 100644 index 000000000..df9ad3ddb --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2TCCAcOgAwIBAgIUBVio/iQ21GCi2iUven8oJ/gae74wCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8yMDI1MDEw +MTAwMDAwMFowHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0 +7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D +/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw +JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX +rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd +q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAb +MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAry6Z +DoUhexYUJTzWwN1ZIwWeXW/QxJR5u4DvK6pBPInDdyfv20EuxXKODYWXXPGbOY8X +5SEsUtS+1WUlMAXenmejPvDcjeEGLS8tfJQbgHtPrDhQR43fnYGZrA2pWVmxQ+TJ +Lrg18uGIuMcfAr3RwMzeK+uj81bybeYZN5haISWa6bF2a81vMx/WDgyFSYYBOYph +nCPWVSqPTK/6NwbyWZORs474Flx45uzo7g9mMCmbwz9IzdJYpVrViVAFTU1gSbNQ +ED3LzwGkS7eO8Lqzk9a94uIGqhxtGDvxFe+6Be/Il3M/5d2WC2Jmqzv8cU/u4GLb +dKrXnD3epofIjHnOUA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec new file mode 100644 index 000000000..33b42c2f4 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Test Intermediate +validity:20150101-20250101 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem new file mode 100644 index 000000000..bed4aa01f --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCjCCAfSgAwIBAgIUF6PsbfnmMCcksq3bK0t3nzIF7tUwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowNzE1MDMGA1UEAwwsVGVzdCBJbnRlcm1lZGlhdGUgV2l0aCBNdWx0 +aXBsZSBUTFMgRmVhdHVyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a +hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t +FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o +N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d +JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4 +s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjMzAxMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgEGMBQGCCsGAQUFBwEYBAgwBgIBBQIBBjALBgkqhkiG9w0BAQsDggEBACXM +X1+QvZrthE9BrtXJMI2wNwZTzvAiGIqcqxtD9a6oTP1OAM+U7+3iANV4BT+IOS1z +9KhPBwzdFxQTxHO7mx34T+ImN5WeIn/Hhm1RrBe67Jqvi+Pu1bHparQCoQl1OjH8 +mtSaV+VA7pciTvyU9GwMMsCyiOMElt/j8GjtbyMAQmQ9+xbyVV30kQCEZaNgzgf6 +ilNPTtVtzofi6Y4gUZ3tGYVQaDvVJRhdS64w+A2rXSDREykU114P+qY9M6TkRYI7 +KPvPIVSUz0ry3RPazPdDYbyRAqHUi1e5yxBn/Lhx8bGSrnCe4Au2PNDnU7d8rzZl +yaBFzeN4UoHzO47kZAw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec new file mode 100644 index 000000000..3f0e925aa --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Test Intermediate With Multiple TLS Features +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:TLSFeature:OCSPMustStaple,6 diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem new file mode 100644 index 000000000..d00c3d101 --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/TCCAeegAwIBAgIUexXLwzeuuZ7h9L7rPOqB8bmBqKswCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowLTErMCkGA1UEAwwiVGVzdCBJbnRlcm1lZGlhdGUgV2l0aCBNdXN0 +LVN0YXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW +Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk +cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT +AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3 +ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh +s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV +A6zaGAo17Y0CAwEAAaMwMC4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwEQYI +KwYBBQUHARgEBTADAgEFMAsGCSqGSIb3DQEBCwOCAQEAtJc7b/hr44cTKye9RzeU +9HJmYyrdbTxVlQ2elV07NZ1i4K6HuCs4shQ997z+ALGOsSWny6MoP+C3u91rn90b +QO5SpVCj4wMjB7Lao8XuO47OWqcdMzCqqA51+3pCF6qq8U2jBe/lbDZYvOyTwk/9 ++PuasYUaXc5Lr/cdjMqJu1bBncdZny+cBqWqUJ3H4AFRSgZ4nbgkyksrgHiUW6aE +VzejhDcE06cn3N7cp6VyA0mh1qH7cOSWGk8ORo8hzmoY6dKIBTkncYOu2psAnfkU +99CODDCmfQd9uwp3bBX/MPPkxXjA72SVream3ULGa7o9gpoI5A6eOollJCox49DJ +ow== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec new file mode 100644 index 000000000..7c29aa0ad --- /dev/null +++ b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec @@ -0,0 +1,5 @@ +issuer:Test CA +subject:Test Intermediate With Must-Staple +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:TLSFeature:OCSPMustStaple diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build b/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build new file mode 100644 index 000000000..4935c0781 --- /dev/null +++ b/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build @@ -0,0 +1,18 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +FINAL_TARGET = '_tests/xpcshell/security/manager/ssl/tests/unit/pkcs11testmodule' + +UNIFIED_SOURCES += [ + 'pkcs11testmodule.cpp', +] + +SharedLibrary('pkcs11testmodule') + +# C_GetFunctionList needs to be exported. As it turns out, it's much easier to +# just export all the symbols. +NO_VISIBILITY_FLAGS = True +SYMBOLS_FILE = 'pkcs11testmodule.symbols' diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp new file mode 100644 index 000000000..531da1308 --- /dev/null +++ b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp @@ -0,0 +1,633 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This is a testing PKCS #11 module that simulates a token being inserted and +// removed from a slot every 50ms. This is achieved mainly in +// Test_C_WaitForSlotEvent. The smartcard monitoring code essentially calls +// this function in a tight loop. Each time, this module waits for 50ms and +// returns, having changed its internal state to report that the token has +// either been inserted or removed, as appropriate. +// This module also provides an alternate token that is always present for tests +// that don't want the cyclic behavior described above. + +#include + +#if defined(WIN32) +# include // for Sleep +#else +# include // for usleep +#endif + +#include "pkcs11.h" + +CK_RV Test_C_Initialize(CK_VOID_PTR) +{ + return CKR_OK; +} + +CK_RV Test_C_Finalize(CK_VOID_PTR) +{ + return CKR_OK; +} + +static const CK_VERSION CryptokiVersion = { 2, 2 }; +static const CK_VERSION TestLibraryVersion = { 0, 0 }; +static const char TestLibraryDescription[] = "Test PKCS11 Library"; +static const char TestManufacturerID[] = "Test PKCS11 Manufacturer ID"; + +/* The dest buffer is one in the CK_INFO or CK_TOKEN_INFO structs. + * Those buffers are padded with spaces. DestSize corresponds to the declared + * size for those buffers (e.g. 32 for `char foo[32]`). + * The src buffer is a string literal. SrcSize includes the string + * termination character (e.g. 4 for `const char foo[] = "foo"` */ +template +void CopyString(unsigned char (&dest)[DestSize], const char (&src)[SrcSize]) +{ + static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1"); + memcpy(dest, src, SrcSize - 1); + memset(dest + SrcSize - 1, ' ', DestSize - SrcSize + 1); +} + +CK_RV Test_C_GetInfo(CK_INFO_PTR pInfo) +{ + if (!pInfo) { + return CKR_ARGUMENTS_BAD; + } + + pInfo->cryptokiVersion = CryptokiVersion; + CopyString(pInfo->manufacturerID, TestManufacturerID); + pInfo->flags = 0; // must be 0 + CopyString(pInfo->libraryDescription, TestLibraryDescription); + pInfo->libraryVersion = TestLibraryVersion; + return CKR_OK; +} + +CK_RV Test_C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR) +{ + return CKR_OK; +} + +static int tokenPresent = 0; + +CK_RV Test_C_GetSlotList(CK_BBOOL limitToTokensPresent, + CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount) +{ + if (!pulCount) { + return CKR_ARGUMENTS_BAD; + } + + // Slot 2 is always present, while slot 1 may or may not be present. + CK_ULONG slotCount = (!limitToTokensPresent || tokenPresent ? 1 : 0) + 1; + + if (pSlotList) { + if (*pulCount < slotCount) { + return CKR_BUFFER_TOO_SMALL; + } + // apparently CK_SLOT_IDs are integers [1,N] because + // who likes counting from 0 all the time? + if (slotCount == 1) { + pSlotList[0] = 2; + } else { + pSlotList[0] = 1; + pSlotList[1] = 2; + } + } + + *pulCount = slotCount; + return CKR_OK; +} + +static const char TestSlotDescription[] = "Test PKCS11 Slot"; +static const char TestSlot2Description[] = "Test PKCS11 Slot 二"; + +CK_RV Test_C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) +{ + if (!pInfo) { + return CKR_ARGUMENTS_BAD; + } + + switch (slotID) { + case 1: + CopyString(pInfo->slotDescription, TestSlotDescription); + pInfo->flags = (tokenPresent ? CKF_TOKEN_PRESENT : 0) | + CKF_REMOVABLE_DEVICE; + break; + case 2: + CopyString(pInfo->slotDescription, TestSlot2Description); + pInfo->flags = CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE; + break; + default: + return CKR_ARGUMENTS_BAD; + } + + CopyString(pInfo->manufacturerID, TestManufacturerID); + pInfo->hardwareVersion = TestLibraryVersion; + pInfo->firmwareVersion = TestLibraryVersion; + return CKR_OK; +} + +// Deliberately include énye to ensure we're handling encoding correctly. +// The PKCS #11 base specification v2.20 specifies that strings be encoded +// as UTF-8. +static const char TestTokenLabel[] = "Test PKCS11 Tokeñ Label"; +static const char TestToken2Label[] = "Test PKCS11 Tokeñ 2 Label"; +static const char TestTokenModel[] = "Test Model"; + +CK_RV Test_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) +{ + if (!pInfo) { + return CKR_ARGUMENTS_BAD; + } + + switch (slotID) { + case 1: + CopyString(pInfo->label, TestTokenLabel); + break; + case 2: + CopyString(pInfo->label, TestToken2Label); + break; + default: + return CKR_ARGUMENTS_BAD; + } + + CopyString(pInfo->manufacturerID, TestManufacturerID); + CopyString(pInfo->model, TestTokenModel); + memset(pInfo->serialNumber, 0, sizeof(pInfo->serialNumber)); + pInfo->flags = CKF_TOKEN_INITIALIZED; + pInfo->ulMaxSessionCount = 1; + pInfo->ulSessionCount = 0; + pInfo->ulMaxRwSessionCount = 1; + pInfo->ulRwSessionCount = 0; + pInfo->ulMaxPinLen = 4; + pInfo->ulMinPinLen = 4; + pInfo->ulTotalPublicMemory = 1024; + pInfo->ulFreePublicMemory = 1024; + pInfo->ulTotalPrivateMemory = 1024; + pInfo->ulFreePrivateMemory = 1024; + pInfo->hardwareVersion = TestLibraryVersion; + pInfo->firmwareVersion = TestLibraryVersion; + memset(pInfo->utcTime, 0, sizeof(pInfo->utcTime)); + return CKR_OK; +} + +CK_RV Test_C_GetMechanismList(CK_SLOT_ID, + CK_MECHANISM_TYPE_PTR, + CK_ULONG_PTR pulCount) +{ + if (!pulCount) { + return CKR_ARGUMENTS_BAD; + } + + *pulCount = 0; + return CKR_OK; +} + +CK_RV Test_C_GetMechanismInfo(CK_SLOT_ID, CK_MECHANISM_TYPE, + CK_MECHANISM_INFO_PTR) +{ + return CKR_OK; +} + +CK_RV Test_C_InitToken(CK_SLOT_ID, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR) +{ + return CKR_OK; +} + +CK_RV Test_C_InitPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SetPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG, + CK_UTF8CHAR_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS, CK_VOID_PTR, CK_NOTIFY, + CK_SESSION_HANDLE_PTR phSession) +{ + switch (slotID) { + case 1: + *phSession = 1; + break; + case 2: + *phSession = 2; + break; + default: + return CKR_ARGUMENTS_BAD; + } + + return CKR_OK; +} + +CK_RV Test_C_CloseSession(CK_SESSION_HANDLE) +{ + return CKR_OK; +} + +CK_RV Test_C_CloseAllSessions(CK_SLOT_ID) +{ + return CKR_OK; +} + +CK_RV Test_C_GetSessionInfo(CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo) +{ + if (!pInfo) { + return CKR_ARGUMENTS_BAD; + } + + switch (hSession) { + case 1: + pInfo->slotID = 1; + break; + case 2: + pInfo->slotID = 2; + break; + default: + return CKR_ARGUMENTS_BAD; + } + + pInfo->state = CKS_RO_PUBLIC_SESSION; + pInfo->flags = CKF_SERIAL_SESSION; + return CKR_OK; +} + +CK_RV Test_C_GetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_OBJECT_HANDLE, CK_OBJECT_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Login(CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Logout(CK_SESSION_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_CreateObject(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG, + CK_OBJECT_HANDLE_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_CopyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, + CK_ULONG, CK_OBJECT_HANDLE_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DestroyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GetObjectSize(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_FindObjectsInit(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG) +{ + return CKR_OK; +} + +CK_RV Test_C_FindObjects(CK_SESSION_HANDLE, CK_OBJECT_HANDLE_PTR, CK_ULONG, + CK_ULONG_PTR pulObjectCount) +{ + *pulObjectCount = 0; + return CKR_OK; +} + +CK_RV Test_C_FindObjectsFinal(CK_SESSION_HANDLE) +{ + return CKR_OK; +} + +CK_RV Test_C_EncryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Encrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_EncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_EncryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DecryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Decrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DecryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DecryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DigestInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Digest(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DigestKey(CK_SESSION_HANDLE, CK_OBJECT_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DigestFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Sign(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, + CK_OBJECT_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_VerifyInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Verify(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_VerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_VerifyFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_VerifyRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, + CK_OBJECT_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_VerifyRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DigestEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DecryptDigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DecryptVerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GenerateKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR, + CK_ULONG, CK_OBJECT_HANDLE_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GenerateKeyPair(CK_SESSION_HANDLE, CK_MECHANISM_PTR, + CK_ATTRIBUTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, + CK_ULONG, CK_OBJECT_HANDLE_PTR, + CK_OBJECT_HANDLE_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_WrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, + CK_OBJECT_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_UnwrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, + CK_BYTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, CK_ULONG, + CK_OBJECT_HANDLE_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DeriveKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SeedRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GenerateRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GetFunctionStatus(CK_SESSION_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_CancelFunction(CK_SESSION_HANDLE) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_WaitForSlotEvent(CK_FLAGS, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR) +{ +#ifdef WIN32 + Sleep(50); // Sleep takes the duration argument as milliseconds +#else + usleep(50000); // usleep takes the duration argument as microseconds +#endif + *pSlot = 1; + tokenPresent = !tokenPresent; + return CKR_OK; +} + +static CK_FUNCTION_LIST FunctionList = { + { 2, 2 }, + Test_C_Initialize, + Test_C_Finalize, + Test_C_GetInfo, + Test_C_GetFunctionList, + Test_C_GetSlotList, + Test_C_GetSlotInfo, + Test_C_GetTokenInfo, + Test_C_GetMechanismList, + Test_C_GetMechanismInfo, + Test_C_InitToken, + Test_C_InitPIN, + Test_C_SetPIN, + Test_C_OpenSession, + Test_C_CloseSession, + Test_C_CloseAllSessions, + Test_C_GetSessionInfo, + Test_C_GetOperationState, + Test_C_SetOperationState, + Test_C_Login, + Test_C_Logout, + Test_C_CreateObject, + Test_C_CopyObject, + Test_C_DestroyObject, + Test_C_GetObjectSize, + Test_C_GetAttributeValue, + Test_C_SetAttributeValue, + Test_C_FindObjectsInit, + Test_C_FindObjects, + Test_C_FindObjectsFinal, + Test_C_EncryptInit, + Test_C_Encrypt, + Test_C_EncryptUpdate, + Test_C_EncryptFinal, + Test_C_DecryptInit, + Test_C_Decrypt, + Test_C_DecryptUpdate, + Test_C_DecryptFinal, + Test_C_DigestInit, + Test_C_Digest, + Test_C_DigestUpdate, + Test_C_DigestKey, + Test_C_DigestFinal, + Test_C_SignInit, + Test_C_Sign, + Test_C_SignUpdate, + Test_C_SignFinal, + Test_C_SignRecoverInit, + Test_C_SignRecover, + Test_C_VerifyInit, + Test_C_Verify, + Test_C_VerifyUpdate, + Test_C_VerifyFinal, + Test_C_VerifyRecoverInit, + Test_C_VerifyRecover, + Test_C_DigestEncryptUpdate, + Test_C_DecryptDigestUpdate, + Test_C_SignEncryptUpdate, + Test_C_DecryptVerifyUpdate, + Test_C_GenerateKey, + Test_C_GenerateKeyPair, + Test_C_WrapKey, + Test_C_UnwrapKey, + Test_C_DeriveKey, + Test_C_SeedRandom, + Test_C_GenerateRandom, + Test_C_GetFunctionStatus, + Test_C_CancelFunction, + Test_C_WaitForSlotEvent +}; + +CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) +{ + *ppFunctionList = &FunctionList; + return CKR_OK; +} diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols new file mode 100644 index 000000000..562ecea21 --- /dev/null +++ b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols @@ -0,0 +1 @@ +C_GetFunctionList diff --git a/security/manager/ssl/tests/unit/pycert.py b/security/manager/ssl/tests/unit/pycert.py new file mode 100755 index 000000000..9c8efa915 --- /dev/null +++ b/security/manager/ssl/tests/unit/pycert.py @@ -0,0 +1,697 @@ +#!/usr/bin/env python +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +""" +Reads a certificate specification from stdin or a file and outputs a +signed x509 certificate with the desired properties. + +The input format is as follows: + +issuer: +subject: +[version:{1,2,3,4}] +[validity:] +[issuerKey:] +[subjectKey:] +[signature:{sha256WithRSAEncryption,sha1WithRSAEncryption, + md5WithRSAEncryption,ecdsaWithSHA256}] +[serialNumber:] +[extension:>] +[...] + +Known extensions are: +basicConstraints:[cA],[pathLenConstraint] +keyUsage:[digitalSignature,nonRepudiation,keyEncipherment, + dataEncipherment,keyAgreement,keyCertSign,cRLSign] +extKeyUsage:[serverAuth,clientAuth,codeSigning,emailProtection + nsSGC, # Netscape Server Gated Crypto + OCSPSigning,timeStamping] +subjectAlternativeName:[,...] +authorityInformationAccess: +certificatePolicies:[,...] +nameConstraints:{permitted,excluded}:[,...] +nsCertType:sslServer +TLSFeature:[,...] + +Where: + [] indicates an optional field or component of a field + <> indicates a required component of a field + {} indicates a choice of exactly one value among a set of values + [a,b,c] indicates a list of potential values, of which zero or more + may be used + +For instance, the version field is optional. However, if it is +specified, it must have exactly one value from the set {1,2,3,4}. + +Most fields have reasonable default values. By default one shared RSA +key is used for all signatures and subject public key information +fields. Using "issuerKey:" or +"subjectKey:" causes a different key be used for +signing or as the subject public key information field, respectively. +See pykey.py for the list of available specifications. +The signature algorithm is sha256WithRSAEncryption by default. + +The validity period may be specified as either concrete notBefore and +notAfter values or as a validity period centered around 'now'. For the +latter, this will result in a notBefore of 'now' - duration/2 and a +notAfter of 'now' + duration/2. + +Issuer and subject distinguished name specifications are of the form +'[stringEncoding]/C=XX/O=Example/CN=example.com'. C (country name), ST +(state or province name), L (locality name), O (organization name), OU +(organizational unit name), CN (common name) and emailAddress (email +address) are currently supported. The optional stringEncoding field may +be 'utf8String' or 'printableString'. If the given string does not +contain a '/', it is assumed to represent a common name. If an empty +string is provided, then an empty distinguished name is returned. +DirectoryNames also use this format. When specifying a directoryName in +a nameConstraints extension, the implicit form may not be used. + +If an extension name has '[critical]' after it, it will be marked as +critical. Otherwise (by default), it will not be marked as critical. + +TLSFeature values can either consist of a named value (currently only +'OCSPMustStaple' which corresponds to status_request) or a numeric TLS +feature value (see rfc7633 for more information). + +If a serial number is not explicitly specified, it is automatically +generated based on the contents of the certificate. +""" + +from pyasn1.codec.der import decoder +from pyasn1.codec.der import encoder +from pyasn1.type import constraint, namedtype, tag, univ, useful +from pyasn1_modules import rfc2459 +import base64 +import datetime +import hashlib +import re +import sys + +import pykey + +# The GeneralSubtree definition in pyasn1_modules.rfc2459 is incorrect. +# Where this definition uses a DefaultedNamedType, pyasn1_modules uses +# a NamedType, which results in the default value being explicitly +# encoded, which is incorrect for DER. +class GeneralSubtree(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('base', rfc2459.GeneralName()), + namedtype.DefaultedNamedType('minimum', rfc2459.BaseDistance(0).subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('maximum', rfc2459.BaseDistance().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) + ) + + +# The NameConstraints definition in pyasn1_modules.rfc2459 is incorrect. +# excludedSubtrees has a tag value of 1, not 0. +class NameConstraints(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('permittedSubtrees', rfc2459.GeneralSubtrees().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('excludedSubtrees', rfc2459.GeneralSubtrees().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) + ) + + +class Error(Exception): + """Base class for exceptions in this module.""" + pass + + +class UnknownBaseError(Error): + """Base class for handling unexpected input in this module.""" + def __init__(self, value): + super(UnknownBaseError, self).__init__() + self.value = value + self.category = 'input' + + def __str__(self): + return 'Unknown %s type "%s"' % (self.category, repr(self.value)) + + +class UnknownAlgorithmTypeError(UnknownBaseError): + """Helper exception type to handle unknown algorithm types.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'algorithm' + + +class UnknownParameterTypeError(UnknownBaseError): + """Helper exception type to handle unknown input parameters.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'parameter' + + +class UnknownExtensionTypeError(UnknownBaseError): + """Helper exception type to handle unknown input extensions.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'extension' + + +class UnknownKeyPurposeTypeError(UnknownBaseError): + """Helper exception type to handle unknown key purposes.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'keyPurpose' + + +class UnknownKeyTargetError(UnknownBaseError): + """Helper exception type to handle unknown key targets.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'key target' + + +class UnknownVersionError(UnknownBaseError): + """Helper exception type to handle unknown specified versions.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'version' + + +class UnknownNameConstraintsSpecificationError(UnknownBaseError): + """Helper exception type to handle unknown specified + nameConstraints.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'nameConstraints specification' + + +class UnknownDNTypeError(UnknownBaseError): + """Helper exception type to handle unknown DN types.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'DN' + + +class UnknownNSCertTypeError(UnknownBaseError): + """Helper exception type to handle unknown nsCertType types.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'nsCertType' + + +class UnknownTLSFeature(UnknownBaseError): + """Helper exception type to handle unknown TLS Features.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'TLSFeature' + + +class InvalidSerialNumber(Error): + """Exception type to handle invalid serial numbers.""" + + def __init__(self, value): + super(InvalidSerialNumber, self).__init__() + self.value = value + + def __str__(self): + return repr(self.value) + + +def getASN1Tag(asn1Type): + """Helper function for returning the base tag value of a given + type from the pyasn1 package""" + return asn1Type.baseTagSet.getBaseTag().asTuple()[2] + +def stringToAccessDescription(string): + """Helper function that takes a string representing a URI + presumably identifying an OCSP authority information access + location. Returns an AccessDescription usable by pyasn1.""" + accessMethod = rfc2459.id_ad_ocsp + accessLocation = rfc2459.GeneralName() + accessLocation.setComponentByName('uniformResourceIdentifier', string) + sequence = univ.Sequence() + sequence.setComponentByPosition(0, accessMethod) + sequence.setComponentByPosition(1, accessLocation) + return sequence + +def stringToDN(string, tag=None): + """Takes a string representing a distinguished name or directory + name and returns a Name for use by pyasn1. See the documentation + for the issuer and subject fields for more details. Takes an + optional implicit tag in cases where the Name needs to be tagged + differently.""" + if string and '/' not in string: + string = '/CN=%s' % string + rdns = rfc2459.RDNSequence() + pattern = '/(C|ST|L|O|OU|CN|emailAddress)=' + split = re.split(pattern, string) + # split should now be [[encoding], , , , , ...] + if split[0]: + encoding = split[0] + else: + encoding = 'utf8String' + for pos, (nameType, value) in enumerate(zip(split[1::2], split[2::2])): + ava = rfc2459.AttributeTypeAndValue() + if nameType == 'C': + ava.setComponentByName('type', rfc2459.id_at_countryName) + nameComponent = rfc2459.X520countryName(value) + elif nameType == 'ST': + ava.setComponentByName('type', rfc2459.id_at_stateOrProvinceName) + nameComponent = rfc2459.X520StateOrProvinceName() + elif nameType == 'L': + ava.setComponentByName('type', rfc2459.id_at_localityName) + nameComponent = rfc2459.X520LocalityName() + elif nameType == 'O': + ava.setComponentByName('type', rfc2459.id_at_organizationName) + nameComponent = rfc2459.X520OrganizationName() + elif nameType == 'OU': + ava.setComponentByName('type', rfc2459.id_at_organizationalUnitName) + nameComponent = rfc2459.X520OrganizationalUnitName() + elif nameType == 'CN': + ava.setComponentByName('type', rfc2459.id_at_commonName) + nameComponent = rfc2459.X520CommonName() + elif nameType == 'emailAddress': + ava.setComponentByName('type', rfc2459.emailAddress) + nameComponent = rfc2459.Pkcs9email(value) + else: + raise UnknownDNTypeError(nameType) + if not nameType == 'C' and not nameType == 'emailAddress': + # The value may have things like '\0' (i.e. a slash followed by + # the number zero) that have to be decoded into the resulting + # '\x00' (i.e. a byte with value zero). + nameComponent.setComponentByName(encoding, value.decode(encoding='string_escape')) + ava.setComponentByName('value', nameComponent) + rdn = rfc2459.RelativeDistinguishedName() + rdn.setComponentByPosition(0, ava) + rdns.setComponentByPosition(pos, rdn) + if tag: + name = rfc2459.Name().subtype(implicitTag=tag) + else: + name = rfc2459.Name() + name.setComponentByPosition(0, rdns) + return name + +def stringToAlgorithmIdentifiers(string): + """Helper function that converts a description of an algorithm + to a representation usable by the pyasn1 package and a hash + algorithm name for use by pykey.""" + algorithmIdentifier = rfc2459.AlgorithmIdentifier() + algorithmName = None + algorithm = None + if string == 'sha1WithRSAEncryption': + algorithmName = 'SHA-1' + algorithm = rfc2459.sha1WithRSAEncryption + elif string == 'sha256WithRSAEncryption': + algorithmName = 'SHA-256' + algorithm = univ.ObjectIdentifier('1.2.840.113549.1.1.11') + elif string == 'md5WithRSAEncryption': + algorithmName = 'MD5' + algorithm = rfc2459.md5WithRSAEncryption + elif string == 'ecdsaWithSHA256': + algorithmName = 'sha256' + algorithm = univ.ObjectIdentifier('1.2.840.10045.4.3.2') + else: + raise UnknownAlgorithmTypeError(string) + algorithmIdentifier.setComponentByName('algorithm', algorithm) + return (algorithmIdentifier, algorithmName) + +def datetimeToTime(dt): + """Takes a datetime object and returns an rfc2459.Time object with + that time as its value as a GeneralizedTime""" + time = rfc2459.Time() + time.setComponentByName('generalTime', useful.GeneralizedTime(dt.strftime('%Y%m%d%H%M%SZ'))) + return time + +def serialBytesToString(serialBytes): + """Takes a list of integers in the interval [0, 255] and returns + the corresponding serial number string.""" + serialBytesLen = len(serialBytes) + if serialBytesLen > 127: + raise InvalidSerialNumber("{} bytes is too long".format(serialBytesLen)) + # Prepend the ASN.1 INTEGER tag and length bytes. + stringBytes = [getASN1Tag(univ.Integer), serialBytesLen] + serialBytes + return ''.join(chr(b) for b in stringBytes) + +class Certificate(object): + """Utility class for reading a certificate specification and + generating a signed x509 certificate""" + + def __init__(self, paramStream): + self.versionValue = 2 # a value of 2 is X509v3 + self.signature = 'sha256WithRSAEncryption' + self.issuer = 'Default Issuer' + actualNow = datetime.datetime.utcnow() + self.now = datetime.datetime.strptime(str(actualNow.year), '%Y') + aYearAndAWhile = datetime.timedelta(days=400) + self.notBefore = self.now - aYearAndAWhile + self.notAfter = self.now + aYearAndAWhile + self.subject = 'Default Subject' + self.extensions = None + self.subjectKey = pykey.keyFromSpecification('default') + self.issuerKey = pykey.keyFromSpecification('default') + self.serialNumber = None + self.decodeParams(paramStream) + # If a serial number wasn't specified, generate one based on + # the certificate contents. + if not self.serialNumber: + self.serialNumber = self.generateSerialNumber() + + def generateSerialNumber(self): + """Generates a serial number for this certificate based on its + contents. Intended to be reproducible for compatibility with + the build system on OS X (see the comment above main, later in + this file).""" + hasher = hashlib.sha256() + hasher.update(str(self.versionValue)) + hasher.update(self.signature) + hasher.update(self.issuer) + hasher.update(str(self.notBefore)) + hasher.update(str(self.notAfter)) + hasher.update(self.subject) + if self.extensions: + for extension in self.extensions: + hasher.update(str(extension)) + serialBytes = [ord(c) for c in hasher.digest()[:20]] + # Ensure that the most significant bit isn't set (which would + # indicate a negative number, which isn't valid for serial + # numbers). + serialBytes[0] &= 0x7f + # Also ensure that the least significant bit on the most + # significant byte is set (to prevent a leading zero byte, + # which also wouldn't be valid). + serialBytes[0] |= 0x01 + return serialBytesToString(serialBytes) + + def decodeParams(self, paramStream): + for line in paramStream.readlines(): + self.decodeParam(line.strip()) + + def decodeParam(self, line): + param = line.split(':')[0] + value = ':'.join(line.split(':')[1:]) + if param == 'version': + self.setVersion(value) + elif param == 'subject': + self.subject = value + elif param == 'issuer': + self.issuer = value + elif param == 'validity': + self.decodeValidity(value) + elif param == 'extension': + self.decodeExtension(value) + elif param == 'issuerKey': + self.setupKey('issuer', value) + elif param == 'subjectKey': + self.setupKey('subject', value) + elif param == 'signature': + self.signature = value + elif param == 'serialNumber': + serialNumber = int(value) + # Ensure only serial numbers that conform to the rules listed in + # generateSerialNumber() are permitted. + if serialNumber < 1 or serialNumber > 127: + raise InvalidSerialNumber(value) + self.serialNumber = serialBytesToString([serialNumber]) + else: + raise UnknownParameterTypeError(param) + + def setVersion(self, version): + intVersion = int(version) + if intVersion >= 1 and intVersion <= 4: + self.versionValue = intVersion - 1 + else: + raise UnknownVersionError(version) + + def decodeValidity(self, duration): + match = re.search('([0-9]{8})-([0-9]{8})', duration) + if match: + self.notBefore = datetime.datetime.strptime(match.group(1), '%Y%m%d') + self.notAfter = datetime.datetime.strptime(match.group(2), '%Y%m%d') + else: + delta = datetime.timedelta(days=(int(duration) / 2)) + self.notBefore = self.now - delta + self.notAfter = self.now + delta + + def decodeExtension(self, extension): + match = re.search(r'([a-zA-Z]+)(\[critical\])?:(.*)', extension) + if not match: + raise UnknownExtensionTypeError(extension) + extensionType = match.group(1) + critical = match.group(2) + value = match.group(3) + if extensionType == 'basicConstraints': + self.addBasicConstraints(value, critical) + elif extensionType == 'keyUsage': + self.addKeyUsage(value, critical) + elif extensionType == 'extKeyUsage': + self.addExtKeyUsage(value, critical) + elif extensionType == 'subjectAlternativeName': + self.addSubjectAlternativeName(value, critical) + elif extensionType == 'authorityInformationAccess': + self.addAuthorityInformationAccess(value, critical) + elif extensionType == 'certificatePolicies': + self.addCertificatePolicies(value, critical) + elif extensionType == 'nameConstraints': + self.addNameConstraints(value, critical) + elif extensionType == 'nsCertType': + self.addNSCertType(value, critical) + elif extensionType == 'TLSFeature': + self.addTLSFeature(value, critical) + else: + raise UnknownExtensionTypeError(extensionType) + + def setupKey(self, subjectOrIssuer, value): + if subjectOrIssuer == 'subject': + self.subjectKey = pykey.keyFromSpecification(value) + elif subjectOrIssuer == 'issuer': + self.issuerKey = pykey.keyFromSpecification(value) + else: + raise UnknownKeyTargetError(subjectOrIssuer) + + def addExtension(self, extensionType, extensionValue, critical): + if not self.extensions: + self.extensions = [] + encapsulated = univ.OctetString(encoder.encode(extensionValue)) + extension = rfc2459.Extension() + extension.setComponentByName('extnID', extensionType) + # critical is either the string '[critical]' or None. + # We only care whether or not it is truthy. + if critical: + extension.setComponentByName('critical', True) + extension.setComponentByName('extnValue', encapsulated) + self.extensions.append(extension) + + def addBasicConstraints(self, basicConstraints, critical): + cA = basicConstraints.split(',')[0] + pathLenConstraint = basicConstraints.split(',')[1] + basicConstraintsExtension = rfc2459.BasicConstraints() + basicConstraintsExtension.setComponentByName('cA', cA == 'cA') + if pathLenConstraint: + pathLenConstraintValue = \ + univ.Integer(int(pathLenConstraint)).subtype( + subtypeSpec=constraint.ValueRangeConstraint(0, 64)) + basicConstraintsExtension.setComponentByName('pathLenConstraint', + pathLenConstraintValue) + self.addExtension(rfc2459.id_ce_basicConstraints, basicConstraintsExtension, critical) + + def addKeyUsage(self, keyUsage, critical): + keyUsageExtension = rfc2459.KeyUsage(keyUsage) + self.addExtension(rfc2459.id_ce_keyUsage, keyUsageExtension, critical) + + def keyPurposeToOID(self, keyPurpose): + if keyPurpose == 'serverAuth': + # the OID for id_kp_serverAuth is incorrect in the + # pyasn1-modules implementation + return univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1') + if keyPurpose == 'clientAuth': + return rfc2459.id_kp_clientAuth + if keyPurpose == 'codeSigning': + return rfc2459.id_kp_codeSigning + if keyPurpose == 'emailProtection': + return rfc2459.id_kp_emailProtection + if keyPurpose == 'nsSGC': + return univ.ObjectIdentifier('2.16.840.1.113730.4.1') + if keyPurpose == 'OCSPSigning': + return univ.ObjectIdentifier('1.3.6.1.5.5.7.3.9') + if keyPurpose == 'timeStamping': + return rfc2459.id_kp_timeStamping + raise UnknownKeyPurposeTypeError(keyPurpose) + + def addExtKeyUsage(self, extKeyUsage, critical): + extKeyUsageExtension = rfc2459.ExtKeyUsageSyntax() + for count, keyPurpose in enumerate(extKeyUsage.split(',')): + extKeyUsageExtension.setComponentByPosition(count, self.keyPurposeToOID(keyPurpose)) + self.addExtension(rfc2459.id_ce_extKeyUsage, extKeyUsageExtension, critical) + + def addSubjectAlternativeName(self, names, critical): + subjectAlternativeName = rfc2459.SubjectAltName() + for count, name in enumerate(names.split(',')): + generalName = rfc2459.GeneralName() + if '/' in name: + directoryName = stringToDN(name, + tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)) + generalName.setComponentByName('directoryName', directoryName) + else: + # The string may have things like '\0' (i.e. a slash + # followed by the number zero) that have to be decoded into + # the resulting '\x00' (i.e. a byte with value zero). + generalName.setComponentByName('dNSName', name.decode(encoding='string_escape')) + subjectAlternativeName.setComponentByPosition(count, generalName) + self.addExtension(rfc2459.id_ce_subjectAltName, subjectAlternativeName, critical) + + def addAuthorityInformationAccess(self, ocspURI, critical): + sequence = univ.Sequence() + accessDescription = stringToAccessDescription(ocspURI) + sequence.setComponentByPosition(0, accessDescription) + self.addExtension(rfc2459.id_pe_authorityInfoAccess, sequence, critical) + + def addCertificatePolicies(self, policyOIDs, critical): + policies = rfc2459.CertificatePolicies() + for pos, policyOID in enumerate(policyOIDs.split(',')): + if policyOID == 'any': + policyOID = '2.5.29.32.0' + policy = rfc2459.PolicyInformation() + policyIdentifier = rfc2459.CertPolicyId(policyOID) + policy.setComponentByName('policyIdentifier', policyIdentifier) + policies.setComponentByPosition(pos, policy) + self.addExtension(rfc2459.id_ce_certificatePolicies, policies, critical) + + def addNameConstraints(self, constraints, critical): + nameConstraints = NameConstraints() + if constraints.startswith('permitted:'): + (subtreesType, subtreesTag) = ('permittedSubtrees', 0) + elif constraints.startswith('excluded:'): + (subtreesType, subtreesTag) = ('excludedSubtrees', 1) + else: + raise UnknownNameConstraintsSpecificationError(constraints) + generalSubtrees = rfc2459.GeneralSubtrees().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, subtreesTag)) + subtrees = constraints[(constraints.find(':') + 1):] + for pos, name in enumerate(subtrees.split(',')): + generalName = rfc2459.GeneralName() + if '/' in name: + directoryName = stringToDN(name, + tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)) + generalName.setComponentByName('directoryName', directoryName) + else: + generalName.setComponentByName('dNSName', name) + generalSubtree = GeneralSubtree() + generalSubtree.setComponentByName('base', generalName) + generalSubtrees.setComponentByPosition(pos, generalSubtree) + nameConstraints.setComponentByName(subtreesType, generalSubtrees) + self.addExtension(rfc2459.id_ce_nameConstraints, nameConstraints, critical) + + def addNSCertType(self, certType, critical): + if certType != 'sslServer': + raise UnknownNSCertTypeError(certType) + self.addExtension(univ.ObjectIdentifier('2.16.840.1.113730.1.1'), univ.BitString("'01'B"), + critical) + + def addTLSFeature(self, features, critical): + namedFeatures = {'OCSPMustStaple': 5} + featureList = [f.strip() for f in features.split(',')] + sequence = univ.Sequence() + for feature in featureList: + featureValue = 0 + try: + featureValue = int(feature) + except ValueError: + try: + featureValue = namedFeatures[feature] + except: + raise UnknownTLSFeature(feature) + sequence.setComponentByPosition(len(sequence), + univ.Integer(featureValue)) + self.addExtension(univ.ObjectIdentifier('1.3.6.1.5.5.7.1.24'), sequence, + critical) + + def getVersion(self): + return rfc2459.Version(self.versionValue).subtype( + explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) + + def getSerialNumber(self): + return decoder.decode(self.serialNumber)[0] + + def getIssuer(self): + return stringToDN(self.issuer) + + def getValidity(self): + validity = rfc2459.Validity() + validity.setComponentByName('notBefore', self.getNotBefore()) + validity.setComponentByName('notAfter', self.getNotAfter()) + return validity + + def getNotBefore(self): + return datetimeToTime(self.notBefore) + + def getNotAfter(self): + return datetimeToTime(self.notAfter) + + def getSubject(self): + return stringToDN(self.subject) + + def toDER(self): + (signatureOID, hashName) = stringToAlgorithmIdentifiers(self.signature) + tbsCertificate = rfc2459.TBSCertificate() + tbsCertificate.setComponentByName('version', self.getVersion()) + tbsCertificate.setComponentByName('serialNumber', self.getSerialNumber()) + tbsCertificate.setComponentByName('signature', signatureOID) + tbsCertificate.setComponentByName('issuer', self.getIssuer()) + tbsCertificate.setComponentByName('validity', self.getValidity()) + tbsCertificate.setComponentByName('subject', self.getSubject()) + tbsCertificate.setComponentByName('subjectPublicKeyInfo', + self.subjectKey.asSubjectPublicKeyInfo()) + if self.extensions: + extensions = rfc2459.Extensions().subtype( + explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)) + for count, extension in enumerate(self.extensions): + extensions.setComponentByPosition(count, extension) + tbsCertificate.setComponentByName('extensions', extensions) + certificate = rfc2459.Certificate() + certificate.setComponentByName('tbsCertificate', tbsCertificate) + certificate.setComponentByName('signatureAlgorithm', signatureOID) + tbsDER = encoder.encode(tbsCertificate) + certificate.setComponentByName('signatureValue', self.issuerKey.sign(tbsDER, hashName)) + return encoder.encode(certificate) + + def toPEM(self): + output = '-----BEGIN CERTIFICATE-----' + der = self.toDER() + b64 = base64.b64encode(der) + while b64: + output += '\n' + b64[:64] + b64 = b64[64:] + output += '\n-----END CERTIFICATE-----' + return output + + +# The build harness will call this function with an output +# file-like object and a path to a file containing a +# specification. This will read the specification and output +# the certificate as PEM. +# This utility tries as hard as possible to ensure that two +# runs with the same input will have the same output. This is +# particularly important when building on OS X, where we +# generate everything twice for unified builds. During the +# unification step, if any pair of input files differ, the build +# system throws an error. +# The one concrete failure mode is if one run happens before +# midnight on New Year's Eve and the next run happens after +# midnight. +def main(output, inputPath): + with open(inputPath) as configStream: + output.write(Certificate(configStream).toPEM()) + +# When run as a standalone program, this will read a specification from +# stdin and output the certificate as PEM to stdout. +if __name__ == '__main__': + print Certificate(sys.stdin).toPEM() diff --git a/security/manager/ssl/tests/unit/pykey.py b/security/manager/ssl/tests/unit/pykey.py new file mode 100755 index 000000000..d3c43deb4 --- /dev/null +++ b/security/manager/ssl/tests/unit/pykey.py @@ -0,0 +1,706 @@ +#!/usr/bin/env python +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +""" +Reads a key specification from stdin or a file and outputs a +PKCS #8 file representing the (private) key. Also provides +methods for signing data and representing the key as a subject +public key info for use with pyasn1. + +The key specification format is as follows: + +default: a 2048-bit RSA key +alternate: a different 2048-bit RSA key +ev: a 2048-bit RSA key that, when combined with the right pycert + specification, results in a certificate that is enabled for + extended validation in debug Firefox (see ExtendedValidation.cpp). +evRSA2040: a 2040-bit RSA key that, when combined with the right pycert + specification, results in a certificate that is enabled for + extended validation in debug Firefox. +rsa2040: a 2040-bit RSA key +rsa1024: a 1024-bit RSA key +rsa1016: a 1016-bit RSA key +secp256k1: an ECC key on the curve secp256k1 +secp244r1: an ECC key on the curve secp244r1 +secp256r1: an ECC key on the curve secp256r1 +secp384r1: an ECC key on the curve secp384r1 +secp521r1: an ECC key on the curve secp521r1 +""" + +from pyasn1.codec.der import encoder +from pyasn1.type import univ, namedtype +from pyasn1_modules import rfc2459 +from ecc import encoding +from ecc import Key +import base64 +import binascii +import mock +import rsa +import sys + +def byteStringToHexifiedBitString(string): + """Takes a string of bytes and returns a hex string representing + those bytes for use with pyasn1.type.univ.BitString. It must be of + the form "''H", where the trailing 'H' indicates to + pyasn1 that the input is a hex string.""" + return "'%s'H" % binascii.hexlify(string) + +class UnknownBaseError(Exception): + """Base class for handling unexpected input in this module.""" + def __init__(self, value): + super(UnknownBaseError, self).__init__() + self.value = value + self.category = 'input' + + def __str__(self): + return 'Unknown %s type "%s"' % (self.category, repr(self.value)) + + +class UnknownKeySpecificationError(UnknownBaseError): + """Helper exception type to handle unknown key specifications.""" + + def __init__(self, value): + UnknownBaseError.__init__(self, value) + self.category = 'key specification' + +class RSAPublicKey(univ.Sequence): + """Helper type for encoding an RSA public key""" + componentType = namedtype.NamedTypes( + namedtype.NamedType('N', univ.Integer()), + namedtype.NamedType('E', univ.Integer())) + + +class RSAPrivateKey(univ.Sequence): + """Helper type for encoding an RSA private key""" + componentType = namedtype.NamedTypes( + namedtype.NamedType('version', univ.Integer()), + namedtype.NamedType('modulus', univ.Integer()), + namedtype.NamedType('publicExponent', univ.Integer()), + namedtype.NamedType('privateExponent', univ.Integer()), + namedtype.NamedType('prime1', univ.Integer()), + namedtype.NamedType('prime2', univ.Integer()), + namedtype.NamedType('exponent1', univ.Integer()), + namedtype.NamedType('exponent2', univ.Integer()), + namedtype.NamedType('coefficient', univ.Integer()), + ) + + +class ECPoint(univ.Sequence): + """Helper type for encoding a EC point""" + componentType = namedtype.NamedTypes( + namedtype.NamedType('x', univ.Integer()), + namedtype.NamedType('y', univ.Integer()) + ) + + +class PrivateKeyInfo(univ.Sequence): + """Helper type for encoding a PKCS #8 private key info""" + componentType = namedtype.NamedTypes( + namedtype.NamedType('version', univ.Integer()), + namedtype.NamedType('privateKeyAlgorithm', rfc2459.AlgorithmIdentifier()), + namedtype.NamedType('privateKey', univ.OctetString()) + ) + + +class RSAKey(object): + # For reference, when encoded as a subject public key info, the + # base64-encoded sha-256 hash of this key is + # VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8= + sharedRSA_N = long( + '00ba8851a8448e16d641fd6eb6880636103d3c13d9eae4354ab4ecf56857' + '6c247bc1c725a8e0d81fbdb19c069b6e1a86f26be2af5a756b6a6471087a' + 'a55aa74587f71cd5249c027ecd43fc1e69d038202993ab20c349e4dbb94c' + 'c26b6c0eed15820ff17ead691ab1d3023a8b2a41eea770e00f0d8dfd660b' + '2bb02492a47db988617990b157903dd23bc5e0b8481fa837d38843ef2716' + 'd855b7665aaa7e02902f3a7b10800624cc1c6c97ad96615bb7e29612c075' + '31a30c91ddb4caf7fcad1d25d309efb9170ea768e1b37b2f226f69e3b48a' + '95611dee26d6259dab91084e36cb1c24042cbf168b2fe5f18f991731b8b3' + 'fe4923fa7251c431d503acda180a35ed8d', 16) + sharedRSA_E = 65537L + sharedRSA_D = long( + '009ecbce3861a454ecb1e0fe8f85dd43c92f5825ce2e997884d0e1a949da' + 'a2c5ac559b240450e5ac9fe0c3e31c0eefa6525a65f0c22194004ee1ab46' + '3dde9ee82287cc93e746a91929c5e6ac3d88753f6c25ba5979e73e5d8fb2' + '39111a3cdab8a4b0cdf5f9cab05f1233a38335c64b5560525e7e3b92ad7c' + '7504cf1dc7cb005788afcbe1e8f95df7402a151530d5808346864eb370aa' + '79956a587862cb533791307f70d91c96d22d001a69009b923c683388c9f3' + '6cb9b5ebe64302041c78d908206b87009cb8cabacad3dbdb2792fb911b2c' + 'f4db6603585be9ae0ca3b8e6417aa04b06e470ea1a3b581ca03a6781c931' + '5b62b30e6011f224725946eec57c6d9441', 16) + sharedRSA_P = long( + '00dd6e1d4fffebf68d889c4d114cdaaa9caa63a59374286c8a5c29a717bb' + 'a60375644d5caa674c4b8bc7326358646220e4550d7608ac27d55b6db74f' + '8d8127ef8fa09098b69147de065573447e183d22fe7d885aceb513d9581d' + 'd5e07c1a90f5ce0879de131371ecefc9ce72e9c43dc127d238190de81177' + '3ca5d19301f48c742b', 16) + sharedRSA_Q = long( + '00d7a773d9ebc380a767d2fec0934ad4e8b5667240771acdebb5ad796f47' + '8fec4d45985efbc9532968289c8d89102fadf21f34e2dd4940eba8c09d6d' + '1f16dcc29729774c43275e9251ddbe4909e1fd3bf1e4bedf46a39b8b3833' + '28ef4ae3b95b92f2070af26c9e7c5c9b587fedde05e8e7d86ca57886fb16' + '5810a77b9845bc3127', 16) + sharedRSA_exp1 = long( + '0096472b41a610c0ade1af2266c1600e3671355ba42d4b5a0eb4e9d7eb35' + '81400ba5dd132cdb1a5e9328c7bbc0bbb0155ea192972edf97d12751d8fc' + 'f6ae572a30b1ea309a8712dd4e33241db1ee455fc093f5bc9b592d756e66' + '21474f32c07af22fb275d340792b32ba2590bbb261aefb95a258eea53765' + '5315be9c24d191992d', 16) + sharedRSA_exp2 = long( + '28b450a7a75a856413b2bda6f7a63e3d964fb9ecf50e3823ef6cc8e8fa26' + 'ee413f8b9d1205540f12bbe7a0c76828b7ba65ad83cca4d0fe2a220114e1' + 'b35d03d5a85bfe2706bd50fce6cfcdd571b46ca621b8ed47d605bbe765b0' + 'aa4a0665ac25364da20154032e1204b8559d3e34fb5b177c9a56ff93510a' + '5a4a6287c151de2d', 16) + sharedRSA_coef = long( + '28067b9355801d2ef52dfa96d8adb589673cf8ee8a9c6ff72aeeabe9ef6b' + 'e58a4f4abf05f788947dc851fdaa34542147a71a246bfb054ee76aa346ab' + 'cd2692cfc9e44c51e6f069c735e073ba019f6a7214961c91b26871caeabf' + '8f064418a02690e39a8d5ff3067b7cdb7f50b1f53418a703966c4fc774bf' + '7402af6c43247f43', 16) + + # For reference, when encoded as a subject public key info, the + # base64-encoded sha-256 hash of this key is + # MQj2tt1yGAfwFpWETYUCVrZxk2CD2705NKBQUlAaKJI= + alternateRSA_N = long( + '00c175c65266099f77082a6791f1b876c37f5ce538b06c4acd22b1cbd46f' + 'a65ada2add41c8c2498ac4a3b3c1f61487f41b698941bd80a51c3c120244' + 'c584a4c4483305e5138c0106cf08be9a862760bae6a2e8f36f23c5d98313' + 'b9dfaf378345dace51d4d6dcd2a6cb3cc706ebcd3070ec98cce40aa591d7' + '295a7f71c5be66691d2b2dfec84944590bc5a3ea49fd93b1d753405f1773' + '7699958666254797ed426908880811422069988a43fee48ce68781dd22b6' + 'a69cd28375131f932b128ce286fa7d251c062ad27ef016f187cdd54e832b' + '35b8930f74ba90aa8bc76167242ab1fd6d62140d18c4c0b8c68fc3748457' + '324ad7de86e6552f1d1e191d712168d3bb', 16) + alternateRSA_E = 65537L + alternateRSA_D = long( + '7e3f6d7cb839ef66ae5d7dd92ff5410bb341dc14728d39034570e1a37079' + '0f30f0681355fff41e2ad4e9a9d9fcebfbd127bdfab8c00affb1f3cea732' + '7ead47aa1621f2ac1ee14ca02f04b3b2786017980b181a449d03b03e69d1' + '12b83571e55434f012056575d2832ed6731dce799e37c83f6d51c55ab71e' + 'b58015af05e1af15c747603ef7f27d03a6ff049d96bbf854c1e4e50ef5b0' + '58d0fb08180e0ac7f7be8f2ff1673d97fc9e55dba838077bbf8a7cff2962' + '857785269cd9d5bad2b57469e4afcd33c4ca2d2f699f11e7c8fbdcd484f0' + '8d8efb8a3cb8a972eb24bed972efaae4bb712093e48fe94a46eb629a8750' + '78c4021a9a2c93c9a70390e9d0a54401', 16) + alternateRSA_P = long( + '00e63fc725a6ba76925a7ff8cb59c4f56dd7ec83fe85bf1f53e11cac9a81' + '258bcfc0ae819077b0f2d1477aaf868de6a8ecbeaf7bb22b196f2a9ad82d' + '3286f0d0cc29de719e5f2be8e509b7284d5963edd362f927887a4c4a8979' + '9d340d51b301ac7601ab27179024fcaadd38bf6522af63eb16461ec02a7f' + '27b06fe09ddda7c0a1', 16) + alternateRSA_Q = long( + '00d718b1fe9f8f99f00e832ae1fbdc6fe2ab27f34e049c498010fa0eb708' + '4852182346083b5c96c3eee5592c014a410c6b930b165c13b5c26aa32eac' + '6e7c925a8551c25134f2f4a72c6421f19a73148a0edfaba5d3a6888b35cb' + 'a18c00fd38ee5aaf0b545731d720761bbccdee744a52ca415e98e4de01cd' + 'fe764c1967b3e8cadb', 16) + alternateRSA_exp1 = long( + '01e5aca266c94a88d22e13c2b92ea247116c657a076817bdfd30db4b3a9d' + '3095b9a4b6749647e2f84e7a784fc7838b08c85971cf7a036fa30e3b91c3' + 'c4d0df278f80c1b6e859d8456adb137defaa9f1f0ac5bac9a9184fd4ea27' + '9d722ea626f160d78aad7bc83845ccb29df115c83f61b7622b99bd439c60' + '9b5790a63c595181', 16) + alternateRSA_exp2 = long( + '0080cc45d10d2484ee0d1297fc07bf80b3beff461ea27e1f38f371789c3a' + 'f66b4a0edd2192c227791db4f1c77ae246bf342f31856b0f56581b58a95b' + '1131c0c5396db2a8c3c6f39ea2e336bc205ae6a2a0b36869fca98cbba733' + 'cf01319a6f9bb26b7ca23d3017fc551cd8da8afdd17f6fa2e30d34868798' + '1cd6234d571e90b7df', 16) + alternateRSA_coef = long( + '6f77c0c1f2ae7ac169561cca499c52bdfbe04cddccdbdc12aec5a85691e8' + '594b7ee29908f30e7b96aa6254b80ed4aeec9b993782bdfc79b69d8d58c6' + '8870fa4be1bc0c3527288c5c82bb4aebaf15edff110403fc78e6ace6a828' + '27bf42f0cfa751e507651c5638db9393dd23dd1f6b295151de44b77fe55a' + '7b0df271e19a65c0', 16) + + evRSA_N = long( + '00b549895c9d00108d11a1f99f87a9e3d1a5db5dfaecf188da57bf641368' + '8f2ce4722cff109038c17402c93a2a473dbd286aed3fdcd363cf5a291477' + '01bdd818d7615bf9356bd5d3c8336aaa8c0971368a06c3cd4461b93e5142' + '4e1744bb2eaad46aab38ce196821961f87714a1663693f09761cdf4d6ba1' + '25eacec7be270d388f789f6cdf78ae3144ed28c45e79293863a7a22a4898' + '0a36a40e72d579c9b925dff8c793362ffd6897a7c1754c5e97c967c3eadd' + '1aae8aa2ccce348a0169b80e28a2d70c1a960c6f335f2da09b9b643f5abf' + 'ba49e8aaa981e960e27d87480bdd55dd9417fa18509fbb554ccf81a4397e' + '8ba8128a34bdf27865c189e5734fb22905', 16) + evRSA_E = 65537L + evRSA_D = long( + '00983d54f94d6f4c76eb23d6f93d78523530cf73b0d16254c6e781768d45' + 'f55681d1d02fb2bd2aac6abc1c389860935c52a0d8f41482010394778314' + '1d864bff30803638a5c0152570ae9d18f3d8ca163efb475b0dddf32e7e16' + 'ec7565e6bb5e025c41c5c66e57a03cede554221f83045347a2c4c451c3dc' + 'e476b787ce0c057244be9e04ef13118dbbb3d5e0a6cc87029eafd4a69ed9' + 'b14759b15e39d8a9884e56f54d2f9ab013f0d15f318a9ab6b2f73d1ec3c9' + 'fe274ae89431a10640be7899b0011c5e5093a1834708689de100634dabde' + '60fbd6aaefa3a33df34a1f36f60c043036b748d1c9ee98c4031a0afec60e' + 'fda0a990be524f5614eac4fdb34a52f951', 16) + evRSA_P = long( + '00eadc2cb33e5ff1ca376bbd95bd6a1777d2cf4fac47545e92d11a6209b9' + 'd5e4ded47834581c169b3c884742a09ea187505c1ca55414d8d25b497632' + 'd5ec2aaa05233430fad49892777a7d68e038f561a3b8969e60b0a263defb' + 'fda48a9b0ff39d95bc88b15267c8ade97b5107948e41e433249d87f7db10' + '9d5d74584d86bcc1d7', 16) + evRSA_Q = long( + '00c59ae576a216470248d944a55b9e9bf93299da341ec56e558eba821abc' + 'e1bf57b79cf411d2904c774f9dba1f15185f607b0574a08205d6ec28b66a' + '36d634232eaaf2fea37561abaf9d644b68db38c9964cb8c96ec0ac61eba6' + '4d05b446542f423976f5acde4ecc95536d2df578954f93f0cfd9c58fb78b' + 'a2a76dd5ac284dc883', 16) + evRSA_exp1 = long( + '00c1d2ef3906331c52aca64811f9fe425beb2898322fb3db51032ce8d7e9' + 'fc32240be92019cf2480fcd5e329837127118b2a59a1bfe06c883e3a4447' + 'f3f031cd9aebd0b8d368fc79740d2cce8eadb324df7f091eafe1564361d5' + '4920b01b0471230e5e47d93f8ed33963c517bc4fc78f6d8b1f9eba85bcce' + 'db7033026508db6285', 16) + evRSA_exp2 = long( + '008521b8db5694dfbe804a315f9efc9b65275c5490acf2a3456d65e6e610' + 'bf9f647fc67501d4f5772f232ac70ccdef9fc2a6dfa415c7c41b6afc7af9' + 'd07c3ca03f7ed93c09f0b99f2c304434322f1071709bbc1baa4c91575fa6' + 'a959e07d4996956d95e22b57938b6e47c8d51ffedfc9bf888ce0d1a3e42b' + '65a89bed4b91d3e5f5', 16) + evRSA_coef = long( + '00dc497b06b920c8be0b0077b798e977eef744a90ec2c5d7e6cbb22448fa' + 'c72da81a33180e0d8a02e831460c7fc7fd3a612f7b9930b61b799f8e908e' + '632e9ba0409b6aa70b03a3ba787426263b5bd5843df8476edb5d14f6a861' + '3ebaf5b9cd5ca42f5fbd2802e08e4e49e5709f5151510caa5ab2c1c6eb3e' + 'fe9295d16e8c25c916', 16) + + evRSA2040_N = long( + '00ca7020dc215f57914d343fae4a015111697af997a5ece91866499fc23f' + '1b88a118cbd30b10d91c7b9a0d4ee8972fcae56caf57f25fc1275a2a4dbc' + 'b982428c32ef587bf2387410330a0ffb16b8029bd783969ef675f6de38c1' + '8f67193cb6c072f8b23d0b3374112627a57b90055771d9e62603f53788d7' + 'f63afa724f5d108096df31f89f26b1eb5f7c4357980e008fcd55d827dd26' + '2395ca2f526a07897cc40c593b38716ebc0caa596719c6f29ac9b73a7a94' + '4748a3aa3e09e9eb4d461ea0027e540926614728b9d243975cf9a0541bef' + 'd25e76b51f951110b0e7644fc7e38441791b6d2227384cb8004e23342372' + 'b1cf5cc3e73e31b7bbefa160e6862ebb', 16) + evRSA2040_E = 65537L + evRSA2040_D = long( + '00b2db74bce92362abf72955a638ae8720ba3033bb7f971caf39188d7542' + 'eaa1c1abb5d205b1e2111f4791c08911a2e141e8cfd7054702d23100b564' + '2c06e1a31b118afd1f9a2f396cced425c501d91435ca8656766ced2b93bb' + 'b8669fce9bacd727d1dacb3dafabc3293e35389eef8ea0b58e1aeb1a20e6' + 'a61f9fcd453f7567fe31d123b616a26fef4df1d6c9f7490111d028eefd1d' + '972045b1a242273dd7a67ebf111db2741a5a93c7b2289cc4a236f5a99a6e' + 'c7a8206fdae1c1d04bdbb1980d4a298c5a17dae4186474a5f7835d882bce' + 'f24aef4ed6f149f94d96c9f7d78e647fc778a9017ff208d3b4a1768b1821' + '62102cdab032fabbab38d5200a324649', 16) + evRSA2040_P = long( + '0f3844d0d4d4d6a21acd76a6fc370b8550e1d7ec5a6234172e790f0029ae' + '651f6d5c59330ab19802b9d7a207de7a1fb778e3774fdbdc411750633d8d' + '1b3fe075006ffcfd1d10e763c7a9227d2d5f0c2dade1c9e659c350a159d3' + '6bb986f12636d4f9942b288bc0fe21da8799477173144249ca2e389e6c5c' + '25aa78c8cad7d4df', 16) + evRSA2040_Q = long( + '0d4d0bedd1962f07a1ead6b23a4ed67aeaf1270f052a6d29ba074945c636' + '1a5c4f8f07bf859e067aed3f4e6e323ef2aa8a6acd340b0bdc7cfe4fd329' + 'e3c97f870c7f7735792c6aa9d0f7e7542a28ed6f01b0e55a2b8d9c24a65c' + '6da314c95484f5c7c3954a81bb016b07ed17ee9b06039695bca059a79f8d' + 'c2423d328d5265a5', 16) + evRSA2040_exp1 = long( + '09f29a2ff05be8a96d614ba31b08935420a86c6bc42b99a6692ea0da5763' + 'f01e596959b7ddce73ef9c2e4f6e5b40710887500d44ba0c3cd3132cba27' + '475f39c2df7552e2d123a2497a4f97064028769a48a3624657f72bf539f3' + 'd0de234feccd3be8a0aa90c6bf6e9b0bed43070a24d061ff3ed1751a3ef2' + 'ff7f6b90b9dbd5fb', 16) + evRSA2040_exp2 = long( + '01a659e170cac120a03be1cf8f9df1caa353b03593bd7476e5853bd874c2' + '87388601c6c341ce9d1d284a5eef1a3a669d32b816a5eaecd8b7844fe070' + '64b9bca0c2b318d540277b3f7f1510d386bb36e03b04771e5d229e88893e' + '13b753bfb94518bb638e2404bd6e6a993c1668d93fc0b82ff08aaf34347d' + '3fe8397108c87ca5', 16) + evRSA2040_coef = long( + '040257c0d4a21c0b9843297c65652db66304fb263773d728b6abfa06d37a' + 'c0ca62c628023e09e37dc0a901e4ce1224180e2582a3aa4b6a1a7b98e2bd' + '70077aec14ac8ab66a755c71e0fc102471f9bbc1b46a95aa0b645f2c38e7' + '6450289619ea3f5e8ae61037bffcf8249f22aa4e76e2a01909f3feb290ce' + '93edf57b10ebe796', 16) + + rsa2040_N = long( + '00bac0652fdfbc0055882ffbaeaceec88fa2d083c297dd5d40664dd3d90f' + '52f9aa02bd8a50fba16e0fd991878ef475f9b350d9f8e3eb2abd717ce327' + 'b09788531f13df8e3e4e3b9d616bb8a41e5306eed2472163161051180127' + '6a4eb66f07331b5cbc8bcae7016a8f9b3d4f2ac4553c624cf5263bcb348e' + '8840de6612870960a792191b138fb217f765cec7bff8e94f16b39419bf75' + '04c59a7e4f79bd6d173e9c7bf3d9d2a4e73cc180b0590a73d584fb7fc9b5' + '4fa544607e53fc685c7a55fd44a81d4142b6af51ea6fa6cea52965a2e8c5' + 'd84f3ca024d6fbb9b005b9651ce5d9f2ecf40ed404981a9ffc02636e311b' + '095c6332a0c87dc39271b5551481774b', 16) + rsa2040_E = 65537L + rsa2040_D = long( + '603db267df97555cbed86b8df355034af28f1eb7f3e7829d239bcc273a7c' + '7a69a10be8f21f1b6c4b02c6bae3731c3158b5bbff4605f57ab7b7b2a0cb' + 'a2ec005a2db5b1ea6e0aceea5bc745dcd2d0e9d6b80d7eb0ea2bc08127bc' + 'e35fa50c42cc411871ba591e23ba6a38484a33eff1347f907ee9a5a92a23' + '11bb0b435510020f78e3bb00099db4d1182928096505fcba84f3ca1238fd' + '1eba5eea1f391bbbcc5424b168063fc17e1ca6e1912ccba44f9d0292308a' + '1fedb80612529b39f59d0a3f8180b5ba201132197f93a5815ded938df8e7' + 'd93c9b15766588f339bb59100afda494a7e452d7dd4c9a19ce2ec3a33a18' + 'b20f0b4dade172bee19f26f0dcbe41', 16) + rsa2040_P = long( + '0ec3869cb92d406caddf7a319ab29448bc505a05913707873361fc5b986a' + '499fb65eeb815a7e37687d19f128087289d9bb8818e7bcca502c4900ad9a' + 'ece1179be12ff3e467d606fc820ea8f07ac9ebffe2236e38168412028822' + '3e42dbe68dfd972a85a6447e51695f234da7911c67c9ab9531f33df3b994' + '32d4ee88c9a4efbb', 16) + rsa2040_Q = long( + '0ca63934549e85feac8e0f5604303fd1849fe88af4b7f7e1213283bbc7a2' + 'c2a509f9273c428c68de3db93e6145f1b400bd6d4a262614e9043ad362d4' + 'eba4a6b995399c8934a399912199e841d8e8dbff0489f69e663796730b29' + '80530b31cb70695a21625ea2adccc09d930516fa872211a91e22dd89fd9e' + 'b7da8574b72235b1', 16) + rsa2040_exp1 = long( + '0d7d3a75e17f65f8a658a485c4095c10a4f66979e2b73bca9cf8ef21253e' + '1facac6d4791f58392ce8656f88f1240cc90c29653e3100c6d7a38ed44b1' + '63b339e5f3b6e38912126c69b3ceff2e5192426d9649b6ffca1abb75d2ba' + '2ed6d9a26aa383c5973d56216ff2edb90ccf887742a0f183ac92c94cf187' + '657645c7772d9ad7', 16) + rsa2040_exp2 = long( + '03f550194c117f24bea285b209058032f42985ff55acebe88b16df9a3752' + '7b4e61dc91a68dbc9a645134528ce5f248bda2893c96cb7be79ee73996c7' + 'c22577f6c2f790406f3472adb3b211b7e94494f32c5c6fcc0978839fe472' + '4c31b06318a2489567b4fca0337acb1b841227aaa5f6c74800a2306929f0' + '2ce038bad943df41', 16) + rsa2040_coef = long( + '080a7dbfa8c2584814c71664c56eb62ce4caf16afe88d4499159d674774a' + '3a3ecddf1256c02fc91525c527692422d0aba94e5c41ee12dc71bb66f867' + '9fa17e096f28080851ba046eb31885c1414e8985ade599d907af17453d1c' + 'caea2c0d06443f8367a6be154b125e390ee0d90f746f08801dd3f5367f59' + 'fba2e5a67c05f375', 16) + + rsa1024_N = long( + '00d3a97440101eba8c5df9503e6f935eb52ffeb3ebe9d0dc5cace26f973c' + 'a94cbc0d9c31d66c0c013bce9c82d0d480328df05fb6bcd7990a5312ddae' + '6152ad6ee61c8c1bdd8663c68bd36224a9882ae78e89f556dfdbe6f51da6' + '112cbfc27c8a49336b41afdb75321b52b24a7344d1348e646351a551c757' + '1ccda0b8fe35f61a75', 16) + rsa1024_E = 65537L + rsa1024_D = long( + '5b6708e185548fc07ff062dba3792363e106ff9177d60ee3227162391024' + '1813f958a318f26db8b6a801646863ebbc69190d6c2f5e7723433e99666d' + '76b3987892cd568f1f18451e8dc05477c0607ee348380ebb7f4c98d0c036' + 'a0260bc67b2dab46cbaa4ce87636d839d8fddcbae2da3e02e8009a21225d' + 'd7e47aff2f82699d', 16) + rsa1024_P = long( + '00fcdee570323e8fc399dbfc63d8c1569546fb3cd6886c628668ab1e1d0f' + 'ca71058febdf76d702970ad6579d80ac2f9521075e40ef8f3f39983bd819' + '07e898bad3', 16) + rsa1024_Q = long( + '00d64801c955b4eb75fbae230faa8b28c9cc5e258be63747ff5ac8d2af25' + '3e9f6d6ce03ea2eb13ae0eb32572feb848c32ca00743635374338fedacd8' + 'c5885f7897', 16) + rsa1024_exp1 = long( + '76c0526d5b1b28368a75d5d42a01b9a086e20b9310241e2cd2d0b166a278' + 'c694ff1e9d25d9193d47789b52bb0fa194de1af0b77c09007f12afdfeef9' + '58d108c3', 16) + rsa1024_exp2 = long( + '008a41898d8b14217c4d782cbd15ef95d0a660f45ed09a4884f4e170367b' + '946d2f20398b907896890e88fe17b54bd7febe133ebc7720c86fe0649cca' + '7ca121e05f', 16) + rsa1024_coef = long( + '22db133445f7442ea2a0f582031ee214ff5f661972986f172651d8d6b4ec' + '3163e99bff1c82fe58ec3d075c6d8f26f277020edb77c3ba821b9ba3ae18' + 'ff8cb2cb', 16) + + rsa1016_N = long( + '00d29bb12fb84fddcd29b3a519cb66c43b8d8f8be545ba79384ce663ed03' + 'df75991600eb920790d2530cece544db99a71f05896a3ed207165534aa99' + '057e47c47e3bc81ada6fa1e12e37268b5046a55268f9dad7ccb485d81a2e' + '19d50d4f0b6854acaf6d7be69d9a083136e15afa8f53c1c8c84fc6077279' + 'dd0e55d7369a5bdd', 16) + rsa1016_E = 65537L + rsa1016_D = long( + '3c4965070bf390c251d5a2c5277c5b5fd0bdee85cad7fe2b27982bb28511' + '4a507004036ae1cf8ae54b25e4db39215abd7e903f618c2d8b2f08cc6cd1' + '2dbccd72205e4945b6b3df389e5e43de0a148bb2c84e2431fdbe5920b044' + 'bb272f45ecff0721b7dfb60397fc613a9ea35c22300530cae8f9159c534d' + 'f3bf0910951901', 16) + rsa1016_P = long( + '0f9f17597c85b8051b9c69afb55ef576c996dbd09047d0ccde5b9d60ea5c' + '67fe4fac67be803f4b6ac5a3f050f76b966fb14f5cf105761e5ade6dd960' + 'b183ba55', 16) + rsa1016_Q = long( + '0d7b637112ce61a55168c0f9c9386fb279ab40cba0d549336bba65277263' + 'aac782611a2c81d9b635cf78c40018859e018c5e9006d12e3d2ee6f346e7' + '9fa43369', 16) + rsa1016_exp1 = long( + '09fd6c9a3ea6e91ae32070f9fc1c210ff9352f97be5d1eeb951bb39681e9' + 'dc5b672a532221b3d8900c9a9d99b9d0a4e102dc450ca1b87b0b1389de65' + '16c0ae0d', 16) + rsa1016_exp2 = long( + '0141b832491b7dd4a83308920024c79cae64bd447df883bb4c5672a96bab' + '48b7123b34f26324452cdceb17f21e570e347cbe2fd4c2d8f9910eac2cb6' + 'd895b8c9', 16) + rsa1016_coef = long( + '0458dd6aee18c88b2f9b81f1bc3075ae20dc1f9973d20724f20b06043d61' + '47c8789d4a07ae88bc82c8438c893e017b13947f62e0b18958a31eb664b1' + '9e64d3e0', 16) + + def __init__(self, specification): + if specification == 'default': + self.RSA_N = self.sharedRSA_N + self.RSA_E = self.sharedRSA_E + self.RSA_D = self.sharedRSA_D + self.RSA_P = self.sharedRSA_P + self.RSA_Q = self.sharedRSA_Q + self.RSA_exp1 = self.sharedRSA_exp1 + self.RSA_exp2 = self.sharedRSA_exp2 + self.RSA_coef = self.sharedRSA_coef + elif specification == 'alternate': + self.RSA_N = self.alternateRSA_N + self.RSA_E = self.alternateRSA_E + self.RSA_D = self.alternateRSA_D + self.RSA_P = self.alternateRSA_P + self.RSA_Q = self.alternateRSA_Q + self.RSA_exp1 = self.alternateRSA_exp1 + self.RSA_exp2 = self.alternateRSA_exp2 + self.RSA_coef = self.alternateRSA_coef + elif specification == 'ev': + self.RSA_N = self.evRSA_N + self.RSA_E = self.evRSA_E + self.RSA_D = self.evRSA_D + self.RSA_P = self.evRSA_P + self.RSA_Q = self.evRSA_Q + self.RSA_exp1 = self.evRSA_exp1 + self.RSA_exp2 = self.evRSA_exp2 + self.RSA_coef = self.evRSA_coef + elif specification == 'evRSA2040': + self.RSA_N = self.evRSA2040_N + self.RSA_E = self.evRSA2040_E + self.RSA_D = self.evRSA2040_D + self.RSA_P = self.evRSA2040_P + self.RSA_Q = self.evRSA2040_Q + self.RSA_exp1 = self.evRSA2040_exp1 + self.RSA_exp2 = self.evRSA2040_exp2 + self.RSA_coef = self.evRSA2040_coef + elif specification == 'rsa2040': + self.RSA_N = self.rsa2040_N + self.RSA_E = self.rsa2040_E + self.RSA_D = self.rsa2040_D + self.RSA_P = self.rsa2040_P + self.RSA_Q = self.rsa2040_Q + self.RSA_exp1 = self.rsa2040_exp1 + self.RSA_exp2 = self.rsa2040_exp2 + self.RSA_coef = self.rsa2040_coef + elif specification == 'rsa1024': + self.RSA_N = self.rsa1024_N + self.RSA_E = self.rsa1024_E + self.RSA_D = self.rsa1024_D + self.RSA_P = self.rsa1024_P + self.RSA_Q = self.rsa1024_Q + self.RSA_exp1 = self.rsa1024_exp1 + self.RSA_exp2 = self.rsa1024_exp2 + self.RSA_coef = self.rsa1024_coef + elif specification == 'rsa1016': + self.RSA_N = self.rsa1016_N + self.RSA_E = self.rsa1016_E + self.RSA_D = self.rsa1016_D + self.RSA_P = self.rsa1016_P + self.RSA_Q = self.rsa1016_Q + self.RSA_exp1 = self.rsa1016_exp1 + self.RSA_exp2 = self.rsa1016_exp2 + self.RSA_coef = self.rsa1016_coef + else: + raise UnknownKeySpecificationError(specification) + + def toDER(self): + privateKeyInfo = PrivateKeyInfo() + privateKeyInfo.setComponentByName('version', 0) + algorithmIdentifier = rfc2459.AlgorithmIdentifier() + algorithmIdentifier.setComponentByName('algorithm', rfc2459.rsaEncryption) + algorithmIdentifier.setComponentByName('parameters', univ.Null()) + privateKeyInfo.setComponentByName('privateKeyAlgorithm', algorithmIdentifier) + rsaPrivateKey = RSAPrivateKey() + rsaPrivateKey.setComponentByName('version', 0) + rsaPrivateKey.setComponentByName('modulus', self.RSA_N) + rsaPrivateKey.setComponentByName('publicExponent', self.RSA_E) + rsaPrivateKey.setComponentByName('privateExponent', self.RSA_D) + rsaPrivateKey.setComponentByName('prime1', self.RSA_P) + rsaPrivateKey.setComponentByName('prime2', self.RSA_Q) + rsaPrivateKey.setComponentByName('exponent1', self.RSA_exp1) + rsaPrivateKey.setComponentByName('exponent2', self.RSA_exp2) + rsaPrivateKey.setComponentByName('coefficient', self.RSA_coef) + rsaPrivateKeyEncoded = encoder.encode(rsaPrivateKey) + privateKeyInfo.setComponentByName('privateKey', univ.OctetString(rsaPrivateKeyEncoded)) + return encoder.encode(privateKeyInfo) + + def toPEM(self): + output = '-----BEGIN PRIVATE KEY-----' + der = self.toDER() + b64 = base64.b64encode(der) + while b64: + output += '\n' + b64[:64] + b64 = b64[64:] + output += '\n-----END PRIVATE KEY-----' + return output + + def asSubjectPublicKeyInfo(self): + """Returns a subject public key info representing + this key for use by pyasn1.""" + algorithmIdentifier = rfc2459.AlgorithmIdentifier() + algorithmIdentifier.setComponentByName('algorithm', rfc2459.rsaEncryption) + algorithmIdentifier.setComponentByName('parameters', univ.Null()) + spki = rfc2459.SubjectPublicKeyInfo() + spki.setComponentByName('algorithm', algorithmIdentifier) + rsaKey = RSAPublicKey() + rsaKey.setComponentByName('N', univ.Integer(self.RSA_N)) + rsaKey.setComponentByName('E', univ.Integer(self.RSA_E)) + subjectPublicKey = univ.BitString(byteStringToHexifiedBitString(encoder.encode(rsaKey))) + spki.setComponentByName('subjectPublicKey', subjectPublicKey) + return spki + + def sign(self, data, hashAlgorithmName): + """Returns a hexified bit string representing a + signature by this key over the specified data. + Intended for use with pyasn1.type.univ.BitString""" + rsaPrivateKey = rsa.PrivateKey(self.RSA_N, self.RSA_E, self.RSA_D, self.RSA_P, self.RSA_Q) + signature = rsa.sign(data, rsaPrivateKey, hashAlgorithmName) + return byteStringToHexifiedBitString(signature) + + +ecPublicKey = univ.ObjectIdentifier('1.2.840.10045.2.1') +secp256k1 = univ.ObjectIdentifier('1.3.132.0.10') +secp224r1 = univ.ObjectIdentifier('1.3.132.0.33') +secp256r1 = univ.ObjectIdentifier('1.2.840.10045.3.1.7') +secp384r1 = univ.ObjectIdentifier('1.3.132.0.34') +secp521r1 = univ.ObjectIdentifier('1.3.132.0.35') + +# ecc.curves.DOMAINS uses a 5-tuple to define curves. +# The first number is p where F_p is the finite field of the curve. +# The second number is the order n of the base point G. +# The third number is the parameter b of the definition of the curve +# E: y^2 = x^3 + ax + b (a in this case is 0) +# The fourth and fifth numbers constitute the base point G. +secp256k1Params = (long('fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f', 16), + long('fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141', 16), + 7, + long('79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', 16), + long('483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', 16)) + +def longToEvenLengthHexString(val): + h = format(val, 'x') + if not len(h) % 2 == 0: + h = '0' + h + return h + +def notRandom(n): + return n * '\x04' + +class ECCKey(object): + secp256k1Encoded = str('08fd87b04fba98090100004035ee7c7289d8fef7a8' + '6afe5da66d8bc2ebb6a8543fd2fead089f45ce7acd0fa64382a9500c41dad' + '770ffd4b511bf4b492eb1238800c32c4f76c73a3f3294e7c5002067cebc20' + '8a5fa3df16ec2bb34acc59a42ab4abb0538575ca99b92b6a2149a04f') + + secp224r1Encoded = str('0ee5587c4d18526f00e00038668d72cca6fd6a1b35' + '57b5366104d84408ecb637f08e8c86bbff82cc00e88f0066d7af63c3298ba' + '377348a1202b03b37fd6b1ff415aa311e001c04389459926c3296c242b83e' + '10a6cd2011c8fe2dae1b772ea5b21067') + + secp256r1Encoded = str('cb872ac99cd31827010000404fbfbbbb61e0f8f9b1' + 'a60a59ac8704e2ec050b423e3cf72e923f2c4f794b455c2a69d233456c36c' + '4119d0706e00eedc8d19390d7991b7b2d07a304eaa04aa6c000202191403d' + '5710bf15a265818cd42ed6fedf09add92d78b18e7a1e9feb95524702') + + secp384r1Encoded = str('d3103f5ac81741e801800060a1687243362b5c7b18' + '89f379154615a1c73fb48dee863e022915db608e252de4b7132da8ce98e83' + '1534e6a9c0c0b09c8d639ade83206e5ba813473a11fa330e05da8c96e4383' + 'fe27873da97103be2888cff002f05af71a1fddcc8374aa6ea9ce0030035c7' + 'a1b10d9fafe837b64ad92f22f5ced0789186538669b5c6d872cec3d926122' + 'b393772b57602ff31365efe1393246') + + secp521r1Encoded = str('77f4b0ac81948ddc02090084014cdc9cacc4794109' + '6bc9cc66752ec27f597734fa66c62b792f88c519d6d37f0d16ea1c483a182' + '7a010b9128e3a08070ca33ef5f57835b7c1ba251f6cc3521dc42b01065345' + '1981b445d343eed3782a35d6cff0ff484f5a883d209f1b9042b726703568b' + '2f326e18b833bdd8aa0734392bcd19501e10d698a79f53e11e0a22bdd2aad' + '900042014f3284fa698dd9fe1118dd331851cdfaac5a3829278eb8994839d' + 'e9471c940b858c69d2d05e8c01788a7d0b6e235aa5e783fc1bee807dcc386' + '5f920e12cf8f2d29') + + def __init__(self, specification=None): + if specification == 'secp256k1': + self.key = Key.Key.decode(binascii.unhexlify(self.secp256k1Encoded)) + self.keyOID = secp256k1 + elif specification == 'secp224r1': + self.key = Key.Key.decode(binascii.unhexlify(self.secp224r1Encoded)) + self.keyOID = secp224r1 + elif specification == 'secp256r1': + self.key = Key.Key.decode(binascii.unhexlify(self.secp256r1Encoded)) + self.keyOID = secp256r1 + elif specification == 'secp384r1': + self.key = Key.Key.decode(binascii.unhexlify(self.secp384r1Encoded)) + self.keyOID = secp384r1 + elif specification == 'secp521r1': + self.key = Key.Key.decode(binascii.unhexlify(self.secp521r1Encoded)) + self.keyOID = secp521r1 + else: + raise UnknownKeySpecificationError(specification) + + def asSubjectPublicKeyInfo(self): + """Returns a subject public key info representing + this key for use by pyasn1.""" + algorithmIdentifier = rfc2459.AlgorithmIdentifier() + algorithmIdentifier.setComponentByName('algorithm', ecPublicKey) + algorithmIdentifier.setComponentByName('parameters', self.keyOID) + spki = rfc2459.SubjectPublicKeyInfo() + spki.setComponentByName('algorithm', algorithmIdentifier) + # We need to extract the point that represents this key. + # The library encoding of the key is an 8-byte id, followed by 2 + # bytes for the key length in bits, followed by the point on the + # curve (represented by two python longs). There appear to also + # be 2 bytes indicating the length of the point as encoded, but + # Decoder takes care of that. + encoded = self.key.encode() + _, _, points = encoding.Decoder(encoded).int(8).int(2).point(2).out() + # '04' indicates that the points are in uncompressed form. + hexifiedBitString = "'%s%s%s'H" % ('04', longToEvenLengthHexString(points[0]), + longToEvenLengthHexString(points[1])) + subjectPublicKey = univ.BitString(hexifiedBitString) + spki.setComponentByName('subjectPublicKey', subjectPublicKey) + return spki + + def sign(self, data, hashAlgorithmName): + """Returns a hexified bit string representing a + signature by this key over the specified data. + Intended for use with pyasn1.type.univ.BitString""" + # There is some non-determinism in ECDSA signatures. Work around + # this by patching ecc.ecdsa.urandom to not be random. + with mock.patch('ecc.ecdsa.urandom', side_effect=notRandom): + # For some reason Key.sign returns an encoded point. + # Decode it so we can encode it as a BITSTRING consisting + # of a SEQUENCE of two INTEGERs. + # Also patch in secp256k1 if applicable. + if self.keyOID == secp256k1: + with mock.patch('ecc.curves.DOMAINS', {256: secp256k1Params}): + x, y = encoding.dec_point(self.key.sign(data, hashAlgorithmName)) + else: + x, y = encoding.dec_point(self.key.sign(data, hashAlgorithmName)) + point = ECPoint() + point.setComponentByName('x', x) + point.setComponentByName('y', y) + return byteStringToHexifiedBitString(encoder.encode(point)) + + +def keyFromSpecification(specification): + """Pass in a specification, get the appropriate key back.""" + if specification.startswith('secp'): + return ECCKey(specification) + else: + return RSAKey(specification) + +# The build harness will call this function with an output file-like +# object and a path to a file containing a specification. This will +# read the specification and output the key as ASCII-encoded PKCS #8. +def main(output, inputPath): + with open(inputPath) as configStream: + output.write(keyFromSpecification(configStream.read().strip()).toPEM()) + +# When run as a standalone program, this will read a specification from +# stdin and output the certificate as PEM to stdout. +if __name__ == '__main__': + print keyFromSpecification(sys.stdin.read()).toPEM() diff --git a/security/manager/ssl/tests/unit/sss_readstate_child_worker.js b/security/manager/ssl/tests/unit/sss_readstate_child_worker.js new file mode 100644 index 000000000..166ab9ed3 --- /dev/null +++ b/security/manager/ssl/tests/unit/sss_readstate_child_worker.js @@ -0,0 +1,25 @@ +/* import-globals-from head_psm.js */ +"use strict"; + +function run_test() { + let SSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "expired.example.com", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "notexpired.example.com", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.includesubdomains.preloaded.test", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "incsubdomain.example.com", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.incsubdomain.example.com", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains2.preloaded.test", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.includesubdomains2.preloaded.test", 0)); + do_test_finished(); +} diff --git a/security/manager/ssl/tests/unit/test_add_preexisting_cert.js b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js new file mode 100644 index 000000000..2b07828c8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js @@ -0,0 +1,45 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// Tests that adding a certificate already present in the certificate database +// with different trust bits than those stored in the database does not result +// in the new trust bits being ignored. + +do_get_profile(); +var certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function load_cert(cert, trust) { + let file = "test_intermediate_basic_usage_constraints/" + cert + ".pem"; + addCertFromFile(certDB, file, trust); +} + +function getDERString(cert) { + let derString = ""; + for (let rawByte of cert.getRawDER({})) { + derString += String.fromCharCode(rawByte); + } + return derString; +} + +function run_test() { + load_cert("ca", "CTu,CTu,CTu"); + load_cert("int-limited-depth", "CTu,CTu,CTu"); + let file = "test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem"; + let cert_pem = readFile(do_get_file(file)); + let ee = certDB.constructX509FromBase64(pemToBase64(cert_pem)); + checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess, + certificateUsageSSLServer); + // Change the already existing intermediate certificate's trust using + // addCertFromBase64(). We use findCertByNickname first to ensure that the + // certificate already exists. + let int_cert = certDB.findCertByNickname("int-limited-depth"); + notEqual(int_cert, null, "Intermediate cert should be in the cert DB"); + let base64_cert = btoa(getDERString(int_cert)); + certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument"); + checkCertErrorGeneric(certDB, ee, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageSSLServer); +} diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem new file mode 100644 index 000000000..1a18e2bf0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud +DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL +/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q +vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz +GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G +dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH +H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec new file mode 100644 index 000000000..6660f5d47 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/moz.build b/security/manager/ssl/tests/unit/test_baseline_requirements/moz.build new file mode 100644 index 000000000..b911380a4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/moz.build @@ -0,0 +1,19 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca.pem', +# 'no-san-old.pem', +# 'no-san-older.pem', +# 'no-san-recent.pem', +# 'san-contains-no-hostnames-old.pem', +# 'san-contains-no-hostnames-older.pem', +# 'san-contains-no-hostnames-recent.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem new file mode 100644 index 000000000..4a0032f43 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAZmgAwIBAgIUS00fexo4Y4FagP1oiKQiGCJKd/swCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw +MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC +AQEAnooFCIG4D5EQxpe6EcB3gXE2Cj5kMBvO5H+OobaVRd4kIxET+MChwsN2nuwy +xooA/P2M+9W/S3KP/K8L1tlyf/8J2xlr349MhULhCKG7XxpEQZl6sVjaeDLwWrEK +2Ts1jPgCTufdfPYBcO3rb4HSdHNfFlhB98dfgSakXqXzUZ9sz2VxmAeL6tLvspG9 +tH5viWFc+lv1J3/Jtzk79hleDsiIdcjTjC/bM/Y49jkNOBxru4Qrw5AZuveoVy/G +2axz89wBpjLYjI0KtVxCf8dutcVW7UwFKQywmo7QDqha61f0f8I6oCYXsDPK9FPf +WLIrK1TT3YxdhN7QIRu6J8ttBQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec new file mode 100644 index 000000000..7a34d0758 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:example.com +validity:20160724-20160924 diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem new file mode 100644 index 000000000..370cafc8f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAZmgAwIBAgIUZ3gdKZRvWFYArMRStT2zAGE6JDQwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw +MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC +AQEAn81HiHxHv7Mhq16XWoD6ttEu9sllOHssw452wRdIieM2XcMIi5DPI81XDhqk +5Zw/pUDfWxNFLq92JM2UArF7RtWICBYqi4UJcdnrMb84rwOVdgt9sDQYdamqj5qF +90XpTOIA+ZyfAMXxJpJTEC9WN1rc3cK6Epv0+7KqE6FBa5aH8uAYXAb/+eKmtwY/ +ELQWT2jsoplihEw8aJsXTR9M9y2UudxPhqgA7lPpstbOMNuw2xg8oWBnqgZGRGvH +7Afu2CoxEmYbxXnO6cJ30/pAuVLnVpmJg1n7DLT8is+2fUiOMyuve7KAjxuAo3KT +XEiTdgDBOOO+gIY532x/jErbRA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec new file mode 100644 index 000000000..aa682a7af --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:example.com +validity:20150724-20160924 diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem new file mode 100644 index 000000000..f901f613b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAZmgAwIBAgIUWxGwhSb8roUQoLNpJajl0X8jk10wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwODI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw +MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC +AQEADs0POeb1wJthEcg1nRYRcPgcNHsV1yVCkHMyfmssA1rgWXsp93PRVaCyZYgI +Dq+8QJtAYpdcChFcEYeGjcjLv49Dh+yiiZPPbRWKJB0y3v+13A74M1q+IQFoQWAh +L5GzAEjApsB1j/csRfDNjIwcP1WApN1iZ2NPxFU+PAIFhcmm+uD2doDtQfpMN9vi +HEg5H1x7JOufOZlN+zbnPK+Ob7N13pFd/P/IO8XhA/X8by4G45oh0deyELf9zVcW +4flslHPYthp4LDEyPvTP52jHn/yTO/m8cxKmCZOuwiw4DWfSVUy6irUs8W5SlfS8 +gI2Ctb+G5YvSffsPYwkUg3Hg7g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec new file mode 100644 index 000000000..e38478165 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:example.com +validity:20160824-20160924 diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem new file mode 100644 index 000000000..2d6821a7c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4TCCAcugAwIBAgIUL/Gibj3iILbh9idTh3u9XTSwzqIwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw +MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAsBgNVHREEJTAj +pCEwHzEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24wCwYJKoZIhvcNAQEL +A4IBAQAtCjzHSdXdAyaC5Qyw77gFwQKECHDAimgze1Nvgkyiv4LJLSuFZ84jnLIL +PM+iRxrxeBOdNy8PNIaDadFb5NoovmdLTG08ZjNjJoXOt5JufIHQrUzrcZy1aP7z +rWXED1QcwyKkoOAOqr5hOZ3pmu67a1vJgjZ8H4dVhfFkmSVGPG/6mTvn9H4N/AEo +K+M7BW1WMnNexsV5mMvlUUdfZP0J3o9oI9msH6uH92xU6jIHpgcm6plXfpOBGQfB +g6EUGD4znDe24ljbaohFATWw5c09kkOQNg/H6DQpb1Vi6k+X62Zgj5UR79zx53e+ +3Wo3Iu+hJUfNwyNk7KVF+r1wsUdA +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec new file mode 100644 index 000000000..41817bde7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:example.com +validity:20160724-20160924 +extension:subjectAlternativeName:/O=Example Organization diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem new file mode 100644 index 000000000..0465f5da5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4TCCAcugAwIBAgIUTePOoF7EmrE46xg5zgyv8RLxEhYwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw +MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAsBgNVHREEJTAj +pCEwHzEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24wCwYJKoZIhvcNAQEL +A4IBAQCdicLQK5tTHkNs58IySxDedV+BqQYxvNZN3cfrqzFdehS4OzVe8hQkwKhJ +5PpOfkh86KxoBActVL8AtP+mIBZ765qEFPhGEFMfEhqattsO6BluMNTB7ZP8HeDm +/oCI7Ae5u+Yr5IvjBNSv5fpY7sfDiM4oqXBolJYkR+YTu+GSKYhLZTtiHhG1/Jgw +yzBzWkfYxIW7EOe2t99krNWpPaf1MyUXO3Pj/7qfURMDeocaAvPGw7tqCZ0nsbOe +rJvNVZDMaPbOVQKsSSyIrEDfBlQViG10eQIUaURuAY4hJs6AoLvS5b3EaxAQAWtJ +okbLuSVbj7giOF84hkcFM3hE1FTs +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec new file mode 100644 index 000000000..65acf0b02 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:example.com +validity:20150724-20160924 +extension:subjectAlternativeName:/O=Example Organization diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem new file mode 100644 index 000000000..fc8b5b48a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4TCCAcugAwIBAgIUUwz+d++GVy8L6Lxi9GVnzG6yUCEwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwODI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw +MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAsBgNVHREEJTAj +pCEwHzEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24wCwYJKoZIhvcNAQEL +A4IBAQCdKXA+1XhcpKdyjeJjEEUm9ptoS8tKJt/vdGUPCByzlD71OJGsiXorTcGY +V2sgbGCmxA8dnxG8bPQMFdAZ2hRjWjZ/Hs18SDbMAONjzgiPlwUWRZldb2Th7WX3 +7a+1uMsT1rEsgmip7FuJjqW0qEyuHFRTt47aK0GJRX42VC5kJVMX8ujl8ucqSSNa +PRh6IPQgIxSchu79weP+YIxMz3GDvNuu6z4QWdkzQrnYqSJpLgNGPAdAxFCgsok3 +5rFNhadGNv6RqrG00HmXPBTTq6T8rQEsbQZQZ4eensb0HxdiQyX4XGnMeEpElTwO +LHziGIW2jBA9v5FJVBCC9QQysNby +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec new file mode 100644 index 000000000..140c20143 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:example.com +validity:20160824-20160924 +extension:subjectAlternativeName:/O=Example Organization diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js new file mode 100644 index 000000000..8917671b8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js @@ -0,0 +1,188 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +// The preference security.pki.name_matching_mode controls whether or not +// mozilla::pkix will fall back to using a certificate's subject common name +// during name matching. If the Baseline Requirements are followed, fallback +// should not be necessary (because any name information in the subject common +// name should be present in the subject alternative name extension). Due to +// compatibility concerns, the platform can be configured to fall back for +// certificates that are valid before 23 August 2016. Note that for certificates +// issued by an imported root, the platform will fall back if necessary, +// regardless of the value of the preference. + +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const gCertDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function certFromFile(certName) { + return constructCertFromFile(`test_baseline_requirements/${certName}.pem`); +} + +function loadCertWithTrust(certName, trustString) { + addCertFromFile(gCertDB, `test_baseline_requirements/${certName}.pem`, + trustString); +} + +function checkCertOn25August2016(cert, expectedResult) { + // (new Date("2016-08-25T00:00:00Z")).getTime() / 1000 + const VALIDATION_TIME = 1472083200; + checkCertErrorGenericAtTime(gCertDB, cert, expectedResult, + certificateUsageSSLServer, VALIDATION_TIME, {}, + "example.com"); +} + +function run_test() { + do_register_cleanup(() => { + Services.prefs.clearUserPref("security.pki.name_matching_mode"); + Services.prefs.clearUserPref("security.test.built_in_root_hash"); + }); + + loadCertWithTrust("ca", "CTu,,"); + + // When verifying a certificate, if the trust anchor is not a built-in root, + // name matching will fall back to using the subject common name if necessary + // (i.e. if there is no subject alternative name extension or it does not + // contain any dNSName or iPAddress entries). Thus, since imported roots are + // not in general treated as built-ins, these should all successfully verify + // regardless of the value of the pref. + Services.prefs.setIntPref("security.pki.name_matching_mode", 0); + do_print("current mode: always fall back, root not built-in"); + checkCertOn25August2016(certFromFile("no-san-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-older"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"), + PRErrorCodeSuccess); + + Services.prefs.setIntPref("security.pki.name_matching_mode", 1); + do_print("current mode: fall back for notBefore < August 23, 2016, root " + + "not built-in"); + checkCertOn25August2016(certFromFile("no-san-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-older"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"), + PRErrorCodeSuccess); + + Services.prefs.setIntPref("security.pki.name_matching_mode", 2); + do_print("current mode: fall back for notBefore < August 23, 2015, root " + + "not built-in"); + checkCertOn25August2016(certFromFile("no-san-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-older"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"), + PRErrorCodeSuccess); + + Services.prefs.setIntPref("security.pki.name_matching_mode", 3); + do_print("current mode: never fall back, root not built-in"); + checkCertOn25August2016(certFromFile("no-san-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-older"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"), + PRErrorCodeSuccess); + + // In debug builds, we can treat an imported root as a built-in, and thus we + // can actually test the different values of the pref. + if (isDebugBuild) { + let root = certFromFile("ca"); + Services.prefs.setCharPref("security.test.built_in_root_hash", + root.sha256Fingerprint); + + // Always fall back if necessary. + Services.prefs.setIntPref("security.pki.name_matching_mode", 0); + do_print("current mode: always fall back, root built-in"); + checkCertOn25August2016(certFromFile("no-san-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-older"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"), + PRErrorCodeSuccess); + + // Only fall back if notBefore < 23 August 2016 + Services.prefs.setIntPref("security.pki.name_matching_mode", 1); + do_print("current mode: fall back for notBefore < August 23, 2016, root " + + "built-in"); + checkCertOn25August2016(certFromFile("no-san-recent"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("no-san-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("no-san-older"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"), + PRErrorCodeSuccess); + + // Only fall back if notBefore < 23 August 2015 + Services.prefs.setIntPref("security.pki.name_matching_mode", 2); + do_print("current mode: fall back for notBefore < August 23, 2015, root " + + "built-in"); + checkCertOn25August2016(certFromFile("no-san-recent"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("no-san-old"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("no-san-older"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"), + PRErrorCodeSuccess); + + // Never fall back. + Services.prefs.setIntPref("security.pki.name_matching_mode", 3); + do_print("current mode: never fall back, root built-in"); + checkCertOn25August2016(certFromFile("no-san-recent"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("no-san-old"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("no-san-older"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"), + SSL_ERROR_BAD_CERT_DOMAIN); + checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"), + SSL_ERROR_BAD_CERT_DOMAIN); + } +} diff --git a/security/manager/ssl/tests/unit/test_certDB_import.js b/security/manager/ssl/tests/unit/test_certDB_import.js new file mode 100644 index 000000000..f53fbf0ef --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certDB_import.js @@ -0,0 +1,118 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests the various nsIX509CertDB import methods. + +do_get_profile(); + +const gCertDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +const CA_CERT_COMMON_NAME = "importedCA"; +const TEST_EMAIL_ADDRESS = "test@example.com"; + +let gCACertImportDialogCount = 0; + +// Mock implementation of nsICertificateDialogs. +const gCertificateDialogs = { + confirmDownloadCACert: (ctx, cert, trust) => { + gCACertImportDialogCount++; + equal(cert.commonName, CA_CERT_COMMON_NAME, + "CA cert to import should have the correct CN"); + trust.value = Ci.nsIX509CertDB.TRUSTED_EMAIL; + return true; + }, + setPKCS12FilePassword: (ctx, password) => { + // This is only relevant to exporting. + ok(false, "setPKCS12FilePassword() should not have been called"); + }, + getPKCS12FilePassword: (ctx, password) => { + // We don't test anything that calls this method yet. + ok(false, "getPKCS12FilePassword() should not have been called"); + }, + viewCert: (ctx, cert) => { + // This shouldn't be called for import methods. + ok(false, "viewCert() should not have been called"); + }, + + QueryInterface: XPCOMUtils.generateQI([Ci.nsICertificateDialogs]) +}; + +// Implements nsIInterfaceRequestor. Mostly serves to mock nsIPrompt. +const gInterfaceRequestor = { + alert: (title, text) => { + // We don't test anything that calls this method yet. + ok(false, `alert() should not have been called: ${text}`); + }, + + getInterface: iid => { + if (iid.equals(Ci.nsIPrompt)) { + return this; + } + + throw new Error(Cr.NS_ERROR_NO_INTERFACE); + } +}; + +function getCertAsByteArray(certPath) { + let certFile = do_get_file(certPath, false); + let certBytes = readFile(certFile); + + let byteArray = []; + for (let i = 0; i < certBytes.length; i++) { + byteArray.push(certBytes.charCodeAt(i)); + } + + return byteArray; +} + +function testImportCACert() { + // Sanity check the CA cert is missing. + throws(() => gCertDB.findCertByNickname(CA_CERT_COMMON_NAME), + /NS_ERROR_FAILURE/, + "CA cert should not be in the database before import"); + + // Import and check for success. + let caArray = getCertAsByteArray("test_certDB_import/importedCA.pem"); + gCertDB.importCertificates(caArray, caArray.length, Ci.nsIX509Cert.CA_CERT, + gInterfaceRequestor); + equal(gCACertImportDialogCount, 1, + "Confirmation dialog for the CA cert should only be shown once"); + + let caCert = gCertDB.findCertByNickname(CA_CERT_COMMON_NAME); + notEqual(caCert, null, "CA cert should now be found in the database"); + ok(gCertDB.isCertTrusted(caCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_EMAIL), + "CA cert should be trusted for e-mail"); +} + +function run_test() { + // We have to set a password and login before we attempt to import anything. + // In particular, the SQL NSS DB requires the user to be authenticated to set + // certificate trust settings, which we do when we import CA certs. + loginToDBWithDefaultPassword(); + + let certificateDialogsCID = + MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1", + gCertificateDialogs); + do_register_cleanup(() => { + MockRegistrar.unregister(certificateDialogsCID); + }); + + // Sanity check the e-mail cert is missing. + throws(() => gCertDB.findCertByEmailAddress(TEST_EMAIL_ADDRESS), + /NS_ERROR_FAILURE/, + "E-mail cert should not be in the database before import"); + + // Import the CA cert so that the e-mail import succeeds. + testImportCACert(); + + // Import the e-mail cert and check for success. + let emailArray = getCertAsByteArray("test_certDB_import/emailEE.pem"); + gCertDB.importEmailCertificate(emailArray, emailArray.length, + gInterfaceRequestor); + notEqual(gCertDB.findCertByEmailAddress(TEST_EMAIL_ADDRESS), null, + "E-mail cert should now be found in the database"); +} diff --git a/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx new file mode 100644 index 000000000..e969d672d Binary files /dev/null and b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx differ diff --git a/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem new file mode 100644 index 000000000..72b6371e2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwjCCAaygAwIBAgIUKTBs2ocwnIM+g29rcb+FMc8RTWswCwYJKoZIhvcNAQEL +MBUxEzARBgNVBAMMCmltcG9ydGVkQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4 +MDIwNTAwMDAwMFowITEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9 +PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3 +HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg +Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7 +EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK +lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C +AwEAATALBgkqhkiG9w0BAQsDggEBAFbtBnvVJEYh/Zq1mZuQXasaqD0Xp0s3hxEr +hDkrSh2uQ/lm3lvHuDLodI2cSYJz9A/ona2QHt9Rb9X7CmWFQ8DJtF1aiWLFlqgd +muaib0gSusRZr2cC+N7N35tmVO/gLlESlhQh40ORgSgMg+K8Vj3QwML5NSc91B7I +dCxZx5sZFl2HacOlQ0BFHqyk4tyPXxFLm5Ky56e2g52pCbWRkUbD2ScuxpoAd79E +n3FQYSZFn/AdrbSoko/+3AzNvHNCtqs8XAC4rE2dEuRYBjTF+ge4hGJqMFCRiCzN +2thjCmenbilKlLWL5fqNdaJqrMKD0Yp9AQhkICoIKXIJFquf9eQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec new file mode 100644 index 000000000..0528bc624 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec @@ -0,0 +1,2 @@ +issuer:importedCA +subject:/emailAddress=test@example.com diff --git a/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem new file mode 100644 index 000000000..77ec4cbac --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyDCCAbKgAwIBAgIUe4uNcR4KmHzd+jhffWz/NeLVWEUwCwYJKoZIhvcNAQEL +MBUxEzARBgNVBAMMCmltcG9ydGVkQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4 +MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKaW1wb3J0ZWRDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX +bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ +OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9 +uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb +t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO +NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYD +VR0TBAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAKENtK8hNu6JqM9B5OZWOrS8HT+j +ij9DiGh/rY9vf+2RywnR3RKq7yUO/GalAVbPP6OQBF+6qUJ4kQ6DO6XX7hKiB46n +XeVsxE9PawM/tsZszu/u2f3252AhDKgiy+doqtx4dbjBlCZxjtNEAu6EVHbseyBT +0C7+ILcmWXw6ZR4m9u7KoeHc2PMbYtj0YLveWgCXm7vIGw0Tl3eMZqsY1dG4LC3z +7vbr9HcLCpxOiUVfmLKs0l6nhbdoedNZ8zQDPFAI4ME3Em+7MNf+SRL0L45J0Sok +CqDbTn2fPlwEVsZqhq2475CXIzRpHxeF4Z0bB0vtXWH2oq+T3x7xqGxEmDU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec new file mode 100644 index 000000000..b16825354 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec @@ -0,0 +1,3 @@ +issuer:importedCA +subject:importedCA +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_certDB_import/moz.build b/security/manager/ssl/tests/unit/test_certDB_import/moz.build new file mode 100644 index 000000000..0c973c9e8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certDB_import/moz.build @@ -0,0 +1,14 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See Bug 1256495. +#test_certificates = ( +# 'emailEE.pem', +# 'importedCA.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js new file mode 100644 index 000000000..56e17855a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js @@ -0,0 +1,92 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests import PKCS12 file by nsIX509CertDB. + +do_get_profile(); + +const gCertDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +const CERT_COMMON_NAME = "test_cert_from_windows"; +const TEST_CERT_PASSWORD = "黒い"; + +let gGetPKCS12Password = false; + +// Mock implementation of nsICertificateDialogs. +const gCertificateDialogs = { + QueryInterface: XPCOMUtils.generateQI([Ci.nsICertificateDialogs]), + + getPKCS12FilePassword: (ctx, password) => { + ok(!gGetPKCS12Password, + "getPKCS12FilePassword should be called only once."); + + password.value = TEST_CERT_PASSWORD; + do_print("getPKCS12FilePassword() is called"); + gGetPKCS12Password = true; + return true; + }, +}; + +const gPrompt = { + QueryInterface: XPCOMUtils.generateQI([Ci.nsIPrompt]), + alert: (title, text) => { + do_print("alert('" + text + "')"); + }, +}; + +const gPromptFactory = { + QueryInterface: XPCOMUtils.generateQI([Ci.nsIPromptFactory]), + getPrompt: (aWindow, aIID) => gPrompt, +}; + +function doesCertExist(commonName) { + let allCerts = gCertDB.getCerts(); + let enumerator = allCerts.getEnumerator(); + while (enumerator.hasMoreElements()) { + let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert); + if (cert.isBuiltInRoot) { + continue; + } + if (cert.commonName == commonName) { + return true; + } + } + + return false; +} + +function testImportPKCS12Cert() { + ok(!doesCertExist(CERT_COMMON_NAME), + "Cert should not be in the database before import"); + + // Import and check for success. + let certFile = do_get_file("test_certDB_import/cert_from_windows.pfx"); + gCertDB.importPKCS12File(null, certFile); + + ok(gGetPKCS12Password, "PKCS12 password should be asked"); + + ok(doesCertExist(CERT_COMMON_NAME), + "Cert should now be found in the database"); +} + +function run_test() { + // We have to set a password and login before we attempt to import anything. + loginToDBWithDefaultPassword(); + + let certificateDialogsCID = + MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1", + gCertificateDialogs); + let promptFactoryCID = + MockRegistrar.register("@mozilla.org/prompter;1", gPromptFactory); + + do_register_cleanup(() => { + MockRegistrar.unregister(certificateDialogsCID); + MockRegistrar.unregister(promptFactoryCID); + }); + + // Import PKCS12 file with utf-8 password + testImportPKCS12Cert(); +} diff --git a/security/manager/ssl/tests/unit/test_cert_blocklist.js b/security/manager/ssl/tests/unit/test_cert_blocklist.js new file mode 100644 index 000000000..75688b58a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_blocklist.js @@ -0,0 +1,362 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// This test checks a number of things: +// * it ensures that data loaded from revocations.txt on startup is present +// * it ensures that certItems in blocklist.xml are persisted correctly +// * it ensures that items in the CertBlocklist are seen as revoked by the +// cert verifier +// * it does a sanity check to ensure other cert verifier behavior is +// unmodified + +// First, we need to setup appInfo for the blocklist service to work +var id = "xpcshell@tests.mozilla.org"; +var appName = "XPCShell"; +var version = "1"; +var platformVersion = "1.9.2"; +Cu.import("resource://testing-common/AppInfo.jsm", this); +/*global updateAppInfo:false*/ // Imported via AppInfo.jsm. +updateAppInfo({ + name: appName, + ID: id, + version: version, + platformVersion: platformVersion ? platformVersion : "1.0", + crashReporter: true, +}); + +// we need to ensure we setup revocation data before certDB, or we'll start with +// no revocation.txt in the profile +var gProfile = do_get_profile(); + +// Write out an empty blocklist.xml file to the profile to ensure nothing +// is blocklisted by default +var blockFile = gProfile.clone(); +blockFile.append("blocklist.xml"); +var stream = Cc["@mozilla.org/network/file-output-stream;1"] + .createInstance(Ci.nsIFileOutputStream); +stream.init(blockFile, + FileUtils.MODE_WRONLY | FileUtils.MODE_CREATE | FileUtils.MODE_TRUNCATE, + FileUtils.PERMS_FILE, 0); + +var data = "\n" + + "\n" + + "\n"; +stream.write(data, data.length); +stream.close(); + +const PREF_BLOCKLIST_UPDATE_ENABLED = "services.blocklist.update_enabled"; +const PREF_ONECRL_VIA_AMO = "security.onecrl.via.amo"; + +var gRevocations = gProfile.clone(); +gRevocations.append("revocations.txt"); +if (!gRevocations.exists()) { + let existing = do_get_file("test_onecrl/sample_revocations.txt", false); + existing.copyTo(gProfile, "revocations.txt"); +} + +var certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +// set up a test server to serve the blocklist.xml +var testserver = new HttpServer(); + +var initialBlocklist = "" + + "" + + // test with some bad data ... + "" + + "AkHVNA==" + + "" + + "some nonsense in serial" + + "" + + "and serial" + + // some mixed + // In this case, the issuer name and the valid serialNumber correspond + // to test-int.pem in bad_certs/ + "" + + "oops! more nonsense." + + "BVio/iQ21GCi2iUven8oJ/gae74=" + + // ... and some good + // In this case, the issuer name and the valid serialNumber correspond + // to other-test-ca.pem in bad_certs/ (for testing root revocation) + "" + + "exJUIJpq50jgqOwQluhVrAzTF74=" + + // This item corresponds to an entry in sample_revocations.txt where: + // isser name is "another imaginary issuer" base-64 encoded, and + // serialNumbers are: + // "serial2." base-64 encoded, and + // "another serial." base-64 encoded + // We need this to ensure that existing items are retained if they're + // also in the blocklist + "" + + "c2VyaWFsMi4=" + + "YW5vdGhlciBzZXJpYWwu" + + // This item revokes same-issuer-ee.pem by subject and pubKeyHash. + "" + + ""; + +var updatedBlocklist = "" + + "" + + "" + + "" + + "and the serial number" + + ""; + + +var blocklists = { + "/initialBlocklist/": initialBlocklist, + "/updatedBlocklist/": updatedBlocklist +}; + +function serveResponse(request, response) { + do_print("Serving for path " + request.path + "\n"); + response.write(blocklists[request.path]); +} + +for (var path in blocklists) { + testserver.registerPathHandler(path, serveResponse); +} + +// start the test server +testserver.start(-1); +var port = testserver.identity.primaryPort; + +// Setup the addonManager +var addonManager = Cc["@mozilla.org/addons/integration;1"] + .getService(Ci.nsIObserver) + .QueryInterface(Ci.nsITimerCallback); +addonManager.observe(null, "addons-startup", null); + +var converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"] + .createInstance(Ci.nsIScriptableUnicodeConverter); +converter.charset = "UTF-8"; + +function verify_cert(file, expectedError) { + let ee = constructCertFromFile(file); + checkCertErrorGeneric(certDB, ee, expectedError, certificateUsageSSLServer); +} + +// The certificate blocklist currently only applies to TLS server certificates. +function verify_non_tls_usage_succeeds(file) { + let ee = constructCertFromFile(file); + checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess, + certificateUsageSSLClient); + checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess, + certificateUsageEmailSigner); + checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess, + certificateUsageEmailRecipient); +} + +function load_cert(cert, trust) { + let file = "bad_certs/" + cert + ".pem"; + addCertFromFile(certDB, file, trust); +} + +function test_is_revoked(certList, issuerString, serialString, subjectString, + pubKeyString) { + let issuer = converter.convertToByteArray(issuerString ? issuerString : '', + {}); + + let serial = converter.convertToByteArray(serialString ? serialString : '', + {}); + + let subject = converter.convertToByteArray(subjectString ? subjectString : '', + {}); + + let pubKey = converter.convertToByteArray(pubKeyString ? pubKeyString : '', + {}); + + return certList.isCertRevoked(issuer, + issuerString ? issuerString.length : 0, + serial, + serialString ? serialString.length : 0, + subject, + subjectString ? subjectString.length : 0, + pubKey, + pubKeyString ? pubKeyString.length : 0); +} + +function fetch_blocklist(blocklistPath) { + do_print("path is " + blocklistPath + "\n"); + let certblockObserver = { + observe: function(aSubject, aTopic, aData) { + Services.obs.removeObserver(this, "blocklist-updated"); + run_next_test(); + } + }; + + Services.obs.addObserver(certblockObserver, "blocklist-updated", false); + Services.prefs.setCharPref("extensions.blocklist.url", + `http://localhost:${port}/${blocklistPath}`); + let blocklist = Cc["@mozilla.org/extensions/blocklist;1"] + .getService(Ci.nsITimerCallback); + blocklist.notify(null); +} + +function check_revocations_txt_contents(expected) { + let profile = do_get_profile(); + let revocations = profile.clone(); + revocations.append("revocations.txt"); + ok(revocations.exists(), "the revocations file should exist"); + let inputStream = Cc["@mozilla.org/network/file-input-stream;1"] + .createInstance(Ci.nsIFileInputStream); + inputStream.init(revocations, -1, -1, 0); + inputStream.QueryInterface(Ci.nsILineInputStream); + let contents = ""; + let hasmore = false; + do { + let line = {}; + hasmore = inputStream.readLine(line); + contents += (contents.length == 0 ? "" : "\n") + line.value; + } while (hasmore); + equal(contents, expected, "revocations.txt should be as expected"); +} + +function run_test() { + // import the certificates we need + load_cert("test-ca", "CTu,CTu,CTu"); + load_cert("test-int", ",,"); + load_cert("other-test-ca", "CTu,CTu,CTu"); + + let certList = Cc["@mozilla.org/security/certblocklist;1"] + .getService(Ci.nsICertBlocklist); + + let expected = "# Auto generated contents. Do not edit.\n" + + "MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5\n" + + "\tVCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=\n" + + "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=\n" + + " BVio/iQ21GCi2iUven8oJ/gae74=\n" + + "MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E=\n" + + " exJUIJpq50jgqOwQluhVrAzTF74=\n" + + "YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy\n" + + " YW5vdGhlciBzZXJpYWwu\n" + + " c2VyaWFsMi4="; + + // This test assumes OneCRL updates via AMO + Services.prefs.setBoolPref(PREF_BLOCKLIST_UPDATE_ENABLED, false); + Services.prefs.setBoolPref(PREF_ONECRL_VIA_AMO, true); + + add_test(function () { + // check some existing items in revocations.txt are blocked. Since the + // CertBlocklistItems don't know about the data they contain, we can use + // arbitrary data (not necessarily DER) to test if items are revoked or not. + // This test corresponds to: + // issuer: c29tZSBpbWFnaW5hcnkgaXNzdWVy + // serial: c2VyaWFsLg== + ok(test_is_revoked(certList, "some imaginary issuer", "serial."), + "issuer / serial pair should be blocked"); + + // This test corresponds to: + // issuer: YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy + // serial: c2VyaWFsLg== + ok(test_is_revoked(certList, "another imaginary issuer", "serial."), + "issuer / serial pair should be blocked"); + + // And this test corresponds to: + // issuer: YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy + // serial: c2VyaWFsMi4= + // (we test this issuer twice to ensure we can read multiple serials) + ok(test_is_revoked(certList, "another imaginary issuer", "serial2."), + "issuer / serial pair should be blocked"); + + // Soon we'll load a blocklist which revokes test-int.pem, which issued + // test-int-ee.pem. + // Check the cert validates before we load the blocklist + let file = "test_onecrl/test-int-ee.pem"; + verify_cert(file, PRErrorCodeSuccess); + + // The blocklist also revokes other-test-ca.pem, which issued + // other-ca-ee.pem. Check the cert validates before we load the blocklist + file = "bad_certs/other-issuer-ee.pem"; + verify_cert(file, PRErrorCodeSuccess); + + // The blocklist will revoke same-issuer-ee.pem via subject / pubKeyHash. + // Check the cert validates before we load the blocklist + file = "test_onecrl/same-issuer-ee.pem"; + verify_cert(file, PRErrorCodeSuccess); + + run_next_test(); + }); + + // blocklist load is async so we must use add_test from here + add_test(function() { + fetch_blocklist("initialBlocklist/"); + }); + + add_test(function() { + // The blocklist will be loaded now. Let's check the data is sane. + // In particular, we should still have the revoked issuer / serial pair + // that was in both revocations.txt and the blocklist.xml + ok(test_is_revoked(certList, "another imaginary issuer", "serial2."), + "issuer / serial pair should be blocked"); + + // Check that both serials in the certItem with multiple serials were read + // properly + ok(test_is_revoked(certList, "another imaginary issuer", "serial2."), + "issuer / serial pair should be blocked"); + ok(test_is_revoked(certList, "another imaginary issuer", "another serial."), + "issuer / serial pair should be blocked"); + + // test a subject / pubKey revocation + ok(test_is_revoked(certList, "nonsense", "more nonsense", + "some imaginary subject", "some imaginary pubkey"), + "issuer / serial pair should be blocked"); + + // Check the blocklist entry has been persisted properly to the backing + // file + check_revocations_txt_contents(expected); + + // Check the blocklisted intermediate now causes a failure + let file = "test_onecrl/test-int-ee.pem"; + verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE); + verify_non_tls_usage_succeeds(file); + + // Check the ee with the blocklisted root also causes a failure + file = "bad_certs/other-issuer-ee.pem"; + verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE); + verify_non_tls_usage_succeeds(file); + + // Check the ee blocked by subject / pubKey causes a failure + file = "test_onecrl/same-issuer-ee.pem"; + verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE); + verify_non_tls_usage_succeeds(file); + + // Check a non-blocklisted chain still validates OK + file = "bad_certs/default-ee.pem"; + verify_cert(file, PRErrorCodeSuccess); + + // Check a bad cert is still bad (unknown issuer) + file = "bad_certs/unknownissuer.pem"; + verify_cert(file, SEC_ERROR_UNKNOWN_ISSUER); + + // check that save with no further update is a no-op + let lastModified = gRevocations.lastModifiedTime; + // add an already existing entry + certList.revokeCertByIssuerAndSerial("YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy", + "c2VyaWFsMi4="); + certList.saveEntries(); + let newModified = gRevocations.lastModifiedTime; + equal(lastModified, newModified, + "saveEntries with no modifications should not update the backing file"); + + run_next_test(); + }); + + // disable AMO cert blocklist - and check blocklist.xml changes do not + // affect the data stored. + add_test(function() { + Services.prefs.setBoolPref("security.onecrl.via.amo", false); + fetch_blocklist("updatedBlocklist/"); + }); + + add_test(function() { + // Check the blocklist entry has not changed + check_revocations_txt_contents(expected); + run_next_test(); + }); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_cert_chains.js b/security/manager/ssl/tests/unit/test_cert_chains.js new file mode 100644 index 000000000..8abcb4e65 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_chains.js @@ -0,0 +1,134 @@ +// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +function build_cert_chain(certNames) { + let certList = Cc["@mozilla.org/security/x509certlist;1"] + .createInstance(Ci.nsIX509CertList); + certNames.forEach(function(certName) { + let cert = constructCertFromFile("bad_certs/" + certName + ".pem"); + certList.addCert(cert); + }); + return certList; +} + +function test_cert_equals() { + let certA = constructCertFromFile("bad_certs/default-ee.pem"); + let certB = constructCertFromFile("bad_certs/default-ee.pem"); + let certC = constructCertFromFile("bad_certs/expired-ee.pem"); + + ok(certA != certB, + "Cert objects constructed from the same file should not be equal" + + " according to the equality operators"); + ok(certA.equals(certB), + "equals() on cert objects constructed from the same cert file should" + + " return true"); + ok(!certA.equals(certC), + "equals() on cert objects constructed from files for different certs" + + " should return false"); +} + +function test_cert_list_serialization() { + let certList = build_cert_chain(['default-ee', 'expired-ee']); + + // Serialize the cert list to a string + let serHelper = Cc["@mozilla.org/network/serialization-helper;1"] + .getService(Ci.nsISerializationHelper); + certList.QueryInterface(Ci.nsISerializable); + let serialized = serHelper.serializeToString(certList); + + // Deserialize from the string and compare to the original object + let deserialized = serHelper.deserializeObject(serialized); + deserialized.QueryInterface(Ci.nsIX509CertList); + ok(certList.equals(deserialized), + "Deserialized cert list should equal the original"); +} + +function test_security_info_serialization(securityInfo, expectedErrorCode) { + // Serialize the securityInfo to a string + let serHelper = Cc["@mozilla.org/network/serialization-helper;1"] + .getService(Ci.nsISerializationHelper); + let serialized = serHelper.serializeToString(securityInfo); + + // Deserialize from the string and compare to the original object + let deserialized = serHelper.deserializeObject(serialized); + deserialized.QueryInterface(Ci.nsITransportSecurityInfo); + equal(securityInfo.securityState, deserialized.securityState, + "Original and deserialized security state should match"); + equal(securityInfo.errorMessage, deserialized.errorMessage, + "Original and deserialized error message should match"); + equal(securityInfo.errorCode, expectedErrorCode, + "Original and expected error code should match"); + equal(deserialized.errorCode, expectedErrorCode, + "Deserialized and expected error code should match"); +} + +function run_test() { + do_get_profile(); + add_tls_server_setup("BadCertServer", "bad_certs"); + + // Test nsIX509Cert.equals + add_test(function() { + test_cert_equals(); + run_next_test(); + }); + + // Test serialization of nsIX509CertList + add_test(function() { + test_cert_list_serialization(); + run_next_test(); + }); + + // Test successful connection (failedCertChain should be null) + add_connection_test( + // re-use pinning certs (keeler) + "good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null, + function withSecurityInfo(aTransportSecurityInfo) { + aTransportSecurityInfo.QueryInterface(Ci.nsITransportSecurityInfo); + test_security_info_serialization(aTransportSecurityInfo, 0); + equal(aTransportSecurityInfo.failedCertChain, null, + "failedCertChain for a successful connection should be null"); + } + ); + + // Test overrideable connection failure (failedCertChain should be non-null) + add_connection_test( + "expired.example.com", + SEC_ERROR_EXPIRED_CERTIFICATE, + null, + function withSecurityInfo(securityInfo) { + securityInfo.QueryInterface(Ci.nsITransportSecurityInfo); + test_security_info_serialization(securityInfo, SEC_ERROR_EXPIRED_CERTIFICATE); + notEqual(securityInfo.failedCertChain, null, + "failedCertChain should not be null for an overrideable" + + " connection failure"); + let originalCertChain = build_cert_chain(["expired-ee", "test-ca"]); + ok(originalCertChain.equals(securityInfo.failedCertChain), + "failedCertChain should equal the original cert chain for an" + + " overrideable connection failure"); + } + ); + + // Test non-overrideable error (failedCertChain should be non-null) + add_connection_test( + "inadequatekeyusage.example.com", + SEC_ERROR_INADEQUATE_KEY_USAGE, + null, + function withSecurityInfo(securityInfo) { + securityInfo.QueryInterface(Ci.nsITransportSecurityInfo); + test_security_info_serialization(securityInfo, SEC_ERROR_INADEQUATE_KEY_USAGE); + notEqual(securityInfo.failedCertChain, null, + "failedCertChain should not be null for a non-overrideable" + + " connection failure"); + let originalCertChain = build_cert_chain(["inadequatekeyusage-ee", "test-ca"]); + ok(originalCertChain.equals(securityInfo.failedCertChain), + "failedCertChain should equal the original cert chain for a" + + " non-overrideable connection failure"); + } + ); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_cert_dbKey.js b/security/manager/ssl/tests/unit/test_cert_dbKey.js new file mode 100644 index 000000000..ca47a4997 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_dbKey.js @@ -0,0 +1,146 @@ +// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +// This test tests that the nsIX509Cert.dbKey and nsIX509CertDB.findCertByDBKey +// APIs work as expected. That is, getting a certificate's dbKey and using it +// in findCertByDBKey should return the same certificate. Also, for backwards +// compatibility, findCertByDBKey should ignore any whitespace in its input +// (even though now nsIX509Cert.dbKey will never have whitespace in it). + +function hexStringToBytes(hex) { + let bytes = []; + for (let hexByteStr of hex.split(":")) { + bytes.push(parseInt(hexByteStr, 16)); + } + return bytes; +} + +function encodeCommonNameAsBytes(commonName) { + // The encoding will look something like this (in hex): + // 30 (SEQUENCE) + // 31 (SET) + // 30 (SEQUENCE) + // 06 (OID) 03 (length) + // 55 04 03 (id-at-commonName) + // 0C (UTF8String) + // + // To make things simple, it would be nice to have the length of each + // component be less than 128 bytes (so we can have single-byte lengths). + // For this to hold, the maximum length of the contents of the outermost + // SEQUENCE must be 127. Everything not in the contents of the common name + // will take up 11 bytes, so the value of the common name itself can be at + // most 116 bytes. + ok(commonName.length <= 116, + "test assumption: common name can't be longer than 116 bytes (makes " + + "DER encoding easier)"); + let commonNameOIDBytes = [ 0x06, 0x03, 0x55, 0x04, 0x03 ]; + let commonNameBytes = [ 0x0C, commonName.length ]; + for (let i = 0; i < commonName.length; i++) { + commonNameBytes.push(commonName.charCodeAt(i)); + } + let bytes = commonNameOIDBytes.concat(commonNameBytes); + bytes.unshift(bytes.length); + bytes.unshift(0x30); // SEQUENCE + bytes.unshift(bytes.length); + bytes.unshift(0x31); // SET + bytes.unshift(bytes.length); + bytes.unshift(0x30); // SEQUENCE + return bytes; +} + +function testInvalidDBKey(certDB, dbKey) { + throws(() => certDB.findCertByDBKey(dbKey), /NS_ERROR_ILLEGAL_INPUT/, + `findCertByDBKey(${dbKey}) should raise NS_ERROR_ILLEGAL_INPUT`); +} + +function testDBKeyForNonexistentCert(certDB, dbKey) { + let cert = certDB.findCertByDBKey(dbKey); + ok(!cert, "shouldn't find cert for given dbKey"); +} + +function byteArrayToByteString(bytes) { + let byteString = ""; + for (let b of bytes) { + byteString += String.fromCharCode(b); + } + return byteString; +} + +function run_test() { + do_get_profile(); + let certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + let cert = constructCertFromFile("bad_certs/test-ca.pem"); + equal(cert.issuerName, "CN=" + cert.issuerCommonName, + "test assumption: this certificate's issuer distinguished name " + + "consists only of a common name"); + let issuerBytes = encodeCommonNameAsBytes(cert.issuerCommonName); + ok(issuerBytes.length < 256, + "test assumption: length of encoded issuer is less than 256 bytes"); + let serialNumberBytes = hexStringToBytes(cert.serialNumber); + ok(serialNumberBytes.length < 256, + "test assumption: length of encoded serial number is less than 256 bytes"); + let dbKeyHeader = [ 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, serialNumberBytes.length, + 0, 0, 0, issuerBytes.length ]; + let expectedDbKeyBytes = dbKeyHeader.concat(serialNumberBytes, issuerBytes); + let expectedDbKey = btoa(byteArrayToByteString(expectedDbKeyBytes)); + equal(cert.dbKey, expectedDbKey, + "actual and expected dbKey values should match"); + + let certFromDbKey = certDB.findCertByDBKey(expectedDbKey); + ok(certFromDbKey.equals(cert), + "nsIX509CertDB.findCertByDBKey should find the right certificate"); + + ok(expectedDbKey.length > 64, + "test assumption: dbKey should be longer than 64 characters"); + let expectedDbKeyWithCRLF = expectedDbKey.replace(/(.{64})/, "$1\r\n"); + ok(expectedDbKeyWithCRLF.indexOf("\r\n") == 64, + "test self-check: adding CRLF to dbKey should succeed"); + certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithCRLF); + ok(certFromDbKey.equals(cert), + "nsIX509CertDB.findCertByDBKey should work with dbKey with CRLF"); + + let expectedDbKeyWithSpaces = expectedDbKey.replace(/(.{64})/, "$1 "); + ok(expectedDbKeyWithSpaces.indexOf(" ") == 64, + "test self-check: adding spaces to dbKey should succeed"); + certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithSpaces); + ok(certFromDbKey.equals(cert), + "nsIX509CertDB.findCertByDBKey should work with dbKey with spaces"); + + // Test some invalid dbKey values. + testInvalidDBKey(certDB, "AAAA"); // Not long enough. + // No header. + testInvalidDBKey(certDB, btoa(byteArrayToByteString( + [ 0, 0, 0, serialNumberBytes.length, + 0, 0, 0, issuerBytes.length ].concat(serialNumberBytes, issuerBytes)))); + testInvalidDBKey(certDB, btoa(byteArrayToByteString( + [ 0, 0, 0, 0, 0, 0, 0, 0, + 255, 255, 255, 255, // serial number length is way too long + 255, 255, 255, 255, // issuer length is way too long + 0, 0, 0, 0 ]))); + // Truncated issuer. + testInvalidDBKey(certDB, btoa(byteArrayToByteString( + [ 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1, + 0, 0, 0, 10, + 1, + 1, 2, 3 ]))); + // Issuer doesn't decode to valid common name. + testDBKeyForNonexistentCert(certDB, btoa(byteArrayToByteString( + [ 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1, + 0, 0, 0, 3, + 1, + 1, 2, 3 ]))); + + // zero-length serial number and issuer -> no such certificate + testDBKeyForNonexistentCert(certDB, btoa(byteArrayToByteString( + [ 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, + 0, 0, 0, 0 ]))); +} diff --git a/security/manager/ssl/tests/unit/test_cert_eku.js b/security/manager/ssl/tests/unit/test_cert_eku.js new file mode 100644 index 000000000..5a7e28de1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku.js @@ -0,0 +1,131 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +// Tests that the extended key usage extension is properly processed by the +// platform when verifying certificates. There are already comprehensive tests +// in mozilla::pkix itself, but these tests serve as integration tests to ensure +// that the cases we're particularly concerned about are correctly handled. + +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function certFromFile(certName) { + return constructCertFromFile(`test_cert_eku/${certName}.pem`); +} + +function loadCertWithTrust(certName, trustString) { + addCertFromFile(certdb, `test_cert_eku/${certName}.pem`, trustString); +} + +function checkEndEntity(cert, expectedResult) { + checkCertErrorGeneric(certdb, cert, expectedResult, certificateUsageSSLServer); +} + +function checkCertOn25August2016(cert, expectedResult) { + // (new Date("2016-08-25T00:00:00Z")).getTime() / 1000 + const VALIDATION_TIME = 1472083200; + checkCertErrorGenericAtTime(certdb, cert, expectedResult, + certificateUsageSSLServer, VALIDATION_TIME); +} + +function run_test() { + loadCertWithTrust("ca", "CTu,,"); + // end-entity has id-kp-serverAuth => success + checkEndEntity(certFromFile("ee-SA"), PRErrorCodeSuccess); + // end-entity has id-kp-serverAuth => success + checkEndEntity(certFromFile("ee-SA-CA"), PRErrorCodeSuccess); + // end-entity has extended key usage, but id-kp-serverAuth is not present => + // failure + checkEndEntity(certFromFile("ee-CA"), SEC_ERROR_INADEQUATE_CERT_TYPE); + // end-entity has id-kp-serverAuth => success + checkEndEntity(certFromFile("ee-SA-nsSGC"), PRErrorCodeSuccess); + + // end-entity has extended key usage, but id-kp-serverAuth is not present => + // failure (in particular, Netscape Server Gated Crypto (also known as + // Netscape Step Up) is not an acceptable substitute for end-entity + // certificates). + // Verify this for all Netscape Step Up policy configurations. + // 0 = "always accept nsSGC in place of serverAuth for CA certificates" + Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 0); + checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE); + // 1 = "accept nsSGC before 23 August 2016" + Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 1); + checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE); + // 2 = "accept nsSGC before 23 August 2015" + Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 2); + checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE); + // 3 = "never accept nsSGC" + Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 3); + checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE); + + // end-entity has id-kp-OCSPSigning, which is not acceptable for end-entity + // certificates being verified as TLS server certificates => failure + checkEndEntity(certFromFile("ee-SA-OCSP"), SEC_ERROR_INADEQUATE_CERT_TYPE); + + // intermediate has id-kp-serverAuth => success + loadCertWithTrust("int-SA", ",,"); + checkEndEntity(certFromFile("ee-int-SA"), PRErrorCodeSuccess); + // intermediate has id-kp-serverAuth => success + loadCertWithTrust("int-SA-CA", ",,"); + checkEndEntity(certFromFile("ee-int-SA-CA"), PRErrorCodeSuccess); + // intermediate has extended key usage, but id-kp-serverAuth is not present + // => failure + loadCertWithTrust("int-CA", ",,"); + checkEndEntity(certFromFile("ee-int-CA"), SEC_ERROR_INADEQUATE_CERT_TYPE); + // intermediate has id-kp-serverAuth => success + loadCertWithTrust("int-SA-nsSGC", ",,"); + checkEndEntity(certFromFile("ee-int-SA-nsSGC"), PRErrorCodeSuccess); + + // Intermediate has Netscape Server Gated Crypto. Success will depend on the + // Netscape Step Up policy configuration and the notBefore property of the + // intermediate. + loadCertWithTrust("int-nsSGC-recent", ",,"); + loadCertWithTrust("int-nsSGC-old", ",,"); + loadCertWithTrust("int-nsSGC-older", ",,"); + // 0 = "always accept nsSGC in place of serverAuth for CA certificates" + Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 0); + do_print("Netscape Step Up policy: always accept"); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"), + PRErrorCodeSuccess); + // 1 = "accept nsSGC before 23 August 2016" + do_print("Netscape Step Up policy: accept before 23 August 2016"); + Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 1); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"), + SEC_ERROR_INADEQUATE_CERT_TYPE); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"), + PRErrorCodeSuccess); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"), + PRErrorCodeSuccess); + // 2 = "accept nsSGC before 23 August 2015" + do_print("Netscape Step Up policy: accept before 23 August 2015"); + Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 2); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"), + SEC_ERROR_INADEQUATE_CERT_TYPE); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"), + SEC_ERROR_INADEQUATE_CERT_TYPE); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"), + PRErrorCodeSuccess); + // 3 = "never accept nsSGC" + do_print("Netscape Step Up policy: never accept"); + Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 3); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"), + SEC_ERROR_INADEQUATE_CERT_TYPE); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"), + SEC_ERROR_INADEQUATE_CERT_TYPE); + checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"), + SEC_ERROR_INADEQUATE_CERT_TYPE); + + // intermediate has id-kp-OCSPSigning, which is acceptable for CA + // certificates => success + loadCertWithTrust("int-SA-OCSP", ",,"); + checkEndEntity(certFromFile("ee-int-SA-OCSP"), PRErrorCodeSuccess); +} diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ca.pem b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem new file mode 100644 index 000000000..f9bc514d4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICuDCCAaKgAwIBAgIUNRoMRQGf1ZJA3n83kdc6L92/CEowCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MAsGCSqG +SIb3DQEBCwOCAQEAs/WSLtD9nmferqrktS7n94DuJKXYIyVwANS+HUSP515q0zTY +12Poo6n4UAJpAcO+MK2DhBREa3qtQBxxazmC6zAqvyOCE6l7YlzDXbjqLSfKn3ti +JrltsfR/0P5zqLDPu2TaXaYey+dtGqvGINjRccB9OknroUH+jX7jWqGBL4Gz8IOR +5I30FWKfDZTuhMNyBCVpCo5IL5VUdEgZsOlBe5jnGPtN7Q3LmFU91yoRXoOtp+e6 +94pZNhJqGfqLpH8ArRi5qr4QteCRSfvYFBusniJOLnGDi6K3Nh6iBvwPM8qSfQ5A +Cj361pbNvT+OPpdlm9DFCh6k8jKhZ2fXXMHdtg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec new file mode 100644 index 000000000..eb7c4b4be --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem new file mode 100644 index 000000000..a92b75aab --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwjCCAaygAwIBAgIUNTNJjnkkZVkSqyxFevGNL4LSwUowCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBAxDjAMBgNVBAMMBWVlLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc +BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC +a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg +uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK +9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP +mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEF +BQcDAjALBgkqhkiG9w0BAQsDggEBABqY2vFn+HYKesMyzER/V6bypmpBTSNerPdh +cUaLKr0dIXqwhcNi1C/e4RVnMH/mQIru/ts5Q8g6FErgNaDk78fE329xvlxUF4d8 +3tagpgo58YXz0O+cTb9MjSb4esoq8wSb5/7XJwIOOUekGDucou3SJmjhc5PJsz1M +tC0LZdS9/dW9isNC7cucG3iqqc7JeWi5wjnaDOlDa97fn307PDhoxpa/RCBOQHIu +c4HAdZmVa7bfq3xHTCo7/tyDGRSVBkJoNPVQq87sHPUKjBETUFiIvwhwkQdE+Xav +0cJeEbpH/v8dBtnIqSPdz/pNym0RAbj3vUxUefrwHf9vRkGI540= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec new file mode 100644 index 000000000..d49cabaa2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ee-CA +extension:extKeyUsage:clientAuth diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem new file mode 100644 index 000000000..e213e4494 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbmgAwIBAgIUJ0QK+zSmb5HCuQ8LczjgBonFNKgwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBMxETAPBgNVBAMMCGVlLVNBLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf +vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb +uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S +O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR +3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv +5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyEwHzAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwCwYJKoZIhvcNAQELA4IBAQBrWrTkqS66uaIJtips +SYF7wyReLJVmft0oAR2cWejAJcW00smFFkAttsxhMw1ttSKF3y2++zfPe24ufIjL +w1l2xa5dDPaHHS5dNvbcjmNWjb6zjErWd7d9fpMpeWA828Yy51hXViuj+DktVz+z +XF+Q0v8oVgaIPRClhwzt40rjNUlXG7S6ZJP6pcCZuWeMryRfmCt4SBgqjUsFZBHu +U2iPv+624W/Ov0jnpHi7TmHQY1veAvUEllnxXABMosWyrY2L8TPKIhi/5wWUtliH +BWKJR5x4mS4tIrLUPPDB3tX/rATaX1MPO1x30UsYmj4PJg84j1o1mGdes1bKTTpb +gwJF +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec new file mode 100644 index 000000000..5250cc4a8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ee-SA-CA +extension:extKeyUsage:serverAuth,clientAuth diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem new file mode 100644 index 000000000..926ccbe8e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0TCCAbugAwIBAgIUF5x+VY327TZW9Rb4sP1wubzN60kwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBUxEzARBgNVBAMMCmVlLVNBLU9DU1AwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg +2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ +5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ +PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj +DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W +iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjITAfMB0GA1UdJQQWMBQG +CCsGAQUFBwMBBggrBgEFBQcDCTALBgkqhkiG9w0BAQsDggEBAA4WIwtwzwVqvYG6 +zemLkiA2Po4Y3gjucKY9WY/ko7PjSRjZs4CM4JbIEtnWJUe0HlDyDRO7csv8WABo +15lrLhqGW/1vPVVuUUnpsDTiJN4cJnF7CLpT2GO/teYvmt1ZY+n5JhfI4FDO6t2x +xsIgRv7SFMqwKv5OiqGAFScgkYnsNZa9q+aqzGNcTJbJXvLuiTpdUL1vxoT2iiYo +rO/tlCnqAG9ryCS7/ZbiNytd3aOV0+Y64Sh7NoFbs3RJMNqGUklTL8qpaHgO3v0c +mzI9eh7683imPMZ7o7EeEOHix0M/6G7fFP7XF46ww6skQKfPqhPtoGoxN0/zpJWI +7VMlXFA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec new file mode 100644 index 000000000..3b3eff9ae --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ee-SA-OCSP +extension:extKeyUsage:serverAuth,OCSPSigning diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem new file mode 100644 index 000000000..177e17a7f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0zCCAb2gAwIBAgIUO/vVDR6vZfT1VN3k7nnF9d2DfaQwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBYxFDASBgNVBAMMC2VlLVNBLW5zU0dDMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyIwIDAeBgNVHSUEFzAV +BggrBgEFBQcDAQYJYIZIAYb4QgQBMAsGCSqGSIb3DQEBCwOCAQEASeKD1BrhVCUv +xLJWGeeMLQEmhC9jzTqPnkhVgdnQLVgbT6uGUBfb6thCqUwzkmqeSS3FwDlHrcuW +mZtvRVjmTJtkXnqW0ItmrfmGBzcky6Yf1JFIKh4zcj2dWDX7Z2jL/G80M0Sd92gA +dGNFK/7hJi8fK7GEwCsZuXrOF5V2tIJuBgSbadDP/BXkQQzdgJuymPlNNOQ2AUle +UJdlMMeAHN46ElQmTJ5qFO/q+73RXx2X7GKh/zMjnFoZmOjv6kcHNVirLghwyn5A +TzhUqyxYJIOesx2iToh3eounF5+ON+Tv24GZwHt8+LpywN4pbrvwdubiuTDgYBRC +U8xbVBqd0Q== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec new file mode 100644 index 000000000..4c51425ce --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ee-SA-nsSGC +extension:extKeyUsage:serverAuth,nsSGC diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem new file mode 100644 index 000000000..0b01c231a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwjCCAaygAwIBAgIUWQVaB4XyLq+dtmI7YOOKHIfM+xowCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBAxDjAMBgNVBAMMBWVlLVNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc +BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC +a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg +uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK +9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP +mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEF +BQcDATALBgkqhkiG9w0BAQsDggEBAJqJhFqbvu7bF39gdfgp7zkiESuvlR1O9YNR +42QE9E8vzXz7Yc3D6EDT54WmSRtbPa2y/LAeOQkUFV3vp5oFnHpU2dV5QH/p4clh +oRG1hCr5sicPGTNpUuD/ZQrYAzFt/EtfdhNEq81lPS2GZ/mCy+mWE8jNBUnOVO2Y +TtkAGJJafLEPghu5X4xQuxPJuPT1IycADL4bFxZUqRqoGUhcVeeGhUidz4I2q3rn +qRvdMGbWXx4o343M4H3auQMiVAnUzkCZIyUN0n0T35JfckIwthZSffFF6oBy0RDJ +bS/DoluvZ2NlJ8HIujgn0LOcJpKvxh7Yx1+5iBAM5+Hiwr0lQ6E= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec new file mode 100644 index 000000000..690f579af --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ee-SA +extension:extKeyUsage:serverAuth diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem new file mode 100644 index 000000000..3e37a4a72 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsTCCAZugAwIBAgIUGaRSC/MYTPhfTuLxPkyLSJSeh8swCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH +Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr +IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ +sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA +dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE +LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEL +A4IBAQAVnl1ZyAFD1Q9U9sWZZ4xqSV22f4eG8ox79yvIIQkb1kj4hsopxeRjwVMU +uND1/J1ravsvPoTy/fdawYFTmeW65XzzXypnreSxM4O0J6DTEE1UNrvj3yb8RaWh +JNBbjmcGKHDfU4CpQ28vgWKgPH4NzVnqvy9mMzbfkwBInfK1z+6PT9iQGaw5w1UI +ML0uD15Vd7Tcx2YjUdxCeqBnyS295soWVHRqI32HsPRVSG0Xt7JVzmVtrGS/dyPk +jrTFh6gd9tdcQf7sKDOQpwIRo5iE/uvRndXUe1kE48RQnt+VMJupQWA03Gxu3a0P +pCx8oCJbwVyfNk+p6obXosFOTrPG +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec new file mode 100644 index 000000000..670973930 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-CA +subject:ee-int-CA diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem new file mode 100644 index 000000000..0c95864e7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtzCCAaGgAwIBAgIUC68xy9MKWn3DXtSpmvrui0OyNr0wCwYJKoZIhvcNAQEL +MBQxEjAQBgNVBAMMCWludC1TQS1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgw +MjA1MDAwMDAwWjAXMRUwEwYDVQQDDAxlZS1pbnQtU0EtQ0EwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo +V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p +0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk +fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh +W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI +TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZI +hvcNAQELA4IBAQAVhShahEDEtyapGsFV7MvyyS9dqsmklEsnNAfJ+3yXb81yfYDG +maQdAxVf/nNH71PYlOJOxTb9JeV26vf/mSFJOcwrODP5vMrUJdopo011QKsgm046 +qumgVfqPqPHhzpWBoQTNfQHpOV/iVKjBRZu+hD/x4LLlt4G8jVXwayG58t/d1/7Q +Yv8a/2Dv+b07Q25EW0tgC8WraaP/KXPnbYArOu0sgWoRGMhc8fpswwSPas3xqrwz +MtLDyfllAPZthvthTeeIUWdWClvpJqrBSqlTPBaS8AFCntaROQHNaAbzBCIdZZKg +uZ9K9l3lUeUsDaNvVNuUKy5SXuno/wO/mr3Q +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec new file mode 100644 index 000000000..bd012ab71 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-SA-CA +subject:ee-int-SA-CA diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem new file mode 100644 index 000000000..6f6b17601 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICuzCCAaWgAwIBAgIUARy1oarqQUJskMjRknN9jLVwVHQwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC2ludC1TQS1PQ1NQMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBkxFzAVBgNVBAMMDmVlLWludC1TQS1PQ1NQMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK +tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N +Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr +sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs +l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl +nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsG +CSqGSIb3DQEBCwOCAQEASPYSc13k95EbV7+XmbxGacDe4LXWsy4P+oUsbNaSLtA/ +3ojBL3IaznMNZ3O7fVdQoPGtN7SxPKZtC44GLx8va6i32pXhwBp29mcc3vjAUwnl +3GsJmw7/KP9C/KGZpf46ofw7ORDSs+32NB7QuKssh+FMpIYblDMVISX2fNqEQ5qB +BktkgWh8EsgwbCLqHapgtfY2i/y1MtKBLxpIfCqx59iMCbA90ZvuELpA+2F6ZtR8 +7BvgC4zJ0YgkYrQApPjM00aFBAtjGEnsFBCRfpBGDIavqgfZoUlzh1jw9pTbF5ux +1jX+GL3TOF3DG2qhylJh+w2Dogyyc7G2n7mvGIHfSQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec new file mode 100644 index 000000000..2374d248f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-SA-OCSP +subject:ee-int-SA-OCSP diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem new file mode 100644 index 000000000..4345d995c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvTCCAaegAwIBAgIUTR//dWc2i2WpKXdEqfs1MgNXtVEwCwYJKoZIhvcNAQEL +MBcxFTATBgNVBAMMDGludC1TQS1uc1NHQzAiGA8yMDE1MTEyODAwMDAwMFoYDzIw +MTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9lZS1pbnQtU0EtbnNTR0MwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk +NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC +fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m +CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM +HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m +1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEw +CwYJKoZIhvcNAQELA4IBAQANPvkHZK6XUFOFNO0ZWRCOd8ZA4btmK1vttAOEMVWy +GDVu2SoYDN6JW11wJr6L+V1P7cTF7e3+4sC0oS9LoTCPxie/6UAsyBUOQvl45dHw +udRHJBPH04E8KWAa+odOK9McKgNt4oUA0DHm20eXDuISUEiV7R5N8XrpUweIgkFg +iXJnOebZYV4lrIAC5CvFJ6ubUVdJ3rqQfrTMmJm4DYaS0zGEqglP/TGwLb9r9QdQ +iJ0kktUZb3jiZYQAYZnSfGyiyy20bstt2WlXXTKKB5MBoDYW6mzL0NwwQOl6Nf6V +UfglFYd9/E8bsa69VIlvGekfYcOdrAxsTMliayTIwKjG +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec new file mode 100644 index 000000000..6c3cb6473 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-SA-nsSGC +subject:ee-int-SA-nsSGC diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem new file mode 100644 index 000000000..97ea224d6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsTCCAZugAwIBAgIUczLFMp0nvVMly27yYa/Y6nG0kpEwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmludC1TQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtU0EwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH +Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr +IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ +sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA +dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE +LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEL +A4IBAQCaGWv/SDygA6tYqxX/ild+418YW5bTpTzUoWppENrVQ7WRdLAz91/9dhPS +Y9znou5eLMVa7IoOqaNG4x7DvefqenYhKGDyQbVahOalsVVYTke901B9I6ci9wfp +wsKBYkLDzedlOCZVzU8aWH+uBi5ZOOD0T8NcTQE5x9T0gExu7rUOLa91+4h8NRTY +m1yyX9zSpZuY65qveSX47FR0QbPAjq5KNyUcGuQSjEf9fUsVXEC9QAuaQHJEROR2 +CKzbaqtRlLqv89B9OKVsbdstLTW/L7tRTQNpkjH2lLgxfGBPDy8eHSpVW/WvBKlu +/WxDnqx2W8TrJKA/RIQ56MeaOP+b +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec new file mode 100644 index 000000000..72ddb78df --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-SA +subject:ee-int-SA diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem new file mode 100644 index 000000000..703d5b29b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvzCCAamgAwIBAgIUG7btAHXGerwL88Jd7sb8IkeFKBkwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDWludC1uc1NHQy1vbGQwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowGzEZMBcGA1UEAwwQZWUtaW50LW5zU0dDLW9sZDCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ +6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk +nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N +/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG +JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd +7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA +ATALBgkqhkiG9w0BAQsDggEBAA/82zxrEW1c/neIl0E5/KOr0NL/F4lAdN+WUTT+ +P2DSf8Ke0EKO9lgMZKDBptlPT/XzTvmzvT3tM8vjFdcOF+1QQtFqoQ2pwpg7lXTA +2hh/gSNklJfWCSQkgVr07fCX0/ip7TM7R9pBhL+x5MSQxdF7xW9eFP8lE8dq3L93 +1iIApcexVSjb/MbGBr9rRe0LvdY5wRjbGPxCEyp/316CxXg29vWwYalW96CnZHnR +SAl34xTEaLeHjC6eeDSt4Fna5obAEw/p8dcC6TnGkKHEcZ/wSRNU42K8kIR0Rjdh +EyWRvajemwXDlKsLgRcWqN+nL8hn0O0yI9mKLxo6oQNsApA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec new file mode 100644 index 000000000..c8444d337 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-nsSGC-old +subject:ee-int-nsSGC-old diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem new file mode 100644 index 000000000..45bab52a7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwzCCAa2gAwIBAgIUV1Eo/pl5MBWjV8NHjvDSYjdoz9cwCwYJKoZIhvcNAQEL +MBoxGDAWBgNVBAMMD2ludC1uc1NHQy1vbGRlcjAiGA8yMDE1MTEyODAwMDAwMFoY +DzIwMTgwMjA1MDAwMDAwWjAdMRswGQYDVQQDDBJlZS1pbnQtbnNTR0Mtb2xkZXIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ +PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH +9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw +4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86 +exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0 +ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N +AgMBAAEwCwYJKoZIhvcNAQELA4IBAQCoka+kd2S/FnF34++D0mZ4xSeFqNU9ookP +oKqeQp8wXUtemulTI0MKOFavJjzq82Vm1LJLoFf46lU3q6oTuH/ylj9VMJn9/Etm +v+kJyjydlx1MVQUacQ+v+9QxwsYvt9KjgqSUDlwoh6BX8dKKFHgYKJJx7JyvyeHp +5FfSlEEIFdwWb42bzx4a6Va3lA6svpWP5mDZOOwp6b9wP8Bw7WxXQgjYP8pOmwYy +Q9inlnGCdTC2GhV5CNL+eq43eGdL/gAvQ1aCZPKovICxMzkv9f5Sx2nGcDUnqcJD +kICrqJ6gjTm+Q86UOSxiIioVSDt2BZjbyhBj4wgjCzsM4zeMcx+l +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec new file mode 100644 index 000000000..c5b12e8da --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-nsSGC-older +subject:ee-int-nsSGC-older diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem new file mode 100644 index 000000000..3bf0f2bac --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUe35zCPUg4TWN0gQjqfNVjK8KFqgwCwYJKoZIhvcNAQEL +MBsxGTAXBgNVBAMMEGludC1uc1NHQy1yZWNlbnQwIhgPMjAxNTExMjgwMDAwMDBa +GA8yMDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUtaW50LW5zU0dDLXJlY2Vu +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG +NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn +RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu +p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ +Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p +47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1 +7Y0CAwEAATALBgkqhkiG9w0BAQsDggEBAF2ltx1XJtzG/bhTsu/bo9qr3p9Um2Yr +2aXMzX8GNR/wmxBHVhNjBMHzQeuDBbYOkssDXQThFn3qAvLixNkD3cFez5D2LG0o +fR/Ftb7XDsEw6MdBNmjgrM1Sse3v6DOVKMcdoJ+HS7FZ4USbeJ0dkWvv4f1Secjk +yo1mZx3nq9cw1qI5pnH95YncD8u2rzErWeZHpIRW7SxfabpPxhlUFFyywST11WEa +bZa2H4h5oFBmE84gDteDjM8BA9PbuPkwqS7MmfvdPHT9mwH+ppln4Ays/v9HnjmU +qRRyYP73/S8/J/N6DDXAQCJ3yWLIm08pFC0RS+mF729M0B0g4F52NpU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec new file mode 100644 index 000000000..6e736adc0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-nsSGC-recent +subject:ee-int-nsSGC-recent diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem new file mode 100644 index 000000000..6849a15ae --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAbCgAwIBAgIUeS+Bwx6kFrNZMCbqJdx6V/Dd4pIwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBMxETAPBgNVBAMMCGVlLW5zU0dDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf +vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb +uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S +O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR +3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv +5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxgwFjAUBgNVHSUEDTALBglg +hkgBhvhCBAEwCwYJKoZIhvcNAQELA4IBAQA/aXkP4qYhXpfW4Vk+Y4L8ufv0/LzR +VkObq/K9xdbt53X5i1cur+VmE8BQlaDTJ0lZ+efSvKZsBHLjLJWs7ghzBEQY0zW9 +bh56nwwEgv91GMUJeb4krm8Pe0N5b15QrtQE4nFCHQs9Bkkhmhm9Dormw20fa1A/ +82ADTMMhTen4bJYpKbcWP9z0pv3wattrfKpsNHYprgV7eqznjAsr2hClc089CsFl +msc+2gbiz+yk2TO7naaWhuNc5p8zevPb5m4UzOVKqnXqGdjJ2ev8j5N7LYAB6IJh +68vieEO/P1ovkSUUmR69jaI0eIiWEfYqbW4v9d8/pMutmyeOZh3RT5u+ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec new file mode 100644 index 000000000..43d58ab6d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ee-nsSGC +extension:extKeyUsage:nsSGC diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem new file mode 100644 index 000000000..67125227d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0TCCAbugAwIBAgIUafQ18/NBMv9lR5wdiAdnVzIZvWkwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBExDzANBgNVBAMMBmludC1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMlMCMwDAYDVR0TBAUwAwEB/zAT +BgNVHSUEDDAKBggrBgEFBQcDAjALBgkqhkiG9w0BAQsDggEBAHljHawI2YeWnSsd +ERqVkdmQKh+VKosuBp7RwiEZcLk8lRMtmgIkrCShc1HNsGW2X1QDk3btC0GRXXO4 +UFmpDFrcnblhCfkD73Gann6uk/1P7J7B+cG9HOrw9e8keazclz/FXgPXcTr061SO +fhJaPB6/6sYWw2f6o6lBg5uGZKrJtZiEjEqUAI0/eh7QJ0N8jdG8kzgOAFsvaS6C +LWtDAr1HwTRitb6AFeI+jP/hhAPQkuxbts1RmJUFQdTBmM/GwyT1LwBUpxgXW0xM +ta/7BP7TaBtsZx9N3hH7L4ADMU3E0rb7yYtN7RF40eRXB9RvnYy4Tn4YTIsaZFnR +xC6WzJ4= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec new file mode 100644 index 000000000..e5bc18198 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-CA +extension:basicConstraints:cA, +extension:extKeyUsage:clientAuth diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem new file mode 100644 index 000000000..aaa392db5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3jCCAcigAwIBAgIUAepQZqbEvSiQSE1cR9U5YmUbq48wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBQxEjAQBgNVBAMMCWludC1TQS1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY +H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk +27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9 +0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM +kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL +L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMvMC0wDAYDVR0TBAUwAwEB +/zAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYJKoZIhvcNAQELA4IB +AQAl23nZRqJVVi1D4CrC3FPJyitFtZF+ss85jSvtNIH1DK0tZHYpTqouVdBCVyz3 +31vb5Yq+33V0Lg4LS39Q7gYz3ofcyCCuTpSvYL6dV0EEbiYX6AVwFXXD8jeV16/V +7QFI/pae7sjr/2v2WJVmupdt1lT2hWVd/rilYBZPgri11QSiZVJP6qmf5AcA9dkg +pyZ5su1SwOaFN0XdrwvnW1+SSFYQtOWTfffr9ctMAXF0uGv/duGHLxPt2MIXvwWg +83che74+n8mYuZNUCTOh+BG/bR572KWDFY/hwBDpWXJUmFh5GtF/z29NDnY9IFyQ +HyE5qtltjnv0D2vSA2f7eoyH +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec new file mode 100644 index 000000000..94e9a42d4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-SA-CA +extension:basicConstraints:cA, +extension:extKeyUsage:serverAuth,clientAuth diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem new file mode 100644 index 000000000..e487b8ef6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4DCCAcqgAwIBAgIUY0Zp7/A39C/kccD4uV3b1yP2K1swCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBYxFDASBgNVBAMMC2ludC1TQS1PQ1NQMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAMBgNVHRMEBTAD +AQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDCTALBgkqhkiG9w0BAQsD +ggEBAEwVcLGSPMdCLiXXgXqDdEU81Ti3bfp3pEzI+g5X6H27cbLwNMb+DM1Qu6wt +w8UpXCxP6i8F3XnrKZCdfJG7caDlDoylCPpXaVd37B4lPcnd2j1sfb3PwG4cp2x7 +Qv4ur3sjG3nVn3kSKgrTVCojyo876Iy/ZKQpQAtiggS4pG7ztRPIPOVIZHzNEUfQ +RUpD9RFuoezM2aAPaTjTixKtIWjL1Fc+OCWHn4uAkPAnRuTm3SRIgVPREk2671oo +9OAtXwaNsEn9+P6FBdV69BE68n2Tl6bv8scE0JvSBJg3NfCq7gZJ16rpQXW0fEGV +ZqQiPT0JAJFYcK/l0ynVFZ4k9ZE= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec new file mode 100644 index 000000000..c38a640b9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-SA-OCSP +extension:basicConstraints:cA, +extension:extKeyUsage:serverAuth,OCSPSigning diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem new file mode 100644 index 000000000..29c734bb6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4jCCAcygAwIBAgIUUazTcP2+J+/snjciQqhPNClvzlAwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBcxFTATBgNVBAMMDGludC1TQS1uc1NHQzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMwMC4wDAYDVR0TBAUw +AwEB/zAeBgNVHSUEFzAVBggrBgEFBQcDAQYJYIZIAYb4QgQBMAsGCSqGSIb3DQEB +CwOCAQEArh/GECvDvQVnv2UdZUx5nL1VTxr1GS30/e83nTmTrIeN+lV9M4UR8UL5 +ecEl9eDBxGnTAAlvK1PupSQgZJzzDFD2tkqMWNrKwMMHTt4zPCx2gA6KBQcp9Dsj +ThB2jUAwcK24eXAcfEj2XRROhoKkKScd2Qo9FsFBl7r91KWTlHTsdkdT3wSJ73DP +jYn4S7Y82OiNgIY5KacH+L9VqY1MHI1TDlMb+MBYDniUbmpMMB0lE1EIt0oiu6XQ +n20+81inwxonsMikHI0YGdttWPotm8Yu/PxvwIeiOYd8fOPZkzD5rhd5aJLmOoMk +GuVcrNke+iBvK6Fc6A2uTj6t9CV6zg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec new file mode 100644 index 000000000..c84201d87 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-SA-nsSGC +extension:basicConstraints:cA, +extension:extKeyUsage:serverAuth,nsSGC diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem new file mode 100644 index 000000000..538b6d2ce --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0TCCAbugAwIBAgIUfYQTgJQVjmkz6KfdBM+7rJ9TXLQwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBExDzANBgNVBAMMBmludC1TQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMlMCMwDAYDVR0TBAUwAwEB/zAT +BgNVHSUEDDAKBggrBgEFBQcDATALBgkqhkiG9w0BAQsDggEBALnNW8RtP4S8LNYc +fpYdeArseY6SkVXSiYLWb7kUVuhGcJPO11FVfU4SCVdYqz1f1+4bev41ao/K5/dn +hs9koIzRFqErl7kP6Xi6jSwLKpl/rD3BH9waa7k57rJHrt6KCzOMICaIXQBPxzlg +hZBp9BFeuOxb8lJjSWXbplgAsU4FhAHVbTUWw9BfjbTAyoIx9N4r3X8ah5TDLlUN +NPp/aPKuC2jpRb9yEnOMvw8ziXmCjEFEIT8D+Z00OLOaCJ2dmsR6vWtE3qKwxFTG +14zYiG6pqTUwrg9F/F0mi4AoRkCIqNbiHvvZGaVLTpgOOG0EZgLH9WXMf+30RsDD ++DinBfU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec new file mode 100644 index 000000000..74bec2b21 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-SA +extension:basicConstraints:cA, +extension:extKeyUsage:serverAuth diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem new file mode 100644 index 000000000..0d20e07ec --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2TCCAcOgAwIBAgIUbcXBg0y82WEm7Yor5jl0vYp6sLQwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw +MDBaMBgxFjAUBgNVBAMMDWludC1uc1NHQy1vbGQwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH +Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr +IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ +sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA +dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE +LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjJjAkMAwGA1UdEwQF +MAMBAf8wFAYDVR0lBA0wCwYJYIZIAYb4QgQBMAsGCSqGSIb3DQEBCwOCAQEAM+vf +k8pAexjnMg1N5zp/X53Q6CaDseUj3FWnO/prJiMSWa2pcE+09naIc2gR7YsuapRr ++7Z1cOrF7uKVRnSKHmmZHGr+/EtoUuhwtkMpcbaCL5061Of6Un8UnK5sAQTECUip +CMChu0kX/qVlBiE/eJG2lrq8lycCdhjjjQjS0Fk1Jikh33/JeJCCay/pWOoiagv2 +ansOq+gUWiG55jTGT4b+0TdY70rLX7WDpliqieTfd7xVB0Zv4U41ydI/tcP5lo3g +/X4szNbZNyu9dRmLjVqDS3lhGGnRPiDblxlKm6vafrsd3zk4vg+UJlrHPP1q94Bh +Fbax9mimAkqXvI/F+A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec new file mode 100644 index 000000000..35f61671e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-nsSGC-old +extension:basicConstraints:cA, +extension:extKeyUsage:nsSGC +validity:20160724-20160924 diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem new file mode 100644 index 000000000..f42288896 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2zCCAcWgAwIBAgIUDUfr/LSKxxp6n1UoiDvmm9b4cCswCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw +MDBaMBoxGDAWBgNVBAMMD2ludC1uc1NHQy1vbGRlcjCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMmMCQwDAYDVR0T +BAUwAwEB/zAUBgNVHSUEDTALBglghkgBhvhCBAEwCwYJKoZIhvcNAQELA4IBAQAY +46wuAov03l8b+soIfL0TR+7LMwHnekiaa6M52nToHE8oDyH0NgFx4mMbdQYxKHvi +xn9Lgp650JN0ofkJ2Z5lduakAW8n316+bfimkJVCHst7jhSEc7qWAb96kLabZD7U +N+8cpelepAbfe8vpH043qon8tg9fYABZ4RrXCEQvhb+nHbNnW+GgnnnrtD7GM165 +krU12IDIOO/rQ04/vrKOa0p+Zv+oaLJMLhPPeXlQTno/bRY9VRq0oQej3iOyd6vH +wfq2PUCmTeOziI8YO6V9Ddtc/TYPwh3yF0AtKFXsl9MZ3xrlD17pl1BsVdIGANQf +qus1PdEkVZc8fRGBCJKv +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec new file mode 100644 index 000000000..f7a870c0f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-nsSGC-older +extension:basicConstraints:cA, +extension:extKeyUsage:nsSGC +validity:20150724-20160924 diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem new file mode 100644 index 000000000..a2a6dfd89 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAcagAwIBAgIUE3ByAD3ROipiblgZuY8BtAMhi6swCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwODI0MDAwMDAwWhgPMjAxNzA4MjQwMDAw +MDBaMBsxGTAXBgNVBAMMEGludC1uc1NHQy1yZWNlbnQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk +e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg +KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI +YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi +lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL +HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjJjAkMAwGA1Ud +EwQFMAMBAf8wFAYDVR0lBA0wCwYJYIZIAYb4QgQBMAsGCSqGSIb3DQEBCwOCAQEA +VPtQzyrS2EDjCT6V7b8KKEXAyl70GZe1rD2s/xS+Uj43la5vVQyB0PtabDTh4lVy +hut0M0o3E9hQ39qswMOcmNQdTnXTrhUzJPuGUnXxb8Jxjv+FR6+M8cmcdIlnFfXF +HQXwVn9LzvxwlbMatY3xQXrKQz6RzrMQ0V6tYKZZSHZvecy1iCbr2CIpU7I3D2aR +NatT1GYjaU+8u2afAoYKd+euB7pVMew7JuAxJ13iM1IMWyMil+/36ZOv5MBSSWRU +7ts0vZeH5Ne0kEYf5uOY7LWaw7fCo7HKiyOcB0xSvQL1BvjTf6NqbCO4a29BYQF6 +Ieyp6ItfrpIuwcpfyq1d7A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec new file mode 100644 index 000000000..f421ddc1a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-nsSGC-recent +extension:basicConstraints:cA, +extension:extKeyUsage:nsSGC +validity:20160824-20170824 diff --git a/security/manager/ssl/tests/unit/test_cert_eku/moz.build b/security/manager/ssl/tests/unit/test_cert_eku/moz.build new file mode 100644 index 000000000..7a4124e02 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_eku/moz.build @@ -0,0 +1,35 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca.pem', +# 'ee-CA.pem', +# 'ee-SA-CA.pem', +# 'ee-SA-OCSP.pem', +# 'ee-SA-nsSGC.pem', +# 'ee-SA.pem', +# 'ee-int-CA.pem', +# 'ee-int-SA-CA.pem', +# 'ee-int-SA-OCSP.pem', +# 'ee-int-SA-nsSGC.pem', +# 'ee-int-SA.pem', +# 'ee-int-nsSGC-old.pem', +# 'ee-int-nsSGC-older.pem', +# 'ee-int-nsSGC-recent.pem', +# 'ee-nsSGC.pem', +# 'int-CA.pem', +# 'int-SA-CA.pem', +# 'int-SA-OCSP.pem', +# 'int-SA-nsSGC.pem', +# 'int-SA.pem', +# 'int-nsSGC-old.pem', +# 'int-nsSGC-older.pem', +# 'int-nsSGC-recent.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null.js b/security/manager/ssl/tests/unit/test_cert_embedded_null.js new file mode 100644 index 000000000..4e4767560 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null.js @@ -0,0 +1,38 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +// Tests that a certificate with a clever subject common name like +// 'www.bank1.com[NUL]www.bad-guy.com' (where [NUL] is a single byte with +// value 0) will not be treated as valid for www.bank1.com. +// Includes a similar test case but for the subject alternative name extension. + +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function do_testcase(certname, checkCommonName) { + let cert = constructCertFromFile(`test_cert_embedded_null/${certname}.pem`); + // Where applicable, check that the testcase is meaningful (i.e. that the + // certificate's subject common name has an embedded NUL in it). + if (checkCommonName) { + equal(cert.commonName, "www.bank1.com\\00www.bad-guy.com", + "certificate subject common name should have an embedded NUL byte"); + } + checkCertErrorGeneric(certdb, cert, SSL_ERROR_BAD_CERT_DOMAIN, + certificateUsageSSLServer, {}, "www.bank1.com"); + checkCertErrorGeneric(certdb, cert, SSL_ERROR_BAD_CERT_DOMAIN, + certificateUsageSSLServer, {}, "www.bad-guy.com"); +} + +function run_test() { + addCertFromFile(certdb, "test_cert_embedded_null/ca.pem", "CTu,,"); + + do_testcase("embeddedNull", true); + do_testcase("embeddedNullSAN", false); + do_testcase("embeddedNullCNAndSAN", true); + do_testcase("embeddedNullSAN2", false); +} diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem new file mode 100644 index 000000000..1a18e2bf0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud +DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL +/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q +vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz +GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G +dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH +H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec new file mode 100644 index 000000000..6660f5d47 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem new file mode 100644 index 000000000..7e846ed83 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwTCCAaugAwIBAgIUPzul3x9eLLB//njMNwnlOFqHCCcwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMCgxJjAkBgNVBAMMHXd3dy5iYW5rMS5jb20Ad3d3LmJhZC1ndXkuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08 +E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc +1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP +DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ +gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV +YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID +AQABMAsGCSqGSIb3DQEBCwOCAQEAbPT/bQi9B1F3k6Xa8b8yG56+KqssBjA/BQXp +TbXHd2xwtlbpiCzA6pI/MTiTzR4y9dj7mD9kj/vcD4GEcrhe0IBJ/juim68EhbFM +QQ5KRSITj51+hPAvK2E79AAvyCweRndxqvlAak9PfJX4zEUoo07pQ6qE6tDaLgCN +dZ3hV0syAE29Gtj86ew8Z6fPOoA3Sd9xw9wqULdZk+XG4rWMQzuoXLR1OHzvHQs0 +sP1mMhTCRdXwD7xmbhY4Zhsey2tagADlLTIVCKZDWdTjwVACxuRkvqX9Iy1/W16Y +f0K7j6omyj/ziRnrNfKkCAl/REuTCrAWV8M0o/854RwFCg6UEQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec new file mode 100644 index 000000000..d1a32349a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca +subject:www.bank1.com\0www.bad-guy.com diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem new file mode 100644 index 000000000..af4572d66 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7zCCAdmgAwIBAgIUX4OgrL3nEzXRzIfkNVd6fxsHvDcwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMCgxJjAkBgNVBAMMHXd3dy5iYW5rMS5jb20Ad3d3LmJhZC1ndXkuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08 +E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc +1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP +DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ +gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV +YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID +AQABoywwKjAoBgNVHREEITAfgh13d3cuYmFuazEuY29tAHd3dy5iYWQtZ3V5LmNv +bTALBgkqhkiG9w0BAQsDggEBAKyN7qvmdcryAaKPxDKEpIEg7emhEigt7sNYq41I +ZteYbYRSsJDIKs+n7TmaQ2Qtxdb3KNJGxU5jd6nBqh+WZrhjWJjZNFP9VT29pZpf +H+D2yHvJV8It5OU86IaAjNxEopGJABXf1EwP3RSsmbI8PFrSLzzkV7qY+kgMbVLX +Txswvv5nITzWu4BXmznusDf/xdY9kR9EK2KZo9fCbBgzqoCFB9dtPsZmzDSHerYi +o0Mh33JwVgDLi05yd/RVyi3TYjaSNDA0TcnyPirKPJDDFzHWyqP/Yd0G6WI0Ke9G +ka0v/vIh+cLqMozHPO4Ks1MfRqWqsbCTRYnlqOW0iYZghR8= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec new file mode 100644 index 000000000..1029d6cdd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:www.bank1.com\0www.bad-guy.com +extension:subjectAlternativeName:www.bank1.com\0www.bad-guy.com diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem new file mode 100644 index 000000000..b0e05c6b9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAc+gAwIBAgIUGytwo7XSf4hWQWGePWi/WuFru/4wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMB4xHDAaBgNVBAMME2VtYmVkZGVkIE5VTCBpbiBTQU4wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo +V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p +0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk +fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh +W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI +TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjLDAqMCgG +A1UdEQQhMB+CHXd3dy5iYW5rMS5jb20Ad3d3LmJhZC1ndXkuY29tMAsGCSqGSIb3 +DQEBCwOCAQEAWYQZ0QVwm0rjYpWNZqD6gDOYFOo/DdaGgRWYF9wSueJaSqIY7Jwm +GAwwDBqcyCZdqssZKtDogt2lgwG8Rt1uqQ46I/JNvFvNwujwHNtrh8FO/sKSs+v1 +I1+b9S7D8Kg6RrKcUXA2cUU+qPlt4J+WXlvVxgUmruJXdJqplerxs8gk9hic0Bc7 +Zo30xzScfp0WpqdMxnc2FupW3y5MfgGpf/98u1gvdS1gnOdyZWAfhtcPEyb+PSOU +4nmtkDH83QKJ1QvHbjI2XqD57Ge3c+T2f4LpWw5+zn7K9kExNHsoPV4yqd87K5Ty +j4keE9h15zF/CUBF37wYfK9hBxxis+SW4A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec new file mode 100644 index 000000000..f224888ee --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:embedded NUL in SAN +extension:subjectAlternativeName:www.bank1.com\0www.bad-guy.com diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem new file mode 100644 index 000000000..b0672452f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6jCCAdSgAwIBAgIULbAjgyFkKYWb9Jl7dYe85tJgrq4wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBYxFDASBgNVBAMMC2JhZC1ndXkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozkwNzA1BgNVHREELjAs +ggtiYWQtZ3V5LmNvbYIdd3d3LmJhbmsxLmNvbQB3d3cuYmFkLWd1eS5jb20wCwYJ +KoZIhvcNAQELA4IBAQCemALDXRTm0lPpWiP1xCJVhCA1SqhCMNRgwZtxClRr10FC +l5qkR4Fy9RZoWSOO/obSid1tT6AKly8e49tUHaJ7b1KBPe0EAGPgNJPmlDafHFrC +wSOsIoiboLrrs9R+xWL0/7nruo2OqlpAbOajBnfvJ65t6JGWPVlSzvbXigwgL2EE +AfQQydWy5UDCW1/pQuAjd8WD3ZEz9IAgdM49zEeDss6a5t6RE4U+/acSTJBbZOOV +q7k2tCKEWQwHhWWWQSeiS+JW4PXYXy/N8DYABPHaZ6nK1HoBRCnT2TMvKeDwhv0o +Cw/NE/ytz6/STzYNV203SnVzmpkuvE4oG0IbGrZd +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec new file mode 100644 index 000000000..d352d034b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:bad-guy.com +extension:subjectAlternativeName:bad-guy.com,www.bank1.com\0www.bad-guy.com diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/moz.build b/security/manager/ssl/tests/unit/test_cert_embedded_null/moz.build new file mode 100644 index 000000000..9e2821867 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/moz.build @@ -0,0 +1,17 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca.pem', +# 'embeddedNull.pem', +# 'embeddedNullCNAndSAN.pem', +# 'embeddedNullSAN.pem', +# 'embeddedNullSAN2.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js new file mode 100644 index 000000000..148ee4b27 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js @@ -0,0 +1,71 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +// Tests that nsIX509Cert.isBuiltInRoot works as expected. + +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +// This is a certificate that (currently) ships with the platform. +// It should be considered a built-in root. +const sGeoTrustBase64 = "" + + "MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL" + + "MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj" + + "KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2" + + "MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0" + + "eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV" + + "BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw" + + "NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV" + + "BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH" + + "MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL" + + "So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal" + + "tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO" + + "BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG" + + "CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT" + + "qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz" + + "rD6ogRLQy7rQkgu2npaqBA+K"; + + +// This is a certificate that does not ship with the platform. +// It should not be considered a built-in root. +const sLetsEncryptBase64 = "" + + "MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw" + + "PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD" + + "Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa" + + "MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD" + + "ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD" + + "ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB" + + "BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg" + + "PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG" + + "dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1" + + "gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4" + + "4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud" + + "EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy" + + "BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j" + + "b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv" + + "ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ" + + "MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH" + + "AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw" + + "MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM" + + "LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3" + + "pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd" + + "v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd" + + "ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW" + + "ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk" + + "6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj" + + "f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk="; + +function run_test() { + let builtInCert = certdb.constructX509FromBase64(sGeoTrustBase64); + ok(builtInCert, "should be able to decode base-64 of built-in cert"); + ok(builtInCert.isBuiltInRoot, "cert should be considered built-in"); + + let notBuiltInCert = certdb.constructX509FromBase64(sLetsEncryptBase64); + ok(notBuiltInCert, "should be able to decode base-64 of built-in cert"); + ok(!notBuiltInCert.isBuiltInRoot, "cert should not be considered built-in"); +} diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js new file mode 100644 index 000000000..b17c592ee --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js @@ -0,0 +1,123 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +// Tests that nsIX509Cert.isBuiltInRoot works as expected. Differs from +// test_cert_isBuiltInRoot.js in that this test uses a preexisting NSS +// certificate DB that already contains some of the certificates in question. +// +// To create the necessary preexisting files, obtain the "GeoTrust Primary +// Certification Authority - G2" certificate and the "Let's Encrypt Authority +// X1" certificate (copied below for reference) and perform the following steps: +// +// `certutil -d . -N` (use an empty password) +// `certutil -d . -A -n "GeoTrust Primary Certification Authority - G2" -t ,, \ +// -a -i GeoTrust.pem` +// `certutil -d . -A -n "Let's Encrypt Authority X1" -t ,, -a \ +// -i LetsEncrypt.pem` +// +// This should create cert8.db and key3.db files for use on non-Android +// platforms. Perform the same steps with "sql:." as the argument to the "-d" +// flag to create cert9.db and key4.db for use with Android. +// +// (The crucial property of the first certificate is that it is a built-in trust +// anchor, so any replacement must also have this property. The second +// certificate is not a built-in trust anchor, so any replacement must not be a +// built-in trust anchor.) +// +// GeoTrust Primary Certification Authority - G2: +// -----BEGIN CERTIFICATE----- +// MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL +// MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +// KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +// MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +// eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV +// BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw +// NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV +// BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +// MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL +// So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal +// tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +// BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG +// CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT +// qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz +// rD6ogRLQy7rQkgu2npaqBA+K +// -----END CERTIFICATE----- +// +// Let's Encrypt Authority X1: +// -----BEGIN CERTIFICATE----- +// MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw +// PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +// Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa +// MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD +// ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD +// ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB +// BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg +// PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG +// dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1 +// gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4 +// 4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud +// EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy +// BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j +// b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv +// ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ +// MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH +// AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw +// MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM +// LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3 +// pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd +// v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd +// ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW +// ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk +// 6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj +// f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk= +// -----END CERTIFICATE----- + +"use strict"; + +function run_test() { + const isAndroid = AppConstants.platform == "android"; + const certDBName = isAndroid ? "cert9.db" : "cert8.db"; + const keyDBName = isAndroid ? "key4.db" : "key3.db"; + let profile = do_get_profile(); + let certDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${certDBName}`); + certDBFile.copyTo(profile, certDBName); + let keyDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${keyDBName}`); + keyDBFile.copyTo(profile, keyDBName); + + let certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + + // This is a built-in root, but not one that was added to the preexisting + // certificate DB. + const veriSignCertDBKey = `AAAAAAAAAAAAAAAQAAAAzS+A/iOM + DiIPSGcSKJGHrLMwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwg + SW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMx + KGMpIDIwMDcgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s + eTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0 + aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0`; + let veriSignCert = certdb.findCertByDBKey(veriSignCertDBKey); + ok(veriSignCert, "Should be able to find VeriSign root"); + ok(veriSignCert.isBuiltInRoot, "VeriSign root is a built-in"); + + // This is a built-in root. It was added to the preexisting certificate DB. It + // should still be considered a built-in. + const geoTrustCertDBKey = `AAAAAAAAAAAAAAAQAAAAmzyy9EgK + AOL+6yQ7XmA+w2swgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJ + bmMuMTkwNwYDVQQLEzAoYykgMjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhv + cml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlm + aWNhdGlvbiBBdXRob3JpdHkgLSBHMg==`; + let geoTrustCert = certdb.findCertByDBKey(geoTrustCertDBKey); + ok(geoTrustCert, "Should be able to find GeoTrust root"); + ok(geoTrustCert.isBuiltInRoot, "GeoTrust root is a built-in"); + + // This is not a built-in root. It was added to the preexisting certificate + // DB. It should not be considered a built-in root. + const letsEncryptCertDBKey = `AAAAAAAAAAAAAAARAAAAQQCYE + /R1E+V1C0PnQx6XHkS9MD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRyd + XN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDM=`; + let letsEncryptCert = certdb.findCertByDBKey(letsEncryptCertDBKey); + ok(letsEncryptCert, "Should be able to find LetsEncrypt root"); + ok(!letsEncryptCert.isBuiltInRoot, "LetsEncrypt root is not a built-in"); +} diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db new file mode 100644 index 000000000..87abcf35a Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db differ diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db new file mode 100644 index 000000000..b4567566d Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db differ diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db new file mode 100644 index 000000000..37241a743 Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db differ diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db new file mode 100644 index 000000000..ed8747112 Binary files /dev/null and b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db differ diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage.js b/security/manager/ssl/tests/unit/test_cert_keyUsage.js new file mode 100644 index 000000000..dd6fc4274 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage.js @@ -0,0 +1,57 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +var certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +const caList = [ "ca-no-keyUsage-extension", "ca-missing-keyCertSign", + "ca-all-usages" ]; +const eeList = [ "ee-no-keyUsage-extension", "ee-keyCertSign-only", + "ee-keyEncipherment-only", "ee-keyCertSign-and-keyEncipherment" ]; + +const caUsage = [ certificateUsageSSLCA, certificateUsageVerifyCA ]; +const allEEUsages = [ certificateUsageSSLClient, certificateUsageSSLServer, + certificateUsageEmailSigner, certificateUsageEmailRecipient, + certificateUsageObjectSigner ]; +const serverEEUsages = [ certificateUsageSSLServer, + certificateUsageEmailRecipient ]; + +const expectedUsagesMap = { + "ca-no-keyUsage-extension": caUsage, + "ca-missing-keyCertSign": [], + "ca-all-usages": caUsage, + + "ee-no-keyUsage-extension-ca-no-keyUsage-extension": allEEUsages, + "ee-no-keyUsage-extension-ca-missing-keyCertSign": [], + "ee-no-keyUsage-extension-ca-all-usages": allEEUsages, + + "ee-keyCertSign-only-ca-no-keyUsage-extension": [], + "ee-keyCertSign-only-ca-missing-keyCertSign": [], + "ee-keyCertSign-only-ca-all-usages": [], + + "ee-keyEncipherment-only-ca-no-keyUsage-extension": serverEEUsages, + "ee-keyEncipherment-only-ca-missing-keyCertSign": [], + "ee-keyEncipherment-only-ca-all-usages": serverEEUsages, + + "ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension": serverEEUsages, + "ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign": [], + "ee-keyCertSign-and-keyEncipherment-ca-all-usages": serverEEUsages, +}; + +add_task(function* () { + for (let ca of caList) { + addCertFromFile(certdb, "test_cert_keyUsage/" + ca + ".pem", "CTu,CTu,CTu"); + let caCert = constructCertFromFile("test_cert_keyUsage/" + ca + ".pem"); + yield asyncTestCertificateUsages(certdb, caCert, expectedUsagesMap[ca]); + for (let ee of eeList) { + let eeFullName = ee + "-" + ca; + let eeCert = constructCertFromFile("test_cert_keyUsage/" + eeFullName + ".pem"); + yield asyncTestCertificateUsages(certdb, eeCert, expectedUsagesMap[eeFullName]); + } + } +}); diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem new file mode 100644 index 000000000..68cfd91f3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2zCCAcWgAwIBAgIUdys2hGpJxVbK3B7BShZ/+fevEdwwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNY2EtYWxsLXVzYWdlczCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1 +SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+ +zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL +K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc +bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW +JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd +MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4wCwYJKoZIhvcNAQELA4IBAQB3 +PnTXfyK1lZATja9ooGeUFCvJlscLeOSqHoy2NfvZ8EgQYgRFwIyoqKnDvNxoc/tG +5K4SItulTTK2rG9g5e9NCVrbUThj3AMevJn9YpY/MWc+e8bsLO+djeKPYGGtgOAo +kj8O5jxoFPItElLIOC9yEQEM02AohkZu4AaoCL2RHsdYDGGqJJHNsjjpumtu5WWR +/sz2+sxfbnxub+IMk2TgoN/1/OeyFJ/BHPPi3jjiwi/fY9mtBSpYltArZsWu9Moa +qxqj0b62YfiiqbPPPMy3nqRtcnta8GvKB7j51ONbnwb/pE0Zaijeb286a2JOyItH +6mpoeFIefyemcfMwFChc +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec new file mode 100644 index 000000000..2ca523c74 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca-all-usages +subject:ca-all-usages +extension:basicConstraints:cA, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem new file mode 100644 index 000000000..b2f21337e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7TCCAdegAwIBAgIUNZz9C1mmhSFhZ3hsQHPCZYTR78owCwYJKoZIhvcNAQEL +MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw +MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowITEfMB0GA1UEAwwWY2EtbWlzc2luZy1r +ZXlDZXJ0U2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE +jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1 +a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p +GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW +2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO +p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR +xDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAfow +CwYJKoZIhvcNAQELA4IBAQCigLN4JNjaNQUV2oR8T/hBi0oYuPHnNsdKOlC1RJXI +ol12HE7fI9Yhdp25Nt48fxDu76e19nF+SBpE1hcnE8Bt9BLiyV0Na572f/lrLTx+ +sMDZ+Fq9+tAjagxJgmozXEoLPqDZDR0IlZzeNyqhcrSomqKie4AHxjaXKk32Kwip +eJfPolWij8NTX+M8JGiNVdMNakMhW4h7ulKvTDXjS1OhWd64tlPAuR/TZCZcfpz6 +Z08CgLcCUT928SG3Wz25FIZK9qiQkMEn7QNtIsF8SmAru0z7AEVuLFUnA71XP084 +hnAO09l608qaSq+xHq5GZ20mzP4ZllomqTKoBufBJ5J0 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec new file mode 100644 index 000000000..26e0158eb --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca-missing-keyCertSign +subject:ca-missing-keyCertSign +extension:basicConstraints:cA, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem new file mode 100644 index 000000000..42b620d4e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAc6gAwIBAgIUJYmyGPLkKFkTp5JuDYcONVz01gowCwYJKoZIhvcNAQEL +MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy +ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhjYS1uby1rZXlV +c2FnZS1leHRlbnNpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6 +iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr +4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP +8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI +Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ +77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J +I/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcN +AQELA4IBAQAEWzxixVODFWyBRURV4lePTqSy6lTKdiuClufSPtjVv6SVo1ZzfcYy +71dMnGdQ0zaEAj/twPAYB6RG8Ri7gb+Iven3tYMGDAhAwwcrKQovphLlc5ccRkXw +Sbw03aacwLoLbheElOBRYM7RInNV/K76SSUXkVVSKfB39nob0vL7je22UUR/1WjO +6WOsYS6AsgLTzQLLhhDpHXUQVyfHHJ2EivwceGtJPmcHbBRognDybUK1lt/5hKqo +zHUx7oa5qvAN1rZ/CtrEnSoaqY5BwmUqINalL0sAPwsd6FZM9G0kZaQpVjW3LgnY +orFxjJ1rrHx8dMjEK0bUT3JcvwfA+Rqv +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec new file mode 100644 index 000000000..d32e6a649 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca-no-keyUsage-extension +subject:ca-no-keyUsage-extension +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem new file mode 100644 index 000000000..bdf9b0969 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4jCCAcygAwIBAgIUL2/9azGOStHNpzE5OuF9/eXyXgYwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowLTErMCkGA1UEAwwiZWUta2V5Q2VydFNpZ24tYW5kLWtl +eUVuY2lwaGVybWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI +UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi +r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x +fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD +7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv +uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj ++nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgIkMAsGCSqGSIb3DQEB +CwOCAQEALRuAiMMiGyBra0dMzHR/98nFyiKriXYhp30XGU5hOb3nlumGuQoR6huq +mUnOFD7PjIeLRfvSyT0HisAr3xR0Cx2AlM8XV8iyyT5S3Obe5z6St5+mLWEtiiBg +BFPedxTz4M4npdKwEcc6fKhNknZdl/6QtbLWJbV9pqZWkNM+BoZNePo/vVl0ovKG +7cF4eZilmXD10MzMOQbgZwUOqfP9L6r49mCs7xuJBEAkwE/pnfnFuJyE8bbfGUzY +BkOj3ZnfOGk1sr8wSGK6LF7ArG2BUokOSstrjoT6v1Y5aXpCwEa/WECEpqphlAe9 +hloiRSezmE2LeOQS+bD0hQXfPvN6gw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec new file mode 100644 index 000000000..0bb2721a3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca-all-usages +subject:ee-keyCertSign-and-keyEncipherment +extension:keyUsage:keyEncipherment,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem new file mode 100644 index 000000000..07af0afad --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6zCCAdWgAwIBAgIUZWIH141D/q0jpqLy24q/Z/V5Q24wCwYJKoZIhvcNAQEL +MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw +MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLTErMCkGA1UEAwwiZWUta2V5Q2VydFNp +Z24tYW5kLWtleUVuY2lwaGVybWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgIkMAsG +CSqGSIb3DQEBCwOCAQEAYW3PJELJRWf/BpPb8gWUlGt0e3CIwjQqy/OsrXokniYE +0wDGDQBBBwWUtZ+2Y9b9Buu83NfdYLdLO5fG1ZMSWudSpAvGNoFAbkbyMovnxMuA +JdV36gfuyxl0nQ86iv3NgRaU7fDG2+wgukd6ugjX3KgKcgskZNS/qyyJNOCWl6M+ +JSC2Jpsz8ES9x8YsqblM/ERsrMXIWJd2r1/TZ0RT6yHIgkZcem0OyypJoMcfvwyA +92OYV29xCMUjGahOPd3b2WeP1xfIDOQu06/W1u3Ut2locR8/irKPSkgADNFN72/7 +usjX3lxFPwbpTlj4ehDizqQM8/Zjd7TSuT5U8mGGUA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec new file mode 100644 index 000000000..567ab0ce2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca-missing-keyCertSign +subject:ee-keyCertSign-and-keyEncipherment +extension:keyUsage:keyEncipherment,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem new file mode 100644 index 000000000..c5fafc299 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7TCCAdegAwIBAgIUTVrDE/LymICBYiBG+hIxeTNzILMwCwYJKoZIhvcNAQEL +MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy +ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAtMSswKQYDVQQDDCJlZS1rZXlDZXJ0 +U2lnbi1hbmQta2V5RW5jaXBoZXJtZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf +vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb +uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S +O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR +3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv +5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCAiQw +CwYJKoZIhvcNAQELA4IBAQB+abMJm5HdoKeMDzcqQpSLvSJKhbqrmujR8AKyHF9H +DQyvFHARUL6GoOxvaILJCTUWGqobHdTFQjhWCOuYjtqQf1CXbgtXAUVL8/EOncnS +UXcsti2r8h1WT/cDsXbnbmjloO1e/NEHHSK9Cm4zPSaoKQSYVSuXvKr8D9XZXvzj +JJh0lkmVyhq79kw3aXWg75VQOllhQ7kplPjlbs4XAjWgmyCUJ2v/M5yDn9nNxnqG +UyNLBEJkoaztUMZnEbx92cGD8FS721kaAZo5pslWx93+sHhHbwA9i5L1VG8UPX+T +mb/DZkhekaPXrecmw4DZlhdbx0DiDbKpnzYM71YYbmUe +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec new file mode 100644 index 000000000..c48ef6612 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca-no-keyUsage-extension +subject:ee-keyCertSign-and-keyEncipherment +extension:keyUsage:keyEncipherment,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem new file mode 100644 index 000000000..7f6c21909 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0zCCAb2gAwIBAgIUEYlPxi8Q+zUVKvxclDzrfiQ+PcEwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUta2V5Q2VydFNpZ24tb25seTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9 +PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3 +HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg +Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7 +EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK +lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C +AwEAAaMPMA0wCwYDVR0PBAQDAgIEMAsGCSqGSIb3DQEBCwOCAQEAcPa8SfjBKZd8 +qiQeFZSeBUWQB99PcTmJm87XvRH02p5pYzyIydHQ+Esv+kAOjOnZRbrVsd/2jvc+ +/Ae8HpJ/HcNjcSZPWsZ/qCQ/VAi1KkLtW4ETjECOUccCdY2hwBZ0l0XO6XZ3jutR +GjOngZ91INAcrTv9eq1JKVyc9AxIkNid7vHQ7re1GWp01zBm2c8O8yw8HshTD7JC +sD+2fiImj/nRsUZT9FPKRh6e1231ZQt4k1IF6Hfrke6vGnHGsOKcISwATMaidk28 +fb+UOopqL+LCxyKXjuNG7jx6EPLTaoN4zDQ3/ZBYAcscdoykzzMHMn7dgqUGgPxu +kjrUn+ycag== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec new file mode 100644 index 000000000..c495ca6d0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca-all-usages +subject:ee-keyCertSign-only +extension:keyUsage:keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem new file mode 100644 index 000000000..6a3e4ee0e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAcagAwIBAgIUG3wZGBaOAqM35Kdlf4GoCOK353owCwYJKoZIhvcNAQEL +MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw +MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUta2V5Q2VydFNp +Z24tb25seTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW +Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk +cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT +AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3 +ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh +s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV +A6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgIEMAsGCSqGSIb3DQEBCwOCAQEA +SeCJZFpmZUB53Cdu+/E8VarNp6jgZVf9KwOP3ihTWkvm7lRtlde8N5aTOP4cfrLp +se8Xh+ODEo3oNYY9WfvXigDKC1zMc+7+flx53TesO7SUVK5FASCoP5MfVWh+J+4k +dF6mbtXTOWkrIGSTmkjkGu7LmHYu8RVDagu3UU2zkFwZ/XruUB9ya9ABL6Bx5Th2 +KNcOVqTzdPYi9Uthz/imXbc5xBf6R47CuDu72zOoJJv4mLj6O1Qu3c5S1vrs3/l8 +HvoKu5J+yZRWmneJRJaIcKNBNWoKVQd++r6LlRa5kKMwYUe1tysc/mstGadeJhQB +kFqHtTynqrDY9dp4oPCXGQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec new file mode 100644 index 000000000..23ddd0eb8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca-missing-keyCertSign +subject:ee-keyCertSign-only +extension:keyUsage:keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem new file mode 100644 index 000000000..0f4446e8c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3jCCAcigAwIBAgIUKfpiB0n/DY53n/8um9gvIXVTf7wwCwYJKoZIhvcNAQEL +MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy +ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAeMRwwGgYDVQQDDBNlZS1rZXlDZXJ0 +U2lnbi1vbmx5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO +FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr +amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka +sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY +VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n +aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE +MdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCAgQwCwYJKoZIhvcNAQELA4IB +AQAdgSy6hksLymW1pdbptv7dR/9LZt9pvBfXh2mJo+rt3FAO6Pc2hQdap3hZjOP4 +a3mlJXkQ+xhXt+mUBzEn/zeKWvAG0/RX7WqGhHU9BR2BIdfxUAYmZSoTnK0Q+8sn +vtV+gQhVTB4FiAyvcE0Xno23Ge0HXTjL4PBsmEmTSrI0mgIpCY+LgOUs0Px3fu6S +OIHGKmiCqprDaOk8vA7cXfqF0i6/aOuAgu9yP6PtdgORdkEj1SRcbP3L4BX6DkZ4 +8RxdP7Us9zJc8JbXaNYsVmGhs1K1U4P7IeDqK99+idqkv5IZOGmRH6XSDNSKAWGL +7q/AnWlxjKyP1PXHQDs6fI0D +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec new file mode 100644 index 000000000..a5a2d62a7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca-no-keyUsage-extension +subject:ee-keyCertSign-only +extension:keyUsage:keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem new file mode 100644 index 000000000..5cb293924 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1zCCAcGgAwIBAgIUCagPpigas5zVKduGrpGcKSE3bs0wCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowIjEgMB4GA1UEAwwXZWUta2V5RW5jaXBoZXJtZW50LW9u +bHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI +BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa +p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB +7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C +kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv +aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK +Ne2NAgMBAAGjDzANMAsGA1UdDwQEAwIFIDALBgkqhkiG9w0BAQsDggEBADVINQwH +c6c0CNWqnwCuW+lwsFZ53TlZAeSzqCwnd/wRtBEAAz8KSmfoy158l1gz7M/1RpEn +I0cdEWDOGzqXea1nIBHP3JBoHRe/ZVm6VWW4KgNgXfi1X7wN0UWjADX1XBhebo4f +qVFRm4vatqyGEbm+sNvnJy2OXlC6g8VYeTmfXeLFmcHzWwJ59d3UYLB7fuW2R8GQ +xQSJnkR1vAUJNX2U9WUriiTalLP7DkoYoPODqSmC2S2W/gaU3R2Lv/EwX/o+I9xe +luxL8Zm6YctCfNNWdDDe8cqa1+h1meVr1QJww8Bmt8K9WIqDWjr+Lq5N/ZNbnt9f +HzdZ40d5wD/9Cxc= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec new file mode 100644 index 000000000..08154a53e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca-all-usages +subject:ee-keyEncipherment-only +extension:keyUsage:keyEncipherment diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem new file mode 100644 index 000000000..75e64e3b3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4DCCAcqgAwIBAgIUA37iPfJhzPzGvR57p7UZYQrfgUIwCwYJKoZIhvcNAQEL +MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw +MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowIjEgMB4GA1UEAwwXZWUta2V5RW5jaXBo +ZXJtZW50LW9ubHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo +RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a +dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t +aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n +FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX +Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py +UcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQEAwIFIDALBgkqhkiG9w0BAQsD +ggEBAKjvH8ZfuHOX5TvQfjhWK4bItjHec6pZeRDF0V2cGAVOu66Qk6ZJc8oUtH/N +zAV0WLJ+CmJa4BU2fc56LWbomPO5bqSgbVJuf72bPr/ppWIpXxtVJJXbnY0UWcFs +rNLBQfUlJzhApfsm/DgkRN/9ztHFi7MfgdpOaKjmFfy2WtOJnLzPH3/vsH2VAlDV +2YAdMSwCiK52FLBhGel+S63FagTNtkozPY83ePU0nstSakdfXfLEpM0vnJCUQgFJ +7SR/Eg1UbRSu/RWppEoFjEUnc+utXM8++9RlbO+0O5g3QpoVjI0iAgI5mMpAdYOj +ZfovJrJ1KiU3NFgCu2KS7QNbo4g= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec new file mode 100644 index 000000000..9bdcf4b7b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca-missing-keyCertSign +subject:ee-keyEncipherment-only +extension:keyUsage:keyEncipherment diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem new file mode 100644 index 000000000..7707ffa36 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4jCCAcygAwIBAgIUVaKLSYOm33xK4veKbBmaWOu6OoowCwYJKoZIhvcNAQEL +MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy +ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAiMSAwHgYDVQQDDBdlZS1rZXlFbmNp +cGhlcm1lbnQtb25seTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI +UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi +r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x +fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD +7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv +uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj ++nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgUgMAsGCSqGSIb3DQEB +CwOCAQEAcH/p+TMlDVgnQ6pHcYKDaPcHOTxbVAF/WO5Zx8jtXZQZq3Ls7HzKh7Nb +vF1nLvdNiAXmz58ynA83SQAj9dzU4etX4PRBqFFNVUXJngsWTqPBeBoPUK2rgWdE +BpsqczEkBtLGX3+MdVFoc76x66oVoHItUP2bTcEPCRrivPjPE4FvQMMzenbz9iH/ +z5n4IiwYE3KHnkzv/SI3fR7ZB/JEy1DcQ9eSsHAauS9N+FB1RI+tmi7dsPUPxEsu +PZ+YMoKF/qUvsLC8bFLm9Lxaj76F60ZDJib/Q+Lfll0D9zuKLtYUcYnVJOxExasE +PPPsmL1LO2t4GR6Ohr0scBp2DouuTw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec new file mode 100644 index 000000000..a2383ecfd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca-no-keyUsage-extension +subject:ee-keyEncipherment-only +extension:keyUsage:keyEncipherment diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem new file mode 100644 index 000000000..37a0b68b1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxzCCAbGgAwIBAgIUGbQXZixwJI9yhFsp9KXc1wHRU60wCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowIzEhMB8GA1UEAwwYZWUtbm8ta2V5VXNhZ2UtZXh0ZW5z +aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62 +iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql +WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq +Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ +ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i +b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY +CjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEANC3lB6czGJeL8EiQbEf+DUGDXETg +pTfbnV4si7kJ2ft5bXhltO92pus+v6jUjCFfQdxWfyzoJKX7FNlfRqtAPXXnjV9+ +UdvleX2IXtyGuvWb1J8wp9Ky+Yx1OBAEFtvGhjFnvYdt2/30S6eW3UmRfyBKshx7 +ZOASwi04RRWTvuvUN76UD+Fiy5RpLOHFAxb1o4oscTsncVarFqxQ76FviskjH8jH +LcMWOAG4KIqQuteWhdUEO2B0MVsj6JYDCZEiXU2WGRlvzd3GcQqffxcQatyVkX7y +hz/j+C/JEkCp9KN9g7DHbXehusONkmU/LgwkmKBtiU9yJMyK2PU/0qKFoQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec new file mode 100644 index 000000000..6d2e67296 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca-all-usages +subject:ee-no-keyUsage-extension diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem new file mode 100644 index 000000000..bc192ff9c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0DCCAbqgAwIBAgIUC6nvDJKsdXHlkcwJjyB1tgpBS8owCwYJKoZIhvcNAQEL +MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw +MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowIzEhMB8GA1UEAwwYZWUtbm8ta2V5VXNh +Z2UtZXh0ZW5zaW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR +qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv +WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+ +rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv +JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5 +Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6 +clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAr86WOKGBV6SUEBuH +/jEA5AWdo/iv6Y6l3qJxCR2QxLu9WU5T95FwimLDvnc9YfDXb8Y7skLZVutkpVQ3 +jUZ86jF30c0/gT1x/4MhqJGMKZ+bWLgQkL+Odv1rpP/M9FhDmQz35T9IkedFE+QT +znUH6BkOAd4KII1QGDKP34iFwtzdmypTZIWcw2Qvg+OSB/Z+MBdDq0giiabpSd2e +xWfKsZAP+XmltADeZhF2Iicle7m6seajfQDaQam8j3F0Tktj4n62JGfcxQdjEcpO +wbSIz3QkhJi2IAyEYaJNa4O6d/GG8qLo8ouvppB8nQxWeDr3PKOI0PGDlZT/2qzs +rPWlfQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec new file mode 100644 index 000000000..3cba2f0d8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca-missing-keyCertSign +subject:ee-no-keyUsage-extension diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem new file mode 100644 index 000000000..340de5e33 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0jCCAbygAwIBAgIUdTpgn8FIg/Q9On6r92BmokOw4U8wCwYJKoZIhvcNAQEL +MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy +ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhlZS1uby1rZXlV +c2FnZS1leHRlbnNpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6 +iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr +4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP +8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI +Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ +77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J +I/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IBAQAki2UmEYnRUxwj +U7WHSwJKfzl42K/sMceI1VICE00QEhkyFenM3tuxqr8S2H3QlqjHPPORlyEcuP5T +mchTpgU2lIbPxbNQjALSp2OOxo5WDBsl5G4H+Mw5OqgvcvH9Ko0hnxVMYuDvrziC +4V6yoj6P+LS9NQ0yOHMgMkXG10DAXTEp/L8KHd8STaT8FNIC/kFJWq24yodASdwJ +ak9RRPpMkC0XMT+LFhjjWrJvzyJKsyMnDB7RtH++MxnlwpqkHHX/Kq46yMPUheWC +jJBIRJRHn1eED+6fatv89/2hqCLimGYA3FaFSxtm+UITHqLpnGCRNlLIwiMwNT6L +K9zvsxW1 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec new file mode 100644 index 000000000..c850725a6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca-no-keyUsage-extension +subject:ee-no-keyUsage-extension diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build b/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build new file mode 100644 index 000000000..7fe54a9cc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build @@ -0,0 +1,27 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca-all-usages.pem', +# 'ca-missing-keyCertSign.pem', +# 'ca-no-keyUsage-extension.pem', +# 'ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem', +# 'ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem', +# 'ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem', +# 'ee-keyCertSign-only-ca-all-usages.pem', +# 'ee-keyCertSign-only-ca-missing-keyCertSign.pem', +# 'ee-keyCertSign-only-ca-no-keyUsage-extension.pem', +# 'ee-keyEncipherment-only-ca-all-usages.pem', +# 'ee-keyEncipherment-only-ca-missing-keyCertSign.pem', +# 'ee-keyEncipherment-only-ca-no-keyUsage-extension.pem', +# 'ee-no-keyUsage-extension-ca-all-usages.pem', +# 'ee-no-keyUsage-extension-ca-missing-keyCertSign.pem', +# 'ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js b/security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js new file mode 100644 index 000000000..83b4fdbc6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js @@ -0,0 +1,89 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// Test that when an override exists for a (host, certificate) pair, +// connections will succeed only if the set of error bits in the override +// contains each bit in the set of encountered error bits. +// Strangely, it is possible to store an override with an empty set of error +// bits, so this tests that too. + +do_get_profile(); + +function add_override_bits_mismatch_test(host, certPath, expectedBits, + expectedError) { + const MAX_BITS = Ci.nsICertOverrideService.ERROR_UNTRUSTED | + Ci.nsICertOverrideService.ERROR_MISMATCH | + Ci.nsICertOverrideService.ERROR_TIME; + let cert = constructCertFromFile(certPath); + let certOverrideService = Cc["@mozilla.org/security/certoverride;1"] + .getService(Ci.nsICertOverrideService); + for (let overrideBits = 0; overrideBits <= MAX_BITS; overrideBits++) { + add_test(function() { + certOverrideService.clearValidityOverride(host, 8443); + certOverrideService.rememberValidityOverride(host, 8443, cert, + overrideBits, true); + run_next_test(); + }); + // The override will succeed only if the set of error bits in the override + // contains each bit in the set of expected error bits. + let successExpected = (overrideBits | expectedBits) == overrideBits; + add_connection_test(host, successExpected ? PRErrorCodeSuccess + : expectedError); + } +} + +function run_test() { + Services.prefs.setIntPref("security.OCSP.enabled", 1); + add_tls_server_setup("BadCertServer", "bad_certs"); + + let fakeOCSPResponder = new HttpServer(); + fakeOCSPResponder.registerPrefixHandler("/", function (request, response) { + response.setStatusLine(request.httpVersion, 500, "Internal Server Error"); + }); + fakeOCSPResponder.start(8888); + + add_override_bits_mismatch_test("unknownissuer.example.com", + "bad_certs/unknownissuer.pem", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_override_bits_mismatch_test("mismatch.example.com", + "bad_certs/mismatch.pem", + Ci.nsICertOverrideService.ERROR_MISMATCH, + SSL_ERROR_BAD_CERT_DOMAIN); + add_override_bits_mismatch_test("expired.example.com", + "bad_certs/expired-ee.pem", + Ci.nsICertOverrideService.ERROR_TIME, + SEC_ERROR_EXPIRED_CERTIFICATE); + + add_override_bits_mismatch_test("mismatch-untrusted.example.com", + "bad_certs/mismatch-untrusted.pem", + Ci.nsICertOverrideService.ERROR_UNTRUSTED | + Ci.nsICertOverrideService.ERROR_MISMATCH, + SEC_ERROR_UNKNOWN_ISSUER); + add_override_bits_mismatch_test("untrusted-expired.example.com", + "bad_certs/untrusted-expired.pem", + Ci.nsICertOverrideService.ERROR_UNTRUSTED | + Ci.nsICertOverrideService.ERROR_TIME, + SEC_ERROR_UNKNOWN_ISSUER); + add_override_bits_mismatch_test("mismatch-expired.example.com", + "bad_certs/mismatch-expired.pem", + Ci.nsICertOverrideService.ERROR_MISMATCH | + Ci.nsICertOverrideService.ERROR_TIME, + SSL_ERROR_BAD_CERT_DOMAIN); + + add_override_bits_mismatch_test("mismatch-untrusted-expired.example.com", + "bad_certs/mismatch-untrusted-expired.pem", + Ci.nsICertOverrideService.ERROR_UNTRUSTED | + Ci.nsICertOverrideService.ERROR_MISMATCH | + Ci.nsICertOverrideService.ERROR_TIME, + SEC_ERROR_UNKNOWN_ISSUER); + + add_test(function () { + fakeOCSPResponder.stop(run_next_test); + }); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_cert_overrides.js b/security/manager/ssl/tests/unit/test_cert_overrides.js new file mode 100644 index 000000000..038ca814f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_overrides.js @@ -0,0 +1,340 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// Tests the certificate overrides we allow. +// add_cert_override_test will queue a test that does the following: +// 1. Attempt to connect to the given host. This should fail with the +// given error and override bits. +// 2. Add an override for that host/port/certificate/override bits. +// 3. Connect again. This should succeed. + +do_get_profile(); + +function check_telemetry() { + let histogram = Cc["@mozilla.org/base/telemetry;1"] + .getService(Ci.nsITelemetry) + .getHistogramById("SSL_CERT_ERROR_OVERRIDES") + .snapshot(); + equal(histogram.counts[0], 0, "Should have 0 unclassified counts"); + equal(histogram.counts[2], 8, + "Actual and expected SEC_ERROR_UNKNOWN_ISSUER counts should match"); + equal(histogram.counts[3], 1, + "Actual and expected SEC_ERROR_CA_CERT_INVALID counts should match"); + equal(histogram.counts[4], 0, + "Actual and expected SEC_ERROR_UNTRUSTED_ISSUER counts should match"); + equal(histogram.counts[5], 1, + "Actual and expected SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE counts should match"); + equal(histogram.counts[6], 0, + "Actual and expected SEC_ERROR_UNTRUSTED_CERT counts should match"); + equal(histogram.counts[7], 0, + "Actual and expected SEC_ERROR_INADEQUATE_KEY_USAGE counts should match"); + equal(histogram.counts[8], 2, + "Actual and expected SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED counts should match"); + equal(histogram.counts[9], 10, + "Actual and expected SSL_ERROR_BAD_CERT_DOMAIN counts should match"); + equal(histogram.counts[10], 5, + "Actual and expected SEC_ERROR_EXPIRED_CERTIFICATE counts should match"); + equal(histogram.counts[11], 2, + "Actual and expected MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY counts should match"); + equal(histogram.counts[12], 1, + "Actual and expected MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA counts should match"); + equal(histogram.counts[13], 1, + "Actual and expected MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE counts should match"); + equal(histogram.counts[14], 2, + "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE counts should match"); + equal(histogram.counts[15], 1, + "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE counts should match"); + equal(histogram.counts[16], 2, + "Actual and expected SEC_ERROR_INVALID_TIME counts should match"); + equal(histogram.counts[17], 1, + "Actual and expected MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME counts should match"); + + let keySizeHistogram = Cc["@mozilla.org/base/telemetry;1"] + .getService(Ci.nsITelemetry) + .getHistogramById("CERT_CHAIN_KEY_SIZE_STATUS") + .snapshot(); + equal(keySizeHistogram.counts[0], 0, + "Actual and expected unchecked key size counts should match"); + equal(keySizeHistogram.counts[1], 12, + "Actual and expected successful verifications of 2048-bit keys should match"); + equal(keySizeHistogram.counts[2], 0, + "Actual and expected successful verifications of 1024-bit keys should match"); + equal(keySizeHistogram.counts[3], 58, + "Actual and expected verification failures unrelated to key size should match"); + + run_next_test(); +} + +// Internally, specifying "port" -1 is the same as port 443. This tests that. +function run_port_equivalency_test(inPort, outPort) { + Assert.ok((inPort == 443 && outPort == -1) || (inPort == -1 && outPort == 443), + "The two specified ports must be -1 and 443 (in any order)"); + let certOverrideService = Cc["@mozilla.org/security/certoverride;1"] + .getService(Ci.nsICertOverrideService); + let cert = constructCertFromFile("bad_certs/default-ee.pem"); + let expectedBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED; + let expectedTemporary = true; + certOverrideService.rememberValidityOverride("example.com", inPort, cert, + expectedBits, expectedTemporary); + let actualBits = {}; + let actualTemporary = {}; + Assert.ok(certOverrideService.hasMatchingOverride("example.com", outPort, + cert, actualBits, + actualTemporary), + `override set on port ${inPort} should match port ${outPort}`); + equal(actualBits.value, expectedBits, + "input override bits should match output bits"); + equal(actualTemporary.value, expectedTemporary, + "input override temporary value should match output temporary value"); + Assert.ok(!certOverrideService.hasMatchingOverride("example.com", 563, + cert, {}, {}), + `override set on port ${inPort} should not match port 563`); + certOverrideService.clearValidityOverride("example.com", inPort); + Assert.ok(!certOverrideService.hasMatchingOverride("example.com", outPort, + cert, actualBits, {}), + `override cleared on port ${inPort} should match port ${outPort}`); + equal(actualBits.value, 0, "should have no bits set if there is no override"); +} + +function run_test() { + run_port_equivalency_test(-1, 443); + run_port_equivalency_test(443, -1); + + Services.prefs.setIntPref("security.OCSP.enabled", 1); + add_tls_server_setup("BadCertServer", "bad_certs"); + + let fakeOCSPResponder = new HttpServer(); + fakeOCSPResponder.registerPrefixHandler("/", function (request, response) { + response.setStatusLine(request.httpVersion, 500, "Internal Server Error"); + }); + fakeOCSPResponder.start(8888); + + add_simple_tests(); + add_combo_tests(); + add_distrust_tests(); + + add_test(function () { + fakeOCSPResponder.stop(check_telemetry); + }); + + run_next_test(); +} + +function add_simple_tests() { + add_cert_override_test("expired.example.com", + Ci.nsICertOverrideService.ERROR_TIME, + SEC_ERROR_EXPIRED_CERTIFICATE); + add_cert_override_test("notyetvalid.example.com", + Ci.nsICertOverrideService.ERROR_TIME, + MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE); + add_cert_override_test("before-epoch.example.com", + Ci.nsICertOverrideService.ERROR_TIME, + SEC_ERROR_INVALID_TIME); + add_cert_override_test("selfsigned.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_cert_override_test("unknownissuer.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_cert_override_test("expiredissuer.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE); + add_cert_override_test("notyetvalidissuer.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE); + add_cert_override_test("before-epoch-issuer.example.com", + Ci.nsICertOverrideService.ERROR_TIME, + SEC_ERROR_INVALID_TIME); + add_cert_override_test("md5signature.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + add_cert_override_test("emptyissuername.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME); + // This has name information in the subject alternative names extension, + // but not the subject common name. + add_cert_override_test("mismatch.example.com", + Ci.nsICertOverrideService.ERROR_MISMATCH, + SSL_ERROR_BAD_CERT_DOMAIN, + /The certificate is only valid for the following names:\s*doesntmatch\.example\.com, \*\.alsodoesntmatch\.example\.com/); + // This has name information in the subject common name but not the subject + // alternative names extension. + add_cert_override_test("mismatch-CN.example.com", + Ci.nsICertOverrideService.ERROR_MISMATCH, + SSL_ERROR_BAD_CERT_DOMAIN, + /The certificate is not valid for the name mismatch-CN\.example\.com/); + + // A Microsoft IIS utility generates self-signed certificates with + // properties similar to the one this "host" will present. + add_cert_override_test("selfsigned-inadequateEKU.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + + add_prevented_cert_override_test("inadequatekeyusage.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_INADEQUATE_KEY_USAGE); + + // This is intended to test the case where a verification has failed for one + // overridable reason (e.g. unknown issuer) but then, in the process of + // reporting that error, a non-overridable error is encountered. The + // non-overridable error should be prioritized. + add_test(function() { + let rootCert = constructCertFromFile("bad_certs/test-ca.pem"); + setCertTrust(rootCert, ",,"); + run_next_test(); + }); + add_prevented_cert_override_test("nsCertTypeCritical.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION); + add_test(function() { + let rootCert = constructCertFromFile("bad_certs/test-ca.pem"); + setCertTrust(rootCert, "CTu,,"); + run_next_test(); + }); + + // Bug 990603: Apache documentation has recommended generating a self-signed + // test certificate with basic constraints: CA:true. For compatibility, this + // is a scenario in which an override is allowed. + add_cert_override_test("self-signed-end-entity-with-cA-true.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + + add_cert_override_test("ca-used-as-end-entity.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY); + + // If an X.509 version 1 certificate is not a trust anchor, we will + // encounter an overridable error. + add_cert_override_test("end-entity-issued-by-v1-cert.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA); + // If we make that certificate a trust anchor, the connection will succeed. + add_test(function() { + let certOverrideService = Cc["@mozilla.org/security/certoverride;1"] + .getService(Ci.nsICertOverrideService); + certOverrideService.clearValidityOverride("end-entity-issued-by-v1-cert.example.com", 8443); + let v1Cert = constructCertFromFile("bad_certs/v1Cert.pem"); + setCertTrust(v1Cert, "CTu,,"); + clearSessionCache(); + run_next_test(); + }); + add_connection_test("end-entity-issued-by-v1-cert.example.com", + PRErrorCodeSuccess); + // Reset the trust for that certificate. + add_test(function() { + let v1Cert = constructCertFromFile("bad_certs/v1Cert.pem"); + setCertTrust(v1Cert, ",,"); + clearSessionCache(); + run_next_test(); + }); + + // Due to compatibility issues, we allow overrides for certificates issued by + // certificates that are not valid CAs. + add_cert_override_test("end-entity-issued-by-non-CA.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_CA_CERT_INVALID); + + // This host presents a 1016-bit RSA key. + add_cert_override_test("inadequate-key-size-ee.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE); + + add_cert_override_test("ipAddressAsDNSNameInSAN.example.com", + Ci.nsICertOverrideService.ERROR_MISMATCH, + SSL_ERROR_BAD_CERT_DOMAIN); + add_cert_override_test("noValidNames.example.com", + Ci.nsICertOverrideService.ERROR_MISMATCH, + SSL_ERROR_BAD_CERT_DOMAIN, + /The certificate is not valid for the name noValidNames\.example\.com/); + add_cert_override_test("badSubjectAltNames.example.com", + Ci.nsICertOverrideService.ERROR_MISMATCH, + SSL_ERROR_BAD_CERT_DOMAIN); + + add_cert_override_test("bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_test(function() { + // At this point, the override for bug413909.xn--hxajbheg2az3al.xn--jxalpdlp + // is still valid. Do some additional tests relating to IDN handling. + let certOverrideService = Cc["@mozilla.org/security/certoverride;1"] + .getService(Ci.nsICertOverrideService); + let uri = Services.io.newURI("https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", null, null); + let cert = constructCertFromFile("bad_certs/idn-certificate.pem"); + Assert.ok(certOverrideService.hasMatchingOverride(uri.asciiHost, 8443, cert, {}, {}), + "IDN certificate should have matching override using ascii host"); + Assert.ok(!certOverrideService.hasMatchingOverride(uri.host, 8443, cert, {}, {}), + "IDN certificate should not have matching override using (non-ascii) host"); + run_next_test(); + }); +} + +function add_combo_tests() { + add_cert_override_test("mismatch-expired.example.com", + Ci.nsICertOverrideService.ERROR_MISMATCH | + Ci.nsICertOverrideService.ERROR_TIME, + SSL_ERROR_BAD_CERT_DOMAIN, + /The certificate is only valid for doesntmatch\.example\.com<\/a>/); + add_cert_override_test("mismatch-notYetValid.example.com", + Ci.nsICertOverrideService.ERROR_MISMATCH | + Ci.nsICertOverrideService.ERROR_TIME, + SSL_ERROR_BAD_CERT_DOMAIN); + add_cert_override_test("mismatch-untrusted.example.com", + Ci.nsICertOverrideService.ERROR_MISMATCH | + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_cert_override_test("untrusted-expired.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED | + Ci.nsICertOverrideService.ERROR_TIME, + SEC_ERROR_UNKNOWN_ISSUER); + add_cert_override_test("mismatch-untrusted-expired.example.com", + Ci.nsICertOverrideService.ERROR_MISMATCH | + Ci.nsICertOverrideService.ERROR_UNTRUSTED | + Ci.nsICertOverrideService.ERROR_TIME, + SEC_ERROR_UNKNOWN_ISSUER); + + add_cert_override_test("md5signature-expired.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED | + Ci.nsICertOverrideService.ERROR_TIME, + SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + + add_cert_override_test("ca-used-as-end-entity-name-mismatch.example.com", + Ci.nsICertOverrideService.ERROR_MISMATCH | + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY); +} + +function add_distrust_tests() { + // Before we specifically distrust this certificate, it should be trusted. + add_connection_test("untrusted.example.com", PRErrorCodeSuccess); + + add_distrust_test("bad_certs/default-ee.pem", "untrusted.example.com", + SEC_ERROR_UNTRUSTED_CERT); + + add_distrust_test("bad_certs/other-test-ca.pem", + "untrustedissuer.example.com", SEC_ERROR_UNTRUSTED_ISSUER); + + add_distrust_test("bad_certs/test-ca.pem", + "ca-used-as-end-entity.example.com", + SEC_ERROR_UNTRUSTED_ISSUER); +} + +function add_distrust_test(certFileName, hostName, expectedResult) { + let certToDistrust = constructCertFromFile(certFileName); + + add_test(function () { + // Add an entry to the NSS certDB that says to distrust the cert + setCertTrust(certToDistrust, "pu,,"); + clearSessionCache(); + run_next_test(); + }); + add_prevented_cert_override_test(hostName, + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + expectedResult); + add_test(function () { + setCertTrust(certToDistrust, "u,,"); + run_next_test(); + }); +} diff --git a/security/manager/ssl/tests/unit/test_cert_sha1.js b/security/manager/ssl/tests/unit/test_cert_sha1.js new file mode 100644 index 000000000..f0d7c570a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1.js @@ -0,0 +1,142 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +// Tests the rejection of SHA-1 certificates based on the preference +// security.pki.sha1_enforcement_level. + +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +// We need to test as if we are at a fixed time, so that we are testing the +// 2016 checks on SHA-1, not the notBefore checks. +// +// (new Date("2016-03-01")).getTime() / 1000 +const VALIDATION_TIME = 1456790400; + +function certFromFile(certName) { + return constructCertFromFile("test_cert_sha1/" + certName + ".pem"); +} + +function loadCertWithTrust(certName, trustString) { + addCertFromFile(certdb, "test_cert_sha1/" + certName + ".pem", trustString); +} + +function checkEndEntity(cert, expectedResult) { + checkCertErrorGenericAtTime(certdb, cert, expectedResult, + certificateUsageSSLServer, VALIDATION_TIME); +} + +function run_test() { + loadCertWithTrust("ca", "CTu,,"); + loadCertWithTrust("int-pre", ",,"); + loadCertWithTrust("int-post", ",,"); + + // Test cases per pref setting + // + // root intermed. end entity + // =========================== + // root + // | + // +--- pre-2016 + // | | + // | +----- pre-2016 <--- (a) + // | +----- post-2016 <--- (b) + // | + // +--- post-2016 + // | + // +----- post-2016 <--- (c) + // + // Expected outcomes (accept / reject): + // + // a b c + // Allowed (0) Accept Accept Accept + // Forbidden (1) Reject Reject Reject + // (2) is no longer available and is treated as Forbidden (1) internally. + // ImportedRoot (3) Reject Reject Reject (for built-in roots) + // ImportedRoot Accept Accept Accept (for non-built-in roots) + // ImportedRootOrBefore2016 (4) Accept Reject Reject (for built-in roots) + // ImportedRootOrBefore2016 Accept Accept Accept (for non-built-in roots) + // + // The pref setting of ImportedRoot accepts usage of SHA-1 only for + // certificates issued by non-built-in roots. By default, the testing + // certificates are all considered issued by a non-built-in root. However, we + // have the ability to treat a given non-built-in root as built-in. We test + // both of these situations below. + // + // As a historical note, a policy option (Before2016) was previously available + // that only allowed SHA-1 for certificates with a notBefore before 2016. + // However, to enable the policy of only allowing SHA-1 from non-built-in + // roots in the most straightforward way (while still having a time-based + // policy that users could enable if this new policy were problematic), + // Before2016 was shifted to also allow SHA-1 from non-built-in roots, hence + // ImportedRootOrBefore2016. + // + // A note about intermediate certificates: the certificate verifier has the + // ability to directly verify a given certificate for the purpose of issuing + // TLS web server certificates. However, when asked to do so, the certificate + // verifier does not take into account the currently configured SHA-1 policy. + // This is in part due to implementation complexity and because this isn't + // actually how TLS web server certificates are verified in the TLS handshake + // (which makes a full implementation that supports heeding the SHA-1 policy + // unnecessary). + + // SHA-1 allowed + Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 0); + checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-post_int-pre"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-post_int-post"), PRErrorCodeSuccess); + + // SHA-1 forbidden + Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 1); + checkEndEntity(certFromFile("ee-pre_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + + // SHA-1 forbidden (test the case where the pref has been set to 2) + Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 2); + checkEndEntity(certFromFile("ee-pre_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + + // SHA-1 allowed only when issued by an imported root. First test with the + // test root considered a built-in (on debug only - this functionality is + // disabled on non-debug builds). + Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 3); + if (isDebugBuild) { + let root = certFromFile("ca"); + Services.prefs.setCharPref("security.test.built_in_root_hash", root.sha256Fingerprint); + checkEndEntity(certFromFile("ee-pre_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + Services.prefs.clearUserPref("security.test.built_in_root_hash"); + } + + // SHA-1 still allowed only when issued by an imported root. + // Now test with the test root considered a non-built-in. + checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-post_int-pre"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-post_int-post"), PRErrorCodeSuccess); + + // SHA-1 allowed before 2016 or when issued by an imported root. First test + // with the test root considered a built-in. + Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 4); + if (isDebugBuild) { + let root = certFromFile("ca"); + Services.prefs.setCharPref("security.test.built_in_root_hash", root.sha256Fingerprint); + checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); + Services.prefs.clearUserPref("security.test.built_in_root_hash"); + } + + // SHA-1 still only allowed before 2016 or when issued by an imported root. + // Now test with the test root considered a non-built-in. + checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-post_int-pre"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-post_int-post"), PRErrorCodeSuccess); +} diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem new file mode 100644 index 000000000..3eb86849d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUM2w8iT4pElSjs7q3vwwClj34aqcwCwYJKoZIhvcNAQEF +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0T +BAUwAwEB/zALBgkqhkiG9w0BAQUDggEBAGOFkUTVsazVYYVZn3v9wIKlEZYMfJ7B +V+INq12QVUgENBzIfQ/TPIYz+mkY5uCr94v5YUmW0eeyaSwJPlNaKWOyR0pQYd03 +Bd6gltdcdRkHs2FBaSOOli9vR0IZt2FAKE6w/05xcV4XSZOpztAf1wXFCF+OF3F3 +TdRzcbUj2iVFH0Vh99oBL/CXAJ3yiJQZo/8W9433GuRLDFcvtInMfzjX1N+NxIbR +TLXqjB/gOV8rcmnRtvloEEWibj7628QxaiOoN08VPSI8+9t1Fd2EkJzF9jmffrwG +v3e9kb4X/08YG6hFRwjhQGgF/kcs2LMD5BiYAxPqc3KP3VrwmhVqQ6w= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec new file mode 100644 index 000000000..7e65e9ee3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec @@ -0,0 +1,6 @@ +issuer:ca +subject:ca +validity:20100101-20500101 +extension:keyUsage:keyCertSign,cRLSign +extension:basicConstraints:cA, +signature:sha1WithRSAEncryption diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem new file mode 100644 index 000000000..19d8f096a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsTCCAZugAwIBAgIUJWQl8gkrLL7gPn47YYMdN7qBP5wwCwYJKoZIhvcNAQEF +MBMxETAPBgNVBAMMCGludC1wb3N0MCIYDzIwMTYwMTAyMDAwMDAwWhgPMjAxNzAy +MDEwMDAwMDBaMBIxEDAOBgNVBAMMB2VlLXBvc3QwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH +Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr +IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ +sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA +dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE +LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEF +A4IBAQAuEj6tFW9t1D7+X7uAP6yb/rO0dKB9ZIkisPyxzKgOtl1yTyfeNOnylwLY +W/et09JkBOqcp/lP8J30F4dciAdmff02FCd6uMnxPnihWRpnPZH6Fo5ZpbkUuRUk +ufPmYx2qP4kZnsz/oHJKOpDPZCvLOYggkQEM4EOcds3DxAXYwoxjqEJ3H/n3/Bt0 +y78WvwJ3GV2N2uxL40r99tMM9dovujXwgPCxl27MCoAUIB0jDq3CboLLk9T55iVO +HknFyCDjOcwOF4tSXyVWqp67pnHcwPKfF1IkDkGK5bBbT5+RS/md3PTh+7zsz7sN +b22AlQXylN9RhPHywIK4RY4OX0Kx +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec new file mode 100644 index 000000000..76834f844 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-post +subject:ee-post +validity:20160102-20170201 +signature:sha1WithRSAEncryption diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem new file mode 100644 index 000000000..2d1ff2d2e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsDCCAZqgAwIBAgIUIVsTCuql4BDO2r4O5zePBEoHg3QwCwYJKoZIhvcNAQEF +MBIxEDAOBgNVBAMMB2ludC1wcmUwIhgPMjAxNjAxMDEwMDAwMDBaGA8yMDE3MDIw +MTAwMDAwMFowEjEQMA4GA1UEAwwHZWUtcG9zdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQUD +ggEBADyJnTjky3W6jcfsSv9AS+aVYpJHzLexTI1wzv+ntg6zUFbpDb/RFerp61Wb +zef+72XEJJtRQO28udN59OOnytX71ulvmmgSOeFNb/znLzGyIGf9ag8qIbt8m7/r +jR3010kh9zruD1RE0QbTTPXeeFlh0yUT69ZvxRMWJxaASY/vibCjmR22hpiHjM+1 +bpXgUEtj4u8WFRVpHwGsca1uXjQQDgPaLv/7byiC1DtBHP1P5wdYtNXY+dL/W4mn +y3Lqe96ddO9dIDetEdzzk7PLzqIkDJM1DiGrYxGgM70GjF1BiMGkskGMwfMfe6Pt +UmMzpYci8vcbHF8lj+Ja8Aw3SHo= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec new file mode 100644 index 000000000..1e8bb35b3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-pre +subject:ee-post +validity:20160101-20170201 +signature:sha1WithRSAEncryption diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem new file mode 100644 index 000000000..a992d8272 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAZmgAwIBAgIUOU+CyYnf3GRRgGHvbeJB8HTUvJ4wCwYJKoZIhvcNAQEF +MBIxEDAOBgNVBAMMB2ludC1wcmUwIhgPMjAxNTAxMDEwMDAwMDBaGA8yMDE3MDIw +MTAwMDAwMFowETEPMA0GA1UEAwwGZWUtcHJlMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBBQOC +AQEAn0lp9zXbe2pAVI8aR/+xFD8AOTB0bzlD6xNIQahBPd/JE93ni1oi3N6PUKRp +vtDECKigcX4OLOZid8rt82CS6I6/OiKYqfZrMmr3BMjpNFNOFZqhEGtm4y6j+hjo +HV8FEXmse06hZkwIkqacF16+P9boBCP2mF5zrUuIML48GnwPCtb7KIEmZTl8dsXn +oUMrAQXPZYTcCb6U8GVU3WQRMRLsZ+WenATuOZPZeDQRrYUkoaJ+KfGG/ZNnmw6u +ribqtEPBu3CqXj5BZiF3rcr+QjSlluuGDWrR0TpGTJmBiTXilUYSWv/lKOJR7rJA +89uNoWp/kCkbxWLlguPWAEx+kg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec new file mode 100644 index 000000000..0f4a6ec25 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-pre +subject:ee-pre +validity:20150101-20170201 +signature:sha1WithRSAEncryption diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem new file mode 100644 index 000000000..c1a9ab2fa --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyzCCAbWgAwIBAgIUU3gwFYS/POd5EH541PQ4aTV8eN8wCwYJKoZIhvcNAQEF +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwMTAxMDAwMDAwWhgPMjAyNjAxMDEwMDAw +MDBaMBMxETAPBgNVBAMMCGludC1wb3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf +vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb +uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S +O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR +3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv +5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYw +DAYDVR0TBAUwAwEB/zALBgkqhkiG9w0BAQUDggEBAFwbiQ3x7M+JecpGomrBJ6uu +ajH2cU5B6q3+842jNRTJ8kjE5sXvaaF5Zasdlp/pOq5Xu3tgniDuLbr280MxDx/i +eyDBfZefJRskgBl/a4F7w0i0LlwYGJkyr++XWckEutO06ou6ATzsA6WAhh+O3fSB +tLaf0V9Pof3pglNETpSlIFzQytoIc5aICMjt9Ur72S/IpM7sHkJoPpKwscOovTCp +4k6jDTOHAHr8ck0X89KPHT/nRmm6bAQHsGMjSnrpEgXQ+ZuwVLEEdQPZ2L5028Uq +RJn0mFu6Z53EYYrZURWdiq/p5N67TknC28REilfoG3PPqFD/CLbEMq5lrA5IGxM= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec new file mode 100644 index 000000000..50156c9f6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec @@ -0,0 +1,6 @@ +issuer:ca +subject:int-post +validity:20160101-20260101 +extension:keyUsage:keyCertSign,cRLSign +extension:basicConstraints:cA, +signature:sha1WithRSAEncryption diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem new file mode 100644 index 000000000..41170f837 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyjCCAbSgAwIBAgIUGZVI6HsbDll1DnYoYIZ0eqi4ZPwwCwYJKoZIhvcNAQEF +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjAyMDAxMDEwMDAw +MDBaMBIxEDAOBgNVBAMMB2ludC1wcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9 +sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5 +TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7 +xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd +tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l +8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAM +BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBBQOCAQEAjpiGO9woF0OKiGVLk/SjpU3M +NFbLNsFYGL6PQfpZHHCxc78qtZZ6uVM8fh9tRzlFbRx0eGWVFqcjxTrsAVopM+wJ +1lRa8O4VXrtzhBoknPIBpdLvLYTdipLOL8qxCad6DdlX31JwQYgdmSUQ3YyqoCaC +C3b3cVEF4h2A7hbBIxOTl1Xvs/aVbllYdnoO0HEs4FBrQVfQsjTPzJeF42GNW/OV +KvX9XQ/Oq8r9sxyyGRKILj9yTqKtwXNU50QxW9MxN1vMY9w1skmMAMqrwn3FgjIU +cxv3oqfeTwAa9V2S0B+4k3lX6Ku5ON1YRX+w5oD9RruHMu+qzJZMhrdQjhf34w== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec new file mode 100644 index 000000000..9f0a59ee9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec @@ -0,0 +1,6 @@ +issuer:ca +subject:int-pre +validity:20100101-20200101 +extension:keyUsage:keyCertSign,cRLSign +extension:basicConstraints:cA, +signature:sha1WithRSAEncryption diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/moz.build b/security/manager/ssl/tests/unit/test_cert_sha1/moz.build new file mode 100644 index 000000000..d94bb0498 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_sha1/moz.build @@ -0,0 +1,18 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca.pem', +# 'int-pre.pem', +# 'ee-pre_int-pre.pem', +# 'ee-post_int-pre.pem', +# 'int-post.pem', +# 'ee-post_int-post.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_cert_signatures.js b/security/manager/ssl/tests/unit/test_cert_signatures.js new file mode 100644 index 000000000..8be89c8a2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures.js @@ -0,0 +1,121 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +// Tests that certificates cannot be tampered with without being detected. +// Tests a combination of cases: RSA signatures, ECDSA signatures, certificate +// chains where the intermediate has been tampered with, chains where the +// end-entity has been tampered, tampering of the signature, and tampering in +// the rest of the certificate. + +do_get_profile(); // must be called before getting nsIX509CertDB +var certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +// Reads a PEM-encoded certificate, modifies the nth byte (0-indexed), and +// returns the base64-encoded bytes of the certificate. Negative indices may be +// specified to modify a byte from the end of the certificate. +function readAndTamperWithNthByte(certificatePath, n) { + let pem = readFile(do_get_file(certificatePath, false)); + let der = atob(pemToBase64(pem)); + if (n < 0) { + // remember, n is negative at this point + n = der.length + n; + } + let replacement = '\x22'; + if (der.charCodeAt(n) == replacement) { + replacement = '\x23'; + } + der = der.substring(0, n) + replacement + der.substring(n + 1); + return btoa(der); +} + +// The signature on certificates appears last. This should modify the contents +// of the signature such that it no longer validates correctly while still +// resulting in a structurally valid certificate. +const BYTE_IN_SIGNATURE = -8; +function addSignatureTamperedCertificate(certificatePath) { + let base64 = readAndTamperWithNthByte(certificatePath, BYTE_IN_SIGNATURE); + certdb.addCertFromBase64(base64, ",,", null); +} + +function ensureSignatureVerificationFailure(certificatePath) { + let cert = constructCertFromFile(certificatePath); + checkCertErrorGeneric(certdb, cert, SEC_ERROR_BAD_SIGNATURE, + certificateUsageSSLServer); +} + +function tamperWithSignatureAndEnsureVerificationFailure(certificatePath) { + let base64 = readAndTamperWithNthByte(certificatePath, BYTE_IN_SIGNATURE); + let cert = certdb.constructX509FromBase64(base64); + checkCertErrorGeneric(certdb, cert, SEC_ERROR_BAD_SIGNATURE, + certificateUsageSSLServer); +} + +// The beginning of a certificate looks like this (in hex, using DER): +// 30 XX XX XX [the XX encode length - there are probably 3 bytes here] +// 30 XX XX XX [length again] +// A0 03 +// 02 01 +// 02 +// 02 XX [length again - 1 byte as long as we're using pycert] +// XX XX ... [serial number - 20 bytes as long as we're using pycert] +// Since we want to modify the serial number, we need to change something from +// byte 15 to byte 34 (0-indexed). If it turns out that the two length sections +// we assumed were 3 bytes are shorter (they can't be longer), modifying +// something from byte 15 to byte 30 will still get us what we want. Since the +// serial number is a DER INTEGER and because it must be positive, it's best to +// skip the first two bytes of the serial number so as to not run into any +// issues there. Thus byte 17 is a good byte to modify. +const BYTE_IN_SERIAL_NUMBER = 17; +function addSerialNumberTamperedCertificate(certificatePath) { + let base64 = readAndTamperWithNthByte(certificatePath, + BYTE_IN_SERIAL_NUMBER); + certdb.addCertFromBase64(base64, ",,", null); +} + +function tamperWithSerialNumberAndEnsureVerificationFailure(certificatePath) { + let base64 = readAndTamperWithNthByte(certificatePath, + BYTE_IN_SERIAL_NUMBER); + let cert = certdb.constructX509FromBase64(base64); + checkCertErrorGeneric(certdb, cert, SEC_ERROR_BAD_SIGNATURE, + certificateUsageSSLServer); +} + +function run_test() { + addCertFromFile(certdb, "test_cert_signatures/ca-rsa.pem", "CTu,,"); + addCertFromFile(certdb, "test_cert_signatures/ca-secp384r1.pem", "CTu,,"); + + // Tamper with the signatures on intermediate certificates and ensure that + // end-entity certificates issued by those intermediates do not validate + // successfully. + addSignatureTamperedCertificate("test_cert_signatures/int-rsa.pem"); + addSignatureTamperedCertificate("test_cert_signatures/int-secp384r1.pem"); + ensureSignatureVerificationFailure("test_cert_signatures/ee-rsa.pem"); + ensureSignatureVerificationFailure("test_cert_signatures/ee-secp384r1.pem"); + + // Tamper with the signatures on end-entity certificates and ensure that they + // do not validate successfully. + tamperWithSignatureAndEnsureVerificationFailure( + "test_cert_signatures/ee-rsa-direct.pem"); + tamperWithSignatureAndEnsureVerificationFailure( + "test_cert_signatures/ee-secp384r1-direct.pem"); + + // Tamper with the serial numbers of intermediate certificates and ensure + // that end-entity certificates issued by those intermediates do not validate + // successfully. + addSerialNumberTamperedCertificate("test_cert_signatures/int-rsa.pem"); + addSerialNumberTamperedCertificate("test_cert_signatures/int-secp384r1.pem"); + ensureSignatureVerificationFailure("test_cert_signatures/ee-rsa.pem"); + ensureSignatureVerificationFailure("test_cert_signatures/ee-secp384r1.pem"); + + // Tamper with the serial numbers of end-entity certificates and ensure that + // they do not validate successfully. + tamperWithSerialNumberAndEnsureVerificationFailure( + "test_cert_signatures/ee-rsa-direct.pem"); + tamperWithSerialNumberAndEnsureVerificationFailure( + "test_cert_signatures/ee-secp384r1-direct.pem"); +} diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem new file mode 100644 index 000000000..d69aa25b6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbegAwIBAgIUO2lYN9PBRm2JcO9v6CRF34O3zf4wCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmNhLXJzYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjARMQ8wDQYDVQQDDAZjYS1yc2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg +2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ +5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ +PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj +DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W +iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMB +Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEALKYfcXwaFc61IDWngVq6 +3PdKTQHw31/w7GyBo19DE5MDVxyrXZq+fRAhGre8ge1gKrOlMcmLIoEVcK+y1MwY +f4yIpStfOg+6Tf1C2e8UUTzhsolQxKFU0rtEJXPlRgMA2pcO6RjFhK2/D79icYra +0U0OQrMnGGw46QPZkynKw4RwTZpCaJTkN8+LzXyik6Pj0mjpb7Xeo5FCmI6eEIkF +n8Ni6pepA+kHCRqPQIkbl5tzrfVTUEKAVxnv2TeCrTCdDK6dRGVycrOfNlma34in +Poo/6uDgjGyMp2c2zOpg6igYED/8SDMFzyHVQ52Db8xaPxOyNykyGTWEE3IW8cpB +NA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec new file mode 100644 index 000000000..5890d2db6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca-rsa +subject:ca-rsa +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem new file mode 100644 index 000000000..efa00a41b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBjjCCARSgAwIBAgIUUVp8W0nO+hAF/W78cEBWzlRXvGAwCgYIKoZIzj0EAwIw +FzEVMBMGA1UEAwwMY2Etc2VjcDM4NHIxMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBcxFTATBgNVBAMMDGNhLXNlY3AzODRyMTB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMt +qM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC +8Fr3Gh/dzIN0qm6pzqMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYI +KoZIzj0EAwIDaAAwZQIxAO0GJz6haDpUtNgaQ3SESJY85j6+gRcD7Nc9cvCiVAZZ +1OxFRuhW515lVbeTqfcA8wIwFdIanp6v61Q6pot5X6fHyn7G+ZIsEbHDPOZPaq0U +QR5t1/Y5Fe4hDulAXXt+jvE0 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec new file mode 100644 index 000000000..0701c23c1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec @@ -0,0 +1,7 @@ +issuer:ca-secp384r1 +subject:ca-secp384r1 +issuerKey:secp384r1 +subjectKey:secp384r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem new file mode 100644 index 000000000..17c1eddac --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtTCCAZ+gAwIBAgIULa69PvpLSrw920lPhbLY+O4VRUEwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmNhLXJzYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAYMRYwFAYDVQQDDA1lZS1yc2EtZGlyZWN0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds +JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4 +ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25 +iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3 +4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42 +yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3 +DQEBCwOCAQEAF1HRj4EAiAQcWXyOijM6CkccZiCnnWGDJaEv2okPC5vYrDnhcrqi +xmaYAtpyU60GzYslxy52f3n7kzykXB7Uv0fUFX3ZUedCNwEh8WTfks8mEDUeibt/ +eSK6uLuhe9njiWQv1b71QySUjcWDTfJ8JhpS1Dr8BdpEuWc7CUSwoQqS72iF4wou +vjP7AD8WkmyoAlPSCAnL5P5n6iPdeFpupnQQ7apbH+6uhq0p9r6tuTWGdCJN8CHk +hfQGuhERyTbmC0wOcE9NmVGM9MB0fn/W92GSr8ZWnQoudrH3H+HR3ULjV9TpB2W2 +RpfmOWnsPDTUM3q4qqYZcz1O+1CGgSe2qg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec new file mode 100644 index 000000000..4e25ddcf9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca-rsa +subject:ee-rsa-direct diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem new file mode 100644 index 000000000..85a3256bf --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAZmgAwIBAgIUS+9dGZZa6H0mcsDNp90hmo3/2IIwCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB2ludC1yc2EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowETEPMA0GA1UEAwwGZWUtcnNhMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC +AQEAdFA74biUzEKaexSV4U6UKgXlDez+YUjqZyPg+XJ88Zdt3ldBD2YFZLBYYX+B +Mls6i5s+UsmH7X0OFD9JJf9ti1n/lNEriyj9tF35w020OtLrYRhTdiafGgwKZXj1 +FWgQpA8+lDXoVrSYOozfIZCR5RwTraJ676jy5l8+f+fY06gGfNOA+Raj3WI0veh/ +HZhXtF9K+qFzyYSX1c6YFFEUo3horxyyuEgPDF9gsmxHzErbPkbbTkgihdZKwXYg +FUCIjKFNOtLTm+yESBi5YN69hO33mr5RbYsqu2Wwh+m0405dp7U0+zxOhoYVEpYb +MIZgbeJrQjO6n/+sHPZXkYOhpQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec new file mode 100644 index 000000000..b974a0a0a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-rsa +subject:ee-rsa diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem new file mode 100644 index 000000000..373e3227f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBdTCB/KADAgECAhQ/DpvvKy1cb0ww9HrO6/Ao0FwezjAKBggqhkjOPQQDAjAX +MRUwEwYDVQQDDAxjYS1zZWNwMzg0cjEwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4 +MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUtc2VjcDM4NHIxLWRpcmVjdDB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22CO +JS3ktxMtqM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXED +viiIz/AC8Fr3Gh/dzIN0qm6pzjAKBggqhkjOPQQDAgNoADBlAjEA7QYnPqFoOlS0 +2BpDdIRIljzmPr6BFwPs1z1y8KJUBlnU7EVG6FbnXmVVt5Op9wDzAjAboNLdytrv +bPTA8IfMt71/9F/w9GqjK0616TVZY9I/DiERYT6X6PE2il/eMGaQEgg= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec new file mode 100644 index 000000000..386ab95f7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca-secp384r1 +subject:ee-secp384r1-direct +issuerKey:secp384r1 +subjectKey:secp384r1 +signature:ecdsaWithSHA256 diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem new file mode 100644 index 000000000..b11cfd53c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBbjCB9qADAgECAhQ7FJ+9gQKCxkNdRiyOldB2DMRpnjAKBggqhkjOPQQDAjAY +MRYwFAYDVQQDDA1pbnQtc2VjcDM4NHIxMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBcxFTATBgNVBAMMDGVlLXNlY3AzODRyMTB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMt +qM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC +8Fr3Gh/dzIN0qm6pzjAKBggqhkjOPQQDAgNnADBkAjEA7QYnPqFoOlS02BpDdIRI +ljzmPr6BFwPs1z1y8KJUBlnU7EVG6FbnXmVVt5Op9wDzAi9/y9J21YfiwsBalvKh ++ruL6jHmzpxdR7p5IORvNQEHWl6/H8cHmi3Wn8GieN5RgA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec new file mode 100644 index 000000000..b8f7993be --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec @@ -0,0 +1,5 @@ +issuer:int-secp384r1 +subject:ee-secp384r1 +issuerKey:secp384r1 +subjectKey:secp384r1 +signature:ecdsaWithSHA256 diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem new file mode 100644 index 000000000..f01885f4b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzjCCAbigAwIBAgIUET5f4owvO60JtJUbi1xFtlVRRaQwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmNhLXJzYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjASMRAwDgYDVQQDDAdpbnQtcnNhMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTAD +AQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAEHH8NBKQ0v8G/ad07vk +v1LbgP5oEj2NXbFPCAgNez4M7XDgCPEtbiKCt1bBXtLrZPggCzyH9cTZjzJFMoNr +6sB7x76+E+y6+jkKPCeMhsR4WL1GY4IFX7YueNQ94Twb+RAjHPJqEyI7GoTpRKhi +0hix8QgPVOTdItp4Sm9AZiyHjlTIo5Lvphm708SFKT4iQco256zjLog7LE7NLZxo +IZdUoUClnNXj0Ua4P4hbGf4uRIldSUV82Xbz6VNcVJ0fCB11YqlNsyXa3Nj5HyTN +uBXMOItSedvOQmwwRM9QM5a/Uy5vUhZeHuY/MpXpQoj43D3s1qQWXCe7TYSYEpOl +Gwc= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec new file mode 100644 index 000000000..a86d28b44 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca-rsa +subject:int-rsa +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem new file mode 100644 index 000000000..5893cf191 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBkDCCARWgAwIBAgIUTZPJwmeUhMvv2i6MC21jYsZd1E8wCgYIKoZIzj0EAwIw +FzEVMBMGA1UEAwwMY2Etc2VjcDM4NHIxMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBgxFjAUBgNVBAMMDWludC1zZWNwMzg0cjEwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcT +LajOmOgxU05qnAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/w +AvBa9xof3cyDdKpuqc6jHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG +CCqGSM49BAMCA2kAMGYCMQDtBic+oWg6VLTYGkN0hEiWPOY+voEXA+zXPXLwolQG +WdTsRUboVudeZVW3k6n3APMCMQDsCu5UY7Sp5LHK9qsrKLL5YD8FhYR0oQCOAzgX +/AbvvDsssBIBBT5McBixnMHuYDU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec new file mode 100644 index 000000000..e002a1569 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec @@ -0,0 +1,7 @@ +issuer:ca-secp384r1 +subject:int-secp384r1 +issuerKey:secp384r1 +subjectKey:secp384r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/moz.build b/security/manager/ssl/tests/unit/test_cert_signatures/moz.build new file mode 100644 index 000000000..779339bec --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_signatures/moz.build @@ -0,0 +1,20 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca-rsa.pem', +# 'ca-secp384r1.pem', +# 'ee-rsa-direct.pem', +# 'ee-rsa.pem', +# 'ee-secp384r1-direct.pem', +# 'ee-secp384r1.pem', +# 'int-rsa.pem', +# 'int-secp384r1.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_cert_trust.js b/security/manager/ssl/tests/unit/test_cert_trust.js new file mode 100644 index 000000000..622678c7a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_trust.js @@ -0,0 +1,216 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +var certList = [ + 'ee', + 'int', + 'ca', +]; + +function load_cert(cert_name, trust_string) { + let cert_filename = cert_name + ".pem"; + addCertFromFile(certdb, "test_cert_trust/" + cert_filename, trust_string); +} + +function setup_basic_trusts(ca_cert, int_cert) { + certdb.setCertTrust(ca_cert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL | + Ci.nsIX509CertDB.TRUSTED_EMAIL | + Ci.nsIX509CertDB.TRUSTED_OBJSIGN); + + certdb.setCertTrust(int_cert, Ci.nsIX509Cert.CA_CERT, 0); +} + +function test_ca_distrust(ee_cert, cert_to_modify_trust, isRootCA) { + // On reset most usages are successful + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageSSLServer); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageSSLClient); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageSSLCA); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageEmailSigner); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageEmailRecipient); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageObjectSigner); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageVerifyCA); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE, + certificateUsageStatusResponder); + + + // Test of active distrust. No usage should pass. + setCertTrust(cert_to_modify_trust, 'p,p,p'); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageSSLServer); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageSSLClient); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageSSLCA); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageEmailSigner); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageEmailRecipient); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageObjectSigner); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageVerifyCA); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageStatusResponder); + + // Trust set to T - trusted CA to issue client certs, where client cert is + // usageSSLClient. + setCertTrust(cert_to_modify_trust, 'T,T,T'); + checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER + : PRErrorCodeSuccess, + certificateUsageSSLServer); + + // XXX(Bug 982340) + checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER + : PRErrorCodeSuccess, + certificateUsageSSLClient); + + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageSSLCA); + + checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER + : PRErrorCodeSuccess, + certificateUsageEmailSigner); + checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER + : PRErrorCodeSuccess, + certificateUsageEmailRecipient); + checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER + : PRErrorCodeSuccess, + certificateUsageObjectSigner); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageVerifyCA); + checkCertErrorGeneric(certdb, ee_cert, + isRootCA ? SEC_ERROR_UNKNOWN_ISSUER + : SEC_ERROR_INADEQUATE_CERT_TYPE, + certificateUsageStatusResponder); + + + // Now tests on the SSL trust bit + setCertTrust(cert_to_modify_trust, 'p,C,C'); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageSSLServer); + + //XXX(Bug 982340) + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageSSLClient); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageSSLCA); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageEmailSigner); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageEmailRecipient); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageObjectSigner); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageVerifyCA); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageStatusResponder); + + // Inherited trust SSL + setCertTrust(cert_to_modify_trust, ',C,C'); + checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER + : PRErrorCodeSuccess, + certificateUsageSSLServer); + // XXX(Bug 982340) + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageSSLClient); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageSSLCA); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageEmailSigner); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageEmailRecipient); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageObjectSigner); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageVerifyCA); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE, + certificateUsageStatusResponder); + + // Now tests on the EMAIL trust bit + setCertTrust(cert_to_modify_trust, 'C,p,C'); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageSSLServer); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageSSLClient); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageSSLCA); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageEmailSigner); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, + certificateUsageEmailRecipient); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageObjectSigner); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageVerifyCA); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE, + certificateUsageStatusResponder); + + + //inherited EMAIL Trust + setCertTrust(cert_to_modify_trust, 'C,,C'); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageSSLServer); + checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER + : PRErrorCodeSuccess, + certificateUsageSSLClient); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageSSLCA); + checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER + : PRErrorCodeSuccess, + certificateUsageEmailSigner); + checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER + : PRErrorCodeSuccess, + certificateUsageEmailRecipient); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageObjectSigner); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, + certificateUsageVerifyCA); + checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE, + certificateUsageStatusResponder); +} + + +function run_test() { + for (let i = 0 ; i < certList.length; i++) { + load_cert(certList[i], ',,'); + } + + let ca_cert = certdb.findCertByNickname('ca'); + notEqual(ca_cert, null, "CA cert should be in the cert DB"); + let int_cert = certdb.findCertByNickname('int'); + notEqual(int_cert, null, "Intermediate cert should be in the cert DB"); + let ee_cert = certdb.findCertByNickname('ee'); + notEqual(ee_cert, null, "EE cert should be in the cert DB"); + + setup_basic_trusts(ca_cert, int_cert); + test_ca_distrust(ee_cert, ca_cert, true); + + setup_basic_trusts(ca_cert, int_cert); + test_ca_distrust(ee_cert, int_cert, false); + + // Reset trust to default ("inherit trust") + setCertTrust(ca_cert, ",,"); + setCertTrust(int_cert, ",,"); + + // It turns out that if an end-entity certificate is manually trusted, it can + // be the root of its own verified chain. This will be removed in bug 1294580. + setCertTrust(ee_cert, "C,,"); + checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, + certificateUsageSSLServer); +} diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ca.pem b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem new file mode 100644 index 000000000..1a18e2bf0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud +DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL +/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q +vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz +GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G +dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH +H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec new file mode 100644 index 000000000..d809dbd63 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ee.pem b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem new file mode 100644 index 000000000..91c1ffcab --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3jCCAcigAwIBAgIUYfpH7OFfqiJDcQnM/gVlKieeyOAwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab +bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts +Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI +H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8 +rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX +Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM1MDMwMQYDVR0lBCowKAYIKwYBBQUH +AwEGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwMwCwYJKoZIhvcNAQELA4IB +AQCqaSdnhHXFqLkMT5eU8FiyfpJeMDmyl0UFSB0yXrjh4dsiCayLECagJyVtxFJ/ +K8XBZz3USUOIaK3j8VADK7o6s7dKSy68EacYEF4MtGUpL3Bn7353RSB3hFRfpMuD +rohMZ8ZBDpvRPddOchpd9OW798duxJWYmotY4wrbK5E+xXhJaaJk4utbx8hqo+xz +gKusj3w33uYbGQgCNPZ9zbFeyP+1K0vDV5NKC8JdL+KqbECdc9OcpA3jg17owubM +yovO/bYKzy6bWMpEdzr64JK2n2fDoEQgfwi6O5iC0A7JjOfAkyWYgbrgve5qWamd +6v71Lnux30zRSwsliFhUl6Md +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec new file mode 100644 index 000000000..9666c1806 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:ee +extension:extKeyUsage:serverAuth,clientAuth,emailProtection,codeSigning diff --git a/security/manager/ssl/tests/unit/test_cert_trust/int.pem b/security/manager/ssl/tests/unit/test_cert_trust/int.pem new file mode 100644 index 000000000..fd60e5fe2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_trust/int.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAbCgAwIBAgIUazy/vTocAuxP85PTc+O1JXs8WWEwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA4xDDAKBgNVBAMMA2ludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab +bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts +Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI +H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8 +rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX +Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV +HQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA6lr0lbqcaGYjYAAcA5BngiUobuYFn +4jdYK9eR6hiT5PmYRQZ9/y+2aYNF/ygiBBqBdEq/Nhrm35WeUHvDBaT8OZLBjf+g +krEAmu2ivrHZWrx16HBVDd9JdTUCx8j1HUo5fadFnsQh7nuh/VIoemox+/e8mKfh ++fW3noAoH/MRfP9VYoS0KzkW8ILiWOR1joNOHDZzanMiM/YCHO1nckq2ntI2T+kO +MNMkB+j1w5Fu6P8pgyToleHs3WmlWAeDjXygZkEhg+9uuBXb8/IyuS3cYt9ovhSh +++A25JRmqaQn2Ywd+CMsGe4MTYOsRnZPK0Co6TBteRWRdwSpqzb+UOqY +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec new file mode 100644 index 000000000..a7f6d8141 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_cert_trust/moz.build b/security/manager/ssl/tests/unit/test_cert_trust/moz.build new file mode 100644 index 000000000..a075d0cb3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_trust/moz.build @@ -0,0 +1,15 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca.pem', +# 'ee.pem', +# 'int.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_cert_version.js b/security/manager/ssl/tests/unit/test_cert_version.js new file mode 100644 index 000000000..063bcb1cc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version.js @@ -0,0 +1,190 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +// Tests the interaction between the basic constraints extension and the +// certificate version field. In general, the testcases consist of verifying +// certificate chains of the form: +// +// end-entity (issued by) intermediate (issued by) trusted X509v3 root +// +// where the intermediate is one of X509 v1, v2, v3, or v4, and either does or +// does not have the basic constraints extension. If it has the extension, it +// either does or does not specify that it is a CA. +// +// To test cases where the trust anchor has a different version and/or does or +// does not have the basic constraint extension, there are testcases where the +// intermediate is trusted as an anchor and the verification is repeated. +// (Loading a certificate with trust "CTu,," means that it is a trust anchor +// for SSL. Loading a certificate with trust ",," means that it inherits its +// trust.) +// +// There are also testcases for end-entities issued by a trusted X509v3 root +// where the end-entities similarly cover the range of versions and basic +// constraint extensions. +// +// Finally, there are testcases for self-signed certificates that, again, cover +// the range of versions and basic constraint extensions. + +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function certFromFile(certName) { + return constructCertFromFile("test_cert_version/" + certName + ".pem"); +} + +function loadCertWithTrust(certName, trustString) { + addCertFromFile(certdb, "test_cert_version/" + certName + ".pem", trustString); +} + +function checkEndEntity(cert, expectedResult) { + checkCertErrorGeneric(certdb, cert, expectedResult, certificateUsageSSLServer); +} + +function checkIntermediate(cert, expectedResult) { + checkCertErrorGeneric(certdb, cert, expectedResult, certificateUsageSSLCA); +} + +// Test that the code that decodes certificates to display them in the +// certificate manager correctly handles the version field. +function checkCertVersion(cert, expectedVersionString) { + let asn1 = cert.ASN1Structure.QueryInterface(Ci.nsIASN1Sequence); + let tbsCertificate = asn1.ASN1Objects.queryElementAt(0, Ci.nsIASN1Sequence); + let version = tbsCertificate.ASN1Objects.queryElementAt(0, Ci.nsIASN1Object); + equal(version.displayValue, expectedVersionString, + "Actual and expected version strings should match"); +} + +function run_test() { + loadCertWithTrust("ca", "CTu,,"); + + // Section for CAs lacking the basicConstraints extension entirely: + loadCertWithTrust("int-v1-noBC_ca", ",,"); + checkIntermediate(certFromFile("int-v1-noBC_ca"), MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA); + checkEndEntity(certFromFile("ee_int-v1-noBC"), MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA); + // A v1 certificate with no basicConstraints extension may issue certificates + // if it is a trust anchor. + loadCertWithTrust("int-v1-noBC_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v1-noBC_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee_int-v1-noBC"), PRErrorCodeSuccess); + + loadCertWithTrust("int-v2-noBC_ca", ",,"); + checkIntermediate(certFromFile("int-v2-noBC_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v2-noBC"), SEC_ERROR_CA_CERT_INVALID); + loadCertWithTrust("int-v2-noBC_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v2-noBC_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v2-noBC"), SEC_ERROR_CA_CERT_INVALID); + + loadCertWithTrust("int-v3-noBC_ca", ",,"); + checkIntermediate(certFromFile("int-v3-noBC_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v3-noBC"), SEC_ERROR_CA_CERT_INVALID); + loadCertWithTrust("int-v3-noBC_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v3-noBC_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v3-noBC"), SEC_ERROR_CA_CERT_INVALID); + + loadCertWithTrust("int-v4-noBC_ca", ",,"); + checkIntermediate(certFromFile("int-v4-noBC_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v4-noBC"), SEC_ERROR_CA_CERT_INVALID); + loadCertWithTrust("int-v4-noBC_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v4-noBC_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v4-noBC"), SEC_ERROR_CA_CERT_INVALID); + + // Section for CAs with basicConstraints not specifying cA: + loadCertWithTrust("int-v1-BC-not-cA_ca", ",,"); + checkIntermediate(certFromFile("int-v1-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v1-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID); + loadCertWithTrust("int-v1-BC-not-cA_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v1-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v1-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID); + + loadCertWithTrust("int-v2-BC-not-cA_ca", ",,"); + checkIntermediate(certFromFile("int-v2-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v2-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID); + loadCertWithTrust("int-v2-BC-not-cA_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v2-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v2-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID); + + loadCertWithTrust("int-v3-BC-not-cA_ca", ",,"); + checkIntermediate(certFromFile("int-v3-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v3-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID); + loadCertWithTrust("int-v3-BC-not-cA_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v3-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v3-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID); + + loadCertWithTrust("int-v4-BC-not-cA_ca", ",,"); + checkIntermediate(certFromFile("int-v4-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v4-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID); + loadCertWithTrust("int-v4-BC-not-cA_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v4-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID); + checkEndEntity(certFromFile("ee_int-v4-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID); + + // Section for CAs with basicConstraints specifying cA: + loadCertWithTrust("int-v1-BC-cA_ca", ",,"); + checkIntermediate(certFromFile("int-v1-BC-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee_int-v1-BC-cA"), PRErrorCodeSuccess); + loadCertWithTrust("int-v1-BC-cA_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v1-BC-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee_int-v1-BC-cA"), PRErrorCodeSuccess); + + loadCertWithTrust("int-v2-BC-cA_ca", ",,"); + checkIntermediate(certFromFile("int-v2-BC-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee_int-v2-BC-cA"), PRErrorCodeSuccess); + loadCertWithTrust("int-v2-BC-cA_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v2-BC-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee_int-v2-BC-cA"), PRErrorCodeSuccess); + + loadCertWithTrust("int-v3-BC-cA_ca", ",,"); + checkIntermediate(certFromFile("int-v3-BC-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee_int-v3-BC-cA"), PRErrorCodeSuccess); + loadCertWithTrust("int-v3-BC-cA_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v3-BC-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee_int-v3-BC-cA"), PRErrorCodeSuccess); + + loadCertWithTrust("int-v4-BC-cA_ca", ",,"); + checkIntermediate(certFromFile("int-v4-BC-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee_int-v4-BC-cA"), PRErrorCodeSuccess); + loadCertWithTrust("int-v4-BC-cA_ca", "CTu,,"); + checkIntermediate(certFromFile("int-v4-BC-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee_int-v4-BC-cA"), PRErrorCodeSuccess); + + // Section for end-entity certificates with various basicConstraints: + checkEndEntity(certFromFile("ee-v1-noBC_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-v2-noBC_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-v3-noBC_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-v4-noBC_ca"), PRErrorCodeSuccess); + + checkEndEntity(certFromFile("ee-v1-BC-not-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-v2-BC-not-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-v3-BC-not-cA_ca"), PRErrorCodeSuccess); + checkEndEntity(certFromFile("ee-v4-BC-not-cA_ca"), PRErrorCodeSuccess); + + checkEndEntity(certFromFile("ee-v1-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY); + checkEndEntity(certFromFile("ee-v2-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY); + checkEndEntity(certFromFile("ee-v3-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY); + checkEndEntity(certFromFile("ee-v4-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY); + + // Section for self-signed certificates: + checkEndEntity(certFromFile("ss-v1-noBC"), SEC_ERROR_UNKNOWN_ISSUER); + checkEndEntity(certFromFile("ss-v2-noBC"), SEC_ERROR_UNKNOWN_ISSUER); + checkEndEntity(certFromFile("ss-v3-noBC"), SEC_ERROR_UNKNOWN_ISSUER); + checkEndEntity(certFromFile("ss-v4-noBC"), SEC_ERROR_UNKNOWN_ISSUER); + + checkEndEntity(certFromFile("ss-v1-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER); + checkEndEntity(certFromFile("ss-v2-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER); + checkEndEntity(certFromFile("ss-v3-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER); + checkEndEntity(certFromFile("ss-v4-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER); + + checkEndEntity(certFromFile("ss-v1-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER); + checkEndEntity(certFromFile("ss-v2-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER); + checkEndEntity(certFromFile("ss-v3-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER); + checkEndEntity(certFromFile("ss-v4-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER); + + checkCertVersion(certFromFile("ss-v1-noBC"), "Version 1"); + checkCertVersion(certFromFile("int-v2-BC-cA_ca"), "Version 2"); + checkCertVersion(certFromFile("ee-v3-BC-not-cA_ca"), "Version 3"); + checkCertVersion(certFromFile("int-v4-BC-not-cA_ca"), "Version 4"); +} diff --git a/security/manager/ssl/tests/unit/test_cert_version/ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ca.pem new file mode 100644 index 000000000..d5d688220 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUGamqdMD0Nm1H+VfFhPYfXjLHRokwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0T +BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAAvQClqGp0semC/2XyWMk9xUJfroOET9 +beRv7cv8KUZnG3PaE+J5F7ER7f8COvvamkdeaatPcUc3+6JSErSibRZuwSNu7y55 +8D2DW5tVYNpni/bQCeR2S1SX2wQXOLTDZgYYnAP6dfUUoWIcoqRoQdFo4/clhTCc +Cdbi7YYMRgiPX1Lr2Wlr6lzA78ri6jul1Xv+x01qDuSGYshXWLy3s4Rn8KcCNdt0 +qeCHYOKY/HdDv4xX/kHrkCm8qxfqLRG6GkbXahySaNm7gaTjFN9tn/n8z1SOz4fQ +c/lWMN8xE4W645GavbrrTCYG3sMBLF3uXULlIaQb1imtoj/T+cEA/6o= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec new file mode 100644 index 000000000..8689ef9ea --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ca +extension:keyUsage:keyCertSign,cRLSign +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem new file mode 100644 index 000000000..2b606ba68 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvDCCAaYCFAGWmOxUiv3Wiz/EpnGMkzvZ1CC4MAsGCSqGSIb3DQEBCzANMQsw +CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAW +MRQwEgYDVQQDDAtlZS12MS1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAL +BgkqhkiG9w0BAQsDggEBAJoTmk+UuRV8BjvLAikw3jMlQLRZksGVezou/oWY6xB0 +5cBhexPniE5Wloareu929H7GroKodIS7byou7brNOFid1WufroaahmS2eKaDoEEr +OQ7q6KsCKTh7fIi4JOHB43bRpumqAAC/F+PMpyH9breHoMRw70emfbPssbf0sJLt +fcw6UtxiCLKZ75gQSYvZxwTdzEVon0FMVE/eXpG7TI+5ruzwPhpWbk+NVPTQByjd +7aBXRjt7IsSM1s4k86FVOFCJW23e+NirdBhpXcIV8JhxOCaDEWlhAK6vGH/cvdHe +zRU03uzpl4OAngMfjsol790KiyBR6ZcpDeBURiVd1Ms= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec new file mode 100644 index 000000000..4570e6e3f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ee-v1-BC-cA +version:1 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem new file mode 100644 index 000000000..8fccea824 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwDCCAaoCFE1BLhsmfyyB2fW6gUjQwrgYB0uOMAsGCSqGSIb3DQEBCzANMQsw +CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAa +MRgwFgYDVQQDDA9lZS12MS1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg +2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ +5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ +PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj +DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W +iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMB +AQAwCwYJKoZIhvcNAQELA4IBAQCfLK68eVDBxO0+W/ye0RgZHwRXn5nTaIj8s1iu +CttV8uBYM1Hw5NUrmpI2bVlZA262qvbKTbhvIPOYz0wD1WkqMabQbuY32XRYKcaM +cUec2RPy5ZWnZIT4AcYDSGaz8s24223GnlPgresZBhaQ0LzzbSJwtC8S2Fpt5pa1 +V1TenVU1KcjnyiDpGQSj5BsTJG/JONq5eIbP4T1k26Hi9VM8q8bjO0oKBFAxaw6/ +YulGByT8/BoNZXW8yGZu4h2KII7Mun4S13qNgLuGFTT6OJ6/zEwRR3x19o/NhHVm +pbjyfxFfqnd6HDMAlW1uZt0FtejGPG0ZUL7FlhBy/vTt8Ju+ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec new file mode 100644 index 000000000..f4257841f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ee-v1-BC-not-cA +version:1 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem new file mode 100644 index 000000000..c65444481 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICqTCCAZMCFDG06FmDxQmJyGqH60Gs9a/BJSTTMAsGCSqGSIb3DQEBCzANMQsw +CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAV +MRMwEQYDVQQDDAplZS12MS1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc +BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC +a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg +uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK +9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP +mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEANnkU +K6FLFlD2tKjK8Ky22ATkd68zdLs1HxDbVCa57fsToBwAiZdme+mIjQW+w42Zep4Y +3E0GfjfVNyjVVaEPdLpQiZN8NKB9c/omwoMRyQEq6uhYGTg6o8FcYiQ3/WFBXGc+ +07YmEe9jmhozobUnJ5At5tkymL448qUQ7z9kNHu9L0p2fgEJa146RAyHQ+sXpz4X +us/+IyqQGaI7q0Hz89clL6tUM9c5Z7r/Jp2UAhpm58ytMpKR0RJuQ5gfDKQKMjPk +rEfjcxeA40TB5OhKVXYAy2yMJ7hiGByZed3FBSAId/Xmn+ltnaLUocXltgLyB9pG +TfO49CA2VK0a2vhtaA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec new file mode 100644 index 000000000..48fe9e541 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ee-v1-noBC +version:1 diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem new file mode 100644 index 000000000..2d16032b3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwTCCAaugAwIBAQIUfQVCkqBjryqY0hxn56/dGr7n01wwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBYxFDASBgNVBAMMC2VlLXYyLUJDLWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTAD +AQH/MAsGCSqGSIb3DQEBCwOCAQEABme7cHcrv89ZFbbeOZH3sTrjNOGyAJhRczT2 +muEbJlLCAstllOrIY/KbJHFEi9p7NoEb57ubRweVzhZn7slriY1N8s+jkR3LFlLS +1e0Xp82FEATF6C/SBhKdnTrz3NBsIG4WPI99x7BTBgCiHYucpOUhd72tpho3wdmK +/4gPqWIoUyULRJB1NXaDtil3766DBA143mnuIgS34cQerK+vTgxWoUwBKfEzDkzZ +sl9at4DsZefP7rYOmQ95B0kpM+uI6UUpJYdC9jX/c3JkoZgOZG1sDpQT4quqjoNO +Hg58ZJ69Vj2GbS8i9tKKVPQLySmiU3L4W0y4XdBMMOfWAdj2qA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec new file mode 100644 index 000000000..f714725d2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ee-v2-BC-cA +version:2 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem new file mode 100644 index 000000000..224e4f075 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAQIUf+XAs2m7oSCNvUK7DEGaRr2dTwYwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBoxGDAWBgNVBAMMD2VlLXYyLUJDLW5vdC1jQTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T +BAUwAwEBADALBgkqhkiG9w0BAQsDggEBALAH32l8H1kmrrw2syJ0p9BTp60bRKty +1l+kCu7P8ZSH7+eGqROJpvYty9Ao1OrOSyQAfcj0BUn5IsgEDgTogF1PveZlvRtA +YNd2AFQqP6/lbU8+licG46D0NjUcZRzZZb/daAo91I2qcdIj8VluDhDA4yVh1G/L +PMIvJ+I/Zscz2M/IlDlH9pdb408YPVOxoK1OdzC7eFsT25hiH+lyn1faPkauY+GF +m3IVSlUQUOrjpJOQluPKii0j3fdJWGawy7W9Rou9RqcHpEdFx1tdC3Gie/DLrsmJ +eAfuyJlkK5++IgdlQwLHsTWW/6o6mTfqS7TAsxcBt9tJnLw4fOlaA9s= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec new file mode 100644 index 000000000..db7228881 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ee-v2-BC-not-cA +version:2 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem new file mode 100644 index 000000000..b54cfd23c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrjCCAZigAwIBAQIUdQe+ZPF/+uPABp+LHcJbzs80mlUwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBUxEzARBgNVBAMMCmVlLXYyLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg +2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ +5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ +PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj +DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W +iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IB +AQBUaAqzcDmmrd4Wep1/lRJU9qzvkTNfYjE+kjIyW+KlQoh1ESoIgKgMEkIAZ8gW +VgMwwcLJqqrTyr/Do5gYLzGlSvgi7HWHhu5NbxbbDZ/jKjytVNA/PEGJ7nIh1ka4 +vlwTJBQ/5A4r+2C+IMp2/cAUFHsf2N0ng8ubtl9O9rA5W2Hfz0KMVZ46clcCKCP8 +6KsNqA52FU9s6/z6r2m11YX/QWpO9jVOYcguc4s2PiDPn2R2s/Ok7JqkpVglLehr +vSlPpeAfqoeSHCr7FfMH/csZ10Ax3XbnPQTnDEfjNxVHcIS3HkUZM5y8X/xm2om3 +BNvtFytBamlQ8Xb/erQ5pmX2 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec new file mode 100644 index 000000000..cc304ab87 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ee-v2-noBC +version:2 diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem new file mode 100644 index 000000000..0db92cab3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwTCCAaugAwIBAgIUB8OP2Jy4CAmKxxBski29TdDy3JUwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBYxFDASBgNVBAMMC2VlLXYzLUJDLWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTAD +AQH/MAsGCSqGSIb3DQEBCwOCAQEAlZW+VCvoVVjk61KPrCGT/npj/xlOkXRO+G3E +DvvoSEaeq9r5YcSWlb8cuYtLVqWP2S3S5HdgLk8ziIDI/z3y4cEn8j2wyBdYezAy +N6zpFRwEuWTmdeMQ+xTKf/nyOHGcSyIlXvj6Y2B0T8anAS/vdAa2sfkERt4nMFwd +Kmwmg+QAnh6MXwb/0EXmX2z5B0qyWlsPy3+CsR+qgWBAOCAUVwjbgMP44XyhgKeX +bTHJhuIm3yO2ItB5YwDt1DbeH2+Q7+hdnUf1jPKtVha2cnKfnngn10QK4ZApVChg +OX5fB8CjvMLp5bOa4Pgn962s2KBB2Wy7PV25AbfXKt/Hc3ovuQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec new file mode 100644 index 000000000..6f69c3574 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ee-v3-BC-cA +version:3 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem new file mode 100644 index 000000000..768871d74 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUJ20yvWlIyReCYJ+kcsG+DkJ640UwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBoxGDAWBgNVBAMMD2VlLXYzLUJDLW5vdC1jQTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T +BAUwAwEBADALBgkqhkiG9w0BAQsDggEBAIOkqY4yOoyfH40DXCLBXL0rrmflioBT +dl9oRE65btGHLQUn15BQZugBVSbyIdMAv4aeBEt1oqSAB6I4e20rKDeslwexLQtr +yV2nuAlMTYOBp64UpcG2kG6mAdhYOYICYa67NBNQpc8uvU3hAIoD6kpv+0b3ytRD +xV4X6cWUcYbqCFIJkans/FrQG/Gy+5Mg2lmdqE1KtkVzq7Tt/QXGaPxhr2rYmuPE +cNiMAknatOwA4KSaclNkuxkq9axtGCwIa5NNV+4mXrPglWhU6ke5DgO/dln+mfO2 +UB2aj4romZScF2qo9uNaBKyGRAE8yaCxanOGUiwKyl8mOBJ424Xqxkw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec new file mode 100644 index 000000000..4a9de0635 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ee-v3-BC-not-cA +version:3 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem new file mode 100644 index 000000000..2be86fcdb --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrjCCAZigAwIBAgIUWQH07Krh10EOvFLY8UBqyG5xYBYwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBUxEzARBgNVBAMMCmVlLXYzLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg +2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ +5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ +PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj +DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W +iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IB +AQCQXyyODh2FWO4TxBiuaQdFnFk+2zeqV2iWqpQGFDmgrHCZXrlJM+BVuAFzw0LQ +hOf9qd33+f2sBDc4lf0qxu5/5Xqt8zERkvK0/zdMz3EpSoLMKvXv+7Z8YH3Ajt3O +D4SV+3/Pk+/oweJ4XPMTeBhJ7qbU5/aALIzB5hqJHopmkqr8Zi4XTg/VgeZPM9zQ +47HcOIvWnos99OxRte3xBxOU7aLmXOU4CMvAvzyFI0QCR9yh6UL2f0rICkagfLaB +vMzUfgCg6dc/yJfroEebIwIJfBdjKNtzkWcIjXKZoNfRwpW7u6qxoopvuQmplg5n +XnaTJFmePQ15kF2iDzb1hZ4W +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec new file mode 100644 index 000000000..9d385900f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ee-v3-noBC +version:3 diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem new file mode 100644 index 000000000..e766ae395 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwTCCAaugAwIBAwIUUfTQFSAC8qOhLbeI7Wqaa6VG0fAwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBYxFDASBgNVBAMMC2VlLXY0LUJDLWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTAD +AQH/MAsGCSqGSIb3DQEBCwOCAQEAOPqznyrSXvk8Dcw2Y1shbinmUKgIodAD1eHe +ydM9c77RVLYCtzivERid2WMDVSVtPkniQBSpHh8rq75fUDwUXoUNnlUDi+hE5HBC +eYc8duCo3Is7FofCqxych1M+WRz/Vr+Dme45/1+7o2YLnp972Vd5WqnNRPBx6B89 +uU1pp7mS1EfNPObYImAD0mHfTLYa4nCoGWrp4tLxChQ79FnOZlZtTykyQoutPeGI +GI7BW60ABF9t9Z2LNX5hL0idV8jwcQy8XuqRxOgwkdUL5ErezWgN1J6M3zBa4cBX +aZsU3VuAkImdubbIpPeHQX2Chj4rLXmKxibgJCqKsQqNaTdRFA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec new file mode 100644 index 000000000..1f44c1dd2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ee-v4-BC-cA +version:4 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem new file mode 100644 index 000000000..627429ed7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAwIUPW7xxyFS8KpDVIUpRpqCNCmBOuUwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBoxGDAWBgNVBAMMD2VlLXY0LUJDLW5vdC1jQTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T +BAUwAwEBADALBgkqhkiG9w0BAQsDggEBALbzCIRcwRjqa1a2Y1wTPVSSSLD80lcW +il7AGT/hEJ6+uuy9sSl3M+LUU6BMG3XeEERRZg5iWoSvRp0UHGo1ViM+fsgm+C7D +uby2iVv4nMokrAEZ10azZrgDjEuKQlmdarPzdakoL6YaOXrkP9P4/6v5HeLmxd7I +Q/iry5TKPFrfkk5xrQwZw8zr8P6ygsnNGZO/MH3+yR4cuSS1piC0i9lO9RAyNk1I +sAKedwB1sirklVldeWcll9L9WLtYINsn5cWEVKxT2goF0BrkIxNSZLH64tWuIGHG +Y+QHZqGJum8tYddNuoES8nsKZZ+zAzJ4IrA0NE7MknHrD1Ph7FmnX40= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec new file mode 100644 index 000000000..e9659153e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ee-v4-BC-not-cA +version:4 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem new file mode 100644 index 000000000..1852ea6ce --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrjCCAZigAwIBAwIUVfwLTWJ99GNH7nvKMDko2v0xjCowCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBUxEzARBgNVBAMMCmVlLXY0LW5vQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg +2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ +5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ +PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj +DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W +iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IB +AQCCJPLfbxTQnHMP1Wl/XpCifu2deo9tcoEb9Hvpc5y9oJUS0qumTMq0H3dVLsnv ++UQ7/YghsGChqveMKVdaeL2UhNvw4nasPLYq2s8nor4+s00moSysgogauvUrQxB+ +SFO09zcX3bVy6/MPrnMVRXlXTCDji8EnI9hcMhQbFfbgd8V+k1oyuDD06PPak5DB +yR1J+Z673Cp2KhcwIJUNbbOS3wqUU72lanXMzGj8xkhf4GsYYF7e+eWfMDIIlZuj +mKM1fSCe1m9p9EUVZI3uzuP2NUJbdCsoe8VWGe9TUOEfokmHAykMgKVpbMKsd0Fc +GAGDU8/x0mGGrA9Jk9T7iagp +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec new file mode 100644 index 000000000..19229ba76 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ee-v4-noBC +version:4 diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem new file mode 100644 index 000000000..1347bc1ae --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsDCCAZqgAwIBAgIUE6KjPmbDFR43gm22W31CxcYLnNYwCwYJKoZIhvcNAQEL +MBcxFTATBgNVBAMMDGludC12MS1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw +MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD +ggEBAB5f3BeuLOxnnFy7ivHW6k197ycHOS/ilmtfZHxnf6ypIzqq32ooMNfF4+/4 +M3IMfXwe0NuZHiTxwohV58ZEVtfYXQ+tM9E39YQMHemludT4rKgINAEwCHZCXvvn +txaLMWN1UgQc2aPdlyWagBF6YhmTFExmIUSbe9BnbuIhP00kOls45RnFfcsJJffQ +lCniEIo+hwRWMjnajh+ecNNFlM3ToTH7+ZUGX6KtfpiBX+kFEtgevNbyghifZ/eY +HcXNA2LlXbRzKD/xspyk2BnNTaniBwqGQjwWd5IJzEHpvOrqDjEyvx8cGjUFOxsC ++BFqPQs9lD/SOmlPmk66sNw+iMU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec new file mode 100644 index 000000000..6a7dc5c43 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v1-BC-cA +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem new file mode 100644 index 000000000..c42913f1f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtDCCAZ6gAwIBAgIUcUd8DHziTDCWlJ6HrPIr/B8aaUQwCwYJKoZIhvcNAQEL +MBsxGTAXBgNVBAMMEGludC12MS1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa +GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk +e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg +KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI +YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi +lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL +HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN +AQELA4IBAQAuPQwVmkSWN1A59vPXjQNaM+sVKeEiEpRZKbCfhYR0aeutl7MAg5sM +RiHz2p3H4VALW1J2BdL7CM6X2A101UDY7LO2AEyrzYdm/+fvgd3XFWBeMx/UBZdh +09I06b0p8tZrQgIk4xIcw/fP5YeYKVnMWcietQ0EnZl9jmqwjvHKTh0x8hkkIDu3 +uY+aByZC4InIcpfgBkqZaJgI7qAGmIokMMs+RHOlGwrOKbsCuvRw/xHIArgmHNfj ++BigwjBIrxW4IT2d0/65O3vlQ9HhMaS+UjXiubny2TZ9I2kvWfLQvAqtPE7DOibe +zw2iooLP75X/UzNmLpYtr20S9Ea+S3RS +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec new file mode 100644 index 000000000..639f83d66 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v1-BC-not-cA +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem new file mode 100644 index 000000000..39cf67e24 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAZmgAwIBAgIUCeeMurpySlbHPa/G6N9eg9Af8+gwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC2ludC12MS1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC +AQEAlYbGEgRSFPynbiDuMRskGkoV+9/53fmP+y8S2YfEGjziuKZOeOIKjG+unU1e +/2Gz3pktpNr5TwqnDZEIYDvAAy8ByZ9mVUb060rac+7iQxVJCy0epakYA1aIyvXR +Fk7W3Ivjm6cvl10OqKRySQTqSq708kxg2abLmjqza6AlZlPDCprylVXy9S3op4a5 +TsIiD3R0cmg12AAH19lJVd1jhdKARBaC8d7vXC77+bb4MYngGm3iOX2ZyFkF/0Zp +OH+xKSVgGHXyfjaecY6JDgyk9zxxeYpPLUSKY8O7KW/2knGxWh5l4rk9+j3oJY2Y +MvpxLCpOSeibhcsrWXH2UTMosA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec new file mode 100644 index 000000000..d704f3086 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v1-noBC +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem new file mode 100644 index 000000000..5147e4587 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsDCCAZqgAwIBAgIUG9+HDLQWRsQlo2lXC8I4+9uWrlYwCwYJKoZIhvcNAQEL +MBcxFTATBgNVBAMMDGludC12Mi1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw +MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD +ggEBAJjwaeFl75mff+lYb8Gc15TfPZohz05jFR8g4MHuPePn92IpRYsPQfJL/Op4 +dYZJihih/G+1umck/TYExbX1KeY9QGVc6Bb2yVxwPf3t9yv0yhGsOqC055sf6Orl +1qEgWcjGOnCW4wEe5Tft+K1+1l2J9OMgtcvNs0ctR65D8tdmyFBLQDhvnodaOYDn +S6RNx9iNPT5jxQHZnBHL6oIwYgSf8xTAPS2+Z+xm4juKHy9T5vW7lujImDWQv+/V +ugCKgsip92uKKIr+/KbNDXU2x541ewwUm4OxE0x+drHhV8al3VPsnk9VoS9o1Ul1 +aOouSF+BAz3e59YdoNXWPcf9F+M= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec new file mode 100644 index 000000000..5d3a65e65 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v2-BC-cA +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem new file mode 100644 index 000000000..4f7042bcf --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtDCCAZ6gAwIBAgIULcr3aXyX5SxQEEPGtPM3p8VlT18wCwYJKoZIhvcNAQEL +MBsxGTAXBgNVBAMMEGludC12Mi1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa +GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk +e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg +KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI +YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi +lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL +HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN +AQELA4IBAQCBsDwvDLVDaEf6o3xzqy5BdF6AcfmqDZNLs1BmcH31yP7eTcXsYHyT ++qUorVz5m1lOfcBJkCQbMDRotZeie9kgQ6APZywD93mC2ELjP8+9WIERy70gPtEn +L7LvTHT92gdj5tHzhbIsn2TvoGXOYYAH9uQ/5gn/3L74GUoZwMjGWufcqkOEHJJO +kmrYgOTWy7B64kfuAXzqU2SbUlQ3lxb5ZVv86PPzqPf9JQGXODH/nAzAVq8L9Kdq +iy0PNK759Xw/1EOpp6vWAMHja2LErji4CWWDmXx/mnvIj7QBPvVAuO0w5/PqrZuz +i4n84WFh4FYDBUpW6l9Uvek7Zk6xNp1r +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec new file mode 100644 index 000000000..591a16aca --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v2-BC-not-cA +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem new file mode 100644 index 000000000..0612422f0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAZmgAwIBAgIUPQUSp52t9MpVcbwvzmrn0rnXe+0wCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC2ludC12Mi1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC +AQEASPKWPlQLYrodnYnFhtEdkne0AK3A/D8KlUrEbUl+SPbI/ORJONH362MSjsWZ +RKqTz4fYdtqF43iIqlvYaZeLrkGSLTeJ2C+IAeOhiri3b8XjwFF+iXjIYGWnlhyH +ollM3n7XOJSBOC4S6gMNfofuK7no4H78P82M5wFX6rOCCm9rxv8cvOO+SNlKkaEA +IWy+taZcj4BOhgl+38VbTs+9ACG+FsLFru62twNQx59j3MbDbHfrIVzY47plHUPU +jz9s/CCSkUA32ZvbF2rlFQQQf/8Z2oaW/xrWmp2eESLEd4F9NzY+Fvo4PY3k2kkt +IzRZVoKot3yCAtzPJp0SJ2abgQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec new file mode 100644 index 000000000..7f99393cf --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v2-noBC +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem new file mode 100644 index 000000000..ab530840e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsDCCAZqgAwIBAgIUaal9Ye64U6vI3odKwwGkoWeVLnYwCwYJKoZIhvcNAQEL +MBcxFTATBgNVBAMMDGludC12My1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw +MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD +ggEBAG69rgBi4gPJVvu0KAmdgyadfG+89pgH6VyRlP2ZAb26E/UC2vf/fbhFPt1v +kASTstsxrkmJeTc8aQXjpFqH2uDWoKDNmUmatzka7vFAjwEhKDLeBwihQhepJJCu +e6Vm0ZnVNsfdXUc4xOdk9w2R91/cF/qxk8OTuB6oSLzpQ3rfvLAXa41GBDHQTQJJ +R1Y6uYkJRJgyS6aIpZ2x5VCfhTlhKKYalKphZeBj7Ll29/vp04X/42102YpBdN+s +h/8vqhdQNKFh5A3SvnWeNZTNRt8NizGqqGuv4yHmFPO7Gy+vDg7kj/hI1t+CBQy/ +kb3WFKNABDT7L1NY6kMUGiM5iZg= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec new file mode 100644 index 000000000..13af934f2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v3-BC-cA +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem new file mode 100644 index 000000000..4982b6454 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtDCCAZ6gAwIBAgIUDZZXSGXaQ/utX4RW88viJd7twPIwCwYJKoZIhvcNAQEL +MBsxGTAXBgNVBAMMEGludC12My1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa +GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk +e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg +KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI +YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi +lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL +HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN +AQELA4IBAQAgLJgacqqpseEVlZtg8EM79BOC74xpPk2ggXxlh8+eNc0x9E8yqUR9 ++eGPbVpTfDhNO8f1EXHyclW7RSmfYPqZlOFUl0VrqBLF4nHmc3DlXy4xKpNxWrHR +/dY6WMvfryLba5dNp/aLbVShgGR4o79YnKVioUk8m+Hf26s94Ekn4PQPE/LXAic7 +gvrGYG2V9AXxokuGqBPY08DqMUwYNjPcgctOsoyqZb0VsgxytKv4KGo1q8aEr7at +9R8vc0bgp6isLU9pDH0LXvSljS1SCZsurDWsWfR+0j2OSFWCBgxvb5oqPc9Jutrb +4SGvtpYijCq+6ygiRn9dN1JV0RHuGoRl +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec new file mode 100644 index 000000000..8539715a0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v3-BC-not-cA +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem new file mode 100644 index 000000000..65f4c3697 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAZmgAwIBAgIUOT2vbH70RwEQY4WI7uJiyJBo3yMwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC2ludC12My1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC +AQEAV1ofl/U7R48I9NqjR3h0ie37k2xQc28cqk2DF+320aO24r2t5JWgSBytewoq +iCg54QZD7oqdq0JdkHxzNCId1WNFyVFe2+nTiomSJESa/e1Ukbc+vQe0xTqt9dJC +0ygRdpa3OwNO/8DeYyVZe/XX44p4bLLbsunAr7HFcnWsKFGAOpd1yhEmB7QXW+w6 +xgL+TWmcFHq5FLezt93dFulUQcs394OoUdZ8qKTF0Ge9jZ7CZO3pvudTZ8skMYSY +j3olnDyQ94tv/y1H8Kxn5chMGbFS4lf4QsRDIBJ6OpPKpEP/St+tY/7yQAHjtjmF +6buVZsBqPRs39xMJMs2PePp7Cg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec new file mode 100644 index 000000000..a65e41cea --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v3-noBC +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem new file mode 100644 index 000000000..9405db2dd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsDCCAZqgAwIBAgIUJevhGs7hqJR5QVzZzE+05L+1S70wCwYJKoZIhvcNAQEL +MBcxFTATBgNVBAMMDGludC12NC1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw +MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD +ggEBAFkfOzERPOpqPPPuPc+xawfkrg0jx7wktbNnws1FcgF6p0eHL+eDpoQ2DMfE +jabozGSjj4ZQQ6Ai68gIThllDWMCHCSjLhlxHOPEFWDjeP0mTSdOZTulZxMdbIUm +zRf+q6FI/2Tv2U7F807xMokMQgw+ndGISpSkKRPIl/PorWh5TU6eUazrrbyegHCW +xPmNoDhU4SUkdcpe7qDKnbTOb7RYTyFBGU4eMKMA7L0ZqynKo7Wvs5+EWovQSha9 +qeeXdD0wvi2HI7jNXIsYJD5mC1Rocj47/wmppd30iNcIQJu8VNI4YkgS88Y+ogEt +TzxFJMhZBB+H8Ub8x2Gz3qt4QnE= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec new file mode 100644 index 000000000..35a3a9ff3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v4-BC-cA +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem new file mode 100644 index 000000000..767219577 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtDCCAZ6gAwIBAgIUU3doWVdrXHM0k/ANaNuyVJhR8GwwCwYJKoZIhvcNAQEL +MBsxGTAXBgNVBAMMEGludC12NC1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa +GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk +e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg +KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI +YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi +lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL +HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN +AQELA4IBAQCGs+8b9J0JfOUVFuN15n65KqJadCjcxBn3qBUw5AIYzi10sIFVteG9 +LDN10s92aXwTVYSoVe6ZGM5cJ3MUezHeIrkNklCvsusRvoT4pEoDy/kTmLGLb5z6 +OwBEGYrSB5/jPtcstOBTN0FEbCc8XEGLEQymdB1detTDzmUbWseWvkEnBlf2EYMz +BdbcE067feMtW9SLo/xCqCHmloEiZ1z8castW0X1tHU4y+T67jgMdE4wwVb5frTm +8tgg8JPlJlWrtywdAcu2zTW7FiFnmLQ92NFjqIOeb8VybkgcTXX8FxiAbtYLbqpd +JZ5fpJiTnslxKY1m23DQaG7Yl+Jkif0s +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec new file mode 100644 index 000000000..7627d3a8a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v4-BC-not-cA +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem new file mode 100644 index 000000000..30ee60821 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAZmgAwIBAgIUYz+f8vqMyWzBNKoQl03ncht2cIIwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC2ludC12NC1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC +AQEArnYzwre41yL4hGRL/xlHQMNsblZK89GB0tovUsHvWScxizomaBN7Nai8Y1JB +U+6zXjMb3HP8h18Buxvuc0I/+RIUGRhxZ4PbSd/yi1yKaTL1smf5hVscbyMRajvp +Ws+CBmuwPOcNwvJH4acul2ljySSKX50itQuaKMqjWLmNYPz0PET683QijtQjEre1 +oMIVdq/z438Sv1mdUtRIb38bLzR2PO919lu2WN8ZAI7pQTCLFTg7FdHao4R5QtXp +n3zqzPgO1xgcvtgMWkeuqC1eUefJrD6+rn7mUFFtEwOzneNIb+xUuBgt5l33OTGn +v5sHclUaB2LM0cqGtvVkNd3P0Q== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec new file mode 100644 index 000000000..a78033753 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec @@ -0,0 +1,2 @@ +issuer:int-v4-noBC +subject:ee diff --git a/security/manager/ssl/tests/unit/test_cert_version/generate.py b/security/manager/ssl/tests/unit/test_cert_version/generate.py new file mode 100755 index 000000000..7e4747d63 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/generate.py @@ -0,0 +1,82 @@ +#!/usr/bin/env python +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python + +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# This file generates the certspec files for test_cert_version.js. The naming +# convention for those files is generally of the form +# "_.pem.certspec". End-entity +# certificates are generally called "ee". Intermediates are called +# "int". The root CA is called "ca" and self-signed certificates are called +# "ss". +# In the case that the subject and issuer are the same, the redundant part is +# not repeated. +# If there is nothing particularly special about a certificate, it has no +# description ("nothing particularly special" meaning the certificate is X509v3 +# and has or does not have the basic constraints extension as expected by where +# it is in the hierarchy). Otherwise, the description includes its version and +# details about the extension. If the extension is not present, the string +# "noBC" is used. If it is present but the cA bit is not asserted, the string +# "BC-not-cA" is used. If it is present with the cA bit asserted, the string +# "BC-cA" is used. +# For example, a v1 intermediate that does not have the extension that was +# issued by the root CA has the name "int-v1-noBC_ca.pem.certspec". +# A v4 end-entity that does have the extension but does not assert the cA bit +# that was issued by the root CA has the name +# "ee-v4-BC-not-cA_ca.pem.certspec". +# An end-entity issued by a v3 intermediate with the extension that asserts the +# cA bit has the name "ee_int-v3-BC-cA.pem.certspec". + +versions = { + 'v1': 1, + 'v2': 2, + 'v3': 3, + 'v4': 4 +} + +basicConstraintsTypes = { + 'noBC': '', + 'BC-not-cA': 'extension:basicConstraints:,', + 'BC-cA': 'extension:basicConstraints:cA,' +} + +def writeCertspec(issuer, subject, fields): + filename = '%s_%s.pem.certspec' % (subject, issuer) + if issuer == subject: + filename = '%s.pem.certspec' % subject + with open(filename, 'w') as f: + f.write('issuer:%s\n' % issuer) + f.write('subject:%s\n' % subject) + for field in fields: + if len(field) > 0: + f.write('%s\n' % field) + +keyUsage = 'extension:keyUsage:keyCertSign,cRLSign' +basicConstraintsCA = 'extension:basicConstraints:cA,' + +writeCertspec('ca', 'ca', [keyUsage, basicConstraintsCA]) + +for versionStr, versionVal in versions.iteritems(): + # intermediates + versionText = 'version:%s' % versionVal + for basicConstraintsType, basicConstraintsExtension in basicConstraintsTypes.iteritems(): + intermediateName = 'int-%s-%s' % (versionStr, basicConstraintsType) + writeCertspec('ca', intermediateName, + [keyUsage, versionText, basicConstraintsExtension]) + writeCertspec(intermediateName, 'ee', []) + + # end-entities + versionText = 'version:%s' % versionVal + for basicConstraintsType, basicConstraintsExtension in basicConstraintsTypes.iteritems(): + writeCertspec('ca', 'ee-%s-%s' % (versionStr, basicConstraintsType), + [versionText, basicConstraintsExtension]) + + # self-signed certificates + versionText = 'version:%s' % versionVal + for basicConstraintsType, basicConstraintsExtension in basicConstraintsTypes.iteritems(): + selfSignedName = 'ss-%s-%s' % (versionStr, basicConstraintsType) + writeCertspec(selfSignedName, selfSignedName, + [versionText, basicConstraintsExtension]) diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem new file mode 100644 index 000000000..26e57b926 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyjCCAbQCFG9flwxK3L28b9SwsYwGidUsf/MtMAsGCSqGSIb3DQEBCzANMQsw +CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAX +MRUwEwYDVQQDDAxpbnQtdjEtQkMtY0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9 +sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5 +TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7 +xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd +tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l +8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAM +BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAYnkJ8m2Q5ercVLL3DPZXrD/i +zuIn7/ZhtNRrv/CGUOge36bk/6RfYN+rRadM9wHbKKgjXLgA4jDNhjdRXN3QlqKV +5jxTJuLlu2vX9d81NmmhEk1cs9NMfkKdpXhOFR4nJvVfc0U1UqVpN4yf+U1x/CsT +KJ2pporpPCIYUwnXiizRXNbUvZJ/GF2HMRZQn+ude87Rm0Q8ifD3yz7CZVKPf6Kk +Sr9iJubTzLfKfJ1IkLe2yhvrbB5s00OW+kVnudjrFu7ZWKYVM2PJlF40zwYJl4Lr +o99VmsPFOvBHOAZoV/iQljY2DgauwtBmsa1K8iEPc3osALFM6acD9J4NBTahKw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec new file mode 100644 index 000000000..77f3ae914 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-v1-BC-cA +extension:keyUsage:keyCertSign,cRLSign +version:1 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem new file mode 100644 index 000000000..59ffb040f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzjCCAbgCFB/qdSZShwQLqEJWGZti66J8bY/MMAsGCSqGSIb3DQEBCzANMQsw +CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAb +MRkwFwYDVQQDDBBpbnQtdjEtQkMtbm90LWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMC +AQYwDAYDVR0TBAUwAwEBADALBgkqhkiG9w0BAQsDggEBAEHdkfOCOr648UTiqsPG +Q2bgBpfQR9q+sloaInyuhUkikrcVEFyDfX906yXpdAOd5vCof/1aC0Uj9rEOfGed +qqRGELrBP8hJWlUdISOuwSsP9YzdvvDUXCHYK9P0v4vFKN0FPpQ5jXbRbxt2Hlof +TvcDhd/IwRMT09bM6MuW/UCP7Amg60e9wNCYj+n3SpQcudlQwn3nsDrDeQfdaXqt +6JEAr7wujeOaLiA0e+i1EG2qeYJ8khEbLjXxeHmuuW40W14rUGygvdv6fLflGvYH +ZyHNi8pxFryfxet5S45pVPL0i2d0ebbYjOGBp5//CKeN6rwZsP32CMDgTp93lwjL +ELM= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec new file mode 100644 index 000000000..2a366535b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-v1-BC-not-cA +extension:keyUsage:keyCertSign,cRLSign +version:1 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem new file mode 100644 index 000000000..4f11b699b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICuzCCAaUCFBkI5w3s6jLLXnulpMK+fY1ARXT4MAsGCSqGSIb3DQEBCzANMQsw +CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAW +MRQwEgYDVQQDDAtpbnQtdjEtbm9CQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgEGMAsG +CSqGSIb3DQEBCwOCAQEAPLtcxQ6cE/ujKoes5ANvhdVSLvu9yLtV3nB0cFi/9JXj +3duFxIiGyfvci0NdOlg1OQwbO/zTsCDW2zK/xL66QV5UtcEZAWatzI6/2/aqp1PF ++dXbMsieNsVyIjStexjxvEj5flwtA06P0u/i/bMXtEiIIUSwmZ/GPDIyBlcBaJjg +vBwRXnbPYLE/zKqRz/7rsQvAbrSiGbjeLHTU5jcnXtafEmm9vSAY1fw4fq1Dyz6f +OwPCdc945ENuo7N+gEMItYw7TKyS5ROmlqDSnhWvL3nrhv9HyxLHKC8MJwRrjKpU +EocizMzyjzcjY3Gzdc0B3sBBrgcLMEcoFf1v+wrbdw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec new file mode 100644 index 000000000..63bf6ed73 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-v1-noBC +extension:keyUsage:keyCertSign,cRLSign +version:1 diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem new file mode 100644 index 000000000..ee4285cbf --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbmgAwIBAQIUT7iE9WTjWgXtMmDtZcXlv4QzJ8AwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBcxFTATBgNVBAMMDGludC12Mi1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQD +AgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQAU6AtsSDtT36xwdLKs +KaiJNQjCrsqYzBYcRKyKHDiTm8naR4sLT27VRIhzPxsz149VF9iFriU+WEdelZSV +9Ql3bXNX/02TRQxrRP0LMg/3JQq4PexJph2I93W6LQmsGsNgWqwzPInZfUoXu2nK +wdRxPAGA30PXqzN7e2kGXzD2Nci8ynjsU6EqKwSW9XArD40DRoBJN6OiBwUo9Bem +EsbVfytYX2bCPkjcFHk0TbhToSFmweGwAOcRO/A6+XM6pjd48kwA9H9CIx7g0NQ9 +q2TNLsvoS9aH7U3S53l8CyVu6hmKF1klQkkZAxa2Mz5KteLOxRxdLnsmRLZ7vwuT +2tUU +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec new file mode 100644 index 000000000..ca1bf67a7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-v2-BC-cA +extension:keyUsage:keyCertSign,cRLSign +version:2 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem new file mode 100644 index 000000000..f4159d5aa --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0zCCAb2gAwIBAQIUSwfORMpfA9q1z6/EWOfUSx66zNEwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBsxGTAXBgNVBAMMEGludC12Mi1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk +e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg +KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI +YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi +lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL +HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1Ud +DwQEAwIBBjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEAc4IWi7g4uc37 +S3NGcizKEZYsQdSzk4GwMxgX+mdWe2qqnJCer+E3dGrINEMb1blIaah4HGWFfLM5 +2XbBLnp0Jfj0ummvnAcZk5YVqixRgjr1RfzMavZOrCiGFbel4FAO7ht+ICB5AmbM +W9SzE9z+yMg/bOHur2rbaqZzsQ1a3crBJjWvbGulYm7HYskQx99HPyrib5H3r7Xr +H98haIpPn8hzYCZBb36iWfSSXvsfmGqGiAn2W2u+L/LwNMo8G3hpNB668myEmKe/ +D1Wdxg15KFLitsE9IaaIoMPQZw0Ir0/dKanAPSqG0hWw2Djw/S1yIwgoq9ylHxxn +0fq+xxZJXA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec new file mode 100644 index 000000000..fc28ff150 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-v2-BC-not-cA +extension:keyUsage:keyCertSign,cRLSign +version:2 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem new file mode 100644 index 000000000..93d83a2b6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwDCCAaqgAwIBAQIUK0Spe0lKn+U0xO5jDNCuI6z3d+UwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBYxFDASBgNVBAMMC2ludC12Mi1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMC +AQYwCwYJKoZIhvcNAQELA4IBAQAuydEs4UV5LclC5FsN97v3zL13tWT1+zgaHyxm +fyGDfNcWXgha2Y2LFc5lqKwZSqMZEL1f5UUAS5Mft64oak7loWKmFrE4oyVRrpGd +RnzOzmdtztmQxglYIIV4Am7c8pXUtwP7muWrd5myG9LZHwY9I6ZH+tjwV9QlSWaY +fV+N1Js9auYTb1yhNVGIcRdmdbnutBn5rj+h1b/PsO8CPW4IHxHh3AW7hAnBLhF7 +lMneMbmyodHzpGJRCSjtklgNOG9cMvMoUabGrhVnYQzcTp/Qf8qlKvC51sNeamzj +ZzUnaZWgU3holgbI6O/1g5uzRaMDAv2zGRPOsU8SMTINunv+ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec new file mode 100644 index 000000000..2d3fe59ff --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-v2-noBC +extension:keyUsage:keyCertSign,cRLSign +version:2 diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem new file mode 100644 index 000000000..a27e8058d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbmgAwIBAgIUAaoaQ4IPqjRVOQz/4vo5JrDzcA4wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBcxFTATBgNVBAMMDGludC12My1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQD +AgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQBwyEbiIyk6KMwWZyq5 +F2BxTInFKwnup+Rpmbwa+8o6NzQwjJ1cWszSPiN4akCO5GchrrDulAM6/kRANriA +5N+J+V5W0+Lr9Skl4kUBEDE0AWj41QW5YTrIli1bjFyfwKydP2almStnYOXmvDaL +Znlcm81azW5gibGeiLdCMo2RNajW1C2CMZs0TFE1NVbnw85Oaq5/RcUqx8sQ5OyX +5lkRGWoblzMUp7fY+fle+wgyyJdXSeSAp7SNJbm417SyEFTU2qx+6wqi6R5CE6M1 +R/uYGYH0SyXCGZ6Msng9w4ZAT7XX/ECEC9hfZqDRf/1XS21JOzz6F5y9hkh88Slk +GwPj +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec new file mode 100644 index 000000000..56fcb21a0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-v3-BC-cA +extension:keyUsage:keyCertSign,cRLSign +version:3 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem new file mode 100644 index 000000000..a7cadbebd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0zCCAb2gAwIBAgIUSZQ7USLXyTqZmjspcuxv8RjZtp4wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBsxGTAXBgNVBAMMEGludC12My1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk +e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg +KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI +YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi +lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL +HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1Ud +DwQEAwIBBjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEAEshHw+MsZRxQ +2Ozv2sJHTwedcCks2jbm4T9D3/UbMfReMG1s4zjM84O7a1ZxV7SuudtfarwVK9EI +6atRV4qLSAjZ3VfGjWo/1+rIN+LYTB10MZFefSVvh4BTr+vTEG9va0f0Q70KIwBU +d9F1iOZiYKvuzmv8mTbVRXAU74CcyGJeyhaGm6+qv4VztdxrUB/fSMTR5lltDJZU +MKTy3+n5fttP2mnwc5Za7A8Jn0Mqz2TVI2YI8CmCUdvaGqPdTcnQ0Xw31qEu4R9Z +dzfcLQPZg05VqOTOZzZqr45qIqVhdnOO/rhziIaFPPFkyEejr1vjeqtZW2hiScjX +h0t+rS7HEA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec new file mode 100644 index 000000000..a2def8d32 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-v3-BC-not-cA +extension:keyUsage:keyCertSign,cRLSign +version:3 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem new file mode 100644 index 000000000..9e342a0d7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwDCCAaqgAwIBAgIUfcNfM4j7uUnlrqBNMfIcXy9g3zUwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBYxFDASBgNVBAMMC2ludC12My1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMC +AQYwCwYJKoZIhvcNAQELA4IBAQCIsW22mHe+LWhIQm6Ess8r6O68O7G8RW1ELeL5 +Kg+iFXnmRVuC3gK4LH1G1VNIsVj1tGXtYxCJiJ5I4Aybvd+26reA2dCeQRJ6Ja/Q ++RQ5UW2HcbV9E67wYvbvXQlUk5MoY9vOqHAKXksEGxUnqmg2t9K4kFXAe2q9/i2g +syzV3EtbxADKW4mSLnLyC0AOmNcNB6Sc7/te69GY3BkDriJn5ayj0Xbio6qgfyY9 +jEAXPEnL6fggTB3XBUw3dlez9tweGLwjq4ei0dVymv+q+15qk7FmwJtRSGPYSU9C +gS7yPOLt4WP14kU3BLV5pPMHgm6Ff+l3UMTBPaHuYnvEHMZW +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec new file mode 100644 index 000000000..b336397ab --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-v3-noBC +extension:keyUsage:keyCertSign,cRLSign +version:3 diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem new file mode 100644 index 000000000..a687058bc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAbmgAwIBAwIUF3WP7b7JOaJWcP3tKFhcerw7104wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBcxFTATBgNVBAMMDGludC12NC1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQD +AgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQA/+1qhIMJIE46IOGAX +E6mqNDfKlgv3neuzz7LvO8BwDXKN5c899Y1fQAPG9vvH4x6LfibZuansSKuYlQuo +ty3+9uD22ZMyva61re+zQQXasxBm+lQ+YqjuTQO9XYwWCcoiW1k9UgwY331Be59Q +vb4G5MTkIK4IkfXLI1rXywcfYUL551YESILSrfB9YGyfQM87waniXMgYlTVMWjze +xhf41flw23eA6DspXlIMDIphDjrsdlNLt6M8Kq8ZX2pWNv3bHRW2GXPFTujO3ZX7 +KtEoKDVnRRoLKZUGV800HRvxnxQHix21g7zOh+P7OROsLpqMy8JFyq48RzFbcjRL +zxX+ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec new file mode 100644 index 000000000..12b94e63a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-v4-BC-cA +extension:keyUsage:keyCertSign,cRLSign +version:4 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem new file mode 100644 index 000000000..ed8fd32d4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0zCCAb2gAwIBAwIUVaZ2niPZ6DLRtuiwINlg8Jk1dZ4wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBsxGTAXBgNVBAMMEGludC12NC1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk +e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg +KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI +YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi +lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL +HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1Ud +DwQEAwIBBjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEAk9BrF+WBvw8N +Mq2rS506ozxY6ns/n0rD+eOD6lsurV6naqZpu74jagfMqlLBIppFe93yV/epDkPa +E84mDq6QT+smmosWlG4+HQ2+GnsNC3+savT5WXNCcLZCwWQeZWWndey2Bg0T/flN +g+2bHUrtGtz+GxfMV2/fwXiC0AD3F/thrrupl4SrS6wcYlaA7RJbGx8y47u1W0Zw +F0GL+cflyzoZOlXQrcXeCBCSFSQWlmyqOXKsXIHuPjPk4SVo7+IXH/4OQTpMFMVU +77+brGacqro+d/G83wEMM1mBur2XFYmXRdVAhDOarM3abFcXF3+23xZtv9qRNMRt +giMNReL6kQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec new file mode 100644 index 000000000..43a04f70f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-v4-BC-not-cA +extension:keyUsage:keyCertSign,cRLSign +version:4 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem new file mode 100644 index 000000000..037046a8b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwDCCAaqgAwIBAwIUFToW9dVGyhNcvbGEpVtHhT1WhgcwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBYxFDASBgNVBAMMC2ludC12NC1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMC +AQYwCwYJKoZIhvcNAQELA4IBAQAkki/4bWRgG61BREyFJh6R94w2DBEH4J99Fvyu +T8UaAxbi688qDuKmA7kCZpmtZKRna/d6UWCrU1kHOFpLtRBGcQIDFHAJYuuqsV45 +1tWQXkM/lpt/ZwV8yORiAzMrRgVup7krAolMsQkIK14pLwigwHFGRbZWsU7/dVhD +JIwAazsl1PVBNYkxGG10GlMdLtXN2xj5aBuxLpOBNIa7l8HSUDS5xU8iO+vRG9Y/ +mMBPcMaQY87GOqTdNTVMZZlp/pLhSZsoMJc5Adm1qDTr5LX0fBcr3ljPoy+WLMOY +/jSMhLoB+g3A5+N++ac9s4txNh3SSQ5kZ5F9p5z0h0nvfiGP +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec new file mode 100644 index 000000000..4970d1e94 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-v4-noBC +extension:keyUsage:keyCertSign,cRLSign +version:4 diff --git a/security/manager/ssl/tests/unit/test_cert_version/moz.build b/security/manager/ssl/tests/unit/test_cert_version/moz.build new file mode 100644 index 000000000..acea4142a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/moz.build @@ -0,0 +1,61 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca.pem', +# 'ee_int-v1-BC-cA.pem', +# 'ee_int-v1-BC-not-cA.pem', +# 'ee_int-v1-noBC.pem', +# 'ee_int-v2-BC-cA.pem', +# 'ee_int-v2-BC-not-cA.pem', +# 'ee_int-v2-noBC.pem', +# 'ee_int-v3-BC-cA.pem', +# 'ee_int-v3-BC-not-cA.pem', +# 'ee_int-v3-noBC.pem', +# 'ee_int-v4-BC-cA.pem', +# 'ee_int-v4-BC-not-cA.pem', +# 'ee_int-v4-noBC.pem', +# 'ee-v1-BC-cA_ca.pem', +# 'ee-v1-BC-not-cA_ca.pem', +# 'ee-v1-noBC_ca.pem', +# 'ee-v2-BC-cA_ca.pem', +# 'ee-v2-BC-not-cA_ca.pem', +# 'ee-v2-noBC_ca.pem', +# 'ee-v3-BC-cA_ca.pem', +# 'ee-v3-BC-not-cA_ca.pem', +# 'ee-v3-noBC_ca.pem', +# 'ee-v4-BC-cA_ca.pem', +# 'ee-v4-BC-not-cA_ca.pem', +# 'ee-v4-noBC_ca.pem', +# 'int-v1-BC-cA_ca.pem', +# 'int-v1-BC-not-cA_ca.pem', +# 'int-v1-noBC_ca.pem', +# 'int-v2-BC-cA_ca.pem', +# 'int-v2-BC-not-cA_ca.pem', +# 'int-v2-noBC_ca.pem', +# 'int-v3-BC-cA_ca.pem', +# 'int-v3-BC-not-cA_ca.pem', +# 'int-v3-noBC_ca.pem', +# 'int-v4-BC-cA_ca.pem', +# 'int-v4-BC-not-cA_ca.pem', +# 'int-v4-noBC_ca.pem', +# 'ss-v1-BC-cA.pem', +# 'ss-v1-BC-not-cA.pem', +# 'ss-v1-noBC.pem', +# 'ss-v2-BC-cA.pem', +# 'ss-v2-BC-not-cA.pem', +# 'ss-v2-noBC.pem', +# 'ss-v3-BC-cA.pem', +# 'ss-v3-BC-not-cA.pem', +# 'ss-v3-noBC.pem', +# 'ss-v4-BC-cA.pem', +# 'ss-v4-BC-not-cA.pem', +# 'ss-v4-noBC.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem new file mode 100644 index 000000000..46f82cebf --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa8CFG+MGH0v81ssRXWoQbbMgVkHEf6zMAsGCSqGSIb3DQEBCzAWMRQw +EgYDVQQDDAtzcy12MS1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAWMRQwEgYDVQQDDAtzcy12MS1CQy1jQTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T +BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAAtZZ5v+5mleP10vnCziNlRqOprKwxmG +t/tn5sOjQRxHMS6J/SV1zuIM0jkgubN785jj07QorkyTgxyNVumdUq3G0RutzGpq +paJXYHg0UYJ22N6scGIwuXE/fOh58XNaFpVytGaZIeGAeFcG4lFEHIzOKmRBZAlu +ba8ger2Vykmm9H7WdYdtUA35jKWNwkF1HABwbxrAFiMLSNt6AWDTYLgoyva77MWP +6sAN7Vhs8fGqHvSTfwVb1xKPiEyj9R4OWFcyQIfwRrNL9N/9qIfSp0NeQd1duVcu +MNQSQ/0fCir7rvaz8Wz24jJb+NaAvHpfdzPmvpoI7IuwPv87K2PgPPM= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec new file mode 100644 index 000000000..731396f03 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ss-v1-BC-cA +subject:ss-v1-BC-cA +version:1 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem new file mode 100644 index 000000000..5f9d30fba --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbcCFDNyQtXuElhDbK7NjNVK30/fBucMMAsGCSqGSIb3DQEBCzAaMRgw +FgYDVQQDDA9zcy12MS1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4 +MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPc3MtdjEtQkMtbm90LWNBMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK +tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N +Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr +sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs +l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl +nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAw +DjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEACAgAx20D/LCFt+PpWXMJ +6ZBaYaoLSZx6oDFeo+6zo4wjEyIhS+l5v5W4f+FnTL4h+DrugV2h2YlgoV2EeQSV +z/aCd1Q9GG77ui8uGNTnA5iHBYefJFDMxB/n5gm1qJagfLwbQICdJoVEXvRvfrSj +Y0y0qvzeFBI6tUZ5XwUdsigr6fto1tRHYpZORwJOWvy6m//NQxILBvRWnjsUDD/y +Yt5yZWxf0/r9md8hyKMBXZ8BqS6xFxoezRLIC4hqhoJNFN3gkxlogFiSi8FtRa86 +ld7vO51lKA9LqtiYlCB/jReEhsE+kGpUspL4f9FXvvnCr7LLqsXI6VoSrCWmsOMP +rg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec new file mode 100644 index 000000000..20d716d49 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ss-v1-BC-not-cA +subject:ss-v1-BC-not-cA +version:1 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem new file mode 100644 index 000000000..a117460d8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsTCCAZsCFA+72QOdH75J3hB9qKX0pOJInjg5MAsGCSqGSIb3DQEBCzAVMRMw +EQYDVQQDDApzcy12MS1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw +MDAwMDBaMBUxEzARBgNVBAMMCnNzLXYxLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH +Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr +IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ +sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA +dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE +LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEL +A4IBAQA0Erbg1IXfPrT6ZHl2txIcza4gXrvKHu+Ahq0XIYvJBPVDvwWTQlktJGcq +BDndGLOYIHkm5CyeOeCIkjGH/6EFg8jLjBrc2RGoaFmhvi9QuDP1DN/082DV69ql +cJZSYX5usTMRuWECy8k3t8Mf2TqwoGEaTP7tF9chxItJUEjlkuZRbcLf22pb1Hby +heEVm0m/JHelm1eQI5j0DySS+Am5OTxvCx2WXOyITN7KDHitWalu29DUHNOBLndb +kMxCHLHLWicpkDrc9o5TRWR+UiQ8fucfaGCgGLK0RIC3AwMSFKmyky1Xx1d5pX5C +9vfJsSHoJfm86RPkJ37ZRiN3zwJm +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec new file mode 100644 index 000000000..58d2f0d7f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec @@ -0,0 +1,3 @@ +issuer:ss-v1-noBC +subject:ss-v1-noBC +version:1 diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem new file mode 100644 index 000000000..c23ff6607 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyjCCAbSgAwIBAQIUG6ex4GpeLkOdyG0kcXwahQ2TJgkwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC3NzLXYyLUJDLWNBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3NzLXYyLUJDLWNBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1 +aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we +adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS +pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W +YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR +CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAM +BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAomxNmMoe4s7X2giV3QWVdOUg +XHye6mFnfsFFZBAnJbYWAy9NcrmKMEReo0APujdZuZkx3LTokBW3A5jAfdeb0l3f +vxkzgTBSd8XNDm/VnqpMf8ZABWEYpofiMV7fXq1lox2ePyCvh8Ksc22A2ceDy0r3 +gONnMeqRpfb8702R7ZaZzAba3S2kL63Ca40W+Ut1on9hkVxLBb6CM9HKnWl4AacE +OPtJrJwrwYJKP5Xg3yIOwydHFSVPb9puiBqE+5Da9EcKH3FlXkuMbVcPLQNnQswV +ThHdBRAZAyXzc/T6CraJiJX8jjFJjX0/JIwZ3LQR+nK2oQ6KoEy33xYi5Gvyqw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec new file mode 100644 index 000000000..8dbb3a65a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ss-v2-BC-cA +subject:ss-v2-BC-cA +version:2 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem new file mode 100644 index 000000000..2ba60c464 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0jCCAbygAwIBAQIUBXBWOFiYgovlJC6xNnzLkhSbBi8wCwYJKoZIhvcNAQEL +MBoxGDAWBgNVBAMMD3NzLXYyLUJDLW5vdC1jQTAiGA8yMDE1MTEyODAwMDAwMFoY +DzIwMTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9zcy12Mi1CQy1ub3QtY0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT +2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV +JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N +jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA +BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh +He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB +AAGjEDAOMAwGA1UdEwQFMAMBAQAwCwYJKoZIhvcNAQELA4IBAQAY8GDCVpMGM7xQ +GjpedV3hiJ47d5ybVaJubldz082/5RhqRtfvZpC3RwzLQzkGsLvqxH87E6KJRHDq +X5MkAZzuFv49dtQX5BXAiUSDbC33dLNX/+e75LZ7jo3CZQxaHNNu9tlXFiy+661c +GH4FHDT8mvzDX5lJlmJ1fecPPndH/nnbcgcAVKZgi40xDx87MlrF7R23KXqbxFJ7 +cj8m7cS5t+LlNxCxR2vjPpfVGqA/LgTvOQPm1cn6zji0URDqxRZ+D/3m515lFWu4 +OkV7sf6iEgUo/2mtjvt6I/tbpqc5DKJRrRXXVJXQdXDGptdNIGt3jckOiUKYrLIU +kzzOuL1s +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec new file mode 100644 index 000000000..2b8f4bcc5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ss-v2-BC-not-cA +subject:ss-v2-BC-not-cA +version:2 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem new file mode 100644 index 000000000..1cd6979a6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtjCCAaCgAwIBAQIUAYdFdolsf3VTBZ0ZsXUBgHZHnHQwCwYJKoZIhvcNAQEL +MBUxEzARBgNVBAMMCnNzLXYyLW5vQkMwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4 +MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKc3MtdjItbm9CQzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX +bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ +OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9 +uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb +t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO +NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG +9w0BAQsDggEBAJFhWwC68S3SAhj2d/wI3LhqlnFgaL0MYBENqhs4RhqUkhIzbQ1f +6Jc78Gd275ftrR8tcZ4PlQYrJY/rJuLzfq0JL8gCjv4K0SS/l5+LKZE6wjmoVjbZ +VZaErdkslU/lRczACBA08F7w+rHBQ6oj6pVaKXXbIZscduFvHentJENSyvgPqhOs +X1pAxIT2klwAeYwajCm1UmjlXNtKSFJZHDG6qCf/ZPplXt/rRdH89t9r1lttZLNV ++eVzbYYcpjY25eOo87FAYOBG/8fjMt3XTs0WtlxnvFA8cieB+cJ7LyIO9TWasaWc +YX2IonPVrXSUj4APt2tknTcHF/PIcx69diQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec new file mode 100644 index 000000000..7656115a8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec @@ -0,0 +1,3 @@ +issuer:ss-v2-noBC +subject:ss-v2-noBC +version:2 diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem new file mode 100644 index 000000000..ea4a18024 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyjCCAbSgAwIBAgIUG8cSSK9riYlFB7ouvuMQGSlW+UcwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC3NzLXYzLUJDLWNBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3NzLXYzLUJDLWNBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1 +aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we +adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS +pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W +YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR +CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAM +BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAf59Fuz/pD+aAq2EpVeVNNhNW +ACZLNmzlM7xiodW2Nd5g9w521u58wzmMp7d8jIIzjG4Io3kpK35hcQQaacI7QzQf +mOOtT2s4KtlpKmnm6X4eGHO5Wjyn7mkfZ/s75RP21CB9d5989Yz+eB2kBfXU0dja +TBeFKoPnX+MMzucm9JMLhZ4YbxMXbuQOmm5wl4kq44aaQ8m6GsHNIwz5x0XPoCVN +0VCUxF4f79+LBW7L7MlH1u+iaI82jemwMud2mymBy+nr+3K0mARqAhjjJzF2GEKX +B8FL2Q2/fHubMK/UmLJQI0L9WS02nuafIGl20xOndFEaTLNKFjrrsCip5Updnw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec new file mode 100644 index 000000000..df822e99b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ss-v3-BC-cA +subject:ss-v3-BC-cA +version:3 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem new file mode 100644 index 000000000..f612c29fd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0jCCAbygAwIBAgIUD1Zrxy5fGFnW0HiU7Wd4Lr2CuQwwCwYJKoZIhvcNAQEL +MBoxGDAWBgNVBAMMD3NzLXYzLUJDLW5vdC1jQTAiGA8yMDE1MTEyODAwMDAwMFoY +DzIwMTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9zcy12My1CQy1ub3QtY0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT +2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV +JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N +jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA +BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh +He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB +AAGjEDAOMAwGA1UdEwQFMAMBAQAwCwYJKoZIhvcNAQELA4IBAQCSHxtOuFzFQjXj +uYkrCHQ+7h7j5AZi3p3XZvuo8oxzbBb6vmwvTguRkeZzwgN+FWE8IhXMlqE+avh9 +hnDZOygI+w3gtfXtevlnh3ngnr85op4nJ2CJ0O5X6s8wRsX544mM8d8NxriP1tr0 +fB3Dq0Y8WkUkocdV/NuvTnw4gldDl67Imj2J6lYXDfLmCFQYKga1b+OTX/KOUXIy +VsUwOX1aPY6PUO2IVdX8n/sY8NcGJkf37DxqgcE410GvGHJw4qOgjJxMT0/xDYP8 +FY8yiB/y/mWWw/W1+duWOUO0BfmYH+MrSduUb1IXM06DWZgTbECjcVaqLYnRjgR8 +/ARSmye4 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec new file mode 100644 index 000000000..0b2b57557 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ss-v3-BC-not-cA +subject:ss-v3-BC-not-cA +version:3 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem new file mode 100644 index 000000000..849fbcda2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtjCCAaCgAwIBAgIUG/zabaMDrPkuXBAyLcu1A8K/9Q8wCwYJKoZIhvcNAQEL +MBUxEzARBgNVBAMMCnNzLXYzLW5vQkMwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4 +MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKc3MtdjMtbm9CQzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX +bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ +OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9 +uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb +t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO +NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG +9w0BAQsDggEBAFzvJODJBLHGofBQQN0lF3DnB3LOcUMT7noPkAx/fTwjLaomazG+ +pvHOxQTUAXg4SHVQRM+z8y16FertnjVKRBdAQrdWzPFWYxdgafUBTXqpIbZFGbKY +swQSBBrq6AhjNAx309Y9qW5RfOFer0KNWXV01892euHjL288n+Nn6Kzu2re/Bf29 ++uqqpceA2oGgsB83Jcl6LxI2rmF6g38fBtL/TzDmNxcP1lrxUlehosm4sC79dSKJ +ckbKWSl+IpMI4u3h2MNEOhK5Ip8T2gG0CBI0SZZt7iz4tu4h23KS8RYvQVrySTY7 +5Z2518kyyjVKuhaHcQRN3W/7egP24QRobL8= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec new file mode 100644 index 000000000..96314e51a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec @@ -0,0 +1,3 @@ +issuer:ss-v3-noBC +subject:ss-v3-noBC +version:3 diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem new file mode 100644 index 000000000..01e952442 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyjCCAbSgAwIBAwIUH+0Y+pqW4DjsOBgkkQppZLmj5PcwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC3NzLXY0LUJDLWNBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3NzLXY0LUJDLWNBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1 +aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we +adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS +pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W +YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR +CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAM +BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEALzgRDh0qh5j+RMgGQcWEPwcB +0BElZ/R2uZkLppQkFE++NXW/c55ze+58AL9SiE2KcvcuPXcawOutofca1d00msEd +NIACsU4/R0di4OuxeZEG/3TMT9s45zNgIEScuHN9TG51DYMi+9weNjOohScutTa1 +SZzqxysC8sU6nvjaDKz2CUzp6f4Ihmrs8pf2yn5JGiyL8huPl55pQyjBfhP3kDB4 +w9XnuL3c10RutYpU6PjHYy7ISQRMCkMypTQauOdwlEnQZss8vo3Unb0INyYssHct +X9owoNW3VZ1QRs5rbzDjhA5x+z9pOcabfnQCEnDaV+3r9bZmHIkQIFQMugJbfg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec new file mode 100644 index 000000000..54269184e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ss-v4-BC-cA +subject:ss-v4-BC-cA +version:4 +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem new file mode 100644 index 000000000..b876791f4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0jCCAbygAwIBAwIUT5RKOqGvbweUZwI3IGU68VrjHL0wCwYJKoZIhvcNAQEL +MBoxGDAWBgNVBAMMD3NzLXY0LUJDLW5vdC1jQTAiGA8yMDE1MTEyODAwMDAwMFoY +DzIwMTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9zcy12NC1CQy1ub3QtY0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT +2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV +JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N +jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA +BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh +He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB +AAGjEDAOMAwGA1UdEwQFMAMBAQAwCwYJKoZIhvcNAQELA4IBAQBuALYv+/5x11NR +7e3rxtG5sT2+hUF63oeJMfGEzP1pBtTpokNKTSQSOzJ96816MTCBbHEjt5VEjYk6 +yj5Kswws38XWMOBv21t4HNYzrdUqVVVRJxfQ6waQN5uAgUS8Wo8tSSXN+pAQ9dpB +GCMvhPaCmi0F601hU6RnpJNsgoIORMtwJupH11VY11W+zrqOhP1Jnob5x2IIakvD +/HqSANIhpNjmCKgA5ZQqfFbs0AF/tNGqQ9ikGOBZqBP47sOo9c9FHfchcrq0u+D3 +N4OO0909F5lgb4RQ/g9prlR5CIYh/g1dWG7FPCRaYDPt4DySe26UE60+JBP2re2U +NiSd3N/5 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec new file mode 100644 index 000000000..3d6533531 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ss-v4-BC-not-cA +subject:ss-v4-BC-not-cA +version:4 +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem new file mode 100644 index 000000000..317319c72 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtjCCAaCgAwIBAwIUb9qH5069BVlQbXHC3yvfCnwPbAEwCwYJKoZIhvcNAQEL +MBUxEzARBgNVBAMMCnNzLXY0LW5vQkMwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4 +MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKc3MtdjQtbm9CQzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX +bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ +OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9 +uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb +t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO +NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG +9w0BAQsDggEBAGx6Hb+TuW/T3OAjH1ZgpUxfWqFthTXoIioS6VhSkUQHa0Ay6xc3 +ieaYhIzOS52IYbqLQLgyOLHb2TxMsmHltlnGAgpJrlnon/48OPkmYsUOA3XpqXfo +KBiCr6QNK+wPunPKPA2stHsqykC1///Hjrz9G8ZibDH5ESu96vgMjxqkpI1bgRyS +69XrzctGnwwLaXzhrsNPlP+D/VkSyhrRGih3AHXXdda6s5hqEu8yaSN0kP4oG7gL +wZcbMRttpIW/ZvihypwUyHSgVsZFeuW8PnDzQF7QwMg88rIBExaTz1RQA9zF7Ft7 +AXbf39HewK1XfLnuZdtYlu5zZBz1Qc/7Q4M= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec new file mode 100644 index 000000000..d02e04de5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec @@ -0,0 +1,3 @@ +issuer:ss-v4-noBC +subject:ss-v4-noBC +version:4 diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js new file mode 100644 index 000000000..2c244aad7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js @@ -0,0 +1,62 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// Checks that invalid OID encodings are detected in the Cert Viewer Details tab. + +do_get_profile(); // Must be called before getting nsIX509CertDB +const certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function certFromFile(filename) { + return constructCertFromFile(`test_certviewer_invalid_oids/${filename}.pem`); +} + +function test(certFilename, expectedOIDText) { + let cert = certFromFile(certFilename); + let certDumpTree = Cc["@mozilla.org/security/nsASN1Tree;1"] + .createInstance(Ci.nsIASN1Tree); + certDumpTree.loadASN1Structure(cert.ASN1Structure); + let actualOIDText = certDumpTree.getDisplayData(9); + + equal(actualOIDText, expectedOIDText, + "Actual and expected OID text should match"); +} + +function run_test() { + test("bug483440-attack2b", + "Object Identifier (2 5 4 Unknown) = www.bank.com\n" + + "OU = Hacking Division\n" + + "CN = www.badguy.com\nO = Badguy Inc\n"); + + test("bug483440-pk10oflo", + "Object Identifier (2 5 4 Unknown) = www.bank.com\n" + + "OU = Hacking Division\n" + + "CN = www.badguy.com\nO = Badguy Inc\n"); + + test("bug483440-attack7", + + // Check 88 80 80 80 01, not leading, have to pass + "Object Identifier (2 5 4 2147483649) = attack1\n" + + + // Check 90 80 80 80 01, not leading, have to fail + "Object Identifier (2 5 4 Unknown) = attack2\n" + + + // Check 80 80 80 80 80, not leading, have to fail + "Object Identifier (2 5 4 Unknown) = attack3\n" + + + // Check 81 81, trailing, have to fail + "Object Identifier (2 5 4 3 Unknown) = attack4\n" + + + // Check FF FF FF 7F, not leading, have to pass + "Object Identifier (2 5 4 268435455) = attack5\n" + + + // Check 80 leading, have to fail + "Object Identifier (Unknown 3) = attack6\n" + + + // Check 14757 = 2*40 + 14677 leading single byte encoded as F325, + // have to pass + "Object Identifier (2 14677 4 3) = attack7\n"); +} diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem new file mode 100644 index 000000000..8adcf2ac1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICKDCCAZGgAwIBAgIFAIyjFPowDQYJKoZIhvcNAQEFBQAwKDEXMBUGA1UEAwwO +KgB3d3cubXlDQS5vcmcxDTALBgNVBAMTBG15Q0EwHhcNMDkwMzE0MTg0NzU2WhcN +MTkwMzE0MTg0NzU2WjBhMRMwEQYDVQQKEwpCYWRndXkgSW5jMRcwFQYDVQQDEw53 +d3cuYmFkZ3V5LmNvbTEZMBcGA1UECxMQSGFja2luZyBEaXZpc2lvbjEWMBQGBFUE +gAMTDHd3dy5iYW5rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2YvL +GgmF0OTLBKz0nYTvR+DlnZai7b2MqAIM9IUEpMfqzJPNYCsXziYXgHtr/do9ppJP +BhDjeyIGEOSpgBqdkWItxlLopUHnf8VKwnDPPj4KkNyXuTLm60X/ph+/zrjTw+kU +m+/kVYstgGMuTIoTuu7loxCqqeVlAgc5lzTpUhkCAwEAAaMlMCMwDAYDVR0TAQH/ +BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAKHl1G +vaXftj5QPK3eIT6Q3fWuGKR39grlg5GL/WocPanYycOlm9zvT1Hx95cY6msIXSKp +xycndJ02ODX35DDgolV6VHUsM9yoagk+eqs5kCqW2qiv3moIshL0yWVhuCobMA+E +D3wHFCPqVU+igRdCrEQDxZHoFOR4J/DKHfGANg== +-----END CERTIFICATE----- diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem new file mode 100644 index 000000000..778e7aced --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkDERMA8GBPMlBAMTB2F0 +dGFjazcxEDAOBgOABAMTB2F0dGFjazYxEzARBgZVBP///38TB2F0dGFjazUxEjAQ +BgVVBAOBgRMHYXR0YWNrNDEUMBIGB1UEgICAgIATB2F0dGFjazMxFDASBgdVBJCA +gIABEwdhdHRhY2syMRQwEgYHVQSIgICAARMHYXR0YWNrMTAeFw0wOTA0MTMxNDAw +MzdaFw0yOTA0MTMxNDAwMzdaMIGQMREwDwYE8yUEAxMHYXR0YWNrNzEQMA4GA4AE +AxMHYXR0YWNrNjETMBEGBlUE////fxMHYXR0YWNrNTESMBAGBVUEA4GBEwdhdHRh +Y2s0MRQwEgYHVQSAgICAgBMHYXR0YWNrMzEUMBIGB1UEkICAgAETB2F0dGFjazIx +FDASBgdVBIiAgIABEwdhdHRhY2sxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQC77fQ1wrywBnVmr8XO0/78/qFOz+sjnMlpBvLx5UImittgMNSgEqNulRDbO0qG +K4tlFF2sNsS7aOun6Cq7yl2+a8mIljmjzs+iwCLOEAkQTOM4RsdCosJVy/fjwmH1 +xI0uXt5cPkA0FM7B/IZSzWSC+2gY1+u1AhRJ35bXDhu92wIDAQABMA0GCSqGSIb3 +DQEBBQUAA4GBAFZitQjsQJ1+XsxKchBefilaHsi4oncc05P29IXcRbHI8wK2vNk8 +kkG2c6M4a4Rx1R4C3n99NwXH4vyNUbA9FuMSAdjaS3TW3zm8lKNCuIWGuI2Vvefy ++wNcCfb8B4AuP8pZOqqKsspgiBAE1EPPErnb7nMVLCnf+ts9ARXLBZTi +-----END CERTIFICATE----- diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem new file mode 100644 index 000000000..7daef524b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICMTCCAZqgAwIBAgIFAIyjFTAwDQYJKoZIhvcNAQEFBQAwKDEXMBUGA1UEAwwO +KgB3d3cubXlDQS5vcmcxDTALBgNVBAMTBG15Q0EwHhcNMDkwMzE0MTg0ODI0WhcN +MTkwMzE0MTg0ODI0WjBqMRMwEQYDVQQKEwpCYWRndXkgSW5jMRcwFQYDVQQDEw53 +d3cuYmFkZ3V5LmNvbTEZMBcGA1UECxMQSGFja2luZyBEaXZpc2lvbjEfMB0GDVUE +goCAgICAgICAgAMTDHd3dy5iYW5rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEA2YvLGgmF0OTLBKz0nYTvR+DlnZai7b2MqAIM9IUEpMfqzJPNYCsXziYX +gHtr/do9ppJPBhDjeyIGEOSpgBqdkWItxlLopUHnf8VKwnDPPj4KkNyXuTLm60X/ +ph+/zrjTw+kUm+/kVYstgGMuTIoTuu7loxCqqeVlAgc5lzTpUhkCAwEAAaMlMCMw +DAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUF +AAOBgQBr+ekYoADBm6kbHBR1oc/6O9ZciRsTbxIAl3xjA3kNEeiUXXSoe+1dlt3Z +7D6EaQztqR8usCW728J3vi8p/XxociK3r4aq0Sxu29gp21N1V/Um8y3ssI+Yt9Im +oHlo5ikUXra5PtGAwi4FymrU5dWlHxYk1PlNP5nsvxdElPZnZA== +-----END CERTIFICATE----- diff --git a/security/manager/ssl/tests/unit/test_constructX509FromBase64.js b/security/manager/ssl/tests/unit/test_constructX509FromBase64.js new file mode 100644 index 000000000..d44e249c2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_constructX509FromBase64.js @@ -0,0 +1,69 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// Checks that ConstructX509FromBase64() accepts valid input and rejects invalid +// input. + +do_get_profile(); // Must be called before getting nsIX509CertDB +const certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function excMessage(e) { + if (e.message) { + let msg = e.message; + if (e.data) { + msg = msg + ": " + e.data; + } + return msg; + } + + return e.toString(); +} + +function testGood(data) { + try { + let cert = certDB.constructX509FromBase64(data.cert); + equal(cert.commonName, data.cn, + "Actual and expected commonName should match"); + } catch (e) { + do_print(`Exception: ${excMessage(e)}`); + ok(false, `Should not have gotten an exception for "CN=${data.cn}"`); + } +} + +function testBad(data) { + throws(() => certDB.constructX509FromBase64(data.input), data.result, + `Should get "${data.result}" for "${data.input}"`); +} + +function run_test() { + const badCases = [ + // Wrong type or too short + { input: null, result: /NS_ERROR_ILLEGAL_VALUE/ }, + { input: "", result: /NS_ERROR_ILLEGAL_VALUE/ }, + { input: "=", result: /NS_ERROR_ILLEGAL_VALUE/ }, + { input: "==", result: /NS_ERROR_ILLEGAL_VALUE/ }, + // Not base64 + { input: "forty-four dead stone lions", result: /NS_ERROR_ILLEGAL_VALUE/ }, + // Not a cert + { input: "Zm9ydHktZm91ciBkZWFkIHN0b25lIGxpb25z", + result: /NS_ERROR_FAILURE/ }, + ]; + + // Real certs with all three padding levels + const goodCases = [ + { cn: "A", cert: "MIHhMIGcAgEAMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMTEwMzIzMjMyNTE3WhcNMTEwNDIyMjMyNTE3WjAMMQowCAYDVQQDEwFBMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxANFm7ZCfYNJViaDWTFuMClX3+9u18VFGiyLfM6xJrxir4QVtQC7VUC/WUGoBUs9COQIDAQABMA0GCSqGSIb3DQEBBQUAAzEAx2+gIwmuYjJO5SyabqIm4lB1MandHH1HQc0y0tUFshBOMESTzQRPSVwPn77a6R9t" }, + { cn: "Bo", cert: "MIHjMIGeAgEAMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNVBAMTAkJvMB4XDTExMDMyMzIzMjYwMloXDTExMDQyMjIzMjYwMlowDTELMAkGA1UEAxMCQm8wTDANBgkqhkiG9w0BAQEFAAM7ADA4AjEA1FoSl9w9HqMqVgk2K0J3OTiRsgHeNsQdPUl6S82ME33gH+E56PcWZA3nse+fpS3NAgMBAAEwDQYJKoZIhvcNAQEFBQADMQAo/e3BvQAmygiATljQ68tWPoWcbMwa1xxAvpWTEc1LOvMqeDBinBUqbAbSmPhGWb4=" }, + { cn: "Cid", cert: "MIHlMIGgAgEAMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNVBAMTA0NpZDAeFw0xMTAzMjMyMzI2MzJaFw0xMTA0MjIyMzI2MzJaMA4xDDAKBgNVBAMTA0NpZDBMMA0GCSqGSIb3DQEBAQUAAzsAMDgCMQDUUxlF5xKN+8KCSsR83sN+SRwJmZdliXsnBB7PU0OgbmOWN0u8yehRkmu39kN9tzcCAwEAATANBgkqhkiG9w0BAQUFAAMxAJ3UScNqRcjHFrNu4nuwRldZLJlVJvRYXp982V4/kYodQEGN4gJ+Qyj+HTsaXy5x/w==" } + ]; + + for (let badCase of badCases) { + testBad(badCase); + } + for (let goodCase of goodCases) { + testGood(goodCase); + } +} diff --git a/security/manager/ssl/tests/unit/test_content_signing.js b/security/manager/ssl/tests/unit/test_content_signing.js new file mode 100644 index 000000000..99ea33a3a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing.js @@ -0,0 +1,266 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// These tests ensure content signatures are working correctly. + +// First, we need to set up some data +const PREF_SIGNATURE_ROOT = "security.content.signature.root_hash"; + +const TEST_DATA_DIR = "test_content_signing/"; + +const ONECRL_NAME = "oneCRL-signer.mozilla.org"; +const ABOUT_NEWTAB_NAME = "remotenewtab.content-signature.mozilla.org"; + +function getSignatureVerifier() { + return Cc["@mozilla.org/security/contentsignatureverifier;1"] + .createInstance(Ci.nsIContentSignatureVerifier); +} + +function setRoot(filename) { + let cert = constructCertFromFile(filename); + Services.prefs.setCharPref(PREF_SIGNATURE_ROOT, cert.sha256Fingerprint); +} + +function loadChain(prefix, names) { + let chain = []; + for (let name of names) { + let filename = `${prefix}_${name}.pem`; + chain.push(readFile(do_get_file(filename))); + } + return chain; +} + +function run_test() { + // set up some data + const DATA = readFile(do_get_file(TEST_DATA_DIR + 'test.txt')); + const GOOD_SIGNATURE = "p384ecdsa=" + + readFile(do_get_file(TEST_DATA_DIR + 'test.txt.signature')) + .trim(); + + const BAD_SIGNATURE = "p384ecdsa=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2r" + + "UWM4GJke4pE8ecHiXoi-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1G" + + "q25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L"; + + let remoteNewTabChain = loadChain(TEST_DATA_DIR + "content_signing", + ["remote_newtab_ee", "int", "root"]); + + let oneCRLChain = loadChain(TEST_DATA_DIR + "content_signing", + ["onecrl_ee", "int", "root"]); + + let oneCRLBadKeyChain = loadChain(TEST_DATA_DIR + "content_signing", + ["onecrl_wrong_key_ee", "int", "root"]); + + let oneCRLRSAKeyChain = loadChain(TEST_DATA_DIR + "content_signing", + ["onecrl_RSA_ee", "int", "root"]); + + let noSANChain = loadChain(TEST_DATA_DIR + "content_signing", + ["onecrl_no_SAN_ee", "int", "root"]); + + // Check signature verification works without error before the root is set + let chain1 = oneCRLChain.join("\n"); + let verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME), + "Before the root is set, signatures should fail to verify but not throw."); + + setRoot(TEST_DATA_DIR + "content_signing_root.pem"); + + // Check good signatures from good certificates with the correct SAN + verifier = getSignatureVerifier(); + ok(verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME), + "A OneCRL signature should verify with the OneCRL chain"); + let chain2 = remoteNewTabChain.join("\n"); + verifier = getSignatureVerifier(); + ok(verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain2, + ABOUT_NEWTAB_NAME), + "A newtab signature should verify with the newtab chain"); + + // Check a bad signature when a good chain is provided + chain1 = oneCRLChain.join("\n"); + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, BAD_SIGNATURE, chain1, ONECRL_NAME), + "A bad signature should not verify"); + + // Check a good signature from cert with good SAN but a different key than the + // one used to create the signature + let badKeyChain = oneCRLBadKeyChain.join("\n"); + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, badKeyChain, + ONECRL_NAME), + "A signature should not verify if the signing key is wrong"); + + // Check a good signature from cert with good SAN but a different key than the + // one used to create the signature (this time, an RSA key) + let rsaKeyChain = oneCRLBadKeyChain.join("\n"); + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, rsaKeyChain, + ONECRL_NAME), + "A signature should not verify if the signing key is wrong (RSA)"); + + // Check a good signature from cert with good SAN but with chain missing root + let missingRoot = [oneCRLChain[0], oneCRLChain[1]].join("\n"); + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, missingRoot, + ONECRL_NAME), + "A signature should not verify if the chain is incomplete (missing root)"); + + // Check a good signature from cert with good SAN but with no path to root + let missingInt = [oneCRLChain[0], oneCRLChain[2]].join("\n"); + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, missingInt, + ONECRL_NAME), + "A signature should not verify if the chain is incomplete (missing int)"); + + // Check good signatures from good certificates with the wrong SANs + chain1 = oneCRLChain.join("\n"); + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, + ABOUT_NEWTAB_NAME), + "A OneCRL signature should not verify if we require the newtab SAN"); + + chain2 = remoteNewTabChain.join("\n"); + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain2, + ONECRL_NAME), + "A newtab signature should not verify if we require the OneCRL SAN"); + + // Check good signatures with good chains with some other invalid names + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ""), + "A signature should not verify if the SANs do not match an empty name"); + + let relatedName = "subdomain." + ONECRL_NAME; + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, + relatedName), + "A signature should not verify if the SANs do not match a related name"); + + let randomName = "\xb1\x9bU\x1c\xae\xaa3\x19H\xdb\xed\xa1\xa1\xe0\x81\xfb" + + "\xb2\x8f\x1cP\xe5\x8b\x9c\xc2s\xd3\x1f\x8e\xbbN"; + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, randomName), + "A signature should not verify if the SANs do not match a random name"); + + // check good signatures with chains that have strange or missing SANs + chain1 = noSANChain.join("\n"); + verifier = getSignatureVerifier(); + ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, + ONECRL_NAME), + "A signature should not verify if the SANs do not match a supplied name"); + + // Check malformed signature data + chain1 = oneCRLChain.join("\n"); + let bad_signatures = [ + // wrong length + "p384ecdsa=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ecHiXoi-" + + "7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L==", + // incorrectly encoded + "p384ecdsa='WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ecHiXoi" + + "-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L=", + // missing directive + "other_directive=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ec" + + "HiXoi-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L", + // actually sha256 with RSA + "p384ecdsa=XS_jiQsS5qlzQyUKaA1nAnQn_OvxhvDfKybflB8Xe5gNH1wNmPGK1qN-jpeTfK" + + "6ob3l3gCTXrsMnOXMeht0kPP3wLfVgXbuuO135pQnsv0c-ltRMWLe56Cm4S4Z6E7WWKLPWaj" + + "jhAcG5dZxjffP9g7tuPP4lTUJztyc4d1z_zQZakEG7R0vN7P5_CaX9MiMzP4R7nC3H4Ba6yi" + + "yjlGvsZwJ_C5zDQzWWs95czUbMzbDScEZ_7AWnidw91jZn-fUK3xLb6m-Zb_b4GAqZ-vnXIf" + + "LpLB1Nzal42BQZn7i4rhAldYdcVvy7rOMlsTUb5Zz6vpVW9LCT9lMJ7Sq1xbU-0g==" + ]; + for (let badSig of bad_signatures) { + throws(() => { + verifier = getSignatureVerifier(); + verifier.verifyContentSignature(DATA, badSig, chain1, ONECRL_NAME); + }, /NS_ERROR/, `Bad or malformed signature "${badSig}" should be rejected`); + } + + // Check malformed and missing certificate chain data + let chainSuffix = [oneCRLChain[1], oneCRLChain[2]].join("\n"); + let badChains = [ + // no data + "", + // completely wrong data + "blah blah \n blah", + ]; + + let badSections = [ + // data that looks like PEM but isn't + "-----BEGIN CERTIFICATE-----\nBSsPRlYp5+gaFMRIczwUzaioRfteCjr94xyz0g==\n", + "-----BEGIN CERTIFICATE-----\nBSsPRlYp5+gaFMRIczwUzaioRfteCjr94xyz0g==\n-----END CERTIFICATE-----", + // data that will start to parse but won't base64decode + "-----BEGIN CERTIFICATE-----\nnon-base64-stuff\n-----END CERTIFICATE-----", + // data with garbage outside of PEM sections + "this data is garbage\n-----BEGIN CERTIFICATE-----\nnon-base64-stuff\n" + + "-----END CERTIFICATE-----", + ]; + + for (let badSection of badSections) { + // ensure we test each bad section on its own... + badChains.push(badSection); + // ... and as part of a chain with good certificates + badChains.push(badSection + '\n' + chainSuffix); + } + + for (let badChain of badChains) { + throws(() => { + verifier = getSignatureVerifier(); + verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, badChain, + ONECRL_NAME); + }, /NS_ERROR/, `Bad chain data starting "${badChain.substring(0, 80)}" ` + + "should be rejected"); + } + + // Check the streaming interface works OK when a good chain / data + // combination is provided + chain1 = oneCRLChain.join("\n"); + verifier = getSignatureVerifier(); + verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME); + verifier.update(DATA); + ok(verifier.end(), + "A good signature should verify using the stream interface"); + + // Check that the streaming interface works with multiple update calls + verifier = getSignatureVerifier(); + verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME); + for (let c of DATA) { + verifier.update(c); + } + ok(verifier.end(), + "A good signature should verify using multiple updates"); + + // Check that the streaming interface works with multiple update calls and + // some data provided in CreateContext + verifier = getSignatureVerifier(); + let start = DATA.substring(0, 5); + let rest = DATA.substring(start.length); + verifier.createContext(start, GOOD_SIGNATURE, chain1, ONECRL_NAME); + for (let c of rest) { + verifier.update(c); + } + ok(verifier.end(), + "A good signature should verify using data in CreateContext and updates"); + + // Check that a bad chain / data combination fails + verifier = getSignatureVerifier(); + verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME); + ok(!verifier.end(), + "A bad signature should fail using the stream interface"); + + // Check that re-creating a context throws ... + verifier = getSignatureVerifier(); + verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME); + + // ... firstly, creating a context explicitly + throws(() => { + verifier.createContext(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME); + }, /NS_ERROR/, "Ensure a verifier cannot be re-used with createContext"); + + // ... secondly, by calling verifyContentSignature + throws(() => { + verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME); + }, /NS_ERROR/, "Ensure a verifier cannot be re-used with verifyContentSignature"); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem new file mode 100644 index 000000000..f58505cd3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0TCCAbugAwIBAgIUPcKbBQpKwTzrrlqzM+d3z5DWiNUwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBExDzANBgNVBAMMBmludC1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMlMCMwDAYDVR0TBAUwAwEB/zAT +BgNVHSUEDDAKBggrBgEFBQcDAzALBgkqhkiG9w0BAQsDggEBADDPjITgz8joxLRW +wpLxELKSgO/KQ6iAXztjMHq9ovT7Fy0fqBnQ1mMVFr+sBXLgtUCM45aip6PjhUXc +zs5Dq5STg+kz7qtmAjEQvOPcyictbgdu/K7+uMhXQhlzhOgyW88Uk5vrAezNTc/e +TvSmWp1FcgVAfaeMN/90nzD1KIHoUt7zqZIz9ub8jXPVzQNZq4vh33smZhmbdTdV +DaHUyef5cR1VTEGB+L1qzUIQqpHmD4UkMNP1nYedWfauiQhRt6Ql3rJSCRuEvsOA +iBTJlwai/EFwfyfHkOV2GNgv+A5wHHEjBtF5c4PCxQEL5Vw+mfZHLsDVqF3279ZY +lQ6jQ9g= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec new file mode 100644 index 000000000..4134a73c6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-CA +extension:basicConstraints:cA, +extension:extKeyUsage:codeSigning diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem new file mode 100644 index 000000000..fbd0d7980 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8DCCAdqgAwIBAgIUeWWcI0wMEtNxrf9r/WvrV4Y5DFQwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH +Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr +IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ +sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA +dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE +LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjPTA7MBMGA1UdJQQM +MAoGCCsGAQUFBwMDMCQGA1UdEQQdMBuCGW9uZUNSTC1zaWduZXIubW96aWxsYS5v +cmcwCwYJKoZIhvcNAQELA4IBAQBTTQDoiUsS4p1kfxxqOaL1vUTZyVEDKqiKq1W0 +2smYooB7KrL4yG5zKCwVKXpRlOHG/933jrEWo0SRacY09Qdj/VL1VdPpF6HbQHNc ++znwW4bGZFqtQozlHCYn6+1+3vOI4Y82RfczvqgaJK9rJ4PLuvdZbjAddW79KKdP +0JEsrMzroPGjgAr/iudYAR4lnqYUxpe878O8ncWtKD3jontIxiC58nzgYZBSMCVw +R/T9WwO2XFGGZ3y0DvO02svVfOAF7P8smV/cD7ACgwI0udG9JDwrd3fyMIh92lbU +bIVcCdPNWlFZKJNP8WULSbde4p6WKX1tqnXSDdSZ3b0et4T6 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec new file mode 100644 index 000000000..b69737823 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-CA +subject:ee-int-CA +extension:extKeyUsage:codeSigning +extension:subjectAlternativeName:oneCRL-signer.mozilla.org diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem new file mode 100644 index 000000000..999885dcf --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICQjCCASygAwIBAgIUeWWcI0wMEtNxrf9r/WvrV4Y5DFQwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05q +nAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyD +dKpuqc6jPTA7MBMGA1UdJQQMMAoGCCsGAQUFBwMDMCQGA1UdEQQdMBuCGW9uZUNS +TC1zaWduZXIubW96aWxsYS5vcmcwCwYJKoZIhvcNAQELA4IBAQAdPgCR5gCHDNv/ +RXgLEcsGDS/kvBpVilsz6+DQpg/9tfDoMb4QOM/BDXqrm3ndt6mBs61cImvd3R29 +47Kej5a/BlFHqdM4Il2iqmjb7CfICAtnQ46dxGamQwr4fR8iD7Etlc71bcygsSL9 +u4CvD1pUTm2xyDfLMAy9phkI6RouvSnt5hk8MI7q1x6RCfJDflU1EdGdeJyOajeD +fYAW6kanTkcjnOkpBCQrfK2xY27OVgWqw/yoBUHrtxDHIV5cE9+SckF5gTP9JbNq +MjATfQx6XeLC8TbtuhK4Vo5RLfbKzP74748ko9qwKRK3F5hGOqFBaCxyTX7jVblS +Td7ydc86 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec new file mode 100644 index 000000000..2034a7299 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:int-CA +subject:ee-int-CA +subjectKey:secp384r1 +extension:extKeyUsage:codeSigning +extension:subjectAlternativeName:oneCRL-signer.mozilla.org diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem new file mode 100644 index 000000000..725374c14 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHDCCAQagAwIBAgIUNVa2/jSdRUf8hvS8AEu+NWYfnwkwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05q +nAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyD +dKpuqc6jFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEA +h0470fGH1d3Gmeu1LCTH44p7FRvTx/+MR7X8Ava3wzl593jpLlBd0vJY6JWL7z4u +kfnSAvTh2S96Dx3jPv0dZLUTHSyTQAWsWmnD2lyjQ/SIoFIE+NewJLdoEqcWflbh +Q49IIIsTC3OfUIYa1dxhhOpYNtj2esWM7JePnVIxk3+G8QYUfnFIEutZvXaBjAib +6dk4NZncXZjMTMOm9VvgbCP7gGie8k+30Q0Y7mRAQQxbU9HIWv/9tUzLw7qR5ZyV +1eIP8w00ReO8Jmk7Tfq9xRmIMBlDymM8IBh1Khi/0vvrhgCHEXTjrVsjFQZ2JYvB +Qn8GjIS109A7WVE8xhUbMQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec new file mode 100644 index 000000000..fc0874be0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-CA +subject:ee-int-CA +subjectKey:secp384r1 +extension:extKeyUsage:codeSigning diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem new file mode 100644 index 000000000..91f5e2dea --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICJTCCAQ+gAwIBAgIUeWWcI0wMEtNxrf9r/WvrV4Y5DFQwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwWTATBgcqhkjOPQIBBggqhkjO +PQMBBwNCAARPv7u7YeD4+bGmClmshwTi7AULQj489y6SPyxPeUtFXCpp0jNFbDbE +EZ0HBuAO7cjRk5DXmRt7LQejBOqgSqbAoz0wOzATBgNVHSUEDDAKBggrBgEFBQcD +AzAkBgNVHREEHTAbghlvbmVDUkwtc2lnbmVyLm1vemlsbGEub3JnMAsGCSqGSIb3 +DQEBCwOCAQEAZdHYo1BBgUO2sRvPIC3AQz+7MIdEFHoOZapM7eDK+G/4mnIEj5z5 +XW/n5hLop160K4hr+kUcW63XxisuuOBBvclnE9dgg0Sb0rFvJCVz7t1D4QHwWdou +Sd0wXXTT+zeh40KPt2LSS6rT37o8TI1VTE7XkjfXGufKDQHk08sKEDgyab6Hy8gz +eVcm2sMv+hwaMvFTjUws4o7zvcTqEvTa+4KxyySYDXB29jcKu60Sdjcm4hlNgJjU +tQZTTV+k+yjg8oQKuNM0YWiKisJO/HtkHLTUyHwjiY+OV2krzoPCHvmUeSOhf2Gk +bdOy6AgcCgqmjOFiCmWMJMKb7EvXfvVMXQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec new file mode 100644 index 000000000..f5cb96226 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:int-CA +subject:ee-int-CA +subjectKey:secp256r1 +extension:extKeyUsage:codeSigning +extension:subjectAlternativeName:oneCRL-signer.mozilla.org diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem new file mode 100644 index 000000000..7bac9e8c7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUzCCAT2gAwIBAgIUJ1BtYqWRwUsVaZCGPp9eTHIC04QwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05q +nAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyD +dKpuqc6jTjBMMBMGA1UdJQQMMAoGCCsGAQUFBwMDMDUGA1UdEQQuMCyCKnJlbW90 +ZW5ld3RhYi5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzALBgkqhkiG9w0B +AQsDggEBALiLck6k50ok9ahVq45P3feY1PeUXcIYZkJd8aPDYM+0kfg5+JyJBykA +mtHWPE1QQjs7VRMfaLfu04E4UJMI2V1AON1qtgR9BQLctW85KFACg2omfiCKwJh0 +5Q8cxBFx9BpNMayqLJwHttB6oluxZFTB8CL/hfpbYpHz1bMEDCVSRP588YBrc8mV +OLqzQK+k3ewwGvfD6SvXmTny37MxqwxdTPFJNnpqzKAsQIvz8Skic9BkA1NFk0Oq +lsKKoiibbOCmwS9XY/laAkBaC3winuhciYAC0ImAopZ4PBCU0AOHGrNbhZXWYQxt +uHBj34FqvIRCqgM06JCEwN0ULgix4kI= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec new file mode 100644 index 000000000..44fa64518 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:int-CA +subject:ee-int-CA +subjectKey:secp384r1 +extension:extKeyUsage:codeSigning +extension:subjectAlternativeName:remotenewtab.content-signature.mozilla.org diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem new file mode 100644 index 000000000..b1ac172b1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbegAwIBAgIUKRLJoCmk0A6PHrNc8CxFn//4BYcwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyUwIzAMBgNVHRMEBTADAQH/MBMGA1Ud +JQQMMAoGCCsGAQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEAABgMK6EyVIXTjD5qaxPO +DWz6yREACmAQBcowKWvfhwgi27DPSXyFGDbzTPEo+7RrIcXJkVAhLouGT51fCwTZ +zb6Sgf6ztX7VSppY9AT4utvlZKP1xQ5WhIYsMtdHCHLHIkRjeWyoBEfUx50UXNLK +Snl+A02GKYWiX+TLLg2DPN2s7v/mm8NLMQNgUlL7KakB2FHFyPa8otPpL4llg7UJ +iBTVQ0c3JoiVbwZaY1Z8QinfMXUrTK9egUC4BAcId1dE8glzA5RRlw1fTLWpGApt +hUmbDnl9N2a9NhGX323ypNzIATexafipzWe7bc4u/+bFdrUqnKUoEka73pZBdHdA +FQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem.certspec new file mode 100644 index 000000000..f5e387b0c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, +extension:extKeyUsage:codeSigning diff --git a/security/manager/ssl/tests/unit/test_content_signing/moz.build b/security/manager/ssl/tests/unit/test_content_signing/moz.build new file mode 100644 index 000000000..83e797900 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/moz.build @@ -0,0 +1,19 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'content_signing_int.pem', +# 'content_signing_onecrl_RSA_ee.pem', +# 'content_signing_onecrl_ee.pem', +# 'content_signing_onecrl_no_SAN_ee.pem', +# 'content_signing_onecrl_wrong_key_ee.pem', +# 'content_signing_remote_newtab_ee.pem', +# 'content_signing_root.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_content_signing/pysign.py b/security/manager/ssl/tests/unit/test_content_signing/pysign.py new file mode 100644 index 000000000..c68c45b52 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/pysign.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +""" +Create an ECDSA signature on the P-384 curve using the SHA-384 hash of data from +stdin. The key used for the signature is the secp384r1Encoded key used in pykey +and pycert. + +The certificates for the content signature tests make use of this program. +You can use pysign.py like this: + +cat test.txt | python pysign.py > test.txt.signature +""" + +import base64 +import binascii +import ecc +import pykey + +from sys import stdin + +data = stdin.read() + +key = ecc.Key.Key.decode(binascii.unhexlify(pykey.ECCKey.secp384r1Encoded)) +sig = key.sign("Content-Signature:\00" + data, 'sha384') +print base64.b64encode(sig).replace('+', '-').replace('/', '_') diff --git a/security/manager/ssl/tests/unit/test_content_signing/test.txt b/security/manager/ssl/tests/unit/test_content_signing/test.txt new file mode 100644 index 000000000..2daac1cb0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/test.txt @@ -0,0 +1 @@ +This is a test file to test content-signature verification with a PKI. diff --git a/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature b/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature new file mode 100644 index 000000000..e61398147 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature @@ -0,0 +1 @@ +hSvmvvA7_QLedDsjRJGBevqLwjPILx1EtWSPP4A0fepaWWPuuZRB8VfDT2j07bKDacRsbmJjmvg_R4CpKmnoWF8-2w5lSszlFFDqYSvQVQxpKhu-HMM_qquu_l0KecQ2 diff --git a/security/manager/ssl/tests/unit/test_datasignatureverifier.js b/security/manager/ssl/tests/unit/test_datasignatureverifier.js new file mode 100644 index 000000000..0479c4d3f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_datasignatureverifier.js @@ -0,0 +1,193 @@ +"use strict"; + +const keys = [ +// RSA key +"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK426erD/H3XtsjvaB5+PJqbhj" + +"Zc9EDI5OCJS8R3FIObJ9ZHJK1TXeaE7JWqt9WUmBWTEFvwS+FI9vWu8058N9CHhD" + +"NyeP6i4LuUYjTURnn7Yw/IgzyIJ2oKsYa32RuxAyteqAWqPT/J63wBixIeCxmysf" + +"awB/zH4KaPiY3vnrzQIDAQAB", + +// RSA key +"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHe69VsjNCwnGF9YGZLgnobp3D" + +"c1KgWzpbT+f12vVKkV3YBpA9KMVMy6wpxlDjvLJjfp/0HvaH7aaz/7kgxZw70Y60" + +"LaJtkAcl1ZVAxS2lQKRTAzZ0RhoTSI1xVqGTjiQakgVdUeghtnqqwp5o1inZv3Qh" + +"nUOMNPyAV8zGt+ZQHQIDAQAB", + +// Invalid key data ("foobar" base 64 encoded) +"Zm9vYmFy" +]; + +const data = [ +"Test data for data signature verifier", +"The quick brown fox jumps over the lazy dog..." +]; + +const signatures = [ +// Key 0, Data 0, MD2 hash algorithm +"MIGTMA0GCSqGSIb3DQEBAgUAA4GBALe3hO76UCpI8b1/oJUCIPmC6AbnMAMlAqo7" + +"pc3TaWmU9wISWmXSrwNmr/QQNjWDn4nzQn8/K/Ac+tszaXib6fVLKA1a6e+/E0qE" + +"OIKFwUiDWCkGDgxM8aYiTgoSZub/5rokgse+ivuCRSVTv9mSxRzKwj+Cvp1EjKCT" + +"iIl3nnTh", + +// Key 0, Data 0, MD5 hash algorithm +"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAGGb2QkA8LcA+QZj1SoVFmMpVTd9P5Ac0Rjb" + +"ldouMmngztMV/dxymVKCpknqelhsxTQ/zaqGZ4KKzcIffJa9jXi5XUD8XzDIKcFE" + +"dQvti8oUNDPb6l1ybETI8LKh2ywyBCSZ/Q5BwUeS9nfx+4cAnu9YZf29SGljit+Y" + +"XLPKZ+of", + +// Key 0, Data 0, SHA1 hash algorithm +"MIGTMA0GCSqGSIb3DQEBBQUAA4GBAHcl6tqR5yjTDUJ5NiLOdIB4I6/C/rS2WW5a" + +"7MVhYYhBgaZyGaem4LLT/REloOOLwPNMcmSEpwexqMSATbl9AAoJPq/wO3l4cZpO" + +"tDkLlafsiwnqK156YvHp50zUq5Os28d6Bq/Nl2qjH1yizwlIEo0o9qo8Cq6QK3j2" + +"MdFCopgk", + +// Key 0, Data 0, SHA256 hash algorithm +"MIGTMA0GCSqGSIb3DQEBCwUAA4GBAAOtDvzWwbYK7zLUz0F3e3wmkL1YWXuD/GzQ" + +"LgwOg6VWtn9v54M9nfv/+iX+m4udzIwHZU7utYM31vtwqRC36l0QKo2VMbiLySX+" + +"uHnSK40Kk4SfBvMF1wuz6BQ8ia8uTjPPfC764dB1N7gQdgdRevLTrh2EU6+DLmSS" + +"Sm1QJm9/", + +// Key 0, Data 0, SHA384 hash algorithm +"MIGTMA0GCSqGSIb3DQEBDAUAA4GBAMWB3DskcGuGXpi3TO2Pm0g915EIvm5aOeXQ" + +"sbs0ZGOwPyzYN1kKOmEpGHMeRhcIIBcF80ZC5N6dsTxeMGkFGOqhvB/HNl7gXMqF" + +"OA8mG9vAcwfMeJlY4H5WbYD8bUn72UbIuS+sURLvWVhuIFBYPHHU7KVUaGAWl0rp" + +"hCa4Dk37", + +// Key 0, Data 0, SHA512 hash algorithm +"MIGTMA0GCSqGSIb3DQEBDQUAA4GBAFkm61zH8Y0J5PA4GtOvoZA6w/SzHg5jFP11" + +"gmXki81VgKwLF7Gyj4wRBX7Q9c8cNrNeoGZb12NUUxlR+u6J6VxcosVPKrCz7Xfj" + +"LPi6+A1dNV5eH2B6tZR6wIiEatAWNIXxQZEJbj9BWefRFq6NnKhR5A/MEPnrZyoR" + +"Da3YsDV3", + +// Key 0, Data 1, MD2 hash algorithm +"MIGTMA0GCSqGSIb3DQEBAgUAA4GBAJjwosJK6jV9Bt6HhrFn7+48LRhamjWjzs7a" + +"cf5D/GTuul6aQQvQJ4Lt26KTyh3VglaQJFToH0Ik/fR1lOJS3tCPr1RRH06cKZgK" + +"haoUaGR8rmtn678wX067q7ACmKPeqmgj71pHm7O5YgN3z45iAazbUHP4erdbFUf9" + +"4rOr3L2f", + +// Key 0, Data 1, MD5 hash algorithm +"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAC0EAoHWTb4CC+gw7fs5zMaZw7PWoDH1rXMD" + +"dKoMBDmAW1EXZTfUGUTv0ga3VzuPJKuHHZOFVyFDnt4qFrefzzWs17LiPpN+yVgo" + +"6vBnpXLeIp7D9n94bz56gv9NZZmy02XQVKDaRc3E4JBC7Ze7RAHuKtWuZRTUKF86" + +"VXakwW3a", + +// Key 0, Data 1, SHA1 hash algorithm +"MIGTMA0GCSqGSIb3DQEBBQUAA4GBABkClr0Ot3aXBKYIiARdwpX8etDQO/Eqjxe8" + +"pJyaqwj/P+x8j9/CbtJKJJTxvYmV9AhdgLPgoWjcTkfvqKdb1vpKKbV30QC/TEnu" + +"ON+66MJgkwrZw6NCDyBRgMTjf4FWR75Ot1DLuu3+7uCswKCJe8la0HMm/AcqUzu1" + +"SKOPMseI", + +// Key 0, Data 1, SHA256 hash algorithm +"MIGTMA0GCSqGSIb3DQEBCwUAA4GBAE2cIr6Uzo7RISkGgCA5m4K8s9+0iHwzr2u/" + +"3ICUrTPe4RY2g9RLd6qkwaHD101LW5TQw71fhePIxfWHEhWtTCLS5DnGiucxfGKW" + +"47gOBJIYf0DG7o5N4lA99j2Zuj+V+yjAcLfq7Su5FwASbD30KqCue1/F03qdXUxj" + +"ciJeGo2b", + +// Key 0, Data 1, SHA384 hash algorithm +"MIGTMA0GCSqGSIb3DQEBDAUAA4GBAK+JfKJNBjw2d2iXT/pe9xMXPkLSkf+gjG2i" + +"F7B0kBvMGyOVxuvQ4TCx+NFhAUevQugDHgBMkmAieg8mApcWWFWQ+8rbdUFv/hD7" + +"fHW+QukMgcfLMquh0GtDuoM8ZKFBBvwnPGLLUh+ZMy8fEOjjH+s6bQQSpf072SSJ" + +"K+Uo8DG2", + +// Key 0, Data 1, SHA512 hash algorithm +"MIGTMA0GCSqGSIb3DQEBDQUAA4GBAEEvDpyBssG0qFfRamNwkwSjhqYRVFdIa6+E" + +"xfxdRqW/nxN5HuzFA8aajgSMXX0YFWPXV7OuVjCCJfZWhq7kQpTy96AmI/04rVdr" + +"9gc5mc2tdLl3Yk/Qd+Xq8WYcQIZ5Ewyo7sr8eKtVhtEM8OtPR54FO2s1pkZwJdVf" + +"ymMzHBoE", + +// Key 1, Data 0, MD5 hash algorithm +"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAAIzLho2i5jfJ5SPPV/u2gUuefzhjEAsUhlL" + +"Nir4FKhNzB2DZNbME9DtgNvdmZd00IjydYlaJ0dnLiMigXIaRJsyncYazULZdY6i" + +"i7oP6llbXbszSTbHGolr5kQ+6cZPBBATOkJ+wekDdlvh5cZ+B0Lux4LevUDlGWAy" + +"uR7bqrc5", + +// Key 1, Data 0, SHA512 hash algorithm +"MIGTMA0GCSqGSIb3DQEBDQUAA4GBABsjF8K/SIaY3KTeIGpPEwl1+ZXLKBaHxlRT" + +"b37PhorSfqW1KFjquCEASUUeFwCQ14uUIBaRQV2haRGA0dRpuWr4zrWZMcDKOsmX" + +"r5XRvcti9/lNqoIID/Mq0tKtS6aVFZpoHIrwbXpV4hV+BRGhaPxV3RBzEIzM7bWJ" + +"tN3JY9+1", + +// Key 1, Data 1, MD5 hash algorithm +"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAIAxRPXDAT2LBcOo7yTNr5uIZbPW9rkSX0Ba" + +"h4sq6YRcxlnohaE2VO0CLGXFNwaBihhkkp+2dA76EvbMo/+O9XTWwroqtWWwvmxs" + +"tWK6HvwYKnGFKOOZMOjNjmXjk446UVvxYCbU+NPM1LZTewT1/UpPWWRowF/lwX7m" + +"SnT8d2ds", + +// Key 1, Data 1, SHA512 hash algorithm +"MIGTMA0GCSqGSIb3DQEBDQUAA4GBAF0+XYD/r0Annz1GJ24GTkAlWY/OixCSV6Ix" + +"OMM7P2d/jgOP+ICKIpxqaSE0CbkLiegUiidIOWvFqDxQJWlAAukDUWISGFfJMFxX" + +"3jzJ0bBfeNY/1Qo8jMQopcNco/NlNgoSKAUOBtk31aFgNoVC3kWUk6pO97KEiJ+e" + +"bQp9Z2/M", + +// Invalid signature data ("foobar" base 64 encoded) +"Zm9vYmFy" +]; + +const tests = [ +// Data Signature Key Expected Throws +// Pass cases + [0, 0, 0, true, false], //0 + [0, 1, 0, true, false], //1 + [0, 2, 0, true, false], //2 + [0, 3, 0, true, false], //3 + [0, 4, 0, true, false], //4 + [0, 5, 0, true, false], //5 + [1, 6, 0, true, false], //6 + [1, 7, 0, true, false], //7 + [1, 8, 0, true, false], //8 + [1, 9, 0, true, false], //9 + [1, 10, 0, true, false], //10 + [1, 11, 0, true, false], //11 + [0, 12, 1, true, false], //12 + [0, 13, 1, true, false], //13 + [1, 14, 1, true, false], //14 + [1, 15, 1, true, false], //15 +// Incorrect data cases + [1, 0, 0, false, false], //16 + [1, 1, 0, false, false], //17 + [1, 2, 0, false, false], //18 + [1, 3, 0, false, false], //19 + [1, 4, 0, false, false], //20 + [1, 5, 0, false, false], //21 + [0, 6, 0, false, false], //22 + [0, 7, 0, false, false], //23 + [0, 8, 0, false, false], //24 + [0, 9, 0, false, false], //25 + [0, 10, 0, false, false], //26 + [0, 11, 0, false, false], //27 +// Incorrect key cases + [0, 1, 1, false, false], //28 + [0, 5, 1, false, false], //29 + [1, 7, 1, false, false], //30 + [1, 11, 1, false, false], //31 + [0, 12, 0, false, false], //32 + [0, 13, 0, false, false], //33 + [1, 14, 0, false, false], //34 + [1, 15, 0, false, false], //35 +// Invalid data cases + [0, 0, 2, false, true], //36 + [0, 1, 2, false, true], //37 + [0, 16, 0, false, true], //38 + [1, 16, 0, false, true], //39 +]; + +function run_test() { + let verifier = Cc["@mozilla.org/security/datasignatureverifier;1"] + .createInstance(Ci.nsIDataSignatureVerifier); + + for (let testCase of tests) { + let testShouldThrow = testCase[4]; + if (testShouldThrow) { + throws(() => { + verifier.verifyData(data[testCase[0]], signatures[testCase[1]], + keys[testCase[2]]); + }, /NS_ERROR_FAILURE/, `Test "${testCase}" should throw`); + } else { + let result = verifier.verifyData(data[testCase[0]], + signatures[testCase[1]], + keys[testCase[2]]); + equal(result, testCase[3], + `Actual and expected result should match for test "${testCase}"`); + } + } +} diff --git a/security/manager/ssl/tests/unit/test_der.js b/security/manager/ssl/tests/unit/test_der.js new file mode 100644 index 000000000..674e939d9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_der.js @@ -0,0 +1,219 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Tests DER.jsm functionality. + +var { DER } = Cu.import("resource://gre/modules/psm/DER.jsm", {}); + +function run_simple_tests() { + throws(() => new DER.DER("this is not an array"), /invalid input/, + "should throw given non-array input"); + throws(() => new DER.DER([0, "invalid input", 1]), /invalid input/, + "should throw given non-byte data (string case)"); + throws(() => new DER.DER([31, 1, {}]), /invalid input/, + "should throw given non-byte data (object case)"); + throws(() => new DER.DER([0.1, 3, 1]), /invalid input/, + "should throw given non-byte data (non-integer case)"); + throws(() => new DER.DER([1, 3, -1]), /invalid input/, + "should throw given non-byte data (negative integer case)"); + throws(() => new DER.DER([1, 300, 79]), /invalid input/, + "should throw given non-byte data (large integer case)"); + + let testReadByte = new DER.DER([0x0a, 0x0b]); + equal(testReadByte.readByte(), 0x0a, "should read 0x0a"); + equal(testReadByte.readByte(), 0x0b, "should read 0x0b"); + throws(() => testReadByte.readByte(), /data truncated/, + "reading more data than is available should fail"); + + let testReadBytes = new DER.DER([0x0c, 0x0d, 0x0e]); + deepEqual(testReadBytes.readBytes(3), [0x0c, 0x0d, 0x0e], + "should read correct sequence of bytes"); + + let testReadNegativeBytes = new DER.DER([0xff, 0xaf]); + throws(() => testReadNegativeBytes.readBytes(-4), /invalid length/, + "reading a negative number of bytes should fail"); + + let testReadZeroBytes = new DER.DER([]); + equal(testReadZeroBytes.readBytes(0).length, 0, + "reading zero bytes should result in a zero-length array"); + + let testReadTooManyBytes = new DER.DER([0xab, 0xcd, 0xef]); + throws(() => testReadTooManyBytes.readBytes(4), /data truncated/, + "reading too many bytes should fail"); + + let testSEQUENCE = new DER.DER([0x30, 0x01, 0x01]); + let content = testSEQUENCE.readTagAndGetContents(DER.SEQUENCE); + equal(content.length, 1, "content should have length 1"); + equal(content[0], 1, "value of content should be [1]"); + ok(testSEQUENCE.atEnd(), "testSEQUENCE should be at the end of its input"); + testSEQUENCE.assertAtEnd(); + + // The length purports to be 4 bytes, but there are only 2 available. + let truncatedSEQUENCE = new DER.DER([0x30, 0x04, 0x00, 0x00]); + throws(() => truncatedSEQUENCE.readTagAndGetContents(DER.SEQUENCE), + /data truncated/, "should get 'data truncated' error"); + + // With 2 bytes of content, there is 1 remaining after reading the content. + let extraDataSEQUENCE = new DER.DER([0x30, 0x02, 0xab, 0xcd, 0xef]); + content = extraDataSEQUENCE.readTagAndGetContents(DER.SEQUENCE); + equal(content.length, 2, "content should have length 2"); + deepEqual(content, [0xab, 0xcd], "value of content should be [0xab, 0xcd]"); + ok(!extraDataSEQUENCE.atEnd(), + "extraDataSEQUENCE should not be at the end of its input"); + throws(() => extraDataSEQUENCE.assertAtEnd(), /extra data/, + "should get 'extra data' error"); + + // The length of 0x81 0x01 is invalid because it could be encoded as just + // 0x01, which is shorter. + let invalidLengthSEQUENCE1 = new DER.DER([0x30, 0x81, 0x01, 0x00]); + throws(() => invalidLengthSEQUENCE1.readTagAndGetContents(DER.SEQUENCE), + /invalid length/, "should get 'invalid length' error"); + + // Similarly, 0x82 0x00 0x01 could be encoded as just 0x01, which is shorter. + let invalidLengthSEQUENCE2 = new DER.DER([0x30, 0x82, 0x00, 0x01, 0x00]); + throws(() => invalidLengthSEQUENCE2.readTagAndGetContents(DER.SEQUENCE), + /invalid length/, "should get 'invalid length' error"); + + // Lengths requiring 4 bytes to encode are not supported. + let unsupportedLengthSEQUENCE = new DER.DER([0x30, 0x83, 0x01, 0x01, 0x01]); + throws(() => unsupportedLengthSEQUENCE.readTagAndGetContents(DER.SEQUENCE), + /unsupported length/, "should get 'unsupported length' error"); + + // Indefinite lengths are not supported (and aren't DER anyway). + let unsupportedASN1SEQUENCE = new DER.DER([0x30, 0x80, 0x01, 0x00, 0x00]); + throws(() => unsupportedASN1SEQUENCE.readTagAndGetContents(DER.SEQUENCE), + /unsupported asn.1/, "should get 'unsupported asn.1' error"); + + let unexpectedTag = new DER.DER([0x31, 0x01, 0x00]); + throws(() => unexpectedTag.readTagAndGetContents(DER.SEQUENCE), + /unexpected tag/, "should get 'unexpected tag' error"); + + let readTLVTestcase = new DER.DER([0x02, 0x03, 0x45, 0x67, 0x89]); + let bytes = readTLVTestcase.readTLV(); + deepEqual(bytes, [0x02, 0x03, 0x45, 0x67, 0x89], + "bytes read with readTLV should be equal to expected value"); + + let peekTagTestcase = new DER.DER([0x30, 0x01, 0x00]); + ok(peekTagTestcase.peekTag(DER.SEQUENCE), + "peekTag should return true for peeking with a SEQUENCE at a SEQUENCE"); + ok(!peekTagTestcase.peekTag(DER.SET), + "peekTag should return false for peeking with a SET at a SEQUENCE"); + peekTagTestcase.readTLV(); + ok(!peekTagTestcase.peekTag(DER.SEQUENCE), + "peekTag should return false for peeking at a DER with no more data"); + + let tlvChoiceTestcase = new DER.DER([0x31, 0x02, 0xaa, 0xbb]); + let tlvChoiceContents = tlvChoiceTestcase.readTLVChoice([DER.NULL, DER.SET]); + deepEqual(tlvChoiceContents, [0x31, 0x02, 0xaa, 0xbb], + "readTLVChoice should return expected bytes"); + + let tlvChoiceNoMatchTestcase = new DER.DER([0x30, 0x01, 0xff]); + throws(() => tlvChoiceNoMatchTestcase.readTLVChoice([DER.NULL, DER.SET]), + /unexpected tag/, + "readTLVChoice should throw if no matching tag is found"); +} + +function run_bit_string_tests() { + let bitstringDER = new DER.DER([0x03, 0x04, 0x03, 0x01, 0x02, 0xf8]); + let bitstring = bitstringDER.readBIT_STRING(); + equal(bitstring.unusedBits, 3, "BIT STRING should have 3 unused bits"); + deepEqual(bitstring.contents, [0x01, 0x02, 0xf8], + "BIT STRING should have expected contents"); + + let bitstringTooManyUnusedBits = new DER.DER([0x03, 0x02, 0x08, 0x00]); + throws(() => bitstringTooManyUnusedBits.readBIT_STRING(), + /invalid BIT STRING encoding/, + "BIT STRING with too many unused bits should throw"); + + // A BIT STRING must have the unused bits byte, and so its length must be at + // least one. + let bitstringMissingUnusedBits = new DER.DER([0x03, 0x00]); + throws(() => bitstringMissingUnusedBits.readBIT_STRING(), + /invalid BIT STRING encoding/, + "BIT STRING with missing unused bits (and no contents) should throw"); + + // The minimal BIT STRING is 03 01 00 (zero bits of padding and zero bytes of + // content). + let minimalBitstringDER = new DER.DER([0x03, 0x01, 0x00]); + let minimalBitstring = minimalBitstringDER.readBIT_STRING(); + equal(minimalBitstring.unusedBits, 0, + "minimal BIT STRING should have 0 unused bits"); + equal(minimalBitstring.contents.length, 0, + "minimal BIT STRING should have empty contents"); + + // However, a BIT STRING with zero bytes of content can't have any padding, + // because that makes no sense. + let noContentsPaddedBitstringDER = new DER.DER([0x03, 0x01, 0x03]); + throws(() => noContentsPaddedBitstringDER.readBIT_STRING(), + /invalid BIT STRING encoding/, + "BIT STRING with no contents with non-zero padding should throw"); +} + +function run_compound_tests() { + let derBytes = + [ 0x30, 0x1a, // SEQUENCE + 0x02, 0x02, 0x77, 0xff, // INTEGER + 0x06, 0x03, 0x2b, 0x01, 0x01, // OBJECT IDENTIFIER + 0x30, 0x07, // SEQUENCE + 0x05, 0x00, // NULL + 0x02, 0x03, 0x45, 0x46, 0x47, // INTEGER + 0x30, 0x06, // SEQUENCE + 0x02, 0x02, 0x00, 0xff, // INTEGER + 0x05, 0x00 ]; // NULL + let der = new DER.DER(derBytes); + let contents = new DER.DER(der.readTagAndGetContents(DER.SEQUENCE)); + let firstINTEGER = contents.readTagAndGetContents(DER.INTEGER); + deepEqual(firstINTEGER, [0x77, 0xff], + "first INTEGER should have expected value"); + let oid = contents.readTagAndGetContents(DER.OBJECT_IDENTIFIER); + deepEqual(oid, [0x2b, 0x01, 0x01], + "OBJECT IDENTIFIER should have expected value"); + + let firstNested = new DER.DER(contents.readTagAndGetContents(DER.SEQUENCE)); + let firstNestedNULL = firstNested.readTagAndGetContents(DER.NULL); + equal(firstNestedNULL.length, 0, + "first nested NULL should have expected value (empty array)"); + let firstNestedINTEGER = firstNested.readTagAndGetContents(DER.INTEGER); + deepEqual(firstNestedINTEGER, [0x45, 0x46, 0x47], + "first nested INTEGER should have expected value"); + firstNested.assertAtEnd(); + + let secondNested = new DER.DER(contents.readTagAndGetContents(DER.SEQUENCE)); + let secondNestedINTEGER = secondNested.readTagAndGetContents(DER.INTEGER); + deepEqual(secondNestedINTEGER, [0x00, 0xff], + "second nested INTEGER should have expected value"); + let secondNestedNULL = secondNested.readTagAndGetContents(DER.NULL); + equal(secondNestedNULL.length, 0, + "second nested NULL should have expected value (empty array)"); + secondNested.assertAtEnd(); + + contents.assertAtEnd(); + der.assertAtEnd(); + + let invalidDERBytes = + [ 0x30, 0x06, // SEQUENCE + 0x30, 0x02, // SEQUENCE + 0x02, 0x01, // INTEGER (missing data) + 0x05, 0x00, // NULL + 0x00, 0x00 ]; // (extra data) + let invalidDER = new DER.DER(invalidDERBytes); + let invalidContents = new DER.DER( + invalidDER.readTagAndGetContents(DER.SEQUENCE)); + let invalidContentsContents = new DER.DER( + invalidContents.readTagAndGetContents(DER.SEQUENCE)); + throws(() => invalidContentsContents.readTagAndGetContents(DER.INTEGER), + /data truncated/, "should throw due to missing data"); + let nestedNULL = invalidContents.readTagAndGetContents(DER.NULL); + equal(nestedNULL.length, 0, "nested NULL should have expected value"); + invalidContents.assertAtEnd(); + throws(() => invalidDER.assertAtEnd(), /extra data/, + "should throw due to extra data"); +} + +function run_test() { + run_simple_tests(); + run_bit_string_tests(); + run_compound_tests(); +} diff --git a/security/manager/ssl/tests/unit/test_enterprise_roots.js b/security/manager/ssl/tests/unit/test_enterprise_roots.js new file mode 100644 index 000000000..de1b3a529 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_enterprise_roots.js @@ -0,0 +1,58 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +// Tests enterprise root certificate support. When configured to do so, the +// platform will attempt to find and import enterprise root certificates. This +// feature is specific to Windows. + +do_get_profile(); // must be called before getting nsIX509CertDB + +function check_no_enterprise_roots_imported(certDB, dbKey = undefined) { + let enterpriseRoots = certDB.getEnterpriseRoots(); + equal(enterpriseRoots, null, "should not have imported any enterprise roots"); + if (dbKey) { + let cert = certDB.findCertByDBKey(dbKey); + // If the garbage-collector hasn't run, there may be reachable copies of + // imported enterprise root certificates. If so, they shouldn't be trusted + // to issue TLS server auth certificates. + if (cert) { + ok(!certDB.isCertTrusted(cert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL), + "previously-imported enterprise root shouldn't be trusted to issue " + + "TLS server auth certificates"); + } + } +} + +function check_some_enterprise_roots_imported(certDB) { + let enterpriseRoots = certDB.getEnterpriseRoots(); + notEqual(enterpriseRoots, null, "should have imported some enterprise roots"); + let enumerator = enterpriseRoots.getEnumerator(); + let foundNonBuiltIn = false; + let savedDBKey = null; + while (enumerator.hasMoreElements()) { + let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert); + if (!cert.isBuiltInRoot && !savedDBKey) { + foundNonBuiltIn = true; + savedDBKey = cert.dbKey; + do_print("saving dbKey from " + cert.commonName); + } + } + ok(foundNonBuiltIn, "should have found non-built-in root"); + return savedDBKey; +} + +function run_test() { + let certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + Services.prefs.setBoolPref("security.enterprise_roots.enabled", false); + check_no_enterprise_roots_imported(certDB); + Services.prefs.setBoolPref("security.enterprise_roots.enabled", true); + let savedDBKey = check_some_enterprise_roots_imported(certDB); + Services.prefs.setBoolPref("security.enterprise_roots.enabled", false); + check_no_enterprise_roots_imported(certDB, savedDBKey); +} diff --git a/security/manager/ssl/tests/unit/test_ev_certs.js b/security/manager/ssl/tests/unit/test_ev_certs.js new file mode 100644 index 000000000..d4aabd888 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs.js @@ -0,0 +1,356 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +// Tests that end-entity certificates that should successfully verify as EV +// (Extended Validation) do so and that end-entity certificates that should not +// successfully verify as EV do not. Also tests related situations (e.g. that +// failure to fetch an OCSP response results in no EV treatment). +// +// A quick note about the certificates in these tests: generally, an EV +// certificate chain will have an end-entity with a specific policy OID followed +// by an intermediate with the anyPolicy OID chaining to a root with no policy +// OID (since it's a trust anchor, it can be omitted). In these tests, the +// specific policy OID is 1.3.6.1.4.1.13769.666.666.666.1.500.9.1 and is +// referred to as the test OID. In order to reflect what will commonly be +// encountered, the end-entity of any given test path will have the test OID +// unless otherwise specified in the name of the test path. Similarly, the +// intermediate will have the anyPolicy OID, again unless otherwise specified. +// For example, for the path where the end-entity does not have an OCSP URI +// (referred to as "no-ocsp-ee-path-{ee,int}", the end-entity has the test OID +// whereas the intermediate has the anyPolicy OID. +// For another example, for the test OID path ("test-oid-path-{ee,int}"), both +// the end-entity and the intermediate have the test OID. + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +do_register_cleanup(() => { + Services.prefs.clearUserPref("network.dns.localDomains"); + Services.prefs.clearUserPref("security.OCSP.enabled"); +}); + +Services.prefs.setCharPref("network.dns.localDomains", "www.example.com"); +Services.prefs.setIntPref("security.OCSP.enabled", 1); +addCertFromFile(certdb, "test_ev_certs/evroot.pem", "CTu,,"); +addCertFromFile(certdb, "test_ev_certs/non-evroot-ca.pem", "CTu,,"); + +const SERVER_PORT = 8888; + +function failingOCSPResponder() { + return getFailingHttpServer(SERVER_PORT, ["www.example.com"]); +} + +class EVCertVerificationResult { + constructor(testcase, expectedPRErrorCode, expectedEV, resolve, + ocspResponder) { + this.testcase = testcase; + this.expectedPRErrorCode = expectedPRErrorCode; + this.expectedEV = expectedEV; + this.resolve = resolve; + this.ocspResponder = ocspResponder; + } + + verifyCertFinished(prErrorCode, verifiedChain, hasEVPolicy) { + equal(prErrorCode, this.expectedPRErrorCode, + `${this.testcase} should have expected error code`); + equal(hasEVPolicy, this.expectedEV, + `${this.testcase} should result in expected EV status`); + this.ocspResponder.stop(this.resolve); + } +} + +function asyncTestEV(cert, expectedPRErrorCode, expectedEV, + expectedOCSPRequestPaths, ocspResponseTypes = undefined) +{ + let now = Date.now() / 1000; + return new Promise((resolve, reject) => { + let ocspResponder = expectedOCSPRequestPaths.length > 0 + ? startOCSPResponder(SERVER_PORT, "www.example.com", + "test_ev_certs", + expectedOCSPRequestPaths, + expectedOCSPRequestPaths.slice(), + null, ocspResponseTypes) + : failingOCSPResponder(); + let result = new EVCertVerificationResult(cert.subjectName, + expectedPRErrorCode, expectedEV, + resolve, ocspResponder); + certdb.asyncVerifyCertAtTime(cert, certificateUsageSSLServer, 0, + "ev-test.example.com", now, result); + }); +} + +function ensureVerifiesAsEV(testcase) { + let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`); + addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,"); + let expectedOCSPRequestPaths = gEVExpected + ? [ `${testcase}-int`, `${testcase}-ee` ] + : [ `${testcase}-ee` ]; + return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected, + expectedOCSPRequestPaths); +} + +function ensureVerifiesAsEVWithNoOCSPRequests(testcase) { + let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`); + addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,"); + return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected, []); +} + +function ensureVerifiesAsDV(testcase, expectedOCSPRequestPaths = undefined) { + let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`); + addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,"); + return asyncTestEV(cert, PRErrorCodeSuccess, false, + expectedOCSPRequestPaths ? expectedOCSPRequestPaths + : [ `${testcase}-ee` ]); +} + +function ensureVerificationFails(testcase, expectedPRErrorCode) { + let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`); + addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,"); + return asyncTestEV(cert, expectedPRErrorCode, false, []); +} + +function verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, expectSuccess) { + let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`); + addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,"); + let now = Date.now() / 1000; + let expectedErrorCode = SEC_ERROR_POLICY_VALIDATION_FAILED; + if (expectSuccess && gEVExpected) { + expectedErrorCode = PRErrorCodeSuccess; + } + return new Promise((resolve, reject) => { + let ocspResponder = failingOCSPResponder(); + let result = new EVCertVerificationResult( + cert.subjectName, expectedErrorCode, expectSuccess && gEVExpected, + resolve, ocspResponder); + let flags = Ci.nsIX509CertDB.FLAG_LOCAL_ONLY | + Ci.nsIX509CertDB.FLAG_MUST_BE_EV; + certdb.asyncVerifyCertAtTime(cert, certificateUsageSSLServer, flags, + "ev-test.example.com", now, result); + }); +} + +function ensureNoOCSPMeansNoEV(testcase) { + return verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, false); +} + +function ensureVerifiesAsEVWithFLAG_LOCAL_ONLY(testcase) { + return verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, true); +} + +function ensureOneCRLSkipsOCSPForIntermediates(testcase) { + let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`); + addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,"); + return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected, + [ `${testcase}-ee` ]); +} + +function verifyWithDifferentOCSPResponseTypes(testcase, responses, expectEV) { + let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`); + addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,"); + let expectedOCSPRequestPaths = gEVExpected + ? [ `${testcase}-int`, `${testcase}-ee` ] + : [ `${testcase}-ee` ]; + let ocspResponseTypes = gEVExpected ? responses : responses.slice(1); + return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected && expectEV, + expectedOCSPRequestPaths, ocspResponseTypes); +} + +function ensureVerifiesAsEVWithOldIntermediateOCSPResponse(testcase) { + return verifyWithDifferentOCSPResponseTypes( + testcase, [ "longvalidityalmostold", "good" ], true); +} + +function ensureVerifiesAsDVWithOldEndEntityOCSPResponse(testcase) { + return verifyWithDifferentOCSPResponseTypes( + testcase, [ "good", "longvalidityalmostold" ], false); +} + +function ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse(testcase) { + return verifyWithDifferentOCSPResponseTypes( + testcase, [ "good", "ancientstillvalid" ], false); +} + +// These should all verify as EV. +add_task(function* plainExpectSuccessEVTests() { + yield ensureVerifiesAsEV("anyPolicy-int-path"); + yield ensureVerifiesAsEV("test-oid-path"); + yield ensureVerifiesAsEV("cabforum-oid-path"); + yield ensureVerifiesAsEV("cabforum-and-test-oid-ee-path"); + yield ensureVerifiesAsEV("test-and-cabforum-oid-ee-path"); + yield ensureVerifiesAsEV("reverse-order-oids-path"); + // In this case, the end-entity has both the CA/B Forum OID and the test OID + // (in that order). The intermediate has the CA/B Forum OID. Since the + // implementation uses the first EV policy it encounters in the end-entity as + // the required one, this successfully verifies as EV. + yield ensureVerifiesAsEV("cabforum-and-test-oid-ee-cabforum-oid-int-path"); +}); + +// These fail for various reasons to verify as EV, but fallback to DV should +// succeed. +add_task(function* expectDVFallbackTests() { + yield ensureVerifiesAsDV("anyPolicy-ee-path"); + yield ensureVerifiesAsDV("non-ev-root-path"); + yield ensureVerifiesAsDV("no-ocsp-ee-path", + gEVExpected ? [ "no-ocsp-ee-path-int" ] : []); + yield ensureVerifiesAsDV("no-ocsp-int-path"); + // In this case, the end-entity has the test OID and the intermediate has the + // CA/B Forum OID. Since the CA/B Forum OID is not treated the same as the + // anyPolicy OID, this will not verify as EV. + yield ensureVerifiesAsDV("test-oid-ee-cabforum-oid-int-path"); + // In this case, the end-entity has both the test OID and the CA/B Forum OID + // (in that order). The intermediate has only the CA/B Forum OID. Since the + // implementation uses the first EV policy it encounters in the end-entity as + // the required one, this fails to verify as EV. + yield ensureVerifiesAsDV("test-and-cabforum-oid-ee-cabforum-oid-int-path"); +}); + +// Test that removing the trust bits from an EV root causes verifications +// relying on that root to fail (and then test that adding back the trust bits +// causes the verifications to succeed again). +add_task(function* evRootTrustTests() { + clearOCSPCache(); + let evroot = certdb.findCertByNickname("evroot"); + do_print("untrusting evroot"); + certdb.setCertTrust(evroot, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.UNTRUSTED); + yield ensureVerificationFails("test-oid-path", SEC_ERROR_UNKNOWN_ISSUER); + do_print("re-trusting evroot"); + certdb.setCertTrust(evroot, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL); + yield ensureVerifiesAsEV("test-oid-path"); +}); + +// Test that if FLAG_LOCAL_ONLY and FLAG_MUST_BE_EV are specified, that no OCSP +// requests are made (this also means that nothing will verify as EV). +add_task(function* localOnlyMustBeEVTests() { + clearOCSPCache(); + yield ensureNoOCSPMeansNoEV("anyPolicy-ee-path"); + yield ensureNoOCSPMeansNoEV("anyPolicy-int-path"); + yield ensureNoOCSPMeansNoEV("non-ev-root-path"); + yield ensureNoOCSPMeansNoEV("no-ocsp-ee-path"); + yield ensureNoOCSPMeansNoEV("no-ocsp-int-path"); + yield ensureNoOCSPMeansNoEV("test-oid-path"); +}); + + +// Under certain conditions, OneCRL allows us to skip OCSP requests for +// intermediates. +add_task(function* oneCRLTests() { + clearOCSPCache(); + + // enable OneCRL OCSP skipping - allow staleness of up to 30 hours + Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", + 108000); + // set the blocklist-background-update-timer value to the recent past + Services.prefs.setIntPref("services.blocklist.onecrl.checked", + Math.floor(Date.now() / 1000) - 1); + Services.prefs.setIntPref( + "app.update.lastUpdateTime.blocklist-background-update-timer", + Math.floor(Date.now() / 1000) - 1); + + yield ensureOneCRLSkipsOCSPForIntermediates("anyPolicy-int-path"); + yield ensureOneCRLSkipsOCSPForIntermediates("no-ocsp-int-path"); + yield ensureOneCRLSkipsOCSPForIntermediates("test-oid-path"); + + clearOCSPCache(); + // disable OneCRL OCSP Skipping (no staleness allowed) + Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 0); + yield ensureVerifiesAsEV("anyPolicy-int-path"); + // Because the intermediate in this case is missing an OCSP URI, it will not + // validate as EV, but it should fall back to DV. + yield ensureVerifiesAsDV("no-ocsp-int-path"); + yield ensureVerifiesAsEV("test-oid-path"); + + clearOCSPCache(); + // enable OneCRL OCSP skipping - allow staleness of up to 30 hours + Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", + 108000); + // set the blocklist-background-update-timer value to the more distant past + Services.prefs.setIntPref("services.blocklist.onecrl.checked", + Math.floor(Date.now() / 1000) - 108080); + Services.prefs.setIntPref( + "app.update.lastUpdateTime.blocklist-background-update-timer", + Math.floor(Date.now() / 1000) - 108080); + yield ensureVerifiesAsEV("anyPolicy-int-path"); + yield ensureVerifiesAsDV("no-ocsp-int-path"); + yield ensureVerifiesAsEV("test-oid-path"); + + clearOCSPCache(); + // test that setting "security.onecrl.via.amo" results in the correct + // OCSP behavior when services.blocklist.onecrl.checked is in the distant past + // and blacklist-background-update-timer is recent + Services.prefs.setBoolPref("security.onecrl.via.amo", false); + // enable OneCRL OCSP skipping - allow staleness of up to 30 hours + Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", + 108000); + // set the blocklist-background-update-timer value to the recent past + // (services.blocklist.onecrl.checked defaults to 0) + Services.prefs.setIntPref( + "app.update.lastUpdateTime.blocklist-background-update-timer", + Math.floor(Date.now() / 1000) - 1); + + yield ensureVerifiesAsEV("anyPolicy-int-path"); + yield ensureVerifiesAsDV("no-ocsp-int-path"); + yield ensureVerifiesAsEV("test-oid-path"); + + clearOCSPCache(); + // test that setting "security.onecrl.via.amo" results in the correct + // OCSP behavior when services.blocklist.onecrl.checked is recent + Services.prefs.setBoolPref("security.onecrl.via.amo", false); + // enable OneCRL OCSP skipping - allow staleness of up to 30 hours + Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", + 108000); + // now set services.blocklist.onecrl.checked to a recent value + Services.prefs.setIntPref("services.blocklist.onecrl.checked", + Math.floor(Date.now() / 1000) - 1); + yield ensureOneCRLSkipsOCSPForIntermediates("anyPolicy-int-path"); + yield ensureOneCRLSkipsOCSPForIntermediates("no-ocsp-int-path"); + yield ensureOneCRLSkipsOCSPForIntermediates("test-oid-path"); + + Services.prefs.clearUserPref("security.onecrl.via.amo"); + Services.prefs.clearUserPref("security.onecrl.maximum_staleness_in_seconds"); + Services.prefs.clearUserPref("services.blocklist.onecrl.checked"); + Services.prefs.clearUserPref( + "app.update.lastUpdateTime.blocklist-background-update-timer"); +}); + +// Prime the OCSP cache and then ensure that we can validate certificates as EV +// without hitting the network. There's two cases here: one where we simply +// validate like normal and then check that the network was never accessed and +// another where we use flags to mandate that the network not be used. +add_task(function* ocspCachingTests() { + clearOCSPCache(); + + yield ensureVerifiesAsEV("anyPolicy-int-path"); + yield ensureVerifiesAsEV("test-oid-path"); + + yield ensureVerifiesAsEVWithNoOCSPRequests("anyPolicy-int-path"); + yield ensureVerifiesAsEVWithNoOCSPRequests("test-oid-path"); + + yield ensureVerifiesAsEVWithFLAG_LOCAL_ONLY("anyPolicy-int-path"); + yield ensureVerifiesAsEVWithFLAG_LOCAL_ONLY("test-oid-path"); +}); + +// Old-but-still-valid OCSP responses are accepted for intermediates but not +// end-entity certificates (because of OCSP soft-fail this results in DV +// fallback). +add_task(function* oldOCSPResponseTests() { + clearOCSPCache(); + + yield ensureVerifiesAsEVWithOldIntermediateOCSPResponse("anyPolicy-int-path"); + yield ensureVerifiesAsEVWithOldIntermediateOCSPResponse("test-oid-path"); + + clearOCSPCache(); + yield ensureVerifiesAsDVWithOldEndEntityOCSPResponse("anyPolicy-int-path"); + yield ensureVerifiesAsDVWithOldEndEntityOCSPResponse("test-oid-path"); + + clearOCSPCache(); + yield ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse( + "anyPolicy-int-path"); + yield ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse("test-oid-path"); +}); diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem new file mode 100644 index 000000000..16c8578ba --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUzCCAj2gAwIBAgIUdTRdmHF1nt5GeEIkzoOGqryTsYEwCwYJKoZIhvcNAQEL +MCAxHjAcBgNVBAMMFWFueVBvbGljeS1lZS1wYXRoLWludDAiGA8yMDE1MTEyODAw +MDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRhbnlQb2xpY3ktZWUt +cGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW +Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk +cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT +AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3 +ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh +s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV +A6zaGAo17Y0CAwEAAaOBhTCBgjBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGG +MWh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9hbnlQb2xpY3ktZWUtcGF0aC1l +ZS8wEQYDVR0gBAowCDAGBgRVHSAAMB4GA1UdEQQXMBWCE2V2LXRlc3QuZXhhbXBs +ZS5jb20wCwYJKoZIhvcNAQELA4IBAQCc4ivLkr+56RCJVvd+Rf/LccwmQAPVUSkF +wE7UsIhzQAUbQSHZcNaNMTI1HmhpysH0FLbxDoIo26L7xQAuBDJ23Vqot15Iizg/ +anfFUFGf2ZWs6R37m1s9VaCUONX/+vpOrPQgqTIGRu7KCWiXw1EgbBsxuRmUDl8S +gxYf1Bv5kTdKo7Bmns3kErlqQn4d42uCl/LEtXi7r3hUHN8VfcmFeN1JjHzVbTg0 +KaLmKVTmF8emaJZFcZrPL3ijrseoqfgpw620pq7Yl6QW68d49l/RvjKrf02UmTut +0048te+z2fmKe/yrTDLiMIQ8gJMiocg2YU0TB7G4b2Y6dsp4A/Mh +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec new file mode 100644 index 000000000..a9175c32e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:anyPolicy-ee-path-int +subject:anyPolicy-ee-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-ee-path-ee/ +extension:certificatePolicies:any +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem new file mode 100644 index 000000000..bcab0c65a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQDCCAiqgAwIBAgIUD6vIeK5yuQLyDr+zHpbaW+0wD3EwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAgMR4wHAYDVQQDDBVhbnlQb2xpY3ktZWUtcGF0aC1pbnQwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk +NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC +fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m +CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM +HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m +1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj +gYAwfjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBOBggrBgEFBQcBAQRCMEAw +PgYIKwYBBQUHMAGGMmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9hbnlQb2xp +Y3ktZWUtcGF0aC1pbnQvMBEGA1UdIAQKMAgwBgYEVR0gADALBgkqhkiG9w0BAQsD +ggEBADc8HhaxO180zcQ2zVqrD7h42/c3KQKf5hcfqdVfcQjcca14TbXuPzVGFa9v ++Qrwf/YCPY95Gt/a4DIU3gX33dCceGTe7psvKN0hivLiRgubCnoGKR20Aig2TmMh +OPoRHvPw1wIR74WEijENVPs8SnMVEoK31Xkj/XgX6v3MhTb5GPDHrgOcrHV1+jtq +Ko4LJwLR0HlkUC+vH70uQf8f/Nz1lPqJiRlh9Vn2t4RQDag2ILDBdH+lo1vJjezH +mizIIpbJQfOEakpWhIrBg1M/6WjfqPK6VBejWqAs75WMNNQ8NKiuPbhY+N6PKj/8 +S6XMJ95yBEzu06da061MBelmcQU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec new file mode 100644 index 000000000..c49f6c4bc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:anyPolicy-ee-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-ee-path-int/ +extension:certificatePolicies:any diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem new file mode 100644 index 000000000..d68714416 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAk6gAwIBAgIUSyt03+W1sNq92wKRpi8je9wO0iAwCwYJKoZIhvcNAQEL +MCExHzAdBgNVBAMMFmFueVBvbGljeS1pbnQtcGF0aC1pbnQwIhgPMjAxNTExMjgw +MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowIDEeMBwGA1UEAwwVYW55UG9saWN5LWlu +dC1wYXRoLWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO +FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr +amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka +sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY +VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n +aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE +MdUDrNoYCjXtjQIDAQABo4GUMIGRME4GCCsGAQUFBwEBBEIwQDA+BggrBgEFBQcw +AYYyaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2FueVBvbGljeS1pbnQtcGF0 +aC1lZS8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcw +FYITZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBADg1ogV4XMjH +vcAxesEyvOWWvxsqNHh1aIovsVzYSTiIrHw8uLsP9ZQ8lyESXwIjGDIj2889k3pa +KifGDAWhakTs8GLaHwwU8Qpu5EF/5QrLhniz9mIeo+jkP0icn81tUhb5k+s46+q3 +7zcJFbQxCFxRROLEZk+ZX/cVqZYXgZKtXELHei4Log0j8kaMAGoTR+/x+dbXTX+o +wnNUXGDrY8KpSZdQZw1bvp0pHYDYPE5nt9t8eg94oE/3nGFkho4Jh8fJmxSbnUQY +FBZQ2ySM/I8H9Cz0b1CX+aQK4uVLH0LtHKe2uF4xeYcfgp9KfcmztDLHNYhQXTnx +WZxgHyA+BmU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec new file mode 100644 index 000000000..1c643c2f9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:anyPolicy-int-path-int +subject:anyPolicy-int-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-int-path-ee/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem new file mode 100644 index 000000000..b4a54cebc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQjCCAiygAwIBAgIUTejPNCi+ZldwCAjvftiELTX+uBAwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAhMR8wHQYDVQQDDBZhbnlQb2xpY3ktaW50LXBhdGgtaW50MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq +5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc +An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39 +ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk +zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u +JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB +o4GBMH8wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwTwYIKwYBBQUHAQEEQzBB +MD8GCCsGAQUFBzABhjNodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvYW55UG9s +aWN5LWludC1wYXRoLWludC8wEQYDVR0gBAowCDAGBgRVHSAAMAsGCSqGSIb3DQEB +CwOCAQEAZSGuT569hIFwu/Us43pVEaZr7G2ZLiU40GkBlSKb/bTaTx96TBLZlaNR +twUhF1/A3GW5lThUGUsG0QliX9JCWpi2xkpOGT3de3l+lG9IMAWU+nsNKqJCkssd +R31IsyUMQii9BRmecHAIQRtHC6qS4no1ihu3w5aouVFhvsL+A5Te8ZEzDpiwR+2k ++urptl3fbl9jY5SnzCkVJtO6DFYq4S/PmiYa/hxhWHq3m6vi7/NKrYI6/ujIlC1a +Q+/1146/SNT72PBxwsE6pMNYP65U4KZpXnAPHqtUvz3qx25ARQPX9N36EPJcWXOJ +mxqiK2IShzSnwPTtRLW0v33qWMT41A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec new file mode 100644 index 000000000..5f5adacc7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:anyPolicy-int-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-int-path-int/ +extension:certificatePolicies:any diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem new file mode 100644 index 000000000..5bbfba9e0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqugAwIBAgIUP6b4yk51KguhcdxInOQFqDVQnyEwCwYJKoZIhvcNAQEL +MD0xOzA5BgNVBAMMMmNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1jYWJmb3J1bS1v +aWQtaW50LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMDwxOjA4BgNVBAMMMWNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1jYWJmb3J1 +bS1vaWQtaW50LXBhdGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a +hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t +FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o +N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d +JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4 +s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgbkwgbYwagYIKwYBBQUHAQEEXjBcMFoG +CCsGAQUFBzABhk5odHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvY2FiZm9ydW0t +YW5kLXRlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1lZS8wKAYDVR0g +BCEwHzAHBgVngQwBATAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYIT +ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAAfSIEX8CSplrc33 +aoWe2NEuQMunJNSHhUk+M00k+4nTTCClTNC7YW8tcNdZ6aliPBVGVN23Sv0lrs08 +lCS04wk+/Dtm45bQ+dhklADIofvyMzhHXTYK6hqN1eXQ+0cMrvZc+A9t7xi/V/J5 +f4e2Vf15UEsjDjILrBxpNvUzJu9XBmpMA2tFwrG5p+PyUlK945umfjqLObd8pLU0 +NK/Wf3uT3Q/ZrsaTf9xFT/+723pweyHCqPK0SbV4CcAVgXnmQVhi25rgZPsNskM4 +rRQ3oKKCdlEX5U1usc4+1H9IPunVK4Q0tsW0Anvnn284ShRM+7k2WxhC9HyGc5K9 +Jcn8jeY= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec new file mode 100644 index 000000000..c72237e45 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:cabforum-and-test-oid-ee-cabforum-oid-int-path-int +subject:cabforum-and-test-oid-ee-cabforum-oid-int-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee/ +extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem new file mode 100644 index 000000000..95c8be6cd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfDCCAmagAwIBAgIUO7XOeVsNdvHXnjEwzmBWRhwYLVcwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjA9MTswOQYDVQQDDDJjYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtY2Fi +Zm9ydW0tb2lkLWludC1wYXRoLWludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBnzCBnDAMBgNVHRMEBTADAQH/ +MAsGA1UdDwQEAwIBBjBrBggrBgEFBQcBAQRfMF0wWwYIKwYBBQUHMAGGT2h0dHA6 +Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUt +Y2FiZm9ydW0tb2lkLWludC1wYXRoLWludC8wEgYDVR0gBAswCTAHBgVngQwBATAL +BgkqhkiG9w0BAQsDggEBAKuq7oEHz2AZ1kD2Y6xx1twwhGa1Iii+l0SjOw3fr6w4 +264nVoCSK8unI0DBXFj4xv3ugKSiYqqV2EFaJUOXcVK8ofq03GSwVKEos5HVHYx9 +A/nVmvxNnIc7wdaHlrWOc0wdWHSUx3s9Gtt2L3XXZ7qhtvv4CGABVphP7cZDewZX ++06/A/js8sHcKCeQp+o6RlqsCRJpJO0t2i7sP0TDGAFKOj86mXG1Bii+1R9W8FzU +IcQZYJV1ht4l32zndRVR2anhHxY+sqZBC4+Tn2Hph6FsnVvV7q5iedyV2NAkQ+xA +DJFsUOokGNad1xn8gR3eFWvz/Zp3M1+UAO7jakZKiIA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec new file mode 100644 index 000000000..92ebdb37f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:cabforum-and-test-oid-ee-cabforum-oid-int-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-cabforum-oid-int-path-int/ +extension:certificatePolicies:2.23.140.1.1 diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem new file mode 100644 index 000000000..1ccb37723 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjjCCAnigAwIBAgIUDTSMnfcFGBwaZXHlyI/kKWHPyXkwCwYJKoZIhvcNAQEL +MCwxKjAoBgNVBAMMIWNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1wYXRoLWludDAi +GA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjArMSkwJwYDVQQDDCBj +YWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBqDCBpTBZBggr +BgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly93d3cuZXhhbXBsZS5jb206 +ODg4OC9jYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0aC1lZS8wKAYDVR0gBCEw +HzAHBgVngQwBATAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYt +dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBABb8sKuyt3smMp0C8iMc +aJm3zuS5Rjwv1h7Nd8E/eSOA14p/V62DWFNdF13Apxy6DsZOb2O5uyKYrZ/7A/8i +ipCwhpC8Fv3fcfBW6nSkQfzxNSYQ9AwBAYs2JTEc2/MRX3U7o6qbxVpVyQu4QYA5 +QU8HlPsq87Ai6wC32M2+BdHlu5y0Qv5MnXYlahJbpABmEKwGZ4eSo1A5IKBZbClV +y+VvmInHMv/P3bi27SBGhLMT/ohHWJ0gmjxWmbSgU+LkyPdsTm7kfFYM83C6o9S7 +MCNFNLMXwfIKLrDPpayWHPlQeYS3r0ywsSF6stm8lKUwPvp+YL/dVB2+SdKf+idt +kus= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec new file mode 100644 index 000000000..36f80e017 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:cabforum-and-test-oid-ee-path-int +subject:cabforum-and-test-oid-ee-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-path-ee/ +extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem new file mode 100644 index 000000000..7f6ac062f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWTCCAkOgAwIBAgIUY/r3cjSLbcqZBXaLaZ3P+1fOgVowCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAsMSowKAYDVQQDDCFjYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0 +aC1pbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAGjgY0wgYowDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwWgYI +KwYBBQUHAQEETjBMMEoGCCsGAQUFBzABhj5odHRwOi8vd3d3LmV4YW1wbGUuY29t +Ojg4ODgvY2FiZm9ydW0tYW5kLXRlc3Qtb2lkLWVlLXBhdGgtaW50LzARBgNVHSAE +CjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQAW1rhYpmdW1ZyMbwBmUZmgUQt2 +Ux66oSK0sIV4r9A6jkh0CiWBSycfINVVXZIwpr+Nf3Ahgk+i9Y2GGrXhG73VPpt1 +G1onjO4lA+BIk/mn7KiewPMEiyyhxr0KAo1xlQlv38XbWtrhUERPiO1F0SCH0eR1 +X0Zz+jIxwl11moFyYtyclD8PLTMoXK2WlAfg0dBbY3VO0KFpb4m0XI9XM2Uj/7SI +tENZ8G3udR/4D7rDtSxlFwNxoL4keB+CFLyDJeUt+3yzM3vlmpfk4kNQiNAiMwHI +zxpqnKTG7myxPscGJV2V9PtUftet8b779e3k4xOxYGbSO2wmjjH1Y0cCbM/w +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec new file mode 100644 index 000000000..79ae7ae80 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:cabforum-and-test-oid-ee-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-path-int/ +extension:certificatePolicies:any diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem new file mode 100644 index 000000000..d0ccbac0a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVDCCAj6gAwIBAgIUd4mge/NQNkIIbQbJ3HKDOf/OPIIwCwYJKoZIhvcNAQEL +MCAxHjAcBgNVBAMMFWNhYmZvcnVtLW9pZC1wYXRoLWludDAiGA8yMDE1MTEyODAw +MDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRjYWJmb3J1bS1vaWQt +cGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW +Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk +cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT +AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3 +ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh +s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV +A6zaGAo17Y0CAwEAAaOBhjCBgzBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGG +MWh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1bS1vaWQtcGF0aC1l +ZS8wEgYDVR0gBAswCTAHBgVngQwBATAeBgNVHREEFzAVghNldi10ZXN0LmV4YW1w +bGUuY29tMAsGCSqGSIb3DQEBCwOCAQEAUIxXzjuDVuDBhhzc3js1G/R4nfZwOfjB +e3FXx8ayy5SzfYnH7hPadAUKQTFVwmMYg3rOKza0/FmOstv/k/EF7DYhti0jmLHs +vXBzPp5Py0YYX56Dcu56khagh/SBBXvrb8/1ew4a39+4QRQ5c0q8dv6Jlyl2MS9f +gfZ+LhNelFDV0TCnHV2kMMSBVxUuPzxEmZdUP3nSLar0uHfr86tf/B5v88PWFvbE +APWxGSK8IZRqoEFRa+E4uFI77rBCi/xAMmz3j+a7Yn+Jwk/erLA8S1EqxaNJfbit +Z33ZtK6A113HhL7H3HG7b60S/wOHHtZC6SwZKgKe31thRjw5yowokA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec new file mode 100644 index 000000000..86fd9aca3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:cabforum-oid-path-int +subject:cabforum-oid-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-oid-path-ee/ +extension:certificatePolicies:2.23.140.1.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem new file mode 100644 index 000000000..e377615fa --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAiugAwIBAgIUXUOtQK+aJ2J+V0n3URZbsU6P6CEwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAgMR4wHAYDVQQDDBVjYWJmb3J1bS1vaWQtcGF0aC1pbnQwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk +NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC +fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m +CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM +HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m +1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj +gYEwfzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBOBggrBgEFBQcBAQRCMEAw +PgYIKwYBBQUHMAGGMmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1 +bS1vaWQtcGF0aC1pbnQvMBIGA1UdIAQLMAkwBwYFZ4EMAQEwCwYJKoZIhvcNAQEL +A4IBAQBzhdaDee1NHVryrmDv4qRvpNX08ogylFYwBfmEZWSbBMTO0znLIzk34/AR +UpHq1AaeirhGTB9jh6j1jzMAI284J9pgstl9Hy+SmmIzk3KLsD5A4vCepBKKgAJO +1XP3ie4L0/Ra1b7aSF7GlhJH7niIGnfOGwvRYem/ckcbS0DsLhZvTgYKJ0oIkgJH +SvEhhL/Npf4/77G1+CHykXTR2tIyQM/HwUm+kurcRw0bf548T77hQpgKNW5aieNE +TJA1ISYEa7el3WBBOc73b68V7M5ph5DXegi7a5xbMpjn5efCBvE2UUS9KETBVuxc +tkinQaqkzDlPr+5PFByURXyz45C/ +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec new file mode 100644 index 000000000..343307164 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:cabforum-oid-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/cabforum-oid-path-int/ +extension:certificatePolicies:2.23.140.1.1 diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.key b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key new file mode 100644 index 000000000..a756a0705 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh ++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU +dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H +cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y +1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t +oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ +5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB +0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+ ++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE +vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9 +HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE +MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V +vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV +7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH +lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V +jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv +nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui +p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ +zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v +4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA +hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C +pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV +bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3 +mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j +LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf +UVFRDKpassHG6z7+kpXRbowlyRY= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec new file mode 100644 index 000000000..1a3d76a55 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec @@ -0,0 +1 @@ +ev diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem new file mode 100644 index 000000000..cd2fd7ed8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx +MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ +OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh +uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94 +rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu +iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY +UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB +Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP +gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn +8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9 +I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3 +91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22 +fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+ +3g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec new file mode 100644 index 000000000..3121f3486 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:evroot +subjectKey:ev +issuerKey:ev +validity:20150101-20350101 +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_ev_certs/moz.build b/security/manager/ssl/tests/unit/test_ev_certs/moz.build new file mode 100644 index 000000000..286097c1c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/moz.build @@ -0,0 +1,48 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'anyPolicy-ee-path-ee.pem', +# 'anyPolicy-ee-path-int.pem', +# 'anyPolicy-int-path-ee.pem', +# 'anyPolicy-int-path-int.pem', +# 'cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem', +# 'cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem', +# 'cabforum-and-test-oid-ee-path-ee.pem', +# 'cabforum-and-test-oid-ee-path-int.pem', +# 'cabforum-oid-path-ee.pem', +# 'cabforum-oid-path-int.pem', +# 'evroot.pem', +# 'no-ocsp-ee-path-ee.pem', +# 'no-ocsp-ee-path-int.pem', +# 'no-ocsp-int-path-ee.pem', +# 'no-ocsp-int-path-int.pem', +# 'non-ev-root-path-ee.pem', +# 'non-ev-root-path-int.pem', +# 'non-evroot-ca.pem', +# 'reverse-order-oids-path-ee.pem', +# 'reverse-order-oids-path-int.pem', +# 'test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem', +# 'test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem', +# 'test-and-cabforum-oid-ee-path-ee.pem', +# 'test-and-cabforum-oid-ee-path-int.pem', +# 'test-oid-ee-cabforum-oid-int-path-ee.pem', +# 'test-oid-ee-cabforum-oid-int-path-int.pem', +# 'test-oid-path-ee.pem', +# 'test-oid-path-int.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) +# +#test_keys = ( +# 'evroot.key', +# 'test-oid-path-int.key', +#) +# +#for test_key in test_keys: +# GeneratedTestKey(test_key) diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem new file mode 100644 index 000000000..bdb27bc87 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDDCCAfagAwIBAgIUX8e03l3JoXPCHh9CMl58PfYnzkowCwYJKoZIhvcNAQEL +MB4xHDAaBgNVBAMME25vLW9jc3AtZWUtcGF0aC1pbnQwIhgPMjAxNTExMjgwMDAw +MDBaGA8yMDE4MDIwNTAwMDAwMFowHTEbMBkGA1UEAwwSbm8tb2NzcC1lZS1wYXRo +LWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62 +iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql +WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq +Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ +ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i +b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY +CjXtjQIDAQABo0MwQTAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoBg3QJATAe +BgNVHREEFzAVghNldi10ZXN0LmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOCAQEA +ciXsc2FRYi4E0cofGtumXR2SzIitXdAXUwSvXz6407BEYIFOv/DnDr+EmpDF7a/Y +rd+7ewODY19FYjw4tcsWY3Yz1key68TFn+BuudyGwuTS2Uq3wQTkP0PMtBNQLQ0S +qZRjH5wJkqn/WSeuYqv4f5bTu2fgfloiCAfKA3Pisrmg0iJ5O7k0QN3QhiCkgbab +LzmssU/YpiS8KwbUPIC5cmt/Y2OLMI4R3GMdNKEm+ykJ79mNysGahtFP8klfcOk4 +F4GYQu1Rmb+sNXvMnFMh5TkforL4rqv/ItGcQx3mvtAhtpZAI65O+oURoXmaQdN1 +6DUFil8O/ybcKph4NE5P0w== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec new file mode 100644 index 000000000..ece1cf816 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec @@ -0,0 +1,4 @@ +issuer:no-ocsp-ee-path-int +subject:no-ocsp-ee-path-ee +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem new file mode 100644 index 000000000..77f66fa60 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDOzCCAiWgAwIBAgIUX0+dCnv5fVmpIQhV708UOhoqNBcwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAeMRwwGgYDVQQDDBNuby1vY3NwLWVlLXBhdGgtaW50MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK +tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N +Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr +sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs +l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl +nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo34w +fDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBMBggrBgEFBQcBAQRAMD4wPAYI +KwYBBQUHMAGGMGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9uby1vY3NwLWVl +LXBhdGgtaW50LzARBgNVHSAECjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQBW +nipIWEgiTZ1MNbN/1+lrhxExtkFdF6nzD3ob1Gsc2oJ3tCa2Oq7uUT6AMJ7aGPz/ +XnFkl6hmzLP0EyVR9un/nL9gkynGFsHzl7OFndE4SriD9ynAdNA1lPE2+gRqYhN4 +O2RxZx+Q61jWmWvPxUi/ihX9EVxYNOwrlu4t1K0G5HhFKMaXnx8dQFLxYGW8y9BF +4c/Met9ocpV+p2b5kaiqEigZWzg14/jjeVkrFggycZOrfjwKOU5ICYY0Ap87yFT0 +ilefvG6syp+1swrM2yKwQIRpfDDjNi0ZxoKkzQ8bENuC6u0okcQs/rttlfRFqkl7 +g+aKagJNH0XrpaNPTsM9 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec new file mode 100644 index 000000000..5eb952a9a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:no-ocsp-ee-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/no-ocsp-ee-path-int/ +extension:certificatePolicies:any diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem new file mode 100644 index 000000000..19b8e6bd1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXjCCAkigAwIBAgIUU04Uw7andDfJBFPO0TwReJsY/VowCwYJKoZIhvcNAQEL +MB8xHTAbBgNVBAMMFG5vLW9jc3AtaW50LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAw +MDAwWhgPMjAxODAyMDUwMDAwMDBaMB4xHDAaBgNVBAMME25vLW9jc3AtaW50LXBh +dGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAGjgZIwgY8wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBo +dHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvbm8tb2NzcC1pbnQtcGF0aC1lZS8w +HwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYt +dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBADN46jobibbTxmEdbvG6 +JS8+vofUrsLIWfEfagl9R+i5Ix33sJRHF+4yrFN1DT7Eg7LJV+cGJh4wyOf0sgJR +LIjQxjIQadvCnEezhrZ7j0TUCZqV9iiO7O/ROo3qgwH8nCrl6qnKQA18FGyJttni +DFGkR1PyvMc3CAPcDfdGODVRLWgQUXtFNOdRrG9IKI2BCAMLr3sItW7aJ9BiO6ow +hqg3XdHUn4kzVbuGuiJsg60oSxNYawKd4oYg2yQctgSVHg/3ZFRDO02ntxUppoem +uQtB+4qHaZgk7m8OFKMQlbq48rpkPHRLIBdIRJJc8WKj+XNsVrezzoU37XE2AFPp +dhI= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec new file mode 100644 index 000000000..623057e9e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:no-ocsp-int-path-int +subject:no-ocsp-int-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/no-ocsp-int-path-ee/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem new file mode 100644 index 000000000..cd496900b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7jCCAdigAwIBAgIUfbT9i6G6QnOCLGdEg6DChw0RBrwwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAfMR0wGwYDVQQDDBRuby1vY3NwLWludC1wYXRoLWludDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1 +SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+ +zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL +K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc +bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW +JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMw +MC4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA +MAsGCSqGSIb3DQEBCwOCAQEAb9WQQmnK6eJUDK/ez/oEKfGxVSw/J6KlPCwHbUtC +JQ6smyBs8E4eq1buQxtRkRDMIsDifSsnCiVXQaMwNR7V+AbJiDl3bU+1lmUtWcP+ +2khUqafvD29OHFcP0EyJ5i4icPJd5/7Kx6rXuTn8avV8oe+Ugq4H0yL7lliL+jvZ +efcLNaeNT5E4jFj2l0cOoWBDdZ2Y8r6cHYDjWxOq1xi8vg4iDNGZKYuyeGwxf9fl +gNG9rUyFxs/kv6pQSiREc4OtqkI9tw3L5wf6UrfZ3553BgfSZX6XdVdWpcGZaetd +rm21WF9oMb5F3PJsUgf/Ustee38VcYO1DVbnEIVumQ3qlQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec new file mode 100644 index 000000000..548241de3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec @@ -0,0 +1,6 @@ +issuer:evroot +subject:no-ocsp-int-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:certificatePolicies:any diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem new file mode 100644 index 000000000..ffb8a6d3b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXjCCAkigAwIBAgIUD597e4LEXa+njJfkqWZ9MlmV2PgwCwYJKoZIhvcNAQEL +MB8xHTAbBgNVBAMMFG5vbi1ldi1yb290LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAw +MDAwWhgPMjAxODAyMDUwMDAwMDBaMB4xHDAaBgNVBAMME25vbi1ldi1yb290LXBh +dGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAGjgZIwgY8wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBo +dHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvbm9uLWV2LXJvb3QtcGF0aC1lZS8w +HwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYt +dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAJ3Cc5jhMe0FBvQ1y0dT +/Jj5VYqFfaYpEEHu3vWfOQ0miY07FjTZmbEmuNGs1pSKuGOpqQwpX97TxIPUH1l+ +31vZqHy4wWhZI7Vt38baPlY1I0+fVb+85+WeBQfgiTMUF2Or/cfj1NtHAzTNOmyb +/H5/41oBydLVLRRh9NQmas3meEtnv1j/TYCuZM+UA31pJIr063kAB2U+vSuVWbSc +gN0Xeq88d3IKW8M02+OQtPGqGwcYnyZgkKjr9ndjB4irRn5yoC/2ruhJEuGw1k84 +zfuArdbfYlNJaPzyWKpPQChA3I7CaYRFwCJ3+8nKTliDiTPuTba/zxisRLIv9ZX+ +FYA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec new file mode 100644 index 000000000..9895732b1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:non-ev-root-path-int +subject:non-ev-root-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/non-ev-root-path-ee/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem new file mode 100644 index 000000000..2223a424c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRDCCAi6gAwIBAgIUbeCcNZk/68aHlCaLR0Mgh09gK9MwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDW5vbi1ldnJvb3QtY2EwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowHzEdMBsGA1UEAwwUbm9uLWV2LXJvb3QtcGF0aC1pbnQw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ +PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH +9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw +4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86 +exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0 +ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N +AgMBAAGjfzB9MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGME0GCCsGAQUFBwEB +BEEwPzA9BggrBgEFBQcwAYYxaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L25v +bi1ldi1yb290LXBhdGgtaW50LzARBgNVHSAECjAIMAYGBFUdIAAwCwYJKoZIhvcN +AQELA4IBAQAo5g/5usQqBIfpaeOFV5X8om69PQdcyke2/hWuTBXciSCZ0VhpgloL +p4EBdh72UZ+HNqiuQ7oKEOBYeA02k11TqZ6kokurabpZjcwrlbkqGSpf+afhK8DK +lhJdXa9WLBZuY87YPXA0pnpAEQMiDchJAa/gG3Qg2yvtEYAYH+MJT3jIMbYlXeep +aLNdcG6E0ByrFYAQCi0WIEvwv7krCEliRgp/a1k+s6V84lNkeBzqfflygOXBXPTY +ws9sg6RxeYBFL3YNU63jonzWfcp9dMusL/Jwdak0r/iwQoSfQGm6X8spjHFKnXUm +Fp/ccMKeWAZl8mQYisK0vQwlclxfPFeO +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec new file mode 100644 index 000000000..5ce035ae1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec @@ -0,0 +1,6 @@ +issuer:non-evroot-ca +subject:non-ev-root-path-int +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/non-ev-root-path-int/ +extension:certificatePolicies:any diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem new file mode 100644 index 000000000..b7560f2dc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2zCCAcWgAwIBAgIUGeBAgifObFMlBPIYGTQEPMZ7W9YwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDW5vbi1ldnJvb3QtY2EwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNbm9uLWV2cm9vdC1jYTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1 +SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+ +zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL +K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc +bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW +JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd +MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCz +X8XmbNmo5v9uMdsHOc7656UJPBX01AkXTAvR9Ny+rCIC70R520o2u43TLcLO3S5e +KkTzqtQUovzMEmbH543Z/7rgQVsd99YrDd24wLpX439D/PJlsx6gBkBiiqJ+8GfG +uGdHTW8ov7fvx20dWlZxdjQXrHdkP8wf0X2VfLC/4PI8fzpWY8LqpJ9GSoKYtBKE +nxSxNr/SJTeEzSUwbNOh1KU4TuYh/GMsZKP5T+08OpTBuFHbcvsOqvyWXSEjRjwf +PmC95zA2ucn57OmFc+CLcnYsmOd5B6Uc/LzWiOIOLtKpslcJz3xB6+2hEv7LnHUp +LKCBs95/9OOqJxO/jYhf +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec new file mode 100644 index 000000000..7b61447a8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:non-evroot-ca +subject:non-evroot-ca +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem new file mode 100644 index 000000000..8bfe3c24c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfDCCAmagAwIBAgIUb0DaaKRK60LnPyfYQvv3fv7MDNUwCwYJKoZIhvcNAQEL +MCYxJDAiBgNVBAMMG3JldmVyc2Utb3JkZXItb2lkcy1wYXRoLWludDAiGA8yMDE1 +MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAlMSMwIQYDVQQDDBpyZXZlcnNl +LW9yZGVyLW9pZHMtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab +bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts +Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI +H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8 +rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX +Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBojCBnzBTBggrBgEFBQcBAQRHMEUw +QwYIKwYBBQUHMAGGN2h0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9yZXZlcnNl +LW9yZGVyLW9pZHMtcGF0aC1lZS8wKAYDVR0gBCEwHzAHBgVngQwBATAUBhIrBgEE +AetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYtdGVzdC5leGFtcGxlLmNvbTAL +BgkqhkiG9w0BAQsDggEBAFHaYdZpIkhnlR8HeiLgSVXhhOh+51dJCMQPGa5GA09W +90/Tct1J28/7DfVUjdvzX80bWTUkbrEsB12qYPJm+d3B3YSqAS2NHWp7eHwMmTbe +F3Hxqvu+maLCX/fm7X8t5vCugKrqbbmIMBZ8mrNasR8B3tKIPBFZOt4p+lUfM3rL +qm7CmQ6OheMcq4pblx6LJMt3CCMPdzyPm6+3Gw9mvBaCXU9exrV1QxxSg8hEpWLw +/ue3cLx9D6zDITlZZxUXJZOegvKFuVit2JIAv6l2zVIp9IzNnANF2oIOOyVMPP4+ +vDRJTKVchp6fxORk2sCexiEHf6pqj2kmUSMdbsSWxsQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec new file mode 100644 index 000000000..31e3e69e5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:reverse-order-oids-path-int +subject:reverse-order-oids-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/reverse-order-oids-path-ee/ +extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem new file mode 100644 index 000000000..105064c6d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAk6gAwIBAgIUY0aJPcvdA0d7Xu3Ph5O2pk4D5tYwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAmMSQwIgYDVQQDDBtyZXZlcnNlLW9yZGVyLW9pZHMtcGF0aC1pbnQw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ +PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH +9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw +4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86 +exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0 +ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N +AgMBAAGjgZ4wgZswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwVAYIKwYBBQUH +AQEESDBGMEQGCCsGAQUFBzABhjhodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgv +cmV2ZXJzZS1vcmRlci1vaWRzLXBhdGgtaW50LzAoBgNVHSAEITAfMBQGEisGAQQB +60mFGoUahRoBg3QJATAHBgVngQwBATALBgkqhkiG9w0BAQsDggEBADCsEQZgIoiq +5XqNnz400S/+sVaHPKl+Zh2mtQiKq2hbIre7rYsO6KISoh52DuAZgrjAd7vbn38g +8iPCZ2qaytaAZzy8UiUuZK4R5pow0aGEbq6AdtHu40lSUsfQ+a0rj7E0zOyGQjVl +PrKlAirzX4YkMyYH0trSvOZgwwIsroIfYhXnxJpqo9fW900z+JUGSWTQbA1tFHPN +9OsM4zyFepbZUqWtf2RZMME63JgUFy3Uvk2vHolEX9OGAegUx7hX0nHIdBCLa5GC +W2Y99olh0T+bk7aULnwAXFmJozIWdpkLmUeNcjWuGvQAniHIm2YhOxg0BVs43VRK +t2759N2s5Lk= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec new file mode 100644 index 000000000..a2b523073 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:reverse-order-oids-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/reverse-order-oids-path-int/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1 diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem new file mode 100644 index 000000000..1fe162bc7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqugAwIBAgIUC4dd0cUXmrLGZVPePwZkFohfd2kwCwYJKoZIhvcNAQEL +MD0xOzA5BgNVBAMMMnRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1jYWJmb3J1bS1v +aWQtaW50LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMDwxOjA4BgNVBAMMMXRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1jYWJmb3J1 +bS1vaWQtaW50LXBhdGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a +hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t +FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o +N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d +JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4 +s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgbkwgbYwagYIKwYBBQUHAQEEXjBcMFoG +CCsGAQUFBzABhk5odHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvdGVzdC1hbmQt +Y2FiZm9ydW0tb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1lZS8wKAYDVR0g +BCEwHzAUBhIrBgEEAetJhRqFGoUaAYN0CQEwBwYFZ4EMAQEwHgYDVR0RBBcwFYIT +ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBALBmgZSBw+XV/TrF +oSJ1IG5kK1en9TYe+8baPhnoPXODSLfO11ljh69VVVgSOexbuEZ0/8g4BOYKjfZ8 +rZxMgBsBbK0lmDcsKsfE4+JVP8YcZ9xK9PTtNSEpLCv0pOaSs0cyhk/VIrlKnK/v +oEqvrcTKpezU8lgfRnG+e3riFfjMhMNZn1oGaPPgHNF0CAU29qdVvkrPySsWIeVk +WbOCh5XfaDZqmSwYWWn7AbVeiCs07bzd0R14/KY1gxVYsoiy/1uSG7QQj82cIt75 +sJja57AGHVtwd43829RYPhNgcDOorSCfErZ5HPQBM75y2Nlsc4f7P6DBrJ8m+Q0E +5+i3niw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec new file mode 100644 index 000000000..edac2fc1a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:test-and-cabforum-oid-ee-cabforum-oid-int-path-int +subject:test-and-cabforum-oid-ee-cabforum-oid-int-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem new file mode 100644 index 000000000..ce757742d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfDCCAmagAwIBAgIUKz60qRXEfxjvGay98Cp6DRZMIywwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjA9MTswOQYDVQQDDDJ0ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtY2Fi +Zm9ydW0tb2lkLWludC1wYXRoLWludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x +nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM +wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF +4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20 +yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx +j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBnzCBnDAMBgNVHRMEBTADAQH/ +MAsGA1UdDwQEAwIBBjBrBggrBgEFBQcBAQRfMF0wWwYIKwYBBQUHMAGGT2h0dHA6 +Ly93d3cuZXhhbXBsZS5jb206ODg4OC90ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUt +Y2FiZm9ydW0tb2lkLWludC1wYXRoLWludC8wEgYDVR0gBAswCTAHBgVngQwBATAL +BgkqhkiG9w0BAQsDggEBAKgWYdHF4n8WXZ9ZYtEZDF9YYh8jI/KMjKK52jqyvh7u +Hxbv9SJe6H0sDqKvoIisRzv4QSMoS2QTHUalFgEXAexPK75mpITiCnShpUx+QFnR +fFjG2Gy4ffC+vxuVThpJtut3SD/a7RAyYc6wP1hjohrtvJdOTmMWIZ7spA/BQaCz +XxiSreJQiNvbuCImC4t9s95xpwcyTD7yWQD2BrJJP69eM/afkF5lKenAVvQhTKa+ +FT/Br5yVyf8lMgjdYK5FljZGJViy7O4KqoUmttgOttFv9EhcqfbGD/Kh6dJ8aJlD +sHAjNsHzyyPij28pN5zmXiKtjuvh4L8juZYVePWG0Fw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec new file mode 100644 index 000000000..68dfd0057 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:test-and-cabforum-oid-ee-cabforum-oid-int-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-cabforum-oid-int-path-int/ +extension:certificatePolicies:2.23.140.1.1 diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem new file mode 100644 index 000000000..ab86be7d9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjjCCAnigAwIBAgIUfYDrsxuoLVA2xXI6wiQM1Ho1ekcwCwYJKoZIhvcNAQEL +MCwxKjAoBgNVBAMMIXRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1wYXRoLWludDAi +GA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjArMSkwJwYDVQQDDCB0 +ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBqDCBpTBZBggr +BgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly93d3cuZXhhbXBsZS5jb206 +ODg4OC90ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0aC1lZS8wKAYDVR0gBCEw +HzAUBhIrBgEEAetJhRqFGoUaAYN0CQEwBwYFZ4EMAQEwHgYDVR0RBBcwFYITZXYt +dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAGxfWJtZkbvUXRKb6ZEw +2gq44URxeB9DuLfLd1qfEINW+NzhXhyd6BZ7ytLMIQjB55MKc3EM1ZNiU59C+BkV +IYQF41p5SqKw7Niq4IcnaAGOfCrvZuRJYhU3jxIeLGLI42jk6yuvg/OZjJ61pi0W +x4CSC3gSJ0oRh/Yg9ZRKo7goNRjH5/UmSGTRF8XqL8+zwTDmUlscON4jKHgZW3iE +01FUS/haX3S/tUHe8cvu0BGrnhlfUvAr8lMeNIV1B89JYyLdwPi4Ce8prOzRQzqp +u1jEu2e62t19SaB3PWyTbDHks6RygVrDdIzZ6dtJUmbl7d8Z7VVuvMNGSq6O+inR +vk4= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec new file mode 100644 index 000000000..affbd8745 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:test-and-cabforum-oid-ee-path-int +subject:test-and-cabforum-oid-ee-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-path-ee/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem new file mode 100644 index 000000000..e508339df --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWTCCAkOgAwIBAgIUW3yHLCNMorwxWwyF6vrFuNsEdAQwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAsMSowKAYDVQQDDCF0ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0 +aC1pbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAGjgY0wgYowDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwWgYI +KwYBBQUHAQEETjBMMEoGCCsGAQUFBzABhj5odHRwOi8vd3d3LmV4YW1wbGUuY29t +Ojg4ODgvdGVzdC1hbmQtY2FiZm9ydW0tb2lkLWVlLXBhdGgtaW50LzARBgNVHSAE +CjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQAXnGkBYTc9jiL1YE4teF+ZRxfk +Tf2AteJYk53suuAUtQ3xgG4UWY9KHIMF/HLT+ZN3SAsJNgAgg/zBLNaTvt6C52hb +TUtfW/803g1AUmHAhWg5lruffYpRnKNJdsi6IvWAQec5EDGT8hwq6F28VmgDr3RT +Je/jgBNzVSifYKQm89f1TJWvdDqWSam0b2ags8l0UPzqHI+GzAn7E2KWamnCXWfD +BZE9VA/KNc13I/K2tv5zZ/m/LKnTUeSS9qCKCWNjZGI0UIChVcie1t4NJbUf8IUD +VyUYTm3Z5rO4PUzcR1q8CWzqgb0aKUoq60BWjnr+eipsE0dmc+9OGVAGh3me +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec new file mode 100644 index 000000000..11630b4b4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:test-and-cabforum-oid-ee-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-path-int/ +extension:certificatePolicies:any diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem new file mode 100644 index 000000000..d130202d7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkTCCAnugAwIBAgIUZXXAUcIl4AT9QKUpEiBvQEk7MZswCwYJKoZIhvcNAQEL +MDAxLjAsBgNVBAMMJXRlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1p +bnQwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLzEtMCsGA1UE +AwwkdGVzdC1vaWQtZWUtY2FiZm9ydW0tb2lkLWludC1wYXRoLWVlMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK +tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N +Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr +sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs +l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl +nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4Gj +MIGgMF0GCCsGAQUFBwEBBFEwTzBNBggrBgEFBQcwAYZBaHR0cDovL3d3dy5leGFt +cGxlLmNvbTo4ODg4L3Rlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1l +ZS8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYIT +ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBACBZnkQzVzZgGJRb +CMAhvJSq9tWlaze1wTsCTo9YJu4/Np2MHdOZqh66saV+6KcNpmuibGwC516ooO9B +OUBXq3fGurYwMuSQmONQ+i8eDIRDGJHrhSPqlEvZzW5tOMzUMgf8e1YeIVIEy4bz +KEbDyc7o4fXpVewOqeD52TdR6RmJjXpbGDlSEqWoH6idvvnIMRuXAwTP3BWtZfRd +w0RM+sEUozTeM1IuWQWe2wJtugLULxroMGJzjyyW0xBPGtrWqi3rdMdz8bKgV0qz +LOC5OClY9gvEScjBS46RwahMLj5gK8K0Cxoqicx87it/mKrh0/IuJAZLHd/MMzAJ +eF525sY= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec new file mode 100644 index 000000000..bd0f955ad --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:test-oid-ee-cabforum-oid-int-path-int +subject:test-oid-ee-cabforum-oid-int-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/test-oid-ee-cabforum-oid-int-path-ee/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem new file mode 100644 index 000000000..60f9e2855 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYjCCAkygAwIBAgIUT58S8MhTFBFpWcGoT3Ni9HEDT6IwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAwMS4wLAYDVQQDDCV0ZXN0LW9pZC1lZS1jYWJmb3J1bS1vaWQtaW50 +LXBhdGgtaW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO +FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr +amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka +sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY +VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n +aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE +MdUDrNoYCjXtjQIDAQABo4GSMIGPMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEG +MF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAYZCaHR0cDovL3d3dy5leGFtcGxl +LmNvbTo4ODg4L3Rlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1pbnQv +MBIGA1UdIAQLMAkwBwYFZ4EMAQEwCwYJKoZIhvcNAQELA4IBAQBwXLEGvl0aJ3Wf +nVJoV9EzL+df9oY0IBpZVpkNSyWQ+111lKMftznJct+mJsuAf23PcHJtUwSWQzaS +W5DTzF32B6FiPPqS2N8v1eIIM/fjNdZXrMEFGfR5MwwoU4IPwjvIgoFT2LGv9PvP +82o5PcEurK/HEhWCvn2r1rLAi1sr0sjd/yHJ6otwweWf6U6fREqzoVqB0HxhbToH +BgR/YmTrFFCvUar/zwH6/G0ZMkJR98q7XairdCDgjlwY6Nk6gXR2noMMHwFeJP+h +QCkXy2/w6332rmEHzokU3z/p0Y3NtEHK8n0+LIxg6akVovHTvLVJy+THUGQjPe0B +pxlHKwek +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec new file mode 100644 index 000000000..37d4d133a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:test-oid-ee-cabforum-oid-int-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/test-oid-ee-cabforum-oid-int-path-int/ +extension:certificatePolicies:2.23.140.1.1 diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem new file mode 100644 index 000000000..67e14e875 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVTCCAj+gAwIBAgIUBR6mXmzAxA30s74v94EkKkcvL/AwCwYJKoZIhvcNAQEL +MBwxGjAYBgNVBAMMEXRlc3Qtb2lkLXBhdGgtaW50MCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMBsxGTAXBgNVBAMMEHRlc3Qtb2lkLXBhdGgtZWUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ +PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH +9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw +4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86 +exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0 +ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N +AgMBAAGjgY8wgYwwSQYIKwYBBQUHAQEEPTA7MDkGCCsGAQUFBzABhi1odHRwOi8v +d3d3LmV4YW1wbGUuY29tOjg4ODgvdGVzdC1vaWQtcGF0aC1lZS8wHwYDVR0gBBgw +FjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYtdGVzdC5leGFt +cGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAKMkVA1VZlzajbBFNqwzSGfUipM1TzqH +YjumITzJSBESfRZPfrtTEFtelfHUVq9Oh4oO8e2RPAgECw/tchZcJW4oYT2+wi1h +rcHK8DutOC5rMpM3HP0tQlSCVtnb5maF9y/Z7mXrYKB3bYsA5gG022b/w91aiA6a +MJqhRe8uv5dA1+SVMjgdJTDn+x8TBBwZlmoPSd2I21mC0C2URXRRZkTM1ZRZWnFQ +brZ94cwfshjpONjPglOiM0p+uVSKhatnP3EqjfQVaTow7+RNPyHXNnaTsgz03j3w +tnNRDhYZuSZzNZcugylGzt/U9nbE5B2VVjFuAw9DuCeUnPUm0EGxwF4= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec new file mode 100644 index 000000000..a9d62c65e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec @@ -0,0 +1,5 @@ +issuer:test-oid-path-int +subject:test-oid-path-ee +extension:authorityInformationAccess:http://www.example.com:8888/test-oid-path-ee/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 +extension:subjectAlternativeName:ev-test.example.com diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key new file mode 100644 index 000000000..8af23e068 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs +VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s +JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI +r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz +iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg +SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R +TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N +gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp +xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r +ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR +3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY +EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs +2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb +WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo +tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl +rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2 +TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit +tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m +ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1 +NBinA5ZsT8d0v3QCr2xDJH9D +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec new file mode 100644 index 000000000..4ad96d515 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec @@ -0,0 +1 @@ +default diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem new file mode 100644 index 000000000..cbfd53b47 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAjGgAwIBAgIURUX21bPV9r+a9MgTdgH/Z0JF7fEwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAcMRowGAYDVQQDDBF0ZXN0LW9pZC1wYXRoLWludDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs +9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8 +HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak +kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet +lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r +kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBizCB +iDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBKBggrBgEFBQcBAQQ+MDwwOgYI +KwYBBQUHMAGGLmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC90ZXN0LW9pZC1w +YXRoLWludC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwCwYJKoZI +hvcNAQELA4IBAQAZpXz9L80yAL7c4NxT761VSaAxlL7djEAFx8XzTRI3Npd7pH9J +GjD08pBw4fJoRkVaZhHMfTylYLR/trURFsBF/P9CCqcKUBk6P2hReEsmSV+nG8xp +zs8M0JEoJbD3gWytwV0LZgc8INkmwo91CYlgvpBqpRrowdyYEc/+pE0lyn6kwjJE +k6OwDnI1sbl3Aid9iMILITqvt9pRTh2ZbcpgXXRifk+LJNNgo+U54+VHEy1sGjFp +/tXOqCeKAV5peEbWnXfewaitKTGBE/6zuEBQTeWzNDcwQwSYvS9oRcLxNn/qIyrj +OIaT9QQeDT0AbHNIRj8npCaZrSxWRMPH12/4 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec new file mode 100644 index 000000000..53534eb52 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:test-oid-path-int +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/test-oid-path-int/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js new file mode 100644 index 000000000..4db133e43 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js @@ -0,0 +1,100 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- + * vim: sw=2 ts=2 sts=2 + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +// Ensures that HSTS (HTTP Strict Transport Security) and HPKP (HTTP Public key +// pinning) are cleared when using "Forget About This Site". + +var { ForgetAboutSite } = Cu.import("resource://gre/modules/ForgetAboutSite.jsm", {}); + +do_register_cleanup(() => { + Services.prefs.clearUserPref("security.cert_pinning.enforcement_level"); + Services.prefs.clearUserPref( + "security.cert_pinning.process_headers_from_non_builtin_roots"); +}); + +const GOOD_MAX_AGE_SECONDS = 69403; +const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; +const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="; +const VALID_PIN = `pin-sha256="${PINNING_ROOT_KEY_HASH}";`; +const BACKUP_PIN = `pin-sha256="${NON_ISSUED_KEY_HASH}";`; +const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`; + +do_get_profile(); // must be done before instantiating nsIX509CertDB + +Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2); +Services.prefs.setBoolPref( + "security.cert_pinning.process_headers_from_non_builtin_roots", true); + +var certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); +addCertFromFile(certdb, "test_pinning_dynamic/pinningroot.pem", "CTu,CTu,CTu"); + +var sss = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); +var uri = Services.io.newURI("https://a.pinning2.example.com", null, null); + +// This test re-uses certificates from pinning tests because that's easier and +// simpler than recreating new certificates, hence the slightly longer than +// necessary domain name. +var sslStatus = new FakeSSLStatus(constructCertFromFile( + "test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem")); + +// Test the normal case of processing HSTS and HPKP headers for +// a.pinning2.example.com, using "Forget About Site" on a.pinning2.example.com, +// and then checking that the platform doesn't consider a.pinning2.example.com +// to be HSTS or HPKP any longer. +add_task(function* () { + sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE, + sslStatus, 0); + sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri, + GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0); + + Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "a.pinning2.example.com", 0), + "a.pinning2.example.com should be HSTS"); + Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "a.pinning2.example.com", 0), + "a.pinning2.example.com should be HPKP"); + + yield ForgetAboutSite.removeDataFromDomain("a.pinning2.example.com"); + + Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "a.pinning2.example.com", 0), + "a.pinning2.example.com should not be HSTS now"); + Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "a.pinning2.example.com", 0), + "a.pinning2.example.com should not be HPKP now"); +}); + +// TODO (bug 1290529): the platform does not support this yet. +// Test the case of processing HSTS and HPKP headers for a.pinning2.example.com, +// using "Forget About Site" on example.com, and then checking that the platform +// doesn't consider the subdomain to be HSTS or HPKP any longer. +add_task(function* () { + sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE, + sslStatus, 0); + sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri, + GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0); + + Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "a.pinning2.example.com", 0), + "a.pinning2.example.com should be HSTS (subdomain case)"); + Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "a.pinning2.example.com", 0), + "a.pinning2.example.com should be HPKP (subdomain case)"); + + yield ForgetAboutSite.removeDataFromDomain("example.com"); + + // TODO (bug 1290529): + // Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + // "a.pinning2.example.com", 0), + // "a.pinning2.example.com should not be HSTS now (subdomain case)"); + // Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + // "a.pinning2.example.com", 0), + // "a.pinning2.example.com should not be HPKP now (subdomain case)"); +}); diff --git a/security/manager/ssl/tests/unit/test_getchain.js b/security/manager/ssl/tests/unit/test_getchain.js new file mode 100644 index 000000000..2851c3a70 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_getchain.js @@ -0,0 +1,82 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); +// This is the list of certificates needed for the test. +var certList = [ + 'ee', + 'ca-1', + 'ca-2', +]; + +// Since all the ca's are identical expect for the serial number +// I have to grab them by enumerating all the certs and then finding +// the ones that I am interested in. +function get_ca_array() { + let ret_array = []; + let allCerts = certdb.getCerts(); + let enumerator = allCerts.getEnumerator(); + while (enumerator.hasMoreElements()) { + let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert); + if (cert.commonName == 'ca') { + ret_array[parseInt(cert.serialNumber, 16)] = cert; + } + } + return ret_array; +} + + +function check_matching_issuer_and_getchain(expected_issuer_serial, cert) { + const nsIX509Cert = Components.interfaces.nsIX509Cert; + + equal(expected_issuer_serial, cert.issuer.serialNumber, + "Expected and actual issuer serial numbers should match"); + let chain = cert.getChain(); + let issuer_via_getchain = chain.queryElementAt(1, nsIX509Cert); + // The issuer returned by cert.issuer or cert.getchain should be consistent. + equal(cert.issuer.serialNumber, issuer_via_getchain.serialNumber, + "Serial numbers via cert.issuer and via getChain() should match"); +} + +function check_getchain(ee_cert, ssl_ca, email_ca) { + // A certificate should first build a chain/issuer to + // a SSL trust domain, then an EMAIL trust domain and then + // an object signer trust domain. + + const nsIX509Cert = Components.interfaces.nsIX509Cert; + certdb.setCertTrust(ssl_ca, nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL); + certdb.setCertTrust(email_ca, nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_EMAIL); + check_matching_issuer_and_getchain(ssl_ca.serialNumber, ee_cert); + certdb.setCertTrust(ssl_ca, nsIX509Cert.CA_CERT, 0); + check_matching_issuer_and_getchain(email_ca.serialNumber, ee_cert); + certdb.setCertTrust(email_ca, nsIX509Cert.CA_CERT, 0); + // Do a final test on the case of no trust. The results must + // be consistent (the actual value is non-deterministic). + check_matching_issuer_and_getchain(ee_cert.issuer.serialNumber, ee_cert); +} + +function run_test() { + clearOCSPCache(); + clearSessionCache(); + + for (let cert of certList) { + addCertFromFile(certdb, `test_getchain/${cert}.pem`, ",,"); + } + + let ee_cert = certdb.findCertByNickname('ee'); + notEqual(ee_cert, null, "EE cert should be in the cert DB"); + + let ca = get_ca_array(); + + check_getchain(ee_cert, ca[1], ca[2]); + // Swap ca certs to deal alternate trust settings. + check_getchain(ee_cert, ca[2], ca[1]); +} diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-1.pem b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem new file mode 100644 index 000000000..a3dcb268c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsjCCAZygAwIBAgIBATALBgkqhkiG9w0BAQswDTELMAkGA1UEAwwCY2EwIhgP +MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCY2Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ +PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH +9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw +4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86 +exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0 +ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N +AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEB +CwOCAQEAchHf1yV+blE6fvS53L3DGmvxEpn9+t+xwOvWczBmLFEzUPdncakdaWlQ +v7q81BPyjBqkYbQi15Ws81hY3dnXn8LT1QktCL9guvc3z4fMdQbRjpjcIReCYt3E +PB22Jl2FCm6ii4XL0qDFD26WK3zMe2Uks6t55f8VeDTBGNoPp2JMsWY1Pi4vR6wK +AY96WoXS/qrYkmMEOgFu907pApeAeE8VJzXjqMLF6/W1VN7ISnGzWQ8zKQnlp3YA +mvWZQcD6INK8mvpZxIeu6NtHaKEXGw7tlGekmkVhapPtQZYnWcsXybRrZf5g3hOh +JFPl8kW42VoxXL11PP5NX2ylTsJ//g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-1.pem.certspec b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem.certspec new file mode 100644 index 000000000..6062931cd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +serialNumber:1 diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-2.pem b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem new file mode 100644 index 000000000..fab9f209e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsjCCAZygAwIBAgIBAjALBgkqhkiG9w0BAQswDTELMAkGA1UEAwwCY2EwIhgP +MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCY2Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ +PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH +9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw +4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86 +exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0 +ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N +AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEB +CwOCAQEAXjVM9rVj8ZtTUvdKGMWaYkLGKqvi4dwK2ZwvAqeybTK7XCRKmXYksAxT +NVKx2DgHn0r0nYk7gu3TYKpFfI4i1zSriq4FXd8Z5fhbRGToyU6nFBqWnDET+haJ ++jrI34kLG1oXqZMbbcUZX7sXnVYafxr/MYBVhtIwwUV8tgX+5SzdRsZ85REiBGbZ +Y915NAo7ZNfGkjOSNS3BycdHPMgEHqONq+BSAwYAuKT05LI/KgSZK+8vfNrcvvMV +TO1T4HC3vmOuKZkMWTj6JKyGO07R3CNypW+9Fi5LjRjVFf2acZM0VVPsSdiIp1EZ +xa6RkYqPfRLrTKUkti6BFJlXozfnNA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-2.pem.certspec b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem.certspec new file mode 100644 index 000000000..bb599046e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +serialNumber:2 diff --git a/security/manager/ssl/tests/unit/test_getchain/ee.pem b/security/manager/ssl/tests/unit/test_getchain/ee.pem new file mode 100644 index 000000000..237e36bf0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_getchain/ee.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAZCgAwIBAgIUQ9aT0/eKZXjA2Ma4sq+QU+/srsowCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAEWMrrsgZ +yxJk3jvJA5l7J6L9yspBBY/bpi7x4YTWssHemTdJVQAX4p+9rKCa5CfEy5LrE4up +KnNyMYJzlFuLvcu4ExOmj5ceGRiD5s++g5R4OHzn9QNUeav9b3dFPT3q7dLg2Emm +RClgZGiwgBXZsaa+urw7Y4oi8DhMePHt523Wv6JFacV42tq0TqIzDIH61nhGamJC +TafTmYZqGTaNxweBy9m3JJot3zwqTId98TlJStY+oHYI9vGBD8ug0xQWd233d1k9 +BH5axHeYUu2GKLauWH49zSBv+hAeYKmjU3p1qIEzFsQ7ezUNJu5/x+kiClTclITJ +IrtAUwHJuatuWQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_getchain/ee.pem.certspec b/security/manager/ssl/tests/unit/test_getchain/ee.pem.certspec new file mode 100644 index 000000000..34e99782b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_getchain/ee.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca +subject:ee diff --git a/security/manager/ssl/tests/unit/test_getchain/moz.build b/security/manager/ssl/tests/unit/test_getchain/moz.build new file mode 100644 index 000000000..8bf3d1082 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_getchain/moz.build @@ -0,0 +1,15 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca-1.pem', +# 'ca-2.pem', +# 'ee.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_hash_algorithms.js b/security/manager/ssl/tests/unit/test_hash_algorithms.js new file mode 100644 index 000000000..17ccd0781 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_hash_algorithms.js @@ -0,0 +1,87 @@ +"use strict"; + +const messages = [ + "The quick brown fox jumps over the lazy dog", + "" +]; +const hashes = { + md2: [ + "03d85a0d629d2c442e987525319fc471", + "8350e5a3e24c153df2275c9f80692773" + ], + md5: [ + "9e107d9d372bb6826bd81d3542a419d6", + "d41d8cd98f00b204e9800998ecf8427e" + ], + sha1: [ + "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12", + "da39a3ee5e6b4b0d3255bfef95601890afd80709" + ], + sha256: [ + "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592", + "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + ], + sha384: [ + "ca737f1014a48f4c0b6dd43cb177b0afd9e5169367544c494011e3317dbf9a509cb1e5dc1e85a941bbee3d7f2afbc9b1", + "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b" + ], + sha512: [ + "07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6", + "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e" + ] +}; + +function hexdigest(data) { + // |slice(-2)| chomps off the last two characters of a string. + // + // Therefore, if the Unicode value is < 10, we have a single-character hex + // string when we want one that's two characters, and unconditionally + // prepending a "0" solves the problem. + return Array.from(data, (c, i) => ("0" + data.charCodeAt(i).toString(16)).slice(-2)).join(""); +} + +function doHash(algo, value, cmp) { + let hash = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash); + hash.initWithString(algo); + + let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"] + .createInstance(Ci.nsIScriptableUnicodeConverter); + converter.charset = 'utf8'; + value = converter.convertToByteArray(value); + hash.update(value, value.length); + equal(hexdigest(hash.finish(false)), cmp, + `Actual and expected hash for ${algo} should match`); + + hash.initWithString(algo); + hash.update(value, value.length); + equal(hexdigest(hash.finish(false)), cmp, + `Actual and expected hash for ${algo} should match after re-init`); +} + +function doHashStream(algo, value, cmp) { + let hash = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash); + hash.initWithString(algo); + + let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"] + .createInstance(Ci.nsIScriptableUnicodeConverter); + converter.charset = 'utf8'; + let stream = converter.convertToInputStream(value); + hash.updateFromStream(stream, stream.available()); + equal(hexdigest(hash.finish(false)), cmp, + `Actual and expected hash for ${algo} should match updating from stream`); +} + +function run_test() { + for (let algo in hashes) { + hashes[algo].forEach( + function(e, i) { + doHash(algo, messages[i], e); + + if (messages[i].length) { + // this test doesn't work for empty string/stream + doHashStream(algo, messages[i], e); + } + } + ); + } +} diff --git a/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js b/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js new file mode 100644 index 000000000..f2b7016c0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js @@ -0,0 +1,5 @@ +"use strict"; + +function run_test() { + run_test_in_child("test_hash_algorithms.js"); +} diff --git a/security/manager/ssl/tests/unit/test_hmac.js b/security/manager/ssl/tests/unit/test_hmac.js new file mode 100644 index 000000000..7adc46190 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_hmac.js @@ -0,0 +1,88 @@ +"use strict"; + +var ScriptableUnicodeConverter = + Components.Constructor("@mozilla.org/intl/scriptableunicodeconverter", + "nsIScriptableUnicodeConverter"); + +function getHMAC(data, key, alg) { + let converter = new ScriptableUnicodeConverter(); + converter.charset = "utf8"; + let dataArray = converter.convertToByteArray(data); + + let keyObject = Cc["@mozilla.org/security/keyobjectfactory;1"] + .getService(Ci.nsIKeyObjectFactory) + .keyFromString(Ci.nsIKeyObject.HMAC, key); + + let cryptoHMAC = Cc["@mozilla.org/security/hmac;1"] + .createInstance(Ci.nsICryptoHMAC); + + cryptoHMAC.init(alg, keyObject); + cryptoHMAC.update(dataArray, dataArray.length); + let digest1 = cryptoHMAC.finish(false); + + cryptoHMAC.reset(); + cryptoHMAC.update(dataArray, dataArray.length); + let digest2 = cryptoHMAC.finish(false); + + equal(digest1, digest2, + "Initial digest and digest after calling reset() should match"); + + return digest1; +} + +function testHMAC(alg) { + const key1 = 'MyKey_ABCDEFGHIJKLMN'; + const key2 = 'MyKey_01234567890123'; + + const dataA = "Secret message"; + const dataB = "Secres message"; + + let digest1a = getHMAC(key1, dataA, alg); + let digest2 = getHMAC(key2, dataA, alg); + let digest1b = getHMAC(key1, dataA, alg); + + equal(digest1a, digest1b, + "The digests for the same key, data and algorithm should match"); + notEqual(digest1a, digest2, "The digests for different keys should not match"); + + let digest1 = getHMAC(key1, dataA, alg); + digest2 = getHMAC(key1, dataB, alg); + + notEqual(digest1, digest2, "The digests for different data should not match"); +} + +function hexdigest(data) { + return Array.from(data, (c, i) => ("0" + data.charCodeAt(i).toString(16)).slice(-2)).join(""); +} + +function testVectors() { + // These are test vectors taken from RFC 4231, section 4.3. (Test Case 2) + const keyTestVector = "Jefe"; + const dataTestVector = "what do ya want for nothing?"; + + let digest = hexdigest(getHMAC(dataTestVector, keyTestVector, + Ci.nsICryptoHMAC.SHA256)); + equal(digest, + "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843", + "Actual and expected SHA-256 digests should match"); + + digest = hexdigest(getHMAC(dataTestVector, keyTestVector, + Ci.nsICryptoHMAC.SHA384)); + equal(digest, + "af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649", + "Actual and expected SHA-384 digests should match"); + + digest = hexdigest(getHMAC(dataTestVector, keyTestVector, + Ci.nsICryptoHMAC.SHA512)); + equal(digest, + "164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737", + "Actual and expected SHA-512 digests should match"); +} + +function run_test() { + testVectors(); + + testHMAC(Ci.nsICryptoHMAC.SHA1); + testHMAC(Ci.nsICryptoHMAC.SHA512); + testHMAC(Ci.nsICryptoHMAC.MD5); +} diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js new file mode 100644 index 000000000..5ebc1546b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js @@ -0,0 +1,111 @@ +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function load_cert(name, trust) { + let filename = "test_intermediate_basic_usage_constraints/" + name + ".pem"; + addCertFromFile(certdb, filename, trust); +} + +function test_cert_for_usages(certChainNicks, expected_usages) { + let certs = []; + for (let i in certChainNicks) { + let certNick = certChainNicks[i]; + let certPEM = readFile( + do_get_file("test_intermediate_basic_usage_constraints/" + + certNick + ".pem"), false); + certs.push(certdb.constructX509FromBase64(pemToBase64(certPEM))); + } + + let cert = certs[0]; + return asyncTestCertificateUsages(certdb, cert, expected_usages); +} + +add_task(function* () { + let ee_usages = [ certificateUsageSSLClient, certificateUsageSSLServer, + certificateUsageEmailSigner, certificateUsageEmailRecipient, + certificateUsageObjectSigner ]; + let ca_usages = [ certificateUsageSSLCA, certificateUsageVerifyCA ]; + let eku_usages = [ certificateUsageSSLClient, certificateUsageSSLServer ]; + + // Load the ca into mem + let ca_name = "ca"; + load_cert(ca_name, "CTu,CTu,CTu"); + yield test_cert_for_usages([ca_name], ca_usages); + + // A certificate with no basicConstraints extension is considered an EE. + yield test_cert_for_usages(["int-no-extensions"], ee_usages); + + // int-no-extensions is an EE (see previous case), so no certs can chain to + // it. + yield test_cert_for_usages(["ee-int-no-extensions", "int-no-extensions"], []); + + // a certificate with basicConstraints.cA==false is considered an EE. + yield test_cert_for_usages(["int-not-a-ca"], ee_usages); + + // int-not-a-ca is an EE (see previous case), so no certs can chain to it. + yield test_cert_for_usages(["ee-int-not-a-ca", "int-not-a-ca"], []); + + // a certificate with basicConstraints.cA==false but with the keyCertSign + // key usage may not act as a CA (it can act like an end-entity). + yield test_cert_for_usages(["int-cA-FALSE-asserts-keyCertSign"], ee_usages); + yield test_cert_for_usages(["ee-int-cA-FALSE-asserts-keyCertSign", + "int-cA-FALSE-asserts-keyCertSign"], []); + + + // int-limited-depth has cA==true and a path length constraint of zero. + yield test_cert_for_usages(["int-limited-depth"], ca_usages); + + // path length constraints do not affect the ability of a non-CA cert to + // chain to to the CA cert. + yield test_cert_for_usages(["ee-int-limited-depth", "int-limited-depth"], + ee_usages); + + // ca + // int-limited-depth (cA==true, pathLenConstraint==0) + // int-limited-depth-invalid (cA==true) + // + yield test_cert_for_usages(["int-limited-depth-invalid", "int-limited-depth"], + []); + yield test_cert_for_usages(["ee-int-limited-depth-invalid", + "int-limited-depth-invalid", "int-limited-depth"], + []); + + // int-valid-ku-no-eku has keyCertSign + yield test_cert_for_usages(["int-valid-ku-no-eku"], ca_usages); + yield test_cert_for_usages(["ee-int-valid-ku-no-eku", "int-valid-ku-no-eku"], + ee_usages); + + // int-bad-ku-no-eku has basicConstraints.cA==true and has a KU extension + // but the KU extension is missing keyCertSign. Note that mozilla::pkix + // doesn't validate certificates with basicConstraints.Ca==true for non-CA + // uses. + yield test_cert_for_usages(["int-bad-ku-no-eku"], []); + yield test_cert_for_usages(["ee-int-bad-ku-no-eku", "int-bad-ku-no-eku"], []); + + // int-no-ku-no-eku has basicConstraints.cA==true and no KU extension. + // We treat a missing KU as "any key usage is OK". + yield test_cert_for_usages(["int-no-ku-no-eku"], ca_usages); + yield test_cert_for_usages(["ee-int-no-ku-no-eku", "int-no-ku-no-eku"], + ee_usages); + + // int-valid-ku-server-eku has basicConstraints.cA==true, keyCertSign in KU, + // and EKU=={id-kp-serverAuth,id-kp-clientAuth}. + yield test_cert_for_usages(["int-valid-ku-server-eku"], ca_usages); + yield test_cert_for_usages(["ee-int-valid-ku-server-eku", + "int-valid-ku-server-eku"], eku_usages); + + // int-bad-ku-server-eku has basicConstraints.cA==true, a KU without + // keyCertSign, and EKU=={id-kp-serverAuth,id-kp-clientAuth}. + yield test_cert_for_usages(["int-bad-ku-server-eku"], []); + yield test_cert_for_usages(["ee-int-bad-ku-server-eku", + "int-bad-ku-server-eku"], []); + + // int-bad-ku-server-eku has basicConstraints.cA==true, no KU, and + // EKU=={id-kp-serverAuth,id-kp-clientAuth}. + yield test_cert_for_usages(["int-no-ku-server-eku"], ca_usages); + yield test_cert_for_usages(["ee-int-no-ku-server-eku", + "int-no-ku-server-eku"], eku_usages); +}); diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem new file mode 100644 index 000000000..f9bc514d4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICuDCCAaKgAwIBAgIUNRoMRQGf1ZJA3n83kdc6L92/CEowCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MAsGCSqG +SIb3DQEBCwOCAQEAs/WSLtD9nmferqrktS7n94DuJKXYIyVwANS+HUSP515q0zTY +12Poo6n4UAJpAcO+MK2DhBREa3qtQBxxazmC6zAqvyOCE6l7YlzDXbjqLSfKn3ti +JrltsfR/0P5zqLDPu2TaXaYey+dtGqvGINjRccB9OknroUH+jX7jWqGBL4Gz8IOR +5I30FWKfDZTuhMNyBCVpCo5IL5VUdEgZsOlBe5jnGPtN7Q3LmFU91yoRXoOtp+e6 +94pZNhJqGfqLpH8ArRi5qr4QteCRSfvYFBusniJOLnGDi6K3Nh6iBvwPM8qSfQ5A +Cj361pbNvT+OPpdlm9DFCh6k8jKhZ2fXXMHdtg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec new file mode 100644 index 000000000..eb7c4b4be --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem new file mode 100644 index 000000000..7204416fd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5jCCAdCgAwIBAgIUK7AF47QInCeFM5oGehLpWlwykXswCwYJKoZIhvcNAQEL +MBwxGjAYBgNVBAMMEWludC1iYWQta3Utbm8tZWt1MCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGVlLWludC1iYWQta3Utbm8t +ZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62 +iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql +WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq +Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ +ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i +b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY +CjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG +9w0BAQsDggEBAJ03z0DxaMoamG4vjSJmVCVD5fg10BGbE59JqcA8IxjXMe4cbR7M +eTBKx1SkwMIF5YblRtDJ486Xv+jddU+Ahtggbm5DQJ1y1q/Aqq1o4YVAqNoAbJ0o +xapRfv/qzxqjKTnUdO0f4MLdAmR+62JFrUgw9CYQ/ve3DagsO07BYXEjtHVIB0Wx +ur68eVQofh+3GkNJwP5g66wCIwbfMAZa50Z+0F8xRLPbAcObdvAxkuPDjsY0a3g+ +Jkkv2mnDm5ABmeqihCNBd5RAgC3xOToWosk4PlJGslydA339L5/K47wdGYLcWC5R +VgAshQo/kwWTpHu3qbUkIEtFbYxJ7ab7Gak= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec new file mode 100644 index 000000000..390adf234 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-bad-ku-no-eku +subject:ee-int-bad-ku-no-eku +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem new file mode 100644 index 000000000..0d39a7832 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7jCCAdigAwIBAgIUXYbRaawTt2Kjb5NY/aIyZ9Us5m4wCwYJKoZIhvcNAQEL +MCAxHjAcBgNVBAMMFWludC1iYWQta3Utc2VydmVyLWVrdTAiGA8yMDE1MTEyODAw +MDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhlZS1pbnQtYmFkLWt1 +LXNlcnZlci1la3UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo +RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a +dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t +aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n +FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX +Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py +UcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAQAwCwYDVR0PBAQDAgP4 +MAsGCSqGSIb3DQEBCwOCAQEAq/zm5gIun6D8nAuEgmuXzmLoc8RorZg0f+6mPTFA +Kld8ewwAxf1VkmEKxX1vBAh6XGtGmuFfoYp5HjcT/4w4Xsv/Tiht1vB40o23fD/Y +URRdG1oTYErw0DX2cxcBdQMZygth5xOfW7X1Ts14Zl97l3JErgXo82KnT+S+Ohot +GEMea4j1vnxLgZx+QB1d26BfOn58qeEad09YwS3NRj3AaFrY6VuvUPLIj/DfducW +JLbC5ns5l8hf8Vk+oZNsKaynMUpYEZi4L6b7lCpL5bwEWoPR0ryNU3aGZNrCL3c6 +V/hTsg6CFojkRAmTzI2OLMsy51/JNMM0azRtVJ8i+WggGQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec new file mode 100644 index 000000000..32bb6c248 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-bad-ku-server-eku +subject:ee-int-bad-ku-server-eku +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem new file mode 100644 index 000000000..d60e8e8fc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBDCCAe6gAwIBAgIUH3DA15ZPfcaH0zDIfSBoT4pcTUwwCwYJKoZIhvcNAQEL +MCsxKTAnBgNVBAMMIGludC1jQS1GQUxTRS1hc3NlcnRzLWtleUNlcnRTaWduMCIY +DzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMC4xLDAqBgNVBAMMI2Vl +LWludC1jQS1GQUxTRS1hc3NlcnRzLWtleUNlcnRTaWduMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds +JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4 +ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25 +iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3 +4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42 +yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNV +HRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG9w0BAQsDggEBAJ6rNJFZaniL +SWRKFdwG1vx/GPXLDl+/0VNyCVaTyYdT2tUt7A+jeJzDxv9/ELWiAhCPl77FwWOj +xieY6CBJtQk+3Wxc9Ofc6kap5/5RtogfBsr26pfeDkKEPVFxwWTPa+tzd/Beapvg +mew//Sp0Q3SdS0cxBQJp+u/aSEglM/Bh+l3q6sBrSGPY4/0mWQD4R/rq74sZ2TnL +wshxO48fk1Map5kqg6L2vBNuDqr08/lrXnv1BzlgbL7UTa52BUtbPce3uegL8sIh +5NQUW0UTIHBuBI3Ce46f5Rzeq0W7/yeDVdc6W/B/8+B5G+A2Xwlm+8AcMFsG2GFD +K3mdAuGZW+A= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec new file mode 100644 index 000000000..9e0fb65fd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-cA-FALSE-asserts-keyCertSign +subject:ee-int-cA-FALSE-asserts-keyCertSign +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem new file mode 100644 index 000000000..10068137f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9jCCAeCgAwIBAgIUddKEywO/Eq38I1xoGyTjg9hFzi8wCwYJKoZIhvcNAQEL +MCQxIjAgBgNVBAMMGWludC1saW1pdGVkLWRlcHRoLWludmFsaWQwIhgPMjAxNTEx +MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowJzElMCMGA1UEAwwcZWUtaW50LWxp +bWl0ZWQtZGVwdGgtaW52YWxpZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab +bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts +Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI +H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8 +rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX +Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEBADALBgNV +HQ8EBAMCA/gwCwYJKoZIhvcNAQELA4IBAQAXnxXnkz6FPrXqw2XSvhy5YPEdGM5z +qg+7A7nMLkGa3yLdsYXGKoxurlfBKfTNg7f/4vl3JHefS9dRJuSCHd/ie/mIr0Xt +GFHoaZhl7LfEIMIe9caXgg2yWTSNCyFBh0Mxgvt1mHin0cWEV9qGiSmFiGzb8l0S +ScNGFsBicFdnDa9I4cTGy9KNG4SAXSq5Mq8PyJ6ET6Iq7Z387T58yQtQke2/xIWB +mnmZSnhCwBKqx5FntoIlhRWUfwSf0Z4H2UwZrU/Csv1cszRpgcYKGasRHNTg1TAj +rIyTNmq7z/DAqdecE0js9SpD6Ht3MHSFPdhCsV+ev+H6i/IXWvxbYkgV +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec new file mode 100644 index 000000000..f00b4d159 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-limited-depth-invalid +subject:ee-int-limited-depth-invalid +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem new file mode 100644 index 000000000..23904452a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5jCCAdCgAwIBAgIUXec5ZMQORrk2Pmi+OTo4ybN6MHowCwYJKoZIhvcNAQEL +MBwxGjAYBgNVBAMMEWludC1saW1pdGVkLWRlcHRoMCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGVlLWludC1saW1pdGVkLWRl +cHRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62 +iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql +WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq +Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ +ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i +b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY +CjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG +9w0BAQsDggEBAB557gwbSdb6slyiiKsSMDjGN1hfg6i77yvl4fJRYTdYrzvulc5k +5GNCkM0FzmXeU2ZEqkvHpLRqBdtWmMeP1DoRMrwBMCDRuytrMFjNUdSfNl24ddU7 +qJ0VHzHzJsRX+4IQl3LLU46EtI9dtOkuftmZdgx+em0Ts/9cRVgT8DlzqtS7Zt6C +ZaIg0Azle1k7eSndlzFeaEtdW7I8V0JUpBupKbFZejlccAT4Y9NBxw9QOJ7yd4kL +P3do/lXOzc++Qh3OkJI1x69fzn5XyFuVac1tEzHS+9ODNWpFxsQtvQQ1WsjeznB2 +eWdV+jkakbbFJd733lEDoHcTa8nVLcY//GQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec new file mode 100644 index 000000000..df85342d9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-limited-depth +subject:ee-int-limited-depth +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem new file mode 100644 index 000000000..b284989f9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5jCCAdCgAwIBAgIUBwoOpsgnbx58BjjIE/5qb5aWuEEwCwYJKoZIhvcNAQEL +MBwxGjAYBgNVBAMMEWludC1uby1leHRlbnNpb25zMCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGVlLWludC1uby1leHRlbnNp +b25zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62 +iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql +WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq +Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ +ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i +b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY +CjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG +9w0BAQsDggEBAHPL8KLxeqX6z1G+2515iGSngTOR8CGYLjn990NWHQU8uCJPH1bu +Q3ZaA8+E9qjVnOk79WaZ7xnD2TYEqIztDo9MbCOhsfggnF0lkoSbroVodN14Grob +Dq+82SBC2LMtPuU1I7WR2S0svi6lAIVjTPCF6cV+2EzaGXip+R6QYpWButmtiP16 +LxtNyWqDd02C2VOSy7bX1Gk1ZFE65R97VRqVHN1ZCZQapxOySiw4+fhoBZknMX7g +k6891BAoAiietKufOJyI3JOokTRzo8ML98grjZgAbf+/1TKTkm02ZOWC8daquuzt +fWD4HfakwF94AsCdPjH1zIM9S3eNFsGqK5Q= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec new file mode 100644 index 000000000..c5279046d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-no-extensions +subject:ee-int-no-extensions +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem new file mode 100644 index 000000000..3169edf91 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAc6gAwIBAgIUWXP9FsYmaGVIbwIJTUw0C5a0GDUwCwYJKoZIhvcNAQEL +MBsxGTAXBgNVBAMMEGludC1uby1rdS1uby1la3UwIhgPMjAxNTExMjgwMDAwMDBa +GA8yMDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUtaW50LW5vLWt1LW5vLWVr +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG +NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn +RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu +p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ +Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p +47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1 +7Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEBADALBgNVHQ8EBAMCA/gwCwYJKoZIhvcN +AQELA4IBAQBMW1+NpE+LWxquW2XsX+A4Dmi7Dy47Q89pX+YoWU+BIXCP6XIRSKJX +FS3IPG3Gmd1a8SgzZxnnTCmUGDu5NtYM+vab1efNDzxjCf0JFsdjJy+sDMxh6p8f +ffPpa8bbEjNUBC3C6z8GRWpjnDkRjco8osJkjH98GNPN3nsQhTaS6of0RLegfNQW +PymuisSek2iW061L0z8GR8U6HB/Vh76FxMV9inZYHh0l9h1AlypYomAfnJ6l6fa8 +LLUhbqCJbPVTXIfJCgy8Mpc5vuD4OZ8/IDX/TANQsT5e3h4NLV5QjgPe0KxdLI0l +AaiiwCz7dF2OXMEVRQe0+by4mmDjKer2 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec new file mode 100644 index 000000000..92ee3cc6d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-no-ku-no-eku +subject:ee-int-no-ku-no-eku +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem new file mode 100644 index 000000000..1037a03fa --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7DCCAdagAwIBAgIUHQBwtK4YHGAX9lNXBBwc8zRAG+QwCwYJKoZIhvcNAQEL +MB8xHTAbBgNVBAMMFGludC1uby1rdS1zZXJ2ZXItZWt1MCIYDzIwMTUxMTI4MDAw +MDAwWhgPMjAxODAyMDUwMDAwMDBaMCIxIDAeBgNVBAMMF2VlLWludC1uby1rdS1z +ZXJ2ZXItZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO +FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr +amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka +sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY +VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n +aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE +MdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DAL +BgkqhkiG9w0BAQsDggEBADyWiWIqd+ZAJLr9CTltk07maWEBfiojcboDFHdBbpuo +9/WNyNXyQ5zNeVBx5t6VreVpFC283IIeTRpT2JRpwDMH0PrSrpaHMLuEBzitau+a +lTujLC6oPkktRQIguqibIeqmaLc0aJfhCLpdVByQ8IA0lvn2/hSS60Lczi8/j9lf +CBi8KR9Vbu4TE9gA2YPnX5QpUMPUVXNQFKhkNEOI4znDnWrWR+YqaxPOJJN4Y7+n +tdR1ZAm7M4V759hEdPm3R6ailnZG1tHx+yiYlkavIz7YFqsod23KkKA2NIfms4U/ +0prBJQ31FlFJA4xIkqmv9QV37oLJY+PHT4779ess8Cg= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec new file mode 100644 index 000000000..c14889671 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-no-ku-server-eku +subject:ee-int-no-ku-server-eku +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem new file mode 100644 index 000000000..5a959c953 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAcagAwIBAgIUZQzo04Yam+J7Cj0ABLKpTriWOOkwCwYJKoZIhvcNAQEL +MBcxFTATBgNVBAMMDGludC1ub3QtYS1jYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw +MTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9lZS1pbnQtbm90LWEtY2EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk +NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC +fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m +CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM +HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m +1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj +HTAbMAwGA1UdEwQFMAMBAQAwCwYDVR0PBAQDAgP4MAsGCSqGSIb3DQEBCwOCAQEA +l0yZ9gi1DSU1UCjhZqTwBBJXTq5DUgRdMB8D2XU8WTvFR419ttsp0eyEBBG2+Gk5 +IueA711TE+zRSgWePjlwRFK0ZalDZ0aRXXNGH5vrLYoigXHz+yrgAMIyxabl/RUT +pw6wTQmt5iKN0cUICY7PgfjAiugkD5551KanWim/jnu/g1QbVCWIErawzB4kTbQj +coWeFLL5RRL/tK1DnUWrvjynt/uBqilrqazdGYD3DwSx1r32nohK8YlvxsKzfEsR +D8j9i/fM3HnuY9PnGh6w7Q0v8Ybx4PiXCZcTecPWjoHHDl0rGNbNOKF2BkMnuG38 +HennrEzAZa2Byk+8BKJx0g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec new file mode 100644 index 000000000..a95b0dc26 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-not-a-ca +subject:ee-int-not-a-ca +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem new file mode 100644 index 000000000..97708b4b9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6jCCAdSgAwIBAgIUNdjCSw3sRlBVn+bb2BRT2/86rUwwCwYJKoZIhvcNAQEL +MB4xHDAaBgNVBAMME2ludC12YWxpZC1rdS1uby1la3UwIhgPMjAxNTExMjgwMDAw +MDBaGA8yMDE4MDIwNTAwMDAwMFowITEfMB0GA1UEAwwWZWUtaW50LXZhbGlkLWt1 +LW5vLWVrdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW +Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk +cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT +AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3 +ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh +s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV +A6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEBADALBgNVHQ8EBAMCA/gwCwYJ +KoZIhvcNAQELA4IBAQAJUHbGqWQWF/nXvq/x5V8hzM18GvrGoAToXcssHCpGDUL1 +76IQBEn5LwIdv/x+/vtWpIK+9n8sDeOwetba732nIHoMqVSVTSUa6VCc5arvXYUs +FJ7fsAzJII21roEXtahd4cdJq9r3UUewERZvFjxnHU+FF43R8DsLZqGie97LQYAL +DhJXWVJENp5RgQv0w7wWduqZNhnocKSfpwY4vy/4x4VRdS/4P0nv/qOYPO1JAwGg +3xggbVGArL07dPBcV+/dVFYPv4LLAlaSsgcp3QUX4GS2RWnFuxa2N3oV2VEi6AtL +qYAjzsVTlZajWS0bI3YDPoF1fA5D5I2UjLaqE+Xx +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec new file mode 100644 index 000000000..89a66b9f9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-valid-ku-no-eku +subject:ee-int-valid-ku-no-eku +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem new file mode 100644 index 000000000..ba523f64d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8jCCAdygAwIBAgIUSWvWguZEz9NZBXX1ZCoChzAjiikwCwYJKoZIhvcNAQEL +MCIxIDAeBgNVBAMMF2ludC12YWxpZC1rdS1zZXJ2ZXItZWt1MCIYDzIwMTUxMTI4 +MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMCUxIzAhBgNVBAMMGmVlLWludC12YWxp +ZC1rdS1zZXJ2ZXItZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby +a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC +D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT +iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT +Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+ +SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQE +AwID+DALBgkqhkiG9w0BAQsDggEBAFzS8Zf5e20Y3lpfm8vtfp6tYUE/Jafc7eXM +OzIazcBDB9hpiLPeeliw1nVhVnN+C/cdVDtVkh7jfMzmq0bEv/fFTZLH0UcEXVKt +AhV0P98PKxPcB8G0Q4AL0DL+hXy0vomGPWhnNdj7do/a2WlZUyFxnDtUOMwYkYkp +V8ii4NOPGWK+5Oc6j/MpeTWeP5HtfYs4b1nuGW4dbklY/CjekRHWmWSwTVnQelAF +bn9Cs1bXa+KntGX9iE8hK+4WLNM15/Ch9RRNbL3HGfntakHsjcqR8GL1cF3GrZkL +L5hUuX6fzS04s6Lrqxnb5+KMGgEWgdbF5+bmPS0oAP4eAjrzqvs= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec new file mode 100644 index 000000000..43e83a336 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec @@ -0,0 +1,4 @@ +issuer:int-valid-ku-server-eku +subject:ee-int-valid-ku-server-eku +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem new file mode 100644 index 000000000..87c9e7783 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1DCCAb6gAwIBAgIUYS3pOmOM6SjbT2+LSutSEZcu/T0wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBwxGjAYBgNVBAMMEWludC1iYWQta3Utbm8tZWt1MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds +JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4 +ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25 +iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3 +4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42 +yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNV +HRMEBTADAQH/MAsGA1UdDwQEAwIB+jALBgkqhkiG9w0BAQsDggEBAClZ/nt4DWBg +s+370ym6UwtUi/rCqg2XztXbRPrnIZ3EwDCM4IEUnIhDb8mBu6yoT+GETyGGzINq +XAue37I78nQoKsGiBX5itGGI3XvAuP0a5c/sYmHZD4uqjgRypGo6XLlM2ZZU9B1g +vrY7oH9knLQzf9kcpo5IXQkzZbEy5KTmiyqHX4bSXZwHATDmXRFZNT4ojUV/8ozD +KWgBWJBIiA1EpbWj1VoMTwWGp2UkPOyXTpmMe6nma+Swn4HAlYJlImwEtdBLZsIx +vPRseb9zO3hLyeVMd3uHeOtgFcBWVx0vkX9taoGEhfds5i3m1vYMi1QD3cgmJTJO +bTqfFO0+5Xo= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec new file mode 100644 index 000000000..f6525449b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-bad-ku-no-eku +extension:basicConstraints:cA, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem new file mode 100644 index 000000000..f2550274a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9zCCAeGgAwIBAgIUV7jmxQiYVnYXubm3dfP58HTCLAYwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMCAxHjAcBgNVBAMMFWludC1iYWQta3Utc2VydmVyLWVrdTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs +9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8 +HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak +kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet +lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r +kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM8MDow +DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAfowHQYDVR0lBBYwFAYIKwYBBQUHAwEG +CCsGAQUFBwMCMAsGCSqGSIb3DQEBCwOCAQEAiWJSUz5NGSIGIBxnft0wa7D0Yu9K +qx1vw4JfBnr2RFxb7Z4uLM4dQcyfqgvyEQks4yIDv/ygLZ4jUDoorVodnh/vEmeo +HRUiCRFbTxhZjlepotgvwO8BjuPtRvswziVSEdglUYeWKirYuI8b3uaRnukoxP1c +Y1yHz+khiu7gvF4I0qKVbZAPIGlveypPoliAVls1V80pDRYRJZQQGDkfr4Pt7U8j +tWWD1N7LeTctyOnjJa5jBGruhzncRXv2yrgmQSxeHWvckdp8dbsp7jA8sFpvr8IB +8APo5I/zKt76xZAes1AhRcsSQ+f25tAoLfERqCY+fQXs/ANe8VIOLZSNmw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec new file mode 100644 index 000000000..2d324508d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-bad-ku-server-eku +extension:basicConstraints:cA, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign +extension:extKeyUsage:serverAuth,clientAuth diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem new file mode 100644 index 000000000..be9eeba00 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4zCCAc2gAwIBAgIUfwtPS7BE2BHyTLJHGoXUsWPKb4IwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMCsxKTAnBgNVBAMMIGludC1jQS1GQUxTRS1hc3NlcnRzLWtleUNlcnRTaWdu +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2 +ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF +h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n +cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv +OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj +tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt +jQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwIB/jALBgkqhkiG9w0B +AQsDggEBAKFcTDGv9WuNnIkWlpJt2zy0YxKGkRvDUtmQxx1pjUZgrYDAP/e24nzb +IDYovT6Yy/2OUQCRKyrM8z36x8nhoS5Ulqrybbsn0qvR9pbydxNk9NFvj7HGiXOA +6qbMCxu+ta5TIU8zA8Sz+6SmRcFS0ZtZdif9HPd4ALh4M9PyvUI/209HACc6FRY4 +Yl+A6EII5zasC/lQ51IHDJQ97JpLNUHD7yJ84rceGeqBh9VcV1rSpb2EQ4tb7884 +YHdeJ8be3Yw9Tomj0nOCOkbpzRgjrYqOGfnOrclZNODwRrDRJmiaa7pix6EFgech +PQ6c9hZQB59oRzFVzr/+YK6e7NbbE1Q= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec new file mode 100644 index 000000000..39785d8a4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-cA-FALSE-asserts-keyCertSign +extension:basicConstraints:, +extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem new file mode 100644 index 000000000..a7e980c85 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3jCCAcigAwIBAgIUC8p0CGJ9TpHnf4VF+SR1JBOadzEwCwYJKoZIhvcNAQEL +MBwxGjAYBgNVBAMMEWludC1saW1pdGVkLWRlcHRoMCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMCQxIjAgBgNVBAMMGWludC1saW1pdGVkLWRlcHRo +LWludmFsaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W +1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq +ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx +0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV +t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo +4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx +1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IB +AQBiWZ2hrIIfeEAdXMatxKUw7JVb+YC5WZNiSMBEAxZHvsRrgxNnkruZfgdLvZ6c +SSwE3ZelLCALkursSkYmJVbOXbMjo0Uxi3T2PPkU2sc7GgkGOeDnJ0EosZuOSi3R +O95t+bqjHRXNzzdCbYELWiOlx1LwEXvoiBA/Ey/KYaNMflPnFZej9Xf9QMoP3/QF +IOqP4DABiyz1zQmUDZMSB/63T0MV9QySIXYzumtrWSbxDdgfK7HDy7xYyZDLYchA +NhkQT0ze6SOkplit4UDIUneK7r82jAkc94I+nyTr36oC4s23/NJh4OS8bUUkZmY+ +rjzdzQQ/Qn8DdAD3jhmvwSjF +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec new file mode 100644 index 000000000..9fdb2a248 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec @@ -0,0 +1,3 @@ +issuer:int-limited-depth +subject:int-limited-depth-invalid +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem new file mode 100644 index 000000000..d8e06a572 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyjCCAbSgAwIBAgIUQ73/9r+OdKC4qNSYd5RxWvXEYiYwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBwxGjAYBgNVBAMMEWludC1saW1pdGVkLWRlcHRoMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds +JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4 +ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25 +iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3 +4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42 +yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxMwETAPBgNV +HRMECDAGAQH/AgEAMAsGCSqGSIb3DQEBCwOCAQEAiBj74DBM3fQRjWjEs5k0+JDi +8+sL+nzQjRxEULR9KoMPhKbI6htoZIj/Otbtay47Cl95T1QGBz7sJF0mOhM4Ubml +lJ0BIV4rBxaLAN/3NxLZ1ATJVFAUTnJrA0/AkPPNNjq2RBU/dFlLUhZhXJS800Gx +SS1OERNSvXMkOq13ZZ1hiVdrUBmilCtS5cxXCeFw2PeKQwWunKmJZjHInrteJHYB +L5XkEfj4cP2hmQo/ZtviarLFQH/HSd8kfR7/IgPt664znUo7aFUJ5Hki7jNCjxBq +tdDWPFT+TUWeWWbYzcVOk7PKT/aKLNRF/MEFBQMBH9ygUlMwVovwU7IKZAe/1g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec new file mode 100644 index 000000000..64f54b044 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:int-limited-depth +extension:basicConstraints:cA,0 diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem new file mode 100644 index 000000000..76930d04d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtTCCAZ+gAwIBAgIUdSMRoahH5nOZT7+cJre+BOvTLh4wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBwxGjAYBgNVBAMMEWludC1uby1leHRlbnNpb25zMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds +JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4 +ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25 +iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3 +4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42 +yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3 +DQEBCwOCAQEAr3GUaY4QbqbKhXNArKMycwIPVYKzOzppwbfwbI5un65xI8e9GSDk +qDYU6aV6c4ruqAY4Kzs/T/aHmJpTIusL+uUr8BfWVHUef+psJgSuBFKMnNcgTyO6 +XlBn9/PnjTYgy6jfbiXVY8OZe7WAIVhVY0YP9jOaL3f3/GjYVW/iWM5XEhW8LSQ5 +RekRVRwdDvdOXQMQfeWTc6gH6FrtUcxrU6+axA8rzIPE5HuUwE7BCyG/SRI49mXw +285FxNKrNhX9Hb6O19OqAc4+qI7Tdqtgb6+BXer01tXb079IpzxavZ5VhaskBNpK +Br1uFqwzrT231bCjBdDuxpPlALZ+EQQG7Q== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec new file mode 100644 index 000000000..c99626bd5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec @@ -0,0 +1,2 @@ +issuer:ca +subject:int-no-extensions diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem new file mode 100644 index 000000000..53437b1de --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAbCgAwIBAgIUH0pq51lOBUG6WhqGNAD+IlHKyxswCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBsxGTAXBgNVBAMMEGludC1uby1rdS1uby1la3UwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk +e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg +KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI +YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi +lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL +HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1Ud +EwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQBaV/7LFkIry4xDVcci1ssw5D9mfgqR +6qp1YX+zKsiNVmiCQnBJPrQmGubZptuAKS7QdviBHxtfKm/gMCC2X9fDt9v5DAfp +UtPeWUc1BCaJyEPtHQwcaCT9WkwxlMzMzJEitoxSo6Hug4xt2Qib8Ou5+inLfVqR +dsb5rZav6c2SRU0patnr8+WWP6OqWqcwFn6H517KpyRP0XchCPlgbGC2gsmNct4o +9BWhP2bpjDp9F2xelPgSe5Uo/ti/Q+Y2KrEQElmI6Uxnvj235BhPv0+KDFn/1vqr +25RQcEoZOV6dYlBIzVP1AzkfXVUW3g5fN6PUdj2RmsktKd7rVfSUvsNw +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec new file mode 100644 index 000000000..306a218db --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:int-no-ku-no-eku +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem new file mode 100644 index 000000000..6cd516927 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6TCCAdOgAwIBAgIUTRygOfB3FLI5SJlQo+2t4dEYwkYwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMB8xHTAbBgNVBAMMFGludC1uby1rdS1zZXJ2ZXItZWt1MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1 +aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we +adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS +pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W +YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR +CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAM +BgNVHRMEBTADAQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgkq +hkiG9w0BAQsDggEBAFnLVXAuHBhxNxmvn1TMA6kLSosQGei12Xd8wA6iuRDrD1qj +nIZlaIJkZncxDocWo1a2vISQPyNe/dBVGC1HpGGUXSmDswQ5h6P0837buhsW2v9m +/oYvcZwqjO+qvIpgTCN71QR7aPlvv4kgX/fJ6goGK7IPovcYX0U1LmZGZBIaqoCR +8rG+orm8Aek+rqfKMV0fhMLFMiRHO/ly/ZZUfcd4M4ObW1l/SB4EKLNU4a3jH/ob +CHrIu1umvn4SXUJBcEV3a+WLIuGexrLYFzkOV8doA/KAoE4xaArNKJFfCtgzzcRq +uCqf96q8f5eLo4B5f00+Lqmxj72/8heCTunv/TA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec new file mode 100644 index 000000000..1482b627c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-no-ku-server-eku +extension:basicConstraints:cA, +extension:extKeyUsage:serverAuth,clientAuth diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem new file mode 100644 index 000000000..3be0c2916 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwjCCAaygAwIBAgIUXw5voQbjEKOz94iKt4vgWrxBWDMwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMBcxFTATBgNVBAMMDGludC1ub3QtYS1jYTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0TBAUw +AwEBADALBgkqhkiG9w0BAQsDggEBAAcZ3izf+oLdjuYRPuBerrZMZZVacWp0mPgV +iPBcEiJMnpExTolvwGRR9rUfbGZcoaxkr+vMv1n1X4ORmXQmKEkzbsGykwNJ72x8 +PayxV1lpDkL0LAWL16jaUhbFIu5D8t0AfissJ/0bC+xdKQqZdAlDJaCz5p5247Gw +Um0vS10JAI2ykVMkZwgOPvV9YYIiZG7voBBlCrY32M9f5fTi75J4DGGCt0VSdkf0 +XAe6kM84BdQ0lDyitV5YaLAfahWKb6VPzcoeuwlLodXa1eoh8WBPQMmpn/eT9bcg +W2BTrEMf/JpL+r36j5UsSzSNFktq5/RfpnaKX7mhw4IR3T19khw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec new file mode 100644 index 000000000..3161680b1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec @@ -0,0 +1,3 @@ +issuer:ca +subject:int-not-a-ca +extension:basicConstraints:, diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem new file mode 100644 index 000000000..84cd61105 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1jCCAcCgAwIBAgIUWQyWw8pJuxrZYnP/bZs+HBxFt0swCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMB4xHDAaBgNVBAMME2ludC12YWxpZC1rdS1uby1la3UwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo +V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p +0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk +fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh +W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI +TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwG +A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgIEMAsGCSqGSIb3DQEBCwOCAQEAaqysdeSM +/kLPK1LgrOP5GsclIs9Ss0gB+sgSCWxRkrcs6JPxIblQjI0CYkWNVbtS6PSoa2TZ +aRH3/mLKrdUEWrimZrapDkmwO2RmkS+oHEjxOIL3kla1khKf8IcmZYIS4OKXr+KT +wJKlh6kjt2o40hMUA/jRVN52HCCIsZiAaYVqyQ9avyDf12zdQP3PBEe9pbwNbKme +CDi7YtWDBG1uvSGrC6APzzXJe0GY/grLt9qOig6Kb2hmxdKT141ekjDX9Ju9P53J +tLoQqgH56rMTfJfI87fWVyq0FGpAqdJbE8XnDI1n9S/XoSmDDifYt/GPo7vtGbX3 +KEXKaOqalzDy3w== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec new file mode 100644 index 000000000..d7f9b0387 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int-valid-ku-no-eku +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem new file mode 100644 index 000000000..34818f172 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+TCCAeOgAwIBAgIUIwJxO+LBUmT20OYpAC6REFDuQ0swCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMCIxIDAeBgNVBAMMF2ludC12YWxpZC1rdS1zZXJ2ZXItZWt1MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK +tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N +Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr +sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs +l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl +nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozww +OjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwCwYJKoZIhvcNAQELA4IBAQAP6RTfp/yTGvXtgPj34EZAptB4 +EyMT+ozD9EEKHXvHMfavy+nn21WiCuDzjp7r7bic/H8UEYUo3h+8M11hou7Abu4R +1PtefBdT9NLndrkSD3XFqpAm+t5EmfXhMxIrYidPcXI1jOEjRCYDND41jZ5wQ41A +Mlbe9sUAFV/gWFO/HCn1VLE9bzjelLJWMszAgraodyoDBQocUcNcA/E/iiTBofz2 +S6FncJfNFYSdXpfytk4apKpSitg6L+g5ELso6INK5Vo0okNaY8wLxKpCpn3zz3C6 +o6gGidSOdq8Vpdi8X93+JTuW/sNazHnYia3+uP8NxUbsh/zqRVEOOOJU2RQq +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec new file mode 100644 index 000000000..84314bfa4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:int-valid-ku-server-eku +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign +extension:extKeyUsage:serverAuth,clientAuth diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build new file mode 100644 index 000000000..59f5749a2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build @@ -0,0 +1,35 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ca.pem', +# 'ee-int-bad-ku-no-eku.pem', +# 'ee-int-bad-ku-server-eku.pem', +# 'ee-int-cA-FALSE-asserts-keyCertSign.pem', +# 'ee-int-limited-depth.pem', +# 'ee-int-limited-depth-invalid.pem', +# 'ee-int-no-extensions.pem', +# 'ee-int-no-ku-no-eku.pem', +# 'ee-int-no-ku-server-eku.pem', +# 'ee-int-not-a-ca.pem', +# 'ee-int-valid-ku-no-eku.pem', +# 'ee-int-valid-ku-server-eku.pem', +# 'int-bad-ku-no-eku.pem', +# 'int-bad-ku-server-eku.pem', +# 'int-cA-FALSE-asserts-keyCertSign.pem', +# 'int-limited-depth.pem', +# 'int-limited-depth-invalid.pem', +# 'int-no-extensions.pem', +# 'int-no-ku-no-eku.pem', +# 'int-no-ku-server-eku.pem', +# 'int-not-a-ca.pem', +# 'int-valid-ku-no-eku.pem', +# 'int-valid-ku-server-eku.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_js_cert_override_service.js b/security/manager/ssl/tests/unit/test_js_cert_override_service.js new file mode 100644 index 000000000..d085f0242 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_js_cert_override_service.js @@ -0,0 +1,56 @@ +/* -*- tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ +"use strict"; + +// This test ensures that nsICertOverrideService can be implemented in JS. +// It does so by creating and registering a mock implementation that indicates +// a specific host ("expired.example.com") has a matching override (ERROR_TIME). +// Connections to that host should succeed. + +// Mock implementation of nsICertOverrideService +const gCertOverrideService = { + rememberValidityOverride() { + throw Cr.NS_ERROR_NOT_IMPLEMENTED; + }, + + rememberTemporaryValidityOverrideUsingFingerprint() { + throw Cr.NS_ERROR_NOT_IMPLEMENTED; + }, + + hasMatchingOverride(hostname, port, cert, overrideBits, isTemporary) { + Assert.equal(hostname, "expired.example.com", + "hasMatchingOverride: hostname should be expired.example.com"); + overrideBits.value = Ci.nsICertOverrideService.ERROR_TIME; + isTemporary.value = false; + return true; + }, + + getValidityOverride() { + throw Cr.NS_ERROR_NOT_IMPLEMENTED; + }, + + clearValidityOverride() { + throw Cr.NS_ERROR_NOT_IMPLEMENTED; + }, + + isCertUsedForOverrides() { + throw Cr.NS_ERROR_NOT_IMPLEMENTED; + }, + + QueryInterface: XPCOMUtils.generateQI([Ci.nsICertOverrideService]) +}; + +function run_test() { + do_get_profile(); + let certOverrideServiceCID = + MockRegistrar.register("@mozilla.org/security/certoverride;1", + gCertOverrideService); + do_register_cleanup(() => { + MockRegistrar.unregister(certOverrideServiceCID); + }); + add_tls_server_setup("BadCertServer", "bad_certs"); + add_connection_test("expired.example.com", PRErrorCodeSuccess); + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_keysize.js b/security/manager/ssl/tests/unit/test_keysize.js new file mode 100644 index 000000000..3a8e28e87 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize.js @@ -0,0 +1,127 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// Checks that RSA certs with key sizes below 1024 bits are rejected. +// Checks that ECC certs using curves other than the NIST P-256, P-384 or P-521 +// curves are rejected. + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +/** + * Tests a cert chain. + * + * @param {String} rootKeyType + * The key type of the root certificate, or the name of an elliptic + * curve, as output by the 'openssl ecparam -list_curves' command. + * @param {Number} rootKeySize + * @param {String} intKeyType + * @param {Number} intKeySize + * @param {String} eeKeyType + * @param {Number} eeKeySize + * @param {PRErrorCode} eeExpectedError + */ +function checkChain(rootKeyType, rootKeySize, intKeyType, intKeySize, + eeKeyType, eeKeySize, eeExpectedError) { + let rootName = "root_" + rootKeyType + "_" + rootKeySize; + let intName = "int_" + intKeyType + "_" + intKeySize; + let eeName = "ee_" + eeKeyType + "_" + eeKeySize; + + let intFullName = intName + "-" + rootName; + let eeFullName = eeName + "-" + intName + "-" + rootName; + + addCertFromFile(certdb, `test_keysize/${rootName}.pem`, "CTu,CTu,CTu"); + addCertFromFile(certdb, `test_keysize/${intFullName}.pem`, ",,"); + let eeCert = constructCertFromFile(`test_keysize/${eeFullName}.pem`); + + do_print("cert o=" + eeCert.organization); + do_print("cert issuer o=" + eeCert.issuerOrganization); + checkCertErrorGeneric(certdb, eeCert, eeExpectedError, + certificateUsageSSLServer); +} + +/** + * Tests various RSA chains. + * + * @param {Number} inadequateKeySize + * @param {Number} adequateKeySize + */ +function checkRSAChains(inadequateKeySize, adequateKeySize) { + // Chain with certs that have adequate sizes for DV + checkChain("rsa", adequateKeySize, + "rsa", adequateKeySize, + "rsa", adequateKeySize, + PRErrorCodeSuccess); + + // Chain with a root cert that has an inadequate size for DV + checkChain("rsa", inadequateKeySize, + "rsa", adequateKeySize, + "rsa", adequateKeySize, + MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE); + + // Chain with an intermediate cert that has an inadequate size for DV + checkChain("rsa", adequateKeySize, + "rsa", inadequateKeySize, + "rsa", adequateKeySize, + MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE); + + // Chain with an end entity cert that has an inadequate size for DV + checkChain("rsa", adequateKeySize, + "rsa", adequateKeySize, + "rsa", inadequateKeySize, + MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE); +} + +function checkECCChains() { + checkChain("secp256r1", 256, + "secp384r1", 384, + "secp521r1", 521, + PRErrorCodeSuccess); + checkChain("secp256r1", 256, + "secp224r1", 224, + "secp256r1", 256, + SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + checkChain("secp256r1", 256, + "secp256r1", 256, + "secp224r1", 224, + SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + checkChain("secp224r1", 224, + "secp256r1", 256, + "secp256r1", 256, + SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + checkChain("secp256r1", 256, + "secp256r1", 256, + "secp256k1", 256, + SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + checkChain("secp256k1", 256, + "secp256r1", 256, + "secp256r1", 256, + SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); +} + +function checkCombinationChains() { + checkChain("rsa", 2048, + "secp256r1", 256, + "secp384r1", 384, + PRErrorCodeSuccess); + checkChain("rsa", 2048, + "secp256r1", 256, + "secp224r1", 224, + SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); + checkChain("secp256r1", 256, + "rsa", 1016, + "secp256r1", 256, + MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE); +} + +function run_test() { + checkRSAChains(1016, 1024); + checkECCChains(); + checkCombinationChains(); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem new file mode 100644 index 000000000..020e46819 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB3DCCAUegAwIBAgIUeW3ngaE/CNhaakp8m4ETFPagv6IwCwYJKoZIhvcNAQEL +MCUxIzAhBgNVBAMMGmludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MCIYDzIwMTUx +MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDExLzAtBgNVBAMMJmVlX3JzYV8x +MDE2LWludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MIGeMA0GCSqGSIb3DQEBAQUA +A4GMADCBiAKBgADSm7EvuE/dzSmzpRnLZsQ7jY+L5UW6eThM5mPtA991mRYA65IH +kNJTDOzlRNuZpx8FiWo+0gcWVTSqmQV+R8R+O8ga2m+h4S43JotQRqVSaPna18y0 +hdgaLhnVDU8LaFSsr2175p2aCDE24Vr6j1PByMhPxgdyed0OVdc2mlvdAgMBAAEw +CwYJKoZIhvcNAQELA4GBACY8sq6EZJpNutOwEli+1sAFY+TEv/vKOUx0YVWOAPDG +Fz/E7FlEzWHoCEgUTkloECJcgZnrJgp6at4X/Bpn6eS3aqDgYqCg/Ec1J3/sroiz +GToe0ts9SsOyb+GEQ1+7AGSDc15AQQ1F6yVSLPtlCTvVy0wGl5hKWESb7LRc//6W +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec new file mode 100644 index 000000000..7b86ef786 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec @@ -0,0 +1,4 @@ +issuer:int_rsa_1024-root_rsa_1024 +subject:ee_rsa_1016-int_rsa_1024-root_rsa_1024 +issuerKey:rsa1024 +subjectKey:rsa1016 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem new file mode 100644 index 000000000..7c36379fe --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB3DCCAUigAwIBAgIUN5wiZ+RfSwcvb1a7l8ucBCzFcnAwCwYJKoZIhvcNAQEL +MCUxIzAhBgNVBAMMGmludF9yc2FfMTAxNi1yb290X3JzYV8xMDI0MCIYDzIwMTUx +MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDExLzAtBgNVBAMMJmVlX3JzYV8x +MDI0LWludF9yc2FfMTAxNi1yb290X3JzYV8xMDI0MIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDTqXRAEB66jF35UD5vk161L/6z6+nQ3Fys4m+XPKlMvA2cMdZs +DAE7zpyC0NSAMo3wX7a815kKUxLdrmFSrW7mHIwb3YZjxovTYiSpiCrnjon1Vt/b +5vUdphEsv8J8ikkza0Gv23UyG1KySnNE0TSOZGNRpVHHVxzNoLj+NfYadQIDAQAB +MAsGCSqGSIb3DQEBCwOBgAB5LmLQhlHBqC31K1lP4+/DdPMeiYY5lN6sIyEhwHOU +nRw6AFk6jt2MA6zOVTsK4xcPkRUiB+4hoUrxnwdup2Tv5x594LIl58dDgG6U0+gS +mMmuOhxkhbdOJZDbHU2OrfS7540M5tPIMWxrG0JsUgQqHryVMxx/B7x+dQaIujjV +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec new file mode 100644 index 000000000..326d665dc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec @@ -0,0 +1,4 @@ +issuer:int_rsa_1016-root_rsa_1024 +subject:ee_rsa_1024-int_rsa_1016-root_rsa_1024 +issuerKey:rsa1016 +subjectKey:rsa1024 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem new file mode 100644 index 000000000..6020cf3ae --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICQjCCAa2gAwIBAgIUD/XcUH+cenVky6AuBp4QqnIEB3QwCwYJKoZIhvcNAQEL +MCUxIzAhBgNVBAMMGmludF9yc2FfMTAyNC1yb290X3JzYV8xMDE2MCIYDzIwMTUx +MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB3JzYTEwMjQw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ +PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH +9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw +4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86 +exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0 +ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N +AgMBAAEwCwYJKoZIhvcNAQELA4GBAJZyjN7rSepxVDNQRLWwdmf6McLXL4ihB+ib +jqCOEHOLEoiB18juTh6bsB+Y5BTHAWWmqBOEcRX88R+ICTuHDbh76Y1yWsFw/4Xi +is+yTvZkmtNEzEM4GWXRRBq0WuWFWMGAeFOPXNhs1UDYvrcpRd6byjohkFrj0zQc +LtWo6gR0 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec new file mode 100644 index 000000000..c44a089ed --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec @@ -0,0 +1,4 @@ +issuer:int_rsa_1024-root_rsa_1016 +subject:ee_rsa_1024-int_rsa_1024-root_rsa_1016 +issuerKey:rsa1024 +subject:rsa1024 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem new file mode 100644 index 000000000..020b749b0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB3TCCAUigAwIBAgIUNzU3VQCyiT+NrgvVMkBnUSgebnYwCwYJKoZIhvcNAQEL +MCUxIzAhBgNVBAMMGmludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MCIYDzIwMTUx +MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDExLzAtBgNVBAMMJmVlX3JzYV8x +MDI0LWludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDTqXRAEB66jF35UD5vk161L/6z6+nQ3Fys4m+XPKlMvA2cMdZs +DAE7zpyC0NSAMo3wX7a815kKUxLdrmFSrW7mHIwb3YZjxovTYiSpiCrnjon1Vt/b +5vUdphEsv8J8ikkza0Gv23UyG1KySnNE0TSOZGNRpVHHVxzNoLj+NfYadQIDAQAB +MAsGCSqGSIb3DQEBCwOBgQCUvRKlj6hAjRSMr6KjNfSIiDErCt9lkWT+Xoknz+OW +VACuTjBO5xOLabaYhGxHDlaDGw6hZOvF29e8cid5eEogNiSBtCgjh34w1mHQ2LVf +SuG7GFRQLvzOHUQqgzftnVzw/ak+SVgnh9UyzHVv8CR9ljB1jNu7AAFB4s1IXlC7 ++w== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec new file mode 100644 index 000000000..a6ee408ec --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec @@ -0,0 +1,4 @@ +issuer:int_rsa_1024-root_rsa_1024 +subject:ee_rsa_1024-int_rsa_1024-root_rsa_1024 +issuerKey:rsa1024 +subjectKey:rsa1024 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem new file mode 100644 index 000000000..18adf9859 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBXTCCAQOgAwIBAgIUIY9dtWlq0GcuLIMvwadTnAygONIwCgYIKoZIzj0EAwIw +KjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9yc2FfMjA0ODAiGA8y +MDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjA7MTkwNwYDVQQDDDBlZV9z +ZWNwMjI0cjFfMjI0LWludF9zZWNwMjU2cjFfMjU2LXJvb3RfcnNhXzIwNDgwTTAQ +BgcqhkjOPQIBBgUrgQQAIQM5AARmjXLMpv1qGzVXtTZhBNhECOy2N/COjIa7/4LM +6I8AZtevY8Mpi6N3NIoSArA7N/1rH/QVqjEeMAoGCCqGSM49BAMCA0gAMEUCIFx1 +UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiEA8WmMKFZiEqHpzhBMF56W +ohttkzkw5Pim1A3Pg+M+EgQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec new file mode 100644 index 000000000..87d2f6733 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec @@ -0,0 +1,5 @@ +issuer:int_secp256r1_256-root_rsa_2048 +subject:ee_secp224r1_224-int_secp256r1_256-root_rsa_2048 +issuerKey:secp256r1 +subjectKey:secp224r1 +signature:ecdsaWithSHA256 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem new file mode 100644 index 000000000..04b630f61 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBZjCCAQ2gAwIBAgIUceEyhHgm6jvAxRjgPB7TZEUD6+cwCgYIKoZIzj0EAwIw +LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2cjFfMjU2 +MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM +NWVlX3NlY3AyMjRyMV8yMjQtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2 +cjFfMjU2ME0wEAYHKoZIzj0CAQYFK4EEACEDOQAEZo1yzKb9ahs1V7U2YQTYRAjs +tjfwjoyGu/+CzOiPAGbXr2PDKYujdzSKEgKwOzf9ax/0FaoxHjAKBggqhkjOPQQD +AgNHADBEAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctCgApw5gIgSy0oqg4P +75DkJCciEqnZbDsjC82PJPWEC0VfaspSdcs= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec new file mode 100644 index 000000000..1aadce076 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec @@ -0,0 +1,5 @@ +issuer:int_secp256r1_256-root_secp256r1_256 +subject:ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256 +issuerKey:secp256r1 +subjectKey:secp224r1 +signature:ecdsaWithSHA256 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem new file mode 100644 index 000000000..b90be0ce3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBbzCCARagAwIBAgIUUwzZV7XszL/aVykB1Ozw35aJd3YwCgYIKoZIzj0EAwIw +LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2cjFfMjU2 +MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM +NWVlX3NlY3AyNTZrMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2 +cjFfMjU2MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAENe58conY/veoav5dpm2Lwuu2 +qFQ/0v6tCJ9FznrND6ZDgqlQDEHa13D/1LURv0tJLrEjiADDLE92xzo/MpTnxTAK +BggqhkjOPQQDAgNHADBEAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctCgApw +5gIgVFxK6Odv9UpwqHXdT8lB+8UfLtaQlfo2r343SK9X9sI= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec new file mode 100644 index 000000000..ba999e8f1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec @@ -0,0 +1,5 @@ +issuer:int_secp256r1_256-root_secp256r1_256 +subject:ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256 +issuerKey:secp256r1 +subjectKey:secp256k1 +signature:ecdsaWithSHA256 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem new file mode 100644 index 000000000..024ca3e4c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpDCCARCgAwIBAgIUabB6dOZPUb0d2XR3LNB3Cd/AuwgwCwYJKoZIhvcNAQEL +MCoxKDAmBgNVBAMMH2ludF9yc2FfMTAxNi1yb290X3NlY3AyNTZyMV8yNTYwIhgP +MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowOzE5MDcGA1UEAwwwZWVf +c2VjcDI1NnIxXzI1Ni1pbnRfcnNhXzEwMTYtcm9vdF9zZWNwMjU2cjFfMjU2MFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE4uwFC0I+PPcu +kj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqmwDALBgkqhkiG +9w0BAQsDgYAApXG0yYRLpX60cYFkYhTIEc05prxaID/hQeDNxfCqaBpH2SojlDX1 +rud/Iu3siUy4FUQK00Dfl8mYwo88xah/uCQnmmVuC8BAdnYYQ3Qnf+wM3NWeXKW4 +8+uk/PnloAlOXBaNUeUeaq0ohQctWGuutT0oJSeDv3GfkpJJ0dkGTg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec new file mode 100644 index 000000000..1e2e0a375 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec @@ -0,0 +1,4 @@ +issuer:int_rsa_1016-root_secp256r1_256 +subject:ee_secp256r1_256-int_rsa_1016-root_secp256r1_256 +issuerKey:rsa1016 +subjectKey:secp256r1 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem new file mode 100644 index 000000000..f8e48209c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBazCCARmgAwIBAgIUP9OfNyc0D57T6dGzurRvtWWkKtswCgYIKoZIzj0EAwIw +LzEtMCsGA1UEAwwkaW50X3NlY3AyMjRyMV8yMjQtcm9vdF9zZWNwMjU2cjFfMjU2 +MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM +NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyMjRyMV8yMjQtcm9vdF9zZWNwMjU2 +cjFfMjU2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE +4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm +wDAKBggqhkjOPQQDAgNAADA9Ah0Amjxv8EbbcPJV9S/WmFIc1y28BSBjT5W2S7JS +VAIcAlACd6sAyqbCmlQSNaKuHGiqQ2yNdWctbBudVg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec new file mode 100644 index 000000000..bd7bc770c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec @@ -0,0 +1,5 @@ +issuer:int_secp224r1_224-root_secp256r1_256 +subject:ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256 +issuerKey:secp224r1 +subjectKey:secp256r1 +signature:ecdsaWithSHA256 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem new file mode 100644 index 000000000..907017269 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBczCCARmgAwIBAgIULSjU8D5+HqVNW0P/AVRxquSuYOQwCgYIKoZIzj0EAwIw +LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjI0cjFfMjI0 +MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM +NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjI0 +cjFfMjI0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE +4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm +wDAKBggqhkjOPQQDAgNIADBFAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctC +gApw5gIhAOOBpYoI2SObZwV+QABdwsb4CKb/p/BUPvBpLZl7qsyq +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec new file mode 100644 index 000000000..fe7b7f748 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec @@ -0,0 +1,5 @@ +issuer:int_secp256r1_256-root_secp224r1_224 +subject:ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224 +issuerKey:secp256r1 +subjectKey:secp256r1 +signature:ecdsaWithSHA256 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem new file mode 100644 index 000000000..37060f122 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBczCCARmgAwIBAgIUH1IpzZfvEpF2JmV7KBKHG0jM9HUwCgYIKoZIzj0EAwIw +LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2azFfMjU2 +MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM +NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2 +azFfMjU2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE +4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm +wDAKBggqhkjOPQQDAgNIADBFAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctC +gApw5gIhALrNUdttA6aKyReemPg5+7blFCdkym+iRE4ZY4r4v7Dj +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec new file mode 100644 index 000000000..aefffd981 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec @@ -0,0 +1,5 @@ +issuer:int_secp256r1_256-root_secp256k1_256 +subject:ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256 +issuerKey:secp256r1 +subjectKey:secp256r1 +signature:ecdsaWithSHA256 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem new file mode 100644 index 000000000..c2d227243 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBhjCCASygAwIBAgIUTXVKaNjXdPHww35r4Jei7lctp3kwCgYIKoZIzj0EAwIw +KjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9yc2FfMjA0ODAiGA8y +MDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjA7MTkwNwYDVQQDDDBlZV9z +ZWNwMzg0cjFfMzg0LWludF9zZWNwMjU2cjFfMjU2LXJvb3RfcnNhXzIwNDgwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtg +jiUt5LcTLajOmOgxU05qnAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalx +A74oiM/wAvBa9xof3cyDdKpuqc4wCgYIKoZIzj0EAwIDSAAwRQIgXHVRnxMRUM1d +it4go7wGMJH/snN1XzFk7P3LQoAKcOYCIQCRU+DcUMuYV2efLWpgVoL6JAEeudGB +jHb72NkQZb/BNg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec new file mode 100644 index 000000000..615818d08 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec @@ -0,0 +1,5 @@ +issuer:int_secp256r1_256-root_rsa_2048 +subject:ee_secp384r1_384-int_secp256r1_256-root_rsa_2048 +issuerKey:secp256r1 +subjectKey:secp384r1 +signature:ecdsaWithSHA256 diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem new file mode 100644 index 000000000..5f5416365 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAVygAwIBAgIUEcVF5BYUztPG7i0t9PxIGg6o6dwwCgYIKoZIzj0EAwIw +LzEtMCsGA1UEAwwkaW50X3NlY3AzODRyMV8zODQtcm9vdF9zZWNwMjU2cjFfMjU2 +MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM +NWVlX3NlY3A1MjFyMV81MjEtaW50X3NlY3AzODRyMV8zODQtcm9vdF9zZWNwMjU2 +cjFfMjU2MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBTNycrMR5QQlrycxmdS7C +f1l3NPpmxit5L4jFGdbTfw0W6hxIOhgnoBC5Eo46CAcMoz719Xg1t8G6JR9sw1Id +xCsBBlNFGYG0RdND7tN4KjXWz/D/SE9aiD0gnxuQQrcmcDVosvMm4YuDO92KoHND +krzRlQHhDWmKefU+EeCiK90qrZAwCgYIKoZIzj0EAwIDaAAwZQIxAO0GJz6haDpU +tNgaQ3SESJY85j6+gRcD7Nc9cvCiVAZZ1OxFRuhW515lVbeTqfcA8wIwSn3QMxb0 +JD+pr9shd7R0F9hefLnHrygMF241qnEEwG0NqwPoe2gdQMFv/B7QntvX +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec new file mode 100644 index 000000000..b2ae9d0c8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec @@ -0,0 +1,5 @@ +issuer:int_secp384r1_384-root_secp256r1_256 +subject:ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256 +issuerKey:secp384r1 +subjectKey:secp521r1 +signature:ecdsaWithSHA256 diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem new file mode 100644 index 000000000..4e3b0d034 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4jCCAU2gAwIBAgIUZwdE3TaQiMsy82qMqZoGP6z0CwwwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMjQwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowJTEjMCEGA1UEAwwaaW50X3JzYV8xMDE2LXJvb3RfcnNh +XzEwMjQwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAANKbsS+4T93NKbOlGctm +xDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZBX5H +xH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbhWvqP +U8HIyE/GB3J53Q5V1zaaW90CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8E +BAMCAQYwCwYJKoZIhvcNAQELA4GBAGHDJkpCPHfVaQBBRoNWB4xLqnatAEx00jlS +APUs7bJ6YFjrGElxTmtac5zB6+NpaEZL5JhUEPSEz/V3g0vaO+/W84pDiLQZgf+R +ZwG0KmxFOfetZCIKPvue/f+aWaU+SHV9ioPz647iDYJOvEBHfWj7Iz7cjw4y7bUN +cBOGkoOc +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec new file mode 100644 index 000000000..c6e77116b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec @@ -0,0 +1,6 @@ +issuer:root_rsa_1024 +subject:int_rsa_1016-root_rsa_1024 +issuerKey:rsa1024 +subjectKey:rsa1016 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem new file mode 100644 index 000000000..261ca6448 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBrzCCAVagAwIBAgIUExAlIjL69OL4W35uYWfbpzZ207YwCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMCoxKDAmBgNVBAMMH2ludF9yc2FfMTAxNi1yb290 +X3NlY3AyNTZyMV8yNTYwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAANKbsS+4 +T93NKbOlGctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7S +BxZVNKqZBX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvm +nZoIMTbhWvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAaMdMBswDAYDVR0TBAUwAwEB +/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDRwAwRAIgXHVRnxMRUM1dit4go7wG +MJH/snN1XzFk7P3LQoAKcOYCIDmD30j813c64HuW9WnjhZWMPRLqIiAMD+u9hWOm +17If +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec new file mode 100644 index 000000000..27728ca37 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec @@ -0,0 +1,7 @@ +issuer:root_secp256r1_256 +subject:int_rsa_1016-root_secp256r1_256 +issuerKey:secp256r1 +subjectKey:rsa1016 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem new file mode 100644 index 000000000..eff1ee721 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4jCCAU6gAwIBAgIUeTtd4gq+pnMumaH8M1hJb7WxuRAwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMTYwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowJTEjMCEGA1UEAwwaaW50X3JzYV8xMDI0LXJvb3RfcnNh +XzEwMTYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOpdEAQHrqMXflQPm+T +XrUv/rPr6dDcXKzib5c8qUy8DZwx1mwMATvOnILQ1IAyjfBftrzXmQpTEt2uYVKt +buYcjBvdhmPGi9NiJKmIKueOifVW39vm9R2mESy/wnyKSTNrQa/bdTIbUrJKc0TR +NI5kY1GlUcdXHM2guP419hp1AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgEGMAsGCSqGSIb3DQEBCwOBgACvCVg2KCtiE/g+PkXU3bn7mj4hGwOxH+2P +NnyhAnlx3kEEEJIHaCIS3s56wiWtwf0P4DG1qHn+IZR6zbZ+0ALzZneREtGvLCNI +M7+GCoOmkPWbR4I+2wYpBgRtHDeK06EWbrSQF9V+P+Z9hXW7NJ/npxD40+fs27Ot +hjVyw0ex +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec new file mode 100644 index 000000000..fafb393bf --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec @@ -0,0 +1,6 @@ +issuer:root_rsa_1016 +subject:int_rsa_1024-root_rsa_1016 +issuerKey:rsa1016 +subjectKey:rsa1024 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem new file mode 100644 index 000000000..3c6264488 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4zCCAU6gAwIBAgIUKd2Q3DzwYKrXasi5yQdWvgSatdgwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMjQwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowJTEjMCEGA1UEAwwaaW50X3JzYV8xMDI0LXJvb3RfcnNh +XzEwMjQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOpdEAQHrqMXflQPm+T +XrUv/rPr6dDcXKzib5c8qUy8DZwx1mwMATvOnILQ1IAyjfBftrzXmQpTEt2uYVKt +buYcjBvdhmPGi9NiJKmIKueOifVW39vm9R2mESy/wnyKSTNrQa/bdTIbUrJKc0TR +NI5kY1GlUcdXHM2guP419hp1AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgEGMAsGCSqGSIb3DQEBCwOBgQBpJC20/N+v3Xb66ZpiGiwrh2zAo940Fvmo +UXPG5+jwTCSowU8aDXGq+PeHsu+X58NTigSU37zhu4xOATCL06w71FnJTfVFseF1 +FUnYPQahSARRlMGyz3AfcTcexTqiJCIn7Owvsjj9eEUKiMnwOY5z+vc11g3pW2Q4 +ALoRuo9ETg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec new file mode 100644 index 000000000..66891f979 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec @@ -0,0 +1,6 @@ +issuer:root_rsa_1024 +subject:int_rsa_1024-root_rsa_1024 +issuerKey:rsa1024 +subjectKey:rsa1024 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem new file mode 100644 index 000000000..cfd1fc33a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBYzCCAQmgAwIBAgIUMfmdT1oaX8JMXd4bb7glStZfa0AwCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjI0cjFfMjI0 +LXJvb3Rfc2VjcDI1NnIxXzI1NjBNMBAGByqGSM49AgEGBSuBBAAhAzkABGaNcsym +/WobNVe1NmEE2EQI7LY38I6Mhrv/gszojwBm169jwymLo3c0ihICsDs3/Wsf9BWq +MR6jHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0gA +MEUCIFx1UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiEAv+3koyIlSx0a +SY0agquE0R53+/Q+kNJwlvdfEMNYjs4= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec new file mode 100644 index 000000000..89d77d3b8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec @@ -0,0 +1,7 @@ +issuer:root_secp256r1_256 +subject:int_secp224r1_224-root_secp256r1_256 +issuerKey:secp256r1 +subjectKey:secp224r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem new file mode 100644 index 000000000..5cda1057d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICIjCCAQygAwIBAgIUUyCpJPo1OBfUzS63URCB8jij4wYwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzIwNDgwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowKjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9v +dF9yc2FfMjA0ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/u7th4Pj5saYK +WayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGTkNeZG3stB6ME +6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEB +CwOCAQEAQFZl1Ogt4U76JlyY3Iuw3xKnOUyU+Mmt1oD+WXuHuwuxBbd29n0at+Qi +wOomkgbbudIiVF+X+AXb/PKXmQhUqQxQzROt77cU8JV7upVf0NaN26rrwLgoGFI0 +ipmxbzev2nMrJMkzH2cAEXKCE92VPaQGsuLR0SlGFsHTDRPk5bNI8RL5CxPjw0VA +89wLF+DB1yqtuWIuqvgIG38BQCnRyZiql9eH+EQtonPm+L+PAa5MJAHNF+C7vHEN +TB6gjO2J6Pt6tt50ByikmTjQcIMLkG6Y63XUpNZYMToUSnd+BvcuJDY1nDHv2BG2 +l1s7rOMeHUKiDjhKnhiyOBemiwjomQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec new file mode 100644 index 000000000..44a65ef5a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec @@ -0,0 +1,5 @@ +issuer:root_rsa_2048 +subject:int_secp256r1_256-root_rsa_2048 +subjectKey:secp256r1 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem new file mode 100644 index 000000000..2d04da2e0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBaDCCARWgAwIBAgIUFW655tKQ8N76G2Fs4e+yyy9HSu0wCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAwwScm9vdF9zZWNwMjI0cjFfMjI0MCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2 +LXJvb3Rfc2VjcDIyNHIxXzIyNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/ +u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT +kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG +CCqGSM49BAMCA0EAMD4CHQCaPG/wRttw8lX1L9aYUhzXLbwFIGNPlbZLslJUAh0A +sdRLm9WH7E0AswZO3oBFsoiZgtUXKojJjBOlhQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec new file mode 100644 index 000000000..66ebc1b93 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec @@ -0,0 +1,7 @@ +issuer:root_secp224r1_224 +subject:int_secp256r1_256-root_secp224r1_224 +issuerKey:secp224r1 +subjectKey:secp256r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem new file mode 100644 index 000000000..dba78878f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBbjCCARWgAwIBAgIUYTlSrggMzCP6DVELNF4gN3/2PagwCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2azFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2 +LXJvb3Rfc2VjcDI1NmsxXzI1NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/ +u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT +kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG +CCqGSM49BAMCA0cAMEQCIGNZAgGJ1z5b/9EWTuPiCuBK2HWvd1yTYLoQH5fdJy0k +AiBNdBxpWObwfdKgHCLH8gHgQEBLLT5lpWwSlvTGnjknKQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec new file mode 100644 index 000000000..c7e190ab0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec @@ -0,0 +1,7 @@ +issuer:root_secp256k1_256 +subject:int_secp256r1_256-root_secp256k1_256 +issuerKey:secp256k1 +subjectKey:secp256r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem new file mode 100644 index 000000000..b415487ef --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBbzCCARWgAwIBAgIUZ1LG/akVEjMI75EV2IrvSQz2ONgwCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2 +LXJvb3Rfc2VjcDI1NnIxXzI1NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/ +u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT +kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG +CCqGSM49BAMCA0gAMEUCIFx1UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDm +AiEA3SQoQJXCBse68NgRuB1mVoMTEJOAe+qrkoRGsx5dNDY= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec new file mode 100644 index 000000000..6854d2187 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec @@ -0,0 +1,7 @@ +issuer:root_secp256r1_256 +subject:int_secp256r1_256-root_secp256r1_256 +issuerKey:secp256r1 +subjectKey:secp256r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem new file mode 100644 index 000000000..c2958dc6d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBjDCCATKgAwIBAgIURykYBB7pd62OS//UuN+CSn+WSwwwCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMzg0cjFfMzg0 +LXJvb3Rfc2VjcDI1NnIxXzI1NjB2MBAGByqGSM49AgEGBSuBBAAiA2IABKFockM2 +K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMtqM6Y6DFTTmqcDAsJyNY5regy +BuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC8Fr3Gh/dzIN0qm6pzqMdMBsw +DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDSAAwRQIgXHVR +nxMRUM1dit4go7wGMJH/snN1XzFk7P3LQoAKcOYCIQDQJQ6/wj2o6teiKvbzgn63 +QDv+vT1n/+9GOhIWeo1FSw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec new file mode 100644 index 000000000..de8e85198 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec @@ -0,0 +1,7 @@ +issuer:root_secp256r1_256 +subject:int_secp384r1_384-root_secp256r1_256 +issuerKey:secp256r1 +subjectKey:secp384r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/moz.build b/security/manager/ssl/tests/unit/test_keysize/moz.build new file mode 100644 index 000000000..a69bf43a9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/moz.build @@ -0,0 +1,41 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem', +# 'ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem', +# 'ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem', +# 'ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem', +# 'ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem', +# 'ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem', +# 'ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem', +# 'ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem', +# 'ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem', +# 'ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem', +# 'ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem', +# 'ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem', +# 'ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem', +# 'int_rsa_1016-root_rsa_1024.pem', +# 'int_rsa_1016-root_secp256r1_256.pem', +# 'int_rsa_1024-root_rsa_1016.pem', +# 'int_rsa_1024-root_rsa_1024.pem', +# 'int_secp224r1_224-root_secp256r1_256.pem', +# 'int_secp256r1_256-root_rsa_2048.pem', +# 'int_secp256r1_256-root_secp224r1_224.pem', +# 'int_secp256r1_256-root_secp256k1_256.pem', +# 'int_secp256r1_256-root_secp256r1_256.pem', +# 'int_secp384r1_384-root_secp256r1_256.pem', +# 'root_rsa_1016.pem', +# 'root_rsa_1024.pem', +# 'root_rsa_2048.pem', +# 'root_secp224r1_224.pem', +# 'root_secp256k1_256.pem', +# 'root_secp256r1_256.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem new file mode 100644 index 000000000..0a72087f1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1DCCAUCgAwIBAgIUM7Lg6QmOdkt261MCbyFKi45pe74wCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMTYwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAxNjCBnjANBgkq +hkiG9w0BAQEFAAOBjAAwgYgCgYAA0puxL7hP3c0ps6UZy2bEO42Pi+VFunk4TOZj +7QPfdZkWAOuSB5DSUwzs5UTbmacfBYlqPtIHFlU0qpkFfkfEfjvIGtpvoeEuNyaL +UEalUmj52tfMtIXYGi4Z1Q1PC2hUrK9te+admggxNuFa+o9TwcjIT8YHcnndDlXX +Nppb3QIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG +9w0BAQsDgYAAg+CxStL2zK/003mV+gzN6dSgozHCdJyVQLN9LbsqvAHu/Ker02zl +Ngsq7TZmpCKfa2VYRpNJbzW0095UGnD/qVS876pNzQPmUlg5QVWda6y2esKwksxO +7yEShApyGMgxL4VEkCNxz40+NfU2falPeXtjkZU6CuOTWSU/cWRs1w== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec new file mode 100644 index 000000000..b0b5ba8e5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec @@ -0,0 +1,6 @@ +issuer:root_rsa_1016 +subject:root_rsa_1016 +issuerKey:rsa1016 +subjectKey:rsa1016 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem new file mode 100644 index 000000000..4057c0d02 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAUGgAwIBAgIUN4fAqdmb7z7NLWF0XiUi1tHIHQ0wCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMjQwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAyNDCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEA06l0QBAeuoxd+VA+b5NetS/+s+vp0NxcrOJv +lzypTLwNnDHWbAwBO86cgtDUgDKN8F+2vNeZClMS3a5hUq1u5hyMG92GY8aL02Ik +qYgq546J9Vbf2+b1HaYRLL/CfIpJM2tBr9t1MhtSskpzRNE0jmRjUaVRx1cczaC4 +/jX2GnUCAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZI +hvcNAQELA4GBABaze8o5xyNFgdXvK0pFIj+ZfG634ATqddoE7x1C89M3Mh4j5nJv +/zuKwz1NS4uty584WWCODuu1iAqwKYeOmg2aejN3k/cVWMEqmRG5DRL9CdYs8/Jt +eFS05lsRzHVRq9m7nEOgv5Xhbn5egMwGxEjmI0Bu/o1YJ/2hxrhXit5W +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec new file mode 100644 index 000000000..09cd420f7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec @@ -0,0 +1,6 @@ +issuer:root_rsa_1024 +subject:root_rsa_1024 +issuerKey:rsa1024 +subjectKey:rsa1024 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem new file mode 100644 index 000000000..f08030ecc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2zCCAcWgAwIBAgIUL9RaZAoENJalu9ROFdxp+1zeK3wwCwYJKoZIhvcNAQEL +MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzIwNDgwIhgPMjAxNTExMjgwMDAwMDBaGA8y +MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNcm9vdF9yc2FfMjA0ODCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1 +SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+ +zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL +K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc +bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW +JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd +MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQAG +/Ky5Qkbd1EjvW6h/wvxOP5jj5FQiN4c+kxP5IpiXZr2YyjZIVRShExNfzpCmLuPq +rkaY/IZVHT32bwW87BudscCL9lTqZbsDXayEh2KuWDbw/+FfXd+KpKWi6jweyjyW +159Im2POWzi9XyKtwY6GdVKhsrL5LwCO9nhNBwVoQ+2WiFvc5eggNPl7WTbywgV3 +eDfDVN+3NVAoDw6tcTkFYbmjJpF3w+c839wtiIJEvQ6okv5cZOLF4pW+3PoYAEaI +jVfGtGF8QnzSBeetTliQcCy0Ce/mVZ+N0+bYeHrTm4Bm5YySszKs+1vxdzm9+fH3 +jZ6//NQm+C+GVbNGj8Nm +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec new file mode 100644 index 000000000..cebc2f8e6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec @@ -0,0 +1,4 @@ +issuer:root_rsa_2048 +subject:root_rsa_2048 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem new file mode 100644 index 000000000..afc387bf1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBSDCB96ADAgECAhQJ0gm/8w+13dcPEBRcKlEAdi1aKjAKBggqhkjOPQQDAjAd +MRswGQYDVQQDDBJyb290X3NlY3AyMjRyMV8yMjQwIhgPMjAxNTExMjgwMDAwMDBa +GA8yMDE4MDIwNTAwMDAwMFowHTEbMBkGA1UEAwwScm9vdF9zZWNwMjI0cjFfMjI0 +ME0wEAYHKoZIzj0CAQYFK4EEACEDOQAEZo1yzKb9ahs1V7U2YQTYRAjstjfwjoyG +u/+CzOiPAGbXr2PDKYujdzSKEgKwOzf9ax/0FaoxHqMdMBswDAYDVR0TBAUwAwEB +/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDQAAwPQIdAJo8b/BG23DyVfUv1phS +HNctvAUgY0+VtkuyUlQCHFuyUCiwjmlUwEFrlJJcS0k4ErhiiH2J96FdTCw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec new file mode 100644 index 000000000..31370f6f7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec @@ -0,0 +1,7 @@ +issuer:root_secp224r1_224 +subject:root_secp224r1_224 +issuerKey:secp224r1 +subjectKey:secp224r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem new file mode 100644 index 000000000..19cbdc712 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBWTCCAQCgAwIBAgIUDZ1MSO282sT4cTPmUNrRED65xiAwCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2azFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMB0xGzAZBgNVBAMMEnJvb3Rfc2VjcDI1NmsxXzI1 +NjBWMBAGByqGSM49AgEGBSuBBAAKA0IABDXufHKJ2P73qGr+XaZti8LrtqhUP9L+ +rQifRc56zQ+mQ4KpUAxB2tdw/9S1Eb9LSS6xI4gAwyxPdsc6PzKU58WjHTAbMAwG +A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0cAMEQCIGNZAgGJ +1z5b/9EWTuPiCuBK2HWvd1yTYLoQH5fdJy0kAiBbbODJAli2zU6pkhPi4lq9+jKA +l32sv96VWrOsyrAFjg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec new file mode 100644 index 000000000..c78aa61bb --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec @@ -0,0 +1,7 @@ +issuer:root_secp256k1_256 +subject:root_secp256k1_256 +issuerKey:secp256k1 +subjectKey:secp256k1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem new file mode 100644 index 000000000..2417685dd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBXTCCAQOgAwIBAgIUHe1Ak9B5RX1dDhygSBpPrhZ9JEowCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMB0xGzAZBgNVBAMMEnJvb3Rfc2VjcDI1NnIxXzI1 +NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/u7th4Pj5saYKWayHBOLsBQtC +Pjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGTkNeZG3stB6ME6qBKpsCjHTAb +MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0gAMEUCIFx1 +UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiEA/cwfybIBowGnPXI58HEd +4kEWa8IF3nFuEFBja30LxhI= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec new file mode 100644 index 000000000..4447fc4b4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec @@ -0,0 +1,7 @@ +issuer:root_secp256r1_256 +subject:root_secp256r1_256 +issuerKey:secp256r1 +subjectKey:secp256r1 +signature:ecdsaWithSHA256 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize_ev.js b/security/manager/ssl/tests/unit/test_keysize_ev.js new file mode 100644 index 000000000..b6b4ccade --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev.js @@ -0,0 +1,146 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Checks that RSA certs with key sizes below 2048 bits when verifying for EV +// are rejected. + +do_get_profile(); // Must be called before getting nsIX509CertDB +const certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +const SERVER_PORT = 8888; + +function getOCSPResponder(expectedCertNames) { + let expectedPaths = expectedCertNames.slice(); + return startOCSPResponder(SERVER_PORT, "www.example.com", "test_keysize_ev/", + expectedCertNames, expectedPaths); +} + +function loadCert(certName, trustString) { + let certFilename = "test_keysize_ev/" + certName + ".pem"; + addCertFromFile(certDB, certFilename, trustString); + return constructCertFromFile(certFilename); +} + +/** + * Adds a single EV key size test. + * + * @param {Array} expectedNamesForOCSP + * An array of nicknames of the certs to be responded to. + * @param {String} rootCertFileName + * The file name of the root cert. Can begin with ".." to reference + * certs in folders other than "test_keysize_ev/". + * @param {Array} intCertFileNames + * An array of file names of any intermediate certificates. + * @param {String} endEntityCertFileName + * The file name of the end entity cert. + * @param {Boolean} expectedResult + * Whether the chain is expected to validate as EV. + */ +function addKeySizeTestForEV(expectedNamesForOCSP, + rootCertFileName, intCertFileNames, + endEntityCertFileName, expectedResult) +{ + add_test(function() { + clearOCSPCache(); + let ocspResponder = getOCSPResponder(expectedNamesForOCSP); + + loadCert(rootCertFileName, "CTu,CTu,CTu"); + for (let intCertFileName of intCertFileNames) { + loadCert(intCertFileName, ",,"); + } + checkEVStatus( + certDB, + constructCertFromFile(`test_keysize_ev/${endEntityCertFileName}.pem`), + certificateUsageSSLServer, + expectedResult); + + ocspResponder.stop(run_next_test); + }); +} + +/** + * For debug builds which have the test EV roots compiled in, checks RSA chains + * which contain certs with key sizes adequate for EV are validated as such, + * while chains that contain any cert with an inadequate key size fail EV and + * validate as DV. + * For opt builds which don't have the test EV roots compiled in, checks that + * none of the chains validate as EV. + * + * Note: This function assumes that the key size requirements for EV are greater + * than the requirements for DV. + * + * @param {Number} inadequateKeySize + * The inadequate key size of the generated certs. + * @param {Number} adequateKeySize + * The adequate key size of the generated certs. + */ +function checkRSAChains(inadequateKeySize, adequateKeySize) { + // Reuse the existing test RSA EV root + let rootOKCertFileName = "../test_ev_certs/evroot"; + let rootOKName = "evroot"; + let rootNotOKName = "ev_root_rsa_" + inadequateKeySize; + let intOKName = "ev_int_rsa_" + adequateKeySize; + let intNotOKName = "ev_int_rsa_" + inadequateKeySize; + let eeOKName = "ev_ee_rsa_" + adequateKeySize; + let eeNotOKName = "ev_ee_rsa_" + inadequateKeySize; + + // Chain with certs that have adequate sizes for EV and DV + // In opt builds, this chain is only validated for DV. Hence, an OCSP fetch + // will for example not be done for the "ev_int_rsa_2048-evroot" intermediate + // in such a build. + let intFullName = intOKName + "-" + rootOKName; + let eeFullName = eeOKName + "-" + intOKName + "-" + rootOKName; + let expectedNamesForOCSP = gEVExpected + ? [ intFullName, + eeFullName ] + : [ eeFullName ]; + addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName, + [ intFullName ], eeFullName, gEVExpected); + + // Chain with a root cert that has an inadequate size for EV, but + // adequate size for DV + intFullName = intOKName + "-" + rootNotOKName; + eeFullName = eeOKName + "-" + intOKName + "-" + rootNotOKName; + expectedNamesForOCSP = [ eeFullName ]; + addKeySizeTestForEV(expectedNamesForOCSP, rootNotOKName, + [ intFullName ], eeFullName, false); + + // Chain with an intermediate cert that has an inadequate size for EV, but + // adequate size for DV + intFullName = intNotOKName + "-" + rootOKName; + eeFullName = eeOKName + "-" + intNotOKName + "-" + rootOKName; + expectedNamesForOCSP = [ eeFullName ]; + addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName, + [ intFullName ], eeFullName, false); + + // Chain with an end entity cert that has an inadequate size for EV, but + // adequate size for DV + intFullName = intOKName + "-" + rootOKName; + eeFullName = eeNotOKName + "-" + intOKName + "-" + rootOKName; + expectedNamesForOCSP = gEVExpected + ? [ intFullName, + eeFullName ] + : [ eeFullName ]; + addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName, + [ intFullName ], eeFullName, false); +} + +function run_test() { + Services.prefs.setCharPref("network.dns.localDomains", "www.example.com"); + Services.prefs.setIntPref("security.OCSP.enabled", 1); + + let smallKeyEVRoot = + constructCertFromFile("test_keysize_ev/ev_root_rsa_2040.pem"); + equal(smallKeyEVRoot.sha256Fingerprint, + "49:46:10:F4:F5:B1:96:E7:FB:FA:4D:A6:34:03:D0:99:" + + "22:D4:77:20:3F:84:E0:DF:1C:AD:B4:C2:76:BB:63:24", + "test sanity check: the small-key EV root must have the same " + + "fingerprint as the corresponding entry in ExtendedValidation.cpp"); + + checkRSAChains(2040, 2048); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem new file mode 100644 index 000000000..1e231157c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYzCCAk2gAwIBAgIUYWcJYs/7lzpBLFqmhT8F7LPbOLAwCwYJKoZIhvcNAQEL +MCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0OC1ldnJvb3QwIhgPMjAxNTExMjgw +MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlZXZfZWVfcnNhXzIw +NDAtZXZfaW50X3JzYV8yMDQ4LWV2cm9vdDCCASEwDQYJKoZIhvcNAQEBBQADggEO +ADCCAQkCggEAALrAZS/fvABViC/7rqzuyI+i0IPCl91dQGZN09kPUvmqAr2KUPuh +bg/ZkYeO9HX5s1DZ+OPrKr1xfOMnsJeIUx8T344+TjudYWu4pB5TBu7SRyFjFhBR +GAEnak62bwczG1y8i8rnAWqPmz1PKsRVPGJM9SY7yzSOiEDeZhKHCWCnkhkbE4+y +F/dlzse/+OlPFrOUGb91BMWafk95vW0XPpx789nSpOc8wYCwWQpz1YT7f8m1T6VE +YH5T/GhcelX9RKgdQUK2r1Hqb6bOpSlloujF2E88oCTW+7mwBbllHOXZ8uz0DtQE +mBqf/AJjbjEbCVxjMqDIfcOScbVVFIF3SwIDAQABo4GEMIGBMF4GCCsGAQUFBwEB +BFIwUDBOBggrBgEFBQcwAYZCaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2V2 +X2VlX3JzYV8yMDQwLWV2X2ludF9yc2FfMjA0OC1ldnJvb3QvMB8GA1UdIAQYMBYw +FAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOCAQEACeVAAm2UDFMG +vuYyPdPhGr7DBIAbk2RHE+k/KKZvOC2AgK1USid4/lOdFVcFijDS46t97otxVYvA +NDuPj/O3uYf+Gjw4rATdiA6YTXtumOfC2nwhJ9zBSFsDLEajynStYcUtJClentys +b08EGO3cUr40aWMXZMIG4mjZhQgfTu6TJ9OlDwzexb0/L2AF8PyEd8wrO1RUTU2e +Tb3/d15AgDccaBfrEg72Mb7oDGr/QIdTgqdtLqMF9BTQRat3O6J4LRf2UMpot9Pr +j4eKG/93p+TymG6SdosjWavD5EQngZ7ihayl9xPZ7nAnPfLI43KNqVHDALxT8ROA +HNBIjUe9pw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec new file mode 100644 index 000000000..e64c651bc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec @@ -0,0 +1,5 @@ +issuer:ev_int_rsa_2048-evroot +subject:ev_ee_rsa_2040-ev_int_rsa_2048-evroot +subjectKey:rsa2040 +extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2040-ev_int_rsa_2048-evroot/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem new file mode 100644 index 000000000..4c66b2252 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYzCCAk6gAwIBAgIUX1WnK44zi+RzvEojjYi3bcyvC34wCwYJKoZIhvcNAQEL +MCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0MC1ldnJvb3QwIhgPMjAxNTExMjgw +MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlZXZfZWVfcnNhXzIw +NDgtZXZfaW50X3JzYV8yMDQwLWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY +H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk +27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9 +0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM +kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL +L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhDCBgTBeBggrBgEFBQcB +AQRSMFAwTgYIKwYBBQUHMAGGQmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9l +dl9lZV9yc2FfMjA0OC1ldl9pbnRfcnNhXzIwNDAtZXZyb290LzAfBgNVHSAEGDAW +MBQGEisGAQQB60mFGoUahRoBg3QJATALBgkqhkiG9w0BAQsDggEAAErvI4rRV3Xf +3NzWWiiryrNpibL3bYmzXsF3+jZWBobx21Qrck7nGeHAuZ7M90Aw9HdPxlIOnwNA +jHv141zXE2vntVhKUTgS4TLou8+7A5Al8azWMAj9M7fqtx1Y9b4j+NK26KEOHSF0 +8MtxEYaiQfAOZEA3m0Z60w0XyQ4ULZKUEVJkrwY7sJUSzExd2dyFVQDM5uZXN/0n +ZyGAWIj57xwxf4aXgR4y6WgBf7AZqTFc4F/YUzH9HlpRSD0uWolUB4dqNuZ2ApXZ +arj4rqV/4Pub9IAi0AmzWDZxGkQk3E4BGHkk6unVniuQlnCMNIn/uKj2PqetX9nx +k+dj1HE2ig== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec new file mode 100644 index 000000000..0b7bfd426 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec @@ -0,0 +1,5 @@ +issuer:ev_int_rsa_2040-evroot +subject:ev_ee_rsa_2048-ev_int_rsa_2040-evroot +issuerKey:rsa2040 +extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2040-evroot/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem new file mode 100644 index 000000000..3b579102a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgjCCAmygAwIBAgIUa/PALQU+SWg3PCw8ajeVDsqyk+IwCwYJKoZIhvcNAQEL +MCsxKTAnBgNVBAMMIGV2X2ludF9yc2FfMjA0OC1ldl9yb290X3JzYV8yMDQwMCIY +DzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDoxODA2BgNVBAMML2V2 +X2VlX3JzYV8yMDQ4LWV2X2ludF9yc2FfMjA0OC1ldl9yb290X3JzYV8yMDQwMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08 +E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc +1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP +DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ +gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV +YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID +AQABo4GOMIGLMGgGCCsGAQUFBwEBBFwwWjBYBggrBgEFBQcwAYZMaHR0cDovL3d3 +dy5leGFtcGxlLmNvbTo4ODg4L2V2X2VlX3JzYV8yMDQ4LWV2X2ludF9yc2FfMjA0 +OC1ldl9yb290X3JzYV8yMDQwLzAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoB +g3QJATALBgkqhkiG9w0BAQsDggEBAIol9cdHyFph1UFZIuQTdAgBr5GGyZP/9cHt +ffmjqSz4TIlZPN4+FC+yh+wC/KeZiFDWuyGtdnfADkbbuG0hzSppx8EcctiKUbwE +VnEgmX+P0nQGsdpPek8WgjZriAHJGdlFN4wJfECBgSa7SL8uwvY5VrI/4BQTRXq1 +b4fzHEZtJX5pPwoQSfHmjD6uMSK/FwTCSWNCIcA+tfwc7V31jmuc3Nz+gg5QMJFc +5vzei1jgc0o4FxoFJhKbNQzgOMMOFdrercVcdM5HkEdlkoEo3Ae9hidP9DnHUoFZ +lz9iVgvQiFoEYqa1Z1OFxmIGnzbwCCAq727elUxDZB3fnBeZeWc= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec new file mode 100644 index 000000000..a36acf887 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec @@ -0,0 +1,4 @@ +issuer:ev_int_rsa_2048-ev_root_rsa_2040 +subject:ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040 +extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem new file mode 100644 index 000000000..47d86baf5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAk6gAwIBAgIUNQdpgL87vkOZHNiFDZ66Q1FTBqMwCwYJKoZIhvcNAQEL +MCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0OC1ldnJvb3QwIhgPMjAxNTExMjgw +MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlZXZfZWVfcnNhXzIw +NDgtZXZfaW50X3JzYV8yMDQ4LWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY +H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk +27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9 +0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM +kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL +L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhDCBgTBeBggrBgEFBQcB +AQRSMFAwTgYIKwYBBQUHMAGGQmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9l +dl9lZV9yc2FfMjA0OC1ldl9pbnRfcnNhXzIwNDgtZXZyb290LzAfBgNVHSAEGDAW +MBQGEisGAQQB60mFGoUahRoBg3QJATALBgkqhkiG9w0BAQsDggEBAH9rJ2oLLQfB +e2pBzFw73x5QvhVbNl3O9gFTov/97zU8mfpdKoBjcf32d8/AvJ8qzCLve+4zlT5i +6ZNwyxZpjb/dJpgZ35dbV9+qXI14m1604r4gcmpQjLDpjgAUUI15EvBkPmCmfVP2 +biIHTPGZZrcqjVh6uCs7UdBM/WtHC8Tn+cmUJZzj5kpmK0hNk26BsW+vsXXwias5 +SxR0oW1hKA4sCoqs9VByyMujiVjVivc1HzINRtiHYdQVlEPrUsYoKFh2zYS6oi6K +wiFOzv6cLFv2j2TwBI8tD1LXjUBJA/fq8Q/8AOwZ/KUgjhz9ifV1d/FRKBqLT0Vs +l/RXjR75s38= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec new file mode 100644 index 000000000..0b34be6db --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec @@ -0,0 +1,4 @@ +issuer:ev_int_rsa_2048-evroot +subject:ev_ee_rsa_2048-ev_int_rsa_2048-evroot +extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2048-evroot/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem new file mode 100644 index 000000000..db935fd24 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUDCCAjqgAwIBAgIUdSW9+f5SZzr700VP9vbhznUgRHMwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAhMR8wHQYDVQQDDBZldl9pbnRfcnNhXzIwNDAtZXZyb290MIIBITAN +BgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQAAusBlL9+8AFWIL/uurO7Ij6LQg8KX +3V1AZk3T2Q9S+aoCvYpQ+6FuD9mRh470dfmzUNn44+sqvXF84yewl4hTHxPfjj5O +O51ha7ikHlMG7tJHIWMWEFEYASdqTrZvBzMbXLyLyucBao+bPU8qxFU8Ykz1JjvL +NI6IQN5mEocJYKeSGRsTj7IX92XOx7/46U8Ws5QZv3UExZp+T3m9bRc+nHvz2dKk +5zzBgLBZCnPVhPt/ybVPpURgflP8aFx6Vf1EqB1BQravUepvps6lKWWi6MXYTzyg +JNb7ubAFuWUc5dny7PQO1ASYGp/8AmNuMRsJXGMyoMh9w5JxtVUUgXdLAgMBAAGj +gZAwgY0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwTwYIKwYBBQUHAQEEQzBB +MD8GCCsGAQUFBzABhjNodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvZXZfaW50 +X3JzYV8yMDQwLWV2cm9vdC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0 +CQEwCwYJKoZIhvcNAQELA4IBAQAdKlRgP4yJ9q9zCdpE//xy6P9GnaT+yrmoM7CA ++sF9Jao0iM5EaF/VVYKg6sM/sBeG+RGgkIp7A3DfLXXR83a6EyXrhSLiEKOWi5xe +WY2Q/CaRd4U05p5fvFsL88hY/Wvlj/mcCNLQ2GUYsdR/OL0XK1jHVTixGxRzRsN9 +mI+6rnA8swDZ2FTNLZ3DheNxsaIDYAZwpOaRLh6NTgbP0e0t3RvzV1dKvbXRv7QI +HXV4KOdKAl5QMI43M4UhxSSszURZDxNRqlcyaVeNAenaiN3SiSng7HwVmb/jlpvp +eEoXyl/+TEZebH2yniK/lzfVr3rcXm8own5V6ZHu/jucdZFT +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec new file mode 100644 index 000000000..80be71174 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec @@ -0,0 +1,8 @@ +issuer:evroot +subject:ev_int_rsa_2040-evroot +issuerKey:ev +subjectKey:rsa2040 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2040-evroot/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key new file mode 100644 index 000000000..e9010b691 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEtwIBADANBgkqhkiG9w0BAQEFAASCBKEwggSdAgEAAoIBAAC6wGUv37wAVYgv ++66s7siPotCDwpfdXUBmTdPZD1L5qgK9ilD7oW4P2ZGHjvR1+bNQ2fjj6yq9cXzj +J7CXiFMfE9+OPk47nWFruKQeUwbu0kchYxYQURgBJ2pOtm8HMxtcvIvK5wFqj5s9 +TyrEVTxiTPUmO8s0johA3mYShwlgp5IZGxOPshf3Zc7Hv/jpTxazlBm/dQTFmn5P +eb1tFz6ce/PZ0qTnPMGAsFkKc9WE+3/JtU+lRGB+U/xoXHpV/USoHUFCtq9R6m+m +zqUpZaLoxdhPPKAk1vu5sAW5ZRzl2fLs9A7UBJgan/wCY24xGwlcYzKgyH3DknG1 +VRSBd0sCAwEAAQKB/2A9smffl1VcvthrjfNVA0ryjx638+eCnSObzCc6fHppoQvo +8h8bbEsCxrrjcxwxWLW7/0YF9Xq3t7Kgy6LsAFottbHqbgrO6lvHRdzS0OnWuA1+ +sOorwIEnvONfpQxCzEEYcbpZHiO6ajhISjPv8TR/kH7ppakqIxG7C0NVEAIPeOO7 +AAmdtNEYKSgJZQX8uoTzyhI4/R66XuofORu7zFQksWgGP8F+HKbhkSzLpE+dApIw +ih/tuAYSUps59Z0KP4GAtbogETIZf5OlgV3tk43459k8mxV2ZYjzObtZEAr9pJSn +5FLX3UyaGc4uw6M6GLIPC02t4XK+4Z8m8Ny+QQKBgA7Dhpy5LUBsrd96MZqylEi8 +UFoFkTcHhzNh/FuYakmftl7rgVp+N2h9GfEoCHKJ2buIGOe8ylAsSQCtmuzhF5vh +L/PkZ9YG/IIOqPB6yev/4iNuOBaEEgKIIj5C2+aN/ZcqhaZEflFpXyNNp5EcZ8mr +lTHzPfO5lDLU7ojJpO+7AoGADKY5NFSehf6sjg9WBDA/0YSf6Ir0t/fhITKDu8ei +wqUJ+Sc8Qoxo3j25PmFF8bQAvW1KJiYU6QQ602LU66SmuZU5nIk0o5mRIZnoQdjo +2/8EifaeZjeWcwspgFMLMctwaVohYl6irczAnZMFFvqHIhGpHiLdif2et9qFdLci +NbECgYANfTp14X9l+KZYpIXECVwQpPZpeeK3O8qc+O8hJT4frKxtR5H1g5LOhlb4 +jxJAzJDCllPjEAxtejjtRLFjsznl87bjiRISbGmzzv8uUZJCbZZJtv/KGrt10rou +1tmiaqODxZc9ViFv8u25DM+Id0Kg8YOskslM8YdldkXHdy2a1wKBgAP1UBlMEX8k +vqKFsgkFgDL0KYX/Vazr6IsW35o3UntOYdyRpo28mmRRNFKM5fJIvaKJPJbLe+ee +5zmWx8Ild/bC95BAbzRyrbOyEbfpRJTzLFxvzAl4g5/kckwxsGMYokiVZ7T8oDN6 +yxuEEieqpfbHSACiMGkp8CzgOLrZQ99BAoGACAp9v6jCWEgUxxZkxW62LOTK8Wr+ +iNRJkVnWdHdKOj7N3xJWwC/JFSXFJ2kkItCrqU5cQe4S3HG7Zvhnn6F+CW8oCAhR +ugRusxiFwUFOiYWt5ZnZB68XRT0cyuosDQZEP4Nnpr4VSxJeOQ7g2Q90bwiAHdP1 +Nn9Z+6LlpnwF83U= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec new file mode 100644 index 000000000..f488e73a9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec @@ -0,0 +1 @@ +rsa2040 diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem new file mode 100644 index 000000000..3de3f13d0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbjCCAlmgAwIBAgIUAeu/QCFxArrPIMJNFvRH8DQpIB8wCwYJKoZIhvcNAQEL +MBsxGTAXBgNVBAMMEGV2X3Jvb3RfcnNhXzIwNDAwIhgPMjAxNTExMjgwMDAwMDBa +GA8yMDE4MDIwNTAwMDAwMFowKzEpMCcGA1UEAwwgZXZfaW50X3JzYV8yMDQ4LWV2 +X3Jvb3RfcnNhXzIwNDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6 +iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr +4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP +8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI +Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ +77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J +I/pyUcQx1QOs2hgKNe2NAgMBAAGjgZowgZcwDAYDVR0TBAUwAwEB/zALBgNVHQ8E +BAMCAQYwWQYIKwYBBQUHAQEETTBLMEkGCCsGAQUFBzABhj1odHRwOi8vd3d3LmV4 +YW1wbGUuY29tOjg4ODgvZXZfaW50X3JzYV8yMDQ4LWV2X3Jvb3RfcnNhXzIwNDAv +MB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOC +AQAAGu+2My8IJ62el8ZSd8XObf5FZdc9mSKPDrUx9lbNfiYivNPW7IZ4G1Ku9ejt +KCTlBGFYeiRX80lAmnn4uqjNFyr83P2iMnTGu4A602DdZHidnrNIoukyOlrO8ve8 +OiKZ2P42nb0+XRuMUSsfVo+MqegBQJSQx6NRoJZ9xsDA+58KLL/e7hZBE9IZocMd +6IzGfGuu86CkfiJehlMFph0fkY9NaWVuthMzE8YJMOCZ6nb0ymHxKO+EqbliiyuI +lvMR3i1WfDPF0YN4/YILt+72hFDqI8EvFYl9xqXkkOtkLVArVDMvhrdHWJOeV8n4 +5Lyiu5+Iy63klHNJxlfx7tWh +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec new file mode 100644 index 000000000..5bc5674b2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec @@ -0,0 +1,7 @@ +issuer:ev_root_rsa_2040 +subject:ev_int_rsa_2048-ev_root_rsa_2040 +issuerKey:evRSA2040 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2048-ev_root_rsa_2040/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem new file mode 100644 index 000000000..28ef9a63f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUTCCAjugAwIBAgIUIUhiWxj3v86Cc27pFN9+AFjY11owCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1 +MDAwMDAwWjAhMR8wHQYDVQQDDBZldl9pbnRfcnNhXzIwNDgtZXZyb290MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq +5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc +An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39 +ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk +zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u +JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB +o4GQMIGNMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGME8GCCsGAQUFBwEBBEMw +QTA/BggrBgEFBQcwAYYzaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2V2X2lu +dF9yc2FfMjA0OC1ldnJvb3QvMB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqFGgGD +dAkBMAsGCSqGSIb3DQEBCwOCAQEAkDJICQpDQGnSlRP4irr/shKc0CdSlp/Ub/zl +pJ9g218t/mCjQKcWJakb2ClzFJq3FJvpLB9h1gy9b1bZ3sVtGW8DvFI0XRztmNXN +3hNHQLAPr6oz9bl4OYUzbp7yYjMmkm1bnZQPhlQx5R8tIlFOZJP2vh98fUZSY9kh +WWrqaUQNZckvGYvJLOa9fhxesrDYuY05WZH0E2JUC5V7v7gP7NvkW8/5yc/82af8 +xqNGWic+9+wmHA7J5PpW/owqKOe35WpQOclafg42XH/3qT5bLms6+X2iV3Ys3SuB +qmFU9n5zMCvDn4r4sPSYuaq8q3QNTNcT4inos++rfHtFyjWhjQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec new file mode 100644 index 000000000..a0cb6250d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:ev_int_rsa_2048-evroot +issuerKey:ev +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2048-evroot/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key new file mode 100644 index 000000000..8af23e068 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs +VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s +JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI +r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz +iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg +SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R +TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N +gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp +xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r +ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR +3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY +EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs +2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb +WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo +tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl +rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2 +TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit +tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m +ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1 +NBinA5ZsT8d0v3QCr2xDJH9D +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec new file mode 100644 index 000000000..4ad96d515 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec @@ -0,0 +1 @@ +default diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key new file mode 100644 index 000000000..bb8708bfd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEuQIBADANBgkqhkiG9w0BAQEFAASCBKMwggSfAgEAAoIBAADKcCDcIV9XkU00 +P65KAVERaXr5l6Xs6RhmSZ/CPxuIoRjL0wsQ2Rx7mg1O6JcvyuVsr1fyX8EnWipN +vLmCQowy71h78jh0EDMKD/sWuAKb14OWnvZ19t44wY9nGTy2wHL4sj0LM3QRJiel +e5AFV3HZ5iYD9TeI1/Y6+nJPXRCAlt8x+J8msetffENXmA4Aj81V2CfdJiOVyi9S +ageJfMQMWTs4cW68DKpZZxnG8prJtzp6lEdIo6o+CenrTUYeoAJ+VAkmYUcoudJD +l1z5oFQb79JedrUflREQsOdkT8fjhEF5G20iJzhMuABOIzQjcrHPXMPnPjG3u++h +YOaGLrsCAwEAAQKCAQAAstt0vOkjYqv3KVWmOK6HILowM7t/lxyvORiNdULqocGr +tdIFseIRH0eRwIkRouFB6M/XBUcC0jEAtWQsBuGjGxGK/R+aLzlsztQlxQHZFDXK +hlZ2bO0rk7u4Zp/Om6zXJ9Hayz2vq8MpPjU4nu+OoLWOGusaIOamH5/NRT91Z/4x +0SO2FqJv703x1sn3SQER0Cju/R2XIEWxokInPdemfr8RHbJ0GlqTx7IonMSiNvWp +mm7HqCBv2uHB0EvbsZgNSimMWhfa5BhkdKX3g12IK87ySu9O1vFJ+U2WyffXjmR/ +x3ipAX/yCNO0oXaLGCFiECzasDL6u6s41SAKMkZJAoGADzhE0NTU1qIazXam/DcL +hVDh1+xaYjQXLnkPACmuZR9tXFkzCrGYArnXogfeeh+3eON3T9vcQRdQYz2NGz/g +dQBv/P0dEOdjx6kifS1fDC2t4cnmWcNQoVnTa7mG8SY21PmUKyiLwP4h2oeZR3Fz +FEJJyi44nmxcJap4yMrX1N8CgYANTQvt0ZYvB6Hq1rI6TtZ66vEnDwUqbSm6B0lF +xjYaXE+PB7+FngZ67T9ObjI+8qqKas00CwvcfP5P0ynjyX+HDH93NXksaqnQ9+dU +KijtbwGw5VorjZwkplxtoxTJVIT1x8OVSoG7AWsH7RfumwYDlpW8oFmnn43CQj0y +jVJlpQKBgAnymi/wW+ipbWFLoxsIk1QgqGxrxCuZpmkuoNpXY/AeWWlZt93Oc++c +Lk9uW0BxCIdQDUS6DDzTEyy6J0dfOcLfdVLi0SOiSXpPlwZAKHaaSKNiRlf3K/U5 +89DeI0/szTvooKqQxr9umwvtQwcKJNBh/z7RdRo+8v9/a5C529X7AoGAAaZZ4XDK +wSCgO+HPj53xyqNTsDWTvXR25YU72HTChziGAcbDQc6dHShKXu8aOmadMrgWpers +2LeET+BwZLm8oMKzGNVAJ3s/fxUQ04a7NuA7BHceXSKeiIk+E7dTv7lFGLtjjiQE +vW5qmTwWaNk/wLgv8IqvNDR9P+g5cQjIfKUCgYAEAlfA1KIcC5hDKXxlZS22YwT7 +Jjdz1yi2q/oG03rAymLGKAI+CeN9wKkB5M4SJBgOJYKjqktqGnuY4r1wB3rsFKyK +tmp1XHHg/BAkcfm7wbRqlaoLZF8sOOdkUCiWGeo/XormEDe//PgknyKqTnbioBkJ +8/6ykM6T7fV7EOvnlg== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec new file mode 100644 index 000000000..a85e16858 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec @@ -0,0 +1 @@ +evRSA2040 diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem new file mode 100644 index 000000000..e8640696e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3zCCAcqgAwIBAgIUP1iIBgxk6kH+x64EUBTV3qoHuaswCwYJKoZIhvcNAQEL +MBsxGTAXBgNVBAMMEGV2X3Jvb3RfcnNhXzIwNDAwIhgPMjAxNTAxMDEwMDAwMDBa +GA8yMDM1MDEwMTAwMDAwMFowGzEZMBcGA1UEAwwQZXZfcm9vdF9yc2FfMjA0MDCC +ASEwDQYJKoZIhvcNAQEBBQADggEOADCCAQkCggEAAMpwINwhX1eRTTQ/rkoBURFp +evmXpezpGGZJn8I/G4ihGMvTCxDZHHuaDU7oly/K5WyvV/JfwSdaKk28uYJCjDLv +WHvyOHQQMwoP+xa4ApvXg5ae9nX23jjBj2cZPLbAcviyPQszdBEmJ6V7kAVXcdnm +JgP1N4jX9jr6ck9dEICW3zH4nyax6198Q1eYDgCPzVXYJ90mI5XKL1JqB4l8xAxZ +OzhxbrwMqllnGcbymsm3OnqUR0ijqj4J6etNRh6gAn5UCSZhRyi50kOXXPmgVBvv +0l52tR+VERCw52RPx+OEQXkbbSInOEy4AE4jNCNysc9cw+c+Mbe776Fg5oYuuwID +AQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsD +ggEAAKNwPHDMqBevLghX34q3XuZSQuR4ZTmYBA/f79+1eGM9ljJFyVVYNPPu8a1u +ePKCZrsrc7H8PqQTyg87XlLi9gwkERZqL1DDKI9LQEf7AK7eA1fgpabc4b/YARQf +06bd+bRMUjEf5ZS0DaGib3GgOC4HU9L9tFfvxLI0CyZkQQoMcWWNEd0iQEp+0hBX +Pt8avMmO7IrAkcXroLBYtFdU0nf3OQlCBAHMOupWo/cguPoQO62+dVgz5O/msMQk +tYpgwH126xnWGP5+pjHmjssycbBLOJgCU2gvQa8aGM7tFvAUGiflsQIGgx8c9aBG +jhTdA+xV2I+gY8rv98s2Dr5gMQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec new file mode 100644 index 000000000..fd1ade8de --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec @@ -0,0 +1,7 @@ +issuer:ev_root_rsa_2040 +subject:ev_root_rsa_2040 +issuerKey:evRSA2040 +subjectKey:evRSA2040 +validity:20150101-20350101 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key new file mode 100644 index 000000000..a756a0705 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh ++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU +dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H +cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y +1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t +oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ +5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB +0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+ ++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE +vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9 +HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE +MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V +vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV +7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH +lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V +jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv +nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui +p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ +zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v +4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA +hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C +pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV +bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3 +mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j +LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf +UVFRDKpassHG6z7+kpXRbowlyRY= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec new file mode 100644 index 000000000..1a3d76a55 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec @@ -0,0 +1 @@ +ev diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem new file mode 100644 index 000000000..cd2fd7ed8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx +MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ +OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh +uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94 +rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu +iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY +UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB +Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP +gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn +8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9 +I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3 +91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22 +fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+ +3g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec new file mode 100644 index 000000000..3121f3486 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:evroot +subjectKey:ev +issuerKey:ev +validity:20150101-20350101 +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/moz.build b/security/manager/ssl/tests/unit/test_keysize_ev/moz.build new file mode 100644 index 000000000..85dc78a3c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_keysize_ev/moz.build @@ -0,0 +1,31 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem', +# 'ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem', +# 'ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem', +# 'ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem', +# 'ev_int_rsa_2040-evroot.pem', +# 'ev_int_rsa_2048-ev_root_rsa_2040.pem', +# 'ev_int_rsa_2048-evroot.pem', +# 'ev_root_rsa_2040.pem', +# 'evroot.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) +# +#test_keys = ( +# 'ev_int_rsa_2040.key', +# 'ev_int_rsa_2048.key', +# 'ev_root_rsa_2040.key', +# 'evroot.key', +#) +# +#for test_key in test_keys: +# GeneratedTestKey(test_key) diff --git a/security/manager/ssl/tests/unit/test_local_cert.js b/security/manager/ssl/tests/unit/test_local_cert.js new file mode 100644 index 000000000..937c0432b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_local_cert.js @@ -0,0 +1,83 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const certService = Cc["@mozilla.org/security/local-cert-service;1"] + .getService(Ci.nsILocalCertService); + +const gNickname = "local-cert-test"; + +function run_test() { + // Need profile dir to store the key / cert + do_get_profile(); + // Ensure PSM is initialized + Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports); + run_next_test(); +} + +function getOrCreateCert(nickname) { + return new Promise((resolve, reject) => { + certService.getOrCreateCert(nickname, { + handleCert: function(c, rv) { + if (rv) { + reject(rv); + return; + } + resolve(c); + } + }); + }); +} + +function removeCert(nickname) { + return new Promise((resolve, reject) => { + certService.removeCert(nickname, { + handleResult: function(rv) { + if (rv) { + reject(rv); + return; + } + resolve(); + } + }); + }); +} + +add_task(function* () { + // No master password, so no prompt required here + ok(!certService.loginPromptRequired); + + let certA = yield getOrCreateCert(gNickname); + equal(certA.nickname, gNickname); + + // Getting again should give the same cert + let certB = yield getOrCreateCert(gNickname); + equal(certB.nickname, gNickname); + + // Should be matching instances + ok(certA.equals(certB)); + + // Check a few expected attributes + ok(certA.isSelfSigned); + equal(certA.certType, Ci.nsIX509Cert.USER_CERT); + + // New nickname should give a different cert + let diffNameCert = yield getOrCreateCert("cool-stuff"); + ok(!diffNameCert.equals(certA)); + + // Remove the cert, and get a new one again + yield removeCert(gNickname); + let newCert = yield getOrCreateCert(gNickname); + ok(!newCert.equals(certA)); + + // Drop all cert references and GC + let serial = newCert.serialNumber; + certA = certB = diffNameCert = newCert = null; + Cu.forceGC(); + Cu.forceCC(); + + // Should still get the same cert back + let certAfterGC = yield getOrCreateCert(gNickname); + equal(certAfterGC.serialNumber, serial); +}); diff --git a/security/manager/ssl/tests/unit/test_logoutAndTeardown.js b/security/manager/ssl/tests/unit/test_logoutAndTeardown.js new file mode 100644 index 000000000..2bf8855fe --- /dev/null +++ b/security/manager/ssl/tests/unit/test_logoutAndTeardown.js @@ -0,0 +1,55 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +do_get_profile(); + +function connect_and_teardown() { + let socketTransportService = + Cc["@mozilla.org/network/socket-transport-service;1"] + .getService(Ci.nsISocketTransportService); + + let tearDown = false; + + let reader = { + onInputStreamReady: function(stream) { + throws(() => stream.available(), /NS_ERROR_FAILURE/, + "stream should be in an error state"); + ok(tearDown, "A tear down attempt should have occurred"); + run_next_test(); + } + }; + + let sink = { + onTransportStatus: function(transport, status, progress, progressmax) { + if (status == Ci.nsISocketTransport.STATUS_CONNECTED_TO) { + // Try to logout and tear down the secure decoder ring. + // This should close and stream and notify the reader. + // The test will time out if this fails. + tearDown = true; + Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing) + .logoutAndTeardown(); + } + } + }; + + Services.prefs.setCharPref("network.dns.localDomains", + "ocsp-stapling-none.example.com"); + let transport = socketTransportService.createTransport( + ["ssl"], 1, "ocsp-stapling-none.example.com", 8443, null); + transport.setEventSink(sink, Services.tm.currentThread); + + let inStream = transport.openInputStream(0, 0, 0) + .QueryInterface(Ci.nsIAsyncInputStream); + inStream.asyncWait(reader, Ci.nsIAsyncInputStream.WAIT_CLOSURE_ONLY, 0, + Services.tm.currentThread); +} + +function run_test() { + add_tls_server_setup("OCSPStaplingServer", "ocsp_certs"); + add_test(connect_and_teardown); + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_name_constraints.js b/security/manager/ssl/tests/unit/test_name_constraints.js new file mode 100644 index 000000000..e75c89740 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints.js @@ -0,0 +1,63 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +// This test tests two specific items: +// 1. Are name constraints properly enforced across the entire constructed +// certificate chain? This makes use of a certificate hierarchy like so: +// - (trusted) root CA with permitted subtree dNSName example.com +// - intermediate CA with permitted subtree dNSName example.org +// a. end-entity with dNSNames example.com and example.org +// (the first entry is allowed by the root but not by the intermediate, +// and the second entry is allowed by the intermediate but not by the +// root) +// b. end-entity with dNSName example.com (not allowed by the intermediate) +// c. end-entity with dNSName examle.org (not allowed by the root) +// d. end-entity with dNSName example.test (not allowed by either) +// All of these cases should fail to verify with the error that the +// end-entity is not in the name space permitted by the hierarchy. +// +// 2. Are externally-imposed name constraints properly enforced? This makes use +// of a certificate hierarchy rooted by a certificate with the same DN as an +// existing hierarchy that has externally-imposed name constraints (DCISS). + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function certFromFile(name) { + return constructCertFromFile(`test_name_constraints/${name}.pem`); +} + +function loadCertWithTrust(certName, trustString) { + addCertFromFile(certdb, `test_name_constraints/${certName}.pem`, + trustString); +} + +function checkCertNotInNameSpace(cert) { + checkCertErrorGeneric(certdb, cert, SEC_ERROR_CERT_NOT_IN_NAME_SPACE, + certificateUsageSSLServer); +} + +function checkCertInNameSpace(cert) { + checkCertErrorGeneric(certdb, cert, PRErrorCodeSuccess, + certificateUsageSSLServer); +} + +function run_test() { + // Test that name constraints from the entire certificate chain are enforced. + loadCertWithTrust("ca-example-com-permitted", "CTu,,"); + loadCertWithTrust("int-example-org-permitted", ",,"); + checkCertNotInNameSpace(certFromFile("ee-example-com-and-org")); + checkCertNotInNameSpace(certFromFile("ee-example-com")); + checkCertNotInNameSpace(certFromFile("ee-example-org")); + checkCertNotInNameSpace(certFromFile("ee-example-test")); + + // Test that externally-imposed name constraints are enforced (DCISS tests). + loadCertWithTrust("dciss", "CTu,,"); + checkCertInNameSpace(certFromFile("NameConstraints.dcissallowed")); + checkCertNotInNameSpace(certFromFile("NameConstraints.dcissblocked")); +} diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem new file mode 100644 index 000000000..9eb316736 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUzCCAj2gAwIBAgIUayXt32lO6eul4Qcp7fVRAg5vETEwCwYJKoZIhvcNAQEL +MIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJp +czEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlH +Qy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAiGA8yMDE1 +MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjBBMQswCQYDVQQGEwJVUzELMAkG +A1UECAwCQ0ExDDAKBgNVBAoMA0ZvbzEXMBUGA1UEAwwOZm9vLmV4YW1wbGUuZnIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ +PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH +9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw +4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86 +exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0 +ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N +AgMBAAEwCwYJKoZIhvcNAQELA4IBAQBUTnm4u9mzMIaSUdrQ+pSM0dtQAP/7b93e +/fpICLB65fjxUxQMvRG65i4vn6HG+FFbDi/n/kURSN8r1VItjq+QUK55VL/F7bh7 +6P9xi4o1h6qb4tiXKb3YE2D7+zRENWGvTidDV1u3e2Tfuu0pu0NkD5PUvb0dtScW +LvruBaJdRJgx9z1BIYN5uqQhOa4hHV46z7hAVyJyhsdwRO3NG/OYFmdlcIUTwcvF +Qb+YgeviFlLdqRqt4vxT54Ko3GGqx2l609PZslD3F9vcP31n/VbowU256HSTjral +DL9dS/KG2XFWySC9vrFjyLx8eR9SOMfasCIG835f81YI2E7UjGBH +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec new file mode 100644 index 000000000..1a02a0cc1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec @@ -0,0 +1,2 @@ +issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr +subject:/C=US/ST=CA/O=Foo/CN=foo.example.fr diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem new file mode 100644 index 000000000..044a8205d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVDCCAj6gAwIBAgIUB0a84yh5MqyYUB0tMRJgU70UqzEwCwYJKoZIhvcNAQEL +MIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJp +czEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlH +Qy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAiGA8yMDE1 +MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjBCMQswCQYDVQQGEwJVUzELMAkG +A1UECAwCQ0ExDDAKBgNVBAoMA0ZvbzEYMBYGA1UEAwwPZm9vLmV4YW1wbGUuY29t +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2 +ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF +h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n +cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv +OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj +tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt +jQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAmvWg9zOGlCX5ZjPFoX0wpfQ2pSAPsbv9 +sC4uDLBQj6Tx/bmm5JRI3p/+hceC+y5gVmA30dOBVAGm9Bzj/M7tY1+eYH9fXnhO +asM3onOEAd7R26Dztl3/RaKIZzIDALc/0fOeCHfRKmh5Ao/9MHIBH8vyyCvyHRZV +ixaX5zhSA6u8PrC36Hwbu40LNaVgV/S7xWiE5bAOT4zhS61C+Sjji0wmK9vgEgCT +8e3UFCWEGgr6zavD0E5dvZIbyM8q8TMdTe5FDV9e1Jivk2WcDli39eYiOhyglqaF +PZ4pRuvNO2+2VJxakjzfrTeQA7k/ZWX6ljwFSMypgEm/m7HC8BQ7qQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec new file mode 100644 index 000000000..eabee87e8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec @@ -0,0 +1,2 @@ +issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr +subject:/C=US/ST=CA/O=Foo/CN=foo.example.com diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem new file mode 100644 index 000000000..a82688fd8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDTCCAfegAwIBAgIUadTGcLSWi68lBexbnxxJdH4o7S4wCwYJKoZIhvcNAQEL +MCMxITAfBgNVBAMMGGNhLWV4YW1wbGUtY29tLXBlcm1pdHRlZDAiGA8yMDE1MTEy +ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhjYS1leGFtcGxl +LWNvbS1wZXJtaXR0ZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6 +iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr +4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP +8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI +Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ +77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J +I/pyUcQx1QOs2hgKNe2NAgMBAAGjOTA3MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD +AgEGMBoGA1UdHgQTMBGgDzANggtleGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEB +ABqsSZFz9PEgN6+qyElJbM3P/NEy4HSfNOybDbKspySnBlYC9cZXgY3EJ0FSeKSQ +hDM9CvMKtAhTJjj9PDQHnh0jevD0USO6riqkkENo+c3tL8cAZbLT8oPe4Q52PRii +Yqi4XZiigtQmLxdyS4ryuSvhRs0IcNDqp7f23uLgGQpv7GUpoc4hg14JxIW1Bz42 +x60m+jTVMkpHj01uUJ9J4bTDoxLjjPI6ED/lXaccJCpl3smMPErEKM3K6LBfL6g7 +r+IkdTAhsQmPgnhi07SSV34ZXto8cpjSpJDl3LKBUmHF82XqJNHxwYZ7VjwnSc5c +9sw3hmmmt7Su7dEeScCKPW0= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec new file mode 100644 index 000000000..1cc3c1d81 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca-example-com-permitted +subject:ca-example-com-permitted +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:nameConstraints:permitted:example.com diff --git a/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem new file mode 100644 index 000000000..2d8fc903a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtzCCAqGgAwIBAgIUfbbH+o/snQqIZa44UsC8vi+3+EgwCwYJKoZIhvcNAQEL +MIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJp +czEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlH +Qy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAiGA8yMDE1 +MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjCBhTELMAkGA1UEBhMCRlIxDzAN +BgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMFUGFyaXMxEDAOBgNVBAoTB1BNL1NHRE4x +DjAMBgNVBAsTBURDU1NJMQ4wDAYDVQQDEwVJR0MvQTEjMCEGCSqGSIb3DQEJARYU +aWdjYUBzZ2RuLnBtLmdvdXYuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG +m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr +bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4 +SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3 +/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z +FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYD +VR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAHyAZhHXZ7L+pJAMKXiMpxLf+bt8w +3EfZ+y7htjiDsDLLB9T3A/zj0V2LlVGJ8RfQOT690czYqidFL7bQayJuC5S1MBxt +Q6W0GsHHVR2v/uCPFntzVhKFSeGyao+V2t/ZTYQ4MIiZTRkK0QWGL2XFGjRhfGMf +6WDBjnndyVg0fXnvlYTCfZFp7yZ9pkdS3kgLTfq4PAknm9eU/bJ+DjHedGb6GWY3 +X0+xXw2u6Td1UdupliEOX6mGC7P3E6g8Dmrxn36OiKeh3kHmVIyyUrpLI/XM67B8 +9RG2d7e8gBlKKSwcwynM/snRco9AWgiaSZEmmb2a9+FQ/qGwtZVwvgkAuQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec new file mode 100644 index 000000000..5d53706bc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec @@ -0,0 +1,4 @@ +issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr +subject:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem new file mode 100644 index 000000000..d0442e004 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeSgAwIBAgIUaRmgL0d90KT16jbz/DDS4TvGvwEwCwYJKoZIhvcNAQEL +MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx +MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowITEfMB0GA1UEAwwWZWUtZXhhbXBs +ZS1jb20tYW5kLW9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI +UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi +r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x +fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD +7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv +uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj ++nJRxDHVA6zaGAo17Y0CAwEAAaMnMCUwIwYDVR0RBBwwGoILZXhhbXBsZS5jb22C +C2V4YW1wbGUub3JnMAsGCSqGSIb3DQEBCwOCAQEAnnaFdrE6UGQCmCtMEhHicq9Y +NE/TGItWvGqP+iU/7+fpTRF5TvrB9mieRPZgU2FQPbHbVs4f3Akaiv7gwnBdE6+d +HL0v7qoVSGofmZh9GbE+i3kqXSyylOFhjCuQ92+5lMIQ/hxumyUuQSfw/SRs5I2c +l7otGokpxOqRfw9oFusF1AccSm0ynVbdanjfMZFBc0Hwfy4qYXGqP1AmiNJgjves +MEjCfwsoFv4Y23CSdTBduo5P6JzLS2Ay99NTG1UOto+UIDSZwIylSjphc0XOMJ2+ +TbbCo9XHmhWN8i9xw0anSOXvz66yWFBbtuvjPweHAOoSWsqdQ5GoReoqqF5xSw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec new file mode 100644 index 000000000..904ca6595 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec @@ -0,0 +1,3 @@ +issuer:int-example-org-permitted +subject:ee-example-com-and-org +extension:subjectAlternativeName:example.com,example.org diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem new file mode 100644 index 000000000..fad336b1c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAc+gAwIBAgIUGQSGboQn0O+dvd3cf/FaobEeoiEwCwYJKoZIhvcNAQEL +MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx +MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGTEXMBUGA1UEAwwOZWUtZXhhbXBs +ZS1jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAsGCSqGSIb3 +DQEBCwOCAQEAP24kpBxa9l3+LpfmIc4UsSpXvY+DGt5bjM0TzuNHR6FMQhLnYdF1 +0Lbl6TYFd62kA2GANMGkLImIGJCP9XEEJYF0lQQ3w06rofsnEVbrraF0UjhyMSdt ++IBWwn/ZD37/D2iYUXInEWLNsiTe/ggrfk4VCy48l40toW0CdW0xTorYHrmtTmcg +Ie7i6ODcA7avSdsw/mbZqbSqNHBdDnydUgkwZUJKlp2DH85MoVrHcNVW6mVlRZ96 +I31+EyLS5NlYb1e4CiEo2uvhvrAxeDw9mvNKWrV4BXc58vq8N48/r83lBdV09OyP +tymoRevjFD3M5fcR8VzXVg/diItDZ15fUw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec new file mode 100644 index 000000000..46630c4a1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec @@ -0,0 +1,3 @@ +issuer:int-example-org-permitted +subject:ee-example-com +extension:subjectAlternativeName:example.com diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem new file mode 100644 index 000000000..7e366f8ca --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAc+gAwIBAgIUcZBzsxoUEYUZlsKZQdyvAEhTgaswCwYJKoZIhvcNAQEL +MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx +MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGTEXMBUGA1UEAwwOZWUtZXhhbXBs +ZS1vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUub3JnMAsGCSqGSIb3 +DQEBCwOCAQEAJwtc0BV1zdS6BO2he4SbTeDvHxkNqlkgRbrcT5kSgQgqlH6rcnoe +QHrIsbGeHBoWJKI2tsmeKkGyswPsxyktEXKLb53J8EGpc72XwazhTFQTKCfLeB0n +GlYfdI65ipwnqo46Juj6WHcFjf964eNhVLBun/535CcT5I7Y8bVDDakSkAfdxY8k +JjRVe73yAt7pjpQ70Gq39tiuMD16pJ8+M6FJvbYKFmelhWcusRo56fJsx4jkN0zo +I75MJ1cjr+UL1ixMVXjj5WQzZw+Ec+SBAL4fR8JTkkdjRNJTWB5Pr1eH4xa6vQsB +wc3PCSdU0y80ihL2AcxNKZiOVAftJM9lIw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec new file mode 100644 index 000000000..6a24090e5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec @@ -0,0 +1,3 @@ +issuer:int-example-org-permitted +subject:ee-example-org +extension:subjectAlternativeName:example.org diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem new file mode 100644 index 000000000..0b65d0f3d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5zCCAdGgAwIBAgIUVQNQFeYcunS/xUPvzDd6P51z7PEwCwYJKoZIhvcNAQEL +MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx +MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPZWUtZXhhbXBs +ZS10ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB +/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRx +CHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMC +OosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdm +Wqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGz +ey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUD +rNoYCjXtjQIDAQABoxswGTAXBgNVHREEEDAOggxleGFtcGxlLnRlc3QwCwYJKoZI +hvcNAQELA4IBAQAcdgKZ3Dp2Q6EMCWw+5VgzS2lEwf+LgxwNWLKnI0sX1YYuP3oq +6t+UMcYelMwaYISXy+v8ZCrey1nJidjuRZHigQun7aqnQ4ugyPATbCrO/3eJZ6K0 +JVDPCt8hYSrogDWGG3KqX5z0lyjcWMGSDL+z6sWxLneOIdNFD6WsY8leM1jbaGD6 +fTJyHzaJ7m2kvp67Doqb8XzMlAY3nX3S/qD/mW0fO/IOAmogVZgG/5KbyQeJC0uu +qoFmeRFoAuoNhRY2XuHh4I3OQCRtUGujNeC9AzVUQGI69saKvq96W/M5ij9JKfnP +K6woylFDR67heaevocc4EcbSE7Y4e2LUURtL +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec new file mode 100644 index 000000000..0926ce477 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec @@ -0,0 +1,3 @@ +issuer:int-example-org-permitted +subject:ee-example-test +extension:subjectAlternativeName:example.test diff --git a/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem new file mode 100644 index 000000000..4f12c9a61 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDjCCAfigAwIBAgIUa0ZhHpbuqgjJTZfVUN+proqgaCQwCwYJKoZIhvcNAQEL +MCMxITAfBgNVBAMMGGNhLWV4YW1wbGUtY29tLXBlcm1pdHRlZDAiGA8yMDE1MTEy +ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAkMSIwIAYDVQQDDBlpbnQtZXhhbXBs +ZS1vcmctcGVybWl0dGVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby +a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC +D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT +iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT +Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+ +SSP6clHEMdUDrNoYCjXtjQIDAQABozkwNzAMBgNVHRMEBTADAQH/MAsGA1UdDwQE +AwIBBjAaBgNVHR4EEzARoA8wDYILZXhhbXBsZS5vcmcwCwYJKoZIhvcNAQELA4IB +AQB1roD4dkWf/+8VEomThWmJaQiemqbSpv1T2pwy7dp/FhmqSHuJMYjL+2Whh8Nd +j/b2fC9TAB3Q02WgF4ZCt53rr2wztO5JWel3uEZRlt5AIXJNkSYjfYuSoKcvntWS +aenDy8+HTFZ4XqItv4qpRBCo/qguiohJ7wjPPCOuG/LFNgJdssC7TNHwhuPdnqCr +B4EGFo6swUA4zJqS4kJdMQHnyhDRT0hVNSZF0Ql19bF69M9obqfrFbCMvuTj2kxo +7hCG0C+Ws4bL+EA2ohjwPXgkFZcph/MRhLAa5U9s8G3TFLuJvOGZ6CAaSfQCJoAG +nzgVDB82G7c1g67m186RSXzt +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec new file mode 100644 index 000000000..87e2cf8a5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca-example-com-permitted +subject:int-example-org-permitted +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:nameConstraints:permitted:example.org diff --git a/security/manager/ssl/tests/unit/test_name_constraints/moz.build b/security/manager/ssl/tests/unit/test_name_constraints/moz.build new file mode 100644 index 000000000..3eb064111 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_name_constraints/moz.build @@ -0,0 +1,21 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'NameConstraints.dcissallowed.pem', +# 'NameConstraints.dcissblocked.pem', +# 'ca-example-com-permitted.pem', +# 'int-example-org-permitted.pem', +# 'ee-example-com-and-org.pem', +# 'ee-example-com.pem', +# 'ee-example-org.pem', +# 'ee-example-test.pem', +# 'dciss.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_nsCertType.js b/security/manager/ssl/tests/unit/test_nsCertType.js new file mode 100644 index 000000000..2e378541d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_nsCertType.js @@ -0,0 +1,28 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// +// While the Netscape certificate type extension is not a standard and has been +// discouraged from use for quite some time, it is still encountered. Thus, we +// handle it slightly differently from other unknown extensions. +// If it is not marked critical, we ignore it. +// If it is marked critical: +// If the basic constraints and extended key usage extensions are also +// present, we ignore it, because they are standardized and should convey the +// same information. +// Otherwise, we reject it with an error indicating an unknown critical +// extension. + +"use strict"; + +function run_test() { + do_get_profile(); + add_tls_server_setup("BadCertServer", "bad_certs"); + add_connection_test("nsCertTypeNotCritical.example.com", PRErrorCodeSuccess); + add_connection_test("nsCertTypeCriticalWithExtKeyUsage.example.com", + PRErrorCodeSuccess); + add_connection_test("nsCertTypeCritical.example.com", + SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION); + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js b/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js new file mode 100644 index 000000000..f35f5d97b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js @@ -0,0 +1,49 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// This file tests the nsIX509CertValidity implementation. + +function fuzzyEqual(attributeName, dateString, expectedTime) { + do_print(`${attributeName}: ${dateString}`); + let absTimeDiff = Math.abs(expectedTime - Date.parse(dateString)); + const ONE_DAY_IN_MS = 24 * 60 * 60 * 1000; + lessOrEqual(absTimeDiff, ONE_DAY_IN_MS, + `Time difference for ${attributeName} should be <= one day`); +} + +function run_test() { + // Date.parse("2013-01-01T00:00:00Z") + const NOT_BEFORE_IN_MS = 1356998400000; + // Date.parse("2014-01-01T00:00:00Z") + const NOT_AFTER_IN_MS = 1388534400000; + let cert = constructCertFromFile("bad_certs/expired-ee.pem"); + + equal(cert.validity.notBefore, NOT_BEFORE_IN_MS * 1000, + "Actual and expected notBefore should be equal"); + equal(cert.validity.notAfter, NOT_AFTER_IN_MS * 1000, + "Actual and expected notAfter should be equal"); + + // The following tests rely on the implementation of nsIX509CertValidity + // providing long formatted dates to work. If this is not true, a returned + // short formatted date such as "12/31/12" may be interpreted as something + // other than the expected "December 31st, 2012". + // + // On Android, the implementation of nsIDateTimeFormat currently does not + // return a long formatted date even if it is asked to. This, combined with + // the reason above is why the following tests are disabled on Android. + if (AppConstants.platform != "android") { + fuzzyEqual("notBeforeLocalTime", cert.validity.notBeforeLocalTime, + NOT_BEFORE_IN_MS); + fuzzyEqual("notBeforeLocalDay", cert.validity.notBeforeLocalDay, + NOT_BEFORE_IN_MS); + fuzzyEqual("notBeforeGMT", cert.validity.notBeforeGMT, NOT_BEFORE_IN_MS); + + fuzzyEqual("notAfterLocalTime", cert.validity.notAfterLocalTime, + NOT_AFTER_IN_MS); + fuzzyEqual("notAfterLocalDay", cert.validity.notAfterLocalDay, + NOT_AFTER_IN_MS); + fuzzyEqual("notAfterGMT", cert.validity.notAfterGMT, NOT_AFTER_IN_MS); + } +} diff --git a/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js b/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js new file mode 100644 index 000000000..b4b0d6f37 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js @@ -0,0 +1,70 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// Checks that various nsIX509Cert attributes correctly handle UTF-8. + +do_get_profile(); // Must be called before getting nsIX509CertDB +const certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function run_test() { + let cert = certDB.constructX509FromBase64( + "MIIF3DCCBMSgAwIBAgIEAJiZbzANBgkqhkiG9w0BAQUFADCCAQ0xYTBfBgNVBAMM" + + "WEkuQ0EgLSBRdWFsaWZpZWQgcm9vdCBjZXJ0aWZpY2F0ZSAoa3ZhbGlmaWtvdmFu" + + "w70gY2VydGlmaWvDoXQgcG9za3l0b3ZhdGVsZSkgLSBQU0VVRE9OWU0xCzAJBgNV" + + "BAYTAkNaMS8wLQYDVQQHDCZQb2R2aW5uw70gbWzDvW4gMjE3OC82LCAxOTAgMDAg" + + "UHJhaGEgOTEsMCoGA1UECgwjUHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRh" + + "IGEucy4xPDA6BgNVBAsMM0FrcmVkaXRvdmFuw70gcG9za3l0b3ZhdGVsIGNlcnRp" + + "ZmlrYcSNbsOtY2ggc2x1xb5lYjAeFw0wMjEyMTIxMzMzNDZaFw0wMzEyMTIxMzMz" + + "NDZaMIIBFDELMAkGA1UEBhMCQ1oxHzAdBgNVBAMeFgBMAHUAZAEbAGsAIABSAGEB" + + "YQBlAGsxGTAXBgNVBAgeEABWAHkAcwBvAQ0AaQBuAGExLzAtBgNVBAceJgBQAGEA" + + "YwBvAHYALAAgAE4A4QBkAHIAYQF+AG4A7QAgADcANgA5MSUwIwYJKoZIhvcNAQkB" + + "FhZsdWRlay5yYXNla0BjZW50cnVtLmN6MRMwEQYDVQQqHgoATAB1AGQBGwBrMQ0w" + + "CwYDVQQrHgQATABSMR8wHQYDVQQpHhYATAB1AGQBGwBrACAAUgBhAWEAZQBrMRMw" + + "EQYDVQQEHgoAUgBhAWEAZQBrMRcwFQYDVQQFEw5JQ0EgLSAxMDAwMzc2OTCBnzAN" + + "BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxc7dGd0cNlHZ7tUUl5k30bfYlY3lnOD0" + + "49JGbTXSt4jNFMRLj6s/777W3kcIdcIwdKxjQULBKgryDvZJ1DAWp2TwzhPDVYj3" + + "sU4Niqb7mOUcp/4ckteUxGF6FmXtJR9+XHTuLZ+omF9HOUefheBKnXvZuqrLM16y" + + "nbJn4sPwwdcCAwEAAaOCAbswggG3MCUGA1UdEQQeMBygGgYKKwMGAQQB3BkCAaAM" + + "DAoxNzYyODk2ODgzMGkGA1UdHwRiMGAwHqAcoBqGGGh0dHA6Ly9xLmljYS5jei9x" + + "aWNhLmNybDAeoBygGoYYaHR0cDovL2IuaWNhLmN6L3FpY2EuY3JsMB6gHKAahhho" + + "dHRwOi8vci5pY2EuY3ovcWljYS5jcmwwHwYDVR0jBBgwFoAUK1oKfvvlDYUsZTBy" + + "vGN701mca/UwHQYDVR0OBBYEFPAs70DB+LS0PnA6niPUfJ5wdQH5MIG4BgNVHSAE" + + "gbAwga0wgaoGCysGAQQBs2EBAQQEMIGaMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3" + + "LmljYS5jei9xY3AvY3BxcGljYTAyLnBkZjBnBggrBgEFBQcCAjBbGllUZW50byBj" + + "ZXJ0aWZpa2F0IGplIHZ5ZGFuIGpha28gS3ZhbGlmaWtvdmFueSBjZXJ0aWZpa2F0" + + "IHYgc291bGFkdSBzZSB6YWtvbmVtIDIyNy8yMDAwIFNiLjAYBggrBgEFBQcBAwQM" + + "MAowCAYGBACORgEBMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOCAQEA" + + "v2V+nnYYMIgabmmgHx49CtlZIHdGS3TuWKXw130xFhbXDnNhEbx3alaskNsvjQQR" + + "Lqs1ZwKy58yynse+eJYHqenmHDACpAfVpCF9PXC/mDarVsoQw7NTcUpsAFhSd/zT" + + "v9jIf3twECyxx/RVzONVcob7nPePESHiKoG4FbtcuUh0wSHvCmTwRIQqPDCIuHcF" + + "StSt3Jr9iXcbXEhe4mSccOZ8N+r7Rv3ncKcevlRl7uFfDKDTyd43SZeRS/7J8KRf" + + "hD/h2nawrCFwc5gJW10aLJGFL/mcS7ViAIT9HCVk23j4TuBjsVmnZ0VKxB5edux+" + + "LIEqtU428UVHZWU/I5ngLw=="); + + equal(cert.nickname, "(no nickname)", + "Actual and expected nickname should match"); + equal(cert.emailAddress, "ludek.rasek@centrum.cz", + "Actual and expected emailAddress should match"); + equal(cert.subjectName, "serialNumber=ICA - 10003769,SN=Rašek,name=Luděk Rašek,initials=LR,givenName=Luděk,E=ludek.rasek@centrum.cz,L=\"Pacov, Nádražní 769\",ST=Vysočina,CN=Luděk Rašek,C=CZ", + "Actual and expected subjectName should match"); + equal(cert.commonName, "Luděk Rašek", + "Actual and expected commonName should match"); + equal(cert.organization, "", + "Actual and expected organization should match"); + equal(cert.organizationalUnit, "", + "Actual and expected organizationalUnit should match"); + equal(cert.windowTitle, "Luděk Rašek", + "Actual and expected windowTitle should match"); + equal(cert.issuerName, "OU=Akreditovaný poskytovatel certifikačních služeb,O=První certifikační autorita a.s.,L=\"Podvinný mlýn 2178/6, 190 00 Praha 9\",C=CZ,CN=I.CA - Qualified root certificate (kvalifikovaný certifikát poskytovatele) - PSEUDONYM", + "Actual and expected issuerName should match"); + equal(cert.issuerCommonName, "I.CA - Qualified root certificate (kvalifikovaný certifikát poskytovatele) - PSEUDONYM", + "Actual and expected issuerCommonName should match"); + equal(cert.issuerOrganization, "První certifikační autorita a.s.", + "Actual and expected issuerOrganization should match"); + equal(cert.issuerOrganizationUnit, "Akreditovaný poskytovatel certifikačních služeb", + "Actual and expected issuerOrganizationUnit should match"); +} diff --git a/security/manager/ssl/tests/unit/test_nss_shutdown.js b/security/manager/ssl/tests/unit/test_nss_shutdown.js new file mode 100644 index 000000000..0c467cbd4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_nss_shutdown.js @@ -0,0 +1,44 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// This test attempts to ensure that PSM doesn't deadlock or crash when shutting +// down NSS while a background thread is attempting to use NSS. +// Uses test_signed_apps/valid_app_1.zip from test_signed_apps.js. + +function startAsyncNSSOperation(certdb, appFile) { + return new Promise((resolve, reject) => { + certdb.openSignedAppFileAsync(Ci.nsIX509CertDB.AppXPCShellRoot, appFile, + function(rv, aZipReader, aSignerCert) { + // rv will either indicate success (if NSS hasn't been shut down yet) or + // it will be some error code that varies depending on when NSS got shut + // down. As such, there's nothing really to check here. Just resolve the + // promise to continue execution. + resolve(); + }); + }); +} + +add_task(function* () { + do_get_profile(); + let psm = Cc["@mozilla.org/psm;1"] + .getService(Ci.nsISupports) + .QueryInterface(Ci.nsIObserver); + let certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + let appFile = do_get_file("test_signed_apps/valid_app_1.zip"); + + let promises = []; + for (let i = 0; i < 25; i++) { + promises.push(startAsyncNSSOperation(certdb, appFile)); + } + // Trick PSM into thinking it should shut down NSS. If this test doesn't + // hang or crash, we're good. + psm.observe(null, "profile-before-change", null); + for (let i = 0; i < 25; i++) { + promises.push(startAsyncNSSOperation(certdb, appFile)); + } + yield Promise.all(promises); +}); diff --git a/security/manager/ssl/tests/unit/test_ocsp_caching.js b/security/manager/ssl/tests/unit/test_ocsp_caching.js new file mode 100644 index 000000000..d0897fccd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_caching.js @@ -0,0 +1,299 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// Checks various aspects of the OCSP cache, mainly to to ensure we do not fetch +// responses more than necessary. + +var gFetchCount = 0; +var gGoodOCSPResponse = null; +var gResponsePattern = []; +var gMessage = ""; + +function respondWithGoodOCSP(request, response) { + do_print("returning 200 OK"); + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "application/ocsp-response"); + response.write(gGoodOCSPResponse); +} + +function respondWithSHA1OCSP(request, response) { + do_print("returning 200 OK with sha-1 delegated response"); + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "application/ocsp-response"); + + let args = [ ["good-delegated", "default-ee", "delegatedSHA1Signer" ] ]; + let responses = generateOCSPResponses(args, "ocsp_certs"); + response.write(responses[0]); +} + +function respondWithError(request, response) { + do_print("returning 500 Internal Server Error"); + response.setStatusLine(request.httpVersion, 500, "Internal Server Error"); + let body = "Refusing to return a response"; + response.bodyOutputStream.write(body, body.length); +} + +function generateGoodOCSPResponse() { + let args = [ ["good", "default-ee", "unused" ] ]; + let responses = generateOCSPResponses(args, "ocsp_certs"); + return responses[0]; +} + +function add_ocsp_test(aHost, aExpectedResult, aResponses, aMessage, + aOriginAttributes) { + add_connection_test(aHost, aExpectedResult, + function() { + clearSessionCache(); + gFetchCount = 0; + gResponsePattern = aResponses; + gMessage = aMessage; + }, + function() { + // check the number of requests matches the size of aResponses + equal(gFetchCount, aResponses.length, + "should have made " + aResponses.length + + " OCSP request" + (aResponses.length == 1 ? "" : "s")); + }, null, aOriginAttributes); +} + +function run_test() { + do_get_profile(); + Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true); + Services.prefs.setIntPref("security.OCSP.enabled", 1); + Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 4); + add_tls_server_setup("OCSPStaplingServer", "ocsp_certs"); + + let ocspResponder = new HttpServer(); + ocspResponder.registerPrefixHandler("/", function(request, response) { + + do_print("gFetchCount: " + gFetchCount); + let responseFunction = gResponsePattern[gFetchCount]; + Assert.notEqual(undefined, responseFunction); + + ++gFetchCount; + responseFunction(request, response); + }); + ocspResponder.start(8888); + + add_tests(); + + add_test(function() { ocspResponder.stop(run_next_test); }); + run_next_test(); +} + +function add_tests() { + // Test that verifying a certificate with a "short lifetime" doesn't result + // in OCSP fetching. Due to longevity requirements in our testing + // infrastructure, the certificate we encounter is valid for a very long + // time, so we have to define a "short lifetime" as something very long. + add_test(function() { + Services.prefs.setIntPref("security.pki.cert_short_lifetime_in_days", + 12000); + run_next_test(); + }); + + add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, [], + "expected zero OCSP requests for a short-lived certificate"); + + add_test(function() { + Services.prefs.setIntPref("security.pki.cert_short_lifetime_in_days", 100); + run_next_test(); + }); + + // If a "short lifetime" is something more reasonable, ensure that we do OCSP + // fetching for this long-lived certificate. + + add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, + [respondWithError], + "expected one OCSP request for a long-lived certificate"); + add_test(function() { + Services.prefs.clearUserPref("security.pki.cert_short_lifetime_in_days"); + run_next_test(); + }); + //--------------------------------------------------------------------------- + + // Reset state + add_test(function() { clearOCSPCache(); run_next_test(); }); + + // This test assumes that OCSPStaplingServer uses the same cert for + // ocsp-stapling-unknown.example.com and ocsp-stapling-none.example.com. + + // Get an Unknown response for the *.example.com cert and put it in the + // OCSP cache. + add_ocsp_test("ocsp-stapling-unknown.example.com", + SEC_ERROR_OCSP_UNKNOWN_CERT, [], + "Stapled Unknown response -> a fetch should not have been" + + " attempted"); + + // A failure to retrieve an OCSP response must result in the cached Unknown + // response being recognized and honored. + add_ocsp_test("ocsp-stapling-none.example.com", SEC_ERROR_OCSP_UNKNOWN_CERT, + [ + respondWithError, + respondWithError, + respondWithError, + respondWithError, + respondWithError, + respondWithError, + ], + "No stapled response -> a fetch should have been attempted"); + + // A valid Good response from the OCSP responder must override the cached + // Unknown response. + // + // Note that We need to make sure that the Unknown response and the Good + // response have different thisUpdate timestamps; otherwise, the Good + // response will be seen as "not newer" and it won't replace the existing + // entry. + add_test(function() { + let duration = 1200; + do_print("Sleeping for " + duration + "ms"); + let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer); + timer.initWithCallback(run_next_test, duration, Ci.nsITimer.TYPE_ONE_SHOT); + }); + add_test(function() { + gGoodOCSPResponse = generateGoodOCSPResponse(); + run_next_test(); + }); + add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, + [respondWithGoodOCSP], + "Cached Unknown response, no stapled response -> a fetch" + + " should have been attempted"); + + // The Good response retrieved from the previous fetch must have replaced + // the Unknown response in the cache, resulting in the catched Good response + // being returned and no fetch. + add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, + [], + "Cached Good response -> a fetch should not have been" + + " attempted"); + + + //--------------------------------------------------------------------------- + + // Reset state + add_test(function() { clearOCSPCache(); run_next_test(); }); + + // A failure to retrieve an OCSP response will result in an error entry being + // added to the cache. + add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, + [respondWithError], + "No stapled response -> a fetch should have been attempted"); + + // The error entry will prevent a fetch from happening for a while. + add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, [], + "Noted OCSP server failure -> a fetch should not have been" + + " attempted"); + + // The error entry must not prevent a stapled OCSP response from being + // honored. + add_ocsp_test("ocsp-stapling-revoked.example.com", + SEC_ERROR_REVOKED_CERTIFICATE, [], + "Stapled Revoked response -> a fetch should not have been" + + " attempted"); + + //--------------------------------------------------------------------------- + + // Ensure OCSP responses from signers with SHA1 certificates are OK. This + // is included in the OCSP caching tests since there were OCSP cache-related + // regressions when sha-1 telemetry probes were added. + add_test(function() { + clearOCSPCache(); + // set security.OCSP.require so that checking the OCSP signature fails + Services.prefs.setBoolPref("security.OCSP.require", true); + run_next_test(); + }); + + add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, + [respondWithSHA1OCSP], + "signing cert is good (though sha1) - should succeed"); + + add_test(function() { + Services.prefs.setBoolPref("security.OCSP.require", false); + run_next_test(); + }); + + //--------------------------------------------------------------------------- + + // Reset state + add_test(function() { clearOCSPCache(); run_next_test(); }); + + // This test makes sure that OCSP cache are isolated by firstPartyDomain. + + let gObservedCnt = 0; + let protocolProxyService = Cc["@mozilla.org/network/protocol-proxy-service;1"] + .getService(Ci.nsIProtocolProxyService); + + // Observe all channels and make sure the firstPartyDomain in their loadInfo's + // origin attributes are aFirstPartyDomain. + function startObservingChannels(aFirstPartyDomain) { + // We use a dummy proxy filter to catch all channels, even those that do not + // generate an "http-on-modify-request" notification. + let proxyFilter = { + applyFilter: function (aProxyService, aChannel, aProxy) { + // We have the channel; provide it to the callback. + if (aChannel.originalURI.spec == "http://localhost:8888/") { + gObservedCnt++; + equal(aChannel.loadInfo.originAttributes.firstPartyDomain, + aFirstPartyDomain, "firstPartyDomain should match"); + } + // Pass on aProxy unmodified. + return aProxy; + } + }; + protocolProxyService.registerChannelFilter(proxyFilter, 0); + // Return the stop() function: + return () => protocolProxyService.unregisterChannelFilter(proxyFilter); + } + + let stopObservingChannels; + add_test(function() { + stopObservingChannels = startObservingChannels("foo.com"); + run_next_test(); + }); + + // A good OCSP response will be cached. + add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, + [respondWithGoodOCSP], + "No stapled response (firstPartyDomain = foo.com) -> a fetch " + + "should have been attempted", { firstPartyDomain: "foo.com" }); + + // The cache will prevent a fetch from happening. + add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, [], + "Noted OCSP server failure (firstPartyDomain = foo.com) -> a " + + "fetch should not have been attempted", + { firstPartyDomain: "foo.com" }); + + add_test(function() { + stopObservingChannels(); + equal(gObservedCnt, 1, "should have observed only 1 OCSP requests"); + gObservedCnt = 0; + run_next_test(); + }); + + add_test(function() { + stopObservingChannels = startObservingChannels("bar.com"); + run_next_test(); + }); + + // But using a different firstPartyDomain should result in a fetch. + add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, + [respondWithGoodOCSP], + "No stapled response (firstPartyDomain = bar.com) -> a fetch " + + "should have been attempted", { firstPartyDomain: "bar.com" }); + + add_test(function() { + stopObservingChannels(); + equal(gObservedCnt, 1, "should have observed only 1 OCSP requests"); + gObservedCnt = 0; + run_next_test(); + }); + + //--------------------------------------------------------------------------- + + // Reset state + add_test(function() { clearOCSPCache(); run_next_test(); }); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js b/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js new file mode 100644 index 000000000..ba648b9e6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js @@ -0,0 +1,141 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Checks that the security.OCSP.enabled pref correctly controls OCSP fetching +// behavior. + +do_get_profile(); // Must be called before getting nsIX509CertDB +const gCertDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +const SERVER_PORT = 8888; + +function certFromFile(filename) { + return constructCertFromFile(`test_ev_certs/${filename}.pem`); +} + +function loadCert(certName, trustString) { + addCertFromFile(gCertDB, `test_ev_certs/${certName}.pem`, trustString); +} + +function getFailingOCSPResponder() { + return getFailingHttpServer(SERVER_PORT, ["www.example.com"]); +} + +function getOCSPResponder(expectedCertNames) { + return startOCSPResponder(SERVER_PORT, "www.example.com", "test_ev_certs", + expectedCertNames, []); +} + +// Tests that in ocspOff mode, OCSP fetches are never done. +function testOff() { + add_test(() => { + Services.prefs.setIntPref("security.OCSP.enabled", 0); + do_print("Setting security.OCSP.enabled to 0"); + run_next_test(); + }); + + // EV chains should verify successfully but never get EV status. + add_test(() => { + clearOCSPCache(); + let ocspResponder = getFailingOCSPResponder(); + checkEVStatus(gCertDB, certFromFile("test-oid-path-ee"), certificateUsageSSLServer, + false); + ocspResponder.stop(run_next_test); + }); + + // A DV chain should verify successfully. + add_test(() => { + clearOCSPCache(); + let ocspResponder = getFailingOCSPResponder(); + checkCertErrorGeneric(gCertDB, certFromFile("non-ev-root-path-ee"), + PRErrorCodeSuccess, certificateUsageSSLServer); + ocspResponder.stop(run_next_test); + }); +} + +// Tests that in ocspOn mode, OCSP fetches are done for both EV and DV certs. +function testOn() { + add_test(() => { + Services.prefs.setIntPref("security.OCSP.enabled", 1); + do_print("Setting security.OCSP.enabled to 1"); + run_next_test(); + }); + + // If a successful OCSP response is fetched, then an EV chain should verify + // successfully and get EV status as well. + add_test(() => { + clearOCSPCache(); + let ocspResponder = + getOCSPResponder(gEVExpected ? ["test-oid-path-int", "test-oid-path-ee"] + : ["test-oid-path-ee"]); + checkEVStatus(gCertDB, certFromFile("test-oid-path-ee"), certificateUsageSSLServer, + gEVExpected); + ocspResponder.stop(run_next_test); + }); + + // If a successful OCSP response is fetched, then a DV chain should verify + // successfully. + add_test(() => { + clearOCSPCache(); + let ocspResponder = getOCSPResponder(["non-ev-root-path-ee"]); + checkCertErrorGeneric(gCertDB, certFromFile("non-ev-root-path-ee"), + PRErrorCodeSuccess, certificateUsageSSLServer); + ocspResponder.stop(run_next_test); + }); +} + +// Tests that in ocspEVOnly mode, OCSP fetches are done for EV certs only. +function testEVOnly() { + add_test(() => { + Services.prefs.setIntPref("security.OCSP.enabled", 2); + do_print("Setting security.OCSP.enabled to 2"); + run_next_test(); + }); + + // If a successful OCSP response is fetched, then an EV chain should verify + // successfully and get EV status as well. + add_test(() => { + clearOCSPCache(); + let ocspResponder = gEVExpected + ? getOCSPResponder(["test-oid-path-int", "test-oid-path-ee"]) + : getFailingOCSPResponder(); + checkEVStatus(gCertDB, certFromFile("test-oid-path-ee"), certificateUsageSSLServer, + gEVExpected); + ocspResponder.stop(run_next_test); + }); + + // A DV chain should verify successfully even without doing OCSP fetches. + add_test(() => { + clearOCSPCache(); + let ocspResponder = getFailingOCSPResponder(); + checkCertErrorGeneric(gCertDB, certFromFile("non-ev-root-path-ee"), + PRErrorCodeSuccess, certificateUsageSSLServer); + ocspResponder.stop(run_next_test); + }); +} + +function run_test() { + do_register_cleanup(() => { + Services.prefs.clearUserPref("network.dns.localDomains"); + Services.prefs.clearUserPref("security.OCSP.enabled"); + Services.prefs.clearUserPref("security.OCSP.require"); + }); + Services.prefs.setCharPref("network.dns.localDomains", "www.example.com"); + // Enable hard fail to ensure chains that should only succeed because they get + // a good OCSP response do not succeed due to soft fail leniency. + Services.prefs.setBoolPref("security.OCSP.require", true); + + loadCert("evroot", "CTu,,"); + loadCert("test-oid-path-int", ",,"); + loadCert("non-evroot-ca", "CTu,,"); + loadCert("non-ev-root-path-int", ",,"); + + testOff(); + testOn(); + testEVOnly(); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js b/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js new file mode 100644 index 000000000..de89a4131 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js @@ -0,0 +1,59 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +// In which we try to validate several ocsp responses, checking in particular +// that we use the specified method for fetching ocsp. We also check what +// POST fallback when an invalid GET response is received. + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +const SERVER_PORT = 8888; + +function start_ocsp_responder(expectedCertNames, expectedPaths, + expectedMethods) { + return startOCSPResponder(SERVER_PORT, "www.example.com", + "test_ocsp_fetch_method", expectedCertNames, + expectedPaths, expectedMethods); +} + +function check_cert_err(cert_name, expected_error) { + let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".pem"); + return checkCertErrorGeneric(certdb, cert, expected_error, + certificateUsageSSLServer); +} + +function run_test() { + addCertFromFile(certdb, "test_ocsp_fetch_method/ca.pem", 'CTu,CTu,CTu'); + addCertFromFile(certdb, "test_ocsp_fetch_method/int.pem", ',,'); + + // Enabled so that we can force ocsp failure responses. + Services.prefs.setBoolPref("security.OCSP.require", true); + + Services.prefs.setCharPref("network.dns.localDomains", + "www.example.com"); + Services.prefs.setIntPref("security.OCSP.enabled", 1); + + add_test(function() { + clearOCSPCache(); + Services.prefs.setBoolPref("security.OCSP.GET.enabled", false); + let ocspResponder = start_ocsp_responder(["a"], [], ["POST"]); + check_cert_err("a", PRErrorCodeSuccess); + ocspResponder.stop(run_next_test); + }); + + add_test(function() { + clearOCSPCache(); + Services.prefs.setBoolPref("security.OCSP.GET.enabled", true); + let ocspResponder = start_ocsp_responder(["a"], [], ["GET"]); + check_cert_err("a", PRErrorCodeSuccess); + ocspResponder.stop(run_next_test); + }); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem new file mode 100644 index 000000000..67961e695 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAc6gAwIBAgIUG4s0As2WcZndVBOEXzU8uA26EUIwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAMMQowCAYDVQQDDAFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozwwOjA4BggrBgEFBQcBAQQsMCowKAYI +KwYBBQUHMAGGHGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC8wCwYJKoZIhvcN +AQELA4IBAQAbh10OV6scfCpc71hMzfOhmxFlicFVlqWr9saGAg6renUfoq/ZDsDK +F+gQOMyv4gtO0nAoXJ206ONNJZwAEFAusNFlfjk/sxKvmDwkGWwi/lSCtwk41loG +UNH4YV2Y6IDLIuzvHzQgkhRJZ98nQhyPiBSZy5LoqGIi1+zTQkhYtB9yR0hwoFey +JVTso2OwSwasZixBQ0NZ9WGOSupihYBJJI4BQyOwf75u2WWqTP4Yj59eZTEOIoP0 +u+5fG+mUKOrxVuZoEh6zse49IpuaOok0dW+o3soEVQqos/GuOL/sYhARfwCQT1MW +kBdICJFXSTDPuXoOk58Y2QwUtsYq3Ifb +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec new file mode 100644 index 000000000..d3a3f86ef --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:a +extension:authorityInformationAccess:http://www.example.com:8888/ diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem new file mode 100644 index 000000000..1a18e2bf0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud +DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL +/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q +vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz +GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G +dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH +H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec new file mode 100644 index 000000000..6660f5d47 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key new file mode 100644 index 000000000..8af23e068 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs +VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s +JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI +r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz +iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg +SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R +TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N +gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp +xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r +ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR +3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY +EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs +2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb +WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo +tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl +rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2 +TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit +tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m +ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1 +NBinA5ZsT8d0v3QCr2xDJH9D +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec new file mode 100644 index 000000000..4ad96d515 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec @@ -0,0 +1 @@ +default diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem new file mode 100644 index 000000000..fd60e5fe2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAbCgAwIBAgIUazy/vTocAuxP85PTc+O1JXs8WWEwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA4xDDAKBgNVBAMMA2ludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab +bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts +Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI +H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8 +rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX +Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV +HQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA6lr0lbqcaGYjYAAcA5BngiUobuYFn +4jdYK9eR6hiT5PmYRQZ9/y+2aYNF/ygiBBqBdEq/Nhrm35WeUHvDBaT8OZLBjf+g +krEAmu2ivrHZWrx16HBVDd9JdTUCx8j1HUo5fadFnsQh7nuh/VIoemox+/e8mKfh ++fW3noAoH/MRfP9VYoS0KzkW8ILiWOR1joNOHDZzanMiM/YCHO1nckq2ntI2T+kO +MNMkB+j1w5Fu6P8pgyToleHs3WmlWAeDjXygZkEhg+9uuBXb8/IyuS3cYt9ovhSh +++A25JRmqaQn2Ywd+CMsGe4MTYOsRnZPK0Co6TBteRWRdwSpqzb+UOqY +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec new file mode 100644 index 000000000..ebb4c376d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build new file mode 100644 index 000000000..c7a62b6f2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build @@ -0,0 +1,22 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'a.pem', +# 'ca.pem', +# 'int.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) +# +#test_keys = ( +# 'int.key', +#) +# +#for test_key in test_keys: +# GeneratedTestKey(test_key) diff --git a/security/manager/ssl/tests/unit/test_ocsp_must_staple.js b/security/manager/ssl/tests/unit/test_ocsp_must_staple.js new file mode 100644 index 000000000..24b32d6bc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_must_staple.js @@ -0,0 +1,116 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// Tests OCSP Must Staple handling by connecting to various domains (as faked by +// a server running locally) that correspond to combinations of whether the +// extension is present in intermediate and end-entity certificates. + +var gExpectOCSPRequest; + +function add_ocsp_test(aHost, aExpectedResult, aStaplingEnabled) { + add_connection_test(aHost, aExpectedResult, + function() { + gExpectOCSPRequest = !aStaplingEnabled; + clearOCSPCache(); + clearSessionCache(); + Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", + aStaplingEnabled); + }); +} + +function add_tests() { + // ensure that the chain is checked for required features in children: + // First a case where intermediate and ee both have the extension + add_ocsp_test("ocsp-stapling-must-staple-ee-with-must-staple-int.example.com", + PRErrorCodeSuccess, true); + + add_test(() => { + Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 1); + Services.prefs.setBoolPref("security.cert_pinning.process_headers_from_non_builtin_roots", true); + let uri = Services.io.newURI("https://ocsp-stapling-must-staple-ee-with-must-staple-int.example.com", + null, null); + let keyHash = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="; + let backupKeyHash = "KHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN="; + let header = `max-age=1000; pin-sha256="${keyHash}"; pin-sha256="${backupKeyHash}"`; + let ssservice = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + let sslStatus = new FakeSSLStatus(); + sslStatus.serverCert = constructCertFromFile("ocsp_certs/must-staple-ee-with-must-staple-int.pem"); + ssservice.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri, header, sslStatus, 0); + ok(ssservice.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0), + "ocsp-stapling-must-staple-ee-with-must-staple-int.example.com should have HPKP set"); + + // Clear accumulated state. + ssservice.removeState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0); + Services.prefs.clearUserPref("security.cert_pinning.process_headers_from_non_builtin_roots"); + Services.prefs.clearUserPref("security.cert_pinning.enforcement_level"); + run_next_test(); + }); + + // Next, a case where it's present in the intermediate, not the ee + add_ocsp_test("ocsp-stapling-plain-ee-with-must-staple-int.example.com", + MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING, true); + + // We disable OCSP stapling in the next two tests so we can perform checks + // on TLS Features in the chain without needing to support the TLS + // extension values used. + // Test an issuer with multiple TLS features in matched in the EE + add_ocsp_test("multi-tls-feature-good.example.com", + PRErrorCodeSuccess, false); + + // Finally, an issuer with multiple TLS features not matched by the EE. + add_ocsp_test("multi-tls-feature-bad.example.com", + MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING, false); + + // Now a bunch of operations with only a must-staple ee + add_ocsp_test("ocsp-stapling-must-staple.example.com", + PRErrorCodeSuccess, true); + + add_ocsp_test("ocsp-stapling-must-staple-revoked.example.com", + SEC_ERROR_REVOKED_CERTIFICATE, true); + + add_ocsp_test("ocsp-stapling-must-staple-missing.example.com", + MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING, true); + + add_ocsp_test("ocsp-stapling-must-staple-empty.example.com", + SEC_ERROR_OCSP_MALFORMED_RESPONSE, true); + + add_ocsp_test("ocsp-stapling-must-staple-missing.example.com", + PRErrorCodeSuccess, false); + + // check that disabling must-staple works + add_test(function() { + clearSessionCache(); + Services.prefs.setBoolPref("security.ssl.enable_ocsp_must_staple", false); + run_next_test(); + }); + + add_ocsp_test("ocsp-stapling-must-staple-missing.example.com", + PRErrorCodeSuccess, true); +} + +function run_test() { + do_get_profile(); + Services.prefs.setBoolPref("security.ssl.enable_ocsp_must_staple", true); + + let fakeOCSPResponder = new HttpServer(); + fakeOCSPResponder.registerPrefixHandler("/", function (request, response) { + response.setStatusLine(request.httpVersion, 500, "Internal Server Error"); + ok(gExpectOCSPRequest, + "Should be getting an OCSP request only when expected"); + }); + fakeOCSPResponder.start(8888); + + add_tls_server_setup("OCSPStaplingServer", "ocsp_certs"); + + add_tests(); + + add_test(function () { + fakeOCSPResponder.stop(run_next_test); + }); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js new file mode 100644 index 000000000..62ff1ba25 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js @@ -0,0 +1,54 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// Test that if an OCSP request is made to a domain that (erroneously) +// has HSTS status, the request is not upgraded from HTTP to HTTPS. + +function run_test() { + do_get_profile(); + // OCSP required means this test will only pass if the request succeeds. + Services.prefs.setBoolPref("security.OCSP.require", true); + + // We don't actually make use of stapling in this test. This is just how we + // get a TLS connection. + add_tls_server_setup("OCSPStaplingServer", "ocsp_certs"); + + let args = [["good", "default-ee", "unused"]]; + let ocspResponses = generateOCSPResponses(args, "ocsp_certs"); + let goodOCSPResponse = ocspResponses[0]; + + let ocspResponder = new HttpServer(); + ocspResponder.registerPrefixHandler("/", function (request, response) { + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "application/ocsp-response"); + response.write(goodOCSPResponse); + }); + ocspResponder.start(8888); + + // ocsp-stapling-none.example.com does not staple an OCSP response in the + // handshake, so the revocation checking code will attempt to fetch one. + // Since the domain of the certificate's OCSP AIA URI is an HSTS host + // (as added in the setup of this test, below), a buggy implementation would + // upgrade the OCSP request to HTTPS. We specifically prevent this. This + // test demonstrates that our implementation is correct in this regard. + add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess); + add_test(function () { run_next_test(); }); + + add_test(function () { ocspResponder.stop(run_next_test); }); + + let SSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + let uri = Services.io.newURI("http://localhost", null, null); + let sslStatus = new FakeSSLStatus(); + SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=10000", sslStatus, 0); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "localhost", 0), + "Domain for the OCSP AIA URI should be considered a HSTS host, otherwise" + + " we wouldn't be testing what we think we're testing"); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_required.js b/security/manager/ssl/tests/unit/test_ocsp_required.js new file mode 100644 index 000000000..81b8677bc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_required.js @@ -0,0 +1,55 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// In which we connect to a domain (as faked by a server running locally) +// and start up an OCSP responder (also basically faked) that gives a +// response with a bad signature. With security.OCSP.require set to true, +// this should fail (but it also shouldn't cause assertion failures). + +var gOCSPRequestCount = 0; + +function run_test() { + do_get_profile(); + Services.prefs.setBoolPref("security.OCSP.require", true); + Services.prefs.setIntPref("security.OCSP.enabled", 1); + + // We don't actually make use of stapling in this test. This is just how we + // get a TLS connection. + add_tls_server_setup("OCSPStaplingServer", "ocsp_certs"); + + let args = [["bad-signature", "default-ee", "unused"]]; + let ocspResponses = generateOCSPResponses(args, "ocsp_certs"); + let ocspResponseBadSignature = ocspResponses[0]; + + let ocspResponder = new HttpServer(); + ocspResponder.registerPrefixHandler("/", function (request, response) { + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "application/ocsp-response"); + response.write(ocspResponseBadSignature); + gOCSPRequestCount++; + }); + ocspResponder.start(8888); + + add_tests(); + + add_test(function () { ocspResponder.stop(run_next_test); }); + + run_next_test(); +} + +function add_tests() +{ + add_connection_test("ocsp-stapling-none.example.com", + SEC_ERROR_OCSP_BAD_SIGNATURE); + add_connection_test("ocsp-stapling-none.example.com", + SEC_ERROR_OCSP_BAD_SIGNATURE); + add_test(function () { + equal(gOCSPRequestCount, 1, + "OCSP request count should be 1 due to OCSP response caching"); + gOCSPRequestCount = 0; + run_next_test(); + }); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling.js b/security/manager/ssl/tests/unit/test_ocsp_stapling.js new file mode 100644 index 000000000..36c8aeaaf --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_stapling.js @@ -0,0 +1,209 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// In which we connect to a number of domains (as faked by a server running +// locally) with and without OCSP stapling enabled to determine that good +// things happen and bad things don't. + +var gExpectOCSPRequest; + +function add_ocsp_test(aHost, aExpectedResult, aStaplingEnabled) { + add_connection_test(aHost, aExpectedResult, + function() { + gExpectOCSPRequest = !aStaplingEnabled; + clearOCSPCache(); + clearSessionCache(); + Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", + aStaplingEnabled); + }); +} + +function add_tests() { + // In the absence of OCSP stapling, these should actually all work. + add_ocsp_test("ocsp-stapling-good.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-revoked.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-good-other-ca.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-malformed.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-srverr.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-trylater.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-needssig.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-unauthorized.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-unknown.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-good-other.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-none.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-expired.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-skip-responseBytes.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-critical-extension.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-noncritical-extension.example.com", + PRErrorCodeSuccess, false); + add_ocsp_test("ocsp-stapling-empty-extensions.example.com", + PRErrorCodeSuccess, false); + + // Now test OCSP stapling + // The following error codes are defined in security/nss/lib/util/SECerrs.h + + add_ocsp_test("ocsp-stapling-good.example.com", PRErrorCodeSuccess, true); + + add_ocsp_test("ocsp-stapling-revoked.example.com", + SEC_ERROR_REVOKED_CERTIFICATE, true); + + // SEC_ERROR_OCSP_INVALID_SIGNING_CERT vs SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE + // depends on whether the CA that signed the response is a trusted CA + // (but only with the classic implementation - mozilla::pkix always + // results in the error SEC_ERROR_OCSP_INVALID_SIGNING_CERT). + + // This stapled response is from a CA that is untrusted and did not issue + // the server's certificate. + let certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + let otherTestCA = constructCertFromFile("ocsp_certs/other-test-ca.pem"); + add_test(function() { + certDB.setCertTrust(otherTestCA, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.UNTRUSTED); + run_next_test(); + }); + add_ocsp_test("ocsp-stapling-good-other-ca.example.com", + SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true); + + // The stapled response is from a CA that is trusted but did not issue the + // server's certificate. + add_test(function() { + certDB.setCertTrust(otherTestCA, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL); + run_next_test(); + }); + // TODO(bug 979055): When using ByName instead of ByKey, the error here is + // SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE. We should be testing both cases. + add_ocsp_test("ocsp-stapling-good-other-ca.example.com", + SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true); + + // TODO: Test the case where the signing cert can't be found at all, which + // will result in SEC_ERROR_BAD_DATABASE in the NSS classic case. + + add_ocsp_test("ocsp-stapling-malformed.example.com", + SEC_ERROR_OCSP_MALFORMED_REQUEST, true); + add_ocsp_test("ocsp-stapling-srverr.example.com", + SEC_ERROR_OCSP_SERVER_ERROR, true); + add_ocsp_test("ocsp-stapling-trylater.example.com", + SEC_ERROR_OCSP_TRY_SERVER_LATER, true); + add_ocsp_test("ocsp-stapling-needssig.example.com", + SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, true); + add_ocsp_test("ocsp-stapling-unauthorized.example.com", + SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, true); + add_ocsp_test("ocsp-stapling-unknown.example.com", + SEC_ERROR_OCSP_UNKNOWN_CERT, true); + add_ocsp_test("ocsp-stapling-good-other.example.com", + MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING, true); + // If the server doesn't staple an OCSP response, we continue as normal + // (this means that even though stapling is enabled, we expect an OCSP + // request). + add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, + function() { + gExpectOCSPRequest = true; + clearOCSPCache(); + clearSessionCache(); + Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true); + } + ); + add_ocsp_test("ocsp-stapling-empty.example.com", + SEC_ERROR_OCSP_MALFORMED_RESPONSE, true); + + add_ocsp_test("ocsp-stapling-skip-responseBytes.example.com", + SEC_ERROR_OCSP_MALFORMED_RESPONSE, true); + + add_ocsp_test("ocsp-stapling-critical-extension.example.com", + SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, true); + add_ocsp_test("ocsp-stapling-noncritical-extension.example.com", + PRErrorCodeSuccess, true); + // TODO(bug 997994): Disallow empty Extensions in responses + add_ocsp_test("ocsp-stapling-empty-extensions.example.com", + PRErrorCodeSuccess, true); + + add_ocsp_test("ocsp-stapling-delegated-included.example.com", + PRErrorCodeSuccess, true); + add_ocsp_test("ocsp-stapling-delegated-included-last.example.com", + PRErrorCodeSuccess, true); + add_ocsp_test("ocsp-stapling-delegated-missing.example.com", + SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true); + add_ocsp_test("ocsp-stapling-delegated-missing-multiple.example.com", + SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true); + add_ocsp_test("ocsp-stapling-delegated-no-extKeyUsage.example.com", + SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true); + add_ocsp_test("ocsp-stapling-delegated-from-intermediate.example.com", + SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true); + add_ocsp_test("ocsp-stapling-delegated-keyUsage-crlSigning.example.com", + SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true); + add_ocsp_test("ocsp-stapling-delegated-wrong-extKeyUsage.example.com", + SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true); + + // ocsp-stapling-expired.example.com and + // ocsp-stapling-expired-fresh-ca.example.com are handled in + // test_ocsp_stapling_expired.js + + // Check that OCSP responder certificates with key sizes below 1024 bits are + // rejected, even when the main certificate chain keys are at least 1024 bits. + add_ocsp_test("keysize-ocsp-delegated.example.com", + SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true); + + add_ocsp_test("revoked-ca-cert-used-as-end-entity.example.com", + SEC_ERROR_REVOKED_CERTIFICATE, true); +} + +function check_ocsp_stapling_telemetry() { + let histogram = Cc["@mozilla.org/base/telemetry;1"] + .getService(Ci.nsITelemetry) + .getHistogramById("SSL_OCSP_STAPLING") + .snapshot(); + equal(histogram.counts[0], 0, + "Should have 0 connections for unused histogram bucket 0"); + equal(histogram.counts[1], 5, + "Actual and expected connections with a good response should match"); + equal(histogram.counts[2], 18, + "Actual and expected connections with no stapled response should match"); + equal(histogram.counts[3], 0, + "Actual and expected connections with an expired response should match"); + equal(histogram.counts[4], 21, + "Actual and expected connections with bad responses should match"); + run_next_test(); +} + +function run_test() { + do_get_profile(); + + let fakeOCSPResponder = new HttpServer(); + fakeOCSPResponder.registerPrefixHandler("/", function (request, response) { + response.setStatusLine(request.httpVersion, 500, "Internal Server Error"); + ok(gExpectOCSPRequest, + "Should be getting an OCSP request only when expected"); + }); + fakeOCSPResponder.start(8888); + + add_tls_server_setup("OCSPStaplingServer", "ocsp_certs"); + + add_tests(); + + add_test(function () { + fakeOCSPResponder.stop(check_ocsp_stapling_telemetry); + }); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js b/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js new file mode 100644 index 000000000..b49be85e7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js @@ -0,0 +1,184 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// In which we connect to a number of domains (as faked by a server running +// locally) with OCSP stapling enabled to determine that good things happen +// and bad things don't, specifically with respect to various expired OCSP +// responses (stapled and otherwise). + +var gCurrentOCSPResponse = null; +var gOCSPRequestCount = 0; + +function add_ocsp_test(aHost, aExpectedResult, aOCSPResponseToServe, + aExpectedRequestCount) { + add_connection_test(aHost, aExpectedResult, + function() { + clearOCSPCache(); + clearSessionCache(); + gCurrentOCSPResponse = aOCSPResponseToServe; + gOCSPRequestCount = 0; + }, + function() { + equal(gOCSPRequestCount, aExpectedRequestCount, + "Should have made " + aExpectedRequestCount + + " fallback OCSP request" + (aExpectedRequestCount == 1 ? "" : "s")); + }); +} + +do_get_profile(); +Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true); +Services.prefs.setIntPref("security.OCSP.enabled", 1); +Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 4); +var args = [["good", "default-ee", "unused"], + ["expiredresponse", "default-ee", "unused"], + ["oldvalidperiod", "default-ee", "unused"], + ["revoked", "default-ee", "unused"], + ["unknown", "default-ee", "unused"], + ]; +var ocspResponses = generateOCSPResponses(args, "ocsp_certs"); +// Fresh response, certificate is good. +var ocspResponseGood = ocspResponses[0]; +// Expired response, certificate is good. +var expiredOCSPResponseGood = ocspResponses[1]; +// Fresh signature, old validity period, certificate is good. +var oldValidityPeriodOCSPResponseGood = ocspResponses[2]; +// Fresh signature, certificate is revoked. +var ocspResponseRevoked = ocspResponses[3]; +// Fresh signature, certificate is unknown. +var ocspResponseUnknown = ocspResponses[4]; + +// sometimes we expect a result without re-fetch +var willNotRetry = 1; +// but sometimes, since a bad response is in the cache, OCSP fetch will be +// attempted for each validation - in practice, for these test certs, this +// means 6 requests because various hash algorithm and key size combinations +// are tried. +var willRetry = 6; + +function run_test() { + let ocspResponder = new HttpServer(); + ocspResponder.registerPrefixHandler("/", function(request, response) { + if (gCurrentOCSPResponse) { + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "application/ocsp-response"); + response.write(gCurrentOCSPResponse); + } else { + response.setStatusLine(request.httpVersion, 500, "Internal Server Error"); + response.write("Internal Server Error"); + } + gOCSPRequestCount++; + }); + ocspResponder.start(8888); + add_tls_server_setup("OCSPStaplingServer", "ocsp_certs"); + + // In these tests, the OCSP stapling server gives us a stapled + // response based on the host name ("ocsp-stapling-expired" or + // "ocsp-stapling-expired-fresh-ca"). We then ensure that we're + // properly falling back to fetching revocation information. + // For ocsp-stapling-expired.example.com, the OCSP stapling server + // staples an expired OCSP response. The certificate has not expired. + // For ocsp-stapling-expired-fresh-ca.example.com, the OCSP stapling + // server staples an OCSP response with a recent signature but with an + // out-of-date validity period. The certificate has not expired. + add_ocsp_test("ocsp-stapling-expired.example.com", PRErrorCodeSuccess, + ocspResponseGood, willNotRetry); + add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com", PRErrorCodeSuccess, + ocspResponseGood, willNotRetry); + // if we can't fetch a more recent response when + // given an expired stapled response, we terminate the connection. + add_ocsp_test("ocsp-stapling-expired.example.com", + SEC_ERROR_OCSP_OLD_RESPONSE, + expiredOCSPResponseGood, willRetry); + add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com", + SEC_ERROR_OCSP_OLD_RESPONSE, + expiredOCSPResponseGood, willRetry); + add_ocsp_test("ocsp-stapling-expired.example.com", + SEC_ERROR_OCSP_OLD_RESPONSE, + oldValidityPeriodOCSPResponseGood, willRetry); + add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com", + SEC_ERROR_OCSP_OLD_RESPONSE, + oldValidityPeriodOCSPResponseGood, willRetry); + add_ocsp_test("ocsp-stapling-expired.example.com", + SEC_ERROR_OCSP_OLD_RESPONSE, + null, willNotRetry); + add_ocsp_test("ocsp-stapling-expired.example.com", + SEC_ERROR_OCSP_OLD_RESPONSE, + null, willNotRetry); + // Of course, if the newer response indicates Revoked or Unknown, + // that status must be returned. + add_ocsp_test("ocsp-stapling-expired.example.com", + SEC_ERROR_REVOKED_CERTIFICATE, + ocspResponseRevoked, willNotRetry); + add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com", + SEC_ERROR_REVOKED_CERTIFICATE, + ocspResponseRevoked, willNotRetry); + add_ocsp_test("ocsp-stapling-expired.example.com", + SEC_ERROR_OCSP_UNKNOWN_CERT, + ocspResponseUnknown, willRetry); + add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com", + SEC_ERROR_OCSP_UNKNOWN_CERT, + ocspResponseUnknown, willRetry); + + // If the response is expired but indicates Revoked or Unknown and a + // newer status can't be fetched, the Revoked or Unknown status will + // be returned. + add_ocsp_test("ocsp-stapling-revoked-old.example.com", + SEC_ERROR_REVOKED_CERTIFICATE, + null, willNotRetry); + add_ocsp_test("ocsp-stapling-unknown-old.example.com", + SEC_ERROR_OCSP_UNKNOWN_CERT, + null, willNotRetry); + // If the response is expired but indicates Revoked or Unknown and + // a newer status can be fetched and successfully verified, this + // should result in a successful certificate verification. + add_ocsp_test("ocsp-stapling-revoked-old.example.com", PRErrorCodeSuccess, + ocspResponseGood, willNotRetry); + add_ocsp_test("ocsp-stapling-unknown-old.example.com", PRErrorCodeSuccess, + ocspResponseGood, willNotRetry); + // If a newer status can be fetched but it fails to verify, the + // Revoked or Unknown status of the expired stapled response + // should be returned. + add_ocsp_test("ocsp-stapling-revoked-old.example.com", + SEC_ERROR_REVOKED_CERTIFICATE, + expiredOCSPResponseGood, willRetry); + add_ocsp_test("ocsp-stapling-unknown-old.example.com", + SEC_ERROR_OCSP_UNKNOWN_CERT, + expiredOCSPResponseGood, willRetry); + + // These tests are verifying that an valid but very old response + // is rejected as a valid stapled response, requiring a fetch + // from the ocsp responder. + add_ocsp_test("ocsp-stapling-ancient-valid.example.com", PRErrorCodeSuccess, + ocspResponseGood, willNotRetry); + add_ocsp_test("ocsp-stapling-ancient-valid.example.com", + SEC_ERROR_REVOKED_CERTIFICATE, + ocspResponseRevoked, willNotRetry); + add_ocsp_test("ocsp-stapling-ancient-valid.example.com", + SEC_ERROR_OCSP_UNKNOWN_CERT, + ocspResponseUnknown, willRetry); + + add_test(function () { ocspResponder.stop(run_next_test); }); + add_test(check_ocsp_stapling_telemetry); + run_next_test(); +} + +function check_ocsp_stapling_telemetry() { + let histogram = Cc["@mozilla.org/base/telemetry;1"] + .getService(Ci.nsITelemetry) + .getHistogramById("SSL_OCSP_STAPLING") + .snapshot(); + equal(histogram.counts[0], 0, + "Should have 0 connections for unused histogram bucket 0"); + equal(histogram.counts[1], 0, + "Actual and expected connections with a good response should match"); + equal(histogram.counts[2], 0, + "Actual and expected connections with no stapled response should match"); + equal(histogram.counts[3], 21, + "Actual and expected connections with an expired response should match"); + equal(histogram.counts[4], 0, + "Actual and expected connections with bad responses should match"); + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js b/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js new file mode 100644 index 000000000..21676f1d5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js @@ -0,0 +1,45 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// In which we connect to a server that staples an OCSP response for a +// certificate signed by an intermediate that has an OCSP AIA to ensure +// that an OCSP request is not made for the intermediate. + +var gOCSPRequestCount = 0; + +function add_ocsp_test(aHost, aExpectedResult) { + add_connection_test(aHost, aExpectedResult, + function() { + clearOCSPCache(); + clearSessionCache(); + }); +} + +function run_test() { + do_get_profile(); + Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true); + + let ocspResponder = new HttpServer(); + ocspResponder.registerPrefixHandler("/", function(request, response) { + gOCSPRequestCount++; + response.setStatusLine(request.httpVersion, 500, "Internal Server Error"); + let body = "Refusing to return a response"; + response.bodyOutputStream.write(body, body.length); + }); + ocspResponder.start(8888); + + add_tls_server_setup("OCSPStaplingServer", "ocsp_certs"); + + add_ocsp_test("ocsp-stapling-with-intermediate.example.com", + PRErrorCodeSuccess); + + add_test(function () { ocspResponder.stop(run_next_test); }); + add_test(function() { + equal(gOCSPRequestCount, 0, "No OCSP requests should have been made"); + run_next_test(); + }); + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_timeout.js b/security/manager/ssl/tests/unit/test_ocsp_timeout.js new file mode 100644 index 000000000..1c4803371 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_timeout.js @@ -0,0 +1,88 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// This test connects to ocsp-stapling-none.example.com to test that OCSP +// requests are cancelled if they're taking too long. +// ocsp-stapling-none.example.com doesn't staple an OCSP response, so +// connecting to it will cause a request to the OCSP responder. As with all of +// these tests, the OCSP AIA (i.e. the url of the responder) in the certificate +// is http://localhost:8888. Since this test opens a TCP socket listening on +// port 8888 that just accepts connections and then ignores them (with +// connect/read/write timeouts of 30 seconds), the OCSP requests should cancel +// themselves. When OCSP hard-fail is enabled, connections will be terminated. +// Otherwise, they will succeed. + +var gSocketListener = { + onSocketAccepted: function(serverSocket, socketTransport) { + socketTransport.setTimeout(Ci.nsISocketTransport.TIMEOUT_CONNECT, 30); + socketTransport.setTimeout(Ci.nsISocketTransport.TIMEOUT_READ_WRITE, 30); + }, + + onStopListening: function(serverSocket, status) {} +}; + +function run_test() { + do_get_profile(); + Services.prefs.setIntPref("security.OCSP.enabled", 1); + + add_tls_server_setup("OCSPStaplingServer", "ocsp_certs"); + + let socket = Cc["@mozilla.org/network/server-socket;1"] + .createInstance(Ci.nsIServerSocket); + socket.init(8888, true, -1); + socket.asyncListen(gSocketListener); + + add_tests_in_mode(true); + add_tests_in_mode(false); + + add_test(function() { socket.close(); run_next_test(); }); + run_next_test(); +} + +function add_tests_in_mode(useHardFail) { + let startTime; + add_test(function () { + Services.prefs.setBoolPref("security.OCSP.require", useHardFail); + startTime = new Date(); + run_next_test(); + }); + + add_connection_test("ocsp-stapling-none.example.com", useHardFail + ? SEC_ERROR_OCSP_SERVER_ERROR + : PRErrorCodeSuccess, clearSessionCache); + + // Reset state + add_test(function() { + let endTime = new Date(); + let timeDifference = endTime - startTime; + do_print(`useHardFail = ${useHardFail}`); + do_print(`startTime = ${startTime.getTime()} (${startTime})`); + do_print(`endTime = ${endTime.getTime()} (${endTime})`); + do_print(`timeDifference = ${timeDifference}ms`); + + // With OCSP hard-fail on, we timeout after 10 seconds. + // With OCSP soft-fail, we timeout after 2 seconds. + // Date() is not guaranteed to be monotonic, so add extra fuzz time to + // prevent intermittent failures (this only appeared to be a problem on + // Windows XP). See Bug 1121117. + const FUZZ_MS = 300; + if (useHardFail) { + ok(timeDifference + FUZZ_MS > 10000, + "Automatic OCSP timeout should be about 10s for hard-fail"); + } else { + ok(timeDifference + FUZZ_MS > 2000, + "Automatic OCSP timeout should be about 2s for soft-fail"); + } + // Make sure we didn't wait too long. + // (Unfortunately, we probably can't have a tight upper bound on + // how long is too long for this test, because we might be running + // on slow hardware.) + ok(timeDifference < 60000, + "Automatic OCSP timeout shouldn't be more than 60s"); + clearOCSPCache(); + run_next_test(); + }); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_url.js b/security/manager/ssl/tests/unit/test_ocsp_url.js new file mode 100644 index 000000000..799c934d0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url.js @@ -0,0 +1,137 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +// In which we try to validate several ocsp responses, checking in particular +// if the ocsp url is valid and the path expressed is correctly passed to +// the caller. + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +const SERVER_PORT = 8888; + +function failingOCSPResponder() { + return getFailingHttpServer(SERVER_PORT, ["www.example.com"]); +} + +function start_ocsp_responder(expectedCertNames, expectedPaths) { + return startOCSPResponder(SERVER_PORT, "www.example.com", + "test_ocsp_url", expectedCertNames, expectedPaths); +} + +function check_cert_err(cert_name, expected_error) { + let cert = constructCertFromFile("test_ocsp_url/" + cert_name + ".pem"); + return checkCertErrorGeneric(certdb, cert, expected_error, + certificateUsageSSLServer); +} + +function run_test() { + addCertFromFile(certdb, "test_ocsp_url/ca.pem", 'CTu,CTu,CTu'); + addCertFromFile(certdb, "test_ocsp_url/int.pem", ',,'); + + // Enabled so that we can force ocsp failure responses. + Services.prefs.setBoolPref("security.OCSP.require", true); + + Services.prefs.setCharPref("network.dns.localDomains", + "www.example.com"); + Services.prefs.setIntPref("security.OCSP.enabled", 1); + + // Note: We don't test the case of a well-formed HTTP URL with an empty port + // because the OCSP code would then send a request to port 80, which we + // can't use in tests. + + add_test(function() { + clearOCSPCache(); + let ocspResponder = failingOCSPResponder(); + check_cert_err("bad-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION); + ocspResponder.stop(run_next_test); + }); + + add_test(function() { + clearOCSPCache(); + let ocspResponder = failingOCSPResponder(); + check_cert_err("empty-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION); + ocspResponder.stop(run_next_test); + }); + + add_test(() => { + clearOCSPCache(); + let ocspResponder = failingOCSPResponder(); + check_cert_err("ftp-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION); + ocspResponder.stop(run_next_test); + }); + + add_test(function() { + clearOCSPCache(); + let ocspResponder = failingOCSPResponder(); + check_cert_err("https-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION); + ocspResponder.stop(run_next_test); + }); + + add_test(function() { + clearOCSPCache(); + let ocspResponder = start_ocsp_responder(["hTTp-url"], ["hTTp-url"]); + check_cert_err("hTTp-url", PRErrorCodeSuccess); + ocspResponder.stop(run_next_test); + }); + + add_test(function() { + clearOCSPCache(); + let ocspResponder = failingOCSPResponder(); + check_cert_err("negative-port", SEC_ERROR_CERT_BAD_ACCESS_LOCATION); + ocspResponder.stop(run_next_test); + }); + + add_test(function() { + clearOCSPCache(); + let ocspResponder = failingOCSPResponder(); + // XXX Bug 1013615 parser accepts ":8888" as hostname + check_cert_err("no-host-url", SEC_ERROR_OCSP_SERVER_ERROR); + ocspResponder.stop(run_next_test); + }); + + add_test(function() { + clearOCSPCache(); + let ocspResponder = start_ocsp_responder(["no-path-url"], ['']); + check_cert_err("no-path-url", PRErrorCodeSuccess); + ocspResponder.stop(run_next_test); + }); + + add_test(function() { + clearOCSPCache(); + let ocspResponder = failingOCSPResponder(); + check_cert_err("no-scheme-host-port", SEC_ERROR_CERT_BAD_ACCESS_LOCATION); + ocspResponder.stop(run_next_test); + }); + + add_test(function() { + clearOCSPCache(); + let ocspResponder = failingOCSPResponder(); + check_cert_err("no-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION); + ocspResponder.stop(run_next_test); + }); + + add_test(function() { + clearOCSPCache(); + let ocspResponder = failingOCSPResponder(); + check_cert_err("unknown-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION); + ocspResponder.stop(run_next_test); + }); + + // Note: We currently don't have anything that ensures user:pass sections + // weren't sent. The following test simply checks that such sections + // don't cause failures. + add_test(() => { + clearOCSPCache(); + let ocspResponder = start_ocsp_responder(["user-pass"], [""]); + check_cert_err("user-pass", PRErrorCodeSuccess); + ocspResponder.stop(run_next_test); + }); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem new file mode 100644 index 000000000..861b9aafa --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4jCCAcygAwIBAgIUCaJzhLV6+ZV0VKdbJAcMFrvd69gwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAVMRMwEQYDVQQDDApiYWQtc2NoZW1lMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo +4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD +SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX +kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx +owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/ +Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozEwLzAtBggrBgEFBQcB +AQQhMB8wHQYIKwYBBQUHMAGGES93d3cuZXhhbXBsZS5jb20vMAsGCSqGSIb3DQEB +CwOCAQEAXYD4EqSv7TXWNlkAHZHg5LCCmbM9pRzAsw/tkYPAiW0OvWQsIfqQpQQG +1e5A4ENvTtOmZbvLTsqjx4k6+mAFHUl/Q/FaelMAHYSGOLivbWeAAVKz6gB862Vy +tP9+vkhT6KvefbylPNMXpa0vJME5n+CbA0NM2s0DRaE/rfADfYS8sh2rC0RaJ0yz +aqy833FmHhMgwkzOICo/RJawd+9qBbksa5O+Dq1ybYMVKA3m4IkeIBup/5AHz30n +hKX1oU/kO+/eDb9nr/lzEmRwBPP9w93rBdEE6210278nzfTj6qzIHYAqpxt60eqR +BDL9i3piPxTmjj46SHBwQ29i5bcbuA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec new file mode 100644 index 000000000..12cc07279 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:bad-scheme +extension:authorityInformationAccess:/www.example.com/ diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem new file mode 100644 index 000000000..1a18e2bf0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud +DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL +/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q +vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz +GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G +dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH +H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec new file mode 100644 index 000000000..d809dbd63 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:ca +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem new file mode 100644 index 000000000..94d4ba65e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7zCCAdmgAwIBAgIUOTJ+sDQz8pANxE2LQvwLOgmcu/EwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAbMRkwFwYDVQQDDBBlbXB0eS1zY2hlbWUtdXJsMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds +JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4 +ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25 +iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3 +4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42 +yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozgwNjA0Bggr +BgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGDovL3d3dy5leGFtcGxlLmNvbTo4ODg4 +LzALBgkqhkiG9w0BAQsDggEBAGVsX7ECTXpR66t/SCCb+ff6dAjsrc2FxrsToTav +WNMumGFeVeBE/oTi2c1UNuWM1Lui1Dm6ZpK8Meau7r97ZtumhLF1T0Mqg9cr2ZPf +WCGaaO/BS/bby4e9o2pxWkGcSD10vXjwZvEPVBB6JF6CW9vSV1bqutig08aNw7na ++73sRHgWbeXMDBbcbtbgR4F0CY5SCqkrPvclP89mC8Qn1yWjM0xuJLAcIaNupdzr +H7RHiUVTmf6VIBjuOuSGpXGTpxPCn63rDo1DO0o4z/UFwjrEUrSnQ4/4ouRc3V2/ +BdUN/myc0Ao/kPKK/w/oB4YchP44YxTIwKL22I5DhsOJuGE= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec new file mode 100644 index 000000000..e8959653f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:empty-scheme-url +extension:authorityInformationAccess:://www.example.com:8888/ diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem new file mode 100644 index 000000000..4ddeaa0e5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6TCCAdOgAwIBAgIUX8TTEyzTjyKkXvlNDjfOeVgdwUkwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjASMRAwDgYDVQQDDAdmdHAtdXJsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf +vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb +uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S +O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR +3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv +5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozswOTA3BggrBgEFBQcBAQQr +MCkwJwYIKwYBBQUHMAGGG2Z0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4LzALBgkq +hkiG9w0BAQsDggEBAD8v/SRKYMHiPDPVJayeugI6KhLXFpXFxwzUK5Aq1mjGjIz1 +ibRoY2JcrXFrZ13V8Gtb+MjMLIi72UcLyIVvEaUhFo7X8rcP5zajmaetGuaKKV61 +E7LOuXLaGY/zQOidgpHgU7QCix/MyGoVuqHvOrwGH9V5UalxZKTOrJ4Dd66XTd3p ++5cy158BhzJRbi1y0XST/ePfQAlA3dQmI0m7UINiAQofSvzZbybR/dyDWhLQTNsG +NtQ2QbilokejHOqrt/XJ+BGx5ebvY8U9pS26+r0k4CfDtxSYgIc7/mK9LIT5KyhU +LuTdXpdddngkOMKHQ0XgF39F3cgkg3IcjjAbjOE= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec new file mode 100644 index 000000000..9f50a7d79 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:ftp-url +extension:authorityInformationAccess:ftp://www.example.com:8888/ diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem new file mode 100644 index 000000000..35b5b0fbf --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8zCCAd2gAwIBAgIUDVa/q45VECP/2micfLYGBWXE7aMwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjATMREwDwYDVQQDDAhoVFRwLXVybDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY +H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk +27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9 +0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM +kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL +L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNEMEIwQAYIKwYBBQUHAQEE +NDAyMDAGCCsGAQUFBzABhiRoVFRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvaFRU +cC11cmwwCwYJKoZIhvcNAQELA4IBAQCPVRLwtymkJVeBFO8jZ/WitBfyAqTH3PN8 +8HXxYbN3Cx49MqEwET+zUj/irQsKx59vZcY5UUO3icqgbcUGidxgMoOxlXxdsQjZ +Xe6ThY27HPnV5c7mI2SQwdr/IAhHxml7OfjiZ0VoFl4RsUKghU77z0x0NMDQWN6m +Tg19Hqyy5t2fC4zpRUQifBNEaz9tHYKN/AC8Fu2iFYPOQcz+g+KGDvwCiKdSZJba +9yVMJolq6DWbKr20aSdJIOqQV0S4Ww2G88uxUcpwZ5wRa2WOW8a/FnusNP3Anhiy +RrEJh/Dzdpsi24YBfQ9m6+D9SFfqEjfKJLLcLI6jrCc68v2OfJfa +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec new file mode 100644 index 000000000..10b1504b2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:hTTp-url +extension:authorityInformationAccess:hTTp://www.example.com:8888/hTTp-url diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem new file mode 100644 index 000000000..3229f8b6b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9jCCAeCgAwIBAgIUdyMaqHO/yYxno+R+AgpRtlTqEHEwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAUMRIwEAYDVQQDDAlodHRwcy11cmwwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg +2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ +5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ +PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj +DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W +iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjRjBEMEIGCCsGAQUFBwEB +BDYwNDAyBggrBgEFBQcwAYYmaHR0cHM6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9o +dHRwcy11cmwwCwYJKoZIhvcNAQELA4IBAQB4H70+zX9CJm7Y6AitWnaUheWOow2l +JdO+iOAFM6HsxWu/X/ukZ+p6IEj79KiwyYJuyDPxms3ZUYmKEGHfChFalJbZqT8U +DNhgKUZYGMM4VK94plUGl8yaiW0r7kCygLrsWT7+NkkLdsZ8AV2R64brTa6BcvO6 +msbyHZ6XX+W0IzlWvnNVTbTVaHu+YIi5oY+z9Zn7Q9cn8mUGn3Txk6/o7iZ8HSGo +f0RHw6WphwniPmYy6En8mOHJca30iu960Q4KVHZ0NzrVSvRjZugbkSdEp5XPbzn1 +27jMaOWtst30JTMmLtKKkeb6rhDgIhF8jhSbFaygIERYLSuTryh31yRn +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec new file mode 100644 index 000000000..891005bf5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:https-url +extension:authorityInformationAccess:https://www.example.com:8888/https-url diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.key b/security/manager/ssl/tests/unit/test_ocsp_url/int.key new file mode 100644 index 000000000..8af23e068 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs +VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s +JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI +r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz +iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg +SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R +TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N +gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp +xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r +ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR +3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY +EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs +2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb +WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo +tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl +rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2 +TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit +tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m +ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1 +NBinA5ZsT8d0v3QCr2xDJH9D +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec b/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec new file mode 100644 index 000000000..4ad96d515 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec @@ -0,0 +1 @@ +default diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.pem b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem new file mode 100644 index 000000000..fd60e5fe2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAbCgAwIBAgIUazy/vTocAuxP85PTc+O1JXs8WWEwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMA4xDDAKBgNVBAMMA2ludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab +bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts +Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI +H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8 +rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX +Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV +HQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA6lr0lbqcaGYjYAAcA5BngiUobuYFn +4jdYK9eR6hiT5PmYRQZ9/y+2aYNF/ygiBBqBdEq/Nhrm35WeUHvDBaT8OZLBjf+g +krEAmu2ivrHZWrx16HBVDd9JdTUCx8j1HUo5fadFnsQh7nuh/VIoemox+/e8mKfh ++fW3noAoH/MRfP9VYoS0KzkW8ILiWOR1joNOHDZzanMiM/YCHO1nckq2ntI2T+kO +MNMkB+j1w5Fu6P8pgyToleHs3WmlWAeDjXygZkEhg+9uuBXb8/IyuS3cYt9ovhSh +++A25JRmqaQn2Ywd+CMsGe4MTYOsRnZPK0Co6TBteRWRdwSpqzb+UOqY +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec new file mode 100644 index 000000000..a7f6d8141 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:int +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/moz.build b/security/manager/ssl/tests/unit/test_ocsp_url/moz.build new file mode 100644 index 000000000..5fd0335fb --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/moz.build @@ -0,0 +1,33 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'bad-scheme.pem', +# 'ca.pem', +# 'empty-scheme-url.pem', +# 'ftp-url.pem', +# 'hTTp-url.pem', +# 'https-url.pem', +# 'int.pem', +# 'negative-port.pem', +# 'no-host-url.pem', +# 'no-path-url.pem', +# 'no-scheme-host-port.pem', +# 'no-scheme-url.pem', +# 'unknown-scheme.pem', +# 'user-pass.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) +# +#test_keys = ( +# 'int.key', +#) +# +#for test_key in test_keys: +# GeneratedTestKey(test_key) diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem new file mode 100644 index 000000000..d5da47063 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7jCCAdigAwIBAgIUOYKMbwiA6Ox6tlyXbkCVolKaQrUwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAYMRYwFAYDVQQDDA1uZWdhdGl2ZS1wb3J0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB +xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT +qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5 +kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS +wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk +BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozowODA2BggrBgEF +BQcBAQQqMCgwJgYIKwYBBQUHMAGGGmh0dHA6Ly93d3cuZXhhbXBsZS5jb206LTEv +MAsGCSqGSIb3DQEBCwOCAQEADBQNEPkXMARLS21MqOa2IrMxwTEJruvmt52cmdpP +5g3D6U+YNrCS3sBXz4iHOpTJzPq6bcA4l2MsozaXuNXGxtYmqKVAOQaeZEkfkidH +VRRrYlDx9krWWmbwMdXpHMdEvaa8ALbmdVHZGFvr/SULQJZ0bOJlS0T9QsbGvPJN +85O5sB92GF3xX1/PfSEE4adoNHjoi3iBwkCHbt8l+8Yrxi0NFv+jyZ1Cjl6HgA4H +/5QAdQK1QRSOcWdoiUKZnmS7R7lV4TUZ4ddmd1xKo6ZkM7lqKJWZRJaYyBk/2oLC +J1VpmiIPGzU8pqavEiJkI73wsKqIvLhzXE30+cmHu6lx/Q== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec new file mode 100644 index 000000000..fce6d4384 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:negative-port +extension:authorityInformationAccess:http://www.example.com:-1/ diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem new file mode 100644 index 000000000..e1dd6e432 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3zCCAcmgAwIBAgIUdxTe9sPzOgKwgY0vD+1x2d7atJkwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAWMRQwEgYDVQQDDAtuby1ob3N0LXVybDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMtMCswKQYIKwYBBQUH +AQEEHTAbMBkGCCsGAQUFBzABhg1odHRwOi8vOjg4ODgvMAsGCSqGSIb3DQEBCwOC +AQEAYLCyovqbhUruG91y2BOZo79Hios1jHFDSQQaiJPnCWv5wwDo6ZNaIDO4HZGz +WOyHUVeau3OHN2j1xSPJa2e9q+mHocU7NPMYT9GTbFOrvq6wKNl0ySpPDA87EqFa +Xumc/iMxIEqbTM85MTBQoMwBXH7Dn4YGbiGyKldHTeiHdBNYk7ck3810hTh5In6n +sJjeH04x6HnX2bN87w5ydW8IupdQtRRlyi7D+Xrh5/P6DgKQeBYYgZYP8pm1c1sv +ElZJ5HC8zNSdpbox8NQ+TeKJSH66Uzp4xzC5fC387bhT3pqF+L0mXey5+PAirPwe +2qCSHS1Wrob1dEOL2F2OtxCc7A== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec new file mode 100644 index 000000000..4ac76e7eb --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:no-host-url +extension:authorityInformationAccess:http://:8888/ diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem new file mode 100644 index 000000000..0a2b18870 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7TCCAdegAwIBAgIUAXS6lqxRzJJJN9dWf3AQsJXfmrQwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAWMRQwEgYDVQQDDAtuby1wYXRoLXVybDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM7MDkwNwYIKwYBBQUH +AQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgw +CwYJKoZIhvcNAQELA4IBAQARmP6mnoEp1iAK4icGW3lqQK4bv94YAIn+h2d6lWqS +I1ccW2lfzPowYNfcbvdPqgytOkBzxVZGjMfWhtWQrTHhxKh+qp8oQPEtGcGMYma7 +tuaeN5BZnoRMbRmGw/i/Wl7MgByjGRvrcwyZF+zb5SxUqgt4fRYY0IsaWQP5Zdmu +tk31gvNbRhT4aFeteb8XuyEt4zRwk30bjXHRWSbWO29fqTx5PpVXJzdRYZr1fLqL +6ytWx/Wri5WgvQgqYCL8aHng9qOzJPz8/ASNXzwmHjiPxEKf+Ebw3Nxo4NZ/3NdW +AcWN8hLLSnGun0gkTEuzYhgN/lglftInFXvEWYCLc/a7 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec new file mode 100644 index 000000000..497bb2879 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:no-path-url +extension:authorityInformationAccess:http://www.example.com:8888 diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem new file mode 100644 index 000000000..cee29837d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2zCCAcWgAwIBAgIUP1Op7k2Kxth54BUkOFVzyl/3GBgwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAeMRwwGgYDVQQDDBNuby1zY2hlbWUtaG9zdC1wb3J0MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1 +aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we +adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS +pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W +YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR +CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyEwHzAd +BggrBgEFBQcBAQQRMA8wDQYIKwYBBQUHMAGGAS8wCwYJKoZIhvcNAQELA4IBAQAQ +t9S6Ca0G+iUIlFzRZWzt/yrSSYNqKN0GZkMEEQc0CuPK7y55UxsO0reNHatBjFMN +6UMJa6GpIimFOcRmEvGHo5N26O0glZr+lUv66Z+/YszzG6EY3W3QLo9TUBIfkonv +Fvt5F/EygyjUq8JoOMjuFZrGrGuLA2wkbD/xQZdZSwZKfOVuPcShPnCZZIFm6Wyu +qzg7IKcHonKqt4ClHnCWJp1gSjbpGLwZnnjkQWOpOavnVdCxMFh+soPUqmZfomAd +NMM/OXt3T8SqTh6zLykKPmT7mLvdT0oK/wMOQAAqYnZ1lL/TaDl9JiWmiUHJV6wK +Iwd64wWH42VHvJa7RkGx +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec new file mode 100644 index 000000000..42a555e41 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:no-scheme-host-port +extension:authorityInformationAccess:/ diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem new file mode 100644 index 000000000..58d799cb1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6TCCAdOgAwIBAgIUU9pq10HPzAkXsubwVrSbSByUa0MwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAYMRYwFAYDVQQDDA1uby1zY2hlbWUtdXJsMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB +xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT +qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5 +kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS +wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk +BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozUwMzAxBggrBgEF +BQcBAQQlMCMwIQYIKwYBBQUHMAGGFXd3dy5leGFtcGxlLmNvbTo4ODg4LzALBgkq +hkiG9w0BAQsDggEBAKpD33VUYjJ48aRC30LmPfcncPdPb6TshHzLEWVk17sojkVl +UqzljaHcoE5yj76qG30POy/Kdy3XC7Ml3divY3feIPF9OhW5Ajt1pMMLPbIhGTK2 +vW3VXR4eD3VesXyPaJqm6xp0kKjOi0E/tHmnVCVeSdv9VxPmiBcEK8vfnA0H5qHH +KeV/ZX1DQSAS+naG8aEPhUFKa9x815Xj1t7r6xDkGOvLfvVtw1Md9lP62numDRc0 +nDC/qu8qcZUGXDJgEpqWgBpF6jfjqIAWQfioMI02xFIOqq5fSq6BCbKgpHAkVKp7 +rWobSHnjDNlPTfjW7m9U/0evheZ6ICz404fUENw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec new file mode 100644 index 000000000..a82196a6d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:no-scheme-url +extension:authorityInformationAccess:www.example.com:8888/ diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem new file mode 100644 index 000000000..1ab089a8c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6zCCAdWgAwIBAgIUK9u6obbJ2SPIjRSDpKRrgdRN/awwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAZMRcwFQYDVQQDDA51bmtub3duLXNjaGVtZTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7 +wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp +k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh +eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW +EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc +JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM2MDQwMgYIKwYB +BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZ0dHA6Ly93d3cuZXhhbXBsZS5jb20vMAsG +CSqGSIb3DQEBCwOCAQEANVw4eInvNA1+4oQxbmPEZ7IDm/Cq5u2kn0/Dm6NqI1YS +YmQtw7F6ooE1MDKuCo0nVvvbRjlv68WiIYSaGZjpD8mcZJEDGXXUaVivcPO9jakQ +pu+wzUjo41YmvvSCgBlHu7w0QWvQL4Ybk6hxZxDGIBM9HoiNnxaxKPehfc2Knb8V +RyAZvPA/0Nwtm3L+lZYmNA3i9WBWSC3p2jblCTt62UhevnmKX9ASX2TNpLDI6Brn +hoBpQUzQrXWYklC2GxBL28kx0in4NrQ264vNLO9weJacQY/Hxn/gJNyUguFDE/hk +nhc9SA29F8YtLJ6fKzizMypqQEtn1oTW3wPORruoDw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec new file mode 100644 index 000000000..008945539 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:unknown-scheme +extension:authorityInformationAccess:ttp://www.example.com/ diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem new file mode 100644 index 000000000..aead46e41 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9jCCAeCgAwIBAgIUJYO4u8rbDNc65pazTgjE2dK2ZPgwCwYJKoZIhvcNAQEL +MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw +MDAwWjAUMRIwEAYDVQQDDAl1c2VyLXBhc3MwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg +2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ +5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ +PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj +DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W +iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjRjBEMEIGCCsGAQUFBwEB +BDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL3VzZXI6cGFzc0B3d3cuZXhhbXBsZS5j +b206ODg4OC8wCwYJKoZIhvcNAQELA4IBAQA4qxh5V92DpwQWEvVz0NH9NPwQdIyv +vgAtHigtX7BEtLp3HfLZX4xb8vOmg9X2Qd921zJIBgMIFtmn2oHjeKrceu2sL7pj +tccHrCYabr5IlcRH8oub8RerRV6tW6X3Ulo6lcdY2LvZJkYuvLyKKuTB6qSfNyD2 +2xzxgSUMRtT6eBMZoCU+N6MQiwv0FzR67dZrXOkpYnKQ95+NVC2eiXnjPi4eLAv1 +7Qvafih2nXmZ0LL3oGcls8WITBNCdqYyXolAIJJQau73Yrhal0nQJGbSSedguhsG +CEpuoTou4gFhR0DTiLuWMNfF4WNTIUvmnNYfqvSzUUyFyA9msyQ0YkAj +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec new file mode 100644 index 000000000..337e67e5f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec @@ -0,0 +1,3 @@ +issuer:int +subject:user-pass +extension:authorityInformationAccess:http://user:pass@www.example.com:8888/ diff --git a/security/manager/ssl/tests/unit/test_onecrl/moz.build b/security/manager/ssl/tests/unit/test_onecrl/moz.build new file mode 100644 index 000000000..560826d89 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_onecrl/moz.build @@ -0,0 +1,14 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'same-issuer-ee.pem', +# 'test-int-ee.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem new file mode 100644 index 000000000..c48cd895b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAgegAwIBAgIUI9484x9tR8knqKhzbTfed86/unswCwYJKoZIhvcNAQEL +MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw +NTAwMDAwMFowIjEgMB4GA1UEAwwXQW5vdGhlciBUZXN0IEVuZC1lbnRpdHkwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT +2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV +JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N +jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA +BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh +He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB +AAGjWzBZMCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTAyBggr +BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8w +CwYJKoZIhvcNAQELA4IBAQB5uSG64u2JLPE1TsnPQfJT8bmzhov2VGvdyHHS1ANM +zj900qpH4qNDGAaJwHSPhGdvPuJkd7Gzz/1i3kEKX/4FFkl0Md7O2xnqMn6shzKn +kt4QAWFE+3Y5qloHLZxLAJ7xoCqxTsh+BXBgsnxR0YIJsjTXomB7kiyw5YWgRVlG +iBlDCLuv/BEmOWXADF1Ly3qXPKWsr+tXfNl5IKjUUDdDcGHKFNYq6QyScgDokCE+ +PXEZwSiHdPpHhK1/eMIegl2rMycvw0vptPznr8MqF5COXGI9/W4ObHtXJnt6/I/C +re6JOK6abYxpOJsLRXSovFc+RQQPrb6J7QA8Imt7FDkX +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec new file mode 100644 index 000000000..8b20f03f5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec @@ -0,0 +1,4 @@ +issuer:Test CA +subject:Another Test End-entity +extension:subjectAlternativeName:localhost,*.example.com +extension:authorityInformationAccess:http://localhost:8888/ diff --git a/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt b/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt new file mode 100644 index 000000000..e8d9db746 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt @@ -0,0 +1,39 @@ +# a sample revocations.txt for tests +# Lines starting with '#' are ignored - as are empty lines like this: + +# otherwise: +# non-empty lines are treated as base-64 encoded DER DN data (e.g. issuer or +# subject) +# ...unless the line starts with a ' ' (space) character, in which case it's +# assumed to be base-64 encoded DER serial data, or +# the line starts with a '\t' (tab) character, in which case it's assumed to +# be a base-64 encoded SHA256 hash of a public key + +# First a serial with no issuer to ensure this doesn't cause parsing to fail +# (there should be an issuer first, but we need to test this won't fail) + dGVzdA== +# next, let's ensure data that isn't valid base64 doesn't cause breakage. + this serial isn't valid base64 (but then there's no issuer anyway) +Neither is this issuer, though the serial is fine + dGVzdA== +dGVzdA== + in this case, issuer is fine but not the serial +# Next two entries; we can add valid base-64 encoded data for some basic tests: +# issuer is "some imaginary issuer" base-64 encoded +# and serial "serial." base-64 encoded +c29tZSBpbWFnaW5hcnkgaXNzdWVy + c2VyaWFsLg== +# issuer is "another imaginary issuer" base-64 encoded +# serials are "serial." and "serial2." base-64 encoded +YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy + c2VyaWFsLg== + c2VyaWFsMi4= +# subject is "some imaginary subject", base-64 encoded +# pubKeyHash is the sha256 hash of "some imaginary pubkey" base-64 encoded +c29tZSBpbWFnaW5hcnkgc3ViamVjdA== + blBNgTxORaii2Sqe9bQcYsmfJ3kiXOLiKLzQNJ2wZYE= +# and some more data to ensure that mixed items don't cause parsing failure +a DN + a serial + a hash + another serial diff --git a/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem new file mode 100644 index 000000000..34d2cf669 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5jCCAdCgAwIBAgIUQyYXainIoMjK+7Pogg88tLd6ERgwCwYJKoZIhvcNAQEL +MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw +WhgPMjAxODAyMDUwMDAwMDBaMCQxIjAgBgNVBAMMGUVFIGlzc3VlZCBieSBpbnRl +cm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W +1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq +ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx +0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV +t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo +4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx +1QOs2hgKNe2NAgMBAAGjGDAWMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDALBgkqhkiG +9w0BAQsDggEBAG5fRtX3qlA/A0hm3SwbARbljUehHxdHTeiz8qAbX5aEo7LRCxjr +BccpjzVqwiZxfwqcAyHT/+CrFrgKvpN6rnuNnmNvScH3BeTmXEkImiHc0nZTYyOH +Xep3I0ZEDa+2H5WDXfCbwF6JIQKJ2j3TR+c5/PzS3RLIkXG8wKcmv6Ldi5vwrIM7 +DDZ+k3a65JYSQwg9Q8gZoEBKmcalVD86+OQcs1HijU7ylS9PO8HB/sYakDPuKqRM +xZgIBTDctRET07KtAIpBEnbfiWkI6xh4tTYj4IrRA5Yz8ajRImdn0IhJSld5Wgoy +cQ1L2ia/hgcTIdQ+pIIV2lcepTaNMeIpCoI= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec new file mode 100644 index 000000000..24792d540 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec @@ -0,0 +1,3 @@ +issuer:Test Intermediate +subject:EE issued by intermediate +extension:subjectAlternativeName:localhost diff --git a/security/manager/ssl/tests/unit/test_password_prompt.js b/security/manager/ssl/tests/unit/test_password_prompt.js new file mode 100644 index 000000000..cdf4227cb --- /dev/null +++ b/security/manager/ssl/tests/unit/test_password_prompt.js @@ -0,0 +1,78 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests that PSM can successfully ask for a password from the user and relay it +// back to NSS. Does so by mocking out the actual dialog and "filling in" the +// password. Also tests that providing an incorrect password will fail (well, +// technically the user will just get prompted again, but if they then cancel +// the dialog the overall operation will fail). + +var gMockPrompter = { + passwordToTry: null, + numPrompts: 0, + + // This intentionally does not use arrow function syntax to avoid an issue + // where in the context of the arrow function, |this != gMockPrompter| due to + // how objects get wrapped when going across xpcom boundaries. + promptPassword: function(dialogTitle, text, password, checkMsg, checkValue) { + this.numPrompts++; + if (this.numPrompts > 1) { // don't keep retrying a bad password + return false; + } + equal(text, + "Please enter the master password for the Software Security Device.", + "password prompt text should be as expected"); + equal(checkMsg, null, "checkMsg should be null"); + ok(this.passwordToTry, "passwordToTry should be non-null"); + password.value = this.passwordToTry; + return true; + }, + + QueryInterface: XPCOMUtils.generateQI([Ci.nsIPrompt]), +}; + +// Mock nsIWindowWatcher. PSM calls getNewPrompter on this to get an nsIPrompt +// to call promptPassword. We return the mock one, above. +var gWindowWatcher = { + getNewPrompter: () => gMockPrompter, + QueryInterface: XPCOMUtils.generateQI([Ci.nsIWindowWatcher]), +}; + +function run_test() { + do_get_profile(); + + let windowWatcherCID = + MockRegistrar.register("@mozilla.org/embedcomp/window-watcher;1", + gWindowWatcher); + do_register_cleanup(() => { + MockRegistrar.unregister(windowWatcherCID); + }); + + // Set an initial password. + let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"] + .getService(Ci.nsIPK11TokenDB); + let token = tokenDB.getInternalKeyToken(); + token.initPassword("hunter2"); + token.logoutSimple(); + + // Try with the correct password. + gMockPrompter.passwordToTry = "hunter2"; + // Using nsISecretDecoderRing will cause the password prompt to come up if the + // token has a password and is logged out. + let sdr = Cc["@mozilla.org/security/sdr;1"] + .getService(Ci.nsISecretDecoderRing); + sdr.encryptString("poke"); + equal(gMockPrompter.numPrompts, 1, "should have prompted for password once"); + + // Reset state. + gMockPrompter.numPrompts = 0; + token.logoutSimple(); + + // Try with an incorrect password. + gMockPrompter.passwordToTry = "*******"; + throws(() => sdr.encryptString("poke2"), /NS_ERROR_FAILURE/, + "logging in with the wrong password should fail"); + equal(gMockPrompter.numPrompts, 2, "should have prompted for password twice"); +} diff --git a/security/manager/ssl/tests/unit/test_pinning.js b/security/manager/ssl/tests/unit/test_pinning.js new file mode 100644 index 000000000..4d3c2fac8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning.js @@ -0,0 +1,263 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// +// For all cases, the acceptable pinset includes only certificates pinned to +// Test End Entity Cert (signed by issuer testCA). Other certificates +// are issued by otherCA, which is never in the pinset but is a user-specified +// trust anchor. This test covers multiple cases: +// +// Pinned domain include-subdomains.pinning.example.com includes subdomains +// - PASS: include-subdomains.pinning.example.com serves a correct cert +// - PASS: good.include-subdomains.pinning.example.com serves a correct cert +// - FAIL (strict): bad.include-subdomains.pinning.example.com serves a cert +// not in the pinset +// - PASS (mitm): bad.include-subdomains.pinning.example.com serves a cert not +// in the pinset, but issued by a user-specified trust domain +// +// Pinned domain exclude-subdomains.pinning.example.com excludes subdomains +// - PASS: exclude-subdomains.pinning.example.com serves a correct cert +// - FAIL: exclude-subdomains.pinning.example.com serves an incorrect cert +// (TODO: test using verifyCertNow) +// - PASS: sub.exclude-subdomains.pinning.example.com serves an incorrect cert + +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function add_clear_override(host) { + add_test(function() { + let certOverrideService = Cc["@mozilla.org/security/certoverride;1"] + .getService(Ci.nsICertOverrideService); + certOverrideService.clearValidityOverride(host, 8443); + run_next_test(); + }); +} + +function test_strict() { + // In strict mode, we always evaluate pinning data, regardless of whether the + // issuer is a built-in trust anchor. We only enforce pins that are not in + // test mode. + add_test(function() { + Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2); + run_next_test(); + }); + + // Normally this is overridable. But, since we have pinning information for + // this host, we don't allow overrides. + add_prevented_cert_override_test( + "unknownissuer.include-subdomains.pinning.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_clear_override("unknownissuer.include-subdomains.pinning.example.com"); + + // Issued by otherCA, which is not in the pinset for pinning.example.com. + add_connection_test("bad.include-subdomains.pinning.example.com", + MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE); + + // Check that using a FQDN doesn't bypass pinning. + add_connection_test("bad.include-subdomains.pinning.example.com.", + MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE); + // For some reason this is also navigable (see bug 1118522). + add_connection_test("bad.include-subdomains.pinning.example.com..", + MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE); + + // These domains serve certs that match the pinset. + add_connection_test("include-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("good.include-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("exclude-subdomains.pinning.example.com", + PRErrorCodeSuccess); + + // This domain serves a cert that doesn't match the pinset, but subdomains + // are excluded. + add_connection_test("sub.exclude-subdomains.pinning.example.com", + PRErrorCodeSuccess); + + // This domain's pinset is exactly the same as + // include-subdomains.pinning.example.com, serves the same cert as + // bad.include-subdomains.pinning.example.com, but it should pass because + // it's in test_mode. + add_connection_test("test-mode.pinning.example.com", + PRErrorCodeSuccess); + // Similarly, this pin is in test-mode, so it should be overridable. + add_cert_override_test("unknownissuer.test-mode.pinning.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_clear_override("unknownissuer.test-mode.pinning.example.com"); +} + +function test_mitm() { + // In MITM mode, we allow pinning to pass if the chain resolves to any + // user-specified trust anchor, even if it is not in the pinset. + add_test(function() { + Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 1); + run_next_test(); + }); + + add_connection_test("include-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("good.include-subdomains.pinning.example.com", + PRErrorCodeSuccess); + + // Normally this is overridable. But, since we have pinning information for + // this host, we don't allow overrides (since building a trusted chain fails, + // we have no reason to believe this was issued by a user-added trust + // anchor, so we can't allow overrides for it). + add_prevented_cert_override_test( + "unknownissuer.include-subdomains.pinning.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_clear_override("unknownissuer.include-subdomains.pinning.example.com"); + + // In this case, even though otherCA is not in the pinset, it is a + // user-specified trust anchor and the pinning check succeeds. + add_connection_test("bad.include-subdomains.pinning.example.com", + PRErrorCodeSuccess); + + add_connection_test("exclude-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("sub.exclude-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("test-mode.pinning.example.com", PRErrorCodeSuccess); + add_cert_override_test("unknownissuer.test-mode.pinning.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_clear_override("unknownissuer.test-mode.pinning.example.com"); +} + +function test_disabled() { + // Disable pinning. + add_test(function() { + Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 0); + run_next_test(); + }); + + add_connection_test("include-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("good.include-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("bad.include-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("exclude-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("sub.exclude-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("test-mode.pinning.example.com", PRErrorCodeSuccess); + + add_cert_override_test("unknownissuer.include-subdomains.pinning.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_clear_override("unknownissuer.include-subdomains.pinning.example.com"); + add_cert_override_test("unknownissuer.test-mode.pinning.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_clear_override("unknownissuer.test-mode.pinning.example.com"); +} + +function test_enforce_test_mode() { + // In enforce test mode, we always enforce all pins, even test pins. + add_test(function() { + Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 3); + run_next_test(); + }); + + // Normally this is overridable. But, since we have pinning information for + // this host, we don't allow overrides. + add_prevented_cert_override_test( + "unknownissuer.include-subdomains.pinning.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_clear_override("unknownissuer.include-subdomains.pinning.example.com"); + + // Issued by otherCA, which is not in the pinset for pinning.example.com. + add_connection_test("bad.include-subdomains.pinning.example.com", + MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE); + + // These domains serve certs that match the pinset. + add_connection_test("include-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("good.include-subdomains.pinning.example.com", + PRErrorCodeSuccess); + add_connection_test("exclude-subdomains.pinning.example.com", + PRErrorCodeSuccess); + + // This domain serves a cert that doesn't match the pinset, but subdomains + // are excluded. + add_connection_test("sub.exclude-subdomains.pinning.example.com", + PRErrorCodeSuccess); + + // This domain's pinset is exactly the same as + // include-subdomains.pinning.example.com, serves the same cert as + // bad.include-subdomains.pinning.example.com, is in test-mode, but we are + // enforcing test mode pins. + add_connection_test("test-mode.pinning.example.com", + MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE); + // Normally this is overridable. But, since we have pinning information for + // this host (and since we're enforcing test mode), we don't allow overrides. + add_prevented_cert_override_test( + "unknownissuer.test-mode.pinning.example.com", + Ci.nsICertOverrideService.ERROR_UNTRUSTED, + SEC_ERROR_UNKNOWN_ISSUER); + add_clear_override("unknownissuer.test-mode.pinning.example.com"); +} + +function check_pinning_telemetry() { + let service = Cc["@mozilla.org/base/telemetry;1"].getService(Ci.nsITelemetry); + let prod_histogram = service.getHistogramById("CERT_PINNING_RESULTS") + .snapshot(); + let test_histogram = service.getHistogramById("CERT_PINNING_TEST_RESULTS") + .snapshot(); + // Because all of our test domains are pinned to user-specified trust + // anchors, effectively only strict mode and enforce test-mode get evaluated + equal(prod_histogram.counts[0], 4, + "Actual and expected prod (non-Mozilla) failure count should match"); + equal(prod_histogram.counts[1], 4, + "Actual and expected prod (non-Mozilla) success count should match"); + equal(test_histogram.counts[0], 2, + "Actual and expected test (non-Mozilla) failure count should match"); + equal(test_histogram.counts[1], 0, + "Actual and expected test (non-Mozilla) success count should match"); + + let moz_prod_histogram = service.getHistogramById("CERT_PINNING_MOZ_RESULTS") + .snapshot(); + let moz_test_histogram = + service.getHistogramById("CERT_PINNING_MOZ_TEST_RESULTS").snapshot(); + equal(moz_prod_histogram.counts[0], 0, + "Actual and expected prod (Mozilla) failure count should match"); + equal(moz_prod_histogram.counts[1], 0, + "Actual and expected prod (Mozilla) success count should match"); + equal(moz_test_histogram.counts[0], 0, + "Actual and expected test (Mozilla) failure count should match"); + equal(moz_test_histogram.counts[1], 0, + "Actual and expected test (Mozilla) success count should match"); + + let per_host_histogram = + service.getHistogramById("CERT_PINNING_MOZ_RESULTS_BY_HOST").snapshot(); + equal(per_host_histogram.counts[0], 0, + "Actual and expected per host (Mozilla) failure count should match"); + equal(per_host_histogram.counts[1], 2, + "Actual and expected per host (Mozilla) success count should match"); + run_next_test(); +} + +function run_test() { + add_tls_server_setup("BadCertServer", "bad_certs"); + + // Add a user-specified trust anchor. + addCertFromFile(certdb, "bad_certs/other-test-ca.pem", "CTu,u,u"); + + test_strict(); + test_mitm(); + test_disabled(); + test_enforce_test_mode(); + + add_test(function () { + check_pinning_telemetry(); + }); + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic.js b/security/manager/ssl/tests/unit/test_pinning_dynamic.js new file mode 100644 index 000000000..2c314b53a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic.js @@ -0,0 +1,246 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// The purpose of this test is to create a site security service state file +// and see that the site security service reads it properly. + +function writeLine(aLine, aOutputStream) { + aOutputStream.write(aLine, aLine.length); +} + +var gSSService = null; +var gSSSStateSeen = false; +var gPreloadStateSeen = false; + +var profileDir = do_get_profile(); +var certdb; + +function certFromFile(cert_name) { + return constructCertFromFile("test_pinning_dynamic/" + cert_name + ".pem"); +} + +function loadCert(cert_name, trust_string) { + let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem"; + addCertFromFile(certdb, cert_filename, trust_string); + return constructCertFromFile(cert_filename); +} + +function checkOK(cert, hostname) { + return checkCertErrorGeneric(certdb, cert, PRErrorCodeSuccess, + certificateUsageSSLServer, {}, hostname); +} + +function checkFail(cert, hostname) { + return checkCertErrorGeneric(certdb, cert, MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE, + certificateUsageSSLServer, {}, hostname); +} + +const NON_ISSUED_KEY_HASH = "KHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN="; +const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="; + +function run_test() { + Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2); + + let stateFile = profileDir.clone(); + stateFile.append(SSS_STATE_FILE_NAME); + // Assuming we're working with a clean slate, the SSS_STATE file shouldn't + // exist until we create it. + ok(!stateFile.exists(), + "State file should not exist when working with a clean slate"); + let outputStream = FileUtils.openFileOutputStream(stateFile); + let now = (new Date()).getTime(); + writeLine(`a.pinning2.example.com:HPKP\t0\t0\t${now + 100000},1,0,${PINNING_ROOT_KEY_HASH}\n`, outputStream); + writeLine(`b.pinning2.example.com:HPKP\t0\t0\t${now + 100000},1,1,${PINNING_ROOT_KEY_HASH}\n`, outputStream); + + outputStream.close(); + + let preloadFile = profileDir.clone(); + preloadFile.append(PRELOAD_STATE_FILE_NAME); + ok(!preloadFile.exists(), + "Preload file should not exist when working with a clean slate"); + + outputStream = FileUtils.openFileOutputStream(preloadFile); + writeLine(`a.preload.example.com:HPKP\t0\t0\t${now + 100000},1,1,${PINNING_ROOT_KEY_HASH}\n`, outputStream); + outputStream.close(); + + Services.obs.addObserver(checkStateRead, "data-storage-ready", false); + do_test_pending(); + gSSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + notEqual(gSSService, null, + "SiteSecurityService should have initialized successfully using" + + " the generated state file"); +} + +function checkDefaultSiteHPKPStatus() { + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "a.pinning2.example.com", 0), + "a.pinning2.example.com should have HPKP status"); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "x.a.pinning2.example.com", 0), + "x.a.pinning2.example.com should not have HPKP status"); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "b.pinning2.example.com", 0), + "b.pinning2.example.com should have HPKP status"); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "x.b.pinning2.example.com", 0), + "x.b.pinning2.example.com should have HPKP status"); +} + +function checkStateRead(aSubject, aTopic, aData) { + if (aData == SSS_STATE_FILE_NAME) { + gSSSStateSeen = true; + } else if (aData == PRELOAD_STATE_FILE_NAME) { + gPreloadStateSeen = true; + } else { + throw new Error("Observed data should either be the Site Security " + + "Service state file name or the preload file name"); + } + + if (!gSSSStateSeen || !gPreloadStateSeen) { + return; + } + + notEqual(gSSService, null, "SiteSecurityService should be initialized"); + + // Initializing the certificate DB will cause NSS-initialization, which in + // turn initializes the site security service. Since we're in part testing + // that the site security service correctly reads its state file, we have to + // make sure it doesn't start up before we've populated the file + certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + + loadCert("pinningroot", "CTu,CTu,CTu"); + loadCert("badca", "CTu,CTu,CTu"); + + // the written entry is for a.pinning2.example.com without subdomains + // and b.pinning2.example.com with subdomains + checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com"); + checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com"); + checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com"); + checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com"); + + checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com"); + checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com"); + checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com"); + checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com"); + + checkDefaultSiteHPKPStatus(); + + + // add includeSubdomains to a.pinning2.example.com + gSSService.setKeyPins("a.pinning2.example.com", true, + new Date().getTime() + 1000000, 2, + [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH]); + checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com"); + checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com"); + checkFail(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com"); + checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com"); + checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com"); + checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com"); + checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com"); + checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com"); + + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "a.pinning2.example.com", 0), + "a.pinning2.example.com should still have HPKP status after adding" + + " includeSubdomains to a.pinning2.example.com"); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "x.a.pinning2.example.com", 0), + "x.a.pinning2.example.com should now have HPKP status after adding" + + " includeSubdomains to a.pinning2.example.com"); + + // Now setpins without subdomains + gSSService.setKeyPins("a.pinning2.example.com", false, + new Date().getTime() + 1000000, 2, + [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH]); + checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com"); + checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com"); + checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com"); + checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com"); + + checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com"); + checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com"); + checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com"); + checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com"); + + checkDefaultSiteHPKPStatus(); + + // failure to insert new pin entry leaves previous pin behavior + throws(() => { + gSSService.setKeyPins("a.pinning2.example.com", true, + new Date().getTime() + 1000000, 1, ["not a hash"]); + }, /NS_ERROR_ILLEGAL_VALUE/, "Attempting to set an invalid pin should fail"); + checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com"); + checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com"); + checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com"); + checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com"); + + checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com"); + checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com"); + checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com"); + checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com"); + + checkDefaultSiteHPKPStatus(); + + // Incorrect size results in failure + throws(() => { + gSSService.setKeyPins("a.pinning2.example.com", true, + new Date().getTime() + 1000000, 2, ["not a hash"]); + }, /NS_ERROR_XPC_NOT_ENOUGH_ELEMENTS_IN_ARRAY/, + "Attempting to set a pin with an incorrect size should fail"); + + // Ensure built-in pins work as expected + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "nonexistent.example.com", 0), + "Not built-in nonexistent.example.com should not have HPKP status"); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "include-subdomains.pinning.example.com", 0), + "Built-in include-subdomains.pinning.example.com should have HPKP status"); + + gSSService.setKeyPins("a.pinning2.example.com", false, new Date().getTime(), + 1, [NON_ISSUED_KEY_HASH]); + + // Check that a preload pin loaded from file works as expected + checkFail(certFromFile("a.preload.example.com-badca"), "a.preload.example.com"); + checkOK(certFromFile("a.preload.example.com-pinningroot"), "a.preload.example.com"); + + // Check a dynamic addition works as expected + // first, it should succeed with the badCA - because there's no pin + checkOK(certFromFile('b.preload.example.com-badca'), "b.preload.example.com"); + // then we add a pin, and we should get a failure (ensuring the expiry is + // after the test timeout) + gSSService.setKeyPins("b.preload.example.com", false, + new Date().getTime() + 1000000, 2, + [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH], true); + checkFail(certFromFile('b.preload.example.com-badca'), "b.preload.example.com"); + + do_timeout(1250, checkExpiredState); +} + +function checkExpiredState() { + checkOK(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com"); + checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com"); + checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com"); + checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com"); + + checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com"); + checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com"); + checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com"); + checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com"); + checkPreloadClear(); +} + +function checkPreloadClear() { + // Check that the preloaded pins still work after private data is cleared + gSSService.clearAll(); + checkFail(certFromFile('b.preload.example.com-badca'), "b.preload.example.com"); + + // Check that the preloaded pins are cleared when we clear preloads + gSSService.clearPreloads(); + checkOK(certFromFile('b.preload.example.com-badca'), "b.preload.example.com"); + + do_test_finished(); +} diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem new file mode 100644 index 000000000..102a3bbda --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3TCCAcegAwIBAgIUXdB7LgBGZoRV1UmEFcsOhMigpB0wCwYJKoZIhvcNAQEL +MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw +MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv +plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn +YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ +ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM +5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn +JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMlMCMwIQYD +VR0RBBowGIIWYS5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEB +AAKhpX2t/Bz9//u1DYyLZ6dLSJt121Vb58s8gQvI/7n6MdUP1IniQLbtPW+7wnV0 +6LYagJQ11ZUJMxYUs6lB91yhwAO9NoN4QJWWB0i23DoZ6cg4dHmYKmQQ/HRndwm+ +EATkJSnBAk8O2xmIm8CXbJ0W0lvaXEjzRfeoiEjQ0/THeo4hXvGOMPm31d+r4ji5 +/u2+9jrpTII0kjCwFjqC97lPID14s9QRMqMB1CCV6fgT19EGYi9I7H6mnyukkmfX +9wOhLHSk6A2l5+5eJrZYXLOhcS31VBd54sb1Vvg+Bp05HMYjo051JcRlvxoIUsHT +JQDn8QrzwZBDBh4Pie3AwOM= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec new file mode 100644 index 000000000..f365b8a18 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec @@ -0,0 +1,5 @@ +issuer:badca +subject:test end-entity +issuerKey:alternate +subjectKey:alternate +extension:subjectAlternativeName:a.pinning2.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem new file mode 100644 index 000000000..2439b5775 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4zCCAc2gAwIBAgIUPQgjdPeWdWy/0oKRi+5Lr7JJorMwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK +zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG +zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX +KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp +mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6 +kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMl +MCMwIQYDVR0RBBowGIIWYS5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0B +AQsDggEBAFUlxnwpxOFbSxtsBthWu6xmDxeFAzP+u5YOfuKeiIGnAx70k8ODQufJ +Vm1rXvKtN5r8jR6AZh/hdA+tGhnu4+pGi9/aqWnaF1FEs2mW0saUV8atQZwNGRBO +E9FXdAHA8WmGIfRf8TOuWpmEWejjJt5Zsfs+V3ARIxjCrVE7ixyfJ/hYpmthLtYJ +5vgp0iiPjzorKeFnqooLVAfzeayRX0bE5H79NISIWq4CN/9J50ZFkRORURlANU95 +2Dcuw416b3BGrWVmWlKWOpA6NZ+Rj+AI+z9UTDpqCczTfMXMabX4EveW1GKMMYiA +eLD8SY4VQ4403eaCp6rxYFrCNOeDczs= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec new file mode 100644 index 000000000..aef72ce39 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec @@ -0,0 +1,4 @@ +issuer:pinningroot +subject:test end-entity +subjectKey:alternate +extension:subjectAlternativeName:a.pinning2.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem new file mode 100644 index 000000000..2a157d8e6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAcagAwIBAgIUKUG7kBZ72CvuLQ0uPfjKHLkKDQAwCwYJKoZIhvcNAQEL +MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw +MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv +plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn +YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ +ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM +5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn +JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMkMCIwIAYD +VR0RBBkwF4IVYS5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOCAQEA +tx5YO8uvYac92scnMEswv4ZIslou8UYV/2mtxA+MaXf/g+MizOKeZgTI1+b9hR48 +IDOgvrqPCbn1hKY6gb2gtRI1mC5dg9T8EYEXcC1TM+ncY/l4SZUjfMhzY2iOf62x +jhDqMMt4V5uaHUxVmJQI82X5qpxH3yJ3WOC87iGZNfMB8MSbLM3lxor9OHeTlTHQ +vPb/r7cLW+ikxirDGyBBvThkvDA/8qyN5Qp6Ae1BiPeEMoScNf3fChvNV6Jyb8g8 +e9q0LnTlTuVgaDWtg7PVOxeiI+wf3Jhv9uqXQLX8JHZDKebLbQEkNcbR4DK/8wsP +uFhj0j8DY6+/YZbcF7Jgfw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem.certspec new file mode 100644 index 000000000..c1cb36576 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem.certspec @@ -0,0 +1,5 @@ +issuer:badca +subject:test end-entity +issuerKey:alternate +subjectKey:alternate +extension:subjectAlternativeName:a.preload.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem new file mode 100644 index 000000000..5fa43f052 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4jCCAcygAwIBAgIURV3mf9Dz42lALe31OAm2SYbpFaEwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK +zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG +zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX +KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp +mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6 +kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMk +MCIwIAYDVR0RBBkwF4IVYS5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEB +CwOCAQEATOA0bbfg81JieQkTzr4oxBqPuFamtLSAsLpbKakikYQo2znMGNnHV7Xe +uxMGMhCIPRsiJ6jj6ZTQJNqQRKzXWEiBgREsarmJxA53ITIcO2cK2rqyetNAAwzZ +oViENmK3tLA5KT2VC9IGgMXdSE7IfXn+5yCdpKZ2ohwtkYHNkCbQIU+4KaCPa/dB +yAelZZPE0mVHJLkd5HoOsFmjFOBQuOkn9/AAOmkgBZIk1Dp833ywn/mnwLZdVsdV ++TjqWKenDJXxhO2+aCCtZbUVxKMn0TACpAA+rhjS5vigCyIZh7V4rxki9UXaOfVq +EVy4rFlRIYYtXV40HavDZoPgxuCHDw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem.certspec new file mode 100644 index 000000000..5c1865314 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem.certspec @@ -0,0 +1,4 @@ +issuer:pinningroot +subject:test end-entity +subjectKey:alternate +extension:subjectAlternativeName:a.preload.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem new file mode 100644 index 000000000..cffb37c1f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3TCCAcegAwIBAgIUV89JsAhywp3graSGqjeSpMzd1B0wCwYJKoZIhvcNAQEL +MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw +MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv +plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn +YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ +ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM +5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn +JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMlMCMwIQYD +VR0RBBowGIIWYi5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEB +ABevzhH9/hjTBgTtUk4ytZX0A7Tu0DR5F9ooFnlUwzupHFihO+9NzEoCSIvCy3L9 ++i3LbkaiUWEHQItLjIg+aice13ZkuMp+DeZ+D/YR9ulxyY1QBYeZLQj/gSdkj/fK +uDm0Izgt8OBsgP+KFX2c2cGZyOcXmFFAwSfkLz7p2qzrmuM7r5ploNpxeHBUIxUW +jJzSFeQMfy5wflcKDBY+PDejzN9Ik4weRyERsckVgmZSJXuodb8xgYkNPvl/GOVJ +o+eDw+E3uOsdBIDrsyb+bcQTG7nBkQoSqG8M0610h0OqFhksfv/0HcB/wfW8VdU+ ++C4+tR2KfvqTCm3T6gzRWX8= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec new file mode 100644 index 000000000..5aa8aaa5e --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec @@ -0,0 +1,5 @@ +issuer:badca +subject:test end-entity +issuerKey:alternate +subjectKey:alternate +extension:subjectAlternativeName:b.pinning2.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem new file mode 100644 index 000000000..791f64b4c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4zCCAc2gAwIBAgIUVQNTrx+mRE96ggRLuZeFm+9uBdcwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK +zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG +zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX +KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp +mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6 +kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMl +MCMwIQYDVR0RBBowGIIWYi5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0B +AQsDggEBAHYCfQaolF6z4IicBDTEQQVfYi4A3BcCNLTdInQlal/DHNytNRufM5TB +ccNpau5U9e10NBYWbMqRUBb/7wtYE4O7jhEWxjaHBOz5KTYLv8hjEc2wcHXfhlYM +QKmxOnA7SguSNYBdfXywav//ssLmDnB06nc2vv5NaKvIWbUv3HvfM8oRAr+NICUs +UMcIb+hjY+u/qrnOeFJxXzeqPYKMa7H+33baRgy7xnL95PxAwkz0XL8vcMFupTX5 +dL5HsSKku23C0BoE6pK39TVh758fQjCAnD+QRTH/o+dfE2sIFpRiyszdXGmh2IRR +gMSy+gJbH+zh0D9ncL0Kev0PyEuBYR4= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec new file mode 100644 index 000000000..17f22dab5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec @@ -0,0 +1,4 @@ +issuer:pinningroot +subject:test end-entity +subjectKey:alternate +extension:subjectAlternativeName:b.pinning2.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem new file mode 100644 index 000000000..4ef23a2c2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3DCCAcagAwIBAgIUf2T4BVvxeCgWVp/FL3tCFNjuZYQwCwYJKoZIhvcNAQEL +MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw +MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv +plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn +YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ +ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM +5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn +JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMkMCIwIAYD +VR0RBBkwF4IVYi5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOCAQEA +okmxK2NDRYWSAn6b1YZpLiZnoaNrM0HXHY6fkARY/9EiAApvNPxT663EKtTZn27a +JtwXP2zzlYQDRc9cxa1zBX9Tp+0sn5aqokqzoVWx4VIe/emzi9FDf3lgaYewHLez +RINv3kUZmqlw6tmMQxjd51UGyvNsi52+gcet1cPr5kBzGQv/q7iNs/lcetL3+KQF +klJ3PfI4VjFwRRYNhScxiRczklPVDySvxSNw+csUxNRunFLXIi3+WqQzYhw7R8ga +ASwozTfvVAUySOmDipCZZXAHFtlpBr6vAllfD9v8hAsrE7Bkivafr+i5HMD3DtJE +4ZedqFCkTkqKvd0fMIbOIA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem.certspec new file mode 100644 index 000000000..9901ead60 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem.certspec @@ -0,0 +1,5 @@ +issuer:badca +subject:test end-entity +issuerKey:alternate +subjectKey:alternate +extension:subjectAlternativeName:b.preload.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem new file mode 100644 index 000000000..c6ea38a12 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4jCCAcygAwIBAgIUI5rdRX/x0w0bDx6hQhc8ZhGLfqQwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK +zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG +zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX +KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp +mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6 +kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMk +MCIwIAYDVR0RBBkwF4IVYi5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEB +CwOCAQEAg2VdHBLmFLJ03N9VT4uUrnpjuYY9bsvPJF2JCk9817nxBbeMf+Qn0C/o +OeoQnZRqsaFbKZ80JXmh/j4RO6T/aaQUMpk+NXrdSPddy2B3eUByF/NJqipV3M2a +CRNWUUVF+msjRWwbzJafju2nEZcD4d4cUkHHYAaRRxAHH3ylEvWmdv/brgfAPCPH +WDVaCMc3OXgHkyrLAfkMKSYTNPJ7DJn/BXET5tCzqYGRUgRnME4ON2Mmp19lsdig +dIFbm76wg6l5M+s9pqiYzODUxJXUOd6BkAR5pqB9WyIRVfBr5LGT72nv00LHVcSm +hnsti9nAtFdJx4E1lJilrnQwu0q4Iw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem.certspec new file mode 100644 index 000000000..6f5807700 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem.certspec @@ -0,0 +1,4 @@ +issuer:pinningroot +subject:test end-entity +subjectKey:alternate +extension:subjectAlternativeName:b.preload.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem new file mode 100644 index 000000000..9443a4c91 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyzCCAbWgAwIBAgIUXQevdaeXMieCrG6ZqhI2yfACBq4wCwYJKoZIhvcNAQEL +MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw +MDAwMDBaMBAxDjAMBgNVBAMMBWJhZGNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c5TiwbErNIrHL1G+mWtoq3UHIwkmK +xKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF5ROMAQbPCL6ahidguuai6PNvI8XZ +gxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM5AqlkdcpWn9xxb5maR0rLf7ISURZ +C8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiICBFCIGmYikP+5Izmh4HdIramnNKD +dRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1uJMPdLqQqovHYWckKrH9bWIUDRjE +wLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwIDAQABox0wGzAMBgNVHRMEBTADAQH/ +MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHitWfZzPxR/UWEKQgz9zzm2 +NXszG7nV82w8qfC9pq8mU3f7eqbHJ2HNFkZzttJsH9DNl30OK2Y5IVLUiZHckz2e +OFUyxK0tBCCBYd79FiK4BgP/Ys/7LK+4UaDhbRQP//MGuofwjsrNxgPgtkNaeKtF +EXKCuDrHoa4ua7afrkUWKzPZ6JbDOEjJIyuJ3ISI0Q20Oc3ERxGwG1SQ1EldgWBr +0dJJWBHZtNpIVvSm1dRfjMYtSrBoUXwbn6kDrdk4T98OHnFP0V0KW4j4umLHK7Gi +OSAwvWtir3fSJaLJClTCFe1XoNvJnQ53PJs0JR26mAixV2VuylStO2KlbYy7fOc= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem.certspec new file mode 100644 index 000000000..311bbb3f8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem.certspec @@ -0,0 +1,6 @@ +issuer:badca +subject:badca +issuerKey:alternate +subjectKey:alternate +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build b/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build new file mode 100644 index 000000000..eb8b582f5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build @@ -0,0 +1,26 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'badca.pem', +# 'a.pinning2.example.com-badca.pem', +# 'a.pinning2.example.com-pinningroot.pem', +# 'a.preload.example.com-badca.pem', +# 'a.preload.example.com-pinningroot.pem', +# 'b.pinning2.example.com-badca.pem', +# 'b.pinning2.example.com-pinningroot.pem', +# 'b.preload.example.com-badca.pem', +# 'b.preload.example.com-pinningroot.pem', +# 'x.a.pinning2.example.com-badca.pem', +# 'x.a.pinning2.example.com-pinningroot.pem', +# 'x.b.pinning2.example.com-badca.pem', +# 'x.b.pinning2.example.com-pinningroot.pem', +# 'pinningroot.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem new file mode 100644 index 000000000..9a041991a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1zCCAcGgAwIBAgIUMwSUmBShbg5sMNZSTiPd5Tb1udkwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1 +aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we +adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS +pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W +YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR +CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAM +BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsDggEBADNuQnKg +y8zWnKlfBq/50UOtdSlvevg6u6tsUTvay2kVgB8BRTvm76aw4yOLgk84eHHkrX5c +TqdutWh2JZarUWbO7JnPTdDE2CAkDh1smSe9L/XJENbgVXleg/VYLgnfnuSQCCnK +WjjExcorX6IKDks1ZoBJ1HIvBzMRMWzIQgBL9B2Y1V05lgfn0bwZD+TjUJBmN1w0 +NTaPgrxE7FWZ2CTcowrYRKEEDAUX4cTFoce5YMwALCgW59KfVQfQdHaiCCcdNbfi +qSQGZu+59JrrasmgK9VTahukYWcaQCz8HBCasdknGodLAzThuWMkjXU3D2IZYl15 +GfE5yrRFop/89xo= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem.certspec new file mode 100644 index 000000000..86500e16b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem.certspec @@ -0,0 +1,4 @@ +issuer:pinningroot +subject:pinningroot +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem new file mode 100644 index 000000000..e4b6e72c0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3zCCAcmgAwIBAgIUe11LKIzCrdnRTgrLsfuGMoOpL1QwCwYJKoZIhvcNAQEL +MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw +MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv +plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn +YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ +ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM +5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn +JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMnMCUwIwYD +VR0RBBwwGoIYeC5hLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOC +AQEAgdFC/SwBLRp6A+n3znR+sEuU8UvmbgbXp7pIFVh6cbC6lNF0nXk9ywPeIWyh +B7TCn3YHj4uc/PbvzRj9Py0gQLXcimKpmLoxclV5g1uTAydgXPiPulv/kaL9NOME +lm88pyQeDwfEkUz7VijabIzFRTEVRmOudb8mX4SuzjhxsdzSMjffpae335beJ4Im +lxgJgMsuJdEoK0WyG5nlBhVdzrT/kwdiwULeVNV//UHid1YZy56G5Lo22Hgd4wT3 +1W3LXQelBdHhee7Hf7mg4rjCUPulFAr8qBLdywf1Hnu1o7rXUcn46PLwKLOWJPOM +SKpiqRKqvzlrzLaHPejfT0IMrw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec new file mode 100644 index 000000000..ad8636d43 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec @@ -0,0 +1,5 @@ +issuer:badca +subject:test end-entity +issuerKey:alternate +subjectKey:alternate +extension:subjectAlternativeName:x.a.pinning2.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem new file mode 100644 index 000000000..ed58de323 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAc+gAwIBAgIUefEeE+Sj5fBSec+97B6UmZFQEncwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK +zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG +zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX +KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp +mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6 +kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMn +MCUwIwYDVR0RBBwwGoIYeC5hLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3 +DQEBCwOCAQEAT2fxisiLJvVdFTba07a2Pc6UHBE+O0tOaLfMmHx/ET2FZdd9sLTL +X2f+hQCmXEBQ7Au2eYTew8hTyXYGYFauMJNk+XHHUIaSOhmnYTccye4d6j5bXRCp +7zA1qPlReCDLjp7o/34whkvngvdgdLYf60EkBO/NJfj+zsR1JTVfyVzIKXl6veLz +0xKicBAq9vS0Yqq10japVYKKqAw6gDpbNkSAd3xsl4+EbMRq+BnMB4W2anw1gM/e +hV11JQVA/MREtmUiTkvJFF6chHVCn5aL7JzVM2miZjZC8Ix59LUBoyO3SrxgrzZw +xeYuwoDhzTCrcFxn8gdKNajbGHuW5ekQpg== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec new file mode 100644 index 000000000..260f2184b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec @@ -0,0 +1,4 @@ +issuer:pinningroot +subject:test end-entity +subjectKey:alternate +extension:subjectAlternativeName:x.a.pinning2.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem new file mode 100644 index 000000000..dc24247e8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3zCCAcmgAwIBAgIUYcTc5Pz7KlQldGOO+KzbuBdf8TswCwYJKoZIhvcNAQEL +MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw +MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv +plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn +YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ +ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM +5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn +JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMnMCUwIwYD +VR0RBBwwGoIYeC5iLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOC +AQEAd6HusXqftFBpSUzivIY6icTZ95+wY+xIOsf1QOgyzZ/CDx4Tly+rgue2xSNT +59FmnFvh8jW202K8TykamsAX20A8ArzubNoc/+soA752YEvrMmOgWjmH2arqTfqg +zcfNdgUDESwnOoy123F+PkT3rRDXwINzCwftxhKbvmqhO6YENteqyWWmSZoMClsJ +xtm+bmPN+m26k6zMMYWzIu2HIXI3CgqOmJltfyqea02Y58S1+XlajrcewPpC17xD +r5a1sizecCFrmV0ssbK8wvEYo9Xs+PNj8Vhi1DUwGjtnjrYn/WQ6v/luMEEO7EMD +b3BbEziS3Pqej2JyprUKqOjv1g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec new file mode 100644 index 000000000..592bdcc58 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec @@ -0,0 +1,5 @@ +issuer:badca +subject:test end-entity +issuerKey:alternate +subjectKey:alternate +extension:subjectAlternativeName:x.b.pinning2.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem new file mode 100644 index 000000000..642135994 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5TCCAc+gAwIBAgIUNXGolw8M2HU/gP4dOSMD2bdTQ+MwCwYJKoZIhvcNAQEL +MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx +ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK +zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG +zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX +KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp +mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6 +kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMn +MCUwIwYDVR0RBBwwGoIYeC5iLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3 +DQEBCwOCAQEAevN1gW64H2kCjW5W4wbQFkJIITjcdEUsw+8GPzDuBDJCvgGirhOi +ArBie8Bz+JlqzgNCXSe6pFVLoNfLosG5xksLwHljEit/7gFQ5twFazdg7dwPXs9Z +MIV2iv3vHmKYTFTcjfw07UWy0rHHt6EH+zXqpZFtFkJHqSgngKxAHgQlvSKeyynM +albu5YAX/hzJ7TyAVGxVN8uxnvYqPbLCy3wKf9ILFiDer6B9pE4Ii+dUyUbqVQFZ +tY2ac1474nkcfj3uj5qbV0TTpd9EL9HMvixTnoUrT3bqkRX7orvL4gXpnJJyRjvC +/LvTh/Vt1mYKkNLc/ruOj7WfUUC0SJIDzQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec new file mode 100644 index 000000000..7e6d33d50 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec @@ -0,0 +1,4 @@ +issuer:pinningroot +subject:test end-entity +subjectKey:alternate +extension:subjectAlternativeName:x.b.pinning2.example.com diff --git a/security/manager/ssl/tests/unit/test_pinning_header_parsing.js b/security/manager/ssl/tests/unit/test_pinning_header_parsing.js new file mode 100644 index 000000000..fb4b32353 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pinning_header_parsing.js @@ -0,0 +1,141 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// The purpose of this test is to check that parsing of HPKP headers +// is correct. + +var profileDir = do_get_profile(); +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); +var gSSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + +function certFromFile(cert_name) { + return constructCertFromFile("test_pinning_dynamic/" + cert_name + ".pem"); +} + +function loadCert(cert_name, trust_string) { + let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem"; + addCertFromFile(certdb, cert_filename, trust_string); + return constructCertFromFile(cert_filename); +} + +function checkFailParseInvalidPin(pinValue) { + let sslStatus = new FakeSSLStatus( + certFromFile('a.pinning2.example.com-pinningroot')); + let uri = Services.io.newURI("https://a.pinning2.example.com", null, null); + throws(() => { + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri, + pinValue, sslStatus, 0); + }, /NS_ERROR_FAILURE/, `Invalid pin "${pinValue}" should be rejected`); +} + +function checkPassValidPin(pinValue, settingPin, expectedMaxAge) { + let sslStatus = new FakeSSLStatus( + certFromFile('a.pinning2.example.com-pinningroot')); + let uri = Services.io.newURI("https://a.pinning2.example.com", null, null); + let maxAge = {}; + + // setup preconditions for the test, if setting ensure there is no previous + // state, if removing ensure there is a valid pin in place. + if (settingPin) { + gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0); + } else { + // add a known valid pin! + let validPinValue = "max-age=5000;" + VALID_PIN1 + BACKUP_PIN1; + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri, + validPinValue, sslStatus, 0); + } + try { + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri, + pinValue, sslStatus, 0, maxAge); + ok(true, "Valid pin should be accepted"); + } catch (e) { + ok(false, "Valid pin should have been accepted"); + } + + // check that maxAge was processed correctly + if (settingPin && expectedMaxAge) { + ok(maxAge.value == expectedMaxAge, `max-age value should be ${expectedMaxAge}`); + } + + // after processing ensure that the postconditions are true, if setting + // the host must be pinned, if removing the host must not be pinned + let hostIsPinned = gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP, + "a.pinning2.example.com", 0); + if (settingPin) { + ok(hostIsPinned, "Host should be considered pinned"); + } else { + ok(!hostIsPinned, "Host should not be considered pinned"); + } +} + +function checkPassSettingPin(pinValue, expectedMaxAge) { + return checkPassValidPin(pinValue, true, expectedMaxAge); +} + +function checkPassRemovingPin(pinValue) { + return checkPassValidPin(pinValue, false); +} + +const MAX_MAX_AGE_SECONDS = 100000; +const GOOD_MAX_AGE_SECONDS = 69403; +const LONG_MAX_AGE_SECONDS = 2 * MAX_MAX_AGE_SECONDS; +const NON_ISSUED_KEY_HASH1 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; +const NON_ISSUED_KEY_HASH2 = "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ="; +const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="; +const MAX_AGE_ZERO = "max-age=0;"; +const VALID_PIN1 = `pin-sha256="${PINNING_ROOT_KEY_HASH}";`; +const BACKUP_PIN1 = `pin-sha256="${NON_ISSUED_KEY_HASH1}";`; +const BACKUP_PIN2 = `pin-sha256="${NON_ISSUED_KEY_HASH2}";`; +const BROKEN_PIN1 = "pin-sha256=\"jdjsjsjs\";"; +const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`; +const LONG_MAX_AGE = `max-age=${LONG_MAX_AGE_SECONDS};`; +const INCLUDE_SUBDOMAINS = "includeSubdomains;"; +const REPORT_URI = "report-uri=\"https://www.example.com/report/\";"; +const UNRECOGNIZED_DIRECTIVE = "unreconized-dir=12343;"; + +function run_test() { + Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2); + Services.prefs.setIntPref("security.cert_pinning.max_max_age_seconds", MAX_MAX_AGE_SECONDS); + Services.prefs.setBoolPref("security.cert_pinning.process_headers_from_non_builtin_roots", true); + + loadCert("pinningroot", "CTu,CTu,CTu"); + loadCert("badca", "CTu,CTu,CTu"); + + checkFailParseInvalidPin("max-age=INVALID"); + // check that incomplete headers are failure + checkFailParseInvalidPin(GOOD_MAX_AGE); + checkFailParseInvalidPin(VALID_PIN1); + checkFailParseInvalidPin(REPORT_URI); + checkFailParseInvalidPin(UNRECOGNIZED_DIRECTIVE); + checkFailParseInvalidPin(VALID_PIN1 + BACKUP_PIN1); + checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1); + checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + BROKEN_PIN1); + // next ensure a backup pin is present + checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + VALID_PIN1); + // next section ensure duplicate directives result in failure + checkFailParseInvalidPin(GOOD_MAX_AGE + GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1); + checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1 + INCLUDE_SUBDOMAINS + INCLUDE_SUBDOMAINS); + checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1 + REPORT_URI + REPORT_URI); + checkFailParseInvalidPin("thisisinvalidtest"); + checkFailParseInvalidPin("invalid" + GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1); + + checkPassRemovingPin("max-age=0"); //test removal without terminating ';' + checkPassRemovingPin(MAX_AGE_ZERO); + checkPassRemovingPin(MAX_AGE_ZERO + VALID_PIN1); + + checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1, GOOD_MAX_AGE_SECONDS); + checkPassSettingPin(LONG_MAX_AGE + VALID_PIN1 + BACKUP_PIN1, MAX_MAX_AGE_SECONDS); + + checkPassRemovingPin(VALID_PIN1 + MAX_AGE_ZERO + VALID_PIN1); + checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1); + checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN2); + checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN2 + INCLUDE_SUBDOMAINS); + checkPassSettingPin(VALID_PIN1 + GOOD_MAX_AGE + BACKUP_PIN2 + INCLUDE_SUBDOMAINS); + checkPassSettingPin(VALID_PIN1 + GOOD_MAX_AGE + BACKUP_PIN2 + REPORT_URI + INCLUDE_SUBDOMAINS); + checkPassSettingPin(INCLUDE_SUBDOMAINS + VALID_PIN1 + GOOD_MAX_AGE + BACKUP_PIN2); + checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1 + UNRECOGNIZED_DIRECTIVE); +} diff --git a/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js b/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js new file mode 100644 index 000000000..b0592906c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js @@ -0,0 +1,41 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// This test loads a testing PKCS #11 module that simulates a token being +// inserted and removed from a slot every 50ms. This causes the observer +// service to broadcast the observation topics "smartcard-insert" and +// "smartcard-remove", respectively. This test ensures that one of each event +// has been succssfully observed, and then it unloads the test module. + +// Ensure that the appropriate initialization has happened. +do_get_profile(); +Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports); + +const gExpectedTokenLabel = "Test PKCS11 Tokeñ Label"; + +function SmartcardObserver(type) { + this.type = type; + do_test_pending(); +} + +SmartcardObserver.prototype = { + observe: function(subject, topic, data) { + equal(topic, this.type, "Observed and expected types should match"); + equal(gExpectedTokenLabel, data, + "Expected and observed token labels should match"); + Services.obs.removeObserver(this, this.type); + do_test_finished(); + } +}; + +function run_test() { + Services.obs.addObserver(new SmartcardObserver("smartcard-insert"), + "smartcard-insert", false); + Services.obs.addObserver(new SmartcardObserver("smartcard-remove"), + "smartcard-remove", false); + + loadPKCS11TestModule(false); +} diff --git a/security/manager/ssl/tests/unit/test_pkcs11_module.js b/security/manager/ssl/tests/unit/test_pkcs11_module.js new file mode 100644 index 000000000..f00143187 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pkcs11_module.js @@ -0,0 +1,121 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests the methods and attributes for interfacing with a PKCS #11 module and +// the module database. + +// Ensure that the appropriate initialization has happened. +do_get_profile(); + +const gModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"] + .getService(Ci.nsIPKCS11ModuleDB); + +function checkTestModuleNotPresent() { + let modules = gModuleDB.listModules(); + ok(modules.hasMoreElements(), + "One or more modules should be present with test module not present"); + while (modules.hasMoreElements()) { + let module = modules.getNext().QueryInterface(Ci.nsIPKCS11Module); + notEqual(module.name, "PKCS11 Test Module", + "Non-test module name shouldn't equal 'PKCS11 Test Module'"); + ok(!(module.libName && module.libName.includes("pkcs11testmodule")), + "Non-test module lib name should not include 'pkcs11testmodule'"); + } + + throws(() => gModuleDB.findModuleByName("PKCS11 Test Module"), + /NS_ERROR_FAILURE/, "Test module should not be findable by name"); +} + +/** + * Checks that the test module exists in the module list. + * Also checks various attributes of the test module for correctness. + * + * @returns {nsIPKCS11Module} + * The test module. + */ +function checkTestModuleExists() { + let modules = gModuleDB.listModules(); + ok(modules.hasMoreElements(), + "One or more modules should be present with test module present"); + let testModule = null; + while (modules.hasMoreElements()) { + let module = modules.getNext().QueryInterface(Ci.nsIPKCS11Module); + if (module.name == "PKCS11 Test Module") { + testModule = module; + break; + } + } + notEqual(testModule, null, "Test module should have been found"); + notEqual(testModule.libName, null, "Test module lib name should not be null"); + ok(testModule.libName.includes(ctypes.libraryName("pkcs11testmodule")), + "Test module lib name should include lib name of 'pkcs11testmodule'"); + + notEqual(gModuleDB.findModuleByName("PKCS11 Test Module"), null, + "Test module should be findable by name"); + + return testModule; +} + +function run_test() { + // Check that if we have never added the test module, that we don't find it + // in the module list. + checkTestModuleNotPresent(); + + // Check that adding the test module makes it appear in the module list. + loadPKCS11TestModule(true); + let testModule = checkTestModuleExists(); + + // Check that listing the slots for the test module works. + let slots = testModule.listSlots(); + let testModuleSlotNames = []; + while (slots.hasMoreElements()) { + let slot = slots.getNext().QueryInterface(Ci.nsIPKCS11Slot); + testModuleSlotNames.push(slot.name); + } + testModuleSlotNames.sort(); + const expectedSlotNames = ["Test PKCS11 Slot", "Test PKCS11 Slot 二"]; + deepEqual(testModuleSlotNames, expectedSlotNames, + "Actual and expected slot names should be equal"); + + // Check that finding the test slot by name is possible, and that trying to + // find a non-present slot fails. + notEqual(testModule.findSlotByName("Test PKCS11 Slot"), null, + "Test slot should be findable by name"); + throws(() => testModule.findSlotByName("Not Present"), /NS_ERROR_FAILURE/, + "Non-present slot should not be findable by name"); + + // Check that the strangely named nsIPKCS11ModuleDB.findSlotByName() works. + // In particular, a comment in nsPKCS11Slot.cpp notes that the method + // "is essentially the same as nsIPK11Token::findTokenByName, except that it + // returns an nsIPKCS11Slot". + let strBundleSvc = Cc["@mozilla.org/intl/stringbundle;1"] + .getService(Ci.nsIStringBundleService); + let bundle = + strBundleSvc.createBundle("chrome://pipnss/locale/pipnss.properties"); + let internalTokenName = bundle.GetStringFromName("PrivateTokenDescription"); + let internalTokenAsSlot = gModuleDB.findSlotByName(internalTokenName); + notEqual(internalTokenAsSlot, null, + "Internal 'slot' should be findable by name via the module DB"); + ok(internalTokenAsSlot instanceof Ci.nsIPKCS11Slot, + "Module DB findSlotByName() should return a token as an nsIPKCS11Slot"); + equal(internalTokenAsSlot.name, + bundle.GetStringFromName("PrivateSlotDescription"), + "Spot check: actual and expected internal 'slot' names should be equal"); + throws(() => gModuleDB.findSlotByName("Not Present"), /NS_ERROR_FAILURE/, + "Non-present 'slot' should not be findable by name via the module DB"); + + // Check that deleting the test module makes it disappear from the module list. + let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11); + pkcs11.deleteModule("PKCS11 Test Module"); + checkTestModuleNotPresent(); + + // Check miscellaneous module DB methods and attributes. + notEqual(gModuleDB.getInternal(), null, + "The internal module should be present"); + notEqual(gModuleDB.getInternalFIPS(), null, + "The internal FIPS module should be present"); + ok(gModuleDB.canToggleFIPS, "It should be possible to toggle FIPS"); + ok(!gModuleDB.isFIPSEnabled, "FIPS should not be enabled"); +} diff --git a/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js b/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js new file mode 100644 index 000000000..f31d1d494 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js @@ -0,0 +1,29 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// This test loads a testing PKCS #11 module that simulates a token being +// inserted and removed from a slot every 50ms. This causes the observer +// service to broadcast the observation topics "smartcard-insert" and +// "smartcard-remove", respectively. This test ensures that these events +// are no longer emitted once the module has been unloaded. + +// Ensure that the appropriate initialization has happened. +do_get_profile(); +Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports); + +function run_test() { + let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11); + loadPKCS11TestModule(true); + pkcs11.deleteModule("PKCS11 Test Module"); + Services.obs.addObserver(function() { + ok(false, "smartcard-insert event should not have been emitted"); + }, "smartcard-insert", false); + Services.obs.addObserver(function() { + ok(false, "smartcard-remove event should not have been emitted"); + }, "smartcard-remove", false); + do_timeout(500, do_test_finished); + do_test_pending(); +} diff --git a/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js b/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js new file mode 100644 index 000000000..d64d194e4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js @@ -0,0 +1,49 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// In safe mode, PKCS#11 modules should not be loaded. This test tests this by +// simulating starting in safe mode and then attempting to load a module. + +function run_test() { + do_get_profile(); + + // Simulate starting in safe mode. + let xulRuntime = { + inSafeMode: true, + logConsoleErrors: true, + OS: "XPCShell", + XPCOMABI: "noarch-spidermonkey", + invalidateCachesOnRestart: function invalidateCachesOnRestart() { + // Do nothing + }, + QueryInterface: XPCOMUtils.generateQI([Ci.nsIXULRuntime]) + }; + + let xulRuntimeFactory = { + createInstance: function (outer, iid) { + if (outer != null) { + throw new Error(Cr.NS_ERROR_NO_AGGREGATION); + } + return xulRuntime.QueryInterface(iid); + } + }; + + let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar); + const XULRUNTIME_CONTRACTID = "@mozilla.org/xre/runtime;1"; + const XULRUNTIME_CID = Components.ID("{f0f0b230-5525-4127-98dc-7bca39059e70}"); + registrar.registerFactory(XULRUNTIME_CID, "XULRuntime", XULRUNTIME_CONTRACTID, + xulRuntimeFactory); + + // When starting in safe mode, the test module should fail to load. + let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11); + let libraryName = ctypes.libraryName("pkcs11testmodule"); + let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile); + libraryFile.append("pkcs11testmodule"); + libraryFile.append(libraryName); + ok(libraryFile.exists(), "The pkcs11testmodule file should exist"); + throws(() => pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0), + /NS_ERROR_FAILURE/, "addModule should throw when in safe mode"); +} diff --git a/security/manager/ssl/tests/unit/test_pkcs11_slot.js b/security/manager/ssl/tests/unit/test_pkcs11_slot.js new file mode 100644 index 000000000..8aebf0439 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pkcs11_slot.js @@ -0,0 +1,38 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests the methods and attributes for interfacing with a PKCS #11 slot. + +// Ensure that the appropriate initialization has happened. +do_get_profile(); + +function run_test() { + loadPKCS11TestModule(false); + + let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"] + .getService(Ci.nsIPKCS11ModuleDB); + let testModule = moduleDB.findModuleByName("PKCS11 Test Module"); + let testSlot = testModule.findSlotByName("Test PKCS11 Slot 二"); + + equal(testSlot.name, "Test PKCS11 Slot 二", + "Actual and expected name should match"); + equal(testSlot.desc, "Test PKCS11 Slot 二", + "Actual and expected description should match"); + equal(testSlot.manID, "Test PKCS11 Manufacturer ID", + "Actual and expected manufacturer ID should match"); + equal(testSlot.HWVersion, "0.0", + "Actual and expected hardware version should match"); + equal(testSlot.FWVersion, "0.0", + "Actual and expected firmware version should match"); + equal(testSlot.status, Ci.nsIPKCS11Slot.SLOT_READY, + "Actual and expected status should match"); + equal(testSlot.tokenName, "Test PKCS11 Tokeñ 2 Label", + "Actual and expected token name should match"); + + let testToken = testSlot.getToken(); + notEqual(testToken, null, "getToken() should succeed"); + equal(testToken.tokenLabel, "Test PKCS11 Tokeñ 2 Label", + "Spot check: the actual and expected test token labels should be equal"); +} diff --git a/security/manager/ssl/tests/unit/test_pkcs11_token.js b/security/manager/ssl/tests/unit/test_pkcs11_token.js new file mode 100644 index 000000000..69b2cb384 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pkcs11_token.js @@ -0,0 +1,119 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests the methods and attributes for interfacing with a PKCS #11 token, using +// the internal key token. +// We don't use either of the test tokens in the test PKCS #11 module because: +// 1. Test token 1 cyclically inserts and removes itself in a tight loop. +// Using token 1 would complicate the test and introduce intermittent +// failures. +// 2. Neither test token implements login or password related functionality. +// We want to test such functionality. +// 3. Using the internal token lets us actually test the internal token works +// as expected. + +// Ensure that the appropriate initialization has happened. +do_get_profile(); + +function checkBasicAttributes(token) { + let strBundleSvc = Cc["@mozilla.org/intl/stringbundle;1"] + .getService(Ci.nsIStringBundleService); + let bundle = + strBundleSvc.createBundle("chrome://pipnss/locale/pipnss.properties"); + + let expectedTokenName = bundle.GetStringFromName("PrivateTokenDescription"); + equal(token.tokenName, expectedTokenName, + "Actual and expected name should match"); + equal(token.tokenLabel, expectedTokenName, + "Actual and expected label should match"); + equal(token.tokenManID, bundle.GetStringFromName("ManufacturerID"), + "Actual and expected manufacturer ID should match"); + equal(token.tokenHWVersion, "0.0", + "Actual and expected hardware version should match"); + equal(token.tokenFWVersion, "0.0", + "Actual and expected firmware version should match"); + equal(token.tokenSerialNumber, "0000000000000000", + "Actual and expected serial number should match"); +} + +/** + * Checks the various password related features of the given token. + * The token should already have been init with a password and be logged into. + * The password of the token will be reset after calling this function. + * + * @param {nsIPK11Token} token + * The token to test. + * @param {String} initialPW + * The password that the token should have been init with. + */ +function checkPasswordFeaturesAndResetPassword(token, initialPW) { + ok(!token.needsUserInit, + "Token should not need user init after setting a password"); + + equal(token.minimumPasswordLength, 0, + "Actual and expected min password length should match"); + + token.setAskPasswordDefaults(10, 20); + equal(token.getAskPasswordTimes(), 10, + "Actual and expected ask password times should match"); + equal(token.getAskPasswordTimeout(), 20, + "Actual and expected ask password timeout should match"); + + ok(token.checkPassword(initialPW), + "checkPassword() should succeed if the correct initial password is given"); + token.changePassword(initialPW, "newPW ÿ 一二三"); + ok(token.checkPassword("newPW ÿ 一二三"), + "checkPassword() should succeed if the correct new password is given"); + + ok(!token.checkPassword("wrongPW"), + "checkPassword() should fail if an incorrect password is given"); + ok(!token.isLoggedIn(), + "Token should be logged out after an incorrect password was given"); + ok(!token.needsUserInit, + "Token should still be init with a password even if an incorrect " + + "password was given"); + + token.reset(); + ok(token.needsUserInit, + "Token should need password init after reset"); + ok(!token.isLoggedIn(), "Token should be logged out of after reset"); +} + +function run_test() { + let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"] + .getService(Ci.nsIPK11TokenDB); + let token = tokenDB.getInternalKeyToken(); + notEqual(token, null, "The internal token should be present"); + + checkBasicAttributes(token); + + ok(!token.isLoggedIn(), "Token should not be logged into yet"); + // Test that attempting to log out even when the token was not logged into + // does not result in an error. + token.logoutSimple(); + ok(!token.isLoggedIn(), "Token should still not be logged into"); + + let initialPW = "foo 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/? 一二三"; + token.initPassword(initialPW); + token.login(/*force*/ false); + ok(token.isLoggedIn(), "Token should now be logged into"); + + checkPasswordFeaturesAndResetPassword(token, initialPW); + + // We reset the password previously, so we need to initialize again. + token.initPassword("arbitrary"); + ok(token.isLoggedIn(), + "Token should be logged into after initializing password again"); + token.logoutSimple(); + ok(!token.isLoggedIn(), + "Token should be logged out after calling logoutSimple()"); + + ok(!token.isHardwareToken(), + "The internal token should not be considered a hardware token"); + ok(token.isFriendly(), + "The internal token should always be considered friendly"); + ok(token.needsLogin(), + "The internal token should always need authentication"); +} diff --git a/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js b/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js new file mode 100644 index 000000000..ac382ab82 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js @@ -0,0 +1,45 @@ +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests the methods for interfacing with the PKCS #11 token database. + +// Ensure that the appropriate initialization has happened. +do_get_profile(); + +function run_test() { + let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"] + .getService(Ci.nsIPK11TokenDB); + + let tokenListPreLoad = tokenDB.listTokens(); + while (tokenListPreLoad.hasMoreElements()) { + let token = tokenListPreLoad.getNext().QueryInterface(Ci.nsIPK11Token); + notEqual(token.tokenLabel, "Test PKCS11 Tokeñ Label", + "Test PKCS11 Token 1 should not be listed prior to module load"); + notEqual(token.tokenLabel, "Test PKCS11 Tokeñ 2 Label", + "Test PKCS11 Token 2 should not be listed prior to module load"); + } + + throws(() => tokenDB.findTokenByName("Test PKCS11 Tokeñ Label"), + /NS_ERROR_FAILURE/, + "Non-present test token 1 should not be findable by name"); + throws(() => tokenDB.findTokenByName("Test PKCS11 Tokeñ 2 Label"), + /NS_ERROR_FAILURE/, + "Non-present test token 2 should not be findable by name"); + + loadPKCS11TestModule(false); + + // Test Token 1 is simulated to insert and remove itself in a tight loop, so + // we don't bother testing that it's present. + let tokenListPostLoad = tokenDB.listTokens(); + let foundTokenNames = []; + while (tokenListPostLoad.hasMoreElements()) { + let token = tokenListPostLoad.getNext().QueryInterface(Ci.nsIPK11Token); + foundTokenNames.push(token.tokenName); + } + ok(foundTokenNames.includes("Test PKCS11 Tokeñ 2 Label"), + "Test PKCS11 Token 2 should be listed after module load"); + + notEqual(tokenDB.findTokenByName("Test PKCS11 Tokeñ 2 Label"), null, + "Test token 2 should be findable by name after loading test module"); +} diff --git a/security/manager/ssl/tests/unit/test_sdr.js b/security/manager/ssl/tests/unit/test_sdr.js new file mode 100644 index 000000000..3258ec901 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sdr.js @@ -0,0 +1,87 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests various aspects of the nsISecretDecoderRing implementation. + +do_get_profile(); + +let gSetPasswordShownCount = 0; + +// Mock implementation of nsITokenPasswordDialogs. +const gTokenPasswordDialogs = { + setPassword: (ctx, tokenName, canceled) => { + gSetPasswordShownCount++; + do_print(`setPassword() called; shown ${gSetPasswordShownCount} times`); + do_print(`tokenName: ${tokenName}`); + canceled.value = false; + }, + + QueryInterface: XPCOMUtils.generateQI([Ci.nsITokenPasswordDialogs]) +}; + +function run_test() { + // We have to set a password and login before we attempt to encrypt anything. + // In particular, failing to do so will cause the Encrypt() implementation to + // pop up a dialog asking for a password to be set. This won't work in the + // xpcshell environment and will lead to an assertion. + loginToDBWithDefaultPassword(); + + let sdr = Cc["@mozilla.org/security/sdr;1"] + .getService(Ci.nsISecretDecoderRing); + + // Test valid inputs for encryptString() and decryptString(). + let inputs = [ + "", + " ", // First printable latin1 character (code point 32). + "foo", + "1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?", + "¡äöüÿ", // Misc + last printable latin1 character (code point 255). + "aaa 一二三", // Includes Unicode with code points outside [0, 255]. + ]; + for (let input of inputs) { + let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"] + .createInstance(Ci.nsIScriptableUnicodeConverter); + converter.charset = "UTF-8"; + + let convertedInput = converter.ConvertFromUnicode(input); + convertedInput += converter.Finish(); + + let encrypted = sdr.encryptString(convertedInput); + + notEqual(convertedInput, encrypted, + "Encrypted input should not just be the input itself"); + + try { + atob(encrypted); + } catch (e) { + ok(false, `encryptString() should have returned Base64: ${e}`); + } + + equal(convertedInput, sdr.decryptString(encrypted), + "decryptString(encryptString(input)) should return input"); + } + + // Test invalid inputs for decryptString(). + throws(() => sdr.decryptString("*"), /NS_ERROR_ILLEGAL_VALUE/, + "decryptString() should throw if given non-Base64 input"); + + // Test calling changePassword() pops up the appropriate dialog. + // Note: On Android, nsITokenPasswordDialogs is apparently not implemented, + // which also seems to prevent us from mocking out the interface. + if (AppConstants.platform != "android") { + let tokenPasswordDialogsCID = + MockRegistrar.register("@mozilla.org/nsTokenPasswordDialogs;1", + gTokenPasswordDialogs); + do_register_cleanup(() => { + MockRegistrar.unregister(tokenPasswordDialogsCID); + }); + + equal(gSetPasswordShownCount, 0, + "changePassword() dialog should have been shown zero times"); + sdr.changePassword(); + equal(gSetPasswordShownCount, 1, + "changePassword() dialog should have been shown exactly once"); + } +} diff --git a/security/manager/ssl/tests/unit/test_session_resumption.js b/security/manager/ssl/tests/unit/test_session_resumption.js new file mode 100644 index 000000000..eea6b5f54 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_session_resumption.js @@ -0,0 +1,159 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests that PSM makes the correct determination of the security status of +// loads involving session resumption (i.e. when a TLS handshake bypasses the +// AuthCertificate callback). + +do_get_profile(); +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +do_register_cleanup(() => { + Services.prefs.clearUserPref("security.OCSP.enabled"); +}); + +Services.prefs.setIntPref("security.OCSP.enabled", 1); + +addCertFromFile(certdb, "bad_certs/evroot.pem", "CTu,,"); +addCertFromFile(certdb, "bad_certs/ev-test-intermediate.pem", ",,"); + +// For expired.example.com, the platform will make a connection that will fail. +// Using information gathered at that point, an override will be added and +// another connection will be made. This connection will succeed. At that point, +// as long as the session cache isn't cleared, subsequent new connections should +// use session resumption, thereby bypassing the AuthCertificate hook. We need +// to ensure that the correct security state is propagated to the new connection +// information object. +function add_resume_non_ev_with_override_test() { + // This adds the override and makes one successful connection. + add_cert_override_test("expired.example.com", + Ci.nsICertOverrideService.ERROR_TIME, + SEC_ERROR_EXPIRED_CERTIFICATE); + + // This connects again, using session resumption. Note that we don't clear + // the TLS session cache between these operations (that would defeat the + // purpose). + add_connection_test("expired.example.com", PRErrorCodeSuccess, null, + (transportSecurityInfo) => { + ok(transportSecurityInfo.securityState & + Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN, + "expired.example.com should have STATE_CERT_USER_OVERRIDDEN flag"); + let sslStatus = transportSecurityInfo + .QueryInterface(Ci.nsISSLStatusProvider) + .SSLStatus; + ok(!sslStatus.isDomainMismatch, + "expired.example.com should not have isDomainMismatch set"); + ok(sslStatus.isNotValidAtThisTime, + "expired.example.com should have isNotValidAtThisTime set"); + ok(!sslStatus.isUntrusted, + "expired.example.com should not have isUntrusted set"); + ok(!sslStatus.isExtendedValidation, + "expired.example.com should not have isExtendedValidation set"); + } + ); +} + +// Helper function that adds a test that connects to ev-test.example.com and +// verifies that it validates as EV (or not, if we're running a non-debug +// build). This assumes that an appropriate OCSP responder is running or that +// good responses are cached. +function add_one_ev_test() { + add_connection_test("ev-test.example.com", PRErrorCodeSuccess, null, + (transportSecurityInfo) => { + ok(!(transportSecurityInfo.securityState & + Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN), + "ev-test.example.com should not have STATE_CERT_USER_OVERRIDDEN flag"); + let sslStatus = transportSecurityInfo + .QueryInterface(Ci.nsISSLStatusProvider) + .SSLStatus; + ok(!sslStatus.isDomainMismatch, + "ev-test.example.com should not have isDomainMismatch set"); + ok(!sslStatus.isNotValidAtThisTime, + "ev-test.example.com should not have isNotValidAtThisTime set"); + ok(!sslStatus.isUntrusted, + "ev-test.example.com should not have isUntrusted set"); + ok(!gEVExpected || sslStatus.isExtendedValidation, + "ev-test.example.com should have isExtendedValidation set " + + "(or this is a non-debug build)"); + } + ); +} + +// This test is similar, except with extended validation. We should connect +// successfully, and the certificate should be EV in debug builds. Without +// clearing the session cache, we should connect successfully again, this time +// with session resumption. The certificate should again be EV in debug builds. +function add_resume_ev_test() { + const SERVER_PORT = 8888; + let expectedRequestPaths = gEVExpected ? [ "ev-test-intermediate", "ev-test" ] + : [ "ev-test" ]; + let responseTypes = gEVExpected ? [ "good", "good" ] : [ "good" ]; + // Since we cache OCSP responses, we only ever actually serve one set. + let ocspResponder = startOCSPResponder(SERVER_PORT, "localhost", "bad_certs", + expectedRequestPaths, + expectedRequestPaths.slice(), + null, responseTypes); + // We should be able to connect and verify the certificate as EV (in debug + // builds). + add_one_ev_test(); + // We should be able to connect again (using session resumption). In debug + // builds, the certificate should be noted as EV. Again, it's important that + // nothing clears the TLS cache in between these two operations. + add_one_ev_test(); + + add_test(() => { + ocspResponder.stop(run_next_test); + }); +} + +const statsPtr = getSSLStatistics(); +const toInt32 = ctypes.Int64.lo; +const GOOD_DOMAIN = "good.include-subdomains.pinning.example.com"; + +// Connect to the same domain with two origin attributes and check if any ssl +// session is resumed. +function add_origin_attributes_test(originAttributes1, originAttributes2, + resumeExpected) { + add_connection_test(GOOD_DOMAIN, PRErrorCodeSuccess, clearSessionCache, null, + null, originAttributes1); + + let hitsBeforeConnect; + let missesBeforeConnect; + let expectedHits = resumeExpected ? 1 : 0; + let expectedMisses = 1 - expectedHits; + + add_connection_test(GOOD_DOMAIN, PRErrorCodeSuccess, + function() { + // Add the hits and misses before connection. + let stats = statsPtr.contents; + hitsBeforeConnect = toInt32(stats.sch_sid_cache_hits); + missesBeforeConnect = + toInt32(stats.sch_sid_cache_misses); + }, + function() { + let stats = statsPtr.contents; + equal(toInt32(stats.sch_sid_cache_hits), + hitsBeforeConnect + expectedHits, + "Unexpected cache hits"); + equal(toInt32(stats.sch_sid_cache_misses), + missesBeforeConnect + expectedMisses, + "Unexpected cache misses"); + }, null, originAttributes2); +} + +function run_test() { + add_tls_server_setup("BadCertServer", "bad_certs"); + add_resume_non_ev_with_override_test(); + add_resume_ev_test(); + add_origin_attributes_test({}, {}, true); + add_origin_attributes_test({ userContextId: 1 }, { userContextId: 2 }, false); + add_origin_attributes_test({ userContextId: 3 }, { userContextId: 3 }, true); + add_origin_attributes_test({ firstPartyDomain: "foo.com" }, + { firstPartyDomain: "bar.com" }, false); + add_origin_attributes_test({ firstPartyDomain: "baz.com" }, + { firstPartyDomain: "baz.com" }, true); + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js b/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js new file mode 100644 index 000000000..9f2af752d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js @@ -0,0 +1,42 @@ +"use strict"; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB); + +function run_test() { + run_next_test(); +} + +function check_open_result(name, expectedRv) { + return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) { + do_print("openSignedAppFileCallback called for " + name); + equal(rv, expectedRv, "Actual and expected return value should match"); + equal(aZipReader != null, Components.isSuccessCode(expectedRv), + "ZIP reader should be null only if the return value denotes failure"); + equal(aSignerCert != null, Components.isSuccessCode(expectedRv), + "Signer cert should be null only if the return value denotes failure"); + run_next_test(); + }; +} + +function original_app_path(test_name) { + return do_get_file("test_signed_apps/" + test_name + ".zip", false); +} + +// Test that we no longer trust the test root cert that was originally used +// during development of B2G 1.0. +add_test(function () { + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppMarketplaceProdPublicRoot, + original_app_path("test-privileged-app-test-1.0"), + check_open_result("test-privileged-app-test-1.0", + getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER))); +}); + +// Test that we trust the root cert used by by the Firefox Marketplace. +add_test(function () { + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppMarketplaceProdPublicRoot, + original_app_path("privileged-app-test-1.0"), + check_open_result("privileged-app-test-1.0", Cr.NS_OK)); +}); diff --git a/security/manager/ssl/tests/unit/test_signed_apps.js b/security/manager/ssl/tests/unit/test_signed_apps.js new file mode 100644 index 000000000..819ea767a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_apps.js @@ -0,0 +1,233 @@ +"use strict"; +/* To regenerate the certificates and apps for this test: + + cd security/manager/ssl/tests/unit/test_signed_apps + PATH=$NSS/bin:$NSS/lib:$PATH ./generate.sh + cd ../../../../../.. + make -C $OBJDIR/security/manager/ssl/tests + + $NSS is the path to NSS binaries and libraries built for the host platform. + If you get error messages about "CertUtil" on Windows, then it means that + the Windows CertUtil.exe is ahead of the NSS certutil.exe in $PATH. + + Check in the generated files. These steps are not done as part of the build + because we do not want to add a build-time dependency on the OpenSSL or NSS + tools or libraries built for the host platform. +*/ + +// XXX from prio.h +const PR_RDWR = 0x04; +const PR_CREATE_FILE = 0x08; +const PR_TRUNCATE = 0x20; + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB); + +// Creates a new app package based in the inFilePath package, with a set of +// modifications (including possibly deletions) applied to the existing entries, +// and/or a set of new entries to be included. +function tamper(inFilePath, outFilePath, modifications, newEntries) { + let writer = Cc["@mozilla.org/zipwriter;1"].createInstance(Ci.nsIZipWriter); + writer.open(outFilePath, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE); + try { + let reader = Cc["@mozilla.org/libjar/zip-reader;1"] + .createInstance(Ci.nsIZipReader); + reader.open(inFilePath); + try { + let entries = reader.findEntries(""); + while (entries.hasMore()) { + let entryName = entries.getNext(); + let inEntry = reader.getEntry(entryName); + let entryInput = reader.getInputStream(entryName); + try { + let f = modifications[entryName]; + let outEntry, outEntryInput; + if (f) { + [outEntry, outEntryInput] = f(inEntry, entryInput); + delete modifications[entryName]; + } else { + [outEntry, outEntryInput] = [inEntry, entryInput]; + } + // if f does not want the input entry to be copied to the output entry + // at all (i.e. it wants it to be deleted), it will return null. + if (outEntryInput) { + try { + writer.addEntryStream(entryName, + outEntry.lastModifiedTime, + outEntry.compression, + outEntryInput, + false); + } finally { + if (entryInput != outEntryInput) { + outEntryInput.close(); + } + } + } + } finally { + entryInput.close(); + } + } + } finally { + reader.close(); + } + + // Any leftover modification means that we were expecting to modify an entry + // in the input file that wasn't there. + for (let name in modifications) { + if (modifications.hasOwnProperty(name)) { + throw new Error("input file was missing expected entries: " + name); + } + } + + // Now, append any new entries to the end + newEntries.forEach(function(newEntry) { + let sis = Cc["@mozilla.org/io/string-input-stream;1"] + .createInstance(Ci.nsIStringInputStream); + try { + sis.setData(newEntry.content, newEntry.content.length); + writer.addEntryStream(newEntry.name, + new Date(), + Ci.nsIZipWriter.COMPRESSION_BEST, + sis, + false); + } finally { + sis.close(); + } + }); + } finally { + writer.close(); + } +} + +function removeEntry(entry, entryInput) { return [null, null]; } + +function truncateEntry(entry, entryInput) { + if (entryInput.available() == 0) { + throw new Error("Truncating already-zero length entry will result in " + + "identical entry."); + } + + let content = Cc["@mozilla.org/io/string-input-stream;1"] + .createInstance(Ci.nsIStringInputStream); + content.data = ""; + + return [entry, content]; +} + +function run_test() { + run_next_test(); +} + +function check_open_result(name, expectedRv) { + return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) { + do_print("openSignedAppFileCallback called for " + name); + equal(rv, expectedRv, "Actual and expected return value should match"); + equal(aZipReader != null, Components.isSuccessCode(expectedRv), + "ZIP reader should be null only if the return value denotes failure"); + equal(aSignerCert != null, Components.isSuccessCode(expectedRv), + "Signer cert should be null only if the return value denotes failure"); + run_next_test(); + }; +} + +function original_app_path(test_name) { + return do_get_file("test_signed_apps/" + test_name + ".zip", false); +} + +function tampered_app_path(test_name) { + return FileUtils.getFile("TmpD", ["test_signed_app-" + test_name + ".zip"]); +} + +add_test(function () { + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("valid_app_1"), + check_open_result("valid", Cr.NS_OK)); +}); + +add_test(function () { + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("unsigned_app_1"), + check_open_result("unsigned", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED)); +}); + +add_test(function () { + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("unknown_issuer_app_1"), + check_open_result("unknown_issuer", + getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER))); +}); + +// Sanity check to ensure a no-op tampering gives a valid result +add_test(function () { + let tampered = tampered_app_path("identity_tampering"); + tamper(original_app_path("valid_app_1"), tampered, { }, []); + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("valid_app_1"), + check_open_result("identity_tampering", Cr.NS_OK)); +}); + +add_test(function () { + let tampered = tampered_app_path("missing_rsa"); + tamper(original_app_path("valid_app_1"), tampered, { "META-INF/A.RSA": removeEntry }, []); + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, tampered, + check_open_result("missing_rsa", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED)); +}); + +add_test(function () { + let tampered = tampered_app_path("missing_sf"); + tamper(original_app_path("valid_app_1"), tampered, { "META-INF/A.SF": removeEntry }, []); + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, tampered, + check_open_result("missing_sf", Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID)); +}); + +add_test(function () { + let tampered = tampered_app_path("missing_manifest_mf"); + tamper(original_app_path("valid_app_1"), tampered, { "META-INF/MANIFEST.MF": removeEntry }, []); + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, tampered, + check_open_result("missing_manifest_mf", + Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID)); +}); + +add_test(function () { + let tampered = tampered_app_path("missing_entry"); + tamper(original_app_path("valid_app_1"), tampered, { "manifest.webapp": removeEntry }, []); + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, tampered, + check_open_result("missing_entry", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING)); +}); + +add_test(function () { + let tampered = tampered_app_path("truncated_entry"); + tamper(original_app_path("valid_app_1"), tampered, { "manifest.webapp": truncateEntry }, []); + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, tampered, + check_open_result("truncated_entry", Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY)); +}); + +add_test(function () { + let tampered = tampered_app_path("unsigned_entry"); + tamper(original_app_path("valid_app_1"), tampered, {}, + [ { "name": "unsigned.txt", "content": "unsigned content!" } ]); + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, tampered, + check_open_result("unsigned_entry", Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY)); +}); + +add_test(function () { + let tampered = tampered_app_path("unsigned_metainf_entry"); + tamper(original_app_path("valid_app_1"), tampered, {}, + [ { name: "META-INF/unsigned.txt", content: "unsigned content!" } ]); + certdb.openSignedAppFileAsync( + Ci.nsIX509CertDB.AppXPCShellRoot, tampered, + check_open_result("unsigned_metainf_entry", + Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY)); +}); + +// TODO: tampered MF, tampered SF +// TODO: too-large MF, too-large RSA, too-large SF +// TODO: MF and SF that end immediately after the last main header +// (no CR nor LF) +// TODO: broken headers to exercise the parser diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/README.md b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/README.md new file mode 100644 index 000000000..5c6201534 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/README.md @@ -0,0 +1,18 @@ +This file contains the scripts and binary files needed to regenerate the signed +files used on the signed apps test. + +Prerequisites: + +* NSS 3.4 or higher. +* Python 2.7 (should work with 2.6 also) +* Bash + +Usage: + +Run + +./create_test_files.sh + +The new test files will be created at the ./testApps directory. Just copy the +contents of this directory to the test directory (dom/apps/tests/signed and +security/manager/ssl/tests/unit) to use the new files. diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/create_test_files.sh b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/create_test_files.sh new file mode 100755 index 000000000..e211c3685 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/create_test_files.sh @@ -0,0 +1,213 @@ +#!/bin/bash + +export NSS_DEFAULT_DB_TYPE=sql + +export BASE_PATH=`dirname $0` +export SIGN_SCR_LOC=. +export APPS_TEST_LOC=../../../../../../../dom/apps/tests/signed +export TOOLKIT_WEBAPPS_TEST_LOC=../../../../../../../toolkit/webapps/tests/data/ + +# Creates the entry zip files (unsigned apps) from the source directories +packageApps() { +APPS="unsigned_app_1 unsigned_app_origin unsigned_app_origin_toolkit_webapps" +OLD_PWD=`pwd` +cd ${BASE_PATH} +for i in $APPS +do + echo "Creating $i.zip" + cd $i && zip -r ../$i.zip . && cd .. +done +cd ${OLD_PWD} +} + + +# Function to create a signing database +# Parameters: +# $1: Output directory (where the DB will be created) +createDb() { + + db=$1 + + mkdir -p $db + + # Insecure by design, so... please don't use this for anything serious + passwordfile=$db/passwordfile + + echo insecurepassword > $passwordfile + certutil -d $db -N -f $passwordfile 2>&1 >/dev/null + +} + +# Add a CA cert and a signing cert to the database +# Arguments: +# $1: DB directory +# $2: CA CN (don't include the CN=, just the value) +# $3: Signing Cert CN (don't include the CN=, just the value) +# $4: CA short name (don't use spaces!) +# $5: Signing Cert short name (don't use spaces!) +addCerts() { + org="O=Examplla Corporation,L=Mountain View,ST=CA,C=US" + ca_subj="CN=${2},${org}" + ee_subj="CN=${3},${org}" + + noisefile=/tmp/noise.$$ + head -c 32 /dev/urandom > $noisefile + + ca_responses=/tmp/caresponses.$$ + ee_responses=/tmp/earesponses + + echo y > $ca_responses # Is this a CA? + echo >> $ca_responses # Accept default path length constraint (no constraint) + echo y >> $ca_responses # Is this a critical constraint? + echo n > $ee_responses # Is this a CA? + echo >> $ee_responses # Accept default path length constraint (no constraint) + echo y >> $ee_responses # Is this a critical constraint? + + make_cert="certutil -d $db -f $passwordfile -S -g 2048 -Z SHA256 \ + -z $noisefile -y 3 -2 --extKeyUsage critical,codeSigning" + $make_cert -v 480 -n ${4} -m 1 -s "$ca_subj" \ + --keyUsage critical,certSigning -t ",,CTu" -x < $ca_responses 2>&1 >/dev/null + $make_cert -v 240 -n ${5} -c ${4} -m 2 -s "$ee_subj" \ + --keyUsage critical,digitalSignature -t ",,," < $ee_responses 2>&1 >/dev/null + + # In case we want to inspect the generated certs + + # Also, we'll need this one later on + certutil -d $db -L -n ${4} -r -o $db/${4}.der + certutil -d $db -L -n ${5} -r -o $db/${5}.der + + rm -f $noisefile $ee_responses $ca_responses +} + + +# Signs an app +# Parameters: +# $1: Database directory +# $2: Unsigned ZIP file path +# $3: Signed ZIP file path +# $4: Store ID for the signed App +# $5: Version of the signed App +# $6: Nickname of the signing certificate +signApp() { + + db=$1 + + # Once again, this is INSECURE. It doesn't matter here but + # DON'T use this for anything production related + passwordfile=$db/passwordfile + + python ${BASE_PATH}/${SIGN_SCR_LOC}/sign_b2g_app.py -d $db -f $passwordfile \ + -k ${6} -i ${2} -o ${3} -S ${4} -V ${5} +} + +DB_PATH=${BASE_PATH}/signingDB +TEST_APP_PATH=${BASE_PATH}/testApps + +echo "Warning! The directories ${DB_PATH} and ${TEST_APP_PATH} will be erased!" +echo "Do you want to proceed anyway?" +select answer in "Yes" "No" +do + case $answer in + Yes) break;; + No) exit 1;; + esac +done + +rm -rf ${DB_PATH} ${TEST_APP_PATH} + +TRUSTED_EE=trusted_ee1 +UNTRUSTED_EE=untrusted_ee1 +TRUSTED_CA=trusted_ca1 +UNTRUSTED_CA=untrusted_ca1 + +# First, we'll create a new couple of signing DBs +createDb $DB_PATH +addCerts $DB_PATH "Valid CA" "Store Cert" trusted_ca1 ${TRUSTED_EE} +addCerts $DB_PATH "Invalid CA" "Invalid Cert" ${UNTRUSTED_CA} ${UNTRUSTED_EE} + +# Then we'll create the unsigned apps +echo "Creating unsigned apps" +packageApps + +# And then we'll create all the test apps... +mkdir -p ${TEST_APP_PATH} + +# We need: +# A valid signed file, with two different versions: +# valid_app_1.zip +# valid_app_2.zip +VALID_UID=`uuidgen` +signApp $DB_PATH ${BASE_PATH}/unsigned_app_1.zip \ + $TEST_APP_PATH/valid_app_1.zip \ + $VALID_UID 1 ${TRUSTED_EE} +signApp $DB_PATH ${BASE_PATH}/unsigned_app_1.zip \ + $TEST_APP_PATH/valid_app_2.zip \ + $VALID_UID 2 ${TRUSTED_EE} + + +# A corrupt_package: +# corrupt_app_1.zip +# A corrupt package is a package with a entry modified, for example... +CURDIR=`pwd` +export TEMP_DIR=$TEST_APP_PATH/aux_unzip_$$ +mkdir -p $TEMP_DIR +cd $TEMP_DIR +unzip ../valid_app_1.zip 2>&1 >/dev/null +echo " - " >> index.html +zip -r ../corrupt_app_1.zip * 2>&1 >/dev/null +cd $CURDIR +rm -rf $TEMP_DIR + +# A file signed by a unknown issuer +# unknown_issuer_app_1.zip +INVALID_UID=`uuidgen` +signApp $DB_PATH ${BASE_PATH}/unsigned_app_1.zip \ + $TEST_APP_PATH/unknown_issuer_app_1.zip \ + $INVALID_UID 1 ${UNTRUSTED_EE} + +# And finally a priviledged signed file that includes the origin on the manifest +# to avoid that reverting again +PRIV_UID=`uuidgen` +signApp $DB_PATH ${BASE_PATH}/unsigned_app_origin.zip \ + $TEST_APP_PATH/origin_app_1.zip \ + $PRIV_UID 1 ${TRUSTED_EE} + +# A privileged signed app needed for a toolkit/webapps test +PRIV_TOOLKIT_UID=`uuidgen` +signApp $DB_PATH ${BASE_PATH}/unsigned_app_origin_toolkit_webapps.zip \ + $TEST_APP_PATH/custom_origin.zip \ + $PRIV_TOOLKIT_UID 1 ${TRUSTED_EE} + +# Now let's copy the trusted cert to the app directory so we have everything +# on the same place... +cp ${DB_PATH}/${TRUSTED_CA}.der ${TEST_APP_PATH} + +cat < max_entry_filename_len: + raise ValueError("Entry's filename is too long: %s" % (name)) + # TODO: elif name has invalid characters... + elif name in seen_entries: + # It is possible for a zipfile to have duplicate entries (with the exact + # same filenames). Python's zipfile module accepts them, but our zip + # reader in Gecko cannot do anything useful with them, and there's no + # sane reason for duplicate entries to exist, so reject them. + raise ValueError("Duplicate entry in input file: %s" % (name)) + else: + entry_count += 1 + if entry_count > max_entry_count: + raise ValueError("Too many entries in input archive") + + seen_entries.add(name) + + # Read in the input entry, but be careful to avoid going over the + # various limits we have, to minimize the likelihood that we'll run + # out of memory. Note that we can't use the length from entry_info + # because that might not be accurate if the input zip file is + # maliciously crafted to contain misleading metadata. + with in_zip.open(name, 'r') as entry_file: + contents = entry_file.read(max_entry_uncompressed_len + 1) + if len(contents) > max_entry_uncompressed_len: + raise ValueError("Entry is too large: %s" % (name)) + total_uncompressed_len += len(contents) + if total_uncompressed_len > max_total_uncompressed_len: + raise ValueError("Input archive is too large") + + # Copy the entry, using the same compression as used in the input file + out_zip.writestr(entry_info, contents) + + # Add the entry to the manifest we're building + mf_entries.append('Name: %s\nSHA1-Digest: %s\n' + % (name, b64encode(sha1(contents).digest()))) + if (ids_json): + mf_entries.append('Name: %s\nSHA1-Digest: %s\n' + % ("META-INF/ids.json", b64encode(sha1(ids_json).digest()))) + + mf_contents = 'Manifest-Version: 1.0\n\n' + '\n'.join(mf_entries) + if len(mf_contents) > max_mf_len: + raise ValueError("Generated MANIFEST.MF is too large: %d" % (len(mf_contents))) + + sf_contents = ('Signature-Version: 1.0\nSHA1-Digest-Manifest: %s\n' + % (b64encode(sha1(mf_contents).digest()))) + if len(sf_contents) > max_sf_len: + raise ValueError("Generated SIGNATURE.SF is too large: %d" + % (len(mf_contents))) + + p7 = nss_create_detached_signature(cert, sf_contents, wincx) + + # write the signature, SF, and MF + out_zip.writestr("META-INF/A.RSA", p7, zipfile.ZIP_DEFLATED) + out_zip.writestr("META-INF/A.SF", sf_contents, zipfile.ZIP_DEFLATED) + out_zip.writestr("META-INF/MANIFEST.MF", mf_contents, zipfile.ZIP_DEFLATED) + if (ids_json): + out_zip.writestr("META-INF/ids.json", ids_json, zipfile.ZIP_DEFLATED) + +def main(): + parser = argparse.ArgumentParser(description='Sign a B2G app.') + parser.add_argument('-d', action='store', + required=True, help='NSS database directory') + parser.add_argument('-f', action='store', + type=argparse.FileType('rb'), + required=True, help='password file') + parser.add_argument('-k', action='store', + required=True, help="nickname of signing cert.") + parser.add_argument('-i', action='store', type=argparse.FileType('rb'), + required=True, help="input JAR file (unsigned)") + parser.add_argument('-o', action='store', type=argparse.FileType('wb'), + required=True, help="output JAR file (signed)") + parser.add_argument('-I', '--ids-file', action='store', type=argparse.FileType('rb'), + help="Path to the ids.json file", dest='I') + parser.add_argument('-S', '--storeId', action='store', + help="Store Id for the package", dest='S') + parser.add_argument('-V', '--storeVersion', action='store', type=int, + help="Package Version", dest='V') + args = parser.parse_args() + + # Sadly nested groups and neccesarily inclusive groups (http://bugs.python.org/issue11588) + # are not implemented. Note that this means the automatic help is slighty incorrect + if not((not args.I and args.V and args.S) or (args.I and not args.V and not args.S)): + raise ValueError("Either -I or -S and -V must be specified") + + if (args.I): + ids_contents = args.I.read(max_entry_uncompressed_len+1) + else: + ids_contents = '''{ + "id": "%(id)s", + "version": %(version)d +} +''' % {"id": args.S, "version": args.V} + if len(ids_contents) > max_entry_uncompressed_len: + raise ValueError("Entry is too large: %s" % (name)) + + db_dir = args.d + password = args.f.readline().strip() + cert_nickname = args.k + + (wincx, cert) = nss_load_cert(db_dir, password, cert_nickname) + try: + sign_zip(args.i, args.o, cert, wincx, ids_contents) + return 0 + finally: + nss_ctypes.CERT_DestroyCertificate(cert) + nss_ctypes.NSS_Shutdown() + +if __name__ == "__main__": + sys.exit(main()) diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/icon-128.png b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/icon-128.png new file mode 100644 index 000000000..d6fd07a41 Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/icon-128.png differ diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/index.html b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/index.html new file mode 100644 index 000000000..2acf635e8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/index.html @@ -0,0 +1,6 @@ + + +Simple App +

This is a Simple App. + + diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/manifest.webapp new file mode 100644 index 000000000..447cd1e71 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/manifest.webapp @@ -0,0 +1,8 @@ +{ "name": "Simple App" +, "description": "A Simple Open Web App" +, "launch_path": "tests/dom/apps/tests/signed_app.sjs" +, "icons": { "128" : "icon-128.png" } +, "installs_allowed_from": [ "https://marketplace.mozilla.com", "http://mochi.test:8888" ] +, "version": 1 +, "default_locale": "en-US" +} diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/icon-128.png b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/icon-128.png new file mode 100644 index 000000000..d6fd07a41 Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/icon-128.png differ diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/index.html b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/index.html new file mode 100644 index 000000000..9f2adf57b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/index.html @@ -0,0 +1,6 @@ + + +Simple App +

This is a Simple App. + + diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/manifest.webapp new file mode 100644 index 000000000..d2393e3c3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/manifest.webapp @@ -0,0 +1,10 @@ +{ "name": "Simple App", + "description": "A Simple Open Web App", + "type": "privileged", + "origin": "app://test.origin.privileged.app", + "launch_path": "tests/dom/apps/tests/signed_app.sjs", + "icons": { "128" : "icon-128.png" }, + "installs_allowed_from": [ "https://marketplace.mozilla.com", "http://mochi.test:8888" ], + "version": 1, + "default_locale": "en-US" +} diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/index.html b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/index.html new file mode 100644 index 000000000..12c6881c2 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/index.html @@ -0,0 +1,10 @@ + + + +Test app + + +Test app: + + + diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/manifest.webapp new file mode 100644 index 000000000..55103ca5a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/manifest.webapp @@ -0,0 +1,9 @@ +{ + "name": "Custom Origin Test", + "version": 1, + "size": 777, + "package_path": "custom_origin.zip", + "launch_path": "/index.html", + "origin": "app://test.origin.privileged.app", + "type": "privileged" +} diff --git a/security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip b/security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip new file mode 100644 index 000000000..3a12106c8 Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip differ diff --git a/security/manager/ssl/tests/unit/test_signed_apps/test-privileged-app-test-1.0.zip b/security/manager/ssl/tests/unit/test_signed_apps/test-privileged-app-test-1.0.zip new file mode 100644 index 000000000..ec137ea14 Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/test-privileged-app-test-1.0.zip differ diff --git a/security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der b/security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der new file mode 100644 index 000000000..0200a7f35 Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der differ diff --git a/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip b/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip new file mode 100644 index 000000000..374e45f6f Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip differ diff --git a/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip b/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip new file mode 100644 index 000000000..731e050ab Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip differ diff --git a/security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip b/security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip new file mode 100644 index 000000000..74a35a420 Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip differ diff --git a/security/manager/ssl/tests/unit/test_signed_dir.js b/security/manager/ssl/tests/unit/test_signed_dir.js new file mode 100644 index 000000000..b07fd2285 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_dir.js @@ -0,0 +1,201 @@ +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests that signed extensions extracted/unpacked into a directory work pass +// verification when non-tampered, and fail verification when tampered via +// various means. + +const { ZipUtils } = Cu.import("resource://gre/modules/ZipUtils.jsm", {}); + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +/** + * Signed test extension. This is any arbitrary Mozilla signed XPI that + * preferably has recently been signed (but note that it actually doesn't + * matter, since we ignore expired certificates when checking signing). + * @type nsIFile + */ +var gSignedXPI = + do_get_file("test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi", false); +/** + * The directory that the test extension will be extracted to. + * @type nsIFile + */ +var gTarget = FileUtils.getDir("TmpD", ["test_signed_dir"]); +gTarget.createUnique(Ci.nsIFile.DIRECTORY_TYPE, FileUtils.PERMS_DIRECTORY); + +/** + * Each property below is optional. Defining none of them means "don't tamper". + * + * @typedef {TamperInstructions} + * @type Object + * @property {String[][]} copy + * Format: [[path,newname], [path2,newname2], ...] + * Copy the file located at |path| and name it |newname|. + * @property {String[]} delete + * List of paths to files to delete. + * @property {String[]} corrupt + * List of paths to files to corrupt. + */ + +/** + * Extracts the signed XPI into a directory, and tampers the files in that + * directory if instructed. + * + * @param {TamperInstructions} tamper + * Instructions on whether to tamper any files, and if so, how. + * @returns {nsIFile} + * The directory where the XPI was extracted to. + */ +function prepare(tamper) { + ZipUtils.extractFiles(gSignedXPI, gTarget); + + // copy files + if (tamper.copy) { + tamper.copy.forEach(i => { + let f = gTarget.clone(); + i[0].split("/").forEach(seg => { f.append(seg); }); + f.copyTo(null, i[1]); + }); + } + + // delete files + if (tamper.delete) { + tamper.delete.forEach(i => { + let f = gTarget.clone(); + i.split("/").forEach(seg => { f.append(seg); }); + f.remove(true); + }); + } + + // corrupt files + if (tamper.corrupt) { + tamper.corrupt.forEach(i => { + let f = gTarget.clone(); + i.split("/").forEach(seg => { f.append(seg); }); + let s = FileUtils.openFileOutputStream(f, FileUtils.MODE_WRONLY); + const str = "Kilroy was here"; + s.write(str, str.length); + s.close(); + }); + } + + return gTarget; +} + +function checkResult(expectedRv, dir, resolve) { + return function verifySignedDirCallback(rv, aSignerCert) { + equal(rv, expectedRv, "Actual and expected return value should match"); + equal(aSignerCert != null, Components.isSuccessCode(expectedRv), + "expecting certificate:"); + dir.remove(true); + resolve(); + }; +} + +function verifyDirAsync(expectedRv, tamper) { + let targetDir = prepare(tamper); + return new Promise((resolve, reject) => { + certdb.verifySignedDirectoryAsync( + Ci.nsIX509CertDB.AddonsPublicRoot, targetDir, + checkResult(expectedRv, targetDir, resolve)); + }); +} + +// +// the tests +// +add_task(function* testValid() { + yield verifyDirAsync(Cr.NS_OK, {} /* no tampering */); +}); + +add_task(function* testNoMetaDir() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED, + {delete: ["META-INF"]}); +}); + +add_task(function* testEmptyMetaDir() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED, + {delete: ["META-INF/mozilla.rsa", + "META-INF/mozilla.sf", + "META-INF/manifest.mf"]}); +}); + +add_task(function* testTwoRSAFiles() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID, + {copy: [["META-INF/mozilla.rsa", "extra.rsa"]]}); +}); + +add_task(function* testCorruptRSAFile() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID, + {corrupt: ["META-INF/mozilla.rsa"]}); +}); + +add_task(function* testMissingSFFile() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID, + {delete: ["META-INF/mozilla.sf"]}); +}); + +add_task(function* testCorruptSFFile() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID, + {corrupt: ["META-INF/mozilla.sf"]}); +}); + +add_task(function* testExtraInvalidSFFile() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY, + {copy: [["META-INF/mozilla.rsa", "extra.sf"]]}); +}); + +add_task(function* testExtraValidSFFile() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY, + {copy: [["META-INF/mozilla.sf", "extra.sf"]]}); +}); + +add_task(function* testMissingManifest() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID, + {delete: ["META-INF/manifest.mf"]}); +}); + +add_task(function* testCorruptManifest() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID, + {corrupt: ["META-INF/manifest.mf"]}); +}); + +add_task(function* testMissingFile() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING, + {delete: ["bootstrap.js"]}); +}); + +add_task(function* testCorruptFile() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY, + {corrupt: ["bootstrap.js"]}); +}); + +add_task(function* testExtraFile() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY, + {copy: [["bootstrap.js", "extra"]]}); +}); + +add_task(function* testMissingFileInDir() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING, + {delete: ["lib/ui.js"]}); +}); + +add_task(function* testCorruptFileInDir() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY, + {corrupt: ["lib/ui.js"]}); +}); + +add_task(function* testExtraFileInDir() { + yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY, + {copy: [["lib/ui.js", "extra"]]}); +}); + +do_register_cleanup(function() { + if (gTarget.exists()) { + gTarget.remove(true); + } +}); diff --git a/security/manager/ssl/tests/unit/test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi b/security/manager/ssl/tests/unit/test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi new file mode 100644 index 000000000..902b731f3 Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi differ diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/README.md b/security/manager/ssl/tests/unit/test_signed_manifest/README.md new file mode 100644 index 000000000..a442c7052 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_manifest/README.md @@ -0,0 +1,17 @@ +This folder contains the scripts needed to generate signed manifest files +to verify the Trusted Hosted Apps concept. + +Prerequisites: + +* NSS 3.4 or higher. +* Python 2.7 (should work with 2.6 also) +* Bash +* OpenSSL + +Usage: + +Run + I) For usage info execute ./create_test_files.sh --help + + II) Upload the signed manifest.webapp and manifest.sig to the + application hosting server. diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/create_test_files.sh b/security/manager/ssl/tests/unit/test_signed_manifest/create_test_files.sh new file mode 100755 index 000000000..cddbe17ec --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_manifest/create_test_files.sh @@ -0,0 +1,181 @@ +#!/bin/bash +# +# Mode: shell-script; sh-indentation:2; +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +export BASE_PATH=`dirname $0` +echo $BASE_PATH + +# location of the 'sign_b2g_manifest.py' script +export SIGN_SCR_PATH=. + +DB_PATH=${BASE_PATH}/signingDB +PASSWORD_FILE=${DB_PATH}/passwordfile +VALID_MANIFEST_PATH=${BASE_PATH}/testValidSignedManifest +INVALID_MANIFEST_PATH=${BASE_PATH}/testInvalidSignedManifest + +TRUSTED_EE=trusted_ee1 +UNTRUSTED_EE=untrusted_ee1 +TRUSTED_CA=trusted_ca1 +UNTRUSTED_CA=untrusted_ca1 + +# Print usage info +usage() { + echo + echo + tput bold + echo "NAME" + tput sgr0 + echo " create_test_files.sh - Signing a manifest for Trusted Hosted Apps." + echo + tput bold + echo "SYNOPSIS" + tput sgr0 + echo " create_test_files.sh" + echo " create_test_files.sh [--regenerate-test-certs]" + echo " create_test_files.sh [--help]" + echo + tput bold + echo "DESCRIPTION" + tput sgr0 + echo " The script signs a manifest for Trusted Hosted Apps if no parameter" + echo " is given and if the manifest file and a certificate database directory" + echo " is present in the current directory." + echo " Two directories ./testValidSignedManifest and ./testInvalidSignedManifest" + echo " are generated containing a manifest signature file each, signed with valid" + echo " and invalid certificates respectively." + echo " If the --regenerate-test-certs parameter is given, a new certificate database" + echo " directory is generated before the signing takes place." + echo " If the certificate database is not present and the --regenerate-test-certs" + echo " parameter is not given the script exits whithout any operations." + echo + tput bold + echo "OPTIONS" + echo " --regenerate-test-certs," + tput sgr0 + echo " Generates a test certificate database and then signs the manifest.webapp" + echo " file in the current directory." + echo + tput bold + echo " --help," + tput sgr0 + echo " Show this usage information." + echo +} + +# Function to create a signing database +# Parameters: +# $1: Output directory (where the DB will be created) +# $2: Password file +createDB() { + local db_path=${1} + local password_file=${2} + + mkdir -p ${db_path} + echo insecurepassword > ${password_file} + certutil -d ${db_path} -N -f ${password_file} 2>&1 >/dev/null +} + +# Add a CA cert and a signing cert to the database +# Arguments: +# $1: DB directory +# $2: CA CN (don't include the CN=, just the value) +# $3: Signing Cert CN (don't include the CN=, just the value) +# $4: CA short name (don't use spaces!) +# $5: Signing Cert short name (don't use spaces!) +# $6: Password file +addCerts() { + local db_path=${1} + local password_file=${6} + + org="O=Example Trusted Corporation,L=Mountain View,ST=CA,C=US" + ca_subj="CN=${2},${org}" + ee_subj="CN=${3},${org}" + + noisefile=/tmp/noise.$$ + head -c 32 /dev/urandom > ${noisefile} + + ca_responses=/tmp/caresponses.$$ + ee_responses=/tmp/earesponses + + echo y > ${ca_responses} # Is this a CA? + echo >> ${ca_responses} # Accept default path length constraint (no constraint) + echo y >> ${ca_responses} # Is this a critical constraint? + echo n > ${ee_responses} # Is this a CA? + echo >> ${ee_responses} # Accept default path length constraint (no constraint) + echo y >> ${ee_responses} # Is this a critical constraint? + + make_cert="certutil -d ${db_path} -f ${password_file} -S -g 2048 -Z SHA256 \ + -z ${noisefile} -y 3 -2 --extKeyUsage critical,codeSigning" + ${make_cert} -v 480 -n ${4} -m 1 -s "${ca_subj}" --keyUsage critical,certSigning \ + -t ",,CTu" -x < ${ca_responses} 2>&1 >/dev/null + ${make_cert} -v 240 -n ${5} -c ${4} -m 2 -s "${ee_subj}" --keyUsage critical,digitalSignature \ + -t ",,," < ${ee_responses} 2>&1 >/dev/null + + certutil -d ${db_path} -L -n ${4} -r -o ${SIGN_SCR_PATH}/${4}.der + + rm -f ${noisefile} ${ee_responses} ${ca_responses} +} + +# Signs a manifest +# Parameters: +# $1: Database directory +# $2: Unsigned manifest file path +# $3: Signed manifest file path +# $4: Nickname of the signing certificate +# $5: Password file +signManifest() { + local db_path=${1} + local password_file=${5} + + python ${BASE_PATH}/${SIGN_SCR_PATH}/sign_b2g_manifest.py -d ${db_path} \ + -f ${password_file} -k ${4} -i ${2} -o ${3} +} + +# Generate the necessary files to be used for the signing +generate_files() { + # First create a new couple of signing DBs + rm -rf ${DB_PATH} ${VALID_MANIFEST_PATH} ${INVALID_MANIFEST_PATH} + createDB ${DB_PATH} ${PASSWORD_FILE} + addCerts ${DB_PATH} "Trusted Valid CA" "Trusted Corp Cert" ${TRUSTED_CA} ${TRUSTED_EE} ${PASSWORD_FILE} + addCerts ${DB_PATH} "Trusted Invalid CA" "Trusted Invalid Cert" ${UNTRUSTED_CA} ${UNTRUSTED_EE} ${PASSWORD_FILE} +} + +#Start of execution +if [ ${1} ] && [ "${1}" == '--regenerate-test-certs' ]; then + generate_files +elif [ "${1}" == '--help' ]; then + usage + exit 1 +else + if [ -d ${DB_PATH} ]; then + rm -rf ${VALID_MANIFEST_PATH} ${INVALID_MANIFEST_PATH} + else + echo "Error! The directory ${DB_PATH} does not exist!" + echo "New certificate database must be created!" + usage $0 + exit 1 + fi +fi + +# Create all the test manifests +mkdir -p ${VALID_MANIFEST_PATH} +mkdir -p ${INVALID_MANIFEST_PATH} + +CURDIR=`pwd` +cd $CURDIR + +# Sign a manifest file with a known issuer +signManifest ${DB_PATH} ${BASE_PATH}/manifest.webapp \ + ${VALID_MANIFEST_PATH}/manifest.sig \ + ${TRUSTED_EE} ${PASSWORD_FILE} + +# Sign a manifest file with a unknown issuer +signManifest ${DB_PATH} ${BASE_PATH}/manifest.webapp \ + ${INVALID_MANIFEST_PATH}/manifest.sig \ + ${UNTRUSTED_EE} ${PASSWORD_FILE} + +echo "Done!" diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_manifest/manifest.webapp new file mode 100644 index 000000000..ad477719b --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_manifest/manifest.webapp @@ -0,0 +1,10 @@ +{ "name": "Trusted App Example", + "description": "A Manifest for a Trusted Hosted Application", + "type": "trusted", + "launch_path": "/index.html", + "icons": { "128" : "icon-128.png" }, + "version": 1, + "csp" : "script-src https://www.example.com; style-src https://www.example.com", + "permissions": { "device-storage:videos":{ "access": "readonly" }, "device-storage:pictures":{ "access": "readwrite" } }, + "default_locale": "en-US" +} diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/nss_ctypes.py b/security/manager/ssl/tests/unit/test_signed_manifest/nss_ctypes.py new file mode 100644 index 000000000..a0c50b1ed --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_manifest/nss_ctypes.py @@ -0,0 +1,136 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +from ctypes import * +import os +import sys + +if sys.platform == 'darwin': + libprefix = "lib" + libsuffix = ".dylib" +elif os.name == 'posix': + libprefix = "lib" + libsuffix = ".so" +else: # assume windows + libprefix = "" + libsuffix = ".dll" + +plc = cdll.LoadLibrary(libprefix + "plc4" + libsuffix) +nspr = cdll.LoadLibrary(libprefix + "nspr4" + libsuffix) +nss = cdll.LoadLibrary(libprefix + "nss3" + libsuffix) +smime = cdll.LoadLibrary(libprefix + "smime3" + libsuffix) + +nspr.PR_GetError.argtypes = [] +nspr.PR_GetError.restype = c_int32 +nspr.PR_ErrorToName.argtypes = [c_int32] +nspr.PR_ErrorToName.restype = c_char_p + +def raise_if_not_SECSuccess(rv): + SECSuccess = 0 + if (rv != SECSuccess): + raise ValueError(nspr.PR_ErrorToName(nspr.PR_GetError())) + +def raise_if_NULL(p): + if not p: + raise ValueError(nspr.PR_ErrorToName(nspr.PR_GetError())) + return p + +PRBool = c_int +SECStatus = c_int + +# from secoidt.h +SEC_OID_SHA1 = 4 + +# from certt.h +certUsageObjectSigner = 6 + +class SECItem(Structure): + _fields_ = [("type", c_int), + ("data", c_char_p), + ("len", c_uint)] + +nss.NSS_Init.argtypes = [c_char_p] +nss.NSS_Init.restype = SECStatus +def NSS_Init(db_dir): + nss.NSS_Init.argtypes = [c_char_p] + nss.NSS_Init.restype = SECStatus + raise_if_not_SECSuccess(nss.NSS_Init(db_dir)) + +nss.NSS_Shutdown.argtypes = [] +nss.NSS_Shutdown.restype = SECStatus +def NSS_Shutdown(): + raise_if_not_SECSuccess(nss.NSS_Shutdown()) + +PK11PasswordFunc = CFUNCTYPE(c_char_p, c_void_p, PRBool, c_char_p) + +# pass the result of this as the wincx parameter when a wincx is required +nss.PK11_SetPasswordFunc.argtypes = [PK11PasswordFunc] +nss.PK11_SetPasswordFunc.restype = None + +# Set the return type as *void so Python doesn't touch it +plc.PL_strdup.argtypes = [c_char_p] +plc.PL_strdup.restype = c_void_p +def SetPasswordContext(password): + def callback(slot, retry, arg): + return plc.PL_strdup(password) + wincx = PK11PasswordFunc(callback) + nss.PK11_SetPasswordFunc(wincx) + return wincx + +nss.CERT_GetDefaultCertDB.argtypes = [] +nss.CERT_GetDefaultCertDB.restype = c_void_p +def CERT_GetDefaultCertDB(): + return raise_if_NULL(nss.CERT_GetDefaultCertDB()) + +nss.PK11_FindCertFromNickname.argtypes = [c_char_p, c_void_p] +nss.PK11_FindCertFromNickname.restype = c_void_p +def PK11_FindCertFromNickname(nickname, wincx): + return raise_if_NULL(nss.PK11_FindCertFromNickname(nickname, wincx)) + +nss.CERT_DestroyCertificate.argtypes = [c_void_p] +nss.CERT_DestroyCertificate.restype = None +def CERT_DestroyCertificate(cert): + nss.CERT_DestroyCertificate(cert) + +smime.SEC_PKCS7CreateSignedData.argtypes = [c_void_p, c_int, c_void_p, + c_int, c_void_p, + c_void_p, c_void_p] +smime.SEC_PKCS7CreateSignedData.restype = c_void_p +def SEC_PKCS7CreateSignedData(cert, certusage, certdb, digestalg, digest, wincx): + item = SECItem(0, c_char_p(digest), len(digest)) + return raise_if_NULL(smime.SEC_PKCS7CreateSignedData(cert, certusage, certdb, + digestalg, + pointer(item), + None, wincx)) + +smime.SEC_PKCS7AddSigningTime.argtypes = [c_void_p] +smime.SEC_PKCS7AddSigningTime.restype = SECStatus +def SEC_PKCS7AddSigningTime(p7): + raise_if_not_SECSuccess(smime.SEC_PKCS7AddSigningTime(p7)) + +smime.SEC_PKCS7IncludeCertChain.argtypes = [c_void_p, c_void_p] +smime.SEC_PKCS7IncludeCertChain.restype = SECStatus +def SEC_PKCS7IncludeCertChain(p7, wincx): + raise_if_not_SECSuccess(smime.SEC_PKCS7IncludeCertChain(p7, wincx)) + +SEC_PKCS7EncoderOutputCallback = CFUNCTYPE(None, c_void_p, c_void_p, c_long) +smime.SEC_PKCS7Encode.argtypes = [c_void_p, SEC_PKCS7EncoderOutputCallback, + c_void_p, c_void_p, c_void_p, c_void_p] +smime.SEC_PKCS7Encode.restype = SECStatus +def SEC_PKCS7Encode(p7, bulkkey, wincx): + outputChunks = [] + def callback(chunks, data, len): + outputChunks.append(string_at(data, len)) + callbackWrapper = SEC_PKCS7EncoderOutputCallback(callback) + raise_if_not_SECSuccess(smime.SEC_PKCS7Encode(p7, callbackWrapper, + None, None, None, wincx)) + return "".join(outputChunks) + +smime.SEC_PKCS7DestroyContentInfo.argtypes = [c_void_p] +smime.SEC_PKCS7DestroyContentInfo.restype = None +def SEC_PKCS7DestroyContentInfo(p7): + smime.SEC_PKCS7DestroyContentInfo(p7) diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/sign_b2g_manifest.py b/security/manager/ssl/tests/unit/test_signed_manifest/sign_b2g_manifest.py new file mode 100644 index 000000000..a7f060481 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_signed_manifest/sign_b2g_manifest.py @@ -0,0 +1,76 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +import argparse +from base64 import b64encode +from hashlib import sha1 +import sys +import ctypes +import nss_ctypes + +def nss_create_detached_signature(cert, dataToSign, wincx): + certdb = nss_ctypes.CERT_GetDefaultCertDB() + p7 = nss_ctypes.SEC_PKCS7CreateSignedData(cert, + nss_ctypes.certUsageObjectSigner, + certdb, + nss_ctypes.SEC_OID_SHA1, + sha1(dataToSign).digest(), + wincx) + try: + nss_ctypes.SEC_PKCS7AddSigningTime(p7) + nss_ctypes.SEC_PKCS7IncludeCertChain(p7, wincx) + return nss_ctypes.SEC_PKCS7Encode(p7, None, wincx) + finally: + nss_ctypes.SEC_PKCS7DestroyContentInfo(p7) + +# Sign a manifest file +def sign_file(in_file, out_file, cert, wincx): + contents = in_file.read() + in_file.close() + + # generate base64 encoded string of the sha1 digest of the input file + in_file_hash = b64encode(sha1(contents).digest()) + + # sign the base64 encoded string with the given certificate + in_file_signature = nss_create_detached_signature(cert, in_file_hash, wincx) + + # write the content of the output file + out_file.write(in_file_signature) + out_file.close() + +def main(): + parser = argparse.ArgumentParser(description='Sign a B2G app manifest.') + parser.add_argument('-d', action='store', + required=True, help='NSS database directory') + parser.add_argument('-f', action='store', + type=argparse.FileType('rb'), + required=True, help='password file') + parser.add_argument('-k', action='store', + required=True, help="nickname of signing cert.") + parser.add_argument('-i', action='store', type=argparse.FileType('rb'), + required=True, help="input manifest file (unsigned)") + parser.add_argument('-o', action='store', type=argparse.FileType('wb'), + required=True, help="output manifest file (signed)") + args = parser.parse_args() + + db_dir = args.d + password = args.f.readline().strip() + cert_nickname = args.k + cert = None + + try: + nss_ctypes.NSS_Init(db_dir) + wincx = nss_ctypes.SetPasswordContext(password) + cert = nss_ctypes.PK11_FindCertFromNickname(cert_nickname, wincx) + sign_file(args.i, args.o, cert, wincx) + return 0 + finally: + nss_ctypes.CERT_DestroyCertificate(cert) + nss_ctypes.NSS_Shutdown() + +if __name__ == "__main__": + sys.exit(main()) diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/testInvalidSignedManifest/manifest.sig b/security/manager/ssl/tests/unit/test_signed_manifest/testInvalidSignedManifest/manifest.sig new file mode 100644 index 000000000..d5eee196c Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_manifest/testInvalidSignedManifest/manifest.sig differ diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/testValidSignedManifest/manifest.sig b/security/manager/ssl/tests/unit/test_signed_manifest/testValidSignedManifest/manifest.sig new file mode 100644 index 000000000..996226351 Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_manifest/testValidSignedManifest/manifest.sig differ diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/trusted_ca1.der b/security/manager/ssl/tests/unit/test_signed_manifest/trusted_ca1.der new file mode 100644 index 000000000..bf05308cc Binary files /dev/null and b/security/manager/ssl/tests/unit/test_signed_manifest/trusted_ca1.der differ diff --git a/security/manager/ssl/tests/unit/test_sss_eviction.js b/security/manager/ssl/tests/unit/test_sss_eviction.js new file mode 100644 index 000000000..0ac8983f6 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sss_eviction.js @@ -0,0 +1,85 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// The purpose of this test is to check that a frequently visited site +// will not be evicted over an infrequently visited site. + +var gSSService = null; +var gProfileDir = null; + +function do_state_written(aSubject, aTopic, aData) { + if (aData == PRELOAD_STATE_FILE_NAME) { + return; + } + + equal(aData, SSS_STATE_FILE_NAME); + + let stateFile = gProfileDir.clone(); + stateFile.append(SSS_STATE_FILE_NAME); + ok(stateFile.exists()); + let stateFileContents = readFile(stateFile); + // the last part is removed because it's the empty string after the final \n + let lines = stateFileContents.split('\n').slice(0, -1); + // We can receive multiple data-storage-written events. In particular, we + // may receive one where DataStorage wrote out data before we were done + // processing all of our headers. In this case, the data may not be + // as we expect. We only care about the final one being correct, however, + // so we return and wait for the next event if things aren't as we expect. + // There should be 1024 entries. + if (lines.length != 1024) { + return; + } + + let foundLegitSite = false; + for (let line of lines) { + if (line.startsWith("frequentlyused.example.com:HSTS")) { + foundLegitSite = true; + break; + } + } + + ok(foundLegitSite); + do_test_finished(); +} + +function do_state_read(aSubject, aTopic, aData) { + if (aData == PRELOAD_STATE_FILE_NAME) { + return; + } + + equal(aData, SSS_STATE_FILE_NAME); + + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "frequentlyused.example.com", 0)); + let sslStatus = new FakeSSLStatus(); + for (let i = 0; i < 2000; i++) { + let uri = Services.io.newURI("http://bad" + i + ".example.com", null, null); + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=1000", sslStatus, 0); + } + do_test_pending(); + Services.obs.addObserver(do_state_written, "data-storage-written", false); + do_test_finished(); +} + +function run_test() { + Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100); + gProfileDir = do_get_profile(); + let stateFile = gProfileDir.clone(); + stateFile.append(SSS_STATE_FILE_NAME); + // Assuming we're working with a clean slate, the file shouldn't exist + // until we create it. + ok(!stateFile.exists()); + let outputStream = FileUtils.openFileOutputStream(stateFile); + let now = (new Date()).getTime(); + let line = "frequentlyused.example.com:HSTS\t4\t0\t" + (now + 100000) + ",1,0\n"; + outputStream.write(line, line.length); + outputStream.close(); + Services.obs.addObserver(do_state_read, "data-storage-ready", false); + do_test_pending(); + gSSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + notEqual(gSSService, null); +} diff --git a/security/manager/ssl/tests/unit/test_sss_readstate.js b/security/manager/ssl/tests/unit/test_sss_readstate.js new file mode 100644 index 000000000..8b7e8cbb5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sss_readstate.js @@ -0,0 +1,82 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// The purpose of this test is to create a site security service state file +// and see that the site security service reads it properly. + +function writeLine(aLine, aOutputStream) { + aOutputStream.write(aLine, aLine.length); +} + +var gSSService = null; + +function checkStateRead(aSubject, aTopic, aData) { + if (aData == PRELOAD_STATE_FILE_NAME) { + return; + } + + equal(aData, SSS_STATE_FILE_NAME); + + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "expired.example.com", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "notexpired.example.com", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.includesubdomains.preloaded.test", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "incsubdomain.example.com", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.incsubdomain.example.com", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains2.preloaded.test", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.includesubdomains2.preloaded.test", 0)); + + // Clearing the data should make everything go back to default. + gSSService.clearAll(); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "expired.example.com", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "notexpired.example.com", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.includesubdomains.preloaded.test", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "incsubdomain.example.com", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.incsubdomain.example.com", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains2.preloaded.test", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.includesubdomains2.preloaded.test", 0)); + do_test_finished(); +} + +function run_test() { + let profileDir = do_get_profile(); + let stateFile = profileDir.clone(); + stateFile.append(SSS_STATE_FILE_NAME); + // Assuming we're working with a clean slate, the file shouldn't exist + // until we create it. + ok(!stateFile.exists()); + let outputStream = FileUtils.openFileOutputStream(stateFile); + let now = (new Date()).getTime(); + writeLine("expired.example.com:HSTS\t0\t0\t" + (now - 100000) + ",1,0\n", outputStream); + writeLine("notexpired.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream); + // This overrides an entry on the preload list. + writeLine("includesubdomains.preloaded.test:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream); + writeLine("incsubdomain.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,1\n", outputStream); + // This overrides an entry on the preload list. + writeLine("includesubdomains2.preloaded.test:HSTS\t0\t0\t0,2,0\n", outputStream); + outputStream.close(); + Services.obs.addObserver(checkStateRead, "data-storage-ready", false); + do_test_pending(); + gSSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + notEqual(gSSService, null); +} diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_child.js b/security/manager/ssl/tests/unit/test_sss_readstate_child.js new file mode 100644 index 000000000..80f00c31a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sss_readstate_child.js @@ -0,0 +1,41 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// The purpose of this test is to create a site security service state file +// and see that the site security service reads it properly. We also verify +// that state changes are reflected in the child process. + +function writeLine(aLine, aOutputStream) { + aOutputStream.write(aLine, aLine.length); +} + +function start_test_in_child() { + run_test_in_child("sss_readstate_child_worker.js"); + do_test_finished(); +} + +function run_test() { + let profileDir = do_get_profile(); + let stateFile = profileDir.clone(); + stateFile.append(SSS_STATE_FILE_NAME); + // Assuming we're working with a clean slate, the file shouldn't exist + // until we create it. + ok(!stateFile.exists()); + let outputStream = FileUtils.openFileOutputStream(stateFile); + let now = (new Date()).getTime(); + writeLine("expired.example.com:HSTS\t0\t0\t" + (now - 100000) + ",1,0\n", outputStream); + writeLine("notexpired.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream); + // This overrides an entry on the preload list. + writeLine("includesubdomains.preloaded.test:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream); + writeLine("incsubdomain.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,1\n", outputStream); + // This overrides an entry on the preload list. + writeLine("includesubdomains2.preloaded.test:HSTS\t0\t0\t0,2,0\n", outputStream); + outputStream.close(); + Services.obs.addObserver(start_test_in_child, "data-storage-ready", false); + do_test_pending(); + let SSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + notEqual(SSService, null); +} diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_empty.js b/security/manager/ssl/tests/unit/test_sss_readstate_empty.js new file mode 100644 index 000000000..c4605c0af --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sss_readstate_empty.js @@ -0,0 +1,40 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// The purpose of this test is to create an empty site security service state +// file and see that the site security service doesn't fail when reading it. + +var gSSService = null; + +function checkStateRead(aSubject, aTopic, aData) { + // nonexistent.example.com should never be an HSTS host + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "nonexistent.example.com", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + // notexpired.example.com is an HSTS host in a different test - we + // want to make sure that test hasn't interfered with this one. + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "notexpired.example.com", 0)); + do_test_finished(); +} + +function run_test() { + let profileDir = do_get_profile(); + let stateFile = profileDir.clone(); + stateFile.append(SSS_STATE_FILE_NAME); + // Assuming we're working with a clean slate, the file shouldn't exist + // until we create it. + ok(!stateFile.exists()); + stateFile.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0x1a4); // 0x1a4 == 0o644 + ok(stateFile.exists()); + // Initialize nsISiteSecurityService after do_get_profile() so it + // can read the state file. + Services.obs.addObserver(checkStateRead, "data-storage-ready", false); + do_test_pending(); + gSSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + notEqual(gSSService, null); +} diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js b/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js new file mode 100644 index 000000000..d4165f7f4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js @@ -0,0 +1,56 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// The purpose of this test is to create a mostly bogus site security service +// state file and see that the site security service handles it properly. + +function writeLine(aLine, aOutputStream) { + aOutputStream.write(aLine, aLine.length); +} + +var gSSService = null; + +function checkStateRead(aSubject, aTopic, aData) { + if (aData == PRELOAD_STATE_FILE_NAME) { + return; + } + + equal(aData, SSS_STATE_FILE_NAME); + + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example1.example.com", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example2.example.com", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example3.example.com", 0)); + do_test_finished(); +} + +function run_test() { + let profileDir = do_get_profile(); + let stateFile = profileDir.clone(); + stateFile.append(SSS_STATE_FILE_NAME); + // Assuming we're working with a clean slate, the file shouldn't exist + // until we create it. + ok(!stateFile.exists()); + let outputStream = FileUtils.openFileOutputStream(stateFile); + let now = (new Date()).getTime(); + writeLine("example1.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream); + writeLine("I'm a lumberjack and I'm okay; I work all night and I sleep all day!\n", outputStream); + writeLine("This is a totally bogus entry\t\n", outputStream); + writeLine("0\t0\t0\t0\t\n", outputStream); + writeLine("\t\t\t\t\t\t\t\n", outputStream); + writeLine("example.com:HSTS\t\t\t\t\t\t\t\n", outputStream); + writeLine("example3.example.com:HSTS\t0\t\t\t\t\t\t\n", outputStream); + writeLine("example2.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream); + outputStream.close(); + Services.obs.addObserver(checkStateRead, "data-storage-ready", false); + do_test_pending(); + gSSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + notEqual(gSSService, null); +} diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_huge.js b/security/manager/ssl/tests/unit/test_sss_readstate_huge.js new file mode 100644 index 000000000..eec93b6f4 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sss_readstate_huge.js @@ -0,0 +1,60 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// The purpose of this test is to create a site security service state file +// that is too large and see that the site security service reads it properly +// (this means discarding all entries after the 1024th). + +function writeLine(aLine, aOutputStream) { + aOutputStream.write(aLine, aLine.length); +} + +var gSSService = null; + +function checkStateRead(aSubject, aTopic, aData) { + if (aData == PRELOAD_STATE_FILE_NAME) { + return; + } + + equal(aData, SSS_STATE_FILE_NAME); + + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example0.example.com", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example423.example.com", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example1023.example.com", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example1024.example.com", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example1025.example.com", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example9000.example.com", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example99999.example.com", 0)); + do_test_finished(); +} + +function run_test() { + let profileDir = do_get_profile(); + let stateFile = profileDir.clone(); + stateFile.append(SSS_STATE_FILE_NAME); + // Assuming we're working with a clean slate, the file shouldn't exist + // until we create it. + ok(!stateFile.exists()); + let outputStream = FileUtils.openFileOutputStream(stateFile); + let now = (new Date()).getTime(); + for (let i = 0; i < 10000; i++) { + // The 0s will all get squashed down into one 0 when they are read. + // This is just to make the file size large (>2MB). + writeLine("example" + i + ".example.com:HSTS\t0000000000000000000000000000000000000000000000000\t00000000000000000000000000000000000000\t" + (now + 100000) + ",1,0000000000000000000000000000000000000000000000000000000000000000000000000\n", outputStream); + } + outputStream.close(); + Services.obs.addObserver(checkStateRead, "data-storage-ready", false); + do_test_pending(); + gSSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + notEqual(gSSService, null); +} diff --git a/security/manager/ssl/tests/unit/test_sss_savestate.js b/security/manager/ssl/tests/unit/test_sss_savestate.js new file mode 100644 index 000000000..a4d8b5297 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sss_savestate.js @@ -0,0 +1,128 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// The purpose of this test is to see that the site security service properly +// writes its state file. + +const EXPECTED_ENTRIES = 6; +const EXPECTED_HSTS_COLUMNS = 3; +const EXPECTED_HPKP_COLUMNS = 4; +var gProfileDir = null; + +const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; + +// For reference, the format of the state file is a list of: +// ,, +// separated by newlines ('\n') + +function checkStateWritten(aSubject, aTopic, aData) { + if (aData == PRELOAD_STATE_FILE_NAME) { + return; + } + + equal(aData, SSS_STATE_FILE_NAME); + + let stateFile = gProfileDir.clone(); + stateFile.append(SSS_STATE_FILE_NAME); + ok(stateFile.exists()); + let stateFileContents = readFile(stateFile); + // the last line is removed because it's just a trailing newline + let lines = stateFileContents.split('\n').slice(0, -1); + equal(lines.length, EXPECTED_ENTRIES); + let sites = {}; // a map of domain name -> [the entry in the state file] + for (let line of lines) { + let parts = line.split('\t'); + let host = parts[0]; + let score = parts[1]; + let lastAccessed = parts[2]; + let entry = parts[3].split(','); + let expectedColumns = EXPECTED_HSTS_COLUMNS; + if (host.indexOf("HPKP") != -1) { + expectedColumns = EXPECTED_HPKP_COLUMNS; + } + equal(entry.length, expectedColumns); + sites[host] = entry; + } + + // We can receive multiple data-storage-written events. In particular, we + // may receive one where DataStorage wrote out data before we were done + // processing all of our headers. In this case, the data may not be + // as we expect. We only care about the final one being correct, however, + // so we return and wait for the next event if things aren't as we expect. + // sites[url][1] corresponds to SecurityPropertySet (if 1) and + // SecurityPropertyUnset (if 0) + // sites[url][2] corresponds to includeSubdomains + if (sites["includesubdomains.preloaded.test:HSTS"][1] != 1) { + return; + } + if (sites["includesubdomains.preloaded.test:HSTS"][2] != 0) { + return; + } + if (sites["a.example.com:HSTS"][1] != 1) { + return; + } + if (sites["a.example.com:HSTS"][2] != 1) { + return; + } + if (sites["b.example.com:HSTS"][1] != 1) { + return; + } + if (sites["b.example.com:HSTS"][2] != 0) { + return; + } + if (sites["c.c.example.com:HSTS"][1] != 1) { + return; + } + if (sites["c.c.example.com:HSTS"][2] != 1) { + return; + } + if (sites["d.example.com:HSTS"][1] != 1) { + return; + } + if (sites["d.example.com:HSTS"][2] != 0) { + return; + } + if (sites["dynamic-pin.example.com:HPKP"][1] != 1) { + return; + } + if (sites["dynamic-pin.example.com:HPKP"][2] != 1) { + return; + } + equal(sites["dynamic-pin.example.com:HPKP"][3], NON_ISSUED_KEY_HASH); + + do_test_finished(); +} + +function run_test() { + Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100); + gProfileDir = do_get_profile(); + let SSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + // Put an HPKP entry + SSService.setKeyPins("dynamic-pin.example.com", true, + new Date().getTime() + 1000000, 1, + [NON_ISSUED_KEY_HASH]); + + let uris = [ Services.io.newURI("http://includesubdomains.preloaded.test", null, null), + Services.io.newURI("http://a.example.com", null, null), + Services.io.newURI("http://b.example.com", null, null), + Services.io.newURI("http://c.c.example.com", null, null), + Services.io.newURI("http://d.example.com", null, null) ]; + + for (let i = 0; i < 1000; i++) { + let uriIndex = i % uris.length; + // vary max-age + let maxAge = "max-age=" + (i * 1000); + // alternate setting includeSubdomains + let includeSubdomains = (i % 2 == 0 ? "; includeSubdomains" : ""); + let sslStatus = new FakeSSLStatus(); + SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, + uris[uriIndex], maxAge + includeSubdomains, + sslStatus, 0); + } + + do_test_pending(); + Services.obs.addObserver(checkStateWritten, "data-storage-written", false); +} diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign.js b/security/manager/ssl/tests/unit/test_startcom_wosign.js new file mode 100644 index 000000000..4ba89ca73 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign.js @@ -0,0 +1,43 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests handling of certificates issued by StartCom and WoSign. If such +// certificates have a notBefore before 21 October 2016, they are handled +// normally. Otherwise, they are treated as revoked. + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function loadCertWithTrust(certName, trustString) { + addCertFromFile(certdb, "test_startcom_wosign/" + certName + ".pem", trustString); +} + +function certFromFile(certName) { + return constructCertFromFile("test_startcom_wosign/" + certName + ".pem"); +} + +function checkEndEntity(cert, expectedResult) { + // (new Date("2016-11-01")).getTime() / 1000 + const VALIDATION_TIME = 1477958400; + checkCertErrorGenericAtTime(certdb, cert, expectedResult, + certificateUsageSSLServer, VALIDATION_TIME); +} + +loadCertWithTrust("ca", "CTu,,"); +// This is not a real StartCom CA - it merely has the same distinguished name as +// one (namely "/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2", +// encoded with PrintableStrings). By checking for specific DNs, we can enforce +// the date-based policy in a way that is testable. +loadCertWithTrust("StartComCA", ",,"); +checkEndEntity(certFromFile("StartCom-before-cutoff"), PRErrorCodeSuccess); +checkEndEntity(certFromFile("StartCom-after-cutoff"), SEC_ERROR_REVOKED_CERTIFICATE); + +// Similarly, this is not a real WoSign CA. It has the same distinguished name +// as "/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign", encoded +// with PrintableStrings). +loadCertWithTrust("WoSignCA", ",,"); +checkEndEntity(certFromFile("WoSign-before-cutoff"), PRErrorCodeSuccess); +checkEndEntity(certFromFile("WoSign-after-cutoff"), SEC_ERROR_REVOKED_CERTIFICATE); diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem new file mode 100644 index 000000000..a3914b33f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGzCCAgWgAwIBAgIUQcnJ38esL8x6sizuR5KC5SFcqMUwCwYJKoZIhvcNAQEL +MFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYDVQQD +EyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjAiGA8yMDE2MTAy +MjAwMDAwMFoYDzIwMTcxMDIyMDAwMDAwWjAgMR4wHAYDVQQDDBVTdGFydENvbS1h +ZnRlci1jdXRvZmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo +RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a +dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t +aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n +FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX +Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py +UcQx1QOs2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAsG +CSqGSIb3DQEBCwOCAQEAhvpbb5H8Cokd2S8g/tYMutgqnA7UXrYMiIMTC4AwLua3 +FCbqpHVU8oyAuL2uQ+RIPGIRBgVKgqlz1zrvB3HLX1DJ1yiUUbgDcCfGeLTQ1dOj +ZEHKYgRxmb6OQyMjaHRvXSlPpuKoA2eymj7IaCyRwX3qxVX1vt7UpVEInpwVusNQ +L2UH4ni0W/GfoO2z8DgMWv2fJAWaFJlVQgalhEq7qZ0B1vSMsx/exwjsqQiTCdGL +y46y/wo/sUklpQyX7U3/FsYGAEw27LoJ+pf88Stk5VuTu+Ip5KnbWklRlKDxHoo1 +5VriR2NfFVfqtvapGNougn7t2xEuISVtSp2CKVBuUA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec new file mode 100644 index 000000000..9f0fe22fc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec @@ -0,0 +1,4 @@ +issuer:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2 +subject:StartCom-after-cutoff +validity:20161022-20171022 +extension:subjectAlternativeName:example.com diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem new file mode 100644 index 000000000..a219e745f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHDCCAgagAwIBAgIUWZ9YRoup7gVY1EokoIfmnmi93gYwCwYJKoZIhvcNAQEL +MFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYDVQQD +EyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjAiGA8yMDE1MTAy +MjAwMDAwMFoYDzIwMTcxMDIyMDAwMDAwWjAhMR8wHQYDVQQDDBZTdGFydENvbS1i +ZWZvcmUtY3V0b2ZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR +qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv +WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+ +rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv +JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5 +Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6 +clHEMdUDrNoYCjXtjQIDAQABoxowGDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAL +BgkqhkiG9w0BAQsDggEBAFhgX9UQSu/Bde3O4EDhIrl413weRbOsy2qU8UrRMrm5 +3im2TGF2/75rlu3vE3dHQaSqPRiZ1HK1FvHt6faohJKGfbN2AFABIpPleh2evQC8 +wXjOcrURnz0MrK5c9v6gNjUq63n9daeIDLby7CTnKPuVGa2kpOWFI8gBGnOj3a96 +oBO9wfi8fVpKRxK+BoCfwUmF4HzlyQy7hMDcHUuf0rlSch6NKVeUpHBP4XlmnITO +KC7TCIbM2cGSqsSr8rF5AdeCSf2ZukAHQUwO7W/Bs8OIaqurIjwEnM3E/wqUk/MW +VzySem5LqHnz4yfeOKR9+DQImKZ0pAWn6cIuumMDP2M= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec new file mode 100644 index 000000000..b7fbd4954 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec @@ -0,0 +1,4 @@ +issuer:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2 +subject:StartCom-before-cutoff +validity:20151022-20171022 +extension:subjectAlternativeName:example.com diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem new file mode 100644 index 000000000..720c59d4f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCzCCAfWgAwIBAgIUP4zQ8t+wfQSkTf7d5CJUa6DCaDEwCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYD +VQQDEyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1 +SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+ +zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL +K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc +bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW +JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd +MBswCwYDVR0PBAQDAgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQBJ +c1GQxMzouK7DnQ1vgrw5LH92x3navGhO7gJWN2dca1QXnzXG3c/Yh3aqbmNI0fu+ +4PXBEKWP2i+Idgslmxi0O/I9VURHGfEo5JzLEbK6Bj/hU1VIrHj64HZ4F0XcL/K8 +kD8kqLWyuoD/i1mjTp4oGNsprv6M/TsU5nv5FszWvtv0CaGmrjNjOvYEUBo5xies +ETPbmmPKeVwa1Npk/9uBK8Zyczj0s3rRBaOa3NhzhKuL+6x5sKzEO6uxKgEf1GYB +KFyugaqLXYsHRTI47gwtRtVHkmriZdxLJJV+8C9OkINUf7fVZNTrdcFncrAQrxDS +can7HEO19JtMcStdW34i +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec new file mode 100644 index 000000000..ee5d9fff1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2 +extension:keyUsage:keyCertSign,cRLSign +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem new file mode 100644 index 000000000..5d7d50527 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGzCCAgWgAwIBAgIUMYT7CkMtLLxN3tKEWzFXFQ6c/gwwCwYJKoZIhvcNAQEL +MFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgG +A1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduMCIYDzIwMTYx +MDIyMDAwMDAwWhgPMjAxNzEwMjIwMDAwMDBaMB4xHDAaBgNVBAMME1dvU2lnbi1h +ZnRlci1jdXRvZmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo +RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a +dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t +aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n +FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX +Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py +UcQx1QOs2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAsG +CSqGSIb3DQEBCwOCAQEAjBm9k3WX810z55fcMrbsT6AJk4Fhr+rRLth+KWEpkvN+ +gYZymkVIA390oFyH9VxbEGvSIv6bJfB7yVOtL2q6mj9mn7ybRoWlX1HOH7Cjqp7R +6qivI4nG5Khn6uQxSxBbu26yhHmGcyq0QrhKEGrLzhoQc/0MOg32xnRRNu/bkFiL +GNsu6wkRnB82aC4qjyohfkNqnaHES+D5ed+GuSD5QEU/r7Gz0Wd1a+MiOBc71R0W +WDadFfE7sTuMiidSrxdN4j5sGwSvyudM3NlEHhnyn/jJcOzYpTtVOg5qmcrNRxq5 +ppj7eoIfCz+YJVz86cI96TM7S4OL8LG+UU90+3Kd8w== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec new file mode 100644 index 000000000..2afb5d6ea --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec @@ -0,0 +1,4 @@ +issuer:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign +subject:WoSign-after-cutoff +validity:20161022-20171022 +extension:subjectAlternativeName:example.com diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem new file mode 100644 index 000000000..09c661a92 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHDCCAgagAwIBAgIUVWn2KHK/AHKe+8z02VsFj3fXqjAwCwYJKoZIhvcNAQEL +MFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgG +A1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduMCIYDzIwMTUx +MDIyMDAwMDAwWhgPMjAxNzEwMjIwMDAwMDBaMB8xHTAbBgNVBAMMFFdvU2lnbi1i +ZWZvcmUtY3V0b2ZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR +qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv +WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+ +rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv +JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5 +Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6 +clHEMdUDrNoYCjXtjQIDAQABoxowGDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAL +BgkqhkiG9w0BAQsDggEBALMqCQoOhrBOeIzR7ffMCR/qUNz8LeELms31eF0Ks/Ol +vMUJ9FBJOVHWq40zXnNBrH3qTVnTgAAZegjepzgggwd52gkkg0aD5WCZZy7TP1ie +fbcdqC71LWghBZKkl6EFBDcnB4/ssc5MDhFAd3qyH/GHZSwtn2Ekk3vQBudOC/tW +W/OGS5o+qP3NwtTWXmdD5Q/dmm0wUp9t+4sJ9glwBVDeJfi23QWbR6G2cBBcyzvS +IZ+F1dOPKrZ23OJufiu4pDLQupC9mpQUWXb5kst+i//52Zsfupe3U/4XjcLbqR+1 +VVhcoBNf/mJs9UMIpaG0tn+j82rw7t8zGd1VMcA/XYM= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec new file mode 100644 index 000000000..224522bf0 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec @@ -0,0 +1,4 @@ +issuer:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign +subject:WoSign-before-cutoff +validity:20151022-20171022 +extension:subjectAlternativeName:example.com diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem new file mode 100644 index 000000000..30199bb3f --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDTCCAfegAwIBAgIUDxl5OmNq9eGdBbJrOQ/hkQbkVH0wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw +MDBaMFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEq +MCgGA1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq +5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc +An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39 +ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk +zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u +JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB +ox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zALBgkqhkiG9w0BAQsDggEB +AEXCRSFaCDBBttpHRtGnX/tHbazxrHVzK2e5C8wN5piB8sOnwDHfpbRkcqs5Dn11 +7CAaRb993YVk22qzQ+R+r9cbbg2VuuBEYeHgGWNFdy4Oe4FMneHzOarWLiwIKjvS +ZWf+obcRQpfI1hhXu5NkkZM5VgRwuRziIF6Xe9brQq5oqos/B9Rn7Edu6i8URrHx +JLmpzTWGpyMYxVjUnvFQUyhFWaDMNE83SvXFY4bJww7O44XdXPpvrGU40oqZPPF4 +gzkYRmBAa/T4ERDQFigoqgZ9AmbFCnRQOBMLUwHT4ShcBO7iMCpxChpEb+nhr0LP +fPkwoQr8c4keJOSpman2iXA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec new file mode 100644 index 000000000..db92c5f6d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec @@ -0,0 +1,4 @@ +issuer:ca +subject:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign +extension:keyUsage:keyCertSign,cRLSign +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem new file mode 100644 index 000000000..4e4cb7814 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAa+gAwIBAgIUQd13DvR3qDTAkz/7io280SPUCd0wCwYJKoZIhvcNAQEL +MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAw +MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu +Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO +7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf +qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt +HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx +uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0T +BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAAEilE//BPKAsXleuiF6ITvBkjgJzlaD +lGphvhPZNXENmYqkSOAZXAglmX0N4mq/1o3OC4IAhxqOj901y+QRM8zdemGDbpG7 +oqvAgeX5JLMKg5zj1lkdVkuNTfnKzNVJOWLHU4T1LrLuUGkVl7ba3s9RrqRmYtu8 +o4IgFUOXopjAo6Be/xrPzrRE6wTOFkhVaShYZBNNN/yJ4Eni4BnwxQ3uNSs6OQOO +MpHW1Ibil2Oq7xcOmMj3WbB8uWCp1deM7h7l/u8cyUEMSCAhkYgSCorv/rECjP1k +K3quGWnX3aN7idc4lOZkROIFyKR2V1No5OyUjmR2QKxf2RUq4XEWP2E= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec new file mode 100644 index 000000000..efd24b153 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec @@ -0,0 +1,5 @@ +issuer:ca +subject:ca +validity:20100101-20500101 +extension:keyUsage:keyCertSign,cRLSign +extension:basicConstraints:cA, diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/moz.build b/security/manager/ssl/tests/unit/test_startcom_wosign/moz.build new file mode 100644 index 000000000..ed3680061 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign/moz.build @@ -0,0 +1,19 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'StartCom-after-cutoff.pem', +# 'StartCom-before-cutoff.pem', +# 'StartComCA.pem', +# 'WoSign-after-cutoff.pem', +# 'WoSign-before-cutoff.pem', +# 'WoSignCA.pem', +# 'ca.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) diff --git a/security/manager/ssl/tests/unit/test_sts_fqdn.js b/security/manager/ssl/tests/unit/test_sts_fqdn.js new file mode 100644 index 000000000..c2c3eb2bd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sts_fqdn.js @@ -0,0 +1,50 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ +"use strict"; + +function run_test() { + let SSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com.", 0)); + // These cases are only relevant as long as bug 1118522 hasn't been fixed. + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com..", 0)); + + let uri = Services.io.newURI("https://example.com", null, null); + let sslStatus = new FakeSSLStatus(); + SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=1000;includeSubdomains", sslStatus, 0); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com.", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com..", 0)); + + ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + uri = Services.io.newURI("https://example.com.", null, null); + ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + uri = Services.io.newURI("https://example.com..", null, null); + ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + + SSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com.", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com..", 0)); + + // Somehow creating this malformed URI succeeds - we need to handle it + // gracefully. + uri = Services.io.newURI("https://../foo", null, null); + equal(uri.host, ".."); + throws(() => { + SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0); + }, /NS_ERROR_UNEXPECTED/, "Malformed URI should be rejected"); +} diff --git a/security/manager/ssl/tests/unit/test_sts_holepunch.js b/security/manager/ssl/tests/unit/test_sts_holepunch.js new file mode 100644 index 000000000..b7e643148 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sts_holepunch.js @@ -0,0 +1,34 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ +"use strict"; + +// bug 961528: chart.apis.google.com doesn't handle https. Check that +// it isn't considered HSTS (other example.apis.google.com hosts should be +// HSTS as long as they're on the preload list, however). +function run_test() { + let SSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "chart.apis.google.com", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "CHART.APIS.GOOGLE.COM", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.chart.apis.google.com", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "SUB.CHART.APIS.GOOGLE.COM", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.apis.google.com", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "EXAMPLE.APIS.GOOGLE.COM", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sub.example.apis.google.com", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "SUB.EXAMPLE.APIS.GOOGLE.COM", 0)); + // also check isSecureURI + let chartURI = Services.io.newURI("http://chart.apis.google.com", null, null); + ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, chartURI, 0)); + let otherURI = Services.io.newURI("http://other.apis.google.com", null, null); + ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, otherURI, 0)); +} diff --git a/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js b/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js new file mode 100644 index 000000000..934fa4c3a --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js @@ -0,0 +1,42 @@ +"use strict"; + +function check_ip(s, v, ip) { + let sslStatus = new FakeSSLStatus(); + ok(!s.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, ip, 0)); + + let str = "https://"; + if (v == 6) { + str += "["; + } + str += ip; + if (v == 6) { + str += "]"; + } + str += "/"; + + let uri = Services.io.newURI(str, null, null); + + let parsedMaxAge = {}; + let parsedIncludeSubdomains = {}; + s.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=1000;includeSubdomains", sslStatus, 0, + parsedMaxAge, parsedIncludeSubdomains); + + /* Test that processHeader will ignore headers for an uri, if the uri + * contains an IP address not a hostname. + * If processHeader indeed ignore the header, then the output parameters will + * remain empty, and we shouldn't see the values passed as the header. + */ + notEqual(parsedMaxAge.value, 1000); + notEqual(parsedIncludeSubdomains.value, true); +} + +function run_test() { + let SSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + + check_ip(SSService, 4, "127.0.0.1"); + check_ip(SSService, 4, "10.0.0.1"); + check_ip(SSService, 6, "2001:db8::1"); + check_ip(SSService, 6, "1080::8:800:200C:417A"); +} diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js new file mode 100644 index 000000000..e83f6f5b9 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js @@ -0,0 +1,217 @@ +"use strict"; + +var gSSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + +function Observer() {} +Observer.prototype = { + observe: function(subject, topic, data) { + if (topic == "last-pb-context-exited") { + run_next_test(); + } + } +}; + +var gObserver = new Observer(); +var sslStatus = new FakeSSLStatus(); + +function cleanup() { + Services.obs.removeObserver(gObserver, "last-pb-context-exited"); + gSSService.clearAll(); +} + +function run_test() { + do_register_cleanup(cleanup); + Services.obs.addObserver(gObserver, "last-pb-context-exited", false); + + add_test(test_part1); + add_test(test_private_browsing1); + add_test(test_private_browsing2); + + run_next_test(); +} + +function test_part1() { + // check that a host not in the list is not identified as an sts host + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "nonexistent.example.com", 0)); + + // check that an ancestor domain is not identified as an sts host + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "com", 0)); + + // check that the pref to toggle using the preload list works + Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", true); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + + // check that a subdomain is an sts host (includeSubdomains is set) + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "subdomain.includesubdomains.preloaded.test", 0)); + + // check that another subdomain is an sts host (includeSubdomains is set) + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "a.b.c.def.includesubdomains.preloaded.test", 0)); + + // check that a subdomain is not an sts host (includeSubdomains is not set) + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "subdomain.noincludesubdomains.preloaded.test", 0)); + + // check that a host with a dot on the end won't break anything + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "notsts.nonexistent.example.com.", 0)); + + // check that processing a header with max-age: 0 will remove a preloaded + // site from the list + let uri = Services.io.newURI("http://includesubdomains.preloaded.test", null, null); + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=0", sslStatus, 0); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "subdomain.includesubdomains.preloaded.test", 0)); + // check that processing another header (with max-age non-zero) will + // re-enable a site's sts status + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=1000", sslStatus, 0); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + // but this time include subdomains was not set, so test for that + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "subdomain.includesubdomains.preloaded.test", 0)); + gSSService.clearAll(); + + // check that processing a header with max-age: 0 from a subdomain of a site + // will not remove that (ancestor) site from the list + uri = Services.io.newURI("http://subdomain.noincludesubdomains.preloaded.test", null, null); + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=0", sslStatus, 0); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "noincludesubdomains.preloaded.test", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "subdomain.noincludesubdomains.preloaded.test", 0)); + + uri = Services.io.newURI("http://subdomain.includesubdomains.preloaded.test", null, null); + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=0", sslStatus, 0); + // we received a header with "max-age=0", so we have "no information" + // regarding the sts state of subdomain.includesubdomains.preloaded.test specifically, + // but it is actually still an STS host, because of the preloaded + // includesubdomains.preloaded.test including subdomains. + // Here's a drawing: + // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host + // |-- subdomain.includesubdomains.preloaded.test IS sts host + // | `-- another.subdomain.includesubdomains.preloaded.test IS sts host + // `-- sibling.includesubdomains.preloaded.test IS sts host + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "subdomain.includesubdomains.preloaded.test", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sibling.includesubdomains.preloaded.test", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "another.subdomain.includesubdomains.preloaded.test", 0)); + + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=1000", sslStatus, 0); + // Here's what we have now: + // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host + // |-- subdomain.includesubdomains.preloaded.test (include subdomains is false) IS sts host + // | `-- another.subdomain.includesubdomains.preloaded.test IS NOT sts host + // `-- sibling.includesubdomains.preloaded.test IS sts host + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "subdomain.includesubdomains.preloaded.test", 0)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "sibling.includesubdomains.preloaded.test", 0)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "another.subdomain.includesubdomains.preloaded.test", 0)); + + // Test that an expired non-private browsing entry results in correctly + // identifying a host that is on the preload list as no longer sts. + // (This happens when we're in regular browsing mode, we get a header from + // a site on the preload list, and that header later expires. We need to + // then treat that host as no longer an sts host.) + // (sanity check first - this should be in the preload list) + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains2.preloaded.test", 0)); + uri = Services.io.newURI("http://includesubdomains2.preloaded.test", null, null); + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=1", sslStatus, 0); + do_timeout(1250, function() { + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains2.preloaded.test", 0)); + run_next_test(); + }); +} + +const IS_PRIVATE = Ci.nsISocketProvider.NO_PERMANENT_STORAGE; + +function test_private_browsing1() { + gSSService.clearAll(); + // sanity - includesubdomains.preloaded.test is preloaded, includeSubdomains set + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", IS_PRIVATE)); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "a.b.c.subdomain.includesubdomains.preloaded.test", IS_PRIVATE)); + + let uri = Services.io.newURI("http://includesubdomains.preloaded.test", null, null); + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=0", sslStatus, IS_PRIVATE); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", IS_PRIVATE)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "a.b.subdomain.includesubdomains.preloaded.test", IS_PRIVATE)); + + // check adding it back in + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=1000", sslStatus, IS_PRIVATE); + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", IS_PRIVATE)); + // but no includeSubdomains this time + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "b.subdomain.includesubdomains.preloaded.test", IS_PRIVATE)); + + // do the hokey-pokey... + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=0", sslStatus, IS_PRIVATE); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", IS_PRIVATE)); + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "subdomain.includesubdomains.preloaded.test", IS_PRIVATE)); + + // Test that an expired private browsing entry results in correctly + // identifying a host that is on the preload list as no longer sts. + // (This happens when we're in private browsing mode, we get a header from + // a site on the preload list, and that header later expires. We need to + // then treat that host as no longer an sts host.) + // (sanity check first - this should be in the preload list) + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains2.preloaded.test", IS_PRIVATE)); + uri = Services.io.newURI("http://includesubdomains2.preloaded.test", null, null); + gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=1", sslStatus, IS_PRIVATE); + do_timeout(1250, function() { + ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains2.preloaded.test", IS_PRIVATE)); + // Simulate leaving private browsing mode + Services.obs.notifyObservers(null, "last-pb-context-exited", null); + }); +} + +function test_private_browsing2() { + // if this test gets this far, it means there's a private browsing service + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + // the includesubdomains.preloaded.test entry has includeSubdomains set + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "subdomain.includesubdomains.preloaded.test", 0)); + + // Now that we're out of private browsing mode, we need to make sure + // we've "forgotten" that we "forgot" this site's sts status. + ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains2.preloaded.test", 0)); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js new file mode 100644 index 000000000..8b75b52ae --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js @@ -0,0 +1,23 @@ +"use strict"; + +function run_test() { + let SSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + + // check that a host on the preload list is identified as an sts host + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + + // now simulate that it's 19 weeks later than it actually is + let offsetSeconds = 19 * 7 * 24 * 60 * 60; + Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds); + + // check that the preloaded host is no longer considered sts + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); + + // just make sure we can get everything back to normal + Services.prefs.clearUserPref("test.currentTimeOffsetSeconds"); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "includesubdomains.preloaded.test", 0)); +} diff --git a/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js new file mode 100644 index 000000000..d7ffd17bd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js @@ -0,0 +1,133 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This test is for the TLS error reporting functionality exposed by + * SecurityReporter.js in /toolkit/components/securityreporter. The test is + * here because we make use of the tlsserver functionality that lives with the + * PSM ssl tests. + * + * The testing here will be augmented by the existing mochitests for the + * error reporting functionality in aboutNetError.xhtml and + * aboutCertError.xhtml once these make use of this component. + */ + +"use strict"; +const CC = Components.Constructor; +const Cm = Components.manager; + +Cu.import("resource://testing-common/AppInfo.jsm"); +/*global updateAppInfo:false*/ // Imported via AppInfo.jsm. +updateAppInfo(); + +// We must get the profile before performing operations on the cert db. +do_get_profile(); + +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); +const reporter = Cc["@mozilla.org/securityreporter;1"] + .getService(Ci.nsISecurityReporter); + + +const BinaryInputStream = CC("@mozilla.org/binaryinputstream;1", + "nsIBinaryInputStream", "setInputStream"); + +var server; + +// this allows us to create a callback which checks that a report is as +// expected. +function getReportCheck(expectReport, expectedError) { + return function sendReportWithInfo(transportSecurityInfo) { + // register a path handler on the server + server.registerPathHandler("/submit/sslreports", + function(request, response) { + if (expectReport) { + let report = JSON.parse(readDataFromRequest(request)); + do_check_eq(report.errorCode, expectedError); + response.setStatusLine(null, 201, "Created"); + response.write("Created"); + } else { + do_throw("No report should have been received"); + } + }); + + reporter.reportTLSError(transportSecurityInfo, "example.com", -1); + }; +} + +// read the request body from a request +function readDataFromRequest(aRequest) { + if (aRequest.method == "POST" || aRequest.method == "PUT") { + if (aRequest.bodyInputStream) { + let inputStream = new BinaryInputStream(aRequest.bodyInputStream); + let bytes = []; + let available; + + while ((available = inputStream.available()) > 0) { + Array.prototype.push.apply(bytes, inputStream.readByteArray(available)); + } + + return String.fromCharCode.apply(null, bytes); + } + } + return null; +} + +function run_test() { + // start a report server + server = new HttpServer(); + server.start(-1); + + let port = server.identity.primaryPort; + + // Set the reporting URL to ensure any reports are sent to the test server + Services.prefs.setCharPref("security.ssl.errorReporting.url", + `http://localhost:${port}/submit/sslreports`); + // set strict-mode pinning enforcement so we can cause connection failures. + Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2); + + // start a TLS server + add_tls_server_setup("BadCertServer", "bad_certs"); + + // Add a user-specified trust anchor. + addCertFromFile(certdb, "bad_certs/other-test-ca.pem", "CTu,u,u"); + + + // Cause a reportable condition with error reporting disabled. No report + // should be sent. + Services.prefs.setBoolPref("security.ssl.errorReporting.enabled", false); + add_connection_test("expired.example.com", + SEC_ERROR_EXPIRED_CERTIFICATE, null, + getReportCheck(false)); + + // Now enable reporting + add_test(function () { + Services.prefs.setBoolPref("security.ssl.errorReporting.enabled", true); + run_next_test(); + }); + + // test calling the component with no transportSecurityInfo. No report should + // be sent even though reporting is enabled. + add_test(function() { + server.registerPathHandler("/submit/sslreports", + function(request, response) { + do_throw("No report should be sent"); + }); + reporter.reportTLSError(null, "example.com", -1); + run_next_test(); + }); + + // Test sending a report with no error. This allows us to check the case + // where there is no failed cert chain + add_connection_test("good.include-subdomains.pinning.example.com", + PRErrorCodeSuccess, null, + getReportCheck(true, PRErrorCodeSuccess)); + + // Test sending a report where there is an error and a failed cert chain. + add_connection_test("expired.example.com", + SEC_ERROR_EXPIRED_CERTIFICATE, null, + getReportCheck(true, SEC_ERROR_EXPIRED_CERTIFICATE)); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_validity.js b/security/manager/ssl/tests/unit/test_validity.js new file mode 100644 index 000000000..9158c7a5d --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity.js @@ -0,0 +1,92 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests that chains containing an end-entity cert with an overly long validity +// period are rejected. + +do_get_profile(); // Must be called before getting nsIX509CertDB +const certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +const SERVER_PORT = 8888; + +function getOCSPResponder(expectedCertNames) { + let expectedPaths = expectedCertNames.slice(); + return startOCSPResponder(SERVER_PORT, "www.example.com", "test_validity", + expectedCertNames, expectedPaths); +} + +function certFromFile(filename) { + return constructCertFromFile(`test_validity/${filename}`); +} + +function loadCert(certFilename, trustString) { + addCertFromFile(certDB, `test_validity/${certFilename}`, trustString); +} + +/** + * Adds a single EV test. + * + * @param {Array} expectedNamesForOCSP + * An array of nicknames of the certs to be responded to. + * @param {String} rootCertFileName + * The file name of the root cert. Can begin with ".." to reference + * certs in folders other than "test_validity/". + * @param {Array} intCertFileNames + * An array of file names of any intermediate certificates. + * @param {String} endEntityCertFileName + * The file name of the end entity cert. + * @param {Boolean} expectedResult + * Whether the chain is expected to validate as EV. + */ +function addEVTest(expectedNamesForOCSP, rootCertFileName, intCertFileNames, + endEntityCertFileName, expectedResult) +{ + add_test(function() { + clearOCSPCache(); + let ocspResponder = getOCSPResponder(expectedNamesForOCSP); + + loadCert(`${rootCertFileName}.pem`, "CTu,CTu,CTu"); + for (let intCertFileName of intCertFileNames) { + loadCert(`${intCertFileName}.pem`, ",,"); + } + checkEVStatus(certDB, certFromFile(`${endEntityCertFileName}.pem`), + certificateUsageSSLServer, expectedResult); + + ocspResponder.stop(run_next_test); + }); +} + +function checkEVChains() { + // Chain with an end entity cert with a validity period that is acceptable + // for EV. + const intFullName = "ev_int_60_months-evroot"; + let eeFullName = `ev_ee_27_months-${intFullName}`; + let expectedNamesForOCSP = gEVExpected + ? [ intFullName, + eeFullName ] + : [ eeFullName ]; + addEVTest(expectedNamesForOCSP, "../test_ev_certs/evroot", [ intFullName ], + eeFullName, gEVExpected); + + // Chain with an end entity cert with a validity period that is too long + // for EV. + eeFullName = `ev_ee_28_months-${intFullName}`; + expectedNamesForOCSP = gEVExpected + ? [ intFullName, + eeFullName ] + : [ eeFullName ]; + addEVTest(expectedNamesForOCSP, "../test_ev_certs/evroot", [ intFullName ], + eeFullName, false); +} + +function run_test() { + Services.prefs.setCharPref("network.dns.localDomains", "www.example.com"); + Services.prefs.setIntPref("security.OCSP.enabled", 1); + + checkEVChains(); + + run_next_test(); +} diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem new file mode 100644 index 000000000..6a351f0f8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaTCCAlOgAwIBAgIUCfxWL6o44roTydDNAETL0eXxLF4wCwYJKoZIhvcNAQEL +MCIxIDAeBgNVBAMMF2V2X2ludF82MF9tb250aHMtZXZyb290MCIYDzIwMTUxMTE3 +MDAwMDAwWhgPMjAxODAyMTYwMDAwMDBaMDIxMDAuBgNVBAMMJ2V2X2VlXzI3X21v +bnRocy1ldl9pbnRfNjBfbW9udGhzLWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhjCBgzBgBggrBgEF +BQcBAQRUMFIwUAYIKwYBBQUHMAGGRGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4 +OC9ldl9lZV8yN19tb250aHMtZXZfaW50XzYwX21vbnRocy1ldnJvb3QvMB8GA1Ud +IAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOCAQEAIVNL +5xN2XbNowmdE1AqGcx+fPzou65QRhhus3kLeDKiULIn8fk75rI9+3oqOpeu908iu +1BQze/EX24DC8k+vkSWRSud1by/AL1ztnTFuFa1UFxKyTBzn9CGHqOK2fcQ2/TZk +Zewt7yNcsazKGaf+V2K3slnNOjx1Jx7aby8moA74FzoEv6jCHhfbx5l+Ul5izDZH +EcBi4kOZR6AFP8RhhG8ohqKXv7pxi7tS2OV75cl0sE4XwKp1UbdH7B2ea/aO9ZY8 +Bkq6vgY6Y2kAp8PE2S6cAY9ugEjoplBUq85/1n5FhpBevhMJ/L7oZ+EhooGowRfH +VofhfUBd6Cn2fsTiMQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec new file mode 100644 index 000000000..d2c7fa127 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec @@ -0,0 +1,5 @@ +issuer:ev_int_60_months-evroot +subject:ev_ee_27_months-ev_int_60_months-evroot +validity:823 +extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_27_months-ev_int_60_months-evroot/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem new file mode 100644 index 000000000..28d7bdb90 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaTCCAlOgAwIBAgIUVzCbeSKUj0d/ynX8eWoINELWJi8wCwYJKoZIhvcNAQEL +MCIxIDAeBgNVBAMMF2V2X2ludF82MF9tb250aHMtZXZyb290MCIYDzIwMTUxMTAx +MDAwMDAwWhgPMjAxODAzMDQwMDAwMDBaMDIxMDAuBgNVBAMMJ2V2X2VlXzI4X21v +bnRocy1ldl9pbnRfNjBfbW9udGhzLWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl +qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg +w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx +V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1 +MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs +vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhjCBgzBgBggrBgEF +BQcBAQRUMFIwUAYIKwYBBQUHMAGGRGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4 +OC9ldl9lZV8yOF9tb250aHMtZXZfaW50XzYwX21vbnRocy1ldnJvb3QvMB8GA1Ud +IAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOCAQEAjqOB +RSvTVS9M/STcTmevwdW+JZXFkXvMYQ2TZQNsdKL8jTF7V8yUAuWIXt9dfZksRzCH +J2M2iFBeme2w9732nv8dLiBvfHNHpWAW8YnQka0+SMXgsD7lMuHgXhbesGoGS6f6 +jtO5TsB+D1pXFncehDcxbW+0Ai1yd5sFuFaq2wN6zgsANzwehXp9qCGQ1jVQ2ti5 +ai4raaipKXEo3j3DxlNPdrdeN0RSimP+Mnyfj8LSxnmZQM1hdwRhJekUPQUux4pZ +qseofBITmHehriREJRZlzxCzccpr2wCcwUYNBDwSJK91xy0SW2gSAQV0OVx/e3tA +SqIRcRMdskz9NWa/oA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec new file mode 100644 index 000000000..2dcfb2e29 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec @@ -0,0 +1,5 @@ +issuer:ev_int_60_months-evroot +subject:ev_ee_28_months-ev_int_60_months-evroot +validity:854 +extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_28_months-ev_int_60_months-evroot/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key new file mode 100644 index 000000000..8af23e068 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9 +braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI +eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6 +iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za +qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7 +LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs +2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs +VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s +JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI +r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz +iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg +SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R +TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N +gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp +xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r +ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR +3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY +EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs +2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb +WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo +tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl +rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2 +TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit +tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m +ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1 +NBinA5ZsT8d0v3QCr2xDJH9D +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec new file mode 100644 index 000000000..4ad96d515 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec @@ -0,0 +1 @@ +default diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem new file mode 100644 index 000000000..370f4ff36 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUzCCAj2gAwIBAgIUc/8GbZoQxUER+Wpe3STidbOom4UwCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE0MDcwNDAwMDAwMFoYDzIwMTkwNzAy +MDAwMDAwWjAiMSAwHgYDVQQDDBdldl9pbnRfNjBfbW9udGhzLWV2cm9vdDCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ +6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk +nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N +/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG +JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd +7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA +AaOBkTCBjjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBQBggrBgEFBQcBAQRE +MEIwQAYIKwYBBQUHMAGGNGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9ldl9p +bnRfNjBfbW9udGhzLWV2cm9vdC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUa +AYN0CQEwCwYJKoZIhvcNAQELA4IBAQBKiGfIv5d53ND76/fYD4UrAQCe4K5Ktj8s +UkVgozmHi5IE7e2Ikzp5gDAEIirehSQAdGI4DXYArZYG7O90isYiItxD/LDh342Z +sFkg5Zdm6Cmr0V5EZRcWtfj7ZwdTl3/YdI6Sp00BfeTLabsHQD0/trFcd3BcXXLR ++WcNPwrCktVCtem7mgUPa5GTFgUyoOtcVGC5BBk7MqqLBHX6/R4u8oLcNwQOYZ0v +Ad/6iQCcJ+siLTuQHWB6zu1uLd9CZQXu3pBU43p3WvvQwCPFSfT4wAOEoqn0a9ny +YWmq+mXlLH0M28x931Ay5/q3TV93fFHVv5bratytdoUBYpsx3Edy +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec new file mode 100644 index 000000000..e169514ff --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec @@ -0,0 +1,8 @@ +issuer:evroot +subject:ev_int_60_months-evroot +issuerKey:ev +validity:1825 +extension:basicConstraints:cA, +extension:keyUsage:cRLSign,keyCertSign +extension:authorityInformationAccess:http://www.example.com:8888/ev_int_60_months-evroot/ +extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1 diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.key b/security/manager/ssl/tests/unit/test_validity/evroot.key new file mode 100644 index 000000000..a756a0705 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/evroot.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh ++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU +dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H +cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y +1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t +oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ +5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB +0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+ ++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE +vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9 +HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE +MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V +vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV +7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH +lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V +jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv +nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui +p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ +zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v +4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA +hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C +pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV +bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3 +mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j +LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf +UVFRDKpassHG6z7+kpXRbowlyRY= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec new file mode 100644 index 000000000..1a3d76a55 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec @@ -0,0 +1 @@ +ev diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.pem b/security/manager/ssl/tests/unit/test_validity/evroot.pem new file mode 100644 index 000000000..cd2fd7ed8 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/evroot.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL +MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx +MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ +OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh +uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94 +rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu +iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY +UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB +Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP +gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn +8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9 +I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3 +91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22 +fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+ +3g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec new file mode 100644 index 000000000..3121f3486 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec @@ -0,0 +1,7 @@ +issuer:evroot +subject:evroot +subjectKey:ev +issuerKey:ev +validity:20150101-20350101 +extension:basicConstraints:cA, +extension:keyUsage:keyCertSign,cRLSign diff --git a/security/manager/ssl/tests/unit/test_validity/moz.build b/security/manager/ssl/tests/unit/test_validity/moz.build new file mode 100644 index 000000000..d2f9bf8d1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_validity/moz.build @@ -0,0 +1,24 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Temporarily disabled. See bug 1256495. +#test_certificates = ( +# 'ev_ee_27_months-ev_int_60_months-evroot.pem', +# 'ev_ee_28_months-ev_int_60_months-evroot.pem', +# 'ev_int_60_months-evroot.pem', +# 'evroot.pem', +#) +# +#for test_certificate in test_certificates: +# GeneratedTestCertificate(test_certificate) +# +#test_keys = ( +# 'ev_int_60_months-evroot.key', +# 'evroot.key', +#) +# +#for test_key in test_keys: +# GeneratedTestKey(test_key) diff --git a/security/manager/ssl/tests/unit/test_weak_crypto.js b/security/manager/ssl/tests/unit/test_weak_crypto.js new file mode 100644 index 000000000..effedf8e3 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_weak_crypto.js @@ -0,0 +1,273 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Tests the weak crypto override + +const TLS_RSA_WITH_RC4_128_MD5 = 0x0004; +const TLS_RSA_WITH_RC4_128_SHA = 0x0005; +const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007; +const TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011; + +// Need profile dir to store the key / cert +do_get_profile(); +// Ensure PSM is initialized +Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports); + +const certService = Cc["@mozilla.org/security/local-cert-service;1"] + .getService(Ci.nsILocalCertService); +const certOverrideService = Cc["@mozilla.org/security/certoverride;1"] + .getService(Ci.nsICertOverrideService); +const weakCryptoOverride = Cc["@mozilla.org/security/weakcryptooverride;1"] + .getService(Ci.nsIWeakCryptoOverride); +const socketTransportService = + Cc["@mozilla.org/network/socket-transport-service;1"] + .getService(Ci.nsISocketTransportService); + +function getCert() { + let deferred = Promise.defer(); + certService.getOrCreateCert("tls-test", { + handleCert: function(c, rv) { + if (rv) { + deferred.reject(rv); + return; + } + deferred.resolve(c); + } + }); + return deferred.promise; +} + +function startServer(cert, rc4only) { + let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"] + .createInstance(Ci.nsITLSServerSocket); + tlsServer.init(-1, true, -1); + tlsServer.serverCert = cert; + + let input, output; + + let listener = { + onSocketAccepted: function(socket, transport) { + do_print("Accept TLS client connection"); + let connectionInfo = transport.securityInfo + .QueryInterface(Ci.nsITLSServerConnectionInfo); + connectionInfo.setSecurityObserver(listener); + input = transport.openInputStream(0, 0, 0); + output = transport.openOutputStream(0, 0, 0); + }, + onHandshakeDone: function(socket, status) { + do_print("TLS handshake done"); + + equal(status.tlsVersionUsed, Ci.nsITLSClientStatus.TLS_VERSION_1_2, + "Using TLS 1.2"); + let expectedCipher = rc4only ? "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" + : "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; + equal(status.cipherName, expectedCipher, + "Using expected cipher"); + equal(status.keyLength, 128, "Using 128-bit key"); + equal(status.macLength, rc4only ? 160 : 128, "Using MAC of expected length"); + + input.asyncWait({ + onInputStreamReady: function(streamReadyInput) { + NetUtil.asyncCopy(streamReadyInput, output); + } + }, 0, 0, Services.tm.currentThread); + }, + onStopListening: function() {} + }; + + tlsServer.setSessionCache(false); + tlsServer.setSessionTickets(false); + tlsServer.setRequestClientCertificate(Ci.nsITLSServerSocket.REQUEST_NEVER); + if (rc4only) { + let cipherSuites = [ + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_SHA, + TLS_RSA_WITH_RC4_128_MD5 + ]; + tlsServer.setCipherSuites(cipherSuites, cipherSuites.length); + } + + tlsServer.asyncListen(listener); + + return tlsServer.port; +} + +function storeCertOverride(port, cert) { + let overrideBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED | + Ci.nsICertOverrideService.ERROR_MISMATCH; + certOverrideService.rememberValidityOverride("127.0.0.1", port, cert, + overrideBits, true); +} + +function startClient(port, expectedResult, options = {}) { + let transport = + socketTransportService.createTransport(["ssl"], 1, "127.0.0.1", port, null); + if (options.isPrivate) { + transport.connectionFlags |= Ci.nsISocketTransport.NO_PERMANENT_STORAGE; + } + let input; + let output; + + let deferred = Promise.defer(); + + let handler = { + + onTransportStatus: function(unused, status) { + if (status === Ci.nsISocketTransport.STATUS_CONNECTED_TO) { + output.asyncWait(handler, 0, 0, Services.tm.currentThread); + } + }, + + onInputStreamReady: function(streamReadyInput) { + try { + let data = + NetUtil.readInputStreamToString(streamReadyInput, + streamReadyInput.available()); + equal(Cr.NS_OK, expectedResult, "Connection should succeed"); + equal(data, "HELLO", "Echoed data received"); + } catch (e) { + if (!((e.result == Cr.NS_ERROR_NET_RESET) && options.allowReset) && + (e.result != expectedResult)) { + deferred.reject(e); + } + } + streamReadyInput.close(); + output.close(); + deferred.resolve(); + }, + + onOutputStreamReady: function(streamReadyOutput) { + try { + try { + streamReadyOutput.write("HELLO", 5); + } catch (e) { + if (e.result == Cr.NS_BASE_STREAM_WOULD_BLOCK) { + streamReadyOutput.asyncWait(handler, 0, 0, Services.tm.currentThread); + return; + } + if (e.result != Cr.NS_OK) { + ok((e.result === expectedResult) || + (options.allowReset && (e.result === Cr.NS_ERROR_NET_RESET)), + "Actual and expected connection result should match"); + streamReadyOutput.close(); + deferred.resolve(); + return; + } + } + do_print("Output to server written"); + input = transport.openInputStream(0, 0, 0); + input.asyncWait(handler, 0, 0, Services.tm.currentThread); + } catch (e) { + deferred.reject(e); + } + } + + }; + + transport.setEventSink(handler, Services.tm.currentThread); + output = transport.openOutputStream(Ci.nsITransport.OPEN_UNBUFFERED, 0, 0); + output.QueryInterface(Ci.nsIAsyncOutputStream); + + return deferred.promise; +} + +function run_test() { + Services.prefs.setBoolPref("security.tls.unrestricted_rc4_fallback", false); + run_next_test(); +} + +// for sanity check +add_task(function* () { + let cert = yield getCert(); + ok(!!cert, "Got self-signed cert"); + let port = startServer(cert, false); + storeCertOverride(port, cert); + yield startClient(port, Cr.NS_OK); + yield startClient(port, Cr.NS_OK, {isPrivate: true}); +}); + +add_task(function* () { + let cert = yield getCert(); + ok(!!cert, "Got self-signed cert"); + let port = startServer(cert, true); + storeCertOverride(port, cert); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP)); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP), + {isPrivate: true}); + + weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", true); + // private browsing should not affect the permanent storage. + equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"), + ""); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP)); + // The auto-retry on connection reset is implemented in our HTTP layer. + // So we will see the crafted NS_ERROR_NET_RESET when we use + // nsISocketTransport directly. + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP), + {isPrivate: true, allowReset: true}); + // retry manually to simulate the HTTP layer + yield startClient(port, Cr.NS_OK, {isPrivate: true}); + + weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, true); + equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"), + ""); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP)); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP), + {isPrivate: true}); + + weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false, true); + // temporary override should not change the pref. + equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"), + ""); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP), + {allowReset: true}); + yield startClient(port, Cr.NS_OK); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP), + {isPrivate: true}); + + weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, false); + equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"), + ""); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP)); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP), + {isPrivate: true}); + + weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false); + // permanent override should change the pref. + equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"), + "127.0.0.1"); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP), + {allowReset: true}); + yield startClient(port, Cr.NS_OK); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP), + {isPrivate: true}); + + weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, false); + equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"), + ""); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP)); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP), + {isPrivate: true}); + + // add a host to the pref to prepare the next test + weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false); + yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP), + {allowReset: true}); + yield startClient(port, Cr.NS_OK); + equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"), + "127.0.0.1"); +}); + +add_task(function* () { + let cert = yield getCert(); + ok(!!cert, "Got self-signed cert"); + let port = startServer(cert, false); + storeCertOverride(port, cert); + yield startClient(port, Cr.NS_OK); + // Successful strong cipher will remove the host from the pref. + equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"), + ""); +}); diff --git a/security/manager/ssl/tests/unit/test_x509.js b/security/manager/ssl/tests/unit/test_x509.js new file mode 100644 index 000000000..4c22e28d1 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_x509.js @@ -0,0 +1,83 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Tests X509.jsm functionality. + +var { X509 } = Cu.import("resource://gre/modules/psm/X509.jsm", {}); + +function stringToBytes(s) { + let b = []; + for (let i = 0; i < s.length; i++) { + b.push(s.charCodeAt(i)); + } + return b; +} + +function readPEMToBytes(filename) { + return stringToBytes(atob(pemToBase64(readFile(do_get_file(filename))))); +} + +function run_test() { + let certificate = new X509.Certificate(); + certificate.parse(readPEMToBytes("bad_certs/default-ee.pem")); + + equal(certificate.tbsCertificate.version, 3, + "default-ee.pem should be x509v3"); + + // serialNumber + deepEqual(certificate.tbsCertificate.serialNumber, + [ 0x35, 0x1b, 0xe9, 0x3a, 0x1b, 0x03, 0x1c, 0x46, 0x1b, 0x45, + 0xfe, 0x9b, 0xb2, 0x20, 0x0f, 0x6e, 0xf2, 0x9e, 0xd9, 0x50 ], + "default-ee.pem should have expected serialNumber"); + + deepEqual(certificate.tbsCertificate.signature.algorithm._values, + [ 1, 2, 840, 113549, 1, 1, 11 ], // sha256WithRSAEncryption + "default-ee.pem should have sha256WithRSAEncryption signature"); + // TODO: there should actually be an explicit encoded NULL here, but it looks + // like pycert doesn't include it. + deepEqual(certificate.tbsCertificate.signature.parameters, null, + "default-ee.pem should have NULL parameters for signature"); + + equal(certificate.tbsCertificate.issuer.rdns.length, 1, + "default-ee.pem should have one RDN in issuer"); + equal(certificate.tbsCertificate.issuer.rdns[0].avas.length, 1, + "default-ee.pem should have one AVA in RDN in issuer"); + deepEqual(certificate.tbsCertificate.issuer.rdns[0].avas[0].value.value, + stringToBytes("Test CA"), + "default-ee.pem should have issuer 'Test CA'"); + + equal(certificate.tbsCertificate.validity.notBefore.time.getTime(), + Date.parse("2015-11-28T00:00:00.000Z"), + "default-ee.pem should have the correct value for notBefore"); + equal(certificate.tbsCertificate.validity.notAfter.time.getTime(), + Date.parse("2018-02-05T00:00:00.000Z"), + "default-ee.pem should have the correct value for notAfter"); + + equal(certificate.tbsCertificate.subject.rdns.length, 1, + "default-ee.pem should have one RDN in subject"); + equal(certificate.tbsCertificate.subject.rdns[0].avas.length, 1, + "default-ee.pem should have one AVA in RDN in subject"); + deepEqual(certificate.tbsCertificate.subject.rdns[0].avas[0].value.value, + stringToBytes("Test End-entity"), + "default-ee.pem should have subject 'Test End-entity'"); + + deepEqual(certificate.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm._values, + [ 1, 2, 840, 113549, 1, 1, 1 ], // rsaEncryption + "default-ee.pem should have a spki algorithm of rsaEncryption"); + + equal(certificate.tbsCertificate.extensions.length, 2, + "default-ee.pem should have two extensions"); + + deepEqual(certificate.signatureAlgorithm.algorithm._values, + [ 1, 2, 840, 113549, 1, 1, 11 ], // sha256WithRSAEncryption + "default-ee.pem should have sha256WithRSAEncryption signatureAlgorithm"); + // TODO: there should actually be an explicit encoded NULL here, but it looks + // like pycert doesn't include it. + deepEqual(certificate.signatureAlgorithm.parameters, null, + "default-ee.pem should have NULL parameters for signatureAlgorithm"); + + equal(certificate.signatureValue.length, 2048 / 8, + "length of signature on default-ee.pem should be 2048 bits"); +} diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp new file mode 100644 index 000000000..348dcfc5c --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp @@ -0,0 +1,141 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This is a standalone server that uses various bad certificates. +// The client is expected to connect, initiate an SSL handshake (with SNI +// to indicate which "server" to connect to), and verify the certificate. +// If all is good, the client then sends one encrypted byte and receives that +// same byte back. +// This server also has the ability to "call back" another process waiting on +// it. That is, when the server is all set up and ready to receive connections, +// it will connect to a specified port and issue a simple HTTP request. + +#include + +#include "TLSServer.h" + +using namespace mozilla; +using namespace mozilla::test; + +struct BadCertHost +{ + const char *mHostName; + const char *mCertName; +}; + +// Hostname, cert nickname pairs. +const BadCertHost sBadCertHosts[] = +{ + { "expired.example.com", "expired-ee" }, + { "notyetvalid.example.com", "notYetValid" }, + { "before-epoch.example.com", "beforeEpoch" }, + { "selfsigned.example.com", "selfsigned" }, + { "unknownissuer.example.com", "unknownissuer" }, + { "mismatch.example.com", "mismatch" }, + { "mismatch-CN.example.com", "mismatchCN" }, + { "expiredissuer.example.com", "expiredissuer" }, + { "notyetvalidissuer.example.com", "notYetValidIssuer" }, + { "before-epoch-issuer.example.com", "beforeEpochIssuer" }, + { "md5signature.example.com", "md5signature" }, + { "untrusted.example.com", "default-ee" }, + { "untrustedissuer.example.com", "untrustedissuer" }, + { "mismatch-expired.example.com", "mismatch-expired" }, + { "mismatch-notYetValid.example.com", "mismatch-notYetValid" }, + { "mismatch-untrusted.example.com", "mismatch-untrusted" }, + { "untrusted-expired.example.com", "untrusted-expired" }, + { "md5signature-expired.example.com", "md5signature-expired" }, + { "mismatch-untrusted-expired.example.com", "mismatch-untrusted-expired" }, + { "inadequatekeyusage.example.com", "inadequatekeyusage-ee" }, + { "selfsigned-inadequateEKU.example.com", "selfsigned-inadequateEKU" }, + { "self-signed-end-entity-with-cA-true.example.com", "self-signed-EE-with-cA-true" }, + { "ca-used-as-end-entity.example.com", "ca-used-as-end-entity" }, + { "ca-used-as-end-entity-name-mismatch.example.com", "ca-used-as-end-entity" }, + // All of include-subdomains.pinning.example.com is pinned to End Entity + // Test Cert with nick default-ee. Any other nick will only + // pass pinning when security.cert_pinning.enforcement.level != strict and + // otherCA is added as a user-specified trust anchor. See StaticHPKPins.h. + { "include-subdomains.pinning.example.com", "default-ee" }, + { "good.include-subdomains.pinning.example.com", "default-ee" }, + { "bad.include-subdomains.pinning.example.com", "other-issuer-ee" }, + { "bad.include-subdomains.pinning.example.com.", "other-issuer-ee" }, + { "bad.include-subdomains.pinning.example.com..", "other-issuer-ee" }, + { "exclude-subdomains.pinning.example.com", "default-ee" }, + { "sub.exclude-subdomains.pinning.example.com", "other-issuer-ee" }, + { "test-mode.pinning.example.com", "other-issuer-ee" }, + { "unknownissuer.include-subdomains.pinning.example.com", "unknownissuer" }, + { "unknownissuer.test-mode.pinning.example.com", "unknownissuer" }, + { "nsCertTypeNotCritical.example.com", "nsCertTypeNotCritical" }, + { "nsCertTypeCriticalWithExtKeyUsage.example.com", "nsCertTypeCriticalWithExtKeyUsage" }, + { "nsCertTypeCritical.example.com", "nsCertTypeCritical" }, + { "end-entity-issued-by-v1-cert.example.com", "eeIssuedByV1Cert" }, + { "end-entity-issued-by-non-CA.example.com", "eeIssuedByNonCA" }, + { "inadequate-key-size-ee.example.com", "inadequateKeySizeEE" }, + { "badSubjectAltNames.example.com", "badSubjectAltNames" }, + { "ipAddressAsDNSNameInSAN.example.com", "ipAddressAsDNSNameInSAN" }, + { "noValidNames.example.com", "noValidNames" }, + { "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", "idn-certificate" }, + { "emptyissuername.example.com", "emptyIssuerName" }, + { "ev-test.example.com", "ev-test" }, + { nullptr, nullptr } +}; + +int32_t +DoSNISocketConfigBySubjectCN(PRFileDesc* aFd, const SECItem* aSrvNameArr, + uint32_t aSrvNameArrSize) +{ + for (uint32_t i = 0; i < aSrvNameArrSize; i++) { + UniquePORTString name( + static_cast(PORT_ZAlloc(aSrvNameArr[i].len + 1))); + if (name) { + PORT_Memcpy(name.get(), aSrvNameArr[i].data, aSrvNameArr[i].len); + if (ConfigSecureServerWithNamedCert(aFd, name.get(), nullptr, nullptr) + == SECSuccess) { + return 0; + } + } + } + + return SSL_SNI_SEND_ALERT; +} + +int32_t +DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr, + uint32_t aSrvNameArrSize, void* aArg) +{ + const BadCertHost* host = GetHostForSNI(aSrvNameArr, aSrvNameArrSize, + sBadCertHosts); + if (!host) { + // No static cert <-> hostname mapping found. This happens when we use a + // collection of certificates in a given directory and build a cert DB at + // runtime, rather than using an NSS cert DB populated at build time. + // (This will be the default in the future.) + // For all given server names, check if the runtime-built cert DB contains + // a certificate with a matching subject CN. + return DoSNISocketConfigBySubjectCN(aFd, aSrvNameArr, aSrvNameArrSize); + } + + if (gDebugLevel >= DEBUG_VERBOSE) { + fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName); + } + + UniqueCERTCertificate cert; + SSLKEAType certKEA; + if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, host->mCertName, + &cert, &certKEA)) { + return SSL_SNI_SEND_ALERT; + } + + return 0; +} + +int +main(int argc, char *argv[]) +{ + if (argc != 2) { + fprintf(stderr, "usage: %s \n", argv[0]); + return 1; + } + + return StartServer(argv[1], DoSNISocketConfig, nullptr); +} diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp new file mode 100644 index 000000000..775f1f06e --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp @@ -0,0 +1,170 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 sw=2 tw=80 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This simple program takes a database directory, and one or more tuples like + * + * to generate (one or more) ocsp responses. + */ + +#include +#include +#include + +#include "mozilla/ArrayUtils.h" + +#include "base64.h" +#include "cert.h" +#include "nspr.h" +#include "nss.h" +#include "plarenas.h" +#include "prerror.h" +#include "ssl.h" +#include "secerr.h" + +#include "OCSPCommon.h" +#include "ScopedNSSTypes.h" +#include "TLSServer.h" + +using namespace mozilla; +using namespace mozilla::test; + +struct OCSPResponseName +{ + const char *mTypeString; + const OCSPResponseType mORT; +}; + +const static OCSPResponseName kOCSPResponseNameList[] = { + { "good", ORTGood }, // the certificate is good + { "good-delegated", ORTDelegatedIncluded}, // the certificate is good, using + // a delegated signer + { "revoked", ORTRevoked}, // the certificate has been revoked + { "unknown", ORTUnknown}, // the responder doesn't know if the + // cert is good + { "goodotherca", ORTGoodOtherCA}, // the wrong CA has signed the + // response + { "expiredresponse", ORTExpired}, // the signature on the response has + // expired + { "oldvalidperiod", ORTExpiredFreshCA}, // fresh signature, but old validity + // period + { "empty", ORTEmpty}, // an empty stapled response + + { "malformed", ORTMalformed}, // the response from the responder + // was malformed + { "serverr", ORTSrverr}, // the response indicates there was a + // server error + { "trylater", ORTTryLater}, // the responder replied with + // "try again later" + { "resp-unsigned", ORTNeedsSig}, // the response needs a signature + { "unauthorized", ORTUnauthorized}, // the responder does not know about + // the cert + { "bad-signature", ORTBadSignature}, // the response has a bad signature + { "longvalidityalmostold", ORTLongValidityAlmostExpired}, // the response is + // still valid, but the generation + // is almost a year old + { "ancientstillvalid", ORTAncientAlmostExpired}, // The response is still + // valid but the generation is almost + // two years old +}; + +bool +StringToOCSPResponseType(const char* respText, + /*out*/ OCSPResponseType* OCSPType) +{ + if (!OCSPType) { + return false; + } + for (uint32_t i = 0; i < mozilla::ArrayLength(kOCSPResponseNameList); i++) { + if (strcmp(respText, kOCSPResponseNameList[i].mTypeString) == 0) { + *OCSPType = kOCSPResponseNameList[i].mORT; + return true; + } + } + return false; +} + +bool +WriteResponse(const char* filename, const SECItem* item) +{ + if (!filename || !item || !item->data) { + PR_fprintf(PR_STDERR, "invalid parameters to WriteResponse"); + return false; + } + + UniquePRFileDesc outFile(PR_Open(filename, + PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, + 0644)); + if (!outFile) { + PrintPRError("cannot open file for writing"); + return false; + } + int32_t rv = PR_Write(outFile.get(), item->data, item->len); + if (rv < 0 || (uint32_t) rv != item->len) { + PrintPRError("File write failure"); + return false; + } + + return true; +} + +int +main(int argc, char* argv[]) +{ + + if (argc < 6 || (argc - 6) % 4 != 0) { + PR_fprintf(PR_STDERR, "usage: %s " + " [ " + " ]* \n", + argv[0]); + exit(EXIT_FAILURE); + } + SECStatus rv = InitializeNSS(argv[1]); + if (rv != SECSuccess) { + PR_fprintf(PR_STDERR, "Failed to initialize NSS\n"); + exit(EXIT_FAILURE); + } + UniquePLArenaPool arena(PORT_NewArena(256 * argc)); + if (!arena) { + PrintPRError("PORT_NewArena failed"); + exit(EXIT_FAILURE); + } + + for (int i = 2; i + 3 < argc; i += 4) { + const char* ocspTypeText = argv[i]; + const char* certNick = argv[i + 1]; + const char* extraCertname = argv[i + 2]; + const char* filename = argv[i + 3]; + + OCSPResponseType ORT; + if (!StringToOCSPResponseType(ocspTypeText, &ORT)) { + PR_fprintf(PR_STDERR, "Cannot generate OCSP response of type %s\n", + ocspTypeText); + exit(EXIT_FAILURE); + } + + UniqueCERTCertificate cert(PK11_FindCertFromNickname(certNick, nullptr)); + if (!cert) { + PrintPRError("PK11_FindCertFromNickname failed"); + PR_fprintf(PR_STDERR, "Failed to find certificate with nick '%s'\n", + certNick); + exit(EXIT_FAILURE); + } + + SECItemArray* response = GetOCSPResponseForType(ORT, cert, arena, + extraCertname); + if (!response) { + PR_fprintf(PR_STDERR, "Failed to generate OCSP response of type %s " + "for %s\n", ocspTypeText, certNick); + exit(EXIT_FAILURE); + } + + if (!WriteResponse(filename, &response->items[0])) { + PR_fprintf(PR_STDERR, "Failed to write file %s\n", filename); + exit(EXIT_FAILURE); + } + } + return 0; +} diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp new file mode 100644 index 000000000..6bf33a143 --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp @@ -0,0 +1,129 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This is a standalone server that delivers various stapled OCSP responses. +// The client is expected to connect, initiate an SSL handshake (with SNI +// to indicate which "server" to connect to), and verify the OCSP response. +// If all is good, the client then sends one encrypted byte and receives that +// same byte back. +// This server also has the ability to "call back" another process waiting on +// it. That is, when the server is all set up and ready to receive connections, +// it will connect to a specified port and issue a simple HTTP request. + +#include + +#include "OCSPCommon.h" +#include "TLSServer.h" + +using namespace mozilla; +using namespace mozilla::test; + +const OCSPHost sOCSPHosts[] = +{ + { "ocsp-stapling-good.example.com", ORTGood, nullptr, nullptr }, + { "ocsp-stapling-revoked.example.com", ORTRevoked, nullptr, nullptr }, + { "ocsp-stapling-revoked-old.example.com", ORTRevokedOld, nullptr, nullptr }, + { "ocsp-stapling-unknown.example.com", ORTUnknown, nullptr, nullptr }, + { "ocsp-stapling-unknown-old.example.com", ORTUnknownOld, nullptr, nullptr }, + { "ocsp-stapling-good-other.example.com", ORTGoodOtherCert, "ocspOtherEndEntity", nullptr }, + { "ocsp-stapling-good-other-ca.example.com", ORTGoodOtherCA, "other-test-ca", nullptr }, + { "ocsp-stapling-expired.example.com", ORTExpired, nullptr, nullptr }, + { "ocsp-stapling-expired-fresh-ca.example.com", ORTExpiredFreshCA, nullptr, nullptr }, + { "ocsp-stapling-none.example.com", ORTNone, nullptr, nullptr }, + { "ocsp-stapling-empty.example.com", ORTEmpty, nullptr, nullptr }, + { "ocsp-stapling-malformed.example.com", ORTMalformed, nullptr, nullptr }, + { "ocsp-stapling-srverr.example.com", ORTSrverr, nullptr, nullptr }, + { "ocsp-stapling-trylater.example.com", ORTTryLater, nullptr, nullptr }, + { "ocsp-stapling-needssig.example.com", ORTNeedsSig, nullptr, nullptr }, + { "ocsp-stapling-unauthorized.example.com", ORTUnauthorized, nullptr, nullptr }, + { "ocsp-stapling-with-intermediate.example.com", ORTGood, nullptr, "ocspEEWithIntermediate" }, + { "ocsp-stapling-bad-signature.example.com", ORTBadSignature, nullptr, nullptr }, + { "ocsp-stapling-skip-responseBytes.example.com", ORTSkipResponseBytes, nullptr, nullptr }, + { "ocsp-stapling-critical-extension.example.com", ORTCriticalExtension, nullptr, nullptr }, + { "ocsp-stapling-noncritical-extension.example.com", ORTNoncriticalExtension, nullptr, nullptr }, + { "ocsp-stapling-empty-extensions.example.com", ORTEmptyExtensions, nullptr, nullptr }, + { "ocsp-stapling-delegated-included.example.com", ORTDelegatedIncluded, "delegatedSigner", nullptr }, + { "ocsp-stapling-delegated-included-last.example.com", ORTDelegatedIncludedLast, "delegatedSigner", nullptr }, + { "ocsp-stapling-delegated-missing.example.com", ORTDelegatedMissing, "delegatedSigner", nullptr }, + { "ocsp-stapling-delegated-missing-multiple.example.com", ORTDelegatedMissingMultiple, "delegatedSigner", nullptr }, + { "ocsp-stapling-delegated-no-extKeyUsage.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerNoExtKeyUsage", nullptr }, + { "ocsp-stapling-delegated-from-intermediate.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerFromIntermediate", nullptr }, + { "ocsp-stapling-delegated-keyUsage-crlSigning.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerKeyUsageCrlSigning", nullptr }, + { "ocsp-stapling-delegated-wrong-extKeyUsage.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerWrongExtKeyUsage", nullptr }, + { "ocsp-stapling-ancient-valid.example.com", ORTAncientAlmostExpired, nullptr, nullptr }, + { "keysize-ocsp-delegated.example.com", ORTDelegatedIncluded, "rsa-1016-keysizeDelegatedSigner", nullptr }, + { "revoked-ca-cert-used-as-end-entity.example.com", ORTRevoked, "ca-used-as-end-entity", nullptr }, + { "ocsp-stapling-must-staple.example.com", ORTGood, nullptr, "must-staple-ee" }, + { "ocsp-stapling-must-staple-revoked.example.com", ORTRevoked, nullptr, "must-staple-ee" }, + { "ocsp-stapling-must-staple-missing.example.com", ORTNone, nullptr, "must-staple-ee" }, + { "ocsp-stapling-must-staple-empty.example.com", ORTEmpty, nullptr, "must-staple-ee" }, + { "ocsp-stapling-must-staple-ee-with-must-staple-int.example.com", ORTGood, nullptr, "must-staple-ee-with-must-staple-int" }, + { "ocsp-stapling-plain-ee-with-must-staple-int.example.com", ORTGood, nullptr, "must-staple-missing-ee" }, + { "multi-tls-feature-good.example.com", ORTNone, nullptr, "multi-tls-feature-good-ee" }, + { "multi-tls-feature-bad.example.com", ORTNone, nullptr, "multi-tls-feature-bad-ee" }, + { nullptr, ORTNull, nullptr, nullptr } +}; + +int32_t +DoSNISocketConfig(PRFileDesc *aFd, const SECItem *aSrvNameArr, + uint32_t aSrvNameArrSize, void *aArg) +{ + const OCSPHost *host = GetHostForSNI(aSrvNameArr, aSrvNameArrSize, + sOCSPHosts); + if (!host) { + return SSL_SNI_SEND_ALERT; + } + + if (gDebugLevel >= DEBUG_VERBOSE) { + fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName); + } + + const char *certNickname = host->mServerCertName ? host->mServerCertName + : DEFAULT_CERT_NICKNAME; + + UniqueCERTCertificate cert; + SSLKEAType certKEA; + if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, certNickname, + &cert, &certKEA)) { + return SSL_SNI_SEND_ALERT; + } + + // If the OCSP response type is "none", don't staple a response. + if (host->mORT == ORTNone) { + return 0; + } + + UniquePLArenaPool arena(PORT_NewArena(1024)); + if (!arena) { + PrintPRError("PORT_NewArena failed"); + return SSL_SNI_SEND_ALERT; + } + + // response is contained by the arena - freeing the arena will free it + SECItemArray *response = GetOCSPResponseForType(host->mORT, cert, arena, + host->mAdditionalCertName); + if (!response) { + return SSL_SNI_SEND_ALERT; + } + + // SSL_SetStapledOCSPResponses makes a deep copy of response + SECStatus st = SSL_SetStapledOCSPResponses(aFd, response, certKEA); + if (st != SECSuccess) { + PrintPRError("SSL_SetStapledOCSPResponses failed"); + return SSL_SNI_SEND_ALERT; + } + + return 0; +} + +int +main(int argc, char *argv[]) +{ + if (argc != 2) { + fprintf(stderr, "usage: %s \n", argv[0]); + return 1; + } + + return StartServer(argv[1], DoSNISocketConfig, nullptr); +} diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build b/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build new file mode 100644 index 000000000..6fdd0c35b --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build @@ -0,0 +1,25 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +GeckoSimplePrograms([ + 'BadCertServer', + 'GenerateOCSPResponse', + 'OCSPStaplingServer', +], linkage=None) + +LOCAL_INCLUDES += [ + '../lib', +] + +USE_LIBS += [ + 'mozillapkix', + 'nspr', + 'nss', + 'pkixtestutil', + 'tlsserver', +] + +CXXFLAGS += CONFIG['TK_CFLAGS'] diff --git a/security/manager/ssl/tests/unit/tlsserver/default-ee.der b/security/manager/ssl/tests/unit/tlsserver/default-ee.der new file mode 100644 index 000000000..3a9b8fa9b --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/default-ee.der @@ -0,0 +1,3 @@ +This is now an unused file. It exists to ease the coordination between gecko +development trees and the automation infrastructure that runs periodic updates. +See bug 1203312 and bug 1205406. diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp new file mode 100644 index 000000000..5c99edade --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp @@ -0,0 +1,215 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "OCSPCommon.h" + +#include + +#include "pkixtestutil.h" +#include "TLSServer.h" +#include "secder.h" +#include "secerr.h" + +namespace mozilla { namespace pkix { namespace test { + +// Ownership of privateKey is transfered. +TestKeyPair* CreateTestKeyPair(const TestPublicKeyAlgorithm publicKeyAlg, + const SECKEYPublicKey& publicKey, + SECKEYPrivateKey* privateKey); + +} } } // namespace mozilla::pkix::test + +using namespace mozilla; +using namespace mozilla::pkix; +using namespace mozilla::pkix::test; +using namespace mozilla::test; + +static TestKeyPair* +CreateTestKeyPairFromCert(const UniqueCERTCertificate& cert) +{ + UniqueSECKEYPrivateKey privateKey(PK11_FindKeyByAnyCert(cert.get(), nullptr)); + if (!privateKey) { + return nullptr; + } + UniqueSECKEYPublicKey publicKey(CERT_ExtractPublicKey(cert.get())); + if (!publicKey) { + return nullptr; + } + return CreateTestKeyPair(RSA_PKCS1(), *publicKey.get(), privateKey.release()); +} + +SECItemArray* +GetOCSPResponseForType(OCSPResponseType aORT, const UniqueCERTCertificate& aCert, + const UniquePLArenaPool& aArena, + const char* aAdditionalCertName) +{ + MOZ_ASSERT(aArena); + MOZ_ASSERT(aCert); + // Note: |aAdditionalCertName| may or may not need to be non-null depending + // on the |aORT| value given. + + if (aORT == ORTNone) { + if (gDebugLevel >= DEBUG_WARNINGS) { + fprintf(stderr, "GetOCSPResponseForType called with type ORTNone, " + "which makes no sense.\n"); + } + return nullptr; + } + + if (aORT == ORTEmpty) { + SECItemArray* arr = SECITEM_AllocArray(aArena.get(), nullptr, 1); + arr->items[0].data = nullptr; + arr->items[0].len = 0; + return arr; + } + + time_t now = time(nullptr); + time_t oldNow = now - (8 * Time::ONE_DAY_IN_SECONDS); + + mozilla::UniqueCERTCertificate cert(CERT_DupCertificate(aCert.get())); + + if (aORT == ORTGoodOtherCert) { + cert.reset(PK11_FindCertFromNickname(aAdditionalCertName, nullptr)); + if (!cert) { + PrintPRError("PK11_FindCertFromNickname failed"); + return nullptr; + } + } + // XXX CERT_FindCertIssuer uses the old, deprecated path-building logic + mozilla::UniqueCERTCertificate + issuerCert(CERT_FindCertIssuer(aCert.get(), PR_Now(), certUsageSSLCA)); + if (!issuerCert) { + PrintPRError("CERT_FindCertIssuer failed"); + return nullptr; + } + Input issuer; + if (issuer.Init(cert->derIssuer.data, cert->derIssuer.len) != Success) { + return nullptr; + } + Input issuerPublicKey; + if (issuerPublicKey.Init(issuerCert->derPublicKey.data, + issuerCert->derPublicKey.len) != Success) { + return nullptr; + } + Input serialNumber; + if (serialNumber.Init(cert->serialNumber.data, + cert->serialNumber.len) != Success) { + return nullptr; + } + CertID certID(issuer, issuerPublicKey, serialNumber); + OCSPResponseContext context(certID, now); + + mozilla::UniqueCERTCertificate signerCert; + if (aORT == ORTGoodOtherCA || aORT == ORTDelegatedIncluded || + aORT == ORTDelegatedIncludedLast || aORT == ORTDelegatedMissing || + aORT == ORTDelegatedMissingMultiple) { + signerCert.reset(PK11_FindCertFromNickname(aAdditionalCertName, nullptr)); + if (!signerCert) { + PrintPRError("PK11_FindCertFromNickname failed"); + return nullptr; + } + } + + ByteString certs[5]; + + if (aORT == ORTDelegatedIncluded) { + certs[0].assign(signerCert->derCert.data, signerCert->derCert.len); + context.certs = certs; + } + if (aORT == ORTDelegatedIncludedLast || aORT == ORTDelegatedMissingMultiple) { + certs[0].assign(issuerCert->derCert.data, issuerCert->derCert.len); + certs[1].assign(cert->derCert.data, cert->derCert.len); + certs[2].assign(issuerCert->derCert.data, issuerCert->derCert.len); + if (aORT != ORTDelegatedMissingMultiple) { + certs[3].assign(signerCert->derCert.data, signerCert->derCert.len); + } + context.certs = certs; + } + + switch (aORT) { + case ORTMalformed: + context.responseStatus = 1; + break; + case ORTSrverr: + context.responseStatus = 2; + break; + case ORTTryLater: + context.responseStatus = 3; + break; + case ORTNeedsSig: + context.responseStatus = 5; + break; + case ORTUnauthorized: + context.responseStatus = 6; + break; + default: + // context.responseStatus is 0 in all other cases, and it has + // already been initialized in the constructor. + break; + } + if (aORT == ORTSkipResponseBytes) { + context.skipResponseBytes = true; + } + if (aORT == ORTExpired || aORT == ORTExpiredFreshCA || + aORT == ORTRevokedOld || aORT == ORTUnknownOld) { + context.thisUpdate = oldNow; + context.nextUpdate = oldNow + Time::ONE_DAY_IN_SECONDS; + } + if (aORT == ORTLongValidityAlmostExpired) { + context.thisUpdate = now - (320 * Time::ONE_DAY_IN_SECONDS); + } + if (aORT == ORTAncientAlmostExpired) { + context.thisUpdate = now - (640 * Time::ONE_DAY_IN_SECONDS); + } + if (aORT == ORTRevoked || aORT == ORTRevokedOld) { + context.certStatus = 1; + } + if (aORT == ORTUnknown || aORT == ORTUnknownOld) { + context.certStatus = 2; + } + if (aORT == ORTBadSignature) { + context.badSignature = true; + } + OCSPResponseExtension extension; + if (aORT == ORTCriticalExtension || aORT == ORTNoncriticalExtension) { + // python DottedOIDToCode.py --tlv some-Mozilla-OID 1.3.6.1.4.1.13769.666.666.666.1.500.9.2 + static const uint8_t tlv_some_Mozilla_OID[] = { + 0x06, 0x12, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xeb, 0x49, 0x85, 0x1a, 0x85, + 0x1a, 0x85, 0x1a, 0x01, 0x83, 0x74, 0x09, 0x02 + }; + + extension.id.assign(tlv_some_Mozilla_OID, sizeof(tlv_some_Mozilla_OID)); + extension.critical = (aORT == ORTCriticalExtension); + extension.value.push_back(0x05); // tag: NULL + extension.value.push_back(0x00); // length: 0 + extension.next = nullptr; + context.responseExtensions = &extension; + } + if (aORT == ORTEmptyExtensions) { + context.includeEmptyExtensions = true; + } + + if (!signerCert) { + signerCert.reset(CERT_DupCertificate(issuerCert.get())); + } + context.signerKeyPair.reset(CreateTestKeyPairFromCert(signerCert)); + if (!context.signerKeyPair) { + PrintPRError("PK11_FindKeyByAnyCert failed"); + return nullptr; + } + + ByteString response(CreateEncodedOCSPResponse(context)); + if (ENCODING_FAILED(response)) { + PrintPRError("CreateEncodedOCSPResponse failed"); + return nullptr; + } + + SECItem item = { + siBuffer, + const_cast(response.data()), + static_cast(response.length()) + }; + SECItemArray arr = { &item, 1 }; + return SECITEM_DupArray(aArena.get(), &arr); +} diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h new file mode 100644 index 000000000..5a88d6e52 --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Implements generating OCSP responses of various types. Used by the +// programs in tlsserver/cmd. + +#ifndef OCSPCommon_h +#define OCSPCommon_h + +#include "ScopedNSSTypes.h" +#include "certt.h" +#include "seccomon.h" + +enum OCSPResponseType +{ + ORTNull = 0, + ORTGood, // the certificate is good + ORTRevoked, // the certificate has been revoked + ORTRevokedOld, // same, but the response is old + ORTUnknown, // the responder doesn't know if the cert is good + ORTUnknownOld, // same, but the response is old + ORTGoodOtherCert, // the response references a different certificate + ORTGoodOtherCA, // the wrong CA has signed the response + ORTExpired, // the signature on the response has expired + ORTExpiredFreshCA, // fresh signature, but old validity period + ORTNone, // no stapled response + ORTEmpty, // an empty stapled response + ORTMalformed, // the response from the responder was malformed + ORTSrverr, // the response indicates there was a server error + ORTTryLater, // the responder replied with "try again later" + ORTNeedsSig, // the response needs a signature + ORTUnauthorized, // the responder is not authorized for this certificate + ORTBadSignature, // the response has a signature that does not verify + ORTSkipResponseBytes, // the response does not include responseBytes + ORTCriticalExtension, // the response includes a critical extension + ORTNoncriticalExtension, // the response includes an extension that is not critical + ORTEmptyExtensions, // the response includes a SEQUENCE OF Extension that is empty + ORTDelegatedIncluded, // the response is signed by an included delegated responder + ORTDelegatedIncludedLast, // same, but multiple other certificates are included + ORTDelegatedMissing, // the response is signed by a not included delegated responder + ORTDelegatedMissingMultiple, // same, but multiple other certificates are included + ORTLongValidityAlmostExpired, // a good response, but that was generated a almost a year ago + ORTAncientAlmostExpired, // a good response, with a validity of almost two years almost expiring +}; + +struct OCSPHost +{ + const char *mHostName; + OCSPResponseType mORT; + const char *mAdditionalCertName; // useful for ORTGoodOtherCert, etc. + const char *mServerCertName; +}; + +SECItemArray* +GetOCSPResponseForType(OCSPResponseType aORT, + const mozilla::UniqueCERTCertificate& aCert, + const mozilla::UniquePLArenaPool& aArena, + const char* aAdditionalCertName); + +#endif // OCSPCommon_h diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp new file mode 100644 index 000000000..fcf6aa951 --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp @@ -0,0 +1,600 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "TLSServer.h" + +#include +#include +#include + +#include "base64.h" +#include "mozilla/Move.h" +#include "mozilla/Sprintf.h" +#include "nspr.h" +#include "nss.h" +#include "plarenas.h" +#include "prenv.h" +#include "prerror.h" +#include "prnetdb.h" +#include "prtime.h" +#include "ssl.h" + +namespace mozilla { namespace test { + +static const uint16_t LISTEN_PORT = 8443; + +DebugLevel gDebugLevel = DEBUG_ERRORS; +uint16_t gCallbackPort = 0; + +const char DEFAULT_CERT_NICKNAME[] = "default-ee"; + +struct Connection +{ + PRFileDesc *mSocket; + char mByte; + + explicit Connection(PRFileDesc *aSocket); + ~Connection(); +}; + +Connection::Connection(PRFileDesc *aSocket) +: mSocket(aSocket) +, mByte(0) +{} + +Connection::~Connection() +{ + if (mSocket) { + PR_Close(mSocket); + } +} + +void +PrintPRError(const char *aPrefix) +{ + const char *err = PR_ErrorToName(PR_GetError()); + if (err) { + if (gDebugLevel >= DEBUG_ERRORS) { + fprintf(stderr, "%s: %s\n", aPrefix, err); + } + } else { + if (gDebugLevel >= DEBUG_ERRORS) { + fprintf(stderr, "%s\n", aPrefix); + } + } +} + +template +SECStatus +ReadFileToBuffer(const char* basePath, const char* filename, char (&buf)[N]) +{ + static_assert(N > 0, "input buffer too small for ReadFileToBuffer"); + if (snprintf(buf, N - 1, "%s/%s", basePath, filename) == 0) { + PrintPRError("snprintf failed"); + return SECFailure; + } + UniquePRFileDesc fd(PR_OpenFile(buf, PR_RDONLY, 0)); + if (!fd) { + PrintPRError("PR_Open failed"); + return SECFailure; + } + int32_t fileSize = PR_Available(fd.get()); + if (fileSize < 0) { + PrintPRError("PR_Available failed"); + return SECFailure; + } + if (static_cast(fileSize) > N - 1) { + PR_fprintf(PR_STDERR, "file too large - not reading\n"); + return SECFailure; + } + int32_t bytesRead = PR_Read(fd.get(), buf, fileSize); + if (bytesRead != fileSize) { + PrintPRError("PR_Read failed"); + return SECFailure; + } + buf[bytesRead] = 0; + return SECSuccess; +} + +SECStatus +AddKeyFromFile(const char* basePath, const char* filename) +{ + const char* PRIVATE_KEY_HEADER = "-----BEGIN PRIVATE KEY-----"; + const char* PRIVATE_KEY_FOOTER = "-----END PRIVATE KEY-----"; + + char buf[16384] = { 0 }; + SECStatus rv = ReadFileToBuffer(basePath, filename, buf); + if (rv != SECSuccess) { + return rv; + } + if (strncmp(buf, PRIVATE_KEY_HEADER, strlen(PRIVATE_KEY_HEADER)) != 0) { + PR_fprintf(PR_STDERR, "invalid key - not importing\n"); + return SECFailure; + } + const char* bufPtr = buf + strlen(PRIVATE_KEY_HEADER); + size_t bufLen = strlen(buf); + char base64[16384] = { 0 }; + char* base64Ptr = base64; + while (bufPtr < buf + bufLen) { + if (strncmp(bufPtr, PRIVATE_KEY_FOOTER, strlen(PRIVATE_KEY_FOOTER)) == 0) { + break; + } + if (*bufPtr != '\r' && *bufPtr != '\n') { + *base64Ptr = *bufPtr; + base64Ptr++; + } + bufPtr++; + } + + unsigned int binLength; + UniquePORTString bin( + BitwiseCast(ATOB_AsciiToData(base64, &binLength))); + if (!bin || binLength == 0) { + PrintPRError("ATOB_AsciiToData failed"); + return SECFailure; + } + UniqueSECItem secitem(::SECITEM_AllocItem(nullptr, nullptr, binLength)); + if (!secitem) { + PrintPRError("SECITEM_AllocItem failed"); + return SECFailure; + } + PORT_Memcpy(secitem->data, bin.get(), binLength); + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + PrintPRError("PK11_GetInternalKeySlot failed"); + return SECFailure; + } + if (PK11_NeedUserInit(slot.get())) { + if (PK11_InitPin(slot.get(), nullptr, nullptr) != SECSuccess) { + PrintPRError("PK11_InitPin failed"); + return SECFailure; + } + } + SECKEYPrivateKey* privateKey; + if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot.get(), secitem.get(), + nullptr, nullptr, true, false, + KU_ALL, &privateKey, nullptr) + != SECSuccess) { + PrintPRError("PK11_ImportDERPrivateKeyInfoAndReturnKey failed"); + return SECFailure; + } + SECKEY_DestroyPrivateKey(privateKey); + return SECSuccess; +} + +SECStatus +DecodeCertCallback(void* arg, SECItem** certs, int numcerts) +{ + if (numcerts != 1) { + PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0); + return SECFailure; + } + + SECItem* certDEROut = static_cast(arg); + return SECITEM_CopyItem(nullptr, certDEROut, *certs); +} + +SECStatus +AddCertificateFromFile(const char* basePath, const char* filename) +{ + char buf[16384] = { 0 }; + SECStatus rv = ReadFileToBuffer(basePath, filename, buf); + if (rv != SECSuccess) { + return rv; + } + ScopedAutoSECItem certDER; + rv = CERT_DecodeCertPackage(buf, strlen(buf), DecodeCertCallback, &certDER); + if (rv != SECSuccess) { + PrintPRError("CERT_DecodeCertPackage failed"); + return rv; + } + UniqueCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(), + &certDER, nullptr, false, + true)); + if (!cert) { + PrintPRError("CERT_NewTempCertificate failed"); + return SECFailure; + } + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + PrintPRError("PK11_GetInternalKeySlot failed"); + return SECFailure; + } + // The nickname is the filename without '.pem'. + std::string nickname(filename, strlen(filename) - 4); + rv = PK11_ImportCert(slot.get(), cert.get(), CK_INVALID_HANDLE, + nickname.c_str(), false); + if (rv != SECSuccess) { + PrintPRError("PK11_ImportCert failed"); + return rv; + } + return SECSuccess; +} + +SECStatus +LoadCertificatesAndKeys(const char* basePath) +{ + // The NSS cert DB path could have been specified as "sql:path". Trim off + // the leading "sql:" if so. + if (strncmp(basePath, "sql:", 4) == 0) { + basePath = basePath + 4; + } + + UniquePRDir fdDir(PR_OpenDir(basePath)); + if (!fdDir) { + PrintPRError("PR_OpenDir failed"); + return SECFailure; + } + // On the B2G ICS emulator, operations taken in AddCertificateFromFile + // appear to interact poorly with readdir (more specifically, something is + // causing readdir to never return null - it indefinitely loops through every + // file in the directory, which causes timeouts). Rather than waste more time + // chasing this down, loading certificates and keys happens in two phases: + // filename collection and then loading. (This is probably a good + // idea anyway because readdir isn't reentrant. Something could change later + // such that it gets called as a result of calling AddCertificateFromFile or + // AddKeyFromFile.) + std::vector certificates; + std::vector keys; + for (PRDirEntry* dirEntry = PR_ReadDir(fdDir.get(), PR_SKIP_BOTH); dirEntry; + dirEntry = PR_ReadDir(fdDir.get(), PR_SKIP_BOTH)) { + size_t nameLength = strlen(dirEntry->name); + if (nameLength > 4) { + if (strncmp(dirEntry->name + nameLength - 4, ".pem", 4) == 0) { + certificates.push_back(dirEntry->name); + } else if (strncmp(dirEntry->name + nameLength - 4, ".key", 4) == 0) { + keys.push_back(dirEntry->name); + } + } + } + SECStatus rv; + for (std::string& certificate : certificates) { + rv = AddCertificateFromFile(basePath, certificate.c_str()); + if (rv != SECSuccess) { + return rv; + } + } + for (std::string& key : keys) { + rv = AddKeyFromFile(basePath, key.c_str()); + if (rv != SECSuccess) { + return rv; + } + } + return SECSuccess; +} + +SECStatus +InitializeNSS(const char* nssCertDBDir) +{ + // Try initializing an existing DB. + if (NSS_Init(nssCertDBDir) == SECSuccess) { + return SECSuccess; + } + + // Create a new DB if there is none... + SECStatus rv = NSS_Initialize(nssCertDBDir, nullptr, nullptr, nullptr, 0); + if (rv != SECSuccess) { + return rv; + } + + // ...and load all certificates into it. + return LoadCertificatesAndKeys(nssCertDBDir); +} + +nsresult +SendAll(PRFileDesc *aSocket, const char *aData, size_t aDataLen) +{ + if (gDebugLevel >= DEBUG_VERBOSE) { + fprintf(stderr, "sending '%s'\n", aData); + } + + while (aDataLen > 0) { + int32_t bytesSent = PR_Send(aSocket, aData, aDataLen, 0, + PR_INTERVAL_NO_TIMEOUT); + if (bytesSent == -1) { + PrintPRError("PR_Send failed"); + return NS_ERROR_FAILURE; + } + + aDataLen -= bytesSent; + aData += bytesSent; + } + + return NS_OK; +} + +nsresult +ReplyToRequest(Connection *aConn) +{ + // For debugging purposes, SendAll can print out what it's sending. + // So, any strings we give to it to send need to be null-terminated. + char buf[2] = { aConn->mByte, 0 }; + return SendAll(aConn->mSocket, buf, 1); +} + +nsresult +SetupTLS(Connection *aConn, PRFileDesc *aModelSocket) +{ + PRFileDesc *sslSocket = SSL_ImportFD(aModelSocket, aConn->mSocket); + if (!sslSocket) { + PrintPRError("SSL_ImportFD failed"); + return NS_ERROR_FAILURE; + } + aConn->mSocket = sslSocket; + + SSL_OptionSet(sslSocket, SSL_SECURITY, true); + SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, false); + SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, true); + + SSL_ResetHandshake(sslSocket, /* asServer */ 1); + + return NS_OK; +} + +nsresult +ReadRequest(Connection *aConn) +{ + int32_t bytesRead = PR_Recv(aConn->mSocket, &aConn->mByte, 1, 0, + PR_INTERVAL_NO_TIMEOUT); + if (bytesRead < 0) { + PrintPRError("PR_Recv failed"); + return NS_ERROR_FAILURE; + } else if (bytesRead == 0) { + PR_SetError(PR_IO_ERROR, 0); + PrintPRError("PR_Recv EOF in ReadRequest"); + return NS_ERROR_FAILURE; + } else { + if (gDebugLevel >= DEBUG_VERBOSE) { + fprintf(stderr, "read '0x%hhx'\n", aConn->mByte); + } + } + return NS_OK; +} + +void +HandleConnection(PRFileDesc* aSocket, const UniquePRFileDesc& aModelSocket) +{ + Connection conn(aSocket); + nsresult rv = SetupTLS(&conn, aModelSocket.get()); + if (NS_FAILED(rv)) { + PR_SetError(PR_INVALID_STATE_ERROR, 0); + PrintPRError("PR_Recv failed"); + exit(1); + } + + // TODO: On tests that are expected to fail (e.g. due to a revoked + // certificate), the client will close the connection wtihout sending us the + // request byte. In those cases, we should keep going. But, in the cases + // where the connection is supposed to suceed, we should verify that we + // successfully receive the request and send the response. + rv = ReadRequest(&conn); + if (NS_SUCCEEDED(rv)) { + rv = ReplyToRequest(&conn); + } +} + +// returns 0 on success, non-zero on error +int +DoCallback() +{ + UniquePRFileDesc socket(PR_NewTCPSocket()); + if (!socket) { + PrintPRError("PR_NewTCPSocket failed"); + return 1; + } + + PRNetAddr addr; + PR_InitializeNetAddr(PR_IpAddrLoopback, gCallbackPort, &addr); + if (PR_Connect(socket.get(), &addr, PR_INTERVAL_NO_TIMEOUT) != PR_SUCCESS) { + PrintPRError("PR_Connect failed"); + return 1; + } + + const char *request = "GET / HTTP/1.0\r\n\r\n"; + SendAll(socket.get(), request, strlen(request)); + char buf[4096]; + memset(buf, 0, sizeof(buf)); + int32_t bytesRead = PR_Recv(socket.get(), buf, sizeof(buf) - 1, 0, + PR_INTERVAL_NO_TIMEOUT); + if (bytesRead < 0) { + PrintPRError("PR_Recv failed 1"); + return 1; + } + if (bytesRead == 0) { + fprintf(stderr, "PR_Recv eof 1\n"); + return 1; + } + fprintf(stderr, "%s\n", buf); + return 0; +} + +SECStatus +ConfigSecureServerWithNamedCert(PRFileDesc* fd, const char* certName, + /*optional*/ UniqueCERTCertificate* certOut, + /*optional*/ SSLKEAType* keaOut) +{ + UniqueCERTCertificate cert(PK11_FindCertFromNickname(certName, nullptr)); + if (!cert) { + PrintPRError("PK11_FindCertFromNickname failed"); + return SECFailure; + } + // If an intermediate certificate issued the server certificate (rather than + // directly by a trust anchor), we want to send it along in the handshake so + // we don't encounter unknown issuer errors when that's not what we're + // testing. + UniqueCERTCertificateList certList; + UniqueCERTCertificate issuerCert( + CERT_FindCertByName(CERT_GetDefaultCertDB(), &cert->derIssuer)); + // If we can't find the issuer cert, continue without it. + if (issuerCert) { + // Sadly, CERTCertificateList does not have a CERT_NewCertificateList + // utility function, so we must create it ourselves. This consists + // of creating an arena, allocating space for the CERTCertificateList, + // and then transferring ownership of the arena to that list. + UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + PrintPRError("PORT_NewArena failed"); + return SECFailure; + } + certList.reset(static_cast( + PORT_ArenaAlloc(arena.get(), sizeof(CERTCertificateList)))); + if (!certList) { + PrintPRError("PORT_ArenaAlloc failed"); + return SECFailure; + } + certList->arena = arena.release(); + // We also have to manually copy the certificates we care about to the + // list, because there aren't any utility functions for that either. + certList->certs = static_cast( + PORT_ArenaAlloc(certList->arena, 2 * sizeof(SECItem))); + if (SECITEM_CopyItem(certList->arena, certList->certs, &cert->derCert) + != SECSuccess) { + PrintPRError("SECITEM_CopyItem failed"); + return SECFailure; + } + if (SECITEM_CopyItem(certList->arena, certList->certs + 1, + &issuerCert->derCert) != SECSuccess) { + PrintPRError("SECITEM_CopyItem failed"); + return SECFailure; + } + certList->len = 2; + } + + UniquePK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (!slot) { + PrintPRError("PK11_GetInternalKeySlot failed"); + return SECFailure; + } + UniqueSECKEYPrivateKey key( + PK11_FindKeyByDERCert(slot.get(), cert.get(), nullptr)); + if (!key) { + PrintPRError("PK11_FindKeyByDERCert failed"); + return SECFailure; + } + + SSLKEAType certKEA = NSS_FindCertKEAType(cert.get()); + + if (SSL_ConfigSecureServerWithCertChain(fd, cert.get(), certList.get(), + key.get(), certKEA) != SECSuccess) { + PrintPRError("SSL_ConfigSecureServer failed"); + return SECFailure; + } + + if (certOut) { + *certOut = Move(cert); + } + + if (keaOut) { + *keaOut = certKEA; + } + + SSL_OptionSet(fd, SSL_NO_CACHE, false); + SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, true); + + return SECSuccess; +} + +int +StartServer(const char *nssCertDBDir, SSLSNISocketConfig sniSocketConfig, + void *sniSocketConfigArg) +{ + const char *debugLevel = PR_GetEnv("MOZ_TLS_SERVER_DEBUG_LEVEL"); + if (debugLevel) { + int level = atoi(debugLevel); + switch (level) { + case DEBUG_ERRORS: gDebugLevel = DEBUG_ERRORS; break; + case DEBUG_WARNINGS: gDebugLevel = DEBUG_WARNINGS; break; + case DEBUG_VERBOSE: gDebugLevel = DEBUG_VERBOSE; break; + default: + PrintPRError("invalid MOZ_TLS_SERVER_DEBUG_LEVEL"); + return 1; + } + } + + const char *callbackPort = PR_GetEnv("MOZ_TLS_SERVER_CALLBACK_PORT"); + if (callbackPort) { + gCallbackPort = atoi(callbackPort); + } + + if (InitializeNSS(nssCertDBDir) != SECSuccess) { + PR_fprintf(PR_STDERR, "InitializeNSS failed"); + return 1; + } + + if (NSS_SetDomesticPolicy() != SECSuccess) { + PrintPRError("NSS_SetDomesticPolicy failed"); + return 1; + } + + if (SSL_ConfigServerSessionIDCache(0, 0, 0, nullptr) != SECSuccess) { + PrintPRError("SSL_ConfigServerSessionIDCache failed"); + return 1; + } + + UniquePRFileDesc serverSocket(PR_NewTCPSocket()); + if (!serverSocket) { + PrintPRError("PR_NewTCPSocket failed"); + return 1; + } + + PRSocketOptionData socketOption; + socketOption.option = PR_SockOpt_Reuseaddr; + socketOption.value.reuse_addr = true; + PR_SetSocketOption(serverSocket.get(), &socketOption); + + PRNetAddr serverAddr; + PR_InitializeNetAddr(PR_IpAddrLoopback, LISTEN_PORT, &serverAddr); + if (PR_Bind(serverSocket.get(), &serverAddr) != PR_SUCCESS) { + PrintPRError("PR_Bind failed"); + return 1; + } + + if (PR_Listen(serverSocket.get(), 1) != PR_SUCCESS) { + PrintPRError("PR_Listen failed"); + return 1; + } + + UniquePRFileDesc rawModelSocket(PR_NewTCPSocket()); + if (!rawModelSocket) { + PrintPRError("PR_NewTCPSocket failed for rawModelSocket"); + return 1; + } + + UniquePRFileDesc modelSocket(SSL_ImportFD(nullptr, rawModelSocket.release())); + if (!modelSocket) { + PrintPRError("SSL_ImportFD of rawModelSocket failed"); + return 1; + } + + if (SSL_SNISocketConfigHook(modelSocket.get(), sniSocketConfig, + sniSocketConfigArg) != SECSuccess) { + PrintPRError("SSL_SNISocketConfigHook failed"); + return 1; + } + + // We have to configure the server with a certificate, but it's not one + // we're actually going to end up using. In the SNI callback, we pick + // the right certificate for the connection. + if (ConfigSecureServerWithNamedCert(modelSocket.get(), DEFAULT_CERT_NICKNAME, + nullptr, nullptr) != SECSuccess) { + return 1; + } + + if (gCallbackPort != 0) { + if (DoCallback()) { + return 1; + } + } + + while (true) { + PRNetAddr clientAddr; + PRFileDesc* clientSocket = PR_Accept(serverSocket.get(), &clientAddr, + PR_INTERVAL_NO_TIMEOUT); + HandleConnection(clientSocket, modelSocket); + } + + return 0; +} + +} } // namespace mozilla::test diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h new file mode 100644 index 000000000..f1dc1569a --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h @@ -0,0 +1,89 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef TLSServer_h +#define TLSServer_h + +// This is a standalone server for testing SSL features of Gecko. +// The client is expected to connect and initiate an SSL handshake (with SNI +// to indicate which "server" to connect to). If all is good, the client then +// sends one encrypted byte and receives that same byte back. +// This server also has the ability to "call back" another process waiting on +// it. That is, when the server is all set up and ready to receive connections, +// it will connect to a specified port and issue a simple HTTP request. + +#include + +#include "ScopedNSSTypes.h" +#include "mozilla/Casting.h" +#include "prio.h" +#include "secerr.h" +#include "ssl.h" + +namespace mozilla { + +MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePRDir, PRDir, PR_CloseDir); + +} // namespace mozilla + +namespace mozilla { namespace test { + +enum DebugLevel +{ + DEBUG_ERRORS = 1, + DEBUG_WARNINGS = 2, + DEBUG_VERBOSE = 3 +}; + +extern DebugLevel gDebugLevel; + +void PrintPRError(const char *aPrefix); + +// The default certificate is trusted for localhost and *.example.com +extern const char DEFAULT_CERT_NICKNAME[]; + +// Pass DEFAULT_CERT_NICKNAME as certName unless you need a specific +// certificate. +SECStatus +ConfigSecureServerWithNamedCert(PRFileDesc* fd, const char* certName, + /*optional*/ UniqueCERTCertificate* cert, + /*optional*/ SSLKEAType* kea); + +SECStatus +InitializeNSS(const char* nssCertDBDir); + +int +StartServer(const char *nssCertDBDir, SSLSNISocketConfig sniSocketConfig, + void *sniSocketConfigArg); + +template +inline const Host * +GetHostForSNI(const SECItem *aSrvNameArr, uint32_t aSrvNameArrSize, + const Host *hosts) +{ + for (uint32_t i = 0; i < aSrvNameArrSize; i++) { + for (const Host *host = hosts; host->mHostName; ++host) { + SECItem hostName; + hostName.data = BitwiseCast(host->mHostName); + hostName.len = strlen(host->mHostName); + if (SECITEM_ItemsAreEqual(&hostName, &aSrvNameArr[i])) { + if (gDebugLevel >= DEBUG_VERBOSE) { + fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName); + } + return host; + } + } + } + + if (gDebugLevel >= DEBUG_VERBOSE) { + fprintf(stderr, "could not find host info from SNI\n"); + } + + PR_SetError(SEC_ERROR_INVALID_ARGS, 0); + return nullptr; +} + +} } // namespace mozilla::test + +#endif // TLSServer_h diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/moz.build b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build new file mode 100644 index 000000000..5b28e4a55 --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build @@ -0,0 +1,17 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +UNIFIED_SOURCES += [ + 'OCSPCommon.cpp', + 'TLSServer.cpp', +] + +LOCAL_INCLUDES += [ + '../../../../../../pkix/include', + '../../../../../../pkix/test/lib', +] + +Library('tlsserver') diff --git a/security/manager/ssl/tests/unit/tlsserver/moz.build b/security/manager/ssl/tests/unit/tlsserver/moz.build new file mode 100644 index 000000000..96fb65d06 --- /dev/null +++ b/security/manager/ssl/tests/unit/tlsserver/moz.build @@ -0,0 +1,8 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# lib must be first, because cmd depends on its output +DIRS += ['lib', 'cmd'] diff --git a/security/manager/ssl/tests/unit/xpcshell-smartcards.ini b/security/manager/ssl/tests/unit/xpcshell-smartcards.ini new file mode 100644 index 000000000..df099b746 --- /dev/null +++ b/security/manager/ssl/tests/unit/xpcshell-smartcards.ini @@ -0,0 +1,14 @@ +[DEFAULT] +head = head_psm.js +tail = +tags = psm +skip-if = toolkit == 'android' +support-files = + +[test_pkcs11_insert_remove.js] +[test_pkcs11_module.js] +[test_pkcs11_no_events_after_removal.js] +[test_pkcs11_safe_mode.js] +[test_pkcs11_slot.js] +[test_pkcs11_token.js] +[test_pkcs11_tokenDB.js] diff --git a/security/manager/ssl/tests/unit/xpcshell.ini b/security/manager/ssl/tests/unit/xpcshell.ini new file mode 100644 index 000000000..b2f3de420 --- /dev/null +++ b/security/manager/ssl/tests/unit/xpcshell.ini @@ -0,0 +1,149 @@ +[DEFAULT] +head = head_psm.js +tail = +tags = psm +support-files = + bad_certs/** + ocsp_certs/** + test_baseline_requirements/** + test_cert_eku/** + test_cert_embedded_null/** + test_cert_isBuiltInRoot_reload/** + test_cert_keyUsage/** + test_cert_sha1/** + test_cert_signatures/** + test_cert_trust/** + test_cert_version/** + test_certDB_import/** + test_certviewer_invalid_oids/** + test_content_signing/** + test_ev_certs/** + test_getchain/** + test_intermediate_basic_usage_constraints/** + test_keysize/** + test_keysize_ev/** + test_name_constraints/** + test_ocsp_fetch_method/** + test_ocsp_url/** + test_onecrl/** + test_pinning_dynamic/** + test_signed_apps/** + test_signed_dir/** + test_startcom_wosign/** + test_validity/** + tlsserver/** + +[test_add_preexisting_cert.js] +[test_baseline_requirements_subject_common_name.js] +[test_cert_blocklist.js] +tags = addons psm +[test_cert_chains.js] +run-sequentially = hardcoded ports +[test_cert_dbKey.js] +[test_cert_eku.js] +[test_cert_embedded_null.js] +[test_cert_keyUsage.js] +[test_cert_isBuiltInRoot.js] +[test_cert_isBuiltInRoot_reload.js] +[test_cert_overrides.js] +run-sequentially = hardcoded ports +[test_cert_override_bits_mismatches.js] +run-sequentially = hardcoded ports +[test_cert_sha1.js] +[test_cert_signatures.js] +[test_cert_trust.js] +[test_cert_version.js] +[test_certDB_import.js] +[test_certDB_import_pkcs12.js] +[test_certviewer_invalid_oids.js] +skip-if = toolkit == 'android' +[test_constructX509FromBase64.js] +[test_content_signing.js] +[test_datasignatureverifier.js] +[test_der.js] +[test_enterprise_roots.js] +skip-if = os != 'win' # tests a Windows-specific feature +[test_ev_certs.js] +run-sequentially = hardcoded ports +[test_forget_about_site_security_headers.js] +skip-if = toolkit == 'android' +[test_getchain.js] +[test_hash_algorithms.js] +[test_hash_algorithms_wrap.js] +# bug 1124289 - run_test_in_child violates the sandbox on android +skip-if = toolkit == 'android' +[test_hmac.js] +[test_intermediate_basic_usage_constraints.js] +[test_js_cert_override_service.js] +run-sequentially = hardcoded ports +[test_keysize.js] +[test_keysize_ev.js] +run-sequentially = hardcoded ports +[test_local_cert.js] +[test_logoutAndTeardown.js] +run-sequentially = hardcoded ports +[test_name_constraints.js] +[test_nsCertType.js] +run-sequentially = hardcoded ports +[test_nsIX509Cert_utf8.js] +[test_nsIX509CertValidity.js] +[test_nss_shutdown.js] +[test_ocsp_caching.js] +run-sequentially = hardcoded ports +[test_ocsp_enabled_pref.js] +run-sequentially = hardcoded ports +[test_ocsp_fetch_method.js] +run-sequentially = hardcoded ports +[test_ocsp_must_staple.js] +run-sequentially = hardcoded ports +[test_ocsp_no_hsts_upgrade.js] +run-sequentially = hardcoded ports +[test_ocsp_required.js] +run-sequentially = hardcoded ports +[test_ocsp_stapling.js] +run-sequentially = hardcoded ports +[test_ocsp_stapling_expired.js] +run-sequentially = hardcoded ports +[test_ocsp_stapling_with_intermediate.js] +run-sequentially = hardcoded ports +[test_ocsp_timeout.js] +run-sequentially = hardcoded ports +[test_ocsp_url.js] +run-sequentially = hardcoded ports +[test_password_prompt.js] +[test_pinning.js] +run-sequentially = hardcoded ports +# This test can take longer than 300 seconds on B2G emulator debug builds, so +# give it enough time to finish. See bug 1081128. +requesttimeoutfactor = 2 +[test_pinning_dynamic.js] +[test_pinning_header_parsing.js] +[test_sdr.js] +[test_session_resumption.js] +run-sequentially = hardcoded ports +[test_signed_apps.js] +[test_signed_apps-marketplace.js] +[test_signed_dir.js] +tags = addons psm +[test_sss_eviction.js] +[test_sss_readstate.js] +[test_sss_readstate_child.js] +support-files = sss_readstate_child_worker.js +# bug 1124289 - run_test_in_child violates the sandbox on android +skip-if = toolkit == 'android' +[test_sss_readstate_empty.js] +[test_sss_readstate_garbage.js] +[test_sss_readstate_huge.js] +[test_sss_savestate.js] +[test_startcom_wosign.js] +[test_sts_fqdn.js] +[test_sts_holepunch.js] +[test_sts_ipv4_ipv6.js] +[test_sts_preloadlist_perwindowpb.js] +[test_sts_preloadlist_selfdestruct.js] +[test_validity.js] +run-sequentially = hardcoded ports +[test_x509.js] + +# The TLS error reporting functionality lives in /toolkit but needs tlsserver +[test_toolkit_securityreporter.js] -- cgit v1.2.3